This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" focusable="false" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 24 24" class="iconify mr-1" data-icon="mdi:arrow-left" style="vertical-align: -0.125em; transform: rotate(360deg);"><path d="M20 11v2H8l5.5 5.5l-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5L8 11h12z" fill="currentColor"></path></svg>====== Port mirroring ====== Port mirroring in Linux is currently only supported via the DSA framework, controlled by ''tc''. ==== Requirements ==== * The ''ip'' and ''tc'' tools, both from the ''iproute'' package * The following kernel schedulers/classifiers, typically compiled as kernel modules: * sch_ingress * cls_matchall * act_mirred ==== Setup ==== * **p2** is connected to some network that can generate traffic, for example you can ping the DUT via this port. * **p5** is the mirror port. We will send all traffic in/out p2 to this port as well. It should be connected to a monitoring station, which sniffs traffic on the interface connected to p5 ==== Commands ==== Turn on the mirror port: ip link set up dev p5 Add the ''clsact'' queue discipline. This qdisc lets us attach the ''matchall'' filter: tc qdisc add dev p2 clsact Mirror all packets inbound on p2 (''ingress'') to p5. Note the ''skip_sw'' flag, meaning this command will not fall back on mirroring via the CPU if the hardware offload fails: tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5 Mirror all packets going out of p2 (''egress'') to p5: tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5 === Pastable version === <code> ip link set up dev p5 tc qdisc add dev p2 clsact tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5 tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5 </code> ==== References ==== * David Waiting's [[https://medium.com/swlh/traffic-mirroring-with-linux-tc-df4d36116119 | excellent post]]