Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tc-ife(8) [osx man page]

IFE action in tc(8)						       Linux						       IFE action in tc(8)

NAME

       IFE - encapsulate/decapsulate metadata

SYNOPSIS

       tc ...  action ife DIRECTION [ ACTION ] [ dst DMAC ] [ src SMAC ] [ type TYPE ] [ CONTROL ] [ index INDEX ]

       DIRECTION := { decode | encode }

       ACTION := { allow ATTR | use ATTR value }

       ATTR := { mark | prio | tcindex }

       CONTROL := { reclassify | use | pipe | drop | continue | ok | goto chain CHAIN_INDEX }

DESCRIPTION

       The  ife  action  allows  for a sending side to encapsulate arbitrary metadata, which is then decapsulated by the receiving end. The sender
       runs in encoding mode and the receiver in decode mode. Both sender and receiver must specify the same ethertype. In the	future,  a  regis-
       tered ethertype may be available as a default.

OPTIONS

       decode For the receiving side; decode the metadata if the packet matches.

       encode For the sending side. Encode the specified metadata if the packet matches.

       allow  Encode direction only. Allows encoding specified metadata.

       use    Encode direction only. Enforce static encoding of specified metadata.

       mark [ u32_value  ] The value to set for the skb mark. The u32 value is required only when use is specified. If mark value is zero, it will
	      not be encoded, instead "overlimits" statistics increment and CONTROL action is taken.

       prio [ u32_value ] The value to set for priority in the skb structure. The u32 value is required only when use is specified.

       tcindex [
	      u16_value ] Value to set for the traffic control index in the skb structure. The u16 value is required only when use is specified.

       dmac DMAC
       smac SMAC
	      Optional six byte destination or source MAC address to encode.

       type TYPE
	      Optional 16-bit ethertype to encode. If not specified value of 0xED3E will be used.

       CONTROL
	      Action to take following an encode/decode.

       index INDEX
	      Assign a unique ID to this action instead of letting the kernel choose one automatically.  INDEX is a 32bit unsigned integer greater
	      than zero.

EXAMPLES

       On  the receiving side, match packets with ethertype 0xdead and restart classification so that it will match ICMP on the next rule, at prio
       3:
	      # tc qdisc add dev eth0 handle ffff: ingress
	      # tc filter add dev eth0 parent ffff: prio 2 protocol 0xdead 
		   u32 match u32 0 0 flowid 1:1 
		   action ife decode reclassify
	      # tc filter add dev eth0 parent ffff: prio 3 protocol ip 
		   u32 match ip protocol 0xff flowid 1:1 
		   action continue

       Match with skb mark of 17:

	      # tc filter add dev eth0 parent ffff: prio 4 protocol ip 
		   handle 0x11 fw flowid 1:1 
		   action ok

       Configure the sending side to encode for the filters above. Use a destination IP address of 192.168.122.237/24, then tag with skb  mark	of
       decimal	17.  Encode  the  packaet  with ethertype 0xdead, add skb->mark to whitelist of metadatum to send, and rewrite the destination MAC
       address to 02:15:15:15:15:15.

	      # tc qdisc add dev eth0 root handle 1: prio
	      # tc filter add dev eth0 parent 1: protocol ip prio 10 u32 
		   match ip dst 192.168.122.237/24 
		   match ip protocol 1 0xff 
		   flowid 1:2 
		   action skbedit mark 17 
		   action ife encode 
		   type 0xDEAD 
		   allow mark 
		   dst 02:15:15:15:15:15

SEE ALSO

       tc(8), tc-u32(8)

iproute2							    22 Apr 2016 					       IFE action in tc(8)

Check Out this Related Man Page

VLAN manipulation action in tc(8)                                      Linux                                     VLAN manipulation action in tc(8)

NAME

       vlan - vlan manipulation module

SYNOPSIS

       tc ... action vlan { pop | PUSH | MODIFY } [ CONTROL ]

       PUSH := push [ protocol VLANPROTO ]  [ priority VLANPRIO ] id VLANID

       MODIFY := modify [ protocol VLANPROTO ]  [ priority VLANPRIO ] id VLANID

       CONTROL := { reclassify | pipe | drop | continue | pass | goto chain CHAIN_INDEX }

DESCRIPTION

       The  vlan action allows to perform 802.1Q en- or decapsulation on a packet, reflected by the operation modes POP, PUSH and MODIFY.  The POP
       mode is simple, as no further information is required to just drop the outer-most VLAN encapsulation. The PUSH and MODIFY modes require  at
       least a VLANID and allow to optionally choose the VLANPROTO to use.

OPTIONS

       pop    Decapsulation mode, no further arguments allowed.

       push   Encapsulation mode. Requires at least id option.

       modify Replace mode. Existing 802.1Q tag is replaced. Requires at least id option.

       id VLANID
              Specify  the  VLAN  ID  to encapsulate into.  VLANID is an unsigned 16bit integer, the format is detected automatically (e.g. prefix
              with '0x' for hexadecimal interpretation, etc.).

       protocol VLANPROTO
              Choose the VLAN protocol to use. At the time of writing, the kernel accepts only 802.1Q or 802.1ad.

       priority VLANPRIO
              Choose the VLAN priority to use. Decimal number in range of 0-7.

       CONTROL
              How to continue after executing this action.

              reclassify
                     Restarts classification by jumping back to the first filter attached to this action's parent.

              pipe   Continue with the next action, this is the default.

              drop   Packet will be dropped without running further actions.

              continue
                     Continue classification with next filter in line.

              pass   Return to calling qdisc for packet processing. This ends the classification process.

EXAMPLES

       The following example encapsulates incoming ICMP packets on eth0 from 10.0.0.2 into VLAN ID 123:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev eth0 parent ffff: pref 11 protocol ip 
                   u32 match ip protocol 1 0xff flowid 1:1 
                   u32 match ip src 10.0.0.2 flowid 1:1 
                   action vlan push id 123

       Here is an example of the pop function: Incoming VLAN packets on eth0 are decapsulated and the classification process  then  restarted  for
       the plain packet:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev $ETH parent ffff: pref 1 protocol 802.1Q 
                   u32 match u32 0 0 flowid 1:1 
                   action vlan pop reclassify

SEE ALSO

       tc(8)

iproute2                                                            12 Jan 2015                                  VLAN manipulation action in tc(8)
Man Page