From owner-freebsd-hackers@FreeBSD.ORG Fri Jan 9 10:02:17 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A52F516F for ; Fri, 9 Jan 2015 10:02:17 +0000 (UTC) Received: from smtp.lamaiziere.net (net.lamaiziere.net [37.59.62.186]) by mx1.freebsd.org (Postfix) with ESMTP id 6BCD7D99 for ; Fri, 9 Jan 2015 10:02:16 +0000 (UTC) Received: from mr185083.univ-rennes1.fr (mr185083.univ-rennes1.fr [129.20.185.83]) by smtp.lamaiziere.net (Postfix) with ESMTPA id CB10A63E9; Fri, 9 Jan 2015 11:02:07 +0100 (CET) Received: from mr185083 (localhost [127.0.0.1]) by mr185083.univ-rennes1.fr (Postfix) with ESMTP id 8B51B742B; Fri, 9 Jan 2015 11:02:07 +0100 (CET) Date: Fri, 9 Jan 2015 11:02:07 +0100 From: Patrick Lamaiziere To: "O'Connor, Daniel" Subject: Re: if_pflow from OpenBSD Message-ID: <20150109110207.45e280dd@mr185083> In-Reply-To: <9085F2E7-5429-4C16-86DB-7C3F04C993DC@emc.com> References: <45056363-1E83-4318-B870-7F673993166B@emc.com> <20150108101744.2c2a9eae@mr185083> <9085F2E7-5429-4C16-86DB-7C3F04C993DC@emc.com> X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.22; amd64-portbld-freebsd10.1) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (smtp.lamaiziere.net [0.0.0.0]); Fri, 09 Jan 2015 11:02:07 +0100 (CET) Cc: FreeBSD Hackers X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2015 10:02:17 -0000 Le Thu, 8 Jan 2015 20:46:23 -0500, "O'Connor, Daniel" a écrit : Hello, > On 8 Jan 2015, at 19:47, Patrick Lamaiziere > wrote: > > Le Wed, 7 Jan 2015 07:26:42 -0500, > > "O'Connor, Daniel" a écrit : > > > >> Has anyone attempted a port of this? > >> (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflow.c) > >> > >> I used to use pfflowd but it broke due to pf changes and looks dead > >> upstream - if_pflow(4) seems like the canonical pf way now. > > > > May be you can try ng_netflow(4)? > > Funny you should mention that :) > > I am using mpd for PPPoE which uses netgraph and so enabled that > (although had to fix a bug when you have netflow and IPv6) - however > I am using pf for my firewall and NAT and I'd rather not change. That > means that mp (and hence ng_netflow) don't see un-NAT'd addresses > which makes the flow tracking not particularly useful. Ah thanks, this is good to know (we don't NAT here). > I could run softflowd but that doesn't see traffic generated by the > router itself (of which there is quite a bit) so that's out too.. I've tried softflowd but it does not perform well and implies a heavy load on the box. pflow(4) has the drawback to handle netflow only at the end of the session. Regards,