interface bonding
Ruslan Ermilov
ru at freebsd.org
Thu Jan 22 01:13:08 PST 2004
On Wed, Jan 21, 2004 at 01:38:33PM -0800, Richard Bejtlich wrote:
> Hello,
>
> On 9 Jan 04 I posted a method for bonding interfaces
> using netgraph for purposes of sniffing tap outputs as
> a single virtual interface. Unfortunately, the method
> I posted creates two copies of every packet.
>
> I have used the following to successfully collect only
> one copy of packets sent from the two TX streams of a
> network tap:
>
> #!/bin/sh
> # sf2 and sf3 are real interfaces which receive tap
> # outputs; ngeth0 is created by ngctl
>
> # ng_ether must be loaded so netgraph can "see" the
> # real interfaces sf2 and sf3
> kldload ng_ether
>
> # bring up the real interfaces
> ifconfig sf2 promisc -arp up
> ifconfig sf3 promisc -arp up
>
> # create ngeth0 and bind sf2 and sf3 to it
> ngctl mkpeer . eiface hook ether
> ngctl mkpeer ngeth0: one2many lower one
> ngctl connect sf2: ngeth0:lower lower many0
> ngctl connect sf3: ngeth0:lower lower many1
>
> # bring up ngeth0 for sniffing duties
> ifconfig ngeth0 -arp up
>
> --
>
> Sorry for the confusion earlier. I appreciate any
> comments on how to improve this method. Please check
> my 9 Jan post to see the setup which created the dual
> packets.
>
This seems to work, too. I believe that duplication you
observe with the old method where you've attached ng_eiface
node instead of ng_ether node may have to do with a bug I've
fixed month ago in src/sys/netgraph/ng_eiface.c,v 1.4.2.6,
in RELENG_4. Can you check if using this revision and the
old method solves the duplication?
Cheers,
--
Ruslan Ermilov
FreeBSD committer
ru at FreeBSD.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040122/31636f11/attachment.bin
More information about the freebsd-security
mailing list