netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Vladimir Oltean <olteanv@gmail.com>
To: andrew@lunn.ch, f.fainelli@gmail.com, vivien.didelot@gmail.com,
	davem@davemloft.net
Cc: netdev@vger.kernel.org, Vladimir Oltean <olteanv@gmail.com>
Subject: [PATCH net-next] net: dsa: Allow port mirroring to the CPU port
Date: Thu,  3 Oct 2019 02:37:50 +0300	[thread overview]
Message-ID: <20191002233750.13566-1-olteanv@gmail.com> (raw)

On a regular netdev, putting it in promiscuous mode means receiving all
traffic passing through it, whether or not it was destined to its MAC
address. Then monitoring applications such as tcpdump can see all
traffic transiting it.

On Ethernet switches, clearly all ports are in promiscuous mode by
definition, since they accept frames destined to any MAC address.
However tcpdump does not capture all frames transiting switch ports,
only the ones destined to, or originating from the CPU port.

To be able to monitor frames with tcpdump on the CPU port, extend the tc
matchall classifier and mirred action to support the DSA master port as
a possible mirror target.

Tested with:
tc qdisc add dev swp2 clsact
tc filter add dev swp2 ingress matchall skip_sw \
	action mirred egress mirror dev eth2
tcpdump -i swp2

Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
---
 net/dsa/slave.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 75d58229a4bd..5db0a4f45e7b 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -872,7 +872,7 @@ static int dsa_slave_add_cls_matchall(struct net_device *dev,
 	__be16 protocol = cls->common.protocol;
 	struct dsa_switch *ds = dp->ds;
 	struct flow_action_entry *act;
-	struct dsa_port *to_dp;
+	const struct dsa_port *to_dp;
 	int err = -EOPNOTSUPP;
 
 	if (!ds->ops->port_mirror_add)
@@ -889,7 +889,11 @@ static int dsa_slave_add_cls_matchall(struct net_device *dev,
 		if (!act->dev)
 			return -EINVAL;
 
-		if (!dsa_slave_dev_check(act->dev))
+		if (dsa_slave_dev_check(act->dev))
+			to_dp = dsa_slave_to_port(act->dev);
+		else if (act->dev == dp->cpu_dp->master)
+			to_dp = dp->cpu_dp;
+		else
 			return -EOPNOTSUPP;
 
 		mall_tc_entry = kzalloc(sizeof(*mall_tc_entry), GFP_KERNEL);
@@ -900,8 +904,6 @@ static int dsa_slave_add_cls_matchall(struct net_device *dev,
 		mall_tc_entry->type = DSA_PORT_MALL_MIRROR;
 		mirror = &mall_tc_entry->mirror;
 
-		to_dp = dsa_slave_to_port(act->dev);
-
 		mirror->to_local_port = to_dp->index;
 		mirror->ingress = ingress;
 
-- 
2.17.1


             reply	other threads:[~2019-10-02 23:38 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-02 23:37 Vladimir Oltean [this message]
2019-10-03 19:04 ` [PATCH net-next] net: dsa: Allow port mirroring to the CPU port David Miller
2019-10-03 19:09   ` Andrew Lunn
2019-10-03 19:24 ` Andrew Lunn
2019-10-03 21:21   ` Vladimir Oltean

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191002233750.13566-1-olteanv@gmail.com \
    --to=olteanv@gmail.com \
    --cc=andrew@lunn.ch \
    --cc=davem@davemloft.net \
    --cc=f.fainelli@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=vivien.didelot@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).