Date: Wed, 5 May 2010 11:02:49 +0100 From: Rui Paulo <rpaulo@FreeBSD.org> To: Navdeep Parhar <np@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r207643 - in head: sys/dev/cxgb usr.sbin/cxgbtool Message-ID: <C2F9CAC7-0854-4131-BDF9-78E69EB34AC3@FreeBSD.org> In-Reply-To: <201005050041.o450fesw090589@svn.freebsd.org>
index | next in thread | previous in thread | raw e-mail
On 5 May 2010, at 01:41, Navdeep Parhar wrote: > Author: np > Date: Wed May 5 00:41:40 2010 > New Revision: 207643 > URL: http://svn.freebsd.org/changeset/base/207643 > > Log: > Add support for hardware filters to cxgb(4). The T3 chip can inspect > L2/3/4 headers and can drop or steer packets as instructed. Filtering > based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac > addr is possible. Add support in cxgbtool to program these filters. > Some simple examples: > > Drop all tcp/80 traffic coming from the subnet specified. > # cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action drop > > Steer all incoming UDP traffic to qset 0. > # cxgbtool cxgb2 filter 1 type udp queue 0 action pass > > Steer all tcp traffic from 192.168.1.1 to qset 1. > # cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action pass > > Drop fragments. > # cxgbtool cxgb2 filter 3 type frag action drop > > List all filters. > # cxgbtool cxgb2 filter list > index SIP DIP sport dport VLAN PRI P/MAC type Q > 0 192.168.1.0/24 0.0.0.0 * 80 0 0/1 */* tcp - > 1 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* udp 0 > 2 192.168.1.1/32 0.0.0.0 * * 0 0/1 */* tcp 1 > 3 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* frag - > 16367 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* * * > > MFC after: 2 weeks Wow, this is great! So this is able to do packet filtering at 10Gbps with no CPU impact? Regards, -- Rui Paulohome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C2F9CAC7-0854-4131-BDF9-78E69EB34AC3>