Re: [net-next PATCH] e1000: add initial XDP support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: John Fastabend <john.fastabend@gmail.com>,
	bblanco@plumgrid.com, davem@davemloft.net,
	alexei.starovoitov@gmail.com, john.r.fastabend@intel.com,
	netdev@vger.kernel.org, xiyou.wangcong@gmail.com,
	brouer@redhat.com
Subject: Re: [net-next PATCH] e1000: add initial XDP support
Date: Mon, 29 Aug 2016 17:55:09 +0200	[thread overview]
Message-ID: <20160829175509.7ed19b89@redhat.com> (raw)
In-Reply-To: <20160829153905.50066865@redhat.com>


Hi Jamal,

I'm adding: drop a specific UDP port option to my script... But I does
not match/drop the packets, command below does apply, but it does not
work in practice

$ ./tc_ingress_drop.sh --verbose --dev mlx5p2 --port 9
tc qdisc del dev mlx5p2 ingress
tc qdisc add dev mlx5p2 ingress
tc filter add dev mlx5p2 parent ffff: prio 4 protocol ip u32 match ip protocol 17 0xff match udp dst 9 0xffff flowid 1:1 action drop

(Use-case is obviously to drop pktgen UDP packets.)

I also tried with:

 tc filter add dev mlx5p2 parent ffff: prio 4 protocol ip \
  u32 \
  match udp dst 9 0xffff \
  match ip protocol 17 0xff flowid 1:1 action drop

--Jesper
(top post)

On Mon, 29 Aug 2016 15:39:05 +0200 Jesper Dangaard Brouer <brouer@redhat.com> wrote:

> On Mon, 29 Aug 2016 06:53:53 -0400
> Jamal Hadi Salim <jhs@mojatatu.com> wrote:
> 
> > On 16-08-29 04:30 AM, Jesper Dangaard Brouer wrote:
> >   
> > > Hi Jamal,
> > >
> > > Can you please provide a simple "tc" command that implements "tc drop"?
> > >
> > > Then, I'll add this to the series of tests I'm using for (what I call)
> > > "zoom-in" benchmarking.
> > >    
> > 
> > Thanks Jesper.  
> 
> I've created a script called tc_ingress_drop.sh[1] which uses the
> commands you provided below.  Now people can easily use this script to
> perform the benchmark you were requesting ;-)
> 
> [1] https://github.com/netoptimizer/network-testing/blob/master/bin/tc_ingress_drop.sh
> 
> Example to enable dropping:
> 
>  $ ./tc_ingress_drop.sh --dev mlx5p2 --verbose
>  # (Not root, running with sudo)
>  # Flush existing ingress qdisc on device :mlx5p2
>  tc qdisc del dev mlx5p2 ingress
>  tc qdisc add dev mlx5p2 ingress
>  # Simply drop all ingress packets on device: mlx5p2
>  tc filter add dev mlx5p2 parent ffff: prio 2 protocol ip u32 match u32 0 0 flowid 1:1 action drop
> 
> Example to disable again:
>  ./tc_ingress_drop.sh --dev mlx5p2 --flush
> 
>  
> > Something simple since this is done in ingress; lets say drop icmp
> > packets:
> > 
> > export ETH=eth0
> > export TC=/sbin/tc
> > #delete existing ingress qdisc - flushes all filters/actions
> > sudo $TC qdisc del dev $ETH ingress
> > #re-add ingress
> > sudo $TC qdisc add dev $ETH ingress
> > #
> > #simple rule to drop all icmp
> > sudo $TC filter add dev $ETH parent ffff: prio 4 protocol ip \
> > u32 match ip protocol 1 0xff flowid 1:1 \
> > action drop
> > 
> > # other type of filters if you want to compare instead of above
> > #
> > # a)drop all
> > sudo $TC filter add dev $ETH parent ffff: prio 2 protocol ip \
> > u32 match u32 0 0 flowid 1:1 \
> > action drop
> > #b) drop if src is XXX
> > sudo $TC filter add dev $ETH parent ffff: prio 2 protocol ip \
> > u32 match ip src 192.168.100.1 flowid 1:1 \
> > action drop
> >   



-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Principal Kernel Engineer at Red Hat
  Author of http://www.iptv-analyzer.org
  LinkedIn: http://www.linkedin.com/in/brouer

next prev parent reply	other threads:[~2016-08-29 15:55 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-27  7:11 [net-next PATCH] e1000: add initial XDP support John Fastabend
2016-08-28  5:55 ` Or Gerlitz
2016-08-29  5:33   ` John Fastabend
2016-08-28 12:23 ` Jamal Hadi Salim
2016-08-29  8:30   ` Jesper Dangaard Brouer
2016-08-29 10:53     ` Jamal Hadi Salim
2016-08-29 13:39       ` Jesper Dangaard Brouer
2016-08-29 15:55         ` Jesper Dangaard Brouer [this message]
2016-08-30 12:13           ` Jamal Hadi Salim
2016-08-30 13:31             ` Jesper Dangaard Brouer
2016-09-01 21:35               ` John Fastabend
2016-09-01 19:33       ` John Fastabend
2016-08-28 15:56 ` William Tu
2016-08-29  5:36   ` John Fastabend

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160829175509.7ed19b89@redhat.com \
    --to=brouer@redhat.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=bblanco@plumgrid.com \
    --cc=davem@davemloft.net \
    --cc=jhs@mojatatu.com \
    --cc=john.fastabend@gmail.com \
    --cc=john.r.fastabend@intel.com \
    --cc=netdev@vger.kernel.org \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.