testing:mirroring

This is an old revision of the document!

Port mirroring

Port mirroring in Linux is currently only supported via the DSA framework, controlled by tc.

Requirements

  • The ip and tc tools, both from the iproute package
  • The following kernel schedulers/classifiers, typically compiled as kernel modules:
    • cls_u32
    • sch_ingress
    • sch_prio
    • act_mirred

Setup

  • p2 is connected to some network that can generate traffic, for example you can ping the DUT via this port.
  • p5 is the mirror port. We will send all traffic in/out p2 to this port as well. It should be connected to a monitoring station, which sniffs traffic on the interface connected to p5

Commands

Turn on the mirror port: 

# ip link set up dev p5
[   47.743894] rtl83xx_port_enable: 87f85880 8
[   47.743918] rtl83xx_port_stp_state_set: port 8 state  3
[   47.867406] rtl83xx-switch switch@bb000000 p5: configuring for phy/internal link mode
[   47.970271] rtl83xx_phylink_mac_config port 8, mode 0
[   48.036612] PHY autonegotiates
[   48.077097] 8021q: adding VLAN 0 to HW filter on device p5
[   48.149147] rtl83xx_vlan_prepare: port 8
[   48.200645] VLAN 0: L2 learning: 1, L2 Unknown MultiCast Field 1ff, 		IPv4 Unknown MultiCast Field 1ff, IPv6 Unknown MultiCast Field: 1ff
[   48.200664] Tagged ports 10000004, untag 1fffffff, prof 0, MC# 0, UC# 0, FID 0
[   48.457819] rtl83xx_vlan_add port 8, vid_end 0, vid_end 0, flags 0
[   48.538951] rtl83xx_vlan_prepare: port 28
[   48.591505] VLAN 0: L2 learning: 1, L2 Unknown MultiCast Field 1ff, 		IPv4 Unknown MultiCast Field 1ff, IPv6 Unknown MultiCast Field: 1ff
[   48.591523] Tagged ports 10000104, untag 1fffffff, prof 0, MC# 0, UC# 0, FID 0
[   48.848799] rtl83xx_vlan_add port 28, vid_end 0, vid_end 0, flags 0
[   48.962341] RTL8380 Link change: status: 1, ports 100
[   52.576650] RTL8380 Link change: status: 1, ports 100
[   53.047671] rtl83xx_phylink_mac_config port 8, mode 0
[   53.114032] PHY autonegotiates
[   53.154063] rtl83xx-switch switch@bb000000 p5: Link is Up - 1Gbps/Full - flow control rx/tx
[   53.263876] IPv6: ADDRCONF(NETDEV_CHANGE): p5: link becomes ready

Create an ingress queue discipline: 

tc qdisc add dev p2 handle ffff: ingress

Mirror all packets matching the ingress queue discipline (qdisc) to p5: 

tc filter add dev p2 parent ffff: protocol all u32 match u32 0 0 action mirred egress mirror dev p5

Create an egress queue discipline (using the prio scheduler): 

tc qdisc add dev p2 handle 1: root prio

Mirror all packets matching this qdisc to p5: 

tc filter add dev p2 parent 1: protocol all u32 match u32 0 0 action mirred egress mirror dev p5

Pastable version

ip link set up dev p5
tc qdisc add dev p2 handle ffff: ingress
tc filter add dev p2 parent ffff: protocol all u32 match u32 0 0 action mirred egress mirror dev p5
tc qdisc add dev p2 handle 1: root prio
tc filter add dev p2 parent 1: protocol all u32 match u32 0 0 action mirred egress mirror dev p5

References

  • testing/mirroring.1604531555.txt.gz
  • Last modified: 2020/11/04 23:12
  • by biot