lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YeLk3STfx2DO4+FO@lunn.ch>
Date:   Sat, 15 Jan 2022 16:14:37 +0100
From:   Andrew Lunn <andrew@...n.ch>
To:     Alex Elder <elder@...aro.org>
Cc:     Network Development <netdev@...r.kernel.org>,
        "bjorn.andersson@...aro.org" <bjorn.andersson@...aro.org>,
        Florian Fainelli <f.fainelli@...il.com>,
        Jakub Kicinski <kuba@...nel.org>
Subject: Re: Port mirroring, v2 (RFC)

> Below I will describe two possible implementations I'm considering.
> I would like to know which approach makes the most sense (or if
> neither does, what alternative would be better).

Hi Alex

Another corner of the kernel you could look for inspiration is usbmon.

https://www.kernel.org/doc/html/latest/usb/usbmon.html

This is similar to your misc char device, but it is actually
implemented as a pseudo filesystem. It is intended for libpcap based
applications and i've used it with tcpdump and wireshark. So exactly
your use cases.

Because it is not a network device, the extra header does not cause
problems, and there is no confusion about what the 'monitoring' netdevs
are good for.

Since you are talking 5G and WiFi, you have a lot of packets
here. Being able to use BPF with libpcap is probably useful to allow
filtering of what packets are passed to user space. I've never looked
at how the BPF core is attached to a netdev. But i suspect your extra
header could be an issue. So you are going to need some custom code to
give it an offset into the packet to the Ethernet header?

Humm, actually, you called the IPA the IP accelerator. Are these L2
frames or L3 packets? Do you see 3 or even 4 MAC addresses in an
802.11 header? Two MAC addresses in an 802.3 header? etc.

       Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ