From: Sergey <a_s_y@sama.ru>
To: ALT Linux Community general discussions <community@lists.altlinux.org>
Subject: Re: [Comm] сгенерировать netflow
Date: Thu, 1 Dec 2011 13:49:27 +0400
Message-ID: <201112011349.28225.a_s_y@sama.ru> (raw)
In-Reply-To: <4ED66E14.9040504@tangramltd.com>
On Wednesday, November 30, 2011, Dubrovskiy Viacheslav wrote:
> Разве он умеет генерить для "мимоидущего трафика" ?
> Когда порт в мирроре и интерфейс в promiscuous mode.
ipt-netflow/README.promisc
Но там надо патч прикладывать. Не знаю, у нас оно с патчем собрано,
или без (патч там прямо в git лежит, в виде отдельного файла):
This simple hack will allow to see promisc traffic in raw table of
iptables. Of course you will need to enable promisc on the interface.
Refer to README.promisc for details.
Example how to catch desired traffic:
iptables -A PREROUTING -t raw -i eth2 -j NETFLOW
--- linux-2.6.26/net/ipv4/ip_input.old.c 2008-07-14 01:51:29.000000000 +0400
+++ linux-2.6.26/net/ipv4/ip_input.c 2008-08-06 14:02:16.000000000 +0400
@@ -378,12 +378,6 @@
struct iphdr *iph;
u32 len;
- /* When the interface is in promisc. mode, drop all the crap
- * that it receives, do not try to analyse it.
- */
- if (skb->pkt_type == PACKET_OTHERHOST)
- goto drop;
-
IP_INC_STATS_BH(IPSTATS_MIB_INRECEIVES);
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
--
С уважением, Сергей
a_s_y@sama.ru
next prev parent reply other threads:[~2011-12-01 9:49 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-30 16:23 Денис Смирнов
2011-11-30 16:34 ` Dubrovskiy Viacheslav
2011-11-30 17:03 ` Алексей Синицын
2011-11-30 17:10 ` Dubrovskiy Viacheslav
2011-12-01 9:49 ` Sergey [this message]
2011-12-01 9:53 ` Sergey
2011-12-02 6:22 ` Anton Farygin
2011-12-04 9:06 ` Sergey
2011-12-04 11:06 ` Anton Gorlov
2011-12-04 11:55 ` Sergey
2011-12-04 13:54 ` Alexei Takaseev
2011-12-04 18:55 ` Sergey
2011-12-16 8:47 ` Anton Farygin
2011-12-06 5:26 ` Денис Смирнов
2011-12-16 8:46 ` Anton Farygin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201112011349.28225.a_s_y@sama.ru \
--to=a_s_y@sama.ru \
--cc=community@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git