[PATCHv2 0/2] Resolve packet capturing on macvlan lowerdev

[PATCHv2 0/2] Resolve packet capturing on macvlan lowerdev

[David Ward]

Change in v2: Declare variables in basic block before other code appears

The following two patches address situations where macvlan interfaces on 
the same lowerdev are created inside separate containers/namespaces, and 
traffic between these interfaces needs to be captured by monitoring the 
lowerdev outside the containers/namespaces using tcpdump or Wireshark. 
The only case where this doesn't work now is for unicast frames when the 
macvlan interfaces are operating in bridge mode; this fixes that case.

Should the dev_queue_xmit_nit function be renamed to something more 
meaningful, which would indicate its role in sending outgoing frames to 
AF_PACKET sockets? It is currently a misnomer: this function used to be 
invoked by dev_queue_xmit, but that is no longer the case.

Thanks,

David

David Ward (2):
  net: Export dev_queue_xmit_nit for use by macvlan driver
  macvlan: Send frames to AF_PACKET sockets attached to lowerdev

 drivers/net/macvlan.c     |    5 ++++-
 include/linux/netdevice.h |    2 ++
 net/core/dev.c            |   14 +++++++++-----
 3 files changed, 15 insertions(+), 6 deletions(-)

-- 
1.7.4.4

[PATCHv2 1/2] net: Export dev_queue_xmit_nit for use by macvlan driver

[David Ward]

Export dev_queue_xmit_nit for use by the macvlan virtual network device
driver. Also, use 'dev' instead of 'skb->dev' in this function.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
---
 include/linux/netdevice.h |    2 ++
 net/core/dev.c            |   14 +++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index cb8178a..b63e517 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -2099,6 +2099,8 @@ extern int		dev_hard_start_xmit(struct sk_buff *skb,
 					    struct netdev_queue *txq);
 extern int		dev_forward_skb(struct net_device *dev,
 					struct sk_buff *skb);
+extern void		dev_queue_xmit_nit(struct sk_buff *skb,
+					   struct net_device *dev);
 
 extern int		netdev_budget;
 
diff --git a/net/core/dev.c b/net/core/dev.c
index 3bbb4c2..b15622e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1521,11 +1521,13 @@ static inline int deliver_skb(struct sk_buff *skb,
 }
 
 /*
- *	Support routine. Sends outgoing frames to any network
- *	taps currently in use.
+ * dev_queue_xmit_nit - send outgoing frame to AF_PACKET sockets
+ *
+ * @skb: buffer to send
+ * @dev: network device that AF_PACKET sockets are attached to (if any)
  */
 
-static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
+void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
 {
 	struct packet_type *ptype;
 	struct sk_buff *skb2 = NULL;
@@ -1540,7 +1542,8 @@ static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
 		    (ptype->af_packet_priv == NULL ||
 		     (struct sock *)ptype->af_packet_priv != skb->sk)) {
 			if (pt_prev) {
-				deliver_skb(skb2, pt_prev, skb->dev);
+				atomic_inc(&skb2->users);
+				pt_prev->func(skb2, dev, pt_prev, dev);
 				pt_prev = ptype;
 				continue;
 			}
@@ -1573,9 +1576,10 @@ static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
 		}
 	}
 	if (pt_prev)
-		pt_prev->func(skb2, skb->dev, pt_prev, skb->dev);
+		pt_prev->func(skb2, dev, pt_prev, dev);
 	rcu_read_unlock();
 }
+EXPORT_SYMBOL(dev_queue_xmit_nit);
 
 /* netif_setup_tc - Handle tc mappings on real_num_tx_queues change
  * @dev: Network device
-- 
1.7.4.4

[PATCHv2 2/2] macvlan: Send frames to AF_PACKET sockets attached to lowerdev

[David Ward]

In bridge mode, unicast frames can be forwarded directly between macvlan
interfaces attached to the same lowerdev without calling dev_queue_xmit.
These frames should still be sent to any AF_PACKET sockets (network taps)
attached to the lowerdev.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
---
 drivers/net/macvlan.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 3ad5425..25c7632 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -238,7 +238,10 @@ static int macvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev)
 		dest = macvlan_hash_lookup(port, eth->h_dest);
 		if (dest && dest->mode == MACVLAN_MODE_BRIDGE) {
 			unsigned int length = skb->len + ETH_HLEN;
-			int ret = dest->forward(dest->dev, skb);
+			int ret = NET_RX_DROP;
+
+			dev_queue_xmit_nit(skb, vlan->lowerdev);
+			ret = dest->forward(dest->dev, skb);
 			macvlan_count_rx(dest, length,
 					 ret == NET_RX_SUCCESS, 0);
 
-- 
1.7.4.4

Re: [PATCHv2 1/2] net: Export dev_queue_xmit_nit for use by macvlan driver

[David Miller]

From: David Ward <david.ward@ll.mit.edu>
Date: Thu, 28 Apr 2011 20:22:31 -0400

> @@ -1521,11 +1521,13 @@ static inline int deliver_skb(struct sk_buff *skb,
>  }
>  
>  /*
> - *	Support routine. Sends outgoing frames to any network
> - *	taps currently in use.
> + * dev_queue_xmit_nit - send outgoing frame to AF_PACKET sockets
> + *
> + * @skb: buffer to send
> + * @dev: network device that AF_PACKET sockets are attached to (if any)
>   */

Your change to this comment is inaccurate.

AF_PACKET is only one of several types of entities that register these
kinds of taps.

Also, I really don't like exposing these kinds of internals for what is
largely a macvlan internal issue.  Please find a less intrustive way
to solve this problem.

Thanks.

Re: [PATCHv2 1/2] net: Export dev_queue_xmit_nit for use by macvlan driver

[Ward, David - 0663 - MITLL]

[-- Attachment #1: Type: text/plain, Size: 1188 bytes --]

On 05/05/2011 01:50 PM, David Miller wrote:
> From: David Ward<david.ward@ll.mit.edu>
> Date: Thu, 28 Apr 2011 20:22:31 -0400
>
>> @@ -1521,11 +1521,13 @@ static inline int deliver_skb(struct sk_buff *skb,
>>   }
>>
>>   /*
>> - *	Support routine. Sends outgoing frames to any network
>> - *	taps currently in use.
>> + * dev_queue_xmit_nit - send outgoing frame to AF_PACKET sockets
>> + *
>> + * @skb: buffer to send
>> + * @dev: network device that AF_PACKET sockets are attached to (if any)
>>    */
> I really don't like exposing these kinds of internals for what is
> largely a macvlan internal issue.  Please find a less intrustive way
> to solve this problem.
>
> Thanks.

What do you think about creating __dev_forward_skb, which takes as an 
additional parameter a device (or maybe a list of devices) whose taps 
should see this packet as it is forwarded, such as a macvlan lowerdev?  
This function would be able to call dev_queue_xmit_nit for (each of) 
these devices.

Since the list of current network taps (ptype_all) is static inside 
net/core/dev.c, some type of change has to be made to net/core/dev.c to 
fix this.

Thanks,

David



[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 5650 bytes --]