carlopmart wrote: > On 10/24/2011 06:13 PM, James Carlson wrote: >> carlopmart wrote: >>> Is it possible to configure a bridge (with n physical nics) with a >>> span >>> port like for example FreeBSD does?? >> >> No, mirror port functionality does not exist. >> >> If you intend to use snoop / tcpdump / wireshark on the span port, then >> just use the existing monitoring facility. A bridge created with dladm >> will have an observability node, based on the bridge name. If you >> create a bridge named "foo", then you can snoop on "foo0" and see all of >> the packets processed by the bridge. >> >> If you're using the span port for some other purpose, then the feature >> will probably have to be added to the code. It's not present in the >> current code because the observability node covered the known uses of >> that sort of port without extra complications. >> > > Thanks James. I need to sniff traffic on this bridge, but using it as > port mirror or span port. For example, if I create a bridge with bge0, > bge1, and bge2, I need to "see" all traffic that cross these interfaces, > not only, for example, bge0 ... That's the problem.
I'm a little confused, because that's exactly what the existing observability mechanism is for. If you use that existing node (named after the bridge), you'll see all of the traffic processed by the bridge, regardless of the port on which it was received. It's a solved problem. You didn't say how you're sniffing traffic. If you mean that you must use an _external_ network monitoring device to do this, then the existing built-in mechanism obviously won't be sufficient. That'd be a fair reason to add a port mode flag that disables the normal MAC filtering, though it's a little unclear why an external device would be required or desired. In any event, if you're interested in looking into this, the source for the driver itself is in usr/src/uts/common/io/bridge.c. The necessary change, I think, might be to make bridge_forward() treat those "monitor" links as special, or to look for the calls to mac_rx() (the existing observability hooks) and insert special handling there. -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
