[dpdk-dev] ACL: BUG: rte_acl_classify_scalar mismatch when use a special rule
童进
tongjinam at qq.com
Wed Jul 27 12:34:04 CEST 2016
define a rule as following:
struct acl_ipv4_rule acl_rule[] = {
{
.data = {.userdata = 103, .category_mask = 1, .priority = 1},
/* proto */
.field[0] = {.value.u8 = 0, .mask_range.u8 = 0x0,},
/* source IPv4 */
.field[1] = {.value.u32 = IPv4(0, 0, 0, 0), .mask_range.u32 = 0,},
/* destination IPv4 */
.field[2] = {.value.u32 = IPv4(192, 168, 2, 4), .mask_range.u32 = 32,},
/* source port */
.field[3] = {.value.u16 = 0, .mask_range.u16 = 0xffff,},
/* destination port */
.field[4] = {.value.u16 = 1024, .mask_range.u16 = 0xffff,},
},
};
build a pkt like this:
pv4_hdr->next_proto_id = 6;
ipv4_hdr->src_addr = rte_cpu_to_be_32(IPv4(10, 18, 2, 3));
ipv4_hdr->dst_addr = rte_cpu_to_be_32(IPv4(192, 168, 2, 4));
port = (uint16_t*)((unsigned char*)ipv4_hdr + sizeof(struct ipv4_hdr));
port[0] = rte_cpu_to_be_16(3333);
port[1] = rte_cpu_to_be_16(4608);
rte_acl_classify_scalar will mismatch this packet!
i readed rte_acl_classify_scalar function, and found the reason:
while (flows.started > 0) {
input0 = GET_NEXT_4BYTES(parms, 0);
input1 = GET_NEXT_4BYTES(parms, 1);
for (n = 0; n < 4; n++) {
transition0 = scalar_transition(flows.trans,
transition0, (uint8_t)input0);
input0 >>= CHAR_BIT;
transition1 = scalar_transition(flows.trans,
transition1, (uint8_t)input1);
input1 >>= CHAR_BIT;
}
while ((transition0 | transition1) & RTE_ACL_NODE_MATCH) {
transition0 = acl_match_check(transition0,
0, ctx, parms, &flows, resolve_priority_scalar);
transition1 = acl_match_check(transition1,
1, ctx, parms, &flows, resolve_priority_scalar);
}
}
everytime, scalar get 4bytes to transition, and usually it work well, but if we set a acl rule as prior, mismatch will appear.
this is because field[3] is a 100% wild node, so it was removed as a deactivated field.
in this situation, when rte_acl_classify_scalar runs, proto/sip/dip match ok, and then it skip sport because it was removed.
now input0 is a int value(4 bytes) started form dport.
it will get a match-node after 2 bytes match(dport is a short value), but cycle stoped untill n = 4, finally it translated to another node which is not a match-node, the mismatch happened.
i'm not sure search_sse_8/search_sse_4/search_avx2x16 is Ok.
how to fix it?
i think set GET_NEXT_4BYTES to GET_NEXT_BYTE will solve this problem, but it will influence performance.
another way, don't use acl_rule_stats to remove deactivated field, but code will change a lot.
More information about the dev
mailing list