lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210527103318.801175-1-ksundara@redhat.com>
Date:   Thu, 27 May 2021 16:03:17 +0530
From:   Karthik S <ksundara@...hat.com>
To:     "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        karthik.sundaravel@...il.com,
        Christophe Fontaine <cfontain@...hat.com>,
        Veda Barrenkala <vbarrenk@...hat.com>,
        Vijay Chundury <vchundur@...hat.com>
Cc:     Karthik S <ksundara@...hat.com>
Subject: [PATCH 0/1] net-next: Port Mirroring support for SR-IOV

The purpose of this message is to gather feedback from the Netdev community on the addition of SRIOV port mirroring to the iproute2 ip CLI. iproute2 was chosen as the desired interface because there is already extensive support for SRIOV configuration built in and many Linux users are familiar with it for configuring Network functionality in the driver thus port mirroring naturally fits into this schema.

Port mirroring involves sending a copy of packets entering and/or leaving one port to another port which is usually different from the original destination of the packets being mirrored.Hardware Port Mirroring can provide the following benefits for users:
1) Live debugging of network issues without bringing any interface or connection down
2) No latency addition when port mirroring tap is introduced
3) No extra CPU resources are required to perform this function

The prospective implementation would provide three modes of packet mirroring (For Egress or Ingress):
1) PF to VF
2) VF to VF
3) VLAN to VF

The suggested iproute2 ip link interface for setting up Port Mirroring is as follows:

$ip link set dev <pf> vf <dest_vfid> mirror
      [ add [ vf src_vfids  [ dir { in | out | all } ] ] |
            [ pf  [ dir { in | out | all } ] ] |
            [ vlan vlan_ids ]
      [ del [ vf src_vfids  [ dir { in | out | all } ] ] |
            [ pf  [ dir { in | out | all } ] ] |
            [ vlan vlan_ids ]
      [ set [ vf src_vfids  [ dir { in | out | all } ] ] |
            [ pf  [ dir { in | out | all } ] ] |
            [ vlan vlan_ids ]
      [ clear ]
$ip link show <pf>

Whilst significant resources have already gone into an internal PoC for this feature, this request for feedback is being done to make sure this solution is acceptable to the Netdev community before further resources are committed for an eventual RFC Patch.

Kernel Changes: https://github.com/karthiksundaravel/linux
Example driver: https://github.com/karthiksundaravel/i40e-2.12.6
Iproute changes: https://github.com/veda10/iproute2

Karthik S (1):
  rtnetlink: Port mirroring support for SR-IOV

 include/linux/netdevice.h    |   4 ++
 include/uapi/linux/if_link.h |  46 +++++++++++++
 net/core/rtnetlink.c         | 123 ++++++++++++++++++++++++++++++++++-
 3 files changed, 172 insertions(+), 1 deletion(-)

-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ