xdp-project
xdp-filter deny tcp,udp actually applies deny all
Trying to deny tcp,udp only but it enables all deny instead:
xdp-filter load enp4s0 -p deny -f tcp,udp
xdpfilt_dny_all
enp4s0 (native mode) tcp,udp,ipv6,ipv4,ethernet,deny
Debian 11, kernel 5.10.103-1 Intel Corporation I210 Gigabit Network Connection (igb kernel module)
It's true we don't have a feature combination for only matching TCP and UDP traffic. Even if we did, it wouldn't do what you're after, though: skipping features is only a performance optimisation (by doing fewer match lookups), and a miss is still a miss (so in deny mode that's a 'deny'). I.e., the absence of a feature doesn't mean that packets of that type will be allowed through a deny-only filter.
darkblaze69 @.***> writes:
Trying to deny tcp,udp only but it enables all deny instead:
xdp-filter load enp4s0 -p deny -f tcp,udp
It's true we don't have a feature combination for only matching TCP and UDP traffic. Even if we did, it wouldn't do what you're after, though: skipping features is only a performance optimisation (by doing fewer match lookups), and a miss is still a miss (so in deny mode that's a 'deny'). I.e., the absence of a feature doesn't mean that packets of that type will be allowed through a deny-only filter.