Date: Thu, 13 Jun 2013 10:46:43 +0930 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: "Scott, Brian" <brian.scott4@det.nsw.edu.au> Cc: "freebsd-stable@freebsd.org stable" <freebsd-stable@freebsd.org> Subject: Re: Flow monitoring with PF Message-ID: <52EB2C3A-1ED7-4BF8-94C0-B6A29A0D7E18@gsoft.com.au> In-Reply-To: <7DB382CFB050654DBFF7A39B1F8056EB1DF68293@WPEXCHMBSL1021.central.det.win> References: <57C2DC16-7868-4C20-AB34-5B35A939D095@gsoft.com.au> <7DB382CFB050654DBFF7A39B1F8056EB1DF68293@WPEXCHMBSL1021.central.det.win>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/06/2013, at 9:47, "Scott, Brian" <brian.scott4@det.nsw.edu.au> = wrote: >> I was looking at trying out flow monitoring and I found pfflowd, but = unfortunately it does not work with FreeBSD >9.0. I thought about = ng_netflow but that doesn't >see my tun interface which may be related = to.. >> WARNING: attempt to domain_add(netgraph) after domainfinalize() >=20 > Noise message. I've never seen it actually mean anything. >=20 > The problem is that tun0 is a generic network interface. Ng_ether only = exposes Ethernet devices. The equivalent to tun but for an Ethernet = device is tap. Creating a tap device after boot immediately creates the = corresponding ng_ether node which can then be plumbed into ng_netflow. OK, for some reason I thought NG would add nodes to mirror every network = interface but that was wrong.. > Some software is kind enough to work with either tun or tap as a = configurable option. Unfortunately I am using ppp which doesn't :( >> Does anyone have any recommendations for generating flow information = from PF? >=20 > I've had great success with ng_netflow. I like the fact that all the = processing is in-kernel. Yeah, that is one reason I looked at it. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52EB2C3A-1ED7-4BF8-94C0-B6A29A0D7E18>