RE: ng_netflow: testers are welcome

• Previous message: Roberto Pereyra: "Re: dialup question"
• In reply to: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
• Next in thread: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
• Reply: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
• Reply: Julian Elischer: "RE: ng_netflow: testers are welcome"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Gleb Smirnoff" <glebius@cell.sick.ru>, "Julian Elischer" <julian@elischer.org>
Date: Mon, 23 Feb 2004 22:32:42 +0300

YES! IT WORKS!
All I've need - just create ksocket with inet/rawip/divert hook connected to
ng_netflow iface0 hook (mkpeer netflow: ksocket iface0 inet/raw/divert),
then "msg netflow: setdlt { iface=0 dlt=12 }" (Raw ip instead of ethernet),
then "msg divert: bind inet/0.0.0.0:8888". And after all add ipfw rule "tee
8888 ip from any to any in"(One may need "via $oif") instead of final allow
(or, better, before it).
But there is bug in "ipfw tee" - packets is always immediately accepted
instead of continue going through the ruleset, so tee must be the last
rule(So, ng_netflow never see packets that denied by ipfw before tee rule).
Maybe there is way to use 'divert'? I've tried - packets going to divert
socket,then ng_netflow... and never come back... Actually I'm not quite
understand mechanism of returning from divert - ng_ksocket have only one
hook...

Great thanks to Julian & Gleb & all who helped!
2Gleb: It would be pleasure for me to write a little example based on our
discussion for README if you need.
        Vasenin Alexander aka BlackSir

> -----Original Message-----
> From: owner-freebsd-isp@freebsd.org
> [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff
> Sent: Monday, February 23, 2004 1:43 PM
> To: Julian Elischer
> Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka
> BlackSir; freebsd-net@freebsd.org
> Subject: Re: ng_netflow: testers are welcome

> On Sun, Feb 22, 2004 at 03:17:38PM -0800, Julian Elischer wrote:
> J> you can open a divert socket as a netgraph node by openning a ksocket
> J> node with protocol 'divert'.

> Really one can use "ipfw tee" to pass demasqueraded traffic to
> ng_netflow.

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Roberto Pereyra: "Re: dialup question"
• In reply to: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
• Next in thread: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
• Reply: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
• Reply: Julian Elischer: "RE: ng_netflow: testers are welcome"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages RE: ng_netflow: testers are welcome ... All I've need - just create ksocket with inet/rawip/divert hook connected to ... ksocket iface0 inet/raw/divert), ... I've tried - packets going to divert ... (freebsd-net) Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) ... > J> Firstly there is the possibility of making the ipfw stuff a netgraph ... > J> divert sockets. ... > J> and that would be the equivalant of openning a divert hook of that number.. ... > Divert is a socket, ... (freebsd-net) Re: Disk brakes or V-brakes ? ... When the hook won't go down, you divert. ... barricade...no middle ground on a CV. ... well, if we're talking advantages of disk over v, which we were, with the disks, the hook will always come down. ... (rec.bicycles.tech) Re: Disk brakes or V-brakes ? ... you know how it's hard to land on the deck when the hook won't ... disk brakes rock. ... When the hook won't go down, you divert. ... (rec.bicycles.tech)