netgraph with ng_netflow and ng_gridge nodes
Lutz Donnerhacke
lutz at donnerhacke.de
Tue Feb 2 20:27:08 UTC 2021
On Tue, Feb 02, 2021 at 09:16:49PM +0100, Lutz Donnerhacke wrote:
> fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0
> \.link3 -- ether.eiface
The strange thing is, that both fxp0 and eiface provide an interface to the
kernel IP stack. This is confusing (for the kernel).
I'd like to point you to ng_tee instead of ng_bridge for a read only access
to the communitcation (depending on the direction). Even ng_one2many or
ng_hub might be a better solution.
If you only need the eiface to attach tcpdump, you can omit it completely,
because tcpdump is able to sniff on the fxp0 even if the netgraph hooks are
set.
More information about the freebsd-net
mailing list