Pfflowd not working with 2.2 RC - pfsync version mismatch

cmb

The linked patch is much older than the version of pfflowd we have, it's not directly relevant to anything happening here. Not seeing that. You running 32 or 64 bit? Which options do you have configured?

Did you ever pkg_add it outside of our built-in package system? If you somehow have an old pfflowd rather than the 2.2 version, that could cause that.

fatsailor

@cmb:

The linked patch is much older than the version of pfflowd we have, it's not directly relevant to anything happening here. Not seeing that. You running 32 or 64 bit? Which options do you have configured?

Running 64bit amd

@cmb:

Did you ever pkg_add it outside of our built-in package system? If you somehow have an old pfflowd rather than the 2.2 version, that could cause that.

We've never had pfflowd installed via packages, and we never used pkg on the box.

We did this on a fresh update to 2.2 RC, and the only other package we have installed is OpenVPN export.

A find from '/' shows:

./var/db/pbi/.hashqueue/pfflowd-0.8-amd64
      ./tmp/pfflowd.info

We removed the package when it wasn't working.

dre

@cmb:

The linked patch is much older than the version of pfflowd we have, it's not directly relevant to anything happening here. Not seeing that. You running 32 or 64 bit? Which options do you have configured?

Did you ever pkg_add it outside of our built-in package system? If you somehow have an old pfflowd rather than the 2.2 version, that could cause that.

I'm seeing the same problem.

Jan 23 17:29:43 floe php-fpm[302]: /pkg_mgr_install.php: Successfully installed package: pfflowd.
Jan 23 17:29:43 floe check_reload_status: Reloading filter
Jan 23 17:31:11 floe check_reload_status: Syncing firewall
Jan 23 17:31:11 floe php-fpm[300]: /pkg_edit.php: The command '/usr/local/etc/rc.d/pfflowd.sh stop' returned exit code '1', the output was 'No matching processes were found' 
Jan 23 17:31:13 floe pfflowd[23703]: pfflowd listening on pfsync0
Jan 23 17:31:13 floe kernel: pfsync0: promiscuous mode enabled
Jan 23 17:32:14 floe pfflowd[23703]: Unsupported pfsync version 5, exiting
Jan 23 17:32:15 floe kernel: pfsync0: promiscuous mode disabled

[2.2-RC][root@floe.dl]/root: cat /tmp/pfflowd.info
Beginning package installation for pfflowd .
Downloading package configuration file... done.
Saving updated package information... done.
Downloading pfflowd and its dependencies... 
Checking for package installation... 
 Downloading https://files.pfsense.org/packages/10/All/pfflowd-0.8-i386.pbi ...  (extracting)
Loading package configuration... done.
Configuring package components...
Loading package configuration... done.
Custom commands...
Executing custom_php_global_functions()...done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.

Installation completed.   Please check to make sure that the package is configured from the respective menu then start the package.

[2.2-RC][root@floe.dl]/root: ls -al ./var/db/pbi/.hashqueue
total 1
drwxrwxr-x  2 root  operator  512 Jan 23 17:29 .
drwxr-xr-x  9 root  wheel     512 Jan 23 17:09 ..
-rw-r--r--  1 root  operator    0 Jan 23 17:15 iftop-0.17-i386
-rw-r--r--  1 root  operator    0 Jan 23 17:14 iperf-2.0.5-i386
-rw-r--r--  1 root  operator    0 Jan 23 17:16 mtr-0.85_1-i386
-rw-r--r--  1 root  operator    0 Jan 23 17:12 p7zip-9.20.1_2-i386
-rw-r--r--  1 root  operator    0 Jan 23 17:29 pfflowd-0.8-i386
-rw-r--r--  1 root  operator    0 Jan 23 17:11 zip-3.0_1-i386

[2.2-RC][root@floe.dl]/root: uname -a
FreeBSD floe.dl 10.1-RELEASE-p4 FreeBSD 10.1-RELEASE-p4 #0 36d7dec(releng/10.1)-dirty: Fri Jan 16 12:43:41 CST 2015     root@pfsense-22-i386-builder:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_wrap.10.i386  i386

I ran pfflowd many moons ago, but never did anything fancy to install it.

Update: still occurs on 2.2 RELEASE.

Jan 23 23:11:07 floe php-fpm[299]: /pkg_mgr_install.php: Beginning package installation for pfflowd .
Jan 23 23:11:10 floe check_reload_status: Syncing firewall
Jan 23 23:11:53 floe check_reload_status: Syncing firewall
Jan 23 23:11:53 floe php-fpm[299]: /pkg_mgr_install.php: Successfully installed package: pfflowd.
Jan 23 23:11:54 floe check_reload_status: Reloading filter
Jan 23 23:12:43 floe pfflowd[2358]: pfflowd listening on pfsync0
Jan 23 23:12:43 floe kernel: pfsync0: promiscuous mode enabled
Jan 23 23:14:55 floe sshd[39631]: Received disconnect from 192.168.5.89: 11: disconnected by user
Jan 23 23:16:47 floe pfflowd[2358]: Unsupported pfsync version 5, exiting
Jan 23 23:16:47 floe kernel: pfsync0: promiscuous mode disabled

Thanks,
-dre

fatsailor

I've confirmed that I don't have any previous pfflowd files lingering prior to a new install. I install pfflowd, and I'm still getting the same error.

The options to pfflowd are shown below.

[2.2-RC][admin@]/usr/local/sbin: pfflowd –help
pfflowd: illegal option -- -
Invalid commandline option.
Usage: pfflowd [options] [bpf_program]
NF9 compile options : 64 Bits Counters, Internet Protocol Version 6, Egress Templates
  -i interface    Specify interface to listen on (default pfsync0)
  -n host:port    Send NetFlow datagrams to host on port (mandatory)
  -r pcap_file    Specify packet capture file to read
  -S direction    Generation flows for "in" or "out" bound states (default any)
  -d              Don't daemonise
  -D              Debug mode: don't daemonise + verbosity
  -v              NetFlow export packet version (default 5)
  -m              Specify the number of minutes to periodly refresh V9 templates (default 30)
  -p              Specify the number of export packets to periodly refresh V9 templates (default 1000)
  -e              Specify the identity of the Exporter Observation Domain. (default 0)
  -h              Display this help

I've confirmed the script starts pfflowd with '-v 9' which one would think would be fine- no joy.

I tried running pfflowd from the command line with debug enabled and in the foreground - no joy.

[2.2-RC][admin@]/usr/local/sbin: pfflowd -d -D -n 10.1.1.5:4444 -s 10.1.1.1 -S any -v 9
pfflowd[9144]: pfflowd listening on pfsync0
pfflowd[9144]: Unsupported pfsync version 5, exiting

I've also confirmed that nfsen is listening at the 10.1.1.5:4444 address.

Anyone have a bright idea?

jimp

Dump pfflowd and use softflowd?

At least until a fix is located… but really, softflowd is a lot more modern.

fatsailor

@jimp:

Dump pfflowd and use softflowd?

At least until a fix is located… but really, softflowd is a lot more modern.

Yes - installed I installed softflowd last night after I noticed pfflowd was deprecated with FreeBSD proper.  Unfortunately, softflowd wouldn't start. I didn't dig too much into it before uninstalling as it was late, but it seemed the file in etc/rc was actually a link to the softflowd binary. Basically, it looked like the the install hierarchy was a bit messed up.

I'm looking into the softflowd install problems (and also looking at the pkg version) today. While I'm comfortable on FreeBSD, I don't know the package process on pfsense well.

I'll post if I get something working.

fatsailor

@fatsailor:

I'll post if I get something working.

Easy enough fix….but I was too tired last night to notice.

/usr/local/etc/rc.d/softflowd.sh needs to be moved to /usr/local/etc/rc.d/softflowd

service couldn't find the rc script.

acherman

Hey fatsailor, thanks for this.  Since pfflowd stopped working with 2.2 I have been missing all of my flows, and softflowd would never generate any log messages as to why it wouldn't start.  Moving that file as you specified made the difference.  Hopefully someone fixes that package install before someone needs to do another new install.

Thanks again.

Aaron

andrewhotlab

Sorry, but I'm running pfSense 2.2 (nanoBSD) on i386 (Soekris) platform, and both pfflowd and softflowd packages are not working.
The former because of the error "Unsupported pfsync version 5, exiting" when starting the service. The latter because it simply does not start: I noticed that the softflowd package does not install anything in /usr/local/etc/rc.d/.

I do not know exactly how the PBI system works, maybe anyone can suggest me how to troubleshoot this? Thanks.

acherman

Using fatsailor's instructions above, I was able to get the softflowd service to start, but I don't seem to be getting any NetFlow-style packets exported - Wireshark just shows random data with no template to it.

andrewhotlab

Great, you are just a step ahead me… :) In fact I have no /usr/local/etc/rc.d/softflowd.sh. I installed the version 0.9.8_2 pkg v1.1 of softflowd.

It seems that at this time there is no way to export NetFlow data from pfSense 2.2. Well, at least not using anything from the "official" package repository... it's a shame! :(

If someone could just put me in the right direction, I'll be glad to help troubleshooting the issues.

Thanks.

jimp

Softflowd works fine for me on any system I try. Try saving the settings twice in a row, see if that triggers it to generate the rc script.

andrewhotlab

Thank you very much: after saving twice in a row the rc.d scripts appeared! :)

I just started to collect flows again thanks to the softflowd package.

Sincerely gratefully.