www.LinuxHowtos.org howtos, tips&tricks and tutorials for linux

from small one page howto to huge articles all in one place

Other .linuxhowtos.org sites:gentoo.linuxhowtos.org

Last additions:

using iotop to find disk usage hogs

words:

887

views:

210193

userrating:

May 25th. 2007:

Words

486

Views

259167

why adblockers are bad

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

150529

userrating:

April, 26th. 2006:

Words

Views

107890

New subdomain: toolsntoys.linuxhowtos.org

You are here: manpages

Mirror/redirect action in tc

Section: Linux (8)
Updated: 11 Jan 2015
Index Return to Main Contents

NAME

mirred- mirror/redirect action

SYNOPSIS

tc ... action mirred DIRECTION ACTION [ index INDEX ] TARGET

DIRECTION := { ingress | egress }

TARGET := { DEV | BLOCK }

DEV := dev DEVICENAME

BLOCK := blockid BLOCKID

ACTION := { mirror | redirect }

DESCRIPTION

The mirred action allows packet mirroring (copying) or redirecting (stealing) the packet it receives. Mirroring is what is sometimes referred to as Switch Port Analyzer (SPAN) and is commonly used to analyze and/or debug flows. When mirroring to a tc block, the packet will be mirrored to all the ports in the block with exception of the port where the packet ingressed, if that port is part of the tc block. Redirecting is similar to mirroring except that the behaviour is to mirror to the first N- 1 ports in the block and redirect to the last one (note that the port in which the packet arrived is not going to be mirrored or redirected to).

OPTIONS

ingress: egress Specify the direction in which the packet shall appear on the destination interface.
mirror: redirect Define whether the packet should be copied (mirror) or moved (redirect) to the destination interface or block.
index INDEX: Assign a unique ID to this action instead of letting the kernel choose one automatically. INDEX is a 32bit unsigned integer greater than zero.
dev DEVICENAME: Specify the network interface to redirect or mirror to.
blockid BLOCKID: Specify the tc block to redirect or mirror to.

EXAMPLES

Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for debugging purposes:

: # tc qdisc add dev eth0 handle ffff: clsact # tc filter add dev eth0 ingress u32         match u32 0 0
        action police rate 1mbit burst 100k confor-exceed pipe
        action mirred egress redirect dev lo

Mirror all incoming ICMP packets on eth0 to a dummy interface for examination with e.g. tcpdump:

: # ip link add dummy0 type dummy # ip link set dummy0 up # tc qdisc add dev eth0 handle ffff: clsact # tc filter add dev eth0 ingress protocol ip u32 match ip protocol 1 0xff
action mirred egress mirror dev dummy0

Using an ifb interface, it is possible to send ingress traffic through an instance of sfq:

: # modprobe ifb # ip link set ifb0 up # tc qdisc add dev ifb0 root sfq # tc qdisc add dev eth0 handle ffff: clsact # tc filter add dev eth0 ingress u32 match u32 0 0
action mirred egress redirect dev ifb0

LIMITATIONS

The kernel restricts nesting to four levels to avoid the chance of nesting loops.

Do not redirect for one IFB device to another. IFB is a very specialized case of packet redirecting device. Redirecting from ifb->ifbY will cause all packets to be dropped.