Unfortunately I'm not able to run any command on production servers :( All I could get was a physical port mirror, using an ethernet cable in the switch. Since I do have a copy of the packet on my own box, why can't I change it, inside my own box, to match my own IP addr and route it to my own userspace app (no matter interface)? For me this should be simple: 1 - a pkt reached my interface with prod-server-dst-addr; 2 - before it get routed, rewrite its dst-addr to my interface's addr; 3 - let the kernel delivery it to my interface's local addr:port. thanx. On Wed, Oct 20, 2010 at 8:21 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > > On Wednesday 2010-10-20 23:58, Mateus Caruccio wrote: >> >>Our DEVEL_SRV should receive exactly the same packet PROD_SRV >>receives, but with destination address modified >>so it can reach our userspace application. >>I've tried to "DNAT" it, but without success: > > Because DNAT is factually wrong, as it does not make a copy. Instead, > use -j TEE on the host where the copy is to be made, and use either a > packet socket (tcpdump uses such) or local delivery routing (`ip route > add local dstaddrinpacket` and so). > >>tcpdump shows that all requests are being properly mirrored from PORT2 to PORT3. >>ifconfig eth0 on DEVEL_SRV does not present any increment on RX >>statistics, but if I "ifconfig eth0 promisc", it starts to increment >>RX. > > Forget about ifconfig. People should use modern tools like ip. > -- # ################ VOTE NULO ################ # Mateus de Oliveira Caruccio <mateus at caruccio dot com> # Old programmers never die. They just branch to another namespace -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
