Hi Quentin, On Thu, Aug 27, 2020 at 07:59:19PM +0100, Quentin Armitage wrote: > On Thu, 2020-08-27 at 19:40 +0200, Florian Westphal wrote: > > Phil Sutter <phil@xxxxxx> wrote: > > > Hi, > > > > > > On Thu, Aug 27, 2020 at 04:42:00PM +0100, Quentin Armitage wrote: > > > > The dup statement requires an address, and the device is optional, > > > > not the other way round. > > > > > > > > Signed-off-by: Quentin Armitage < > > > > quentin@xxxxxxxxxxxxxxx > > > > > > > > > --- > > > > doc/statements.txt | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/doc/statements.txt b/doc/statements.txt > > > > index 9155f286..835db087 100644 > > > > --- a/doc/statements.txt > > > > +++ b/doc/statements.txt > > > > @@ -648,7 +648,7 @@ The dup statement is used to duplicate a packet and > > > > send the > > > > copy to a different > > > > destination. > > > > > > > > [verse] > > > > -*dup to* 'device' > > > > +*dup to* 'address' > > > > *dup to* 'address' *device* 'device' > > > > > > > > .Dup statement values > > > > > > The examples are wrong, too. I wonder if this is really just a mistake > > > and all three examples given (including the "advanced" usage using a > > > map) are just wrong or if 'dup' actually was meant to support > > > duplicating to a device in mirror port fashion. > > > > Right, 'dup to eth0' can be used in the netdev ingress hook. > > > > For dup from ipv4/ipv6 families the address is needed. > > So it seems the valid options are: > *dup to* 'device' # netdev ingress hook only > *dup to* 'address' # ipv4/ipv6 only > *dup to* 'address' *device* 'device' # ipv4/ipv6 only > > From a user perspective being able to specify "dup to 'device'" is something > that is useful to be able to specify. I am now using: > dup to ip[6] daddr device 'device' > but it seems to me that having to specify "to ip[6] daddr" is unnecessary. Oh, and that works? From reading nf_dup_ipv4.c, the kernel seems to perform a route lookup for the packet's daddr on given iface. Did you add an onlink route or something to make sure that succeeds? Cheers, Phil
