[dpdk-dev] Q on l3fwd-acl and acl library

Ravi Kerur rkerur at gmail.com
Tue Mar 2 20:33:15 CET 2021


Hello,

I am using l3fwd-acl example code and would like to know the intention of
ACL_DENY_SIGNATURE in the code.

Is ACL rules programmed to drop packets and not for any other
functionality? I see that userdata is ignored for ACL and programmed with
ACL_DENY_SIGNATURE + count. After classification, results are checked and
packets forwarded or dropped as in send_one_packet

static inline void
send_one_packet(struct rte_mbuf *m, uint32_t res)
{
        if (likely((res & ACL_DENY_SIGNATURE) == 0 && res != 0)) {
                /* forward packets */
                send_single_packet(m,
                        (uint8_t)(res - FWD_PORT_SHIFT));
...
}

In the ACL case, "res" is always (ACL_DENY_SIGNATURE + acl_cnt) and packets
are dropped.

Is this correct?

Looking at the acl library I did not see statistics associated with the
rules so the library doesn't provide anything related to statistics?

Finally, I see the acl library has api 'rte_acl_add_rules' but nothing on
modifying/deleting existing rules?

Thanks,
Ravi


More information about the dev mailing list