Bug 1880280
| Summary: | xdp-filter: Consistency of add/remove options | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Zhiqian Guan <zhguan> |
| Component: | xdp-tools | Assignee: | Toke Høiland-Jørgensen <thoiland> |
| Status: | CLOSED ERRATA | QA Contact: | Zhiqian Guan <zhguan> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | zhguan |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.4 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 16:09:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1680409 | ||
file this bug for tracking unresolved known issue of xdp-tools, details: https://bugzilla.redhat.com/show_bug.cgi?id=1820670, comment23 Upstream bug: https://github.com/xdp-project/xdp-tools/issues/52 Hi Toke, Any plan for when will this bz be fixed? I'm planning set ITR to 8.4.0 and need info to set the ITM field. Scratch build what should fix this available here: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=34045153 Will turn it into a proper build as soon as I figure out how to get a new branch created in dist-git... Test looks good:
[root@netqe30 ~]# xdp-filter load ens1f0
[root@netqe30 ~]# ls
NETBOOT_METHOD.TXT RECIPE.TXT anaconda-ks.cfg original-ks.cfg
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -p tcp,udp -m src,dst 54321
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 src,dst,tcp,udp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -p tcp -r 54321
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 src,dst,udp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -p tcp -m dst 54321
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 src,dst,tcp,udp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -p udp -r 54321
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 src,dst,tcp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -p udp -m dst 54321
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 src,dst,tcp,udp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -m src -r 54321
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 dst,tcp,udp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -p tcp,udp -m src,dst 54321
[root@netqe30 ~]# xdp-filter port -m dst -r 54321^C
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 src,dst,tcp,udp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]# xdp-filter port -m dst -r 54321
[root@netqe30 ~]# xdp-filter status
CURRENT XDP-FILTER STATUS:
Aggregate per-action statistics:
XDP_ABORTED 0 pkts 0 KiB
XDP_DROP 0 pkts 0 KiB
XDP_PASS 0 pkts 0 KiB
Loaded on interfaces:
Enabled features
xdpfilt_alw_all
ens1f0 (native mode) tcp,udp,ipv6,ipv4,ethernet,allow
Filtered ports:
Mode Hit counter
54321 src,tcp,udp 0
Filtered IP addresses:
Mode Hit counter
Filtered MAC addresses:
Mode Hit counter
[root@netqe30 ~]#
Base on Comment10 set this to VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (xdp-tools bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:1925 |
Description of problem: There are some inconsistencies in how xdp-filter handles addition/removal of the different objects it can filter on How reproducible: Always Steps to Reproduce: [root@netqe2 ~]# xdp-filter port -p tcp,udp -m src,dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p tcp -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p tcp -m dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p udp -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,tcp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p udp -m dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -m src -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -p tcp,udp -m src,dst 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter 54321 src,dst,tcp,udp 0 Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# xdp-filter port -m dst -r 54321 [root@netqe2 ~]# xdp-filter status CURRENT XDP-FILTER STATUS: Aggregate per-action statistics: XDP_DROP 461 pkts 30 KiB XDP_PASS 3571195 pkts 5279647 KiB Loaded on interfaces: Enabled features xdpfilt_blk_all enp68s0f0 (skb mode) tcp,udp,ipv6,ipv4,ethernet,blacklist Filtered ports: Mode Hit counter Filtered IP addresses: Mode Hit counter Filtered MAC addresses: Mode Hit counter [root@netqe2 ~]# Actual results: remove all the rules Expected results: only remove the expected rules