Re: [dpdk-dev] ip_pipeline firewall customization

Hi Singh Please find my comments inline > > [Jasvinder] - You need to set the right proto field and accordingly the > mask in the above rule. You can keep src/dst ip addresses intact. Proto > field defines the protocol used in the data portion of the IP datagram and > can be find here >

Re: [dpdk-dev] ip_pipeline firewall customization

Hi Shayam, From: Shyam Shrivastav [mailto:shrivastav.sh...@gmail.com] Sent: Thursday, March 9, 2017 1:50 PM To: Dumitrescu, Cristian Cc: dev@dpdk.org; Singh, Jasvinder Subject: Re: [dpdk-dev] ip_pipeline firewall customization My mistake, arp packets are hit by pipeline>p 1 firewall

Re: [dpdk-dev] ip_pipeline firewall customization

My mistake, arp packets are hit by pipeline>p 1 firewall add priority 1 ipv4 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 port 0 ACL as anything and rightly so gets matched for above fields. Only way is to somehow avoid ARP packets being input to table itself, and yes one way is to direct them to a se

Re: [dpdk-dev] ip_pipeline firewall customization

Hi Cristian Please see my comments inline (in blue) > b) Make required changes in pipeline_firewall_msg_req_add_handler if > > portid is -1, that is table entry action to be .action = > > RTE_PIPELINE_ACTION_DROP. > > > > You don't really need to do this for implementing a drop action. You

Re: [dpdk-dev] ip_pipeline firewall customization

Hi Shyam, > -Original Message- > From: dev [mailto:dev-boun...@dpdk.org] On Behalf Of Shyam Shrivastav > Sent: Wednesday, March 8, 2017 3:55 PM > To: dev@dpdk.org > Cc: Shyam Shrivastav > Subject: [dpdk-dev] ip_pipeline firewall customization > > Hi All >

[dpdk-dev] ip_pipeline firewall customization

Hi All I am using ip_pipeline firewall as base for our project, need comments/suggestions/corrections regarding following 1) We can not configure firewall rule to drop packets, as portid is mandatory in command. I am planning to allow this for our requirement with following code changes a)