ipfw_netflow: Add support for FIB

If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.

While here correct some value in rc.conf(5) to be int and not str.

Sponsored by:	Gandi.net
This commit is contained in:
Emmanuel Vadot 2017-07-18 14:02:02 +00:00
parent 37ec52ca7a
commit 2a4727a472
2 changed files with 10 additions and 5 deletions

View File

@ -54,7 +54,7 @@ ipfw_netflow_status()
ipfw_netflow_start()
{
ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any
ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}}
ngctl -f - <<-EOF
mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
name ipfw:${ipfw_netflow_hook} netflow

View File

@ -602,12 +602,12 @@ By default a ipfw rule is inserted and all packets are duplicated with
the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
port using protocol version 5.
.It Va ipfw_netflow_hook
.Pq Vt str
.Pq Vt int
netflow hook name, must be numerical
(default
.Pa 9995 ) .
.It Va ipfw_netflow_rule
.Pq Vt str
.Pq Vt int
ipfw rule number
(default
.Pa 1000 ) .
@ -617,13 +617,18 @@ Destination server ip for receiving netflow data
(default
.Pa 127.0.0.1 ) .
.It Va ipfw_netflow_port
.Pq Vt str
.Pq Vt int
Destination server port for receiving netflow data
(default
.Pa 9995 ) .
.It Va ipfw_netflow_version
.Pq Vt str
.Pq Vt int
Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
.It Va ipfw_netflow_fib
.Pq Vt int
Only match packet in FIB
.Pa ipfw_netflow_fib
(default is undefined meaning all FIBs).
.It Va natd_program
.Pq Vt str
Path to