Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tc-skbmod(8) [mojave man page]

skbmod action in tc(8)                                                 Linux                                                skbmod action in tc(8)

NAME

       skbmod - user-friendly packet editor action

SYNOPSIS

       tc ... action skbmod { [ set SETTABLE ] [ swap SWAPPABLE  ] [ CONTROL ] [ index INDEX ] }

       SETTABLE :=  [ dmac DMAC ]  [ smac SMAC ]  [ etype ETYPE ]

       SWAPPABLE := mac
       CONTROL := { reclassify | pipe | drop | shot | continue | pass }

DESCRIPTION

       The  skbmod  action  is intended as a usability upgrade to the existing pedit action. Instead of having to manually edit 8-, 16-, or 32-bit
       chunks of an ethernet header, skbmod allows complete substitution of supported elements.

OPTIONS

       dmac DMAC
              Change the destination mac to the specified address.

       smac SMAC
              Change the source mac to the specified address.

       etype ETYPE
              Change the ethertype to the specified value.

       mac    Used to swap mac addresses. The swap mac directive is performed after any outstanding D/SMAC changes.

       CONTROL
              The following keywords allow to control how the tree of qdisc, classes, filters and actions is further traversed after this action.

              reclassify
                     Restart with the first filter in the current list.

              pipe   Continue with the next action attached to the same filter.

              drop
              shot   Drop the packet.

              continue
                     Continue classification with the next filter in line.

              pass   Finish classification process and return to calling qdisc for further packet processing. This is the default.

EXAMPLES

       To start, observe the following filter with a pedit action:

              tc filter add dev eth1 parent 1: protocol ip prio 10 
                   u32 match ip protocol 1 0xff flowid 1:2 
                   action pedit munge offset -14 u8 set 0x02 
                   munge offset -13 u8 set 0x15 
                   munge offset -12 u8 set 0x15 
                   munge offset -11 u8 set 0x15 
                   munge offset -10 u16 set 0x1515 
                   pipe

       Using the skbmod action, this command can be simplified to:

              tc filter add dev eth1 parent 1: protocol ip prio 10 
                   u32 match ip protocol 1 0xff flowid 1:2 
                   action skbmod set dmac 02:15:15:15:15:15 
                   pipe

       Complexity will increase if source mac and ethertype are also being edited as part of the action. If all three fields  are  to  be  changed
       with skbmod:

              tc filter add dev eth5 parent 1: protocol ip prio 10 
                   u32 match ip protocol 1 0xff flowid 1:2 
                   action skbmod 
                   set etype 0xBEEF 
                   set dmac 02:12:13:14:15:16 
                   set smac 02:22:23:24:25:26

       Finally, swap the destination and source mac addresses in the header:

              tc filter add dev eth3 parent 1: protocol ip prio 10 
                   u32 match ip protocol 1 0xff flowid 1:2 
                   action skbmod 
                   swap mac

       As mentioned above, the swap action will occur after any  smac/dmac substitutions are executed, if they are present.

SEE ALSO

       tc(8), tc-u32(8), tc-pedit(8)

iproute2                                                            21 Sep 2016                                             skbmod action in tc(8)

Check Out this Related Man Page

VLAN manipulation action in tc(8)                                      Linux                                     VLAN manipulation action in tc(8)

NAME

       vlan - vlan manipulation module

SYNOPSIS

       tc ... action vlan { pop | PUSH | MODIFY } [ CONTROL ]

       PUSH := push [ protocol VLANPROTO ]  [ priority VLANPRIO ] id VLANID

       MODIFY := modify [ protocol VLANPROTO ]  [ priority VLANPRIO ] id VLANID

       CONTROL := { reclassify | pipe | drop | continue | pass | goto chain CHAIN_INDEX }

DESCRIPTION

       The  vlan action allows to perform 802.1Q en- or decapsulation on a packet, reflected by the operation modes POP, PUSH and MODIFY.  The POP
       mode is simple, as no further information is required to just drop the outer-most VLAN encapsulation. The PUSH and MODIFY modes require  at
       least a VLANID and allow to optionally choose the VLANPROTO to use.

OPTIONS

       pop    Decapsulation mode, no further arguments allowed.

       push   Encapsulation mode. Requires at least id option.

       modify Replace mode. Existing 802.1Q tag is replaced. Requires at least id option.

       id VLANID
              Specify  the  VLAN  ID  to encapsulate into.  VLANID is an unsigned 16bit integer, the format is detected automatically (e.g. prefix
              with '0x' for hexadecimal interpretation, etc.).

       protocol VLANPROTO
              Choose the VLAN protocol to use. At the time of writing, the kernel accepts only 802.1Q or 802.1ad.

       priority VLANPRIO
              Choose the VLAN priority to use. Decimal number in range of 0-7.

       CONTROL
              How to continue after executing this action.

              reclassify
                     Restarts classification by jumping back to the first filter attached to this action's parent.

              pipe   Continue with the next action, this is the default.

              drop   Packet will be dropped without running further actions.

              continue
                     Continue classification with next filter in line.

              pass   Return to calling qdisc for packet processing. This ends the classification process.

EXAMPLES

       The following example encapsulates incoming ICMP packets on eth0 from 10.0.0.2 into VLAN ID 123:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev eth0 parent ffff: pref 11 protocol ip 
                   u32 match ip protocol 1 0xff flowid 1:1 
                   u32 match ip src 10.0.0.2 flowid 1:1 
                   action vlan push id 123

       Here is an example of the pop function: Incoming VLAN packets on eth0 are decapsulated and the classification process  then  restarted  for
       the plain packet:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev $ETH parent ffff: pref 1 protocol 802.1Q 
                   u32 match u32 0 0 flowid 1:1 
                   action vlan pop reclassify

SEE ALSO

       tc(8)

iproute2                                                            12 Jan 2015                                  VLAN manipulation action in tc(8)
Man Page