Hi,
>
> define a rule as following:
>
> struct acl_ipv4_rule acl_rule[] = {
> {
> .data = {.userdata = 103, .category_mask = 1, .priority = 1},
> /* proto */
> .field[0] = {.value.u8 = 0, .mask_range.u8 = 0x0,},
> /* source IPv4 */
> .field[1] = {.value.u32 = IPv4(0, 0, 0, 0), .mask_range.u32 = 0,},
> /* destination IPv4 */
> .field[2] = {.value.u32 = IPv4(192, 168, 2, 4), .mask_range.u32 =
> 32,},
> /* source port */
> .field[3] = {.value.u16 = 0, .mask_range.u16 = 0xffff,},
> /* destination port */
> .field[4] = {.value.u16 = 1024, .mask_range.u16 = 0xffff,},
> },
> };
>
> build a pkt like this:
>
> pv4_hdr->next_proto_id = 6;
> ipv4_hdr->src_addr = rte_cpu_to_be_32(IPv4(10, 18, 2, 3));
> ipv4_hdr->dst_addr = rte_cpu_to_be_32(IPv4(192, 168, 2, 4));
> port = (uint16_t*)((unsigned char*)ipv4_hdr + sizeof(struct ipv4_hdr));
> port[0] = rte_cpu_to_be_16(3333);
> port[1] = rte_cpu_to_be_16(4608);
>
> rte_acl_classify_scalar will mismatch this packet!
>
> i readed rte_acl_classify_scalar function, and found the reason:
>
> while (flows.started > 0) {
>
> input0 = GET_NEXT_4BYTES(parms, 0);
> input1 = GET_NEXT_4BYTES(parms, 1);
>
> for (n = 0; n < 4; n++) {
>
> transition0 = scalar_transition(flows.trans,
> transition0, (uint8_t)input0);
> input0 >>= CHAR_BIT;
>
> transition1 = scalar_transition(flows.trans,
> transition1, (uint8_t)input1);
> input1 >>= CHAR_BIT;
> }
>
> while ((transition0 | transition1) & RTE_ACL_NODE_MATCH) {
> transition0 = acl_match_check(transition0,
> 0, ctx, parms, &flows, resolve_priority_scalar);
> transition1 = acl_match_check(transition1,
> 1, ctx, parms, &flows, resolve_priority_scalar);
> }
> }
>
> everytime, scalar get 4bytes to transition, and usually it work well, but if
> we set a acl rule as prior, mismatch will appear.
> this is because field[3] is a 100% wild node, so it was removed as a
> deactivated field.
>
> in this situation, when rte_acl_classify_scalar runs, proto/sip/dip match ok,
> and then it skip sport because it was removed.
> now input0 is a int value(4 bytes) started form dport.
> it will get a match-node after 2 bytes match(dport is a short value), but
> cycle stoped untill n = 4, finally it translated to another node which is
> not a match-node, the mismatch happened.
>
> i'm not sure search_sse_8/search_sse_4/search_avx2x16 is Ok.
>
> how to fix it?
> i think set GET_NEXT_4BYTES to GET_NEXT_BYTE will solve this problem, but it
> will influence performance.
> another way, don't use acl_rule_stats to remove deactivated field, but code
> will change a lot.
If you believe there is a problem, could you try to reproduce it with
app/testacl,
and provide a rule file and a trace file?
Thanks
Konstantin
