Professional Documents
Culture Documents
Linux Traffic Control Classifier Action Subsystem Architecture
Linux Traffic Control Classifier Action Subsystem Architecture
Linux Traffic Control Classifier Action Subsystem Architecture
hadi@mojatatu.com
Several building blocks are shown. About all building Note: Figure 2 shows a bypass of the stack from ingress to
blocks and their components as described in this document egress. This is achieved by the CA subsystem with
can be written as kernel modules. Control of all the mirroring (to possibly many ports) or redirect (to one port).
datapath blocks is done from user-space (in the traditional
Opcode: Continue
Lets take a look at how we could use the continue control
opcode.
Figure 9: Functional View of Listing 4
#pop ingressing IFE headers, set all skb metadata then reclassify Action Controls
tc filter add dev $ETH parent ffff: prio 2 protocol 0xdead \ Actions have opcodes that are specific within their pipeline
u32 match u32 0 0 flowid 1:1 \ scope. These are:
action ife decode reclassify • Pipe. Equivalent to unix pipe construct
#look further if the packet is from 192.168.100.159 • Repeat. A loop construct
tc filter add dev $ETH parent ffff: prio 4 protocol ip \ • Jumpx. Essentially a forward goto construct
u32 match ip dst 192.168.100.159 flowid 1:2 \
action continue Opcode: Pipe
#now classify based on mark
Figure 10 shows a simple functional view of pipe control
tc filter add dev $ETH parent ffff: prio 5 protocol ip \
of actions.
handle 0x11 fw flowid 1:1 \
action ok