Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PFLOW(4)		 BSD Kernel Interfaces Manual		      PFLOW(4)

NAME
     pflow -- kernel interface for pflow data export

SYNOPSIS
     pseudo-device pflow

DESCRIPTION
     The pflow interface is a pseudo-device which exports pflow	accounting
     data from the kernel using	udp(4) packets.	 pflow is compatible with net-
     flow version 5 and	IPFIX (10).  The data is extracted from	the pf(4)
     state table.

     Multiple pflow interfaces can be created at runtime using the ifconfig
     pflowN create command.  Each interface must be configured with a flow re-
     ceiver IP address and a flow receiver port	number.

     Only states created by a rule marked with the pflow keyword are exported
     by	the pflow interface.

     The pflow interface will attempt to export	multiple pflow records in one
     UDP packet, but will not hold a record for	longer than 30 seconds.	 The
     packet size and thus the maximum number of	flows is controlled by the mtu
     parameter of ifconfig(8).

     Each packet seen on this interface	has one	header and a variable number
     of	flows.	The header indicates the version of the	protocol, number of
     flows in the packet, a unique sequence number, system time, and an	engine
     ID	and type.  Header and flow structs are defined in <net/if_pflow.h>.

     There is a	one-to-one correspondence between packets seen by bpf(4) on
     the pflow interface and packets sent out to the flow receiver.  That is,
     a packet with 30 flows on pflow means that	the same 30 flows were sent
     out to the	receiver.

     The pflow source and destination addresses	are controlled by ifconfig(8).
     flowsrc is	the sender IP address of the UDP packet	which can be used to
     identify the source of the	data on	the pflow collector.  flowdst defines
     the collector IP address and the port.  The flowdst IP address and	port
     must be defined to	enable the export of flows.

     For example, the following	command	sets 10.0.0.1 as the source and
     10.0.0.2:1234 as destination:

	   # ifconfig pflow0 flowsrc 10.0.0.1 flowdst 10.0.0.2:1234

     The protocol is set to IPFIX with the following command:

	   # ifconfig pflow0 pflowproto	10

SEE ALSO
     netintro(4), pf(4), udp(4), pf.conf(5), ifconfig(8), tcpdump(8)

STANDARDS
     B.	Claise,	Specification of the IP	Flow Information Export	(IPFIX)
     Protocol for the Exchange of IP Traffic Flow Information, RFC 5101,
     January 2008.

HISTORY
     The pflow device first appeared in	OpenBSD	4.5.

BUGS
     A state created by	pfsync(4) can have a creation or expiration time be-
     fore the machine came up.	In this	case, pflow pretends such flows	were
     created or	expired	when the machine came up.

     The IPFIX implementation is incomplete: The required transport protocol
     SCTP is not supported.  Transport over TCP	and DTLS protected flow	export
     is	also not supported.

BSD				March 29, 2014				   BSD

NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | STANDARDS | HISTORY | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pflow&sektion=4&manpath=OpenBSD+6.5>

home | help