From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by dpdk.org (Postfix, from userid 33) id 99BA01B445; Mon, 6 Aug 2018 20:11:51 +0200 (CEST) From: bugzilla@dpdk.org To: dev@dpdk.org Date: Mon, 06 Aug 2018 18:11:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: other X-Bugzilla-Version: 18.05 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: t-pehous@microsoft.com X-Bugzilla-Status: CONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 Subject: [dpdk-dev] [Bug 79] ACL doesn't match a rule with a first `TYPE_MASK` field with low mask when there's a large number of rules X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2018 18:11:51 -0000 https://bugs.dpdk.org/show_bug.cgi?id=3D79 Bug ID: 79 Summary: ACL doesn't match a rule with a first `TYPE_MASK` field with low mask when there's a large number of rules Product: DPDK Version: 18.05 Hardware: All OS: Linux Status: CONFIRMED Severity: normal Priority: Normal Component: other Assignee: dev@dpdk.org Reporter: t-pehous@microsoft.com Target Milestone: --- ACL doesn't match a rule with `TYPE_MASK` field that has low mask when ther= e's a large number of rules ACL doesn't match a catch-all rule (0 bit mask for 'TYPE_MASK', max ranges = for 'TYPE_RANGE') when there's a large number (~1000) of other rules. The lower= the mask lenght is for the rule's first `TYPE_MASK` field, the smaller the over= all number of rules must be for the matching to work reliably.=20 Specifically I created a small benchmark app based on the fwdl3-acl sample = that generates random ipv4 rules and relevant ipv4 packet data and then matches = the packets to the rules. In addition to random rules it also adds a catch-all = rule in the end with a prioroty 0 that should always match. When there's a large number of generated rules, however, it doesn't and some packets end up not being matched by any rules. The catch-all rule works great with the exception of source ipv4 address ma= sk. When the mask is lower than 6 and overall number of rules (i.e. the random ones) is around 10 000, the (catch-almost-all) rule doesn't match all packe= ts it should. When the mask is lower than 4, the max number for the matching to work reliably is around 800. When the mask is zero -> i.e. when it's truly a catch-all rule it works reliably with only tens of other rules. No other fields of the rule seem to have an impact, nor have I seen an inst= ance when a rule would match data it shouldn't've. The linked code shows rule definition, rule generation, and packet generati= on. For simplicity it's a modified version that only creates one packet that sh= ould _always_ be matched by the catch_all rule no matter what it's mask is. It, however, is not as also linked logs show. CODE: https://gist.github.com/petrroll/5a462d65253b18b5e78c2c7efba2cb8c --=20 You are receiving this mail because: You are the assignee for the bug.=