#!/bin/bash

# Use erspan-capture (expected to be in path) to capture ERSPAN data
# and serve it to tcpdump. This script automatically adds "-n -n" to
# the tcpdump options!
#
# Usage:
#  remotedump [-i <id>] [-v <vlan>] [-r <peer>] [tcpdump options ...]
#
#  -i/--erspanid      Only accept packets with this ERSPAN ID
#  -v/--vlan          Only accept packets with thie VLAN ID
#  -r/--remote-peer   Only accept packets from this source address
#
# Beware that these options are already used by tcpdump, so
# they have to appear in the beginning. The first unrecognized
# option and all following options are passed to tcpdump.
#
# Example ERSPAN configuration:
# 
# monitor session 1 type erspan-source
#  source interface GigabitEthernet4/4
#  destination
#   erspan-id 10
#   ip address 192.0.2.10
#   origin ip address 198.51.100.1
#  no shutdown
#  exit
# !
#
# Assuming Gi4/4 carries packets from VLAN 238 you could use
#
#  remotedump -i 10 -v 238 -r 198.51.100.1 -c 10
#
# Where "-c 10" is the first tcpdump option.


ERSPANID=""
REMOTE_PEER=""

while true ; do
	case $1 in
		--erspanid|-i)
			if [ -n "$2" -a -z "${2//[0-9]}" ]; then
				ERSPANID="-i $2"
				shift 2
			else
				echo "--erspanid/-i expects a numeric argument" >&2
				exit 1
			fi
			;;
		--remote-peer|-r)
			if [ -n "$2" -a -z "${2//[0-9.]}" ]; then
				REMOTE_PEER="-r $2"
				shift 2
			else
				echo "--remote-peer/-r expects an IP address" >&2
				exit 1
			fi
			;;
		--vlan|-v)
			if [ -n "$2" -a -z "${2//[0-9]}" ]; then
				VLAN_ID="-v $2"
				shift 2
			else
				echo "--vlan/-v expects a VLAN ID" >&2
				exit 1
			fi
			;;
		*)
			break
			;;
	esac
done

erspan-capture $ERSPANID $REMOTE_PEER $VLAN_ID | tcpdump -r - -nn $@