Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
flow-xlate(1)		    General Commands Manual		 flow-xlate(1)

NAME
       flow-xlate -- Apply translations	to selected fields of a	flow.

SYNOPSIS
       flow-xlate [-hkn]  [-b big|little]  [-C comment]	 [-d debug_level]  [-v
       variable	binding]  [-V flow_version]  [-x xlate_fname]  [-X xlate_defi-
       nition]	[-z z_level]

DESCRIPTION
       The  flow-xlate utility is used to apply	translations to	flows.	Trans-
       lations are defined in a	configuration file and are composed of actions
       and  a definition to invoke action(s).  The definitions are in the form
       of terms, each term can have a filter and multiple actions.

       Words in	the configuration file of the form @VAR	or @{VAR:default} will
       be expanded at run-time by setting variable names with the -v option.

       Translation  actions  begin with	the xlate-action keyword followed by a
       symbolic	name.  Each action has a type defined below.

       Translation definitions begin with the  xlate-definition	 keyword  fol-
       lowed  by  a symbolic name.  Each definition is composed	of terms which
       are evaluated in	the order of the configuration file.  A	term  may  in-
       voke a filter to	conditionally invoke an	action.

       Action type/sub-commands		       Description/Example
       ------------------------------------------------------------------------
       ip-source-address-to-network	       Zero host bits based on mask.
       ip-destination-address-to-network       Zero host bits based on mask.

	 (no sub-commands)

       ip-source-address-to-class-network      Zero source host	bits to
					       match class.
       ip-destination-address-to-class-network Zero dst	host bits to
					       match class.

	 (no sub-commands)

       ip-source-address-anonymize	       Anonymize source	address.
       ip-destination-address-anonymize	       Anonymize destination address.
       ip-address-anonymize		       Anonymize src/dst address.

	   algorithm			       Algorithm.  cryptopan-aes128 is
					       currently supported.
						algorithm cryptopan-aes128

	   key				       Key.  Key is 128	bits in	hex.
						key 0123456789ABCDEFG

	   key-file			       File to load key	from.  Key is
					       128 bits	in hex.
						key-file /mfstmp/secret-key

	   key-file-refresh		       How often to check the key file.
					       Interval	is in minutes, the
					       optional	second argument	is
					       hour:min:sec to specify the
					       first refresh.  This example
					       will load a new key every day
					       at 12:00:00.
						14400 12:00:00

       ip-address-privacy-mask		       Apply a mask to the source and
					       destination address to remove
					       bits.

       ip-port-privacy-mask		       Apply a mask to the source and
					       destination port	to remove
					       bits.

       tag-mask				       Apply mask to the source	and
					       destination tag.

	   mask				       Source and Destination mask
					       to apply.
						mask 0xFFFF 0xFFFF

       scale				       Scale packets and bytes.

	 scale				       Scale to	apply.
						scale 100

       replace-source-as0		       Replace source AS 0
       replace-destination-as0		       Replace destination AS 0

	 as				       AS replacement value.
						as 3112

OPTIONS
       -b big|little
		 Byte order of output.

       -C Comment
		 Add a comment.

       -d debug_level
		 Enable	debugging.

       -h	 Display help.

       -k	 Keep time from	input.

       -n	 Don't load configuration file.	 Useful	only with -V

       -v variable binding
		 Set a variable	FOO=bar.

       -V pdu_version
		 Use pdu_version format	output.

	   1	NetFlow	version	1 (No sequence numbers,	AS, or mask)
	   5	NetFlow	version	5
	   6	NetFlow	version	6 (5+ Encapsulation size)
	   7	NetFlow	version	7 (Catalyst switches)
	   8.1	NetFlow	AS Aggregation
	   8.2	NetFlow	Proto Port Aggregation
	   8.3	NetFlow	Source Prefix Aggregation
	   8.4	NetFlow	Destination Prefix Aggregation
	   8.5	NetFlow	Prefix Aggregation
	   8.6	NetFlow	Destination (Catalyst switches)
	   8.7	NetFlow	Source Destination (Catalyst switches)
	   8.8	NetFlow	Full Flow (Catalyst switches)
	   8.9	NetFlow	ToS AS Aggregation
	   8.10	NetFlow	ToS Proto Port Aggregation
	   8.11	NetFlow	ToS Source Prefix Aggregation
	   8.12	NetFlow	ToS Destination	Prefix Aggregation
	   8.13	NetFlow	ToS Prefix Aggregation
	   8.14	NetFlow	ToS Prefix Port	Aggregation
	   1005	Flow-Tools tagged version 5

       -x xlate_fname
		 Translation	 config	    file     name.	Defaults    to
		 @sysconfdir@/cfg/xlate.cfg

       -X xlate_definition
		 Translation definition.  Defaults to default.

       -z z_level
		 Configure compression level to	 z_level.  0 is	 disabled  (no
		 compression), 9 is highest compression.

EXAMPLES
       Convert	the  version 7 flows in	flows.v7 to version 5, storing the re-
       sult in flows.v5.

	 flow-xlate -V5	< flows.v7 > flows.v5

       Set the low 11 bits in the IP addresses to zero unless the  address  is
       multicast or it belongs to the 192.88.99/24 network.

       # xlate.cfg
       include-filter filter.cfg

       xlate-action MULTICAST-PRIVACY
	 type ip-address-privacy-mask
	 mask 0xFFFFFFFF 0xFFFFFFFF

       xlate-action UNICAST-PRIVACY
	 type ip-address-privacy-mask
	 mask 0xFFFFFF00 0xFFFFF800

       xlate-definition	abilene_privacy
	 term
	   filter mcast
	   action MULTICAST-PRIVACY
	   stop
	 term
	   filter ucast
	   action UNICAST-PRIVACY

       # filter.cfg
       filter-primitive	MCAST
	 type ip-address-mask
	 permit	224.0.0.0 240.0.0.0

       filter-primitive	UCAST
	 type ip-address-mask
	 deny 224.0.0.0	240.0.0.0
	 default permit

       filter-primitive	SKIP
	 type ip-address-mask
	 deny 192.88.99.0 255.255.255.0
	 default permit

       filter-definition mcast
	 match ip-destination-address MCAST

       filter-definition ucast
	 match ip-destination-address UCAST
	 match ip-destination-address SKIP
	 match ip-source-address SKIP

       flow-cat	flows |	flow-xlate -xxlate.cfg -Xabilene_privacy | flow-print

FILES
	 Configuration files:
	   Symbols - @sysconfdir@/sym/*.
	   Filter - @sysconfdir@/cfg/filter.cfg.
	   Xlate - @sysconfdir@/cfg/xlate.cfg.

BUGS
       The  scale option can overflow the 32 bit flow counters.	 This could be
       solved by detecting this	condition and splitting	the flow in two.

       Translation between aggregated and non aggregated formats is  not  sup-
       ported.

AUTHOR
       Mark Fullmer maf@splintered.net

SEE ALSO
       flow-tools(1)

								 flow-xlate(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | FILES | BUGS | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=flow-xlate&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help