Date: Mon, 18 May 2009 19:57:21 GMT From: Maxim Ignatenko <gelraen.ua@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/134660: rc-script for initializing ng_netflow+ng_ipfw Message-ID: <200905181957.n4IJvLfg037073@www.freebsd.org> Resent-Message-ID: <200905182000.n4IK01hc097329@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 134660
>Category: docs
>Synopsis: rc-script for initializing ng_netflow+ng_ipfw
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon May 18 20:00:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Maxim Ignatenko
>Release: 8.0-CURRENT
>Organization:
Kiev National Taras Shevchenko University
>Environment:
>Description:
This script provides configurable via rc.conf initializing of ng_netflow nodes and connects them to ng_ipfw node. Maybe the right place for this would be /usr/share/examples/netgraph
>How-To-Repeat:
>Fix:
#!/bin/sh
# PROVIDE: ng_netflow_ipfw
# BEFORE: ipfw
# REQUIRE: FILESYSTEMS
# ng_netflow_ipfw_nodeN_enable (bool): used for temporary disabling one node
# ng_netflow_ipfw_nodeN_cookie (int): specify cookie number for ng_ipfw (default=N)
# ng_netflow_ipfw_nodeN_collector : "ipaddr:port" of corresponding collector
# ng_netflow_ipfw_nodeN_atimeout (int) : active timeout for ng_netflow node
# ng_netflow_ipfw_nodeN_itimeout (int) : inactive timeout for ng_netflow node
#
# For more information about specific parameters please refer to ng_ipfw(4) and
# ng_netflow(4) man pages.
#
. /etc/rc.subr
name="ng_netflow_ipfw"
rcvar="ng_netflow_ipfw_enable"
start_cmd="ng_netflow_ipfw_start"
stop_cmd="ng_netflow_ipfw_stop"
required_modules="netgraph ng_ipfw ng_netflow ng_ksocket"
ng_netflow_ipfw_start()
{
local node ngctl
ngctl="/usr/sbin/ngctl"
node=0
local singlenode=0
if [ -n "$1" ]; then
singlenode=1
node=$1
fi
while true; do
eval _enable=\$ng_netflow_ipfw_node${node}_enable
if [ -z "${_enable}" ]; then # node not defined, finish
break
fi
if ! checkyesno _enable; then # node defined, but disabled, skip
continue
fi
eval _cookie=\${ng_netflow_ipfw_node${node}_cookie:-\"${node}\"}
eval _collector=\${ng_netflow_ipfw_node${node}_collector:-\"127.0.0.1:9995\"}
eval _atimeout=\${ng_netflow_ipfw_node${node}_atimeout:-\"1800\"}
eval _itimeout=\${ng_netflow_ipfw_node${node}_itimeout:-\"15\"}
echo "mkpeer ipfw: netflow ${_cookie} iface0
name ipfw:${_cookie} netflow${node}
msg netflow${node}: setdlt { iface=0 dlt=12 }
msg netflow${node}: settimeouts { inactive=${_itimeout} active=${_atimeout} }
mkpeer netflow${node}: ksocket export inet/dgram/udp
msg netflow${node}:export connect inet/${_collector}" | ${ngctl} -f -
if [ "${singlenode}" = 1 ]; then
break
fi
node=$(( ${node} + 1 ))
done
}
ng_netflow_ipfw_stop()
{
local node ngctl
ngctl="/usr/sbin/ngctl"
node=0
local singlenode=0
if [ -n "$1" ]; then
singlenode=1
node=$1
fi
while true; do
eval _enable=\$ng_netflow_ipfw_node${node}_enable
if [ -z "${_enable}" ]; then # node not defined, finish
break
fi
if ! checkyesno _enable; then # node defined, but disabled, skip
continue
fi
echo "rmhook netflow${node}: export
rmhook netflow${node}: iface0" | ${ngctl} -f -
if [ "${singlenode}" = 1 ]; then
break
fi
node=$(( ${node} + 1 ))
done
}
load_rc_config $name
run_rc_command $@
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905181957.n4IJvLfg037073>