Hi Alfredo,
pfring_add_hw_rule() is already the function I use. I modified the code of
pfcount_82599.c to add rules of type intel_82599_perfect_filter_rule in a
loop:
int i;
for (i = 10000; i < 40000; i++) {
memset(&rule, 0, sizeof(rule)), rule.rule_family_type =
intel_82599_perfect_filter_rule;
rule.rule_id = rule_id++, perfect_rule->queue_id = -1,
perfect_rule->proto = 17,
perfect_rule->d_port = i;
rc = pfring_add_hw_rule(pd, &rule);
if(rc != 0) {
printf("pfring_add_hw_rule(%d) failed [rc=%d]: did you enable the
FlowDirector (ethtool -K ethX ntuple on)\n", rule.rule_id, rc);
break;
}
}
And pfring_add_hw_rule fails after 8190 rules insertions.
When using 5-tuple rules (intel_82599_five_tuple_rule), pfring_add_hw_rule
fails after 128 rules. This is in-line with the Intel 82599 data sheet (
https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/82599-10-gbe-controller-datasheet.pdf,
page 292).
So, I'm wondering which code to use to be able to insert the 32K filters
you mention in the FAQ?
Best Regards,
Raphael
On Thu, Aug 16, 2018 at 4:35 PM, Alfredo Cardigliano <[email protected]>
wrote:
> Hi Raphael
> please note that it is possible to use both filters types using the
> pfring_add_hw_rule() API,
> just set hw_filtering_rule.rule_family_type to
> intel_82599_five_tuple_rule or
> intel_82599_perfect_filter_rule and set the corresponding struct
> (intel_82599_five_tuple_filter_hw_rule / struct
> intel_82599_perfect_filter_hw_rule)
> Please see the sample code at
> https://github.com/ntop/PF_RING/blob/dev/userland/examples/pfcount_82599.c
>
> Alfredo
>
> On 16 Aug 2018, at 16:22, Raphael Benedet <[email protected]>
> wrote:
>
> Hello,
>
> I'm trying to set up hardware filtering on an Intel X520 board. I wanted
> to check how many filters I could set on this board so I started from the
> example pfcount_82599.c file and added a loop to add filters sequentially.
> The function pfring_add_hw_rule fails after ~ 8K filters.
>
> On the PF_RING packets filtering page (https://www.ntop.org/
> products/packet-capture/pf_ring/hardware-packet-filtering/), the FAQ
> mentions that 32K filters are supported:
>
> Q. How many filters a 82599-based card typically supports?
> A. You can have up to 32K hardware filters.
>
> I checked the Intel 82599 data sheet and the chapter "Flow Director
> Filters" mentions both a limit of ~8K filters (the one I seem to hit) and
> ~32K filters:
>
> The 82599 support two types of filtering modes (static setting by the
> FDIRCTRL.PerfectMatch bit):
> • Perfect match filters — The hardware checks a match between the masked
> fields of the received packets and the programmed filters. Masked fields
> should be programmed as zeros in the filter context. The 82599 support up
> to 8 K - 2 perfect match filters.
> • Signature filters — The hardware checks a match between a hash-based
> signature of the masked fields of the received packet. The 82599 supports
> up to 32 K - 2 signature filters.
>
> Do you know if there is a way to have access to these ~ 32K filters
> through PF_RING?
>
> Best Regards,
> Raphael
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
