From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-f170.google.com (mail-qt0-f170.google.com [209.85.216.170]) by dpdk.org (Postfix) with ESMTP id C2D9411DE for ; Fri, 17 Mar 2017 08:01:13 +0100 (CET) Received: by mail-qt0-f170.google.com with SMTP id r45so55881539qte.3 for ; Fri, 17 Mar 2017 00:01:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=5XEWSEVNPfxxbz33/vMZQSJJ58mPfFrQ3GfHsPqhW5Q=; b=XQayVY9MUnY42BGMfXuM1BJf7yQWFsi6fMog800YSY58PcahImXCDArU7n2CrBhe+f y5/0r66em7K6iibfMZhCTiW0ogt0aiscneLYkHnQwfgEOdPKUHZj90b5Gq6LseGjw8Fz enrBzv4JrsBvjTKcHat3c/6U6h0dmIxSyICTer1pVZP1dku6W22FJiIs1ICc40kRewB6 z/BX+2bIYFw1/Op2q/WtAYYbBPGRF9l1SQujCwUCXuSHYE3iPr7CxjktNHHA+pOszr1k 0wmE1YmtLgWTQsTFLf3g6KqyZxCMAryopJUQQo2eCMnRDWltr9jLdnlwGjluq6zHi7hO BIkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=5XEWSEVNPfxxbz33/vMZQSJJ58mPfFrQ3GfHsPqhW5Q=; b=QZY74A4stN5MuMn6h7SP+u5id0vsLxxcSXhbUdevDuTL3xOgplBhZT4kwpd4Sm3abR LTmx1dwoosWIH2krrHkNGjS5RL+kGWsLt6Oxu8HpCoHvEA2wn8aisyA9qLDNWJtig5/8 lTwjRevdIz3xhKVuV3MkaOgQ+SJefYzjk8P8I0miNjwHGRr+JlnQB6pwajoo1Z/zCMJe OY0CRzBTpbTYDNTyLTjkG+O3Ovv1u2y6/iqGZGHFeGUzC4xMgUpcnhJ0YmcAxNcjNh8E qjgEk/rSLup9lmYCNvQUcN8nITpRyoA9BOjRjS1zx9pJZ1Inff47sNJ1mT5vZGRpQJ49 Vkjg== X-Gm-Message-State: AFeK/H2w8fQGcb1gFXWhULjkMt2QxtQY4W0EFuhS1Y2ssfWLGcxvzSOIr8WmtPZn20ePCPZURUEn9r8fs588AQ== X-Received: by 10.237.57.37 with SMTP id l34mr11969662qte.114.1489734072915; Fri, 17 Mar 2017 00:01:12 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.156.15 with HTTP; Fri, 17 Mar 2017 00:01:12 -0700 (PDT) From: Shyam Shrivastav Date: Fri, 17 Mar 2017 12:31:12 +0530 Message-ID: To: dev@dpdk.org Cc: Shyam Shrivastav Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [dpdk-dev] ip_pipeline firewall port range filtering X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 07:01:14 -0000 Hi I am trying to just allow tcp dest port 80 packets using ip_pipeline firewall, configured as under ------------------------------------------------------------ ------------------------------------------------------------------------ pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 80 80 6 0xF port 0 pipeline> p 1 firewall ls Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 80-80, Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08) Default rule: DROP ------------------------------------------------------------ ----------------------------------------------------------------------- but it is not working and all tcp packets are getting dropped. If I configure dest port range to be wildcard(0-65535) then tcp packets are allowed ------------------------------------------------------------ ----------------------------------------------------------------------- pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 6 0xF port 0 Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08) pipeline> p 1 firewall ls Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08) Default rule: DROP ------------------------------------------------------------ -------------------------------------------------------------------------- Anyone here got specific port filtering work with ip_pipeline firewall? I am debugging this, meanwhile any help/guidance would be greatly appreciated. Thanks and rgds