Date: Tue, 18 Jul 2017 14:02:02 +0000 (UTC) From: Emmanuel Vadot <manu@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r321128 - in head: etc/rc.d share/man/man5 Message-ID: <201707181402.v6IE220r070417@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: manu Date: Tue Jul 18 14:02:02 2017 New Revision: 321128 URL: https://svnweb.freebsd.org/changeset/base/321128 Log: ipfw_netflow: Add support for FIB If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB. While here correct some value in rc.conf(5) to be int and not str. Sponsored by: Gandi.net Modified: head/etc/rc.d/ipfw_netflow head/share/man/man5/rc.conf.5 Modified: head/etc/rc.d/ipfw_netflow ============================================================================== --- head/etc/rc.d/ipfw_netflow Tue Jul 18 08:54:35 2017 (r321127) +++ head/etc/rc.d/ipfw_netflow Tue Jul 18 14:02:02 2017 (r321128) @@ -54,7 +54,7 @@ ipfw_netflow_status() ipfw_netflow_start() { ipfw_netflow_is_running && err 1 "ipfw_netflow is already active" - ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any + ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}} ngctl -f - <<-EOF mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0 name ipfw:${ipfw_netflow_hook} netflow Modified: head/share/man/man5/rc.conf.5 ============================================================================== --- head/share/man/man5/rc.conf.5 Tue Jul 18 08:54:35 2017 (r321127) +++ head/share/man/man5/rc.conf.5 Tue Jul 18 14:02:02 2017 (r321128) @@ -602,12 +602,12 @@ By default a ipfw rule is inserted and all packets are the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow port using protocol version 5. .It Va ipfw_netflow_hook -.Pq Vt str +.Pq Vt int netflow hook name, must be numerical (default .Pa 9995 ) . .It Va ipfw_netflow_rule -.Pq Vt str +.Pq Vt int ipfw rule number (default .Pa 1000 ) . @@ -617,13 +617,18 @@ Destination server ip for receiving netflow data (default .Pa 127.0.0.1 ) . .It Va ipfw_netflow_port -.Pq Vt str +.Pq Vt int Destination server port for receiving netflow data (default .Pa 9995 ) . .It Va ipfw_netflow_version -.Pq Vt str +.Pq Vt int Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. +.It Va ipfw_netflow_fib +.Pq Vt int +Only match packet in FIB +.Pa ipfw_netflow_fib +(default is undefined meaning all FIBs). .It Va natd_program .Pq Vt str Path to
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707181402.v6IE220r070417>