All of lore.kernel.org
 help / color / mirror / Atom feed
* additional conntrack feature
@ 2014-04-17 21:25 Donovan
  2014-04-18 20:02 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Donovan @ 2014-04-17 21:25 UTC (permalink / raw)
  To: netfilter-devel

Hi,

We are writing Proof Of Concept (POC) code to export (send) enhanced 
NetFlow based on conntrack events. We've added some new minimal 
functionality to the kernel socket and netfilter-conntrack code. This 
provides new information in the events as can be viewed by the conntrack 
program.

We would like to send NetFlow based on the conntrack events and were 
wondering where to place such functionality. We would like such NetFlow 
to be sent by a service or daemon and we would like for this 
functionality to become open source. We have some questions:

- Would it be acceptable to enhance conntrack-tools to send this NetFlow?
- Like for instance placing it in the conntrackd daemon?
- Or would it be OK to provide a new program alongside conntrack and 
conntrackd or the conntrack-tools to do this?

Getting the kernel changes committed is one matter but they are 
pointless without a user-space program to make use of the conntrack 
events and send the NetFlow which is our final aim. We did also think of 
potentially adding such code to the existing flow-tools suite 
(http://www.splintered.net/sw/flow-tools/docs/flow-tools.html)  but it 
feels odd that such flow-tool code will rely on conntrack events.

Thanks
Donovan

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: additional conntrack feature
  2014-04-17 21:25 additional conntrack feature Donovan
@ 2014-04-18 20:02 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2014-04-18 20:02 UTC (permalink / raw)
  To: Donovan; +Cc: netfilter-devel

On Thu, Apr 17, 2014 at 05:25:45PM -0400, Donovan wrote:
> Hi,
> 
> We are writing Proof Of Concept (POC) code to export (send) enhanced
> NetFlow based on conntrack events.

I guess you refer to IPFIX? We got some recent patches to get it
working in ulogd2.

> We've added some new minimal functionality to the kernel socket and
> netfilter-conntrack code.  This provides new information in the
> events as can be viewed by the conntrack program.
>
> We would like to send NetFlow based on the conntrack events and were
> wondering where to place such functionality. We would like such
> NetFlow to be sent by a service or daemon and we would like for this
> functionality to become open source. We have some questions:

> - Would it be acceptable to enhance conntrack-tools to send this NetFlow?
> - Like for instance placing it in the conntrackd daemon?
> - Or would it be OK to provide a new program alongside conntrack and
> conntrackd or the conntrack-tools to do this?

ulogd2 is the logging netfilter stub, so it's the right framework for
logging extensions IMO.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-04-18 20:03 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-17 21:25 additional conntrack feature Donovan
2014-04-18 20:02 ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.