Date: Tue, 24 Feb 2004 12:01:52 +0300 From: Gleb Smirnoff <glebius@cell.sick.ru> To: Vasenin Alexander aka BlackSir <blacksir@number.ru> Cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome Message-ID: <20040224090152.GD76272@cell.sick.ru> In-Reply-To: <NKEJKOHEKMBIMCCEHEPKOEDJCFAA.blacksir@number.ru> References: <20040223194648.GB72475@cell.sick.ru> <NKEJKOHEKMBIMCCEHEPKOEDJCFAA.blacksir@number.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 24, 2004 at 10:46:44AM +0300, Vasenin Alexander aka BlackSir wrote: V> > I'd be glad if you show me your current netgraph setup script. Surely V> > I can reproduce it myself, but live example would be better than V> > imaginary. V> V> Here it is(latest version - 'echotee'): Thanks for netgraph setup script. Could you please also send important parts of your firewall config, where packets are diverted towards netgraph? It is important to divert only _incoming_ traffic on _particular_ interface, otherwise netflow exports will contain some incorrect data. V> This config assumes that packets needed to catch via ng_netflow is simply V> diverted by ipfw rule: V> divert 8888 ip from any to any in - or something like that V> Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught V> divert and reinjected in ipfw ;-) V> but I've not tested this in production yet... And also it is important to check that ng_ksocket reinjects packet into the ipfw with rule number set (see Julian's mail). -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040224090152.GD76272>