Re: Extra DLT types required for opensolaris DLPI DL

[Sebastien Roy <Sebastien.Roy () Sun COM>]

On Sun, 2009-03-29 at 22:59 -0700, Darren Reed wrote:
> On 27/03/09 07:01 PM, Sebastien Roy wrote:
> > There is already a datalink type associated with loopback (/dev/lo0),
> > DL_IPNET, and the header is described in the lo0(7D) man page.  It's
> > versioned, so it would be technically possible to evolve it to include
> > more information.
> >
> > The only hitch is that DL_IPNET devices behave like DLT_RAW by default.
> > The DL_IOC_IPNET_INFO ioctl enables the inclusion of the "ipnet" header.
> > The thinking here was that with a tiny modification to libpcap, existing
> > applications that understand DLT_RAW could read packets off of DL_IPNET
> > devices.  The downside is that we now can't really have libpcap turn on
> > DL_IOC_IPNET_INFO if such applications assume that these devices are
> > DLT_RAW.  Perhaps it would be simpler if we got rid of DL_IOC_IPNET_INFO
> > and had DL_IPNET devices always include the header.  Since the
> > Solaris-specific snoop application is the only thing that currently uses
> > the ioctl, it's a change that could be manageable.  This is something
> > we'd need to discuss with the OpenSolaris networking community first,
> > though.
> >   
>
> I'm not intending to change anything with respect to DLPI, so 
> DL_IOC_IPNET_INFO is not of any concern to me. DL_IPNET doesn't exist 
> outside of the Solaris source code base, so it seems to me to still be a 
> private thing, which is fine.

I understand that you're not doing anything that relates to DLPI.  My
point was that there is already a header defined and used by the
existing loopback and other IP-layer observability infrastructure in
Solaris.  If possible, for the sake of the user, we should try and be
consistent.  The user doesn't care whether the software sucking packets
out of the system does it via DLPI or BPF, if it's loopback on Solaris,
then the header should look like X.  X is ipnet_t today.

It might also be simplest for BPF to hook into the ipnet driver anyway,
as the driver implements all kinds of heuristics to ensure that the
observer doesn't see packets that shouldn't be seen (as related to
zones).  Some code sharing would be beneficial, and the header could be
part of that sharing.  In any case, I think this is getting into
implementation, and probably putting the cart before the horse.

FWIW, DL_IOC_IPNET_INFO isn't private, it's part of the Public
programming interface defined in the ipnet(7D) and lo0(7D) man pages.

> What I am considering is:
> - moving libpcap on Solaris to use /dev/bpf rather than libdlpi
> - extending the libpcap parser to grok keywords that related to things 
> in the "loopback" header
> - publishing the extra datalink type via BPF so you can select them with 
> tcpdump, like you do with 802.11 on BSD to get radio frames, not 
> ethernet frames

All of that sounds great.

> - with respect to all of the above, it may be beneficial to keep 
> DL_IPNET as a private header type for libdlpi to use when opening 
> /dev/ipnet things, the further away I can stay from snoop the better.

Let's keep snoop out of it, since I think it's unrelated to this
discussion.  It just happens to be something that groks DL_IPNET.
DL_IPNET isn't a private thing, it's quite Public, in fact, the goal was
to add support for it in libpcap and eventually have applications like
tcpdump and Ethereal parse the resulting headers.

-Seb


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.