Red Hat Bugzilla – Bug 179400
can't sniff incoming traffic on interface that is part of a bond
Last modified: 2007-11-30 17:07:22 EST
Description of problem: I have a system with interfaces eth0 and eth1 bonded together into an interface named bond0. If I sniff traffic on bond0, I see all traffic going both in and out. But sometimes I want to see exactly which interface is carrying the traffic (for debugging, usually). But if I sniff traffic on eth0 (or eth1) I only see outbound traffic, not inbound traffic. Version-Release number of selected component (if applicable): kernel-2.6.9-22.0.1.EL How reproducible: All the time Steps to Reproduce: 1. create a bonded interface 2. sniff traffic on eth0 or eth1 (NOT bond0)
What you are observing is an artifact of how bonding is implemented in the kernel (i.e. the hack that is bonding). Incoming frames are marked as arriving on the bond at a very low level in the stack, while outgoing frames on the bond are intercepted and remarked for the physical interface, then re-injected high enough in the stack to allow them to be sniffed. I agree that sniffing incoming frames on the physical links in the bond would be potentially beneficial, I'm not sure how to do it without breaking something or implementing a nasty hack. I'll give it some thought, but I can't be optimistic.
Created attachment 124128 [details] jwltest-enable-bind-to-slave-intf.patch
Test kernels w/ the above patch are available here: http://people.redhat.com/linville/kernels/rhel4/ Please give them a try and post the results here...thanks!
Closed due to lack of response. Please reopen when the requested info becomes available...thanks!