Differences

This shows you the differences between two versions of the page.

--- testing:mirroring [2020/11/04 15:19] – biot
+++ testing:mirroring [2020/11/09 13:18] (current) – biot
@@ Line 1: / Line 1: @@
-=== Port mirroring ===
+====== Port mirroring ======
 Port mirroring in Linux is currently only supported via the DSA framework, controlled by ''tc''.
@@ Line 6: / Line 6: @@
   * The ''ip'' and ''tc'' tools, both from the ''iproute'' package
   * The following kernel schedulers/classifiers, typically compiled as kernel modules:
-    * cls_u32
     * sch_ingress
-    * sch_prio
+    * cls_matchall
     * act_mirred
@@ Line 17: / Line 16: @@
 ==== Commands ====
 Turn on the mirror port:
-<code>
+  ip link set up dev p5
-# ip link set up dev p5
-[   47.743894] rtl83xx_port_enable: 87f85880 8
-[   47.743918] rtl83xx_port_stp_state_set: port 8 state  3
-[   47.867406] rtl83xx-switch switch@bb000000 p5: configuring for phy/internal link mode
-[   47.970271] rtl83xx_phylink_mac_config port 8, mode 0
-[   48.036612] PHY autonegotiates
-[   48.077097] 8021q: adding VLAN 0 to HW filter on device p5
-[   48.149147] rtl83xx_vlan_prepare: port 8
-[   48.200645] VLAN 0: L2 learning: 1, L2 Unknown MultiCast Field 1ff, 		IPv4 Unknown MultiCast Field 1ff, IPv6 Unknown MultiCast Field: 1ff
-[   48.200664] Tagged ports 10000004, untag 1fffffff, prof 0, MC# 0, UC# 0, FID 0
-[   48.457819] rtl83xx_vlan_add port 8, vid_end 0, vid_end 0, flags 0
-[   48.538951] rtl83xx_vlan_prepare: port 28
-[   48.591505] VLAN 0: L2 learning: 1, L2 Unknown MultiCast Field 1ff, 		IPv4 Unknown MultiCast Field 1ff, IPv6 Unknown MultiCast Field: 1ff
-[   48.591523] Tagged ports 10000104, untag 1fffffff, prof 0, MC# 0, UC# 0, FID 0
-[   48.848799] rtl83xx_vlan_add port 28, vid_end 0, vid_end 0, flags 0
-[   48.962341] RTL8380 Link change: status: 1, ports 100
-[   52.576650] RTL8380 Link change: status: 1, ports 100
-[   53.047671] rtl83xx_phylink_mac_config port 8, mode 0
-[   53.114032] PHY autonegotiates
-[   53.154063] rtl83xx-switch switch@bb000000 p5: Link is Up - 1Gbps/Full - flow control rx/tx
-[   53.263876] IPv6: ADDRCONF(NETDEV_CHANGE): p5: link becomes ready
-</code>
-Create an ingress queue discipline:
-  tc qdisc add dev p2 handle ffff: ingress
-Mirror all packets matching the ingress queue discipline (qdisc) to p5:
+Add the ''clsact'' queue discipline. This qdisc lets us attach the ''matchall'' filter:
-  tc filter add dev p2 parent ffff: protocol all u32 match u32 0 0 action mirred egress mirror dev p5
+  tc qdisc add dev p2 clsact
-Create an egress queue discipline (using the prio scheduler):
+Mirror all packets inbound on p2 (''ingress'') to p5. Note the ''skip_sw'' flag, meaning this command will not fall back on mirroring via the CPU if the hardware offload fails:
-  tc qdisc add dev p2 handle 1: root prio
+  tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5
-Mirror all packets matching this qdisc to p5:
+Mirror all packets going out of p2 (''egress'') to p5:
-  tc filter add dev p2 parent 1: protocol all u32 match u32 0 0 action mirred egress mirror dev p5
+  tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5
-===== Pastable version =====
+=== Pastable version ===
 <code>
 ip link set up dev p5
-tc qdisc add dev p2 handle ffff: ingress
+tc qdisc add dev p2 clsact
-tc filter add dev p2 parent ffff: protocol all u32 match u32 0 0 action mirred egress mirror dev p5
+tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5
-tc qdisc add dev p2 handle 1: root prio
+tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5
-tc filter add dev p2 parent 1: protocol all u32 match u32 0 0 action mirred egress mirror dev p5
 </code>