I am running the latest version of ipt_NETFLOW in promisc mode on CentOS 7 (3.10.0-327.4.5.el7.x86_64) The netflow data being reported is showing the right bandwidth levels, but PPS being reported is almost exactly 50% of what it really is.

/proc/net/stat/ipt_netflow shows the same anomaly.

I have verified that iptables itself is seeing the "real" number of packets.

Seems, GPL-3 forbids linking with code with openssl license [1]. But ipt-netflow snmp agent links with libcrypto (which is a part of openssl). Is snmp_NETFLOW.c is licensed by GPL-3? There's no specific name of license in it's source code, so I extrapolated it from ipt_NETFLOW.c.

$ net-snmp-config --libs
-Wl,-z,relro -Wl,-z,now -L/usr/lib/x86_64-linux-gnu -lnetsnmp -lcrypto -lm

[1] https://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html

I was have to make the debian package with --disable-snmp-agent configure option.

Sorry if the most of my reports just wastes your time. Tell me if you want receive less reports :)

I consider implementing TCP export mode for IPFIX protocol.

This may require major rewrite of exporting logic, may be not, depends.

CentOS 5.x чистая инсталяция.

Версия 1.8 работает отлично, Ваша версия по попытке загрузки модуля ядра подвисает на пару минут, затем при рестарте iptables сервер зависает. В dmesg

Oct 30 09:43:17 localhost kernel: libipt_NETFLOW.[2506]: segfault at 0000000000000001 rip 0000000000000001 rsp 00007ffff288e618 error 14
Oct 30 09:43:24 localhost kernel: libipt_NETMAP.s[2519]: segfault at 0000000000000001 rip 0000000000000001 rsp 00007fffc9b89188 error 14

I can't install dkms module in Ubuntu (14.10).

# git clone git://git.code.sf.net/p/ipt-netflow/code ipt-netflow
Cloning into 'ipt-netflow'...
remote: Counting objects: 992, done.
remote: Compressing objects: 100% (891/891), done.
remote: Total 992 (delta 669), reused 152 (delta 101)
Receiving objects: 100% (992/992), 266.67 KiB | 204.00 KiB/s, done.
Resolving deltas: 100% (669/669), done.
Checking connectivity... готово.

# ./configure --enable-natevents --enable-aggregation
Kernel version: 3.13.0-46-generic (uname)
Kernel sources: /lib/modules/3.13.0-46-generic/build (found)
Checking for presence of include/linux/llist.h... Yes
Iptables binary version: 1.4.19.1 (detected from /usr/local/sbin/iptables)
pkg-config for version 1.4.19.1 exists: Yes
Checking for presence of xtables.h... Yes (using pkg-config)
Iptables include flags: -I/usr/local/include   (pkg-config)
Iptables module path: /usr/local/lib/xtables (pkg-config)
Searching for net-snmp-config... No.
Searching for net-snmp agent... Yes.
! You have net-snmp agent but not development package.
! net-snmp agent will not be built, to fix:
!   run:  apt-get install libsnmp-dev
Checking for DKMS... Yes.
! You are already have module installed via DKMS
!   it will be uninstalled on 'make install' and
!   current version of module installed afterwards.
! Use --disable-dkms option if don't want this.
Creating Makefile.. done.

  If you need some options enabled run ./configure --help
  Now run: make all install

# make all install
Compiling for kernel 3.13.0-46-generic
make -C /lib/modules/3.13.0-46-generic/build M=/root/src/ipt-netflow modules CONFIG_DEBUG_INFO=y
make[1]: Вход в каталог `/usr/src/linux-headers-3.13.0-46-generic'
  CC [M]  /root/src/ipt-netflow/ipt_NETFLOW.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /root/src/ipt-netflow/ipt_NETFLOW.mod.o
  LD [M]  /root/src/ipt-netflow/ipt_NETFLOW.ko
make[1]: Выход из каталога `/usr/src/linux-headers-3.13.0-46-generic'
gcc -O2 -Wall -Wunused -DXTABLES  -I/usr/local/include   -fPIC -o libipt_NETFLOW_sh.o -c libipt_NETFLOW.c
gcc -shared -o libipt_NETFLOW.so libipt_NETFLOW_sh.o
gcc -O2 -Wall -Wunused -DXTABLES  -I/usr/local/include   -fPIC -o libip6t_NETFLOW_sh.o -c libipt_NETFLOW.c
gcc -shared -o libip6t_NETFLOW.so libip6t_NETFLOW_sh.o
 *
make -C /lib/modules/3.13.0-46-generic/build M=/root/src/ipt-netflow modules_install INSTALL_MOD_PATH=
make[1]: Вход в каталог `/usr/src/linux-headers-3.13.0-46-generic'
  INSTALL /root/src/ipt-netflow/ipt_NETFLOW.ko
Can't read private key
  DEPMOD  3.13.0-46-generic
make[1]: Выход из каталога `/usr/src/linux-headers-3.13.0-46-generic'
/sbin/depmod -a
 *
install -D libipt_NETFLOW.so /usr/local/lib/xtables/libipt_NETFLOW.so
install -D libip6t_NETFLOW.so /usr/local/lib/xtables/libip6t_NETFLOW.so
 *
Installing into DKMS...
! You have different version of module installed into DKMS.
! That version was automatically installed by this script,
! thus, is safe to remove. No worries.
! Removing from dkms...

------------------------------
Deleting module version: 2.0-53-g8e42ff3-dirty
completely from the DKMS tree.
------------------------------
Done.
! Removing source tree from /usr/src/ipt-netflow-2.0-53-g8e42ff3-dirty
! Installing 2.1-14-g22ddee7 into DKMS...

Creating symlink /var/lib/dkms/ipt-netflow/2.1-14-g22ddee7/source ->
                /usr/src/ipt-netflow-2.1-14-g22ddee7

DKMS: add completed.
rm libipt_NETFLOW_sh.o libip6t_NETFLOW_sh.o

# dkms status
ipt-netflow, 2.1-14-g22ddee7: added

# LANG=C dkms install -m ipt-netflow/2.1-14-g22ddee7

Kernel preparation unnecessary for this kernel.  Skipping...

Running the pre_build script:
Kernel version: 3.13.0-46-generic (uname)
Kernel sources: /lib/modules/3.13.0-46-generic/build (dkms)
Checking for presence of include/linux/llist.h... Yes
Iptables binary version: 1.4.21 (detected from /sbin/iptables)
pkg-config for version 1.4.21 exists: No (reported: 1.4.19.1)
Checking for presence of xtables.h... Yes
Searching for iptables-1.4.21 sources..
! Can not find iptables source directory, you may try setting it with --ipt-src=
! This is not fatal error, yet. Will be just using default include dir.
Iptables include flags: none (default)
Iptables module path: /usr/local/lib/xtables
/tmp/iptables-1.4.19.1/libxtables (from iptables binary)
Searching for net-snmp-config... No.
Searching for net-snmp agent... Yes.
! You have net-snmp agent but not development package.
! net-snmp agent will not be built, to fix:
!   run:  apt-get install libsnmp-dev
Checking for DKMS... Yes.
Creating Makefile.. sed: -e expression #1, char 348: unterminated `s' command
done.

  If you need some options enabled run ./configure --help
  Now run: make all install


Building module:
cleaning build area....
make KERNELRELEASE=3.13.0-46-generic ipt_NETFLOW.ko....(bad exit status: 2)
ERROR (dkms apport): binary package for ipt-netflow: 2.1-14-g22ddee7 not found
Error! Bad return status for module build on kernel: 3.13.0-46-generic (x86_64)
Consult /var/lib/dkms/ipt-netflow/2.1-14-g22ddee7/build/make.log for more information.

# cat /var/lib/dkms/ipt-netflow/2.1-14-g22ddee7/build/make.log
DKMS make.log for ipt-netflow-2.1-14-g22ddee7 for kernel 3.13.0-46-generic (x86_64)
Wed Apr  1 11:25:10 MSK 2015
make: *** No rule to make target `ipt_NETFLOW.ko'.  Stop.

Please implement MPLS labeled packet receive in promisc mode, should be ease modification of promisc_rcv(), now MPLS labeled unicast IPv6/IPv4 packets are droped. Maybe I will create patch for it.

Привет, взумалось увеличить tx\rx ring через ethtool.
словил такую каку:

nflow.txt

Hi,

I got a problem running ipt_NETFLOW in a active/backup failover setup.
During failover, interfaces change, so the interface ipt_NETFLOW used to send flows will get unavailable.
ipt_NETFLOW does not recover from this situation, and keeps logging:

kernel: [232283.590800] netflow_sendmsg: sendmsg(0, 1012) [1 229376]
kernel: [232283.590808] ipt_NETFLOW: sendmsg[0] error -22: data loss 0 pkt, 0 bytes

-22 is EINVAL.
I'd propose to disconnect the socket on EINVAL during sendmsg, set -1, and it will reconnect later on.

After building ipt-netflow, the SELinux context for libipt_NETFLOW.so may cause SELinux to deny access to it.

This can be remedied as follows:

restorecon -R -v /lib64/xtables/libipt_NETFLOW.so

Adjust the path to libipt_NETFLOW.so according to your system.

Последний коммит в истории
commit badf89a
Author: ABC [email protected]
Date: Thu Sep 4 02:54:15 2014 +0400

Linux ezh 3.15.8-hardened #2 SMP Fri Sep 5 01:14:55 MSK 2014 i686 Dual Core AMD Opteron(tm) Processor 265 AuthenticAMD GNU/Linux

ezh ipt-netflow # make    
Compiling for kernel 3.15.8-hardened
make -C /lib/modules/3.15.8-hardened/build M=/root/netflow/ipt-netflow modules
make[1]: Entering directory `/usr/src/linux-3.15.8-hardened'
  CC [M]  /root/netflow/ipt-netflow/ipt_NETFLOW.o
/root/netflow/ipt-netflow/ipt_NETFLOW.c: In function 'hsize_procctl':
/root/netflow/ipt-netflow/ipt_NETFLOW.c:1167:3: error: assignment of member 'data' in read-only object
/root/netflow/ipt-netflow/ipt_NETFLOW.c:1170:3: error: assignment of member 'data' in read-only object
/root/netflow/ipt-netflow/ipt_NETFLOW.c: In function 'sndbuf_procctl':
/root/netflow/ipt-netflow/ipt_NETFLOW.c:1194:2: error: assignment of member 'data' in read-only object
/root/netflow/ipt-netflow/ipt_NETFLOW.c: In function 'flush_procctl':
/root/netflow/ipt-netflow/ipt_NETFLOW.c:1324:2: error: assignment of member 'data' in read-only object
/root/netflow/ipt-netflow/ipt_NETFLOW.c: In function 'protocol_procctl':
/root/netflow/ipt-netflow/ipt_NETFLOW.c:1352:2: error: assignment of member 'data' in read-only object
make[2]: *** [/root/netflow/ipt-netflow/ipt_NETFLOW.o] Error 1
make[1]: *** [_module_/root/netflow/ipt-netflow] Error 2
make[1]: Leaving directory `/usr/src/linux-3.15.8-hardened'
make: *** [ipt_NETFLOW.ko] Error 2

Идеи? Не силен я в программировании ядра. Если, что хедеры прикреплю или еще что нужно.

I'm already in process of implementing utility to parse flows statistics exported via /proc/net/stat/ipt_netflow_flows. Flows stat interface is already moved from debugfs to proc as part of implementing this feature (eaf5c65, a696b6a).

How to add custom CFLAGS and LDFLAGS? I was have to use sed [...] -i Makefile in file debian/rules of Debian package to make that.

Prepare "debian/" directory to simplify debian maintainers/uploaders work and mail about that to [email protected] [1].

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620511

Hello.

I have compilation issues with head on CentOS7 kernel 3.10.0-229.20.1.el7.x86_64

Compile log attached

ipt-makelog.txt

I have kernel panic that shutdown two servers
I think that this is already fixed, but can @aabc check this. Thanks

dmesg from servers before die:
Jun 17 23:27:46 relay01 kernel: [7864672.083674] BUG: unable to handle kernel NULL pointer dereference at (null)
Jun 17 23:27:46 relay01 kernel: [7864672.086084] IP: [] netflow_target+0x5c1/0xb90 [ipt_NETFLOW]
Jun 17 23:27:46 relay01 kernel: [7864672.088555] PGD 0
Jun 17 23:27:46 relay01 kernel: [7864672.090974] Oops: 0000 [#1] SMP
Jun 17 23:27:46 relay01 kernel: [7864672.093393] Modules linked in: nfnetlink_log ip6table_mangle ip6table_raw iptable_mangle iptable_raw xt_u32 xt_pkttype xt_tcpudp xt_set xt_multiport ip_set_hash_net ip_set_hash_netport ip6table_filter ip6_tables iptable_filter ip_tables ip_set nfnetlink 8021q garp stp mrp llc ib_ucm ib_uverbs ib_addr ib_umad ib_ipoib ib_srp scsi_transport_srp ib_cm scsi_tgt mlx4_ib ib_sa ib_mad ib_core mlx4_en mlx4_core ipmi_devintf ipt_NETFLOW(O) x_tables md_mod dm_multipath scsi_dh scsi_mod radeon mperf coretemp kvm_intel ttm dm_mod drm_kms_helper kvm snd_pcm drm snd_page_alloc snd_timer psmouse snd soundcore iTCO_wdt iTCO_vendor_support i2c_algo_bit ipmi_si crc32c_intel i2c_core hpilo hpwdt lpc_ich ipmi_msghandler mfd_core pcspkr evdev serio_raw i7core_edac edac_core acpi_power_meter button processor squashfs loop aufs(C) hid_generic usbhid hid uhci_hcd ehci_pci ehci_hcd microcode usbcore usb_common bnx2 ixgbe dca mdio e1000e ptp pps_core thermal thermal_sys [last unloaded: nf_defrag_ipv4]
Jun 17 23:27:46 relay01 kernel: [7864672.118365] CPU: 13 PID: 0 Comm: swapper/13 Tainted: G CIO 3.10-3-amd64 #1 Debian 3.10.61-1+020141126043804.83+wheezy1.gbp631db1
Jun 17 23:27:46 relay01 kernel: [7864672.125605] Hardware name: HP ProLiant DL380 G6, BIOS P62 07/02/2013
Jun 17 23:27:46 relay01 kernel: [7864672.129300] task: ffff8806070c60c0 ti: ffff88060710c000 task.ti: ffff88060710c000
Jun 17 23:27:46 relay01 kernel: [7864672.133111] RIP: 0010:[] [] netflow_target+0x5c1/0xb90 [ipt_NETFLOW]
Jun 17 23:27:46 relay01 kernel: [7864672.136993] RSP: 0018:ffff880a1fac39a0 EFLAGS: 00010246
Jun 17 23:27:46 relay01 kernel: [7864672.140929] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004
Jun 17 23:27:46 relay01 kernel: [7864672.144919] RDX: ffff880a1fac39ec RSI: 0000000000000014 RDI: ffff880a08090880
Jun 17 23:27:46 relay01 kernel: [7864672.148908] RBP: ffff8809dd4f1054 R08: ffffc9000d89a368 R09: ffff880a08090880
Jun 17 23:27:46 relay01 kernel: [7864672.152954] R10: 0000000000000001 R11: 00000000ffffffff R12: 0000000000000000
Jun 17 23:27:46 relay01 kernel: [7864672.157008] R13: 0000000000000014 R14: ffff880a08090880 R15: ffff8805c3b81c00
Jun 17 23:27:46 relay01 kernel: [7864672.161061] FS: 0000000000000000(0000) GS:ffff880a1fac0000(0000) knlGS:0000000000000000
Jun 17 23:27:46 relay01 kernel: [7864672.165172] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jun 17 23:27:46 relay01 kernel: [7864672.169337] CR2: 0000000000000000 CR3: 000000000160c000 CR4: 00000000000007e0
Jun 17 23:27:46 relay01 kernel: [7864672.173537] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 17 23:27:46 relay01 kernel: [7864672.177745] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 17 23:27:46 relay01 kernel: [7864672.181886] Stack:
Jun 17 23:27:46 relay01 kernel: [7864672.186040] ffffffffa04f11ae 0000000000000014 0100000000000002 0000000000000001
Jun 17 23:27:46 relay01 kernel: [7864672.190336] ffffffffa02332cc ffff880a1fac3b80 ffff8806015b5300 ffff880605405e40
Jun 17 23:27:46 relay01 kernel: [7864672.194823] ffff8809dd4f1054 ffff880a1fac3a80 ffff880605405e60 ffff880a08090880
Jun 17 23:27:46 relay01 kernel: [7864672.199160] Call Trace:
Jun 17 23:27:46 relay01 kernel: [7864672.203483]
Jun 17 23:27:46 relay01 kernel: [7864672.203517] [] ? hash_net4_test+0x83/0x228 [ip_set_hash_net]
Jun 17 23:27:46 relay01 kernel: [7864672.212189] [] ? ftrace_raw_event_irq_handler_entry+0x47/0xe9
Jun 17 23:27:46 relay01 kernel: [7864672.216618] [] ? ip_set_test+0x7b/0xdb [ip_set]
Jun 17 23:27:46 relay01 kernel: [7864672.221117] [] ? ipt_do_table+0x518/0x5a7 [ip_tables]
Jun 17 23:27:46 relay01 kernel: [7864672.225567] [] ? ipt_do_table+0x578/0x5a7 [ip_tables]
Jun 17 23:27:46 relay01 kernel: [7864672.230012] [] ? dev_hard_start_xmit+0x272/0x3ed
Jun 17 23:27:46 relay01 kernel: [7864672.234445] [] ? dst_mtu+0xa/0xa
Jun 17 23:27:46 relay01 kernel: [7864672.238897] [] ? nf_iterate+0x42/0x80
Jun 17 23:27:46 relay01 kernel: [7864672.243325] [] ? nf_hook_slow+0x69/0xfe
Jun 17 23:27:46 relay01 kernel: [7864672.247772] [] ? dst_mtu+0xa/0xa
Jun 17 23:27:46 relay01 kernel: [7864672.252176] [] ? ip_forward+0x2af/0x38b
Jun 17 23:27:46 relay01 kernel: [7864672.252176] [] ? ip_forward+0x2af/0x38b
Jun 17 23:27:46 relay01 kernel: [7864672.256613] [] ? __netif_receive_skb_core+0x447/0x4bf
Jun 17 23:27:46 relay01 kernel: [7864672.261060] [] ? netif_receive_skb+0x4c/0x7d
Jun 17 23:27:46 relay01 kernel: [7864672.265526] [] ? napi_gro_receive+0x35/0x76
Jun 17 23:27:46 relay01 kernel: [7864672.269918] [] ? bnx2_poll_work+0x913/0xa07 [bnx2]
Jun 17 23:27:46 relay01 kernel: [7864672.274324] [] ? bnx2_poll_msix+0x28/0x6f [bnx2]
Jun 17 23:27:46 relay01 kernel: [7864672.278614] [] ? net_rx_action+0xa7/0x1dc
Jun 17 23:27:46 relay01 kernel: [7864672.282996] [] ? enqueue_hrtimer+0x36/0x6d
Jun 17 23:27:46 relay01 kernel: [7864672.287215] [] ? add_interrupt_randomness+0x39/0x16f
Jun 17 23:27:46 relay01 kernel: [7864672.291388] [] ? __do_softirq+0xec/0x209
Jun 17 23:27:46 relay01 kernel: [7864672.295429] [] ? call_softirq+0x1c/0x30
Jun 17 23:27:46 relay01 kernel: [7864672.299351] [] ? do_softirq+0x3a/0x78
Jun 17 23:27:46 relay01 kernel: [7864672.303122] [] ? irq_exit+0x3f/0x83
Jun 17 23:27:46 relay01 kernel: [7864672.306757] [] ? do_IRQ+0x81/0x97
Jun 17 23:27:46 relay01 kernel: [7864672.310337] [] ? common_interrupt+0x6d/0x6d
Jun 17 23:27:46 relay01 kernel: [7864672.313752]
Jun 17 23:27:46 relay01 kernel: [7864672.313785] [] ? arch_local_irq_enable+0x4/0x8
Jun 17 23:27:46 relay01 kernel: [7864672.320300] [] ? cpuidle_enter_state+0x46/0xb1
Jun 17 23:27:46 relay01 kernel: [7864672.323503] [] ? cpuidle_idle_call+0xd6/0x147
Jun 17 23:27:46 relay01 kernel: [7864672.326675] [] ? arch_cpu_idle+0x6/0x1a
Jun 17 23:27:46 relay01 kernel: [7864672.329885] [] ? cpu_startup_entry+0x125/0x1a5
Jun 17 23:27:46 relay01 kernel: [7864672.332854] [] ? _raw_spin_unlock_irqrestore+0xc/0xd
Jun 17 23:27:46 relay01 kernel: [7864672.335873] [] ? start_secondary+0x1e6/0x1ec
Jun 17 23:27:46 relay01 kernel: [7864672.338856] Code: 40 04 eb 29 48 8d 4c 24 4c ba 04 00 00 00 44 89 ee 4c 89 f7 e8 57 e2 ff ff 48 85 c0 74 0d 8b 10 c1 ea 10 66 89 94 24 80 00 00 00 <8b> 00 66 89 84 24 82 00 00 00 31 ed 31 db 48 c7 c7 d0 25 23 a0
Jun 17 23:27:46 relay01 kernel: [7864672.345493] RIP [] netflow_target+0x5c1/0xb90 [ipt_NETFLOW]
Jun 17 23:27:46 relay01 kernel: [7864672.348733] RSP
Jun 17 23:27:46 relay01 kernel: [7864672.351940] CR2: 0000000000000000

Getting a warning:

Makefile:10: *** mixed implicit and normal rules: deprecated syntax

every time while make.

posible map ip with asn if have bgp full route table?

Centos 7 kernel 3.10.0-229.20.1.el7.x86_64
gcc-4.8.3-9.el7.x86_64

пробовал ipt-netflow-2.1 не компилиться
скачал последний, сделал по инструкции https://github.com/aabc/ipt-netflow/blob/master/README
вроде как написано что и на 4.х ядрах должен и на Centos7, но при компиляции вылезает куча ошибок.

[root@localhost ipt-netflow]# ./configure
Kernel version: 3.10.0-229.20.1.el7.x86_64 (uname)
Kernel sources: /lib/modules/3.10.0-229.20.1.el7.x86_64/build (found)
Checking for presence of include/linux/llist.h... Yes
Checking for presence of include/linux/grsecurity.h... No
Iptables binary version: 1.4.21 (detected from /usr/sbin/iptables)
pkg-config for version 1.4.21 exists: Yes
Checking for presence of xtables.h... Yes (using pkg-config)
Iptables include flags:   (pkg-config)
Iptables module path: /usr/lib64/xtables (pkg-config)
Searching for net-snmp-config... Yes /usr/bin/net-snmp-config
Searching for net-snmp agent... Yes.
Checking for DKMS... Yes.
Creating Makefile.. done.

  If you need some options enabled run ./configure --help
  Now run: make all install

[root@localhost ipt-netflow]# make all install
Compiling for kernel 3.10.0-229.20.1.el7.x86_64
make -C /lib/modules/3.10.0-229.20.1.el7.x86_64/build M=/usr/src/ipt-netflow modules CONFIG_DEBUG_INFO=y
make[1]: Entering directory `/usr/src/kernels/3.10.0-229.20.1.el7.x86_64'
  CC [M]  /usr/src/ipt-netflow/ipt_NETFLOW.o
In file included from /usr/src/ipt-netflow/ipt_NETFLOW.c:75:0:
/usr/src/ipt-netflow/compat.h:1:1: error: expected identifier or ‘(’ before ‘.’ token
 ./ipt-netflow/configure
 ^
/usr/src/ipt-netflow/compat.h:1:24: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                        ^
/usr/src/ipt-netflow/compat.h:1:108: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                            ^
/usr/src/ipt-netflow/compat.h:1:116: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                    ^
/usr/src/ipt-netflow/compat.h:1:124: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                            ^
/usr/src/ipt-netflow/compat.h:1:136: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                                        ^
/usr/src/ipt-netflow/compat.h:1:148: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                                                    ^
/usr/src/ipt-netflow/compat.h:1:155: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                                                           ^
/usr/src/ipt-netflow/compat.h:1:158: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                                                              ^
/usr/src/ipt-netflow/compat.h:1:263: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                                                                                                                                                                       ^
/usr/src/ipt-netflow/compat.h:1:270: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                                                                                                                                                                              ^
/usr/src/ipt-netflow/compat.h:1:302: warning: null character(s) ignored [enabled by default]
 ./ipt-netflow/configure
                                                                                                                                                                                                                                                                                                              ^
/usr/src/ipt-netflow/compat.h:1:513: error: stray ‘#’ in program
 ./ipt-netflow/configure
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 ^
In file included from /usr/src/ipt-netflow/ipt_NETFLOW.c:75:0:
/usr/src/ipt-netflow/compat.h:7:5: error: stray ‘`’ in program
     # restore options from existing Makefile, if present
     ^
/usr/src/ipt-netflow/compat.h:7:28: warning: character constant too long for its type [enabled by default]
     # restore options from existing Makefile, if present
                            ^
/usr/src/ipt-netflow/compat.h:7:5: error: stray ‘`’ in program
     # restore options from existing Makefile, if present
     ^
/usr/src/ipt-netflow/compat.h:8:7: error: invalid preprocessing directive #restore
     if [ -e Makefile ]; then
       ^
/usr/src/ipt-netflow/compat.h:9:25: error: unknown type name ‘then’
       set -- `sed -n 's/^CARGS = \(.*\)/\1/p' Makefile`
                         ^
/usr/src/ipt-netflow/compat.h:10:11: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘--’ token
       FROMDKMSCONF=1
           ^
/usr/src/ipt-netflow/compat.h:10:11: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:10:22: warning: unknown escape sequence: '\)' [enabled by default]
       FROMDKMSCONF=1
                      ^
/usr/src/ipt-netflow/compat.h:10:22: warning: character constant too long for its type [enabled by default]
/usr/src/ipt-netflow/compat.h:10:11: error: stray ‘`’ in program
       FROMDKMSCONF=1
           ^
/usr/src/ipt-netflow/compat.h:14:1: error: unknown type name ‘esac’

 ^
/usr/src/ipt-netflow/compat.h:16:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
/usr/src/ipt-netflow/compat.h: In function ‘error’:
/usr/src/ipt-netflow/compat.h:17:3: error: ‘printf’ undeclared (first use in this function)
/usr/src/ipt-netflow/compat.h:17:3: note: each undeclared identifier is reported only once for each function it appears in
/usr/src/ipt-netflow/compat.h:17:10: error: expected ‘;’ before string constant
/usr/src/ipt-netflow/compat.h: At top level:
/usr/src/ipt-netflow/compat.h:21:1: warning: return type defaults to ‘int’ [-Wreturn-type]
/usr/src/ipt-netflow/compat.h:21:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
/usr/src/ipt-netflow/compat.h: In function ‘iptables_src_version’:
/usr/src/ipt-netflow/compat.h:22:3: error: ‘test’ undeclared (first use in this function)
/usr/src/ipt-netflow/compat.h:22:8: error: expected ‘;’ before string constant
/usr/src/ipt-netflow/compat.h:27:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:27:15: warning: unknown escape sequence: '\)' [enabled by default]
/usr/src/ipt-netflow/compat.h:27:15: warning: character constant too long for its type [enabled by default]
/usr/src/ipt-netflow/compat.h:27:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:29:30: error: unknown type name ‘then’
/usr/src/ipt-netflow/compat.h:30:10: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before string constant
/usr/src/ipt-netflow/compat.h:29:30: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
/usr/src/ipt-netflow/compat.h:37:1: error: implicit declaration of function ‘get_lib_dir’ [-Werror=implicit-function-declaration]
/usr/src/ipt-netflow/compat.h:37:15: error: expected ‘;’ before ‘{’ token
/usr/src/ipt-netflow/compat.h:38:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:38:31: warning: unknown escape sequence: '\)' [enabled by default]
/usr/src/ipt-netflow/compat.h:38:31: warning: character constant too long for its type [enabled by default]
/usr/src/ipt-netflow/compat.h:38:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:48:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:48:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:58:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:58:57: warning: unknown escape sequence: '\+' [enabled by default]
/usr/src/ipt-netflow/compat.h:58:57: warning: unknown escape sequence: '\)' [enabled by default]
/usr/src/ipt-netflow/compat.h:58:57: warning: character constant too long for its type [enabled by default]
/usr/src/ipt-netflow/compat.h:58:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:60:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:60:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:120:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:120:3: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:137:5: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:145:5: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:145:5: error: stray ‘`’ in program
/usr/src/ipt-netflow/compat.h:169:8: warning: missing terminating " character [enabled by default]
/usr/src/ipt-netflow/compat.h:169:3: error: missing terminating " character
/usr/src/ipt-netflow/compat.h:171:14: warning: missing terminating " character [enabled by default]
/usr/src/ipt-netflow/compat.h:171:14: warning: extra tokens at end of #include directive [enabled by default]
/usr/src/ipt-netflow/compat.h:171:24: fatal error: $*: No such file or directory
cc1: some warnings being treated as errors
compilation terminated.
make[2]: *** [/usr/src/ipt-netflow/ipt_NETFLOW.o] Error 1
make[1]: *** [_module_/usr/src/ipt-netflow] Error 2
make[1]: Leaving directory `/usr/src/kernels/3.10.0-229.20.1.el7.x86_64'
make: *** [ipt_NETFLOW.ko] Error 2

In this situation sensor not connected with collector.

6572239.876531] NMI backtrace for cpu 0
[6572239.876533] CPU: 0 PID: 2116 Comm: kworker/0:1 Tainted: G           O 3.13.11-1-amd64-vyos #1
[6572239.876535] Hardware name: SGI.COM 99-01-003431/Rack-TY1  , BIOS 1.20 12/01/2009
[6572239.876538] Workqueue: events netflow_work_fn [ipt_NETFLOW]
[6572239.876540] task: ffff88007c1f3100 ti: ffff88005527c000 task.ti: ffff88005527c000
[6572239.876541] RIP: 0010:[<ffffffff81014ed3>]  [<ffffffff81014ed3>] native_read_tsc+0x0/0x11
[6572239.876545] RSP: 0018:ffff88007f4036f0  EFLAGS: 00000002
[6572239.876546] RAX: 0034c7f9ae0a7198 RBX: 00000000ae0a7198 RCX: 00000000ae0a7198
[6572239.876548] RDX: 000000000034c7f9 RSI: 0000000000000040 RDI: 0000000000037328
[6572239.876550] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8161d2e8
[6572239.876552] R10: 0000000000003e18 R11: 0000000000000000 R12: 0000000000000002
[6572239.876553] R13: 0000000000037328 R14: ffffffff8161d2e8 R15: 0000000000000001
[6572239.876555] FS:  0000000000000000(0000) GS:ffff88007f400000(0000) knlGS:0000000000000000
[6572239.876557] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[6572239.876559] CR2: ffffffffff600400 CR3: 000000005335a000 CR4: 00000000000007f0
[6572239.876560] Stack:
[6572239.876561]  ffffffff811d5d49 0000000000000000 0000000000001000 0000000000000002
[6572239.876564]  0000000000000400 ffffffff810348e9 ffffffff8161d2e0 0000000000000082
[6572239.876567]  000000000000b024 ffffffff81034ced ffff88007f400002 ffff88007f4037a0
[6572239.876569] Call Trace:
[6572239.876571]  <IRQ> 
[6572239.876572]  [<ffffffff811d5d49>] ? delay_tsc+0x2b/0x72
[6572239.876577]  [<ffffffff810348e9>] ? native_safe_apic_wait_icr_idle+0x36/0x48
[6572239.876580]  [<ffffffff81034ced>] ? default_send_IPI_mask_sequence_phys+0x5c/0xc7
[6572239.876582]  [<ffffffff81034d9c>] ? arch_trigger_all_cpu_backtrace+0x44/0x6c
[6572239.876585]  [<ffffffff81085fdd>] ? rcu_check_callbacks+0x1f8/0x54f
[6572239.876587]  [<ffffffff81088087>] ? do_timer+0x3cc/0x3eb
[6572239.876590]  [<ffffffff8108db58>] ? tick_nohz_handler+0xce/0xce
[6572239.876592]  [<ffffffff810534d7>] ? update_process_times+0x31/0x56
[6572239.876595]  [<ffffffff8108dbcc>] ? tick_sched_timer+0x74/0x90
[6572239.876597]  [<ffffffff81066c93>] ? __run_hrtimer+0x92/0x11c
[6572239.876600]  [<ffffffff81066f7a>] ? hrtimer_interrupt+0xde/0x1ec
[6572239.876603]  [<ffffffff81034548>] ? smp_apic_timer_interrupt+0x1d/0x2d
[6572239.876606]  [<ffffffff813ecc5d>] ? apic_timer_interrupt+0x6d/0x80
[6572239.876609]  [<ffffffffa0395a40>] ? hash_ip6_test+0x11e/0x11e [ip_set_hash_ip]
[6572239.876613]  [<ffffffffa0395a9c>] ? hash_ip4_test+0x5c/0x10f [ip_set_hash_ip]
[6572239.876616]  [<ffffffffa0395a7c>] ? hash_ip4_test+0x3c/0x10f [ip_set_hash_ip]
[6572239.876620]  [<ffffffffa03951b1>] ? hash_ip4_kadt+0x9c/0xa2 [ip_set_hash_ip]
[6572239.876623]  [<ffffffffa03879db>] ? ip_set_test+0xaf/0x142 [ip_set]
[6572239.876626]  [<ffffffffa03b266c>] ? set_match_v3+0x6d/0x10a [xt_set]
[6572239.876629]  [<ffffffff813c3a56>] ? ipt_do_table+0x2af/0x6dd
[6572239.876631]  [<ffffffff813c3e47>] ? ipt_do_table+0x6a0/0x6dd
[6572239.876635]  [<ffffffff8137a8b7>] ? nf_iterate+0x5b/0x9a
[6572239.876638]  [<ffffffff813835b0>] ? ip_check_defrag+0x13a/0x13a
[6572239.876640]  [<ffffffff8137aa85>] ? nf_hook_slow+0x72/0x107
[6572239.876643]  [<ffffffff813835b0>] ? ip_check_defrag+0x13a/0x13a
[6572239.876646]  [<ffffffff813839ad>] ? ip_forward+0x2bb/0x372
[6572239.876648]  [<ffffffff81381d3a>] ? ip_rcv_finish+0x7e/0x2b9
[6572239.876651]  [<ffffffff813585e2>] ? __netif_receive_skb_core+0x4c5/0x4fd
[6572239.876654]  [<ffffffff81014f15>] ? read_tsc+0x5/0x16
[6572239.876656]  [<ffffffff81086ebd>] ? T.823+0xd/0x31
[6572239.876659]  [<ffffffff813588bc>] ? netif_receive_skb+0x81/0x87
[6572239.876662]  [<ffffffff81359254>] ? napi_gro_receive+0xa7/0xe5
[6572239.876668]  [<ffffffffa0064005>] ? ixgbe_clean_rx_irq+0x751/0x7f7 [ixgbe]
[6572239.876675]  [<ffffffffa0064683>] ? ixgbe_poll+0x4ea/0x655 [ixgbe]
[6572239.876678]  [<ffffffff813588bc>] ? netif_receive_skb+0x81/0x87
[6572239.876681]  [<ffffffff81358dfa>] ? net_rx_action+0xa8/0x22e
[6572239.876683]  [<ffffffff813eb43a>] ? _raw_spin_unlock+0x5/0x6
[6572239.876686]  [<ffffffff8104d563>] ? __do_softirq+0x100/0x244
[6572239.876689]  [<ffffffff813ed91c>] ? do_softirq_own_stack+0x1c/0x30
[6572239.876690]  <EOI> 
[6572239.876691]  [<ffffffff8104d2fa>] ? do_softirq+0x3a/0x4b
[6572239.876696]  [<ffffffff8104d3b3>] ? _local_bh_enable_ip+0x6c/0x76
[6572239.876698]  [<ffffffff813c3e47>] ? ipt_do_table+0x6a0/0x6dd
[6572239.876701]  [<ffffffff8134b449>] ? __alloc_skb+0x9d/0x19a
[6572239.876704]  [<ffffffff81346887>] ? sock_alloc_send_pskb+0x33b/0x35d
[6572239.876707]  [<ffffffff8137a8b7>] ? nf_iterate+0x5b/0x9a
[6572239.876710]  [<ffffffff8138493c>] ? ip_options_echo+0x2f0/0x2f0
[6572239.876713]  [<ffffffff8137aa85>] ? nf_hook_slow+0x72/0x107
[6572239.876715]  [<ffffffff8138493c>] ? ip_options_echo+0x2f0/0x2f0
[6572239.876718]  [<ffffffff81386b03>] ? T.1229+0x39/0x3e
[6572239.876721]  [<ffffffff81386cf8>] ? ip_local_out+0x9/0x19
[6572239.876724]  [<ffffffff81386d14>] ? ip_send_skb+0xc/0x2f
[6572239.876726]  [<ffffffff813a5dc1>] ? udp_send_skb+0x187/0x1e6
[6572239.876729]  [<ffffffff813a661a>] ? udp_sendmsg+0x71d/0x739
[6572239.876731]  [<ffffffff81385daf>] ? ip_append_page+0x4b4/0x4b4
[6572239.876734]  [<ffffffff813aeec6>] ? inet_autobind+0x4d/0x4d
[6572239.876737]  [<ffffffff8134299d>] ? sock_sendmsg+0x4e/0x66
[6572239.876740]  [<ffffffff811d17eb>] ? sha_transform+0x3db/0x1248
[6572239.876743]  [<ffffffff813eb43a>] ? _raw_spin_unlock+0x5/0x6
[6572239.876746]  [<ffffffff8110e1f9>] ? unfreeze_partials+0xcf/0xf6
[6572239.876749]  [<ffffffff81342f85>] ? kernel_sendmsg+0x31/0x3c
[6572239.876752]  [<ffffffffa03f5f4d>] ? netflow_sendmsg+0xe9/0x2ab [ipt_NETFLOW]
[6572239.876755]  [<ffffffff810871b1>] ? __getnstimeofday+0x28/0x6d
[6572239.876758]  [<ffffffffa03f619c>] ? netflow_export_pdu_ipfix+0x8d/0xee [ipt_NETFLOW]
[6572239.876762]  [<ffffffffa03f11f1>] ? pdu_alloc_fail_export+0x1e/0x2b [ipt_NETFLOW]
[6572239.876765]  [<ffffffffa03f277e>] ? alloc_record_key+0x2d7/0x315 [ipt_NETFLOW]
[6572239.876767]  [<ffffffff8110ed62>] ? kmem_cache_free+0x81/0xb9
[6572239.876770]  [<ffffffffa03f3fcb>] ? netflow_export_flow_tpl+0x18e/0x6e1 [ipt_NETFLOW]
[6572239.876774]  [<ffffffffa03f32fe>] ? netflow_scan_and_export+0x4b7/0x530 [ipt_NETFLOW]
[6572239.876777]  [<ffffffffa03f33bc>] ? netflow_work_fn+0x45/0x64 [ipt_NETFLOW]
[6572239.876780]  [<ffffffff81060867>] ? process_one_work+0x1fb/0x302
[6572239.876782]  [<ffffffff81060acd>] ? worker_thread+0x15f/0x26c
[6572239.876785]  [<ffffffff8106096e>] ? process_one_work+0x302/0x302
[6572239.876787]  [<ffffffff8106096e>] ? process_one_work+0x302/0x302
[6572239.876790]  [<ffffffff810640b5>] ? kthread+0xc3/0xcb
[6572239.876793]  [<ffffffff81063ff2>] ? kthread_freezable_should_stop+0x51/0x51
[6572239.876795]  [<ffffffff813ebfcc>] ? ret_from_fork+0x7c/0xb0
[6572239.876798]  [<ffffffff81063ff2>] ? kthread_freezable_should_stop+0x51/0x51
[6572239.876799] Code: 48 89 f8 81 e7 ff 03 00 00 48 c1 e8 0a 48 0f af 3c 11 48 0f af 04 11 48 03 04 31 48 c1 ef 0a 48 01 f8 c3 e8 ed 08 00 00 66 90 c3 <0f> 31 89 c1 48 89 d0 48 c1 e0 20 89 c9 48 09 c8 c3 8b 05 7a 65 

ipt_NETFLOW 2.1, srcversion 8919D79D94D3F177509CEA6; aggr llist mac vlan
Protocol version 10 (ipfix), refresh-rate 20, timeout-rate 30, (templates 12, active 12).
Timeouts: active 1800s, inactive 15s. Maxflows 2000000
**Flows: active 151339 (peak 2000001 reached 0d2h48m ago), mem 40030K, worker delay 1/100 **[1..10] (0 ms, 0 us, 338:0 0 [cpu0]).
Hash: size 2097152 (mem 16384K), metric 1.05 [1.04, 1.04, 1.00]. InHash: 136789001 pkt, 168533502 K, InPDU 58, 150788.
Rate: 3176848946 bits/sec, 321680 packets/sec; Avg 1 min: 3141909888 bps, 321272 pps; 5 min: 3106643494 bps, 320779 pps
cpu#     pps; <search found new [metric], trunc frag alloc maxflows>, traffic: <pkt, bytes>, drop: <pkt, bytes>
Total 321679; 75755270185 1287229067586 36462122568 [1663.50],    0    0    0 9657973, traffic: 1323681532181, 1485282427 MB, drop: 9657973, 6863758 K
cpu0   81271; 19012704938 322160022598 9128196435 [1.03],    0    0    0 2312116, traffic: 331285906917, 371299504 MB, drop: 2312116, 1706654 K
cpu1   80241; 18923521477 321517166343 9098865081 [1.03],    0    0    0 2473891, traffic: 330613557533, 371060895 MB, drop: 2473891, 1809144 K
cpu2   77209; 18852948886 321764581256 9127944412 [1.03],    0    0    0 2400681, traffic: 330890124987, 370999387 MB, drop: 2400681, 1603915 K
cpu3   82958; 18966094884 321787297392 9107116640 [1.03],    0    0    0 2471285, traffic: 330891942747, 371922639 MB, drop: 2471285, 1744043 K
Export: Rate 524651 bytes/s; Total 1768685160 pkts, 2338387 MB, 36452309371 flows; Errors 188 pkts; Traffic lost 85952 pkts, 85165 Kbytes, 3874 flows.
sock0: 10.4.0.14:9992, sndbuf 212992, filled 1, peak 50689; err: sndbuf reached 0, connect 0, cberr 5819810, other 188

cat /proc/sys/net/netflow/maxflows
2000000

I consider implementing 'standalone mode' of operation for the module, where you don't need to insert iptables rules into chains, but module will 'just catch' all the traffic (like ETH_P_ALL) or netfilter hooks may be specified via some option. This is good in itself, and also may be useful for nftables, because nftables (as of yet) does not support extensions.

Do you plan support nftables infrastructure? Thanks!

Getting an error while trying to compile:

make[2]: Leaving directory '/usr/src/linux-headers-3.14-2-amd64'
depmod -a
make[1]: depmod: Command not found
Makefile:28: recipe for target 'minstall' failed

It's because there's no "depmod" in default user's PATH:

$ which depmod
$ sudo which depmod
/sbin/depmod

It looks like latest git supports 3.14 kernels but there are no releases that does that.

Would it be possible to tag a new release?

Thanks!

Hello.

I have trouble with compiling ipt_NETFLOW module for linux-3.19.
Because in linux-3.19 there is no __get_cpu_var defined.

This is make.log from my system.

It will be great if you fix netflow module for linux-3.19 and later...

https://sourceforge.net/p/ipt-netflow/bugs-requests-patches/77/

As reported in #8 (comment) by @hotid and analysed in #8 (comment) (lock_stat output discussion and below messages) lock contention creates too much CPU load on high traffic (~10Gbit) linux router.

Proposed solution was to use llist and list_bl, but these are compatible only with newer kernels, 2.6.38 (list_bl) и 3.1 (llist).

• Hash table (htable) is rw-accessed in packet parser on many cpu threads.
  • old: global lock
  • currently: striped locks table (htable_locks[] + htable_rwlock for its modifications)
  • Replace striped locks with list_bl
• Global flows list (ipt_netflow_list) is periodically scanned for exports in one thread but also write-accessed in multi-cpu packet parser.
  • Active flows exported using lock-less list (export_llist), per packet
  • Multiple flows lists (per hash or per cpu).

Hello, aabc!

I checked source code and do not found any support for IPv6 targets IP but they mentioned in README. Do you have any plans about it? I will test this feature.

Getting a warning while compiling. Is that false positive?

/home/xaionaro/ipt-netflow/ipt_NETFLOW.h:316:77: warning: ‘pkt_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
 #define NETFLOW_STAT_ADD(count, val) (__get_cpu_var(ipt_netflow_stat).count += (unsigned long long)val)
                                                                             ^
/home/xaionaro/ipt-netflow/ipt_NETFLOW.c:3161:9: note: ‘pkt_len’ was declared here

Hello.

What means the next error (from dmesg)?

...
[7195057.498455] ipt_NETFLOW: sendmsg[0] error -101: data loss 32 pkt, 16626 bytes
[7195057.502719] ipt_NETFLOW: sendmsg[0] error -101: data loss 53 pkt, 31441 bytes
[7195057.506595] ipt_NETFLOW: sendmsg[0] error -101: data loss 40 pkt, 29156 bytes
[7195057.510486] ipt_NETFLOW: sendmsg[0] error -101: data loss 49 pkt, 22420 bytes
[7195057.510506] ipt_NETFLOW: sendmsg[0] error -101: data loss 37 pkt, 19928 bytes
...

Hi. We used previous version of ipt_netflow, now we try to use new. And see strange dependency in ipt_netflow (nf_conntrack). Why it needed?
As i known in heavy loaded relay server (that we have) conntrack is evil.
Can we avoid this dep?

"./install-dkms.sh --install" depends on "dkms.conf" which could be created only by "./configure" that depends on kernel sources. IMHO, this's wrong. DKMS should be installable before kernel sources.

I would like to ask...are you planing to port (make package) for openWRT?

Thanks for the answer.

To help distinguish the traffic is may be useful to provide some statistical information about connections content. Such as:

1. Record first N data bytes of a connection.
2. Entropy value of flow data (or of first N bytes).
3. Terminate flow after reply is sent (useful for client-server environments).
4. Biflows (https://tools.ietf.org/html/rfc5103).
5. TCP metering statistics (http://tools.ietf.org/html/draft-akhter-opsawg-perfmon-ipfix-03).

Would be fine if the src and dst mac address or vlan id available export via v9 template. What you think about it?

Crashdump:

Feb 9 12:50:38 l28 [6437762.553311] BUG: unable to handle kernel NULL pointer dereference at (null)
Feb 9 12:50:38 l28 [6437762.553582] IP: [] netflow_target+0x8aa/0x1210 [ipt_NETFLOW]
Feb 9 12:50:38 l28 [6437762.553835] PGD a7af67067 PUD ab8150067 PMD 0
Feb 9 12:50:38 l28 [6437762.553972] Oops: 0000 [#1] SMP
Feb 9 12:50:38 l28 [6437762.554109] Modules linked in:
Feb 9 12:50:38 l28 tcm_loop
Feb 9 12:50:38 l28 iscsi_target_mod
Feb 9 12:50:38 l28 target_core_pscsi
Feb 9 12:50:38 l28 target_core_file
Feb 9 12:50:38 l28 target_core_iblock
Feb 9 12:50:38 l28 target_core_mod
Feb 9 12:50:38 l28 dm_thin_pool
Feb 9 12:50:38 l28 dm_persistent_data
Feb 9 12:50:38 l28 dm_bufio
Feb 9 12:50:38 l28 dm_bio_prison
Feb 9 12:50:38 l28 ipfw_mod(O)
Feb 9 12:50:38 l28 ipt_NETFLOW(O)
Feb 9 12:50:38 l28 crc32c_intel
Feb 9 12:50:38 l28 configfs
Feb 9 12:50:38 l28 iscsi_tcp
Feb 9 12:50:38 l28 libiscsi_tcp
Feb 9 12:50:38 l28 libiscsi
Feb 9 12:50:38 l28 scsi_transport_iscsi
Feb 9 12:50:38 l28 fuse
Feb 9 12:50:38 l28
Feb 9 12:50:38 l28 [6437762.554801] CPU: 7 PID: 0 Comm: swapper/7 Tainted: G O 3.12.21-1gb-mb #1
Feb 9 12:50:38 l28 [6437762.555028] Hardware name: Intel Corporation S2600IP ........../S2600IP, BIOS SE5C600.86B.01.08.0003.022620131521 02/26/2013
Feb 9 12:50:38 l28 [6437762.555263] task: ffff88081c57ea00 ti: ffff88081c5be000 task.ti: ffff88081c5be000
Feb 9 12:50:38 l28 [6437762.555493] RIP: 0010:[] [] netflow_target+0x8aa/0x1210 [ipt_NETFLOW]
Feb 9 12:50:38 l28 [6437762.555734] RSP: 0018:ffff88103fd835d0 EFLAGS: 00010282
Feb 9 12:50:38 l28 [6437762.555864] RAX: 00000000fffffff2 RBX: 0000000000000000 RCX: 0000000000000000
Feb 9 12:50:38 l28 [6437762.556083] RDX: 0000000000000010 RSI: 0000000000000014 RDI: ffff880fe4450200
Feb 9 12:50:38 l28 [6437762.556344] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff880fe4450200
Feb 9 12:50:38 l28 [6437762.556544] R10: ffff8810190c2600 R11: ffff88103fd83740 R12: ffff880fe4450200
Feb 9 12:50:38 l28 [6437762.556751] R13: 0000000000000005 R14: 0000000000000002 R15: 0000000000000014
Feb 9 12:50:38 l28 [6437762.556954] FS: 0000000000000000(0000) GS:ffff88103fd80000(0000) knlGS:0000000000000000
Feb 9 12:50:38 l28 [6437762.557168] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 9 12:50:38 l28 [6437762.557282] CR2: 0000000000000000 CR3: 0000000aac099000 CR4: 00000000000407e0
Feb 9 12:50:38 l28 [6437762.557511] Stack:
Feb 9 12:50:38 l28 [6437762.557620] ffff880dc9535f00 ffff88103fd83740 ffff880fe4450b00 ffff880dc9535f00
Feb 9 12:50:38 l28 [6437762.559420] 00000000e4450b00 0000000000000000 ffff880dc95352a0 ffffffffa00ba593
Feb 9 12:50:38 l28 [6437762.559673] ffff880dc95352a0 00000048e4450b00 0000002000000002 ffff88101a289c60
Feb 9 12:50:38 l28 [6437762.559924] Call Trace:
Feb 9 12:50:38 l28 [6437762.560027]
Feb 9 12:50:38 l28 [6437762.560051] [] ? ipfw2_queue_handler+0xfc/0x108 [ipfw_mod]
Feb 9 12:50:38 l28 [6437762.560385] [] ? hash_net4_kadt+0x9a/0xd0
Feb 9 12:50:38 l28 [6437762.560513] [] ? ipt_do_table+0x29f/0x3a0
Feb 9 12:50:38 l28 [6437762.560636] [] ? br_nf_dev_queue_xmit+0x10/0x10
Feb 9 12:50:38 l28 [6437762.560763] [] ? nf_iterate+0x96/0xd0
Feb 9 12:50:38 l28 [6437762.560884] [] ? br_flood+0x140/0x140
Feb 9 12:50:38 l28 [6437762.561003] [] ? br_nf_dev_queue_xmit+0x10/0x10
Feb 9 12:50:38 l28 [6437762.561129] [] ? nf_hook_slow+0x77/0x150
Feb 9 12:50:38 l28 [6437762.561253] [] ? br_nf_dev_queue_xmit+0x10/0x10
Feb 9 12:50:38 l28 [6437762.561370] [] ? br_dev_queue_push_xmit+0xc0/0xc0
Feb 9 12:50:38 l28 [6437762.561490] [] ? br_nf_forward_ip+0x249/0x3d0
Feb 9 12:50:38 l28 [6437762.561617] [] ? nf_iterate+0x96/0xd0
Feb 9 12:50:38 l28 [6437762.561731] [] ? br_dev_queue_push_xmit+0xc0/0xc0
Feb 9 12:50:38 l28 [6437762.561846] [] ? nf_hook_slow+0x77/0x150
Feb 9 12:50:38 l28 [6437762.561963] [] ? br_dev_queue_push_xmit+0xc0/0xc0
Feb 9 12:50:38 l28 [6437762.562080] [] ? __br_forward+0x94/0xf0
Feb 9 12:50:38 l28 [6437762.562230] [] ? skb_clone+0x41/0xc0
Feb 9 12:50:38 l28 [6437762.562347] [] ? __skb_clone+0x24/0x100
Feb 9 12:50:38 l28 [6437762.562462] [] ? br_forward_finish+0x60/0x60
Feb 9 12:50:38 l28 [6437762.562585] [] ? deliver_clone+0x36/0x60
Feb 9 12:50:38 l28 [6437762.562701] [] ? br_handle_frame_finish+0x12c/0x2a0
Feb 9 12:50:38 l28 [6437762.562839] [] ? br_nf_pre_routing_finish+0x1c8/0x360
Feb 9 12:50:38 l28 [6437762.562961] [] ? nf_reinject+0x60/0x180
Feb 9 12:50:38 l28 [6437762.563091] [] ? br_nf_pre_routing_finish_bridge+0x150/0x150
Feb 9 12:50:38 l28 [6437762.563297] [] ? ipfw2_queue_handler+0xd2/0x108 [ipfw_mod]
Feb 9 12:50:38 l28 [6437762.563501] [] ? nf_queue+0x13d/0x180
Feb 9 12:50:38 l28 [6437762.563633] [] ? br_nf_pre_routing_finish_bridge+0x150/0x150
Feb 9 12:50:38 l28 [6437762.563835] [] ? br_nf_pre_routing_finish_bridge+0x150/0x150
Feb 9 12:50:38 l28 [6437762.564035] [] ? nf_hook_slow+0xc2/0x150
Feb 9 12:50:38 l28 [6437762.564149] [] ? br_nf_pre_routing_finish_bridge+0x150/0x150
Feb 9 12:50:38 l28 [6437762.564370] [] ? br_handle_local_finish+0x60/0x60
Feb 9 12:50:38 l28 [6437762.564507] [] ? br_handle_local_finish+0x60/0x60
Feb 9 12:50:38 l28 [6437762.564623] [] ? br_nf_pre_routing+0x446/0x710
Feb 9 12:50:38 l28 [6437762.564755] [] ? nf_iterate+0x96/0xd0
Feb 9 12:50:38 l28 [6437762.564877] [] ? nf_iterate+0x96/0xd0
Feb 9 12:50:38 l28 [6437762.564986] [] ? br_handle_local_finish+0x60/0x60
Feb 9 12:50:38 l28 [6437762.565121] [] ? br_handle_local_finish+0x60/0x60
Feb 9 12:50:38 l28 [6437762.565248] [] ? nf_hook_slow+0x77/0x150
Feb 9 12:50:38 l28 [6437762.565361] [] ? br_handle_local_finish+0x60/0x60
Feb 9 12:50:38 l28 [6437762.565475] [] ? br_handle_frame+0x1c1/0x290
Feb 9 12:50:38 l28 [6437762.565591] [] ? br_handle_frame_finish+0x2a0/0x2a0
Feb 9 12:50:38 l28 [6437762.565720] [] ? __netif_receive_skb_core+0x1e5/0x5e0
Feb 9 12:50:38 l28 [6437762.565840] [] ? netif_receive_skb+0x24/0x80
Feb 9 12:50:38 l28 [6437762.565971] [] ? napi_gro_receive+0x98/0x110
Feb 9 12:50:38 l28 [6437762.566098] [] ? igb_poll+0x6c6/0xfa0
Feb 9 12:50:38 l28 [6437762.566222] [] ? net_rx_action+0xf1/0x190
Feb 9 12:50:38 l28 [6437762.566338] [] ? __do_softirq+0xc8/0x190
Feb 9 12:50:38 l28 [6437762.566456] [] ? handle_irq_event_percpu+0x7e/0x140
Feb 9 12:50:38 l28 [6437762.566593] [] ? call_softirq+0x1c/0x30
Feb 9 12:50:38 l28 [6437762.566734] [] ? do_softirq+0x4d/0x80
Feb 9 12:50:38 l28 [6437762.566856] [] ? irq_exit+0x55/0x60
Feb 9 12:50:38 l28 [6437762.566967] [] ? do_IRQ+0x5c/0xd0
Feb 9 12:50:38 l28 [6437762.567079] [] ? common_interrupt+0x6a/0x6a
Feb 9 12:50:38 l28 [6437762.567212]
Feb 9 12:50:38 l28 [6437762.567225] [] ? arch_remove_reservations+0x130/0x130
Feb 9 12:50:38 l28 [6437762.567459] [] ? default_idle+0x2/0x10
Feb 9 12:50:38 l28 [6437762.567572] [] ? cpu_startup_entry+0xb1/0x190
Feb 9 12:50:38 l28 [6437762.567703] [] ? start_secondary+0x1d2/0x230
Feb 9 12:50:38 l28 [6437762.567839] Code:
Feb 9 12:50:38 l28 60 41 2b 44 24 64 29 d8 83 f8 03 0f 8e 2b 03 00 00 48 63 db 49 03 9c 24 c8 00 00 00 74 0d 8b 03 c1 e8 10 66 89 84 24 df 00 00 00
Feb 9 12:50:38 l28 syslog-ng[14140]: Error processing log message: <8b>
Feb 9 12:50:38 l28 03 c6 44 24 10 00 48 c7 c5 c0 22 01 00 c7 44 24 34 00 00 00
Feb 9 12:50:38 l28 [6437762.568840] RIP [] netflow_target+0x8aa/0x1210 [ipt_NETFLOW]
Feb 9 12:50:38 l28 [6437762.569089] RSP
Feb 9 12:50:38 l28 [6437762.569194] CR2: 0000000000000000
Feb 9 12:50:38 l28 [6437762.569891] ---[ end trace b21adcce70e97d64 ]---
Feb 9 12:50:38 l28 [6437762.585494] Kernel panic - not syncing: Fatal exception in interrupt
Feb 9 12:50:38 l28 [6437762.692769] Rebooting in 5 seconds..
Feb 9 12:50:43 l28 [6437767.691839] ACPI MEMORY or I/O RESET_REG.

modinfo ipt_NETFLOW

filename: /lib/modules/3.12.21-1gb-mb/extra/ipt_NETFLOW.ko
alias: ip6t_NETFLOW
version: 1.8.2
description: iptables NETFLOW target module
author: [email protected]
license: GPL
depends:
vermagic: 3.12.21-1gb-mb SMP mod_unload
parm: destination:export destination ipaddress:port (charp)
parm: inactive_timeout:inactive flows timeout in seconds (int)
parm: active_timeout:active flows timeout in seconds (int)
parm: debug:debug verbosity level (int)
parm: sndbuf:udp socket SNDBUF size (int)
parm: protocol:netflow protocol version (5, 9, 10) (int)
parm: refresh_rate:NetFlow v9/IPFIX refresh rate (packets) (uint)
parm: timeout_rate:NetFlow v9/IPFIX timeout rate (minutes) (uint)
parm: hashsize:hash table size (int)
parm: maxflows:maximum number of flows (int)
parm: aggregation:aggregation ruleset (charp)

Возникла проблема — при включении сбора netflow с ядром 3.12-0.bpo.1-amd64 (debian) наблюдаем странную картину — количество активных потоков быстро доходит до значения Maxflows (независимо от того что прописываем в Maxflows - если 2млн, то будет около 2млн active flows, если 5 - то около 5... и hashsize), при этом все ядра CPU загружаются на 100%.

Без включения модуля загрузка сервера около 45-55%.
Пробовал собирать gcc-4.6 и 4.7, версию из гита и пропатченую под 3.12 ядро версию 1.8 sf.net — поведение одинаковое.

filename:       /lib/modules/3.12-0.bpo.1-amd64/extra/ipt_NETFLOW.ko
alias:          ip6t_NETFLOW
version:        v1.8-88-g3d95a40
description:    iptables NETFLOW target module
author:         <[email protected]>
license:        GPL
srcversion:     BB81820A4B072ABC44F32FF
depends:        x_tables,nf_conntrack
vermagic:       3.12-0.bpo.1-amd64 SMP mod_unload modversions
parm:           destination:export destination ipaddress:port (charp)
parm:           inactive_timeout:inactive flows timeout in seconds (int)
parm:           active_timeout:active flows timeout in seconds (int)
parm:           debug:debug verbosity level (int)
parm:           sndbuf:udp socket SNDBUF size (int)
parm:           protocol:netflow protocol version (5, 9, 10) (int)
parm:           refresh_rate:NetFlow v9/IPFIX refresh rate (packets) (uint)
parm:           timeout_rate:NetFlow v9/IPFIX timeout rate (minutes) (uint)
parm:           natevents:send NAT Events (int)
parm:           hashsize:hash table size (int)
parm:           maxflows:maximum number of flows (int)
parm:           aggregation:aggregation ruleset (charp)

Через пару минут после включения сбора netflow:

cat /proc/net/stat/ipt_netflow
ipt_NETFLOW version v1.8-88-g3d95a40, srcversion BB81820A4B072ABC44F32FF
Flows: active 2097152 (peak 2097154 reached 0d0h0m ago), mem 344064K, worker delay 1/250.
Hash: size 2097152 (mem 16384K), metric 1.80 [1.38, 1.06, 1.00]. MemTraf: 59360950 pkt, 43921086 K (pdu 47, 16777), Out 21793 pkt, 5661 K.
Rate: 8319109422 bits/sec, 1330298 packets/sec; Avg 1 min: 6033292747 bps, 997744 pps; 5 min: 1889587881 bps, 313228 pps
cpu#  stat: <search found new [metric], trunc frag alloc maxflows>, sock: <ok fail cberr, bytes>, traffic: <pkt, bytes>, drop: <pkt, bytes>
Total stat: 29079737 57272837 2898410 [1.48],    0    0    0 788547, sock:    846 0 35, 1209 K, traffic: 59382696, 42897 MB, drop: 788547, 319615 K
cpu0  stat: 2406612 4955822 199760 [1.46],    0    0    0 61611, sock:      0 0 35, 0 K, traffic: 5093970, 4580 MB, drop: 61611, 42631 K
cpu1  stat: 2454484 4977685 201735 [1.47],    0    0    0 63587, sock:      0 0 0, 0 K, traffic: 5115833, 4571 MB, drop: 63587, 45853 K
cpu2  stat: 2422489 4989779 193239 [1.46],    0    0    0 61672, sock:      0 0 0, 0 K, traffic: 5121346, 4473 MB, drop: 61672, 43263 K
cpu3  stat: 2500132 4978297 195012 [1.48],    0    0    0 63033, sock:      0 0 0, 0 K, traffic: 5110276, 4603 MB, drop: 63033, 45550 K
cpu4  stat: 2500892 4993194 195650 [1.48],    0    0    0 63398, sock:      0 0 0, 0 K, traffic: 5125446, 4433 MB, drop: 63398, 45671 K
cpu5  stat: 2356626 4989722 197091 [1.45],    0    0    0 63508, sock:      0 0 0, 0 K, traffic: 5123304, 4812 MB, drop: 63508, 45162 K
cpu6  stat: 2429022 4574374 292711 [1.49],    0    0    0 67261, sock:      0 0 0, 0 K, traffic: 4799824, 2545 MB, drop: 67261, 8198 K
cpu7  stat: 2416686 4612401 280267 [1.49],    0    0    0 67481, sock:      0 0 0, 0 K, traffic: 4825187, 2509 MB, drop: 67481, 8199 K
cpu8  stat: 2410662 4534426 281994 [1.50],    0    0    0 65065, sock:      0 0 0, 0 K, traffic: 4751354, 2539 MB, drop: 65065, 7733 K
cpu9  stat: 2311269 4485719 278285 [1.48],    0    0    0 66667, sock:      0 0 0, 0 K, traffic: 4697337, 2573 MB, drop: 66667, 8430 K
cpu10  stat: 2421223 4594682 288828 [1.49],    0    0    0 74741, sock:    846 0 0, 1209 K, traffic: 4808769, 2646 MB, drop: 74741, 9488 K
cpu11  stat: 2449659 4586758 293838 [1.50],    0    0    0 70524, sock:      0 0 0, 0 K, traffic: 4810071, 2606 MB, drop: 70524, 9433 K
Protocol version 5 (netflow). Timeouts: active 1800, inactive 15. Maxflows 2097152
Natevents disabled, count start 0, stop 0.
sock0: xxxx:9996, sndbuf 212992, filled 1, peak 11521; err: sndbuf reached 0, connect 0, other 0
sock1: xxxx:10008, sndbuf 212992, filled 1, peak 11521; err: sndbuf reached 0, connect 0, other 0

c hashsize=4194304 maxflows=8388608, времени проходит несколько больше, не стал дожидаться пока дойдёт до maxflows, но суть та же:

cat /proc/net/stat/ipt_netflow
ipt_NETFLOW version v1.8-88-g3d95a40, srcversion BB81820A4B072ABC44F32FF
Flows: active 4359473 (peak 4359473 reached 0d0h0m ago), mem 715226K, worker delay 1/250.
Hash: size 4194304 (mem 32768K), metric 1.73 [1.52, 1.13, 1.00]. MemTraf: 129754830 pkt, 95334258 K (pdu 35, 2702), Out 19258 pkt, 4153 K.
Rate: 8006027836 bits/sec, 1326686 packets/sec; Avg 1 min: 7662537184 bps, 1271420 pps; 5 min: 3652303220 bps, 606691 pps
cpu#  stat: <search found new [metric], trunc frag alloc maxflows>, sock: <ok fail cberr, bytes>, traffic: <pkt, bytes>, drop: <pkt, bytes>
Total stat: 55858373 125403065 4370993 [1.43],    0    0    0    0, sock:    766 0 93, 1095 K, traffic: 129774053, 93103 MB, drop: 0, 0 K
cpu0  stat: 4946433 10808378 287580 [1.44],    0    0    0    0, sock:      0 0 93, 0 K, traffic: 11095958, 9828 MB, drop: 0, 0 K
cpu1  stat: 4512064 10867387 286588 [1.40],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 11153974, 10018 MB, drop: 0, 0 K
cpu2  stat: 4621263 10871584 272504 [1.41],    0    0    0    0, sock:    766 0 0, 1095 K, traffic: 11144088, 9558 MB, drop: 0, 0 K
cpu3  stat: 4465696 10886852 274333 [1.40],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 11161184, 9814 MB, drop: 0, 0 K
cpu4  stat: 4925458 10884990 274303 [1.44],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 11159293, 9793 MB, drop: 0, 0 K
cpu5  stat: 4529192 10837435 279523 [1.40],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 11116957, 10287 MB, drop: 0, 0 K
cpu6  stat: 4387833 10047587 459515 [1.41],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 10507101, 5687 MB, drop: 0, 0 K
cpu7  stat: 4674387 10104007 444188 [1.44],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 10548194, 5463 MB, drop: 0, 0 K
cpu8  stat: 4472014 9978629 447215 [1.42],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 10425843, 5608 MB, drop: 0, 0 K
cpu9  stat: 4882551 9907934 445192 [1.47],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 10353126, 5548 MB, drop: 0, 0 K
cpu10  stat: 4711265 10093532 441876 [1.44],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 10535408, 5660 MB, drop: 0, 0 K
cpu11  stat: 4730233 10114770 458177 [1.44],    0    0    0    0, sock:      0 0 0, 0 K, traffic: 10572946, 5836 MB, drop: 0, 0 K
Protocol version 5 (netflow). Timeouts: active 1800, inactive 15. Maxflows 8388608
Natevents disabled, count start 0, stop 0.

При этом

conntrack -S
entries                 979862
searched                474526113
found                   3928426135
new                     341025794
invalid                 4273569
ignore                  11428
delete                  375566856
delete_list             70045157
insert                  19763147
insert_failed           125
drop                    0
early_drop              0
icmp_error              1132658
expect_new              4921
expect_create           22802
expect_delete           4952
search_restart          2

perf top с netflow:

 55.87%  [kernel]                  [k] _raw_spin_lock
  4.65%  [kernel]                  [k] netflow_target
  4.45%  [kernel]                  [k] ____nf_conntrack_find
  3.13%  [kernel]                  [k] _raw_read_unlock_bh
  3.08%  [kernel]                  [k] fib_table_lookup
  1.70%  [kernel]                  [k] _raw_read_lock_bh
  1.62%  [kernel]                  [k] ixgbe_clean_rx_irq
  1.45%  [kernel]                  [k] ipt_do_table
  1.18%  [kernel]                  [k] ixgbe_xmit_frame_ring
  0.90%  [kernel]                  [k] ip_route_input_noref
  0.83%  [kernel]                  [k] nf_nat_setup_info
  0.77%  [kernel]                  [k] __netif_receive_skb_core
  0.73%  [kernel]                  [k] tcp_packet
  0.72%  [kernel]                  [k] memcmp
  0.67%  [kernel]                  [k] nf_iterate
  0.54%  [kernel]                  [k] kmem_cache_free

perf top без netflow:

  9.57%  [kernel]             [k] ____nf_conntrack_find
  7.78%  [kernel]             [k] fib_table_lookup
  6.09%  [kernel]             [k] _raw_spin_lock
  4.42%  [kernel]             [k] ixgbe_clean_rx_irq
  3.19%  [kernel]             [k] ixgbe_xmit_frame_ring
  3.18%  libc-2.13.so         [.] 0x000000000011aee9
  2.72%  [kernel]             [k] ipt_do_table
  2.27%  [kernel]             [k] ip_route_input_noref
  2.09%  [kernel]             [k] _raw_spin_lock_bh
  2.03%  [kernel]             [k] __netif_receive_skb_core

В контреке около 900 тыс записей, суммарный трафик проходящий через сервер — около 10гбит.

Подскажите, куда копать?

Привет
Столкнуся с такой проблемой: после компилляции не могу создать правило в iptables.
Исходники брал с git-а, iptables-1.4.21 собран отдельно в папку /usr/local/iptables.
Собирал ipt_Netflow так

./configure --ipt-bin=/usr/local/iptables/sbin/iptables --ipt-src=/usr/local/iptables-1.4.21 --ipt-inc=/usr/local/iptables-1.4.21/include/ --kver=3.10.36-1.el6.elrepo.i686 --kdir=/usr/src/kernels/3.10.36-1.el6.elrepo.i686
Kernel version: 3.10.36-1.el6.elrepo.i686 (requested)
Kernel sources: /usr/src/kernels/3.10.36-1.el6.elrepo.i686 (requested)
Iptables binary version: 1.4.21 (detected from /usr/local/iptables/sbin/iptables)
Checking iptables sources version: 1.4.21 (ok)
Iptables include flags: -I/usr/local/iptables-1.4.21/include/ (user specified)
Iptables module path: /usr/local/iptables/lib/xtables (from library)
Creating Makefile.. done.

Now run: make all install

модуль ядра загрузился без вопросов

[root@kha-gw0 ipt-netflow]# modinfo ipt_NETFLOW
filename: /lib/modules/3.10.36-1.el6.elrepo.i686/extra/ipt_NETFLOW.ko
alias: ip6t_NETFLOW
version: v1.8-88-g3d95a40-dirty
description: iptables NETFLOW target module
author: [email protected]
license: GPL
srcversion: E5CE2EBACBFC94807A6C60B
depends: nf_conntrack
vermagic: 3.10.36-1.el6.elrepo.i686 SMP mod_unload modversions 686
parm: destination:export destination ipaddress:port (charp)
parm: inactive_timeout:inactive flows timeout in seconds (int)
parm: active_timeout:active flows timeout in seconds (int)
parm: debug:debug verbosity level (int)
parm: sndbuf:udp socket SNDBUF size (int)
parm: protocol:netflow protocol version (5, 9, 10) (int)
parm: refresh_rate:NetFlow v9/IPFIX refresh rate (packets) (uint)
parm: timeout_rate:NetFlow v9/IPFIX timeout rate (minutes) (uint)
parm: natevents:send NAT Events (int)
parm: hashsize:hash table size (int)
parm: maxflows:maximum number of flows (int)
parm: aggregation:aggregation ruleset (charp)

попытка создать правило

[root@kha-gw0 ipt-netflow]# /usr/local/iptables/sbin/iptables -A OUTPUT -j NETFLOW
iptables: target "NETFLOW" has version "1.4.21", but "libxtables.so.10" is required.

вывод strace

[root@kha-gw0 ipt-netflow]# strace /usr/local/iptables/sbin/iptables -A OUTPUT -j NETFLOW
execve("/usr/local/iptables/sbin/iptables", ["/usr/local/iptables/sbin/iptable"..., "-A", "OUTPUT", "-j", "NETFLOW"], [/* 24 vars */]) = 0
brk(0) = 0x9dff000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77b6000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/tls/i686/sse2/libip4tc.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/tls/i686/sse2", 0xbffbc210) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/tls/i686/libip4tc.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/tls/i686", 0xbffbc210) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/tls/sse2/libip4tc.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/tls/sse2", 0xbffbc210) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/tls/libip4tc.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/tls", 0xbffbc210) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/i686/sse2/libip4tc.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/i686/sse2", 0xbffbc210) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/i686/libip4tc.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/i686", 0xbffbc210) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/sse2/libip4tc.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/sse2", 0xbffbc210) = -1 ENOENT (No such file or directory)
open("/usr/local/iptables/lib/libip4tc.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\16\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=76112, ...}) = 0 mmap2(NULL, 23848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb77b0000 mmap2(0xb77b5000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xb77b5000 close(3) = 0 open("/usr/local/iptables/lib/libip6tc.so.0", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\17\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=77056, ...}) = 0 mmap2(NULL, 24536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb77aa000 mmap2(0xb77af000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xb77af000 close(3) = 0 open("/usr/local/iptables/lib/libxtables.so.10", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340!\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=111749, ...}) = 0 mmap2(NULL, 43852, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb779f000 mmap2(0xb77a9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0xb77a9000 close(3) = 0 open("/usr/local/iptables/lib/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=50172, ...}) = 0 mmap2(NULL, 50172, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7792000 close(3) = 0 open("/lib/libm.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0pD\234\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=202040, ...}) = 0 mmap2(0x9c1000, 168064, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x9c1000 mmap2(0x9e9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x27) = 0x9e9000 close(3) = 0 open("/usr/local/iptables/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\236\177\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1910572, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7791000 mmap2(0x7e3000, 1665452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7e3000 mmap2(0x974000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x191) = 0x974000 mmap2(0x977000, 10668, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x977000 close(3) = 0 open("/usr/local/iptables/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\312\227\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=19784, ...}) = 0
mmap2(0x97c000, 16500, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x97c000
mmap2(0x97f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x97f000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7790000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb77906c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x97f000, 4096, PROT_READ) = 0
mprotect(0x974000, 8192, PROT_READ) = 0
mprotect(0x9e9000, 4096, PROT_READ) = 0
mprotect(0x7df000, 4096, PROT_READ) = 0
munmap(0xb7792000, 50172) = 0
stat64("/usr/local/iptables/lib/xtables/libxt_NETFLOW.so", 0xbffbc4e4) = -1 ENOENT (No such file or directory)
stat64("/usr/local/iptables/lib/xtables/libipt_NETFLOW.so", {st_mode=S_IFREG|0755, st_size=4844, ...}) = 0
brk(0) = 0x9dff000
brk(0x9e20000) = 0x9e20000
open("/usr/local/iptables/lib/xtables/libipt_NETFLOW.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\4\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=4844, ...}) = 0
mmap2(NULL, 6076, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb779d000
mmap2(0xb779e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb779e000
close(3) = 0
write(2, "iptables: target "NETFLOW" has v"..., 85iptables: target "NETFLOW" has version "1.4.21", but "libxtables.so.10" is required.
) = 85
exit_group(1) = ?

[root@kha-gw0 ipt-netflow]# uname -a
Linux kha-gw0.dataart.net 3.10.36-1.el6.elrepo.i686 #1 SMP Thu Apr 3 20:06:13 EDT 2014 i686 i686 i386 GNU/Linux

[root@kha-gw0 ipt-netflow]# cat /etc/redhat-release
CentOS release 6.5 (Final)

есть ли возможность собрать модули iptables статически подключенными либами ?

пробовал версии ipt_netflow с релизов - ошибки при сборке
кстати, configure с git-a мне пришло слегка подправить - пришлось закомментировать строку

iptables_find_version #IPTVER

iptables_try_pkgconfig #try to configure from pkg-config

iptables_find_src #IPTSRC
iptables_src_version #check that IPTSRC match to IPTVER
iptables_inc #IPTINC
iptables_modules #IPTLIB

иначе все время выдавало

[root@kha-gw0 ipt-netflow]# ./configure --ipt-bin=/usr/local/iptables/sbin/iptables --ipt-src=/usr/local/iptables-1.4.21 --ipt-inc=/usr/local/iptables-1.4.21/include/ --kver=3.10.36-1.el6.elrepo.i686 --kdir=/usr/src/kernels/3.10.36-1.el6.elrepo.i686
Kernel version: 3.10.36-1.el6.elrepo.i686 (requested)
Kernel sources: /usr/src/kernels/3.10.36-1.el6.elrepo.i686 (requested)
Iptables binary version: 1.4.21 (detected from /usr/local/iptables/sbin/iptables)
pkg-config for version 1.4.21 exists: No
Checking for presence of xtables.h... No
Checking for presence of iptables.h... No
! Iptables headers not found. You may need to specify --ipt-inc=...
!
! Under Centos simply run this:
! root# yum install iptables-devel.i686 pkgconfig

I think we need to use benefit of being kernel module and provide connection/packet/skb data which is visible only from inside of kernel and not visible by passive packet observation from userspace. This will be useful for a box which doing actual routing or NATing. Such data may be:

1. Easy getting of in/out interfaces, physdev for bridges, and nextop values -- this is already implemented.
2. Connection marking (MARK, CONNMARK, SECMARK, CONNSECMARK). (Someone is actually using it, see comment to commit 9100491.)
3. Routing realm labels. (In case someone store useful data in it, such occurrences is unknown to me, except Routing classification with Quagga + Realms. Is there any other uses?
4. {Source/target} {file/inode/process} {uid/gid/pids}. Getting pids will be non-trivial task, though.

I think that additional data could be reported in non-standard NetFlow v9 elements. Even though I have PEN number, it is above of 0xEFFF, thus, can not be used in v9. (Need check Wireshark source for unused element ID ranges.)

[Based on issue https://github.com//issues/8#issuecomment-45020718, where ~10Gbit linux router was discussed.]

— Flows are scanned for export and exported (in worker thread) per interval scheduled with schedule_delayed_work which is minimum 1/HZ (usually 1/250 sec). This is too rare in high traffic environment (~10Gbit), because in one scan there could be tens thousands of flows found for export, which, when submitted at once, creates packet loss and high cpu load (which is usually per one cpu thread too).

There is no ready solution for this, as of yet, please discuss or suggest.

Hi,

I have HEAD compile problems on 3.10.0-327.4.4.el7.x86_64
with

./configure --enable-promisc --enable-vlan --promisc-mpls

[root@eth0 20160118-ipt-netflow]# make Compiling for kernel 3.10.0-327.4.4.el7.x86_64 make -C /lib/modules/3.10.0-327.4.4.el7.x86_64/build M=/root/ipt-netflow/20160118-ipt-netflow modules CONFIG_DEBUG_INFO=y make[1]: Entering directory/usr/src/kernels/3.10.0-327.4.4.el7.x86_64'
CC [M] /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.o
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c: In function ‘promisc4_rcv’:
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1215:2: warning: passing argument 3 of ‘NF_HOOK’ from incompatible pointer type [enabled by default]
return NF_HOOK_COMPAT(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: expected ‘struct sock ’ but argument is of type ‘struct sk_buff *’
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1215:2: warning: passing argument 4 of ‘NF_HOOK’ from incompatible pointer type [enabled by default]
return NF_HOOK_COMPAT(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: expected ‘struct sk_buff *’ but argument is of type ‘struct net_device *’
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1215:2: warning: passing argument 6 of ‘NF_HOOK’ from incompatible pointer type [enabled by default]
return NF_HOOK_COMPAT(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: expected ‘struct net_device *’ but argument is of type ‘int ()(struct sk_buff )’
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1215:2: error: too few arguments to function ‘NF_HOOK’
return NF_HOOK_COMPAT(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: declared here
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c: In function ‘promisc6_rcv’:
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1284:2: warning: passing argument 3 of ‘NF_HOOK’ from incompatible pointer type [enabled by default]
return NF_HOOK_COMPAT(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: expected ‘struct sock *’ but argument is of type ‘struct sk_buff *’
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1284:2: warning: passing argument 4 of ‘NF_HOOK’ from incompatible pointer type [enabled by default]
return NF_HOOK_COMPAT(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: expected ‘struct sk_buff *’ but argument is of type ‘struct net_device *’
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1284:2: warning: passing argument 6 of ‘NF_HOOK’ from incompatible pointer type [enabled by default]
return NF_HOOK_COMPAT(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: expected ‘struct net_device *’ but argument is of type ‘int ()(struct sk_buff )’
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:1284:2: error: too few arguments to function ‘NF_HOOK’
return NF_HOOK_COMPAT(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL,
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/net/inet_sock.h:24,
from include/linux/udp.h:20,
from /root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.c:32:
include/linux/netfilter.h:245:1: note: declared here
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
make[2]: ** [/root/ipt-netflow/20160118-ipt-netflow/ipt_NETFLOW.o] Error 1
make[1]: *** [module/root/ipt-netflow/20160118-ipt-netflow] Error 2
make[1]: Leaving directory /usr/src/kernels/3.10.0-327.4.4.el7.x86_64' make: *** [ipt_NETFLOW.ko] Error 2 [root@eth0 20160118-ipt-netflow]#

There are module ipt_NETFLOW.ko compilation errors for kernel 4.2.3-300.fc23.x86_64 with options --enable-vlan

Compiling for kernel 4.2.3-300.fc23.x86_64
make -C /lib/modules/4.2.3-300.fc23.x86_64/build M=/var/lib/dkms/ipt-netflow/2.1-1.fc23/build modules CONFIG_DEBUG_INFO=y
make[1]: Entering directory '/usr/src/kernels/4.2.3-300.fc23.x86_64'
CC [M] /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.o
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c: In function 'parse_l2_header':
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:4677:6: error: implicit declaration of function 'vlan_tx_tag_present' [-Werror=implicit-function-declaration]
if (vlan_tx_tag_present(skb))
^
In file included from include/linux/swab.h:4:0,
from include/uapi/linux/byteorder/little_endian.h:12,
from include/linux/byteorder/little_endian.h:4,
from ./arch/x86/include/uapi/asm/byteorder.h:4,
from include/asm-generic/bitops/le.h:5,
from ./arch/x86/include/asm/bitops.h:504,
from include/linux/bitops.h:36,
from include/linux/kernel.h:10,
from include/linux/list.h:8,
from include/linux/module.h:9,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:21:
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:4678:33: error: implicit declaration of function 'vlan_tx_tag_get' [-Werror=implicit-function-declaration]
tuple->tag[tag_num++] = htons(vlan_tx_tag_get(skb));
^
include/uapi/linux/swab.h:106:32: note: in definition of macro '__swab16'
(__builtin_constant_p((__u16)(x)) ?
^
include/linux/byteorder/generic.h:134:21: note: in expansion of macro '__cpu_to_be16'
#define ___htons(x) __cpu_to_be16(x)
^
include/linux/byteorder/generic.h:140:18: note: in expansion of macro '___htons'
#define htons(x) ___htons(x)
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:4678:27: note: in expansion of macro 'htons'
tuple->tag[tag_num++] = htons(vlan_tx_tag_get(skb));
^
cc1: some warnings being treated as errors
scripts/Makefile.build:264: recipe for target '/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.o' failed
make[2]: *** [/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.o] Error 1
Makefile:1390: recipe for target 'module/var/lib/dkms/ipt-netflow/2.1-1.fc23/build' failed
make[1]: *** [module/var/lib/dkms/ipt-netflow/2.1-1.fc23/build] Error 2
make[1]: Leaving directory '/usr/src/kernels/4.2.3-300.fc23.x86_64'
Makefile:24: recipe for target 'ipt_NETFLOW.ko' failed
make: *** [ipt_NETFLOW.ko] Error 2

And with option --enable-promisc

Compiling for kernel 4.2.3-300.fc23.x86_64
make -C /lib/modules/4.2.3-300.fc23.x86_64/build M=/var/lib/dkms/ipt-netflow/2.1-1.fc23/build modules CONFIG_DEBUG_INFO=y
make[1]: Entering directory '/usr/src/kernels/4.2.3-300.fc23.x86_64'
CC [M] /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.o
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c: In function 'promisc4_rcv':
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1211:52: warning: passing argument 3 of 'NF_HOOK' from incompatible pointer type [-Wincompatible-pointer-types]
return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: expected 'struct sock ' but argument is of type 'struct sk_buff *'
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1211:57: warning: passing argument 4 of 'NF_HOOK' from incompatible pointer type [-Wincompatible-pointer-types]
return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: expected 'struct sk_buff *' but argument is of type 'struct net_device *'
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1211:68: warning: passing argument 6 of 'NF_HOOK' from incompatible pointer type [-Wincompatible-pointer-types]
return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: expected 'struct net_device *' but argument is of type 'int ()(struct sk_buff )'
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1211:9: error: too few arguments to function 'NF_HOOK'
return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: declared here
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c: In function 'promisc6_rcv':
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1279:52: warning: passing argument 3 of 'NF_HOOK' from incompatible pointer type [-Wincompatible-pointer-types]
return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: expected 'struct sock *' but argument is of type 'struct sk_buff *'
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1279:57: warning: passing argument 4 of 'NF_HOOK' from incompatible pointer type [-Wincompatible-pointer-types]
return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: expected 'struct sk_buff *' but argument is of type 'struct net_device *'
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1279:68: warning: passing argument 6 of 'NF_HOOK' from incompatible pointer type [-Wincompatible-pointer-types]
return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: expected 'struct net_device *' but argument is of type 'int ()(struct sk_buff )'
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:1279:9: error: too few arguments to function 'NF_HOOK'
return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, dev, NULL, promisc_finish);
^
In file included from include/uapi/linux/netfilter_ipv4.h:8:0,
from include/linux/netfilter_ipv4.h:7,
from include/uapi/linux/netfilter_ipv4/ip_tables.h:20,
from include/linux/netfilter_ipv4/ip_tables.h:23,
from /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.c:52:
include/linux/netfilter.h:236:1: note: declared here
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
^
scripts/Makefile.build:264: recipe for target '/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.o' failed
make[2]: ** [/var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.o] Error 1
Makefile:1390: recipe for target 'module/var/lib/dkms/ipt-netflow/2.1-1.fc23/build' failed
make[1]: *** [module/var/lib/dkms/ipt-netflow/2.1-1.fc23/build] Error 2
make[1]: Leaving directory '/usr/src/kernels/4.2.3-300.fc23.x86_64'
Makefile:24: recipe for target 'ipt_NETFLOW.ko' failed
make: *** [ipt_NETFLOW.ko] Error 2

Module compiles fine if only options --enable-macaddress and --enable-direction added

Compiling for kernel 4.2.3-300.fc23.x86_64
make -C /lib/modules/4.2.3-300.fc23.x86_64/build M=/var/lib/dkms/ipt-netflow/2.1-1.fc23/build modules CONFIG_DEBUG_INFO=y
make[1]: Entering directory '/usr/src/kernels/4.2.3-300.fc23.x86_64'
CC [M] /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.o
Building modules, stage 2.
MODPOST 1 modules
CC /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.mod.o
LD [M] /var/lib/dkms/ipt-netflow/2.1-1.fc23/build/ipt_NETFLOW.ko
make[1]: Leaving directory '/usr/src/kernels/4.2.3-300.fc23.x86_64'

ipt-netflow git snapshot from 2015-11-01 used.

I'm getting an error:

/tmp/ipt-netflow-0~20141129/ipt_NETFLOW.c: In function ‘flows_dump_seq_show’:
/tmp/ipt-netflow-0~20141129/ipt_NETFLOW.c:985:30: error: ‘struct ipt_netflow’ has no member named ‘ts_last’
  int inactive = (jiffies - nf->ts_last) >= i_timeout;

while trying to compile after

./configure --enable-debugfs

 make all
Compiling for kernel 4.1.6
make -C /lib/modules/4.1.0-0.bpo.2-amd64/build M=/root/ipt-netflow modules CONFIG_DEBUG_INFO=y
make[1]: Entering directory '/usr/src/linux-headers-4.1.0-0.bpo.2-amd64'
Makefile:10: *** mixed implicit and normal rules: deprecated syntax
  CC [M]  /root/ipt-netflow/ipt_NETFLOW.o
/root/ipt-netflow/ipt_NETFLOW.c: In function ‘hsize_procctl’:
/root/ipt-netflow/ipt_NETFLOW.c:1427:2: error: unknown type name ‘ctl_table_no_const’
  ctl_table_no_const lctl = *ctl;
  ^
/root/ipt-netflow/ipt_NETFLOW.c:1427:28: error: incompatible types when initializing type ‘int’ using type ‘struct ctl_table’
  ctl_table_no_const lctl = *ctl;
                            ^
/root/ipt-netflow/ipt_NETFLOW.c:1430:7: error: request for member ‘data’ in something not a structure or union
   lctl.data = &hsize;
       ^
/root/ipt-netflow/ipt_NETFLOW.c:1431:22: warning: passing argument 1 of ‘proc_dointvec’ from incompatible pointer type
  ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
                      ^
In file included from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/kmod.h:27:0,
                 from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/module.h:13,
                 from /root/ipt-netflow/ipt_NETFLOW.c:21:
/usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/sysctl.h:42:12: note: expected ‘struct ctl_table *’ but argument is of type ‘int *’
 extern int proc_dointvec(struct ctl_table *, int,
            ^
/root/ipt-netflow/ipt_NETFLOW.c: In function ‘sndbuf_procctl’:
/root/ipt-netflow/ipt_NETFLOW.c:1445:2: error: unknown type name ‘ctl_table_no_const’
  ctl_table_no_const lctl = *ctl;
  ^
/root/ipt-netflow/ipt_NETFLOW.c:1445:28: error: incompatible types when initializing type ‘int’ using type ‘struct ctl_table’
  ctl_table_no_const lctl = *ctl;
                            ^
/root/ipt-netflow/ipt_NETFLOW.c:1457:6: error: request for member ‘data’ in something not a structure or union
  lctl.data = &sndbuf;
      ^
/root/ipt-netflow/ipt_NETFLOW.c:1458:22: warning: passing argument 1 of ‘proc_dointvec’ from incompatible pointer type
  ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
                      ^
In file included from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/kmod.h:27:0,
                 from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/module.h:13,
                 from /root/ipt-netflow/ipt_NETFLOW.c:21:
/usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/sysctl.h:42:12: note: expected ‘struct ctl_table *’ but argument is of type ‘int *’
 extern int proc_dointvec(struct ctl_table *, int,
            ^
/root/ipt-netflow/ipt_NETFLOW.c: In function ‘flush_procctl’:
/root/ipt-netflow/ipt_NETFLOW.c:1587:2: error: unknown type name ‘ctl_table_no_const’
  ctl_table_no_const lctl = *ctl;
  ^
/root/ipt-netflow/ipt_NETFLOW.c:1587:28: error: incompatible types when initializing type ‘int’ using type ‘struct ctl_table’
  ctl_table_no_const lctl = *ctl;
                            ^
/root/ipt-netflow/ipt_NETFLOW.c:1589:6: error: request for member ‘data’ in something not a structure or union
  lctl.data = &val;
      ^
/root/ipt-netflow/ipt_NETFLOW.c:1590:22: warning: passing argument 1 of ‘proc_dointvec’ from incompatible pointer type
  ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
                      ^
In file included from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/kmod.h:27:0,
                 from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/module.h:13,
                 from /root/ipt-netflow/ipt_NETFLOW.c:21:
/usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/sysctl.h:42:12: note: expected ‘struct ctl_table *’ but argument is of type ‘int *’
 extern int proc_dointvec(struct ctl_table *, int,
            ^
/root/ipt-netflow/ipt_NETFLOW.c: In function ‘protocol_procctl’:
/root/ipt-netflow/ipt_NETFLOW.c:1616:2: error: unknown type name ‘ctl_table_no_const’
  ctl_table_no_const lctl = *ctl;
  ^
/root/ipt-netflow/ipt_NETFLOW.c:1616:28: error: incompatible types when initializing type ‘int’ using type ‘struct ctl_table’
  ctl_table_no_const lctl = *ctl;
                            ^
/root/ipt-netflow/ipt_NETFLOW.c:1618:6: error: request for member ‘data’ in something not a structure or union
  lctl.data = &ver;
      ^
/root/ipt-netflow/ipt_NETFLOW.c:1619:22: warning: passing argument 1 of ‘proc_dointvec’ from incompatible pointer type
  ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
                      ^
In file included from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/kmod.h:27:0,
                 from /usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/module.h:13,
                 from /root/ipt-netflow/ipt_NETFLOW.c:21:
/usr/src/linux-headers-4.1.0-0.bpo.2-common/include/linux/sysctl.h:42:12: note: expected ‘struct ctl_table *’ but argument is of type ‘int *’
 extern int proc_dointvec(struct ctl_table *, int,
            ^
/usr/src/linux-headers-4.1.0-0.bpo.2-common/scripts/Makefile.build:269: recipe for target '/root/ipt-netflow/ipt_NETFLOW.o' failed
make[4]: *** [/root/ipt-netflow/ipt_NETFLOW.o] Error 1
/usr/src/linux-headers-4.1.0-0.bpo.2-common/Makefile:1401: recipe for target '_module_/root/ipt-netflow' failed
make[3]: *** [_module_/root/ipt-netflow] Error 2
Makefile:146: recipe for target 'sub-make' failed
make[2]: *** [sub-make] Error 2
Makefile:8: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-4.1.0-0.bpo.2-amd64'
Makefile:24: recipe for target 'ipt_NETFLOW.ko' failed
make: *** [ipt_NETFLOW.ko] Error 2

Ugly fix:

diff --git a/compat.h b/compat.h
index dd3cfc6..59c625b 100644
--- a/compat.h
+++ b/compat.h
@@ -77,9 +77,6 @@ union nf_inet_addr {

 # if LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
 #  define ctl_table struct ctl_table
-# endif
-
-# ifndef CONFIG_GRKERNSEC
 #  define ctl_table_no_const ctl_table
 # endif
 #endif

Hello!

After Wireshark investigation I found you use 32 bit (4 bytes) packets and bytes counter for IPFIX. But in reference standard http://www.iana.org/assignments/ipfix/ipfix.xhtml this counters defined as 64 bit.

Here you can find screenshot from the Wireshark:

Could you fix it?

After months of perfect operation, the system began to crash periodically

[ 7.137981] ipt_NETFLOW version v1.8-88-g3d95a40-dirty, srcversion BA4068808EBC0B7702B0012
[ 7.137984] ipt_NETFLOW: hashsize 8192
--------cut------
[70271.303621] BUG: unable to handle kernel paging request at ffffffefa044a2f8
[70271.310646] IP: [] _raw_spin_lock_irqsave+0x30/0x30
[70271.317123] PGD 180c067 PUD 0
[70271.320236] Oops: 0000 [#1] SMP
[70271.323511] Modules linked in: nf_nat_pptp nf_nat_proto_gre nf_conntrack_pptp nf_conntrack_proto_gre nf_nat_ftp nf_conntrack_ftp ipt_REJECT xt_tcpudp xt_state xt_multiport xt_CT xt_addrtype iptable_raw ipt_NETs
[70271.406936] CPU: 0 PID: 52 Comm: kworker/0:1 Tainted: G O 3.10.5-3my #1
[70271.414772] Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./Z77X-D3H, BIOS F16 10/24/2012
[70271.424702] Workqueue: events netflow_work_fn [ipt_NETFLOW]
[70271.430301] task: ffff880213d22040 ti: ffff880212e72000 task.ti: ffff880212e72000
[70271.437792] RIP: 0010:[] [] _raw_spin_lock_irqsave+0x30/0x30
[70271.446698] RSP: 0018:ffff880212e73dd0 EFLAGS: 00010287
[70271.452020] RAX: 000000001c2a1c2a RBX: ffff88020c2d1af8 RCX: 0000000000000064
[70271.459163] RDX: 0000000000001c2a RSI: ffff880212457a68 RDI: ffffffefa044a2f8
[70271.466308] RBP: 0000000000013b80 R08: 00017eed43449740 R09: ba00000000000000
[70271.473453] R10: 00017eed43449740 R11: 0000000000000001 R12: ffff88020c2d1a68
[70271.480596] R13: 0000000000003a98 R14: 000000000080650d R15: 00000000001b7740
[70271.487741] FS: 0000000000000000(0000) GS:ffff88021f200000(0000) knlGS:0000000000000000
[70271.495837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[70271.501596] CR2: ffffffefa044a2f8 CR3: 000000020af42000 CR4: 00000000001407f0
[70271.508739] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[70271.515883] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[70271.523027] Stack:
[70271.525047] ffffffffa04448ae ffff880213d22040 ffffffffa0449740 ffff8802147d27c0
[70271.532539] ffff88021f2125c0 ffff88021f216000 0000000000000000 0000000000000000
[70271.540039] ffffffffa044599b ffff880212e73fd8 ffffffff81059bae ffff880212e73fd8
[70271.547528] Call Trace:
[70271.549985] [] ? netflow_scan_and_export+0x14e/0x3f0 [ipt_NETFLOW]
[70271.557823] [] ? netflow_work_fn+0xb/0xb0 [ipt_NETFLOW]
[70271.564706] [] ? process_one_work+0x16e/0x420
[70271.570723] [] ? worker_thread+0x117/0x370
[70271.576480] [] ? rescuer_thread+0x310/0x310
[70271.582323] [] ? kthread+0xb3/0xc0
[70271.587385] [] ? kthread_create_on_node+0x120/0x120
[70271.593924] [] ? ret_from_fork+0x7c/0xb0
[70271.599506] [] ? kthread_create_on_node+0x120/0x120
[70271.606043] Code: 00 01 00 f0 0f c1 17 89 d1 c1 e9 10 66 39 d1 74 14 66 2e 0f 1f 84 00 00 00 00 00 f3 90 0f b7 17 66 39 ca 75 f6 c3 0f 1f 44 00 00 <8b> 17 89 d0 c1 e8 10 66 39 c2 74 04 31 c0 c3 90 8d 8a 00 00
[70271.626115] RIP [] _raw_spin_lock_irqsave+0x30/0x30
[70271.633396] RSP
[70271.637620] CR2: ffffffefa044a2f8
[70271.641669] ---[ end trace 1d080f8803d2b1a0 ]---
[70271.647011] Kernel panic - not syncing: Fatal exception in interrupt
[70271.654094] drm_kms_helper: panic occurred, switching back to text console
[70271.661703] Rebooting in 5 seconds..

Hi,

I get an error during the execution of the configure script:

Kernel version: 3.10.0-327.3.1.el7.x86_64 (requested)
Kernel sources: /lib/modules/3.10.0-327.3.1.el7.x86_64/build (found)
Checking for presence of include/linux/llist.h... Yes
Checking for presence of include/linux/grsecurity.h... No
Iptables binary version: 1.4.21 (detected from /usr/local/iptables/sbin/iptables)
pkg-config for version 1.4.21 exists: No
Checking for presence of xtables.h... Yes (using ipt-inc)
Checking iptables sources version: 1.4.21 (ok)
Iptables include flags: -I/usr/local/iptables-1.4.21/include/ (user specified)
Iptables module path: /usr/local/iptables/lib/xtables
/usr/local/iptables-1.4.21/libxtables (from iptables binary)
Searching for net-snmp-config... Yes /bin/net-snmp-config
Searching for net-snmp agent... Yes.
Checking for DKMS... Yes.
! You are already have module installed via DKMS
!   it will be uninstalled on 'make install' and
!   current version of module installed afterwards.
! Use --disable-dkms option if don't want this.
Creating Makefile.. sed: -e expression #1, char 526: unterminated `s' command
done.

  If you need some options enabled run ./configure --help
  Now run: make all install

Doesn't work for me only under a new version of Centos linux OS:
CentOS Linux release 7.2.1511 (Core)

Hi,

Firstly thank you for your hard work on this project!

Secondly I'm using ipt-netflow with SiLK on single machine:
system: Ubuntu 14.04 lts
ipt-netflow: current version from git
silk: current version 3.10.1

From time to time SiLK reports in syslog:

rwflowpack[26741]: NetFlow V9 sequence number mismatch for domain 0x0000, expecting 0xec5c4 received 0xec5c5
rwflowpack[26741]: NetFlow V9 sequence number mismatch for domain 0x0000, expecting 0xec5c6 received 0xec5c8
rwflowpack[26741]: NetFlow V9 sequence number mismatch for domain 0x0000, expecting 0xec5c9 received 0xec5ca
...
rwflowpack[1263]: 'test': forward 749786, reverse 0, ignored 0, nf9: missing-pkts 23

netstat -su
...
Udp:
    261520 packets received
    0 packets to unknown port received.
    23 packet receive errors
    261520 packets sent
...

I've found that ipt-netflow v 2.0 does not have such problems. All versions are affected since this change: e7d0cd0

For testing purpose I've commented out "export_ifnames();" and the issue went away. Any ideas what might be wrong?

Kind regards,