git.ipfire.org Git - thirdparty/iproute2.git/commit

author	Jamal Hadi Salim <jhs@mojatatu.com>
	Tue, 11 Oct 2016 11:00:45 +0000 (07:00 -0400)
committer	Stephen Hemminger <stephen@networkplumber.org>
	Wed, 12 Oct 2016 22:09:52 +0000 (15:09 -0700)
commit	da65128998af043158d181ce2ee647cd1070a4d3
tree	0426395f5bd57536476b5a83793aa67357946918	tree
parent	883c6708e44f70589bcc67356a97ccc24756475d	commit \| diff

actions: add skbmod action

This action is intended to be an upgrade from a usability perspective
from pedit (as well as operational debugability).
Compare this:

sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
u32 match ip protocol 1 0xff flowid 1:2 \
action pedit munge offset -14 u8 set 0x02 \
    munge offset -13 u8 set 0x15 \
    munge offset -12 u8 set 0x15 \
    munge offset -11 u8 set 0x15 \
    munge offset -10 u16 set 0x1515 \
    pipe

to:

sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
u32 match ip protocol 1 0xff flowid 1:2 \
action skbmod dmac 02:15:15:15:15:15

Or worse, try to debug a policy with destination mac, source mac and
etherype. Then make that a hundred rules and you'll get my point.

The most important ethernet use case at the moment is when redirecting or
mirroring packets to a remote machine. The dst mac address needs a re-write
so that it doesn't get dropped or confuse an interconnecting (learning) switch
or dropped by a target machine (which looks at the dst mac).

In the future common use cases on pedit can be migrated to this action
(as an example different fields in ip v4/6, transports like tcp/udp/sctp
etc). For this first cut, this allows modifying basic ethernet header.

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>