On Sun, Jul 10, 2016 at 2:22 AM, Olivier Doucet <odou...@oxeva.fr> wrote: > >>On Sat, Jul 9, 2016 at 1:13 AM, Olivier Doucet <odou...@oxeva.fr> wrote: >>> I'm trying to filter ICMP trafic directly on network cards and tried to do >>> it with ethtool : >>> $ethtool --config-ntuple eth2 flow-type ether proto 1 action -1 >>> rmgr: Cannot insert RX class rule: Invalid argument $ethtool > >>> --config-ntuple eth2 flow-type ip4 l4proto 1 action -1 >>> rmgr: Cannot insert RX class rule: Invalid argument >>> >>> Is this even possible ? >>> >>> Olivier >> >> The 82599 only supports IPv4 based filtering using the ntuple filters. >> If you are wanting to filter on Ethertype you would probably need to use a >> different hardware filter and I don't think those are currently enabled in >> the ntuple interface. > Thank you for your answer. When you say "they are not enabled on the ntuple > interface", do you mean the driver is not ready ? The firmware ? > Do you know other chipset that do support filters on ethertype ?
Actually it occurs to me that you mentioned wanting to filter ICMP. ICMP isn't an Ethertype it is an IP protocol so an Ethertype filter wouldn't work. The only reason why I had mentioned filtering on ethertype is because your example filter had a reference to "ether proto" and because the 82599 does have Ethertype filters though I believe they are only used currently for FCoE. > Beside the ntuple interface, is there another way to filter packets directly > on hardware (and that would allow to filter icmp, or construct complex > filtering like "accept dst-port X and dst-port Y, filter other tcp traffic" ? There should be a few other filter types supported by the hardware, but they aren't enabled in the driver. The closest you can get with the ntuple filtering would likely be to filter based on the IP address, and even then if the frame is fragmented it will be ignored based on the way the filters work. Unfortunately I don't believe there is any way to support what you are currently looking for with the existing kernel and/or drivers. - Alex ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
