Hi, Jasvinder, Thanks for your concern.
On Sat, Jul 16, 2016 at 12:01 AM, Singh, Jasvinder < jasvinder.singh at intel.com> wrote: > Hi Tao, > > > -----Original Message----- > > From: users [mailto:users-bounces at dpdk.org] On Behalf Of Tao Wang > > Sent: Friday, July 15, 2016 3:59 PM > > To: users at dpdk.org > > Subject: [dpdk-users] Request for a valid ip_pipeline example to > configure > > firewall > > > > Dear all, > > > > I am using the dpdp-16.04 in a qemu-kvm based CentOS7 VM. > > > > I am running the ip_pipeline example. However, I can not get firewall > > configured rightly according to the config files posted at > > http://dpdk.org/browse/dpdk/tree/examples/ip_pipeline/config. > > > > But there are some problems, > > > > 1) CLI command "p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.0.0.0 10 0 > > 65535 0 65535 6 0xF port 0" returns "bad argument" > > If you are working on 16.04, the command format for adding firewall rule > is as below; > > p <pipeline_id> firewall add ipv4 <priority> <src ip><src ip mask><dst > ip><ds tip > mask><src_port_from><src_port_to><dst_port_from><dst_port_to><protocol><protocol_mask><port > id> > > The reason why your command is failing is because in 16.07 we have changed > the command format for adding rule to firewall pipeline. > > I add an CLI command "p 1 firewall add ipv4 2 192.168.10.171 32 192.168.10.172 32 0 65535 0 65535 6 0xF 0" to the firewall. Does it mean that the firewall block the ipv4 traffic from 192.168.10.171/32 to 192.168.10.172/32? Also, another question is how can we set the default firewall to pass through all the traffic? I run "p 1 firewall ls" CLI command, it shows that the default operation of the firewall is to drop all the traffic. Moreover, I do not know how to verify my configuration. Like the pipeline firewall I have created above, on the 192.168.10.171 host, I just ping the 192.168.10.172 host. And I run "p 1 firewall stats port in 0" or "p 1 firewall stats port 0", it just returns "Pipeline 1 - stats for input port 0: Pkts in: 0 Pkts dropped by AH: 0 Pkts dropped by other: 0" and "Pipeline 1 - stats for output port 0: Pkts in: 0 Pkts dropped by AH: 0 Pkts dropped by other: 0" BTW, the topology is as below, ------------------------- --------------------------- | | | | | 192.168.10.171 |------pipeline firewall------| 192.168.10.171 | | | | | -------------------------- --------------------------- Also, if I change the pipeline firewall application to the pipeline l2fwd application, the forwarding function works correctly, but the statistics are also "0". Wish for your reply :-). > 2) CLI command "p 1 firewall add default 4 #SINK0" returns "command > failed" > > I guess you have configured 4 ports (port id 0 -3), so if this is the > case, use right port id. > > > > So how to configure it rightly? What's the right semantics of the CLI > command > > for firewall? > > To learn the command format, please follow the code - > ip_pipeline/pipeline/pipeline_firewall.c > > > > Wish for your reply. > > > > Best, > > Tao > > > Jasvinder > Best, Tao
