Hello all,
I'm using rte_flow (dpdk 20.11.1) on Mellanox Connect-X6 to filter some
flows.
I recently was surprised by reading some of the mlx5
limitations(http://doc.dpdk.org/guides/nics/mlx5.html#limitations),
regarding the Verbs flow engine against the DV flow engine.
I wasn't aware of those 2 flow engines, neither of the following behavior:
*
When using Verbs flow engine (|dv_flow_en| = 0), flow pattern
without any specific VLAN will match for VLAN packets as well:
When VLAN spec is not specified in the pattern, the matching rule
will be created with VLAN as a wild card. Meaning, the flow rule:
flow create 0 ingress pattern eth / vlan vid is 3 / ipv4 / end ...
Will only match vlan packets with vid=3. and the flow rule:
flow create 0 ingress pattern eth / ipv4 / end ...
Will match any ipv4 packet (VLAN included).
*
When using Verbs flow engine (|dv_flow_en| = 0),
multi-tagged(QinQ) match is not supported.
*
When using DV flow engine (|dv_flow_en| = 1), flow pattern with
any VLAN specification will match only single-tagged packets
unless the ETH item |type| field is 0x88A8 or the VLAN item
|has_more_vlan| field is 1. The flow rule:
flow create 0 ingress pattern eth / ipv4 / end ...
Will match any ipv4 packet. The flow rules:
flow create 0 ingress pattern eth / vlan / end ...
flow create 0 ingress pattern eth has_vlan is 1 / end ...
flow create 0 ingress pattern eth type is 0x8100 / end ...
Will match single-tagged packets only, with any VLAN ID value. The
flow rules:
flow create 0 ingress pattern eth type is 0x88A8 / end ...
flow create 0 ingress pattern eth / vlan has_more_vlan is 1 / end ...
Will match multi-tagged packets only, with any VLAN ID value.
So, I retested some of my scenarios involving some eth / ipv4 rule pattern.
And, indeed, it's not doing what I was expected. The following is
supposed to discard any flow which isn't GTP or which is VLAN tagged:
sudo dpdk-20.11.1/build/app/dpdk-testpmd -a 04:00.0 -c 0x0f -- --rxq 16
--txq 16 -i
# jump eth from 0 to 1
flow create 0 ingress group 0 priority 2 pattern eth / end actions count
/ jump group 1 / end
# Allows gtp without vlan
flow create 0 ingress group 1 priority 2 pattern eth / ipv4 / udp / gtp
/ end actions count / rss queues 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
end / end
Playing a capture with X VLAN/GTP packets led to the rule
#2(eth/ipv4/udp/gtp) being hit X times, which shouldn't.
I'm sure that DV flow is used because I added some log messages in mlx5
PMD, and anyway running 'dpdk-testpmd -a 04:00.0,dv_flow_en=0' complains
that groups aren't supported.
In the above RSS rule, if I replace 'eth' by 'eth type is 0x0800', it
does what I expect.
I could had this IP4 ethernet type to some eth item, that would not be a
problem, but I'm wondering if I missed something, at compile time for
example?
Thanks a lot.
