lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6d50e527-a2e1-5d63-1cb4-bea893fbeb9b@gmail.com>
Date:   Thu, 16 Mar 2017 12:48:58 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Maxim Uvarov <muvarov@...il.com>
Cc:     netdev@...r.kernel.org
Subject: Re: port mirror on dsa switches?

On 03/16/2017 12:43 PM, Maxim Uvarov wrote:
> 2017-03-16 19:47 GMT+03:00 Florian Fainelli <f.fainelli@...il.com>:
>> Hi,
>>
>> On 03/16/2017 03:32 AM, Maxim Uvarov wrote:
>>> Hello,
>>>
>>> Some dsa switches can support port mirror in hardware. Does somebody
>>> have any idea how to
>>> work with it from linux side in generic way?
>>
>> It has been implemented with commit
>> f50f212749e8a28803af3628acbeb85ee0458ed5 ("net: dsa: Add plumbing for
>> port mirroring") and you can see an implementation example with the b53
>> driver.
>>
> 
> thanks, see that in newer kernel. It will be good to update doc with
> commands to use.
> I see from cover latter you mirrored eth1 to eth2. I  assume it's dsa
> ports names for b53?

Yes, DSA will refuse mirroring to network devices that are not ports of
the switch (arguable we could allow mirroring to master network device,
but that's TODO).

> Do I also need updated tc?

Yes you do need a reasonably recent iproute2, like 4.11 or something close.

> 
>> For a DSA driver you should be implementing port_mirror_add and
>> port_mirror_del operations which provide you with the necessary
>> information. Hopefully the switch you are working with (mv88e6xxx?) is
>> also supportable using that API, if not, please submit changes to extend it.
>>
>> Thanks!
>> --
>> Florian
> 
> Yes, I think it will match mv88e6xxx. Will try to play with it. Thanks a lot!
> 


-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ