72 lines
2.0 KiB
Plaintext
72 lines
2.0 KiB
Plaintext
|
|
Very funky action. I do plan to add to a few more things to it
|
|
This is the basic stuff. Idea borrowed from the way ethernet switches
|
|
mirror and redirect packets.
|
|
|
|
Usage:
|
|
|
|
mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME>
|
|
where:
|
|
DIRECTION := <ingress | egress>
|
|
ACTION := <mirror | redirect>
|
|
INDEX is the specific policy instance id
|
|
DEVICENAME is the devicename
|
|
|
|
|
|
Mirroring essentially takes a copy of the packet whereas redirecting
|
|
steals the packet and redirects to specified destination.
|
|
|
|
Some examples:
|
|
Host A is hooked up to us on eth0
|
|
|
|
tc qdisc add dev lo ingress
|
|
# redirect all packets arriving on ingress of lo to eth0
|
|
tc filter add dev lo parent ffff: protocol ip prio 10 u32 \
|
|
match u32 0 0 flowid 1:2 action mirred egress redirect dev eth0
|
|
|
|
On host A start a tcpdump on interface connecting to us.
|
|
|
|
on our host ping -c 2 127.0.0.1
|
|
|
|
Ping would fail sinc all packets are heading out eth0
|
|
tcpudmp on host A would show them
|
|
|
|
if you substitute the redirect with mirror above as in:
|
|
tc filter add dev lo parent ffff: protocol ip prio 10 u32 \
|
|
match u32 0 0 flowid 1:2 action mirred egress mirror dev eth0
|
|
|
|
Then you should see the packets on both host A and the local
|
|
stack (i.e ping would work).
|
|
|
|
Even more funky example:
|
|
|
|
#
|
|
#allow 1 out 10 packets to randomly make it to the
|
|
# host A (Randomness uses the netrand generator)
|
|
#
|
|
tc filter add dev lo parent ffff: protocol ip prio 10 u32 \
|
|
match u32 0 0 flowid 1:2 \
|
|
action drop random determ ok 10\
|
|
action mirred egress mirror dev eth0
|
|
|
|
------
|
|
Example 2:
|
|
# for packets coming from 10.0.0.9:
|
|
#Redirect packets on egress (to ISP A) if you exceed a certain rate
|
|
# to eth1 (to ISP B) if you exceed a certain rate
|
|
#
|
|
|
|
tc qdisc add dev eth0 handle 1:0 root prio
|
|
|
|
tc filter add dev eth0 parent 1:0 protocol ip prio 6 u32 \
|
|
match ip src 10.0.0.9/32 flowid 1:16 \
|
|
action police rate 100kbit burst 90k ok \
|
|
action mirred egress mirror dev eth1
|
|
|
|
---
|
|
|
|
A more interesting example is when you mirror flows to a dummy device
|
|
so you could tcpdump them (dummy by defaults drops all devices it sees).
|
|
This is a very useful debug feature.
|
|
|