Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 May 2010 11:02:49 +0100
From:      Rui Paulo <rpaulo@FreeBSD.org>
To:        Navdeep Parhar <np@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r207643 - in head: sys/dev/cxgb usr.sbin/cxgbtool
Message-ID:  <C2F9CAC7-0854-4131-BDF9-78E69EB34AC3@FreeBSD.org>
In-Reply-To: <201005050041.o450fesw090589@svn.freebsd.org>
References:  <201005050041.o450fesw090589@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 5 May 2010, at 01:41, Navdeep Parhar wrote:

> Author: np
> Date: Wed May  5 00:41:40 2010
> New Revision: 207643
> URL: http://svn.freebsd.org/changeset/base/207643
>=20
> Log:
>  Add support for hardware filters to cxgb(4).  The T3 chip can inspect
>  L2/3/4 headers and can drop or steer packets as instructed.  =
Filtering
>  based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac
>  addr is possible.  Add support in cxgbtool to program these filters.
>  Some simple examples:
>=20
>  Drop all tcp/80 traffic coming from the subnet specified.
>  # cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action =
drop
>=20
>  Steer all incoming UDP traffic to qset 0.
>  # cxgbtool cxgb2 filter 1 type udp queue 0 action pass
>=20
>  Steer all tcp traffic from 192.168.1.1 to qset 1.
>  # cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action =
pass
>=20
>  Drop fragments.
>  # cxgbtool cxgb2 filter 3 type frag action drop
>=20
>  List all filters.
>  # cxgbtool cxgb2 filter list
>  index         SIP                DIP     sport dport VLAN PRI P/MAC =
type Q
>      0     192.168.1.0/24         0.0.0.0     *    80    0 0/1 */*    =
tcp -
>      1         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*    =
udp 0
>      2     192.168.1.1/32         0.0.0.0     *     *    0 0/1 */*    =
tcp 1
>      3         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*   =
frag -
>  16367         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*     =
 * *
>=20
>  MFC after:	2 weeks

Wow, this is great! So this is able to do packet filtering at 10Gbps =
with no CPU impact?

Regards,
--
Rui Paulo

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C2F9CAC7-0854-4131-BDF9-78E69EB34AC3>