Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iproute2 / 7baca946c416b997e1afacd0bd02faf148786970 / . / man / man8 / tc-tunnel_key.8
blob: 2e569730abbb3a099ec9d4aec3ed17fc25c41112 [file] [log] [blame]
Amir Vadaid57639a2016-12-02 13:25:15 +0200[diff] [blame]1.TH "Tunnel metadata manipulation action in tc" 8 "10 Nov 2016" "iproute2" "Linux"
2
3.SH NAME
4tunnel_key - Tunnel metadata manipulation
5.SH SYNOPSIS
6.in +8
7.ti -8
8.BR tc " ... " "action tunnel_key" " { " unset " | "
9.IR SET " }"
10
11.ti -8
12.IR SET " := "
13.BR set " " src_ip
14.IR ADDRESS
15.BR dst_ip
16.IR ADDRESS
17.BI id " KEY_ID"
Hadar Hen Zion449c7092016-12-13 10:07:47 +0200[diff] [blame]18.BI dst_port " UDP_PORT"
Amir Vadaid57639a2016-12-02 13:25:15 +0200[diff] [blame]19
20.SH DESCRIPTION
21The
22.B tunnel_key
23action combined with a shared IP tunnel device, allows to perform IP tunnel en-
24or decapsulation on a packet, reflected by
25the operation modes
26.IR UNSET " and " SET .
27The
28.I UNSET
29mode is optional - even without using it, the metadata information will be
30released automatically when packet processing will be finished.
31.IR UNSET
32function could be used in cases when traffic is forwarded between two tunnels,
33where the metadata from the first tunnel will be used for encapsulation done by
34the second tunnel.
35.IR SET
36mode requires the source and destination ip
37.I ADDRESS
38and the tunnel key id
39.I KEY_ID
40which will be used by the ip tunnel shared device to create the tunnel header. The
41.B tunnel_key
42action is useful only in combination with a
43.B mirred redirect
44action to a shared IP tunnel device which will use the metadata (for
45.I SET
46) and unset the metadata created by it (for
47.I UNSET
48).
49
50.SH OPTIONS
51.TP
52.B unset
53Unset the tunnel metadata created by the IP tunnel device. This function is
54not mandatory and might be used only in some specific use cases (as explained
55above).
56.TP
57.B set
58Set tunnel metadata to be used by the IP tunnel device. Requires
59.B id
60,
61.B src_ip
62and
63.B dst_ip
64options.
Hadar Hen Zion449c7092016-12-13 10:07:47 +0200[diff] [blame]65.B dst_port
66is optional.
Amir Vadaid57639a2016-12-02 13:25:15 +0200[diff] [blame]67.RS
68.TP
69.B id
70Tunnel ID (for example VNI in VXLAN tunnel)
71.TP
72.B src_ip
73Outer header source IP address (IPv4 or IPv6)
74.TP
75.B dst_ip
76Outer header destination IP address (IPv4 or IPv6)
Hadar Hen Zion449c7092016-12-13 10:07:47 +0200[diff] [blame]77.TP
78.B dst_port
79Outer header destination UDP port
Amir Vadaid57639a2016-12-02 13:25:15 +0200[diff] [blame]80.RE
81.SH EXAMPLES
82The following example encapsulates incoming ICMP packets on eth0 into a vxlan
83tunnel, by setting metadata to VNI 11, source IP 11.11.0.1 and destination IP
8411.11.0.2, and by redirecting the packet with the metadata to device vxlan0,
85which will do the actual encapsulation using the metadata:
86
87.RS
88.EX
89#tc qdisc add dev eth0 handle ffff: ingress
90#tc filter add dev eth0 protocol ip parent ffff: \\
91 flower \\
92 ip_proto icmp \\
93 action tunnel_key set \\
94 src_ip 11.11.0.1 \\
95 dst_ip 11.11.0.2 \\
96 id 11 \\
97 action mirred egress redirect dev vxlan0
98.EE
99.RE
100
101Here is an example of the
102.B unset
103function: Incoming VXLAN traffic with outer IP's and VNI 11 is decapsulated by
104vxlan0 and metadata is unset before redirecting to tunl1 device:
105
106.RS
107.EX
108#tc qdisc add dev eth0 handle ffff: ingress
109#tc filter add dev vxlan0 protocol ip parent ffff: \
110 flower \\
111 enc_src_ip 11.11.0.2 enc_dst_ip 11.11.0.1 enc_key_id 11 \
112 action tunnel_key unset \
113 action mirred egress redirect dev tunl1
114.EE
115.RE
116
117.SH SEE ALSO
118.BR tc (8)