From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B6285A0C52 for ; Wed, 24 Nov 2021 16:20:02 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 877B840E78; Wed, 24 Nov 2021 16:20:02 +0100 (CET) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by mails.dpdk.org (Postfix) with ESMTP id B8D6140040 for ; Wed, 24 Nov 2021 16:20:00 +0100 (CET) Received: by mail-lf1-f49.google.com with SMTP id f18so8171152lfv.6 for ; Wed, 24 Nov 2021 07:20:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kwOKvntMTSGpdMUPts20v53sGmuUHaYCPQdfXg5s9/0=; b=n6X1IXQgrW8f6uEexl7WuKBTGszbXuDF0WZE+bjpsQfy9BZzw6PJwrzlKO4sVwoU85 TDKyIXt0hJ6W+bmNv1s3+ak/Ti72T2Z2kzsf9JXunXhbG5VsUYxhtxML4ABB/L+ofMHv pP8INl2YMq8IbePepUcbzZ52ONiM0U8gfuEBGI4kmpqARLL1bMSJ2hUquGmvPGN5Hza3 F1nqMYRWDdUqbiun3UdokaRw/L8fescuO+1k4ybm2PtuwSoH/UmgJ3cTe029QkZTFB6s m5txGKs9yl3oV1VgJlv1i1znKZKOCSzFNDNMhiWGYDdw7HgeDDkbgbYzDxyeQlxP7UYx i/mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kwOKvntMTSGpdMUPts20v53sGmuUHaYCPQdfXg5s9/0=; b=7iJmJ+XOnZanz0kpITjdEwcj1Q4xF2IE8hkFioJ7UR3faAFv2/h4XT5JTN+TXxl0/d GvFqY1uMOdfupKBuy3cMM/sStsR5jKa6qW8LLTCjlHifq6bwsIl9iLjYeHFpUEkvxVaG Xn/HMiMKpuTWit3QLcO2jF7oFTt50lAEruBDu5BV13eViMS6NdKSxs3Ituk6FmBl3MFM 9yM/b7Q3MyJURuVr7OIHc8lkjRIbObBoAvY8USO1MjfYsjYKAln2DS+o8h0X8vidf3un Yu9F4ZchqMsqHABaHbz5rVUEBhM8hWXrA1e7RGx5rlUJMqYnxQmFq+mo3eunbO3qkWFj Eozg== X-Gm-Message-State: AOAM530WyiDjk5s7AmjJtwBjJuTWSoUJ/UAsWZCLDEUn/wHjh2PopZIS ETiDymL80Igb1lE6jtNJFHA= X-Google-Smtp-Source: ABdhPJxybJP6xW2ehH9RE+iMQwf2OTciSC/7yhfeZD5BaxeTn4+DyxszUNG8ifLVGDw/6UpFy2sE6A== X-Received: by 2002:a05:6512:3d10:: with SMTP id d16mr15310138lfv.78.1637767200020; Wed, 24 Nov 2021 07:20:00 -0800 (PST) Received: from sovereign (broadband-37-110-65-23.ip.moscow.rt.ru. [37.110.65.23]) by smtp.gmail.com with ESMTPSA id u2sm11233lfi.108.2021.11.24.07.19.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Nov 2021 07:19:59 -0800 (PST) Date: Wed, 24 Nov 2021 18:19:58 +0300 From: Dmitry Kozlyuk To: Steffen Weise , =?UTF-8?B?0JTQvNC40YLRgNC4?= =?UTF-8?B?0Lkg0KHRgtC10L/QsNC90L7Qsg==?= Cc: users@dpdk.org Subject: Re: Find all matches with DPDK ACL Message-ID: <20211124181958.212f1179@sovereign> In-Reply-To: References: X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org 2021-11-24 11:06 (UTC+0100), Steffen Weise: > > Hi folks! > > > > I'm using DPDK's ACL library to classify incoming packets by IPv4 5 tuple > > match (src address, dst address, src port, dst port, protocol). Right now > > it is possible to find only the best match based on the rule's priority. > > Is there any way (maybe a custom patch for the ACL library exists?) to > > find all matches in a single request? Decreased performance and even some > > false-positive matches are acceptable. > > It could be a big number of matches so using categories is not an option. > > > > Thanks, > > Dmitriy Stepanov > > > > Hi, > > I have the very same question. Such a mechanism would help me in my > applications. Currently I go for lookup on multiple separate tables. > > Cheers, > Steffen Weise Hi, I wonder what is the original problem you're solving. A set of IPv4 5-tuple rules can be viewed as a set of regular expressions: ACL: src 1.1.1.0/24 dst 2.2.2.2/32 sport any dport 0x0035 proto tcp Regex: ^\x01\x01\x01.\x02\x02\x02\x02..\x00\x35\x06$ Here, "." stands for "any byte". For masks/ranges not aligned on 8 bits regex ranges can be used, e.g.: ACL: sport 100-200 # this one is easy, just one byte varies Regex: \x00[\x64-\xC8] ACL: sport 200-300 # this one is hard, needs an algorithm to transform # 200-300 => 200-255,256-300 => 0xC8-0xFF,0x0100-0x012C Regex: (?:\x00[\xC8-xFF]|\x01[\x00-\x2C]) ACL: src 192.0.2.64/26 # this one is easy, there are also hard examples like above Regex: \xC0\x00\x02[\x40-\x7F] IIUC, you need all matching expressions for every packet, which is represented as a 4+4+2+2+1 byte "string". This is exactly what Hyperscan library does, for example: http://intel.github.io/hyperscan/dev-reference/runtime.html There is now regexdev in DPDK, take a look at it, maybe it will suit your needs and HW.