Hi Singh Yes its a bug,input_indx for 2 byte src/dst fields need to point to same field,I should have examined this layer more minutely before going into tabl/acl library code. Also looks like no one used/tested tcp/udp port filtering part of ip_pipeline firewall yet as it will never work without this fix. I will submit the patch this week,meanwhile wanted to publish the info if someone else stuck on this.
Regards, shyam On Mon, Mar 20, 2017 at 3:04 PM, Singh, Jasvinder <jasvinder.si...@intel.com > wrote: > Hi Shayam, > > > > -----Original Message----- > > From: dev [mailto:dev-boun...@dpdk.org] On Behalf Of Shyam Shrivastav > > Sent: Sunday, March 19, 2017 4:11 PM > > To: dev@dpdk.org > > Cc: Shyam Shrivastav <shrivastav.sh...@gmail.com> > > Subject: [dpdk-dev] Fixed : ip_pipeline firewall port range filtering > > > > Found the issue,was debugging acl library while issue was with firewall > acl > > definition/registration, simple fix makes udp/tcp src/dest based port > filtering > > work with ip_pipeline firewall. Below is git diff, will submit patch if > members > > suggest . I am very new here .. > > > > Also I was going through low level acl compilation/classify code, taking > time > > to understand,if some dev/code doc is there please pass it on. > > > > > > [root@localhost pipeline]# git diff pipeline_firewall_be.c diff --git > > a/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > b/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > index b61f303..2980492 100644 > > --- a/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > +++ b/examples/ip_pipeline/pipeline/pipeline_firewall_be.c > > @@ -161,7 +161,7 @@ struct firewall_table_entry { > > .type = RTE_ACL_FIELD_TYPE_RANGE, > > .size = sizeof(uint16_t), > > .field_index = 4, > > - .input_index = 4, > > + .input_index = 3, > > .offset = sizeof(struct ether_hdr) + > > sizeof(struct ipv4_hdr) + > > offsetof(struct tcp_hdr, dst_port), @@ -221,7 > +221,7 @@ struct > > firewall_table_entry { > > .type = RTE_ACL_FIELD_TYPE_RANGE, > > .size = sizeof(uint16_t), > > .field_index = 4, > > - .input_index = 4, > > + .input_index = 3, > > .offset = sizeof(struct ether_hdr) + > > SIZEOF_VLAN_HDR + > > sizeof(struct ipv4_hdr) + @@ -282,7 +282,7 @@ > struct > > firewall_table_entry { > > .type = RTE_ACL_FIELD_TYPE_RANGE, > > .size = sizeof(uint16_t), > > .field_index = 4, > > - .input_index = 4, > > + .input_index = 3, > > .offset = sizeof(struct ether_hdr) + > > SIZEOF_QINQ_HEADER + > > sizeof(struct ipv4_hdr) + > > > Looks like a bug as all the fields except the first one has to be grouped > into sets of 4 consecutive bytes. Therefore, src & dst ports fields should > be grouped under input_index =3, Reference -http://dpdk.org/doc/guides/ > prog_guide/packet_classif_access_ctrl.html > > Please send a patch on this fix on dpdk.org. Guidelines to send patch on > dpdk.org are available at http://dpdk.org/doc/guides/ > contributing/patches.html#sending-patches > > Thanks, > Jasvinder >
