From: Jamal Hadi Salim <j...@mojatatu.com> Date: Mon, 12 Sep 2016 20:13:09 -0400
> From: Jamal Hadi Salim <j...@mojatatu.com> > > This action is intended to be an upgrade from a usability perspective > from pedit (as well as operational debugability). > Compare this: > > sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \ > u32 match ip protocol 1 0xff flowid 1:2 \ > action pedit munge offset -14 u8 set 0x02 \ > munge offset -13 u8 set 0x15 \ > munge offset -12 u8 set 0x15 \ > munge offset -11 u8 set 0x15 \ > munge offset -10 u16 set 0x1515 \ > pipe > > to: > > sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \ > u32 match ip protocol 1 0xff flowid 1:2 \ > action skbmod dmac 02:15:15:15:15:15 > > Also try to do a MAC address swap with pedit or worse > try to debug a policy with destination mac, source mac and > etherype. Then make few rules out of those and you'll get my point. > > In the future common use cases on pedit can be migrated to this action > (as an example different fields in ip v4/6, transports like tcp/udp/sctp > etc). For this first cut, this allows modifying basic ethernet header. > > The most important ethernet use case at the moment is when redirecting or > mirroring packets to a remote machine. The dst mac address needs a re-write > so that it doesnt get dropped or confuse an interconnecting (learning) switch > or dropped by a target machine (which looks at the dst mac). And at times > when flipping back the packet a swap of the MAC addresses is needed. > > Signed-off-by: Jamal Hadi Salim <j...@mojatatu.com> Applied, thanks.
