From owner-svn-src-head@freebsd.org Tue Aug 15 22:49:31 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D8CFDD1F75; Tue, 15 Aug 2017 22:49:31 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (glebi.us [96.95.210.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebi.us", Issuer "cell.glebi.us" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 54600632EC; Tue, 15 Aug 2017 22:49:30 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (localhost [127.0.0.1]) by cell.glebi.us (8.15.2/8.15.2) with ESMTPS id v7FMnTnf011236 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 15 Aug 2017 15:49:29 -0700 (PDT) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebi.us (8.15.2/8.15.2/Submit) id v7FMnTVQ011235; Tue, 15 Aug 2017 15:49:29 -0700 (PDT) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebi.us: glebius set sender to glebius@FreeBSD.org using -f Date: Tue, 15 Aug 2017 15:49:29 -0700 From: Gleb Smirnoff To: Emmanuel Vadot Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r320944 - head/etc/rc.d Message-ID: <20170815224929.GC1113@FreeBSD.org> References: <201707131340.v6DDeIE9086139@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201707131340.v6DDeIE9086139@repo.freebsd.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2017 22:49:31 -0000 Emmanuel, On Thu, Jul 13, 2017 at 01:40:18PM +0000, Emmanuel Vadot wrote: E> Author: manu E> Date: Thu Jul 13 13:40:18 2017 E> New Revision: 320944 E> URL: https://svnweb.freebsd.org/changeset/base/320944 E> E> Log: E> Add an rc.d script to setup a netflow export via ng_netflow E> The default is to export netflow data on localhost on the netflow port. E> ngtee is used to have the lowest overhead possible. E> The ipfw ng hook is the netflow port (it can only be numeric) E> Default is netflow version 5. E> E> Sponsored-By: Gandi.net E> Reviewed by: bapt (earlier version), olivier (earlier version) It could be that using "netgraph" action instead of "ngtee" and then returning packet back from netgraph to ipfw would show lower overhead. However, this setup is definitely going to be less robust and more prone to bugs in case of complex ipfw configurations. -- Totus tuus, Glebius.