From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <a_s_y@sama.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.5
From: Sergey <a_s_y@sama.ru>
To: ALT Linux Community general discussions <community@lists.altlinux.org>
Date: Thu, 1 Dec 2011 13:49:27 +0400
User-Agent: KMail/1.13.7 (Linux/2.6.32-ovz-el-alt34; KDE/4.6.5; i686; ; )
References: <20111130162300.GA27159@t60p.mithraen.ru>
	<CACaajQvvThr1DgH14-53yCdKqjPbZPBOHzE6tnORZ5+R-QSiJQ@mail.gmail.com>
	<4ED66E14.9040504@tangramltd.com>
In-Reply-To: <4ED66E14.9040504@tangramltd.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="koi8-r"
Content-Transfer-Encoding: 8bit
Message-Id: <201112011349.28225.a_s_y@sama.ru>
Subject: Re: [Comm] =?koi8-r?b?08fFzsXSydLP18HU2CBuZXRmbG93?=
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Community general discussions
	<community@lists.altlinux.org>
List-Id: ALT Linux Community general discussions <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2011 09:49:40 -0000
Archived-At: <http://lore.altlinux.org/community/201112011349.28225.a_s_y@sama.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

On Wednesday, November 30, 2011, Dubrovskiy Viacheslav wrote:
 
>  Разве он умеет генерить для "мимоидущего трафика" ?
>  Когда порт в мирроре и интерфейс в promiscuous mode.

ipt-netflow/README.promisc

Но там надо патч прикладывать. Не знаю, у нас оно с патчем собрано,
или без (патч там прямо в git лежит, в виде отдельного файла):

 This simple hack will allow to see promisc traffic in raw table of
 iptables. Of course you will need to enable promisc on the interface.
 Refer to README.promisc for details.

 Example how to catch desired traffic:
   iptables -A PREROUTING -t raw -i eth2 -j NETFLOW


--- linux-2.6.26/net/ipv4/ip_input.old.c        2008-07-14 01:51:29.000000000 +0400
+++ linux-2.6.26/net/ipv4/ip_input.c        2008-08-06 14:02:16.000000000 +0400
@@ -378,12 +378,6 @@
        struct iphdr *iph;
        u32 len;

-       /* When the interface is in promisc. mode, drop all the crap
-        * that it receives, do not try to analyse it.
-        */
-       if (skb->pkt_type == PACKET_OTHERHOST)
-               goto drop;
-
        IP_INC_STATS_BH(IPSTATS_MIB_INRECEIVES);

        if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {


-- 
С уважением, Сергей
a_s_y@sama.ru