You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 lines
2.1 KiB
100 lines
2.1 KiB
.TH "Mirror/redirect action in tc" 8 "11 Jan 2015" "iproute2" "Linux"
|
|
|
|
.SH NAME
|
|
mirred - mirror/redirect action
|
|
.SH SYNOPSIS
|
|
.in +8
|
|
.ti -8
|
|
.BR tc " ... " "action mirred"
|
|
.I DIRECTION ACTION
|
|
.RB "[ " index
|
|
.IR INDEX " ] "
|
|
.BI dev " DEVICENAME"
|
|
|
|
.ti -8
|
|
.IR DIRECTION " := { "
|
|
.BR ingress " | " egress " }"
|
|
|
|
.ti -8
|
|
.IR ACTION " := { "
|
|
.BR mirror " | " redirect " }"
|
|
.SH DESCRIPTION
|
|
The
|
|
.B mirred
|
|
action allows packet mirroring (copying) or redirecting (stealing) the packet it
|
|
receives. Mirroring is what is sometimes referred to as Switch Port Analyzer
|
|
(SPAN) and is commonly used to analyze and/or debug flows.
|
|
.SH OPTIONS
|
|
.TP
|
|
.B ingress
|
|
.TQ
|
|
.B egress
|
|
Specify the direction in which the packet shall appear on the destination
|
|
interface.
|
|
.TP
|
|
.B mirror
|
|
.TQ
|
|
.B redirect
|
|
Define whether the packet should be copied
|
|
.RB ( mirror )
|
|
or moved
|
|
.RB ( redirect )
|
|
to the destination interface.
|
|
.TP
|
|
.BI index " INDEX"
|
|
Assign a unique ID to this action instead of letting the kernel choose one
|
|
automatically.
|
|
.I INDEX
|
|
is a 32bit unsigned integer greater than zero.
|
|
.TP
|
|
.BI dev " DEVICENAME"
|
|
Specify the network interface to redirect or mirror to.
|
|
.SH EXAMPLES
|
|
Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for
|
|
debugging purposes:
|
|
|
|
.RS
|
|
.EX
|
|
# tc qdisc add dev eth0 handle ffff: ingress
|
|
# tc filter add dev eth0 parent ffff: u32 \\
|
|
match u32 0 0 \\
|
|
action police rate 1mbit burst 100k conform-exceed pipe \\
|
|
action mirred egress redirect dev lo
|
|
.EE
|
|
.RE
|
|
|
|
Mirror all incoming ICMP packets on eth0 to a dummy interface for examination
|
|
with e.g. tcpdump:
|
|
|
|
.RS
|
|
.EX
|
|
# ip link add dummy0 type dummy
|
|
# ip link set dummy0 up
|
|
# tc qdisc add dev eth0 handle ffff: ingress
|
|
# tc filter add dev eth0 parent ffff: protocol ip \\
|
|
u32 match ip protocol 1 0xff \\
|
|
action mirred egress mirror dev dummy0
|
|
.EE
|
|
.RE
|
|
|
|
Using an
|
|
.B ifb
|
|
interface, it is possible to send ingress traffic through an instance of
|
|
.BR sfq :
|
|
|
|
.RS
|
|
.EX
|
|
# modprobe ifb
|
|
# ip link set ifb0 up
|
|
# tc qdisc add dev ifb0 root sfq
|
|
# tc qdisc add dev eth0 handle ffff: ingress
|
|
# tc filter add dev eth0 parent ffff: u32 \\
|
|
match u32 0 0 \\
|
|
action mirred egress redirect dev ifb0
|
|
.EE
|
|
.RE
|
|
|
|
.SH SEE ALSO
|
|
.BR tc (8),
|
|
.BR tc-u32 (8)
|