#!/bin/sh
IFACE=eth0
IP=147.28.149.223 # example
sudo tc qdisc del dev $IFACE ingress handle ffff:
sudo tc qdisc add dev $IFACE ingress handle ffff:
sudo tc filter add dev $IFACE protocol ip parent ffff: u32 match ip
src $IP action pedit ex munge ip dsfield set $((15 << 2)) retain 0xfc
# pass is the default
exit
# My understanding of this new to me tc filter facility is that it
should munge the inbound packet and still transit the stack
# But it doesn't. All packets from this address start failing.
# It does show a match, tho.
# root@dallas:~# tc -s -d filter show dev eth0 parent ffff:
# filter protocol ip pref 49152 u32 chain 0
# filter protocol ip pref 49152 u32 chain 0 fh 800: ht divisor 1
# filter protocol ip pref 49152 u32 chain 0 fh 800::800 order 2048 key
ht 800 bkt 0 terminal flowid ??? not_in_hw
match 931c95df/ffffffff at 12
action order 1: pedit action pass keys 1
index 1 ref 1 bind 1 installed 277 sec used 0 sec firstused 277 sec
key #0 at ipv4+0: val 003c0000 mask ff03ffff
Action statistics:
Sent 22764 bytes 271 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
# it doesn't. I can see it matchingon kernel 5.15, but the data does
not go anywhere...
--
--
Podcast: https://www.linkedin.com/feed/update/urn:li:activity:7058793910227111937/
Dave Täht CSO, LibreQos
