From mboxrd@z Thu Jan 1 00:00:00 1970 From: Aaron Conole Subject: Re: 2.3 Roadmap Date: Tue, 01 Dec 2015 10:31:02 -0500 Message-ID: References: <26FA93C7ED1EAA44AB77D62FBE1D27BA674705F1@IRSMSX108.ger.corp.intel.com> <20151130171655.70e4ce25@xeon-e3> <20151201100333.GA32252@bricha3-MOBL3> <565DAE6E.5040102@redhat.com> <565DB356.9060602@6wind.com> <565DB580.9090209@redhat.com> <20151201151941.GA33120@bricha3-MOBL3> Mime-Version: 1.0 Content-Type: text/plain Cc: "dev@dpdk.org" To: Bruce Richardson Return-path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id B511958DB for ; Tue, 1 Dec 2015 16:31:04 +0100 (CET) In-Reply-To: <20151201151941.GA33120@bricha3-MOBL3> (Bruce Richardson's message of "Tue, 1 Dec 2015 15:19:41 +0000") List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Bruce Richardson writes: > On Tue, Dec 01, 2015 at 04:58:08PM +0200, Panu Matilainen wrote: >> On 12/01/2015 04:48 PM, Vincent JARDIN wrote: >> >On 01/12/2015 15:27, Panu Matilainen wrote: >> >>The problem with that (unless I'm missing something here) is that KNI >> >>requires using out-of-tree kernel modules which makes it pretty much a >> >>non-option for distros. >> > >> >It works fine with some distros. I do not think it should be an argument. >> >> Its not a question of *working*, its that out-of-tree kernel modules are >> considered unsupportable by the kernel people. So relying on KNI would make >> the otherwise important and desireable tcpdump feature non-existent on at >> least Fedora and RHEL where such modules are practically outright banned by >> distro policies. >> >> - Panu - > > Yes, KNI is a bit of a problem right now in that way. > > How about a solution which is just based around the idea of setting up a generic > port mirroring callback? Hopefully in the future we can get KNI > exposed as a PMD, > and we already have a ring PMD, and could possibly do a generic file/fifo PMD. > Between the 3, we could then have multiple options for intercepting traffic > going in/out of an app. The callback would just have to copy the traffic to the > selected interface before returning it to the app as normal? > > /Bruce I'm actually working on a patch series that uses a TAP device (it's currently been only minorly tested) called back from the port input. The benefit is no dependancy on kernel modules (just TUN/TAP support). I don't have a way of signaling sampling, so right now, it's just drinking from the firehose. Nothing I'm ready to put out publicly (because it's ugly - just a PoC), but it allows a few things: 1) on demand on/off using standard linux tools (ifconfig/ip to set tap device up/down) 2) Can work with any tool which reads off of standard linux interfaces (tcpdump/wireshark work out of the box, but you could plug in any pcap or non-pcap tool) 3) Doesn't require changes to the application (no command line switches during startup, etc.) As I said, I'm not ready to put it out there publicly, because I haven't had a chance to check the performance, and it's definitely not following any kind of DPDK-like coding style. Just wanted to throw this out as food for thought - if you think this approach is worthwhile I can try to prioritize it, at least to get an RFC series out. -Aaron