From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <shrivastav.shyam@gmail.com>
Received: from mail-qt0-f179.google.com (mail-qt0-f179.google.com
 [209.85.216.179]) by dpdk.org (Postfix) with ESMTP id 4198611DE
 for <users@dpdk.org>; Fri, 17 Mar 2017 07:04:04 +0100 (CET)
Received: by mail-qt0-f179.google.com with SMTP id r45so55264802qte.3
 for <users@dpdk.org>; Thu, 16 Mar 2017 23:04:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=BUslnrtdhkqbkua1jWnrhjF6B0oqdRnPYRSl9+qcDBg=;
 b=MXbtlRbsXdbek3SFZEjns5v28/OxekdP3E5yxmir1lOS02GJIasVQUTT0L8d/7n/cI
 7H5vCUGJOqHnovKPF8sbIFabiQPZHhwmUpTuHM87W7cpJFG3gaDiWWSKbSADZPK8dYBZ
 WjGbaXYSXdHS7vr8dXovx2DFTJpRnKXpfjEvupP/MXlbsa9R0V4wNP8w0P6LqTpGGV/k
 o3z3F73+e66Fmwwp3mLJX5K3vdmquQqbMWSaLS+QxM3jq9GwlGtZXhVi17jD31WhQ4vi
 SKVqi7SapcBIr1tdpl2GQKeSsWETbSFg/60LeLTPJZC2Ap6hZYtdCVMFlNQY7fg2HYHd
 kyrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=BUslnrtdhkqbkua1jWnrhjF6B0oqdRnPYRSl9+qcDBg=;
 b=j4Y5PbdIo1CF7oWWVcwNqHm4rGH9D5N9rekt43Co8HFOUf46cj8TZlsFdAgVhlyrL0
 qUdECOG2e6fE0djYdX1ErhHvmiHPPdsK46BsEVwjmtEHlId4zvH04yzgMfWl2caDkEKl
 t0vd0aVwFwXw5kM4ywQO/f0TBX/DWASQf+PDFSFLx4IExcKFrNcgENlGlHwf1qg21/jP
 jp3Cfs+JGI+JGdyAZTg8DQYaENrT8imjEYY870mlqF9BssSQGyPDQJUIbmyQP5cFtboW
 v047IssUQBEcpHlpugBPY7chiDJzcqfgDyYGcnn8fVIJHDmsOpcFEq/Ub93s65ui+5+C
 OHIw==
X-Gm-Message-State: AFeK/H3ok1vr6VrkU6wKLe+Xovz2rG/+iwLkbDEHwtMgpWLjjX+nhzzThLVukPIhhCcOlMOxlfDV4U15eeBZjQ==
X-Received: by 10.237.57.37 with SMTP id l34mr11837027qte.114.1489730643379;
 Thu, 16 Mar 2017 23:04:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.156.15 with HTTP; Thu, 16 Mar 2017 23:04:03 -0700 (PDT)
From: Shyam Shrivastav <shrivastav.shyam@gmail.com>
Date: Fri, 17 Mar 2017 11:34:03 +0530
Message-ID: <CAGSp03=ctU1vOd=HBYN8iQxMMaMXxLgAri7B+t5z3cmLHuCAKA@mail.gmail.com>
To: users@dpdk.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: [dpdk-users] ip_pipeline firewall port filtering
X-BeenThere: users@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK usage discussions <users.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/users>,
 <mailto:users-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/users/>
List-Post: <mailto:users@dpdk.org>
List-Help: <mailto:users-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/users>,
 <mailto:users-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 06:04:04 -0000

Hi

I am trying to just allow tcp dest port 80 packets using ip_pipeline
firewall, configured as under
------------------------------------------------------------------------------------------------------------------------------------

pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 80
80 6 0xF port 0
pipeline> p 1 firewall ls
Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 80-80, Proto =
6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
Default rule: DROP
-----------------------------------------------------------------------------------------------------------------------------------

but it is not working and all tcp packets are getting dropped. If I
configure dest port range to be wildcard(0-65535) then tcp packets are
allowed

-----------------------------------------------------------------------------------------------------------------------------------
pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0
65535 6 0xF port 0
Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, Proto
= 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
pipeline> p 1 firewall ls
Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, Proto
= 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
Default rule: DROP

--------------------------------------------------------------------------------------------------------------------------------------

Has anyone got specific port filtering work with ip_pipeline firewall?
I am debugging this, meanwhile any help/guidance would be greatly
appreciated.

Thanks and rgds
Shyam