From owner-freebsd-stable@FreeBSD.ORG  Tue Jun 11 12:49:36 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 4F0BBC43
 for <freebsd-stable@freebsd.org>; Tue, 11 Jun 2013 12:49:36 +0000 (UTC)
 (envelope-from doconnor@gsoft.com.au)
Received: from cain.gsoft.com.au (cain.gsoft.com.au [203.31.81.10])
 by mx1.freebsd.org (Postfix) with ESMTP id B56BB10E8
 for <freebsd-stable@freebsd.org>; Tue, 11 Jun 2013 12:49:35 +0000 (UTC)
Received: from ur.dons.net.au (ppp121-45-114-226.lns20.adl6.internode.on.net
 [121.45.114.226]) (authenticated bits=0)
 by cain.gsoft.com.au (8.14.4/8.14.3) with ESMTP id r5BCnGF4037549
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
 Tue, 11 Jun 2013 22:19:22 +0930 (CST)
 (envelope-from doconnor@gsoft.com.au)
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Tue, 11 Jun 2013 22:19:16 +0930
Subject: Flow monitoring with PF
To: "freebsd-stable@freebsd.org stable" <freebsd-stable@freebsd.org>
Message-Id: <57C2DC16-7868-4C20-AB34-5B35A939D095@gsoft.com.au>
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
X-Mailer: Apple Mail (2.1508)
X-Spam-Score: 0.163 () BAYES_00,RDNS_DYNAMIC
X-Scanned-By: MIMEDefang 2.67 on 203.31.81.10
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 12:49:36 -0000

Hi,
I was looking at trying out flow monitoring and I found pfflowd, but =
unfortunately it does not work with FreeBSD >9.0. I thought about =
ng_netflow but that doesn't see my tun interface which may be related =
to..
WARNING: attempt to domain_add(netgraph) after domainfinalize()

since tun0 appears after the kernel is all done.

Does anyone have any recommendations for generating flow information =
from PF?

Thanks.

--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C