blob: ae1aec31d099890278f9a9f80518aef2e6b506b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
.TH "Simple action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
.SH NAME
simple - basic example action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action simple"
[
.BI sdata " STRING"
] [
.BI index " INDEX"
] [
.I CONTROL
]
.ti -8
.IR CONTROL " := {"
.BR reclassify " | " pipe " | " drop " | " continue " | " ok " }"
.SH DESCRIPTION
This is a pedagogical example rather than an actually useful action. Upon every access, it prints the given
.I STRING
which may be of arbitrary length.
.SH OPTIONS
.TP
.BI sdata " STRING"
The actual string to print.
.TP
.BI index " INDEX"
Optional action index value.
.TP
.I CONTROL
Indicate how
.B tc
should proceed after executing the action. For a description of the possible
.I CONTROL
values, see
.BR tc-actions (8).
.SH EXAMPLES
The following example makes the kernel yell "Incoming ICMP!" every time it sees
an incoming ICMP on eth0. Steps are:
.IP 1) 4
Add an ingress qdisc point to eth0
.IP 2) 4
Start a chain on ingress of eth0 that first matches ICMP then invokes the
simple action to shout.
.IP 3) 4
display stats and show that no packet has been seen by the action
.IP 4) 4
Send one ping packet to google (expect to receive a response back)
.IP 5) 4
grep the logs to see the logged message
.IP 6) 4
display stats again and observe increment by 1
.EX
$ tc qdisc add dev eth0 ingress
$ tc filter add dev eth0 parent ffff: protocol ip prio 5 \\
u32 match ip protocol 1 0xff flowid 1:1 action simple sdata "Incoming ICMP"
$ sudo tc -s filter ls dev eth0 parent ffff:
filter protocol ip pref 5 u32
filter protocol ip pref 5 u32 fh 800: ht divisor 1
filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
match 00010000/00ff0000 at 8
action order 1: Simple <Incoming ICMP>
index 4 ref 1 bind 1 installed 29 sec used 29 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
$ ping -c 1 www.google.ca
PING www.google.ca (74.125.225.120) 56(84) bytes of data.
64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms
--- www.google.ca ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 31.316/31.316/31.316/0.000 ms
$ dmesg | grep simple
[135354.473951] simple: Incoming ICMP_1
$ sudo tc/tc -s filter ls dev eth0 parent ffff:
filter protocol ip pref 5 u32
filter protocol ip pref 5 u32 fh 800: ht divisor 1
filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
match 00010000/00ff0000 at 8
action order 1: Simple <Incoming ICMP>
index 4 ref 1 bind 1 installed 206 sec used 67 sec
Action statistics:
Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
.EE
.SH SEE ALSO
.BR tc (8)
.BR tc-actions (8)
|