[E1000-devel] Hardware filtering question

Lajos Kovacs Wed, 03 Dec 2014 05:06:14 -0800

Hi Everyone,

I've a similar issue as discussed in this topic: 
http://sourceforge.net/p/e1000/mailman/message/32285208/


We'd like to use hardware filtering feature of a dual port SR-IOV 
capable 10G Intel 82599 NIC on SLES11. Our goal is to drop all received 
packets except traffic from specified source IP addresses.
I can drop all packets with ethtool (ethtool -U eth5 flow-type tcp4 
src-ip 0.0.0.0 m 255.255.255.255 action -1). It works correctly, but I 
can't add a rule which route traffic to a specified receive queue:

szeph1:/usr/local/sbin # ethtool -U eth5 flow-type tcp4 src-ip 
185.72.16.6 action 0
rmgr: Cannot insert RX class rule: Invalid argument

If I specify a mask, the rule doesn't work, all packets are dropped.
szeph1:/usr/local/sbin # ethtool -U eth5 flow-type tcp4 src-ip 
185.72.16.6 m 255.255.255.255 action 0
Added rule with ID 2044
szeph1:/usr/local/sbin # ethtool -u eth5
1 RX rings available
Total 2 rules

Filter: 2044
         Rule Type: TCP over IPv4
         Src IP addr: 0.0.0.0 mask: 255.255.255.255
         Dest IP addr: 0.0.0.0 mask: 255.255.255.255
         TOS: 0x0 mask: 0xff
         Src port: 0 mask: 0xffff
         Dest port: 0 mask: 0xffff
         VLAN EtherType: 0x0 mask: 0xffff
         VLAN: 0x0 mask: 0xffff
         User-defined: 0x0 mask: 0xffffffffffffffff
         Action: Direct to queue 0

Filter: 2045
         Rule Type: TCP over IPv4
         Src IP addr: 0.0.0.0 mask: 255.255.255.255
         Dest IP addr: 0.0.0.0 mask: 255.255.255.255
         TOS: 0x0 mask: 0xff
         Src port: 0 mask: 0xffff
         Dest port: 0 mask: 0xffff
         VLAN EtherType: 0x0 mask: 0xffff
         VLAN: 0x0 mask: 0xffff
         User-defined: 0x0 mask: 0xffffffffffffffff
         Action: Drop

As I know, it's a mask related problem. I can't add new rule with 
different mask.
Is there any way or other tools to create filter rules which meets out 
need(drop all packets except specified source IP address)?
Or can I configure the NIC to drop all packets on rx-0?

We're using default ixgbe kernel module with the following option: ixgbe 
max_vfs=16
filename: 
/lib/modules/3.0.101-0.35-xen/kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko
version:        3.11.33-k
license:        GPL
description:    Intel(R) 10 Gigabit PCI Express Network Driver
author:         Intel Corporation, <linux.n...@intel.com>
srcversion:     76C492FA0B3CB3518845F24
alias:          pci:v00008086d00001560sv*sd*bc*sc*i*
alias:          pci:v00008086d0000154Asv*sd*bc*sc*i*
alias:          pci:v00008086d00001557sv*sd*bc*sc*i*
alias:          pci:v00008086d0000154Fsv*sd*bc*sc*i*
alias:          pci:v00008086d0000154Dsv*sd*bc*sc*i*
alias:          pci:v00008086d00001528sv*sd*bc*sc*i*
alias:          pci:v00008086d000010F8sv*sd*bc*sc*i*
alias:          pci:v00008086d0000151Csv*sd*bc*sc*i*
alias:          pci:v00008086d00001529sv*sd*bc*sc*i*
alias:          pci:v00008086d0000152Asv*sd*bc*sc*i*
alias:          pci:v00008086d000010F9sv*sd*bc*sc*i*
alias:          pci:v00008086d00001514sv*sd*bc*sc*i*
alias:          pci:v00008086d00001507sv*sd*bc*sc*i*
alias:          pci:v00008086d000010FBsv*sd*bc*sc*i*
alias:          pci:v00008086d00001517sv*sd*bc*sc*i*
alias:          pci:v00008086d000010FCsv*sd*bc*sc*i*
alias:          pci:v00008086d000010F7sv*sd*bc*sc*i*
alias:          pci:v00008086d00001508sv*sd*bc*sc*i*
alias:          pci:v00008086d000010DBsv*sd*bc*sc*i*
alias:          pci:v00008086d000010F4sv*sd*bc*sc*i*
alias:          pci:v00008086d000010E1sv*sd*bc*sc*i*
alias:          pci:v00008086d000010F1sv*sd*bc*sc*i*
alias:          pci:v00008086d000010ECsv*sd*bc*sc*i*
alias:          pci:v00008086d000010DDsv*sd*bc*sc*i*
alias:          pci:v00008086d0000150Bsv*sd*bc*sc*i*
alias:          pci:v00008086d000010C8sv*sd*bc*sc*i*
alias:          pci:v00008086d000010C7sv*sd*bc*sc*i*
alias:          pci:v00008086d000010C6sv*sd*bc*sc*i*
alias:          pci:v00008086d000010B6sv*sd*bc*sc*i*
depends:        mdio,hwmon,ptp
supported:      yes
vermagic:       3.0.101-0.35-xen SMP mod_unload modversions Xen
signer:         SUSE Linux Enterprise Secure Boot Signkey
sig_key: 3F:B0:77:B6:CE:BC:6F:F2:52:2E:1C:14:8C:57:C7:77:C7:88:E3:E7
sig_hashalgo:   sha256
parm:           entropy:Allow ixgbe to populate the /dev/random entropy 
pool (int)
parm:           max_vfs:Maximum number of virtual functions to allocate 
per physical function - default is zero and maximum value is 63 (uint)
parm:           allow_unsupported_sfp:Allow unsupported and untested 
SFP+ modules on 82599-based adapters (uint)
parm:           debug:Debug level (0=none,...,16=all) (int)

Thanks in advance,
Lajos

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
E1000-devel mailing list
E1000-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/e1000-devel
To learn more about Intel&#174; Ethernet, visit 
http://communities.intel.com/community/wired

[E1000-devel] Hardware filtering question

Reply via email to