Last active
May 17, 2024 14:30
-
-
Save smyers119/66a024133c0bf06f02e50da742a6943d to your computer and use it in GitHub Desktop.
erspan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script is meant to be run as root at boot via cron | |
# add "@reboot /root/erspan.sh" to crontab -e | |
# you can have multiple scripts for multiple tunnels | |
# This will allow you to set up a Erspan v1 tunnel and mirror all traffic from interface x to the erspan | |
# Author: Steven Myers samyers911@gmail.com | |
######Configure##### | |
#Direction ingress=port to erspan, egress= erspan to port | |
direction=ingress | |
#Ingress/Egress local interface name (Depends what side of the tunnel your on) | |
span_dev=enp1s0 | |
#erspan device name Default:erspan1 (Do Not use erspan0) | |
erspan_dev=mlkspan1 | |
#Local IP | |
local=172.17.102.8 | |
#Remote IP address Note: this traffic will not be encrypted. Tunnel through a VPN. | |
remote=172.17.100.8 | |
#Optional changes for KEY and INT Defaults: 30 and 123 | |
key=32 | |
int=125 | |
#####End Configure##### | |
# Check for ROOT | |
if [[ $(id -u) -ne 0 ]] | |
then echo "This script must be run as root" ; exit 1 | |
fi | |
# Check if interface exists | |
ip link show $span_dev > /dev/null 2>&1 | |
if [[ $? -ne 0 ]]; then | |
echo "Interface $span_dev does not exist"; exit 1 | |
fi | |
# Create ERSPAN tunnel | |
ip link add dev $erspan_dev type erspan local $local remote $remote seq key $key erspan_ver 1 erspan $int || echo "Error creating $erspan_dev"; exit 1 | |
#Confirm ERSPAN tunnel | |
if ip link show $erspan_dev > /dev/null 2>&1 | |
if [[ $? -ne 0 ]]; then | |
echo "Error creating ERSPAN names $erspan_dev"; exit 1 | |
fi | |
#Bring SPAN UP | |
ip link set $span_dev up | |
# Confirm SPAN device UP | |
if ip link show $span_dev | grep "state DOWN" ; then | |
echo "Error bringing $span_dev UP"; echo 1 | |
fi | |
#Bring ERSPAN Tunnel UP | |
ip link set $erspan_dev up | |
#Confirm ERSPAN Tunnel UP | |
if ip link show $erspan_dev | grep "state DOWN" ; then | |
echo "Error bringing $erspan_dev UP"; exit 1 | |
fi | |
# Create mirror | |
case $direction in | |
ingress) | |
/sbin/tc qdisc add dev $span_dev handle ffff: ingress | |
/sbin/tc filter add dev $span_dev parent ffff: matchall skip_hw action mirred egress mirror dev $erspan_dev | |
;; | |
egress) | |
ip link set $span_dev promisc on | |
/sbin/tc qdisc add dev $erspan_dev handle ffff: ingress | |
/sbin/tc filter add dev $erspan_dev parent ffff: matchall skip_hw action mirred egress mirror dev $span_dev | |
;; | |
*) | |
echo "Error direction $direction is not an option"; exit 1 | |
;; | |
esac | |
#Log success | |
logger -p local0.info -t ERSPAN "ERSPAN tunnel setup and mirroring started" | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Updated script, tested and working