From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: John Fastabend <john.fastabend@gmail.com>,
bblanco@plumgrid.com, davem@davemloft.net,
alexei.starovoitov@gmail.com, john.r.fastabend@intel.com,
netdev@vger.kernel.org, xiyou.wangcong@gmail.com,
brouer@redhat.com
Subject: Re: [net-next PATCH] e1000: add initial XDP support
Date: Tue, 30 Aug 2016 15:31:55 +0200 [thread overview]
Message-ID: <20160830153155.702868f5@redhat.com> (raw)
In-Reply-To: <09886285-aeae-625d-9d0e-bec1c1944efe@mojatatu.com>
On Tue, 30 Aug 2016 08:13:15 -0400 Jamal Hadi Salim <jhs@mojatatu.com> wrote:
> On 16-08-29 11:55 AM, Jesper Dangaard Brouer wrote:
> > tc filter add dev mlx5p2 parent ffff: prio 4 protocol ip u32 match ip protocol 17 0xff match udp dst 9 0xffff flowid 1:1 action
>
> Syntax is a little more convoluted than that ;->. Try:
>
> sudo tc filter add dev eth0 parent ffff: prio 4 protocol ip u32 \
> match ip protocol 17 0xff \
> match ip dport 1900 0xffff \
> flowid 1:1 \
> action drop
I think I figured out why, match "udp dst" does not work. It seems to
depend on "nexthdr+0" which is an implicit variable, that for unknown
reasons are not set in my original rule (above).
Before you suggestion I managed to match the udp port by manually
defining the offset, assuming an IP-header is 20 bytes (no-options),
like:
tc filter add dev $device parent ffff: prio 4 protocol ip \
u32 \
match ip protocol 17 0xff \
match udp dst $udp_port 0xffff at 21\
flowid 1:1 \
action drop
You solution with "ip dport" also works, but man[1] tc-u32(8) also have
a warning about "ip dport" size assumptions...
Updated my script to use "u32 match ip port":
https://github.com/netoptimizer/network-testing/commit/6449f6beb4d2
> Note, this will be more cycles than drop all.
Yes, that is the point ;-) XDP also does header parsing...
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
[1] http://man7.org/linux/man-pages/man8/tc-u32.8.html#SELECTORS
next prev parent reply other threads:[~2016-08-30 13:32 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-27 7:11 [net-next PATCH] e1000: add initial XDP support John Fastabend
2016-08-28 5:55 ` Or Gerlitz
2016-08-29 5:33 ` John Fastabend
2016-08-28 12:23 ` Jamal Hadi Salim
2016-08-29 8:30 ` Jesper Dangaard Brouer
2016-08-29 10:53 ` Jamal Hadi Salim
2016-08-29 13:39 ` Jesper Dangaard Brouer
2016-08-29 15:55 ` Jesper Dangaard Brouer
2016-08-30 12:13 ` Jamal Hadi Salim
2016-08-30 13:31 ` Jesper Dangaard Brouer [this message]
2016-09-01 21:35 ` John Fastabend
2016-09-01 19:33 ` John Fastabend
2016-08-28 15:56 ` William Tu
2016-08-29 5:36 ` John Fastabend
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160830153155.702868f5@redhat.com \
--to=brouer@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=bblanco@plumgrid.com \
--cc=davem@davemloft.net \
--cc=jhs@mojatatu.com \
--cc=john.fastabend@gmail.com \
--cc=john.r.fastabend@intel.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.