* [dpdk-users] ip_pipeline firewall : fragmented ipv4 packets handling
@ 2017-03-17 5:52 Shyam Shrivastav
0 siblings, 0 replies; only message in thread
From: Shyam Shrivastav @ 2017-03-17 5:52 UTC (permalink / raw)
To: dev, users; +Cc: Shyam Shrivastav
Again sending this issue as no response on original post. As per my
understanding if we are supporting ACL on tcp/usp port ranges then ipv4
packets must be reassembled before checking against ACL, then fragmented
if required during forwarding. So there are three cases
1) My understanding is wrong then please correct me.
2) We correct this in examples wherever we are supporting access control on
udp/tcp ports.
3) We document this clearly.
-------------------------------------------------
Below is my original post
-------------------------------------------------
Hi All
Filtering based on TCP/UDP fields like src/dest port range works correctly
only on non-fragmented packets , that means reassembly must be done before
packets hit firewall rules table. Also packets must be fragmented before
transmission if larger than port mtu. This is unsupported currently, any
plans for this in near future?
Regards
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-03-17 5:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-17 5:52 [dpdk-users] ip_pipeline firewall : fragmented ipv4 packets handling Shyam Shrivastav
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).