| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jan 2022 16:14:37 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Alex Elder <elder@...aro.org>
Cc: Network Development <netdev@...r.kernel.org>,
"bjorn.andersson@...aro.org" <bjorn.andersson@...aro.org>,
Florian Fainelli <f.fainelli@...il.com>,
Jakub Kicinski <kuba@...nel.org>
Subject: Re: Port mirroring, v2 (RFC)
> Below I will describe two possible implementations I'm considering.
> I would like to know which approach makes the most sense (or if
> neither does, what alternative would be better).
Hi Alex
Another corner of the kernel you could look for inspiration is usbmon.
https://www.kernel.org/doc/html/latest/usb/usbmon.html
This is similar to your misc char device, but it is actually
implemented as a pseudo filesystem. It is intended for libpcap based
applications and i've used it with tcpdump and wireshark. So exactly
your use cases.
Because it is not a network device, the extra header does not cause
problems, and there is no confusion about what the 'monitoring' netdevs
are good for.
Since you are talking 5G and WiFi, you have a lot of packets
here. Being able to use BPF with libpcap is probably useful to allow
filtering of what packets are passed to user space. I've never looked
at how the BPF core is attached to a netdev. But i suspect your extra
header could be an issue. So you are going to need some custom code to
give it an offset into the packet to the Ethernet header?
Humm, actually, you called the IPA the IP accelerator. Are these L2
frames or L3 packets? Do you see 3 or even 4 MAC addresses in an
802.11 header? Two MAC addresses in an 802.3 header? etc.
Andrew
Powered by blists - more mailing lists