- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to filter network packets based on vlan tag ids. Using wireshark I can capture/inspect packets with 2 different VLAN IDs on my network. I was hoping to suppress packets associated a particular VLAN ID. So, using the ethtool I added a hardware filter as follows:
sudo ethtool -U eth11 flow-type udp4 vlan 0x65 vlan-ask 0xE000 action -1 and
sudo ethtool -U eth11 flow-type udp4 vlan 0x67 vlan-ask 0xE000 action -1
Both commands are accepted (I observe 2 message indicating that rule 2001 and 2002 has been added, respectively)
After execution of the above commands, no packets associated with VLAN 0x65 or 0x67 are received (good - what I expected). As soon as I clear
one of the hardware filters via ethtool (sudo ethtool eth11 delete 2001) I receive packets associated with both VLAN Tags 0x65 and 0x66).
I was wondering if intel driver i40e truely supports hardware filtering?
Thanks
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi MangoCebu,
Thank you for posting at Wired Communities. Let me further check regarding hardware filtering, I will keep you posted with further updates.
Thanks,
sharon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi MangoCebu,
Please provide the Intel(R) network adapter involved, Linux distribution, Ethtool -i and Ethtool -k output. These information will be helpful in our investigation. Thanks.
Regards,
Vince
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Below is the requested additional information. Please note that my workstation contains two Intel network adapters (X710 and X540-AT2). Hardware filtering is working for the X540-AT2 network adapter but it is not working correctly for the X710 adapter.
I have provided information for both adapters below. Also of possible interest, the X540-AT2 card provides VLAN information when the command ethtool --show-tuple eth8 is invoked. The X710 never reports any VLAN information for the show-tuple command.
****eth11 network interface card information (hardware filtering not working correctly)
adapter: Intel Corporation Ethernet Controller X710 for 10Gbe SFP+
------------------------------------------------------------------
ethtool -i eth11 output :
driver: i40e
version: 1.5.18
firmware-version: 4.53 0x800001f99 0.0.0
bus-info:0000:11:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes
------------------------------------------------------------------
ethtool -k eth11 output :
rx-checksumming: on
tx-checksumming: on
tx-checksum-ipv4: on
tx-checksum-unneeded: off [fixed]
tx-checksum-ip-generic: off [fixed]
tx-checksum-ipv6: on
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: on
scatter-gather: off
tx-scatter-gather:off
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
tx-tcp-segmentation: off
tx-tcp-ecn-segmentation: off
tx-tcp6-segmentation: off
udp-segmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: off
tx-vlan-offload: on
ntuple-filters: on
receive-hashing: on
highdma: on
rx-vlan-filter: on
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
loopback: off [fixed]
After entering the folowing hw filter sudo ethtool -U eth11 flow-type udp4 vlan 0x65 vlan-mask 0xE000 action 01
I run the following ethtool --show-tuple eth11 and observe the following:
Filter: 7423
Rule Type: UDP over IPv4
Src Ip addr: 0.0.0.0 mask: 255.255.255.255
Dest Ip addr: 0.0.0.0 mask: 255.255.255.255 (No VLAN information is provided for this adapter (X710)
TOS: 0x0 mask: 0xff
Src port: 0 mask: 0xffff
Dest port: 0 mask: 0xffff
Action: Drop
==================================================================
eth8 network interface card information (hardware filtering is working)
adapter: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2
eth8 network interface card ethtool -i eth8 output :
driver: ixgbe
version: 4.0.1-k
firmware-version: 0x80000313
bus-info:0000:81:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access:yes
supports-register-dump:yes
supports-priv-flags:no
ethtool -k eth8 output :
rx-checksumming: on
tx-checksumming: on
tx-checksum-ipv4: on
tx-checksum-unneeded: off
tx-checksum-ip-generic: off
tx-checksum-ipv6: on
tx-checksum-fcoe-crc: on [fixed]
tx-checksum-sctp: on [fixed]
scatter-gather: on
tx-scatter-gather:on
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
tx-tcp-segmentation: on
tx-tcp-ecn-segmentation: off
tx-tcp6-segmentation: on
udp-segmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: on
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: on [fixed]
tx-gre-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
loopback: off [fixed]
After entering the folowing hw filter sudo ethtool -U eth8 flow-type udp4 vlan 0x65 vlan-mask 0xE000 action 01
I run the following ethtool --show-tuple eth8 and observe the following:
Filter: 2045
Rule Type: UDP over IPv4
Src Ip addr: 0.0.0.0 mask: 255.255.255.255
Dest Ip addr: 0.0.0.0 mask: 255.255.255.255
TOS: 0x0 mask: 0xff
Src port: 0 mask: 0xffff
Dest port: 0 mask: 0xffff
VLAN EtherType: 0x0 mask 0xffff (VLAN information is provided)
VLAN: 0x65 mask: 0xe000
User-defined: 0x0 mask: 0xffffffffffffffff
Action: Drop
Thanks,
Manny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Manny, thank you for providing the requested information and your observation with implementing VLAN hardware filtering using X540 and X710. I'm currently checking your issue and will update this thread as soon as possible.
regards,
Vince
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Manny, after further investigation, VLAN field for Flow Director is not explicitly supported in the i40e driver, kindly refer to the readme file ( https://downloadmirror.intel.com/26370/eng/readme.txt) for reference.
regards,
Vince
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Manny,
Please feel free to update me if you still have other inquiries. Thank you.
rgds,
sharon
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page