GRE interfaces not available as SPAN port
GRE interfaces are removed from all bridge port lists. It is valid to select a GRE port as a SPAN port destination (see Cisco ERSPAN). The issue is in the following file:
#3 Updated by Idar Lund about 2 years ago
Any news on this one? In our virtualized world, it would be awesome to be able to forward copy of traffic over L3. Especially since a lot of network equipment also are being virtualized. Suricata also have the ability to read these packets. https://github.com/OISF/suricata/blob/master/src/decode-erspan.c and https://github.com/OISF/suricata/blob/master/src/decode-gre.c
With IDS sensors or other packet captures that are virtualized and behind several layers of virtualized network equipment, it's almost impossible to forward traffic to the sensor without using L3.
I know this is a question from just one person, but it shows that more people are wanting/needing this feature; https://forum.netgate.com/topic/113151/does-pfsense-support-cisco-erspan.
So please; look into this feature request
#5 Updated by Idar Lund about 2 years ago
Jim Pingle wrote:
As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE interfaces, the issue needs to be taken upstream.
If I understand correctly, FreeBSD nor pfsense need to support ERSPAN. What we want pfsense to do is to SPAN traffic over a GRE tunnel. That way the receiving end will need to decode the traffic. Most of the receiving applications such as Suricata does support decoding of both ERSPAN (which is Cisco proprietary) and GRE encapsulated traffic.
#6 Updated by Jim Pingle about 2 years ago
It's not that easy either, FreeBSD will not allow you to add a GRE interface as a span port:
: ifconfig bridge0 span gre0 ifconfig: BRDGADDS gre0: Invalid argument
Most likely this is because GRE interfaces do not carry layer 2 information, which is why it needs a feature like ERSPAN to encapsulate it across GRE.
It isn't viable until it is implemented upstream. Replicate and raise the feature request directly with FreeBSD.
You can add a GIF interface as a span port as it can carry L2 information to a remote destination, but it may or may not be in a format you want/need. That isn't related to GRE, however.