[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and promiscuous mode

On Fri, 2005-03-18 at 10:48, Michael W. Lucas wrote:
> Hi,
> I'm using two PF boxes as traffic shapers, with CARP, running 3.5
> GENERIC#127 i386 (to be updated to 3.7 as soon as it hits the
> shelves.)
> Will promiscuous mode see traffic before or after queueing on an
> interface?
inbound to an interface:  before.
outbound from an interface:  after.
promiscuous mode apps normally attach at the BPF layer which is below
where a layer 3 filter like PF hooks into the stack.  so as a packet go
up the stack it hits BPF, then layer 3 filter.  as a packet goes down
the stack on the way out, it hits layer 3 filter then BPF.
"If I wanted smoke blown up my ass, I'd be at home with a pack of
 cigarettes and a short length of hose."
	--The Simpsons