if_bridge and ng_netflow
Fbsd8
fbsd8 at a1poweruser.com
Sat Aug 10 13:51:28 UTC 2013
Volodymyr Kostyrko wrote:
> Hi all.
>
> I have one machine with bridge configured. Recently I thinked about
> capturing all traffic on the bridge with ng_netflow.
>
> 1. ng_ether doesn't attach to bridge0 interface:
>
> # ngctl list | grep ether
> Name: rl0 Type: ether ID: 00000034 Num hooks: 2
> Name: ste0 Type: ether ID: 00000035 Num hooks: 2
> Name: wlan0 Type: ether ID: 00000036 Num hooks: 2
>
> 2. If I attach all physical interfaces to netflow I get no statistics
> for data originating from server. I.e. I see all inbound traffic but I
> see no outbound traffic.
>
> Maybe I'm just doing everything wrong? I'm adding interfaces to netflow
> this way:
>
> connect wlan0: netflow0: upper iface2
> connect wlan0: netflow0: lower iface3
> connect netflow0: netflow0: out2 out3
>
> 3. Ok, I can do this other way (sorry, I'm bad at netflow scripting):
>
> mkpeer eiface ether ether
> rmhook ngeth0: ether
>
> ifconfig ngeth0 up
> ifconfig bridge0 span ngeth0
>
> And again I see only inbound packets. I see no packets coming from me.
>
> Is there any other working way to get stats from bridge interface?
>
if_bridge is relatively new in FreeBSD. Netgraph precedes if_bridge and
is un-aware of if_bridge. Change your if_bridge definition to a
ng bridge definition and everything your trying to do should fall into
place.
More information about the freebsd-questions
mailing list