From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-f172.google.com (mail-qk0-f172.google.com [209.85.220.172]) by dpdk.org (Postfix) with ESMTP id 2979B69A5 for ; Sat, 18 Mar 2017 08:18:21 +0100 (CET) Received: by mail-qk0-f172.google.com with SMTP id 1so80107819qkl.3 for ; Sat, 18 Mar 2017 00:18:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=+7H76jZAZwlqDyZAoJ596iJwMdImBb4JHTPJtz9M1yg=; b=LzOvClnQowiUx68LLmR5B4E1gfVwxTfG9NMiNFP85uNnN40IGTLBpMugpgHi1Gf+4r 4WFPJhrfFRIpaZiFv/gadRWsXbqSjTsHjwQRChClRVD1W1zBsukMsuREkHP2iQD7EyhJ c7xea/65Wle67m+eW7qitNH5lIFJM7bRX2fFYKNN2m8dwr0RPYqpuxTPfvsbE1MyvAOb ZLw4RZS5R68wPSokH2naI9ynXp4WkdQ/48EAdwIBmkO1ESOz4x9CqpXzq4ElHGKn8hHh zhjBAlbFKOJPt1gHo2aeTL5V05ST5hhse4atw0F1cpLYotNmL70K1jBFXQMS+jWMiaCF jf2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+7H76jZAZwlqDyZAoJ596iJwMdImBb4JHTPJtz9M1yg=; b=W5ee4fhSCRDfz9PWUWuj4oJFWtS1CrzHPWXcJwswWrqFA4NXM0FOGjtf6ONb5Mg/nU dWY0i6peX3rATvSXMVsknHoSVjhJIBExrgWIHzQgI0revQz7/bX2+piQF/eKmm/EHxVF tk1RL4T+mZS1K0k4uBUH2iVx7IZwTYUpaMX1aj0EA2N31Ilh8ZyZm0fwlnETAXLYXrRk EPhiJ7n7bvBPEJF6wjq6uwvFVIxcozLUe17Bv1+z++a9mijYwjhDNThbggL23mfAXzxJ qOsrOoLUIZSMSHXkK9/oGOhWqHwpvms/QGQ/Fos2+go3AgkC/xRpGZrEmkyJzkvtIxFa sPEA== X-Gm-Message-State: AFeK/H19GK3QOZ0lGEJX4WP7Fut+eX/fQV+8BZDS0eOjKAp4Jfg6Vi9ok7Y5qRUby9n3J8Wx9SoEdTi6/uW20g== X-Received: by 10.55.181.6 with SMTP id e6mr15802690qkf.298.1489821500420; Sat, 18 Mar 2017 00:18:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.156.15 with HTTP; Sat, 18 Mar 2017 00:18:20 -0700 (PDT) From: Shyam Shrivastav Date: Sat, 18 Mar 2017 12:48:20 +0530 Message-ID: To: users@dpdk.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-users] ip_pipeline firewall port filtering X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Mar 2017 07:18:21 -0000 Port range filtering like in example configuration below is not working at all for me, tried with two versions. Please help me as the corresponding acl code is difficult, taking time to understand/debug ... On Fri, Mar 17, 2017 at 11:34 AM, Shyam Shrivastav < shrivastav.shyam@gmail.com> wrote: > Hi > > I am trying to just allow tcp dest port 80 packets using ip_pipeline > firewall, configured as under > ------------------------------------------------------------ > ------------------------------------------------------------------------ > pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 80 > 80 6 0xF port 0 > pipeline> p 1 firewall ls > Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 80-80, Proto > = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08) > Default rule: DROP > ------------------------------------------------------------ > ----------------------------------------------------------------------- > > but it is not working and all tcp packets are getting dropped. If I > configure dest port range to be wildcard(0-65535) then tcp packets are > allowed > > ------------------------------------------------------------ > ----------------------------------------------------------------------- > pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0 > 65535 6 0xF port 0 > Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, > Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08) > pipeline> p 1 firewall ls > Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, > Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08) > Default rule: DROP > > ------------------------------------------------------------ > -------------------------------------------------------------------------- > > Has anyone got specific port filtering work with ip_pipeline firewall? > I am debugging this, meanwhile any help/guidance would be greatly > appreciated. > > Thanks and rgds > Shyam >