implement port mirroring

[rjarry]

Allow mirroring traffic from a port to a linux tap interface so that we can run regular tcpdump on it.

Example:

[root@dio brouter]$ br-cli mirror add tap-port0 port 0
[root@dio brouter]$ tcpdump -nni tap-port0 -c 5
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on tap-port0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
14:36:31.483702 IP 192.168.1.33.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 (Cache flush) TXT "deviceid=DC:A6:32:CC:CD:37" "model=Xbmc,1" "srcvers=101.28" "features=0x20F7" (131)
14:36:31.758020 IP6 2a01:cb00:f8b:9700:ead2:ffff:fee4:99e0.53 > 2a01:cb00:f8b:9700:ffd8:872f:c4a:d9d4.35798: 27883 2/0/1 CNAME edge-web.dual-gslb.spotify.com., AAAA 2600:1901:1:c36:: (124)
14:36:31.759541 IP6 2a01:cb00:f8b:9700:ead2:ffff:fee4:99e0.53 > 2a01:cb00:f8b:9700:ffd8:872f:c4a:d9d4.49708: 30401 2/0/1 CNAME edge-web.dual-gslb.spotify.com., A 35.186.224.25 (112)
14:36:32.507441 ARP, Request who-has 192.168.1.1 (ff:ff:ff:ff:ff:ff) tell 192.168.1.16, length 46
14:36:33.324903 IP6 2001:41d0:a:69e1::1.1107 > 2a01:cb00:f8b:9700:ffd8:872f:c4a:d9d4.40526: Flags [P.], seq 4102294619:4102294705, ack 3835940537, win 501, options [nop,nop,TS val 1300040159 ecr 4009689886], length 86
5 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@dio brouter]$ br-cli mirror del tap-port0

[christophefontaine]

Instead of a built-in tcpdump, what about adding a mirroring node instead ? As we should be able to add dynamically a tap port, we can then run a standard tcpdump command.

[rjarry]

That sounds like a better idea :)

I'll adjust the title and description.

[bmagistro]

Ack that port mirroring and tcpdump, depending on context, are different requirements, but this may be achievable already with the use of dpdk-dumpcap (secondary process)