1f4bdd710SJacob Keller.. SPDX-License-Identifier: GPL-2.0 2f4bdd710SJacob Keller 3f4bdd710SJacob Keller============ 4f4bdd710SJacob KellerDevlink Trap 5f4bdd710SJacob Keller============ 6f4bdd710SJacob Keller 7f4bdd710SJacob KellerBackground 8f4bdd710SJacob Keller========== 9f4bdd710SJacob Keller 10f4bdd710SJacob KellerDevices capable of offloading the kernel's datapath and perform functions such 11f4bdd710SJacob Kelleras bridging and routing must also be able to send specific packets to the 12f4bdd710SJacob Kellerkernel (i.e., the CPU) for processing. 13f4bdd710SJacob Keller 14f4bdd710SJacob KellerFor example, a device acting as a multicast-aware bridge must be able to send 15f4bdd710SJacob KellerIGMP membership reports to the kernel for processing by the bridge module. 16f4bdd710SJacob KellerWithout processing such packets, the bridge module could never populate its 17f4bdd710SJacob KellerMDB. 18f4bdd710SJacob Keller 19f4bdd710SJacob KellerAs another example, consider a device acting as router which has received an IP 20f4bdd710SJacob Kellerpacket with a TTL of 1. Upon routing the packet the device must send it to the 21f4bdd710SJacob Kellerkernel so that it will route it as well and generate an ICMP Time Exceeded 22f4bdd710SJacob Kellererror datagram. Without letting the kernel route such packets itself, utilities 23f4bdd710SJacob Kellersuch as ``traceroute`` could never work. 24f4bdd710SJacob Keller 25f4bdd710SJacob KellerThe fundamental ability of sending certain packets to the kernel for processing 26f4bdd710SJacob Kelleris called "packet trapping". 27f4bdd710SJacob Keller 28f4bdd710SJacob KellerOverview 29f4bdd710SJacob Keller======== 30f4bdd710SJacob Keller 31f4bdd710SJacob KellerThe ``devlink-trap`` mechanism allows capable device drivers to register their 32f4bdd710SJacob Kellersupported packet traps with ``devlink`` and report trapped packets to 33f4bdd710SJacob Keller``devlink`` for further analysis. 34f4bdd710SJacob Keller 35f4bdd710SJacob KellerUpon receiving trapped packets, ``devlink`` will perform a per-trap packets and 36f4bdd710SJacob Kellerbytes accounting and potentially report the packet to user space via a netlink 37f4bdd710SJacob Kellerevent along with all the provided metadata (e.g., trap reason, timestamp, input 38f4bdd710SJacob Kellerport). This is especially useful for drop traps (see :ref:`Trap-Types`) 39f4bdd710SJacob Kelleras it allows users to obtain further visibility into packet drops that would 40f4bdd710SJacob Kellerotherwise be invisible. 41f4bdd710SJacob Keller 42f4bdd710SJacob KellerThe following diagram provides a general overview of ``devlink-trap``:: 43f4bdd710SJacob Keller 44f4bdd710SJacob Keller Netlink event: Packet w/ metadata 45f4bdd710SJacob Keller Or a summary of recent drops 46f4bdd710SJacob Keller ^ 47f4bdd710SJacob Keller | 48f4bdd710SJacob Keller Userspace | 49f4bdd710SJacob Keller +---------------------------------------------------+ 50f4bdd710SJacob Keller Kernel | 51f4bdd710SJacob Keller | 52f4bdd710SJacob Keller +-------+--------+ 53f4bdd710SJacob Keller | | 54f4bdd710SJacob Keller | drop_monitor | 55f4bdd710SJacob Keller | | 56f4bdd710SJacob Keller +-------^--------+ 57f4bdd710SJacob Keller | 5830a4e9a2SIdo Schimmel | Non-control traps 59f4bdd710SJacob Keller | 60f4bdd710SJacob Keller +----+----+ 61f4bdd710SJacob Keller | | Kernel's Rx path 62f4bdd710SJacob Keller | devlink | (non-drop traps) 63f4bdd710SJacob Keller | | 64f4bdd710SJacob Keller +----^----+ ^ 65f4bdd710SJacob Keller | | 66f4bdd710SJacob Keller +-----------+ 67f4bdd710SJacob Keller | 68f4bdd710SJacob Keller +-------+-------+ 69f4bdd710SJacob Keller | | 70f4bdd710SJacob Keller | Device driver | 71f4bdd710SJacob Keller | | 72f4bdd710SJacob Keller +-------^-------+ 73f4bdd710SJacob Keller Kernel | 74f4bdd710SJacob Keller +---------------------------------------------------+ 75f4bdd710SJacob Keller Hardware | 76f4bdd710SJacob Keller | Trapped packet 77f4bdd710SJacob Keller | 78f4bdd710SJacob Keller +--+---+ 79f4bdd710SJacob Keller | | 80f4bdd710SJacob Keller | ASIC | 81f4bdd710SJacob Keller | | 82f4bdd710SJacob Keller +------+ 83f4bdd710SJacob Keller 84f4bdd710SJacob Keller.. _Trap-Types: 85f4bdd710SJacob Keller 86f4bdd710SJacob KellerTrap Types 87f4bdd710SJacob Keller========== 88f4bdd710SJacob Keller 89f4bdd710SJacob KellerThe ``devlink-trap`` mechanism supports the following packet trap types: 90f4bdd710SJacob Keller 91f4bdd710SJacob Keller * ``drop``: Trapped packets were dropped by the underlying device. Packets 92f4bdd710SJacob Keller are only processed by ``devlink`` and not injected to the kernel's Rx path. 93f4bdd710SJacob Keller The trap action (see :ref:`Trap-Actions`) can be changed. 94f4bdd710SJacob Keller * ``exception``: Trapped packets were not forwarded as intended by the 95f4bdd710SJacob Keller underlying device due to an exception (e.g., TTL error, missing neighbour 96f4bdd710SJacob Keller entry) and trapped to the control plane for resolution. Packets are 97f4bdd710SJacob Keller processed by ``devlink`` and injected to the kernel's Rx path. Changing the 98f4bdd710SJacob Keller action of such traps is not allowed, as it can easily break the control 99f4bdd710SJacob Keller plane. 10030a4e9a2SIdo Schimmel * ``control``: Trapped packets were trapped by the device because these are 10130a4e9a2SIdo Schimmel control packets required for the correct functioning of the control plane. 10230a4e9a2SIdo Schimmel For example, ARP request and IGMP query packets. Packets are injected to 10330a4e9a2SIdo Schimmel the kernel's Rx path, but not reported to the kernel's drop monitor. 10430a4e9a2SIdo Schimmel Changing the action of such traps is not allowed, as it can easily break 10530a4e9a2SIdo Schimmel the control plane. 106f4bdd710SJacob Keller 107f4bdd710SJacob Keller.. _Trap-Actions: 108f4bdd710SJacob Keller 109f4bdd710SJacob KellerTrap Actions 110f4bdd710SJacob Keller============ 111f4bdd710SJacob Keller 112f4bdd710SJacob KellerThe ``devlink-trap`` mechanism supports the following packet trap actions: 113f4bdd710SJacob Keller 114f4bdd710SJacob Keller * ``trap``: The sole copy of the packet is sent to the CPU. 115f4bdd710SJacob Keller * ``drop``: The packet is dropped by the underlying device and a copy is not 116f4bdd710SJacob Keller sent to the CPU. 1179eefeabeSIdo Schimmel * ``mirror``: The packet is forwarded by the underlying device and a copy is 1189eefeabeSIdo Schimmel sent to the CPU. 119f4bdd710SJacob Keller 120f4bdd710SJacob KellerGeneric Packet Traps 121f4bdd710SJacob Keller==================== 122f4bdd710SJacob Keller 123f4bdd710SJacob KellerGeneric packet traps are used to describe traps that trap well-defined packets 124f4bdd710SJacob Kelleror packets that are trapped due to well-defined conditions (e.g., TTL error). 125f4bdd710SJacob KellerSuch traps can be shared by multiple device drivers and their description must 126f4bdd710SJacob Kellerbe added to the following table: 127f4bdd710SJacob Keller 128f4bdd710SJacob Keller.. list-table:: List of Generic Packet Traps 129f4bdd710SJacob Keller :widths: 5 5 90 130f4bdd710SJacob Keller 131f4bdd710SJacob Keller * - Name 132f4bdd710SJacob Keller - Type 133f4bdd710SJacob Keller - Description 134f4bdd710SJacob Keller * - ``source_mac_is_multicast`` 135f4bdd710SJacob Keller - ``drop`` 136f4bdd710SJacob Keller - Traps incoming packets that the device decided to drop because of a 137f4bdd710SJacob Keller multicast source MAC 138f4bdd710SJacob Keller * - ``vlan_tag_mismatch`` 139f4bdd710SJacob Keller - ``drop`` 140f4bdd710SJacob Keller - Traps incoming packets that the device decided to drop in case of VLAN 141f4bdd710SJacob Keller tag mismatch: The ingress bridge port is not configured with a PVID and 142f4bdd710SJacob Keller the packet is untagged or prio-tagged 143f4bdd710SJacob Keller * - ``ingress_vlan_filter`` 144f4bdd710SJacob Keller - ``drop`` 145f4bdd710SJacob Keller - Traps incoming packets that the device decided to drop in case they are 146f4bdd710SJacob Keller tagged with a VLAN that is not configured on the ingress bridge port 147f4bdd710SJacob Keller * - ``ingress_spanning_tree_filter`` 148f4bdd710SJacob Keller - ``drop`` 149f4bdd710SJacob Keller - Traps incoming packets that the device decided to drop in case the STP 150f4bdd710SJacob Keller state of the ingress bridge port is not "forwarding" 151f4bdd710SJacob Keller * - ``port_list_is_empty`` 152f4bdd710SJacob Keller - ``drop`` 153f4bdd710SJacob Keller - Traps packets that the device decided to drop in case they need to be 154f4bdd710SJacob Keller flooded (e.g., unknown unicast, unregistered multicast) and there are 155f4bdd710SJacob Keller no ports the packets should be flooded to 156f4bdd710SJacob Keller * - ``port_loopback_filter`` 157f4bdd710SJacob Keller - ``drop`` 158f4bdd710SJacob Keller - Traps packets that the device decided to drop in case after layer 2 159f4bdd710SJacob Keller forwarding the only port from which they should be transmitted through 160f4bdd710SJacob Keller is the port from which they were received 161f4bdd710SJacob Keller * - ``blackhole_route`` 162f4bdd710SJacob Keller - ``drop`` 163f4bdd710SJacob Keller - Traps packets that the device decided to drop in case they hit a 164f4bdd710SJacob Keller blackhole route 165f4bdd710SJacob Keller * - ``ttl_value_is_too_small`` 166f4bdd710SJacob Keller - ``exception`` 167f4bdd710SJacob Keller - Traps unicast packets that should be forwarded by the device whose TTL 168f4bdd710SJacob Keller was decremented to 0 or less 169f4bdd710SJacob Keller * - ``tail_drop`` 170f4bdd710SJacob Keller - ``drop`` 171f4bdd710SJacob Keller - Traps packets that the device decided to drop because they could not be 172f4bdd710SJacob Keller enqueued to a transmission queue which is full 173f4bdd710SJacob Keller * - ``non_ip`` 174f4bdd710SJacob Keller - ``drop`` 175f4bdd710SJacob Keller - Traps packets that the device decided to drop because they need to 176f4bdd710SJacob Keller undergo a layer 3 lookup, but are not IP or MPLS packets 177f4bdd710SJacob Keller * - ``uc_dip_over_mc_dmac`` 178f4bdd710SJacob Keller - ``drop`` 179f4bdd710SJacob Keller - Traps packets that the device decided to drop because they need to be 180f4bdd710SJacob Keller routed and they have a unicast destination IP and a multicast destination 181f4bdd710SJacob Keller MAC 182f4bdd710SJacob Keller * - ``dip_is_loopback_address`` 183f4bdd710SJacob Keller - ``drop`` 184f4bdd710SJacob Keller - Traps packets that the device decided to drop because they need to be 185f4bdd710SJacob Keller routed and their destination IP is the loopback address (i.e., 127.0.0.0/8 186f4bdd710SJacob Keller and ::1/128) 187f4bdd710SJacob Keller * - ``sip_is_mc`` 188f4bdd710SJacob Keller - ``drop`` 189f4bdd710SJacob Keller - Traps packets that the device decided to drop because they need to be 190f4bdd710SJacob Keller routed and their source IP is multicast (i.e., 224.0.0.0/8 and ff::/8) 191f4bdd710SJacob Keller * - ``sip_is_loopback_address`` 192f4bdd710SJacob Keller - ``drop`` 193f4bdd710SJacob Keller - Traps packets that the device decided to drop because they need to be 194f4bdd710SJacob Keller routed and their source IP is the loopback address (i.e., 127.0.0.0/8 and ::1/128) 195f4bdd710SJacob Keller * - ``ip_header_corrupted`` 196f4bdd710SJacob Keller - ``drop`` 197f4bdd710SJacob Keller - Traps packets that the device decided to drop because they need to be 198f4bdd710SJacob Keller routed and their IP header is corrupted: wrong checksum, wrong IP version 199f4bdd710SJacob Keller or too short Internet Header Length (IHL) 200f4bdd710SJacob Keller * - ``ipv4_sip_is_limited_bc`` 201f4bdd710SJacob Keller - ``drop`` 202f4bdd710SJacob Keller - Traps packets that the device decided to drop because they need to be 203f4bdd710SJacob Keller routed and their source IP is limited broadcast (i.e., 255.255.255.255/32) 204f4bdd710SJacob Keller * - ``ipv6_mc_dip_reserved_scope`` 205f4bdd710SJacob Keller - ``drop`` 206f4bdd710SJacob Keller - Traps IPv6 packets that the device decided to drop because they need to 207f4bdd710SJacob Keller be routed and their IPv6 multicast destination IP has a reserved scope 208f4bdd710SJacob Keller (i.e., ffx0::/16) 209f4bdd710SJacob Keller * - ``ipv6_mc_dip_interface_local_scope`` 210f4bdd710SJacob Keller - ``drop`` 211f4bdd710SJacob Keller - Traps IPv6 packets that the device decided to drop because they need to 212f4bdd710SJacob Keller be routed and their IPv6 multicast destination IP has an interface-local scope 213f4bdd710SJacob Keller (i.e., ffx1::/16) 214f4bdd710SJacob Keller * - ``mtu_value_is_too_small`` 215f4bdd710SJacob Keller - ``exception`` 216f4bdd710SJacob Keller - Traps packets that should have been routed by the device, but were bigger 217f4bdd710SJacob Keller than the MTU of the egress interface 218f4bdd710SJacob Keller * - ``unresolved_neigh`` 219f4bdd710SJacob Keller - ``exception`` 220f4bdd710SJacob Keller - Traps packets that did not have a matching IP neighbour after routing 221f4bdd710SJacob Keller * - ``mc_reverse_path_forwarding`` 222f4bdd710SJacob Keller - ``exception`` 223f4bdd710SJacob Keller - Traps multicast IP packets that failed reverse-path forwarding (RPF) 224f4bdd710SJacob Keller check during multicast routing 225f4bdd710SJacob Keller * - ``reject_route`` 226f4bdd710SJacob Keller - ``exception`` 227f4bdd710SJacob Keller - Traps packets that hit reject routes (i.e., "unreachable", "prohibit") 228f4bdd710SJacob Keller * - ``ipv4_lpm_miss`` 229f4bdd710SJacob Keller - ``exception`` 230f4bdd710SJacob Keller - Traps unicast IPv4 packets that did not match any route 231f4bdd710SJacob Keller * - ``ipv6_lpm_miss`` 232f4bdd710SJacob Keller - ``exception`` 233f4bdd710SJacob Keller - Traps unicast IPv6 packets that did not match any route 23495f0ead8SAmit Cohen * - ``non_routable_packet`` 23595f0ead8SAmit Cohen - ``drop`` 23695f0ead8SAmit Cohen - Traps packets that the device decided to drop because they are not 23795f0ead8SAmit Cohen supposed to be routed. For example, IGMP queries can be flooded by the 23895f0ead8SAmit Cohen device in layer 2 and reach the router. Such packets should not be 23995f0ead8SAmit Cohen routed and instead dropped 24013c056ecSAmit Cohen * - ``decap_error`` 24113c056ecSAmit Cohen - ``exception`` 24213c056ecSAmit Cohen - Traps NVE and IPinIP packets that the device decided to drop because of 24313c056ecSAmit Cohen failure during decapsulation (e.g., packet being too short, reserved 24413c056ecSAmit Cohen bits set in VXLAN header) 245c3cae491SAmit Cohen * - ``overlay_smac_is_mc`` 246c3cae491SAmit Cohen - ``drop`` 247c3cae491SAmit Cohen - Traps NVE packets that the device decided to drop because their overlay 248c3cae491SAmit Cohen source MAC is multicast 249ecd942a0SJiri Pirko * - ``ingress_flow_action_drop`` 250ecd942a0SJiri Pirko - ``drop`` 251ecd942a0SJiri Pirko - Traps packets dropped during processing of ingress flow action drop 252ecd942a0SJiri Pirko * - ``egress_flow_action_drop`` 253ecd942a0SJiri Pirko - ``drop`` 254ecd942a0SJiri Pirko - Traps packets dropped during processing of egress flow action drop 255515eac67SIdo Schimmel * - ``stp`` 256515eac67SIdo Schimmel - ``control`` 257515eac67SIdo Schimmel - Traps STP packets 258515eac67SIdo Schimmel * - ``lacp`` 259515eac67SIdo Schimmel - ``control`` 260515eac67SIdo Schimmel - Traps LACP packets 261515eac67SIdo Schimmel * - ``lldp`` 262515eac67SIdo Schimmel - ``control`` 263515eac67SIdo Schimmel - Traps LLDP packets 264515eac67SIdo Schimmel * - ``igmp_query`` 265515eac67SIdo Schimmel - ``control`` 266515eac67SIdo Schimmel - Traps IGMP Membership Query packets 267515eac67SIdo Schimmel * - ``igmp_v1_report`` 268515eac67SIdo Schimmel - ``control`` 269515eac67SIdo Schimmel - Traps IGMP Version 1 Membership Report packets 270515eac67SIdo Schimmel * - ``igmp_v2_report`` 271515eac67SIdo Schimmel - ``control`` 272515eac67SIdo Schimmel - Traps IGMP Version 2 Membership Report packets 273515eac67SIdo Schimmel * - ``igmp_v3_report`` 274515eac67SIdo Schimmel - ``control`` 275515eac67SIdo Schimmel - Traps IGMP Version 3 Membership Report packets 276515eac67SIdo Schimmel * - ``igmp_v2_leave`` 277515eac67SIdo Schimmel - ``control`` 278515eac67SIdo Schimmel - Traps IGMP Version 2 Leave Group packets 279515eac67SIdo Schimmel * - ``mld_query`` 280515eac67SIdo Schimmel - ``control`` 281515eac67SIdo Schimmel - Traps MLD Multicast Listener Query packets 282515eac67SIdo Schimmel * - ``mld_v1_report`` 283515eac67SIdo Schimmel - ``control`` 284515eac67SIdo Schimmel - Traps MLD Version 1 Multicast Listener Report packets 285515eac67SIdo Schimmel * - ``mld_v2_report`` 286515eac67SIdo Schimmel - ``control`` 287515eac67SIdo Schimmel - Traps MLD Version 2 Multicast Listener Report packets 288515eac67SIdo Schimmel * - ``mld_v1_done`` 289515eac67SIdo Schimmel - ``control`` 290515eac67SIdo Schimmel - Traps MLD Version 1 Multicast Listener Done packets 291d77cfd16SIdo Schimmel * - ``ipv4_dhcp`` 292d77cfd16SIdo Schimmel - ``control`` 293d77cfd16SIdo Schimmel - Traps IPv4 DHCP packets 294d77cfd16SIdo Schimmel * - ``ipv6_dhcp`` 295d77cfd16SIdo Schimmel - ``control`` 296d77cfd16SIdo Schimmel - Traps IPv6 DHCP packets 297d77cfd16SIdo Schimmel * - ``arp_request`` 298d77cfd16SIdo Schimmel - ``control`` 299d77cfd16SIdo Schimmel - Traps ARP request packets 300d77cfd16SIdo Schimmel * - ``arp_response`` 301d77cfd16SIdo Schimmel - ``control`` 302d77cfd16SIdo Schimmel - Traps ARP response packets 303d77cfd16SIdo Schimmel * - ``arp_overlay`` 304d77cfd16SIdo Schimmel - ``control`` 305d77cfd16SIdo Schimmel - Traps NVE-decapsulated ARP packets that reached the overlay network. 306d77cfd16SIdo Schimmel This is required, for example, when the address that needs to be 307d77cfd16SIdo Schimmel resolved is a local address 308d77cfd16SIdo Schimmel * - ``ipv6_neigh_solicit`` 309d77cfd16SIdo Schimmel - ``control`` 310d77cfd16SIdo Schimmel - Traps IPv6 Neighbour Solicitation packets 311d77cfd16SIdo Schimmel * - ``ipv6_neigh_advert`` 312d77cfd16SIdo Schimmel - ``control`` 313d77cfd16SIdo Schimmel - Traps IPv6 Neighbour Advertisement packets 314d77cfd16SIdo Schimmel * - ``ipv4_bfd`` 315d77cfd16SIdo Schimmel - ``control`` 316d77cfd16SIdo Schimmel - Traps IPv4 BFD packets 317d77cfd16SIdo Schimmel * - ``ipv6_bfd`` 318d77cfd16SIdo Schimmel - ``control`` 319d77cfd16SIdo Schimmel - Traps IPv6 BFD packets 320d77cfd16SIdo Schimmel * - ``ipv4_ospf`` 321d77cfd16SIdo Schimmel - ``control`` 322d77cfd16SIdo Schimmel - Traps IPv4 OSPF packets 323d77cfd16SIdo Schimmel * - ``ipv6_ospf`` 324d77cfd16SIdo Schimmel - ``control`` 325d77cfd16SIdo Schimmel - Traps IPv6 OSPF packets 326d77cfd16SIdo Schimmel * - ``ipv4_bgp`` 327d77cfd16SIdo Schimmel - ``control`` 328d77cfd16SIdo Schimmel - Traps IPv4 BGP packets 329d77cfd16SIdo Schimmel * - ``ipv6_bgp`` 330d77cfd16SIdo Schimmel - ``control`` 331d77cfd16SIdo Schimmel - Traps IPv6 BGP packets 332d77cfd16SIdo Schimmel * - ``ipv4_vrrp`` 333d77cfd16SIdo Schimmel - ``control`` 334d77cfd16SIdo Schimmel - Traps IPv4 VRRP packets 335d77cfd16SIdo Schimmel * - ``ipv6_vrrp`` 336d77cfd16SIdo Schimmel - ``control`` 337d77cfd16SIdo Schimmel - Traps IPv6 VRRP packets 338d77cfd16SIdo Schimmel * - ``ipv4_pim`` 339d77cfd16SIdo Schimmel - ``control`` 340d77cfd16SIdo Schimmel - Traps IPv4 PIM packets 341d77cfd16SIdo Schimmel * - ``ipv6_pim`` 342d77cfd16SIdo Schimmel - ``control`` 343d77cfd16SIdo Schimmel - Traps IPv6 PIM packets 344d77cfd16SIdo Schimmel * - ``uc_loopback`` 345d77cfd16SIdo Schimmel - ``control`` 346d77cfd16SIdo Schimmel - Traps unicast packets that need to be routed through the same layer 3 347d77cfd16SIdo Schimmel interface from which they were received. Such packets are routed by the 348d77cfd16SIdo Schimmel kernel, but also cause it to potentially generate ICMP redirect packets 349d77cfd16SIdo Schimmel * - ``local_route`` 350d77cfd16SIdo Schimmel - ``control`` 351d77cfd16SIdo Schimmel - Traps unicast packets that hit a local route and need to be locally 352d77cfd16SIdo Schimmel delivered 353d77cfd16SIdo Schimmel * - ``external_route`` 354d77cfd16SIdo Schimmel - ``control`` 355d77cfd16SIdo Schimmel - Traps packets that should be routed through an external interface (e.g., 356d77cfd16SIdo Schimmel management interface) that does not belong to the same device (e.g., 357d77cfd16SIdo Schimmel switch ASIC) as the ingress interface 358d77cfd16SIdo Schimmel * - ``ipv6_uc_dip_link_local_scope`` 359d77cfd16SIdo Schimmel - ``control`` 360d77cfd16SIdo Schimmel - Traps unicast IPv6 packets that need to be routed and have a destination 361d77cfd16SIdo Schimmel IP address with a link-local scope (i.e., fe80::/10). The trap allows 362d77cfd16SIdo Schimmel device drivers to avoid programming link-local routes, but still receive 363d77cfd16SIdo Schimmel packets for local delivery 364d77cfd16SIdo Schimmel * - ``ipv6_dip_all_nodes`` 365d77cfd16SIdo Schimmel - ``control`` 366d77cfd16SIdo Schimmel - Traps IPv6 packets that their destination IP address is the "All Nodes 367d77cfd16SIdo Schimmel Address" (i.e., ff02::1) 368d77cfd16SIdo Schimmel * - ``ipv6_dip_all_routers`` 369d77cfd16SIdo Schimmel - ``control`` 370d77cfd16SIdo Schimmel - Traps IPv6 packets that their destination IP address is the "All Routers 371d77cfd16SIdo Schimmel Address" (i.e., ff02::2) 372d77cfd16SIdo Schimmel * - ``ipv6_router_solicit`` 373d77cfd16SIdo Schimmel - ``control`` 374d77cfd16SIdo Schimmel - Traps IPv6 Router Solicitation packets 375d77cfd16SIdo Schimmel * - ``ipv6_router_advert`` 376d77cfd16SIdo Schimmel - ``control`` 377d77cfd16SIdo Schimmel - Traps IPv6 Router Advertisement packets 378d77cfd16SIdo Schimmel * - ``ipv6_redirect`` 379d77cfd16SIdo Schimmel - ``control`` 380d77cfd16SIdo Schimmel - Traps IPv6 Redirect Message packets 381d77cfd16SIdo Schimmel * - ``ipv4_router_alert`` 382d77cfd16SIdo Schimmel - ``control`` 383d77cfd16SIdo Schimmel - Traps IPv4 packets that need to be routed and include the Router Alert 384d77cfd16SIdo Schimmel option. Such packets need to be locally delivered to raw sockets that 385d77cfd16SIdo Schimmel have the IP_ROUTER_ALERT socket option set 386d77cfd16SIdo Schimmel * - ``ipv6_router_alert`` 387d77cfd16SIdo Schimmel - ``control`` 388d77cfd16SIdo Schimmel - Traps IPv6 packets that need to be routed and include the Router Alert 389d77cfd16SIdo Schimmel option in their Hop-by-Hop extension header. Such packets need to be 390d77cfd16SIdo Schimmel locally delivered to raw sockets that have the IPV6_ROUTER_ALERT socket 391d77cfd16SIdo Schimmel option set 392d77cfd16SIdo Schimmel * - ``ptp_event`` 393d77cfd16SIdo Schimmel - ``control`` 394d77cfd16SIdo Schimmel - Traps PTP time-critical event messages (Sync, Delay_req, Pdelay_Req and 395d77cfd16SIdo Schimmel Pdelay_Resp) 396d77cfd16SIdo Schimmel * - ``ptp_general`` 397d77cfd16SIdo Schimmel - ``control`` 398d77cfd16SIdo Schimmel - Traps PTP general messages (Announce, Follow_Up, Delay_Resp, 399d77cfd16SIdo Schimmel Pdelay_Resp_Follow_Up, management and signaling) 4005eb18a2bSIdo Schimmel * - ``flow_action_sample`` 4015eb18a2bSIdo Schimmel - ``control`` 4025eb18a2bSIdo Schimmel - Traps packets sampled during processing of flow action sample (e.g., via 4035eb18a2bSIdo Schimmel tc's sample action) 4045eb18a2bSIdo Schimmel * - ``flow_action_trap`` 4055eb18a2bSIdo Schimmel - ``control`` 4065eb18a2bSIdo Schimmel - Traps packets logged during processing of flow action trap (e.g., via 4075eb18a2bSIdo Schimmel tc's trap action) 40808e335f6SAmit Cohen * - ``early_drop`` 40908e335f6SAmit Cohen - ``drop`` 41008e335f6SAmit Cohen - Traps packets dropped due to the RED (Random Early Detection) algorithm 41108e335f6SAmit Cohen (i.e., early drops) 41210c24eb2SIoana Ciornei * - ``vxlan_parsing`` 41310c24eb2SIoana Ciornei - ``drop`` 41410c24eb2SIoana Ciornei - Traps packets dropped due to an error in the VXLAN header parsing which 41510c24eb2SIoana Ciornei might be because of packet truncation or the I flag is not set. 41610c24eb2SIoana Ciornei * - ``llc_snap_parsing`` 41710c24eb2SIoana Ciornei - ``drop`` 41810c24eb2SIoana Ciornei - Traps packets dropped due to an error in the LLC+SNAP header parsing 41910c24eb2SIoana Ciornei * - ``vlan_parsing`` 42010c24eb2SIoana Ciornei - ``drop`` 42110c24eb2SIoana Ciornei - Traps packets dropped due to an error in the VLAN header parsing. Could 42210c24eb2SIoana Ciornei include unexpected packet truncation. 42310c24eb2SIoana Ciornei * - ``pppoe_ppp_parsing`` 42410c24eb2SIoana Ciornei - ``drop`` 42510c24eb2SIoana Ciornei - Traps packets dropped due to an error in the PPPoE+PPP header parsing. 42610c24eb2SIoana Ciornei This could include finding a session ID of 0xFFFF (which is reserved and 42710c24eb2SIoana Ciornei not for use), a PPPoE length which is larger than the frame received or 42810c24eb2SIoana Ciornei any common error on this type of header 42910c24eb2SIoana Ciornei * - ``mpls_parsing`` 43010c24eb2SIoana Ciornei - ``drop`` 43110c24eb2SIoana Ciornei - Traps packets dropped due to an error in the MPLS header parsing which 43210c24eb2SIoana Ciornei could include unexpected header truncation 43310c24eb2SIoana Ciornei * - ``arp_parsing`` 43410c24eb2SIoana Ciornei - ``drop`` 43510c24eb2SIoana Ciornei - Traps packets dropped due to an error in the ARP header parsing 43610c24eb2SIoana Ciornei * - ``ip_1_parsing`` 43710c24eb2SIoana Ciornei - ``drop`` 43810c24eb2SIoana Ciornei - Traps packets dropped due to an error in the first IP header parsing. 43910c24eb2SIoana Ciornei This packet trap could include packets which do not pass an IP checksum 44010c24eb2SIoana Ciornei check, a header length check (a minimum of 20 bytes), which might suffer 44110c24eb2SIoana Ciornei from packet truncation thus the total length field exceeds the received 44210c24eb2SIoana Ciornei packet length etc 44310c24eb2SIoana Ciornei * - ``ip_n_parsing`` 44410c24eb2SIoana Ciornei - ``drop`` 44510c24eb2SIoana Ciornei - Traps packets dropped due to an error in the parsing of the last IP 44610c24eb2SIoana Ciornei header (the inner one in case of an IP over IP tunnel). The same common 44710c24eb2SIoana Ciornei error checking is performed here as for the ip_1_parsing trap 44810c24eb2SIoana Ciornei * - ``gre_parsing`` 44910c24eb2SIoana Ciornei - ``drop`` 45010c24eb2SIoana Ciornei - Traps packets dropped due to an error in the GRE header parsing 45110c24eb2SIoana Ciornei * - ``udp_parsing`` 45210c24eb2SIoana Ciornei - ``drop`` 45310c24eb2SIoana Ciornei - Traps packets dropped due to an error in the UDP header parsing. 45410c24eb2SIoana Ciornei This packet trap could include checksum errorrs, an improper UDP 45510c24eb2SIoana Ciornei length detected (smaller than 8 bytes) or detection of header 45610c24eb2SIoana Ciornei truncation. 45710c24eb2SIoana Ciornei * - ``tcp_parsing`` 45810c24eb2SIoana Ciornei - ``drop`` 45910c24eb2SIoana Ciornei - Traps packets dropped due to an error in the TCP header parsing. 46010c24eb2SIoana Ciornei This could include TCP checksum errors, improper combination of SYN, FIN 46110c24eb2SIoana Ciornei and/or RESET etc. 46210c24eb2SIoana Ciornei * - ``ipsec_parsing`` 46310c24eb2SIoana Ciornei - ``drop`` 46410c24eb2SIoana Ciornei - Traps packets dropped due to an error in the IPSEC header parsing 46510c24eb2SIoana Ciornei * - ``sctp_parsing`` 46610c24eb2SIoana Ciornei - ``drop`` 46710c24eb2SIoana Ciornei - Traps packets dropped due to an error in the SCTP header parsing. 46810c24eb2SIoana Ciornei This would mean that port number 0 was used or that the header is 46910c24eb2SIoana Ciornei truncated. 47010c24eb2SIoana Ciornei * - ``dccp_parsing`` 47110c24eb2SIoana Ciornei - ``drop`` 47210c24eb2SIoana Ciornei - Traps packets dropped due to an error in the DCCP header parsing 47310c24eb2SIoana Ciornei * - ``gtp_parsing`` 47410c24eb2SIoana Ciornei - ``drop`` 47510c24eb2SIoana Ciornei - Traps packets dropped due to an error in the GTP header parsing 47610c24eb2SIoana Ciornei * - ``esp_parsing`` 47710c24eb2SIoana Ciornei - ``drop`` 47810c24eb2SIoana Ciornei - Traps packets dropped due to an error in the ESP header parsing 479f0a5013eSIdo Schimmel * - ``blackhole_nexthop`` 480f0a5013eSIdo Schimmel - ``drop`` 481f0a5013eSIdo Schimmel - Traps packets that the device decided to drop in case they hit a 482f0a5013eSIdo Schimmel blackhole nexthop 483e78ab164SAya Levin * - ``dmac_filter`` 484e78ab164SAya Levin - ``drop`` 485e78ab164SAya Levin - Traps incoming packets that the device decided to drop because 486e78ab164SAya Levin the destination MAC is not configured in the MAC table and 487e78ab164SAya Levin the interface is not in promiscuous mode 488*2640a82bSIdo Schimmel * - ``eapol`` 489*2640a82bSIdo Schimmel - ``control`` 490*2640a82bSIdo Schimmel - Traps "Extensible Authentication Protocol over LAN" (EAPOL) packets 491*2640a82bSIdo Schimmel specified in IEEE 802.1X 492*2640a82bSIdo Schimmel * - ``locked_port`` 493*2640a82bSIdo Schimmel - ``drop`` 494*2640a82bSIdo Schimmel - Traps packets that the device decided to drop because they failed the 495*2640a82bSIdo Schimmel locked bridge port check. That is, packets that were received via a 496*2640a82bSIdo Schimmel locked port and whose {SMAC, VID} does not correspond to an FDB entry 497*2640a82bSIdo Schimmel pointing to the port 498f4bdd710SJacob Keller 499f4bdd710SJacob KellerDriver-specific Packet Traps 500f4bdd710SJacob Keller============================ 501f4bdd710SJacob Keller 502f4bdd710SJacob KellerDevice drivers can register driver-specific packet traps, but these must be 503f4bdd710SJacob Kellerclearly documented. Such traps can correspond to device-specific exceptions and 504f4bdd710SJacob Kellerhelp debug packet drops caused by these exceptions. The following list includes 505f4bdd710SJacob Kellerlinks to the description of driver-specific traps registered by various device 506f4bdd710SJacob Kellerdrivers: 507f4bdd710SJacob Keller 5088d4a0adcSMauro Carvalho Chehab * Documentation/networking/devlink/netdevsim.rst 5098d4a0adcSMauro Carvalho Chehab * Documentation/networking/devlink/mlxsw.rst 510dbe69e43SLinus Torvalds * Documentation/networking/devlink/prestera.rst 511f4bdd710SJacob Keller 512e750b84dSLothar Rubusch.. _Generic-Packet-Trap-Groups: 513e750b84dSLothar Rubusch 514f4bdd710SJacob KellerGeneric Packet Trap Groups 515f4bdd710SJacob Keller========================== 516f4bdd710SJacob Keller 517f4bdd710SJacob KellerGeneric packet trap groups are used to aggregate logically related packet 518f4bdd710SJacob Kellertraps. These groups allow the user to batch operations such as setting the trap 519f4bdd710SJacob Kelleraction of all member traps. In addition, ``devlink-trap`` can report aggregated 520f4bdd710SJacob Kellerper-group packets and bytes statistics, in case per-trap statistics are too 521f4bdd710SJacob Kellernarrow. The description of these groups must be added to the following table: 522f4bdd710SJacob Keller 523f4bdd710SJacob Keller.. list-table:: List of Generic Packet Trap Groups 524f4bdd710SJacob Keller :widths: 10 90 525f4bdd710SJacob Keller 526f4bdd710SJacob Keller * - Name 527f4bdd710SJacob Keller - Description 528f4bdd710SJacob Keller * - ``l2_drops`` 529f4bdd710SJacob Keller - Contains packet traps for packets that were dropped by the device during 530f4bdd710SJacob Keller layer 2 forwarding (i.e., bridge) 531f4bdd710SJacob Keller * - ``l3_drops`` 532678eb199SIdo Schimmel - Contains packet traps for packets that were dropped by the device during 533678eb199SIdo Schimmel layer 3 forwarding 534678eb199SIdo Schimmel * - ``l3_exceptions`` 535678eb199SIdo Schimmel - Contains packet traps for packets that hit an exception (e.g., TTL 536678eb199SIdo Schimmel error) during layer 3 forwarding 537f4bdd710SJacob Keller * - ``buffer_drops`` 538f4bdd710SJacob Keller - Contains packet traps for packets that were dropped by the device due to 539f4bdd710SJacob Keller an enqueue decision 54013c056ecSAmit Cohen * - ``tunnel_drops`` 54113c056ecSAmit Cohen - Contains packet traps for packets that were dropped by the device during 54213c056ecSAmit Cohen tunnel encapsulation / decapsulation 543ecd942a0SJiri Pirko * - ``acl_drops`` 544ecd942a0SJiri Pirko - Contains packet traps for packets that were dropped by the device during 545ecd942a0SJiri Pirko ACL processing 546515eac67SIdo Schimmel * - ``stp`` 547515eac67SIdo Schimmel - Contains packet traps for STP packets 548515eac67SIdo Schimmel * - ``lacp`` 549515eac67SIdo Schimmel - Contains packet traps for LACP packets 550515eac67SIdo Schimmel * - ``lldp`` 551515eac67SIdo Schimmel - Contains packet traps for LLDP packets 552515eac67SIdo Schimmel * - ``mc_snooping`` 553515eac67SIdo Schimmel - Contains packet traps for IGMP and MLD packets required for multicast 554515eac67SIdo Schimmel snooping 555d77cfd16SIdo Schimmel * - ``dhcp`` 556d77cfd16SIdo Schimmel - Contains packet traps for DHCP packets 557d77cfd16SIdo Schimmel * - ``neigh_discovery`` 558d77cfd16SIdo Schimmel - Contains packet traps for neighbour discovery packets (e.g., ARP, IPv6 559d77cfd16SIdo Schimmel ND) 560d77cfd16SIdo Schimmel * - ``bfd`` 561d77cfd16SIdo Schimmel - Contains packet traps for BFD packets 562d77cfd16SIdo Schimmel * - ``ospf`` 563d77cfd16SIdo Schimmel - Contains packet traps for OSPF packets 564d77cfd16SIdo Schimmel * - ``bgp`` 565d77cfd16SIdo Schimmel - Contains packet traps for BGP packets 566d77cfd16SIdo Schimmel * - ``vrrp`` 567d77cfd16SIdo Schimmel - Contains packet traps for VRRP packets 568d77cfd16SIdo Schimmel * - ``pim`` 569d77cfd16SIdo Schimmel - Contains packet traps for PIM packets 570d77cfd16SIdo Schimmel * - ``uc_loopback`` 571d77cfd16SIdo Schimmel - Contains a packet trap for unicast loopback packets (i.e., 572d77cfd16SIdo Schimmel ``uc_loopback``). This trap is singled-out because in cases such as 573d77cfd16SIdo Schimmel one-armed router it will be constantly triggered. To limit the impact on 574d77cfd16SIdo Schimmel the CPU usage, a packet trap policer with a low rate can be bound to the 575d77cfd16SIdo Schimmel group without affecting other traps 576d77cfd16SIdo Schimmel * - ``local_delivery`` 577d77cfd16SIdo Schimmel - Contains packet traps for packets that should be locally delivered after 578d77cfd16SIdo Schimmel routing, but do not match more specific packet traps (e.g., 579d77cfd16SIdo Schimmel ``ipv4_bgp``) 580ec4f5b36SIdo Schimmel * - ``external_delivery`` 581ec4f5b36SIdo Schimmel - Contains packet traps for packets that should be routed through an 582ec4f5b36SIdo Schimmel external interface (e.g., management interface) that does not belong to 583ec4f5b36SIdo Schimmel the same device (e.g., switch ASIC) as the ingress interface 584d77cfd16SIdo Schimmel * - ``ipv6`` 585d77cfd16SIdo Schimmel - Contains packet traps for various IPv6 control packets (e.g., Router 586d77cfd16SIdo Schimmel Advertisements) 587d77cfd16SIdo Schimmel * - ``ptp_event`` 588d77cfd16SIdo Schimmel - Contains packet traps for PTP time-critical event messages (Sync, 589d77cfd16SIdo Schimmel Delay_req, Pdelay_Req and Pdelay_Resp) 590d77cfd16SIdo Schimmel * - ``ptp_general`` 591d77cfd16SIdo Schimmel - Contains packet traps for PTP general messages (Announce, Follow_Up, 592d77cfd16SIdo Schimmel Delay_Resp, Pdelay_Resp_Follow_Up, management and signaling) 5935eb18a2bSIdo Schimmel * - ``acl_sample`` 5945eb18a2bSIdo Schimmel - Contains packet traps for packets that were sampled by the device during 5955eb18a2bSIdo Schimmel ACL processing 5965eb18a2bSIdo Schimmel * - ``acl_trap`` 5975eb18a2bSIdo Schimmel - Contains packet traps for packets that were trapped (logged) by the 5985eb18a2bSIdo Schimmel device during ACL processing 59910c24eb2SIoana Ciornei * - ``parser_error_drops`` 60010c24eb2SIoana Ciornei - Contains packet traps for packets that were marked by the device during 60110c24eb2SIoana Ciornei parsing as erroneous 602*2640a82bSIdo Schimmel * - ``eapol`` 603*2640a82bSIdo Schimmel - Contains packet traps for "Extensible Authentication Protocol over LAN" 604*2640a82bSIdo Schimmel (EAPOL) packets specified in IEEE 802.1X 605f4bdd710SJacob Keller 606ef7d5c7dSIdo SchimmelPacket Trap Policers 607ef7d5c7dSIdo Schimmel==================== 608ef7d5c7dSIdo Schimmel 609ef7d5c7dSIdo SchimmelAs previously explained, the underlying device can trap certain packets to the 610ef7d5c7dSIdo SchimmelCPU for processing. In most cases, the underlying device is capable of handling 611ef7d5c7dSIdo Schimmelpacket rates that are several orders of magnitude higher compared to those that 612ef7d5c7dSIdo Schimmelcan be handled by the CPU. 613ef7d5c7dSIdo Schimmel 614ef7d5c7dSIdo SchimmelTherefore, in order to prevent the underlying device from overwhelming the CPU, 615ef7d5c7dSIdo Schimmeldevices usually include packet trap policers that are able to police the 616ef7d5c7dSIdo Schimmeltrapped packets to rates that can be handled by the CPU. 617ef7d5c7dSIdo Schimmel 618ef7d5c7dSIdo SchimmelThe ``devlink-trap`` mechanism allows capable device drivers to register their 619ef7d5c7dSIdo Schimmelsupported packet trap policers with ``devlink``. The device driver can choose 620ef7d5c7dSIdo Schimmelto associate these policers with supported packet trap groups (see 621ef7d5c7dSIdo Schimmel:ref:`Generic-Packet-Trap-Groups`) during its initialization, thereby exposing 622ef7d5c7dSIdo Schimmelits default control plane policy to user space. 623ef7d5c7dSIdo Schimmel 624ef7d5c7dSIdo SchimmelDevice drivers should allow user space to change the parameters of the policers 625ef7d5c7dSIdo Schimmel(e.g., rate, burst size) as well as the association between the policers and 626ef7d5c7dSIdo Schimmeltrap groups by implementing the relevant callbacks. 627ef7d5c7dSIdo Schimmel 628ef7d5c7dSIdo SchimmelIf possible, device drivers should implement a callback that allows user space 629ef7d5c7dSIdo Schimmelto retrieve the number of packets that were dropped by the policer because its 630ef7d5c7dSIdo Schimmelconfigured policy was violated. 631ef7d5c7dSIdo Schimmel 632f4bdd710SJacob KellerTesting 633f4bdd710SJacob Keller======= 634f4bdd710SJacob Keller 635f4bdd710SJacob KellerSee ``tools/testing/selftests/drivers/net/netdevsim/devlink_trap.sh`` for a 636f4bdd710SJacob Kellertest covering the core infrastructure. Test cases should be added for any new 637f4bdd710SJacob Kellerfunctionality. 638f4bdd710SJacob Keller 639f4bdd710SJacob KellerDevice drivers should focus their tests on device-specific functionality, such 640f4bdd710SJacob Kelleras the triggering of supported packet traps. 641