====== Port mirroring ======

Port mirroring in Linux is currently only supported via the DSA framework, controlled by ''tc''.

==== Requirements ====
  * The ''ip'' and ''tc'' tools, both from the ''iproute'' package
  * The following kernel schedulers/classifiers, typically compiled as kernel modules:
    * sch_ingress
    * cls_matchall
    * act_mirred

==== Setup ====
  * **p2** is connected to some network that can generate traffic, for example you can ping the DUT via this port.
  * **p5** is the mirror port. We will send all traffic in/out p2 to this port as well. It should be connected to a monitoring station, which sniffs traffic on the interface connected to p5

==== Commands ====
Turn on the mirror port:
  ip link set up dev p5

Add the ''clsact'' queue discipline. This qdisc lets us attach the ''matchall'' filter:
  tc qdisc add dev p2 clsact

Mirror all packets inbound on p2 (''ingress'') to p5. Note the ''skip_sw'' flag, meaning this command will not fall back on mirroring via the CPU if the hardware offload fails:
  tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5

Mirror all packets going out of p2 (''egress'') to p5:
  tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5


=== Pastable version ===
<code>
ip link set up dev p5
tc qdisc add dev p2 clsact
tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5
tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5
</code>

==== References ====
  * David Waiting's [[https://medium.com/swlh/traffic-mirroring-with-linux-tc-df4d36116119 | excellent post]]