Hello,
Sorry if it isn't right place but I didn't find clear answer for my problem.
I'd like to use hardware filters where I'm able to specify src-ip, dst-ip,
src-port and dst-port.
ethtool returns error when I try to insert ntuple:
ethtool --config-ntuple eth0 flow-type tcp4 src-ip 10.0.0.1 dst-ip 10.0.0.2
src-port 10000 src-port-mask 0x0000 dst-port 10001 dst-port-mask 0x0000 action
-1
I got : rmgr: Cannot insert RX class rule: Invalid argument
When I execute:
ethtool --config-ntuple eth0 flow-type ip4 src-ip 10.0.0.1 dst-ip 10.0.0.2
action -1
Everything is ok: "Added rule with ID 2044"
[root@filter ~]# ethtool --show-ntuple eth0
8 RX rings available
Total 1 rules
Filter: 2044
Rule Type: Raw IPv4
Src IP addr: 10.0.0.1 mask: 0.0.0.0
Dest IP addr: 10.0.0.2 mask: 0.0.0.0
TOS: 0x0 mask: 0xff
Protocol: 0 mask: 0xff
L4 bytes: 0x0 mask: 0xffffffff
VLAN EtherType: 0x0 mask: 0xffff
VLAN: 0x0 mask: 0xffff
User-defined: 0x0 mask: 0xffffffffffffffff
Action: Drop
or
ethtool --config-ntuple eth0 flow-type tcp4 src-port 10000 src-port-mask
0x0000 action -1
"Added rule with ID 2045"
[root@filter ~]# ethtool --show-ntuple eth0
8 RX rings available
Total 1 rules
Filter: 2045
Rule Type: TCP over IPv4
Src IP addr: 0.0.0.0 mask: 255.255.255.255
Dest IP addr: 0.0.0.0 mask: 255.255.255.255
TOS: 0x0 mask: 0xff
Src port: 10000 mask: 0x0
Dest port: 0 mask: 0xffff
VLAN EtherType: 0x0 mask: 0xffff
VLAN: 0x0 mask: 0xffff
User-defined: 0x0 mask: 0xffffffffffffffff
Action: Drop
What I should do to be get working hardware filters with defined IP and port
together ?
When I add by ip filter I can't add by port filter too. Only one type of filter
could be used in one time.
Thanks for any help.
I've :
CentOS 6.5 with kernel 2.6.32-431.5.1.el6.x86_64
intel 10G card:
01:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+
Network Connection (rev 01)
01:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+
Network Connection (rev 01)
ethtool version 3.5
[root@filter ~]# modinfo ixgbe
filename:
/lib/modules/2.6.32-431.5.1.el6.x86_64/kernel/drivers/net/ixgbe/ixgbe.ko
version: 3.19.1-PF-RING-AWARE
license: GPL
description: Intel(R) 10 Gigabit PCI Express Network Driver
author: Intel Corporation, <[email protected]>
srcversion: C8FE34DAD3F2EFB2BB08D22
alias: pci:v00008086d00001560sv*sd*bc*sc*i*
alias: pci:v00008086d00001558sv*sd*bc*sc*i*
alias: pci:v00008086d0000154Asv*sd*bc*sc*i*
alias: pci:v00008086d00001557sv*sd*bc*sc*i*
alias: pci:v00008086d0000154Fsv*sd*bc*sc*i*
alias: pci:v00008086d0000154Dsv*sd*bc*sc*i*
alias: pci:v00008086d00001528sv*sd*bc*sc*i*
alias: pci:v00008086d000010F8sv*sd*bc*sc*i*
alias: pci:v00008086d0000151Csv*sd*bc*sc*i*
alias: pci:v00008086d00001529sv*sd*bc*sc*i*
alias: pci:v00008086d0000152Asv*sd*bc*sc*i*
alias: pci:v00008086d000010F9sv*sd*bc*sc*i*
alias: pci:v00008086d00001514sv*sd*bc*sc*i*
alias: pci:v00008086d00001507sv*sd*bc*sc*i*
alias: pci:v00008086d000010FBsv*sd*bc*sc*i*
alias: pci:v00008086d00001517sv*sd*bc*sc*i*
alias: pci:v00008086d000010FCsv*sd*bc*sc*i*
alias: pci:v00008086d000010F7sv*sd*bc*sc*i*
alias: pci:v00008086d00001508sv*sd*bc*sc*i*
alias: pci:v00008086d000010DBsv*sd*bc*sc*i*
alias: pci:v00008086d000010F4sv*sd*bc*sc*i*
alias: pci:v00008086d000010E1sv*sd*bc*sc*i*
alias: pci:v00008086d000010F1sv*sd*bc*sc*i*
alias: pci:v00008086d000010ECsv*sd*bc*sc*i*
alias: pci:v00008086d000010DDsv*sd*bc*sc*i*
alias: pci:v00008086d0000150Bsv*sd*bc*sc*i*
alias: pci:v00008086d000010C8sv*sd*bc*sc*i*
alias: pci:v00008086d000010C7sv*sd*bc*sc*i*
alias: pci:v00008086d000010C6sv*sd*bc*sc*i*
alias: pci:v00008086d000010B6sv*sd*bc*sc*i*
depends: dca
vermagic: 2.6.32-431.5.1.el6.x86_64 SMP mod_unload modversions
parm: InterruptType:Change Interrupt Mode (0=Legacy, 1=MSI, 2=MSI-X),
default IntMode (deprecated) (array of int)
parm: IntMode:Change Interrupt Mode (0=Legacy, 1=MSI, 2=MSI-X),
default 2 (array of int)
parm: MQ:Disable or enable Multiple Queues, default 1 (array of int)
parm: DCA:Disable or enable Direct Cache Access, 0=disabled,
1=descriptor only, 2=descriptor and data (array of int)
parm: RSS:Number of Receive-Side Scaling Descriptor Queues, default
0=number of cpus (array of int)
parm: VMDQ:Number of Virtual Machine Device Queues: 0/1 = disable,
2-16 enable (default=8) (array of int)
parm: max_vfs:Number of Virtual Functions: 0 = disable (default),
1-63 = enable this many VFs (array of int)
parm: L2LBen:L2 Loopback Enable: 0 = disable, 1 = enable (default)
(array of int)
parm: InterruptThrottleRate:Maximum interrupts per second, per
vector, (0,1,956-488281), default 1 (array of int)
parm: LLIPort:Low Latency Interrupt TCP Port (0-65535) (array of int)
parm: LLIPush:Low Latency Interrupt on TCP Push flag (0,1) (array of
int)
parm: LLISize:Low Latency Interrupt on Packet Size (0-1500) (array of
int)
parm: LLIEType:Low Latency Interrupt Ethernet Protocol Type (array of
int)
parm: LLIVLANP:Low Latency Interrupt on VLAN priority threshold
(array of int)
parm: FdirPballoc:Flow Director packet buffer allocation level:
1 = 8k hash filters or 2k perfect filters
2 = 16k hash filters or 4k perfect filters
3 = 32k hash filters or 8k perfect filters (array of
int)
parm: AtrSampleRate:Software ATR Tx packet sample rate (array of int)
parm: FCoE:Disable or enable FCoE Offload, default 1 (array of int)
parm: LRO:Large Receive Offload (0,1), default 1 = on (array of int)
parm: allow_unsupported_sfp:Allow unsupported and untested SFP+
modules on 82599 based adapters, default 0 = Disable (array of int)
[root@filter ~]# modinfo pf_ring
filename: /lib/modules/2.6.32-431.5.1.el6.x86_64/extra/pf_ring.ko
alias: net-pf-27
description: Packet capture acceleration and analysis
author: Luca Deri <[email protected]>
license: GPL
srcversion: 69FF0F125F449EBD27ED96F
depends:
vermagic: 2.6.32-431.5.1.el6.x86_64 SMP mod_unload modversions
parm: min_num_slots:Min number of ring slots (uint)
parm: perfect_rules_hash_size:Perfect rules hash size (uint)
parm: transparent_mode:0=standard Linux, 1=direct2pfring+transparent,
2=direct2pfring+non transparentFor 1 and 2 you need to use a PF_RING aware
driver (uint)
parm: enable_debug:Set to 1 to enable PF_RING debug tracing into the
syslog (uint)
parm: enable_tx_capture:Set to 1 to capture outgoing packets (uint)
parm: enable_frag_coherence:Set to 1 to handle fragments (flow
coherence) in clusters (uint)
parm: enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx
traffic is defragmentead) (uint)
parm: quick_mode:Set to 1 to run at full speed but with upto one
socket per interface (uint)
pf_ring Version 5.6.3
ixgbe module is loaded by :
modprobe ixgbe RSS=2,2,2,2 FdirPballoc=3,3,3,3
pf_ring module is loaded by:
modprobe pf_ring transparent_mode=1
ethtool -k eth0 displays:
Features for eth0:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: on
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off
ntuple-filters: on
receive-hashing: on
I don't see file /proc/net/pf_ring/dev/eth0/rules
Best regards.
--
Grzegorz Paszka
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
E1000-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/e1000-devel
To learn more about Intel® Ethernet, visit
http://communities.intel.com/community/wired
