Date: Tue, 2 Feb 2021 21:16:49 +0100 From: Lutz Donnerhacke <lutz@donnerhacke.de> To: petru garstea <peter.garshtja@ambient-md.com> Cc: freebsd-net@freebsd.org Subject: Re: netgraph with ng_netflow and ng_gridge nodes Message-ID: <20210202201649.GA31653@belenus.iks-jena.de> In-Reply-To: <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com> References: <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 02, 2021 at 10:05:15AM -0500, petru garstea wrote:
> Hi,
>
> I need help to unify 2 netgraphs
>
> 1st ng_bridge netgraph
>
> ngctl mkpeer fxp0: bridge lower link0
> ngctl connect fxp0: em0:lower upper link1
> ngctl name fxp0:lower em0Bridge
> ngctl mkpeer fxp0:lower eiface link3 ether
So you tap the fxp0 with a bridge and attach an virtual interface.
> 2nd ng_netflow netgraph
>
> mkpeer fxp0: netflow lower iface0
> name fxp0:lower netflow
> connect fxp0: netflow: upper out0
> mkpeer netflow: ksocket export inet/dgram/udp
> msg netflow:export connect inet/10.0.0.1:4444
So you inject a bidirectional netflow analyser into the fxp0 interface.
> I cannot run both graphs at the same time because both of them are trying to use fxp0 interface lower and upper hooks.
> I believe it is necessary to introduce an extra node but I am not sure.
You need to define which communication you want to analyse with netflow.
I.e. you want to analyze the traffic on the wire:
fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0
\.link3 -- ether.eiface
This will exclude the traffic between the eiface and the fxp0 IP-stack.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210202201649.GA31653>