Date: Wed, 30 Oct 2013 14:40:44 +0400 From: Dennis Yusupoff <dyr@smartspb.net> To: freebsd-net@freebsd.org Subject: [Feature Request] (ng_)netflow additional Message-ID: <5270E22C.1060408@smartspb.net>
next in thread | raw e-mail | index | archive | help
Good day everyone. To be brief: 1. It would be really usefull for CGNAT providers have ability to record customers IPs in traffic before and after NAT, as it already has done in ipt_NETFLOW under Linux or in the Cisco ASA series. === begin of cut https://github.com/aabc/ipt-netflow/blob/master/README === natevents=1 - Collect and send NAT translation events as NetFlow Event Logging (NEL) for NetFlow v9/IPFIX, or as dummy flows compatible with NetFlow v5. Default is 0 (don't send). For NetFlow v5 protocol meaning of fields in dummy flows is such: Src IP, Src Port is Pre-nat source address. Dst IP, Dst Port is Post-nat destination address. - These two fields made equal to data flows catched in FORWARD chain. Nexthop, Src AS is Post-nat source address for SNAT. Or, Nexthop, Dst AS is Pre-nat destination address for DNAT. TCP Flags is SYN+SCK for start event, RST+FIN for stop event. Pkt/Traffic size is 0 (zero), so it won't interfere with accounting. === end of cut === 2. Is it possible to specify by user some field in Netflow v9, for example /IF_DESC/ or /APPLICATION DESCRIPTION/, according to http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9_ps6601_Products_White_Paper.html? If no, it would be really nice to see. Using example: customers requested other ip on a interface, where we collect netflow traffic so when we should to give traffic report we haven't any *unique* identifier in netflow flows, which can be helpful. It's a real pity. Thank you for your consideration! -- Best regards, Dennis Yusupoff, network engineer of Smart-Telecom ISP Russia, Saint-Petersburg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5270E22C.1060408>