|
Packit Service |
3880ab |
.TH "VLAN manipulation action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH NAME
|
|
Packit Service |
3880ab |
vlan - vlan manipulation module
|
|
Packit Service |
3880ab |
.SH SYNOPSIS
|
|
Packit Service |
3880ab |
.in +8
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
554174 |
.BR tc " ... " "action vlan" " { " pop " | " pop_eth " |"
|
|
Packit Service |
554174 |
.IR PUSH " | " MODIFY " | " PUSH_ETH " } [ " CONTROL " ]"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.IR PUSH " := "
|
|
Packit Service |
3880ab |
.BR push " [ " protocol
|
|
Packit Service |
3880ab |
.IR VLANPROTO " ]"
|
|
Packit Service |
3880ab |
.BR " [ " priority
|
|
Packit Service |
3880ab |
.IR VLANPRIO " ] "
|
|
Packit Service |
3880ab |
.BI id " VLANID"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
3880ab |
.IR MODIFY " := "
|
|
Packit Service |
3880ab |
.BR modify " [ " protocol
|
|
Packit Service |
3880ab |
.IR VLANPROTO " ]"
|
|
Packit Service |
3880ab |
.BR " [ " priority
|
|
Packit Service |
3880ab |
.IR VLANPRIO " ] "
|
|
Packit Service |
3880ab |
.BI id " VLANID"
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.ti -8
|
|
Packit Service |
554174 |
.IR PUSH_ETH " := "
|
|
Packit Service |
554174 |
.B push_eth
|
|
Packit Service |
554174 |
.BI dst_mac " LLADDR " src_mac " LLADDR "
|
|
Packit Service |
554174 |
|
|
Packit Service |
554174 |
.ti -8
|
|
Packit Service |
3880ab |
.IR CONTROL " := { "
|
|
Packit Service |
3880ab |
.BR reclassify " | " pipe " | " drop " | " continue " | " pass " | " goto " " chain " " CHAIN_INDEX " }"
|
|
Packit Service |
3880ab |
.SH DESCRIPTION
|
|
Packit Service |
3880ab |
The
|
|
Packit Service |
3880ab |
.B vlan
|
|
Packit Service |
3880ab |
action allows to perform 802.1Q en- or decapsulation on a packet, reflected by
|
|
Packit Service |
3880ab |
the operation modes
|
|
Packit Service |
3880ab |
.IR POP ", " PUSH " and " MODIFY .
|
|
Packit Service |
3880ab |
The
|
|
Packit Service |
3880ab |
.I POP
|
|
Packit Service |
3880ab |
mode is simple, as no further information is required to just drop the
|
|
Packit Service |
3880ab |
outer-most VLAN encapsulation. The
|
|
Packit Service |
3880ab |
.IR PUSH " and " MODIFY
|
|
Packit Service |
3880ab |
modes require at least a
|
|
Packit Service |
3880ab |
.I VLANID
|
|
Packit Service |
3880ab |
and allow to optionally choose the
|
|
Packit Service |
3880ab |
.I VLANPROTO
|
|
Packit Service |
3880ab |
to use.
|
|
Packit Service |
554174 |
|
|
Packit Service |
554174 |
The
|
|
Packit Service |
554174 |
.B vlan
|
|
Packit Service |
554174 |
action can also be used to add or remove the base Ethernet header. The
|
|
Packit Service |
554174 |
.B pop_eth
|
|
Packit Service |
554174 |
mode, which takes no argument, is used to remove the base Ethernet header. All
|
|
Packit Service |
554174 |
existing VLANs must have been previously dropped. The opposite operation,
|
|
Packit Service |
554174 |
adding a base Ethernet header, is done with the
|
|
Packit Service |
554174 |
.B push_eth
|
|
Packit Service |
554174 |
mode. In that case, the packet must have no MAC header (stacking MAC headers is
|
|
Packit Service |
554174 |
not permitted). This mode is mostly useful when a previous action has
|
|
Packit Service |
554174 |
encapsulated the whole original frame behind a network header and one needs
|
|
Packit Service |
554174 |
to prepend an Ethernet header before forwarding the resulting packet.
|
|
Packit Service |
554174 |
|
|
Packit Service |
3880ab |
.SH OPTIONS
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B pop
|
|
Packit Service |
3880ab |
Decapsulation mode, no further arguments allowed.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B push
|
|
Packit Service |
3880ab |
Encapsulation mode. Requires at least
|
|
Packit Service |
3880ab |
.B id
|
|
Packit Service |
3880ab |
option.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B modify
|
|
Packit Service |
3880ab |
Replace mode. Existing 802.1Q tag is replaced. Requires at least
|
|
Packit Service |
3880ab |
.B id
|
|
Packit Service |
3880ab |
option.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
554174 |
.B pop_eth
|
|
Packit Service |
554174 |
Ethernet header decapsulation mode. Only works on a plain Ethernet header:
|
|
Packit Service |
554174 |
VLANs, if any, must be removed first.
|
|
Packit Service |
554174 |
.TP
|
|
Packit Service |
554174 |
.B push_eth
|
|
Packit Service |
554174 |
Ethernet header encapsulation mode. The Ethertype is automatically set
|
|
Packit Service |
554174 |
using the network header type. Chaining Ethernet headers is not allowed: the
|
|
Packit Service |
554174 |
packet must have no MAC header when using this mode. Requires the
|
|
Packit Service |
554174 |
.BR "dst_mac " and " src_mac " options.
|
|
Packit Service |
554174 |
.TP
|
|
Packit Service |
3880ab |
.BI id " VLANID"
|
|
Packit Service |
3880ab |
Specify the VLAN ID to encapsulate into.
|
|
Packit Service |
3880ab |
.I VLANID
|
|
Packit Service |
3880ab |
is an unsigned 16bit integer, the format is detected automatically (e.g. prefix
|
|
Packit Service |
3880ab |
with
|
|
Packit Service |
3880ab |
.RB ' 0x '
|
|
Packit Service |
3880ab |
for hexadecimal interpretation, etc.).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.BI protocol " VLANPROTO"
|
|
Packit Service |
3880ab |
Choose the VLAN protocol to use. At the time of writing, the kernel accepts only
|
|
Packit Service |
3880ab |
.BR 802.1Q " or " 802.1ad .
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.BI priority " VLANPRIO"
|
|
Packit Service |
3880ab |
Choose the VLAN priority to use. Decimal number in range of 0-7.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
554174 |
.BI dst_mac " LLADDR"
|
|
Packit Service |
554174 |
Choose the destination MAC address to use.
|
|
Packit Service |
554174 |
.TP
|
|
Packit Service |
554174 |
.BI src_mac " LLADDR"
|
|
Packit Service |
554174 |
Choose the source MAC address to use.
|
|
Packit Service |
554174 |
.TP
|
|
Packit Service |
3880ab |
.I CONTROL
|
|
Packit Service |
3880ab |
How to continue after executing this action.
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B reclassify
|
|
Packit Service |
3880ab |
Restarts classification by jumping back to the first filter attached to this
|
|
Packit Service |
3880ab |
action's parent.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B pipe
|
|
Packit Service |
3880ab |
Continue with the next action, this is the default.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B drop
|
|
Packit Service |
3880ab |
Packet will be dropped without running further actions.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B continue
|
|
Packit Service |
3880ab |
Continue classification with next filter in line.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B pass
|
|
Packit Service |
3880ab |
Return to calling qdisc for packet processing. This ends the classification
|
|
Packit Service |
3880ab |
process.
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.SH EXAMPLES
|
|
Packit Service |
3880ab |
The following example encapsulates incoming ICMP packets on eth0 from 10.0.0.2
|
|
Packit Service |
3880ab |
into VLAN ID 123:
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.EX
|
|
Packit Service |
3880ab |
#tc qdisc add dev eth0 handle ffff: ingress
|
|
Packit Service |
3880ab |
#tc filter add dev eth0 parent ffff: pref 11 protocol ip \\
|
|
Packit Service |
3880ab |
u32 match ip protocol 1 0xff flowid 1:1 \\
|
|
Packit Service |
3880ab |
match ip src 10.0.0.2 flowid 1:1 \\
|
|
Packit Service |
3880ab |
action vlan push id 123
|
|
Packit Service |
3880ab |
.EE
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
Here is an example of the
|
|
Packit Service |
3880ab |
.B pop
|
|
Packit Service |
3880ab |
function: Incoming VLAN packets on eth0 are decapsulated and the classification
|
|
Packit Service |
3880ab |
process then restarted for the plain packet:
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.EX
|
|
Packit Service |
3880ab |
#tc qdisc add dev eth0 handle ffff: ingress
|
|
Packit Service |
3880ab |
#tc filter add dev $ETH parent ffff: pref 1 protocol 802.1Q \\
|
|
Packit Service |
3880ab |
u32 match u32 0 0 flowid 1:1 \\
|
|
Packit Service |
3880ab |
action vlan pop reclassify
|
|
Packit Service |
3880ab |
.EE
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH SEE ALSO
|
|
Packit Service |
3880ab |
.BR tc (8)
|