DPDK usage discussions
 help / color / mirror / Atom feed
* Re: [dpdk-users] ip_pipeline firewall port filtering
@ 2017-03-18  7:18 Shyam Shrivastav
  0 siblings, 0 replies; 2+ messages in thread
From: Shyam Shrivastav @ 2017-03-18  7:18 UTC (permalink / raw)
  To: users

Port range filtering like in example configuration below is not working at
all for me, tried with two versions. Please help me as the corresponding
acl code is difficult, taking time to understand/debug ...

On Fri, Mar 17, 2017 at 11:34 AM, Shyam Shrivastav <
shrivastav.shyam@gmail.com> wrote:

> Hi
>
> I am trying to just allow tcp dest port 80 packets using ip_pipeline
> firewall, configured as under
> ------------------------------------------------------------
> ------------------------------------------------------------------------
> pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 80
> 80 6 0xF port 0
> pipeline> p 1 firewall ls
> Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 80-80, Proto
> = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
> Default rule: DROP
> ------------------------------------------------------------
> -----------------------------------------------------------------------
>
> but it is not working and all tcp packets are getting dropped. If I
> configure dest port range to be wildcard(0-65535) then tcp packets are
> allowed
>
> ------------------------------------------------------------
> -----------------------------------------------------------------------
> pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0
> 65535 6 0xF port 0
> Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535,
> Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
> pipeline> p 1 firewall ls
> Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535,
> Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
> Default rule: DROP
>
> ------------------------------------------------------------
> --------------------------------------------------------------------------
>
> Has anyone got specific port filtering work with ip_pipeline firewall?
> I am debugging this, meanwhile any help/guidance would be greatly
> appreciated.
>
> Thanks and rgds
> Shyam
>

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [dpdk-users] ip_pipeline firewall port filtering
@ 2017-03-17  6:04 Shyam Shrivastav
  0 siblings, 0 replies; 2+ messages in thread
From: Shyam Shrivastav @ 2017-03-17  6:04 UTC (permalink / raw)
  To: users

Hi

I am trying to just allow tcp dest port 80 packets using ip_pipeline
firewall, configured as under
------------------------------------------------------------------------------------------------------------------------------------

pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 80
80 6 0xF port 0
pipeline> p 1 firewall ls
Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 80-80, Proto =
6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
Default rule: DROP
-----------------------------------------------------------------------------------------------------------------------------------

but it is not working and all tcp packets are getting dropped. If I
configure dest port range to be wildcard(0-65535) then tcp packets are
allowed

-----------------------------------------------------------------------------------------------------------------------------------
pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0
65535 6 0xF port 0
Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, Proto
= 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
pipeline> p 1 firewall ls
Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535, Proto
= 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
Default rule: DROP

--------------------------------------------------------------------------------------------------------------------------------------

Has anyone got specific port filtering work with ip_pipeline firewall?
I am debugging this, meanwhile any help/guidance would be greatly
appreciated.

Thanks and rgds
Shyam

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-03-18  7:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-18  7:18 [dpdk-users] ip_pipeline firewall port filtering Shyam Shrivastav
  -- strict thread matches above, loose matches on Subject: below --
2017-03-17  6:04 Shyam Shrivastav

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).