Date: Wed, 21 Jan 2004 13:38:33 -0800 (PST) From: Richard Bejtlich <richard_bejtlich@yahoo.com> To: freebsd-security@freebsd.org Subject: Re: interface bonding Message-ID: <20040121213833.57935.qmail@web60809.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello, On 9 Jan 04 I posted a method for bonding interfaces using netgraph for purposes of sniffing tap outputs as a single virtual interface. Unfortunately, the method I posted creates two copies of every packet. I have used the following to successfully collect only one copy of packets sent from the two TX streams of a network tap: #!/bin/sh # sf2 and sf3 are real interfaces which receive tap # outputs; ngeth0 is created by ngctl # ng_ether must be loaded so netgraph can "see" the # real interfaces sf2 and sf3 kldload ng_ether # bring up the real interfaces ifconfig sf2 promisc -arp up ifconfig sf3 promisc -arp up # create ngeth0 and bind sf2 and sf3 to it ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: one2many lower one ngctl connect sf2: ngeth0:lower lower many0 ngctl connect sf3: ngeth0:lower lower many1 # bring up ngeth0 for sniffing duties ifconfig ngeth0 -arp up -- Sorry for the confusion earlier. I appreciate any comments on how to improve this method. Please check my 9 Jan post to see the setup which created the dual packets. Sincerely, Richard Bejtlich http://www.taosecurity.com __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040121213833.57935.qmail>