On Fri, Dec 03, 2004 at 11:48:35AM -0500, Roman Chertov wrote: > > I wonder if it would be worth to introduce some kind of "monitor > > interface" for a brigde (as can be found on switches, don't know if > > "monitor port" would be the correct term for it). > > > I have already made one for the 2.4.20 kernel module and the 1.0.4 > bridge-utils. Since I was making this for the Emulab testbed I also had > to change the src/dst MACs that were going to the tap; otherwise, the > underlying switch would drop the mirrored packets as their MAC's were > not registered on the VLAN where the tap sat. > > If people have any interest in this I can share with the code. I'd be interested in something like this. Maybe something along the lines of: brctl addtap <bridge> <device> # only allow 1 tap? i'd guess so, but if not brctl deltap <bridge> # then add a <device> param to deltap This would be very useful for me, as it would make hooking up snort to a linux bridge very nice and easy. J -- Jody Belka knew (at) pimb (dot) org
