1VLAN manipulation action in tc(8) Linux VLAN manipulation action in tc(8)
2
6 vlan - vlan manipulation module
7
9 tc ... action vlan { pop | pop_eth | PUSH | MODIFY | PUSH_ETH } [ CON‐
10 TROL ]
11 PUSH := push [ protocol VLANPROTO ] [ priority VLANPRIO ] id VLANID
13 MODIFY := modify [ protocol VLANPROTO ] [ priority VLANPRIO ] id
15 VLANID
16 PUSH_ETH := push_eth dst_mac LLADDR src_mac LLADDR
18 CONTROL := { reclassify | pipe | drop | continue | pass | goto chain
20 CHAIN_INDEX }
21
23 The vlan action allows to perform 802.1Q en- or decapsulation on a
24 packet, reflected by the operation modes POP, PUSH and MODIFY. The POP
25 mode is simple, as no further information is required to just drop the
26 outer-most VLAN encapsulation. The PUSH and MODIFY modes require at
27 least a VLANID and allow to optionally choose the VLANPROTO to use.
28 The vlan action can also be used to add or remove the base Ethernet
30 header. The pop_eth mode, which takes no argument, is used to remove
31 the base Ethernet header. All existing VLANs must have been previously
32 dropped. The opposite operation, adding a base Ethernet header, is done
33 with the push_eth mode. In that case, the packet must have no MAC
34 header (stacking MAC headers is not permitted). This mode is mostly
35 useful when a previous action has encapsulated the whole original frame
36 behind a network header and one needs to prepend an Ethernet header be‐
37 fore forwarding the resulting packet.
38
41 pop Decapsulation mode, no further arguments allowed.
42 push Encapsulation mode. Requires at least id option.
44 modify Replace mode. Existing 802.1Q tag is replaced. Requires at least
46 id option.
47 pop_eth
49 Ethernet header decapsulation mode. Only works on a plain Ether‐
50 net header: VLANs, if any, must be removed first.
51 push_eth
53 Ethernet header encapsulation mode. The Ethertype is automati‐
54 cally set using the network header type. Chaining Ethernet head‐
55 ers is not allowed: the packet must have no MAC header when us‐
56 ing this mode. Requires the dst_mac and src_mac options.
57 id VLANID
59 Specify the VLAN ID to encapsulate into. VLANID is an unsigned
60 16bit integer, the format is detected automatically (e.g. prefix
61 with '0x' for hexadecimal interpretation, etc.).
62 protocol VLANPROTO
64 Choose the VLAN protocol to use. At the time of writing, the
65 kernel accepts only 802.1Q or 802.1ad.
66 priority VLANPRIO
68 Choose the VLAN priority to use. Decimal number in range of 0-7.
69 dst_mac LLADDR
71 Choose the destination MAC address to use.
72 src_mac LLADDR
74 Choose the source MAC address to use.
75 CONTROL
77 How to continue after executing this action.
78 reclassify
80 Restarts classification by jumping back to the first fil‐
81 ter attached to this action's parent.
82 pipe Continue with the next action, this is the default.
84 drop Packet will be dropped without running further actions.
86 continue
88 Continue classification with next filter in line.
89 pass Return to calling qdisc for packet processing. This ends
91 the classification process.
92
94 The following example encapsulates incoming ICMP packets on eth0 from
95 10.0.0.2 into VLAN ID 123:
96 #tc qdisc add dev eth0 handle ffff: ingress
98 #tc filter add dev eth0 parent ffff: pref 11 protocol ip \
99 u32 match ip protocol 1 0xff flowid 1:1 \
100 match ip src 10.0.0.2 flowid 1:1 \
101 action vlan push id 123
102 Here is an example of the pop function: Incoming VLAN packets on eth0
104 are decapsulated and the classification process then restarted for the
105 plain packet:
106 #tc qdisc add dev eth0 handle ffff: ingress
108 #tc filter add dev $ETH parent ffff: pref 1 protocol 802.1Q \
109 u32 match u32 0 0 flowid 1:1 \
110 action vlan pop reclassify
111 For an example of the pop_eth and push_eth modes, see tc-mpls(8).
113
116 tc(8), tc-mpls(8)
117iproute2 12 Jan 2015VLAN manipulation action in tc(8)