From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-we0-x233.google.com (mail-we0-x233.google.com [IPv6:2a00:1450:400c:c03::233]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id B3D1B21F1B9 for ; Tue, 22 Oct 2013 16:27:04 -0700 (PDT) Received: by mail-we0-f179.google.com with SMTP id w61so29052wes.38 for ; Tue, 22 Oct 2013 16:27:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=QEm7xuVT1xBU7cRg0FIYGk5itqfAikiuQqva13tfDVs=; b=08vzz4SDYKk+0a8Nabp+iGLMxn2OWZdDC0H1s1jcWdR7aoLQml03vGij4FGIRXrSp6 GdZEfZloYE5/7RkL0b6KZpZzFbNXz0iN1B8WzoThp3qAtEXvjvRfYut1LgXRA+lqSYCo lXKRo1e1XTGwk7RRQvVeXHX+ey6zprnAJepzlw5o3NIFZdXSdoJAcUICQ7FlbVSFt5Hh egFlUI7YYP4nuuxZ2PpIYvf01399DMJ//n16mUZ3/12ji5d4hVJi0MliyasunGe59lp3 QKDXZGKzpi4VfFKEcOY4QtVF5xsvd3WFvgyAgUbu6+AGadQ6xvYK0UoDkaUhqX5ULxup Q/UQ== MIME-Version: 1.0 X-Received: by 10.180.72.207 with SMTP id f15mr16991739wiv.60.1382484422542; Tue, 22 Oct 2013 16:27:02 -0700 (PDT) Received: by 10.217.67.202 with HTTP; Tue, 22 Oct 2013 16:27:02 -0700 (PDT) In-Reply-To: <20131022161237.59a817f8@nehalam.linuxnetplumber.net> References: <20131021183429.4c79d8d8@nehalam.linuxnetplumber.net> <20131022161237.59a817f8@nehalam.linuxnetplumber.net> Date: Tue, 22 Oct 2013 16:27:02 -0700 Message-ID: From: Dave Taht To: Stephen Hemminger Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] cerowrt 3.10.17-3 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2013 23:27:05 -0000 On Tue, Oct 22, 2013 at 4:12 PM, Stephen Hemminger wrote: > With TC you can apply an action to packets coming in. > One of those actions is mirred (not a typo) which mirrors the packet > to another device. There is both mirror and redirect possible. > > Jamal invented this years ago, but actions are not widely used. I use this technique for an input redirect into ifb for cerowrt's shaper. It works well. > Inside Vyatta CLI wrappers, the port-mirroring capability converts to tc > commands. For example doing SPAN equivalent from eth0 to eth1 is: > > tc filter add dev eth0 parent ffff: \ > protocol all prio 10 u32 \ > match u32 0 0 flowid 1:1 \ > action mirred egress mirror dev eth1 In this case the device on eth1 would have to be an entirely passive device otherwise it will attempt to interact with that traffic (?) In the case of cero, it has two ethernet devices available, one hooked directly into a switch, and as many wifi ones as you want. What would probably work would be to split off a dedicated vlan port for the mirror and send stuff to dev eth1.4 - (for example) so long as the listening server was entirely passive. tc filter add dev sw00 parent ffff: \ protocol all prio 10 u32 \ match u32 0 0 flowid 1:1 \ action mirred egress mirror dev se00.4 but you'd also want to do it on ingress too. (?) I forget the syntax for splitting off a vlan port in cero... > The actions apply to a filter, and this seemed to be a workable (match al= l) > filter. Both directions? > > --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html