From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-f170.google.com (mail-qk0-f170.google.com [209.85.220.170]) by dpdk.org (Postfix) with ESMTP id E6CE31BBE for ; Tue, 7 Mar 2017 09:06:53 +0100 (CET) Received: by mail-qk0-f170.google.com with SMTP id y76so63869432qkb.0 for ; Tue, 07 Mar 2017 00:06:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=085XHSsJYDqyo3BpXp+GafqaxAsNI/B7NBTsNfUjCyE=; b=iOZ+vq0IZ1Da9L2DttPi5KGK1sNA1maFdeT11FhvfL1494/QKCbKM6axjdPm3n8bFH WR6tbyKJkhsR2qp0RT8TCsFhHIZZ4E5YBAHfEgNXGRhhwAXRHV/RwuIy9CRV+ZWxa0cl qlvvGwEweARfiVIrsDjYRsjkYPMif7gen0x7whpaD8gbN0MZL7pmT42kwrgSUHums1r5 7o16A//Rs/JAA6h1entgdsbGuIUFz4JL6R9rIIsVbZW9ubk3DV3W48qy7RfaPNLf0G+r q1E7dk86JqsEdGes1pG9uYe2KgOYR4Y+NRkvXFG7vYi1+98UIbblbzvsew9FasB2Ijul muMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=085XHSsJYDqyo3BpXp+GafqaxAsNI/B7NBTsNfUjCyE=; b=jRpTpz/c1xv6+JoAwYSpdEwvq9AzldYlBB8y9R/L6lRBt48qDjp8l81LEKHKCyKa5C 1AjFRTPUgg+VKpo0ITdPB1a2CY18p/cb56nTpPERIA6Q182WkYzY3SYzsESD5dzDbXFo gg2DGk8EGDNK9TQvaDTbaiHVHZcFlA4z+bZg9yKBYatdw0JttyH0H1U8HzUbwzE9CIPC PW9It7KA9/lO0GUXvgqes4ne9QS7NFRu9fg1TQ6iAr3bRMIG6CdTaLY6od17U3437AnA sQEtMJh+1ZjLDaXifgVECRT6goLJ2xVPNoNptl6AIXAWTq98pepn9ewi3WOiBlYAFOiB Kl4w== X-Gm-Message-State: AMke39mrEbM1grqQiHCtumcNollvoGhH0KUIvwYXcYNxyxvTpZOSC+ABQzCxuauOQUghv+7tOjd8sS7DN5/MgQ== X-Received: by 10.55.39.201 with SMTP id n192mr17429127qkn.263.1488874013166; Tue, 07 Mar 2017 00:06:53 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.156.15 with HTTP; Tue, 7 Mar 2017 00:06:52 -0800 (PST) From: Shyam Shrivastav Date: Tue, 7 Mar 2017 13:36:52 +0530 Message-ID: To: users@dpdk.org Cc: Shyam Shrivastav Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [dpdk-users] ip_pipeline firewall customization X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 08:06:54 -0000 Hello friends I am using ip_pipeline firewall as base for our project, need comments/suggestions/corrections regarding following 1) We can not configure firewall rule to drop packets, as portid is mandatory in command. I am planning to allow this for our requirement with following code changes a) Allow "port" as optional parameter (pipeline_firewall.c), pass -1 as port id if "port" is not specified to app_pipeline_firewall_add_rule and change that parameter to int32_t. b) Make required changes in pipeline_firewall_msg_req_add_handler if portid is -1, that is table entry action to be .action = RTE_PIPELINE_ACTION_DROP. 2) I am registering a f_action_hit function for firewall table to perform certain translations if action is pass (RTE_PIPELINE_ACTION_PORT). Configured a rule like following pipeline>p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 port 0 which should be hit only by ipv4 packets. However even ARP packets are hit by this ACL and my routine is called. If I configure a specific src or dst ip then everything works fine and arp packets are not hit , for example following rule hits only ipv4 icmp packets pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 45.35.70.12 32 0 65535 0 65535 1 0xf port 0 Is this a bug or am I missing something ? Best regards Shyam