From owner-freebsd-net@freebsd.org  Tue Feb  2 20:27:08 2021
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B44253C7AC
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Tue,  2 Feb 2021 20:27:08 +0000 (UTC)
 (envelope-from lutz@iks-jena.de)
Received: from annwfn.iks-jena.de (annwfn.iks-jena.de [IPv6:2001:4bd8::19])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DVbvb2BY8z4Wdw
 for <freebsd-net@freebsd.org>; Tue,  2 Feb 2021 20:27:07 +0000 (UTC)
 (envelope-from lutz@iks-jena.de)
X-SMTP-Sender: IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f
Received: from belenus.iks-jena.de (belenus.iks-jena.de
 [IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f])
 by annwfn.iks-jena.de (8.15.2/8.15.2) with ESMTPS id 112KQpS7000579
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Tue, 2 Feb 2021 21:26:51 +0100
X-MSA-Host: belenus.iks-jena.de
Received: (from lutz@localhost)
 by belenus.iks-jena.de (8.14.3/8.14.1/Submit) id 112KQpqE032046;
 Tue, 2 Feb 2021 21:26:51 +0100
Date: Tue, 2 Feb 2021 21:26:51 +0100
From: Lutz Donnerhacke <lutz@donnerhacke.de>
To: petru garstea <peter.garshtja@ambient-md.com>
Cc: freebsd-net@freebsd.org
Subject: Re: netgraph with ng_netflow and ng_gridge nodes
Message-ID: <20210202202651.GA31946@belenus.iks-jena.de>
References: <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com>
 <20210202201649.GA31653@belenus.iks-jena.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210202201649.GA31653@belenus.iks-jena.de>
X-message-flag: Please send plain text messages only. Thank you.
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Rspamd-Queue-Id: 4DVbvb2BY8z4Wdw
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of lutz@iks-jena.de designates 2001:4bd8::19
 as permitted sender) smtp.mailfrom=lutz@iks-jena.de
X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2001:4bd8::19:from];
 RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2001:4bd8::/48:c];
 NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[donnerhacke.de];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 SPAMHAUS_ZRD(0.00)[2001:4bd8::19:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000];
 RCPT_COUNT_TWO(0.00)[2];
 FORGED_SENDER(0.30)[lutz@donnerhacke.de,lutz@iks-jena.de];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:15725, ipnet:2001:4bd8::/29, country:DE];
 FROM_NEQ_ENVFROM(0.00)[lutz@donnerhacke.de,lutz@iks-jena.de];
 MAILMAN_DEST(0.00)[freebsd-net]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 20:27:08 -0000

On Tue, Feb 02, 2021 at 09:16:49PM +0100, Lutz Donnerhacke wrote:
> fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0
>                                                  \.link3 -- ether.eiface

The strange thing is, that both fxp0 and eiface provide an interface to the
kernel IP stack. This is confusing (for the kernel).

I'd like to point you to ng_tee instead of ng_bridge for a read only access
to the communitcation (depending on the direction). Even ng_one2many or
ng_hub might be a better solution.

If you only need the eiface to attach tcpdump, you can omit it completely,
because tcpdump is able to sniff on the fxp0 even if the netgraph hooks are
set.