From 7a4dfd3f3fbaf975e6d2f766086a0e56a96bba8e Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 6 Apr 2010 10:04:39 -0700 Subject: Preliminary support of input-policy Support mirror and redirect. Note: traffic-limiter is broken (ignored), and will later be moved to input-policy/limit --- lib/Vyatta/Qos/IngressMirror.pm | 56 ++++++++++++++++++++++++++++++++++++++ lib/Vyatta/Qos/IngressRedirect.pm | 57 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 lib/Vyatta/Qos/IngressMirror.pm create mode 100644 lib/Vyatta/Qos/IngressRedirect.pm (limited to 'lib/Vyatta') diff --git a/lib/Vyatta/Qos/IngressMirror.pm b/lib/Vyatta/Qos/IngressMirror.pm new file mode 100644 index 0000000..d3e52c0 --- /dev/null +++ b/lib/Vyatta/Qos/IngressMirror.pm @@ -0,0 +1,56 @@ +# Ingress Mirror +# Duplicate all packets to another interface +# This is useful for some forms of IDS or capture +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# **** End License **** + +package Vyatta::Qos::IngressMirror; +use strict; +use warnings; + +require Vyatta::Config; + +sub new { + my ( $that, $config, $name ) = @_; + my $self = {}; + my $class = ref($that) || $that; + + bless $self, $class; + $self->_define($config); + + return $self; +} + +# Setup new instance. +sub _define { + my ( $self, $config ) = @_; + # config is at level: interfaces ethernet $dev input-policy redirect + $self->{_target} = $config->returnValue(); +} + +sub commands { + my ( $self, $dev, $parent ) = @_; + my $target = $self->{_target}; + + # Apply filter to ingress qdisc + # NB: action is egress because we are in ingress (upside down) + printf "filter add dev %s parent %x: ", $dev, $parent; + print " protocol all prio 10 u32"; + print " match u32 0 0 flowid 1:1"; + print " action mirred egress mirror dev $target\n"; +} + +1; diff --git a/lib/Vyatta/Qos/IngressRedirect.pm b/lib/Vyatta/Qos/IngressRedirect.pm new file mode 100644 index 0000000..a04018f --- /dev/null +++ b/lib/Vyatta/Qos/IngressRedirect.pm @@ -0,0 +1,57 @@ +# Ingress Redirect +# Forward all packets to another interface +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# **** End License **** + +package Vyatta::Qos::IngressRedirect; +use strict; +use warnings; + +require Vyatta::Config; + +sub new { + my ( $that, $config, $name ) = @_; + my $self = {}; + my $class = ref($that) || $that; + + bless $self, $class; + $self->_define($config); + + return $self; +} + +# Setup new instance. +sub _define { + my ( $self, $config, $dev ) = @_; + # config is at level: interfaces ethernet $dev input-policy redirect + $self->{_target} = $config->returnValue(); +} + +sub commands { + my ( $self, $dev, $parent ) = @_; + my $target = $self->{_target}; + + # Apply filter to ingress qdisc + # NB: action is egress because we are in ingress (upside down) + printf "filter add dev %s parent %x: ", $dev, $parent; + print " protocol all prio 10 u32"; + print " match u32 0 0 flowid 1:1"; + print " action mirred egress redirect dev $target\n"; +} + +1; + + -- cgit v1.2.3