On 07/05/11 18:24, Ken-ichirou MATSUZAWA wrote: > There is linux box which has two NICs. one for nomal usage, another is > connected to mirrored port of network equipment (like L2/L3 switch). > eth1 is connected to mirrored port. [...] > I think this let us implement netflow probe easy, without libpcap. It should be hard to make a patch for the kernel to drop all the packets after the last conntrack hook. Thus, the conntrack subsystem and ulogd2 can be used for flow-accounting in mirrored port configurations. Let me know if this is what you want, it really took me a while to understand what you want from your email. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
