[Ntop-misc] NIC offload features integration
Hello, folks! I'm working on user space tcp/ip implementation now. I have modern network cards with many types of hardware offload. I interested in tcp and ip checksumm validation/generation. But I could not find any flags in pfring parsed packet header about succsess or fail in checksumm validation. But checksumm offliad is definitely working and I coukd see counter values in network card stats. Nic offload features provide huge performance benefits and will be fine if you provide code and examples fir they. Thank you for your attention! -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] NIC offload features integration
Hi Pavel pf_ring with standard drivers provides information about checksum offload when enabled, please take a look at pfring_pkthdr.extended_hdr.flags #define PKT_FLAGS_CHECKSUM_OFFLOAD 1 0 /* IP/TCP checksum offload enabled */ #define PKT_FLAGS_CHECKSUM_OK 1 1 /* Valid checksum (with IP/TCP checksum offload enabled) */ We will add support for this also to ZC ASAP. Alfredo On 02 Apr 2015, at 08:28, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello, folks! I'm working on user space tcp/ip implementation now. I have modern network cards with many types of hardware offload. I interested in tcp and ip checksumm validation/generation. But I could not find any flags in pfring parsed packet header about succsess or fail in checksumm validation. But checksumm offliad is definitely working and I coukd see counter values in network card stats. Nic offload features provide huge performance benefits and will be fine if you provide code and examples fir they. Thank you for your attention! -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] NIC offload features integration
Thank you so much! I interested in ZC version because it could work on wire speed and offload features are explicit in this case. I will test offload feature asap ;) On Thursday, April 2, 2015, Alfredo Cardigliano cardigli...@ntop.org wrote: Hi Pavel pf_ring with standard drivers provides information about checksum offload when enabled, please take a look at pfring_pkthdr.extended_hdr.flags #define PKT_FLAGS_CHECKSUM_OFFLOAD 1 0 /* IP/TCP checksum offload enabled */ #define PKT_FLAGS_CHECKSUM_OK 1 1 /* Valid checksum (with IP/TCP checksum offload enabled) */ We will add support for this also to ZC ASAP. Alfredo On 02 Apr 2015, at 08:28, Pavel Odintsov pavel.odint...@gmail.com javascript:_e(%7B%7D,'cvml','pavel.odint...@gmail.com'); wrote: Hello, folks! I'm working on user space tcp/ip implementation now. I have modern network cards with many types of hardware offload. I interested in tcp and ip checksumm validation/generation. But I could not find any flags in pfring parsed packet header about succsess or fail in checksumm validation. But checksumm offliad is definitely working and I coukd see counter values in network card stats. Nic offload features provide huge performance benefits and will be fine if you provide code and examples fir they. Thank you for your attention! -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it javascript:_e(%7B%7D,'cvml','Ntop-misc@listgateway.unipi.it'); http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] Avx v2 support for pfring zc
Hi Pavel just added to SVN Alfredo On 02 Apr 2015, at 16:12, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello! I have modern cpu with avx 2 support (e5 2697v3). Do you have any plans for supporting it in zc library? I checked zc libs and descided you have only avx 1 support. -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
[Ntop-misc] Avx v2 support for pfring zc
Hello! I have modern cpu with avx 2 support (e5 2697v3). Do you have any plans for supporting it in zc library? I checked zc libs and descided you have only avx 1 support. -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] pfring filtering fails or not clear
Hi Amir how did you load pf_ring.ko? Can I see the command line? Please also try using latest code from svn, this helps us debugging the issue. Br Alfredo On 01 Apr 2015, at 18:22, Amir Kaduri akadur...@gmail.com wrote: Hello, I’m using PF_RING-6.0.1. I’m trying to develop an application that runs some algorithm consisting on rules. I made some tests using the “pfcount” tester, and unfortunately, I don’t understand the behavior: I’m running the following command line: “./pfcount -i eth3 -u 2 -v 1 -r –m” which AFAIU, adds a wildcard filter for each incoming packet. If I get it correctly, once a rule was added, I should not expect other packets of the same session to receive, and this is not what I’m getting. For example: --- [root@CT10K10G examples]# ./pfcount -i eth3 -u 2 -v 1 -r -m Adding wildcard filtering rules Using PF_RING v.6.0.1 Capturing from eth3 [00:E0:ED:FE:18:19][ifIndex: 11] # Device RX channels: 6 # Polling threads:1 Dumping statistics on /proc/net/pf_ring/stats/11993-eth3.1074 18:52:35.956295950 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 http://10.61.10.9:52311/ - 10.70.150.108:60189 http://10.70.150.108:60189/] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596843063] [caplen=128][len=1522][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 0 added successfully... 18:52:35.956301616 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 http://10.61.10.9:52311/ - 10.70.150.108:60189 http://10.70.150.108:60189/] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596844523] [caplen=128][len=650][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 1 added successfully... 18:52:35.956303262 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 http://10.61.10.9:52311/ - 10.70.150.108:60189 http://10.70.150.108:60189/] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596845111] [caplen=128][len=1086][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 2 added successfully... : --- How come, that once rule #0 was added for [10.61.10.9:52311 http://10.61.10.9:52311/ - 10.70.150.108:60189 http://10.70.150.108:60189/], I still see such packets in the next lines? Shouldn’t they be filtered by the rule that just as added? (BTW, when I use the command “./pfcount -i eth3 -u 1 -v 1 -r –m” (i.e. –u is 1 rather than 2), the tester uses hash filters, and in this case, I get errors: 18:53:19.052549112 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 http://10.61.10.9:52311/ - 10.70.150.108:60189 http://10.70.150.108:60189/] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596847159] [caplen=128][len=1490][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] pfring_add_hash_filtering_rule(1) failed) Any help will be appreciated. Thanks, Amir ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] pfring filtering fails or not clear
Hi Alfredo, Thanks for referring to my question. I hope the following answers: [root@CT10K10G]# cat /etc/pf_ring/pfring.conf min_num_slots=1024 transparent_mode=2 enable_frag_coherence=1 enable_ip_defrag=1 [root@CT10K10G]# cat /proc/net/pf_ring/info PF_RING Version : 6.0.1 ($Revision: exported$) Total rings : 0 Standard (non DNA) Options Ring slots : 1024 Slot version : 15 Capture TX : Yes [RX+TX] IP Defragment: Yes Socket Mode : Standard Transparent mode : No [mode 2] Total plugins: 0 Cluster Fragment Queue : 0 Cluster Fragment Discard : 0 Thanks, Amir On Thu, Apr 2, 2015 at 4:10 PM, Alfredo Cardigliano cardigli...@ntop.org wrote: Hi Amir how did you load pf_ring.ko? Can I see the command line? Please also try using latest code from svn, this helps us debugging the issue. Br Alfredo On 01 Apr 2015, at 18:22, Amir Kaduri akadur...@gmail.com wrote: Hello, I’m using PF_RING-6.0.1. I’m trying to develop an application that runs some algorithm consisting on rules. I made some tests using the “pfcount” tester, and unfortunately, I don’t understand the behavior: I’m running the following command line: “./pfcount -i eth3 -u 2 -v 1 -r –m” which AFAIU, adds a wildcard filter for each incoming packet. If I get it correctly, once a rule was added, I should not expect other packets of the same session to receive, and this is not what I’m getting. For example: --- [root@CT10K10G examples]# ./pfcount -i eth3 -u 2 -v 1 -r -m Adding wildcard filtering rules Using PF_RING v.6.0.1 Capturing from eth3 [00:E0:ED:FE:18:19][ifIndex: 11] # Device RX channels: 6 # Polling threads:1 Dumping statistics on /proc/net/pf_ring/stats/11993-eth3.1074 18:52:35.956295950 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 - 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596843063] [caplen=128][len=1522][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 0 added successfully... 18:52:35.956301616 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 - 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596844523] [caplen=128][len=650][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 1 added successfully... 18:52:35.956303262 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 - 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596845111] [caplen=128][len=1086][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 2 added successfully... : --- How come, that once rule #0 was added for [10.61.10.9:52311 - 10.70.150.108:60189], I still see such packets in the next lines? Shouldn’t they be filtered by the rule that just as added? (BTW, when I use the command “./pfcount -i eth3 -u 1 -v 1 -r –m” (i.e. –u is 1 rather than 2), the tester uses hash filters, and in this case, I get errors: 18:53:19.052549112 [RX][if_index=11][00:08:E3:FF:FC:C8 - 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 - 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596847159] [caplen=128][len=1490][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] pfring_add_hash_filtering_rule(1) failed) Any help will be appreciated. Thanks, Amir ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] nprobe + ntopng WLAN fields query
Hi Luca, I dont have the pcap file as of now. I can provide one in a week or two timeframe. Thanks Rahul On Wed, Apr 1, 2015 at 10:00 PM, Luca Deri d...@ntop.org wrote: Rahul, do you have a pcap file (flows + template) to share? Luca On 02 Apr 2015, at 01:27, Rahul Jain jrahu...@gmail.com wrote: Hi Luca, These fields are used for Wireless LAN. Cisco supports these fields and there are some Netflow collectors will understands these fields. http://mrncciew.com/2013/02/13/who-really-support-wlc-netflow/ Thanks Rahul On Wed, Apr 1, 2015 at 3:56 PM, Luca Deri d...@ntop.org wrote: Rahul, we have never seen flows like these, but we can of course (with your help) support them Luca On 01 Apr 2015, at 22:46, Rahul Jain jrahu...@gmail.com wrote: Hi All, Does nprobe + ntopng support WLAN fields. I am evaluating IPFIX collector for WLAN statistics. Template I have in mind is, wlanChannedlD wlanSSID staMacAddress staIPv4Address wtpMacAddress packetTotalCount octetTotalCount This template will give WLAN info, like CLIENT C1 (IP/MAC) connected to SSID on AP (AP MAC) and total packets sent and received. Can nprobe decode this template; and Ntopng consume this data, and show the statistics on GUI? Thanks Rahul ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] Avx v2 support for pfring zc
Wow! Awesome! Saw it https://svn.ntop.org/svn/ntop/trunk/PF_RING/userland/lib/libs/ :) Will test shortly! On Thu, Apr 2, 2015 at 6:36 PM, Alfredo Cardigliano cardigli...@ntop.org wrote: Hi Pavel just added to SVN Alfredo On 02 Apr 2015, at 16:12, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello! I have modern cpu with avx 2 support (e5 2697v3). Do you have any plans for supporting it in zc library? I checked zc libs and descided you have only avx 1 support. -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Sincerely yours, Pavel Odintsov ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc