if_pflow from OpenBSD
O'Connor, Daniel
Daniel.O'Connor at emc.com
Fri Jan 9 01:46:33 UTC 2015
On 8 Jan 2015, at 19:47, Patrick Lamaiziere <patfbsd at davenulle.org> wrote:
> Le Wed, 7 Jan 2015 07:26:42 -0500,
> "O'Connor, Daniel" <Daniel.O'Connor at emc.com> a écrit :
>
>> Has anyone attempted a port of this?
>> (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflow.c)
>>
>> I used to use pfflowd but it broke due to pf changes and looks dead
>> upstream - if_pflow(4) seems like the canonical pf way now.
>
> May be you can try ng_netflow(4)?
Funny you should mention that :)
I am using mpd for PPPoE which uses netgraph and so enabled that (although had to fix a bug when you have netflow and IPv6) - however I am using pf for my firewall and NAT and I'd rather not change. That means that mp (and hence ng_netflow) don't see un-NAT'd addresses which makes the flow tracking not particularly useful.
I could run softflowd but that doesn't see traffic generated by the router itself (of which there is quite a bit) so that's out too..
I had a look at if_pflow and it does appear to handle NAT properly and so should do what I want..
> (I have to migrate an OpenBSD firewall to FreeBSD and any
> input on ng_netflow will be welcome.)
I think if you used netgraph for NAT then it would work but I'm reluctant to migrate my setting (just yet anyway..)
Regards,
Daniel O’Connor
Senior Software Engineer
Isilon Platforms Team
More information about the freebsd-hackers
mailing list