From: satish dhote <sdhote926@gmail.com>
To: netdev@vger.kernel.org
Subject: Question about TC filter
Date: Wed, 5 Aug 2020 11:08:08 +0530 [thread overview]
Message-ID: <CAFbJv-4yACz4Zzj50JxeU-ovnKMQP_Lo-1tk2jRuOJEs0Up6MQ@mail.gmail.com> (raw)
Hi Team,
I have a question regarding tc filter behavior. I tried to look
for the answer over the web and netdev FAQ but didn't get the
answer. Hence I'm looking for your help.
I added ingress qdisc for interface enp0s25 and then configured the
tc filter as shown below, but after adding filters I realize that
rule is reflected as a result of both ingress and egress filter
command? Is this the expected behaviour? or a bug? Why should the
same filter be reflected in both ingress and egress path?
I understand that policy is always configured for ingress traffic,
so I believe that filters should not be reflected with egress.
Behaviour is same when I offloaded ovs flow to the tc software
datapath.
Please advise or redirect me to the right channel if this is not
the right place for this question. Below are the executed tc
commands:
tc qdisc add dev enp0s25 ingress
tc -g qdisc show dev enp0s25
qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms memory_limit 32Mb ecn
qdisc ingress ffff: parent ffff:fff1 ----------------
tc filter add dev enp0s25 protocol ip parent ffff: prio 1 flower
dst_ip 192.168.1.1/0.0.0.0 ip_proto tcp skip_hw action drop
tc filter show dev enp0s25 ingress
filter parent ffff: protocol ip pref 1 flower chain 0
filter parent ffff: protocol ip pref 1 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
skip_hw
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1
tc filter show dev enp0s25 egress (Shows duplicate flows as above)
filter parent ffff: protocol ip pref 1 flower chain 0
filter parent ffff: protocol ip pref 1 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
skip_hw
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1
Thanks
Satish
next reply other threads:[~2020-08-05 5:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-05 5:38 satish dhote [this message]
2020-08-05 16:45 ` Question about TC filter Jakub Kicinski
2020-08-05 18:28 ` satish dhote
2020-08-06 0:05 ` Cong Wang
2020-08-06 17:21 ` satish dhote
2020-08-06 18:35 ` Cong Wang
2020-08-17 12:08 ` satish dhote
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFbJv-4yACz4Zzj50JxeU-ovnKMQP_Lo-1tk2jRuOJEs0Up6MQ@mail.gmail.com \
--to=sdhote926@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.