Hi there.... I am looking a way to use nfsen (http://nfsen.sf.net/) with pfflowd... But... Is there any good way to add with pfflowd source-as / dest-as using openbgpd rib ? Thanks, /Xavier
On Thu, Mar 02, 2006 at 09:08:21PM +0100, Xavier Beaudouin wrote:> But... Is there any good way to add with pfflowd source-as / dest-as > using openbgpd rib ?I have looked into a similar setup but didn''t really have any joy, seems there is no way of getting the AS data to pfflowd. I did find mention of something about adding an extra field to OBSD''s route table which could contact some misc. data such as an AS number which could then be pulled by pfflogd, however I got the impression that this was still in the theory stage. I''d be interested to know if you manage to find anything better. Regards, Tom -- Tom Beard Public Internet Limited Direct: +44 20 7993 1273 Mobile: +44 7879 817 635
On Thu, 2 Mar 2006, Tom Beard wrote:> On Thu, Mar 02, 2006 at 09:08:21PM +0100, Xavier Beaudouin wrote: > > But... Is there any good way to add with pfflowd source-as / dest-as > > using openbgpd rib ? > > I have looked into a similar setup but didn''t really have any joy, > seems there is no way of getting the AS data to pfflowd. I did find > mention of something about adding an extra field to OBSD''s route table > which could contact some misc. data such as an AS number which could > then be pulled by pfflogd, however I got the impression that this was > still in the theory stage.It should be possible to let pfflowd look up the AS of an address using bgpd''s looking glass read-only socket. I haven''t looked at it yet, but it wouldn''t be too much work. -d
On Tue, Mar 14, 2006 at 04:54:55PM +1100, Damien Miller wrote:> It should be possible to let pfflowd look up the AS of an address > using bgpd''s looking glass read-only socket. I haven''t looked at it > yet, but it wouldn''t be too much work.It may be even easier to use a DNS lookup with Cymru''s IP to ASN service. http://www.cymru.com/BGP/asnlookup.html -- Steve Snodgrass * ssnodgra at pheran.com * Network and Unix Guru(?) at Large Geek Code: GCS d? s: a C++ U++++$ P+++ L++ w PS+ 5++ b++ DI+ D++ e++ r+++ y+* "If you want to be somebody else, change your mind." -Sister Hazel