thx
#43 AS as MARK / CLASS / number from target arguments
This patch enables to use -j NETFLOW arguments:
--netflow-class | --netflow-fwmark | --netflow-secmark with extra argument src dst or full
What this does is: stores TC QDISC and/or CLASS OR FWMARK OR Secmark to specified location
SRC stores upper part of specified field to as_src (or qdisc / upper 16bits of fwmark / secmark)
DST stores lower part of specified field to as_dst (or class / lower 16bits of fwmark / secmark)
FULL is the same as SRC + DST
--netflow-src-as <number> can be used to store some STATIC number as as_src
--netflow-dst-as <number> same as above, but for as_dst
Fields can be used concurrently, as long as the same AS field is not used twice
This patch has one more option, but it is not supported now: --netflow-collector (specify EXTRA collectors from within target)
Status: works for me ( Linux 2.6.35, Iptables 1.4.8 (GIT) )
Discussion
-
Cleaned up print function (for iptables -nvL human-readable output)
added libipt_NETFLOW.h for internal structureStatus: nice and smooth on backbone (Linux 2.6.35, iptables 1.4.8) for ~500Mbit traffic line
-
module fix for possible crash after removing iptables target
-
Kernel 2.6.38.2, iptables GIT cd50f26, based on ipt_netflow GIT 37d5157
-
Don't know news from the author of the patch.
-
BTW, you can assign AS numbers into routing realms field, which is designed nearly for this. There is even quagga/zebra patches who can set realm automatically to AS value. Then module just needs to set src/dst AS from routing realm field (which is tclassid, enabled when kernel compiled with CONFIG_NET_CLS_ROUTE). Google for: quagga realm patch
For example http://lists.quagga.net/pipermail/quagga-dev/2005-March/002946.html
Log in to post a comment.