AS as MARK / CLASS / number from target arguments
NetFlow iptables module for Linux kernel
Brought to you by:
aabc
Menu
▾
▴
#43 AS as MARK / CLASS / number from target arguments
This patch enables to use -j NETFLOW arguments:
--netflow-class | --netflow-fwmark | --netflow-secmark with extra argument src dst or full
What this does is: stores TC QDISC and/or CLASS OR FWMARK OR Secmark to specified location
SRC stores upper part of specified field to as_src (or qdisc / upper 16bits of fwmark / secmark)
DST stores lower part of specified field to as_dst (or class / lower 16bits of fwmark / secmark)
FULL is the same as SRC + DST
--netflow-src-as <number> can be used to store some STATIC number as as_src
--netflow-dst-as <number> same as above, but for as_dst
Fields can be used concurrently, as long as the same AS field is not used twice
This patch has one more option, but it is not supported now: --netflow-collector (specify EXTRA collectors from within target)
Status: works for me ( Linux 2.6.35, Iptables 1.4.8 (GIT) )
thx
Cleaned up print function (for iptables -nvL human-readable output)
added libipt_NETFLOW.h for internal structure
Status: nice and smooth on backbone (Linux 2.6.35, iptables 1.4.8) for ~500Mbit traffic line
module fix for possible crash after removing iptables target
View and moderate all "bugs-requests-patches Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs/Requests/Patches"
Any news?
Kernel 2.6.38.2, iptables GIT cd50f26, based on ipt_netflow GIT 37d5157
Don't know news from the author of the patch.
BTW, you can assign AS numbers into routing realms field, which is designed nearly for this. There is even quagga/zebra patches who can set realm automatically to AS value. Then module just needs to set src/dst AS from routing realm field (which is tclassid, enabled when kernel compiled with CONFIG_NET_CLS_ROUTE). Google for: quagga realm patch
For example http://lists.quagga.net/pipermail/quagga-dev/2005-March/002946.html