2016年6月13日 星期一

vlanctl command for Broadcom

Set vlan operations interface suffix, if not set ,the default value is "."
    vlanctl --if-suffix      

change real interface name mode,if not set , default mode is RG.
    vlanctl --if <--set-if-mode-rg>|<--set-if-mode-ont>

create vlan operations interface eg. vlanctl --if-create eth0 0 => generate eth0.0 with eth0
    vlanctl --if-create [--routed] [--mcast]
   
create vlan operations interface and specify name
    vlanctl --if-create-name [--routed] [--mcast]

delete vlan operations interface with name
    vlanctl --if-delete

-- NOTIFY start-----------------------------
--------------------------------------------
when create a vlan interface,it will create 10 tables about this vlan interface automatically.
              interface -- -- < 0 tag | 1 tag | 2 tags | 3 tags | 4 tags > 
A tagging rule table determined by and
when a table is created,the default values are set to: TPID(0x8100), pbits(0),vid(1),cfi(0)
and DSCP-TO-PBITS table are set by copying the lowest 3 bits of each DSCP value as the pbits value,
eg. DSCP=5 PBITS=5, DSCP=15 PBITS=7.
--------------------------------------------
-- NOTIFY end-------------------------------

change default actions of a vlan tag rules table,
    vlanctl --if --tags  
        [--default-tpid ] [--default-pbits ] [--default-vid ] [--default-cfi ]

change DSCP to Pbits translation
    vlanctl --if [--cfg-dscp2pbits ]
   
change Tpid table
    vlanctl --if --cfg-tpid  

--------------------------------------------
display a rule table.   eg. vlanctl --if eth0 --rx --tags 0 --show-table
    vlanctl --if --tags --show-table

dispaly DSCP to Pbits table
    vlanctl --if --show-dscp2pbits

display TPID table
    vlanctl --if --show-tpid

display device local stats
    vlanctl --local-stats |

--------------------------------------------
runtest
    vlanctl --run-test

--------------------------------------------

delete all tag rules
    vlanctl --rule-remove-all

delete a tag rule
    vlanctl --if --tags --rule-remove

---------------------------------------------

Add a tag rule
    vlanctl --if --tags [filters] [commads]

    filters:
     --filter-skb-prio                    match the SKB priority 
     --filter-skb-mark-flowid              match the Flow ID subfiled of SKB Mark filed.         
     --filter-skb-mark-port                   match the port subfiled of SKB Mark filed.     
     --filter-ethertype                  match the Ethertype filed in the Ethernet Header of incoming frames 
     --filter-ipproto                  match the IP protocol type of incoming frames 
     --filter-dscp                            match the DSCP value in the IPv4 Header of incoming frames 
     --filter-dscp2pbits                     match the DSCP traslate from pbits which in the VLAN Header by dscp2pbits table  
     --filter-vlan-dev-mac-addr 0: match all recive frames dest MAC addr against the recive virtual interface
                                                      1: match unicast recive frames dest MAC addr against the recive virtual interface    
     --filter-pbits              match the PBITS value of VLAN Header number of incoming frames 
     --filter-cfi                  match the CFI value of VLAN Header number of incoming frames 
     --filter-vid                  match the VID value of VLAN Header number of incoming frames 
     --filter-tag-ethertype  match the Ethertype value of VLAN Header number of incoming frames 
     --filter-txif             match the transmitting vlan interface                                

    commands:
     --pop-tag                                       remove the outermost VLAN tag.
     --push-tag                                      add default VLAN tag of the corresponding Tagging rule Table as the new outer tag.
     --drop-frame                                    drop the frame
     --continue                                      pass the frame
     --set-rxif                forward frames in the RECEIVE direction that match this rule to the VOPI specified in vlan interface name                        
     --dscp2pbits                        translate the IPv4 DSCP into a PBITS ,and write the translated PBITS value in the VLAN Header which number is index 
     --set-dscp                               set the DSCP value in the IPv4 Header 
     --set-skb-prio                       set the SKB priority 
     --set-skb-mark-port                      set the port subfiled of SKB Mark filed. 
     --set-skb-mark-queue                    set the queue subfiled of SKB Mark filed. 
     --set-skb-mark-flowid                 set the Flow ID subfiled of SKB Mark filed
     --set-ethertype                     set the ethertype value of the Ethernet Header 
     --set-pbits                 set the PBITS value of the VLAN header number
     --set-cfi                     set the CFI bit of the VLAN header number to
     --set-vid                     set the VID of the VLAN header number to
     --set-tag-ethertype     set the ethertype of the VLAN header number to
     --copy-pbits   copy the PBITS value from VLAN header number to VLAN header number
     --copy-cfi     copy the CFI value from VLAN header number to VLAN header number
     --copy-vid     copy the VID value from VLAN header number to VLAN header number
     --copy-tag-ethertype   
                                                     copy the Ethernet type value from VLAN header number to VLAN header number
   
    position: <--rule-append> | <--rule-insert-before rule-id=""> |<--rule-insert-after rule-id="">
     --rule-append                      insert as a last rule
     --rule-insert-before     insert before the role whose id is matches the rule-id in the table
     --rule-insert-after      insert after the role whose id is matches the rule-id in the table

DNSSEC安全技術簡介 作者:游子興 / 臺灣大學計算機及資訊網路中心網路組約聘幹事 DNS 是一套已經廣泛使用的Internet 服務,但因先天的技術限制導致容易成為駭客攻擊的目標。本文主要在介紹DNSSEC 之緣起與技術背景,及其使用的加解密技術如何確保資料的完整...