pedit "pass" nonfunctional on ingress?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



#!/bin/sh

IFACE=eth0
IP=147.28.149.223 # example
sudo tc qdisc del dev $IFACE ingress handle ffff:
sudo tc qdisc add dev $IFACE ingress handle ffff:
sudo tc filter add dev $IFACE protocol ip parent ffff: u32 match ip
src $IP action pedit ex munge ip dsfield set $((15 << 2)) retain 0xfc
# pass is the default

exit

# My understanding of this new to me tc filter facility is that it
should munge the inbound packet and still transit the stack

# But it doesn't. All packets from this address start failing.
# It does show a match, tho.

# root@dallas:~# tc -s -d filter show dev eth0 parent ffff:
# filter protocol ip pref 49152 u32 chain 0
# filter protocol ip pref 49152 u32 chain 0 fh 800: ht divisor 1
# filter protocol ip pref 49152 u32 chain 0 fh 800::800 order 2048 key
ht 800 bkt 0 terminal flowid ??? not_in_hw
  match 931c95df/ffffffff at 12
        action order 1:  pedit action pass keys 1
         index 1 ref 1 bind 1 installed 277 sec used 0 sec firstused 277 sec
         key #0  at ipv4+0: val 003c0000 mask ff03ffff
        Action statistics:
        Sent 22764 bytes 271 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

# it doesn't. I can see it matchingon kernel 5.15, but the data does
not go anywhere...
--

-- 
Podcast: https://www.linkedin.com/feed/update/urn:li:activity:7058793910227111937/
Dave Täht CSO, LibreQos




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux