Hi,
I am looking for feedback/comments for following addition to the DLPI stack:
Thanks,
-Thomas
Background:
With the current Solaris DLPI implementation, when a network device is put into
promiscuous mode, all packets that are sent out through this network device are
automatically duplicated and looped back to all streams associated with this
network device. This allows applications such as snoop(1m) to observe traffic
that is sent out by other applications.
However, it also has the side effect, that a particular network application
must discard the loopback packets when reading from the network device if it
does not want to process its own packets twice. This is not always possible or
straight forward since there might not always exists a way to distinguish
traffic coming from the wire from traffic that the application has generated
earlier and has been looped back by the system (i.e. Linux DLT_LINUX_SLL
information with PACKET_OUTGOING) . Still if one assumes that an application is
capable of making this distinction, there is performance penalty to incur,
namely that the system duplicates with great effort packets that the
application will later drop immediatly. This becomes an issue at Gigabit speeds
or higher.
Functional specification:
This document proposes the addition of a new DLPI request to the GLDv3 (aka
Nemo) framework that will allow an application to control if and how loopback
packets are generated in promiscuous mode.
/*
* DL_PROMLOOP_REQ, M_PROTO type
*/
typedef struct {
t_uscalar_t dl_primitive; /* DL_PROMLOOP_REQ */
t_uscalar_t dl_level; /* Promiscuous loopback mode */
} dl_promloop_req_t;
#define DL_PROMLOOP_REQ TBD /* Set promiscuous loopback mode */
/*
* DLPI promiscuous loopback mode definitions
*/
#define DL_PROMLOOP_DEV_OFF 0x01 /* Disable for device */
#define DL_PROMLOOP_DEV_ON 0x02 /* Enable for device */
#define DL_PROMLOOP_STR_OFF 0x03 /* Disable for stream */
#define DL_PROMLOOP_STR_ON 0x04 /* Enable for stream */
We consider two major modes: one that applies at the device level and one that
applies at the stream level:
a) Device level operation (DL_PROMLOOP_DEV_OFF and DL_PROMLOOP_DEV_ON)
A DL_PROMLOOP_REQ DLPI request that has a level of DL_PROMLOOP_DEV_OFF or
DL_PROMLOOP_DEV_ON will affect all streams that are bound to a particular
network device. That is, whether packets are looped back or not is set at the
device level and will therefore apply to all open streams for that device. A
DL_PROMLOOP_DEV_OFF will disable the loopback of packets device wide. A
DL_PROMLOOP_DEV_ON will enable the loopback of packets device wide (default
behaviour).
b) Stream level operation (DL_PROMLOOP_STR_OFF and DL_PROMLOOP_STR_ON)
A DL_PROMLOOP_REQ DLPI request that has a level of DL_PROMLOOP_STR_OFF or
DL_PROMLOOP_STR_ON will affect the requesting (current) stream only. That is,
the system will still loopback packets but only to those streams that have the
DL_PROMLOOP_STR_ON level set (default). A DL_PROMLOOP_STR_OFF will disable the
loopback of packets for the current stream. A DL_PROMLOOP_STR_ON will enable
the loopback of packets for the current stream (default behaviour).
A device level setting takes precedence over a streams level setting. That is
if the device level is set to DL_PROMLOOP_DEV_OFF, no stream will receive
looped back packets regardless of its own level setting.
The default settings are DL_PROMLOOP_DEV_ON and DL_PROMLOOP_STR_ON in order to
preserve backwards compatibility.
A device that is put into promiscuous mode with DL_PROMLOOP_DEV_OFF will have
the benefit that the system can still use the GLDv3 fast-path since loopback
processing is completly disabled. On the other hand, a stream with
DL_PROMLOOP_STR_OFF will have the benefit that it can be fully observed with
snoop(1m), albeit using a slower soft-path.
Optional:
One can also think of adding two DLPI notifications: DL_NOTE_PROMLOOP_DEV_ON
and DL_NOTE_PROMLOOP_DEV_OFF that would be fired when a stream issues a
DL_PROMLOOP_DEV_ON and DL_PROMLOOP_DEV_OFF. This could be useful for snoop(1m)
since there would be otherwise no way of being informed of such changes.
Changes required:
Changes will need to be done to the GLDv3 framework (including header, code and
man pages).
Also there should be a (new or extended current) system administration command
to display and set the device level promiscuous loopback mode. This would be
helpful in situations where one wants to restore a known system level.
Applications:
Network appliances that utilise Solaris as OS and rely heavily on promiscous
mode to perform their task. Ease of porting from Linux to Solaris for such
applications.
Development estimates:
I have done a POC for this feature with OpenSolaris20060102. Changes were made
to the DLD driver, the DLS and MAC modules. The code changes amount to about
500 LOC. I would be willing to work on integrating this into OpenSolaris.
This message posted from opensolaris.org
_______________________________________________
networking-discuss mailing list
[email protected]
