xref: /openbsd-src/share/man/man4/pflow.4 (revision 850e275390052b330d93020bf619a739a3c277ac)
1.\" $OpenBSD: pflow.4,v 1.6 2008/09/12 15:22:07 henning Exp $
2.\"
3.\" Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
4.\" Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALLWARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BELIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISINGOUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd $Mdocdate: September 12 2008 $
19.Dt PFLOW 4
20.Os
21.Sh NAME
22.Nm pflow
23.Nd kernel interface for pflow data export
24.Sh SYNOPSIS
25.Cd "pseudo-device pflow"
26.Sh DESCRIPTION
27The
28.Nm
29interface is a pseudo-device which exports pflow
30accounting data from the kernel using
31.Xr udp 4
32packets.
33pflow is compatible with netflow v5.
34The data is extracted from the
35.Xr pf 4
36state table.
37.Pp
38Only states created by a rule marked with the
39.Ar pflow
40keyword are exported by the
41.Nm
42interface.
43.Pp
44The
45.Nm
46interface will attempt to export multiple pflow records in one
47UDP packet, but will not hold a record for longer than 30 seconds.
48The packet size and thus the maximum number of flows is controlled by the
49.Cm mtu
50parameter of
51.Xr ifconfig 8 .
52.Pp
53Each packet seen on this interface has one header and a variable number of
54flows.
55The header indicates the version of the protocol, number of
56flows in the packet, a unique sequence number, system time, and an engine
57ID and type.
58Header and flow structs are defined in
59.Aq Pa net/if_pflow.h .
60.Pp
61The pflow source and destination addresses are controlled by
62.Xr ifconfig 8 .
63flowsrc is the sender IP address of the UDP packet which can be used
64to identify the source of the data on the pflow collector.
65flowdst defines the collector IP address and the port.
66The flowdst IP address and port must be defined to enable the export of flows.
67.Pp
68For example, the following command sets 10.0.0.1 as the source
69and 10.0.0.2:1234 as destination:
70.Bd -literal -offset indent
71# ifconfig pflow0 flowsrc 10.0.0.1 flowdst 10.0.0.2:1234
72.Ed
73.Sh SEE ALSO
74.Xr netintro 4 ,
75.Xr pf 4 ,
76.Xr udp 4 ,
77.Xr pf.conf 5 ,
78.Xr ifconfig 8 ,
79.Xr tcpdump 8
80.Sh HISTORY
81The
82.Nm
83device first appeared in
84.Ox 4.5 .
85