From: John Fastabend <john.fastabend@gmail.com>
To: Jesper Dangaard Brouer <brouer@redhat.com>,
Jamal Hadi Salim <jhs@mojatatu.com>
Cc: bblanco@plumgrid.com, davem@davemloft.net,
alexei.starovoitov@gmail.com, john.r.fastabend@intel.com,
netdev@vger.kernel.org, xiyou.wangcong@gmail.com
Subject: Re: [net-next PATCH] e1000: add initial XDP support
Date: Thu, 1 Sep 2016 14:35:20 -0700 [thread overview]
Message-ID: <57C89F18.5030807@gmail.com> (raw)
In-Reply-To: <20160830153155.702868f5@redhat.com>
On 16-08-30 06:31 AM, Jesper Dangaard Brouer wrote:
> On Tue, 30 Aug 2016 08:13:15 -0400 Jamal Hadi Salim <jhs@mojatatu.com> wrote:
>
>> On 16-08-29 11:55 AM, Jesper Dangaard Brouer wrote:
>>> tc filter add dev mlx5p2 parent ffff: prio 4 protocol ip u32 match ip protocol 17 0xff match udp dst 9 0xffff flowid 1:1 action
>>
>> Syntax is a little more convoluted than that ;->. Try:
>>
>> sudo tc filter add dev eth0 parent ffff: prio 4 protocol ip u32 \
>> match ip protocol 17 0xff \
>> match ip dport 1900 0xffff \
>> flowid 1:1 \
>> action drop
>
> I think I figured out why, match "udp dst" does not work. It seems to
> depend on "nexthdr+0" which is an implicit variable, that for unknown
> reasons are not set in my original rule (above).
>
> Before you suggestion I managed to match the udp port by manually
> defining the offset, assuming an IP-header is 20 bytes (no-options),
> like:
>
> tc filter add dev $device parent ffff: prio 4 protocol ip \
> u32 \
> match ip protocol 17 0xff \
> match udp dst $udp_port 0xffff at 21\
> flowid 1:1 \
> action drop
>
> You solution with "ip dport" also works, but man[1] tc-u32(8) also have
> a warning about "ip dport" size assumptions...
>
> Updated my script to use "u32 match ip port":
> https://github.com/netoptimizer/network-testing/commit/6449f6beb4d2
>
FWIW the 'udp dst' notation is quit fragile in that it only reads an
offset into the packet where a udp dst port might be. More robust
solutions require the use of links.
I have a wrapper tool around the 'link' creation part of u32 that we
can probably show off at netconf. :)
>> Note, this will be more cycles than drop all.
>
> Yes, that is the point ;-) XDP also does header parsing...
>
next prev parent reply other threads:[~2016-09-01 21:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-27 7:11 [net-next PATCH] e1000: add initial XDP support John Fastabend
2016-08-28 5:55 ` Or Gerlitz
2016-08-29 5:33 ` John Fastabend
2016-08-28 12:23 ` Jamal Hadi Salim
2016-08-29 8:30 ` Jesper Dangaard Brouer
2016-08-29 10:53 ` Jamal Hadi Salim
2016-08-29 13:39 ` Jesper Dangaard Brouer
2016-08-29 15:55 ` Jesper Dangaard Brouer
2016-08-30 12:13 ` Jamal Hadi Salim
2016-08-30 13:31 ` Jesper Dangaard Brouer
2016-09-01 21:35 ` John Fastabend [this message]
2016-09-01 19:33 ` John Fastabend
2016-08-28 15:56 ` William Tu
2016-08-29 5:36 ` John Fastabend
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57C89F18.5030807@gmail.com \
--to=john.fastabend@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=bblanco@plumgrid.com \
--cc=brouer@redhat.com \
--cc=davem@davemloft.net \
--cc=jhs@mojatatu.com \
--cc=john.r.fastabend@intel.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.