Commit 6b3e0388 authored by Stephen Hemminger's avatar Stephen Hemminger

Merge branch 'master' into net-next

parents da60d031 5f4d27d5
......@@ -44,3 +44,4 @@ doc/*.ps
doc/*.dvi
doc/*.html
doc/*.pdf
doc/*.out
PSFILES=ip-cref.ps ip-tunnels.ps api-ip6-flowlabels.ps ss.ps nstat.ps arpd.ps rtstat.ps
PSFILES=ip-cref.ps ip-tunnels.ps api-ip6-flowlabels.ps ss.ps nstat.ps arpd.ps rtstat.ps tc-filters.ps
# tc-cref.ps
# api-rtnl.tex api-pmtudisc.tex api-news.tex
# iki-netdev.ps iki-neighdst.ps
......
......@@ -2049,9 +2049,6 @@ table \verb|local| (ID 255).
The \verb|local| table is a special routing table containing
high priority control routes for local and broadcast addresses.
Rule 0 is special. It cannot be deleted or overridden.
\item Priority: 32766, Selector: match anything, Action: lookup routing
table \verb|main| (ID 254).
The \verb|main| table is the normal routing table containing all non-policy
......
This diff is collapsed.
......@@ -49,7 +49,7 @@ static void usage(void)
fprintf(stderr,
"Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n"
" ip [ -force ] -batch filename\n"
"where OBJECT := { link | address | addrlabel | route | rule | neighbor | ntable |\n"
"where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |\n"
" tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |\n"
" netns | l2tp | fou | tcp_metrics | token | netconf }\n"
" OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n"
......
......@@ -49,7 +49,8 @@ static void usage(void) __attribute__((noreturn));
static void usage(void)
{
fprintf(stderr, "Usage: ip addrlabel [ list | add | del | flush ] prefix PREFIX [ dev DEV ] [ label LABEL ]\n");
fprintf(stderr, "Usage: ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label LABEL ]\n");
fprintf(stderr, " ip addrlabel [ list | flush | help ]\n");
exit(-1);
}
......
......@@ -70,17 +70,16 @@ void iplink_usage(void)
fprintf(stderr, " [ address LLADDR ]\n");
fprintf(stderr, " [ broadcast LLADDR ]\n");
fprintf(stderr, " [ mtu MTU ]\n");
fprintf(stderr, " [ netns PID ]\n");
fprintf(stderr, " [ netns NAME ]\n");
fprintf(stderr, " [ netns { PID | NAME } ]\n");
fprintf(stderr, " [ link-netnsid ID ]\n");
fprintf(stderr, " [ alias NAME ]\n");
fprintf(stderr, " [ vf NUM [ mac LLADDR ]\n");
fprintf(stderr, " [ vlan VLANID [ qos VLAN-QOS ] ]\n");
fprintf(stderr, " [ rate TXRATE ] ]\n");
fprintf(stderr, " [ rate TXRATE ]\n");
fprintf(stderr, " [ spoofchk { on | off} ] ]\n");
fprintf(stderr, " [ query_rss { on | off} ] ]\n");
fprintf(stderr, " [ spoofchk { on | off} ]\n");
fprintf(stderr, " [ query_rss { on | off} ]\n");
fprintf(stderr, " [ state { auto | enable | disable} ] ]\n");
fprintf(stderr, " [ trust { on | off} ] ]\n");
fprintf(stderr, " [ master DEVICE ]\n");
......
......@@ -46,10 +46,11 @@ static void usage(void) __attribute__((noreturn));
static void usage(void)
{
fprintf(stderr, "Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]\n"
" [ nud { permanent | noarp | stale | reachable } ]\n"
" | proxy ADDR } [ dev DEV ]\n");
fprintf(stderr, " ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n");
fprintf(stderr, "Usage: ip neigh { add | del | change | replace }\n"
" { ADDR [ lladdr LLADDR ] [ nud STATE ] | proxy ADDR } [ dev DEV ]\n");
fprintf(stderr, " ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n\n");
fprintf(stderr, "STATE := { permanent | noarp | stale | reachable | none |\n"
" incomplete | delay | probe | failed }\n");
exit(-1);
}
......
......@@ -52,7 +52,7 @@ static void usage(void)
"PARMS := [ base_reachable MSEC ] [ retrans MSEC ] [ gc_stale MSEC ]\n"
" [ delay_probe MSEC ] [ queue LEN ]\n"
" [ app_probs VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]\n"
" [ app_probes VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]\n"
" [ anycast_delay MSEC ] [ proxy_delay MSEC ] [ proxy_queue LEN ]\n"
" [ locktime MSEC ]\n"
);
......
......@@ -82,13 +82,13 @@ static void usage(void)
fprintf(stderr, "FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]\n");
fprintf(stderr, "OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]\n");
fprintf(stderr, " [ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]\n");
fprintf(stderr, " [ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n");
fprintf(stderr, " [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n");
fprintf(stderr, " [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]\n");
fprintf(stderr, " [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]\n");
fprintf(stderr, " [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]\n");
fprintf(stderr, " [ pref PREF ] [ expires TIME ]\n");
fprintf(stderr, "TYPE := [ unicast | local | broadcast | multicast | throw |\n");
fprintf(stderr, " unreachable | prohibit | blackhole | nat ]\n");
fprintf(stderr, "TYPE := { unicast | local | broadcast | multicast | throw |\n");
fprintf(stderr, " unreachable | prohibit | blackhole | nat }\n");
fprintf(stderr, "TABLE_ID := [ local | main | default | all | NUMBER ]\n");
fprintf(stderr, "SCOPE := [ host | link | global | NUMBER ]\n");
fprintf(stderr, "NHFLAGS := [ onlink | pervasive ]\n");
......
......@@ -39,6 +39,7 @@ static void usage(void)
fprintf(stderr, "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n");
fprintf(stderr, " [ iif STRING ] [ oif STRING ] [ pref NUMBER ]\n");
fprintf(stderr, "ACTION := [ table TABLE_ID ]\n");
fprintf(stderr, " [ nat ADDRESS ]\n");
fprintf(stderr, " [ realms [SRCREALM/]DSTREALM ]\n");
fprintf(stderr, " [ goto NUMBER ]\n");
fprintf(stderr, " SUPPRESSOR\n");
......
......@@ -14,7 +14,9 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.
tipc.8 tipc-bearer.8 tipc-link.8 tipc-media.8 tipc-nametable.8 \
tipc-node.8 tipc-socket.8 \
tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \
tc-tcindex.8 tc-u32.8
tc-tcindex.8 tc-u32.8 \
tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \
tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8
all: $(TARGETS)
......
......@@ -58,9 +58,9 @@ ip-address \- protocol address management
.ti -8
.IR FLAG " := "
.RB "[ " permanent " | " dynamic " | " secondary " | " primary " | \
[ - ] " tentative " | [ - ] " deprecated " | [ - ] " dadfailed " | "\
temporary " | " CONFFLAG-LIST " ]"
.RB "[ " permanent " | " dynamic " | " secondary " | " primary " |"
.RB [ - ] tentative " | [" - ] deprecated " | [" - ] dadfailed " |"
.BR temporary " | " CONFFLAG-LIST " ]"
.ti -8
.IR CONFFLAG-LIST " := [ " CONFFLAG-LIST " ] " CONFFLAG
......@@ -72,7 +72,7 @@ temporary " | " CONFFLAG-LIST " ]"
.ti -8
.IR LIFETIME " := [ "
.BI valid_lft " LFT"
.RB "| " preferred_lft
.RB "] [ " preferred_lft
.IR LFT " ]"
.ti -8
......
......@@ -6,21 +6,9 @@ ip-addrlabel \- protocol address label management
.ad l
.in +8
.ti -8
.B ip
.RI "[ " OPTIONS " ]"
.B addrlabel
.B ip addrlabel
.RI " { " COMMAND " | "
.BR help " }"
.sp
.ti -8
.IR OPTIONS " := { "
\fB\-V\fR[\fIersion\fR] |
\fB\-s\fR[\fItatistics\fR] |
\fB\-r\fR[\fIesolve\fR] |
\fB\-f\fR[\fIamily\fR] {
.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | "
\fB\-o\fR[\fIneline\fR] }
.ti -8
.BR "ip addrlabel" " { " add " | " del " } " prefix
......
......@@ -15,10 +15,7 @@ ip-l2tp - L2TPv3 static unmanaged tunnel configuration
.ti -8
.BR "ip l2tp add tunnel"
.br
.B remote
.RI "[ " ADDR " ]"
.B local
.RI "[ " ADDR " ]"
.BI remote " ADDR " local " ADDR "
.br
.B tunnel_id
.IR ID
......@@ -73,24 +70,21 @@ ip-l2tp - L2TPv3 static unmanaged tunnel configuration
.IR ID
.br
.ti -8
.BR "ip l2tp show tunnel"
.B "[" tunnel_id
.IR ID
.B "]"
.BR "ip l2tp show tunnel" " [ " tunnel_id
.IR ID " ]"
.br
.ti -8
.BR "ip l2tp show session"
.B "[" tunnel_id
.IR ID
.B "] [" session_id
.IR ID
.B "]"
.BR "ip l2tp show session" " [ " tunnel_id
.IR ID .B " ] ["
.B session_id
.IR ID " ]"
.br
.ti -8
.IR NAME " := "
.IR STRING
.ti -8
.IR ADDR " := { " IP_ADDRESS " }"
.IR ADDR " := { " IP_ADDRESS " |"
.BR any " }"
.ti -8
.IR PORT " := { " NUMBER " }"
.ti -8
......
......@@ -6,24 +6,11 @@ ip-link \- network device configuration
.ad l
.in +8
.ti -8
.B ip
.RI "[ " OPTIONS " ]"
.B link
.B ip link
.RI " { " COMMAND " | "
.BR help " }"
.sp
.ti -8
.IR OPTIONS " := { "
\fB\-V\fR[\fIersion\fR] |
\fB\-h\fR[\fIuman-readable\fR] |
\fB\-s\fR[\fItatistics\fR] |
\fB\-r\fR[\fIesolve\fR] |
\fB\-f\fR[\fIamily\fR] {
.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | "
\fB\-o\fR[\fIneline\fR] |
\fB\-br\fR[\fIief\fR] }
.ti -8
.BI "ip link add"
.RB "[ " link
......@@ -49,7 +36,7 @@ ip-link \- network device configuration
.RB "[ " numrxqueues
.IR QUEUE_COUNT " ]"
.br
.BR type " TYPE"
.BI type " TYPE"
.RI "[ " ARGS " ]"
.ti -8
......@@ -92,79 +79,89 @@ ip-link \- network device configuration
.BR "ip link set " {
.IR DEVICE " | "
.BI "group " GROUP
.RB "} { " up " | " down " | " arp " { " on " | " off " } |"
.RB "} [ { " up " | " down " } ]"
.br
.BR promisc " { " on " | " off " } |"
.RB "[ " arp " { " on " | " off " } ]"
.br
.BR allmulticast " { " on " | " off " } |"
.RB "[ " dynamic " { " on " | " off " } ]"
.br
.BR dynamic " { " on " | " off " } |"
.RB "[ " multicast " { " on " | " off " } ]"
.br
.BR multicast " { " on " | " off " } |"
.RB "[ " allmulticast " { " on " | " off " } ]"
.br
.BR protodown " { " on " | " off " } |"
.RB "[ " promisc " { " on " | " off " } ]"
.br
.B txqueuelen
.IR PACKETS " |"
.RB "[ " protodown " { " on " | " off " } ]"
.br
.B name
.IR NEWNAME " |"
.RB "[ " trailers " { " on " | " off " } ]"
.br
.RB "[ " txqueuelen
.IR PACKETS " ]"
.br
.B address
.IR LLADDR " |"
.B broadcast
.IR LLADDR " |"
.RB "[ " name
.IR NEWNAME " ]"
.br
.B mtu
.IR MTU " |"
.RB "[ " address
.IR LLADDR " ]"
.br
.B netns
.IR PID " |"
.RB "[ " broadcast
.IR LLADDR " ]"
.br
.B netns
.IR NETNSNAME " |"
.RB "[ " mtu
.IR MTU " ]"
.br
.B alias
.IR NAME " |"
.RB "[ " netns " {"
.IR PID " | " NETNSNAME " } ]"
.br
.B vf
.RB "[ " link-netnsid
.IR ID " ]"
.br
.RB "[ " alias
.IR NAME " ]"
.br
.RB "[ " vf
.IR NUM " ["
.B mac
.IR LLADDR " ] ["
.B vlan
.IR LLADDR " ]"
.br
.in +9
.RB "[ " vlan
.IR VLANID " [ "
.B qos
.IR VLAN-QOS " ] ] ["
.B rate
.IR TXRATE " ] ["
.B max_tx_rate
.IR TXRATE " ] ["
.B min_tx_rate
.IR TXRATE " ] ["
.B spoofchk { on | off } ] [
.B state { auto | enable | disable} ] [
.B trust { on | off }
] |
.IR VLAN-QOS " ] ]"
.br
.B master
.IR DEVICE " |"
.RB "[ " rate
.IR TXRATE " ]"
.br
.RB "[ " max_tx_rate
.IR TXRATE " ]"
.br
.B nomaster " |"
.RB "[ " min_tx_rate
.IR TXRATE " ]"
.br
.B addrgenmode { eui64 | none | stable_secret | random }
.RB "[ " spoofchk " { " on " | " off " } ]"
.br
.B link-netnsid ID
.BR " }"
.RB "[ " state " { " auto " | " enable " | " disable " } ]"
.br
.RB "[ " trust " { " on " | " off " } ] ]"
.br
.in -9
.RB "[ " master
.IR DEVICE " ]"
.br
.RB "[ " nomaster " ]"
.br
.RB "[ " addrgenmode " { " eui64 " | " none " | " stable_secret " | " random " } ]"
.ti -8
.B ip link show
.RI "[ " DEVICE " | "
.B group
.IR GROUP " | "
.BR up " | "
.IR GROUP " ] ["
.BR up " ] ["
.B master
.IR DEVICE " | "
.IR DEVICE " ] ["
.B type
.IR TYPE " ]"
......@@ -494,15 +491,15 @@ are entered into the VXLAN device forwarding database.
.sp
.I [no]udpcsum
- specifies if UDP checksum is filled in
- specifies if UDP checksum is calculated for transmitted packets over IPv4.
.sp
.I [no]udp6zerocsumtx
- specifies if UDP checksum is filled in
- skip UDP checksum calculation for transmitted packets over IPv6.
.sp
.I [no]udp6zerocsumrx
- specifies if UDP checksum is received
- allow incoming UDP packets over IPv6 with zero checksum field.
.sp
.BI ageing " SECONDS"
......
......@@ -6,9 +6,7 @@ ip-monitor, rtmon \- state monitoring
.ad l
.in +8
.ti -8
.BR "ip " " [ "
.IR ip-OPTIONS " ]"
.BR "monitor" " [ " all " |"
.BR "ip monitor" " [ " all " |"
.IR OBJECT-LIST " ] ["
.BI file " FILENAME "
] [
......
......@@ -6,7 +6,7 @@ ip-mroute \- multicast routing cache management
.ad l
.in +8
.ti -8
.BR "ip " " [ ip-OPTIONS ] " "mroute show" " [ [ "
.BR "ip mroute show" " [ [ "
.BR " to " " ] "
.IR PREFIX " ] [ "
.B from
......
......@@ -18,7 +18,9 @@ ip-neighbour \- neighbour/arp tables management.
.IR ADDR " [ "
.B lladdr
.IR LLADDR " ] [ "
.BR nud " { " permanent " | " noarp " | " stale " | " reachable " } ] | " proxy
.B nud
.IR STATE " ] |"
.B proxy
.IR ADDR " } [ "
.B dev
.IR DEV " ]"
......@@ -31,6 +33,10 @@ ip-neighbour \- neighbour/arp tables management.
.B nud
.IR STATE " ]"
.ti -8
.IR STATE " := {"
.BR permanent " | " noarp " | " stale " | " reachable " | " none " |"
.BR incomplete " | " delay " | " probe " | " failed " }"
.SH DESCRIPTION
The
......@@ -75,12 +81,13 @@ can also be
.BR "null" .
.TP
.BI nud " NUD_STATE"
.BI nud " STATE"
the state of the neighbour entry.
.B nud
is an abbreviation for 'Neighbour Unreachability Detection'.
The state can take one of the following values:
.RS
.TP
.B permanent
the neighbour entry is valid forever and can be only
......@@ -100,6 +107,24 @@ This option to
.B ip neigh
does not change the neighbour state if it was valid and the address
is not changed by this command.
.TP
.B none
this is a pseudo state used when initially creating a neighbour entry or after
trying to remove it before it becomes free to do so.
.TP
.B incomplete
the neighbour entry has not (yet) been validated/resolved.
.TP
.B delay
neighbor entry validation is currently delayed.
.TP
.B probe
neighbor is being probed.
.TP
.B failed
max number of probes exceeded without success, neighbor validation has
ultimately failed.
.RE
.RE
.TP
......@@ -147,7 +172,7 @@ list neighbour proxies.
only list neighbours which are not currently in use.
.TP
.BI nud " NUD_STATE"
.BI nud " STATE"
only list neighbour entries in this state.
.I NUD_STATE
takes values listed below or the special value
......
......@@ -13,7 +13,7 @@ ip-netns \- process network namespace management
.BR help " }"
.sp
.ti -8
.BR "ip netns" " { " list " } "
.BR "ip netns" " [ " list " ]"
.ti -8
.B ip netns add
......@@ -24,7 +24,7 @@ ip-netns \- process network namespace management
.RI "[ " NETNSNAME " ]"
.ti -8
.BR "ip netns" " { " set " } "
.B ip netns set
.I NETNSNAME NETNSID
.ti -8
......
......@@ -8,7 +8,7 @@ ip-ntable - neighbour table configuration
.ti -8
.B ip
.RI "[ " OPTIONS " ]"
.B address
.B ntable
.RI " { " COMMAND " | "
.BR help " }"
.sp
......@@ -17,34 +17,39 @@ ip-ntable - neighbour table configuration
.BR "ip ntable change name"
.IR NAME " [ "
.B dev
.IR DEV " ] " PARMS
.ti -8
.IR PARMS " := { "
.IR DEV " ] ["
.B thresh1
.IR VAL " | "
.IR VAL " ] ["
.B thresh2
.IR VAL " | "
.IR VAL " ] ["
.B thresh3
.IR VAL " | "
.IR VAL " ] ["
.B gc_int
.IR MSEC " | "
.IR MSEC " ] ["
.B base_reachable
.IR MSEC " | "
.IR MSEC " ] ["
.B retrans
.IR MSEC " | " "gc_stale MSEC " " | "
.IR MSEC " ] ["
.B gc_stale
.IR MSEC " ] ["
.B delay_probe
.IR MSEC " | " "queue LEN " " | "
.IR MSEC " ] ["
.B queue
.IR LEN " ] ["
.B app_probs
.IR VAL " | "
.IR VAL " ] ["
.B ucast_probes
.IR VAL " | " "mcast_probes VAL " " | "
.IR VAL " ] ["
.B mcast_probes
.IR VAL " ] ["
.B anycast_delay
.IR MSEC " | "
.IR MSEC " ] ["
.B proxy_delay
.IR MSEC " | " "proxy_queue LEN " " | "
.IR MSEC " ] ["
.B proxy_queue
.IR LEN " ] ["
.B locktime
.IR MSEC " }"
.IR MSEC " ]"
.ti -8
.BR "ip ntable show" " [ "
......
......@@ -16,7 +16,7 @@ ip-route \- routing table management
.ti -8
.BR "ip route" " { "
.BR list " | " flush " } "
.BR show " | " flush " } "
.I SELECTOR
.ti -8
......
......@@ -9,20 +9,26 @@ ip-rule \- routing policy database management
.B ip
.RI "[ " OPTIONS " ]"
.B rule
.RI " { " COMMAND " | "
.RI "{ " COMMAND " | "
.BR help " }"
.sp
.ti -8
.B ip rule
.RB " [ " list " | " add " | " del " | " flush " | " save " ]"
.RB "[ " list " ]"
.ti -8
.B ip rule
.RB "{ " add " | " del " }"
.I SELECTOR ACTION
.ti -8
.B ip rule " restore "
.B ip rule
.RB "{ " flush " | " save " | " restore " }"
.ti -8
.IR SELECTOR " := [ "
.BR not " ] ["
.B from
.IR PREFIX " ] [ "
.B to
......@@ -30,7 +36,7 @@ ip-rule \- routing policy database management
.B tos
.IR TOS " ] [ "
.B fwmark
.IR FWMARK[/MASK] " ] [ "
.IR FWMARK\fR[\fB/\fIMASK "] ] [ "
.B iif
.IR STRING " ] [ "
.B oif
......@@ -45,8 +51,9 @@ ip-rule \- routing policy database management
.B nat
.IR ADDRESS " ] [ "
.B realms
.RI "[" SRCREALM "/]" DSTREALM " ]"
.I SUPPRESSOR
.RI "[" SRCREALM "\fB/\fR]" DSTREALM " ] ["
.B goto
.IR NUMBER " ] " SUPPRESSOR
.ti -8
.IR SUPPRESSOR " := [ "
......@@ -111,8 +118,6 @@ The
.B local
table is a special routing table containing
high priority control routes for local and broadcast addresses.
.sp
Rule 0 is special. It cannot be deleted or overridden.
.TP
2.
......
......@@ -7,23 +7,23 @@ ip-token \- tokenized interface identifier support
.in +8
.ti -8
.B ip token
.RI " { " COMMAND " | "
.RI "{ " COMMAND " | "
.BR help " }"
.sp
.ti -8
.BR "ip token" " { " set " } "
.B ip token set
.IR TOKEN
.B dev
.IR DEV
.ti -8
.BR "ip token" " { " get " } "
.B dev
.IR DEV
.B ip token get
.RB "[ " dev
.IR DEV " ]"
.ti -8
.BR "ip token" " { " list " }"
.BR "ip token" " [ " list " ]"
.SH "DESCRIPTION"
IPv6 tokenized interface identifier support is used for assigning well-known
......
......@@ -11,7 +11,7 @@ ip-tunnel - tunnel configuration
.ti -8
.BR "ip "
.RI "[ " OPTIONS " ]"
.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " }"
.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " | " 6rd " }"
.RI "[ " NAME " ]"
.br
.RB "[ " mode
......@@ -42,6 +42,12 @@ ip-tunnel - tunnel configuration
.B prl-delete
.IR ADDR " ]"
.br
.RB "[ " 6rd-prefix
.IR ADDR " ] ["
.B 6rd-relay_prefix
.IR ADDR " ] [
.BR 6rd-reset " ]"
.br
.RB "[ [" no "]" pmtudisc " ]"
.RB "[ " dev
.IR PHYS_DEV " ]"
......@@ -75,9 +81,6 @@ ip-tunnel - tunnel configuration
.ti -8
.IR KEY " := { " DOTTED_QUAD " | " NUMBER " }"
.ti -8
.IR TIME " := " NUMBER "[s|ms]"
.SH DESCRIPTION
.B tunnel
objects are tunnels, encapsulating packets in IP packets and then
......
......@@ -57,6 +57,8 @@ ip-xfrm \- transform configuration
.IR ADDR "[/" PLEN "] ]"
.RB "[ " ctx
.IR CTX " ]"
.RB "[ " extra-flag
.IR EXTRA-FLAG-LIST " ]"
.ti -8
.B "ip xfrm state allocspi"
......@@ -195,6 +197,13 @@ ip-xfrm \- transform configuration
.RB "{ " espinudp " | " espinudp-nonike " }"
.IR SPORT " " DPORT " " OADDR
.ti -8
.IR EXTRA-FLAG-LIST " := [ " EXTRA-FLAG-LIST " ] " EXTRA-FLAG
.ti -8
.IR EXTRA-FLAG " := "
.B dont-encap-dscp
.ti -8
.BR "ip xfrm policy" " { " add " | " update " }"
.I SELECTOR
......@@ -247,6 +256,8 @@ ip-xfrm \- transform configuration
.IR ACTION " ]"
.RB "[ " priority
.IR PRIORITY " ]"
.RB "[ " flag
.IR FLAG-LIST "]"
.ti -8
.B "ip xfrm policy flush"
......
......@@ -21,7 +21,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels
.IR OBJECT " := { "
.BR link " | " address " | " addrlabel " | " route " | " rule " | " neigh " | "\
ntable " | " tunnel " | " tuntap " | " maddress " | " mroute " | " mrule " | "\
monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " }"
monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " | " token " }"
.sp
.ti -8
......@@ -29,10 +29,22 @@ ip \- show / manipulate routing, devices, policy routing and tunnels
\fB\-V\fR[\fIersion\fR] |
\fB\-h\fR[\fIuman-readable\fR] |
\fB\-s\fR[\fItatistics\fR] |
\fB\-d\fR[\fIetails\fR] |
\fB\-r\fR[\fIesolve\fR] |
\fB\-iec\fR |
\fB\-f\fR[\fIamily\fR] {
.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | "
\fB-4\fR |
\fB-6\fR |
\fB-I\fR |
\fB-D\fR |
\fB-B\fR |
\fB-0\fR |
\fB-l\fR[\fIoops\fR] { \fBmaximum-addr-flush-attempts\fR } |
\fB\-o\fR[\fIneline\fR] |
\fB\-rc\fR[\fIvbuf\fR] [\fBsize\fR] |
\fB\-t\fR[\fIimestamp\fR] |
\fB\-ts\fR[\fIhort\fR] |
\fB\-n\fR[\fIetns\fR] name |
\fB\-a\fR[\fIll\fR] |
\fB\-c\fR[\fIolor\fR] }
......@@ -179,6 +191,16 @@ Use color output.
.BR "\-t" , " \-timestamp"
display current time when using monitor option.
.TP
.BR "\-ts" , " \-tshort"
Like
.BR \-timestamp ,
but use shorter format.
.TP
.BR "\-rc" , " \-rcvbuf" <SIZE>
Set the netlink socket receive buffer size, defaults to 1MB.
.SH IP - COMMAND SYNTAX
.SS
......@@ -240,6 +262,10 @@ display current time when using monitor option.
.B tcp_metrics/tcpmetrics
- manage TCP Metrics
.TP
.B token
- manage tokenized interface identifiers.
.TP
.B tunnel
- tunnel over IP.
......@@ -305,6 +331,7 @@ was written by Alexey N. Kuznetsov and added in Linux 2.2.
.BR ip-route (8),
.BR ip-rule (8),
.BR ip-tcp_metrics (8),
.BR ip-token (8),
.BR ip-tunnel (8),
.BR ip-xfrm (8)
.br
......
.TH "Connmark retriever action in tc" 8 "11 Jan 2016" "iproute2" "Linux"
.SH NAME
connmark - netfilter connmark retriever action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action connmark " [ " zone"
.IR u16_zone_index " ] [ " BRANCH " ] ["
.BI index " u32_index "
]
.ti -8
.IR BRANCH " := { " reclassify " | " pipe " | " drop " | " continue " | " ok " }"
.SH DESCRIPTION
The connmark action is used to restore the connection's mark value into the
packet's fwmark.
.SH OPTIONS
.TP
.BI zone " u16_zone_index"
Specify the conntrack zone when doing conntrack lookups for packets.
.I u16_zone_index
is a 16bit unsigned decimal value.
.TP
.I BRANCH
How to continue after executing this action.
.RS
.TP
.B reclassify
Restarts classification by jumping back to the first filter attached to this
action's parent.
.TP
.B pipe
Continue with the next action, this is the default.
.TP
.B drop
.TQ
.B shot
Packet will be dropped without running further actions.
.TP
.B continue
Continue classification with next filter in line.
.TP
.B pass
Return to calling qdisc for packet processing. This ends the classification
process.
.RE
.TP
.BI index " u32_index "
Specify an index for this action in order to being able to identify it in later
commands.
.I u32_index
is a 32bit unsigned decimal value.
.SH SEE ALSO
.BR tc (8)
.TH "Checksum action in tc" 8 "11 Jan 2015" "iproute2" "Linux"
.SH NAME
csum - checksum update action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action csum"
.I UPDATE
.ti -8
.IR UPDATE " := " TARGET " [ " UPDATE " ]"
.ti -8
.IR TARGET " := { "
.BR ip4h " |"
.BR icmp " |"
.BR igmp " |"
.BR tcp " |"
.BR udp " |"
.BR udplite " |"
.IR SWEETS " }"
.ti -8
.IR SWEETS " := { "
.BR and " | " or " | " + " }"
.SH DESCRIPTION
The
.B csum
action triggers checksum recalculation of specified packet headers. It is
commonly used after packet editing using the
.B pedit
action to fix for then incorrect checksums.
.SH OPTIONS
.TP
.I TARGET
Specify which headers to update: IPv4 header
.RB ( ip4h ),
ICMP header
.RB ( icmp ),
IGMP header
.RB ( igmp ),
TCP header
.RB ( tcp ),
UDP header
.RB ( udp ") or"
UDPLite header
.RB ( udplite ).
.TP
.B SWEETS
These are merely syntactic sugar and ignored internally.
.SH SEE ALSO
.BR tc (8),
.BR tc-pedit (8)
.TH "Mirror/redirect action in tc" 8 "11 Jan 2015" "iproute2" "Linux"
.SH NAME
mirred - mirror/redirect action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action mirred"
.I DIRECTION ACTION
.RB "[ " index
.IR INDEX " ] "
.BI dev " DEVICENAME"
.ti -8
.IR DIRECTION " := { "
.BR ingress " | " egress " }"
.ti -8
.IR ACTION " := { "
.BR mirror " | " redirect " }"
.SH DESCRIPTION
The
.B mirred
action allows to redirect or mirror packets to another network interface on the
same system. It is typically used in combination with the
.B ifb
pseudo device to create a shrared instance where QoS happens, but serves well
for debugging or monitoring purposes, too.
.SH OPTIONS
.TP
.B ingress
.TQ
.B egress
Specify the direction in which the packet shall appear on the destination
interface. Currently only
.B egress
is implemented.
.TP
.B mirror
.TQ
.B redirect
Define whether the packet should be copied
.RB ( mirror )
or moved
.RB ( redirect )
to the destination interface.
.TP
.BI index " INDEX"
Assign a unique ID to this action instead of letting the kernel choose one
automatically.
.I INDEX
is a 32bit unsigned integer greater than zero.
.TP
.BI dev " DEVICENAME"
Specify the network interface to redirect or mirror to.
.SH EXAMPLES
Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for
debugging purposes:
.RS
.EX
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: u32 \\
match u32 0 0 \\
action police rate 1mbit burst 100k conform-exceed pipe \\
action mirred egress redirect dev lo
.EE
.RE
Use an
.B ifb
interface to send ingress traffic on eth0 through an instance of
.BR sfq :
.RS
.EX
# modprobe ifb
# ip link set ifb0 up
# tc qdisc add dev ifb0 root sfq
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: u32 \\
match u32 0 0 \\
action mirred egress redirect dev ifb0
.EE
.RE
.SH SEE ALSO
.BR tc (8),
.BR tc-u32 (8)
.TH "NAT action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
.SH NAME
nat - stateless native address translation action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action nat"
.I DIRECTION OLD NEW
.ti -8
.IR DIRECTION " := { "
.BR ingress " | " egress " }"
.ti -8
.IR OLD " := " IPV4_ADDR_SPEC
.ti -8
.IR NEW " := " IPV4_ADDR_SPEC
.ti -8
.IR IPV4_ADDR_SPEC " := { "
.BR default " | " any " | " all " | "
\fIin_addr\fR[\fB/\fR{\fIprefix\fR|\fInetmask\fR}]
.SH DESCRIPTION
The
.B nat
action allows to perform NAT without the overhead of conntrack, which is
desirable if the number of flows or addresses to perform NAT on is large. This
action is best used in combination with the
.B u32
filter to allow for efficient lookups of a large number of stateless NAT rules
in constant time.
.SH OPTIONS
.TP
.B ingress
Translate destination addresses, i.e. perform DNAT.
.TP
.B egress
Translate source addresses, i.e. perform SNAT.
.TP
.I OLD
Specifies addresses which should be translated.
.TP
.I NEW
Specifies addresses which
.I OLD
should be translated into.
.SH NOTES
The accepted address format in
.IR OLD " and " NEW
is quite flexible. It may either consist of one of the keywords
.BR default ", " any " or " all ,
representing the all-zero IP address or a combination of IP address and netmask
or prefix length separated by a slash
.RB ( / )
sign. In any case, the mask (or prefix length) value of
.I OLD
is used for
.I NEW
as well so that a one-to-one mapping of addresses is assured.
Address translation is done using a combination of binary operations. First, the
original (source or destination) address is matched against the value of
.IR OLD .
If the original address fits, the new address is created by taking the leading
bits from
.I NEW
(defined by the netmask of
.IR OLD )
and taking the remaining bits from the original address.
There is rudimental support for upper layer protocols, namely TCP, UDP and ICMP.
While for the first two only checksum recalculation is performed, the action
also takes care of embedded IP headers in ICMP packets by translating the
respective address therein, too.
.SH SEE ALSO
.BR tc (8)
.TH "Generic packet editor action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
.SH NAME
pedit - generic packet editor action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action pedit munge " {
.IR RAW_OP " | " LAYERED_OP " } [ " BRANCH " ]"
.ti -8
.IR RAW_OP " := "
.BI offset " OFFSET"
.RB "{ " u8 " | " u16 " | " u32 " } ["
.IR AT_SPEC " ] " CMD_SPEC
.ti -8
.IR AT_SPEC " := "
.BI at " AT " offmask " MASK " shift " SHIFT"
.ti -8
.IR LAYERED_OP " := { "
.BI ip " IPHDR_FIELD"
|
.BI ip6 " IP6HDR_FIELD"
|
.BI udp " UDPHDR_FIELD"
|
.BI tcp " TCPHDR_FIELD"
|
.BI icmp " ICMPHDR_FIELD"
.RI } " CMD_SPEC"
.ti -8
.IR IPHDR_FIELD " := { "
.BR src " | " dst " | " tos " | " dsfield " | " ihl " | " protocol " |"
.BR precedence " | " nofrag " | " firstfrag " | " ce " | " df " |"
.BR mf " | " dport " | " sport " | " icmp_type " | " icmp_code " }"
.ti -8
.IR CMD_SPEC " := {"
.BR clear " | " invert " | " set
.IR VAL " | "
.BR preserve " } [ " retain
.IR RVAL " ]"
.ti -8
.IR BRANCH " := {"
.BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " }"
.SH DESCRIPTION
The
.B pedit
action can be used to change arbitrary packet data. The location of data to
change can either be specified by giving an offset and size as in
.IR RAW_OP ,
or for header values by naming the header and field to edit the size is then
chosen automatically based on the header field size. Currently this is supported
only for IPv4 headers.
.SH OPTIONS
.TP
.BI offset " OFFSET " "\fR{ \fBu32 \fR| \fBu16 \fR| \fBu8 \fR}"
Specify the offset at which to change data.
.I OFFSET
is a signed integer, it's base is automatically chosen (e.g. hex if prefixed by
.B 0x
or octal if prefixed by
.BR 0 ).
The second argument specifies the length of data to change, that is four bytes
.RB ( u32 ),
two bytes
.RB ( u16 )
or a single byte
.RB ( u8 ).
.TP
.BI at " AT " offmask " MASK " shift " SHIFT"
This is an optional part of
.IR RAW_OP
which allows to have a variable
.I OFFSET
depending on packet data at offset
.IR AT ,
which is binary ANDed with
.I MASK
and right-shifted by
.I SHIFT
before adding it to
.IR OFFSET .
.TP
.BI ip " IPHDR_FIELD"
Change an IPv4 header field. The supported keywords for
.I IPHDR_FIELD
are:
.RS
.TP
.B src
.TQ
.B dst
Source or destination IP address, a four-byte value.
.TP
.B tos
.TQ
.B dsfield
.TQ
.B precedence
Type Of Service field, an eight-bit value.
.TP
.B ihl
Change the IP Header Length field, a four-bit value.
.TP
.B protocol
Next-layer Protocol field, an eight-bit value.
.TP
.B nofrag
.TQ
.B firstfrag
.TQ
.B ce
.TQ
.B df
.TQ
.B mf
Change IP header flags. Note that the value to pass to the
.B set
command is not just a bit value, but the full byte including the flags field.
Though only the relevant bits of that value are respected, the rest ignored.
.TP
.B dport
.TQ
.B sport
Destination or source port numbers, a 16-bit value. Indeed, IPv4 headers don't
contain this information. Instead, this will set an offset which suits at least
TCP and UDP if the IP header is of minimum size (20 bytes). If not, this will do
unexpected things.
.TP
.B icmp_type
.TQ
.B icmp_code
Again, this allows to change data past the actual IP header itself. It assumes
an ICMP header is present immediately following the (minimal sized) IP header.
If it is not or the latter is bigger than the minimum of 20 bytes, this will do
unexpected things. These fields are eight-bit values.
.RE
.TP
.B clear
Clear the addressed data (i.e., set it to zero).
.TP
.B invert
Swap every bit in the addressed data.
.TP
.BI set " VAL"
Set the addressed data to a specific value. The size of
.I VAL
is defined by either one of the
.BR u32 ", " u16 " or " u8
keywords in
.IR RAW_OP ,
or the size of the addressed header field in
.IR LAYERED_OP .
.TP
.B preserve
Keep the addressed data as is.
.TP
.BI retain " RVAL"
This optional extra part of
.I CMD_SPEC
allows to exclude bits from being changed.
.TP
.I BRANCH
The following keywords allow to control how the tree of qdisc, classes,
filters and actions is further traversed after this action.
.RS
.TP
.B reclassify
Restart with the first filter in the current list.
.TP
.B pipe
Continue with the next action attached to the same filter.
.TP
.B drop
.TQ
.B shot
Drop the packet.
.TP
.B continue
Continue classification with the next filter in line.
.TP
.B pass
Finish classification process and return to calling qdisc for further packet
processing. This is the default.
.RE
.SH EXAMPLES
Being able to edit packet data, one could do all kinds of things, such as e.g.
implementing port redirection. Certainly not the most useful application, but
as an example it should do:
First, qdiscs need to be set up to attach filters to. For the receive path, a simple
.B ingress
qdisc will do, for transmit path a classful qdisc
.RB ( HTB
in this case) is necessary:
.RS
.EX
tc qdisc replace dev eth0 root handle 1: htb
tc qdisc add dev eth0 ingress handle ffff:
.EE
.RE
Finally, a filter with
.B pedit
action can be added for each direction. In this case,
.B u32
is used matching on the port number to redirect from, while
.B pedit
then does the actual rewriting:
.RS
.EX
tc filter add dev eth0 parent 1: u32 \\
match ip dport 23 0xffff \\
action pedit pedit munge ip dport set 22
tc filter add dev eth0 parent ffff: u32 \\
match ip sport 22 0xffff \\
action pedit pedit munge ip sport set 23
.EE
.RE
.SH SEE ALSO
.BR tc (8),
.BR tc-htb (8),
.BR tc-u32 (8)
.TH "Policing action in tc" 8 "20 Jan 2015" "iproute2" "Linux"
.SH NAME
police - policing action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action police"
.BI rate " RATE " burst
.IR BYTES [\fB/ BYTES "] ["
.B mtu
.IR BYTES [\fB/ BYTES "] ] ["
.BI peakrate " RATE"
] [
.BI avrate " RATE"
] [
.BI overhead " BYTES"
] [
.BI linklayer " TYPE"
] [
.BI conform-exceed " EXCEEDACT\fR[\fB/\fIEXCEEDACT\fR]"
.ti -8
.IR EXCEEDACT " := { "
.BR pipe " | " ok " | " reclassify " | " drop " | " continue " }"
.SH DESCRIPTION
The
.B police
action allows to limit bandwidth of traffic matched by the filter it is
attached to.
.SH OPTIONS
.TP
.BI rate " RATE"
The maximum traffic rate of packets passing this action. Those exceeding it will
be treated as defined by the
.B conform-exceed
option.
.TP
.BI burst " BYTES\fR[\fB/\fIBYTES\fR]"
Set the maximum allowed burst in bytes, optionally followed by a slash ('/')
sign and cell size which must be a power of 2.
.TP
.BI mtu " BYTES\fR[\fB/\fIBYTES\fR]"
This is the maximum packet size handled by the policer (larger ones will be
handled like they exceeded the configured rate). Setting this value correctly
will improve the scheduler's precision.
Value formatting is identical to
.B burst
above. Defaults to unlimited.
.TP
.BI peakrate " RATE"
Set the maximum bucket depletion rate, exceeding
.BR rate .
.TP
.BI avrate " RATE"
Make use of an in-kernel bandwidth rate estimator and match the given
.I RATE
against it.
.TP
.BI overhead " BYTES"
Account for protocol overhead of encapsulating output devices when computing
.BR rate " and " peakrate .
.TP
.BI linklayer " TYPE"
Specify the link layer type.
.I TYPE
may be one of
.B ethernet
(the default),
.BR atm " or " adsl
(which are synonyms). It is used to align the precomputed rate tables to ATM
cell sizes, for
.B ethernet
no action is taken.
.TP
.BI conform-exceed " EXCEEDACT\fR[\fB/\fIEXCEEDACT\fR]"
Define how to handle packets which exceed (and, if the second
.I EXCEEDACT
is given, also those who don't), the configured bandwidth limit. Possible values
are:
.RS
.IP continue
Don't do anything, just continue with the next action in line.
.IP drop
Drop the packet immediately.
.IP shot
This is a synonym to
.BR drop .
.IP ok
Accept the packet. This is the default for conforming packets.
.IP pass
This is a synonym to
.BR ok .
.IP reclassify
Treat the packet as non-matching to the filter this action is attached to and
continue with the next filter in line (if any). This is the default for
exceeding packets.
.IP pipe
Pass the packet to the next action in line.
.SH EXAMPLES
A typical application of the police action is to enforce ingress traffic rate
by dropping exceeding packets. Although better done on the sender's side,
especially in scenarios with lack of peer control (e.g. with dial-up providers)
this is often the best one can do in order to keep latencies low under high
load. The following establishes input bandwidth policing to 1mbit/s using the
.B ingress
qdisc and
.B u32
filter:
.RS
.EX
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: u32 \\
match u32 0 0 \\
police rate 1mbit burst 100k
.EE
.RE
As an action can not live on it's own, there always has to be a filter involved as link between qdisc and action. The example above uses
.B u32
for that, which is configured to effectively match any packet (passing it to the
.B police
action thereby).
.SH SEE ALSO
.BR tc (8)
.TH "Simple action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
.SH NAME
simple - basic example action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action simple"
.I STRING
.SH DESCRIPTION
This is a pedagogical example rather than an actually useful action. Upon every access, it prints the given
.I STRING
which may be of arbitrary length.
.SH OPTIONS
.TP
.I STRING
The actual string to print.
.SH EXAMPLES
The following example makes the kernel yell "Incoming ICMP!" every time it sees
an incoming ICMP on eth0. Steps are:
.IP 1) 4
Add an ingress qdisc point to eth0
.IP 2) 4
Start a chain on ingress of eth0 that first matches ICMP then invokes the
simple action to shout.
.IP 3) 4
display stats and show that no packet has been seen by the action
.IP 4) 4
Send one ping packet to google (expect to receive a response back)
.IP 5) 4
grep the logs to see the logged message
.IP 6) 4
display stats again and observe increment by 1
.RE
.EX
hadi@noma1:$ tc qdisc add dev eth0 ingress
hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \\
u32 match ip protocol 1 0xff flowid 1:1 action simple "Incoming ICMP"
hadi@noma1:$ sudo tc -s filter ls dev eth0 parent ffff:
filter protocol ip pref 5 u32
filter protocol ip pref 5 u32 fh 800: ht divisor 1
filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
match 00010000/00ff0000 at 8
action order 1: Simple <Incoming ICMP>
index 4 ref 1 bind 1 installed 29 sec used 29 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
hadi@noma1$ ping -c 1 www.google.ca
PING www.google.ca (74.125.225.120) 56(84) bytes of data.
64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms
--- www.google.ca ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 31.316/31.316/31.316/0.000 ms
hadi@noma1$ dmesg | grep simple
[135354.473951] simple: Incoming ICMP_1
hadi@noma1$ sudo tc/tc -s filter ls dev eth0 parent ffff:
filter protocol ip pref 5 u32
filter protocol ip pref 5 u32 fh 800: ht divisor 1
filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
match 00010000/00ff0000 at 8
action order 1: Simple <Incoming ICMP>
index 4 ref 1 bind 1 installed 206 sec used 67 sec
Action statistics:
Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
.EE
.SH SEE ALSO
.BR tc (8)
.TH "SKB editing action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
.SH NAME
skbedit - SKB editing action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action skbedit " [ " queue_mapping
.IR QUEUE_MAPPING " ] ["
.B priority
.IR PRIORITY " ] ["
.B mark
.IR MARK " ]"
.SH DESCRIPTION
The
.B skbedit
action allows to change a packet's associated meta data. It complements the
.B pedit
action, which in turn allows to change parts of the packet data itself.
.SH OPTIONS
.TP
.BI queue_mapping " QUEUE_MAPPING"
Override the packet's transmit queue. Useful when applied to packets transmitted
over MQ-capable network interfaces.
.I QUEUE_MAPPING
is an unsigned 16bit value in decimal format.
.TP
.BI priority " PRIORITY"
Override the packet classification decision.
.I PRIORITY
is either
.BR root ", " none
or a hexadecimal major class ID optionally followed by a colon
.RB ( : )
and a hexadecimal minor class ID.
.TP
.BI mark " MARK"
Change the packet's firewall mark value.
.I MARK
is an unsigned 32bit value in automatically detected format (i.e., prefix with
.RB ' 0x '
for hexadecimal interpretation, etc.).
.SH SEE ALSO
.BR tc (8),
.BR tc-pedit (8)
......@@ -370,6 +370,7 @@ then allows to match various header fields:
.RS
.TP
.BI src " ADDR"
.TQ
.BI dst " ADDR"
Compare Source or Destination Address fields against the value of
.IR ADDR .
......
.TH "VLAN manipulation action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
.SH NAME
vlan - vlan manipulation module
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action vlan" " { " pop " |"
.IR PUSH " }"
.ti -8
.IR PUSH " := "
.BR push " [ " protocol
.IR VLANPROTO " ]"
.BI id " VLANID"
.SH DESCRIPTION
The
.B vlan
action allows to perform 802.1Q en- or decapsulation on a packet, reflected by
the two operation modes
.IR POP " and " PUSH .
The
.I POP
mode is simple, as no further information is required to just drop the
outer-most VLAN encapsulation. The
.I PUSH
mode on the other hand requires at least a
.I VLANID
and allows to optionally choose the
.I VLANPROTO
to use.
.SH OPTIONS
.TP
.B pop
Decapsulation mode, no further arguments allowed.
.TP
.B push
Encapsulation mode. Requires at least
.B id
option.
.TP
.BI id " VLANID"
Specify the VLAN ID to encapsulate into.
.I VLANID
is an unsigned 16bit integer, the format is detected automatically (e.g. prefix
with
.RB ' 0x '
for hexadecimal interpretation, etc.).
.TP
.BI protocol " VLANPROTO"
Choose the VLAN protocol to use. At the time of writing, the kernel accepts only
.BR 802.1Q " or " 802.1ad .
.SH SEE ALSO
.BR tc (8)
.TH "iptables action in tc" 8 "3 Mar 2016" "iproute2" "Linux"
.SH NAME
xt - tc iptables action
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " ... " "action xt \-j"
.IR TARGET " [ " TARGET_OPTS " ]"
.SH DESCRIPTION
The
.B xt
action allows to call arbitrary iptables targets for packets matching the filter
this action is attached to.
.SH OPTIONS
.TP
.BI -j " TARGET \fR[\fI TARGET_OPTS \fR]"
Perform a jump to the given iptables target, optionally passing any target
specific options in
.IR TARGET_OPTS .
.SH EXAMPLES
The following will attach a
.B u32
filter to the
.B ingress
qdisc matching ICMP replies and using the
.B xt
action to make the kernel yell 'PONG' each time:
.RS
.EX
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: proto ip u32 \\
match ip protocol 1 0xff \\
match ip icmp_type 0 0xff \\
action xt -j LOG --log-prefix PONG
.EE
.RE
.SH SEE ALSO
.BR tc (8),
.BR tc-u32 (8),
.BR iptables-extensions (8)
......@@ -35,7 +35,7 @@ static int pedit_debug;
static void
explain(void)
{
fprintf(stderr, "Usage: ... pedit munge <MUNGE>\n");
fprintf(stderr, "Usage: ... pedit munge <MUNGE> [<BRANCH>]\n");
fprintf(stderr,
"Where: MUNGE := <RAW>|<LAYERED>\n"
"\t<RAW>:= <OFFSETC>[ATC]<CMD>\n "
......@@ -47,6 +47,7 @@ explain(void)
"\t\tCMD:= clear | invert | set <setval>| retain\n "
"\t<LAYERED>:= ip <ipdata> | ip6 <ip6data> \n "
" \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata> \n"
"\t<BRANCH>:= reclassify | pipe | drop | continue | pass\n"
"For Example usage look at the examples directory\n");
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment