| Message ID | 1457093507-25601-2-git-send-email-phil@nwl.cc |
|---|---|
| State | Accepted, archived |
| Delegated to: | stephen hemminger |
| Headers | show |
Phil, Not sure how your mailer works - I am assuming these are the same patches i got CCed on. On 16-03-04 07:11 AM, Phil Sutter wrote: > Cc: Felix Fietkau <nbd@openwrt.org> > Signed-off-by: Phil Sutter <phil@nwl.cc> > --- > man/man8/tc-connmark.8 | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 55 insertions(+) > create mode 100644 man/man8/tc-connmark.8 > > diff --git a/man/man8/tc-connmark.8 b/man/man8/tc-connmark.8 > new file mode 100644 > index 0000000000000..bb4cf7543dfdb > --- /dev/null > +++ b/man/man8/tc-connmark.8 > @@ -0,0 +1,55 @@ > +.TH "Connmark retriever action in tc" 8 "11 Jan 2016" "iproute2" "Linux" > + > +.SH NAME > +connmark - netfilter connmark retriever action > +.SH SYNOPSIS > +.in +8 > +.ti -8 > +.BR tc " ... " "action connmark " [ " zone" > +.IR u16_zone_index " ] [ " BRANCH " ] [" > +.BI index " u32_index " > +] > + > +.ti -8 > +.IR BRANCH " := { " reclassify " | " pipe " | " drop " | " continue " | " ok " }" It would be of benefit to have a general man page describing tc actions/filters (may be one for tc action and other for tc filter). I probably started the mess of calling this construct a "branch" which actually is misleading. These are controls ("if/else" are branches; a loop is not a branch). Refer to my netdev01 paper. If you can extract details from hat paper in a main man page or at minimal reference it in the action/classifier man pages then the action specific man pages would just specify what the default is. An example usage of this from the commit message: ----- ...lets tag outgoing icmp with mark 0x10.. iptables -tmangle -A PREROUTING -p icmp -j CONNMARK --set-mark 0x10 ..add on ingress of $ETH an extractor for connmark... tc filter add dev $ETH parent ffff: prio 4 protocol ip \ u32 match ip protocol 1 0xff \ flowid 1:1 \ action connmark continue ...if the connmark was 0x11, we police to a ridic rate of 10Kbps tc filter add dev $ETH parent ffff: prio 5 protocol ip \ handle 0x11 fw flowid 1:1 \ action police rate 10kbit burst 10k ---- cheers, jamal
diff --git a/man/man8/tc-connmark.8 b/man/man8/tc-connmark.8 new file mode 100644 index 0000000000000..bb4cf7543dfdb --- /dev/null +++ b/man/man8/tc-connmark.8 @@ -0,0 +1,55 @@ +.TH "Connmark retriever action in tc" 8 "11 Jan 2016" "iproute2" "Linux" + +.SH NAME +connmark - netfilter connmark retriever action +.SH SYNOPSIS +.in +8 +.ti -8 +.BR tc " ... " "action connmark " [ " zone" +.IR u16_zone_index " ] [ " BRANCH " ] [" +.BI index " u32_index " +] + +.ti -8 +.IR BRANCH " := { " reclassify " | " pipe " | " drop " | " continue " | " ok " }" +.SH DESCRIPTION +The connmark action is used to restore the connection's mark value into the +packet's fwmark. +.SH OPTIONS +.TP +.BI zone " u16_zone_index" +Specify the conntrack zone when doing conntrack lookups for packets. +.I u16_zone_index +is a 16bit unsigned decimal value. +.TP +.I BRANCH +How to continue after executing this action. +.RS +.TP +.B reclassify +Restarts classification by jumping back to the first filter attached to this +action's parent. +.TP +.B pipe +Continue with the next action, this is the default. +.TP +.B drop +.TQ +.B shot +Packet will be dropped without running further actions. +.TP +.B continue +Continue classification with next filter in line. +.TP +.B pass +Return to calling qdisc for packet processing. This ends the classification +process. +.RE +.TP +.BI index " u32_index " +Specify an index for this action in order to being able to identify it in later +commands. +.I u32_index +is a 32bit unsigned decimal value. +.SH SEE ALSO +.BR tc (8)
Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Phil Sutter <phil@nwl.cc> --- man/man8/tc-connmark.8 | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 man/man8/tc-connmark.8