mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-29 12:03:03 +00:00
Update manual: node now supports NetFlow v9.
Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>
This commit is contained in:
Gleb Smirnoff
parent
5dcd9c1061
commit
8f8ab00ff7
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=219183
@ -24,7 +24,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd October 8, 2008
|
||||
.Dd March 2, 2011
|
||||
.Dt NG_NETFLOW 4
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -44,7 +44,7 @@ The
|
||||
node listens for incoming traffic and identifies unique flows in it.
|
||||
Flows are distinguished by endpoint IP addresses, TCP/UDP port numbers,
|
||||
ToS and input interface.
|
||||
Expired flows are exported out of the node in NetFlow version 5 UDP datagrams.
|
||||
Expired flows are exported out of the node in NetFlow version 5/9 UDP datagrams.
|
||||
Expiration reason can be one of the following:
|
||||
.Bl -dash
|
||||
.It
|
||||
@ -59,19 +59,24 @@ A flow was inactive for the specified period of time.
|
||||
The default is 15 seconds.
|
||||
.El
|
||||
.Pp
|
||||
Export information is stored in NetFlow version 5 datagrams.
|
||||
Node supports IPv6 accounting (NetFlow v9 only) and is aware of multiple fibs.
|
||||
Different fibs are mapped to different domain_id in NetFlow V9 and different engine_id in NetFlow V5.
|
||||
.Pp
|
||||
.Sh HOOKS
|
||||
This node type supports up to
|
||||
.Dv NG_NETFLOW_MAXIFACES
|
||||
hooks named
|
||||
(default 65536) hooks named
|
||||
.Va iface0 , iface1 ,
|
||||
etc.,
|
||||
and the same number of hooks named
|
||||
.Va out0 , out1 ,
|
||||
etc.,
|
||||
plus a single hook named
|
||||
.Va export .
|
||||
By default (ingress NetFlow enabled) node does NetFlow accounting of data
|
||||
plus two export hooks:
|
||||
.Va export
|
||||
(for NetFlow version 5) and
|
||||
.Va export9
|
||||
(for NetFlow version 9). Export can be done simultaneously for all supported
|
||||
export hooks. By default (ingress NetFlow enabled) node does NetFlow accounting of data
|
||||
received on
|
||||
.Va iface*
|
||||
hooks.
|
||||
@ -83,12 +88,12 @@ If data is received on
|
||||
hook, it is bypassed to corresponding
|
||||
.Va iface
|
||||
hook without any processing (egress NetFlow disabled by default).
|
||||
When full export datagram is built it is sent to the
|
||||
When full export datagram for an export protocol is built it is sent to the
|
||||
.Va export
|
||||
or
|
||||
.Va export9
|
||||
hook.
|
||||
In normal operation, the
|
||||
.Va export
|
||||
hook is connected to the
|
||||
In normal operation, one (or more) export hook is connected to the
|
||||
.Va inet/dgram/udp
|
||||
hook of the
|
||||
.Xr ng_ksocket 4
|
||||
@ -188,6 +193,33 @@ NG_NETFLOW_CONF_THISONCE defines that packet should be accounted only once
|
||||
if it several times passes via exactly this netflow node. Last two options are
|
||||
important to avoid duplicate accounting when both ingress and egress NetFlow
|
||||
are enabled.
|
||||
.It Dv NGM_NETFLOW_SETTEMPLATE
|
||||
Sets various timeouts to announce data flow templates
|
||||
(NetFlow v9-specific). This message requires
|
||||
.Vt "struct ng_netflow_settemplate"
|
||||
as an argument:
|
||||
.Bd -literal -offset 4n
|
||||
struct ng_netflow_settemplate {
|
||||
uint16_t time;
|
||||
uint16_t packets;
|
||||
};
|
||||
.Ed
|
||||
.Pp
|
||||
Value of time field represents time in seconds to re-announce data templates.
|
||||
Value of packets field represents maximum packets count between
|
||||
re-announcing data templates.
|
||||
.It Dv NGM_NETFLOW_SETMTU
|
||||
Sets export interface MTU to build packets of specified size (NetFlow v9-specific).
|
||||
This message requires
|
||||
.Vt "struct ng_netflow_setmtu"
|
||||
as an argument:
|
||||
.Bd -literal -offset 4n
|
||||
struct ng_netflow_settemtu {
|
||||
uint16_t mtu;
|
||||
};
|
||||
.Ed
|
||||
.Pp
|
||||
Default is 1500 bytes
|
||||
.It Dv NGM_NETFLOW_SHOW
|
||||
This control message asks a node to dump the entire contents of the flow cache.
|
||||
It is called from
|
||||
@ -219,6 +251,10 @@ commands are:
|
||||
.Qq Li "settimeouts { inactive = %u active = %u }"
|
||||
.It Dv NGM_NETFLOW_SETCONFIG
|
||||
.Qq Li "setconfig { iface = %u conf = %u }"
|
||||
.It Dv NGM_NETFLOW_SETTEMPLATE
|
||||
.Qq Li "settemplate { time = %u packets = %u }"
|
||||
.It Dv NGM_NETFLOW_SETMTU
|
||||
.Qq Li "setmtu { mtu = %u }"
|
||||
.El
|
||||
.Sh SHUTDOWN
|
||||
This node shuts down upon receipt of a
|
||||
@ -272,21 +308,29 @@ SEQ
|
||||
.Ed
|
||||
.Sh SEE ALSO
|
||||
.Xr netgraph 4 ,
|
||||
.Xr setfib 2 ,
|
||||
.Xr ng_ether 4 ,
|
||||
.Xr ng_iface 4 ,
|
||||
.Xr ng_ksocket 4 ,
|
||||
.Xr ng_tee 4 ,
|
||||
.Xr flowctl 8 ,
|
||||
.Xr ngctl 8
|
||||
.Rs
|
||||
.%A B. Claise, Ed
|
||||
.%T "Cisco Systems NetFlow Services Export Version 9"
|
||||
.%O RFC 3954
|
||||
.Re
|
||||
.Pp
|
||||
.Pa http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/\:nfwhite.htm
|
||||
.Pa http://www.cisco.com/en/US/docs/ios/solutions_docs/netflow/nfwhite.html
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
The
|
||||
.Nm
|
||||
node type was written by
|
||||
.An Gleb Smirnoff Aq glebius@FreeBSD.org ,
|
||||
based on
|
||||
.An Alexander Motin Aq mav@FreeBSD.org ,
|
||||
.An Alexander Chernikov Aq melifaro@ipfw.ru .
|
||||
The initial code was based on
|
||||
.Nm ng_ipacct
|
||||
written by
|
||||
.An Roman V. Palagin Aq romanp@unshadow.net .
|
||||
@ -294,6 +338,7 @@ written by
|
||||
Cache snapshot obtained via
|
||||
.Dv NGM_NETFLOW_SHOW
|
||||
command may lack some percentage of entries under severe load.
|
||||
IPv6 flows are not shown.
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
|
||||
Loading…
Reference in New Issue
Block a user