欢迎光临
我们一直在努力

Traffic Mirroring with Linux Tc

ubuntu@host-1:~$ sudo ip link add tun0 type gretap remote 10.131.73.16 local 10.131.73.9 dev eth1ubuntu@host-1:~$ sudo ip addr add 172.18.0.1/24 dev tun0ubuntu@host-1:~$ sudo ip link set tun0 up
Multiple and Single NIC Scenarios

Linux Tc

ubuntu@host-1:~$ sudo tc qdisc add dev eth0 handle ffff: ingress
ubuntu@host-1:~$ tc -s qdisc ls dev eth0
qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 8990 target 5.0ms interval 100.0ms memory_limit 32Mb ecn
 Sent 600 bytes 4 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc ingress ffff: parent ffff:fff1 — — — — — — — — 
 Sent 267532 bytes 3914 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
ubuntu@host-1:~$ sudo tc filter add dev eth0 parent ffff: protocol ip u32 match ip protocol 1 0xff action mirred egress mirror dev tun0
sudo tc filter add dev eth0 parent ffff: protocol all u32 match u32 0 0 action mirred egress mirror dev tun0
ubuntu@host-1:~$ tc -s -p filter ls dev eth0 parent ffff:
filter protocol all pref 49152 u32 chain 0
filter protocol all pref 49152 u32 chain 0 fh 800: ht divisor 1
filter protocol all pref 49152 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
 match 00000000/00000000 at 0
 action order 1: mirred (Egress Mirror to device tun0) pipe
 index 1 ref 1 bind 1 installed 494 sec
 Action statistics:
 Sent 20397 bytes 342 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
ubuntu@host-1:~$ sudo tc filter add dev eth0 parent ffff: protocol ip u32 match ip protocol 6 0xff ip dport 22 0xffff action mirred egress mirror dev tun0
ubuntu@host-1:~$ sudo tc filter del dev eth0 parent ffff:
ubuntu@host-1:~$ sudo tc filter add dev eth0 parent ffff: protocol ip u32 match ip protocol 1 0xff action mirred egress mirror dev tun0ubuntu@host-1:~$ sudo tc filter add dev eth0 parent ffff: protocol ip u32 match ip protocol 6 0xff action mirred egress mirror dev tun0ubuntu@host-1:~$ sudo tc filter add dev eth0 parent ffff: protocol ip u32 match ip protocol 17 0xff action mirred egress mirror dev tun0
ubuntu@host-1:~$ sudo tc qdisc add dev eth0 handle 1: root prio
ubuntu@host-1:~$ tc -s qdisc ls dev eth0
qdisc prio 1: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 600 bytes 4 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc ingress ffff: parent ffff:fff1 — — — — — — — — 
 Sent 274976 bytes 4021 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
ubuntu@host-1:~$ sudo tc filter add dev eth0 parent 1: protocol all u32 match u32 0 0 action mirred egress mirror dev tun0
ubuntu@host-1:~$ tc -s -p filter ls dev eth0 parent 1:
filter protocol all pref 49152 u32 chain 0
filter protocol all pref 49152 u32 chain 0 fh 800: ht divisor 1
filter protocol all pref 49152 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
 match 00000000/00000000 at 0
 action order 1: mirred (Egress Mirror to device tun0) pipe
 index 2 ref 1 bind 1 installed 456 sec
 Action statistics:
 Sent 4578 bytes 46 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
ubuntu@host-1:~$ sudo tc qdisc add dev lo handle ffff: ingress
ubuntu@host-1:~$ sudo tc filter add dev eth0 parent 1: protocol all u32 match u32 0 0 action mirred egress mirror dev lo
ubuntu@host-1:~$ sudo tc filter add dev lo parent ffff: protocol all u32 match u32 0 0 action mirred egress mirror dev tun0
ubuntu@host-1:~$ tc -s -p filter ls dev eth0 parent 1:
filter protocol ip pref 49152 u32 chain 0
filter protocol ip pref 49152 u32 chain 0 fh 800: ht divisor 1
filter protocol ip pref 49152 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
 match IP protocol 1
 action order 1: mirred (Egress Mirror to device tun0) pipe
 index 2 ref 1 bind 1 installed 1748 sec used 1343 sec
 Action statistics:
 Sent 2058 bytes 21 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0ubuntu@host-1:~$ tc -s -p filter ls dev eth0 parent ffff:
filter protocol ip pref 49152 u32 chain 0
filter protocol ip pref 49152 u32 chain 0 fh 800: ht divisor 1
filter protocol ip pref 49152 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
 match IP protocol 1
 action order 1: mirred (Egress Mirror to device tun0) pipe
 index 1 ref 1 bind 1 installed 1763 sec used 1349 sec
 Action statistics:
 Sent 1764 bytes 21 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
ubuntu@host-1:~$ ping -c3 10.131.73.1
PING 10.131.73.1 (10.131.73.1) 56(84) bytes of data.
64 bytes from 10.131.73.1: icmp_seq=1 ttl=64 time=0.370 ms
64 bytes from 10.131.73.1: icmp_seq=2 ttl=64 time=0.408 ms
64 bytes from 10.131.73.1: icmp_seq=3 ttl=64 time=0.411 ms
ubuntu@host-2:~$ sudo tcpdump -n -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
19:08:44.830729 IP 192.168.1.7 > 192.168.1.10: GREv0, length 102: IP 10.131.73.9 > 10.131.73.1: ICMP echo request, id 6168, seq 1, length 64
19:08:44.830914 IP 192.168.1.7 > 192.168.1.10: GREv0, length 102: IP 10.131.73.1 > 10.131.73.9: ICMP echo reply, id 6168, seq 1, length 64
19:08:45.855400 IP 192.168.1.7 > 192.168.1.10: GREv0, length 102: IP 10.131.73.9 > 10.131.73.1: ICMP echo request, id 6168, seq 2, length 64
19:08:45.855674 IP 192.168.1.7 > 192.168.1.10: GREv0, length 102: IP 10.131.73.1 > 10.131.73.9: ICMP echo reply, id 6168, seq 2, length 64
19:08:46.878746 IP 192.168.1.7 > 192.168.1.10: GREv0, length 102: IP 10.131.73.9 > 10.131.73.1: ICMP echo request, id 6168, seq 3, length 64
19:08:46.878976 IP 192.168.1.7 > 192.168.1.10: GREv0, length 102: IP 10.131.73.1 > 10.131.73.9: ICMP echo reply, id 6168, seq 3, length 64
赞(0) 打赏
转载请注明来源:IT技术资讯 » Traffic Mirroring with Linux Tc

评论 抢沙发

评论前必须登录!

 

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏