I am trying to create a sample app that matches ICMP traffic following the sample code of doca_flow_drop in: doca-samples/samples/doca_flow/flow_drop at master · NVIDIA-DOCA/doca-samples · GitHub.
where i create icmp pipe as follows:
static doca_error_t create_icmp_rss_pipe(
struct doca_flow_port *port,
struct doca_flow_pipe *hairpin_pipe,
struct doca_flow_pipe **pipe)
{
struct doca_flow_match match;
struct doca_flow_actions actions, *actions_arr[NB_ACTIONS_ARR];
struct doca_flow_monitor monitor;
struct doca_flow_fwd fwd;
struct doca_flow_fwd fwd_miss;
struct doca_flow_pipe_cfg *pipe_cfg;
doca_error_t result;
memset(&match, 0, sizeof(match));
memset(&actions, 0, sizeof(actions));
memset(&monitor, 0, sizeof(monitor));
memset(&fwd, 0, sizeof(fwd));
memset(&fwd_miss, 0, sizeof(fwd_miss));
match.outer.l3_type = DOCA_FLOW_L3_TYPE_IP4;
match.outer.l4_type_ext = DOCA_FLOW_L4_TYPE_EXT_ICMP;
match.outer.icmp.type = 0xff;
monitor.counter_type = DOCA_FLOW_RESOURCE_TYPE_NON_SHARED;
. . .
fwd.type = DOCA_FLOW_FWD_PIPE;
fwd.next_pipe = hairpin_pipe;
fwd_miss.type = DOCA_FLOW_FWD_DROP;
// fwd_miss.next_pipe = hairpin_pipe;
result = doca_flow_pipe_create(pipe_cfg, &fwd, &fwd_miss, pipe);
destroy_pipe_cfg:
doca_flow_pipe_cfg_destroy(pipe_cfg);
return result;
}
and here is how i create an entry that matches echo requests:
static doca_error_t add_icmp_pipe_entry(struct doca_flow_pipe *pipe,
struct entries_status *status,
struct doca_flow_pipe_entry **entry)
{
struct doca_flow_match match;
struct doca_flow_actions actions;
doca_error_t result;
memset(&match, 0, sizeof(match));
memset(&actions, 0, sizeof(actions));
match.outer.icmp.type = 8;
result = doca_flow_pipe_add_entry(0, pipe, &match, &actions, NULL, NULL, 0, status, entry);
if (result != DOCA_SUCCESS)
return result;
return DOCA_SUCCESS;
}
and i use a classifier pipe as the root pipe:
static doca_error_t create_classifier_pipe(
struct doca_flow_port *port,
struct doca_flow_pipe *icmp_rss_pipe,
struct doca_flow_pipe *hairpin_pipe,
struct doca_flow_pipe **pipe)
{
struct doca_flow_match match;
struct doca_flow_actions actions, *actions_arr[NB_ACTIONS_ARR];
struct doca_flow_monitor monitor;
struct doca_flow_fwd fwd;
struct doca_flow_fwd fwd_miss;
struct doca_flow_pipe_cfg *pipe_cfg;
doca_error_t result;
memset(&match, 0, sizeof(match));
memset(&actions, 0, sizeof(actions));
memset(&monitor, 0, sizeof(monitor));
memset(&fwd, 0, sizeof(fwd));
memset(&fwd_miss, 0, sizeof(fwd_miss));
/* Match on header types */
match.parser_meta.outer_l3_type = DOCA_FLOW_L3_META_IPV4;
match.parser_meta.outer_l4_type = DOCA_FLOW_L4_META_ICMP;
monitor.counter_type = DOCA_FLOW_RESOURCE_TYPE_NON_SHARED;
actions_arr[0] = &actions;
. . .
result = set_flow_pipe_cfg(pipe_cfg, "CLASSIFIER_PIPE", DOCA_FLOW_PIPE_BASIC, true);
if (result != DOCA_SUCCESS) {
DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg: %s", doca_error_get_descr(result));
goto destroy_pipe_cfg;
}
//...
fwd.type = DOCA_FLOW_FWD_PIPE;
fwd.next_pipe = icmp_rss_pipe;
fwd_miss.type = DOCA_FLOW_FWD_PIPE;
fwd_miss.next_pipe = hairpin_pipe;
result = doca_flow_pipe_create(pipe_cfg, &fwd, &fwd_miss, pipe);
destroy_pipe_cfg:
doca_flow_pipe_cfg_destroy(pipe_cfg);
return result;
}
i could work this around by changing create_icmp_rss_pipe() as follows:
match.outer.l3_type = DOCA_FLOW_L3_TYPE_IP4;
match.outer.l4_type_ext = DOCA_FLOW_L4_TYPE_EXT_ICMP;
match.outer.ip4.next_proto = 1; // added line
match.outer.icmp.type = 0xff;
however if i dont add this line i get the following error.
sudo ./build/main -a 0000:03:00.0,dv_flow_en=2 -a auxiliary:mlx5_core.sf.2,dv_flow_en=2 -- -l 60
[16:31:25:453836][2983995][DOCA][INF][main.c:44][main] Starting the sample
EAL: Detected CPU lcores: 16
EAL: Detected NUMA nodes: 1
EAL: Detected shared linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'VA'
EAL: Probe PCI driver: mlx5_pci (15b3:a2dc) device: 0000:03:00.0 (socket -1)
TELEMETRY: No legacy callbacks, legacy socket not created
[16:31:26:842645][2983995][DOCA][DBG][dpdk_utils.c:417][port_init] Port 0 MAC: 02 91 9f 24 f1 84
[16:31:28:026915][2983995][DOCA][DBG][dpdk_utils.c:417][port_init] Port 1 MAC: d8 94 24 58 40 24
[16:31:28:027883][2983995][DOCA][WRN][engine_model.c:92][adapt_queue_depth] adapting queue depth to 128.
[16:31:31:156082][2983995][DOCA][ERR][hws_pipe_items.c:1087][active_opcode_build] failed building active opcode - active opcode 16777344 is protocol only
[16:31:31:156127][2983995][DOCA][ERR][hws_pipe_items.c:1736][hws_pipe_items_build] failed building pipe items - active opcode 16777344 failed process rc=-22
[16:31:31:156141][2983995][DOCA][ERR][dpdk_pipe_common.c:1271][__dpdk_pipe_per_q_build] build pipe items fail - ret=-22
[16:31:31:156150][2983995][DOCA][ERR][engine_pipe.c:618][engine_pipe_create] failed creating pipe - build failed rc=(-22)
[16:31:31:157126][2983995][DOCA][ERR][doca_flow.c:1868][doca_flow_pipe_create] engine pipe creation failed, rc = -22
[16:31:31:157165][2983995][DOCA][ERR][pipes.c:292][icmp_flow_prog] Failed to create icmp_rss pipe: Invalid input
[16:31:31:213423][2983995][DOCA][ERR][main.c:67][main] flow_prog() encountered an error: Invalid input
[16:31:32:673869][2983995][DOCA][DBG][dpdk_utils.c:928][dpdk_fini] DPDK fini is done
[16:31:32:673912][2983995][DOCA][INF][main.c:83][main] Sample finished with errors
why am i not able to create pipe like in the first way? And what does the error: active opcode 16777344 is protocol only indicate?