From: Zi Hu <huzilucky@gmail.com>
To: dev@dpdk.org
Subject: [dpdk-dev] DPDK ACL bug? pkt matches the wrong ACL rule.
Date: Thu, 14 May 2015 17:27:27 -0700 [thread overview]
Message-ID: <CAOV85Hy2uZ07vBjV3HjB7fhAOv7G=vSCOXJizrJYGRf+E5u46w@mail.gmail.com> (raw)
Hi, there,
I recently noticed that sometimes packets are matched with the wrong ACL
rules when using the DPDK ACL library.
I tested it with the "testacl" under dpdk/build/app:
Here are my rule file and trace file:
cat test_data/rule1
@192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 52 6/0xff
@192.168.0.0/24 192.168.0.0/24 400 : 500 54 : 65280 6/0xff
@192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 65535 6/0xff
cat test_data/trace1
0xc0a80005 0xc0a80009 450 53 0x06
I run the test by:
sudo ./testacl -n 2 -c 4 -- --rulesf=./test_data/rule1
--tracef=./test_data/trace1
Result:
.....
acl context <TESTACL>@0x7f5b43effac0
socket_id=-1
alg=2
max_rules=65536
rule_size=96
num_rules=3
num_categories=3
num_tries=1
ipv4_5tuple: 1, category: 0, result: 1
search_ip5tuples_once(1, 256, sse) returns 1
search_ip5tuples @lcore 2: 1 iterations, 1 pkts, 1 categories, 21812
cycles, 21812.000000 cycles/pkt
The result shows that the packet matches the second rule, which is wrong.
The dest port of the pkt is 53, so it should match the third rule.
How possible could it match the second rule? Anyone see similar situation
before?
Another interesting I found is that if we make the dest port range to be
54 : 65279 in the second rule (only change 65280 to 65279, all other stuff
remains the same):
cat test_data/rule1
@192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 52 6/0xff
@192.168.0.0/24 192.168.0.0/24 400 : 500 54 : 65279 6/0xff
@192.168.0.0/24 192.168.0.0/24 400 : 500 0 : 65535 6/0xff
Then run the test again, the packet matches the third rule as expected.
This seems really weird to me. Anyone has an explanation for that?
thanks
-Zi
next reply other threads:[~2015-05-15 0:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-15 0:27 Zi Hu [this message]
2015-05-15 10:10 ` Ananyev, Konstantin
2015-05-20 14:28 Ananyev, Konstantin
2015-05-20 17:17 ` Zi Hu
[not found] ` <2601191342CEEE43887BDE71AB97725821430903@irsmsx105.ger.corp.intel.com>
2015-05-21 9:41 ` Ananyev, Konstantin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOV85Hy2uZ07vBjV3HjB7fhAOv7G=vSCOXJizrJYGRf+E5u46w@mail.gmail.com' \
--to=huzilucky@gmail.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).