Netgraph

From BroWiki

Jump to: navigation, search

Do this to improve packet capture performance on a FreeBSD host with multiple network interfaces.

Create a boot script similar to this to use FreeBSD's netgraph facility to bond multiple interfaces together into a single virtual interface. 

# sk interfaces are real interfaces which receive tap input 
# outputs; ngeth0 is created by ngctl

# ng_ether must be loaded so netgraph can "see" the
kldload ng_ether

# bring up the real interfaces
ifconfig sk0 promisc -arp up media 1000baseSX mediaopt full-duplex
ifconfig sk1 promisc -arp up media 1000baseSX mediaopt full-duplex

# create ngeth0 and bind sk0 and sk1 to it
ngctl mkpeer . eiface hook ether
ngctl mkpeer ngeth0: one2many lower one
ngctl connect sk0: ngeth0:lower lower many0
ngctl connect sk1: ngeth0:lower lower many1

# bring up ngeth0 for sniffing duties
ifconfig ngeth0 -arp up
Retrieved from "http://bro-ids.org/wiki/index.php/Netgraph"
Personal tools