From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-f176.google.com (mail-qk0-f176.google.com [209.85.220.176]) by dpdk.org (Postfix) with ESMTP id 8F89C3DC for ; Wed, 8 Mar 2017 16:54:39 +0100 (CET) Received: by mail-qk0-f176.google.com with SMTP id y76so72641625qkb.0 for ; Wed, 08 Mar 2017 07:54:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=4EoEKDtcw5wBUiu/xoon1RAjs1EgYqlODL0pC+3ggfY=; b=kmR3kRBoCRRDyM5gjlFFVOS5BpbhKT3dRxsX/4Qi5vf6xEOn6C9+fsMN7OyXVy/372 sfRWg6OnA9T99gQwKkqWt2yxd6u2l7MrxIrDsMy6S+t+GVbC6eaS+pBhh8w9aviQkf2r e1XhhzBQs3mWFwwIdWUqNfNiy0uVbfNfaa/tK3iA5oiwNcnBKS0FN/0f0Cy8uLQx31Ae 90Yd4wbngETPaxhINhYNq5ZVLTuD9fnx+iD9UEJM07+rs/8xZ/H808JyN/42hT9Uv5t+ 9NhUDtJTGMToHzPLpUKHOTrULZie5rv29boC2ElAM3iUaKpJcJtH3rNC5lqelWIfkaBN N32g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=4EoEKDtcw5wBUiu/xoon1RAjs1EgYqlODL0pC+3ggfY=; b=GYWHOldd7c2TQfNDQbiPQUv8Iarxh4cAnI2X161eeR7UHU4zq1VamcR/p6Kkytaqx0 c0mIpxqLt/MWvhcLDdX3wRWeJqjM4Sq0WFzzQVLQwot3DLHPcl68wGTjzZn792BLVB6o d89knN2E9/EIPWp2OU4UYyb496sPIav/4IEeIRS5Tn1i4ePc1PaTvfZJRSPng0gFsYxt 6TQvxNWRj4LHzU+jMw8m+xdzikGlK91e51JCyYcFjj6oE1j/PmIOoSpezha6lFxXYczZ wTrysCtCZ6qOpSWOvhlsaPEyWIwTGSjeu4pc/Fh0Yu1KTkd/zpA/Sv63p6gF79fsyd5t 3EoQ== X-Gm-Message-State: AMke39nbaGkYJGL9yqD64VPFK9hFFj5fmRxBVCOorfga9wspWHbd+Gdcd/RRMJjKtoDKn9lfLn04qXgYO8azcg== X-Received: by 10.55.214.24 with SMTP id t24mr8210100qki.141.1488988479005; Wed, 08 Mar 2017 07:54:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.156.15 with HTTP; Wed, 8 Mar 2017 07:54:38 -0800 (PST) From: Shyam Shrivastav Date: Wed, 8 Mar 2017 21:24:38 +0530 Message-ID: To: dev@dpdk.org Cc: Shyam Shrivastav Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [dpdk-dev] ip_pipeline firewall customization X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2017 15:54:39 -0000 Hi All I am using ip_pipeline firewall as base for our project, need comments/suggestions/corrections regarding following 1) We can not configure firewall rule to drop packets, as portid is mandatory in command. I am planning to allow this for our requirement with following code changes a) Allow "port" as optional parameter (pipeline_firewall.c), pass -1 as port id if "port" is not specified to app_pipeline_firewall_add_rule and change that parameter to int32_t. b) Make required changes in pipeline_firewall_msg_req_add_handler if portid is -1, that is table entry action to be .action = RTE_PIPELINE_ACTION_DROP. 2) I am registering a f_action_hit function for firewall table to perform certain translations if action is pass (RTE_PIPELINE_ACTION_PORT). Configured a rule like following pipeline>p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 port 0 which should be hit only by ipv4 packets. However even ARP packets are hit by this ACL and my routine is called. If I configure a specific src or dst ip then everything works fine and arp packets are not hit , for example following rule hits only ipv4 icmp packets pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 45.35.70.12 32 0 65535 0 65535 1 0xf port 0 Is this a bug or am I missing something ? Thanks Shyam