From owner-freebsd-net@freebsd.org Tue Feb 2 20:17:04 2021 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 66C0D53BFDB for ; Tue, 2 Feb 2021 20:17:04 +0000 (UTC) (envelope-from lutz@iks-jena.de) Received: from annwfn.iks-jena.de (annwfn.iks-jena.de [IPv6:2001:4bd8::19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DVbgz1Yqhz4W6w for ; Tue, 2 Feb 2021 20:17:02 +0000 (UTC) (envelope-from lutz@iks-jena.de) X-SMTP-Sender: IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f Received: from belenus.iks-jena.de (belenus.iks-jena.de [IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f]) by annwfn.iks-jena.de (8.15.2/8.15.2) with ESMTPS id 112KGnMi031833 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 2 Feb 2021 21:16:49 +0100 X-MSA-Host: belenus.iks-jena.de Received: (from lutz@localhost) by belenus.iks-jena.de (8.14.3/8.14.1/Submit) id 112KGn0K031770; Tue, 2 Feb 2021 21:16:49 +0100 Date: Tue, 2 Feb 2021 21:16:49 +0100 From: Lutz Donnerhacke To: petru garstea Cc: freebsd-net@freebsd.org Subject: Re: netgraph with ng_netflow and ng_gridge nodes Message-ID: <20210202201649.GA31653@belenus.iks-jena.de> References: <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com> X-message-flag: Please send plain text messages only. Thank you. User-Agent: Mutt/1.5.17 (2007-11-01) X-Rspamd-Queue-Id: 4DVbgz1Yqhz4W6w X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of lutz@iks-jena.de designates 2001:4bd8::19 as permitted sender) smtp.mailfrom=lutz@iks-jena.de X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:4bd8::/48]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[donnerhacke.de]; RBL_DBL_DONT_QUERY_IPS(0.00)[2001:4bd8::19:from]; SPAMHAUS_ZRD(0.00)[2001:4bd8::19:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; FORGED_SENDER(0.30)[lutz@donnerhacke.de,lutz@iks-jena.de]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15725, ipnet:2001:4bd8::/29, country:DE]; FROM_NEQ_ENVFROM(0.00)[lutz@donnerhacke.de,lutz@iks-jena.de]; MAILMAN_DEST(0.00)[freebsd-net]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2021 20:17:04 -0000 On Tue, Feb 02, 2021 at 10:05:15AM -0500, petru garstea wrote: > Hi, > > I need help to unify 2 netgraphs > > 1st ng_bridge netgraph > > ngctl mkpeer fxp0: bridge lower link0 > ngctl connect fxp0: em0:lower upper link1 > ngctl name fxp0:lower em0Bridge > ngctl mkpeer fxp0:lower eiface link3 ether So you tap the fxp0 with a bridge and attach an virtual interface. > 2nd ng_netflow netgraph > > mkpeer fxp0: netflow lower iface0 > name fxp0:lower netflow > connect fxp0: netflow: upper out0 > mkpeer netflow: ksocket export inet/dgram/udp > msg netflow:export connect inet/10.0.0.1:4444 So you inject a bidirectional netflow analyser into the fxp0 interface. > I cannot run both graphs at the same time because both of them are trying to use fxp0 interface lower and upper hooks. > I believe it is necessary to introduce an extra node but I am not sure. You need to define which communication you want to analyse with netflow. I.e. you want to analyze the traffic on the wire: fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0 \.link3 -- ether.eiface This will exclude the traffic between the eiface and the fxp0 IP-stack.