Both sides previous revision Previous revision | |
testing:mirroring [2020/11/06 10:26] – biot | testing:mirroring [2020/11/09 13:18] (current) – biot |
---|
* The ''ip'' and ''tc'' tools, both from the ''iproute'' package | * The ''ip'' and ''tc'' tools, both from the ''iproute'' package |
* The following kernel schedulers/classifiers, typically compiled as kernel modules: | * The following kernel schedulers/classifiers, typically compiled as kernel modules: |
* cls_u32 | |
* sch_ingress | * sch_ingress |
* sch_prio | * cls_matchall |
* act_mirred | * act_mirred |
| |
==== Commands ==== | ==== Commands ==== |
Turn on the mirror port: | Turn on the mirror port: |
<code> | ip link set up dev p5 |
# ip link set up dev p5 | |
[ 47.743894] rtl83xx_port_enable: 87f85880 8 | |
[ 47.743918] rtl83xx_port_stp_state_set: port 8 state 3 | |
[ 47.867406] rtl83xx-switch switch@bb000000 p5: configuring for phy/internal link mode | |
[ 47.970271] rtl83xx_phylink_mac_config port 8, mode 0 | |
[ 48.036612] PHY autonegotiates | |
[ 48.077097] 8021q: adding VLAN 0 to HW filter on device p5 | |
[ 48.149147] rtl83xx_vlan_prepare: port 8 | |
[ 48.200645] VLAN 0: L2 learning: 1, L2 Unknown MultiCast Field 1ff, IPv4 Unknown MultiCast Field 1ff, IPv6 Unknown MultiCast Field: 1ff | |
[ 48.200664] Tagged ports 10000004, untag 1fffffff, prof 0, MC# 0, UC# 0, FID 0 | |
[ 48.457819] rtl83xx_vlan_add port 8, vid_end 0, vid_end 0, flags 0 | |
[ 48.538951] rtl83xx_vlan_prepare: port 28 | |
[ 48.591505] VLAN 0: L2 learning: 1, L2 Unknown MultiCast Field 1ff, IPv4 Unknown MultiCast Field 1ff, IPv6 Unknown MultiCast Field: 1ff | |
[ 48.591523] Tagged ports 10000104, untag 1fffffff, prof 0, MC# 0, UC# 0, FID 0 | |
[ 48.848799] rtl83xx_vlan_add port 28, vid_end 0, vid_end 0, flags 0 | |
[ 48.962341] RTL8380 Link change: status: 1, ports 100 | |
[ 52.576650] RTL8380 Link change: status: 1, ports 100 | |
[ 53.047671] rtl83xx_phylink_mac_config port 8, mode 0 | |
[ 53.114032] PHY autonegotiates | |
[ 53.154063] rtl83xx-switch switch@bb000000 p5: Link is Up - 1Gbps/Full - flow control rx/tx | |
[ 53.263876] IPv6: ADDRCONF(NETDEV_CHANGE): p5: link becomes ready | |
</code> | |
| |
Create an ingress queue discipline: | |
tc qdisc add dev p2 handle ffff: ingress | |
| |
Mirror all packets matching the ingress queue discipline (qdisc) to p5: | Add the ''clsact'' queue discipline. This qdisc lets us attach the ''matchall'' filter: |
tc filter add dev p2 parent ffff: protocol all matchall skip_sw action mirred egress mirror dev p5 | tc qdisc add dev p2 clsact |
| |
Create an egress queue discipline (using the prio scheduler): | Mirror all packets inbound on p2 (''ingress'') to p5. Note the ''skip_sw'' flag, meaning this command will not fall back on mirroring via the CPU if the hardware offload fails: |
tc qdisc add dev p2 handle 1: root prio | tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5 |
| |
Mirror all packets matching this qdisc to p5: | Mirror all packets going out of p2 (''egress'') to p5: |
tc filter add dev p2 parent 1: protocol all matchall skip_sw action mirred egress mirror dev p5 | tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5 |
| |
| |
<code> | <code> |
ip link set up dev p5 | ip link set up dev p5 |
tc qdisc add dev p2 handle ffff: ingress | tc qdisc add dev p2 clsact |
tc filter add dev p2 parent ffff: protocol all matchall skip_sw action mirred egress mirror dev p5 | tc filter add dev p2 ingress matchall skip_sw action mirred egress mirror dev p5 |
tc qdisc add dev p2 handle 1: root prio | tc filter add dev p2 egress matchall skip_sw action mirred egress mirror dev p5 |
tc filter add dev p2 parent 1: protocol all matchall skip_sw action mirred egress mirror dev p5 | |
</code> | </code> |
| |