Re: Requesting DLT_* values for Ethernet switches proprietary tagging protocol

[Florian Fainelli <f.fainelli () gmail com>]

On 1/17/19 3:41 PM, Guy Harris wrote:
> On Jan 17, 2019, at 2:39 PM, Florian Fainelli <f.fainelli () gmail com> wrote:
>
> > A number of Ethernet switches from Broadcom, Marvell, Microchip,
> > Qualcomm, Lantiq/Intel, etc. utilize proprietary tags that are processed
> > by these switches in-line with the Ethernet frame being sent/received.
> >
> > These tags are inserted by the Ethernet switch's management interface
> > for packets egressing the switch to a management port, and are created
> > by a software agent (or specialized Ethernet adapter, typically from the
> > same vendor) then sent to the management port for frames ingressing the
> > switch. These tags serve as the foundation for Linux's Distributed
> > Switch Architecture framework. As of Linux 4.19, there is now a way for
> > user-space to find out which type of protocol is being
> > configured on that management network interface.
>
> So does this mean that Linux is running on a processor in the switch itself, or is this for something where you have 
> a Linux box, one of whose Ethernet interfaces is plugged into a management port, with the Linux kernel knowing what 
> type of tags are being used on that port, and with 4.19 exporting that information to userland?

The later, these Ethernet switches are either discrete components, and
connected to a SoC via a version of the MII electrical interface (SGMII,
RGMII, GMII, whatever) for the data path and the control path being
either MDIO, I2C, SPI, GPIO, something else, or these switches are
integrated into an SoC directly and memory mapped into the SoC's bus
address space somehow.

The management port of those switches is connected to one or more of the
Ethernet NICs on the SoC, and so what that Ethernet NIC "sees" is
Ethernet traffic that has been tagged by the switch hardware to allow
for certain decisions to be made like: where is this packet coming from,
why are you sending it to me, etc.

In all of these cases, Linux runs on these SocS and has a driver for
that switch and is able to fully control it. What has been added in
4.19, a sysfs attribute under /sys/class/net/<iface>/dsa/tagging which
tells us what kind of tagging protocol is being configured on that
interface.

> And does the comment in your tcpdump change
>
>
>       /* p points to after the Ethernet header (include type/length), move it
>        * backwards by 2 bytes to parse the Broadcom tag and extract the actual
>        * type/length after it.
>        */
>
> mean that the Broadcom tags, at least, are inserted between the source MAC address and type/length field (so that the 
> frames have a modified header containing the tag, rather than having a trailer containing the tag, for example)?

This is true for Broadcom tags, and a certain number of other Ethernet
switch tags, but not universally true. Some of these tags can be
"trailers" and be located right before the FCS for instance (Microchip
is one of those, Marvell has one like that too). Some of these tags are
between MAC SA and Type/Length field, but not 4 bytes, 2 bytes, etc...

Having a reliable heuristic is IMHO mission impossible here, which is
why we should have some help from libpcap to tell us the linktype/DLT.

Does that make sense?
-- 
Florian
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers