Re: xdp-filter troubles - Toke Høiland-Jørgensen

XDP-Newbies Archive mirror
 help / color / mirror / Atom feed

From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Topi Wala <walatopi@gmail.com>, xdp-newbies@vger.kernel.org
Subject: Re: xdp-filter troubles
Date: Mon, 21 Sep 2020 11:44:37 +0200	[thread overview]
Message-ID: <87blhzqxa2.fsf@toke.dk> (raw)
In-Reply-To: <CAOfgOfuNuRo_dNO=RJcz1XiK_=hZmdopG12XcUFB_s0No3vsRw@mail.gmail.com>

[ adding a subject - please make sure to include one in the future ]

> I have a setup that has 2 namespaces, connected using a linux bridge,
> with veth pairs in each of the namespace.
>
> ns1=192.168.1.10/24
> ns2=192.168.1.11/24
> host-br=192.168.1.1/24
>
> I can ping between host, ns1, ns2 fine.
>
> I'm attaching an xdp filter program
> https://github.com/xdp-project/xdp-tools/blob/master/xdp-filter/xdpfilt_dny_ip.c
>
> I'm using bpftool to attach this to ns1-host end. I also attach a
> dummy xdp prog (that just returns XDP_PASS) to the end inside the ns1.
> I see all ping packets to this destination dropped. Dumping
> xdp_stats_map does show counters incremented for XDP_DROP
>
> However, when using bpftool to update the filter_ipv4 map to allow
> packets with destination to go through, it doesn't work.
>
> ./bpftool map update name filter_ipv4 key 192 168 1 10 value 2 0 0 0 0 0 0 0
>
> I've tried with pinned maps, and different combinations of key/value
> as well, to no avail. The lookup just doesn't seem to succeed. Any
> suggestions on how I might go about debugging this?

What kernel version are you using? And how are you attaching the program
- from your description I'm guessing you may be using generic XDP? Also,
why are you using bpftool to load the program instead of just using the
xdp-filter binary?

-Toke

next prev parent reply	other threads:[~2020-09-21  9:45 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-21  5:05 Topi Wala
2020-09-21  9:44 ` Toke Høiland-Jørgensen [this message]
2020-09-21 13:35   ` xdp-filter troubles Topi Wala
2020-09-21 14:02     ` Toke Høiland-Jørgensen
2020-09-22  2:28       ` Topi Wala

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87blhzqxa2.fsf@toke.dk \
    --to=toke@redhat.com \
    --cc=walatopi@gmail.com \
    --cc=xdp-newbies@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).