Date: Sat, 8 Dec 2007 23:41:10 +1300 From: Andrew Thompson <thompsa@FreeBSD.org> To: Peter Wood <peter@alastria.net> Cc: freebsd-net@freebsd.org Subject: Re: Aggregating many ports into one for tcpdump server. (also sampling before libpcap) Message-ID: <20071208104110.GB75826@heff.fud.org.nz> In-Reply-To: <475A735F.8000907@alastria.net> References: <4755EFDD.8070609@isc.org> <20071205021851.V87930@fledge.watson.org> <ad79ad6b0712050100p90a1917w5440e06a94f816e7@mail.gmail.com> <20071205093244.U87930@fledge.watson.org> <20071205094657.P87930@fledge.watson.org> <475A735F.8000907@alastria.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 08, 2007 at 10:35:11AM +0000, Peter Wood wrote: > Morning, > > >>> Looking thru the archives, it seems ng_one2many (in this case > >>> 'many2one') is what I am looking for. Am I barking the right tree > here? > > Strangely enough this is the exact situation I was looking into on Friday > for two mirror ports from our border routers via aggregation switches. > > I had seen the netgraph solution however I had initially ignored if_bridge > as I don't want the packets to be sent to the opposing devices. Thats why you combine if_bridge with monitor mode, any incoming packets are discarded after bpf processing so they are never sent to opposing devices. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html#AEN40035 regards, Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071208104110.GB75826>