pflow(4) - CHERI manual pages with mandoc

NAME

pflow — kernel interface for pflow data export

The pflow subsystem exports pflow accounting data from the kernel using udp(4) packets. pflow is compatible with netflow version 5 and IPFIX (10). The data is extracted from the pf(4) state table.

Multiple pflow interfaces can be created at runtime using the pflowctlN -c command. Each interface must be configured with a flow receiver IP address and a flow receiver port number.

Only states created by a rule marked with the pflow keyword are exported by pflow.

pflow will attempt to export multiple pflow records in one UDP packet, but will not hold a record for longer than 30 seconds.

Each packet seen on this interface has one header and a variable number of flows. The header indicates the version of the protocol, number of flows in the packet, a unique sequence number, system time, and an engine ID and type. Header and flow structs are defined in <net/pflow.h>.

The pflow source and destination addresses are controlled by pflowctl(8). src is the sender IP address of the UDP packet which can be used to identify the source of the data on the pflow collector. dst defines the collector IP address and the port. The dst IP address and port must be defined to enable the export of flows.

For example, the following command sets 10.0.0.1 as the source and 10.0.0.2:1234 as destination:

# pflowctl -s pflow0 src 10.0.0.1 dst 10.0.0.2:1234

The protocol is set to IPFIX with the following command:

# pflowctl -s pflow0 proto 10

NAME

SYNOPSIS

DESCRIPTION

SEE ALSO

STANDARDS

HISTORY

BUGS