I am trying to find out what are parameters used to calculate RSS hash when tunnelled RSS hash offloads are used, such as ETH_RSS_VXLAN or ETH_RSS_GENEVE. Target is to distribute the incoming VXLAN traffic based on VNI rather than outer IP or UDP port number in DPDK.
DPDK version: 20.11.1
NIC: Mellanox ConnectX-5, firmware version 16.30.1004
I have been testing out the different RSS hash using the inner IP fields to calculate the hash. Settings of setting done: RSS Setting inside the L3FWD application
[EDIT-1 based on comment conversation]
the NIC card I am using does not support the ETH_RSS_VXLAN or other tunnel RSS offloads, I am unable to test it.
I am not making use of RTE_FLOW since I am using sample l3fwd example application.
As per DPDK 20.11.1 and MLX5 PMD, enabling VXLAN based RSS via DPDK rte_dev_configure is not present. because the current PMD support MLX5_EXPANSION_OUTER_IPV4_UDP, MLX5_EXPANSION_OUTER_IPV6_UDP, MLX5_EXPANSION_VXLAN and MLX5_EXPANSION_VXLAN_GPE is for RTE_FLOW for encap and decap VxLAN for the switch. while DPDK rte_eth_dev_configure is generic API for all NIC.
So if the real intention is to distribute packets based on INNER IP, I highly recommend use RTE_FLOW, with flow match as OUTER-IP and UDP port numbers and action as RSS on INNER IP and port Number. But L3FWD application has to be modified for the same.
Other DPDK supported NICs also supports VNI (with varying degree);
NXP Qede
marvell thunderx
Intel FVL and CVL
on Intel FVL and CVL lookup can be done, followed by RSS distribution to specific queues. generic setup can be done via
for FVL identify NIC firmware which supports VXLAN from Intel site for your NIC.
using nvmupdate tool flash FVL with firmware and restart the machine.
Using DPDK application (example: testpmd) create 5 rxqueues
set flow rule as IF traffic is tunneled with VXLAN, then use action 1) RSS for inner IP on Q1 to Q4 action 2) Decap the Tunnel header.
refer sample test for more details.
note: I highly recommend opening DPDK vendor specific question, with details on the sample program, steps followed and issues faced.
Related
There is a private proxy server IPv4 and 1 port. It is possible to use HTTPS or SOCKS5. It will be used on multiple computers (configuration at the browser level, not a PC). DNS server shared (CloudFlare)
Since I am the owner of this proxy, I want to control and monitor it, namely to see:
the number of devices using it at the moment (online)
workload on proxy, traffic
What sites each computer runs
What of this is possible and with what tools? Is there a general solution (one tool) for all tasks?
Is VPS / VDS required for such purposes? If not, how is an addition than he can be useful?
From present:
Tinyproxy can generate static html file with you needs.
Artica Proxy has a web front end with statistics. Users and transit and sites.
From the past (not maintained):
squid: can generate static html file with your needs.
I have an Intel 82599ES 10G NIC which supports Intel SR-IOV. I have successfully created 8 virtual functions (VF) of it and assigned to 2 qemu/kvm VMs (2 VFs per each VM). Both of the VMs run DPDK applications (warp17 on one and my custom application on other) using assigned VFs. What I need to do is test my custom DPDK application by sending traffic through it using warp17. My test setup looks like this,
The red arrow represents the traffic path.
My Physical NIC (PF) use dpdk poll mode driver (igb_uio). What I need to do is route traffic between VFs as shown by the red arrows. I think https://doc.dpdk.org/guides/prog_guide/switch_representation.html has explained switching behavior but I cannot understand it. warp17 and my custom dpdk application both works perfectly on physical hardware. What I trying to do is virtualize my test setup to preserve resources. Has anyone tried to do such configuration?
neither X710 fortville and Ninatic 82599ES ASIC does not have internal Bridging or forwarding VERBor feature. The best option is to have software virtual switch like SPP, OVS-DPDK or custom application to forward packets via virtio or tap.
if you still want to use physical NIC or x710 or 82599ES you will need to have connection at other end and run the logic to direct packets to relevant VF (modifying dst mac).
Edit-1: (as per DPDK 20.11) VEB virtual ethernet Bridging is an option, but specific NIC firmware and driver is required to create VEB on PF then propagate to VF. Once done the NIC can not receive packets from the Outside world
although i have been using OpenSplice V5 for connecting my platform running on different nodes, now i upgraded OPensplice to V6.3 but i am getting failures on my platform as if no connection.
what i did is that i tried connecting the helloWorld windows version (one 32 bit and another 64 bit) together on the default hello world example but with no success.
do anyone can help solving this issue and advise what parameters must be fine tuned on the ospl.xml file for using network connectivity using unicast?
thx,
What I've seen before is that sometimes people use machines that have multiple interface-cards connected, in which case you have to explicitly configure the interface to use in the DDSI configuration (rather than the 'AUTO' default).
Furthermore, if you want to enforce unicast, you have to configure your unicast-peers in the DDSI discovery section of the config-file.
Note that DDSI also automatically switches between unicast and multicast depending on the number of discovered endpoints (i.e. it will use unicast in case only 1 endpoint is discovereed)
We have acquired a 4 channel GSM Gateway, model GoIPx4-G610 (the manual is titled "GoIP Series SIM Card for GSM Voice Gateway - GSM VOIP Gateway").
We are looking to develop a custom application to control the GOIP gateway. We have developed in the past custom applications that controlled simple GSM modems through AT commands for sending/receiving SMS messages in particular.
Although the gateway can be controlled through SIP we would like to control the GSM modems embedded in the gateway through AT commands if possible. This is because of the fine grained control AT commands offer and because we do not need VoIP features since we need only to send/receive SMS messages.
The gateway runs an unknown Linux instance to which we can connect through telnet. Unfortunately we do not have the credentials to authenticate to it. The gateway also has a web http administration interface to which we can authenticate but we can't find there settings/information related to channels that we can use for AT commands.
The documentation is very poor and the provider could not offer us any helpful information regarding this.
If anyone knows how we can send AT commands to the modems inside the gateway it is highly appreciated.
Up to now we have tried a brute force attack on the telnet interface to find the credentials with no success. We hope that once we can connect to the Linux instance driving the gateway we can connect from there to the modems through serial connections (to send AT commands) and we can reconfigure it to redirect the connections outside of the modem or to make an interface for sending commands to the modems.
The device has an update firmware option (through the web interface) which always gives the error "download failed". Downloaded the firmware (.pkg file) manually from their update pages and extracted the files from the embedded Linux distribution that should correspond to the ones placed on the gateway. The files were kept in the pkg file as an ROMFS compressed image which we mounted on a test station to see the files (probably the running OS on the gateway is an uClinux distribution).
Did this hoping that we can find there the /etc/passwd file which could be cracked with classic attack. However didn't found it and probably that file is placed on the gateway flash memory (contrary to the Linux files which are stored on the ROM memory). So if there is a way to erase / reset this flash memory that could be a solution (in case the gateway doesn't refuse to boot without those files). Another solution would be to be able to access the flash memory with the passwd file if there is such thing.
You might take the lid off and see what parts are inside.
If it's a general purpose processor with a published data sheet and without a lot of code security features, you might be in luck. For example, you might find:
By guessing headers or tracing from known pins, a console serial port, either logic level or RS232, hopefully with a shell listening
A boot mode pin for the micro connected to a resistor, which you could jumper to cause the micro to boot to a uart bootloader where you could download a new system image, or patch the existing one. If you are lucky the bootloader would be something known, like u-boot.
A JTAG port for the processor
A removable storage device which you could remove and alter
an SPI flash which you could carefully tap into and alter
A flash chip which you could desolder and transplant to a programmer
You could also make a GPL sources request for the kernel and whatever else from the vendor. Or even just trying to identify versions of things like a web server could help you look up any known exploits. Since it seems you have a similar system image to that which is installed, looking through it could be helpful - look for additional daemons running, listening on ports you weren't previously aware of, left over debug support, etc.
I am the developer of the GoIP you've purchased. Instead of trying to hack the GoIP, did you contact us to support your development of custom applications? Here are the updates of GoIP for you.
GoIP now supports SMPP. This could be an alternative to using AT commands to send and receive SMS.
API (Application Programming Interface) for GoIP is now available to support your custom application development.
If AT commands are still the preferred method, please contact us and I would be happy to discuss with you further.
Setup:
I have client C connecting to server S
Both C and S are on the same machine
In C the server address is hardcoded to 127.0.0.1. Likewise, in S the client address is hardcoded to 127.0.0.1
Problem:
I want to be able to sniff the traffic between the client and the server.
Due to the configuration, I cannot move the client nor the server to different locations (the address are hardcoded)
Installing the loopback interface and using tools like Wireshark+WinPcap doesn't lead anywhere (was actually already known but was worth a try)
RawCap, suggested in another topic, doesn't work. IP 127.0.0.1 is listed, but does not record any traffic.
Using rinetd to route the traffic elsewhere, as suggested here doesn't work (cannot bind on 127.0.0.1)
Not interested in using a HTTP local proxy, such as Fiddler, because I'd like to capture also other protocols
Two commercial tools work, specifically CommView and Local Network Monitor, which means it must be possible to do that ;)
How can I do to capture the traffic?
Any pointer on functions I should use or documentation I should read?
Thanks!
Basically you need to write a TDI filter driver to achieve that... for some pointers see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff563317%28v=VS.85%29.aspx
Another option is to write a WinSock LSP.
BEWARE
Since Windows 8 it is strongly encouraged to use WFP (Windows Filtering Platform) for this sort of thing...
Although it might be more cost-effective to just use/buy an existing solution - esp. if you are not a very experienced driver developer...
Use RawCap, which can solve your concerns, see this