Greetings,
I have come up with a graph with no use of ng_tee, ng_hub or ng_one2many.
Also I validated the flows on a collector
In case anybody has the same use case I am sharing the graph
mkpeer re0: netflow lower iface0
name re0:lower netflow
connect re0: netflow: upper out1
mkpeer netflow: bridge out0 link0
name netflow:out0 re0bridge
connect re0bridge: netflow: link1 iface1
mkpeer re0bridge: eiface link2 ether
name re0bridge:link2 ng0
mkpeer netflow: ksocket export9 inet/dgram/udp
msg re0: setpromisc 1
msg re0: setautosrc 0
msg netflow: setconfig {iface=0 conf=11}
msg netflow: setconfig {iface=1 conf=11}
msg netflow:export9 connect inet/${collector_ip}:${port}
Cheers,
Petru Garstea
On 2/2/21 3:26 PM, Lutz Donnerhacke wrote:
On Tue, Feb 02, 2021 at 09:16:49PM +0100, Lutz Donnerhacke wrote:
fxp0.lower -- iface0.netgraph.out0 -- link1.bridge.link2 -- upper.fxp0
\.link3 -- ether.eiface
The strange thing is, that both fxp0 and eiface provide an interface to the
kernel IP stack. This is confusing (for the kernel).
I'd like to point you to ng_tee instead of ng_bridge for a read only access
to the communitcation (depending on the direction). Even ng_one2many or
ng_hub might be a better solution.
If you only need the eiface to attach tcpdump, you can omit it completely,
because tcpdump is able to sniff on the fxp0 even if the netgraph hooks are
set.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
