Issus of doca flow match the traffic from software Tx

Infrastructure & Networking DOCA Getting Started & Resources
1

Is there any doca flow samples about traffic from software Tx, I try to create a egress root pipe to match all the ICMP packets from software Tx traffic with DOCA 3.1.0 on ConnectX-8, but it doesn’t work。

For example:
static doca_error_t create_root_pipe(struct doca_flow_port *port,
				     struct doca_flow_pipe *next_pipe,
				     struct entries_status *status,
				     struct doca_flow_pipe **pipe_ptr)
{
	struct doca_flow_match match = {.parser_meta = {.outer_l3_type = UINT32_MAX, .outer_l4_type = UINT32_MAX}};
	struct doca_flow_fwd fwd = {.type = DOCA_FLOW_FWD_PIPE, .next_pipe = next_pipe};
	struct doca_flow_fwd fwd_miss = {.type = DOCA_FLOW_FWD_DROP};
	struct doca_flow_pipe *pipe;
	struct doca_flow_pipe_entry *entry;
	doca_error_t result;

	result = create_basic_pipe(port, "ROOT_PIPE", &match, NULL, NULL, &fwd, &fwd_miss, 0, 2, true, true, &pipe);
	if (result != DOCA_SUCCESS) {
		DOCA_LOG_ERR("Failed to create root pipe, pipe creation failed");
		return result;
	}

	match.parser_meta.outer_l3_type = DOCA_FLOW_L3_META_IPV4;
	match.parser_meta.outer_l4_type = DOCA_FLOW_L4_META_ICMP;
	result = doca_flow_pipe_add_entry(0, pipe, &match, NULL, NULL, &fwd, 0, status, &entry);
	if (result != DOCA_SUCCESS) {
		DOCA_LOG_ERR("Failed to create root pipe, IPv4 entry adding failed");
		doca_flow_pipe_destroy(pipe);
		return result;
	}

    g_entry[g_port_id][DOCA_ROOT_ENTRY] = entry;
	*pipe_ptr = pipe;
	return DOCA_SUCCESS;
}

Then use doca_flow_pipe_cfg_set_domain(cfg, DOCA_FLOW_PIPE_DOMAIN_EGRESS) to set pipe to EGRESS domain:

result = doca_flow_pipe_cfg_create(&cfg, port);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to create doca_flow_pipe_cfg: %s",  doca_error_get_descr(result));
	return result;
}

result = set_flow_pipe_cfg(cfg, name, DOCA_FLOW_PIPE_BASIC, is_root);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg: %s", doca_error_get_descr(result));
	doca_flow_pipe_cfg_destroy(cfg);
	return result;
}

result = doca_flow_pipe_cfg_set_domain(cfg, DOCA_FLOW_PIPE_DOMAIN_EGRESS);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg domain: %s", doca_error_get_descr(result));
	doca_flow_pipe_cfg_destroy(cfg);
	return result;
}

When I ping the gateway from this port, tcpdump shows that icmp packets are sent, but the egress root pipe does not match or drop any icmp packets, So, how to make it works?

thanks!

2

Hi, there are several samples creating pipes in EGRESS, see for example flow_ipv6_flow_label_sample.c
In the above code snippet, it seems that the root_pipe is not created in EGRESS.

3

Hi!

Thank you very much for your answer.

The current packet processing flow in the samples is “Packet received on port 0 → hit ingress root pipe → forward to egress root pipe → modify → forwarded to port 1

but what I need is “CPU software Tx → forward to egress root pipe → modify → forwarded to port 0“.

In the above code, I have already configured EGRESS in the doca_flow_pipe_cfg_create interface, as shown in the code below, however, no packets are matched or droped by the egress root pipe. So to achieve traffic from software Tx → egress root pipe, is there any other configuration needed?

result = doca_flow_pipe_cfg_create(&cfg, port);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to create doca_flow_pipe_cfg: %s", doca_error_get_descr(result));
	return result;
}

result = set_flow_pipe_cfg(cfg, name, DOCA_FLOW_PIPE_BASIC, true);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg: %s", doca_error_get_descr(result));
	doca_flow_pipe_cfg_destroy(cfg);
	return result;
}

result = doca_flow_pipe_cfg_set_domain(pipe_cfg, DOCA_FLOW_PIPE_DOMAIN_EGRESS);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg domain: %s", doca_error_get_descr(result));
	goto destroy_pipe_cfg;
}

result = doca_flow_pipe_cfg_set_nr_entries(cfg, nb_flows);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg number entries: %s", doca_error_get_descr(result));
	doca_flow_pipe_cfg_destroy(cfg);
	return result;
}

result = doca_flow_pipe_cfg_set_miss_counter(cfg, true);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg miss counter: %s", doca_error_get_descr(result));
	doca_flow_pipe_cfg_destroy(cfg);
	return result;
}

result = doca_flow_pipe_cfg_set_match(cfg, match, NULL);
if (result != DOCA_SUCCESS) {
	DOCA_LOG_ERR("Failed to set doca_flow_pipe_cfg match: %s", doca_error_get_descr(result));
	doca_flow_pipe_cfg_destroy(cfg);
	return result;
}

thanks!

4

Hi,

  1. please see create_switch_egress_pipe() in flow_switch_to_wire_sample.c for example
  2. make sure you use the “expert” mode (see how it is enabled in the above sample).
  3. if it does not work, please provide more information so we can try to repro locally, mainly, which DOCA version and the complete app code
5

Hello wrmbkm,

Thank you for posting your query on our community. According to the DOCA Flow documentation, traffic transmitted from software is forwarded to the egress root pipe.
If the counters of a user-defined EGRESS pipe remain zero, it usually indicates that the traffic is not being forwarded from the egress root pipe to that specific pipe.

You can refer to the DOCA Flow guide here: https://docs.nvidia.com/doca/sdk/doca-flow/index.html#src-4410844381_id-.DOCAFlowv3.2.0LC-SwitchMode

If the issue persists, I would like to request you to submit a support ticket for further troubleshooting along with detailed information. The support ticket can be opened by emailing " Networking-support@nvidia.com ". Please note that an active support contract would be required for the same. For contracts information, please feel free to reach out to our contracts team at " Networking-Contracts@nvidia.com "

Thanks,
Bhargavi