Date: Sun, 17 Aug 2014 17:28:10 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-standards@FreeBSD.org Subject: [Bug 192756] New: SPAN port on bridge does not span packets originating locally Message-ID: <bug-192756-15@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192756 Bug ID: 192756 Summary: SPAN port on bridge does not span packets originating locally Product: Base System Version: 8.3-RELEASE Hardware: amd64 OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: standards Assignee: freebsd-standards@FreeBSD.org Reporter: jbw@hilltopgroup.com I have built a firewall/routing box utilizing FreeBSD (8.3-RELEASE) and need to mirror all of the lan-side traffic before it is NATed to another box which will have traffic analysis software running on it. The firewall box has 4 interfaces: 3 wired (re0, re1, re2) and 1 wireless (ath0). re0 is the internet port (WAN), re1 and ath0 are bridged into bridge0 which has my LAN IP (so that both my wired and wireless systems are all on the same physical network), and re2 is a member of bridge0 as a SPAN port. A tcpdump on the SPAN (and on the analysis box) shows that all packets which enter the system via ath0 and re1 are mirrored appropriately, but if the packets originate either on the WAN port (re1) or internal to the firewall box (ping a LAN endpoint from the firewall shell) the packets are not present on the SPAN port. tcpdump on bridge0 captures the packets, so they're definitely on the bridge. In order to eliminate all possibilities I ran a liveCD of FreeBSD 10-RELEASE on a different box box with 4 interfaces with em0 and em1 bridged together into bridge0 with em3 as a SPAN port for bridge0. Bridge0 has the IP. No firewall, no ports, nothing has been installed or configured. On this box, any packets which physically enter either em0 or em1 (the bridged interfaces) are SPANned, but nothing that originates on the fresh box shows up on the SPAN. Again, the packets originating on the system show up on a tcpdump of bridge0. I also tested this on the same system listed here, but with the installed version of 9.0-RELEASE. When giving the IP to one of the physical interfaces, the SPAN port works correctly, and locally generated packets are SPANned appropriately. This isn't ideal as it means that if the physical interface with the IP goes down, clients on the other interfaces will lose connectivity to the system, and when bridging it's ideal to give the IPs to the bridge itself to protect against that possibility. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-192756-15>