In Kernel settings before compiling:
Or load next modles:
For their autoboot after restart add to /boot/loader.conf:
This modules need for setting up netraph system and subsystems
example ng_ipfw need for exchange data with ipfw and ng_ksocket need for send data to network host
In ipfw rules
This rules send packets to netgraphs ipfw node with number 100 and return to ipfw after netgraph.
Script for starting netflow:
Ipfw cookie number 100 create connect with ipfw rules and netflow subsystem, and via 108 number data return to ipfw. Setdlt command set data link type to raw IP datagrams mode, is have a Ethernet but I dont know where is used. Then setting timeouts with settimeouts, and sending netflow data to your netflow collector via ksocket.
Thats all. Thank you. And sorry for my bad English =)
Code:
options IPFIREWALL
options NETGRAPH
options NETGRAPH_SOCKET
options NETGRAPH_IPFW
options NETGRAPH_NETFLOW
options NETGRAPH_KSOCKET
Or load next modles:
Code:
kldload ipfw.ko
kldload netgraph
kldload ng_socket
kldload ng_ipfw
kldload ng_netflow
kldload ng_ksocket
For their autoboot after restart add to /boot/loader.conf:
Code:
ipfw_load="YES"
ng_netflow_load="YES"
ng_socket_load="YES"
ng_ksocket_load="YES"
ng_ipfw_load="YES"
example ng_ipfw need for exchange data with ipfw and ng_ksocket need for send data to network host
In ipfw rules
Code:
ipfw add 02210 netgraph 100 ip from any to any via vlan108
ipfw add 02220 netgraph 100 ip from any to any via vlan208
Script for starting netflow:
Code:
#!/bin/sh
. /etc/rc.subr
name="ngnetflow"
rcvar=`set_rcvar`
load_rc_config $name
: ${ngnetflow_enable="NO"}
: ${ngnetflow_src="127.0.0.1:9999"}
: ${ngnetflow_dst="127.0.0.1:9996"}
start_cmd="ngnetflow_start"
stop_cmd="ngnetflow_stop"
ngnetflow_start() {
/usr/sbin/ngctl -f- <<-SEQ
mkpeer ipfw: netflow 100 iface0
name ipfw:100 netflow
connect ipfw: netflow: 108 out0
msg netflow: setdlt { iface=0 dlt=12 }
msg netflow: settimeouts { inactive=30 active=600 }
mkpeer netflow: ksocket export inet/dgram/udp
name netflow:export flowexp
msg flowexp: bind inet/${ngnetflow_src}
msg flowexp: connect inet/${ngnetflow_dst}
SEQ
}
ngnetflow_stop() {
/usr/sbin/ngctl -f- <<-SEQ
shutdown netflow:
SEQ
}
run_rc_command "$1"
Thats all. Thank you. And sorry for my bad English =)