4 * Copyright(c) 2010-2015 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/queue.h>
37 #include <netinet/in.h>
39 #include <rte_common.h>
40 #include <rte_hexdump.h>
41 #include <rte_malloc.h>
42 #include <cmdline_rdline.h>
43 #include <cmdline_parse.h>
44 #include <cmdline_parse_num.h>
45 #include <cmdline_parse_string.h>
46 #include <cmdline_parse_ipaddr.h>
47 #include <cmdline_parse_etheraddr.h>
48 #include <cmdline_socket.h>
51 #include "pipeline_common_fe.h"
52 #include "pipeline_firewall.h"
56 struct app_pipeline_firewall_rule {
57 struct pipeline_firewall_key key;
62 TAILQ_ENTRY(app_pipeline_firewall_rule) node;
65 struct app_pipeline_firewall {
71 TAILQ_HEAD(, app_pipeline_firewall_rule) rules;
73 uint32_t default_rule_present;
74 uint32_t default_rule_port_id;
75 void *default_rule_entry_ptr;
78 struct app_pipeline_add_bulk_params {
79 struct pipeline_firewall_key *keys;
85 struct app_pipeline_del_bulk_params {
86 struct pipeline_firewall_key *keys;
91 print_firewall_ipv4_rule(struct app_pipeline_firewall_rule *rule)
93 printf("Prio = %" PRId32 " (SA = %" PRIu32 ".%" PRIu32
94 ".%" PRIu32 ".%" PRIu32 "/%" PRIu32 ", "
95 "DA = %" PRIu32 ".%" PRIu32
96 ".%"PRIu32 ".%" PRIu32 "/%" PRIu32 ", "
97 "SP = %" PRIu32 "-%" PRIu32 ", "
98 "DP = %" PRIu32 "-%" PRIu32 ", "
99 "Proto = %" PRIu32 " / 0x%" PRIx32 ") => "
100 "Port = %" PRIu32 " (entry ptr = %p)\n",
104 (rule->key.key.ipv4_5tuple.src_ip >> 24) & 0xFF,
105 (rule->key.key.ipv4_5tuple.src_ip >> 16) & 0xFF,
106 (rule->key.key.ipv4_5tuple.src_ip >> 8) & 0xFF,
107 rule->key.key.ipv4_5tuple.src_ip & 0xFF,
108 rule->key.key.ipv4_5tuple.src_ip_mask,
110 (rule->key.key.ipv4_5tuple.dst_ip >> 24) & 0xFF,
111 (rule->key.key.ipv4_5tuple.dst_ip >> 16) & 0xFF,
112 (rule->key.key.ipv4_5tuple.dst_ip >> 8) & 0xFF,
113 rule->key.key.ipv4_5tuple.dst_ip & 0xFF,
114 rule->key.key.ipv4_5tuple.dst_ip_mask,
116 rule->key.key.ipv4_5tuple.src_port_from,
117 rule->key.key.ipv4_5tuple.src_port_to,
119 rule->key.key.ipv4_5tuple.dst_port_from,
120 rule->key.key.ipv4_5tuple.dst_port_to,
122 rule->key.key.ipv4_5tuple.proto,
123 rule->key.key.ipv4_5tuple.proto_mask,
129 static struct app_pipeline_firewall_rule *
130 app_pipeline_firewall_rule_find(struct app_pipeline_firewall *p,
131 struct pipeline_firewall_key *key)
133 struct app_pipeline_firewall_rule *r;
135 TAILQ_FOREACH(r, &p->rules, node)
138 sizeof(struct pipeline_firewall_key)) == 0)
145 app_pipeline_firewall_ls(
146 struct app_params *app,
147 uint32_t pipeline_id)
149 struct app_pipeline_firewall *p;
150 struct app_pipeline_firewall_rule *rule;
154 /* Check input arguments */
158 p = app_pipeline_data_fe(app, pipeline_id, &pipeline_firewall);
162 n_rules = p->n_rules;
163 for (priority = 0; n_rules; priority++)
164 TAILQ_FOREACH(rule, &p->rules, node)
165 if (rule->priority == priority) {
166 print_firewall_ipv4_rule(rule);
170 if (p->default_rule_present)
171 printf("Default rule: port %" PRIu32 " (entry ptr = %p)\n",
172 p->default_rule_port_id,
173 p->default_rule_entry_ptr);
175 printf("Default rule: DROP\n");
183 app_pipeline_firewall_init(struct pipeline_params *params,
184 __rte_unused void *arg)
186 struct app_pipeline_firewall *p;
189 /* Check input arguments */
190 if ((params == NULL) ||
191 (params->n_ports_in == 0) ||
192 (params->n_ports_out == 0))
195 /* Memory allocation */
196 size = RTE_CACHE_LINE_ROUNDUP(sizeof(struct app_pipeline_firewall));
197 p = rte_zmalloc(NULL, size, RTE_CACHE_LINE_SIZE);
202 p->n_ports_in = params->n_ports_in;
203 p->n_ports_out = params->n_ports_out;
205 TAILQ_INIT(&p->rules);
207 p->default_rule_present = 0;
208 p->default_rule_port_id = 0;
209 p->default_rule_entry_ptr = NULL;
215 app_pipeline_firewall_free(void *pipeline)
217 struct app_pipeline_firewall *p = pipeline;
219 /* Check input arguments */
224 while (!TAILQ_EMPTY(&p->rules)) {
225 struct app_pipeline_firewall_rule *rule;
227 rule = TAILQ_FIRST(&p->rules);
228 TAILQ_REMOVE(&p->rules, rule, node);
237 app_pipeline_firewall_key_check_and_normalize(struct pipeline_firewall_key *key)
240 case PIPELINE_FIREWALL_IPV4_5TUPLE:
242 uint32_t src_ip_depth = key->key.ipv4_5tuple.src_ip_mask;
243 uint32_t dst_ip_depth = key->key.ipv4_5tuple.dst_ip_mask;
244 uint16_t src_port_from = key->key.ipv4_5tuple.src_port_from;
245 uint16_t src_port_to = key->key.ipv4_5tuple.src_port_to;
246 uint16_t dst_port_from = key->key.ipv4_5tuple.dst_port_from;
247 uint16_t dst_port_to = key->key.ipv4_5tuple.dst_port_to;
249 uint32_t src_ip_netmask = 0;
250 uint32_t dst_ip_netmask = 0;
252 if ((src_ip_depth > 32) ||
253 (dst_ip_depth > 32) ||
254 (src_port_from > src_port_to) ||
255 (dst_port_from > dst_port_to))
259 src_ip_netmask = (~0) << (32 - src_ip_depth);
262 dst_ip_netmask = ((~0) << (32 - dst_ip_depth));
264 key->key.ipv4_5tuple.src_ip &= src_ip_netmask;
265 key->key.ipv4_5tuple.dst_ip &= dst_ip_netmask;
276 app_pipeline_add_bulk_parse_file(char *filename,
277 struct app_pipeline_add_bulk_params *params)
280 char file_buf[BUF_SIZE];
284 f = fopen(filename, "r");
289 while (fgets(file_buf, BUF_SIZE, f) != NULL)
293 if (params->n_keys == 0) {
298 params->keys = rte_malloc(NULL,
299 params->n_keys * sizeof(struct pipeline_firewall_key),
300 RTE_CACHE_LINE_SIZE);
301 if (params->keys == NULL) {
306 params->priorities = rte_malloc(NULL,
307 params->n_keys * sizeof(uint32_t),
308 RTE_CACHE_LINE_SIZE);
309 if (params->priorities == NULL) {
314 params->port_ids = rte_malloc(NULL,
315 params->n_keys * sizeof(uint32_t),
316 RTE_CACHE_LINE_SIZE);
317 if (params->port_ids == NULL) {
323 while (fgets(file_buf, BUF_SIZE, f) != NULL) {
326 str = strtok(file_buf, " ");
331 params->priorities[i] = atoi(str);
333 str = strtok(NULL, " .");
338 params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
340 str = strtok(NULL, " .");
345 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
347 str = strtok(NULL, " .");
352 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
354 str = strtok(NULL, " .");
359 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
361 str = strtok(NULL, " ");
366 params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
368 str = strtok(NULL, " .");
373 params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
375 str = strtok(NULL, " .");
380 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
382 str = strtok(NULL, " .");
387 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
389 str = strtok(NULL, " .");
394 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
396 str = strtok(NULL, " ");
401 params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
403 str = strtok(NULL, " ");
408 params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
410 str = strtok(NULL, " ");
415 params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
417 str = strtok(NULL, " ");
422 params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
424 str = strtok(NULL, " ");
429 params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
431 str = strtok(NULL, " ");
436 params->keys[i].key.ipv4_5tuple.proto = atoi(str);
438 str = strtok(NULL, " ");
443 /* Need to add 2 to str to skip leading 0x */
444 params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
446 str = strtok(NULL, " ");
451 params->port_ids[i] = atoi(str);
452 params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
463 app_pipeline_del_bulk_parse_file(char *filename,
464 struct app_pipeline_del_bulk_params *params)
467 char file_buf[BUF_SIZE];
471 f = fopen(filename, "r");
476 while (fgets(file_buf, BUF_SIZE, f) != NULL)
480 if (params->n_keys == 0) {
485 params->keys = rte_malloc(NULL,
486 params->n_keys * sizeof(struct pipeline_firewall_key),
487 RTE_CACHE_LINE_SIZE);
488 if (params->keys == NULL) {
494 while (fgets(file_buf, BUF_SIZE, f) != NULL) {
497 str = strtok(file_buf, " .");
502 params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
504 str = strtok(NULL, " .");
509 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
511 str = strtok(NULL, " .");
516 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
518 str = strtok(NULL, " .");
523 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
525 str = strtok(NULL, " ");
530 params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
532 str = strtok(NULL, " .");
537 params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
539 str = strtok(NULL, " .");
544 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
546 str = strtok(NULL, " .");
551 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
553 str = strtok(NULL, " .");
558 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
560 str = strtok(NULL, " ");
565 params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
567 str = strtok(NULL, " ");
572 params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
574 str = strtok(NULL, " ");
579 params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
581 str = strtok(NULL, " ");
586 params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
588 str = strtok(NULL, " ");
593 params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
595 str = strtok(NULL, " ");
600 params->keys[i].key.ipv4_5tuple.proto = atoi(str);
602 str = strtok(NULL, " ");
607 /* Need to add 2 to str to skip leading 0x */
608 params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
610 params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
615 for (i = 0; i < params->n_keys; i++) {
616 if (app_pipeline_firewall_key_check_and_normalize(¶ms->keys[i]) != 0) {
628 app_pipeline_firewall_add_rule(struct app_params *app,
629 uint32_t pipeline_id,
630 struct pipeline_firewall_key *key,
634 struct app_pipeline_firewall *p;
635 struct app_pipeline_firewall_rule *rule;
636 struct pipeline_firewall_add_msg_req *req;
637 struct pipeline_firewall_add_msg_rsp *rsp;
640 /* Check input arguments */
643 (key->type != PIPELINE_FIREWALL_IPV4_5TUPLE))
646 p = app_pipeline_data_fe(app, pipeline_id, &pipeline_firewall);
650 if (port_id >= p->n_ports_out)
653 if (app_pipeline_firewall_key_check_and_normalize(key) != 0)
656 /* Find existing rule or allocate new rule */
657 rule = app_pipeline_firewall_rule_find(p, key);
658 new_rule = (rule == NULL);
660 rule = rte_malloc(NULL, sizeof(*rule), RTE_CACHE_LINE_SIZE);
666 /* Allocate and write request */
667 req = app_msg_alloc(app);
674 req->type = PIPELINE_MSG_REQ_CUSTOM;
675 req->subtype = PIPELINE_FIREWALL_MSG_REQ_ADD;
676 memcpy(&req->key, key, sizeof(*key));
677 req->priority = priority;
678 req->port_id = port_id;
680 /* Send request and wait for response */
681 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
688 /* Read response and write rule */
690 (rsp->entry_ptr == NULL) ||
691 ((new_rule == 0) && (rsp->key_found == 0)) ||
692 ((new_rule == 1) && (rsp->key_found == 1))) {
693 app_msg_free(app, rsp);
699 memcpy(&rule->key, key, sizeof(*key));
700 rule->priority = priority;
701 rule->port_id = port_id;
702 rule->entry_ptr = rsp->entry_ptr;
706 TAILQ_INSERT_TAIL(&p->rules, rule, node);
710 print_firewall_ipv4_rule(rule);
713 app_msg_free(app, rsp);
719 app_pipeline_firewall_delete_rule(struct app_params *app,
720 uint32_t pipeline_id,
721 struct pipeline_firewall_key *key)
723 struct app_pipeline_firewall *p;
724 struct app_pipeline_firewall_rule *rule;
725 struct pipeline_firewall_del_msg_req *req;
726 struct pipeline_firewall_del_msg_rsp *rsp;
728 /* Check input arguments */
731 (key->type != PIPELINE_FIREWALL_IPV4_5TUPLE))
734 p = app_pipeline_data_fe(app, pipeline_id, &pipeline_firewall);
738 if (app_pipeline_firewall_key_check_and_normalize(key) != 0)
742 rule = app_pipeline_firewall_rule_find(p, key);
746 /* Allocate and write request */
747 req = app_msg_alloc(app);
751 req->type = PIPELINE_MSG_REQ_CUSTOM;
752 req->subtype = PIPELINE_FIREWALL_MSG_REQ_DEL;
753 memcpy(&req->key, key, sizeof(*key));
755 /* Send request and wait for response */
756 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
761 if (rsp->status || !rsp->key_found) {
762 app_msg_free(app, rsp);
767 TAILQ_REMOVE(&p->rules, rule, node);
772 app_msg_free(app, rsp);
778 app_pipeline_firewall_add_bulk(struct app_params *app,
779 uint32_t pipeline_id,
780 struct pipeline_firewall_key *keys,
782 uint32_t *priorities,
785 struct app_pipeline_firewall *p;
786 struct pipeline_firewall_add_bulk_msg_req *req;
787 struct pipeline_firewall_add_bulk_msg_rsp *rsp;
789 struct app_pipeline_firewall_rule **rules;
798 /* Check input arguments */
802 p = app_pipeline_data_fe(app, pipeline_id, &pipeline_firewall);
806 rules = rte_malloc(NULL,
807 n_keys * sizeof(struct app_pipeline_firewall_rule *),
808 RTE_CACHE_LINE_SIZE);
812 new_rules = rte_malloc(NULL,
813 n_keys * sizeof(int),
814 RTE_CACHE_LINE_SIZE);
815 if (new_rules == NULL) {
820 /* check data integrity and add to rule list */
821 for (i = 0; i < n_keys; i++) {
822 if (port_ids[i] >= p->n_ports_out) {
828 if (app_pipeline_firewall_key_check_and_normalize(&keys[i]) != 0) {
834 rules[i] = app_pipeline_firewall_rule_find(p, &keys[i]);
835 new_rules[i] = (rules[i] == NULL);
836 if (rules[i] == NULL) {
837 rules[i] = rte_malloc(NULL, sizeof(rules[i]),
838 RTE_CACHE_LINE_SIZE);
840 if (rules[i] == NULL) {
843 for (j = 0; j <= i; j++)
854 keys_found = rte_malloc(NULL,
855 n_keys * sizeof(int),
856 RTE_CACHE_LINE_SIZE);
857 if (keys_found == NULL) {
860 for (j = 0; j < n_keys; j++)
869 entries_ptr = rte_malloc(NULL,
870 n_keys * sizeof(struct rte_pipeline_table_entry *),
871 RTE_CACHE_LINE_SIZE);
872 if (entries_ptr == NULL) {
875 for (j = 0; j < n_keys; j++)
881 rte_free(keys_found);
884 for (i = 0; i < n_keys; i++) {
885 entries_ptr[i] = rte_malloc(NULL,
886 sizeof(struct rte_pipeline_table_entry),
887 RTE_CACHE_LINE_SIZE);
889 if (entries_ptr[i] == NULL) {
892 for (j = 0; j < n_keys; j++)
896 for (j = 0; j <= i; j++)
897 rte_free(entries_ptr[j]);
901 rte_free(keys_found);
902 rte_free(entries_ptr);
907 /* Allocate and write request */
908 req = app_msg_alloc(app);
912 for (j = 0; j < n_keys; j++)
916 for (j = 0; j < n_keys; j++)
917 rte_free(entries_ptr[j]);
921 rte_free(keys_found);
922 rte_free(entries_ptr);
926 req->type = PIPELINE_MSG_REQ_CUSTOM;
927 req->subtype = PIPELINE_FIREWALL_MSG_REQ_ADD_BULK;
930 req->n_keys = n_keys;
931 req->port_ids = port_ids;
932 req->priorities = priorities;
933 req->keys_found = keys_found;
934 req->entries_ptr = entries_ptr;
936 /* Send request and wait for response */
937 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
941 for (j = 0; j < n_keys; j++)
945 for (j = 0; j < n_keys; j++)
946 rte_free(entries_ptr[j]);
950 rte_free(keys_found);
951 rte_free(entries_ptr);
956 for (i = 0; i < n_keys; i++)
960 for (i = 0; i < n_keys; i++)
961 rte_free(entries_ptr[i]);
967 for (i = 0; i < n_keys; i++) {
968 if (entries_ptr[i] == NULL ||
969 ((new_rules[i] == 0) && (keys_found[i] == 0)) ||
970 ((new_rules[i] == 1) && (keys_found[i] == 1))) {
971 for (i = 0; i < n_keys; i++)
975 for (i = 0; i < n_keys; i++)
976 rte_free(entries_ptr[i]);
983 for (i = 0; i < n_keys; i++) {
984 memcpy(&rules[i]->key, &keys[i], sizeof(keys[i]));
985 rules[i]->priority = priorities[i];
986 rules[i]->port_id = port_ids[i];
987 rules[i]->entry_ptr = entries_ptr[i];
991 TAILQ_INSERT_TAIL(&p->rules, rules[i], node);
995 print_firewall_ipv4_rule(rules[i]);
999 app_msg_free(app, rsp);
1001 rte_free(new_rules);
1002 rte_free(keys_found);
1003 rte_free(entries_ptr);
1009 app_pipeline_firewall_delete_bulk(struct app_params *app,
1010 uint32_t pipeline_id,
1011 struct pipeline_firewall_key *keys,
1014 struct app_pipeline_firewall *p;
1015 struct pipeline_firewall_del_bulk_msg_req *req;
1016 struct pipeline_firewall_del_bulk_msg_rsp *rsp;
1018 struct app_pipeline_firewall_rule **rules;
1024 /* Check input arguments */
1028 p = app_pipeline_data_fe(app, pipeline_id, &pipeline_firewall);
1032 rules = rte_malloc(NULL,
1033 n_keys * sizeof(struct app_pipeline_firewall_rule *),
1034 RTE_CACHE_LINE_SIZE);
1038 for (i = 0; i < n_keys; i++) {
1039 if (app_pipeline_firewall_key_check_and_normalize(&keys[i]) != 0) {
1043 rules[i] = app_pipeline_firewall_rule_find(p, &keys[i]);
1046 keys_found = rte_malloc(NULL,
1047 n_keys * sizeof(int),
1048 RTE_CACHE_LINE_SIZE);
1049 if (keys_found == NULL) {
1054 /* Allocate and write request */
1055 req = app_msg_alloc(app);
1058 rte_free(keys_found);
1062 req->type = PIPELINE_MSG_REQ_CUSTOM;
1063 req->subtype = PIPELINE_FIREWALL_MSG_REQ_DEL_BULK;
1066 req->n_keys = n_keys;
1067 req->keys_found = keys_found;
1069 /* Send request and wait for response */
1070 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
1073 rte_free(keys_found);
1082 for (i = 0; i < n_keys; i++) {
1083 if (keys_found[i] == 0) {
1089 for (i = 0; i < n_keys; i++) {
1090 TAILQ_REMOVE(&p->rules, rules[i], node);
1096 app_msg_free(app, rsp);
1098 rte_free(keys_found);
1104 app_pipeline_firewall_add_default_rule(struct app_params *app,
1105 uint32_t pipeline_id,
1108 struct app_pipeline_firewall *p;
1109 struct pipeline_firewall_add_default_msg_req *req;
1110 struct pipeline_firewall_add_default_msg_rsp *rsp;
1112 /* Check input arguments */
1116 p = app_pipeline_data_fe(app, pipeline_id, &pipeline_firewall);
1120 if (port_id >= p->n_ports_out)
1123 /* Allocate and write request */
1124 req = app_msg_alloc(app);
1128 req->type = PIPELINE_MSG_REQ_CUSTOM;
1129 req->subtype = PIPELINE_FIREWALL_MSG_REQ_ADD_DEFAULT;
1130 req->port_id = port_id;
1132 /* Send request and wait for response */
1133 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
1137 /* Read response and write rule */
1138 if (rsp->status || (rsp->entry_ptr == NULL)) {
1139 app_msg_free(app, rsp);
1143 p->default_rule_port_id = port_id;
1144 p->default_rule_entry_ptr = rsp->entry_ptr;
1147 p->default_rule_present = 1;
1150 app_msg_free(app, rsp);
1156 app_pipeline_firewall_delete_default_rule(struct app_params *app,
1157 uint32_t pipeline_id)
1159 struct app_pipeline_firewall *p;
1160 struct pipeline_firewall_del_default_msg_req *req;
1161 struct pipeline_firewall_del_default_msg_rsp *rsp;
1163 /* Check input arguments */
1167 p = app_pipeline_data_fe(app, pipeline_id, &pipeline_firewall);
1171 /* Allocate and write request */
1172 req = app_msg_alloc(app);
1176 req->type = PIPELINE_MSG_REQ_CUSTOM;
1177 req->subtype = PIPELINE_FIREWALL_MSG_REQ_DEL_DEFAULT;
1179 /* Send request and wait for response */
1180 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
1184 /* Read response and write rule */
1186 app_msg_free(app, rsp);
1191 p->default_rule_present = 0;
1194 app_msg_free(app, rsp);
1200 * p firewall add ipv4
1203 struct cmd_firewall_add_ipv4_result {
1204 cmdline_fixed_string_t p_string;
1205 uint32_t pipeline_id;
1206 cmdline_fixed_string_t firewall_string;
1207 cmdline_fixed_string_t add_string;
1208 cmdline_fixed_string_t ipv4_string;
1210 cmdline_ipaddr_t src_ip;
1211 uint32_t src_ip_mask;
1212 cmdline_ipaddr_t dst_ip;
1213 uint32_t dst_ip_mask;
1214 uint16_t src_port_from;
1215 uint16_t src_port_to;
1216 uint16_t dst_port_from;
1217 uint16_t dst_port_to;
1224 cmd_firewall_add_ipv4_parsed(
1225 void *parsed_result,
1226 __attribute__((unused)) struct cmdline *cl,
1229 struct cmd_firewall_add_ipv4_result *params = parsed_result;
1230 struct app_params *app = data;
1231 struct pipeline_firewall_key key;
1234 key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
1235 key.key.ipv4_5tuple.src_ip = rte_bswap32(
1236 (uint32_t) params->src_ip.addr.ipv4.s_addr);
1237 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1238 key.key.ipv4_5tuple.dst_ip = rte_bswap32(
1239 (uint32_t) params->dst_ip.addr.ipv4.s_addr);
1240 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1241 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1242 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1243 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1244 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1245 key.key.ipv4_5tuple.proto = params->proto;
1246 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1248 status = app_pipeline_firewall_add_rule(app,
1249 params->pipeline_id,
1255 printf("Command failed\n");
1260 cmdline_parse_token_string_t cmd_firewall_add_ipv4_p_string =
1261 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result, p_string,
1264 cmdline_parse_token_num_t cmd_firewall_add_ipv4_pipeline_id =
1265 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, pipeline_id,
1268 cmdline_parse_token_string_t cmd_firewall_add_ipv4_firewall_string =
1269 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1270 firewall_string, "firewall");
1272 cmdline_parse_token_string_t cmd_firewall_add_ipv4_add_string =
1273 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1276 cmdline_parse_token_string_t cmd_firewall_add_ipv4_ipv4_string =
1277 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1278 ipv4_string, "ipv4");
1280 cmdline_parse_token_num_t cmd_firewall_add_ipv4_priority =
1281 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, priority,
1284 cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_src_ip =
1285 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip);
1287 cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_ip_mask =
1288 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip_mask,
1291 cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_dst_ip =
1292 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip);
1294 cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_ip_mask =
1295 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip_mask,
1298 cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_from =
1299 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1300 src_port_from, UINT16);
1302 cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_to =
1303 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1304 src_port_to, UINT16);
1306 cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_from =
1307 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1308 dst_port_from, UINT16);
1310 cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_to =
1311 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1312 dst_port_to, UINT16);
1314 cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto =
1315 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1318 cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto_mask =
1319 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1322 cmdline_parse_token_num_t cmd_firewall_add_ipv4_port_id =
1323 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1326 cmdline_parse_inst_t cmd_firewall_add_ipv4 = {
1327 .f = cmd_firewall_add_ipv4_parsed,
1329 .help_str = "Firewall rule add",
1331 (void *) &cmd_firewall_add_ipv4_p_string,
1332 (void *) &cmd_firewall_add_ipv4_pipeline_id,
1333 (void *) &cmd_firewall_add_ipv4_firewall_string,
1334 (void *) &cmd_firewall_add_ipv4_add_string,
1335 (void *) &cmd_firewall_add_ipv4_ipv4_string,
1336 (void *) &cmd_firewall_add_ipv4_priority,
1337 (void *) &cmd_firewall_add_ipv4_src_ip,
1338 (void *) &cmd_firewall_add_ipv4_src_ip_mask,
1339 (void *) &cmd_firewall_add_ipv4_dst_ip,
1340 (void *) &cmd_firewall_add_ipv4_dst_ip_mask,
1341 (void *) &cmd_firewall_add_ipv4_src_port_from,
1342 (void *) &cmd_firewall_add_ipv4_src_port_to,
1343 (void *) &cmd_firewall_add_ipv4_dst_port_from,
1344 (void *) &cmd_firewall_add_ipv4_dst_port_to,
1345 (void *) &cmd_firewall_add_ipv4_proto,
1346 (void *) &cmd_firewall_add_ipv4_proto_mask,
1347 (void *) &cmd_firewall_add_ipv4_port_id,
1353 * p firewall del ipv4
1356 struct cmd_firewall_del_ipv4_result {
1357 cmdline_fixed_string_t p_string;
1358 uint32_t pipeline_id;
1359 cmdline_fixed_string_t firewall_string;
1360 cmdline_fixed_string_t del_string;
1361 cmdline_fixed_string_t ipv4_string;
1362 cmdline_ipaddr_t src_ip;
1363 uint32_t src_ip_mask;
1364 cmdline_ipaddr_t dst_ip;
1365 uint32_t dst_ip_mask;
1366 uint16_t src_port_from;
1367 uint16_t src_port_to;
1368 uint16_t dst_port_from;
1369 uint16_t dst_port_to;
1375 cmd_firewall_del_ipv4_parsed(
1376 void *parsed_result,
1377 __attribute__((unused)) struct cmdline *cl,
1380 struct cmd_firewall_del_ipv4_result *params = parsed_result;
1381 struct app_params *app = data;
1382 struct pipeline_firewall_key key;
1385 key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
1386 key.key.ipv4_5tuple.src_ip = rte_bswap32(
1387 (uint32_t) params->src_ip.addr.ipv4.s_addr);
1388 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1389 key.key.ipv4_5tuple.dst_ip = rte_bswap32(
1390 (uint32_t) params->dst_ip.addr.ipv4.s_addr);
1391 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1392 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1393 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1394 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1395 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1396 key.key.ipv4_5tuple.proto = params->proto;
1397 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1399 status = app_pipeline_firewall_delete_rule(app,
1400 params->pipeline_id,
1404 printf("Command failed\n");
1409 cmdline_parse_token_string_t cmd_firewall_del_ipv4_p_string =
1410 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result, p_string,
1413 cmdline_parse_token_num_t cmd_firewall_del_ipv4_pipeline_id =
1414 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, pipeline_id,
1417 cmdline_parse_token_string_t cmd_firewall_del_ipv4_firewall_string =
1418 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1419 firewall_string, "firewall");
1421 cmdline_parse_token_string_t cmd_firewall_del_ipv4_del_string =
1422 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1425 cmdline_parse_token_string_t cmd_firewall_del_ipv4_ipv4_string =
1426 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1427 ipv4_string, "ipv4");
1429 cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_src_ip =
1430 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip);
1432 cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_ip_mask =
1433 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip_mask,
1436 cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_dst_ip =
1437 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip);
1439 cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_ip_mask =
1440 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip_mask,
1443 cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_from =
1444 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1445 src_port_from, UINT16);
1447 cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_to =
1448 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_port_to,
1451 cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_from =
1452 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1453 dst_port_from, UINT16);
1455 cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_to =
1456 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1457 dst_port_to, UINT16);
1459 cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto =
1460 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1463 cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto_mask =
1464 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, proto_mask,
1467 cmdline_parse_inst_t cmd_firewall_del_ipv4 = {
1468 .f = cmd_firewall_del_ipv4_parsed,
1470 .help_str = "Firewall rule delete",
1472 (void *) &cmd_firewall_del_ipv4_p_string,
1473 (void *) &cmd_firewall_del_ipv4_pipeline_id,
1474 (void *) &cmd_firewall_del_ipv4_firewall_string,
1475 (void *) &cmd_firewall_del_ipv4_del_string,
1476 (void *) &cmd_firewall_del_ipv4_ipv4_string,
1477 (void *) &cmd_firewall_del_ipv4_src_ip,
1478 (void *) &cmd_firewall_del_ipv4_src_ip_mask,
1479 (void *) &cmd_firewall_del_ipv4_dst_ip,
1480 (void *) &cmd_firewall_del_ipv4_dst_ip_mask,
1481 (void *) &cmd_firewall_del_ipv4_src_port_from,
1482 (void *) &cmd_firewall_del_ipv4_src_port_to,
1483 (void *) &cmd_firewall_del_ipv4_dst_port_from,
1484 (void *) &cmd_firewall_del_ipv4_dst_port_to,
1485 (void *) &cmd_firewall_del_ipv4_proto,
1486 (void *) &cmd_firewall_del_ipv4_proto_mask,
1492 * p firewall add bulk
1495 struct cmd_firewall_add_bulk_result {
1496 cmdline_fixed_string_t p_string;
1497 uint32_t pipeline_id;
1498 cmdline_fixed_string_t firewall_string;
1499 cmdline_fixed_string_t add_string;
1500 cmdline_fixed_string_t bulk_string;
1501 cmdline_fixed_string_t file_path;
1505 cmd_firewall_add_bulk_parsed(
1506 void *parsed_result,
1507 __attribute__((unused)) struct cmdline *cl,
1510 struct cmd_firewall_add_bulk_result *params = parsed_result;
1511 struct app_params *app = data;
1514 struct app_pipeline_add_bulk_params add_bulk_params;
1516 status = app_pipeline_add_bulk_parse_file(params->file_path, &add_bulk_params);
1518 printf("Command failed\n");
1522 status = app_pipeline_firewall_add_bulk(app, params->pipeline_id, add_bulk_params.keys,
1523 add_bulk_params.n_keys, add_bulk_params.priorities, add_bulk_params.port_ids);
1525 printf("Command failed\n");
1530 rte_free(add_bulk_params.keys);
1531 rte_free(add_bulk_params.priorities);
1532 rte_free(add_bulk_params.port_ids);
1535 cmdline_parse_token_string_t cmd_firewall_add_bulk_p_string =
1536 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result, p_string,
1539 cmdline_parse_token_num_t cmd_firewall_add_bulk_pipeline_id =
1540 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_bulk_result, pipeline_id,
1543 cmdline_parse_token_string_t cmd_firewall_add_bulk_firewall_string =
1544 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1545 firewall_string, "firewall");
1547 cmdline_parse_token_string_t cmd_firewall_add_bulk_add_string =
1548 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1551 cmdline_parse_token_string_t cmd_firewall_add_bulk_bulk_string =
1552 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1553 bulk_string, "bulk");
1555 cmdline_parse_token_string_t cmd_firewall_add_bulk_file_path_string =
1556 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1559 cmdline_parse_inst_t cmd_firewall_add_bulk = {
1560 .f = cmd_firewall_add_bulk_parsed,
1562 .help_str = "Firewall rule add bulk",
1564 (void *) &cmd_firewall_add_bulk_p_string,
1565 (void *) &cmd_firewall_add_bulk_pipeline_id,
1566 (void *) &cmd_firewall_add_bulk_firewall_string,
1567 (void *) &cmd_firewall_add_bulk_add_string,
1568 (void *) &cmd_firewall_add_bulk_bulk_string,
1569 (void *) &cmd_firewall_add_bulk_file_path_string,
1575 * p firewall del bulk
1578 struct cmd_firewall_del_bulk_result {
1579 cmdline_fixed_string_t p_string;
1580 uint32_t pipeline_id;
1581 cmdline_fixed_string_t firewall_string;
1582 cmdline_fixed_string_t del_string;
1583 cmdline_fixed_string_t bulk_string;
1584 cmdline_fixed_string_t file_path;
1588 cmd_firewall_del_bulk_parsed(
1589 void *parsed_result,
1590 __attribute__((unused)) struct cmdline *cl,
1593 struct cmd_firewall_del_bulk_result *params = parsed_result;
1594 struct app_params *app = data;
1597 struct app_pipeline_del_bulk_params del_bulk_params;
1599 status = app_pipeline_del_bulk_parse_file(params->file_path, &del_bulk_params);
1601 printf("Command failed\n");
1605 status = app_pipeline_firewall_delete_bulk(app, params->pipeline_id,
1606 del_bulk_params.keys, del_bulk_params.n_keys);
1608 printf("Command failed\n");
1613 rte_free(del_bulk_params.keys);
1616 cmdline_parse_token_string_t cmd_firewall_del_bulk_p_string =
1617 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result, p_string,
1620 cmdline_parse_token_num_t cmd_firewall_del_bulk_pipeline_id =
1621 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_bulk_result, pipeline_id,
1624 cmdline_parse_token_string_t cmd_firewall_del_bulk_firewall_string =
1625 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1626 firewall_string, "firewall");
1628 cmdline_parse_token_string_t cmd_firewall_del_bulk_add_string =
1629 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1632 cmdline_parse_token_string_t cmd_firewall_del_bulk_bulk_string =
1633 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1634 bulk_string, "bulk");
1636 cmdline_parse_token_string_t cmd_firewall_del_bulk_file_path_string =
1637 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1640 cmdline_parse_inst_t cmd_firewall_del_bulk = {
1641 .f = cmd_firewall_del_bulk_parsed,
1643 .help_str = "Firewall rule del bulk",
1645 (void *) &cmd_firewall_del_bulk_p_string,
1646 (void *) &cmd_firewall_del_bulk_pipeline_id,
1647 (void *) &cmd_firewall_del_bulk_firewall_string,
1648 (void *) &cmd_firewall_del_bulk_add_string,
1649 (void *) &cmd_firewall_del_bulk_bulk_string,
1650 (void *) &cmd_firewall_del_bulk_file_path_string,
1656 * p firewall add default
1658 struct cmd_firewall_add_default_result {
1659 cmdline_fixed_string_t p_string;
1660 uint32_t pipeline_id;
1661 cmdline_fixed_string_t firewall_string;
1662 cmdline_fixed_string_t add_string;
1663 cmdline_fixed_string_t default_string;
1668 cmd_firewall_add_default_parsed(
1669 void *parsed_result,
1670 __attribute__((unused)) struct cmdline *cl,
1673 struct cmd_firewall_add_default_result *params = parsed_result;
1674 struct app_params *app = data;
1677 status = app_pipeline_firewall_add_default_rule(app,
1678 params->pipeline_id,
1682 printf("Command failed\n");
1687 cmdline_parse_token_string_t cmd_firewall_add_default_p_string =
1688 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1691 cmdline_parse_token_num_t cmd_firewall_add_default_pipeline_id =
1692 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result,
1693 pipeline_id, UINT32);
1695 cmdline_parse_token_string_t cmd_firewall_add_default_firewall_string =
1696 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1697 firewall_string, "firewall");
1699 cmdline_parse_token_string_t cmd_firewall_add_default_add_string =
1700 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1703 cmdline_parse_token_string_t cmd_firewall_add_default_default_string =
1704 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1705 default_string, "default");
1707 cmdline_parse_token_num_t cmd_firewall_add_default_port_id =
1708 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result, port_id,
1711 cmdline_parse_inst_t cmd_firewall_add_default = {
1712 .f = cmd_firewall_add_default_parsed,
1714 .help_str = "Firewall default rule add",
1716 (void *) &cmd_firewall_add_default_p_string,
1717 (void *) &cmd_firewall_add_default_pipeline_id,
1718 (void *) &cmd_firewall_add_default_firewall_string,
1719 (void *) &cmd_firewall_add_default_add_string,
1720 (void *) &cmd_firewall_add_default_default_string,
1721 (void *) &cmd_firewall_add_default_port_id,
1727 * p firewall del default
1729 struct cmd_firewall_del_default_result {
1730 cmdline_fixed_string_t p_string;
1731 uint32_t pipeline_id;
1732 cmdline_fixed_string_t firewall_string;
1733 cmdline_fixed_string_t del_string;
1734 cmdline_fixed_string_t default_string;
1738 cmd_firewall_del_default_parsed(
1739 void *parsed_result,
1740 __attribute__((unused)) struct cmdline *cl,
1743 struct cmd_firewall_del_default_result *params = parsed_result;
1744 struct app_params *app = data;
1747 status = app_pipeline_firewall_delete_default_rule(app,
1748 params->pipeline_id);
1751 printf("Command failed\n");
1756 cmdline_parse_token_string_t cmd_firewall_del_default_p_string =
1757 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1760 cmdline_parse_token_num_t cmd_firewall_del_default_pipeline_id =
1761 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_default_result,
1762 pipeline_id, UINT32);
1764 cmdline_parse_token_string_t cmd_firewall_del_default_firewall_string =
1765 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1766 firewall_string, "firewall");
1768 cmdline_parse_token_string_t cmd_firewall_del_default_del_string =
1769 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1772 cmdline_parse_token_string_t cmd_firewall_del_default_default_string =
1773 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1774 default_string, "default");
1776 cmdline_parse_inst_t cmd_firewall_del_default = {
1777 .f = cmd_firewall_del_default_parsed,
1779 .help_str = "Firewall default rule delete",
1781 (void *) &cmd_firewall_del_default_p_string,
1782 (void *) &cmd_firewall_del_default_pipeline_id,
1783 (void *) &cmd_firewall_del_default_firewall_string,
1784 (void *) &cmd_firewall_del_default_del_string,
1785 (void *) &cmd_firewall_del_default_default_string,
1794 struct cmd_firewall_ls_result {
1795 cmdline_fixed_string_t p_string;
1796 uint32_t pipeline_id;
1797 cmdline_fixed_string_t firewall_string;
1798 cmdline_fixed_string_t ls_string;
1802 cmd_firewall_ls_parsed(
1803 void *parsed_result,
1804 __attribute__((unused)) struct cmdline *cl,
1807 struct cmd_firewall_ls_result *params = parsed_result;
1808 struct app_params *app = data;
1811 status = app_pipeline_firewall_ls(app, params->pipeline_id);
1814 printf("Command failed\n");
1819 cmdline_parse_token_string_t cmd_firewall_ls_p_string =
1820 TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, p_string,
1823 cmdline_parse_token_num_t cmd_firewall_ls_pipeline_id =
1824 TOKEN_NUM_INITIALIZER(struct cmd_firewall_ls_result, pipeline_id,
1827 cmdline_parse_token_string_t cmd_firewall_ls_firewall_string =
1828 TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result,
1829 firewall_string, "firewall");
1831 cmdline_parse_token_string_t cmd_firewall_ls_ls_string =
1832 TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, ls_string,
1835 cmdline_parse_inst_t cmd_firewall_ls = {
1836 .f = cmd_firewall_ls_parsed,
1838 .help_str = "Firewall rule list",
1840 (void *) &cmd_firewall_ls_p_string,
1841 (void *) &cmd_firewall_ls_pipeline_id,
1842 (void *) &cmd_firewall_ls_firewall_string,
1843 (void *) &cmd_firewall_ls_ls_string,
1848 static cmdline_parse_ctx_t pipeline_cmds[] = {
1849 (cmdline_parse_inst_t *) &cmd_firewall_add_ipv4,
1850 (cmdline_parse_inst_t *) &cmd_firewall_del_ipv4,
1851 (cmdline_parse_inst_t *) &cmd_firewall_add_bulk,
1852 (cmdline_parse_inst_t *) &cmd_firewall_del_bulk,
1853 (cmdline_parse_inst_t *) &cmd_firewall_add_default,
1854 (cmdline_parse_inst_t *) &cmd_firewall_del_default,
1855 (cmdline_parse_inst_t *) &cmd_firewall_ls,
1859 static struct pipeline_fe_ops pipeline_firewall_fe_ops = {
1860 .f_init = app_pipeline_firewall_init,
1861 .f_free = app_pipeline_firewall_free,
1862 .cmds = pipeline_cmds,
1865 struct pipeline_type pipeline_firewall = {
1867 .be_ops = &pipeline_firewall_be_ops,
1868 .fe_ops = &pipeline_firewall_fe_ops,