Index | Thread | Search

From:
"Sven F." <sven.falempin@gmail.com>
Subject:
Pflow and Rdomain
To:
tech@openbsd.org
Date:
Tue, 10 Mar 2026 09:49:02 -0400

Download raw body.

Thread

  • Sven F.:

    Pflow and Rdomain

Hello OpenBSD team,

I was poking around pflow and rdomains , and i was trying to
"misuse" flowsrc, interesting part after,

When I run:

sh /etc/netstart pflow2

I receive the following errors:

ifconfig: pflow2: SIOCSETPFLOW: Can't assign requested address
ifconfig: pflow2: SIOCSETPFLOW: Can't assign requested address

The lo2 interface in rdomain 2 is configured as:

lo2: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> rdomain 2 mtu
32768
     [...]
     inet 2.3.0.6 netmask 0xffffffff

And my /etc/hostname.pflow2 contains:

rdomain 2
flowsrc 2.3.0.6 flowdst 2.3.0.6:12345
pflowproto 10

My question is whether this behavior is expected. ( i guess so )  In
this setup, the flow destination is in rdomain 0, and I'm trying to mark
flows based on their originating rdomain.

More seriously, I was also wondering whether using the engine_id field
might be a
suitable way to store or represent the rdomain value, which is probably
a better way but would require a kernel update, something like :

```diff
RCS file: /cvs/src/sys/net/if_pflow.c,v
diff -u -p -r1.111 if_pflow.c
--- ./sys/net/if_pflow.c        7 Jul 2025 02:28:50 -0000       1.111
+++ ./sys/net/if_pflow.c        10 Mar 2026 13:22:22 -0000
@@ -111,7 +111,7 @@ int export_pflow_if(struct pf_state*, st
         struct pflow_softc *);
  int    copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc);
  int    copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow,
-       struct pflow_softc *sc);
+       struct pflow_softc *sc, uint16_t rdomain);
  int    copy_flow_ipfix_6_to_m(struct pflow_ipfix_flow6 *flow,
         struct pflow_softc *sc);

@@ -930,7 +930,8 @@ copy_flow_to_m(struct pflow_flow *flow,
  }

  int
-copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow, struct
pflow_softc *sc)
+copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow,
+       struct pflow_softc *sc, uint16_t rdomain)
  {
         int             ret = 0;

@@ -944,6 +945,7 @@ copy_flow_ipfix_4_to_m(struct pflow_ipfi
                 sc->sc_count4 = 0;
                 timeout_add_sec(&sc->sc_tmo, PFLOW_TIMEOUT);
         }
+       sc->engine_id = rdomain;
         m_copyback(sc->sc_mbuf, PFLOW_SET_HDRLEN +
             (sc->sc_count4 * sizeof(struct pflow_ipfix_flow4)),
             sizeof(struct pflow_ipfix_flow4), flow, M_NOWAIT);
@@ -1030,10 +1032,10 @@ pflow_pack_flow_ipfix(struct pf_state *s
                             0, 1);

                 if (st->bytes[0] != 0) /* first flow from state */
-                       ret = copy_flow_ipfix_4_to_m(&flow4_1, sc);
+                       ret = copy_flow_ipfix_4_to_m(&flow4_1, sc,
sk->rdomain);

                 if (st->bytes[1] != 0) /* second flow from state */
-                       ret = copy_flow_ipfix_4_to_m(&flow4_2, sc);
+                       ret = copy_flow_ipfix_4_to_m(&flow4_2, sc,
sk->rdomain);
         } else if (sk->af == AF_INET6) {
                 bzero(&flow6_1, sizeof(flow6_1));
```


It's incomplete and not completely suitable. ( Tabs / spaces. Even
my terminal does not copy tabs now, ignoring ipv6 ...  ), but
certainly illustrate the feature better !

I'd appreciate any clarification on whether the errors above are
expected and whether the idea of using engine_id for rdomain tagging
makes sense, and could be included in future release


Happy Spring and thank you for reading that far.