Hide Forgot
Description of problem: There are some inconsistencies in how xdp-filter handles addition/removal of the different objects it can filter on How reproducible: Always Steps to Reproduce: [root@netqe2 ~]# xdp-filter port -p tcp,udp -m src,dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p tcp -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p tcp -m dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p udp -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,tcp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p udp -m dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -m src -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p tcp,udp -m src,dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -m dst -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# Actual results: remove all the rules Expected results: only remove the expected rules
file this bug for tracking unresolved known issue of xdp-tools, details: https://bugzilla.redhat.com/show_bug.cgi?id=1820670, comment23
Upstream bug: https://github.com/xdp-project/xdp-tools/issues/52
Hi Toke, Any plan for when will this bz be fixed? I'm planning set ITR to 8.4.0 and need info to set the ITM field.
Scratch build what should fix this available here: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=34045153 Will turn it into a proper build as soon as I figure out how to get a new branch created in dist-git...
Test looks good: [root@netqe30 ~]# xdp-filter load ens1f0 [root@netqe30 ~]# ls NETBOOT_METHOD.TXT RECIPE.TXT anaconda-ks.cfg original-ks.cfg [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -p tcp,udp -m src,dst 54321 [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -p tcp -r 54321 [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 src,dst,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -p tcp -m dst 54321 [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -p udp -r 54321 [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 src,dst,tcp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -p udp -m dst 54321 [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -m src -r 54321 [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -p tcp,udp -m src,dst 54321 [root@netqe30 ~]# xdp-filter port -m dst -r 54321^C [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]# xdp-filter port -m dst -r 54321 [root@netqe30 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_ABORTED 0 pkts 0 KiB XDP_DROP 0 pkts 0 KiB XDP_PASS 0 pkts 0 KiB Loaded on interfaces: Enabled features xdpfilt_alw_all ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow Filtered ports: Mode Hit counter 54321 src,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe30 ~]#
Base on Comment10 set this to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (xdp-tools bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:1925