sun
   microsystems              Systems Architecture Committee

_________________________________________________________________

Subject:       Clearview: IP Observability Devices

Submitted by:  Philip Kirk

File:          PSARC/2006/475/opinion.ms

Date:          June 6, 2007

Committee:     Kais Belgaied (opinion written  by  Sebastien
               Roy),  James D Carlson, Bill Sommerfeld, Gary
               Winiger.

Product Approval Committee:

               Solaris PAC
               solaris-pac-opinion@sun.com

1.  Summary

This project provides observability of IP-layer  traffic  by
introducing  a  new  /dev/ipnet directory populated with "IP
Observability Devices".  The /dev/ipnet directory contains a
DLPI style-1 device for each IP interface on the system, and
each device exports enough of  the  DLPI  state  machine  to
allow  traditional network observability tools such as snoop
and wireshark to observe packets flowing over its associated
IP interface.

In addition, some Unix variants  provide  IP-level  loopback
observability  through  a special /dev/lo0 device which pro-
vides observability of all IP loopback packets (packets ori-
ginated  locally  and  destined locally.)  For compatibility
with those other implementations, this project also provides
a /dev/lo0 DLPI device with those semantics.

2.  Decision & Precedence Information

The project is approved as specified in references [1-3].

The project may be delivered in a patch release  of  Solaris
as part of the ON consolidation.

3.  Interfaces

PSARC/2006/475               Copyright 2007 Sun Microsystems

                           - 2 -

The project exports the following interfaces.

_________________________________________________________________
|                      Interfaces Exported                      |
|______________________|_________________|______________________|
|Interface             |  Classification |  Comments            |
|______________________|_________________|______________________|
|DL_IOC_IPNET_INFO     |  Committed      |  <inet/ipnet.h>      |
|struct dl_ipnet_info  |  Committed      |  <inet/ipnet.h>      |
|DL_IPNETINFO_VERSION  |  Committed      |  <inet/ipnet.h>      |
|DL_IPNET              |  Committed      |  <sys/dlpi.h>        |
|PRIV_NET_OBSERVABILITY|  Committed      |  <sys/priv_names.h>  |
|/dev/lo0              |  Committed      |  See lo0(7D) in [2]  |
|/dev/ipnet/*          |  Committed      |  See ipnet(7D) in [2]|
|<inet/ipnet.h>        |  Committed      |                      |
|zoneid                |  Committed      |  See snoop(1m) in [2]|
|net_getlifzone()      |  Committed      |  <sys/neti.h>        |
|net_getlif_flags()    |  Committed      |  <sys/neti.h>        |
|NE_SET_ZONE           |  Committed      |  <sys/hook_event.h>  |
|ip_register_cb()      |  Project Private|  <inet/ip.h>         |
|ip_unregister_cb()    |  Project Private|  <inet/ip.h>         |
|______________________|_________________|______________________|

The project imports the following interfaces.

_______________________________________________
|             Interfaces Imported             |
|___________|________________|________________|
|Interface  |  Classification|  Comments      |
|___________|________________|________________|
|netinfo(9F)|  Uncommitted   |  PSARC/2005/334|
|___________|________________|________________|

4.  Opinion

The IP Observability Devices being introduced by  this  pro-
ject  are designed to be of general use by any observability
application which can open DLPI device  nodes  today  (e.g.,
snoop, wireshark, tcpdump.)  The only missing piece to allow
those tools to handle the packets provided by these  devices
is  a  decoder for the ipnet header format described in [3].
Since snoop(1M) is part of the ON consolidation, it will  be
enhanced  to  handle  ipnet devices as part of this project.
While the project will  also  work  with  third  party  open
source projects such as wireshark to implement a decoder for
ipnet devices, something more is needed to allow  any  third
party  developer  to  independently  provide such support on
their own.

As such, the committee advises the project to  document  the
ipnet  header  format  in  an IETF informational RFC (in the
form of advice, as detailed in Appendix B.)

PSARC/2006/475               Copyright 2007 Sun Microsystems

                           - 3 -

5.  Minority Opinion(s)

None.

6.  Advisory Information

None.

7.  Appendices

7.1.  Appendix A: Technical Changes Required

     None.

7.2.  Appendix B: Technical Changes Advised

     1.   To help third parties implement tools that  access
          ipnet  devices,  the  project  team  is advised to
          create an IETF informational  RFC  that  documents
          the  header  formats needed to interact with those
          devices.

7.3.  Appendix C: Reference Material

Unless stated otherwise, path names are relative to the case
directory PSARC/2006/475.

1.   PSARC 20 Questions
     File:  final.materials/20_questions.txt

2.   Architecture Specification
     File:  final.materials/spec.txt

3.   Design Specification
     File:  final.materials/design-document.pdf

PSARC/2006/475               Copyright 2007 Sun Microsystems