X-Git-Url: http://git.onelab.eu/?p=iproute2.git;a=blobdiff_plain;f=doc%2Factions%2Fmirred-usage;fp=doc%2Factions%2Fmirred-usage;h=0000000000000000000000000000000000000000;hp=aa942e58fd31cce1ca25571781633d87c0015cdc;hb=3331a68859fd71047bb1f309048960b48eab2d83;hpb=2bd4a72f2100be7ad7d9518cb1d49bb2a5b71994 diff --git a/doc/actions/mirred-usage b/doc/actions/mirred-usage deleted file mode 100644 index aa942e5..0000000 --- a/doc/actions/mirred-usage +++ /dev/null @@ -1,71 +0,0 @@ - -Very funky action. I do plan to add to a few more things to it -This is the basic stuff. Idea borrowed from the way ethernet switches -mirror and redirect packets. - -Usage: - -mirred [index INDEX] -where: -DIRECTION := -ACTION := -INDEX is the specific policy instance id -DEVICENAME is the devicename - - -Mirroring essentially takes a copy of the packet whereas redirecting -steals the packet and redirects to specified destination. - -Some examples: -Host A is hooked up to us on eth0 - -tc qdisc add dev lo ingress -# redirect all packets arriving on ingress of lo to eth0 -tc filter add dev lo parent ffff: protocol ip prio 10 u32 \ -match u32 0 0 flowid 1:2 action mirred egress redirect dev eth0 - -On host A start a tcpdump on interface connecting to us. - -on our host ping -c 2 127.0.0.1 - -Ping would fail sinc all packets are heading out eth0 -tcpudmp on host A would show them - -if you substitute the redirect with mirror above as in: -tc filter add dev lo parent ffff: protocol ip prio 10 u32 \ -match u32 0 0 flowid 1:2 action mirred egress mirror dev eth0 - -Then you should see the packets on both host A and the local -stack (i.e ping would work). - -Even more funky example: - -# -#allow 1 out 10 packets to randomly make it to the -# host A (Randomness uses the netrand generator) -# -tc filter add dev lo parent ffff: protocol ip prio 10 u32 \ -match u32 0 0 flowid 1:2 \ -action drop random determ ok 10\ -action mirred egress mirror dev eth0 - ------- -Example 2: -# for packets coming from 10.0.0.9: -#Redirect packets on egress (to ISP A) if you exceed a certain rate -# to eth1 (to ISP B) if you exceed a certain rate -# - -tc qdisc add dev eth0 handle 1:0 root prio - -tc filter add dev eth0 parent 1:0 protocol ip prio 6 u32 \ -match ip src 10.0.0.9/32 flowid 1:16 \ -action police rate 100kbit burst 90k ok \ -action mirred egress mirror dev eth1 - ---- - -A more interesting example is when you mirror flows to a dummy device -so you could tcpdump them (dummy by defaults drops all packets it sees). -This is a very useful debug feature. -