From owner-freebsd-net@FreeBSD.ORG  Wed Jun  1 18:04:19 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D4B4316A41C
	for <freebsd-net@freebsd.org>; Wed,  1 Jun 2005 18:04:19 +0000 (GMT)
	(envelope-from mreimer@vpop.net)
Received: from ring.vpop.net (ring.vpop.net [207.178.248.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7677443D69
	for <freebsd-net@freebsd.org>; Wed,  1 Jun 2005 18:04:18 +0000 (GMT)
	(envelope-from mreimer@vpop.net)
Received: from bilbo.vpop.net (bilbo.vpop.net [70.56.77.194])
	by ring.vpop.net (Postfix) with ESMTP id 9FA64AFAB05
	for <freebsd-net@freebsd.org>; Wed,  1 Jun 2005 11:04:12 -0700 (PDT)
From: Matthew Reimer <mreimer@vpop.net>
Organization: VPOP Technologies, Inc.
To: freebsd-net@freebsd.org
Date: Wed, 1 Jun 2005 11:03:41 -0700
User-Agent: KMail/1.8
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200506011103.41726.mreimer@vpop.net>
Subject: Packets don't flow from ng_netflow
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2005 18:04:20 -0000

I'm trying to use ng_netflow to monitor our network traffic but for some 
reason NetFlow packets aren't emitted unless tcpdump is running on the 
interface configured with ng_netflow.

The box is running FreeBSD 4.11-STABLE and the latest ng_netflow from ports. 
It has two NICs: the main NIC fxp0 which is configured for IP, and a second 
NIC dc0 which is up but with no IP configuration. I've configured port 
mirroring on our Cisco switch to tee all traffic going through our upstream 
port to dc0:

# ifconfig dc0
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ether 00:04:5a:79:72:f7
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

netgraph config:

+ mkpeer dc0: netflow lower iface0
+ name dc0:lower netflow
+ mkpeer netflow: ksocket export inet/dgram/udp
+ msg netflow:export connect inet/192.168.1.2:1234


The problem is that no NetFlow packets are emitted unless I run tcpdump on 
dc0. Is this not a valid configuration? Or is there a bug in 
netgraph/ng_netflow?

Thanks for any help you can give.

Matt