lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jan 2022 16:14:37 +0100 From: Andrew Lunn <andrew@...n.ch> To: Alex Elder <elder@...aro.org> Cc: Network Development <netdev@...r.kernel.org>, "bjorn.andersson@...aro.org" <bjorn.andersson@...aro.org>, Florian Fainelli <f.fainelli@...il.com>, Jakub Kicinski <kuba@...nel.org> Subject: Re: Port mirroring, v2 (RFC) > Below I will describe two possible implementations I'm considering. > I would like to know which approach makes the most sense (or if > neither does, what alternative would be better). Hi Alex Another corner of the kernel you could look for inspiration is usbmon. https://www.kernel.org/doc/html/latest/usb/usbmon.html This is similar to your misc char device, but it is actually implemented as a pseudo filesystem. It is intended for libpcap based applications and i've used it with tcpdump and wireshark. So exactly your use cases. Because it is not a network device, the extra header does not cause problems, and there is no confusion about what the 'monitoring' netdevs are good for. Since you are talking 5G and WiFi, you have a lot of packets here. Being able to use BPF with libpcap is probably useful to allow filtering of what packets are passed to user space. I've never looked at how the BPF core is attached to a netdev. But i suspect your extra header could be an issue. So you are going to need some custom code to give it an offset into the packet to the Ethernet header? Humm, actually, you called the IPA the IP accelerator. Are these L2 frames or L3 packets? Do you see 3 or even 4 MAC addresses in an 802.11 header? Two MAC addresses in an 802.3 header? etc. Andrew
Powered by blists - more mailing lists