1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
|
.TH "actions in tc" 8 "1 Aug 2017" "iproute2" "Linux"
.SH NAME
actions \- independently defined actions in tc
.SH SYNOPSIS
.B tc
[
.I TC_OPTIONS
]
.B actions
.BR add " | " change " | " replace
.I ACTSPEC
.B tc
[
.I TC_OPTIONS
]
.B actions
.BR get " | " delete
.I ACTISPEC
.B tc
[
.I TC_OPTIONS
]
.B actions flush
.I ACTNAMESPEC
.B tc
[
.I TC_OPTIONS
]
.B actions
.BR ls " | " list
.I ACTNAMESPEC
[
.I ACTFILTER
]
.in +8
.I ACTSPEC
:=
.B action
.I ACTDETAIL
[
.I INDEXSPEC
] [
.I COOKIESPEC
] [
.I FLAGS
] [
.I HWSTATSSPEC
] [
.I CONTROL
] [
.I SKIPSPEC
]
.I ACTISPEC
:=
.I ACTNAMESPEC INDEXSPEC
.I ACTNAMESPEC
:=
.B action
ACTNAME
.I INDEXSPEC
:=
.BI index " INDEX"
.I ACTFILTER
:=
.BI since " MSTIME"
.I COOKIESPEC
:=
.BI cookie " COOKIE"
.I FLAGS
:=
.I no_percpu
.I HWSTATSSPEC
:=
.BR hw_stats " {"
.IR immediate " | " delayed " | " disabled " }"
.I ACTDETAIL
:=
.I ACTNAME ACTPARAMS
.I ACTNAME
may be any valid action type: gact, mirred, bpf, connmark, csum, police, etc.
.I MSTIME
Time since last update.
.I CONTROL
:= {
.IR reclassify " | " pipe " | " drop " | " continue " | " ok
}
.I SKIPSPEC
:= {
.IR skip_sw " | " skip_hw
}
.I TC_OPTIONS
These are the options that are specific to
.B tc
and not only the options. Refer to
.BR tc(8)
for more information.
.in
.SH DESCRIPTION
The
.B actions
object in
.B tc
allows a user to define actions independently of a classifier (filter). These
actions can then be assigned to one or more filters, with any
packets matching the classifier's criteria having that action performed
on them.
Each action type (mirred, police, etc.) will have its own table to store
all created actions.
.SH OPERATIONS
.TP
.B add
Create a new action in that action's table.
.TP
.B change
.TQ
.B replace
Make modifications to an existing action.
.TP
.B get
Display the action with the specified index value. When combined with the
.B -s
option for
.BR tc ","
display the statistics for that action.
.TP
.B delete
Delete the action with the specified index value. If the action is already
associated with a classifier, it does not delete the classifier.
.TP
.B ls
.TQ
.B list
List all the actions in the specified table. When combined with the
.B -s
option for
.BR tc ","
display the statistics for all actions in the specified table.
When combined with the option
.B since
allows doing a millisecond time-filter since the last time an
action was used in the datapath.
.TP
.B flush
Delete all actions stored in the specified table.
.SH ACTION OPTIONS
Note that these options are available to all action types.
.TP
.BI index " INDEX"
Specify the table index value of an action.
.I INDEX
is a 32-bit value that is unique to the specific type of action referenced.
.RS
For
.BR add ", " change ", and"
.B replace
operations, the index is
.BR optional.
When adding a new action,
specifying an index value will assign the action to that index unless that
index value has already been assigned. Omitting the index value for an add
operation will cause the kernel to assign a value to the new action.
.RE
.RS
For
.BR get " and " delete
operations, the index is
.B required
to identify the specific action to be displayed or deleted.
.RE
.TP
.BI cookie " COOKIE"
In addition to the specific action, mark the matching packet with the value
specified by
.IR COOKIE "."
The
.I COOKIE
is a 128-bit value that will not be interpreted by the kernel whatsoever.
As such, it can be used as a correlating value for maintaining user state.
The value to be stored is completely arbitrary and does not require a specific
format. It is stored inside the action structure itself.
.TP
.I FLAGS
Action-specific flags. Currently, the only supported flag is
.I no_percpu
which indicates that action is expected to have minimal software data-path
traffic and doesn't need to allocate stat counters with percpu allocator.
This option is intended to be used by hardware-offloaded actions.
.TP
.BI hw_stats " HW_STATS"
Specifies the type of HW stats of new action. If omitted, any stats counter type
is going to be used, according to driver and its resources.
The
.I HW_STATS
indicates the type. Any of the following are valid:
.RS
.TP
.B immediate
Means that in dump, user gets the current HW stats state from the device
queried at the dump time.
.TP
.B delayed
Means that in dump, user gets HW stats that might be out of date for
some time, maybe couple of seconds. This is the case when driver polls
stats updates periodically or when it gets async stats update
from the device.
.TP
.B disabled
No HW stats are going to be available in dump.
.RE
.TP
.BI since " MSTIME"
When dumping large number of actions, a millisecond time-filter can be
specified
.IR MSTIME "."
The
.I MSTIME
is a millisecond count since last time a packet hit the action.
As an example specifying "since 20000" implies to dump all actions
that have seen packets in the last 20 seconds. This option is useful
when the kernel has a large number of actions and you are only interested
in recently used actions.
.TP
.I CONTROL
The
.I CONTROL
indicates how
.B tc
should proceed after executing the action. Any of the following are valid:
.RS
.TP
.B reclassify
Restart the classifiction by jumping back to the first filter attached to
the action's parent.
.TP
.B pipe
Continue with the next action. This is the default control.
.TP
.B drop
Drop the packed without running any further actions.
.TP
.B continue
Continue the classification with the next filter.
.TP
.B pass
Return to the calling qdisc for packet processing, and end classification of
this packet.
.RE
.TP
.I SKIPSPEC
The
.I SKIPSPEC
indicates how
.B tc
should proceed when executing the action. Any of the following are valid:
.RS
.TP
.B skip_sw
Do not process action by software. If hardware has no offload support for this
action, operation will fail.
.TP
.B skip_hw
Do not process action by hardware.
.RE
.SH SEE ALSO
.BR tc (8),
.BR tc-bpf (8),
.BR tc-connmark (8),
.BR tc-csum (8),
.BR tc-ife (8),
.BR tc-mirred (8),
.BR tc-nat (8),
.BR tc-pedit (8),
.BR tc-police (8),
.BR tc-simple (8),
.BR tc-skbedit (8),
.BR tc-skbmod (8),
.BR tc-tunnel_key (8),
.BR tc-vlan (8),
.BR tc-xt (8)
|