NEMEA on OpenWRT - system guide
This guide will show you how to compile, install and use NEMEA on OpenWrt system.
Router with at least 32 MB RAM.
Clone the latest stable OpenWrt branch:
git clone https://git.openwrt.org/15.05/openwrt.git
Once cloned, change into OpenWrt build root directory:
Show OpenWRT configuration menu utility by running:
and set the target system, target profile and also other options or packages to compile you want.
Once set, scroll down in main menu, find
NEMEA entry and enter to it’s configuration menu.
There are 2 options how to get NEMEA into OpenWrt system:
- Compile and create
ipkpackages and install them later by
- or compile and include NEMEA into OpenWrt firmware image file.
Creating ipk packages
If you decided to create
ipk packages, set the
nemea-modules option labels to
Including NEMEA into image file
Otherwise set labels to
*, NEMEA will be included in target firmware image file instead.
NOTE: Images can be configured in main menu under
Target Images entry.
Additional NEMEA configuration
If you enter into
nemea-modules menu, several variables for those packages can be configured. Defaults are recommended, so be careful when you set libtrap buffer size or flow cache size to higher values, otherwise modules might run out of memory.
When configuration is done you can finally compile OpenWrt using the following command:
This will take some time.
Installing firmware image
If you created
ipk packages, skip this section.
Image installation is not part of this guide, but you can follow official OpenWrt guide.
Installing ipk packages
Created packages are located in
bin/TARGET/packages/nemea/ directory, where
TARGET is the target system you set in
Target system configuration menu.
Assuming you already have installed OpenWrt system, copy NEMEA packages into your router using the following command:
scp bin/TARGET/packages/nemea/nemea-* root@<your_router_ip_address>:
Next log into your router:
opkg update opkg install nemea-*
libtrap and NEMEA exporting modules are now installed.
Using NEMEA modules
NEMEA modules are installed in
/usr/bin/nemea directory. On router you can simply run:
/usr/bin/nemea/flow_meter -i t:12345 -I br-lan
which will start flow_meter module capturing packets from
br-lan interface and listening on port
If you have NEMEA installed on your computer, you can show exported flows from your router by running:
logger -i t:<your_router_ip_address>:12345 -t
or if your OpenWrt router uses big endian architecture, you will need to use special module:
endiverter -i t:<your_router_ip_address>:12345,u:my_socket & logger -i u:my_socket -t
For help use:
or NEMEA readme.
At first, we need to install USB kernel module:
opkg update opkg install kmod-usb-storage block-mount kmod-scsi-core kmod-fs-vfat kmod-fs-msdos kmod-nls-cp437 kmod-nls-iso8859-1 kmod-nls-utf8
block info block detect
config 'global' option anon_swap '0' option anon_mount '0' option auto_swap '1' option auto_mount '1' option delay_root '5' option check_fs '0' config 'mount' option target '/mnt/sda1' option uuid '3dda-eb19' option enabled '0'
If we haven’t changed
/etc/config/fstab yet, we can update its content simply by:
block detect > /etc/config/fstab
but remember to remove the
option enabled '0' line which disables our mountpoint.
block umount; block mount
we should have working mounted USB drive.
Running flow_meter using init script
flow_meter, you need to prepare its configuration in
config params option plugins basic,sip,http option ifcspec f:/data/base.trapcap:w:time=5,f:/data/sip:w:time=5,f:/data/http:w:time=5 option network br-lan
Having configuration file, it is possible to start service:
If we need to start
flow_meter on startup, just enable it:
Tested versions and devices
Tested on OpenWrt Chaos Calmer 15.05.1:
TP-Link Archer C7 v2
TP-Link TL-WR1043ND v1