Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Jul 2017 14:02:02 +0000 (UTC)
From:      Emmanuel Vadot <manu@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r321128 - in head: etc/rc.d share/man/man5
Message-ID:  <201707181402.v6IE220r070417@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: manu
Date: Tue Jul 18 14:02:02 2017
New Revision: 321128
URL: https://svnweb.freebsd.org/changeset/base/321128

Log:
  ipfw_netflow: Add support for FIB
  
  If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.
  
  While here correct some value in rc.conf(5) to be int and not str.
  
  Sponsored by:	Gandi.net

Modified:
  head/etc/rc.d/ipfw_netflow
  head/share/man/man5/rc.conf.5

Modified: head/etc/rc.d/ipfw_netflow
==============================================================================
--- head/etc/rc.d/ipfw_netflow	Tue Jul 18 08:54:35 2017	(r321127)
+++ head/etc/rc.d/ipfw_netflow	Tue Jul 18 14:02:02 2017	(r321128)
@@ -54,7 +54,7 @@ ipfw_netflow_status()
 ipfw_netflow_start()
 {
 	ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
-	ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any
+	ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}}
 	ngctl -f - <<-EOF
 	mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
 	name ipfw:${ipfw_netflow_hook} netflow

Modified: head/share/man/man5/rc.conf.5
==============================================================================
--- head/share/man/man5/rc.conf.5	Tue Jul 18 08:54:35 2017	(r321127)
+++ head/share/man/man5/rc.conf.5	Tue Jul 18 14:02:02 2017	(r321128)
@@ -602,12 +602,12 @@ By default a ipfw rule is inserted and all packets are
 the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
 port using protocol version 5.
 .It Va ipfw_netflow_hook
-.Pq Vt str
+.Pq Vt int
 netflow hook name, must be numerical
 (default
 .Pa 9995 ) .
 .It Va ipfw_netflow_rule
-.Pq Vt str
+.Pq Vt int
 ipfw rule number
 (default
 .Pa 1000 ) .
@@ -617,13 +617,18 @@ Destination server ip for receiving netflow data
 (default
 .Pa 127.0.0.1 ) .
 .It Va ipfw_netflow_port
-.Pq Vt str
+.Pq Vt int
 Destination server port for receiving netflow data
 (default
 .Pa 9995 ) .
 .It Va ipfw_netflow_version
-.Pq Vt str
+.Pq Vt int
 Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
+.It Va ipfw_netflow_fib
+.Pq Vt int
+Only match packet in FIB
+.Pa ipfw_netflow_fib
+(default is undefined meaning all FIBs).
 .It Va natd_program
 .Pq Vt str
 Path to



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707181402.v6IE220r070417>