1IFE action in tc(8) Linux IFE action in tc(8)
2
6 IFE - encapsulate/decapsulate metadata
7
9 tc ... action ife DIRECTION [ ACTION ] [ dst DMAC ] [ src SMAC ] [
10 type TYPE ] [ CONTROL ] [ index INDEX ]
11 DIRECTION := { decode | encode }
13 ACTION := { allow ATTR | use ATTR value }
15 ATTR := { mark | prio | tcindex }
17 CONTROL := { reclassify | use | pipe | drop | continue | ok | goto
19 chain CHAIN_INDEX }
20
22 The ife action allows for a sending side to encapsulate arbitrary meta‐
23 data, which is then decapsulated by the receiving end. The sender runs
24 in encoding mode and the receiver in decode mode. Both sender and
25 receiver must specify the same ethertype. In the future, a registered
26 ethertype may be available as a default.
27
29 decode For the receiving side; decode the metadata if the packet
30 matches.
31 encode For the sending side. Encode the specified metadata if the
33 packet matches.
34 allow Encode direction only. Allows encoding specified metadata.
36 use Encode direction only. Enforce static encoding of specified
38 metadata.
39 mark [ u32_value ] The value to set for the skb mark. The u32 value is
41 required only when use is specified. If mark value is zero, it
42 will not be encoded, instead "overlimits" statistics increment
43 and CONTROL action is taken.
44 prio [ u32_value ] The value to set for priority in the skb structure.
46 The u32 value is required only when use is specified.
47 tcindex [
49 u16_value ] Value to set for the traffic control index in the
50 skb structure. The u16 value is required only when use is speci‐
51 fied.
52 dmac DMAC
54 smac SMAC
55 Optional six byte destination or source MAC address to encode.
56 type TYPE
58 Optional 16-bit ethertype to encode. If not specified value of
59 0xED3E will be used.
60 CONTROL
62 Action to take following an encode/decode.
63 index INDEX
65 Assign a unique ID to this action instead of letting the kernel
66 choose one automatically. INDEX is a 32bit unsigned integer
67 greater than zero.
68
70 On the receiving side, match packets with ethertype 0xdead and restart
71 classification so that it will match ICMP on the next rule, at prio 3:
72 # tc qdisc add dev eth0 handle ffff: ingress
73 # tc filter add dev eth0 parent ffff: prio 2 protocol 0xdead \
74 u32 match u32 0 0 flowid 1:1 \
75 action ife decode reclassify
76 # tc filter add dev eth0 parent ffff: prio 3 protocol ip \
77 u32 match ip protocol 0xff flowid 1:1 \
78 action continue
79 Match with skb mark of 17:
81 # tc filter add dev eth0 parent ffff: prio 4 protocol ip \
83 handle 0x11 fw flowid 1:1 \
84 action ok
85 Configure the sending side to encode for the filters above. Use a des‐
87 tination IP address of 192.168.122.237/24, then tag with skb mark of
88 decimal 17. Encode the packaet with ethertype 0xdead, add skb->mark to
89 whitelist of metadatum to send, and rewrite the destination MAC address
90 to 02:15:15:15:15:15.
91 # tc qdisc add dev eth0 root handle 1: prio
93 # tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
94 match ip dst 192.168.122.237/24 \
95 match ip protocol 1 0xff \
96 flowid 1:2 \
97 action skbedit mark 17 \
98 action ife encode \
99 type 0xDEAD \
100 allow mark \
101 dst 02:15:15:15:15:15
102
105 tc(8), tc-u32(8)
106iproute2 22 Apr 2016 IFE action in tc(8)