blob: fd2df6c30b7511c2114f266cf8e12e976c08d2db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
.TH "IFE action in tc" 8 "22 Apr 2016" "iproute2" "Linux"
.SH NAME
IFE - encapsulate/decapsulate metadata
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " " action ife"
.IR DIRECTION " [ " ACTION " ] "
.RB "[ " dst
.IR DMAC " ] "
.RB "[ " src
.IR SMAC " ] "
.RB "[ " type
.IR TYPE " ] "
.RI "[ "
.IR CONTROL " ] "
.RB "[ " index
.IR INDEX " ] "
.ti -8
.IR DIRECTION " := { "
.BR decode " | " encode " }"
.ti -8
.IR ACTION " := { "
.BI allow " ATTR"
.RB "| " use
.IR "ATTR value" " }"
.ti -8
.IR ATTR " := { "
.BR mark " | " prio " | " tcindex " }"
.ti -8
.IR CONTROL " := { "
.BR reclassify " | " use " | " pipe " | " drop " | " continue " | " ok " | " goto " " chain " " CHAIN_INDEX " }"
.SH DESCRIPTION
The
.B ife
action allows for a sending side to encapsulate arbitrary metadata, which is
then decapsulated by the receiving end. The sender runs in encoding mode and
the receiver in decode mode. Both sender and receiver must specify the same
ethertype. In the future, a registered ethertype may be available as a default.
.SH OPTIONS
.TP
.B decode
For the receiving side; decode the metadata if the packet matches.
.TP
.B encode
For the sending side. Encode the specified metadata if the packet matches.
.TP
.B allow
Encode direction only. Allows encoding specified metadata.
.TP
.B use
Encode direction only. Enforce static encoding of specified metadata.
.TP
.BR mark " [ "
.IR u32_value " ]"
The value to set for the skb mark. The u32 value is required only when
.BR use " is specified. If
.BR mark " value is zero, it will not be encoded, instead
"overlimits" statistics increment and
.BR CONTROL " action is taken.
.TP
.BR prio " [ "
.IR u32_value " ]"
The value to set for priority in the skb structure. The u32 value is required
only when
.BR use " is specified."
.TP
.BR tcindex " ["
.IR u16_value " ]"
Value to set for the traffic control index in the skb structure. The u16 value
is required only when
.BR use " is specified."
.TP
.BI dmac " DMAC"
.TQ
.BI smac " SMAC"
Optional six byte destination or source MAC address to encode.
.TP
.BI type " TYPE"
Optional 16-bit ethertype to encode. If not specified value of 0xED3E will be used.
.TP
.BI CONTROL
Action to take following an encode/decode.
.TP
.BI index " INDEX"
Assign a unique ID to this action instead of letting the kernel choose one
automatically.
.I INDEX
is a 32bit unsigned integer greater than zero.
.SH EXAMPLES
On the receiving side, match packets with ethertype 0xdead and restart
classification so that it will match ICMP on the next rule, at prio 3:
.RS
.EX
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: prio 2 protocol 0xdead \\
u32 match u32 0 0 flowid 1:1 \\
action ife decode reclassify
# tc filter add dev eth0 parent ffff: prio 3 protocol ip \\
u32 match ip protocol 0xff flowid 1:1 \\
action continue
.EE
.RE
Match with skb mark of 17:
.RS
.EX
# tc filter add dev eth0 parent ffff: prio 4 protocol ip \\
handle 0x11 fw flowid 1:1 \\
action ok
.EE
.RE
Configure the sending side to encode for the filters above. Use a destination
IP address of 192.168.122.237/24, then tag with skb mark of decimal 17. Encode
the packaet with ethertype 0xdead, add skb->mark to whitelist of metadatum to
send, and rewrite the destination MAC address to 02:15:15:15:15:15.
.RS
.EX
# tc qdisc add dev eth0 root handle 1: prio
# tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \\
match ip dst 192.168.122.237/24 \\
match ip protocol 1 0xff \\
flowid 1:2 \\
action skbedit mark 17 \\
action ife encode \\
type 0xDEAD \\
allow mark \\
dst 02:15:15:15:15:15
.EE
.RE
.SH SEE ALSO
.BR tc (8),
.BR tc-u32 (8)
|