Date: Tue, 15 Aug 2017 15:49:29 -0700 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Emmanuel Vadot <manu@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r320944 - head/etc/rc.d Message-ID: <20170815224929.GC1113@FreeBSD.org> In-Reply-To: <201707131340.v6DDeIE9086139@repo.freebsd.org> References: <201707131340.v6DDeIE9086139@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Emmanuel, On Thu, Jul 13, 2017 at 01:40:18PM +0000, Emmanuel Vadot wrote: E> Author: manu E> Date: Thu Jul 13 13:40:18 2017 E> New Revision: 320944 E> URL: https://svnweb.freebsd.org/changeset/base/320944 E> E> Log: E> Add an rc.d script to setup a netflow export via ng_netflow E> The default is to export netflow data on localhost on the netflow port. E> ngtee is used to have the lowest overhead possible. E> The ipfw ng hook is the netflow port (it can only be numeric) E> Default is netflow version 5. E> E> Sponsored-By: Gandi.net E> Reviewed by: bapt (earlier version), olivier (earlier version) It could be that using "netgraph" action instead of "ngtee" and then returning packet back from netgraph to ipfw would show lower overhead. However, this setup is definitely going to be less robust and more prone to bugs in case of complex ipfw configurations. -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170815224929.GC1113>