Re: additional conntrack feature

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Donovan <doohara@cisco.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: additional conntrack feature
Date: Fri, 18 Apr 2014 22:02:54 +0200	[thread overview]
Message-ID: <20140418200254.GA5417@localhost> (raw)
In-Reply-To: <535046D9.3020602@cisco.com>

On Thu, Apr 17, 2014 at 05:25:45PM -0400, Donovan wrote:
> Hi,
> 
> We are writing Proof Of Concept (POC) code to export (send) enhanced
> NetFlow based on conntrack events.

I guess you refer to IPFIX? We got some recent patches to get it
working in ulogd2.

> We've added some new minimal functionality to the kernel socket and
> netfilter-conntrack code.  This provides new information in the
> events as can be viewed by the conntrack program.
>
> We would like to send NetFlow based on the conntrack events and were
> wondering where to place such functionality. We would like such
> NetFlow to be sent by a service or daemon and we would like for this
> functionality to become open source. We have some questions:

> - Would it be acceptable to enhance conntrack-tools to send this NetFlow?
> - Like for instance placing it in the conntrackd daemon?
> - Or would it be OK to provide a new program alongside conntrack and
> conntrackd or the conntrack-tools to do this?

ulogd2 is the logging netfilter stub, so it's the right framework for
logging extensions IMO.

     prev parent reply	other threads:[~2014-04-18 20:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-17 21:25 additional conntrack feature Donovan
2014-04-18 20:02 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140418200254.GA5417@localhost \
    --to=pablo@netfilter.org \
    --cc=doohara@cisco.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.