Commit 2640a82b authored by Ido Schimmel's avatar Ido Schimmel Committed by Jakub Kicinski

devlink: Add packet traps for 802.1X operation

Add packet traps for 802.1X operation. The "eapol" control trap is used
to trap EAPOL packets and is required for the correct operation of the
control plane. The "locked_port" drop trap can be enabled to gain
visibility into packets that were dropped by the device due to the
locked bridge port check.
Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 9c0ca02b
...@@ -485,6 +485,16 @@ be added to the following table: ...@@ -485,6 +485,16 @@ be added to the following table:
- Traps incoming packets that the device decided to drop because - Traps incoming packets that the device decided to drop because
the destination MAC is not configured in the MAC table and the destination MAC is not configured in the MAC table and
the interface is not in promiscuous mode the interface is not in promiscuous mode
* - ``eapol``
- ``control``
- Traps "Extensible Authentication Protocol over LAN" (EAPOL) packets
specified in IEEE 802.1X
* - ``locked_port``
- ``drop``
- Traps packets that the device decided to drop because they failed the
locked bridge port check. That is, packets that were received via a
locked port and whose {SMAC, VID} does not correspond to an FDB entry
pointing to the port
Driver-specific Packet Traps Driver-specific Packet Traps
============================ ============================
...@@ -589,6 +599,9 @@ narrow. The description of these groups must be added to the following table: ...@@ -589,6 +599,9 @@ narrow. The description of these groups must be added to the following table:
* - ``parser_error_drops`` * - ``parser_error_drops``
- Contains packet traps for packets that were marked by the device during - Contains packet traps for packets that were marked by the device during
parsing as erroneous parsing as erroneous
* - ``eapol``
- Contains packet traps for "Extensible Authentication Protocol over LAN"
(EAPOL) packets specified in IEEE 802.1X
Packet Trap Policers Packet Trap Policers
==================== ====================
......
...@@ -894,6 +894,8 @@ enum devlink_trap_generic_id { ...@@ -894,6 +894,8 @@ enum devlink_trap_generic_id {
DEVLINK_TRAP_GENERIC_ID_ESP_PARSING, DEVLINK_TRAP_GENERIC_ID_ESP_PARSING,
DEVLINK_TRAP_GENERIC_ID_BLACKHOLE_NEXTHOP, DEVLINK_TRAP_GENERIC_ID_BLACKHOLE_NEXTHOP,
DEVLINK_TRAP_GENERIC_ID_DMAC_FILTER, DEVLINK_TRAP_GENERIC_ID_DMAC_FILTER,
DEVLINK_TRAP_GENERIC_ID_EAPOL,
DEVLINK_TRAP_GENERIC_ID_LOCKED_PORT,
/* Add new generic trap IDs above */ /* Add new generic trap IDs above */
__DEVLINK_TRAP_GENERIC_ID_MAX, __DEVLINK_TRAP_GENERIC_ID_MAX,
...@@ -930,6 +932,7 @@ enum devlink_trap_group_generic_id { ...@@ -930,6 +932,7 @@ enum devlink_trap_group_generic_id {
DEVLINK_TRAP_GROUP_GENERIC_ID_ACL_SAMPLE, DEVLINK_TRAP_GROUP_GENERIC_ID_ACL_SAMPLE,
DEVLINK_TRAP_GROUP_GENERIC_ID_ACL_TRAP, DEVLINK_TRAP_GROUP_GENERIC_ID_ACL_TRAP,
DEVLINK_TRAP_GROUP_GENERIC_ID_PARSER_ERROR_DROPS, DEVLINK_TRAP_GROUP_GENERIC_ID_PARSER_ERROR_DROPS,
DEVLINK_TRAP_GROUP_GENERIC_ID_EAPOL,
/* Add new generic trap group IDs above */ /* Add new generic trap group IDs above */
__DEVLINK_TRAP_GROUP_GENERIC_ID_MAX, __DEVLINK_TRAP_GROUP_GENERIC_ID_MAX,
...@@ -1121,6 +1124,10 @@ enum devlink_trap_group_generic_id { ...@@ -1121,6 +1124,10 @@ enum devlink_trap_group_generic_id {
"blackhole_nexthop" "blackhole_nexthop"
#define DEVLINK_TRAP_GENERIC_NAME_DMAC_FILTER \ #define DEVLINK_TRAP_GENERIC_NAME_DMAC_FILTER \
"dmac_filter" "dmac_filter"
#define DEVLINK_TRAP_GENERIC_NAME_EAPOL \
"eapol"
#define DEVLINK_TRAP_GENERIC_NAME_LOCKED_PORT \
"locked_port"
#define DEVLINK_TRAP_GROUP_GENERIC_NAME_L2_DROPS \ #define DEVLINK_TRAP_GROUP_GENERIC_NAME_L2_DROPS \
"l2_drops" "l2_drops"
...@@ -1174,6 +1181,8 @@ enum devlink_trap_group_generic_id { ...@@ -1174,6 +1181,8 @@ enum devlink_trap_group_generic_id {
"acl_trap" "acl_trap"
#define DEVLINK_TRAP_GROUP_GENERIC_NAME_PARSER_ERROR_DROPS \ #define DEVLINK_TRAP_GROUP_GENERIC_NAME_PARSER_ERROR_DROPS \
"parser_error_drops" "parser_error_drops"
#define DEVLINK_TRAP_GROUP_GENERIC_NAME_EAPOL \
"eapol"
#define DEVLINK_TRAP_GENERIC(_type, _init_action, _id, _group_id, \ #define DEVLINK_TRAP_GENERIC(_type, _init_action, _id, _group_id, \
_metadata_cap) \ _metadata_cap) \
......
...@@ -11734,6 +11734,8 @@ static const struct devlink_trap devlink_trap_generic[] = { ...@@ -11734,6 +11734,8 @@ static const struct devlink_trap devlink_trap_generic[] = {
DEVLINK_TRAP(ESP_PARSING, DROP), DEVLINK_TRAP(ESP_PARSING, DROP),
DEVLINK_TRAP(BLACKHOLE_NEXTHOP, DROP), DEVLINK_TRAP(BLACKHOLE_NEXTHOP, DROP),
DEVLINK_TRAP(DMAC_FILTER, DROP), DEVLINK_TRAP(DMAC_FILTER, DROP),
DEVLINK_TRAP(EAPOL, CONTROL),
DEVLINK_TRAP(LOCKED_PORT, DROP),
}; };
#define DEVLINK_TRAP_GROUP(_id) \ #define DEVLINK_TRAP_GROUP(_id) \
...@@ -11769,6 +11771,7 @@ static const struct devlink_trap_group devlink_trap_group_generic[] = { ...@@ -11769,6 +11771,7 @@ static const struct devlink_trap_group devlink_trap_group_generic[] = {
DEVLINK_TRAP_GROUP(ACL_SAMPLE), DEVLINK_TRAP_GROUP(ACL_SAMPLE),
DEVLINK_TRAP_GROUP(ACL_TRAP), DEVLINK_TRAP_GROUP(ACL_TRAP),
DEVLINK_TRAP_GROUP(PARSER_ERROR_DROPS), DEVLINK_TRAP_GROUP(PARSER_ERROR_DROPS),
DEVLINK_TRAP_GROUP(EAPOL),
}; };
static int devlink_trap_generic_verify(const struct devlink_trap *trap) static int devlink_trap_generic_verify(const struct devlink_trap *trap)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment