Hi Katarina when you specify a tuple, a mask is computed on the non-empty fields (src ip, dst ip, src port, ..), you should fill the same fields on all the filters (i.e. you cannot set src ip and src port on a filter and dst ip and dst port on another filter)
Alfredo > On 27 Nov 2014, at 10:00, Katarina Valent <[email protected]> > wrote: > > Hi Alfredo > > Can you please explain what does it mean "all the filters must be of the same > type"? > Maybe this is the problem we are currently having. We cant seem to add > filters for bi-directional IP flow (targeted IP address as source or > destination IP) > > Thank you, > Katarina Valent > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Alfredo > Cardigliano > Sent: Wednesday, November 26, 2014 6:09 PM > To: [email protected] > Subject: Re: [Ntop-misc] Hardware filtering problem > > >> On 26 Nov 2014, at 15:36, Katarina Valent <[email protected]> >> wrote: >> >> Hi Alfredo >> >> Thank you for your help so far. If you could answer few more questions: >> 1) we are planning to use PF_RING with libpcap and jnetpcap. Can we add >> hardware filtering directly from jnetPcap? > > The libpcap API does not support hw filtering. > >> 2) when adding filter using PF_RING/userland/examples_zc/zcount.c what >> parameters for -c and -g should we use? It is hard to understand from code >> what cluster_id and core_id means. Do you have any other documentation? When >> using "./zcount -i eth2 -c 1 -g 1 -R" we get: >> pfring_zc_add_hw_rule(0) failed: did you enable the FlowDirector >> (ethtool -K ethX ntuple on) > > -c is a unique cluster identifier (usually unique per process, unless you > attach an external process/VM, aka IPC) > > $ ./zcount -h > -c <cluster id> Cluster id > -g <core id> Bind this app to a core > > Please also take a look at the ZC API documentation: > http://www.ntop.org/pfring_api/pfring__zc_8h.html > >> 3) when inserting hardware filtering rule with ethtool we can add one filter: >> ethtool -U eth2 flow-type ip4 src-ip 192.168.102.87 action 0 but >> adding additional similar filter: >> ethtool -U eth2 flow-type ip4 dst-ip 192.168.102.87 action 0 results >> in error (dmesg): >> ixgbe 0000:02:00.1: eth2: Only one mask supported per port We have >> traced that this message comes from ixgbe_ethtool.c file from ixgbe driver >> from PF_RING. In original ixgbe driver this message does not appear. Is this >> some specific limitation when using PF_RING? > > I think the original driver just does not warn you that you are configuring > the card in a wrong way (all the filters must be of the same type), I will > double check. > > Alfredo > >> >> Thank you, >> Katarina Valent >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Pavel >> Odintsov >> Sent: Tuesday, November 25, 2014 4:20 PM >> To: [email protected] >> Subject: Re: [Ntop-misc] Hardware filtering problem >> >> Hello! >> >> We checked PF_RING hw filters and add they correctly. But we can't see added >> rules with ethtool. Maybe it buggy... >> >> On Tue, Nov 25, 2014 at 2:44 PM, Katarina Valent >> <[email protected]> wrote: >>> Thank you. This was very helpful. >>> >>> >>> >>> Best regards, >>> >>> Katarina Valent >>> >>> >>> >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Alfredo >>> Cardigliano >>> Sent: Tuesday, November 25, 2014 12:36 PM >>> >>> >>> To: [email protected] >>> Subject: Re: [Ntop-misc] Hardware filtering problem >>> >>> >>> >>> Hi Katarina >>> >>> ethtool should work but it is not pf_ring-specific, we do not have >>> documentation for that sorry. >>> >>> >>> >>> Alfredo >>> >>> >>> >>> On 25 Nov 2014, at 12:32, Katarina Valent >>> <[email protected]> >>> wrote: >>> >>> >>> >>> Hi Alfredo >>> >>> >>> >>> I have looked into example in zcount.c and have few questions. In >>> script there is mentioned FlowDirector and ehtool. >>> >>> In https://www.kernel.org/doc/Documentation/networking/ixgbe.txt I >>> have found how FlowDirector is used using ethool. >>> My question is: to start hardware filtering is it enough to add rule >>> using ethtool? Do you have any documentation on adding filters using >>> ethtool? >>> >>> >>> >>> Thank you, >>> >>> Katarina Valent >>> >>> >>> >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Alfredo >>> Cardigliano >>> Sent: Tuesday, November 25, 2014 10:23 AM >>> To: [email protected] >>> Subject: Re: [Ntop-misc] Hardware filtering problem >>> >>> >>> >>> Hi Katarina >>> >>> you are right, we will update the documentation asap, >>> >>> please also look at PF_RING/userland/examples/pfcount_82599.c for >>> more examples. >>> >>> >>> >>> Best Regartds >>> >>> Alfredo >>> >>> >>> >>> On 25 Nov 2014, at 08:49, Katarina Valent >>> <[email protected]> >>> wrote: >>> >>> >>> >>> Hi Alfredo >>> >>> >>> >>> Thank you for your prompt response. We will look into examples you >>> have mentioned. >>> >>> We were using instructions from: >>> http://www.ntop.org/products/pf_ring/hardware-packet-filtering/ >>> >>> Are there any updated instructions we could use? >>> >>> >>> >>> Best regards, >>> >>> Katarina Valent >>> >>> >>> >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Alfredo >>> Cardigliano >>> Sent: Monday, November 24, 2014 5:03 PM >>> To: [email protected] >>> Subject: Re: [Ntop-misc] Hardware filtering problem >>> >>> >>> >>> Hi Katarina >>> >>> please read below >>> >>> >>> >>> On 24 Nov 2014, at 15:18, Katarina Valent >>> <[email protected]> >>> wrote: >>> >>> >>> >>> Hi >>> >>> >>> >>> Until now, we have used PF_RING TNAPI for packet filtering on Intel >>> 1G card so we are familiar with PF_RING. We are now working on a >>> project that requires hardware filtering on 82599 Intel network card using >>> PF_RING. >>> >>> We have recently purchased PF_RING ZC license for 10 Gbit adapters >>> >>> Steps we have done: >>> >>> - Downloaded downloaded PF_RING-6.0.2.tar.gz >>> >>> - Compiled PF_RING and drivers from PF_RING-6.0.2 >>> >>> - purchased PF_RING ZC license for 10 Gbit adapters (order >>> 1416498630) >>> >>> - downloaded >>> http://www.nmon.net/packages/debian/7.6/all/PF_RING-dkms/pfring-dkms_ >>> 6 >>> .0.3_all.deb >>> and installed it >>> >>> - activated licence per instructions >>> >>> - insmoding pf_ring and ixgbe.ko driver using script in attachment >>> (script is located in >>> /opt/PF_RING-6.0.2/drivers/PF_RING_aware/intel/ixgbe/ixgbe-3.21.2-zc/ >>> s >>> rc) >>> >>> >>> >>> Problems we have: >>> >>> - we don't seem to get file in cat /proc/net/pf_ring/dev/eth2/rules >>> where rules for hardware filtering can be set. >>> >>> >>> >>> /proc is deprecated, you should add/remove rules using the API. >>> >>> Please take a look at the examples in >>> PF_RING/userland/{examples,examples_zc}, for instance ./zcount -h | >>> grep "\-R" >>> >>> >>> >>> >>> >>> - Insmod ixgbe.ko with parameter FdirMode=2,2,2,2 returns: Error: >>> could not insert module ixgbe.ko: Unknown symbol in module >>> >>> >>> >>> FdirMode is deprecated, actually it is not present in the enclosed script. >>> >>> >>> >>> >>> >>> - In dmesg after using load_driver_“.sh script we do not get line: >>> ixgbe: 0000:02:00.0: ixgbe_check_options: Flow Director perfect >>> filtering enabled >>> >>> >>> >>> You should not expect this message in latest driver. >>> >>> >>> >>> >>> >>> I have attached output from dmesg after using script load_driver_2.sh >>> >>> >>> >>> Can you help us determine what are we doing wrong? >>> >>> >>> >>> Thank you in advance, >>> >>> Katarina Valent >>> >>> >>> >>> Best Regards >>> >>> Alfredo >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> -- >> Sincerely yours, Pavel Odintsov >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
