Skip to content

Instantly share code, notes, and snippets.

@dan82840

dan82840/Topology

Last active July 19, 2021 14:19
Show Gist options
  • Save dan82840/ac981a40c7a7c22234a8bfd47b97fec6 to your computer and use it in GitHub Desktop.
Save dan82840/ac981a40c7a7c22234a8bfd47b97fec6 to your computer and use it in GitHub Desktop.
Download ZIP
Debug Log for ebtables, iptables and tc
Raw
setup-log.sh
#!/bin/sh
#
#IFNAME="br0"
IFNAME="enp0s9"
_log_iptables() {
local method
if [ "$1" == "add" ]; then
method="-I"
else
method="-D"
fi
iptables -t mangle $method PREROUTING -p icmp -j LOG --log-level 6 \
--log-prefix "mangle:PREROUTING " >/dev/null 2>&1
iptables -t mangle $method INPUT -p icmp -j LOG --log-level 6 \
--log-prefix "mangle:INPUT " >/dev/null 2>&1
iptables -t mangle $method FORWARD -p icmp -j LOG --log-level 6 \
--log-prefix "mangle:FORWARD " >/dev/null 2>&1
iptables -t mangle $method OUTPUT -p icmp -j LOG --log-level 6 \
--log-prefix "mangle:OUTPUT " >/dev/null 2>&1
iptables -t mangle $method POSTROUTING -p icmp -j LOG --log-level 6 \
--log-prefix "mangle:POSTROUTING " >/dev/null 2>&1
}
flush_log_iptables() {
_log_iptables "del"
}
setup_log_iptables() {
#iptables -t raw -A OUTPUT -p icmp -j TRACE
#iptables -t raw -A PREROUTING -p icmp -j TRACE
_log_iptables "add"
}
_log_ebtables() {
local method
if [ "$1" == "add" ]; then
method="-I"
else
method="-D"
fi
ebtables -t broute $method BROUTING -p ipv4 --ip-proto 1 --log-level 6 --log-ip \
--log-prefix "[EBT]broute:BROUTING" -j ACCEPT
ebtables -t nat $method OUTPUT -p ipv4 --ip-proto 1 --log-level 6 --log-ip \
--log-prefix "[EBT]nat:OUTPUT" -j ACCEPT
ebtables -t nat $method PREROUTING -p ipv4 --ip-proto 1 --log-level 6 --log-ip \
--log-prefix "[EBT]nat:PREROUTING" -j ACCEPT
ebtables -t filter $method INPUT -p ipv4 --ip-proto 1 --log-level 6 --log-ip \
--log-prefix "[EBT]filter:INPUT" -j ACCEPT
ebtables -t filter $method FORWARD -p ipv4 --ip-proto 1 --log-level 6 --log-ip \
--log-prefix "[EBT]filter:FORWARD" -j ACCEPT
ebtables -t filter $method OUTPUT -p ipv4 --ip-proto 1 --log-level 6 --log-ip \
--log-prefix "[EBT]filter:OUTPUT" -j ACCEPT
ebtables -t nat $method POSTROUTING -p ipv4 --ip-proto 1 --log-level 6 --log-ip \
--log-prefix "[EBT]nat:POSTROUTING" -j ACCEPT
}
flush_log_ebtables() {
_log_ebtables "del"
}
setup_log_ebtables() {
_log_ebtables "add"
}
flush_log_tc() {
tc qdisc del dev $IFNAME root
tc qdisc del dev $IFNAME handle ffff: ingress
tc qdisc del dev ifb0 root
tc qdisc add dev ifb0 root handle 1: htb
tc qdisc del dev ifb1 root
tc qdisc add dev ifb1 root handle 1: htb
}
setup_log_tc() {
tc qdisc add dev ifb0 root handle 1: htb default 2
tc class add dev ifb0 parent 1: classid 1:1 htb rate 2Mbit
tc class add dev ifb0 parent 1: classid 1:2 htb rate 10Mbit
tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 \
match ip protocol 1 0xff flowid 1:1 \
action simple "tc[ifb0]egress"
tc qdisc add dev ifb0 ingress
tc filter add dev ifb0 parent ffff: protocol ip prio 1 u32 \
match ip protocol 1 0xff \
action simple "tc[ifb0]ingress"
tc qdisc add dev ifb1 root handle 1: htb default 2
tc class add dev ifb1 parent 1: classid 1:1 htb rate 2Mbit
tc class add dev ifb1 parent 1: classid 1:2 htb rate 10Mbit
tc filter add dev ifb1 parent 1: protocol ip prio 1 u32 \
match ip protocol 1 0xff flowid 1:1 \
action simple "tc[ifb1]egress"
tc qdisc add dev ifb1 ingress
tc filter add dev ifb1 parent ffff: protocol ip prio 1 u32 \
match ip protocol 1 0xff \
action simple "tc[ifb1]ingress"
tc qdisc add dev $IFNAME root handle 1: htb default 2
tc class add dev $IFNAME parent 1: classid 1:1 htb rate 2Mbit
tc class add dev $IFNAME parent 1: classid 1:2 htb rate 10Mbit
tc filter add dev $IFNAME parent 1: protocol ip prio 1 u32 \
match ip protocol 1 0xff flowid 1:1 \
action simple "tc[$IFNAME]egress" pipe \
action mirred egress redirect dev ifb0
tc qdisc add dev $IFNAME ingress
tc filter add dev $IFNAME parent ffff: protocol ip prio 1 u32 \
match ip protocol 1 0xff \
action simple "tc[$IFNAME]ingress" pipe \
action mirred egress redirect dev ifb1
}
_flush_log() {
flush_log_iptables
flush_log_ebtables
flush_log_tc
}
_setup_log() {
_flush_log
setup_log_iptables
setup_log_ebtables
setup_log_tc
}
main() {
local argc=$1; shift
local action=$1
[ "$(whoami)" != "root" ] && {
echo "Need root user to execute !!!"
exit 1
}
rm -f /tmp/tc.log
case "$action" in
"")
_setup_log
;;
flush)
_flush_log
;;
esac
}
main $# $*
exit 0
Raw
Topology
(enp0s9)[QOSL1](enp0s8) -- (intnet-1) -- (enp0s8)[QoS-Router](enp0s3)
+---- (enp0s3) +
+-- (br0) --+-- (enp0s9) -- (intnet-2) -- (enp0s8)[QOSR1](enp0s3)
+-- (enp0s10) --(intnet-3) -- (enp0s8)[QOSR2](enp0s3)
@dan82840
Copy link
Author

dan82840 commented Aug 29, 2018
edited
Loading

IFNAME="enp0s9"

simple: tc[enp0s9]ingress_1
simple: tc[ifb1]egress_1
[EBT]broute:BROUTING IN=enp0s9 OUT= MAC source = 08:00:27:f9:14:fa MAC dest = 08:00:27:2c:06:4e proto = 0x0800
IP SRC=192.168.22.2 IP DST=192.168.11.2, IP tos=0x00, IP proto=1

[EBT]nat:PREROUTING IN=enp0s9 OUT= MAC source = 08:00:27:f9:14:fa MAC dest = 08:00:27:2c:06:4e proto = 0x0800
IP SRC=192.168.22.2 IP DST=192.168.11.2, IP tos=0x00, IP proto=1

[EBT]filter:INPUT IN=enp0s9 OUT= MAC source = 08:00:27:f9:14:fa MAC dest = 08:00:27:2c:06:4e proto = 0x0800
IP SRC=192.168.22.2 IP DST=192.168.11.2, IP tos=0x00, IP proto=1

mangle:PREROUTING IN=br0 OUT= MAC=08:00:27:2c:06:4e:08:00:27:f9:14:fa:08:00 SRC=192.168.22.2 DST=192.168.11.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=36901 DF PROTO=ICMP TYPE=8 CODE=0 ID=2642 SEQ=1
mangle:FORWARD IN=br0 OUT=enp0s8 MAC=08:00:27:2c:06:4e:08:00:27:f9:14:fa:08:00 SRC=192.168.22.2 DST=192.168.11.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=36901 DF PROTO=ICMP TYPE=8 CODE=0 ID=2642 SEQ=1
mangle:POSTROUTING IN= OUT=enp0s8 SRC=192.168.22.2 DST=192.168.11.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=36901 DF PROTO=ICMP TYPE=8 CODE=0 ID=2642 SEQ=1
mangle:PREROUTING IN=enp0s8 OUT= MAC=08:00:27:ab:b9:b3:08:00:27:6a:dc:9d:08:00 SRC=192.168.11.2 DST=192.168.11.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=58072 PROTO=ICMP TYPE=0 CODE=0 ID=2642 SEQ=1
mangle:FORWARD IN=enp0s8 OUT=br0 MAC=08:00:27:ab:b9:b3:08:00:27:6a:dc:9d:08:00 SRC=192.168.11.2 DST=192.168.22.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=58072 PROTO=ICMP TYPE=0 CODE=0 ID=2642 SEQ=1
mangle:POSTROUTING IN= OUT=br0 SRC=192.168.11.2 DST=192.168.22.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=58072 PROTO=ICMP TYPE=0 CODE=0 ID=2642 SEQ=1
[EBT]nat:OUTPUT IN= OUT=enp0s9 MAC source = 08:00:27:2c:06:4e MAC dest = 08:00:27:f9:14:fa proto = 0x0800
IP SRC=192.168.11.2 IP DST=192.168.22.2, IP tos=0x00, IP proto=1

[EBT]filter:OUTPUT IN= OUT=enp0s9 MAC source = 08:00:27:2c:06:4e MAC dest = 08:00:27:f9:14:fa proto = 0x0800
IP SRC=192.168.11.2 IP DST=192.168.22.2, IP tos=0x00, IP proto=1

[EBT]nat:POSTROUTING IN= OUT=enp0s9 MAC source = 08:00:27:2c:06:4e MAC dest = 08:00:27:f9:14:fa proto = 0x0800
IP SRC=192.168.11.2 IP DST=192.168.22.2, IP tos=0x00, IP proto=1

simple: tc[enp0s9]egress_1
simple: tc[ifb0]egress_1

@dan82840
Copy link
Author

IFNAME="br0"

[EBT]broute:BROUTING IN=enp0s9 OUT= MAC source = 08:00:27:f9:14:fa MAC dest = 08:00:27:2c:06:4e proto = 0x0800
IP SRC=192.168.22.2 IP DST=192.168.11.2, IP tos=0x00, IP proto=1

[EBT]nat:PREROUTING IN=enp0s9 OUT= MAC source = 08:00:27:f9:14:fa MAC dest = 08:00:27:2c:06:4e proto = 0x0800
IP SRC=192.168.22.2 IP DST=192.168.11.2, IP tos=0x00, IP proto=1

[EBT]filter:INPUT IN=enp0s9 OUT= MAC source = 08:00:27:f9:14:fa MAC dest = 08:00:27:2c:06:4e proto = 0x0800
IP SRC=192.168.22.2 IP DST=192.168.11.2, IP tos=0x00, IP proto=1

simple: tc[br0]ingress_1
simple: tc[ifb1]egress_1
mangle:PREROUTING IN=br0 OUT= MAC=08:00:27:2c:06:4e:08:00:27:f9:14:fa:08:00 SRC=192.168.22.2 DST=192.168.11.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=42684 DF PROTO=ICMP TYPE=8 CODE=0 ID=2616 SEQ=1
mangle:FORWARD IN=br0 OUT=enp0s8 MAC=08:00:27:2c:06:4e:08:00:27:f9:14:fa:08:00 SRC=192.168.22.2 DST=192.168.11.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=42684 DF PROTO=ICMP TYPE=8 CODE=0 ID=2616 SEQ=1
mangle:POSTROUTING IN= OUT=enp0s8 SRC=192.168.22.2 DST=192.168.11.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=42684 DF PROTO=ICMP TYPE=8 CODE=0 ID=2616 SEQ=1

mangle:PREROUTING IN=enp0s8 OUT= MAC=08:00:27:ab:b9:b3:08:00:27:6a:dc:9d:08:00 SRC=192.168.11.2 DST=192.168.11.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=57017 PROTO=ICMP TYPE=0 CODE=0 ID=2616 SEQ=1
mangle:FORWARD IN=enp0s8 OUT=br0 MAC=08:00:27:ab:b9:b3:08:00:27:6a:dc:9d:08:00 SRC=192.168.11.2 DST=192.168.22.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=57017 PROTO=ICMP TYPE=0 CODE=0 ID=2616 SEQ=1
mangle:POSTROUTING IN= OUT=br0 SRC=192.168.11.2 DST=192.168.22.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=57017 PROTO=ICMP TYPE=0 CODE=0 ID=2616 SEQ=1
simple: tc[br0]egress_1
simple: tc[ifb0]egress_1
[EBT]nat:OUTPUT IN= OUT=enp0s9 MAC source = 08:00:27:2c:06:4e MAC dest = 08:00:27:f9:14:fa proto = 0x0800
IP SRC=192.168.11.2 IP DST=192.168.22.2, IP tos=0x00, IP proto=1

[EBT]filter:OUTPUT IN= OUT=enp0s9 MAC source = 08:00:27:2c:06:4e MAC dest = 08:00:27:f9:14:fa proto = 0x0800
IP SRC=192.168.11.2 IP DST=192.168.22.2, IP tos=0x00, IP proto=1

[EBT]nat:POSTROUTING IN= OUT=enp0s9 MAC source = 08:00:27:2c:06:4e MAC dest = 08:00:27:f9:14:fa proto = 0x0800
IP SRC=192.168.11.2 IP DST=192.168.22.2, IP tos=0x00, IP proto=1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment