search

aabc / ipt-netflow

Netflow iptables module for Linux kernel (official)
https://github.com/aabc/ipt-netflow
497 stars 126 forks source link

natevents not working on Centos 7 #119

Open xgrooms opened 5 years ago

xgrooms commented 5 years ago

Running configuration with natevents creates the module parameter of natevents but I am unable to set sysctl net.netflow.natevents=1. There is no file in /proc/sys/net/netflow called natevents. Configuration and make steps are shown below, as well as sysctl net.netflow and modinf ipt_NETFLOW

`[root@killaflop ipt-netflow]# ./configure --enable-natevents --disable-dkms --disable-snmp-agent Kernel version: 3.10.0-957.12.2.el7.x86_64 (uname) Kernel sources: /lib/modules/3.10.0-957.12.2.el7.x86_64/build (found) Checking for presence of include/linux/llist.h... Yes Checking for presence of include/linux/grsecurity.h... No Iptables binary version: 1.4.21 (detected from /usr/sbin/iptables) pkg-config for version 1.4.21 exists: Yes Check for working gcc: Yes (gcc) Checking for presence of xtables.h... Yes (using pkg-config) Iptables include flags: (pkg-config) Iptables module path: /usr/lib64/xtables (pkg-config) Creating Makefile.. done.

If you need some options enabled run ./configure --help Now run: make all install

[root@killaflop ipt-netflow]# make all install Compiling for kernel 3.10.0-957.12.2.el7.x86_64 make -C /lib/modules/3.10.0-957.12.2.el7.x86_64/build M=/root/ipt-netflow modules CONFIG_DEBUG_INFO=y make[1]: Entering directory /usr/src/kernels/3.10.0-957.12.2.el7.x86_64' CC [M] /root/ipt-netflow/ipt_NETFLOW.o /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: sk_error_report.cold.29()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: unset_notifier_cb.cold.30()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_conntrack_event.cold.31()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: get_template.cold.32()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: set_notifier_cb.cold.33()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: flows_seq_release.cold.34()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: natevents_procctl.cold.35()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_target_check.cold.36()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: _schedule_scan_worker.cold.37()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: hsize_procctl.cold.38()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: usock_connect.cold.39()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_sendmsg.cold.40()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_export_pdu_ipfix.cold.41()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_export_pdu_v9.cold.42()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_export_pdu_v5.cold.43()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_export_flow_v5.cold.44()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: alloc_record_key.cold.45()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: sndbuf_procctl.cold.46()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: protocol_procctl.cold.47()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: flush_procctl.cold.48()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_work_fn.cold.49()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_target.cold.50()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: netflow_export_flow_tpl.cold.51()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: add_destinations.cold.52()+0x0: frame pointer state mismatch /root/ipt-netflow/ipt_NETFLOW.o: warning: objtool: destination_procctl.cold.53()+0x0: frame pointer state mismatch Building modules, stage 2. MODPOST 1 modules CC /root/ipt-netflow/ipt_NETFLOW.mod.o LD [M] /root/ipt-netflow/ipt_NETFLOW.ko make[1]: Leaving directory/usr/src/kernels/3.10.0-957.12.2.el7.x86_64' make -C /lib/modules/3.10.0-957.12.2.el7.x86_64/build M=/root/ipt-netflow modules_install INSTALL_MOD_PATH= make[1]: Entering directory /usr/src/kernels/3.10.0-957.12.2.el7.x86_64' INSTALL /root/ipt-netflow/ipt_NETFLOW.ko Can't read private key DEPMOD 3.10.0-957.12.2.el7.x86_64 make[1]: Leaving directory/usr/src/kernels/3.10.0-957.12.2.el7.x86_64' /sbin/depmod -a install -D libipt_NETFLOW.so /usr/lib64/xtables/libipt_NETFLOW.so install -D libip6t_NETFLOW.so /usr/lib64/xtables/libip6t_NETFLOW.so

[root@killaflop ipt-netflow]# depmod

[root@killaflop ipt-netflow]# modprobe ipt_NETFLOW natevents=1 destination=172.16.0.254:2055 protocol=9

[root@killaflop ipt-netflow]# sysctl net.netflow net.netflow.active_timeout = 1800 net.netflow.debug = 1 net.netflow.destination = 172.16.0.254:2055 net.netflow.flush = 0 net.netflow.hashsize = 655360 net.netflow.inactive_timeout = 15 net.netflow.maxflows = 2000000 net.netflow.protocol = 9 net.netflow.refresh-rate = 20 net.netflow.scan-min = 1 net.netflow.sndbuf = 212992 net.netflow.timeout-rate = 30

[root@killaflop ipt-netflow]# modinfo ipt_NETFLOW filename: /lib/modules/3.10.0-957.12.2.el7.x86_64/extra/ipt_NETFLOW.ko alias: ip6t_NETFLOW version: 2.4 description: iptables NETFLOW target module author: abc@openwall.com license: GPL retpoline: Y rhelversion: 7.6 srcversion: D6B3A088276A372DCDD99C4 depends: nf_conntrack vermagic: 3.10.0-957.12.2.el7.x86_64 SMP mod_unload modversions parm: destination:export destination ipaddress:port (charp) parm: inactive_timeout:inactive flows timeout in seconds (int) parm: active_timeout:active flows timeout in seconds (int) parm: exportcpu:lock exporter to this cpu (int) parm: debug:debug verbosity level (int) parm: sndbuf:udp socket SNDBUF size (int) parm: protocol:netflow protocol version (5, 9, 10=IPFIX) (int) parm: refresh_rate:NetFlow v9/IPFIX refresh rate (packets) (uint) parm: timeout_rate:NetFlow v9/IPFIX timeout rate (minutes) (uint) parm: scan_min:Minimal interval between export scans (jiffies) (uint) parm: natevents:enable NAT Events (int) parm: hashsize:hash table size (int) parm: maxflows:maximum number of flows (int) parm: engine_id:Observation Domain ID (int)`

aabc commented 4 years ago

Hello,

This options is also depends on the kernel configuration. You should have CONFIG_NF_CONNTRACK_EVENTS, and additionally CONFIG_NF_CONNTRACK_EVENTS, and CONFIG_NF_NAT_NEEDED defined in kernels .config.