From: Ido Schimmel <idosch@idosch.org>
To: "Allan W. Nielsen" <allan.nielsen@microchip.com>
Cc: Jiri Pirko <jiri@resnulli.us>, David Miller <davem@davemloft.net>,
andrew@lunn.ch, horatiu.vultur@microchip.com,
alexandre.belloni@bootlin.com, UNGLinuxDriver@microchip.com,
ivecera@redhat.com, f.fainelli@gmail.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 1/2] net: core: Notify on changes to dev->promiscuity.
Date: Tue, 3 Sep 2019 09:13:24 +0300 [thread overview]
Message-ID: <20190903061324.GA6149@splinter> (raw)
In-Reply-To: <20190902174229.uur7r7duq4dvbnqq@lx-anielsen.microsemi.net>
On Mon, Sep 02, 2019 at 07:42:31PM +0200, Allan W. Nielsen wrote:
> I have been reading through this thread several times and I still do not get it.
Allan,
I kept thinking about this and I want to make sure that I correctly
understand the end result.
With these patches applied I assume I will see the following traffic
when running tcpdump on one of the netdevs exposed by the ocelot driver:
- Ingress: All
- Egress: Only locally generated traffic and traffic forwarded by the
kernel from interfaces not belonging to the ocelot driver
The above means I will not see any offloaded traffic transmitted by the
port. Is that correct? I see that the driver is setting
'offload_fwd_mark' for any traffic trapped from bridged ports, which
means the bridge will drop it before it traverses the packet taps on
egress.
Large parts of the discussion revolve around the fact that switch ports
are not any different than other ports. Dave wrote "Please stop
portraying switches as special in this regard" and Andrew wrote "[The
user] just wants tcpdump to work like on their desktop."
But if anything, this discussion proves that switch ports are special in
this regard and that tcpdump will not work like on the desktop.
Beside the fact that I don't agree (but gave up) with the new
interpretation of promisc mode, I wonder if we're not asking for trouble
with this patchset. Users will see all offloaded traffic on ingress, but
none of it on egress. This is in contrast to the sever/desktop, where
Linux is much more dominant in comparison to switches (let alone hw
accelerated ones) and where all the traffic is visible through tcpdump.
I can already see myself having to explain this over and over again to
confused users.
Now, I understand that showing egress traffic is inherently difficult.
It means one of two things:
1. We allow packets to be forwarded by both the software and the
hardware
2. We trap all ingressing traffic from all the ports
Both options can have devastating effects on the network and therefore
should not be triggered by a supposedly innocent invocation of tcpdump.
I again wonder if it would not be wiser to solve this by introducing two
new flags to tcpdump for ingress/egress (similar to -Q in/out) capturing
of offloaded traffic. The capturing of egress offloaded traffic can be
documented with the appropriate warnings.
Anyway, I don't want to hold you up, I merely want to make sure that the
above (assuming it's correct) is considered before the patches are
applied.
Thanks
next prev parent reply other threads:[~2019-09-03 6:13 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-29 9:22 [PATCH v3 0/2] net: core: Notify on changes to dev->promiscuity Horatiu Vultur
2019-08-29 9:22 ` [PATCH v3 1/2] " Horatiu Vultur
2019-08-29 9:51 ` Jiri Pirko
2019-08-29 10:56 ` Horatiu Vultur
2019-08-29 12:18 ` Jiri Pirko
2019-08-29 12:44 ` Horatiu Vultur
2019-08-29 12:55 ` Ivan Vecera
2019-08-29 13:15 ` Andrew Lunn
2019-08-29 13:39 ` Ivan Vecera
2019-08-29 13:15 ` Horatiu Vultur
2019-08-29 13:26 ` Andrew Lunn
2019-08-29 13:49 ` Jiri Pirko
2019-08-29 14:37 ` Andrew Lunn
2019-08-29 17:57 ` Ido Schimmel
2019-08-29 18:29 ` Andrew Lunn
2019-08-29 19:36 ` Ido Schimmel
2019-08-29 22:12 ` David Miller
2019-08-30 5:39 ` Jiri Pirko
2019-08-30 6:02 ` David Miller
2019-08-30 6:36 ` Jiri Pirko
2019-08-30 6:54 ` Ivan Vecera
2019-08-30 7:13 ` David Miller
2019-08-30 7:12 ` David Miller
2019-08-30 7:21 ` Jiri Pirko
2019-08-30 7:32 ` David Miller
2019-08-30 8:01 ` Jiri Pirko
2019-09-02 17:42 ` Allan W. Nielsen
2019-09-02 17:51 ` Jiri Pirko
2019-09-02 18:05 ` Allan W. Nielsen
2019-09-02 18:45 ` Jiri Pirko
2019-09-03 6:13 ` Ido Schimmel [this message]
2019-09-03 8:14 ` Allan W. Nielsen
2019-09-08 10:15 ` Ido Schimmel
2019-08-30 9:43 ` Ido Schimmel
2019-08-31 19:35 ` Andrew Lunn
2019-08-31 20:47 ` Ido Schimmel
2019-09-01 18:48 ` Andrew Lunn
2019-09-02 17:55 ` Allan W. Nielsen
2019-09-01 6:54 ` Jiri Pirko
2019-08-29 22:10 ` David Miller
2019-08-29 22:08 ` David Miller
2019-08-30 6:13 ` Jiri Pirko
2019-08-30 6:18 ` David Miller
2019-08-30 7:26 ` Ivan Vecera
2019-08-29 9:22 ` [PATCH v3 2/2] net: mscc: Implement promisc mode Horatiu Vultur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190903061324.GA6149@splinter \
--to=idosch@idosch.org \
--cc=UNGLinuxDriver@microchip.com \
--cc=alexandre.belloni@bootlin.com \
--cc=allan.nielsen@microchip.com \
--cc=andrew@lunn.ch \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=horatiu.vultur@microchip.com \
--cc=ivecera@redhat.com \
--cc=jiri@resnulli.us \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).