This patch series introduces support for mirroring with GRE
encapsulation. It offloads tc action mirred mirror from a mlxsw port to
either a gretap or an ip6gretap netdevice.
Spectrum hardware needs to know all the details of the requested
encapsulation: source and destination MAC and IP addresses, details of
VLAN tagging, etc. The only variables are the encapsulated packet
itself, and TOS field, which may be inherited. To that end, mlxsw driver
resolves the route that encapsulated packets would take, queries the
corresponding neighbor, and with that configuration in hand, configures
the mirroring in the hardware.
The driver also hooks into event handlers for netdevice changes, FIB and
neighbor events, and reconsiders the configuration on each such change.
When the new configuration differs from the currently-offloaded one, the
existing offload is removed and replaced with a new one.
It is possible to mirror to {ip6,}gretap from a matchall rule as well as
from a flower match.
** Note that with this patch set, mlxsw build depends on NET_IPGRE and
IPV6_GRE.
Current limitations:
- There has to be a route that directs packets to an mlxsw port. We
intend to extend the logic to support other netdevice types in the
future, but the eventual egress netdevice will have to be an mlxsw
port in any case.
- Offload reconfiguration due to changes in netdevice configuration
creates a window of time where packets are not mirrored. Under some
circumstances this can be prevented by configuring an unused port
analyzer and migrating mirrors over to that. However that's currently
not implemented.
- Remote address of a tunnel device needs to be set, there may not be a
GRE key, checksumming or sequence numbers, and TTL needs to be fixed
(non-inherit). These are hard requirements imposed by the underlying
hardware.
- TOS of a tunnel device needs to be "inherit". The hardware supports a
fixed TOS, but that's currently not implemented.
The series start with two patches, #1 and #2, that publish one function
and add support for querying IPv6 tunnel parameters.
In patches #3 and #4, we introduce helpers to GRE and tunneling code
that we will use later in the patchset from the SPAN code.
Patches #5 and #6 introduce support for encapsulated SPAN in reg.h.
The following seven patches, #7-#13, then prepare the SPAN codebase for
introduction of mirroring to netdevices that don't correspond to front
panel ports.
Then #14 and #15 pull all this together to implement mirroring to
{ip6,}gretap netdevices.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
projects / kernel.git / commit