On Tue, Mar 30, 2010 at 9:29 PM, Changli Gao <xiaosuo@xxxxxxxxx> wrote: > I am interested in this feature. FreeBSD supports netflow v5, and > netflow v5 is more common, we can support it first, then add others. We used ng_netflow before PF_RING. There was a lot of problems with ksocket udp packets loss in the BSD kernel. After that we have switched to the ntop solution. Ipt_NETFLOW provides basic v5 support, but as I already said doesn't have flexible configuration and other features. So I intend to make universal module and start with v5. On Tue, Mar 30, 2010 at 9:56 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > On Tuesday 2010-03-30 16:06, Roman Tsisyk wrote: > > iptables does not drop these, your NIC does when it's not in promiscuous mode. > If I am no mistaken, for all packets whose mac doesn't match to the nic mac pkt_type is set to PACKET_OTHERHOST. Iptables drop packets with PACKET_OTHERHOST, I don't remember exactly where, may be in ip_rcv routine. -- WBR, Tsisyk Roman -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
