Contributed by rueda on from the pcaps happening dept.
erspan(4),
the ERSPAN collection driver created by
David Gwynne (dlg@)
[and about which we recently
reported]
has been
committed
to the tree:
CVSROOT: /cvs Module name: src Changes by: dlg@cvs.openbsd.org 2025/05/13 19:54:12 Modified files: sys/net : if_gre.c Log message: add support for the ERSPAN Type II protocol ERSPAN is a specific GRE 0 protocol id with GRE sequence numbers enabled, with it's own shim header, and then an Ethernet payload.
it is intended for use as a network based packet capture format, but it's implemented as an Ethernet tunnel interface here. as an interface, it reuses all the BPF based infrastructure and tooling available to us. it's able to send packets too, which allows it to be added as a span port to bridge/veb setups. the driver can also act as a collector for any ERSPAN Type II packets sent to it. it's also set up with an extra BPF DLT_LOOP interface that includes the encapsulation headers so you can tell where the encapsulated packets came from. ok claudio@ sthen@
So now the new tool is available for all -current users to put through the paces. Development will continue in-tree, and if you need this tool, it is likely that your feedback is welcome.