| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Jul 2019 21:31:22 +0300
From: Ido Schimmel <idosch@...sch.org>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, nhorman@...driver.com, dsahern@...il.com,
roopa@...ulusnetworks.com, nikolay@...ulusnetworks.com,
jakub.kicinski@...ronome.com, toke@...hat.com, andy@...yhouse.net,
f.fainelli@...il.com, andrew@...n.ch, vivien.didelot@...il.com,
mlxsw@...lanox.com, Ido Schimmel <idosch@...lanox.com>
Subject: [RFC PATCH net-next 00/12] drop_monitor: Capture dropped packets and metadata
From: Ido Schimmel <idosch@...lanox.com>
So far drop monitor supported only one mode of operation in which a
summary of recent packet drops is periodically sent to user space as a
netlink event. The event only includes the drop location (program
counter) and number of drops in the last interval.
While this mode of operation allows one to understand if the system is
dropping packets, it is not sufficient if a more detailed analysis is
required. Both the packet itself and related metadata are missing.
This patchset extends drop monitor with another mode of operation where
the packet - potentially truncated - and metadata (e.g., drop location,
timestamp, netdev) are sent to user space as a netlink event. Thanks to
the extensible nature of netlink, more metadata can be added in the
future.
To avoid performing expensive operations in the context in which
kfree_skb() is called, the dropped skbs are cloned and queued on per-CPU
skb drop list. The list is then processed in process context (using a
workqueue), where the netlink messages are allocated, prepared and
finally sent to user space.
As a follow-up, I plan to integrate drop monitor with devlink and allow
the latter to call into drop monitor to report hardware drops. In the
future, XDP drops can be added as well, thereby making drop monitor the
go-to netlink channel for diagnosing all packet drops.
Example usage with patched dropwatch [1] can be found here [2]. Example
dissection of drop monitor netlink events with patched wireshark [3] can
be found here [4]. I will submit both changes upstream after the kernel
changes are accepted.
Patches #1-#6 are just cleanups with no functional changes intended.
Patches #7-#8 perform small refactoring before the actual changes are
introduced in the last four patches.
[1] https://github.com/idosch/dropwatch/tree/packet-mode
[2] https://gist.github.com/idosch/7391b77da0b16182406189561fdfa1ef#file-gistfile1-txt
[3] https://github.com/idosch/wireshark/tree/drop-monitor
[4] https://gist.github.com/idosch/7391b77da0b16182406189561fdfa1ef#file-gistfile2-txt
Ido Schimmel (12):
drop_monitor: Use correct error code
drop_monitor: Rename and document scope of mutex
drop_monitor: Document scope of spinlock
drop_monitor: Avoid multiple blank lines
drop_monitor: Add extack support
drop_monitor: Use pre_doit / post_doit hooks
drop_monitor: Split tracing enable / disable to different functions
drop_monitor: Initialize timer and work item upon tracing enable
drop_monitor: Require CAP_NET_ADMIN for drop monitor configuration
drop_monitor: Add packet alert mode
drop_monitor: Allow truncation of dropped packets
drop_monitor: Add a command to query current configuration
include/uapi/linux/net_dropmon.h | 33 +++
net/core/drop_monitor.c | 492 ++++++++++++++++++++++++++++---
2 files changed, 478 insertions(+), 47 deletions(-)
--
2.21.0
Powered by blists - more mailing lists