[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dup-to problem with specific packets



On Wed, Apr 13, 2005 at 07:55:22PM +0100, Kimi Ostro wrote:
> On 4/11/05, Michael W. Lucas <[email protected]> wrote:
> > Hi,
> > 
> > I'm trying to duplicate packets matching one particular rule.
> > 
> > Background: I have softflowd running on OpenBSD 3.5 i386.  This is
> > exporting flows to a logging host.  Works beautifully.
> > 
> > The old logging host is being replaced.  I would like to run the two
> > logging hosts in parallel temporarily, until I'm sure all the bugs are
> > out of the new one.
> > 
> > While I could fire up a second instance of softflowd, it seems like
> > this would be a good application of dup-to.  I don't want to duplicate
> > the entire mass of traffic going through this box, just the netflow
> > packets.
> > 
> > pass out on $int_if proto udp from any to a.b.c.251 port 8641 dup-to ($int_if a.b.c.252)
> > 
> Should probably read:
> pass out on $int_if proto udp from any to a.b.c.251 port 8641 (dup-to a.b.c.252)
Thanks, but that doesn't do it either.  :-(  Any other suggestions?
The rule parses perfectly if I put a # sign right before the dup-to,
so I know the rest of it is correct.
I'm sending this duplicate out via the same interface as the original
packet, could that be the problem?  The samples tend to show people
dumping traffic over a different NIC, but that won't work in this
case.  Since netflow transmission is stateless I wasn't expecting any
sort of trouble, but I freely admit that lots of people here know more
than I do.  :-)
==ml
-- 
Michael W. Lucas	[email protected], [email protected]
		http://www.BlackHelicopters.org/~mwlucas/
	       Latest book: Cisco Routers for the Desperate
	        http://www.CiscoRoutersForTheDesperate.com