[dpdk-dev] DPDK ACL bug? pkt matches the wrong ACL rule.
Ananyev, Konstantin
konstantin.ananyev at intel.com
Fri May 15 12:10:34 CEST 2015
Hi Zi,
> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Zi Hu
> Sent: Friday, May 15, 2015 1:27 AM
> To: dev at dpdk.org
> Subject: [dpdk-dev] DPDK ACL bug? pkt matches the wrong ACL rule.
>
> Hi, there,
>
> I recently noticed that sometimes packets are matched with the wrong ACL
> rules when using the DPDK ACL library.
>
> I tested it with the "testacl" under dpdk/build/app:
> Here are my rule file and trace file:
> cat test_data/rule1
> @192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 52 6/0xff
> @192.168.0.0/24 192.168.0.0/24 400 : 500 54 : 65280 6/0xff
> @192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 65535 6/0xff
>
> cat test_data/trace1
> 0xc0a80005 0xc0a80009 450 53 0x06
>
> I run the test by:
> sudo ./testacl -n 2 -c 4 -- --rulesf=./test_data/rule1
> --tracef=./test_data/trace1
>
> Result:
> .....
> acl context <TESTACL>@0x7f5b43effac0
> socket_id=-1
> alg=2
> max_rules=65536
> rule_size=96
> num_rules=3
> num_categories=3
> num_tries=1
> ipv4_5tuple: 1, category: 0, result: 1
> search_ip5tuples_once(1, 256, sse) returns 1
> search_ip5tuples @lcore 2: 1 iterations, 1 pkts, 1 categories, 21812
> cycles, 21812.000000 cycles/pkt
>
>
> The result shows that the packet matches the second rule, which is wrong.
> The dest port of the pkt is 53, so it should match the third rule.
> How possible could it match the second rule? Anyone see similar situation
> before?
>
> Another interesting I found is that if we make the dest port range to be
> 54 : 65279 in the second rule (only change 65280 to 65279, all other stuff
> remains the same):
>
> cat test_data/rule1
> @192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 52 6/0xff
> @192.168.0.0/24 192.168.0.0/24 400 : 500 54 : 65279 6/0xff
> @192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 65535 6/0xff
>
> Then run the test again, the packet matches the third rule as expected.
>
>
> This seems really weird to me. Anyone has an explanation for that?
Indeed, that looks like a bug.
Will have a look.
Konstantin
>
> thanks
> -Zi
More information about the dev
mailing list