Pfflowd not working with 2.2 RC - pfsync version mismatch

fatsailor

I've confirmed that I don't have any previous pfflowd files lingering prior to a new install. I install pfflowd, and I'm still getting the same error.

The options to pfflowd are shown below.

[2.2-RC][admin@]/usr/local/sbin: pfflowd –help
pfflowd: illegal option -- -
Invalid commandline option.
Usage: pfflowd [options] [bpf_program]
NF9 compile options : 64 Bits Counters, Internet Protocol Version 6, Egress Templates
  -i interface    Specify interface to listen on (default pfsync0)
  -n host:port    Send NetFlow datagrams to host on port (mandatory)
  -r pcap_file    Specify packet capture file to read
  -S direction    Generation flows for "in" or "out" bound states (default any)
  -d              Don't daemonise
  -D              Debug mode: don't daemonise + verbosity
  -v              NetFlow export packet version (default 5)
  -m              Specify the number of minutes to periodly refresh V9 templates (default 30)
  -p              Specify the number of export packets to periodly refresh V9 templates (default 1000)
  -e              Specify the identity of the Exporter Observation Domain. (default 0)
  -h              Display this help

I've confirmed the script starts pfflowd with '-v 9' which one would think would be fine- no joy.

I tried running pfflowd from the command line with debug enabled and in the foreground - no joy.

[2.2-RC][admin@]/usr/local/sbin: pfflowd -d -D -n 10.1.1.5:4444 -s 10.1.1.1 -S any -v 9
pfflowd[9144]: pfflowd listening on pfsync0
pfflowd[9144]: Unsupported pfsync version 5, exiting

I've also confirmed that nfsen is listening at the 10.1.1.5:4444 address.

Anyone have a bright idea?

jimp

Dump pfflowd and use softflowd?

At least until a fix is located… but really, softflowd is a lot more modern.

fatsailor

@jimp:

Dump pfflowd and use softflowd?

At least until a fix is located… but really, softflowd is a lot more modern.

Yes - installed I installed softflowd last night after I noticed pfflowd was deprecated with FreeBSD proper.  Unfortunately, softflowd wouldn't start. I didn't dig too much into it before uninstalling as it was late, but it seemed the file in etc/rc was actually a link to the softflowd binary. Basically, it looked like the the install hierarchy was a bit messed up.

I'm looking into the softflowd install problems (and also looking at the pkg version) today. While I'm comfortable on FreeBSD, I don't know the package process on pfsense well.

I'll post if I get something working.

fatsailor

@fatsailor:

I'll post if I get something working.

Easy enough fix….but I was too tired last night to notice.

/usr/local/etc/rc.d/softflowd.sh needs to be moved to /usr/local/etc/rc.d/softflowd

service couldn't find the rc script.

acherman

Hey fatsailor, thanks for this.  Since pfflowd stopped working with 2.2 I have been missing all of my flows, and softflowd would never generate any log messages as to why it wouldn't start.  Moving that file as you specified made the difference.  Hopefully someone fixes that package install before someone needs to do another new install.

Thanks again.

Aaron

andrewhotlab

Sorry, but I'm running pfSense 2.2 (nanoBSD) on i386 (Soekris) platform, and both pfflowd and softflowd packages are not working.
The former because of the error "Unsupported pfsync version 5, exiting" when starting the service. The latter because it simply does not start: I noticed that the softflowd package does not install anything in /usr/local/etc/rc.d/.

I do not know exactly how the PBI system works, maybe anyone can suggest me how to troubleshoot this? Thanks.

acherman

Using fatsailor's instructions above, I was able to get the softflowd service to start, but I don't seem to be getting any NetFlow-style packets exported - Wireshark just shows random data with no template to it.

andrewhotlab

Great, you are just a step ahead me… :) In fact I have no /usr/local/etc/rc.d/softflowd.sh. I installed the version 0.9.8_2 pkg v1.1 of softflowd.

It seems that at this time there is no way to export NetFlow data from pfSense 2.2. Well, at least not using anything from the "official" package repository... it's a shame! :(

If someone could just put me in the right direction, I'll be glad to help troubleshooting the issues.

Thanks.

jimp

Softflowd works fine for me on any system I try. Try saving the settings twice in a row, see if that triggers it to generate the rc script.

andrewhotlab

Thank you very much: after saving twice in a row the rc.d scripts appeared! :)

I just started to collect flows again thanks to the softflowd package.

Sincerely gratefully.