From owner-freebsd-net@freebsd.org Wed Sep 28 18:07:57 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F26FC01DAF for ; Wed, 28 Sep 2016 18:07:57 +0000 (UTC) (envelope-from mikej@mikej.com) Received: from mx2.paymentallianceintl.com (mx2.paymentallianceintl.com [216.26.158.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx2.paymentallianceintl.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 12FD912BA for ; Wed, 28 Sep 2016 18:07:56 +0000 (UTC) (envelope-from mikej@mikej.com) Received: from firewall.mikej.com (f [162.230.214.65]) by mx2.paymentallianceintl.com (8.15.1/8.15.1) with ESMTPS id u8SI7sx7098081 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 28 Sep 2016 14:07:55 -0400 (EDT) (envelope-from mikej@mikej.com) X-SenderID: Sendmail Sender-ID Filter v1.0.0 mx2.paymentallianceintl.com u8SI7sx7098081 Authentication-Results: mx2.paymentallianceintl.com; sender-id=fail (NotPermitted) header.from=mikej@mikej.com; spf=fail (NotPermitted) smtp.mfrom=mikej@mikej.com X-Authentication-Warning: mx2.paymentallianceintl.com: Host f [162.230.214.65] claimed to be firewall.mikej.com Received: from mail.mikej.com (firewall.mikej.com [192.168.6.63]) by firewall.mikej.com (8.15.2/8.15.2) with ESMTP id u8SI7q05035178 for ; Wed, 28 Sep 2016 14:07:53 -0400 (EDT) (envelope-from mikej@mikej.com) DMARC-Filter: OpenDMARC Filter v1.3.1 firewall.mikej.com u8SI7q05035178 Authentication-Results: mail.mikej.com; dmarc=none header.from=mikej.com DKIM-Filter: OpenDKIM Filter v2.10.3 firewall.mikej.com u8SI7q05035178 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mikej.com; s=mail; t=1475086073; bh=ho7EMdUNJHFX7QzncCtgkeaQvblhxwX36sajclSL7Tg=; h=Date:From:To:Subject:In-Reply-To:References; b=g8t7iq2B1MPo0udNkZHYIIRo78xoYimhPqks+iGpdi97a5crpHDvVwBZTv24aA32h gJ7cN/TrFQyvd1GwXPPk+ihgHMcK1mOuDVUpxXst3zkozchhvS/rW3ZVMdPimalrW1 4NEpQN35ZR1x21/wpa2b4kcP+SWV+kSP8gs0QR4VWOr0iBYXqLCvJgdm6yIWa9Y/V7 M6LgHysJYolKQOJToDqpn5xnUwSFMfHYtzQYyJGOrcT+WaSChTQCtVPM2hVfdZ6eI4 GUOh4RwHDYOT4rnXvHxeFKS7IoeOy0SrLKwsxQvPEk5/JecI/dN16X62oi5oL2F7ym uReK+30NfJrmA== X-SenderID: Sendmail Sender-ID Filter v1.0.0 firewall.mikej.com u8SI7q05035178 Authentication-Results: firewall.mikej.com; sender-id=pass header.from=mikej@mikej.com; spf=pass smtp.mfrom=mikej@mikej.com X-Authentication-Warning: firewall.mikej.com: Host firewall.mikej.com [192.168.6.63] claimed to be mail.mikej.com MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 28 Sep 2016 14:07:52 -0400 From: Michael Jung To: freebsd-net@freebsd.org Subject: Problem with softflowd capturing packets while using IPFW In-Reply-To: <297106f04667313b805a4a20903c77ba@mail.mikej.com> References: <297106f04667313b805a4a20903c77ba@mail.mikej.com> Message-ID: <1b09214a03f0f8be7fb6e9522eb141d4@mail.mikej.com> X-Sender: mikej@mikej.com User-Agent: Roundcube Webmail/1.2.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2016 18:07:57 -0000 Softflowd v0.9.8 / FreeBSD 10.3-RELEASE-p7 I have used softflowd for years to build netflow packets without issue until now. I have never tried to use it while running IPFW. When running softflowd while IPFW is running using the source interface for NAT it does not build flows. I can confirm IPFW is the issue as it work without issue when IPFW is not loaded. softflowd emits no errors even in debug mode. tcpdump on the same source interface has no problems capturing packets. I also tried creating a netgraph bridge from the source NAT interface kldload ng_ether kldload ng_bridge kldload ng_eiface # create and connect bridge to PHY ngctl mkpeer em0: bridge lower link0 ngctl connect em0: re0:lower upper link1 # name the bridge ngctl name em0:lower em0br0 # Connect first virtual NIC ngctl mkpeer em0:lower eiface link2 ether But the only thing I see on the bridged interface is broadcast traffic when on other boxes without IPFW I would see all bridged traffic which is odd. Is there some magic I need in my IPFW rules or is another approach needed? Thanks in advance. --mikej