ng_netflow: testers are welcome
Vasenin Alexander aka BlackSir
blacksir at number.ru
Mon Feb 23 23:47:09 PST 2004
> -----Original Message-----
> From: owner-freebsd-isp at freebsd.org
> [mailto:owner-freebsd-isp at freebsd.org]On Behalf Of Gleb Smirnoff
> Sent: Monday, February 23, 2004 10:47 PM
> To: Vasenin Alexander aka BlackSir
> Cc: freebsd-isp at freebsd.org; Bjoern A. Zeeb; Julian Elischer;
> freebsd-net at freebsd.org
> Subject: Re: ng_netflow: testers are welcome
> I'd be glad if you show me your current netgraph setup script. Surely
> I can reproduce it myself, but live example would be better than
> imaginary.
Here it is(latest version - 'echotee'):
---cut---
# Create ng_tee node
mkpeer . tee dummy left
name .dummy tee
# Create ng_netflow node
mkpeer tee: netflow left2right iface0
name tee:.left2right netflow
msg netflow: setifindex { iface=0 index=1 }
msg netflow: setdlt { iface=0 dlt=12 }
# Create ng_ksocket for exporting netflow data
mkpeer netflow: ksocket export inet/dgram/udp
name netflow:.export export_ksocket
msg export_ksocket: connect inet/127.0.0.1:8000
# Create ng_echo node for returning data from divert socket
mkpeer tee: echo right echo_hook
name tee:.right echo
# Destroy dummy hook
rmhook dummy
# Create divert ng_ksocket
mkpeer tee: ksocket left inet/raw/divert
name tee:.left divert_ksocket
msg divert_ksocket: bind inet/0.0.0.0:8888
---cut---
This config assumes that packets needed to catch via ng_netflow is simply
diverted by ipfw rule:
divert 8888 ip from any to any in - or something like that
Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught
divert and reinjected in ipfw ;-)
but I've not tested this in production yet...
Thanks again!
Vasenin Alexander aka BlackSir
More information about the freebsd-net
mailing list