From owner-svn-src-all@FreeBSD.ORG  Wed May  5 10:02:53 2010
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C20BD106564A;
	Wed,  5 May 2010 10:02:53 +0000 (UTC)
	(envelope-from rpaulo@freebsd.org)
Received: from karen.lavabit.com (karen.lavabit.com [72.249.41.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 7C7CC8FC15;
	Wed,  5 May 2010 10:02:53 +0000 (UTC)
Received: from e.earth.lavabit.com (e.earth.lavabit.com [192.168.111.14])
	by karen.lavabit.com (Postfix) with ESMTP id 74DDE11BA1C;
	Wed,  5 May 2010 05:02:52 -0500 (CDT)
Received: from 10.0.10.3 (54.81.54.77.rev.vodafone.pt [77.54.81.54])
	by lavabit.com with ESMTP id 8ADHUWL21VJZ;
	Wed, 05 May 2010 05:02:52 -0500
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset=us-ascii
From: Rui Paulo <rpaulo@FreeBSD.org>
In-Reply-To: <201005050041.o450fesw090589@svn.freebsd.org>
Date: Wed, 5 May 2010 11:02:49 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <C2F9CAC7-0854-4131-BDF9-78E69EB34AC3@FreeBSD.org>
References: <201005050041.o450fesw090589@svn.freebsd.org>
To: Navdeep Parhar <np@FreeBSD.org>
X-Mailer: Apple Mail (2.1078)
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org
Subject: Re: svn commit: r207643 - in head: sys/dev/cxgb usr.sbin/cxgbtool
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2010 10:02:53 -0000

On 5 May 2010, at 01:41, Navdeep Parhar wrote:

> Author: np
> Date: Wed May  5 00:41:40 2010
> New Revision: 207643
> URL: http://svn.freebsd.org/changeset/base/207643
>=20
> Log:
>  Add support for hardware filters to cxgb(4).  The T3 chip can inspect
>  L2/3/4 headers and can drop or steer packets as instructed.  =
Filtering
>  based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac
>  addr is possible.  Add support in cxgbtool to program these filters.
>  Some simple examples:
>=20
>  Drop all tcp/80 traffic coming from the subnet specified.
>  # cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action =
drop
>=20
>  Steer all incoming UDP traffic to qset 0.
>  # cxgbtool cxgb2 filter 1 type udp queue 0 action pass
>=20
>  Steer all tcp traffic from 192.168.1.1 to qset 1.
>  # cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action =
pass
>=20
>  Drop fragments.
>  # cxgbtool cxgb2 filter 3 type frag action drop
>=20
>  List all filters.
>  # cxgbtool cxgb2 filter list
>  index         SIP                DIP     sport dport VLAN PRI P/MAC =
type Q
>      0     192.168.1.0/24         0.0.0.0     *    80    0 0/1 */*    =
tcp -
>      1         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*    =
udp 0
>      2     192.168.1.1/32         0.0.0.0     *     *    0 0/1 */*    =
tcp 1
>      3         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*   =
frag -
>  16367         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*     =
 * *
>=20
>  MFC after:	2 weeks

Wow, this is great! So this is able to do packet filtering at 10Gbps =
with no CPU impact?

Regards,
--
Rui Paulo