Date: Sun, 11 Oct 2015 23:19:38 +0200 From: Kristof Provost <kp@FreeBSD.org> To: =?utf-8?Q?Mi=C5=82osz?= Kaniewski <milosz.kaniewski@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Creating span interface using 'dup-to' option Message-ID: <20151011211938.GD10055@vega.codepro.be> In-Reply-To: <CAC4mxp5ar-Kvp5238VRfKEL6FiVOg7XXzmv8fE-zdEFYRk7cAw@mail.gmail.com> References: <CAC4mxp5ar-Kvp5238VRfKEL6FiVOg7XXzmv8fE-zdEFYRk7cAw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2015-10-11 13:16:08 (+0200), MiĆosz Kaniewski <milosz.kaniewski@gmail.com> wrote: > I have FreeBSD machine which forwards packets between host1 and host2. This > machine has also an additional interface (em2) which act as span interface > - all traffic between host1 and host2 is copied into it. > To achieve this scenario I can set bridge with em0 and em1 as members and > em2 as span interface. But I would like to get same result using pf > instead. So I tried to use this rules: > > pass out on em0 dup-to em2 no state > pass out on em1 dup-to em2 no state > > But it doesn't work. No packets appear on interface em2. I've checked same > configuration on OpenBSD and everything worked well. > Is there any difference in setting dup-to rule in FreeBSD and OpenBSD pf? > >From a quick test, yes, it looks like something's broken, or we're both misunderstanding something. My system complains 'arpresolve: can't allocate llinfo for 8.8.8.8 on vtnet1'. I think the issue is that we still try to resolve the destination MAC on 'em2'. Can you open a bug? I'll add this to my TODO list. Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151011211938.GD10055>