if_pflow from OpenBSD
Patrick Lamaiziere
patfbsd at davenulle.org
Fri Jan 9 10:02:17 UTC 2015
Le Thu, 8 Jan 2015 20:46:23 -0500,
"O'Connor, Daniel" <Daniel.O'Connor at emc.com> a écrit :
Hello,
> On 8 Jan 2015, at 19:47, Patrick Lamaiziere <patfbsd at davenulle.org>
> wrote:
> > Le Wed, 7 Jan 2015 07:26:42 -0500,
> > "O'Connor, Daniel" <Daniel.O'Connor at emc.com> a écrit :
> >
> >> Has anyone attempted a port of this?
> >> (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflow.c)
> >>
> >> I used to use pfflowd but it broke due to pf changes and looks dead
> >> upstream - if_pflow(4) seems like the canonical pf way now.
> >
> > May be you can try ng_netflow(4)?
>
> Funny you should mention that :)
>
> I am using mpd for PPPoE which uses netgraph and so enabled that
> (although had to fix a bug when you have netflow and IPv6) - however
> I am using pf for my firewall and NAT and I'd rather not change. That
> means that mp (and hence ng_netflow) don't see un-NAT'd addresses
> which makes the flow tracking not particularly useful.
Ah thanks, this is good to know (we don't NAT here).
> I could run softflowd but that doesn't see traffic generated by the
> router itself (of which there is quite a bit) so that's out too..
I've tried softflowd but it does not perform well and implies a heavy
load on the box.
pflow(4) has the drawback to handle netflow only at the end of the
session.
Regards,
More information about the freebsd-hackers
mailing list