134660 – rc.ng_netflow_ipfw: new rc-script for initializing ng_netflow+ng_ipfw

Bug 134660 - rc.ng_netflow_ipfw: new rc-script for initializing ng_netflow+ng_ipfw

Summary: rc.ng_netflow_ipfw: new rc-script for initializing ng_netflow+ng_ipfw

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	conf (show other bugs)
Version:	8.0-CURRENT
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-net (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-05-18 21:00 UTC by gelraen.ua
Modified:	2024-12-24 19:34 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description gelraen.ua 2009-05-18 21:00:01 UTC

This script provides configurable via rc.conf initializing of ng_netflow
nodes and connects them to ng_ipfw node. Maybe the right place for this
would be /usr/share/examples/netgraph.

Fix: 

#!/bin/sh

# PROVIDE: ng_netflow_ipfw
# BEFORE: ipfw
# REQUIRE: FILESYSTEMS

# ng_netflow_ipfw_nodeN_enable (bool): used for temporary disabling one node
# ng_netflow_ipfw_nodeN_cookie (int): specify cookie number for ng_ipfw (default=N)
# ng_netflow_ipfw_nodeN_collector : "ipaddr:port" of corresponding collector
# ng_netflow_ipfw_nodeN_atimeout (int) : active timeout for ng_netflow node
# ng_netflow_ipfw_nodeN_itimeout (int) : inactive timeout for ng_netflow node
#
#  For more information about specific parameters please refer to ng_ipfw(4) and
#   ng_netflow(4) man pages.
#

. /etc/rc.subr

name="ng_netflow_ipfw"
rcvar="ng_netflow_ipfw_enable"
start_cmd="ng_netflow_ipfw_start"
stop_cmd="ng_netflow_ipfw_stop"
required_modules="netgraph ng_ipfw ng_netflow ng_ksocket"

ng_netflow_ipfw_start()
{
        local node ngctl
        ngctl="/usr/sbin/ngctl"
        node=0
        local singlenode=0
        if [ -n "$1" ]; then
                singlenode=1
                node=$1
        fi

        while true; do
                eval _enable=\$ng_netflow_ipfw_node${node}_enable
                if [ -z "${_enable}" ]; then # node not defined, finish
                        break
                fi
                if ! checkyesno _enable; then # node defined, but disabled, skip
                        continue
                fi
                eval _cookie=\${ng_netflow_ipfw_node${node}_cookie:-\"${node}\"}
                eval _collector=\${ng_netflow_ipfw_node${node}_collector:-\"127.0.0.1:9995\"}
                eval _atimeout=\${ng_netflow_ipfw_node${node}_atimeout:-\"1800\"}
                eval _itimeout=\${ng_netflow_ipfw_node${node}_itimeout:-\"15\"}

                echo "mkpeer ipfw: netflow ${_cookie} iface0
                name ipfw:${_cookie} netflow${node}
                msg netflow${node}: setdlt { iface=0 dlt=12 }
                msg netflow${node}: settimeouts { inactive=${_itimeout} active=${_atimeout} }
                mkpeer netflow${node}: ksocket export inet/dgram/udp
                msg netflow${node}:export connect inet/${_collector}" | ${ngctl} -f -

                if [ "${singlenode}" = 1 ]; then
                        break
                fi
                node=$(( ${node} + 1 ))
        done
}

ng_netflow_ipfw_stop()
{
        local node ngctl
        ngctl="/usr/sbin/ngctl"
        node=0
        local singlenode=0
        if [ -n "$1" ]; then
                singlenode=1
                node=$1
        fi

        while true; do
                eval _enable=\$ng_netflow_ipfw_node${node}_enable
                if [ -z "${_enable}" ]; then # node not defined, finish
                        break
                fi
                if ! checkyesno _enable; then # node defined, but disabled, skip
                        continue
                fi

                echo "rmhook netflow${node}: export
                rmhook netflow${node}: iface0" | ${ngctl} -f -

                if [ "${singlenode}" = 1 ]; then
                        break
                fi
                node=$(( ${node} + 1 ))
        done
}

load_rc_config $name
run_rc_command $@

Comment 1 Mark Linimon freebsd_committer

2009-05-20 00:14:49 UTC

Responsible Changed
From-To: freebsd-doc->freebsd-rc

Perhaps the folks on the rc mailing list can evaluate this.

Comment 2 Eitan Adler freebsd_committer

2017-12-31 07:59:06 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 3 Graham Perrin freebsd_committer

2022-10-17 12:36:08 UTC

Keyword: 

    patch
or  patch-ready

– in lieu of summary line prefix: 

    [patch]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>

Comment 4 Mark Linimon freebsd_committer

2024-12-15 16:26:55 UTC

^Triage: this affects netgraph.  Perhaps this is better reviewed by the net@ mailing list.

Add patch tag to note that there is an inline patch.