On Tue, Feb 02, 2021 at 10:05:15AM -0500, petru garstea wrote:
> Hi,
>
> I need help to unify 2 netgraphs
>
> 1st ng_bridge netgraph
>
> ngctl mkpeer fxp0: bridge lower link0
> ngctl connect fxp0: em0:lower upper link1
> ngctl name fxp0:lower em0Bridge
> ngctl mkpeer fxp0:lower eiface link3 ether
So you tap the fxp0 with a bridge and attach an virtual interface.
> 2nd ng_netflow netgraph
>
> mkpeer fxp0: netflow lower iface0
> name fxp0:lower netflow
> connect fxp0: netflow: upper out0
> mkpeer netflow: ksocket export inet/dgram/udp
> msg netflow:export connect inet/10.0.0.1:4444
So you inject a bidirectional netflow analyser into the fxp0 interface.
> I cannot run both graphs at the same time because both of them are trying to
> use fxp0 interface lower and upper hooks.
> I believe it is necessary to introduce an extra node but I am not sure.
You need to define which communication you want to analyse with netflow.
I.e. you want to analyze the traffic on the wire:
fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0
\.link3 -- ether.eiface
This will exclude the traffic between the eiface and the fxp0 IP-stack.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
