Date: Tue, 2 Feb 2021 21:26:51 +0100 From: Lutz Donnerhacke <lutz@donnerhacke.de> To: petru garstea <peter.garshtja@ambient-md.com> Cc: freebsd-net@freebsd.org Subject: Re: netgraph with ng_netflow and ng_gridge nodes Message-ID: <20210202202651.GA31946@belenus.iks-jena.de> In-Reply-To: <20210202201649.GA31653@belenus.iks-jena.de> References: <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com> <20210202201649.GA31653@belenus.iks-jena.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 02, 2021 at 09:16:49PM +0100, Lutz Donnerhacke wrote: > fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0 > \.link3 -- ether.eiface The strange thing is, that both fxp0 and eiface provide an interface to the kernel IP stack. This is confusing (for the kernel). I'd like to point you to ng_tee instead of ng_bridge for a read only access to the communitcation (depending on the direction). Even ng_one2many or ng_hub might be a better solution. If you only need the eiface to attach tcpdump, you can omit it completely, because tcpdump is able to sniff on the fxp0 even if the netgraph hooks are set.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210202202651.GA31946>