From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-f179.google.com (mail-qt0-f179.google.com [209.85.216.179]) by dpdk.org (Postfix) with ESMTP id 6BF5619F5 for ; Mon, 20 Mar 2017 10:53:59 +0100 (CET) Received: by mail-qt0-f179.google.com with SMTP id x35so101965010qtc.2 for ; Mon, 20 Mar 2017 02:53:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=r3ryDILt2yNjeVaggeXdCa5Bxn1a43d1X49fZVeCNZ8=; b=HBPwkZNSEFPVudti8ntRZA93D1IWY7WH3C7PD2HuoI+9ywiTK3M9NVb4brizx1cDN2 7StxVJ0EydKZCI+gyU3JzmuTVCMO5rv/aq7N/P12lRN88Ht/RuSKNd1/NnG9EHfXsjOU MHBFK+WrD+tMsQyqd+SyUniWpl2oil2U4xIXL43CFHYNDFgrioNEG6hmr+YihwVFlpEc Mba9X5DpyJCwaN81rQ4kd76TcLHW8kh7k8TL+0mLJrPy0UgRifW4SzgO3FtbUpv8MqqN /TgMHP641BPUAT99IvKs63OoUad1caSR9RfkHtcYjdx8aAu6cfcbGlOPBSbas5+dojKO +YFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=r3ryDILt2yNjeVaggeXdCa5Bxn1a43d1X49fZVeCNZ8=; b=FA4lsRgwRuL29UMo59tSWB+2eItMgP6Ij685sKZFwrb/47nhwapx7LvZ89s2IRjMmC VWB987bvMdjVQFZKvmW4skiasJjSCJTx0lo4eeda28h9NEEVdqdz/FnXLf2AG+Hed+1e L8R8jNKrZrws+Buiq676BYpEtArevKPZN8bk/pTmbY9b9p/dRh46ohaoHrD3oJdUoeAg x6P61qWr5aXRvcyQH9D45OkHXkYaVBx0NMjYoATE1go2w/kaLk/fe1RBRd6dj+b2tHrq 4ZstDq/f1UkkiAmDIBSPipTMdGvVz588s6FWtA/J5nJEYQL/iWpcwFhC7g5QJ+deyZv4 4HRg== X-Gm-Message-State: AFeK/H1r5zLhnYObyBgiAf5iyZjJVlzk6w6oKPVtssFBHDX8a/YiDacaBHE446RPmlNsSuVCxwrwfkW3gOytOw== X-Received: by 10.200.48.54 with SMTP id f51mr24516482qte.164.1490003638458; Mon, 20 Mar 2017 02:53:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.139.71 with HTTP; Mon, 20 Mar 2017 02:53:58 -0700 (PDT) In-Reply-To: <54CBAA185211B4429112C315DA58FF6D31B0AF27@IRSMSX101.ger.corp.intel.com> References: <54CBAA185211B4429112C315DA58FF6D31B0AF27@IRSMSX101.ger.corp.intel.com> From: Shyam Shrivastav Date: Mon, 20 Mar 2017 15:23:58 +0530 Message-ID: To: "Singh, Jasvinder" Cc: "dev@dpdk.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] Fixed : ip_pipeline firewall port range filtering X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2017 09:53:59 -0000 Hi Singh Yes its a bug,input_indx for 2 byte src/dst fields need to point to same field,I should have examined this layer more minutely before going into tabl/acl library code. Also looks like no one used/tested tcp/udp port filtering part of ip_pipeline firewall yet as it will never work without this fix. I will submit the patch this week,meanwhile wanted to publish the info if someone else stuck on this. Regards, shyam On Mon, Mar 20, 2017 at 3:04 PM, Singh, Jasvinder wrote: > Hi Shayam, > > > > -----Original Message----- > > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Shyam Shrivastav > > Sent: Sunday, March 19, 2017 4:11 PM > > To: dev@dpdk.org > > Cc: Shyam Shrivastav > > Subject: [dpdk-dev] Fixed : ip_pipeline firewall port range filtering > > > > Found the issue,was debugging acl library while issue was with firewall > acl > > definition/registration, simple fix makes udp/tcp src/dest based port > filtering > > work with ip_pipeline firewall. Below is git diff, will submit patch if > members > > suggest . I am very new here .. > > > > Also I was going through low level acl compilation/classify code, taking > time > > to understand,if some dev/code doc is there please pass it on. > > > > > > [root@localhost pipeline]# git diff pipeline_firewall_be.c diff --git > > a/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > b/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > index b61f303..2980492 100644 > > --- a/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > +++ b/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > @@ -161,7 +161,7 @@ struct firewall_table_entry { > > .type = RTE_ACL_FIELD_TYPE_RANGE, > > .size = sizeof(uint16_t), > > .field_index = 4, > > - .input_index = 4, > > + .input_index = 3, > > .offset = sizeof(struct ether_hdr) + > > sizeof(struct ipv4_hdr) + > > offsetof(struct tcp_hdr, dst_port), @@ -221,7 > +221,7 @@ struct > > firewall_table_entry { > > .type = RTE_ACL_FIELD_TYPE_RANGE, > > .size = sizeof(uint16_t), > > .field_index = 4, > > - .input_index = 4, > > + .input_index = 3, > > .offset = sizeof(struct ether_hdr) + > > SIZEOF_VLAN_HDR + > > sizeof(struct ipv4_hdr) + @@ -282,7 +282,7 @@ > struct > > firewall_table_entry { > > .type = RTE_ACL_FIELD_TYPE_RANGE, > > .size = sizeof(uint16_t), > > .field_index = 4, > > - .input_index = 4, > > + .input_index = 3, > > .offset = sizeof(struct ether_hdr) + > > SIZEOF_QINQ_HEADER + > > sizeof(struct ipv4_hdr) + > > > Looks like a bug as all the fields except the first one has to be grouped > into sets of 4 consecutive bytes. Therefore, src & dst ports fields should > be grouped under input_index =3, Reference -http://dpdk.org/doc/guides/ > prog_guide/packet_classif_access_ctrl.html > > Please send a patch on this fix on dpdk.org. Guidelines to send patch on > dpdk.org are available at http://dpdk.org/doc/guides/ > contributing/patches.html#sending-patches > > Thanks, > Jasvinder >