svn commit: r207643 - in head: sys/dev/cxgb usr.sbin/cxgbtool
Rui Paulo
rpaulo at FreeBSD.org
Wed May 5 10:02:53 UTC 2010
On 5 May 2010, at 01:41, Navdeep Parhar wrote:
> Author: np
> Date: Wed May 5 00:41:40 2010
> New Revision: 207643
> URL: http://svn.freebsd.org/changeset/base/207643
>
> Log:
> Add support for hardware filters to cxgb(4). The T3 chip can inspect
> L2/3/4 headers and can drop or steer packets as instructed. Filtering
> based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac
> addr is possible. Add support in cxgbtool to program these filters.
> Some simple examples:
>
> Drop all tcp/80 traffic coming from the subnet specified.
> # cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action drop
>
> Steer all incoming UDP traffic to qset 0.
> # cxgbtool cxgb2 filter 1 type udp queue 0 action pass
>
> Steer all tcp traffic from 192.168.1.1 to qset 1.
> # cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action pass
>
> Drop fragments.
> # cxgbtool cxgb2 filter 3 type frag action drop
>
> List all filters.
> # cxgbtool cxgb2 filter list
> index SIP DIP sport dport VLAN PRI P/MAC type Q
> 0 192.168.1.0/24 0.0.0.0 * 80 0 0/1 */* tcp -
> 1 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* udp 0
> 2 192.168.1.1/32 0.0.0.0 * * 0 0/1 */* tcp 1
> 3 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* frag -
> 16367 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* * *
>
> MFC after: 2 weeks
Wow, this is great! So this is able to do packet filtering at 10Gbps with no CPU impact?
Regards,
--
Rui Paulo
More information about the svn-src-all
mailing list