Site Navigation

Date:      Tue, 24 Feb 2004 10:46:44 +0300
From:      "Vasenin Alexander aka BlackSir" <blacksir@number.ru>
To:        "Gleb Smirnoff" <glebius@cell.sick.ru>
Cc:        freebsd-net@freebsd.org
Subject:   RE: ng_netflow: testers are welcome
Message-ID:  <NKEJKOHEKMBIMCCEHEPKOEDJCFAA.blacksir@number.ru>
In-Reply-To: <20040223194648.GB72475@cell.sick.ru>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

> -----Original Message-----
> From: owner-freebsd-isp@freebsd.org
> [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff
> Sent: Monday, February 23, 2004 10:47 PM
> To: Vasenin Alexander aka BlackSir
> Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Julian Elischer;
> freebsd-net@freebsd.org
> Subject: Re: ng_netflow: testers are welcome

> I'd be glad if you show me your current netgraph setup script. Surely
> I can reproduce it myself, but live example would be better than
> imaginary.

Here it is(latest version - 'echotee'):

---cut---
# Create ng_tee node
mkpeer . tee dummy left
name .dummy tee

# Create ng_netflow node
mkpeer tee: netflow left2right iface0
name tee:.left2right netflow
msg netflow: setifindex { iface=0 index=1 }
msg netflow: setdlt { iface=0 dlt=12 }

# Create ng_ksocket for exporting netflow data
mkpeer netflow: ksocket export inet/dgram/udp
name netflow:.export export_ksocket
msg export_ksocket: connect inet/127.0.0.1:8000

# Create ng_echo node for returning data from divert socket
mkpeer tee: echo right echo_hook
name tee:.right echo

# Destroy dummy hook
rmhook dummy

# Create divert ng_ksocket
mkpeer tee: ksocket left inet/raw/divert
name tee:.left divert_ksocket
msg divert_ksocket: bind inet/0.0.0.0:8888
---cut---


This config assumes that packets needed to catch via ng_netflow is simply
diverted by ipfw rule:
divert 8888 ip from any to any in - or something like that
Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught
divert and reinjected in ipfw ;-)
but I've not tested this in production yet...


Thanks again!

	Vasenin Alexander aka BlackSir

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NKEJKOHEKMBIMCCEHEPKOEDJCFAA.blacksir>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact