[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF and promiscuous mode



Hi,
I'm using two PF boxes as traffic shapers, with CARP, running 3.5
GENERIC#127 i386 (to be updated to 3.7 as soon as it hits the
shelves.)
Will promiscuous mode see traffic before or after queueing on an
interface?
(Context: I'm also using softflowd to export bandwidth usage into
Netflow.  (For those who don't know, softflowd puts the interface into
promiscuous mode and sniffs the traffic, transmitting flow information
to a collector.  It hooks into the stack right where tcpdump does.)
At times, netflow shows that traffic exceeds that permitted by the
queueing.  These are usually very brief periods.  I'm wondering if the
system is capturing unshaped traffic before it is throttled by altq.)
==ml
-- 
Michael W. Lucas	[email protected], [email protected]
		http://www.BlackHelicopters.org/~mwlucas/
	       Latest book: Cisco Routers for the Desperate
	        http://www.CiscoRoutersForTheDesperate.com