From owner-freebsd-doc@FreeBSD.ORG Mon May 18 20:00:01 2009 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8CB31065675 for ; Mon, 18 May 2009 20:00:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8FA778FC21 for ; Mon, 18 May 2009 20:00:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4IK01UY097330 for ; Mon, 18 May 2009 20:00:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4IK01hc097329; Mon, 18 May 2009 20:00:01 GMT (envelope-from gnats) Resent-Date: Mon, 18 May 2009 20:00:01 GMT Resent-Message-Id: <200905182000.n4IK01hc097329@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Maxim Ignatenko Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 438B5106566B for ; Mon, 18 May 2009 19:57:22 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 325D58FC14 for ; Mon, 18 May 2009 19:57:22 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n4IJvL8I037074 for ; Mon, 18 May 2009 19:57:21 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n4IJvLfg037073; Mon, 18 May 2009 19:57:21 GMT (envelope-from nobody) Message-Id: <200905181957.n4IJvLfg037073@www.freebsd.org> Date: Mon, 18 May 2009 19:57:21 GMT From: Maxim Ignatenko To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: docs/134660: rc-script for initializing ng_netflow+ng_ipfw X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 20:00:02 -0000 >Number: 134660 >Category: docs >Synopsis: rc-script for initializing ng_netflow+ng_ipfw >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon May 18 20:00:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Maxim Ignatenko >Release: 8.0-CURRENT >Organization: Kiev National Taras Shevchenko University >Environment: >Description: This script provides configurable via rc.conf initializing of ng_netflow nodes and connects them to ng_ipfw node. Maybe the right place for this would be /usr/share/examples/netgraph >How-To-Repeat: >Fix: #!/bin/sh # PROVIDE: ng_netflow_ipfw # BEFORE: ipfw # REQUIRE: FILESYSTEMS # ng_netflow_ipfw_nodeN_enable (bool): used for temporary disabling one node # ng_netflow_ipfw_nodeN_cookie (int): specify cookie number for ng_ipfw (default=N) # ng_netflow_ipfw_nodeN_collector : "ipaddr:port" of corresponding collector # ng_netflow_ipfw_nodeN_atimeout (int) : active timeout for ng_netflow node # ng_netflow_ipfw_nodeN_itimeout (int) : inactive timeout for ng_netflow node # # For more information about specific parameters please refer to ng_ipfw(4) and # ng_netflow(4) man pages. # . /etc/rc.subr name="ng_netflow_ipfw" rcvar="ng_netflow_ipfw_enable" start_cmd="ng_netflow_ipfw_start" stop_cmd="ng_netflow_ipfw_stop" required_modules="netgraph ng_ipfw ng_netflow ng_ksocket" ng_netflow_ipfw_start() { local node ngctl ngctl="/usr/sbin/ngctl" node=0 local singlenode=0 if [ -n "$1" ]; then singlenode=1 node=$1 fi while true; do eval _enable=\$ng_netflow_ipfw_node${node}_enable if [ -z "${_enable}" ]; then # node not defined, finish break fi if ! checkyesno _enable; then # node defined, but disabled, skip continue fi eval _cookie=\${ng_netflow_ipfw_node${node}_cookie:-\"${node}\"} eval _collector=\${ng_netflow_ipfw_node${node}_collector:-\"127.0.0.1:9995\"} eval _atimeout=\${ng_netflow_ipfw_node${node}_atimeout:-\"1800\"} eval _itimeout=\${ng_netflow_ipfw_node${node}_itimeout:-\"15\"} echo "mkpeer ipfw: netflow ${_cookie} iface0 name ipfw:${_cookie} netflow${node} msg netflow${node}: setdlt { iface=0 dlt=12 } msg netflow${node}: settimeouts { inactive=${_itimeout} active=${_atimeout} } mkpeer netflow${node}: ksocket export inet/dgram/udp msg netflow${node}:export connect inet/${_collector}" | ${ngctl} -f - if [ "${singlenode}" = 1 ]; then break fi node=$(( ${node} + 1 )) done } ng_netflow_ipfw_stop() { local node ngctl ngctl="/usr/sbin/ngctl" node=0 local singlenode=0 if [ -n "$1" ]; then singlenode=1 node=$1 fi while true; do eval _enable=\$ng_netflow_ipfw_node${node}_enable if [ -z "${_enable}" ]; then # node not defined, finish break fi if ! checkyesno _enable; then # node defined, but disabled, skip continue fi echo "rmhook netflow${node}: export rmhook netflow${node}: iface0" | ${ngctl} -f - if [ "${singlenode}" = 1 ]; then break fi node=$(( ${node} + 1 )) done } load_rc_config $name run_rc_command $@ >Release-Note: >Audit-Trail: >Unformatted: