From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pa0-f41.google.com (mail-pa0-f41.google.com [209.85.220.41]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id D117921F1DE for ; Tue, 22 Oct 2013 16:45:44 -0700 (PDT) Received: by mail-pa0-f41.google.com with SMTP id bj1so208573pad.28 for ; Tue, 22 Oct 2013 16:45:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=WJXnXk6uHLlT600CGbFTiOPL2FFixjk/uo00VAyqkeI=; b=i8unOAXi4ufeczaqshqzPx26x3XcZkB5eu6XV9iBpc7xhZ3WK5oKGkRtqiMRYoOO69 h5OSEGXJvgLEYT/QMQLwmmXYSMEpp57YIXuh+cD2193G6LM21HX7uv1dAcZ/Er96A7We s0m5hF2dGzX07y/0m/ZM2d1NOcrYk4JcLVNKZdCVUxKsXZwQP8uFW7A/Xq76lAkJTT5q JaG0MZ5sNqKfFt5rEmlnRpB19nrY1wk2wVIjCbZTf6Z/E3jIaQz8nvdOmx/XWrpvJ9ON GJLadWBGGGRcpu7LSvb7mg5Khok58Brz22hB1SmB5Ug46W6wVB7mv8xwmFU6VUGvlnOP gpgg== X-Gm-Message-State: ALoCoQnTxWcz4Ns24K0PX5hl2j1CoGbT936oEFGI339FXA43C3EDTjhGblVI99nfA0m40Pbj0lU+ X-Received: by 10.68.182.3 with SMTP id ea3mr288467pbc.124.1382485544282; Tue, 22 Oct 2013 16:45:44 -0700 (PDT) Received: from nehalam.linuxnetplumber.net (static-50-53-83-51.bvtn.or.frontiernet.net. [50.53.83.51]) by mx.google.com with ESMTPSA id dq3sm306881pbc.35.2013.10.22.16.45.43 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 22 Oct 2013 16:45:43 -0700 (PDT) Date: Tue, 22 Oct 2013 16:45:41 -0700 From: Stephen Hemminger To: Dave Taht Message-ID: <20131022164541.7f6b09e5@nehalam.linuxnetplumber.net> In-Reply-To: References: <20131021183429.4c79d8d8@nehalam.linuxnetplumber.net> <20131022161237.59a817f8@nehalam.linuxnetplumber.net> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] cerowrt 3.10.17-3 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2013 23:45:45 -0000 On Tue, 22 Oct 2013 16:27:02 -0700 Dave Taht wrote: > On Tue, Oct 22, 2013 at 4:12 PM, Stephen Hemminger > wrote: > > With TC you can apply an action to packets coming in. > > One of those actions is mirred (not a typo) which mirrors the packet > > to another device. There is both mirror and redirect possible. > > > > Jamal invented this years ago, but actions are not widely used. > > I use this technique for an input redirect into ifb for cerowrt's > shaper. It works > well. > > > Inside Vyatta CLI wrappers, the port-mirroring capability converts to tc > > commands. For example doing SPAN equivalent from eth0 to eth1 is: > > > > tc filter add dev eth0 parent ffff: \ > > protocol all prio 10 u32 \ > > match u32 0 0 flowid 1:1 \ > > action mirred egress mirror dev eth1 > > In this case the device on eth1 would have to be an entirely passive > device otherwise it will attempt to interact with that traffic (?) In > the case of cero, it has two ethernet devices available, one hooked > directly into a switch, and as many wifi ones as you want. What would > probably work would be to split off a dedicated vlan port for the > mirror and send stuff to dev eth1.4 - (for example) so long as the > listening server was entirely passive. Yes, eth1 was assumed passive. > > tc filter add dev sw00 parent ffff: \ > protocol all prio 10 u32 \ > match u32 0 0 flowid 1:1 \ > action mirred egress mirror dev se00.4 That should work but doing mirror from se00 to se00.4 would create a death spiral. > > but you'd also want to do it on ingress too. (?) > > I forget the syntax for splitting off a vlan port in cero... > > > The actions apply to a filter, and this seemed to be a workable (match all) > > filter. > > Both directions? This was done on ingress only.