From owner-freebsd-net@FreeBSD.ORG Thu Apr 2 01:07:52 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B68F0363 for ; Thu, 2 Apr 2015 01:07:52 +0000 (UTC) Received: from mail-pd0-f175.google.com (mail-pd0-f175.google.com [209.85.192.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 87529867 for ; Thu, 2 Apr 2015 01:07:52 +0000 (UTC) Received: by pdbni2 with SMTP id ni2so72210872pdb.1 for ; Wed, 01 Apr 2015 18:07:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=xkBFMMWNL6blysqTXbNXFBWHxHaTVSxKcsshCreXgaU=; b=b3be/WlCiG2HajkLo9FJ+hYygvrSm8c8KtmqaZbu5ww85e/BP540TFnOyfwrpFeUBT pSQaZqyRZ1V+gm1cMoB809waNPszstCT15Q7ikXQxXvxLMuiCIvQQrv+kN45KTSufOQ/ C1569G/FT4DGXBHam6EuvRQzt1CDweZWs8zDwmYC6GpApC86BWf6EsCLeHZTytnQ98Nq d9X0Jnctlqby+hKTnBJqfy/qPAb4DMLXFyEARHcuExCEFHtfftaXcvp0cteq+R2H4QEC Xs1v4Zh1pmxDVKxrWtdz+8pX6vSWCudj6cA5Y7RdcYQzPHUlqwVQ3eMgt1omZL/RT+uX PghA== X-Gm-Message-State: ALoCoQlnC48fs/B4Q1h5yOvUb5CQoKBFr2E0NdB1fOFUpt6dhgyUC19LK5vPlBRY0CnLAu3MAEEy X-Received: by 10.66.150.165 with SMTP id uj5mr83167181pab.54.1427936871363; Wed, 01 Apr 2015 18:07:51 -0700 (PDT) Received: from [128.199.254.70] (sgp.sin.winterei.se. [128.199.254.70]) by mx.google.com with ESMTPSA id x1sm3323484pdn.96.2015.04.01.18.07.49 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Apr 2015 18:07:50 -0700 (PDT) Message-ID: <551C9651.7050003@winterei.se> Date: Thu, 02 Apr 2015 10:07:29 +0900 From: "Paul S." User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: ng_netgraph and BGP References: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2015 01:07:52 -0000 Additionally, pmacct doesn't seem to really work in FreeBSD -- as far as the latest versions go. Their use of 'return' (with no args) on functions that are meant to return an int flat out makes it unable to compile on FreeBSD. If you fix those by hand, it compiles, but just seems to segfault -- I didn't get the time to look into it further with GDB. There's another option that claims to be able to do the same thing (introduce BGP accounting data to normal flows - ntop's nprobe (www.ntop.org/products/nprobe/), but it's not free. I don't know if it works in FreeBSD well either.) As to the ng_netflow hook, +1, excellent idea. On 4/2/2015 午前 03:08, Nikolay Denev wrote: > On Wed, Apr 1, 2015 at 12:50 PM, William Waites > wrote: > >> I run a small network composed of even smaller networks each >> encapsulated in an autonomous system. I'd like to do traffic >> accounting using netflow aggregated by ASN. My border routers run >> FreeBSD and BIRD. >> >> Right now, and this is mentioned in ng_netflow(4), we do not fill in >> the source and destination ASN because there is no information to get >> this from the routing daemon's RIB. Probably if we come up with such a >> way it should be generic so it could be used by Quagga, BIRD or >> OpenBGPD. >> >> I've done a little bit of thinking about how this could be done, and >> come up with two main strategies: >> >> 1. A new kind of netgraph node inserted before ng_netflow knows how >> to query the routing daemon and decorates the packet with the >> result, which ng_netflow then puts into the flow packet if >> present. This entails either a copy (tee) or putting the lookup >> in the data path which may be suboptimal. >> >> 2. A new hook added to the ng_netflow node that allows it to query >> the routing daemon through a different new kind of netgraph >> node. This is probably better but may be slightly more >> complicated to implement. >> >> Is anyone working on this or has given this though? I wasn't able to >> find much by searching the list archives. It may be that I will soon >> have some students that I can set on this task but would not like to >> unnecessarily duplicate effort. >> >> Cheers, >> -w >> >> -- >> William Waites | School of Informatics >> http://tardis.ed.ac.uk/~wwaites/ | University of Edinburgh >> http://www.hubs.net.uk/ | HUBS AS60241 >> >> The University of Edinburgh is a charitable body, registered in >> Scotland, with registration number SC005336. >> > > Hi, > > It's not ng_netflow, but if you need this today you can take a look at > http://www.pmacct.net ? (there is a package/port too). > It comes with BGP daemon (stripped down quagga) and can export this data. > > --Nikolay > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"