From owner-freebsd-security@FreeBSD.ORG Mon Dec 15 21:00:48 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C3FE16A4CE for ; Mon, 15 Dec 2003 21:00:48 -0800 (PST) Received: from dmz2.unixjunkie.com (adsl-65-70-175-250.dsl.rcsntx.swbell.net [65.70.175.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A14B43D45 for ; Mon, 15 Dec 2003 21:00:42 -0800 (PST) (envelope-from strgout@unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by dmz2.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id hBG5RmYe039078 for ; Mon, 15 Dec 2003 23:27:48 -0600 (CST) (envelope-from strgout@mail.unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by mail.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id hBG5RmKf039075 for ; Mon, 15 Dec 2003 23:27:48 -0600 (CST) (envelope-from strgout@mail.unixjunkie.com) Received: (from strgout@localhost) by mail.unixjunkie.com (8.12.8p2/8.12.8/Submit) id hBG5RmNi039074 for freebsd-security@freebsd.org; Mon, 15 Dec 2003 23:27:48 -0600 (CST) (envelope-from strgout) Date: Mon, 15 Dec 2003 23:27:47 -0600 From: John To: freebsd-security@freebsd.org Message-ID: <20031216052747.GA39053@mail.unixjunkie.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: RE: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2003 05:00:48 -0000 ----- Forwarded message from John ----- Date: Mon, 15 Dec 2003 17:58:15 -0600 From: John To: freebsd-stable@freebsd.org Subject: interface bonding User-Agent: Mutt/1.4i Is there any way to bond sniffer interfaces? I've read a little on netgraph and it seems like i maybe able to use that but i'm not sure how to go about that. Basicly the end result is to have snort listen on a virtual interface, which will have data sent to it from say fxp0 and fxp1. I also want to make sure that data from fxp0, fxp1 or $VIRTUAL doesn't get sent out fxp1 or fxp0 for some reason. ----- End forwarded message ----- I'm sure i checked this before, but a google search turned up this. ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface '"sf2"' ngctl msg fec0: add_iface '"sf3"' ngctl msg fec0: set_mode_inet ifconfig sf2 promisc ifconfig sf3 promisc ifconfig fec0 promisc after this fec0 will be the virtual if that gets the frames. This does depend on the fec module. # cd /usr/src/sys/modules/netgraph/fec/ # make && make install http://taosecurity.blogspot.com/ <- this is where i found it. which points out this poster. http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ids/2003-10/0029.html So is there a reason the netgraph fec module isn't built by default?