lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <fce3c587-eca3-402f-a31f-5473fd2cd6eb@arinc9.com>
Date: Fri, 12 Apr 2024 14:16:31 +0300
From: Arınç ÜNAL <arinc.unal@...nc9.com>
To: netdev <netdev@...r.kernel.org>
Cc: Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang
 <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>,
 Andrew Lunn <andrew@...n.ch>, Florian Fainelli <f.fainelli@...il.com>,
 Vladimir Oltean <olteanv@...il.com>
Subject: DSA doesn't account for egress port mirroring by PRIO qdisc

Hello.

I've been attempting to use the port mirroring feature implemented on the
MT7530 DSA subdriver. I've learned that this feature is utilised by using
the tc program and the matchall filter.

The examples section of tc-matchall(8) [1] shows how to create ingress
mirroring and egress mirroring:

tc qdisc add dev lan0 handle ffff: ingress

tc filter add dev lan0 parent ffff: matchall skip_sw \
action mirred egress mirror dev lan1

tc qdisc add dev lan0 handle 1: root prio

tc filter add dev lan0 parent 1: matchall skip_sw \
action mirred egress mirror dev lan1

Creation of egress mirroring fails:

RTNETLINK answers: Operation not supported
We have an error talking to the kernel

After studying the code path, I see that in dsa_user_setup_tc_block() of
net/dsa/user.c, binder_type of the flow_block_offload structure is checked
to distinguish ingress and egress. As the PRIO qdisc does not assign
FLOW_BLOCK_BINDER_TYPE_CLSACT_EGRESS to binder_type, DSA returns
-EOPNOTSUPP.

After some digging, I've found this commit 1f211a1b929c ("net, sched: add
clsact qdisc"). With the examples given on the patch log, I was able to
create ingress and egress mirroring:

tc qdisc add dev lan0 clsact

tc filter add dev lan0 ingress matchall skip_sw \
action mirred egress mirror dev lan1

tc filter add dev lan0 egress matchall skip_sw \
action mirred egress mirror dev lan1

DSA should either somehow allow egress mirroring by the PRIO qdisc or the
examples on tc-matchall(8) and tc-mirred(8) man page should be replaced to
use the clsact qdisc.

[1] https://www.man7.org/linux/man-pages/man8/tc-matchall.8.html#EXAMPLES

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ