On 5 May 2010, at 01:41, Navdeep Parhar wrote: > Author: np > Date: Wed May 5 00:41:40 2010 > New Revision: 207643 > URL: http://svn.freebsd.org/changeset/base/207643 > > Log: > Add support for hardware filters to cxgb(4). The T3 chip can inspect > L2/3/4 headers and can drop or steer packets as instructed. Filtering > based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac > addr is possible. Add support in cxgbtool to program these filters. > Some simple examples: > > Drop all tcp/80 traffic coming from the subnet specified. > # cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action drop > > Steer all incoming UDP traffic to qset 0. > # cxgbtool cxgb2 filter 1 type udp queue 0 action pass > > Steer all tcp traffic from 192.168.1.1 to qset 1. > # cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action pass > > Drop fragments. > # cxgbtool cxgb2 filter 3 type frag action drop > > List all filters. > # cxgbtool cxgb2 filter list > index SIP DIP sport dport VLAN PRI P/MAC type Q > 0 192.168.1.0/24 0.0.0.0 * 80 0 0/1 */* tcp - > 1 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* udp 0 > 2 192.168.1.1/32 0.0.0.0 * * 0 0/1 */* tcp 1 > 3 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* frag - > 16367 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* * * > > MFC after: 2 weeks
Wow, this is great! So this is able to do packet filtering at 10Gbps with no CPU impact? Regards, -- Rui Paulo _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
