lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f4f837ab0909080650t343efbmeb2f121def40bd9f@mail.gmail.com>
Date:	Tue, 8 Sep 2009 21:50:29 +0800
From:	thomas yang <lampsu@...il.com>
To:	hadi@...erus.ca
Cc:	netdev@...r.kernel.org
Subject: Re: [iproute2] tc action mirred question

2009/9/8 jamal <hadi@...erus.ca>:
> On Mon, 2009-09-07 at 09:05 -0700, Xiaofei Wu wrote:
>
>> (1) Could I use  pedit action to modify the dst MAC, so the destination node D will accept it,
>> then forward it to node C?
>
> Yes, you can achieve it with pedit;
>
>
>> (or use other tools to modify the dst MAC, please give me more information)
>>
>
> it is as usable as u32 is - you have to know your offsets
> example, here's something done on an incoming packet:
> =-=
> #Note:
> #dst MAC starts at -14
> #src MAC at -8
> #ethertype at -2
> #
> tc filter add dev eth1 parent ffff: protocol ip prio 10 u32 \
> match ip src 192.168.2.11/32 flowid 1:2 \
> action pedit munge offset -14 u16 set 0x0000 \
> munge offset -12 u32 set 0x00000200 \
> munge offset -8 u32 set 0x0aaf0100 \
> munge offset -4 u32 set 0x0008eb06 pipe \
> action mirred egress redirect dev eth0


He want to route the mirroring packets.

" - Mirror takes a copy of the packet and sends it to specified
 dev ("port" in ethernet switch/bridging terminology)
 - redirect
 steals the packet and redirects to specified destination dev. "

So,'mirror' is different from 'redirect'.  Change the line 'action
mirred egress redirect dev eth0' to 'action mirred egress mirror dev
eth0' .
Both 'mirror' and 'redirect'  can transmit the packets to otner node,
but mirror make a copy, then transmit it;  redirect steals the packet,
right  ?


--
regards,
thomas
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ