sun microsystems Systems Architecture Committee _________________________________________________________________ Subject: Solaris Packet Capture Submitted by: Darren Reed File: PSARC/2009/232/opinion.ms Date: 20 May 2009 Committee: Jim Carlson, Mark Carlson, Richard Matthews, Sebastian Roy Product Approval Committee: Solaris PAC solaris-pac-opinion@sun.com 1. Summary This project proposes to integrate the Berkely Packet Cap- ture feature into the Solaris Kernel, bringing with it the Berkeley Packet Filter (BPF.) This feature is usually refered to as BPF and will be for the remainder of this document. This project also proposes to integrate the PF_PACKET API from Linux as a socket plugin. 2. Decision & Precedence Information The project is approved as specified in reference [1][2][3]. The project may be delivered in a minor release of the ON consolidation. 3. Interfaces The project exports the following interfaces. _____________________________________________________________________________ | Interfaces Exported | |_____________________________________|_______________________|_____________| |Interface | Classification | Comments | |_____________________________________|_______________________|_____________| |usr/kernel/drv/bpf | Project Private | | |usr/kernel/drv/bpf.conf | Project Private | | |/dev/bpf | Uncommitted | | | | Committed | | | | Project Private | | |_____________________________________|_______________________|_____________| PSARC/2009/232 Copyright 2009 Sun Microsystems - 2 - _____________________________________________________________________________ | Interfaces Exported | |_____________________________________|_______________________|_____________| |Interface | Classification | Comments | |_____________________________________|_______________________|_____________| |BPF_MAJOR_VERSION | Committed | | |BPF_MINOR_VERSION | Committed | | |BIOCGBLEN | Committed | | |BIOCSBLEN | Committed | | |BIOCSETF | Committed | | |BIOCFLUSH | Committed | | |BIOCPROMIS | Committed | | |BIOCGDLT | Committed | | |BIOCGETIF | Committed | | |BIOCSETIF | Committed | | |BIOCGETLIF | Committed | | |BIOCSETLIF | Committed | | |BIOCSORTIMEOUT | Committed | | |BIOCGORTIMEOUT | Committed | | |BIOCGSTATS | Committed | | |BIOCIMMEDIATE | Committed | | |BIOCVERSION | Committed | | |BIOCSTCPF | Committed | | |BIOCSUDPF | Committed | | |BIOCGHDRCMPLT | Committed | | |BIOCSHDRCMPLT | Committed | | |BIOCSDLT | Committed | | |BIOCGDLTLIST | Committed | | |BIOCGSEESENT | Committed | | |BIOCSSEESENT | Committed | | |BIOCSRTIMEOUT | Committed | | |BIOCGRTIMEOUT | Committed | | |BBIOCSETF32 | Project private | | |BIOCGDLTLIST32 | Project private | | |BIOCSRTIMEOUT32 | Project private | | |BIOCGRTIMEOUT32 | Project private | | |struct bpf_dltlist | Committed | | |struct bpf_hdr | Committed | | |struct bpf_insn | Committed | | |struct bpf_program | Committed | | |struct bpf_stat | Committed | | |struct bpf_timeval | Committed | | |struct bpf_version | Committed | | |NH_OBSERVING | Committed | | |hook_pkt_observe_t | Committed | | |DLT_IPNET | Committed | | |dl_ipnetinfo_v2_t | Committed | | |bpf-capture | Uncommitted | SDT probe | |MAC_PROMISC_FLAGS_NO_COPY | Consolidation Private| | |dls_set_bpfattach | Project Private | | |mac_addr_length | Consolidation Private| | |mac_type | Consolidation Private| | |/usr/kernel/socketmod/sockpfp | Project Private | | |/usr/kernel/socketmod/amd64/sockpfp | Project Private | | |_____________________________________|_______________________|_____________| PSARC/2009/232 Copyright 2009 Sun Microsystems - 3 - _____________________________________________________________________________ | Interfaces Exported | |_____________________________________|_______________________|_____________| |Interface | Classification | Comments | |_____________________________________|_______________________|_____________| |/usr/kernel/socketmod/sparcv9/sockpfp| Project Private | | | | Committed | | |PF_PACKET | Committed | | |SOL_PACKET | Committed | | |SO_ATTACH_FILTER | Committed | | |SO_DETACH_FILTER | Committed | | |SIOCGIFHWADDR | Committed | | |SIOCGSTAMP | Committed | | |PACKET_STATISTICS | Committed | | |PACKET_ADD_MEMBERSHIP | Committed | | |PACKET_DROP_MEMBERSHIP | Committed | | |PACKET_AUXDATA | Committed | | |PACKET_HOST | Committed | | |PACKET_BROADCAST | Committed | | |PACKET_MULTICAST | Committed | | |PACKET_OTHERHOST | Committed | | |PACKET_OUTGOING | Committed | | |struct packet_mreq | Committed | | |struct sock_filter | Committed | | |struct sock_fprog | Committed | | |struct sockaddr_ll | Committed | | |struct tpacket_auxdata* | Committed | | |struct tpacket_hdr* | Committed | | |struct tpacket_stats | Committed | | |struct tpacket2_hdr* | Committed | | |_____________________________________|_______________________|_____________| The project imports the following interfaces. _________________________________________________________ | Interfaces Imported | |___________________________|________________|__________| |Interface | Classification| Comments| |___________________________|________________|__________| | | | | |struct modlsockmod | | | |smod_reg_t | | | |sock_downcalls_t | | | |sock_lower_handle_t | | | |sock_upcalls_t | | | |mac_addr_len | | | |mac_client_open | | | |mac_client_close | | | |mac_close | | | |mac_header | | | |mac_multicast_add | | | |mac_multicast_remove | | | |mac_open_by_linkid | | | |___________________________|________________|__________| PSARC/2009/232 Copyright 2009 Sun Microsystems - 4 - _________________________________________________________ | Interfaces Imported | |___________________________|________________|__________| |Interface | Classification| Comments| |___________________________|________________|__________| |mac_promisc_add | | | |mac_promisc_remove | | | |mac_sdu_get | | | |mac_tx | | | |mac_unicast_primary_get | | | |dls_devnet_macname2linkid | | | |mac_client_handle_t | | | |mac_client_promisc_type_t | | | |mac_handle_t | | | |MAC_ADDRTYPE_MULTICAST | | | |MAC_ADDRTYPE_BROADCAST | | | |MAC_ADDRTYPE_UNICAST | | | |MAC_CLIENT_PROMISC_ALL | | | |MAC_CLIENT_PROMISC_FILTERED| | | |MAC_CLIENT_PROMISC_MULTI | | | |MAC_DROP_ON_NO_DESC | | | | | | | | | | | | | | | | | | | |___________________________|________________|__________| 4. Opinion 4.1. Setting the Packet Capture DLT The BPF architecture which allows a single network device name to be used to generate different types of packet cap- ture data, determined by where and how it is presented to BPF by the networking stack. This is different to existing architecture where a specific pathname or socket can only be used to receive a single type of packet. The delivery of the man page for BPF will document the ioctls used with this mechanism and the man page for tcpdump will document how users can use it from the command line. 5. Minority Opinion(s) None. 6. Advisory Information None. PSARC/2009/232 Copyright 2009 Sun Microsystems - 5 - 7. Appendices 7.1. Appendix A: Technical Changes Required No technical changes required. 7.2. Appendix B: Technical Changes Advised No technical changes advised. 7.3. Appendix C: Reference Material Unless stated otherwise, path names are relative to the case directory PSARC/2009/232. 1 commitment.materials/bpf-psarc.txt 2 commitment.materials/pfp-psarc.txt 3 commitment.materials/questions.txt PSARC/2009/232 Copyright 2009 Sun Microsystems