Promisc module/sysctl parameter.

Also couple of portability fixes for ifDescr code.

Author: aabc

README

@@ -50,6 +50,8 @@ ipt_NETFLOW linux 2.6.x-3.x kernel module by <abc@telekom.ru> -- 2008-2014.
    * SNMP-index translation rules, let convert meaningless and unstable
      interface indexes (ifIndex) to more meaningful numbering scheme.
 
+   * Easy support for catching mirrored traffic with promisc option.
+
 
 ============================
 = OBTAINING LATEST VERSION =

README.promisc

@@ -1,16 +1,49 @@
 Hello,
 
-If you wish to account with netflow module traffic mirrored on switch you may follow this example:
+If you wish to account with ipt-netflow module traffic mirrored on switch you may follow
+ one of these examples:
 
 
-   Solution 1: General kernel patch.
-   Solution 2: Alternative w/o kernel patch.
+   Solution 1: Promisc-hack module option. [2014]
+   Solution 2: General kernel patch. [2008]
+   Solution 3: Alternative w/o kernel patch, using bridges. [2010]
 
 
     **************
     * Solution 1 *
     **************
 
+   No kernel patching is need anymore! (As in easy.)
+
+   Compile module with `./configure --enable-promisc' option. This will enable
+  `promisc=' module parameter and sysctl parameter `net.netflow.promisc'.
+  Set any of these to `1' to enable promisc hack, you will see dmesg message
+  that it's enabled, set to `0' to disable (default).
+
+   This option turned on will pass promisc traffic into `PREROUTING' chain
+  of `raw' table (same as with promisc patches). Briefly it's like this:
+
+   # cd ipt-netflow/
+   # ./configure --enable-promisc
+   # make all install
+   # iptables -A PREROUTING -t raw -i eth2 -j NETFLOW
+   # sysctl net.netflow.promisc=1
+   # ifconfig eth2 promisc
+   # grep Promisc /proc/net/stat/ipt_netflow
+
+   Now you should be able to see promisc observed packets count increasing.
+
+   Note, that enabling module's parameter promisc=1 will not enable promiscuous
+  mode on network cards, these are completely different things. This option will
+  let iptables to see promisc traffic. That traffic will not be routed anywhere
+  and discarded just after passing PREROUTING chain.
+
+
+
+    **************
+    * Solution 2 *
+    **************
+
 1. Patch your kernel with `raw_promisc.patch' to enable raw table to see promisc traffic.
 
  # cd /usr/src/linux
@@ -56,7 +89,7 @@ ps. For Debian Squeeze instructions look at raw_promisc_debian_squeeze6.patch
 
 
     **************
-    * Solution 2 *
+    * Solution 3 *
     **************
 
 By Anonymous.

configure

@@ -259,6 +259,7 @@ show_help() {
   echo "  --enable-sampler       enables Flow Sampling"
   echo "  --enable-sampler=hash  enables Hash sampler"
   echo "  --disable-aggregation  disables aggregation rules"
+  echo "  --enable-promisc       enables promisc hack"
   exit 0
 }
 
@@ -287,6 +288,7 @@ do
     --enable-sampl*hash) KOPTS="$KOPTS -DENABLE_SAMPLER -DSAMPLING_HASH" ;;
     --enable-sampl*) KOPTS="$KOPTS -DENABLE_SAMPLER" ;;
     --disable-aggr*) KOPTS="$KOPTS -DDISABLE_AGGR" ;;
+    --enable-promisc*) KOPTS="$KOPTS -DENABLE_PROMISC" ;;
     --make) echo called from make ;;
     -Werror) KOPTS="$KOPTS -Werror" ;;
     --help|-h) show_help ;;