lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20200607083647.2022510-3-idosch@idosch.org>
Date:   Sun,  7 Jun 2020 11:36:47 +0300
From:   Ido Schimmel <idosch@...sch.org>
To:     netdev@...r.kernel.org
Cc:     stephen@...workplumber.org, dsahern@...il.com, jiri@...lanox.com,
        mlxsw@...lanox.com, Ido Schimmel <idosch@...lanox.com>
Subject: [PATCH iproute2 2/2] devlink: Add 'mirror' trap action

From: Ido Schimmel <idosch@...lanox.com>

Allow setting 'mirror' trap action for traps that support it. Extend the
devlink-trap man page and bash completion accordingly.

Example:

# devlink -jp trap show netdevsim/netdevsim10 trap igmp_query
{
    "trap": {
        "netdevsim/netdevsim10": [ {
                "name": "igmp_query",
                "type": "control",
                "generic": true,
                "action": "mirror",
                "group": "mc_snooping"
            } ]
    }
}

Signed-off-by: Ido Schimmel <idosch@...lanox.com>
---
 bash-completion/devlink |  4 ++--
 devlink/devlink.c       |  8 ++++++--
 man/man8/devlink-trap.8 | 11 +++++++----
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/bash-completion/devlink b/bash-completion/devlink
index 8518e7aa35e8..f710c888652e 100644
--- a/bash-completion/devlink
+++ b/bash-completion/devlink
@@ -678,7 +678,7 @@ _devlink_trap_set_action()
             COMPREPLY=( $( compgen -W "action" -- "$cur" ) )
             ;;
         $((7 + $i)))
-            COMPREPLY=( $( compgen -W "trap drop" -- "$cur" ) )
+            COMPREPLY=( $( compgen -W "trap drop mirror" -- "$cur" ) )
             ;;
     esac
 }
@@ -708,7 +708,7 @@ _devlink_trap_group_set()
 
     case $prev in
         action)
-            COMPREPLY=( $( compgen -W "trap drop" -- "$cur" ) )
+            COMPREPLY=( $( compgen -W "trap drop mirror" -- "$cur" ) )
             return
             ;;
         policer)
diff --git a/devlink/devlink.c b/devlink/devlink.c
index f06e7c2a0a29..2cf2dcca91bb 100644
--- a/devlink/devlink.c
+++ b/devlink/devlink.c
@@ -1149,6 +1149,8 @@ static int trap_action_get(const char *actionstr,
 		*p_action = DEVLINK_TRAP_ACTION_DROP;
 	} else if (strcmp(actionstr, "trap") == 0) {
 		*p_action = DEVLINK_TRAP_ACTION_TRAP;
+	} else if (strcmp(actionstr, "mirror") == 0) {
+		*p_action = DEVLINK_TRAP_ACTION_MIRROR;
 	} else {
 		pr_err("Unknown trap action \"%s\"\n", actionstr);
 		return -EINVAL;
@@ -7087,6 +7089,8 @@ static const char *trap_action_name(uint8_t action)
 		return "drop";
 	case DEVLINK_TRAP_ACTION_TRAP:
 		return "trap";
+	case DEVLINK_TRAP_ACTION_MIRROR:
+		return "mirror";
 	default:
 		return "<unknown action>";
 	}
@@ -7161,9 +7165,9 @@ static int cmd_trap_show_cb(const struct nlmsghdr *nlh, void *data)
 
 static void cmd_trap_help(void)
 {
-	pr_err("Usage: devlink trap set DEV trap TRAP [ action { trap | drop } ]\n");
+	pr_err("Usage: devlink trap set DEV trap TRAP [ action { trap | drop | mirror } ]\n");
 	pr_err("       devlink trap show [ DEV trap TRAP ]\n");
-	pr_err("       devlink trap group set DEV group GROUP [ action { trap | drop } ]\n");
+	pr_err("       devlink trap group set DEV group GROUP [ action { trap | drop | mirror } ]\n");
 	pr_err("                              [ policer POLICER ] [ nopolicer ]\n");
 	pr_err("       devlink trap group show [ DEV group GROUP ]\n");
 	pr_err("       devlink trap policer set DEV policer POLICER [ rate RATE ] [ burst BURST ]\n");
diff --git a/man/man8/devlink-trap.8 b/man/man8/devlink-trap.8
index f01f831759c4..1e69342758d5 100644
--- a/man/man8/devlink-trap.8
+++ b/man/man8/devlink-trap.8
@@ -26,7 +26,7 @@ devlink-trap \- devlink trap configuration
 
 .ti -8
 .BI "devlink trap set " DEV " trap " TRAP
-.RB "[ " action " { " trap " | " drop " } ]"
+.RB "[ " action " { " trap " | " drop " | " mirror " } ]"
 
 .ti -8
 .B "devlink trap group show"
@@ -36,7 +36,7 @@ devlink-trap \- devlink trap configuration
 
 .ti -8
 .BI "devlink trap group set " DEV " group " GROUP
-.RB "[ " action " { " trap " | " drop " } ]"
+.RB "[ " action " { " trap " | " drop " | " mirror " } ]"
 .br
 .RB "[ " policer
 .IB "POLICER " ]
@@ -76,7 +76,7 @@ Only applicable if a devlink device is also specified.
 - specifies the packet trap.
 
 .TP
-.BR action " { " trap " | " drop " } "
+.BR action " { " trap " | " drop " | " mirror " } "
 packet trap action.
 
 .I trap
@@ -85,6 +85,9 @@ packet trap action.
 .I drop
 - the packet is dropped by the underlying device and a copy is not sent to the CPU.
 
+.I mirror
+- the packet is forwarded by the underlying device and a copy is sent to the CPU.
+
 .SS devlink trap group show - display available packet trap groups and their attributes
 
 .PP
@@ -108,7 +111,7 @@ Only applicable if a devlink device is also specified.
 - specifies the packet trap group.
 
 .TP
-.BR action " { " trap " | " drop " } "
+.BR action " { " trap " | " drop " | " mirror " } "
 packet trap action. The action is set for all the packet traps member in the
 trap group. The actions of non-drop traps cannot be changed and are thus
 skipped.
-- 
2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ