I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was not support (I built tc from the latest versions of iproute2). For tc-pedit, examples from man tc-pedit such as "pedit ex munge" were not supported, but "pedit munge offset" is.
On Mon, May 15, 2017 at 1:14 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > On Thu, May 11, 2017 at 1:45 PM, Morgan Yang <morgan.yang1...@gmail.com> > wrote: >> Hi All: >> >> I want to build a solution that leverages the filtering and actions of >> tc in kernel space, but have the ability to hook to a userspace >> application that can additional packet processing (such as payload >> masking). I'm curious what are the best ways to go about doing that? I >> have been looking into tc-skbmod and tc-pedit, but as good as they >> are, they would require newer kernels. I have also tried using tc to >> mirror filterd packets to a dummy or tap interface, and have the >> userspace application pick up there, but the performance has been >> supar. I'm hoping to have a solution that avoids the extra mirroring. > > > act pedit exists for a rather long time, I don't think you need a new > kernel to use it, unless of course you have a different definition of > "new kernel". ;)
