How to add ntuple filter with different masks?

How to add ntuple filter with different masks?

Hi.

 

We are trying add different ntuple rules with different masks but nic doesn't allow to do so. 

 

For example:

 

ethtool -N enp7s0f1 flow-type tcp4 src-ip 172.16.0.0 m 0.0.255.255 action -1

 

After adding above rule, when i try adding another rule with different mask, i get error

 

ethtool -N enp7s0f1 flow-type tcp4 src-ip 192.168.0.0 m 0.0.0.255 action -1

 

I got this error 

rmgr: Cannot insert RX class rule: Invalid argument

 

and that error on dmesg

ixgbe 0000:07:00.1 enp7s0f1: Only one mask supported per port

 

And this is also valid for src-ip dst-ip src-port dst-port pairs. I can add a rule only if  it has same mask for all options. 

 

These are properties of my test machine. 

Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)

Kernel version: 3.15.9

ixgbe version: 4.0.1-k-rh7.1

OS: Centos 7

ethtool version: 3.8 (also tried with 3.18)

 

I wonder if there is a solution for that? Is it because of nic capability? or can it be fixed by recompiling driver with an option? etc.

 

Thanks for any help. 

5 帖子 / 0 全新
最新文章
如需更全面地了解编译器优化,请参阅优化注意事项

 

The sets of fields you can filter by vary greatly between different drivers and network controllers.  Here are some initial findings for this situation.  In your example you are attempting to add more than one rule to a port.  

ethtool -N enp7s0f1 flow-type tcp4 src-ip 172.16.0.0 m 0.0.255.255 action -1 

ethtool -N enp7s0f1 flow-type tcp4 src-ip 192.168.0.0 m 0.0.0.255 action -1

If you already have a rule added prior to this with different parameters then it may fail because the driver only allows one mask per port as indicated by the additional message found when using dmesg which is related to the error.

Other instances may only allow masks with src-ip or dst-ip and not both.

There are other implementations when configuring two rules with the same priority, the second rule will overwrite the first one, so the ethtool interface is effectively a table.

When inserting Flow Steering rules support is required from both the ethtool in the user space and in kernel, so bumping version is a viable options for incorporating improvements and additional capabilities.    It seems though that most dependencies are very recent.

Some other examples for reference I made note of:

ethtool –U enp7s0f1 flow-type ether dst 00:11:22:33:44:55 loc 5 action 2

All packets that contain the above destination MAC address are to be steered into rx-ring with priority 5.

ethtool –U enp7s0f1 flow-type tcp4 src-ip 1.2.3.4 dst-port 8888 loc 5 action 2

All packets that contain the above destination IP address and source port are to be steered into rx-
ring 2. When destination MAC is not given, the user's destination MAC is filled automatically.

ethtool –u enp7s0f1

Shows all of ethtool’s steering rule

dmesg

Additional error messages

Hi. 

Thanks for explanation but I still couldn't get answer I want. 

And another case I want to ask is that, when i want to add port option to rule, I'm not even able to add first rule.

 

~# ethtool -N enp7s0f1 flow-type ip4 src-ip 172.16.0.0 m 0.0.255.255 src-port 22 action -1

rmgr: Cannot insert RX class rule: Invalid argument

 

And this is the error I saw on dmesg

ixgbe 0000:07:00.0 enp7s0f0: Error writing mask

 

My questions are also valid for that case.

 

Thanks...

 

---- Edit ----

Ohh sorry this is because I set flow-type as ip4. I should set it tcp4 or udp4. You can ignore this post. But the problem in first post is still continue. 

I would like to drop all the packets, except that the destination port 80 (drop all packet except http requests)

I am able to drop http requests packets. But I would like to have the inverse of this. 

The below drops all port 80 traffic. but i need reverse condition...
ethtool --config-ntuple eno1 flow-type tcp4 dst-port 80 action -1

Please help on this.. Because in my application i process only HTTP requests. But I am getting huge packets in this interface, which are not relevant to me.  Out of 3 Gbps traffic, only about 400Mbps is HTTP traffic.

I have similar problems on i350 NIC with recent kernel, igb driver igb-5.3.5.20 and ethtool 4.18 - I can't add any rules always getting errors below. 

Please advice.

ethtool -U enp1s0f0 flow-type ip4 src-ip 172.16.0.1 action -1
rmgr: Cannot insert RX class rule: Invalid argument

 ethtool -U enp1s0f0 flow-type ip4 src-ip 172.16.0.1 action 2

rmgr: Cannot insert RX class rule: Invalid argument

dmesg shows:

[ 5671.919080] igb 0000:01:00.0: ethtool -N: The secified action is invalid

[ 5680.062262] igb 0000:01:00.0: ethtool -N: The specified action is invalid

[ 5913.949175] igb 0000:01:00.1: ethtool -N: The specified action is invalid

[ 6006.585836] igb 0000:01:00.0: ethtool -N: The specified action is invalid

发表评论

登录添加评论。还不是成员?立即加入