what direction of the traffic are you trying to see.
if this is the egress traffic, then if you send directly
to one of the members of the bond, trying to capture on the
bond itself will not see the egress traffic, since the tap
(tcpdump egress) maybe set to get packet send on the bond (not
the case in the example you site).
think of it this way. Note the tap is not added to the netdev itself,
it contains the netdev it is for, this is just a conceptual view :-)
nedev(bond) <-- tcpdump tap here
|
|
V
netdev(eth1) <-- send packet here
|
|
V
packet out
on the ingress side, this is a little different, the tap is placed
after the packet is received by the interface (eth1). when eth1 is
a member of a bond, the received netdev in the skb is replaced by
the bond. then the tcpdump tap can check if it is a packet received
by the bond, so it works. There use to be a problem with filtering
specific ingress packet per bond members, I believe the later has
been fix.
On Tue, Dec 2, 2008 at 1:23 PM, Omer Faruk Sen <omerfsen@xxxxxxxxx> wrote:
> My problem is that I tcpreplay traffic at eth1 but I cant see or sniff
> it on bond0 (composed of eth1,2,3) but if I do the reverse (replay
> traffic at bond0 and sniff at eth1) it works without a problem. My
> kernel is 2.6.18-8.el5 (the one that comes with rhel5)
>
> On Tue, Dec 2, 2008 at 8:51 PM, bsilva <bsilva@xxxxxxxxx> wrote:
>> What kernel are you using?
>>
>> I routinely sniff a bond interface using: "tcpdump -i bond0" and it seems
>> to behave as expected.
>>
>> Regards,
>> Brad
>>
>> On Tue, 2 Dec 2008, Omer Faruk Sen wrote:
>>
>>> Hi,
>>>
>>> I have a question about linux kernel. I want to have a setup. This
>>> setup will have 3 interfaces (eth1,eth2,eth3) i will send traffic to
>>> these individual interfaces but I want to see it on just one interface
>>> (traffic aggregation) . I have used bond0 and br0 but when I send
>>> traffic to eth2 I can't see it on br0 or bond0. How can I achieve this
>>> on linux kernel? I can do that on FreeBSD but I must do that on Linux
>>>
>>> Test setup:
>>>
>>> br0 -----> eth1,eth2,eth3 or
>>>
>>> bond0 ----> eth1,eth2,eth3 (used mode 0 and mode 3)
>>>
>>> If I send traffic on eth2 I CANT sniff it on br0 or bond0 but If I
>>> sent traffic (via tcpreplay) to bond0/br0 I can sniff it on ethX.. Is
>>> there a facility to achieve that on Linux? I can sniff interfaces
>>> individually but this case is not ok for me..
>>>
>>> Regards.
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-net" in
>>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>
>>>
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
