smyers119/erspan.sh

## erspan.sh
#!/bin/bash
# This script is meant to be run as root at boot via cron
# add "@reboot /root/erspan.sh" to crontab -e
# you can have multiple scripts for multiple tunnels
# This will allow you to set up a Erspan v1 tunnel and mirror all traffic from interface x to the erspan
# Author: Steven Myers samyers911@gmail.com

######Configure#####
#Direction ingress=port to erspan, egress= erspan to port
direction=ingress
#Ingress/Egress local interface name (Depends what side of the tunnel your on)
span_dev=enp1s0
#erspan device name Default:erspan1 (Do Not use erspan0)
erspan_dev=mlkspan1
#Local IP
local=172.17.102.8
#Remote IP address Note: this traffic will not be encrypted.  Tunnel through a VPN.
remote=172.17.100.8
#Optional changes for KEY and INT Defaults: 30 and 123
key=32
int=125
#####End Configure#####

# Check for ROOT
if [[ $(id -u) -ne 0 ]]
then echo "This script must be run as root" ; exit 1
fi

# Check if interface exists
ip link show $span_dev > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Interface $span_dev does not exist"; exit 1
fi

# Create ERSPAN tunnel
ip link add dev $erspan_dev type erspan local $local remote $remote seq key $key erspan_ver 1 erspan $int || echo "Error creating $erspan_dev"; exit 1

#Confirm ERSPAN tunnel
if ip link show $erspan_dev > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Error creating ERSPAN names $erspan_dev"; exit 1
fi

#Bring SPAN UP
ip link set $span_dev up

# Confirm SPAN device UP
if ip link show $span_dev | grep "state DOWN" ; then
echo "Error bringing $span_dev UP"; echo 1
fi

#Bring ERSPAN Tunnel UP
ip link set $erspan_dev up

#Confirm ERSPAN Tunnel UP
if ip link show $erspan_dev | grep "state DOWN" ; then
echo "Error bringing $erspan_dev UP"; exit 1
fi

# Create mirror
case $direction in
  ingress)
    /sbin/tc qdisc add dev $span_dev handle ffff: ingress
    /sbin/tc filter add dev $span_dev parent ffff: matchall skip_hw action mirred egress mirror dev $erspan_dev
    ;;
  egress)
    ip link set $span_dev promisc on
    /sbin/tc qdisc add dev $erspan_dev handle ffff: ingress
    /sbin/tc filter add dev $erspan_dev parent ffff: matchall skip_hw action mirred egress mirror dev $span_dev
    ;;
  *)
    echo "Error direction $direction is not an option"; exit 1
    ;;
esac

#Log success
  logger -p local0.info -t ERSPAN "ERSPAN tunnel setup and mirroring started"
exit 0
	#!/bin/bash
	# This script is meant to be run as root at boot via cron
	# add "@reboot /root/erspan.sh" to crontab -e
	# you can have multiple scripts for multiple tunnels
	# This will allow you to set up a Erspan v1 tunnel and mirror all traffic from interface x to the erspan
	# Author: Steven Myers samyers911@gmail.com

	######Configure#####
	#Direction ingress=port to erspan, egress= erspan to port
	direction=ingress
	#Ingress/Egress local interface name (Depends what side of the tunnel your on)
	span_dev=enp1s0
	#erspan device name Default:erspan1 (Do Not use erspan0)
	erspan_dev=mlkspan1
	#Local IP
	local=172.17.102.8
	#Remote IP address Note: this traffic will not be encrypted. Tunnel through a VPN.
	remote=172.17.100.8
	#Optional changes for KEY and INT Defaults: 30 and 123
	key=32
	int=125
	#####End Configure#####

	# Check for ROOT
	if [[ $(id -u) -ne 0 ]]
	then echo "This script must be run as root" ; exit 1
	fi

	# Check if interface exists
	ip link show $span_dev > /dev/null 2>&1
	if [[ $? -ne 0 ]]; then
	echo "Interface $span_dev does not exist"; exit 1
	fi

	# Create ERSPAN tunnel
	ip link add dev $erspan_dev type erspan local $local remote $remote seq key $key erspan_ver 1 erspan $int \|\| echo "Error creating $erspan_dev"; exit 1

	#Confirm ERSPAN tunnel
	if ip link show $erspan_dev > /dev/null 2>&1
	if [[ $? -ne 0 ]]; then
	echo "Error creating ERSPAN names $erspan_dev"; exit 1
	fi

	#Bring SPAN UP
	ip link set $span_dev up

	# Confirm SPAN device UP
	if ip link show $span_dev \| grep "state DOWN" ; then
	echo "Error bringing $span_dev UP"; echo 1
	fi

	#Bring ERSPAN Tunnel UP
	ip link set $erspan_dev up

	#Confirm ERSPAN Tunnel UP
	if ip link show $erspan_dev \| grep "state DOWN" ; then
	echo "Error bringing $erspan_dev UP"; exit 1
	fi

	# Create mirror
	case $direction in
	ingress)
	/sbin/tc qdisc add dev $span_dev handle ffff: ingress
	/sbin/tc filter add dev $span_dev parent ffff: matchall skip_hw action mirred egress mirror dev $erspan_dev
	;;
	egress)
	ip link set $span_dev promisc on
	/sbin/tc qdisc add dev $erspan_dev handle ffff: ingress
	/sbin/tc filter add dev $erspan_dev parent ffff: matchall skip_hw action mirred egress mirror dev $span_dev
	;;
	*)
	echo "Error direction $direction is not an option"; exit 1
	;;
	esac

	#Log success
	logger -p local0.info -t ERSPAN "ERSPAN tunnel setup and mirroring started"
	exit 0