* [dpdk-dev] [PATCH v2] pipeline_firewall: Fix for port range filtering
@ 2017-03-22 1:35 Shyam Kumar Shrivastav
2017-03-24 19:10 ` Dumitrescu, Cristian
0 siblings, 1 reply; 4+ messages in thread
From: Shyam Kumar Shrivastav @ 2017-03-22 1:35 UTC (permalink / raw)
To: cristian.dumitrescu; +Cc: dev, Shyam Kumar Shrivastav
Firewall ACL definition need to use same input index for source and
destination ports as these are 16 bits and would fit in one ACL
field of 32 bits. This is required as per librte_acl API. Without this
UDP/TCP source and destination ports filtering (and for that
matter ICMP type/code filtering) does not work.
Signed-off-by: Shyam Kumar Shrivastav <shrivastav.shyam@gmail.com>
---
examples/ip_pipeline/pipeline/pipeline_firewall_be.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/examples/ip_pipeline/pipeline/pipeline_firewall_be.c b/examples/ip_pipeline/pipeline/pipeline_firewall_be.c
index b61f303..2980492 100644
--- a/examples/ip_pipeline/pipeline/pipeline_firewall_be.c
+++ b/examples/ip_pipeline/pipeline/pipeline_firewall_be.c
@@ -161,7 +161,7 @@ struct firewall_table_entry {
.type = RTE_ACL_FIELD_TYPE_RANGE,
.size = sizeof(uint16_t),
.field_index = 4,
- .input_index = 4,
+ .input_index = 3,
.offset = sizeof(struct ether_hdr) +
sizeof(struct ipv4_hdr) +
offsetof(struct tcp_hdr, dst_port),
@@ -221,7 +221,7 @@ struct firewall_table_entry {
.type = RTE_ACL_FIELD_TYPE_RANGE,
.size = sizeof(uint16_t),
.field_index = 4,
- .input_index = 4,
+ .input_index = 3,
.offset = sizeof(struct ether_hdr) +
SIZEOF_VLAN_HDR +
sizeof(struct ipv4_hdr) +
@@ -282,7 +282,7 @@ struct firewall_table_entry {
.type = RTE_ACL_FIELD_TYPE_RANGE,
.size = sizeof(uint16_t),
.field_index = 4,
- .input_index = 4,
+ .input_index = 3,
.offset = sizeof(struct ether_hdr) +
SIZEOF_QINQ_HEADER +
sizeof(struct ipv4_hdr) +
--
1.8.3.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH v2] pipeline_firewall: Fix for port range filtering
2017-03-22 1:35 [dpdk-dev] [PATCH v2] pipeline_firewall: Fix for port range filtering Shyam Kumar Shrivastav
@ 2017-03-24 19:10 ` Dumitrescu, Cristian
2017-03-25 5:48 ` Shyam Shrivastav
2017-04-20 23:35 ` Thomas Monjalon
0 siblings, 2 replies; 4+ messages in thread
From: Dumitrescu, Cristian @ 2017-03-24 19:10 UTC (permalink / raw)
To: Shyam Kumar Shrivastav; +Cc: dev
> -----Original Message-----
> From: Shyam Kumar Shrivastav [mailto:shrivastav.shyam@gmail.com]
> Sent: Wednesday, March 22, 2017 1:36 AM
> To: Dumitrescu, Cristian <cristian.dumitrescu@intel.com>
> Cc: dev@dpdk.org; Shyam Kumar Shrivastav <shrivastav.shyam@gmail.com>
> Subject: [PATCH v2] pipeline_firewall: Fix for port range filtering
>
> Firewall ACL definition need to use same input index for source and
> destination ports as these are 16 bits and would fit in one ACL
> field of 32 bits. This is required as per librte_acl API. Without this
> UDP/TCP source and destination ports filtering (and for that
> matter ICMP type/code filtering) does not work.
>
> Signed-off-by: Shyam Kumar Shrivastav <shrivastav.shyam@gmail.com>
> ---
Reviewed-by: Jasvinder.Singh@intel.com
Acked-by: Cristian.Dumitrescu@intel.com
Thanks, Shyam, for debugging this!
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH v2] pipeline_firewall: Fix for port range filtering
2017-03-24 19:10 ` Dumitrescu, Cristian
@ 2017-03-25 5:48 ` Shyam Shrivastav
2017-04-20 23:35 ` Thomas Monjalon
1 sibling, 0 replies; 4+ messages in thread
From: Shyam Shrivastav @ 2017-03-25 5:48 UTC (permalink / raw)
To: Dumitrescu, Cristian; +Cc: dev
> Firewall ACL definition need to use same input index for source and
> > destination ports as these are 16 bits and would fit in one ACL
> > field of 32 bits. This is required as per librte_acl API. Without this
> > UDP/TCP source and destination ports filtering (and for that
> > matter ICMP type/code filtering) does not work.
> >
> > Signed-off-by: Shyam Kumar Shrivastav <shrivastav.shyam@gmail.com>
> > ---
>
> Reviewed-by: Jasvinder.Singh@intel.com
> Acked-by: Cristian.Dumitrescu@intel.com
>
> Thanks, Shyam, for debugging this!
>
Tested-by: Shyam Kumar Shrivastav <shrivastav.shyam@gmail.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH v2] pipeline_firewall: Fix for port range filtering
2017-03-24 19:10 ` Dumitrescu, Cristian
2017-03-25 5:48 ` Shyam Shrivastav
@ 2017-04-20 23:35 ` Thomas Monjalon
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Monjalon @ 2017-04-20 23:35 UTC (permalink / raw)
To: Shyam Kumar Shrivastav; +Cc: dev, Dumitrescu, Cristian
> > Firewall ACL definition need to use same input index for source and
> > destination ports as these are 16 bits and would fit in one ACL
> > field of 32 bits. This is required as per librte_acl API. Without this
> > UDP/TCP source and destination ports filtering (and for that
> > matter ICMP type/code filtering) does not work.
> >
> > Signed-off-by: Shyam Kumar Shrivastav <shrivastav.shyam@gmail.com>
> > ---
>
> Reviewed-by: Jasvinder.Singh@intel.com
> Acked-by: Cristian.Dumitrescu@intel.com
>
> Thanks, Shyam, for debugging this!
Applied, thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-20 23:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-22 1:35 [dpdk-dev] [PATCH v2] pipeline_firewall: Fix for port range filtering Shyam Kumar Shrivastav
2017-03-24 19:10 ` Dumitrescu, Cristian
2017-03-25 5:48 ` Shyam Shrivastav
2017-04-20 23:35 ` Thomas Monjalon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).