[netflow-tools] softflowd and pflog
Cristian KLEIN
cristi at net.utcluj.ro
Fri Oct 27 06:06:19 EST 2006
Hi list,
I found it useful to log packets from a FreeBSD / OpenBSD pflog
interface. This way, you may fine-tune the traffic you want to export.
This is very useful if you have a box which routes Gigabit LAN traffic
and does NAT to the Internet. If you want to log the Internet traffic
(before being NATed) you would have to put softflowd on the Gigabit
interface, which would be a huge waste of CPU cycles.
In the following patch, I have hardcoded the pflog header size and the
location of the address family, to reduce dependency.
Usage: softflowd -i pflog0 -n 127.0.0.1:12142
--- softflowd.c.orig Thu Oct 26 21:52:15 2006
+++ softflowd.c Thu Oct 26 22:41:44 2006
@@ -88,6 +88,9 @@
#ifdef DLT_LOOP
{ DLT_LOOP, 4, 0, 4, 1, 0xffffffff, AF_INET, AF_INET6 },
#endif
+#ifdef DLT_PFLOG
+ { DLT_PFLOG, 48, 1, 1, 0, 0x000000ff, AF_INET, AF_INET6 },
+#endif
{ -1, -1, -1, -1, -1, 0x00000000, 0xffff, 0xffff },
};
More information about the netflow-tools
mailing list