Linux bridge and af-packet wont drop on rule

Help
, ,
8

I re-did my box with CachyOS (shout out to them) and using a guide found here: SEPTun/SEPTun.rst at master · pevma/SEPTun · GitHub

I am using AF-Packet in inline ips mode with 0 rules loaded and I receive:

DOWN: 5.073 Gbps UP: 4.986 Gbps
Specs of box:

  • AMD 3400G (4 Core / 8 Threads, cost < $150)
  • X520 INTEL
  • 64GB RAM

Only changes to config:

af-packet:
  - interface: default
    threads: auto
    cluster-type: cluster_flow
    defrag: yes
    use-mmap: yes
    tpacket-v3: no
    ring-size: 400000
    block-size: 393216
    copy-mode: ips

  - interface: enp1s0f0
    cluster-id: 99
    copy-iface: enp1s0f1

  - interface: enp1s0f1
    cluster-id: 98
    copy-iface: enp1s0f0

threading:
  set-cpu-affinity: yes

I also created this service to run when my system first starts:

[Unit]
Description=Disable NIC Offloads
Before=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/ethtool -K enp1s0f0 tso off
ExecStart=/usr/sbin/ethtool -K enp1s0f0 gso off
ExecStart=/usr/sbin/ethtool -K enp1s0f0 lro off
ExecStart=/usr/sbin/ethtool -K enp1s0f0 gro off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 tso off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 gso off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 lro off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 gro off

ExecStart=/usr/sbin/ethtool -K enp1s0f0 txvlan off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 txvlan off

ExecStart=/usr/sbin/ethtool -K enp1s0f0 rxvlan off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 rxvlan off

ExecStart=/usr/sbin/ethtool -K enp1s0f0 sg off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 sg off

ExecStart=/usr/sbin/ethtool -K enp1s0f0 ntuple off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 ntuple off

ExecStart=/usr/sbin/ethtool -K enp1s0f0 rxhash off
ExecStart=/usr/sbin/ethtool -K enp1s0f1 rxhash off

ExecStart=/usr/sbin/ethtool -L enp1s0f1 combined 1
ExecStart=/usr/sbin/ethtool -L enp1s0f0 combined 1

ExecStart=/usr/sbin/ethtool -G enp1s0f0 rx 512
ExecStart=/usr/sbin/ethtool -G enp1s0f1 rx 512

ExecStart=/usr/sbin/ethtool -A enp1s0f0 rx off tx off
ExecStart=/usr/sbin/ethtool -A enp1s0f1 rx off tx off

ExecStart=/usr/sbin/ethtool -C enp1s0f0 rx-usecs 100
ExecStart=/usr/sbin/ethtool -C enp1s0f1 rx-usecs 100

ExecStart=/sbin/ip link set enp1s0f0 promisc off arp off up
ExecStart=/sbin/ip link set enp1s0f1 promisc off arp off up

[Install]
WantedBy=multi-user.target

5G/5G would pass my acceptance criteria. I am now going to add some rules to see what happens once they are enabled.