]>
Commit | Line | Data |
---|---|---|
61d74eed PS |
1 | .TH "Mirror/redirect action in tc" 8 "11 Jan 2015" "iproute2" "Linux" |
2 | ||
3 | .SH NAME | |
4 | mirred - mirror/redirect action | |
5 | .SH SYNOPSIS | |
6 | .in +8 | |
7 | .ti -8 | |
8 | .BR tc " ... " "action mirred" | |
9 | .I DIRECTION ACTION | |
10 | .RB "[ " index | |
11 | .IR INDEX " ] " | |
12 | .BI dev " DEVICENAME" | |
13 | ||
14 | .ti -8 | |
15 | .IR DIRECTION " := { " | |
16 | .BR ingress " | " egress " }" | |
17 | ||
18 | .ti -8 | |
19 | .IR ACTION " := { " | |
20 | .BR mirror " | " redirect " }" | |
21 | .SH DESCRIPTION | |
22 | The | |
23 | .B mirred | |
26df2953 PS |
24 | action allows packet mirroring (copying) or redirecting (stealing) the packet it |
25 | receives. Mirroring is what is sometimes referred to as Switch Port Analyzer | |
26 | (SPAN) and is commonly used to analyze and/or debug flows. | |
61d74eed PS |
27 | .SH OPTIONS |
28 | .TP | |
29 | .B ingress | |
30 | .TQ | |
31 | .B egress | |
32 | Specify the direction in which the packet shall appear on the destination | |
5eca0a37 | 33 | interface. |
61d74eed PS |
34 | .TP |
35 | .B mirror | |
36 | .TQ | |
37 | .B redirect | |
38 | Define whether the packet should be copied | |
39 | .RB ( mirror ) | |
40 | or moved | |
41 | .RB ( redirect ) | |
42 | to the destination interface. | |
43 | .TP | |
44 | .BI index " INDEX" | |
45 | Assign a unique ID to this action instead of letting the kernel choose one | |
46 | automatically. | |
47 | .I INDEX | |
48 | is a 32bit unsigned integer greater than zero. | |
49 | .TP | |
50 | .BI dev " DEVICENAME" | |
51 | Specify the network interface to redirect or mirror to. | |
52 | .SH EXAMPLES | |
53 | Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for | |
54 | debugging purposes: | |
55 | ||
56 | .RS | |
57 | .EX | |
58 | # tc qdisc add dev eth0 handle ffff: ingress | |
59 | # tc filter add dev eth0 parent ffff: u32 \\ | |
60 | match u32 0 0 \\ | |
61 | action police rate 1mbit burst 100k conform-exceed pipe \\ | |
62 | action mirred egress redirect dev lo | |
63 | .EE | |
64 | .RE | |
65 | ||
26df2953 PS |
66 | Mirror all incoming ICMP packets on eth0 to a dummy interface for examination |
67 | with e.g. tcpdump: | |
68 | ||
69 | .RS | |
70 | .EX | |
71 | # ip link add dummy0 type dummy | |
72 | # ip link set dummy0 up | |
73 | # tc qdisc add dev eth0 handle ffff: ingress | |
74 | # tc filter add dev eth0 parent ffff: protocol ip \\ | |
75 | u32 match ip protocol 1 0xff \\ | |
76 | action mirred egress mirror dev dummy0 | |
77 | .EE | |
78 | .RE | |
79 | ||
80 | Using an | |
61d74eed | 81 | .B ifb |
26df2953 | 82 | interface, it is possible to send ingress traffic through an instance of |
61d74eed PS |
83 | .BR sfq : |
84 | ||
85 | .RS | |
86 | .EX | |
87 | # modprobe ifb | |
88 | # ip link set ifb0 up | |
89 | # tc qdisc add dev ifb0 root sfq | |
90 | # tc qdisc add dev eth0 handle ffff: ingress | |
91 | # tc filter add dev eth0 parent ffff: u32 \\ | |
92 | match u32 0 0 \\ | |
93 | action mirred egress redirect dev ifb0 | |
94 | .EE | |
95 | .RE | |
96 | ||
97 | .SH SEE ALSO | |
98 | .BR tc (8), | |
99 | .BR tc-u32 (8) |