[dpdk-users] ip_pipeline firewall port filtering

Shyam Shrivastav shrivastav.shyam at gmail.com
Sat Mar 18 08:18:20 CET 2017

Previous message: [dpdk-users] ip_pipeline firewall port filtering
Next message: [dpdk-users] Fragmentation and Reassembly issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Port range filtering like in example configuration below is not working at
all for me, tried with two versions. Please help me as the corresponding
acl code is difficult, taking time to understand/debug ...

On Fri, Mar 17, 2017 at 11:34 AM, Shyam Shrivastav <
shrivastav.shyam at gmail.com> wrote:

> Hi
>
> I am trying to just allow tcp dest port 80 packets using ip_pipeline
> firewall, configured as under
> ------------------------------------------------------------
> ------------------------------------------------------------------------
> pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 80
> 80 6 0xF port 0
> pipeline> p 1 firewall ls
> Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 80-80, Proto
> = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
> Default rule: DROP
> ------------------------------------------------------------
> -----------------------------------------------------------------------
>
> but it is not working and all tcp packets are getting dropped. If I
> configure dest port range to be wildcard(0-65535) then tcp packets are
> allowed
>
> ------------------------------------------------------------
> -----------------------------------------------------------------------
> pipeline> p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0
> 65535 6 0xF port 0
> Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535,
> Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
> pipeline> p 1 firewall ls
> Prio = 1 (SA = 0.0.0.0/0, DA = 0.0.0.0/0, SP = 0-65535, DP = 0-65535,
> Proto = 6 / 0xf) => Port = 0 (entry ptr = 0x7fddf9f0ff08)
> Default rule: DROP
>
> ------------------------------------------------------------
> --------------------------------------------------------------------------
>
> Has anyone got specific port filtering work with ip_pipeline firewall?
> I am debugging this, meanwhile any help/guidance would be greatly
> appreciated.
>
> Thanks and rgds
> Shyam
>

Previous message: [dpdk-users] ip_pipeline firewall port filtering
Next message: [dpdk-users] Fragmentation and Reassembly issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the users mailing list