I pointed where the error is occurring on the code below :

#include "../include/flow.h"

#include <stdio.h>

#include <string.h>

int flow_filtering(uint16_t port_id, uint32_t ip_addr, uint16_t udp_port) {

struct rte_flow_error error;

struct rte_flow_attr attr = { .ingress = 1, .priority = 0 };

struct rte_flow_item pattern[4];

struct rte_flow_action action[2];

struct rte_flow *flow;

// Définir le motif Ethernet

memset(pattern, 0, sizeof(pattern));

pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;

// Définir le motif IPv4

struct rte_flow_item_ipv4 ipv4_spec = { .hdr.dst_addr = RTE_BE32(ip_addr) };

struct rte_flow_item_ipv4 ipv4_mask = { .hdr.dst_addr = RTE_BE32(0xFFFFFFFF) };

pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4;

pattern[1].spec = &ipv4_spec;

pattern[1].mask = &ipv4_mask;

// Définir le motif UDP

struct rte_flow_item_udp udp_spec = { .hdr.dst_port = RTE_BE16(udp_port) };

struct rte_flow_item_udp udp_mask = { .hdr.dst_port = RTE_BE16(0xFFFF) };

pattern[2].type = RTE_FLOW_ITEM_TYPE_UDP;

pattern[2].spec = &udp_spec;

pattern[2].mask = &udp_mask;

// Terminer le motif

pattern[3].type = RTE_FLOW_ITEM_TYPE_END;

// Définir l'action

action[0].type = RTE_FLOW_ACTION_TYPE_QUEUE;

struct rte_flow_action_queue queue_action = { .index = 0 };

action[0].conf = &queue_action;

action[1].type = RTE_FLOW_ACTION_TYPE_END;

// Créer la règle de flux

flow = rte_flow_create(port_id, &attr, pattern, action, &error);

if (!flow) {

printf("Erreur lors de la création de la règle de flux : %s\n", error.message);

return -1;

}

printf("Règle de flux créée avec succès pour IP %u.%u.%u.%u et port UDP %u\n",

(ip_addr >> 24) & 0xFF, (ip_addr >> 16) & 0xFF,

(ip_addr >> 8) & 0xFF, ip_addr & 0xFF, udp_port);

return 0;

}

int create_drop_all_rule(uint16_t port_id) {

struct rte_flow_attr attr = { .ingress = 1, .priority = 1};

struct rte_flow_item pattern[2];

struct rte_flow_action actions[2];

struct rte_flow *flow;

struct rte_flow_error error;

pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;

pattern[1].type = RTE_FLOW_ITEM_TYPE_END;

actions[0].type = RTE_FLOW_ACTION_TYPE_DROP;

actions[1].type = RTE_FLOW_ACTION_TYPE_END;

if (!rte_flow_validate(port_id, &attr, pattern, actions, &error)){

flow = rte_flow_create(port_id, &attr, pattern, actions, &error);

}

if (flow != 0) { // Its happening Here <--- !!! --->

printf("Erreur création règle DROP: %s (Type: %d, Cause: %p)\n",

error.message, error.type, error.cause);

return -1;

}

printf("Default drop rule created successfully.\n");

return 0;

}

Here is what it returns :

EAL: Detected CPU lcores: 6
EAL: Detected NUMA nodes: 1
EAL: Detected shared linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'VA'
EAL: VFIO support initialized
EAL: Using IOMMU type 1 (Type 1)
Port 0 initialisé avec succès
Capacités de la NIC (port 0):
- Groupes supportés : 232756
- Actions supportées : 9a69f
Règle de flux créée avec succès pour IP 10.81.16.111 et port UDP 1234
Erreur création règle DROP: Not supported action. (Type: 16, Cause: 0x7ffe87ef63e0)
EAL: Error - exiting with code: 1
Erreur création règle drop-all

Le lun. 3 févr. 2025 à 16:00, Dmitry Kozlyuk <dmitry.kozliuk@gmail.com> a écrit :

2025-02-03 14:51 (UTC+0100), Sid ali cherrati:
> [...]
> if (!rte_flow_validate(port_id, &attr, pattern, actions, &error)){
> flow = rte_flow_create(port_id, &attr, pattern, actions, &error);
> }
>
> if(flow != 0){
> printf("Filed to create drop flow filter \n");
> return -1;
> }
> [...]
> The issue is that when I implement this, I get an error on the drop filter:
> "Failed to create rule." Do you have any idea why this might be happening?

There is no this exact error text in your code or DPDK,
I assume we're talking about the quoted fragment.
`flow` is a pointer, the correct error condition is `if (flow == NULL)`,
so your code probably misinterprets success as error.
Also `flow` is not assigned if `rte_flow_validate()` returns non-0.