Netgraph - 2 physical interfaces mirrored to 3rd
Ted Wisniewski
ted at ness.plymouth.edu
Mon Jun 20 17:13:20 GMT 2005
I pieced some info together from various sources... See the following script
(running on 5.4-p2, comments are in the script). I seem to have run into a
roadblock though... I am hoping someone else has seen this and solved it.
Ted
#!/bin/csh
# +---------+
# (sk0) <--->| |<---> (sk1)
# | |
# +---------+
# ^
# |
# (xl0)
#
# In this case, sk0 and sk1 are two sides of a firewall and
# xl0 represents a physical interface that the traffic is to
# be mirrored to. The intent is to create a place where a
# sniffer / network monitoring tool can be connected.
#
# The problem...
#
# As soon as "ngctl connect sk0: xl0:lower lower many0" is run,
# No traffic passes on sk0. Am I missing something obvious?
#
#
kldload ng_ether
kldload ng_one2many
kldload netgraph
ifconfig sk0 up
ifconfig sk1 up
ifconfig xl0 inet 10.10.10.10 netmask 255.255.255.0 media 100baseTX mediaopt
ful
l-duplex up
ngctl list
ngctl mkpeer xl0: one2many lower one
#
# The following line causes no traffic to pass on "sk0".
#
ngctl connect sk0: xl0:lower lower many0
#
ngctl connect sk1: xl0:lower lower many1
ngctl msg sk0: setpromisc 1
ngctl msg sk1: setpromisc 1
ngctl msg xl0:lower setconfig "{ xmitAlg=1 failAlg=1 enabledLinks=[ 1 1 ] }"
--
| Ted Wisniewski E-Mail: ted at mail.plymouth.edu |
| Manager, Systems Group WEB: http://oz.plymouth.edu/~ted/ |
| Information Technology Services |
| Plymouth State University Phone: (603) 535-2661 |
| Plymouth NH, 03264 Fax: (603) 535-2263 |
More information about the freebsd-questions
mailing list