Date: Thu, 8 Jan 2015 20:46:23 -0500 From: "O'Connor, Daniel" <Daniel.O'Connor@emc.com> To: Patrick Lamaiziere <patfbsd@davenulle.org> Cc: "O'Connor, Daniel" <Daniel.O'Connor@emc.com>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: if_pflow from OpenBSD Message-ID: <9085F2E7-5429-4C16-86DB-7C3F04C993DC@emc.com> In-Reply-To: <20150108101744.2c2a9eae@mr185083> References: <45056363-1E83-4318-B870-7F673993166B@emc.com> <20150108101744.2c2a9eae@mr185083>
index | next in thread | previous in thread | raw e-mail
On 8 Jan 2015, at 19:47, Patrick Lamaiziere <patfbsd@davenulle.org> wrote: > Le Wed, 7 Jan 2015 07:26:42 -0500, > "O'Connor, Daniel" <Daniel.O'Connor@emc.com> a écrit : > >> Has anyone attempted a port of this? >> (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflow.c) >> >> I used to use pfflowd but it broke due to pf changes and looks dead >> upstream - if_pflow(4) seems like the canonical pf way now. > > May be you can try ng_netflow(4)? Funny you should mention that :) I am using mpd for PPPoE which uses netgraph and so enabled that (although had to fix a bug when you have netflow and IPv6) - however I am using pf for my firewall and NAT and I'd rather not change. That means that mp (and hence ng_netflow) don't see un-NAT'd addresses which makes the flow tracking not particularly useful. I could run softflowd but that doesn't see traffic generated by the router itself (of which there is quite a bit) so that's out too.. I had a look at if_pflow and it does appear to handle NAT properly and so should do what I want.. > (I have to migrate an OpenBSD firewall to FreeBSD and any > input on ng_netflow will be welcome.) I think if you used netgraph for NAT then it would work but I'm reluctant to migrate my setting (just yet anyway..) Regards, Daniel O’Connor Senior Software Engineer Isilon Platforms Teamhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9085F2E7-5429-4C16-86DB-7C3F04C993DC>