Hi, I was looking at trying out flow monitoring and I found pfflowd, but unfortunately it does not work with FreeBSD >9.0. I thought about ng_netflow but that doesn't see my tun interface which may be related to.. WARNING: attempt to domain_add(netgraph) after domainfinalize() since tun0 appears after the kernel is all done. Does anyone have any recommendations for generating flow information from PF? Thanks. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
>I was looking at trying out flow monitoring and I found pfflowd, but unfortunately it does not work with FreeBSD >9.0. I thought about ng_netflow but that doesn't >see my tun interface which may be related to.. >WARNING: attempt to domain_add(netgraph) after domainfinalize()Noise message. I've never seen it actually mean anything. The problem is that tun0 is a generic network interface. Ng_ether only exposes Ethernet devices. The equivalent to tun but for an Ethernet device is tap. Creating a tap device after boot immediately creates the corresponding ng_ether node which can then be plumbed into ng_netflow. Some software is kind enough to work with either tun or tap as a configurable option.>Does anyone have any recommendations for generating flow information from PF?I've had great success with ng_netflow. I like the fact that all the processing is in-kernel. ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **********************************************************************
> > Hi, > I was looking at trying out flow monitoring and I found pfflowd, but > unfortunately it does not work with FreeBSD >9.0. I thought about > ng_netflow but that doesn't see my tun interface which may be related to.. > WARNING: attempt to domain_add(netgraph) after domainfinalize() > > since tun0 appears after the kernel is all done. > > Does anyone have any recommendations for generating flow information from > PF? >Here https://github.com/pfsense/pfsense-tools/tree/master/pfPorts/pfflowd-0.8 is a port that should work ok with pf(4) in FreeBSD 9.0++> > Thanks. > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > >-- Ermal