On 01/23/2013 03:29 PM, Sascha Fahl wrote: > Dear Mr Duyck, > > We just purchased an Intel X520-SR1 NIC and installed it on a server > running Debian 7 with Linux 3.7.4. In the context of a research project > we'd like to use the hardware packet filtering feature to filter out all > network traffic except HTTPS which comes into our nic through a mirror > port. Hence, we tried our luck with ethtool and the --configure-ntuple > option to add filters. All we could achieve was filtering for either > dst-port 443 and dst-port-mask 0x0000 or src-port 443 and src-port-mask > 0x0000. Sadly this didn't work out very well. Searching the Internet we > couldn't find any documentation on setting ntuple rules. Do you have any > tips or further documentation available to realize filter rules to > accept only traffic with src and dst port 443? > > > Thank you very much, > Sascha
The problem in trying to use the ntuple filtering mechanism is that the ntuple filters require a fixed mask to be used for all filters. As such using a mixed filter where you are ignoring the destination port in one mask, and the source port in another is not possible. An alternative you may want to look at would be to make use of the L3/L4 5-tuple filters included in the 82599 Ethernet controller used on the X520 NIC. This would allow you to set up two rules to route traffic either to or from port 443 to a specified queue. A datasheet for the 82599 is available for download from e1000.sf.net. It explains how to go about configuring the 5-tuple filters. The other piece in all of this is to come up with a way to drop the traffic you are not looking for. The easiest way to do this would probably be set the rrs_i in ixgbe_setup_mrqc to 1, and then to modify ixgbe_configure_rx_ring so that The Rx ring with a queue_index of 0 is never enabled. By doing that all of the traffic should be automatically routed to a disabled queue and as a result be dropped, and as long as there are 5-tuple queue filter rules routing the traffic you want to capture to other queues you should able to see only the traffic you want to capture. Thanks, Alex ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d _______________________________________________ E1000-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
