Home | History | Annotate | Download | only in actions 
      1 
      2 gact <ACTION> [RAND] [INDEX]
      3 
      4 Where: 
      5 	ACTION := reclassify | drop | continue | pass | ok 
      6 	RAND := random <RANDTYPE> <ACTION> <VAL>
      7 	RANDTYPE := netrand | determ
      8         VAL : = value not exceeding 10000
      9         INDEX := index value used
     10       
     11 ACTION semantics
     12 - pass and ok are equivalent to accept
     13 - continue allows to restart classification lookup
     14 - drop drops packets
     15 - reclassify implies continue classification where we left off
     16 
     17 randomization
     18 --------------
     19 
     20 At the moment there are only two algorithms. One is deterministic
     21 and the other uses internal kernel netrand.
     22 
     23 Examples:
     24 
     25 Rules can be installed on both ingress and egress - this shows ingress
     26 only
     27 
     28 tc qdisc add dev eth0 ingress
     29 
     30 # example 1
     31 tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
     32 10.0.0.9/32 flowid 1:16 action drop
     33 
     34 ping -c 20 10.0.0.9
     35 
     36 --
     37 filter u32
     38 filter u32 fh 800: ht divisor 1
     39 filter u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16  (rule hit 32 success 20)
     40   match 0a000009/ffffffff at 12 (success 20 )
     41         action order 1: gact action drop
     42          random type none pass val 0
     43          index 1 ref 1 bind 1 installed 59 sec used 35 sec
     44          Sent 1680 bytes 20 pkts (dropped 20, overlimits 0 )
     45  
     46 ----
     47 
     48 # example 2
     49 #allow 1 out 10 randomly using the netrand generator
     50 tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
     51 10.0.0.9/32 flowid 1:16 action drop random netrand ok 10
     52  
     53 ping -c 20 10.0.0.9
     54 
     55 ----
     56 filter protocol ip pref 6 u32 filter protocol ip pref 6 u32 fh 800: ht divisor 1filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16  (rule hit 20 success 20)
     57   match 0a000009/ffffffff at 12 (success 20 )
     58         action order 1: gact action drop
     59          random type netrand pass val 10
     60          index 5 ref 1 bind 1 installed 49 sec used 25 sec
     61          Sent 1680 bytes 20 pkts (dropped 16, overlimits 0 )
     62                                                                                 
     63 --------
     64 #alternative: deterministically accept every second packet
     65 tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
     66 10.0.0.9/32 flowid 1:16 action drop random determ ok 2
     67                                                                                 
     68 ping -c 20 10.0.0.9
     69                                                                                 
     70 tc -s filter show parent ffff: dev eth0
     71 -----
     72 filter protocol ip pref 6 u32 filter protocol ip pref 6 u32 fh 800: ht divisor 1filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16  (rule hit 20 success 20)
     73   match 0a000009/ffffffff at 12 (success 20 )
     74         action order 1: gact action drop
     75          random type determ pass val 2
     76          index 4 ref 1 bind 1 installed 118 sec used 82 sec
     77          Sent 1680 bytes 20 pkts (dropped 10, overlimits 0 )
     78 -----
     79 
     80