Feature #7029: GRE interfaces not available as SPAN port - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Plus - All Open Issues
23.09.1 Target - All Closed Issues
23.09.1 Target - All Open Issues
24.03 Plus - All Closed Issues
24.03 Plus - All Open Issues
24.03 Plus - Feedback Issues
24.03 Plus - Needs Attention/Work
24.03 Plus - New/Confirmed/In Progress Issues
24.03 Plus - Pull Request Review
24.03 Plus - Waiting on Merge
24.03 Target - All Closed Issues
24.03 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Feature #7029

closed

GRE interfaces not available as SPAN port

Added by Adam C over 7 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Interfaces

Target version:

Start date:

12/21/2016

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Description

GRE interfaces are removed from all bridge port lists. It is valid to select a GRE port as a SPAN port destination (see Cisco ERSPAN). The issue is in the following file:

https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/interfaces_bridge_edit.php#L63

History
Notes
Property changes

Actions

Copy link

Updated by Jim Pingle over 7 years ago

It may be valid on Cisco but does it actually function on FreeBSD? That would be the real question. GRE doesn't handle L2 which usually means it wouldn't be viable as a bridge member.

Actions

Copy link

Updated by Jim Thompson over 7 years ago

Tracker changed from Bug to Feature

Actions

Copy link

Updated by Idar Lund almost 6 years ago

Any news on this one? In our virtualized world, it would be awesome to be able to forward copy of traffic over L3. Especially since a lot of network equipment also are being virtualized. Suricata also have the ability to read these packets. https://github.com/OISF/suricata/blob/master/src/decode-erspan.c and https://github.com/OISF/suricata/blob/master/src/decode-gre.c

With IDS sensors or other packet captures that are virtualized and behind several layers of virtualized network equipment, it's almost impossible to forward traffic to the sensor without using L3.

I know this is a question from just one person, but it shows that more people are wanting/needing this feature; https://forum.netgate.com/topic/113151/does-pfsense-support-cisco-erspan.

So please; look into this feature request

Actions

Copy link

Updated by Jim Pingle almost 6 years ago

Status changed from New to Closed

As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE interfaces, the issue needs to be taken upstream.

Actions

Copy link

Updated by Idar Lund almost 6 years ago

Jim Pingle wrote:

As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE interfaces, the issue needs to be taken upstream.

If I understand correctly, FreeBSD nor pfsense need to support ERSPAN. What we want pfsense to do is to SPAN traffic over a GRE tunnel. That way the receiving end will need to decode the traffic. Most of the receiving applications such as Suricata does support decoding of both ERSPAN (which is Cisco proprietary) and GRE encapsulated traffic.

Actions

Copy link

Updated by Jim Pingle almost 6 years ago

It's not that easy either, FreeBSD will not allow you to add a GRE interface as a span port:

: ifconfig bridge0 span gre0
ifconfig: BRDGADDS gre0: Invalid argument

Most likely this is because GRE interfaces do not carry layer 2 information, which is why it needs a feature like ERSPAN to encapsulate it across GRE.

It isn't viable until it is implemented upstream. Replicate and raise the feature request directly with FreeBSD.

You can add a GIF interface as a span port as it can carry L2 information to a remote destination, but it may or may not be in a format you want/need. That isn't related to GRE, however.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Feature #7029

GRE interfaces not available as SPAN port

Updated by Jim Pingle over 7 years ago

Updated by Jim Thompson over 7 years ago

Updated by Idar Lund almost 6 years ago

Updated by Jim Pingle almost 6 years ago

Updated by Idar Lund almost 6 years ago

Updated by Jim Pingle almost 6 years ago