From owner-freebsd-security@FreeBSD.ORG Tue Dec 16 01:06:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B513216A4CE for ; Tue, 16 Dec 2003 01:06:47 -0800 (PST) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [213.157.165.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE66143D41 for ; Tue, 16 Dec 2003 01:06:45 -0800 (PST) (envelope-from dudu@diaspar.rdsnet.ro) Received: (qmail 93418 invoked by uid 89); 16 Dec 2003 09:06:48 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (dudu@diaspar.rdsnet.ro@213.157.165.224) by 0 with AES256-SHA encrypted SMTP; 16 Dec 2003 09:06:47 -0000 Date: Tue, 16 Dec 2003 11:06:45 +0200 From: Vlad Galu To: freebsd-security@freebsd.org Message-Id: <20031216110645.2752f5c8.dudu@diaspar.rdsnet.ro> In-Reply-To: <20031216052747.GA39053@mail.unixjunkie.com> References: <20031216052747.GA39053@mail.unixjunkie.com> X-Mailer: Sylpheed version 0.9.8a (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e" Subject: Re: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2003 09:06:47 -0000 --Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit John writes: |----- Forwarded message from John ----- | |Date: Mon, 15 Dec 2003 17:58:15 -0600 |From: John |To: freebsd-stable@freebsd.org |Subject: interface bonding |User-Agent: Mutt/1.4i | |Is there any way to bond sniffer interfaces? |I've read a little on netgraph and it seems |like i maybe able to use that but i'm not sure |how to go about that. | |Basicly the end result is to have snort listen on |a virtual interface, which will have data sent to |it from say fxp0 and fxp1. I also want to make sure that |data from fxp0, fxp1 or $VIRTUAL doesn't get sent out |fxp1 or fxp0 for some reason. | |----- End forwarded message ----- | |I'm sure i checked this before, but a google search turned up this. | |ngctl mkpeer fec dummy fec |ngctl msg fec0: add_iface '"sf2"' |ngctl msg fec0: add_iface '"sf3"' |ngctl msg fec0: set_mode_inet |ifconfig sf2 promisc |ifconfig sf3 promisc |ifconfig fec0 promisc | |after this fec0 will be the virtual if that gets the frames. | |This does depend on the fec module. |# cd /usr/src/sys/modules/netgraph/fec/ |# make && make install | |http://taosecurity.blogspot.com/ <- this is where i found it. |which points out this poster. |http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ids/2003-10 |/0029.html | |So is there a reason the netgraph fec module isn't built by default? Yes. It's not very stable. Better use ng_one2many. |_______________________________________________ |freebsd-security@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-security |To unsubscribe, send any mail to |"freebsd-security-unsubscribe@freebsd.org" | ---- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. --Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/3ssnP5WtpVOrzpcRAmfxAJ9KqFBvW3IW7Rd/G65Pvi3ndOJc1ACgm82n oAKE4YfGBdwm6wtWjy8e7ps= =aAe9 -----END PGP SIGNATURE----- --Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e--