Creating span port using netgraph

Julian Elischer julian at elischer.org
Sun Jan 29 14:04:21 PST 2006 

Anton Yuzhaninov wrote:

>Saturday, January 28, 2006, 10:52:11 PM, Frank wrote:
>
>F> # create ngeth0 and bind xl0, xl1, xl2 and xl3 to it
>F> ngctl mkpeer . eiface hook ether
>F> ngctl mkpeer ngeth0: one2many lower one
>F> ngctl connect xl0: ngeth0:lower lower many0
>F> ngctl connect xl1: ngeth0:lower lower many1
>F> ngctl connect xl2: ngeth0:lower lower many2
>F> ngctl connect xl3: ngeth0:lower lower many3
>
>F> # bring up ngeth0 for sniffing duties
>F> ifconfig ngeth0 monitor up
>
>F> After I run this script, all network connections freeze and I lost all
>F> IP connectvity. If I tcpdup on any inteface (xl? or ngeth0) no traffic
>F> is visible.
>
>Use ng_tee for connect to xl0, xl1...
>  
>
also, as a hint, assign node names as soon as is prcatical (to make 
things easier to read)

so:
# use "right" hooks for "upper" and "Left" hooks for "lower" connections
ngctl mkpeer xl0: tee upper left
ngctl name xl0:upper xl0T
ngctl connect xl0: xl0T: lower right

ngctl mkpeer xl1: tee upper left
ngctl name xl1:upper xl0T
ngctl connect xl1: xl1T: lower right

ngctl mkpeer xl2: tee upper left
ngctl name xl2:up: xl2T lower right
ngctl connect xl2: xl2T: lower right

ngctl mkpeer xl3: tee upper left
ngctl name xl3:upper xl0T
ngctl connect xl3: xl3T: lower right

ngctl mkpeer xl0T: one2many left2right many0
ngctl name xl0T:left2right input_mux
ncgtl connect xl1T: input_mux:  left2right many1
ncgtl connect xl3T: input_mux:  left2right many2
ncgtl connect xl3T: input_mux:  left2right many3

ngctl msg input_mux setconfig "{ xmitAlg=1 enabledLinks=[ 1 1 1 1 ] }"

ngctl mkpeer input_mux: eiface hook ether

However I do wonder if that is what you want, because you would be 
"receiving" two copies of any 
packets destined to you. One from an xl interface, and one from ngeth0.

Also, what good would it do to "receive" these packets again?

for a SPAN port you want to send them out again somewhere,
so that last line would more likely be something like:

ngctl connect input_mux: xl5: one lower
ifconfig xl5 up

which would send the agregaet of all received info out a 5th port 
(though it may not all
fit of course, unless the 5th port is a Gb port..)

you could also feed them to a userland netgraph soket ir anything esle 
if you want of course.


(I haven't tested this script.. I just wrote it in this email)

julian

More information about the freebsd-net mailing list