Hi, I've made progress with adding hardware filtering rules, using pf_ring's API (pfring_add_hw_rule()). I managed to add 8190 (8K-2) perfect rules. I know that its possible to have ~32,000 (32K-2) hardware hash rules, but I fail to reach this limit. When loading the ixgbe kernel module, I use "FdirPballoc=3,3,3,3". According to Intel's 82599 10GB controller datasheet <http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/82599-10-gbe-controller-datasheet.pdf> page 289, I understand that its somehow related to rx packet buffer memory allocation, but I didn't manage to find out what exactly and how should I do the modification in order to be able to use 32K hardware hash (signature) rules. Any help will be appreciated.
Regards, Amir On Wed, Apr 29, 2015 at 11:17 AM, Amir Kaduri <akadur...@gmail.com> wrote: > Hi Pavel, > > Thanks for your response. > I didn't try it yet, I'll consider trying it, but currently my goal is to > evaluate pf_ring C/C++ package to see if it fits my needs, in comparison to > other packages. > This is since I need to develop a kind of business-logic application using > it. > I really want to be able to add/remove HW filtering rules using pf_ring's > APIs. > > Thanks, > Amir > > On Wed, Apr 29, 2015 at 10:57 AM, Pavel Odintsov <pavel.odint...@gmail.com > > wrote: > >> Hello, Amir! >> >> Have you tried manual configuration of hardware filters for 82599? You >> could try do it with ethtool: >> >> https://github.com/FastVPSEestiOu/fastnetmon/wiki/Traffic-filtration-using-NIC-capabilities-on-wire-speed-(10GE,-14Mpps) >> >> From my point of view ethtool interface is more flexible for hardware >> filter management. But I can't find any API for C/C++ for it. >> >> On Wed, Apr 29, 2015 at 10:50 AM, Amir Kaduri <akadur...@gmail.com> >> wrote: >> > Hi, >> > >> > After testing software filtering rules, I've tried hardware filtering >> rules. >> > Unfortunately, it doesn't work for me. >> > First, I tested it using pfring 6.0.1 64bit, and then used pfring 5.6.1 >> > 32bit to make sure its not related to the version and the architecture. >> > In both tests, I didn't see that the hardware filters work. >> > >> > The command line I used: ./pfcount_82599 -i eth2 -v -m >> > >> > The NIC details: 06:00.1 Ethernet controller: Intel Corporation 82599EB >> > 10-Gigabit SFI/SFP+ Network Connection (rev 01) >> > >> > I used the following files: >> > 1. >> > >> https://drive.google.com/file/d/0B10Ms5GOXgCxYy1uWHZ2dXJrck0/view?usp=sharing >> > The tester program pfcount_82599.c with slight changes: enabling 3 >> > intel_82599_five_tuple_rule rules: >> > - One that drops tcp packets >> > - Second that drops packets with source 10.12.150.231 >> > - Third that drops packets with dest 10.12.150.231 >> > 2. >> > >> https://drive.google.com/file/d/0B10Ms5GOXgCxS0dxR3lTZUoyRHZyUlpoemJfT0k2cS1QRGFr/view?usp=sharing >> > The pcap file containing 344 packets, that should be filtered with >> the >> > tester above. >> > >> > Note that all 3 rules should drop the packets in the attached tester. >> > >> > Any help to prove that hardware rules work, based on the above info, >> will be >> > much appreciated. >> > >> > Thanks, >> > Amir >> >
_______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc