Discussion:
Flow Tools
Paul Ammann
2018-03-13 15:39:52 UTC
Permalink
Hi

I've got a problem and I'm hoping OBSD may be able to solve my problem.

We bought new firewalls in 2017, but they can only send flow traffic to a single destination. We need to send flow traffic to 3 destinations.

I have a copy of Michael Lucas' book Network Flow Analysis, and I've been reading about flow-tools and flowd. Unfortunately there doesn't seem to have been a lot of development on these tools since 2010.

Are there any other tools that I may have missed that would help me solve my problem?

Thank you in advanced.

Paul
Peter N. M. Hansteen
2018-03-13 16:27:11 UTC
Permalink
Post by Paul Ammann
I've got a problem and I'm hoping OBSD may be able to solve my problem.
We bought new firewalls in 2017, but they can only send flow traffic to a single destination. We need to send flow traffic to 3 destinations.
How do you generate the flows?

pflow(4) or some other method?
Post by Paul Ammann
I have a copy of Michael Lucas' book Network Flow Analysis, and I've been reading about flow-tools and flowd. Unfortunately there doesn't seem to have been a lot of development on these tools since 2010.
Are there any other tools that I may have missed that would help me solve my problem?
I had to check by configuring a second pflow interface on my home
gateway here, and it seems you can indeed have more than one pflow
interface (the other option that comes to mind is some fairly specific
rules for your netflow data with dup-to, but that may be pushing the
number of hoops to jump through too far).

Michael's book is probably still the best reference on netflow. I
describe a setup with pflow and nfsen at
http://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html -
that post is from 2014 but the basics should still apply.

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Tom Smyth
2018-03-13 16:44:57 UTC
Permalink
Paul ...
You could look at pmacct by Paulo Lucende he is a cool guy...
It has multiple flow aggregation and translation capabilities ...
I dont think it is in ports yet... id like to get off my ass and do it some
day as i think it is awesome ...
Post by Paul Ammann
Hi
I've got a problem and I'm hoping OBSD may be able to solve my problem.
We bought new firewalls in 2017, but they can only send flow traffic to a
single destination. We need to send flow traffic to 3 destinations.
I have a copy of Michael Lucas' book Network Flow Analysis, and I've been
reading about flow-tools and flowd. Unfortunately there doesn't seem to
have been a lot of development on these tools since 2010.
Are there any other tools that I may have missed that would help me solve my problem?
Thank you in advanced.
Paul
Peter N. M. Hansteen
2018-03-13 17:03:19 UTC
Permalink
Post by Tom Smyth
Paul ...
You could look at pmacct by Paulo Lucende he is a cool guy...
It has multiple flow aggregation and translation capabilities ...
I dont think it is in ports yet... id like to get off my ass and do it some
day as i think it is awesome ...
pmacct is in ports - http://openports.se/net/pmacct so likely
straightforward to get started

- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Tom Smyth
2018-03-13 17:53:45 UTC
Permalink
Peter .... Thanks Buddy ... I dont know How I missed that :)

Got to try that out on OpenBSD So

Thanks for the Tipp Peter...
Post by Peter N. M. Hansteen
Post by Tom Smyth
Paul ...
You could look at pmacct by Paulo Lucende he is a cool guy...
It has multiple flow aggregation and translation capabilities ...
I dont think it is in ports yet... id like to get off my ass and do it some
day as i think it is awesome ...
pmacct is in ports - http://openports.se/net/pmacct so likely
straightforward to get started
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
--
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.
Diana Eichert
2018-03-13 18:35:48 UTC
Permalink
I've been using samplicator to fanout UDP flow data for years.

https://github.com/sleinen/samplicator

diana
Post by Paul Ammann
Hi
I've got a problem and I'm hoping OBSD may be able to solve my problem.
We bought new firewalls in 2017, but they can only send flow traffic to a single destination. We need to send flow traffic to 3 destinations.
I have a copy of Michael Lucas' book Network Flow Analysis, and I've been reading about flow-tools and flowd. Unfortunately there doesn't seem to have been a lot of development on these tools since 2010.
Are there any other tools that I may have missed that would help me solve my problem?
Thank you in advanced.
Paul
Gregory Edigarov
2018-03-14 09:06:21 UTC
Permalink
Sorry, if I hijack the thread, but what do you guys use for netflow
analysis?
Only know nfsen in ports, but sometimes I need more versatile tool.
Post by Diana Eichert
I've been using samplicator to fanout UDP flow data for years.
https://github.com/sleinen/samplicator
diana
Post by Paul Ammann
Hi
I've got a problem and I'm hoping OBSD may be able to solve my problem.
We bought new firewalls in 2017, but they can only send flow traffic
to a single destination. We need to send flow traffic to 3 destinations.
I have a copy of Michael Lucas' book Network Flow Analysis, and I've
been reading about flow-tools and flowd. Unfortunately there doesn't
seem to have been a lot of development on these tools since 2010.
Are there any other tools that I may have missed that would help me solve my problem?
Thank you in advanced.
Paul
Steve Pointer
2018-03-14 11:27:36 UTC
Permalink
Post by Gregory Edigarov
Sorry, if I hijack the thread, but what do you guys use for netflow
analysis?
Only know nfsen in ports, but sometimes I need more versatile tool.
R works for me.

https://www.r-project.org/

--
Steve P
Tommy Nevtelen
2018-03-14 12:41:00 UTC
Permalink
Post by Gregory Edigarov
Sorry, if I hijack the thread, but what do you guys use for netflow
analysis?
This looks quite interesting https://github.com/robcowart/elastiflow
I have not tried it but would like to when time allows.
--
Tommy Nevtelen
Daniel Melameth
2018-03-14 18:29:36 UTC
Permalink
Post by Gregory Edigarov
Sorry, if I hijack the thread, but what do you guys use for netflow
analysis?
Only know nfsen in ports, but sometimes I need more versatile tool.
nfdump is rather powerful if you don't need a pretty GUI; it's like
tcpdump, but for NetFlow/IPFIX data. I have it scripted to produce
regular reports, but also run it ad hoc.
Diana Eichert
2018-03-14 22:20:01 UTC
Permalink
I 2nd nfdump, then again I like tcpdump too ;-)
Post by Daniel Melameth
Post by Gregory Edigarov
Sorry, if I hijack the thread, but what do you guys use for netflow
analysis?
Only know nfsen in ports, but sometimes I need more versatile tool.
nfdump is rather powerful if you don't need a pretty GUI; it's like
tcpdump, but for NetFlow/IPFIX data. I have it scripted to produce
regular reports, but also run it ad hoc.
Michael Price
2018-03-16 14:25:55 UTC
Permalink
It seems nfdump in ports is a bit behind the latest version though. 1.6.15
in particular fixed a few security issues in nfcapd.

Is sthen still the contact person for the port? I suppose I could submit a
patch.

Michael
Post by Diana Eichert
I 2nd nfdump, then again I like tcpdump too ;-)
Post by Daniel Melameth
Post by Gregory Edigarov
Sorry, if I hijack the thread, but what do you guys use for netflow
analysis?
Only know nfsen in ports, but sometimes I need more versatile tool.
nfdump is rather powerful if you don't need a pretty GUI; it's like
tcpdump, but for NetFlow/IPFIX data. I have it scripted to produce
regular reports, but also run it ad hoc.
Stuart Henderson
2018-03-16 16:28:27 UTC
Permalink
Post by Michael Price
It seems nfdump in ports is a bit behind the latest version though. 1.6.15
in particular fixed a few security issues in nfcapd.
Is sthen still the contact person for the port? I suppose I could submit a
patch.
Oh, it moved so portroach no longer picks it up. Can you try this diff please?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/nfdump/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- Makefile 10 Sep 2016 13:03:42 -0000 1.21
+++ Makefile 16 Mar 2018 16:30:05 -0000
@@ -3,24 +3,23 @@
COMMENT-main = tools to collect and process netflow data
COMMENT-nfprofile = filters data from nfdump according to profiles

-V = 1.6.13
-DISTNAME = nfdump-$V
+V = 1.6.16
+GH_ACCOUNT = phaag
+GH_PROJECT = nfdump
+GH_TAGNAME = v$V
FULLPKGNAME-main = nfdump-$V
FULLPKGNAME-nfprofile = nfprofile-$V
-REVISION-main = 0
-REVISION-nfprofile = 0
+
+SHARED_LIBS += nfdump 0.0 # 0.0

CATEGORIES = net
-HOMEPAGE = http://nfdump.sourceforge.net/

MAINTAINER = Stuart Henderson <***@openbsd.org>

# BSD
PERMIT_PACKAGE_CDROM = Yes

-WANTLIB = c z
-
-MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=nfdump/}
+WANTLIB = bz2 c z

CONFIGURE_STYLE = gnu

@@ -35,11 +34,18 @@ CONFIGURE_ARGS += --enable-compat15 \

MULTI_PACKAGES = -main -nfprofile

-LIB_DEPENDS-main = net/flow-tools>=0.68.5
+LIB_DEPENDS-main = archivers/bzip2 \
+ net/flow-tools>=0.68.5
WANTLIB-main = ${WANTLIB} ft
+
LIB_DEPENDS-nfprofile = net/rrdtool
-WANTLIB-nfprofile = ${WANTLIB} pthread rrd
RUN_DEPENDS-nfprofile = nfdump-$V:net/nfdump,-main
+WANTLIB-nfprofile = ${WANTLIB}
+WANTLIB-nfprofile += X11 Xext Xrender cairo expat ffi fontconfig freetype
+WANTLIB-nfprofile += glib-2.0 gobject-2.0 graphite2 gthread-2.0 harfbuzz
+WANTLIB-nfprofile += iconv intl lzma m nfdump pango-1.0 pangocairo-1.0
+WANTLIB-nfprofile += pangoft2-1.0 pcre pixman-1 png pthread rrd xcb
+WANTLIB-nfprofile += xcb-render xcb-shm xml2

REORDER_DEPENDENCIES += ${PORTSDIR}/infrastructure/mk/automake.dep

Index: distinfo
===================================================================
RCS file: /cvs/ports/net/nfdump/distinfo,v
retrieving revision 1.9
diff -u -p -r1.9 distinfo
--- distinfo 17 Dec 2014 14:53:43 -0000 1.9
+++ distinfo 16 Mar 2018 16:30:05 -0000
@@ -1,2 +1,2 @@
-SHA256 (nfdump-1.6.13.tar.gz) = JRUzwxbJ/llTEvR3zbBR6cZnUX9J+3rFtDJJVzDkVpM=
-SIZE (nfdump-1.6.13.tar.gz) = 662006
+SHA256 (nfdump-1.6.16.tar.gz) = sYR5IVxRqY+9+XPvVIRkeA56nZ9/5z5Pq5q37Io73I8=
+SIZE (nfdump-1.6.16.tar.gz) = 1814857
Index: patches/patch-bin_Makefile_in
===================================================================
RCS file: patches/patch-bin_Makefile_in
diff -N patches/patch-bin_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-bin_Makefile_in 16 Mar 2018 16:30:05 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: bin/Makefile.in
+--- bin/Makefile.in.orig
++++ bin/Makefile.in
+@@ -709,7 +709,7 @@ launch = launch.c launch.h
+ lib_LTLIBRARIES = libnfdump.la
+ libnfdump_la_SOURCES = $(common) $(util) $(filelzo) $(nflist) $(filter) $(exporter)
+ #libnfdump_la_LIBADD = -lz
+-libnfdump_la_LDFLAGS = -release 1.6.15
++libnfdump_la_LDFLAGS =
+ nfdump_SOURCES = nfdump.c nfdump.h nfstat.c nfstat.h nfexport.c nfexport.h \
+ $(nflowcache) $(nfprof)
+
Index: patches/patch-bin_util_c
===================================================================
RCS file: /cvs/ports/net/nfdump/patches/patch-bin_util_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-bin_util_c
--- patches/patch-bin_util_c 10 Sep 2016 13:03:42 -0000 1.1
+++ patches/patch-bin_util_c 16 Mar 2018 16:30:05 -0000
@@ -1,7 +1,8 @@
$OpenBSD: patch-bin_util_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $
---- bin/util.c.orig Sat Sep 10 10:34:01 2016
-+++ bin/util.c Sat Sep 10 10:35:46 2016
-@@ -41,6 +41,7 @@
+Index: bin/util.c
+--- bin/util.c.orig
++++ bin/util.c
+@@ -38,6 +38,7 @@
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/nfdump/pkg/PLIST-main,v
retrieving revision 1.5
diff -u -p -r1.5 PLIST-main
--- pkg/PLIST-main 3 May 2013 01:16:36 -0000 1.5
+++ pkg/PLIST-main 16 Mar 2018 16:30:05 -0000
@@ -8,6 +8,9 @@
@bin bin/nfexpire
@bin bin/nfreplay
@bin bin/sfcapd
+lib/libnfdump.a
+lib/libnfdump.la
+@lib lib/libnfdump.so.${LIBnfdump_VERSION}
@man man/man1/ft2nfdump.1
@man man/man1/nfanon.1
@man man/man1/nfcapd.1
Michael Price
2018-03-16 19:18:03 UTC
Permalink
It will be a bit before I am at a machine to build ports. Only have access
to virtual machines running small instances right now. I would be happy to
test it tonight though.

Michael
Post by Michael Price
Post by Michael Price
It seems nfdump in ports is a bit behind the latest version though.
1.6.15
Post by Michael Price
in particular fixed a few security issues in nfcapd.
Is sthen still the contact person for the port? I suppose I could submit
a
Post by Michael Price
patch.
Oh, it moved so portroach no longer picks it up. Can you try this diff please?
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/nfdump/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- Makefile 10 Sep 2016 13:03:42 -0000 1.21
+++ Makefile 16 Mar 2018 16:30:05 -0000
@@ -3,24 +3,23 @@
COMMENT-main = tools to collect and process netflow data
COMMENT-nfprofile = filters data from nfdump according to profiles
-V = 1.6.13
-DISTNAME = nfdump-$V
+V = 1.6.16
+GH_ACCOUNT = phaag
+GH_PROJECT = nfdump
+GH_TAGNAME = v$V
FULLPKGNAME-main = nfdump-$V
FULLPKGNAME-nfprofile = nfprofile-$V
-REVISION-main = 0
-REVISION-nfprofile = 0
+
+SHARED_LIBS += nfdump 0.0 # 0.0
CATEGORIES = net
-HOMEPAGE = http://nfdump.sourceforge.net/
# BSD
PERMIT_PACKAGE_CDROM = Yes
-WANTLIB = c z
-
-MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=nfdump/}
+WANTLIB = bz2 c z
CONFIGURE_STYLE = gnu
@@ -35,11 +34,18 @@ CONFIGURE_ARGS += --enable-compat15 \
MULTI_PACKAGES = -main -nfprofile
-LIB_DEPENDS-main = net/flow-tools>=0.68.5
+LIB_DEPENDS-main = archivers/bzip2 \
+ net/flow-tools>=0.68.5
WANTLIB-main = ${WANTLIB} ft
+
LIB_DEPENDS-nfprofile = net/rrdtool
-WANTLIB-nfprofile = ${WANTLIB} pthread rrd
RUN_DEPENDS-nfprofile = nfdump-$V:net/nfdump,-main
+WANTLIB-nfprofile = ${WANTLIB}
+WANTLIB-nfprofile += X11 Xext Xrender cairo expat ffi fontconfig freetype
+WANTLIB-nfprofile += glib-2.0 gobject-2.0 graphite2 gthread-2.0 harfbuzz
+WANTLIB-nfprofile += iconv intl lzma m nfdump pango-1.0 pangocairo-1.0
+WANTLIB-nfprofile += pangoft2-1.0 pcre pixman-1 png pthread rrd xcb
+WANTLIB-nfprofile += xcb-render xcb-shm xml2
REORDER_DEPENDENCIES += ${PORTSDIR}/infrastructure/mk/automake.dep
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/nfdump/distinfo,v
retrieving revision 1.9
diff -u -p -r1.9 distinfo
--- distinfo 17 Dec 2014 14:53:43 -0000 1.9
+++ distinfo 16 Mar 2018 16:30:05 -0000
@@ -1,2 +1,2 @@
-SHA256 (nfdump-1.6.13.tar.gz) =
JRUzwxbJ/llTEvR3zbBR6cZnUX9J+3rFtDJJVzDkVpM=
-SIZE (nfdump-1.6.13.tar.gz) = 662006
+SHA256 (nfdump-1.6.16.tar.gz) =
sYR5IVxRqY+9+XPvVIRkeA56nZ9/5z5Pq5q37Io73I8=
+SIZE (nfdump-1.6.16.tar.gz) = 1814857
Index: patches/patch-bin_Makefile_in
===================================================================
RCS file: patches/patch-bin_Makefile_in
diff -N patches/patch-bin_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-bin_Makefile_in 16 Mar 2018 16:30:05 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: bin/Makefile.in
+--- bin/Makefile.in.orig
++++ bin/Makefile.in
+ lib_LTLIBRARIES = libnfdump.la
+ libnfdump_la_SOURCES = $(common) $(util) $(filelzo) $(nflist) $(filter) $(exporter)
+ #libnfdump_la_LIBADD = -lz
+-libnfdump_la_LDFLAGS = -release 1.6.15
++libnfdump_la_LDFLAGS =
+ nfdump_SOURCES = nfdump.c nfdump.h nfstat.c nfstat.h nfexport.c nfexport.h \
+ $(nflowcache) $(nfprof)
+
Index: patches/patch-bin_util_c
===================================================================
RCS file: /cvs/ports/net/nfdump/patches/patch-bin_util_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-bin_util_c
--- patches/patch-bin_util_c 10 Sep 2016 13:03:42 -0000 1.1
+++ patches/patch-bin_util_c 16 Mar 2018 16:30:05 -0000
@@ -1,7 +1,8 @@
$OpenBSD: patch-bin_util_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $
---- bin/util.c.orig Sat Sep 10 10:34:01 2016
-+++ bin/util.c Sat Sep 10 10:35:46 2016
+Index: bin/util.c
+--- bin/util.c.orig
++++ bin/util.c
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/nfdump/pkg/PLIST-main,v
retrieving revision 1.5
diff -u -p -r1.5 PLIST-main
--- pkg/PLIST-main 3 May 2013 01:16:36 -0000 1.5
+++ pkg/PLIST-main 16 Mar 2018 16:30:05 -0000
@@ -8,6 +8,9 @@
@bin bin/nfexpire
@bin bin/nfreplay
@bin bin/sfcapd
+lib/libnfdump.a
+lib/libnfdump.la
@man man/man1/ft2nfdump.1
@man man/man1/nfanon.1
@man man/man1/nfcapd.1
Michael Price
2018-03-16 22:54:53 UTC
Permalink
On a 6.2 box with 6.2 ports and diff applied I get this. Let me know if I'm
doing something silly - usually use packages.


===> Verifying specs: bz2 c z ft bz2 c z X11 Xext Xrender cairo expat
ffi fontconfig freetype glib-2.0 gobject-2.0 graphite2 gthread-2.0 harfbuzz
iconv intl lzma m nfdump pango-1.0 pangocairo-1.0 pangoft2-1.0 pcre
pixman-1 png pthread rrd xcb xcb-render xcb-shm xml2

Missing library for nfdump>=0.0

Fatal error

*** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2182
'/usr/ports/pobj/nfdump-1.6.16/.buildwantlibs')

*** Error 1 in /home/ports/net/nfdump (/usr/ports/infrastructure/mk/
bsd.port.mk:2425 'all')
Post by Michael Price
It will be a bit before I am at a machine to build ports. Only have access
to virtual machines running small instances right now. I would be happy to
test it tonight though.
Michael
Post by Michael Price
Post by Michael Price
It seems nfdump in ports is a bit behind the latest version though.
1.6.15
Post by Michael Price
in particular fixed a few security issues in nfcapd.
Is sthen still the contact person for the port? I suppose I could
submit a
Post by Michael Price
patch.
Oh, it moved so portroach no longer picks it up. Can you try this diff please?
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/nfdump/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- Makefile 10 Sep 2016 13:03:42 -0000 1.21
+++ Makefile 16 Mar 2018 16:30:05 -0000
@@ -3,24 +3,23 @@
COMMENT-main = tools to collect and process netflow data
COMMENT-nfprofile = filters data from nfdump according to profiles
-V = 1.6.13
-DISTNAME = nfdump-$V
+V = 1.6.16
+GH_ACCOUNT = phaag
+GH_PROJECT = nfdump
+GH_TAGNAME = v$V
FULLPKGNAME-main = nfdump-$V
FULLPKGNAME-nfprofile = nfprofile-$V
-REVISION-main = 0
-REVISION-nfprofile = 0
+
+SHARED_LIBS += nfdump 0.0 # 0.0
CATEGORIES = net
-HOMEPAGE = http://nfdump.sourceforge.net/
# BSD
PERMIT_PACKAGE_CDROM = Yes
-WANTLIB = c z
-
-MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=nfdump/}
+WANTLIB = bz2 c z
CONFIGURE_STYLE = gnu
@@ -35,11 +34,18 @@ CONFIGURE_ARGS += --enable-compat15 \
MULTI_PACKAGES = -main -nfprofile
-LIB_DEPENDS-main = net/flow-tools>=0.68.5
+LIB_DEPENDS-main = archivers/bzip2 \
+ net/flow-tools>=0.68.5
WANTLIB-main = ${WANTLIB} ft
+
LIB_DEPENDS-nfprofile = net/rrdtool
-WANTLIB-nfprofile = ${WANTLIB} pthread rrd
RUN_DEPENDS-nfprofile = nfdump-$V:net/nfdump,-main
+WANTLIB-nfprofile = ${WANTLIB}
+WANTLIB-nfprofile += X11 Xext Xrender cairo expat ffi fontconfig freetype
+WANTLIB-nfprofile += glib-2.0 gobject-2.0 graphite2 gthread-2.0 harfbuzz
+WANTLIB-nfprofile += iconv intl lzma m nfdump pango-1.0 pangocairo-1.0
+WANTLIB-nfprofile += pangoft2-1.0 pcre pixman-1 png pthread rrd xcb
+WANTLIB-nfprofile += xcb-render xcb-shm xml2
REORDER_DEPENDENCIES += ${PORTSDIR}/infrastructure/mk/automake.dep
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/nfdump/distinfo,v
retrieving revision 1.9
diff -u -p -r1.9 distinfo
--- distinfo 17 Dec 2014 14:53:43 -0000 1.9
+++ distinfo 16 Mar 2018 16:30:05 -0000
@@ -1,2 +1,2 @@
-SHA256 (nfdump-1.6.13.tar.gz) = JRUzwxbJ/llTEvR3zbBR6cZnUX9J+
3rFtDJJVzDkVpM=
-SIZE (nfdump-1.6.13.tar.gz) = 662006
+SHA256 (nfdump-1.6.16.tar.gz) = sYR5IVxRqY+9+XPvVIRkeA56nZ9/
5z5Pq5q37Io73I8=
+SIZE (nfdump-1.6.16.tar.gz) = 1814857
Index: patches/patch-bin_Makefile_in
===================================================================
RCS file: patches/patch-bin_Makefile_in
diff -N patches/patch-bin_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-bin_Makefile_in 16 Mar 2018 16:30:05 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: bin/Makefile.in
+--- bin/Makefile.in.orig
++++ bin/Makefile.in
+ lib_LTLIBRARIES = libnfdump.la
+ libnfdump_la_SOURCES = $(common) $(util) $(filelzo) $(nflist) $(filter) $(exporter)
+ #libnfdump_la_LIBADD = -lz
+-libnfdump_la_LDFLAGS = -release 1.6.15
++libnfdump_la_LDFLAGS =
+ nfdump_SOURCES = nfdump.c nfdump.h nfstat.c nfstat.h nfexport.c nfexport.h \
+ $(nflowcache) $(nfprof)
+
Index: patches/patch-bin_util_c
===================================================================
RCS file: /cvs/ports/net/nfdump/patches/patch-bin_util_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-bin_util_c
--- patches/patch-bin_util_c 10 Sep 2016 13:03:42 -0000 1.1
+++ patches/patch-bin_util_c 16 Mar 2018 16:30:05 -0000
@@ -1,7 +1,8 @@
$OpenBSD: patch-bin_util_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $
---- bin/util.c.orig Sat Sep 10 10:34:01 2016
-+++ bin/util.c Sat Sep 10 10:35:46 2016
+Index: bin/util.c
+--- bin/util.c.orig
++++ bin/util.c
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/nfdump/pkg/PLIST-main,v
retrieving revision 1.5
diff -u -p -r1.5 PLIST-main
--- pkg/PLIST-main 3 May 2013 01:16:36 -0000 1.5
+++ pkg/PLIST-main 16 Mar 2018 16:30:05 -0000
@@ -8,6 +8,9 @@
@bin bin/nfexpire
@bin bin/nfreplay
@bin bin/sfcapd
+lib/libnfdump.a
+lib/libnfdump.la
@man man/man1/ft2nfdump.1
@man man/man1/nfanon.1
@man man/man1/nfcapd.1
Stuart Henderson
2018-03-16 23:07:28 UTC
Permalink
On a 6.2 box with 6.2 ports and diff applied I get this. Let me know if I'm doing something
silly - usually use packages.
===>  Verifying specs:  bz2 c z ft bz2 c z  X11 Xext Xrender cairo expat ffi fontconfig
freetype glib-2.0 gobject-2.0 graphite2 gthread-2.0 harfbuzz iconv intl lzma m nfdump pango-1.0
pangocairo-1.0 pangoft2-1.0 pcre pixman-1 png pthread rrd xcb xcb-render xcb-shm xml2
Missing library for nfdump>=0.0
Ah I see what this is, please add

net/nfdump,-main

to LIB_DEPENDS-nfprofile in the port's Makefile.
Michael Price
2018-03-17 00:02:16 UTC
Permalink
Post by Michael Price
On a 6.2 box with 6.2 ports and diff applied I get this. Let me know if
I'm doing something
Post by Michael Price
silly - usually use packages.
===> Verifying specs: bz2 c z ft bz2 c z X11 Xext Xrender cairo expat
ffi fontconfig
Post by Michael Price
freetype glib-2.0 gobject-2.0 graphite2 gthread-2.0 harfbuzz iconv intl
lzma m nfdump pango-1.0
Post by Michael Price
pangocairo-1.0 pangoft2-1.0 pcre pixman-1 png pthread rrd xcb xcb-render
xcb-shm xml2
Post by Michael Price
Missing library for nfdump>=0.0
Ah I see what this is, please add
net/nfdump,-main
to LIB_DEPENDS-nfprofile in the port's Makefile.
That did the trick. I only built on amd64. Installed on a machine already
running nfcapd. Seems to be running fine and nfdump parses old and new
files.

Michael
Paul Ammann
2018-03-22 16:46:53 UTC
Permalink
The problem with flow-tools is that they don't work with Netflow v9.

I did find a UDP fanout device that worksjust as well: https://www.dcbnet.com/datasheet/pr6602ds.html
So long as you're on IPv4, flow-tools-ng is pretty decent. They
haven't been updated because they work well enough. Not grand, but
okay.
And thanks for buying my book!
==ml
Post by Paul Ammann
Hi
I've got a problem and I'm hoping OBSD may be able to solve my problem.
We bought new firewalls in 2017, but they can only send flow traffic to a single destination. We need to send flow traffic to 3 destinations.
I have a copy of Michael Lucas' book Network Flow Analysis, and I've been reading about flow-tools and flowd. Unfortunately there doesn't seem to have been a lot of development on these tools since 2010.
Are there any other tools that I may have missed that would help me solve my problem?
Thank you in advanced.
Paul
--
Michael W. Lucas https://mwl.io/
nonfiction: https://www.michaelwlucas.com/
fiction: https://www.michaelwarrenlucas.com/
Loading...