Date: Fri, 9 Jan 2015 11:02:07 +0100 From: Patrick Lamaiziere <patfbsd@davenulle.org> To: "O'Connor, Daniel" <Daniel.O'Connor@emc.com> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: if_pflow from OpenBSD Message-ID: <20150109110207.45e280dd@mr185083> In-Reply-To: <9085F2E7-5429-4C16-86DB-7C3F04C993DC@emc.com> References: <45056363-1E83-4318-B870-7F673993166B@emc.com> <20150108101744.2c2a9eae@mr185083> <9085F2E7-5429-4C16-86DB-7C3F04C993DC@emc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Thu, 8 Jan 2015 20:46:23 -0500, "O'Connor, Daniel" <Daniel.O'Connor@emc.com> a écrit : Hello, > On 8 Jan 2015, at 19:47, Patrick Lamaiziere <patfbsd@davenulle.org> > wrote: > > Le Wed, 7 Jan 2015 07:26:42 -0500, > > "O'Connor, Daniel" <Daniel.O'Connor@emc.com> a écrit : > > > >> Has anyone attempted a port of this? > >> (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflow.c) > >> > >> I used to use pfflowd but it broke due to pf changes and looks dead > >> upstream - if_pflow(4) seems like the canonical pf way now. > > > > May be you can try ng_netflow(4)? > > Funny you should mention that :) > > I am using mpd for PPPoE which uses netgraph and so enabled that > (although had to fix a bug when you have netflow and IPv6) - however > I am using pf for my firewall and NAT and I'd rather not change. That > means that mp (and hence ng_netflow) don't see un-NAT'd addresses > which makes the flow tracking not particularly useful. Ah thanks, this is good to know (we don't NAT here). > I could run softflowd but that doesn't see traffic generated by the > router itself (of which there is quite a bit) so that's out too.. I've tried softflowd but it does not perform well and implies a heavy load on the box. pflow(4) has the drawback to handle netflow only at the end of the session. Regards,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150109110207.45e280dd>