Community
cancel
Showing results for 
Search instead for 
Did you mean: 
MPolo3
Beginner
1,393 Views

82599 hardware filter to only accept UDP4 traffic sent to 53 port

Hello,

I tested hardware filters on my Ubuntu+82599 development environment and everything seemed to work great. I've further read Intel and ethtool documentation, but I've been unable to find a solution to my next question. I've got a DNS analysis tool and I would like to only accept UDP packets sent to/from 53 port (DNS request/responses) and drop everything else. In your opinion, is by any means possible to implement a hardware filter like this one (drop all non-UDP packets and not sent to 53 port) below:

ethtool --config-ntuple eth4 flow-type !udp4 dst-port !53 action -1

Thanks in advance and best regards,

Manuel Polonio

0 Kudos
6 Replies
st4
New Contributor III
63 Views

Hi mpolonio,

Thank you for the post. I will furthe check on this.

rgds

wb

st4
New Contributor III
63 Views

Hi mpolonio,

Good day. Please try to use the following command :

Iptables –A INPUT –p UDP –i eth4 –destination-port 53 –j ALLOW

Or iptables –A INPUT –p UDP –i eth4 –destination-port !53 –j DROP

Hope this helps.

rgds,

wb

MPolo3
Beginner
63 Views

Hi wb_Intel,

thank you for your answer. That's how we do it currently, but we are developing a very cpu-intensive system and want to release the linux kernel from this processing. Hardware filters or Perfect filters running on the NIC are going to be used, but we would prefer one single negative ( ! ) filter to drop all packets not intended to be analyzed, rather than multiple filters to drop, for instance:

* icmp,

* tcp,

* udp and dst port 161 or 162...

* and so on

 

I'm starting to think that the filter we are searching for is not feasible at all (running on the NIC).

 

Thanks and best regards,

Manuel Polonio

 

SYeo3
Valued Contributor I
63 Views

Hi Manuel,

Thanks for your updates. We'll further check on this.

Sincerely,

Sandy

MPolo3
Beginner
63 Views

Since it seems to be impossible to be accomplished with one single filter rule, I'm trying to add as many filter rules as required. My first rule is for DNS requests (analyzed traffic is mainly DNS and this filter is supposed to filter out 40 to 50% from original traffic) and it runs fine. When I try to add a rule to filter out TCP traffic it fails as shown below:

sudo ethtool --config-ntuple em50 flow-type udp4 dst-port 53 action -1

Added rule with ID 8189

sudo ethtool --config-ntuple em50 flow-type tcp4 action -1

rmgr: Cannot insert RX class rule: Invalid argument

If I change the order of the rules the same error is returned, but both rules work fine when applied alone. It's the same when I try to filter out any of the other protocols supported for flow-type.

I would greatly appreciate any suggestion on how to solve this issue.

Thank you very much and best regards,

Manuel

SYeo3
Valued Contributor I
63 Views

Hi Manuel,

Thanks for the update.

The filters you are trying to configure cannot be done on the network card. That's why you are getting those errors. You will have to do it on the firewall.

Hope this helps.

Sincerely,

Sandy

Reply