On Tue, Dec 01, 2015 at 04:58:08PM +0200, Panu Matilainen wrote: > On 12/01/2015 04:48 PM, Vincent JARDIN wrote: > >On 01/12/2015 15:27, Panu Matilainen wrote: > >>The problem with that (unless I'm missing something here) is that KNI > >>requires using out-of-tree kernel modules which makes it pretty much a > >>non-option for distros. > > > >It works fine with some distros. I do not think it should be an argument. > > Its not a question of *working*, its that out-of-tree kernel modules are > considered unsupportable by the kernel people. So relying on KNI would make > the otherwise important and desireable tcpdump feature non-existent on at > least Fedora and RHEL where such modules are practically outright banned by > distro policies. > > - Panu -
Yes, KNI is a bit of a problem right now in that way. How about a solution which is just based around the idea of setting up a generic port mirroring callback? Hopefully in the future we can get KNI exposed as a PMD, and we already have a ring PMD, and could possibly do a generic file/fifo PMD. Between the 3, we could then have multiple options for intercepting traffic going in/out of an app. The callback would just have to copy the traffic to the selected interface before returning it to the app as normal? /Bruce