Openwrt makefile

README

@@ -572,10 +572,21 @@ ipt_NETFLOW linux 2.6.x-4.x kernel module by <[email protected]> -- 2008-2016.
        desirable to combine it with packet processing on very highly loaded
        routers.
 
-       This option also could be changed at runtime with: 
+       This option could be changed at runtime with:
 
          # echo number > /sys/module/ipt_NETFLOW/parameters/exportcpu
 
+   engine_id=number
+     - Observation Domain ID (on IPFIX, Source Id on NetFlow v9, or Engine Id
+       on NetFlow v5) value to be exported. This may help your collector to
+       distinguish between multiple exporters. On Netflow v9 and IPFIX this
+       value is 32-bit on NetFlow v5 only 8 low bits are significant.
+       Default value is 0.
+
+       This option could be changed at runtime with:
+
+         # echo number > /sys/module/ipt_NETFLOW/parameters/engine_id
+
 
 ====================
 = HOW TO READ STAT =

configure

@@ -312,7 +312,7 @@ do
     --disable-snmp-a*)   SKIPSNMP=1 ;;
     --disable-net-snmp*) SKIPSNMP=1 ;;
     --disable-dkms*)     SKIPDKMS=1 ;;
-    --from-dkms-conf) ;;
+    --from-dkms-conf*) ;;
     --make) echo called from make; CARGS=`echo $CARGS | sed s/--make//g` ;;
     -Werror) KOPTS="$KOPTS -Werror" ;;
     --help|-h) show_help ;;

ipt_NETFLOW.c

@@ -209,6 +209,10 @@ MODULE_PARM_DESC(maxflows, "maximum number of flows");
 static int peakflows = 0;
 static unsigned long peakflows_at; /* jfffies */
 
+static int engine_id = 0;
+module_param(engine_id, int, 0644);
+MODULE_PARM_DESC(engine_id, "Observation Domain ID");
+
 #ifdef ENABLE_AGGR
 #define AGGR_SIZE 1024
 static char aggregation_buf[AGGR_SIZE] = "";
@@ -271,7 +275,6 @@ static union {
 	struct netflow9_pdu v9;
 	struct ipfix_pdu ipfix;
 } pdu;
-static int engine_id = 0; /* Observation Domain */
 static __u8 *pdu_data_used;
 static __u8 *pdu_high_wm; /* high watermark */
 static struct flowset_data *pdu_flowset = NULL; /* current data flowset */
@@ -2532,7 +2535,7 @@ static void netflow_export_pdu_v5(void)
 	pdu.v5.ts_unsecs	= htonl(tv.tv_usec);
 	pdu.v5.seq		= htonl(pdu_seq);
 	//pdu.v5.eng_type	= 0;
-	pdu.v5.eng_id		= engine_id;
+	pdu.v5.eng_id		= (__u8)engine_id;
 #ifdef ENABLE_SAMPLER
 	pdu.v5.sampling		= htons(sampler_nf_v5());
 #endif

openwrt/Makefile

@@ -0,0 +1,126 @@
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ipt-netflow
+PKG_RELEASE:=2
+
+PKG_SOURCE_URL:=https://github.com/aabc/$(PKG_NAME).git
+PKG_VERSION:=2.2
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+
+#TO BUILD development version uncomment 2 rows below and remove patches
+#PKG_VERSION:=$(shell (git ls-remote $(PKG_SOURCE_URL) | grep refs/heads/master | cut -f 1 | head -c 7))
+#PKG_SOURCE_VERSION:=HEAD
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_BUILD_DIR := $(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_DEPENDS:=iptables
+
+include $(INCLUDE_DIR)/package.mk
+
+
+define KernelPackage/ipt-netflow
+	SECTION:=net
+	CATEGORY:=Network
+	SUBMENU:=Netflow
+	TITLE:=Netflow iptables module for Linux kernel
+	URL:=http://ipt-netflow.sourceforge.net/
+	FILES:=$(PKG_BUILD_DIR)/ipt_NETFLOW.ko
+	DEPENDS:=+iptables +iptables-mod-netflow
+endef
+
+
+define Package/iptables-mod-netflow
+	SECTION:=net
+	CATEGORY:=Network
+	SUBMENU:=Netflow
+	TITLE:=Netflow iptables module for Linux kernel
+	URL:=http://ipt-netflow.sourceforge.net/
+	#DEPENDS:=+kmod-ipt-netflow
+	DEPENDS:=+iptables
+endef
+
+CONFIGURE_ARGS:= \
+	--kdir="$(LINUX_DIR)" 
+
+define Package/iptables-mod-netflow/config
+	menu "Configuration"
+		depends on PACKAGE_iptables-mod-netflow
+	config PACKAGE_iptables-mod-netflow_natevents
+		bool "enables natevents support"
+		default n
+	config PACKAGE_iptables-mod-netflow_snmp-rules
+		bool "enables SNMP-index conversion rules"
+		default n
+	config PACKAGE_iptables-mod-netflow_macaddress
+		bool "enables MAC address for v9/IPFIX"
+		default n
+	config PACKAGE_iptables-mod-netflow_vlan
+		bool "enables VLAN Ids for v9/IPFIX"
+		default n
+	config PACKAGE_iptables-mod-netflow_direction
+		bool "enables flowDirection(61) Element"
+		default n
+	config PACKAGE_iptables-mod-netflow_sampler
+		bool "enables Flow Sampling"
+		default n
+	config PACKAGE_iptables-mod-netflow_aggregation
+		bool "enables aggregation rules"
+		default n
+	config PACKAGE_iptables-mod-netflow_promisc
+		bool "enables promisc hack mode"
+		default n
+	config PACKAGE_iptables-mod-netflow_promisc-mpls
+		bool "decapsulate MPLS in promisc mode"
+		default n
+	config PACKAGE_iptables-mod-netflow_physdev
+		bool "enables physdev reporting"
+		default n
+	config PACKAGE_iptables-mod-netflow_physdev-override
+		bool "to override interfaces"
+		default n
+	config PACKAGE_iptables-mod-netflow_snmp-agent
+		bool "disables net-snmp agent"
+		default y
+	config PACKAGE_iptables-mod-netflow_dkms
+		bool "disables DKMS support completely"
+		default y
+	config PACKAGE_iptables-mod-netflow_dkms-install
+		bool "no DKMS install but still create dkms.conf"
+		default n
+	endmenu
+endef
+
+CONFIGURE_ARGS += \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_natevents),--enable-natevents) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_snmp-rules),--enable-snmp-rules) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_macaddress),--enable-macaddress) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_vlan),--enable-vlan) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_direction),--enable-direction) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_sampler),--enable-sampler) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_aggregation),--enable-aggregation) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_promisc),--enable-promisc) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_promisc-mpls),--promisc-mpls) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_physdev),--enable-physdev) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_physdev-override),--enable-physdev-override) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_snmp-agent),--disable-snmp-agent) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_dkms),--disable-dkms) \
+	$(if $(CONFIG_PACKAGE_iptables-mod-netflow_dkms-install),--disable-dkms-install) 
+
+#TODO: --enable-sampler=hash --promisc-mpls=N
+
+
+$(eval $(call KernelPackage,ipt-netflow))
+
+$(eval $(call Package,kmod-ipt-netflow))
+
+define Package/iptables-mod-netflow/install
+	$(MAKE) -C $(PKG_BUILD_DIR) DESTDIR=$(1) linstall
+	#TODO: snmp install, dkms install
+endef
+
+$(eval $(call BuildPackage,iptables-mod-netflow))

openwrt/Readme.md

@@ -0,0 +1,69 @@
+Cross-compiling and packages for openwrt
+===
+
+Place Makefile in `packages/network/ipt-netflow` directory in OpenWRT bouldroot.
+Run `make menuconfig` and select package in Network/Netflow menu. Configure args partially supported.
+
+Run `make` to build full firmware or `make package/network/ipt-netflow/{clean,prepare,configure,compile,install}` to rebuild packages.
+
+To make git version uncomment two lines in Makefile.
+
+Tested to work on Chaos Calmer and Designated Driver with Atheros AR7xxx/AR9xxx target.
+
+For ipt-netflow 2.2 patches are needed, drop it for next version or git master to build.
+
+Making and installilng
+===
+
+```shell
+mkdir debian-toolchain
+sudo debootstrap jessie debian-toolchain
+sudo chroot debian-toolchain
+
+. /etc/profile
+apt update
+apt install git ssh-client build-essential mercurial subversion \
+   binutils flex bzip2 asciidoc ncurses-dev libssl-dev gawk zlib1g-dev fastjar
+
+adduser user
+su user
+. /etc/profile
+cd ~
+
+git clone https://github.com/openwrt/openwrt.git openwrt-trunk
+git clone https://github.com/aabc/ipt-netflow.git
+
+cd openwrt-trunk
+./scripts/feeds update -a
+ln -s ~/ipt-netflow/openwrt/ package/network/ipt-netflow
+
+
+make menuconfig
+  #select target and device
+  #go to network/netflow and check both
+
+make
+  #and go for dinner or a walk ;)
+  #after five hours
+
+scp bin/ar71xx/packages/kernel/kmod-ipt-netflow_4.4.14+2.2-2_ar71xx.ipk  \
+   [email protected]:/tmp/
+scp bin/ar71xx/packages/base/iptables-mod-netflow_2.2-2_ar71xx.ipk \
+   [email protected]:/tmp/
+scp bin/ar71xx/packages/base/kernel_4.4.14-1-abf9cc6feb410252d667326556dae184_ar71xx.ipk   \ 
+   [email protected]:/tmp/
+
+   #goto router
+ssh [email protected]
+
+opkg install /tmp/*.ipk
+
+insmod /lib/modules/4.4.14/ipt_NETFLOW.ko
+sysctl -w net.netflow.protocol=5
+sysctl -w net.netflow.destination=192.168.236.34:2055
+
+iptables -I FORWARD -j NETFLOW
+iptables -I INPUT -j NETFLOW
+iptables -I OUTPUT -j NETFLOW
+
+```

openwrt/patches/310-Makefile_crosscompile.patch

@@ -0,0 +1,17 @@
+Index: ipt-netflow-2.2/Makefile.in
+===================================================================
+--- ipt-netflow-2.2.orig/Makefile.in
++++ ipt-netflow-2.2/Makefile.in
+@@ -64,10 +64,10 @@ sinstall: | snmp_NETFLOW.so IPT-NETFLOW-
+ 	fi
+
+ %_sh.o: libipt_NETFLOW.c
+-	gcc -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
++	$(CC) $(CFLAGS) -O2 -Wall -Wunused $(IPTABLES_CFLAGS) -fPIC -o $@ -c libipt_NETFLOW.c
+
+ %.so: %_sh.o
+-	gcc -shared -o $@ $<
++	$(CC) -shared -o $@ $<
+
+ version.h: ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
+ 	@./version.sh --define > version.h