OK, I am running current now.
If I run:
tcpdump -ni vale0:2 -w /tmp/2 &
tcpdump -ni vale0:1 -w /tmp/1 &
pkt-gen -i vale0:0 -f tx
I get half of all generated traffic on /tmp/2 and the other half of /tmp/1.
I guess this is the expected behavior, different from what I expected. Is
that the expected behavior?
Is there a way to create a VALE port that will mirror the traffic? Or is
there a way to run the pcap enabled application (tcpdump in this case) in
netmap mode (pcap netmap) without removing the packets from the ring? Say,
I want to be table to run:
pkt-gen -i vale0:0 -f tx
pkt-gen -i vale0:1 -f rx
tcpdump -ni vale0:2 -w /tmp/1
and have a copy of all traffic on /tmp/1.
In the above tests, if I run:
pkt-gen -i vale0:0 -f tx
pkt-gen -i vale0:1 -f rx
tcpdump -ni vale0:1 -w /tmp/1
tcpdump will remove as many packets as it can from the ring, and rx rates
will drop to 0 or close to it (the ramaining rate is what tcpdump can not
process)
thank you
On Fri, Nov 27, 2015 at 3:50 PM, Eduardo Meyer <dudu.meyer at gmail.com>
wrote:
> Hello,
>
> I am trying to achieve a netmap based bridge which will allow me to
> capture packets from it, say, I want to bridge ix0 + ix1 and be able to
> tcpdump it (in fact I want to run other applications which are netmap
> aware).
>
> Should it work on -STABLE? Because as far as I remember I could make it
> work in the past, and some other people[1] had some success doing it too
> (at least the vale + wire bridge part)
>
> What I get is an error while opening ix0 connected to vale:
>
> # ./vale-ctl
> 257.967371 bdg_ctl [148] bridge:0 port:0 vale0:fnm0
> 257.967399 bdg_ctl [148] bridge:0 port:1 vale0:ids0
> 257.967407 bdg_ctl [148] bridge:0 port:2 vale0:ix0
> 257.967414 bdg_ctl [148] bridge:1 port:0 vale1:fnm1
> 257.967419 bdg_ctl [148] bridge:1 port:1 vale1:ids1
> 257.967428 bdg_ctl [148] bridge:1 port:2 vale1:ix1
>
> # ./bridge -i netmap:ix0 -i netmap:ix1
> ./bridge built Nov 26 2015 19:18:34
> 268.504787 nm_open [839] NIOCREGIF failed: Device busy ix0
> 268.504800 main [233] cannot open netmap:ix0
> Exit 1
>
> How can I achieve it? Is it ok to expect to have another netmap capable
> software (say like suricata) to use this other vale connected port? Or will
> both software (bridge and suricata) concurrently copy and remove packets
> from netmap rings and therefore mess up the whole thing?
>
> [1]
>
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-October/005310.html
>
>
> --
> ==========> Eduardo Meyer
> pessoal: dudu.meyer at gmail.com
> profissional: ddm.farmaciap at saude.gov.br
>
--
==========Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br