All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Topi Wala <walatopi@gmail.com>, xdp-newbies@vger.kernel.org
Subject: Re: xdp-filter troubles
Date: Mon, 21 Sep 2020 11:44:37 +0200	[thread overview]
Message-ID: <87blhzqxa2.fsf@toke.dk> (raw)
In-Reply-To: <CAOfgOfuNuRo_dNO=RJcz1XiK_=hZmdopG12XcUFB_s0No3vsRw@mail.gmail.com>

[ adding a subject - please make sure to include one in the future ]

> I have a setup that has 2 namespaces, connected using a linux bridge,
> with veth pairs in each of the namespace.
>
> ns1=192.168.1.10/24
> ns2=192.168.1.11/24
> host-br=192.168.1.1/24
>
> I can ping between host, ns1, ns2 fine.
>
> I'm attaching an xdp filter program
> https://github.com/xdp-project/xdp-tools/blob/master/xdp-filter/xdpfilt_dny_ip.c
>
> I'm using bpftool to attach this to ns1-host end. I also attach a
> dummy xdp prog (that just returns XDP_PASS) to the end inside the ns1.
> I see all ping packets to this destination dropped. Dumping
> xdp_stats_map does show counters incremented for XDP_DROP
>
> However, when using bpftool to update the filter_ipv4 map to allow
> packets with destination to go through, it doesn't work.
>
> ./bpftool map update name filter_ipv4 key 192 168 1 10 value 2 0 0 0 0 0 0 0
>
> I've tried with pinned maps, and different combinations of key/value
> as well, to no avail. The lookup just doesn't seem to succeed. Any
> suggestions on how I might go about debugging this?

What kernel version are you using? And how are you attaching the program
- from your description I'm guessing you may be using generic XDP? Also,
why are you using bpftool to load the program instead of just using the
xdp-filter binary?

-Toke


  reply	other threads:[~2020-09-21  9:45 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-21  5:05 Topi Wala
2020-09-21  9:44 ` Toke Høiland-Jørgensen [this message]
2020-09-21 13:35   ` xdp-filter troubles Topi Wala
2020-09-21 14:02     ` Toke Høiland-Jørgensen
2020-09-22  2:28       ` Topi Wala

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87blhzqxa2.fsf@toke.dk \
    --to=toke@redhat.com \
    --cc=walatopi@gmail.com \
    --cc=xdp-newbies@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.