source-git / iproute

Clone
Source Code
GIT

Blame doc/actions/gact-usage

c8 c8s master
  1.   3ffca05be2620f65dc0b012dce1c26b263c10306
  2.   doc
  3.   actions
  4.   gact-usage
Blob History Raw
Packit Service 3880ab
Packit Service 3880ab 
gact <ACTION> [RAND] [INDEX]
Packit Service 3880ab
Packit Service 3880ab 
Where:
Packit Service 3880ab 
	ACTION := reclassify | drop | continue | pass | ok
Packit Service 3880ab 
	RAND := random <RANDTYPE> <ACTION> <VAL>
Packit Service 3880ab 
	RANDTYPE := netrand | determ
Packit Service 3880ab 
        VAL : = value not exceeding 10000
Packit Service 3880ab 
        INDEX := index value used
Packit Service 3880ab
Packit Service 3880ab 
ACTION semantics
Packit Service 3880ab 
- pass and ok are equivalent to accept
Packit Service 3880ab 
- continue allows to restart classification lookup
Packit Service 3880ab 
- drop drops packets
Packit Service 3880ab 
- reclassify implies continue classification where we left off
Packit Service 3880ab
Packit Service 3880ab 
randomization
Packit Service 3880ab 
--------------
Packit Service 3880ab
Packit Service 3880ab 
At the moment there are only two algorithms. One is deterministic
Packit Service 3880ab 
and the other uses internal kernel netrand.
Packit Service 3880ab
Packit Service 3880ab 
Examples:
Packit Service 3880ab
Packit Service 3880ab 
Rules can be installed on both ingress and egress - this shows ingress
Packit Service 3880ab 
only
Packit Service 3880ab
Packit Service 3880ab 
tc qdisc add dev eth0 ingress
Packit Service 3880ab
Packit Service 3880ab 
# example 1
Packit Service 3880ab 
tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
Packit Service 3880ab 
10.0.0.9/32 flowid 1:16 action drop
Packit Service 3880ab
Packit Service 3880ab 
ping -c 20 10.0.0.9
Packit Service 3880ab
Packit Service 3880ab 
--
Packit Service 3880ab 
filter u32
Packit Service 3880ab 
filter u32 fh 800: ht divisor 1
Packit Service 3880ab 
filter u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16  (rule hit 32 success 20)
Packit Service 3880ab 
  match 0a000009/ffffffff at 12 (success 20 )
Packit Service 3880ab 
        action order 1: gact action drop
Packit Service 3880ab 
         random type none pass val 0
Packit Service 3880ab 
         index 1 ref 1 bind 1 installed 59 sec used 35 sec
Packit Service 3880ab 
         Sent 1680 bytes 20 pkts (dropped 20, overlimits 0 )
Packit Service 3880ab
Packit Service 3880ab 
----
Packit Service 3880ab
Packit Service 3880ab 
# example 2
Packit Service 3880ab 
#allow 1 out 10 randomly using the netrand generator
Packit Service 3880ab 
tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
Packit Service 3880ab 
10.0.0.9/32 flowid 1:16 action drop random netrand ok 10
Packit Service 3880ab
Packit Service 3880ab 
ping -c 20 10.0.0.9
Packit Service 3880ab
Packit Service 3880ab 
----
Packit Service 3880ab 
filter protocol ip pref 6 u32 filter protocol ip pref 6 u32 fh 800: ht divisor 1filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16  (rule hit 20 success 20)
Packit Service 3880ab 
  match 0a000009/ffffffff at 12 (success 20 )
Packit Service 3880ab 
        action order 1: gact action drop
Packit Service 3880ab 
         random type netrand pass val 10
Packit Service 3880ab 
         index 5 ref 1 bind 1 installed 49 sec used 25 sec
Packit Service 3880ab 
         Sent 1680 bytes 20 pkts (dropped 16, overlimits 0 )
Packit Service 3880ab
Packit Service 3880ab 
--------
Packit Service 3880ab 
#alternative: deterministically accept every second packet
Packit Service 3880ab 
tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
Packit Service 3880ab 
10.0.0.9/32 flowid 1:16 action drop random determ ok 2
Packit Service 3880ab
Packit Service 3880ab 
ping -c 20 10.0.0.9
Packit Service 3880ab
Packit Service 3880ab 
tc -s filter show parent ffff: dev eth0
Packit Service 3880ab 
-----
Packit Service 3880ab 
filter protocol ip pref 6 u32 filter protocol ip pref 6 u32 fh 800: ht divisor 1filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16  (rule hit 20 success 20)
Packit Service 3880ab 
  match 0a000009/ffffffff at 12 (success 20 )
Packit Service 3880ab 
        action order 1: gact action drop
Packit Service 3880ab 
         random type determ pass val 2
Packit Service 3880ab 
         index 4 ref 1 bind 1 installed 118 sec used 82 sec
Packit Service 3880ab 
         Sent 1680 bytes 20 pkts (dropped 10, overlimits 0 )
Packit Service 3880ab 
-----

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation