From fc4f5f376191f7a126732593b5b3757c5486395d Mon Sep 17 00:00:00 2001 From: ABC Date: Sat, 4 Jun 2016 15:47:35 +0300 Subject: [PATCH 01/10] Allow to set endine_id (observationDomainId). Thanks for #57 to bc-davidb@github. --- README | 13 ++++++++++++- ipt_NETFLOW.c | 7 +++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/README b/README index 71a68e4..208fdf7 100644 --- a/README +++ b/README @@ -572,10 +572,21 @@ ipt_NETFLOW linux 2.6.x-4.x kernel module by -- 2008-2016. desirable to combine it with packet processing on very highly loaded routers. - This option also could be changed at runtime with: + This option could be changed at runtime with: # echo number > /sys/module/ipt_NETFLOW/parameters/exportcpu + engine_id=number + - Observation Domain ID (on IPFIX, Source Id on NetFlow v9, or Engine Id + on NetFlow v5) value to be exported. This may help your collector to + distinguish between multiple exporters. On Netflow v9 and IPFIX this + value is 32-bit on NetFlow v5 only 8 low bits are significant. + Default value is 0. + + This option could be changed at runtime with: + + # echo number > /sys/module/ipt_NETFLOW/parameters/engine_id + ==================== = HOW TO READ STAT = diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c index 652b88a..d7e807c 100644 --- a/ipt_NETFLOW.c +++ b/ipt_NETFLOW.c @@ -209,6 +209,10 @@ MODULE_PARM_DESC(maxflows, "maximum number of flows"); static int peakflows = 0; static unsigned long peakflows_at; /* jfffies */ +static int engine_id = 0; +module_param(engine_id, int, 0644); +MODULE_PARM_DESC(engine_id, "Observation Domain ID"); + #ifdef ENABLE_AGGR #define AGGR_SIZE 1024 static char aggregation_buf[AGGR_SIZE] = ""; @@ -271,7 +275,6 @@ static union { struct netflow9_pdu v9; struct ipfix_pdu ipfix; } pdu; -static int engine_id = 0; /* Observation Domain */ static __u8 *pdu_data_used; static __u8 *pdu_high_wm; /* high watermark */ static struct flowset_data *pdu_flowset = NULL; /* current data flowset */ @@ -2532,7 +2535,7 @@ static void netflow_export_pdu_v5(void) pdu.v5.ts_unsecs = htonl(tv.tv_usec); pdu.v5.seq = htonl(pdu_seq); //pdu.v5.eng_type = 0; - pdu.v5.eng_id = engine_id; + pdu.v5.eng_id = (__u8)engine_id; #ifdef ENABLE_SAMPLER pdu.v5.sampling = htons(sampler_nf_v5()); #endif From d6677792fbf07c247119d42535e57b1c015e6374 Mon Sep 17 00:00:00 2001 From: Matthew Martin Date: Fri, 23 Sep 2016 01:39:27 -0500 Subject: [PATCH 02/10] Fix configure for dkms (#60) dkms runs ./configure --from-dkms-conf=$kernel_source_dir. Without this ./configure fails with invalid option. Change the check to match the one at the top of the file. --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index caa4832..9e103df 100755 --- a/configure +++ b/configure @@ -312,7 +312,7 @@ do --disable-snmp-a*) SKIPSNMP=1 ;; --disable-net-snmp*) SKIPSNMP=1 ;; --disable-dkms*) SKIPDKMS=1 ;; - --from-dkms-conf) ;; + --from-dkms-conf*) ;; --make) echo called from make; CARGS=`echo $CARGS | sed s/--make//g` ;; -Werror) KOPTS="$KOPTS -Werror" ;; --help|-h) show_help ;; From e35402fbff24323a7644d0dfa241bfedea417336 Mon Sep 17 00:00:00 2001 From: alex-eri Date: Sat, 24 Sep 2016 00:07:03 +0300 Subject: [PATCH 03/10] Makefile for OpenWRT place in package/network/ipt-netflow/ select using menuconfig rebuild with make package/network/ipt-netflow/{clean,prepare,configure,compile,install} --- openwrt/Makefile | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 openwrt/Makefile diff --git a/openwrt/Makefile b/openwrt/Makefile new file mode 100644 index 0000000..4434f4a --- /dev/null +++ b/openwrt/Makefile @@ -0,0 +1,50 @@ +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ipt-netflow +PKG_VERSION:=2.2 +PKG_RELEASE:=1 +PKG_MD5SUM:=5952f05d6a067400d0225b7524cde590 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz +PKG_SOURCE_URL:=@SF/ipt-netflow + +PKG_BUILD_DIR := $(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_DEPENDS:=iptables + +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/ipt-netflow + SECTION:=net + CATEGORY:=Network + SUBMENU:=Netflow + TITLE:=Netflow iptables module for Linux kernel + URL:=http://ipt-netflow.sourceforge.net/ + FILES:=$(PKG_BUILD_DIR)/ipt_NETFLOW.ko + DEPENDS:=+iptables +endef + +define Package/iptables-mod-netflow + SECTION:=net + CATEGORY:=Network + SUBMENU:=Netflow + TITLE:=Netflow iptables module for Linux kernel + URL:=http://ipt-netflow.sourceforge.net/ + DEPENDS:=+kmod-ipt-netflow libc +endef + +CONFIGURE_ARGS:= \ + --kdir="$(LINUX_DIR)" \ + --ipt-ver=1.4.21 \ + --disable-dkms \ + --disable-snmp-agent + +$(eval $(call KernelPackage,ipt-netflow)) + +$(eval $(call Package,kmod-ipt-netflow)) + +define Package/iptables-mod-netflow/install + $(MAKE) -C $(PKG_BUILD_DIR) DESTDIR=$(1) linstall +endef + +$(eval $(call BuildPackage,iptables-mod-netflow)) From be4ea33507da09e83dd8d066ea63c4ca33f110b1 Mon Sep 17 00:00:00 2001 From: alex-eri Date: Sat, 24 Sep 2016 00:09:57 +0300 Subject: [PATCH 04/10] Cross-compiling support --- openwrt/patches/310-Makefile_crosscompile.patch | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 openwrt/patches/310-Makefile_crosscompile.patch diff --git a/openwrt/patches/310-Makefile_crosscompile.patch b/openwrt/patches/310-Makefile_crosscompile.patch new file mode 100644 index 0000000..22ebd52 --- /dev/null +++ b/openwrt/patches/310-Makefile_crosscompile.patch @@ -0,0 +1,17 @@ +Index: ipt-netflow-2.2/Makefile.in +=================================================================== +--- ipt-netflow-2.2.orig/Makefile.in ++++ ipt-netflow-2.2/Makefile.in +@@ -64,10 +64,10 @@ sinstall: | snmp_NETFLOW.so IPT-NETFLOW- + fi + + %_sh.o: libipt_NETFLOW.c +- gcc -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c ++ $(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c + + %.so: %_sh.o +- gcc -shared -o $@ $< ++ $(CC) -shared -o $@ $< + + version.h: ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile + @./version.sh --define > version.h From bba6b6c24f7323d456e7efb2d44f8fab6f5a994b Mon Sep 17 00:00:00 2001 From: alex-eri Date: Sun, 25 Sep 2016 01:06:18 +0300 Subject: [PATCH 05/10] Configuration menu Change sources location Possible options for ./configure #TODO: --enable-sampler=hash --promisc-mpls=N #TODO: snmp install, dkms install --- openwrt/Makefile | 97 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 87 insertions(+), 10 deletions(-) diff --git a/openwrt/Makefile b/openwrt/Makefile index 4434f4a..5586244 100644 --- a/openwrt/Makefile +++ b/openwrt/Makefile @@ -1,19 +1,29 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk + PKG_NAME:=ipt-netflow +PKG_RELEASE:=2 + PKG_VERSION:=2.2 -PKG_RELEASE:=1 -PKG_MD5SUM:=5952f05d6a067400d0225b7524cde590 +PKG_SOURCE_VERSION:=v$(PKG_VERSION) + +#TO BUILD development version uncomment below and remove patches +#PKG_VERSION:=git +#PKG_SOURCE_VERSION:=HEAD + +PKG_SOURCE_PROTO:=git +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/aabc/$(PKG_NAME).git -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz -PKG_SOURCE_URL:=@SF/ipt-netflow +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_BUILD_DIR := $(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_DEPENDS:=iptables include $(INCLUDE_DIR)/package.mk + define KernelPackage/ipt-netflow SECTION:=net CATEGORY:=Network @@ -21,23 +31,89 @@ define KernelPackage/ipt-netflow TITLE:=Netflow iptables module for Linux kernel URL:=http://ipt-netflow.sourceforge.net/ FILES:=$(PKG_BUILD_DIR)/ipt_NETFLOW.ko - DEPENDS:=+iptables + DEPENDS:=+iptables +iptables-mod-netflow endef + define Package/iptables-mod-netflow SECTION:=net CATEGORY:=Network SUBMENU:=Netflow TITLE:=Netflow iptables module for Linux kernel URL:=http://ipt-netflow.sourceforge.net/ - DEPENDS:=+kmod-ipt-netflow libc + #DEPENDS:=+kmod-ipt-netflow + DEPENDS:=+iptables endef CONFIGURE_ARGS:= \ - --kdir="$(LINUX_DIR)" \ - --ipt-ver=1.4.21 \ - --disable-dkms \ - --disable-snmp-agent + --kdir="$(LINUX_DIR)" + +define Package/iptables-mod-netflow/config + menu "Configuration" + depends on PACKAGE_iptables-mod-netflow + config PACKAGE_iptables-mod-netflow_natevents + bool "enables natevents support" + default n + config PACKAGE_iptables-mod-netflow_snmp-rules + bool "enables SNMP-index conversion rules" + default n + config PACKAGE_iptables-mod-netflow_macaddress + bool "enables MAC address for v9/IPFIX" + default n + config PACKAGE_iptables-mod-netflow_vlan + bool "enables VLAN Ids for v9/IPFIX" + default n + config PACKAGE_iptables-mod-netflow_direction + bool "enables flowDirection(61) Element" + default n + config PACKAGE_iptables-mod-netflow_sampler + bool "enables Flow Sampling" + default n + config PACKAGE_iptables-mod-netflow_aggregation + bool "enables aggregation rules" + default n + config PACKAGE_iptables-mod-netflow_promisc + bool "enables promisc hack mode" + default n + config PACKAGE_iptables-mod-netflow_promisc-mpls + bool "decapsulate MPLS in promisc mode" + default n + config PACKAGE_iptables-mod-netflow_physdev + bool "enables physdev reporting" + default n + config PACKAGE_iptables-mod-netflow_physdev-override + bool "to override interfaces" + default n + config PACKAGE_iptables-mod-netflow_snmp-agent + bool "disables net-snmp agent" + default y + config PACKAGE_iptables-mod-netflow_dkms + bool "disables DKMS support completely" + default y + config PACKAGE_iptables-mod-netflow_dkms-install + bool "no DKMS install but still create dkms.conf" + default n + endmenu +endef + +CONFIGURE_ARGS += \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_natevents),--enable-natevents) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_snmp-rules),--enable-snmp-rules) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_macaddress),--enable-macaddress) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_vlan),--enable-vlan) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_direction),--enable-direction) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_sampler),--enable-sampler) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_aggregation),--enable-aggregation) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_promisc),--enable-promisc) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_promisc-mpls),--promisc-mpls) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_physdev),--enable-physdev) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_physdev-override),--enable-physdev-override) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_snmp-agent),--disable-snmp-agent) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_dkms),--disable-dkms) \ + $(if $(CONFIG_PACKAGE_iptables-mod-netflow_dkms-install),--disable-dkms-install) + +#TODO: --enable-sampler=hash --promisc-mpls=N + $(eval $(call KernelPackage,ipt-netflow)) @@ -45,6 +121,7 @@ $(eval $(call Package,kmod-ipt-netflow)) define Package/iptables-mod-netflow/install $(MAKE) -C $(PKG_BUILD_DIR) DESTDIR=$(1) linstall + #TODO: snmp install, dkms install endef $(eval $(call BuildPackage,iptables-mod-netflow)) From e9d53f32cb833ea1ffcf4df6698de51880eee5d0 Mon Sep 17 00:00:00 2001 From: alex-eri Date: Sun, 25 Sep 2016 01:44:06 +0300 Subject: [PATCH 06/10] version hash to download fresh code at make time --- openwrt/Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/openwrt/Makefile b/openwrt/Makefile index 5586244..a29f312 100644 --- a/openwrt/Makefile +++ b/openwrt/Makefile @@ -1,20 +1,19 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk - PKG_NAME:=ipt-netflow PKG_RELEASE:=2 +PKG_SOURCE_URL:=https://github.com/aabc/$(PKG_NAME).git PKG_VERSION:=2.2 PKG_SOURCE_VERSION:=v$(PKG_VERSION) -#TO BUILD development version uncomment below and remove patches -#PKG_VERSION:=git +#TO BUILD development version uncomment 2 rows below and remove patches +#PKG_VERSION:=$(shell (git ls-remote $(PKG_SOURCE_URL) | grep refs/heads/master | cut -f 1 | head -c 7)) #PKG_SOURCE_VERSION:=HEAD PKG_SOURCE_PROTO:=git PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/aabc/$(PKG_NAME).git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) From fba5df69d390230038232055bc2e043c9d328092 Mon Sep 17 00:00:00 2001 From: alex-eri Date: Sun, 25 Sep 2016 13:20:35 +0300 Subject: [PATCH 07/10] Create Readme.md --- openwrt/Readme.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 openwrt/Readme.md diff --git a/openwrt/Readme.md b/openwrt/Readme.md new file mode 100644 index 0000000..a64dc8f --- /dev/null +++ b/openwrt/Readme.md @@ -0,0 +1,11 @@ +Cross-compiling and packages for openwrt +=== + +Place Makefile in `packages/network/ipt-netflow` directory in OpenWRT bouldroot. +Run `make menuconfig` and select package in Network/Netflow menu. Configure args partially supported. + +Run `make` to build full firmware or `make package/network/ipt-netflow/{clean,prepare,configure,compile,install}` to rebuild packages. + +To make git version uncomment two lines in Makefile. + +Tested to work on Chaos Calmer and Designated Driver with Atheros AR7xxx/AR9xxx target. From 6b60f6fe45d99a3a8bf65a595a7b7fb3ecd0651a Mon Sep 17 00:00:00 2001 From: alex-eri Date: Sun, 25 Sep 2016 13:24:24 +0300 Subject: [PATCH 08/10] Update Readme.md --- openwrt/Readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openwrt/Readme.md b/openwrt/Readme.md index a64dc8f..24e17c0 100644 --- a/openwrt/Readme.md +++ b/openwrt/Readme.md @@ -9,3 +9,5 @@ Run `make` to build full firmware or `make package/network/ipt-netflow/{clean,pr To make git version uncomment two lines in Makefile. Tested to work on Chaos Calmer and Designated Driver with Atheros AR7xxx/AR9xxx target. + +For ipt-netflow 2.2 patches are needed, drop it for next version or git master to build. From d53a06c81dfd87d7f0f8277354ce916ba9a0b2e5 Mon Sep 17 00:00:00 2001 From: alex-eri Date: Fri, 17 Feb 2017 02:38:26 +0300 Subject: [PATCH 09/10] Update Readme.md --- openwrt/Readme.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/openwrt/Readme.md b/openwrt/Readme.md index 24e17c0..d0fbbcd 100644 --- a/openwrt/Readme.md +++ b/openwrt/Readme.md @@ -11,3 +11,56 @@ To make git version uncomment two lines in Makefile. Tested to work on Chaos Calmer and Designated Driver with Atheros AR7xxx/AR9xxx target. For ipt-netflow 2.2 patches are needed, drop it for next version or git master to build. + +Making and installilng +=== + +mkdir debian-toolchain +sudo debootstrap jessie debian-toolchain +sudo chroot debian-toolchain + +. /etc/profile +apt update +apt install git ssh-client build-essential mercurial subversion \ + binutils flex bzip2 asciidoc ncurses-dev libssl-dev gawk zlib1g-dev fastjar + +adduser user +su user +. /etc/profile +cd ~ + +git clone https://github.com/openwrt/openwrt.git openwrt-trunk +git clone https://github.com/aabc/ipt-netflow.git + +cd openwrt-trunk +./scripts/feeds update -a +ln -s ~/ipt-netflow/openwrt/ package/network/ipt-netflow + + +make menuconfig +#select target and device +#go to network/netflow and check both + +make +#and go for dinner or a walk ;) +#after five hours + +scp bin/ar71xx/packages/kernel/kmod-ipt-netflow_4.4.14+2.2-2_ar71xx.ipk \ + root@192.168.236.79:/tmp/ +scp bin/ar71xx/packages/base/iptables-mod-netflow_2.2-2_ar71xx.ipk \ + root@192.168.236.79:/tmp/ +scp bin/ar71xx/packages/base/kernel_4.4.14-1-abf9cc6feb410252d667326556dae184_ar71xx.ipk \ + root@192.168.236.79:/tmp/ + +#goto router +ssh root@192.168.236.79 + +opkg install /tmp/*.ipk + +insmod /lib/modules/4.4.14/ipt_NETFLOW.ko +sysctl -w net.netflow.protocol=5 +sysctl -w net.netflow.destination=192.168.236.34:2055 + +iptables -I FORWARD -j NETFLOW +iptables -I INPUT -j NETFLOW +iptables -I OUTPUT -j NETFLOW From b26f39f2f4a4b0addd41387f371f4a772404af42 Mon Sep 17 00:00:00 2001 From: alex-eri Date: Fri, 17 Feb 2017 02:40:41 +0300 Subject: [PATCH 10/10] Update Readme.md --- openwrt/Readme.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/openwrt/Readme.md b/openwrt/Readme.md index d0fbbcd..7d0520f 100644 --- a/openwrt/Readme.md +++ b/openwrt/Readme.md @@ -15,6 +15,7 @@ For ipt-netflow 2.2 patches are needed, drop it for next version or git master t Making and installilng === +```shell mkdir debian-toolchain sudo debootstrap jessie debian-toolchain sudo chroot debian-toolchain @@ -38,12 +39,12 @@ ln -s ~/ipt-netflow/openwrt/ package/network/ipt-netflow make menuconfig -#select target and device -#go to network/netflow and check both + #select target and device + #go to network/netflow and check both make -#and go for dinner or a walk ;) -#after five hours + #and go for dinner or a walk ;) + #after five hours scp bin/ar71xx/packages/kernel/kmod-ipt-netflow_4.4.14+2.2-2_ar71xx.ipk \ root@192.168.236.79:/tmp/ @@ -52,7 +53,7 @@ scp bin/ar71xx/packages/base/iptables-mod-netflow_2.2-2_ar71xx.ipk \ scp bin/ar71xx/packages/base/kernel_4.4.14-1-abf9cc6feb410252d667326556dae184_ar71xx.ipk \ root@192.168.236.79:/tmp/ -#goto router + #goto router ssh root@192.168.236.79 opkg install /tmp/*.ipk @@ -64,3 +65,5 @@ sysctl -w net.netflow.destination=192.168.236.34:2055 iptables -I FORWARD -j NETFLOW iptables -I INPUT -j NETFLOW iptables -I OUTPUT -j NETFLOW + +```