Simple export netflow via netgraph

VS

New Member

Reaction score: 1
Messages: 1

In Kernel settings before compiling:
Code:
options		IPFIREWALL
options		NETGRAPH
options		NETGRAPH_SOCKET
options		NETGRAPH_IPFW
options		NETGRAPH_NETFLOW
options		NETGRAPH_KSOCKET

Or load next modles:
Code:
kldload ipfw.ko
kldload netgraph
kldload ng_socket
kldload ng_ipfw
kldload ng_netflow
kldload ng_ksocket

For their autoboot after restart add to /boot/loader.conf:
Code:
ipfw_load="YES"
ng_netflow_load="YES"
ng_socket_load="YES"
ng_ksocket_load="YES"
ng_ipfw_load="YES"
This modules need for setting up netraph system and subsystems
example ng_ipfw need for exchange data with ipfw and ng_ksocket need for send data to network host

In ipfw rules
Code:
ipfw add 02210 netgraph 100 ip from any to any via vlan108
ipfw add 02220 netgraph 100 ip from any to any via vlan208
This rules send packets to netgraphs ipfw node with number 100 and return to ipfw after netgraph.

Script for starting netflow:
Code:
#!/bin/sh
. /etc/rc.subr
 
name="ngnetflow"
rcvar=`set_rcvar`

load_rc_config $name
: ${ngnetflow_enable="NO"}
: ${ngnetflow_src="127.0.0.1:9999"}
: ${ngnetflow_dst="127.0.0.1:9996"}

start_cmd="ngnetflow_start"
stop_cmd="ngnetflow_stop"

ngnetflow_start() {

/usr/sbin/ngctl -f- <<-SEQ
mkpeer ipfw: netflow 100 iface0
name ipfw:100 netflow
connect ipfw: netflow: 108 out0
msg netflow: setdlt { iface=0 dlt=12 }
msg netflow: settimeouts { inactive=30 active=600 }
mkpeer netflow: ksocket export inet/dgram/udp
name netflow:export flowexp
msg flowexp: bind inet/${ngnetflow_src}
msg flowexp: connect inet/${ngnetflow_dst}
SEQ

}

ngnetflow_stop() {
/usr/sbin/ngctl -f- <<-SEQ
shutdown netflow:
SEQ
}

run_rc_command "$1"
Ipfw cookie number 100 create connect with ipfw rules and netflow subsystem, and via 108 number data return to ipfw. Setdlt command set data link type to raw IP datagrams mode, is have a Ethernet but I dont know where is used. Then setting timeouts with settimeouts, and sending netflow data to your netflow collector via ksocket.

Thats all. Thank you. And sorry for my bad English =)
 
Top