From: Andrew Lunn <andrew@lunn.ch>
To: Vladimir Oltean <olteanv@gmail.com>
Cc: f.fainelli@gmail.com, vivien.didelot@gmail.com,
davem@davemloft.net, netdev@vger.kernel.org
Subject: Re: [PATCH net-next] net: dsa: Allow port mirroring to the CPU port
Date: Thu, 3 Oct 2019 21:24:45 +0200 [thread overview]
Message-ID: <20191003192445.GD21875@lunn.ch> (raw)
In-Reply-To: <20191002233750.13566-1-olteanv@gmail.com>
On Thu, Oct 03, 2019 at 02:37:50AM +0300, Vladimir Oltean wrote:
> On a regular netdev, putting it in promiscuous mode means receiving all
> traffic passing through it, whether or not it was destined to its MAC
> address. Then monitoring applications such as tcpdump can see all
> traffic transiting it.
>
> On Ethernet switches, clearly all ports are in promiscuous mode by
> definition, since they accept frames destined to any MAC address.
> However tcpdump does not capture all frames transiting switch ports,
> only the ones destined to, or originating from the CPU port.
>
> To be able to monitor frames with tcpdump on the CPU port, extend the tc
> matchall classifier and mirred action to support the DSA master port as
> a possible mirror target.
>
> Tested with:
> tc qdisc add dev swp2 clsact
> tc filter add dev swp2 ingress matchall skip_sw \
> action mirred egress mirror dev eth2
> tcpdump -i swp2
Humm.
O.K, i don't like this for a few reasons.
egress mirror dev eth2
Frames are supported to egress eth2. But in fact they will ingress on
eth2. That is not intuitive.
I'm also no sure how safe this it is to ingress mirror packets on the
master interface. Will they have DSA tags? I think that will vary from
device to device. Are we going to see some packets twice? Once for the
mirror, and a second time because they are destined to the CPU? Do we
end up processing the packets twice?
For your use case of wanting to see packets in tcpdump, i think we are
back to the discussion of what promisc mode means. I would prefer that
when a DSA slave interface is put into promisc mode for tcpdump, the
switch then forwards a copy of frames to the CPU, without
duplication. That is a much more intuitive model.
Andrew
next prev parent reply other threads:[~2019-10-03 19:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-02 23:37 [PATCH net-next] net: dsa: Allow port mirroring to the CPU port Vladimir Oltean
2019-10-03 19:04 ` David Miller
2019-10-03 19:09 ` Andrew Lunn
2019-10-03 19:24 ` Andrew Lunn [this message]
2019-10-03 21:21 ` Vladimir Oltean
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191003192445.GD21875@lunn.ch \
--to=andrew@lunn.ch \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=olteanv@gmail.com \
--cc=vivien.didelot@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).