[Feature Request] (ng_)netflow additional
Dennis Yusupoff
dyr at smartspb.net
Wed Oct 30 10:40:53 UTC 2013
Good day everyone.
To be brief:
1. It would be really usefull for CGNAT providers have ability to record
customers IPs in traffic before and after NAT, as it already has done in
ipt_NETFLOW under Linux or in the Cisco ASA series.
=== begin of cut https://github.com/aabc/ipt-netflow/blob/master/README ===
natevents=1
- Collect and send NAT translation events as NetFlow Event Logging
(NEL)
for NetFlow v9/IPFIX, or as dummy flows compatible with NetFlow v5.
Default is 0 (don't send).
For NetFlow v5 protocol meaning of fields in dummy flows is such:
Src IP, Src Port is Pre-nat source address.
Dst IP, Dst Port is Post-nat destination address.
- These two fields made equal to data flows catched in
FORWARD chain.
Nexthop, Src AS is Post-nat source address for SNAT. Or,
Nexthop, Dst AS is Pre-nat destination address for DNAT.
TCP Flags is SYN+SCK for start event, RST+FIN for stop event.
Pkt/Traffic size is 0 (zero), so it won't interfere with
accounting.
=== end of cut ===
2. Is it possible to specify by user some field in Netflow v9, for
example /IF_DESC/ or /APPLICATION DESCRIPTION/, according to
http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9_ps6601_Products_White_Paper.html?
If no, it would be really nice to see. Using example: customers
requested other ip on a interface, where we collect netflow traffic so
when we should to give traffic report we haven't any *unique* identifier
in netflow flows, which can be helpful. It's a real pity.
Thank you for your consideration!
--
Best regards,
Dennis Yusupoff,
network engineer of
Smart-Telecom ISP
Russia, Saint-Petersburg
More information about the freebsd-net
mailing list