function::tcpmib_filter_key - Linux

Overview

The tcpmib_filter_key command is employed with the Traffic Control (tc) framework in the Linux kernel to filter IPFIX/sFlow traffic by specific IP Flow Information Export (IPFIX) fields. It allows for selective filtering of IPFIX data, enabling efficient collection and analysis of network traffic data.

Syntax

tcpmib_filter_key [ FILTER_SPEC ] ...

Options/Flags

| Flag | Description | Default Value |
|—|—|—|
| -p | Specifies the destination port for the IPFIX collector. | 4739 |
| -P | Specifies the port for the IPFIX source | 2055 |
| -v | Specifies the IPFIX version | 10 |
| -s <report_size> | Sets the maximum size of each IPFIX report in bytes | 1280 |
| –interval | Defines the interval between IPFIX reports in seconds | 30 |

Examples

Example 1: Filter IPFIX traffic based on source IP address:

tc filter add dev eth0 ingress protocol ip6 pref 1 handle 123 \
    tcpmib_filter_key -S 2001:db8:85a3:08d3:1319:8a2e:0370:7334

Common Issues

• Error: Invalid argument: Ensure that the IPFIX field specified in the FILTER_SPEC is valid and supported by the command.
• No IPFIX data collected: Verify that the IPFIX collector is listening on the specified port and that the IPFIX source is exporting data.

Integration

The tcpmib_filter_key command can be combined with other tc commands to create complex traffic filtering and management policies. For example, it can be used in conjunction with the tc filter command to filter and classify traffic based on specific criteria.

Related Commands

• tc – The main command for managing traffic control in Linux
• ipfix – A tool for collecting and analyzing IPFIX data
• sflowtool – A tool for collecting and analyzing sFlow data