Date: Sun, 22 Nov 2015 20:14:58 +0100 From: Kristof Provost <kp@FreeBSD.org> To: =?utf-8?Q?Mi=C5=82osz?= Kaniewski <milosz.kaniewski@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Creating span interface using 'dup-to' option Message-ID: <20151122191458.GD2307@vega.codepro.be> In-Reply-To: <20151115173349.GE13268@vega.codepro.be> References: <CAC4mxp5ar-Kvp5238VRfKEL6FiVOg7XXzmv8fE-zdEFYRk7cAw@mail.gmail.com> <SN1PR08MB18210835207E194932EBB485BA310@SN1PR08MB1821.namprd08.prod.outlook.com> <CAC4mxp77FrDvT%2B1J%2BdQqrgc_ji3vmbMZOkYnXae%2BD2L1PanK1g@mail.gmail.com> <20151108000315.GC2336@vega.codepro.be> <20151108192951.GD2336@vega.codepro.be> <CAC4mxp7B5tYErUX%2Bh0803eQhRY2XzXCFpLP7=2ESJPQtVupczA@mail.gmail.com> <CAC4mxp6wvMe9EWqXYzNG=FEA2HO-kNqmdLrUjs8nHJUODTucUw@mail.gmail.com> <20151115173349.GE13268@vega.codepro.be>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2015-11-15 18:33:49 (+0100), Kristof Provost <kp@FreeBSD.org> wrote: > On the other hand, perhaps there's something we can do about the state > matching. The problems all start because we match state on the > duplicated packet. That's not correct, because the rule is set on e.g. > em0, but the duplicated packet is sent out on em1. > In fact, from a first reading of the code I don't actually understand > why we're getting that state match. > I've looked at the state matching for a bit. It turns out that by default packets will match state on any interface (specifically, the state is saved to the 'all' interface, rather than to the specific interface it was created on). That default can be changed with 'set state-policy if-bound'. I'd expect adding that would work around the problem you see. Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151122191458.GD2307>