On 1/17/19 3:41 PM, Guy Harris wrote: > On Jan 17, 2019, at 2:39 PM, Florian Fainelli <f.faine...@gmail.com> wrote: > >> A number of Ethernet switches from Broadcom, Marvell, Microchip, >> Qualcomm, Lantiq/Intel, etc. utilize proprietary tags that are processed >> by these switches in-line with the Ethernet frame being sent/received. >> >> These tags are inserted by the Ethernet switch's management interface >> for packets egressing the switch to a management port, and are created >> by a software agent (or specialized Ethernet adapter, typically from the >> same vendor) then sent to the management port for frames ingressing the >> switch. These tags serve as the foundation for Linux's Distributed >> Switch Architecture framework. As of Linux 4.19, there is now a way for >> user-space to find out which type of protocol is being >> configured on that management network interface. > > So does this mean that Linux is running on a processor in the switch itself, > or is this for something where you have a Linux box, one of whose Ethernet > interfaces is plugged into a management port, with the Linux kernel knowing > what type of tags are being used on that port, and with 4.19 exporting that > information to userland?
The later, these Ethernet switches are either discrete components, and connected to a SoC via a version of the MII electrical interface (SGMII, RGMII, GMII, whatever) for the data path and the control path being either MDIO, I2C, SPI, GPIO, something else, or these switches are integrated into an SoC directly and memory mapped into the SoC's bus address space somehow. The management port of those switches is connected to one or more of the Ethernet NICs on the SoC, and so what that Ethernet NIC "sees" is Ethernet traffic that has been tagged by the switch hardware to allow for certain decisions to be made like: where is this packet coming from, why are you sending it to me, etc. In all of these cases, Linux runs on these SocS and has a driver for that switch and is able to fully control it. What has been added in 4.19, a sysfs attribute under /sys/class/net/<iface>/dsa/tagging which tells us what kind of tagging protocol is being configured on that interface. > > And does the comment in your tcpdump change > > > /* p points to after the Ethernet header (include type/length), move it > * backwards by 2 bytes to parse the Broadcom tag and extract the actual > * type/length after it. > */ > > mean that the Broadcom tags, at least, are inserted between the source MAC > address and type/length field (so that the frames have a modified header > containing the tag, rather than having a trailer containing the tag, for > example)? This is true for Broadcom tags, and a certain number of other Ethernet switch tags, but not universally true. Some of these tags can be "trailers" and be located right before the FCS for instance (Microchip is one of those, Marvell has one like that too). Some of these tags are between MAC SA and Type/Length field, but not 4 bytes, 2 bytes, etc... Having a reliable heuristic is IMHO mission impossible here, which is why we should have some help from libpcap to tell us the linktype/DLT. Does that make sense? -- Florian _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
