svn commit: r321128 - in head: etc/rc.d share/man/man5

Tue, 18 Jul 2017 07:03:07 -0700 

Author: manu
Date: Tue Jul 18 14:02:02 2017
New Revision: 321128
URL: https://svnweb.freebsd.org/changeset/base/321128

Log:
  ipfw_netflow: Add support for FIB
  
  If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.
  
  While here correct some value in rc.conf(5) to be int and not str.
  
  Sponsored by: Gandi.net

Modified:
  head/etc/rc.d/ipfw_netflow
  head/share/man/man5/rc.conf.5

Modified: head/etc/rc.d/ipfw_netflow
==============================================================================
--- head/etc/rc.d/ipfw_netflow  Tue Jul 18 08:54:35 2017        (r321127)
+++ head/etc/rc.d/ipfw_netflow  Tue Jul 18 14:02:02 2017        (r321128)
@@ -54,7 +54,7 @@ ipfw_netflow_status()
 ipfw_netflow_start()
 {
        ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
-       ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to 
any
+       ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to 
any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}}
        ngctl -f - <<-EOF
        mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
        name ipfw:${ipfw_netflow_hook} netflow

Modified: head/share/man/man5/rc.conf.5
==============================================================================
--- head/share/man/man5/rc.conf.5       Tue Jul 18 08:54:35 2017        
(r321127)
+++ head/share/man/man5/rc.conf.5       Tue Jul 18 14:02:02 2017        
(r321128)
@@ -602,12 +602,12 @@ By default a ipfw rule is inserted and all packets are
 the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
 port using protocol version 5.
 .It Va ipfw_netflow_hook
-.Pq Vt str
+.Pq Vt int
 netflow hook name, must be numerical
 (default
 .Pa 9995 ) .
 .It Va ipfw_netflow_rule
-.Pq Vt str
+.Pq Vt int
 ipfw rule number
 (default
 .Pa 1000 ) .
@@ -617,13 +617,18 @@ Destination server ip for receiving netflow data
 (default
 .Pa 127.0.0.1 ) .
 .It Va ipfw_netflow_port
-.Pq Vt str
+.Pq Vt int
 Destination server port for receiving netflow data
 (default
 .Pa 9995 ) .
 .It Va ipfw_netflow_version
-.Pq Vt str
+.Pq Vt int
 Do not set for using version 5 of the netflow protocol, set it to 9 for using 
version 9.
+.It Va ipfw_netflow_fib
+.Pq Vt int
+Only match packet in FIB
+.Pa ipfw_netflow_fib
+(default is undefined meaning all FIBs).
 .It Va natd_program
 .Pq Vt str
 Path to
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to