On 2008-08-29, Stephan A. Rickauer <[EMAIL PROTECTED]> wrote:
> Thanks, I'll have a look into it. Maybe you could send me canacar's
> diff, so I can test it while I'm on it. I'd definitely prefer pfflowd
> over softflowd.
here you go; it's needed for kernels from after the network
hackathon.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/pfflowd/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile 28 Jun 2008 08:30:00 -0000 1.8
+++ Makefile 25 Jul 2008 14:29:14 -0000
@@ -1,10 +1,9 @@
# $OpenBSD: Makefile,v 1.8 2008/06/28 08:30:00 ajacoutot Exp $
-BROKEN= needs to cope with recent network changes
-
COMMENT= PF to NetFlow converter
DISTNAME= pfflowd-0.7
+PKGNAME= ${DISTNAME}p0
CATEGORIES= net
MASTER_SITES= http://www.mindrot.org/files/pfflowd/
Index: patches/patch-pfflowd_c
===================================================================
RCS file: patches/patch-pfflowd_c
diff -N patches/patch-pfflowd_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-pfflowd_c 25 Jul 2008 14:29:14 -0000
@@ -0,0 +1,182 @@
+$OpenBSD$
+--- pfflowd.c.orig Fri Jun 13 02:40:21 2008
++++ pfflowd.c Fri Jun 13 02:56:30 2008
+@@ -210,14 +210,14 @@ connsock(struct sockaddr *addr, socklen_t len)
+ }
+
+ static void
+-format_pf_host(char *buf, size_t n, struct pf_state_host *h, sa_family_t af)
++format_pf_addr(char *buf, size_t n, const struct pf_addr *h, sa_family_t af)
+ {
+ const char *err = NULL;
+
+ switch (af) {
+ case AF_INET:
+ case AF_INET6:
+- if (inet_ntop(af, &h->addr, buf, n) == NULL)
++ if (inet_ntop(af, h, buf, n) == NULL)
+ err = strerror(errno);
+ break;
+ default:
+@@ -253,7 +253,8 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
+
+ hdr = (struct NF1_HEADER *)packet;
+ for(num_packets = offset = j = i = 0; i < n; i++) {
+- struct pf_state_host src, dst;
++ const struct pf_addr *src, *dst;
++ u_int16_t src_port, dst_port;
+ u_int32_t bytes_in, bytes_out;
+ u_int32_t packets_in, packets_out;
+ char src_s[64], dst_s[64], rt_s[64], pbuf[16], creation_s[64];
+@@ -300,19 +301,23 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
+ creation = uptime_ms; /* Avoid u_int wrap */
+
+ if (st[i].direction == PF_OUT) {
+- memcpy(&src, &st[i].lan, sizeof(src));
+- memcpy(&dst, &st[i].ext, sizeof(dst));
++ src = &st[i].key[PF_SK_WIRE].addr[1];
++ dst = &st[i].key[PF_SK_WIRE].addr[0];
++ src_port = st[i].key[PF_SK_WIRE].port[1];
++ dst_port = st[i].key[PF_SK_WIRE].port[0];
+ } else {
+- memcpy(&src, &st[i].ext, sizeof(src));
+- memcpy(&dst, &st[i].lan, sizeof(dst));
++ src = &st[i].key[PF_SK_STACK].addr[0];
++ dst = &st[i].key[PF_SK_STACK].addr[1];
++ src_port = st[i].key[PF_SK_STACK].port[0];
++ dst_port = st[i].key[PF_SK_STACK].port[1];
+ }
+
+ flw = (struct NF1_FLOW *)(packet + offset);
+ if (netflow_socket != -1 && st[i].packets[0][0] != 0) {
+- flw->src_ip = src.addr.v4.s_addr;
+- flw->dest_ip = dst.addr.v4.s_addr;
+- flw->src_port = src.port;
+- flw->dest_port = dst.port;
++ flw->src_ip = src->v4.s_addr;
++ flw->dest_ip = dst->v4.s_addr;
++ flw->src_port = src_port;
++ flw->dest_port = dst_port;
+ flw->flow_packets = st[i].packets[0][0];
+ flw->flow_octets = st[i].bytes[0][0];
+ flw->flow_start = htonl(uptime_ms - creation);
+@@ -325,10 +330,10 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
+ }
+ flw = (struct NF1_FLOW *)(packet + offset);
+ if (netflow_socket != -1 && st[i].packets[1][0] != 0) {
+- flw->src_ip = dst.addr.v4.s_addr;
+- flw->dest_ip = src.addr.v4.s_addr;
+- flw->src_port = dst.port;
+- flw->dest_port = src.port;
++ flw->src_ip = dst->v4.s_addr;
++ flw->dest_ip = src->v4.s_addr;
++ flw->src_port = dst_port;
++ flw->dest_port = src_port;
+ flw->flow_packets = st[i].packets[1][0];
+ flw->flow_octets = st[i].bytes[1][0];
+ flw->flow_start = htonl(uptime_ms - creation);
+@@ -352,17 +357,17 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
+ strftime(creation_s, sizeof(creation_s),
+ "%Y-%m-%dT%H:%M:%S", &creation_tm);
+
+- format_pf_host(src_s, sizeof(src_s), &src, st[i].af);
+- format_pf_host(dst_s, sizeof(dst_s), &dst, st[i].af);
++ format_pf_addr(src_s, sizeof(src_s), src, st[i].af);
++ format_pf_addr(dst_s, sizeof(dst_s), dst, st[i].af);
+ inet_ntop(st[i].af, &st[i].rt_addr, rt_s, sizeof(rt_s));
+
+ if (st[i].proto == IPPROTO_TCP ||
+ st[i].proto == IPPROTO_UDP) {
+ snprintf(pbuf, sizeof(pbuf), ":%d",
+- ntohs(src.port));
++ ntohs(src_port));
+ strlcat(src_s, pbuf, sizeof(src_s));
+ snprintf(pbuf, sizeof(pbuf), ":%d",
+- ntohs(dst.port));
++ ntohs(dst_port));
+ strlcat(dst_s, pbuf, sizeof(dst_s));
+ }
+
+@@ -425,9 +430,10 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
+
+ hdr = (struct NF5_HEADER *)packet;
+ for(num_packets = offset = j = i = 0; i < n; i++) {
+- struct pf_state_host src, dst;
++ const struct pf_addr *src, *dst;
+ u_int32_t bytes_in, bytes_out, packets_in, packets_out;
+ u_int32_t creation;
++ u_int16_t src_port, dst_port;
+ char src_s[64], dst_s[64], rt_s[64], pbuf[16], creation_s[64];
+ time_t creation_tt;
+ struct tm creation_tm;
+@@ -472,20 +478,25 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
+ if (creation > uptime_ms)
+ creation = uptime_ms; /* Avoid u_int wrap */
+
++
+ if (st[i].direction == PF_OUT) {
+- memcpy(&src, &st[i].lan, sizeof(src));
+- memcpy(&dst, &st[i].ext, sizeof(dst));
++ src = &st[i].key[PF_SK_WIRE].addr[1];
++ dst = &st[i].key[PF_SK_WIRE].addr[0];
++ src_port = st[i].key[PF_SK_WIRE].port[1];
++ dst_port = st[i].key[PF_SK_WIRE].port[0];
+ } else {
+- memcpy(&src, &st[i].ext, sizeof(src));
+- memcpy(&dst, &st[i].lan, sizeof(dst));
++ src = &st[i].key[PF_SK_STACK].addr[0];
++ dst = &st[i].key[PF_SK_STACK].addr[1];
++ src_port = st[i].key[PF_SK_STACK].port[0];
++ dst_port = st[i].key[PF_SK_STACK].port[1];
+ }
+
+ flw = (struct NF5_FLOW *)(packet + offset);
+ if (netflow_socket != -1 && st[i].packets[0][0] != 0) {
+- flw->src_ip = src.addr.v4.s_addr;
+- flw->dest_ip = dst.addr.v4.s_addr;
+- flw->src_port = src.port;
+- flw->dest_port = dst.port;
++ flw->src_ip = src->v4.s_addr;
++ flw->dest_ip = dst->v4.s_addr;
++ flw->src_port = src_port;
++ flw->dest_port = dst_port;
+ flw->flow_packets = st[i].packets[0][0];
+ flw->flow_octets = st[i].bytes[0][0];
+ flw->flow_start = htonl(uptime_ms - creation);
+@@ -498,10 +509,10 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
+ }
+ flw = (struct NF5_FLOW *)(packet + offset);
+ if (netflow_socket != -1 && st[i].packets[1][0] != 0) {
+- flw->src_ip = dst.addr.v4.s_addr;
+- flw->dest_ip = src.addr.v4.s_addr;
+- flw->src_port = dst.port;
+- flw->dest_port = src.port;
++ flw->src_ip = dst->v4.s_addr;
++ flw->dest_ip = src->v4.s_addr;
++ flw->src_port = dst_port;
++ flw->dest_port = src_port;
+ flw->flow_packets = st[i].packets[1][0];
+ flw->flow_octets = st[i].bytes[1][0];
+ flw->flow_start = htonl(uptime_ms - creation);
+@@ -525,17 +536,17 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
+ strftime(creation_s, sizeof(creation_s),
+ "%Y-%m-%dT%H:%M:%S", &creation_tm);
+
+- format_pf_host(src_s, sizeof(src_s), &src, st[i].af);
+- format_pf_host(dst_s, sizeof(dst_s), &dst, st[i].af);
++ format_pf_addr(src_s, sizeof(src_s), src, st[i].af);
++ format_pf_addr(dst_s, sizeof(dst_s), dst, st[i].af);
+ inet_ntop(st[i].af, &st[i].rt_addr, rt_s, sizeof(rt_s));
+
+ if (st[i].proto == IPPROTO_TCP ||
+ st[i].proto == IPPROTO_UDP) {
+ snprintf(pbuf, sizeof(pbuf), ":%d",
+- ntohs(src.port));
++ ntohs(src_port));
+ strlcat(src_s, pbuf, sizeof(src_s));
+ snprintf(pbuf, sizeof(pbuf), ":%d",
+- ntohs(dst.port));
++ ntohs(dst_port));
+ strlcat(dst_s, pbuf, sizeof(dst_s));
+ }
+
Index: patches/patch-pfflowd_h
===================================================================
RCS file: patches/patch-pfflowd_h
diff -N patches/patch-pfflowd_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-pfflowd_h 25 Jul 2008 14:29:14 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- pfflowd.h.orig Wed Jul 16 13:48:31 2008
++++ pfflowd.h Wed Jul 16 13:48:40 2008
+@@ -29,7 +29,7 @@
+ #define DEFAULT_INTERFACE "pfsync0"
+ #define LIBPCAP_SNAPLEN 2020 /* Default MTU */
+
+-#define _PFSYNC_VER 3
++#define _PFSYNC_VER 4
+
+ /*
+ * This is the Cisco Netflow(tm) version 1 packet format
