Skip to content

DSA is not Ethernet #1587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 30, 2025
Merged

DSA is not Ethernet #1587

merged 3 commits into from
Nov 30, 2025
+127 −96

Conversation

@infrastation
Copy link
Member

@infrastation infrastation commented Nov 17, 2025

No description provided.

@infrastation infrastation mentioned this pull request Nov 17, 2025
Open
guyharris
guyharris reviewed Nov 17, 2025
View reviewed changes
@infrastation infrastation added linux DSA "distributed switch architecture", or so they said... labels Nov 18, 2025
@infrastation
Copy link
Member Author

infrastation commented Nov 19, 2025

In my working copy inbound and outbound seem to work as expected on a live DLT_LINUX_DSA_UNKNOWN capture, which seems to mean DSA frame direction can be extracted using SKF_AD_PKTTYPE even without using the cooked mode. This needs a bit more attention.

@infrastation infrastation marked this pull request as draft November 19, 2025 18:06
@guyharris
Copy link
Member

guyharris commented Nov 19, 2025

In my working copy inbound and outbound seem to work as expected on a live DLT_LINUX_DSA_UNKNOWN capture, which seems to mean DSA frame direction can be extracted using SKF_AD_PKTTYPE even without using the cooked mode. This needs a bit more attention.

The packet direction from SKF_AD_PKTTYPE reflects whether the packet is sent by the networking stack or received by the networking stack and, if it's received by the networking stack, how was it received - sent to the host, broadcast, multicast, or sent to some other host (presumably received due to the adapter being in promiscuous mode).

In kernel-mode filtering, that has to be done by testing the special packet offset, as it's not part of the skbuff data. It's also supported in user-mode filter when capturing on Linux, as pcapint_filter_with_aux_data() is used, and it's passed a pointer to the auxiliary data.

That information is put into the packet data only in cooked mode, so it doesn't appear in non-LINKTYPE_LINUX_SLL/LINKTYPE_LINUX_SLL2 captures. That means that inbound and outbound won't work on non-cooked captures.

Full support of pcapng would allow saving metadata in the capture file, and thus would allow inbound and outbound to work on pcapng packets that include the metadata.

Whether direction information in the DSA headers agrees with direction information from the Linux networking stack is another matter.

@infrastation
Copy link
Member Author

infrastation commented Nov 20, 2025

Let me debug this a bit more to understand what exactly works and what does not.

@infrastation
Copy link
Member Author

infrastation commented Nov 22, 2025

Having considered these comments for a while, I understand these reasons also explain #1482. In this case on Linux for the specific case of DSA the kernel's idea of the frame direction will never be available in userspace because the capture must not use cooked mode to preserve the headers. Ironically, it is possible to tell the kernel to filter the frames based on its idea of the direction, but it is impossible to know directly what it is.

On the one hand, this means there would be no immediate gain in introducing another DLT, something such as DLT_DEBUG_RAW_DATA, and using that for DSA now until it is clear how to implement DLT_LINUX_DSA_UNKNOWN later with a direction, because there would be no direction.

On the other hand, there may be a good reason to define the Linux unknown DSA DLT with other useful metadata, such as the interface name (or index) and the DSA tag name (or number from linux/include/net/dsa.h), or something else that would be very useful later, but does not immediately come to mind; also the DLT_DEBUG_RAW_DATA could be used for non-DSA use cases with similar requirements.

Given no other input, I am going to change this into a generic non-DSA non-Linux DLT and to merge these changes soon to enable back-porting to libpcap-1.10.

This looks very similar to the problem that DLT_DOCSIS on Ethernet interfaces intended to solve.

@guyharris
Copy link
Member

guyharris commented Nov 22, 2025

In this case on Linux for the specific case of DSA the kernel's idea of the frame direction will never be available in userspace because the capture must not use cooked mode to preserve the headers.

...

...until it is clear how to implement DLT_LINUX_DSA_UNKNOWN later with a direction, because there would be no direction.

The DLT_LINUX_SLL/DLT_LINUX_SLL2 header is constructed by pcap_handle_packet_mmap() in pcap-linux.c from the metadata provided by the kernel; if DLT_LINUX_DSA_UNKNOWN were to contain a direction metadata header, that could be done in the same fashion. If the prepended header would be longer than 16 bytes, the code in create_ring() that increases tp_reserve would have to reserve additional space.

@infrastation
Allocate DLT_DEBUG_ONLY.
8094888
@infrastation
Linux: Get DLT_DEBUG_ONLY and DLT_EN10MB right. [skip appveyor]
976d885 
In dsa_protos[] remove the "none" non-DSA case to make the array purely
DSA and switch all DLT_EN10MB DSA tags types to DLT_DEBUG_ONLY; update
the comments to make it clear that using DLT_EN10MB would not work, give
better directions for what to do instead, do not say for every DSA tag
whether a DLT is/isn't and should/shouldn't be assigned because that is
now supposed to be obvious, do not suggest DLT_LINUX_SLL (this would add
the packet direction at the cost of losing other headers).

In iface_dsa_get_proto_info() handle the "none" non-DSA case first; for
a DSA case default to DLT_DEBUG_ONLY, always return 1, make sure the DLT
is never DLT_EN10MB and add a comment to explain the rationale.

See also GH the-tcpdump-group#1367 and the-tcpdump-group#1451.
@infrastation infrastation marked this pull request as ready for review November 26, 2025 18:34
@infrastation
Copy link
Member Author

infrastation commented Nov 26, 2025

Thank you for explaining that, but I can neither prove this theory wrong nor implement it in code safely in a timely manner. This revision introduces and uses a very generic DLT_DEBUG_ONLY. This should be sufficient to unblock libpcap 1.10.x releases now and this does not prevent designing a DLT that would be better suited for unsupported DSA tags on Linux. This is going to be merged by the end of this week.

@infrastation infrastation merged commit 8a6ed3c into the-tcpdump-group:master Nov 30, 2025
3 checks passed
@infrastation infrastation deleted the DSA_is_not_Ethernet branch November 30, 2025 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guyharris guyharris guyharris left review comments

Assignees

No one assigned

Labels

DSA "distributed switch architecture", or so they said... linux

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@infrastation @guyharris