When downloading / uploading large files, the generated flows only report for a fraction of the expected byte counters (and perhaps packets as well).

The issue was first mentioned here, but after some investigation I don't think this is related to reinterpret-direction because I see the same issue with Julien's PR that removes reinterpret-direction.

To try locate the bug, I'm looking at the raw flows stored in loki rather than the computed metrics: the raw flows themselves are wrong, ie. they always show a value smaller to what I'd expect after downloading large volumes.

Example: capture in Loki after downloading a 500MB image (sampling is 1):

It shows only ~100MB while I would expect 500MB. I see the same issue keeping or removing reinterpret-direction.
My gut feeling would be something wrong in the ebpf agent aggregation logic, to be investigated.

To reproduce, deploy netobserv / set sampling to 1, then just do a curl or wget of a large file from a pod (e.g. a linux image).
Then check in grafana / loki for raw flows (from operator: "make deploy-grafana") with a query like: