Creating span interface using 'dup-to' option
Kristof Provost
kp at FreeBSD.org
Sun Oct 11 21:19:43 UTC 2015
On 2015-10-11 13:16:08 (+0200), Miłosz Kaniewski <milosz.kaniewski at gmail.com> wrote:
> I have FreeBSD machine which forwards packets between host1 and host2. This
> machine has also an additional interface (em2) which act as span interface
> - all traffic between host1 and host2 is copied into it.
> To achieve this scenario I can set bridge with em0 and em1 as members and
> em2 as span interface. But I would like to get same result using pf
> instead. So I tried to use this rules:
>
> pass out on em0 dup-to em2 no state
> pass out on em1 dup-to em2 no state
>
> But it doesn't work. No packets appear on interface em2. I've checked same
> configuration on OpenBSD and everything worked well.
> Is there any difference in setting dup-to rule in FreeBSD and OpenBSD pf?
>
>From a quick test, yes, it looks like something's broken, or we're both
misunderstanding something.
My system complains 'arpresolve: can't allocate llinfo for 8.8.8.8 on vtnet1'.
I think the issue is that we still try to resolve the destination MAC on
'em2'.
Can you open a bug? I'll add this to my TODO list.
Regards,
Kristof
More information about the freebsd-pf
mailing list