RE: ng_netflow: testers are welcome
From: Vasenin Alexander aka BlackSir (blacksir_at_number.ru)
Date: 02/24/04
- Previous message: Petri Helenius: "Re: ng_netflow: testers are welcome"
- In reply to: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
- Next in thread: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
- Reply: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Gleb Smirnoff" <glebius@cell.sick.ru> Date: Tue, 24 Feb 2004 10:46:44 +0300
> -----Original Message-----
> From: owner-freebsd-isp@freebsd.org
> [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff
> Sent: Monday, February 23, 2004 10:47 PM
> To: Vasenin Alexander aka BlackSir
> Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Julian Elischer;
> freebsd-net@freebsd.org
> Subject: Re: ng_netflow: testers are welcome
> I'd be glad if you show me your current netgraph setup script. Surely
> I can reproduce it myself, but live example would be better than
> imaginary.
Here it is(latest version - 'echotee'):
---cut---
# Create ng_tee node
mkpeer . tee dummy left
name .dummy tee
# Create ng_netflow node
mkpeer tee: netflow left2right iface0
name tee:.left2right netflow
msg netflow: setifindex { iface=0 index=1 }
msg netflow: setdlt { iface=0 dlt=12 }
# Create ng_ksocket for exporting netflow data
mkpeer netflow: ksocket export inet/dgram/udp
name netflow:.export export_ksocket
msg export_ksocket: connect inet/127.0.0.1:8000
# Create ng_echo node for returning data from divert socket
mkpeer tee: echo right echo_hook
name tee:.right echo
# Destroy dummy hook
rmhook dummy
# Create divert ng_ksocket
mkpeer tee: ksocket left inet/raw/divert
name tee:.left divert_ksocket
msg divert_ksocket: bind inet/0.0.0.0:8888
---cut---
This config assumes that packets needed to catch via ng_netflow is simply
diverted by ipfw rule:
divert 8888 ip from any to any in - or something like that
Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught
divert and reinjected in ipfw ;-)
but I've not tested this in production yet...
Thanks again!
Vasenin Alexander aka BlackSir
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Petri Helenius: "Re: ng_netflow: testers are welcome"
- In reply to: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
- Next in thread: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
- Reply: Gleb Smirnoff: "Re: ng_netflow: testers are welcome"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
