thank you for your answer. That's how we do it currently, but we are developing a very cpu-intensive system and want to release the linux kernel from this processing. Hardware filters or Perfect filters running on the NIC are going to be used, but we would prefer one single negative ( ! ) filter to drop all packets not intended to be analyzed, rather than multiple filters to drop, for instance:
* udp and dst port 161 or 162...
* and so on
I'm starting to think that the filter we are searching for is not feasible at all (running on the NIC).
Thanks and best regards,
Since it seems to be impossible to be accomplished with one single filter rule, I'm trying to add as many filter rules as required. My first rule is for DNS requests (analyzed traffic is mainly DNS and this filter is supposed to filter out 40 to 50% from original traffic) and it runs fine. When I try to add a rule to filter out TCP traffic it fails as shown below:sudo ethtool --config-ntuple em50 flow-type udp4 dst-port 53 action -1
Added rule with ID 8189
sudo ethtool --config-ntuple em50 flow-type tcp4 action -1
rmgr: Cannot insert RX class rule: Invalid argument
If I change the order of the rules the same error is returned, but both rules work fine when applied alone. It's the same when I try to filter out any of the other protocols supported for flow-type.
I would greatly appreciate any suggestion on how to solve this issue.
Thank you very much and best regards,