169 lines
3.8 KiB
HTML
169 lines
3.8 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of Mirror/redirect action in tc</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>Mirror/redirect action in tc</H1>
|
|
Section: Linux (8)<BR>Updated: 11 Jan 2015<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<P>
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
mirred - mirror/redirect action
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
|
|
<BR>
|
|
|
|
<B>tc</B> ... <B>action mirred</B>
|
|
|
|
<I>DIRECTION ACTION</I>
|
|
|
|
[ <B>index</B>
|
|
|
|
<I>INDEX</I> ]
|
|
|
|
<B>dev</B><I> DEVICENAME</I>
|
|
|
|
<P>
|
|
<BR>
|
|
|
|
<I>DIRECTION</I> := {
|
|
|
|
<B>ingress</B> | <B>egress</B> }
|
|
|
|
<P>
|
|
<BR>
|
|
|
|
<I>ACTION</I> := {
|
|
|
|
<B>mirror</B> | <B>redirect</B> }
|
|
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
The
|
|
<B>mirred</B>
|
|
|
|
action allows packet mirroring (copying) or redirecting (stealing) the packet it
|
|
receives. Mirroring is what is sometimes referred to as Switch Port Analyzer
|
|
(SPAN) and is commonly used to analyze and/or debug flows.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>OPTIONS</H2>
|
|
|
|
<DL COMPACT>
|
|
<DT id="1"><B>ingress</B>
|
|
|
|
<DD>
|
|
|
|
<B>egress</B>
|
|
|
|
Specify the direction in which the packet shall appear on the destination
|
|
interface.
|
|
<DT id="2"><B>mirror</B>
|
|
|
|
<DD>
|
|
|
|
<B>redirect</B>
|
|
|
|
Define whether the packet should be copied
|
|
(<B>mirror</B>)
|
|
|
|
or moved
|
|
(<B>redirect</B>)
|
|
|
|
to the destination interface.
|
|
<DT id="3"><B>index</B><I> INDEX</I>
|
|
|
|
<DD>
|
|
Assign a unique ID to this action instead of letting the kernel choose one
|
|
automatically.
|
|
<I>INDEX</I>
|
|
|
|
is a 32bit unsigned integer greater than zero.
|
|
<DT id="4"><B>dev</B><I> DEVICENAME</I>
|
|
|
|
<DD>
|
|
Specify the network interface to redirect or mirror to.
|
|
</DL>
|
|
<A NAME="lbAF"> </A>
|
|
<H2>EXAMPLES</H2>
|
|
|
|
Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for
|
|
debugging purposes:
|
|
<P>
|
|
<DL COMPACT><DT id="5"><DD>
|
|
|
|
# tc qdisc add dev eth0 handle ffff: ingress
|
|
# tc filter add dev eth0 parent ffff: u32 \
|
|
<TT> </TT>match u32 0 0 \<BR>
|
|
<TT> </TT>action police rate 1mbit burst 100k conform-exceed pipe \<BR>
|
|
<TT> </TT>action mirred egress redirect dev lo<BR>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
Mirror all incoming ICMP packets on eth0 to a dummy interface for examination
|
|
with e.g. tcpdump:
|
|
<P>
|
|
<DL COMPACT><DT id="6"><DD>
|
|
|
|
# ip link add dummy0 type dummy
|
|
# ip link set dummy0 up
|
|
# tc qdisc add dev eth0 handle ffff: ingress
|
|
# tc filter add dev eth0 parent ffff: protocol ip \
|
|
<TT> </TT>u32 match ip protocol 1 0xff \<BR>
|
|
<TT> </TT>action mirred egress mirror dev dummy0<BR>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
Using an
|
|
<B>ifb</B>
|
|
|
|
interface, it is possible to send ingress traffic through an instance of
|
|
<B>sfq</B>:
|
|
|
|
<P>
|
|
<DL COMPACT><DT id="7"><DD>
|
|
|
|
# modprobe ifb
|
|
# ip link set ifb0 up
|
|
# tc qdisc add dev ifb0 root sfq
|
|
# tc qdisc add dev eth0 handle ffff: ingress
|
|
# tc filter add dev eth0 parent ffff: u32 \
|
|
<TT> </TT>match u32 0 0 \<BR>
|
|
<TT> </TT>action mirred egress redirect dev ifb0<BR>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+tc">tc</A></B>(8),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+tc-u32">tc-u32</A></B>(8)
|
|
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="8"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="9"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="10"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="11"><A HREF="#lbAE">OPTIONS</A><DD>
|
|
<DT id="12"><A HREF="#lbAF">EXAMPLES</A><DD>
|
|
<DT id="13"><A HREF="#lbAG">SEE ALSO</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:17 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|