On Wed, May 27, 2015 at 02:11:30PM +0200, Florian Westphal wrote: > Eddi Linder <eddi@xxxxxxxxxxxxxx> wrote: > > TEE is for gateway redirections, which means the redirected device has > > to have a configured ip, and to be reachable from the original device. > > That makes no sense to me. The to-redirected device always needs to be > reachable. And iptables is L3 and upwards, so I don't see how 1:1 > copying would fit in here. > > > Florian, I didn't find the mirror target in the mainline documentation or code. > > I meant the tc action: > > tc filter add dev eth0 parent $parent protocol ip [..] action mirred egress redirect dev eth1 > > > REROUTE redirection is more like the openvswitch output action, copy > > the packet from one device into another. > > Sorry, but my feeling is that this is out of scope for iptables. Agreed. There is an incomplete patch to add TEE support to nf_tables bridge family. You only have to specify the destination device as Eddi needs. Another alternative is to add this TEE support to ebtables, which is where this belongs. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
