From owner-freebsd-net@freebsd.org  Sat Feb  6 16:49:08 2021
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3174D52E99A
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sat,  6 Feb 2021 16:49:08 +0000 (UTC)
 (envelope-from lutz@iks-jena.de)
Received: from annwfn.iks-jena.de (annwfn.iks-jena.de [IPv6:2001:4bd8::19])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DXytB6Jr5z4plC
 for <freebsd-net@freebsd.org>; Sat,  6 Feb 2021 16:49:06 +0000 (UTC)
 (envelope-from lutz@iks-jena.de)
X-SMTP-Sender: IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f
Received: from belenus.iks-jena.de (belenus.iks-jena.de
 [IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f])
 by annwfn.iks-jena.de (8.15.2/8.15.2) with ESMTPS id 116Gmsuw023696
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Sat, 6 Feb 2021 17:48:55 +0100
X-MSA-Host: belenus.iks-jena.de
Received: (from lutz@localhost)
 by belenus.iks-jena.de (8.14.3/8.14.1/Submit) id 116GmsxL001479;
 Sat, 6 Feb 2021 17:48:54 +0100
Date: Sat, 6 Feb 2021 17:48:54 +0100
From: Lutz Donnerhacke <lutz@donnerhacke.de>
To: petru garstea <peter.garshtja@ambient-md.com>
Cc: freebsd-net@freebsd.org
Subject: Re: netgraph with ng_netflow and ng_gridge nodes
Message-ID: <20210206164854.GA1074@belenus.iks-jena.de>
References: <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com>
 <20210202201649.GA31653@belenus.iks-jena.de>
 <20210202202651.GA31946@belenus.iks-jena.de>
 <b9350b57-f6f0-39c5-4744-a07c646b23ef@ambient-md.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b9350b57-f6f0-39c5-4744-a07c646b23ef@ambient-md.com>
X-message-flag: Please send plain text messages only. Thank you.
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Rspamd-Queue-Id: 4DXytB6Jr5z4plC
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of lutz@iks-jena.de designates 2001:4bd8::19
 as permitted sender) smtp.mailfrom=lutz@iks-jena.de
X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_TLS_ALL(0.00)[];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2001:4bd8::/48];
 NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[donnerhacke.de];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2001:4bd8::19:from];
 SPAMHAUS_ZRD(0.00)[2001:4bd8::19:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000];
 RCPT_COUNT_TWO(0.00)[2];
 FORGED_SENDER(0.30)[lutz@donnerhacke.de,lutz@iks-jena.de];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:15725, ipnet:2001:4bd8::/29, country:DE];
 FROM_NEQ_ENVFROM(0.00)[lutz@donnerhacke.de,lutz@iks-jena.de];
 MAILMAN_DEST(0.00)[freebsd-net]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2021 16:49:08 -0000

On Sat, Feb 06, 2021 at 11:10:29AM -0500, petru garstea wrote:
> Greetings,
>
> I have come up with a graph with no use of ng_tee, ng_hub or ng_one2many.
>
> Also I validated the flows on a collector
>
> In case anybody has the same use case I am sharing the graph
>
> mkpeer re0: netflow lower iface0
> name re0:lower netflow
> connect re0: netflow: upper out1
> mkpeer netflow: bridge out0 link0
> name netflow:out0 re0bridge
> connect re0bridge: netflow: link1 iface1
> mkpeer re0bridge: eiface link2 ether
> name re0bridge:link2 ng0
> mkpeer netflow: ksocket export9 inet/dgram/udp
> msg re0: setpromisc 1
> msg re0: setautosrc 0
> msg netflow: setconfig {iface=0 conf=11}
> msg netflow: setconfig {iface=1 conf=11}
> msg netflow:export9 connect inet/${collector_ip}:${port}


bridge.link0 ----- out0.netflow.iface0 --- lower.re0
     \.link1 --- iface1./     \.out1 ----- upper./
     \.link2 ----------------------------- ether.ng0

So you collect the data from the outside world to the re0 interface (IP
stack) twice, but you can catch the data from the ng0 interface to re0
separate from the data to outside.

If this is your desired setup, fine.

If you like to understand your network, try:
# ngctl dot [-c]
and paste the output to http://www.webgraphviz.com/

HTH