[OpenIndiana-discuss] mirroring network packets to zones

[Jim Klimov]

On 2014-09-08 15:36, Anil Jangity wrote:
> I would like to setup “port mirroring” … I would like to mirror network specific packets going to a zone to another zone. What are some approaches I can take to doing this?
>
> Does ilbadm/ipfilter support this?
>
> I haven’t used Crossbow in a while, so am trying to remember if there is something in there I could use.


Take a look at ipfilter. There is a keyword that can be used for such 
mirroring or to ensure "source-based routing":


# enforce that packets coming out of an interface go to the correct subnet
# rhetoric question: does this skip the firewall rules below in the file?
block out quick on vlan186 to vlan81:x.y.z.2 from x.y.z.0/24 to any
block out quick on vlan81 to vlan186:192.168.186.2 from ! x.y.z.0/24 to any
block out quick on e1000g0 to e1000g81000:x.y.z.2 from x.y.z.0/24 to any
block out quick on e1000g81000 to e1000g0:192.168.186.2 from ! 
x.y.z.0/24 to any

Maybe you can similarly forward packets to another VNIC on the same host...

Hope this helps,
//Jim Klimov