Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PFLOW(4)		    Kernel Interfaces Manual		      PFLOW(4)

NAME
       pflow --	kernel interface for pflow data	export

SYNOPSIS
       pseudo-device pflow

DESCRIPTION
       The pflow subsystem exports pflow accounting data from the kernel using
       udp(4)  packets.	  pflow	is compatible with netflow version 5 and IPFIX
       (10).  The data is extracted from the pf(4) state table.

       Multiple	pflow interfaces can be	created	at runtime using the pflowctlN
       -c command.  Each interface must	be configured with a flow receiver  IP
       address and a flow receiver port	number.

       Only  states  created  by  a rule marked	with the pflow keyword are ex-
       ported by pflow.

       pflow will attempt to export multiple pflow records in one UDP  packet,
       but will	not hold a record for longer than 30 seconds.

       Each packet seen	on this	interface has one header and a variable	number
       of  flows.  The header indicates	the version of the protocol, number of
       flows in	the packet, a unique sequence number, system time, and an  en-
       gine   ID   and	 type.	  Header  and  flow  structs  are  defined  in
       <net/pflow.h>.

       The  pflow  source  and	destination  addresses	 are   controlled   by
       pflowctl(8).   src is the sender	IP address of the UDP packet which can
       be used to identify the source of the data on the pflow collector.  dst
       defines the collector IP	address	and the	port.  The dst IP address  and
       port must be defined to enable the export of flows.

       For  example,  the  following  command  sets 10.0.0.1 as	the source and
       10.0.0.2:1234 as	destination:

	     # pflowctl	-s pflow0 src 10.0.0.1 dst 10.0.0.2:1234

       The protocol is set to IPFIX with the following command:

	     # pflowctl	-s pflow0 proto	10

SEE ALSO
       netintro(4), pf(4), udp(4), pf.conf(5), pflowctl(8), tcpdump(8)

STANDARDS
       B. Claise, Specification	of the	IP  Flow  Information  Export  (IPFIX)
       Protocol	 for  the  Exchange  of	IP Traffic Flow	Information, RFC 5101,
       January 2008.

HISTORY
       The pflow device	first appeared in OpenBSD 4.5 and  was	imported  into
       FreeBSD 15.0 .

BUGS
       A state created by pfsync(4) can	have a creation	or expiration time be-
       fore the	machine	came up.  In this case,	pflow pretends such flows were
       created or expired when the machine came	up.

       The IPFIX implementation	is incomplete: The required transport protocol
       SCTP  is	not supported.	Transport over TCP and DTLS protected flow ex-
       port is also not	supported.

FreeBSD	15.0		       January 08, 2024			      PFLOW(4)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pflow&sektion=4&manpath=FreeBSD+15.0-RELEASE+and+Ports>

home | help