How does flow classify example in DPDK works?

0
votes

I want to test the flow classify example in DPDK 20.08 and I'm trying to modify the given ACL rules file to match all the TCP packets.

#file format:
#src_ip/masklen dst_ip/masklen src_port : mask dst_port : mask proto/mask priority
#
2.2.2.3/24 2.2.2.7/24 32 : 0xffff 33 : 0xffff 17/0xff 0
9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 17/0xff 1
9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 6/0xff 2
9.9.8.3/24 9.9.8.7/24 32 : 0xffff 33 : 0xffff 6/0xff 3
6.7.8.9/24 2.3.4.5/24 32 : 0x0000 33 : 0x0000 132/0xff 4
6.7.8.9/32 192.168.0.36/32 10 : 0xffff 11 : 0xffff 6/0xfe 5
6.7.8.9/24 192.168.0.36/24 10 : 0xffff 11 : 0xffff 6/0xfe 6
6.7.8.9/16 192.168.0.36/16 10 : 0xffff 11 : 0xffff 6/0xfe 7
6.7.8.9/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 8
#error rules
#9.8.7.6/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 9

Should I add 0.0.0.0/0 0.0.0.0/0 0 : 0x0000 0 : 0x0000 6/0xff 0 rule? I tried but there is still no packets matching.

ps: This is the file I'm using.

#file format:
#src_ip/masklen dst_ip/masklen src_port : mask dst_port : mask proto/mask priority
#
2.2.2.3/24 2.2.2.7/24 32 : 0xffff 33 : 0xffff 17/0xff 0
9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 17/0xff 1
9.9.9.3/24 9.9.9.7/24 32 : 0xffff 33 : 0xffff 6/0xff 2
9.9.8.3/24 9.9.8.7/24 32 : 0xffff 33 : 0xffff 6/0xff 3
6.7.8.9/24 2.3.4.5/24 32 : 0x0000 33 : 0x0000 132/0xff 4
6.7.8.9/32 192.168.0.36/32 10 : 0xffff 11 : 0xffff 6/0xfe 5
6.7.8.9/24 192.168.0.36/24 10 : 0xffff 11 : 0xffff 6/0xfe 6
6.7.8.9/16 192.168.0.36/16 10 : 0xffff 11 : 0xffff 6/0xfe 7
#6.7.8.9/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 8
0.0.0.0/0 0.0.0.0/0 0 : 0x0000 0 : 0x0000 6/0xff 8
#error rules
#9.8.7.6/8 192.168.0.36/8 10 : 0xffff 11 : 0xffff 6/0xfe 9

I ran again, and it goes like:

rule [0] query failed ret [-22]

rule [1] query failed ret [-22]

rule [2] query failed ret [-22]

rule [3] query failed ret [-22]

rule [4] query failed ret [-22]

rule [5] query failed ret [-22]

rule [6] query failed ret [-22]

rule [7] query failed ret [-22]

rule[8] count=2
proto = 6
Segmentation fault

I don't know what is causing the Segmentation fault. The command is sudo ./build/flow_classify -l 101 --log-level=pmd,8 -- --rule_ipv4="./ipv4_rules_file_pass.txt" > ~/flow_classify_log and I didn't change the source code.

I'm using a two port 82599 NIC. I'm putting the log file down below which contains the output before it shows Segmentation fault

flow_classify log

Sometimes it can process normally in the first iteration, and sometimes it can't.

update 1-3: I modified the code to stop the packet forwarding and free every single packet received to check if it is the forwarding procedure that is causing the problem.

in main function:

/* if (nb_ports < 2 || (nb_ports & 1))
        rte_exit(EXIT_FAILURE, "Error: number of ports must be even\n"); */
    if (nb_ports < 1)
        rte_exit(EXIT_FAILURE, "Error: no port avaliable\n");

in lcore_main function:

//in lcore_main function
/* Send burst of TX packets, to second port of pair. */
/* const uint16_t nb_tx = rte_eth_tx_burst(port ^ 1, 0,
        bufs, nb_rx); */
const uint16_t nb_tx = 0;
/* Free any unsent packets. */
if (unlikely(nb_tx < nb_rx)) {
    uint16_t buf;

    for (buf = nb_tx; buf < nb_rx; buf++)
        rte_pktmbuf_free(bufs[buf]);
}

And this is the new log, but I don't think there is any difference. I'm using only one of the two ports on a single 82599ES NIC. Maybe it's the false classification rule I added that is causing the problem, because it ran okay with the default rule settings.

1
dpdk
what is output on the console when you get no matching packets? is it either rule query failed ret or rule count? Please share the logs - Vipin Varghese
I added the rules and logs in the question. - UnderCover
as per the rules file 11 rules, of which rule index 7 is deleted by example code. The priority of generic rule is set as 8 same as the previous rule. can you please dump the packet contents with rte_pktmbuf_dump to identify the ipv4 5 tuples - Vipin Varghese
Thank you very much, I'll modify the description later with packet contents. I'm using real network traffic rather than packet generator to test the flow classification lib, so I want to set a generic rule to test if it can work properly, which is that all the packets can match. And the rules starts with # should've been bypassed, so I think there are 9 rules in the modified rule file. - UnderCover
as per the logs there are 8 rules which are not matched. there is 1 matced rule (in the new result) followed up with segmentation fault. Since DPDK logs are missing it is hard to tell what is going wrong. It looks like you have issue in number of DPDK ports. Please share the lcommand line and logs by running with option --log-level=pmd,8 - Vipin Varghese

1 Answers

0
votes

Flow classify requires

  1. minimum of 2 ports, always even ports.
  2. Flow entries has to be populated in the valid format.

Entry in rules:

2.2.2.3/0 2.2.2.7/0 32 : 0xffff 33 : 0xffff 17/0xff 0
2.2.2.3/0 2.2.2.7/0 32 : 0x0 33 : 0x0 6/0xff 1

Packet send: ipv4-TCP

Log from flow-classify:

rule [0] query failed ret [-22] -- UDP lookup failed

rule[1] count=32 -- TCP lookup success
proto = 6
  • Virtual NIC: ./build/flow_classify -c 8 --no-pci --vdev=net_tap0 --vdev=net_tap1 -- --rule_ipv4="ipv4_rules_file.txt"
  • Physical NIC: ./build/flow_classify -c 8 -- --rule_ipv4="ipv4_rules_file.txt"

Hence issue faced at your end is because

  1. incorrect configuration
  2. were only using 1 port