lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 17 Sep 2019 15:42:03 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Iwan R Timmer <irtimmer@...il.com>, Andrew Lunn <andrew@...n.ch>
Cc:     Vivien Didelot <vivien.didelot@...il.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net: dsa: mv88e6xxx: Add support for port
 mirroring

On 9/17/19 3:32 PM, Iwan R Timmer wrote:
> On Tue, Sep 17, 2019 at 10:55:05PM +0200, Andrew Lunn wrote:
>> On Tue, Sep 17, 2019 at 10:23:01PM +0200, Iwan R Timmer wrote:
>>> Add support for configuring port mirroring through the cls_matchall
>>> classifier. We do a full ingress and/or egress capture towards the
>>> capture port, configured with set_egress_port.
>>
>> Hi Iwan
>>
>> This looks good as far as it goes.
>>
>> Have you tried adding/deleting multiple port mirrors? Do we need to
>> limit how many are added. A quick look at the datasheet, you can
>> define one egress mirror port and one ingress mirror port. I think you
>> can have multiple ports mirroring ingress to that one ingress mirror
>> port. And you can have multiple port mirroring egress to the one
>> egress mirror port. We should add code to check this, and return
>> -EBUSY if the existing configuration prevents a new mirror being
>> configured.
>>
>> Thanks
>> 	Andrew
> 
> Hi Andrew,
> 
> I only own a simple 5 ports switch (88E6176) which has no problem of
> mirroring the other ports to a single port. Except for a bandwith
> shortage ofcourse. While I thought I checked adding and removing ports,
> I seemed to forgot to check removing ingress traffic as it will now
> disable mirroring egress traffic. Searching for how I can distinct
> ingress from egress mirroring in port_mirror_del, I saw there is a
> variable in the mirror struct called ingress. Which seems strange,
> because why is it a seperate argument to the port_mirror_add function?
> 
> Origally I planned to be able to set the egress and ingress mirror
> seperatly. But in my laziness when I saw there already was a function
> to configure the destination port this functionality was lost.
> 
> Because the other drivers which implemented the port_mirror_add (b53 and
> ksz9477) also lacks additional checks to prevent new mirror filters from
> breaking previous ones I assumed they were not necessary.

That does sound like a bug indeed, I just looked at b53_mirror_add()
again and clearing the MIRROR_MASK before setting up the new port
clearly sounds wrong, at least on ingress.

> 
> At least I will soon sent a new version with at least the issue of
> removing mirror ingress traffic fixed and the ability to define a 
> seperate ingress and egress port.
> 
> Regards,
> Iwan
> 


-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ