Hi Everyone,
It's not a pf-ring specific question, so I'm not sure in the right place.
We'd like to use hardware filtering feature of a dual port SR-IOV
capable 10G Intel 82599 NIC on SLES11. Our goal is to drop all received
packets except traffic from specified source IP addresses.
I can drop all packets with ethtool Flow Director (ethtool -U eth5
flow-type tcp4 src-ip 0.0.0.0 m 255.255.255.255 action -1). It works
correctly, but I can't add a rule which route traffic to a specified
receive queue:
szeph1:/usr/local/sbin # ethtool -U eth5 flow-type tcp4 src-ip
185.72.16.6 action 0
rmgr: Cannot insert RX class rule: Invalid argument
If I specify a mask, the rule doesn't work, all packets are dropped.
szeph1:/usr/local/sbin # ethtool -U eth5 flow-type tcp4 src-ip
185.72.16.6 m 255.255.255.255 action 0
Added rule with ID 2044
szeph1:/usr/local/sbin # ethtool -u eth5
1 RX rings available
Total 2 rules
Filter: 2044
Rule Type: TCP over IPv4
Src IP addr: 0.0.0.0 mask: 255.255.255.255
Dest IP addr: 0.0.0.0 mask: 255.255.255.255
TOS: 0x0 mask: 0xff
Src port: 0 mask: 0xffff
Dest port: 0 mask: 0xffff
VLAN EtherType: 0x0 mask: 0xffff
VLAN: 0x0 mask: 0xffff
User-defined: 0x0 mask: 0xffffffffffffffff
Action: Direct to queue 0
Filter: 2045
Rule Type: TCP over IPv4
Src IP addr: 0.0.0.0 mask: 255.255.255.255
Dest IP addr: 0.0.0.0 mask: 255.255.255.255
TOS: 0x0 mask: 0xff
Src port: 0 mask: 0xffff
Dest port: 0 mask: 0xffff
VLAN EtherType: 0x0 mask: 0xffff
VLAN: 0x0 mask: 0xffff
User-defined: 0x0 mask: 0xffffffffffffffff
Action: Drop
Is there any way to create filter rules which meets out need?
We're using default ixgbe kernel module with the following option: ixgbe
max_vfs=16
filename:
/lib/modules/3.0.101-0.35-xen/kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko
version: 3.11.33-k
license: GPL
description: Intel(R) 10 Gigabit PCI Express Network Driver
author: Intel Corporation, <[email protected]>
srcversion: 76C492FA0B3CB3518845F24
alias: pci:v00008086d00001560sv*sd*bc*sc*i*
alias: pci:v00008086d0000154Asv*sd*bc*sc*i*
alias: pci:v00008086d00001557sv*sd*bc*sc*i*
alias: pci:v00008086d0000154Fsv*sd*bc*sc*i*
alias: pci:v00008086d0000154Dsv*sd*bc*sc*i*
alias: pci:v00008086d00001528sv*sd*bc*sc*i*
alias: pci:v00008086d000010F8sv*sd*bc*sc*i*
alias: pci:v00008086d0000151Csv*sd*bc*sc*i*
alias: pci:v00008086d00001529sv*sd*bc*sc*i*
alias: pci:v00008086d0000152Asv*sd*bc*sc*i*
alias: pci:v00008086d000010F9sv*sd*bc*sc*i*
alias: pci:v00008086d00001514sv*sd*bc*sc*i*
alias: pci:v00008086d00001507sv*sd*bc*sc*i*
alias: pci:v00008086d000010FBsv*sd*bc*sc*i*
alias: pci:v00008086d00001517sv*sd*bc*sc*i*
alias: pci:v00008086d000010FCsv*sd*bc*sc*i*
alias: pci:v00008086d000010F7sv*sd*bc*sc*i*
alias: pci:v00008086d00001508sv*sd*bc*sc*i*
alias: pci:v00008086d000010DBsv*sd*bc*sc*i*
alias: pci:v00008086d000010F4sv*sd*bc*sc*i*
alias: pci:v00008086d000010E1sv*sd*bc*sc*i*
alias: pci:v00008086d000010F1sv*sd*bc*sc*i*
alias: pci:v00008086d000010ECsv*sd*bc*sc*i*
alias: pci:v00008086d000010DDsv*sd*bc*sc*i*
alias: pci:v00008086d0000150Bsv*sd*bc*sc*i*
alias: pci:v00008086d000010C8sv*sd*bc*sc*i*
alias: pci:v00008086d000010C7sv*sd*bc*sc*i*
alias: pci:v00008086d000010C6sv*sd*bc*sc*i*
alias: pci:v00008086d000010B6sv*sd*bc*sc*i*
depends: mdio,hwmon,ptp
supported: yes
vermagic: 3.0.101-0.35-xen SMP mod_unload modversions Xen
signer: SUSE Linux Enterprise Secure Boot Signkey
sig_key: 3F:B0:77:B6:CE:BC:6F:F2:52:2E:1C:14:8C:57:C7:77:C7:88:E3:E7
sig_hashalgo: sha256
parm: entropy:Allow ixgbe to populate the /dev/random entropy
pool (int)
parm: max_vfs:Maximum number of virtual functions to allocate
per physical function - default is zero and maximum value is 63 (uint)
parm: allow_unsupported_sfp:Allow unsupported and untested
SFP+ modules on 82599-based adapters (uint)
parm: debug:Debug level (0=none,...,16=all) (int)
Thanks in advance,
Lajos
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
