4 * Copyright(c) 2010-2015 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/queue.h>
37 #include <netinet/in.h>
39 #include <rte_common.h>
40 #include <rte_hexdump.h>
41 #include <rte_malloc.h>
42 #include <cmdline_rdline.h>
43 #include <cmdline_parse.h>
44 #include <cmdline_parse_num.h>
45 #include <cmdline_parse_string.h>
46 #include <cmdline_parse_ipaddr.h>
47 #include <cmdline_parse_etheraddr.h>
48 #include <cmdline_socket.h>
51 #include "pipeline_common_fe.h"
52 #include "pipeline_firewall.h"
56 struct app_pipeline_firewall_rule {
57 struct pipeline_firewall_key key;
62 TAILQ_ENTRY(app_pipeline_firewall_rule) node;
65 struct app_pipeline_firewall {
71 TAILQ_HEAD(, app_pipeline_firewall_rule) rules;
73 uint32_t default_rule_present;
74 uint32_t default_rule_port_id;
75 void *default_rule_entry_ptr;
78 struct app_pipeline_add_bulk_params {
79 struct pipeline_firewall_key *keys;
85 struct app_pipeline_del_bulk_params {
86 struct pipeline_firewall_key *keys;
91 print_firewall_ipv4_rule(struct app_pipeline_firewall_rule *rule)
93 printf("Prio = %" PRId32 " (SA = %" PRIu32 ".%" PRIu32
94 ".%" PRIu32 ".%" PRIu32 "/%" PRIu32 ", "
95 "DA = %" PRIu32 ".%" PRIu32
96 ".%"PRIu32 ".%" PRIu32 "/%" PRIu32 ", "
97 "SP = %" PRIu32 "-%" PRIu32 ", "
98 "DP = %" PRIu32 "-%" PRIu32 ", "
99 "Proto = %" PRIu32 " / 0x%" PRIx32 ") => "
100 "Port = %" PRIu32 " (entry ptr = %p)\n",
104 (rule->key.key.ipv4_5tuple.src_ip >> 24) & 0xFF,
105 (rule->key.key.ipv4_5tuple.src_ip >> 16) & 0xFF,
106 (rule->key.key.ipv4_5tuple.src_ip >> 8) & 0xFF,
107 rule->key.key.ipv4_5tuple.src_ip & 0xFF,
108 rule->key.key.ipv4_5tuple.src_ip_mask,
110 (rule->key.key.ipv4_5tuple.dst_ip >> 24) & 0xFF,
111 (rule->key.key.ipv4_5tuple.dst_ip >> 16) & 0xFF,
112 (rule->key.key.ipv4_5tuple.dst_ip >> 8) & 0xFF,
113 rule->key.key.ipv4_5tuple.dst_ip & 0xFF,
114 rule->key.key.ipv4_5tuple.dst_ip_mask,
116 rule->key.key.ipv4_5tuple.src_port_from,
117 rule->key.key.ipv4_5tuple.src_port_to,
119 rule->key.key.ipv4_5tuple.dst_port_from,
120 rule->key.key.ipv4_5tuple.dst_port_to,
122 rule->key.key.ipv4_5tuple.proto,
123 rule->key.key.ipv4_5tuple.proto_mask,
129 static struct app_pipeline_firewall_rule *
130 app_pipeline_firewall_rule_find(struct app_pipeline_firewall *p,
131 struct pipeline_firewall_key *key)
133 struct app_pipeline_firewall_rule *r;
135 TAILQ_FOREACH(r, &p->rules, node)
138 sizeof(struct pipeline_firewall_key)) == 0)
145 app_pipeline_firewall_ls(
146 struct app_params *app,
147 uint32_t pipeline_id)
149 struct app_pipeline_firewall *p;
150 struct app_pipeline_firewall_rule *rule;
154 /* Check input arguments */
158 p = app_pipeline_data_fe(app, pipeline_id);
162 n_rules = p->n_rules;
163 for (priority = 0; n_rules; priority++)
164 TAILQ_FOREACH(rule, &p->rules, node)
165 if (rule->priority == priority) {
166 print_firewall_ipv4_rule(rule);
170 if (p->default_rule_present)
171 printf("Default rule: port %" PRIu32 " (entry ptr = %p)\n",
172 p->default_rule_port_id,
173 p->default_rule_entry_ptr);
175 printf("Default rule: DROP\n");
181 app_pipeline_firewall_init(struct pipeline_params *params,
182 __rte_unused void *arg)
184 struct app_pipeline_firewall *p;
187 /* Check input arguments */
188 if ((params == NULL) ||
189 (params->n_ports_in == 0) ||
190 (params->n_ports_out == 0))
193 /* Memory allocation */
194 size = RTE_CACHE_LINE_ROUNDUP(sizeof(struct app_pipeline_firewall));
195 p = rte_zmalloc(NULL, size, RTE_CACHE_LINE_SIZE);
200 p->n_ports_in = params->n_ports_in;
201 p->n_ports_out = params->n_ports_out;
203 TAILQ_INIT(&p->rules);
205 p->default_rule_present = 0;
206 p->default_rule_port_id = 0;
207 p->default_rule_entry_ptr = NULL;
213 app_pipeline_firewall_free(void *pipeline)
215 struct app_pipeline_firewall *p = pipeline;
217 /* Check input arguments */
222 while (!TAILQ_EMPTY(&p->rules)) {
223 struct app_pipeline_firewall_rule *rule;
225 rule = TAILQ_FIRST(&p->rules);
226 TAILQ_REMOVE(&p->rules, rule, node);
235 app_pipeline_firewall_key_check_and_normalize(struct pipeline_firewall_key *key)
238 case PIPELINE_FIREWALL_IPV4_5TUPLE:
240 uint32_t src_ip_depth = key->key.ipv4_5tuple.src_ip_mask;
241 uint32_t dst_ip_depth = key->key.ipv4_5tuple.dst_ip_mask;
242 uint16_t src_port_from = key->key.ipv4_5tuple.src_port_from;
243 uint16_t src_port_to = key->key.ipv4_5tuple.src_port_to;
244 uint16_t dst_port_from = key->key.ipv4_5tuple.dst_port_from;
245 uint16_t dst_port_to = key->key.ipv4_5tuple.dst_port_to;
247 uint32_t src_ip_netmask = 0;
248 uint32_t dst_ip_netmask = 0;
250 if ((src_ip_depth > 32) ||
251 (dst_ip_depth > 32) ||
252 (src_port_from > src_port_to) ||
253 (dst_port_from > dst_port_to))
257 src_ip_netmask = (~0) << (32 - src_ip_depth);
260 dst_ip_netmask = ((~0) << (32 - dst_ip_depth));
262 key->key.ipv4_5tuple.src_ip &= src_ip_netmask;
263 key->key.ipv4_5tuple.dst_ip &= dst_ip_netmask;
274 app_pipeline_add_bulk_parse_file(char *filename,
275 struct app_pipeline_add_bulk_params *params)
278 char file_buf[BUF_SIZE];
282 f = fopen(filename, "r");
287 while (fgets(file_buf, BUF_SIZE, f) != NULL)
291 if (params->n_keys == 0) {
296 params->keys = rte_malloc(NULL,
297 params->n_keys * sizeof(struct pipeline_firewall_key),
298 RTE_CACHE_LINE_SIZE);
299 if (params->keys == NULL) {
304 params->priorities = rte_malloc(NULL,
305 params->n_keys * sizeof(uint32_t),
306 RTE_CACHE_LINE_SIZE);
307 if (params->priorities == NULL) {
312 params->port_ids = rte_malloc(NULL,
313 params->n_keys * sizeof(uint32_t),
314 RTE_CACHE_LINE_SIZE);
315 if (params->port_ids == NULL) {
321 while (fgets(file_buf, BUF_SIZE, f) != NULL) {
324 str = strtok(file_buf, " ");
329 params->priorities[i] = atoi(str);
331 str = strtok(NULL, " .");
336 params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
338 str = strtok(NULL, " .");
343 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
345 str = strtok(NULL, " .");
350 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
352 str = strtok(NULL, " .");
357 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
359 str = strtok(NULL, " ");
364 params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
366 str = strtok(NULL, " .");
371 params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
373 str = strtok(NULL, " .");
378 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
380 str = strtok(NULL, " .");
385 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
387 str = strtok(NULL, " .");
392 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
394 str = strtok(NULL, " ");
399 params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
401 str = strtok(NULL, " ");
406 params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
408 str = strtok(NULL, " ");
413 params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
415 str = strtok(NULL, " ");
420 params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
422 str = strtok(NULL, " ");
427 params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
429 str = strtok(NULL, " ");
434 params->keys[i].key.ipv4_5tuple.proto = atoi(str);
436 str = strtok(NULL, " ");
441 /* Need to add 2 to str to skip leading 0x */
442 params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
444 str = strtok(NULL, " ");
449 params->port_ids[i] = atoi(str);
450 params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
461 app_pipeline_del_bulk_parse_file(char *filename,
462 struct app_pipeline_del_bulk_params *params)
465 char file_buf[BUF_SIZE];
469 f = fopen(filename, "r");
474 while (fgets(file_buf, BUF_SIZE, f) != NULL)
478 if (params->n_keys == 0) {
483 params->keys = rte_malloc(NULL,
484 params->n_keys * sizeof(struct pipeline_firewall_key),
485 RTE_CACHE_LINE_SIZE);
486 if (params->keys == NULL) {
492 while (fgets(file_buf, BUF_SIZE, f) != NULL) {
495 str = strtok(file_buf, " .");
500 params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
502 str = strtok(NULL, " .");
507 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
509 str = strtok(NULL, " .");
514 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
516 str = strtok(NULL, " .");
521 params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
523 str = strtok(NULL, " ");
528 params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
530 str = strtok(NULL, " .");
535 params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
537 str = strtok(NULL, " .");
542 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
544 str = strtok(NULL, " .");
549 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
551 str = strtok(NULL, " .");
556 params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
558 str = strtok(NULL, " ");
563 params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
565 str = strtok(NULL, " ");
570 params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
572 str = strtok(NULL, " ");
577 params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
579 str = strtok(NULL, " ");
584 params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
586 str = strtok(NULL, " ");
591 params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
593 str = strtok(NULL, " ");
598 params->keys[i].key.ipv4_5tuple.proto = atoi(str);
600 str = strtok(NULL, " ");
605 /* Need to add 2 to str to skip leading 0x */
606 params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
608 params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
613 for (i = 0; i < params->n_keys; i++) {
614 if (app_pipeline_firewall_key_check_and_normalize(¶ms->keys[i]) != 0) {
626 app_pipeline_firewall_add_rule(struct app_params *app,
627 uint32_t pipeline_id,
628 struct pipeline_firewall_key *key,
632 struct app_pipeline_firewall *p;
633 struct app_pipeline_firewall_rule *rule;
634 struct pipeline_firewall_add_msg_req *req;
635 struct pipeline_firewall_add_msg_rsp *rsp;
638 /* Check input arguments */
641 (key->type != PIPELINE_FIREWALL_IPV4_5TUPLE))
644 p = app_pipeline_data_fe(app, pipeline_id);
648 if (port_id >= p->n_ports_out)
651 if (app_pipeline_firewall_key_check_and_normalize(key) != 0)
654 /* Find existing rule or allocate new rule */
655 rule = app_pipeline_firewall_rule_find(p, key);
656 new_rule = (rule == NULL);
658 rule = rte_malloc(NULL, sizeof(*rule), RTE_CACHE_LINE_SIZE);
664 /* Allocate and write request */
665 req = app_msg_alloc(app);
672 req->type = PIPELINE_MSG_REQ_CUSTOM;
673 req->subtype = PIPELINE_FIREWALL_MSG_REQ_ADD;
674 memcpy(&req->key, key, sizeof(*key));
675 req->priority = priority;
676 req->port_id = port_id;
678 /* Send request and wait for response */
679 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
686 /* Read response and write rule */
688 (rsp->entry_ptr == NULL) ||
689 ((new_rule == 0) && (rsp->key_found == 0)) ||
690 ((new_rule == 1) && (rsp->key_found == 1))) {
691 app_msg_free(app, rsp);
697 memcpy(&rule->key, key, sizeof(*key));
698 rule->priority = priority;
699 rule->port_id = port_id;
700 rule->entry_ptr = rsp->entry_ptr;
704 TAILQ_INSERT_TAIL(&p->rules, rule, node);
708 print_firewall_ipv4_rule(rule);
711 app_msg_free(app, rsp);
717 app_pipeline_firewall_delete_rule(struct app_params *app,
718 uint32_t pipeline_id,
719 struct pipeline_firewall_key *key)
721 struct app_pipeline_firewall *p;
722 struct app_pipeline_firewall_rule *rule;
723 struct pipeline_firewall_del_msg_req *req;
724 struct pipeline_firewall_del_msg_rsp *rsp;
726 /* Check input arguments */
729 (key->type != PIPELINE_FIREWALL_IPV4_5TUPLE))
732 p = app_pipeline_data_fe(app, pipeline_id);
736 if (app_pipeline_firewall_key_check_and_normalize(key) != 0)
740 rule = app_pipeline_firewall_rule_find(p, key);
744 /* Allocate and write request */
745 req = app_msg_alloc(app);
749 req->type = PIPELINE_MSG_REQ_CUSTOM;
750 req->subtype = PIPELINE_FIREWALL_MSG_REQ_DEL;
751 memcpy(&req->key, key, sizeof(*key));
753 /* Send request and wait for response */
754 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
759 if (rsp->status || !rsp->key_found) {
760 app_msg_free(app, rsp);
765 TAILQ_REMOVE(&p->rules, rule, node);
770 app_msg_free(app, rsp);
776 app_pipeline_firewall_add_bulk(struct app_params *app,
777 uint32_t pipeline_id,
778 struct pipeline_firewall_key *keys,
780 uint32_t *priorities,
783 struct app_pipeline_firewall *p;
784 struct pipeline_firewall_add_bulk_msg_req *req;
785 struct pipeline_firewall_add_bulk_msg_rsp *rsp;
787 struct app_pipeline_firewall_rule **rules;
796 /* Check input arguments */
800 p = app_pipeline_data_fe(app, pipeline_id);
804 rules = rte_malloc(NULL,
805 n_keys * sizeof(struct app_pipeline_firewall_rule *),
806 RTE_CACHE_LINE_SIZE);
810 new_rules = rte_malloc(NULL,
811 n_keys * sizeof(int),
812 RTE_CACHE_LINE_SIZE);
813 if (new_rules == NULL) {
818 /* check data integrity and add to rule list */
819 for (i = 0; i < n_keys; i++) {
820 if (port_ids[i] >= p->n_ports_out) {
826 if (app_pipeline_firewall_key_check_and_normalize(&keys[i]) != 0) {
832 rules[i] = app_pipeline_firewall_rule_find(p, &keys[i]);
833 new_rules[i] = (rules[i] == NULL);
834 if (rules[i] == NULL) {
835 rules[i] = rte_malloc(NULL, sizeof(rules[i]),
836 RTE_CACHE_LINE_SIZE);
838 if (rules[i] == NULL) {
841 for (j = 0; j <= i; j++)
852 keys_found = rte_malloc(NULL,
853 n_keys * sizeof(int),
854 RTE_CACHE_LINE_SIZE);
855 if (keys_found == NULL) {
858 for (j = 0; j < n_keys; j++)
867 entries_ptr = rte_malloc(NULL,
868 n_keys * sizeof(struct rte_pipeline_table_entry *),
869 RTE_CACHE_LINE_SIZE);
870 if (entries_ptr == NULL) {
873 for (j = 0; j < n_keys; j++)
879 rte_free(keys_found);
882 for (i = 0; i < n_keys; i++) {
883 entries_ptr[i] = rte_malloc(NULL,
884 sizeof(struct rte_pipeline_table_entry),
885 RTE_CACHE_LINE_SIZE);
887 if (entries_ptr[i] == NULL) {
890 for (j = 0; j < n_keys; j++)
894 for (j = 0; j <= i; j++)
895 rte_free(entries_ptr[j]);
899 rte_free(keys_found);
900 rte_free(entries_ptr);
905 /* Allocate and write request */
906 req = app_msg_alloc(app);
910 for (j = 0; j < n_keys; j++)
914 for (j = 0; j < n_keys; j++)
915 rte_free(entries_ptr[j]);
919 rte_free(keys_found);
920 rte_free(entries_ptr);
924 req->type = PIPELINE_MSG_REQ_CUSTOM;
925 req->subtype = PIPELINE_FIREWALL_MSG_REQ_ADD_BULK;
928 req->n_keys = n_keys;
929 req->port_ids = port_ids;
930 req->priorities = priorities;
931 req->keys_found = keys_found;
932 req->entries_ptr = entries_ptr;
934 /* Send request and wait for response */
935 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
939 for (j = 0; j < n_keys; j++)
943 for (j = 0; j < n_keys; j++)
944 rte_free(entries_ptr[j]);
948 rte_free(keys_found);
949 rte_free(entries_ptr);
954 for (i = 0; i < n_keys; i++)
958 for (i = 0; i < n_keys; i++)
959 rte_free(entries_ptr[i]);
965 for (i = 0; i < n_keys; i++) {
966 if (entries_ptr[i] == NULL ||
967 ((new_rules[i] == 0) && (keys_found[i] == 0)) ||
968 ((new_rules[i] == 1) && (keys_found[i] == 1))) {
969 for (i = 0; i < n_keys; i++)
973 for (i = 0; i < n_keys; i++)
974 rte_free(entries_ptr[i]);
981 for (i = 0; i < n_keys; i++) {
982 memcpy(&rules[i]->key, &keys[i], sizeof(keys[i]));
983 rules[i]->priority = priorities[i];
984 rules[i]->port_id = port_ids[i];
985 rules[i]->entry_ptr = entries_ptr[i];
989 TAILQ_INSERT_TAIL(&p->rules, rules[i], node);
993 print_firewall_ipv4_rule(rules[i]);
997 app_msg_free(app, rsp);
1000 rte_free(keys_found);
1001 rte_free(entries_ptr);
1007 app_pipeline_firewall_delete_bulk(struct app_params *app,
1008 uint32_t pipeline_id,
1009 struct pipeline_firewall_key *keys,
1012 struct app_pipeline_firewall *p;
1013 struct pipeline_firewall_del_bulk_msg_req *req;
1014 struct pipeline_firewall_del_bulk_msg_rsp *rsp;
1016 struct app_pipeline_firewall_rule **rules;
1022 /* Check input arguments */
1026 p = app_pipeline_data_fe(app, pipeline_id);
1030 rules = rte_malloc(NULL,
1031 n_keys * sizeof(struct app_pipeline_firewall_rule *),
1032 RTE_CACHE_LINE_SIZE);
1036 for (i = 0; i < n_keys; i++) {
1037 if (app_pipeline_firewall_key_check_and_normalize(&keys[i]) != 0) {
1041 rules[i] = app_pipeline_firewall_rule_find(p, &keys[i]);
1044 keys_found = rte_malloc(NULL,
1045 n_keys * sizeof(int),
1046 RTE_CACHE_LINE_SIZE);
1047 if (keys_found == NULL) {
1052 /* Allocate and write request */
1053 req = app_msg_alloc(app);
1056 rte_free(keys_found);
1060 req->type = PIPELINE_MSG_REQ_CUSTOM;
1061 req->subtype = PIPELINE_FIREWALL_MSG_REQ_DEL_BULK;
1064 req->n_keys = n_keys;
1065 req->keys_found = keys_found;
1067 /* Send request and wait for response */
1068 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
1071 rte_free(keys_found);
1080 for (i = 0; i < n_keys; i++) {
1081 if (keys_found[i] == 0) {
1087 for (i = 0; i < n_keys; i++) {
1088 TAILQ_REMOVE(&p->rules, rules[i], node);
1094 app_msg_free(app, rsp);
1096 rte_free(keys_found);
1102 app_pipeline_firewall_add_default_rule(struct app_params *app,
1103 uint32_t pipeline_id,
1106 struct app_pipeline_firewall *p;
1107 struct pipeline_firewall_add_default_msg_req *req;
1108 struct pipeline_firewall_add_default_msg_rsp *rsp;
1110 /* Check input arguments */
1114 p = app_pipeline_data_fe(app, pipeline_id);
1118 if (port_id >= p->n_ports_out)
1121 /* Allocate and write request */
1122 req = app_msg_alloc(app);
1126 req->type = PIPELINE_MSG_REQ_CUSTOM;
1127 req->subtype = PIPELINE_FIREWALL_MSG_REQ_ADD_DEFAULT;
1128 req->port_id = port_id;
1130 /* Send request and wait for response */
1131 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
1135 /* Read response and write rule */
1136 if (rsp->status || (rsp->entry_ptr == NULL)) {
1137 app_msg_free(app, rsp);
1141 p->default_rule_port_id = port_id;
1142 p->default_rule_entry_ptr = rsp->entry_ptr;
1145 p->default_rule_present = 1;
1148 app_msg_free(app, rsp);
1154 app_pipeline_firewall_delete_default_rule(struct app_params *app,
1155 uint32_t pipeline_id)
1157 struct app_pipeline_firewall *p;
1158 struct pipeline_firewall_del_default_msg_req *req;
1159 struct pipeline_firewall_del_default_msg_rsp *rsp;
1161 /* Check input arguments */
1165 p = app_pipeline_data_fe(app, pipeline_id);
1169 /* Allocate and write request */
1170 req = app_msg_alloc(app);
1174 req->type = PIPELINE_MSG_REQ_CUSTOM;
1175 req->subtype = PIPELINE_FIREWALL_MSG_REQ_DEL_DEFAULT;
1177 /* Send request and wait for response */
1178 rsp = app_msg_send_recv(app, pipeline_id, req, MSG_TIMEOUT_DEFAULT);
1182 /* Read response and write rule */
1184 app_msg_free(app, rsp);
1189 p->default_rule_present = 0;
1192 app_msg_free(app, rsp);
1198 * p firewall add ipv4
1201 struct cmd_firewall_add_ipv4_result {
1202 cmdline_fixed_string_t p_string;
1203 uint32_t pipeline_id;
1204 cmdline_fixed_string_t firewall_string;
1205 cmdline_fixed_string_t add_string;
1206 cmdline_fixed_string_t ipv4_string;
1208 cmdline_ipaddr_t src_ip;
1209 uint32_t src_ip_mask;
1210 cmdline_ipaddr_t dst_ip;
1211 uint32_t dst_ip_mask;
1212 uint16_t src_port_from;
1213 uint16_t src_port_to;
1214 uint16_t dst_port_from;
1215 uint16_t dst_port_to;
1222 cmd_firewall_add_ipv4_parsed(
1223 void *parsed_result,
1224 __attribute__((unused)) struct cmdline *cl,
1227 struct cmd_firewall_add_ipv4_result *params = parsed_result;
1228 struct app_params *app = data;
1229 struct pipeline_firewall_key key;
1232 key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
1233 key.key.ipv4_5tuple.src_ip = rte_bswap32(
1234 (uint32_t) params->src_ip.addr.ipv4.s_addr);
1235 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1236 key.key.ipv4_5tuple.dst_ip = rte_bswap32(
1237 (uint32_t) params->dst_ip.addr.ipv4.s_addr);
1238 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1239 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1240 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1241 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1242 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1243 key.key.ipv4_5tuple.proto = params->proto;
1244 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1246 status = app_pipeline_firewall_add_rule(app,
1247 params->pipeline_id,
1253 printf("Command failed\n");
1258 cmdline_parse_token_string_t cmd_firewall_add_ipv4_p_string =
1259 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result, p_string,
1262 cmdline_parse_token_num_t cmd_firewall_add_ipv4_pipeline_id =
1263 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, pipeline_id,
1266 cmdline_parse_token_string_t cmd_firewall_add_ipv4_firewall_string =
1267 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1268 firewall_string, "firewall");
1270 cmdline_parse_token_string_t cmd_firewall_add_ipv4_add_string =
1271 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1274 cmdline_parse_token_string_t cmd_firewall_add_ipv4_ipv4_string =
1275 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1276 ipv4_string, "ipv4");
1278 cmdline_parse_token_num_t cmd_firewall_add_ipv4_priority =
1279 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, priority,
1282 cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_src_ip =
1283 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip);
1285 cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_ip_mask =
1286 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip_mask,
1289 cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_dst_ip =
1290 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip);
1292 cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_ip_mask =
1293 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip_mask,
1296 cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_from =
1297 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1298 src_port_from, UINT16);
1300 cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_to =
1301 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1302 src_port_to, UINT16);
1304 cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_from =
1305 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1306 dst_port_from, UINT16);
1308 cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_to =
1309 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1310 dst_port_to, UINT16);
1312 cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto =
1313 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1316 cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto_mask =
1317 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1320 cmdline_parse_token_num_t cmd_firewall_add_ipv4_port_id =
1321 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
1324 cmdline_parse_inst_t cmd_firewall_add_ipv4 = {
1325 .f = cmd_firewall_add_ipv4_parsed,
1327 .help_str = "Firewall rule add",
1329 (void *) &cmd_firewall_add_ipv4_p_string,
1330 (void *) &cmd_firewall_add_ipv4_pipeline_id,
1331 (void *) &cmd_firewall_add_ipv4_firewall_string,
1332 (void *) &cmd_firewall_add_ipv4_add_string,
1333 (void *) &cmd_firewall_add_ipv4_ipv4_string,
1334 (void *) &cmd_firewall_add_ipv4_priority,
1335 (void *) &cmd_firewall_add_ipv4_src_ip,
1336 (void *) &cmd_firewall_add_ipv4_src_ip_mask,
1337 (void *) &cmd_firewall_add_ipv4_dst_ip,
1338 (void *) &cmd_firewall_add_ipv4_dst_ip_mask,
1339 (void *) &cmd_firewall_add_ipv4_src_port_from,
1340 (void *) &cmd_firewall_add_ipv4_src_port_to,
1341 (void *) &cmd_firewall_add_ipv4_dst_port_from,
1342 (void *) &cmd_firewall_add_ipv4_dst_port_to,
1343 (void *) &cmd_firewall_add_ipv4_proto,
1344 (void *) &cmd_firewall_add_ipv4_proto_mask,
1345 (void *) &cmd_firewall_add_ipv4_port_id,
1351 * p firewall del ipv4
1354 struct cmd_firewall_del_ipv4_result {
1355 cmdline_fixed_string_t p_string;
1356 uint32_t pipeline_id;
1357 cmdline_fixed_string_t firewall_string;
1358 cmdline_fixed_string_t del_string;
1359 cmdline_fixed_string_t ipv4_string;
1360 cmdline_ipaddr_t src_ip;
1361 uint32_t src_ip_mask;
1362 cmdline_ipaddr_t dst_ip;
1363 uint32_t dst_ip_mask;
1364 uint16_t src_port_from;
1365 uint16_t src_port_to;
1366 uint16_t dst_port_from;
1367 uint16_t dst_port_to;
1373 cmd_firewall_del_ipv4_parsed(
1374 void *parsed_result,
1375 __attribute__((unused)) struct cmdline *cl,
1378 struct cmd_firewall_del_ipv4_result *params = parsed_result;
1379 struct app_params *app = data;
1380 struct pipeline_firewall_key key;
1383 key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
1384 key.key.ipv4_5tuple.src_ip = rte_bswap32(
1385 (uint32_t) params->src_ip.addr.ipv4.s_addr);
1386 key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
1387 key.key.ipv4_5tuple.dst_ip = rte_bswap32(
1388 (uint32_t) params->dst_ip.addr.ipv4.s_addr);
1389 key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
1390 key.key.ipv4_5tuple.src_port_from = params->src_port_from;
1391 key.key.ipv4_5tuple.src_port_to = params->src_port_to;
1392 key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
1393 key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
1394 key.key.ipv4_5tuple.proto = params->proto;
1395 key.key.ipv4_5tuple.proto_mask = params->proto_mask;
1397 status = app_pipeline_firewall_delete_rule(app,
1398 params->pipeline_id,
1402 printf("Command failed\n");
1407 cmdline_parse_token_string_t cmd_firewall_del_ipv4_p_string =
1408 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result, p_string,
1411 cmdline_parse_token_num_t cmd_firewall_del_ipv4_pipeline_id =
1412 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, pipeline_id,
1415 cmdline_parse_token_string_t cmd_firewall_del_ipv4_firewall_string =
1416 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1417 firewall_string, "firewall");
1419 cmdline_parse_token_string_t cmd_firewall_del_ipv4_del_string =
1420 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1423 cmdline_parse_token_string_t cmd_firewall_del_ipv4_ipv4_string =
1424 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1425 ipv4_string, "ipv4");
1427 cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_src_ip =
1428 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip);
1430 cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_ip_mask =
1431 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip_mask,
1434 cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_dst_ip =
1435 TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip);
1437 cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_ip_mask =
1438 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip_mask,
1441 cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_from =
1442 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1443 src_port_from, UINT16);
1445 cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_to =
1446 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_port_to,
1449 cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_from =
1450 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1451 dst_port_from, UINT16);
1453 cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_to =
1454 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1455 dst_port_to, UINT16);
1457 cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto =
1458 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
1461 cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto_mask =
1462 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, proto_mask,
1465 cmdline_parse_inst_t cmd_firewall_del_ipv4 = {
1466 .f = cmd_firewall_del_ipv4_parsed,
1468 .help_str = "Firewall rule delete",
1470 (void *) &cmd_firewall_del_ipv4_p_string,
1471 (void *) &cmd_firewall_del_ipv4_pipeline_id,
1472 (void *) &cmd_firewall_del_ipv4_firewall_string,
1473 (void *) &cmd_firewall_del_ipv4_del_string,
1474 (void *) &cmd_firewall_del_ipv4_ipv4_string,
1475 (void *) &cmd_firewall_del_ipv4_src_ip,
1476 (void *) &cmd_firewall_del_ipv4_src_ip_mask,
1477 (void *) &cmd_firewall_del_ipv4_dst_ip,
1478 (void *) &cmd_firewall_del_ipv4_dst_ip_mask,
1479 (void *) &cmd_firewall_del_ipv4_src_port_from,
1480 (void *) &cmd_firewall_del_ipv4_src_port_to,
1481 (void *) &cmd_firewall_del_ipv4_dst_port_from,
1482 (void *) &cmd_firewall_del_ipv4_dst_port_to,
1483 (void *) &cmd_firewall_del_ipv4_proto,
1484 (void *) &cmd_firewall_del_ipv4_proto_mask,
1490 * p firewall add bulk
1493 struct cmd_firewall_add_bulk_result {
1494 cmdline_fixed_string_t p_string;
1495 uint32_t pipeline_id;
1496 cmdline_fixed_string_t firewall_string;
1497 cmdline_fixed_string_t add_string;
1498 cmdline_fixed_string_t bulk_string;
1499 cmdline_fixed_string_t file_path;
1503 cmd_firewall_add_bulk_parsed(
1504 void *parsed_result,
1505 __attribute__((unused)) struct cmdline *cl,
1508 struct cmd_firewall_add_bulk_result *params = parsed_result;
1509 struct app_params *app = data;
1512 struct app_pipeline_add_bulk_params add_bulk_params;
1514 status = app_pipeline_add_bulk_parse_file(params->file_path, &add_bulk_params);
1516 printf("Command failed\n");
1520 status = app_pipeline_firewall_add_bulk(app, params->pipeline_id, add_bulk_params.keys,
1521 add_bulk_params.n_keys, add_bulk_params.priorities, add_bulk_params.port_ids);
1523 printf("Command failed\n");
1528 rte_free(add_bulk_params.keys);
1529 rte_free(add_bulk_params.priorities);
1530 rte_free(add_bulk_params.port_ids);
1533 cmdline_parse_token_string_t cmd_firewall_add_bulk_p_string =
1534 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result, p_string,
1537 cmdline_parse_token_num_t cmd_firewall_add_bulk_pipeline_id =
1538 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_bulk_result, pipeline_id,
1541 cmdline_parse_token_string_t cmd_firewall_add_bulk_firewall_string =
1542 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1543 firewall_string, "firewall");
1545 cmdline_parse_token_string_t cmd_firewall_add_bulk_add_string =
1546 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1549 cmdline_parse_token_string_t cmd_firewall_add_bulk_bulk_string =
1550 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1551 bulk_string, "bulk");
1553 cmdline_parse_token_string_t cmd_firewall_add_bulk_file_path_string =
1554 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
1557 cmdline_parse_inst_t cmd_firewall_add_bulk = {
1558 .f = cmd_firewall_add_bulk_parsed,
1560 .help_str = "Firewall rule add bulk",
1562 (void *) &cmd_firewall_add_bulk_p_string,
1563 (void *) &cmd_firewall_add_bulk_pipeline_id,
1564 (void *) &cmd_firewall_add_bulk_firewall_string,
1565 (void *) &cmd_firewall_add_bulk_add_string,
1566 (void *) &cmd_firewall_add_bulk_bulk_string,
1567 (void *) &cmd_firewall_add_bulk_file_path_string,
1573 * p firewall del bulk
1576 struct cmd_firewall_del_bulk_result {
1577 cmdline_fixed_string_t p_string;
1578 uint32_t pipeline_id;
1579 cmdline_fixed_string_t firewall_string;
1580 cmdline_fixed_string_t del_string;
1581 cmdline_fixed_string_t bulk_string;
1582 cmdline_fixed_string_t file_path;
1586 cmd_firewall_del_bulk_parsed(
1587 void *parsed_result,
1588 __attribute__((unused)) struct cmdline *cl,
1591 struct cmd_firewall_del_bulk_result *params = parsed_result;
1592 struct app_params *app = data;
1595 struct app_pipeline_del_bulk_params del_bulk_params;
1597 status = app_pipeline_del_bulk_parse_file(params->file_path, &del_bulk_params);
1599 printf("Command failed\n");
1603 status = app_pipeline_firewall_delete_bulk(app, params->pipeline_id,
1604 del_bulk_params.keys, del_bulk_params.n_keys);
1606 printf("Command failed\n");
1611 rte_free(del_bulk_params.keys);
1614 cmdline_parse_token_string_t cmd_firewall_del_bulk_p_string =
1615 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result, p_string,
1618 cmdline_parse_token_num_t cmd_firewall_del_bulk_pipeline_id =
1619 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_bulk_result, pipeline_id,
1622 cmdline_parse_token_string_t cmd_firewall_del_bulk_firewall_string =
1623 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1624 firewall_string, "firewall");
1626 cmdline_parse_token_string_t cmd_firewall_del_bulk_add_string =
1627 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1630 cmdline_parse_token_string_t cmd_firewall_del_bulk_bulk_string =
1631 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1632 bulk_string, "bulk");
1634 cmdline_parse_token_string_t cmd_firewall_del_bulk_file_path_string =
1635 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
1638 cmdline_parse_inst_t cmd_firewall_del_bulk = {
1639 .f = cmd_firewall_del_bulk_parsed,
1641 .help_str = "Firewall rule del bulk",
1643 (void *) &cmd_firewall_del_bulk_p_string,
1644 (void *) &cmd_firewall_del_bulk_pipeline_id,
1645 (void *) &cmd_firewall_del_bulk_firewall_string,
1646 (void *) &cmd_firewall_del_bulk_add_string,
1647 (void *) &cmd_firewall_del_bulk_bulk_string,
1648 (void *) &cmd_firewall_del_bulk_file_path_string,
1654 * p firewall add default
1656 struct cmd_firewall_add_default_result {
1657 cmdline_fixed_string_t p_string;
1658 uint32_t pipeline_id;
1659 cmdline_fixed_string_t firewall_string;
1660 cmdline_fixed_string_t add_string;
1661 cmdline_fixed_string_t default_string;
1666 cmd_firewall_add_default_parsed(
1667 void *parsed_result,
1668 __attribute__((unused)) struct cmdline *cl,
1671 struct cmd_firewall_add_default_result *params = parsed_result;
1672 struct app_params *app = data;
1675 status = app_pipeline_firewall_add_default_rule(app,
1676 params->pipeline_id,
1680 printf("Command failed\n");
1685 cmdline_parse_token_string_t cmd_firewall_add_default_p_string =
1686 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1689 cmdline_parse_token_num_t cmd_firewall_add_default_pipeline_id =
1690 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result,
1691 pipeline_id, UINT32);
1693 cmdline_parse_token_string_t cmd_firewall_add_default_firewall_string =
1694 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1695 firewall_string, "firewall");
1697 cmdline_parse_token_string_t cmd_firewall_add_default_add_string =
1698 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1701 cmdline_parse_token_string_t cmd_firewall_add_default_default_string =
1702 TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
1703 default_string, "default");
1705 cmdline_parse_token_num_t cmd_firewall_add_default_port_id =
1706 TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result, port_id,
1709 cmdline_parse_inst_t cmd_firewall_add_default = {
1710 .f = cmd_firewall_add_default_parsed,
1712 .help_str = "Firewall default rule add",
1714 (void *) &cmd_firewall_add_default_p_string,
1715 (void *) &cmd_firewall_add_default_pipeline_id,
1716 (void *) &cmd_firewall_add_default_firewall_string,
1717 (void *) &cmd_firewall_add_default_add_string,
1718 (void *) &cmd_firewall_add_default_default_string,
1719 (void *) &cmd_firewall_add_default_port_id,
1725 * p firewall del default
1727 struct cmd_firewall_del_default_result {
1728 cmdline_fixed_string_t p_string;
1729 uint32_t pipeline_id;
1730 cmdline_fixed_string_t firewall_string;
1731 cmdline_fixed_string_t del_string;
1732 cmdline_fixed_string_t default_string;
1736 cmd_firewall_del_default_parsed(
1737 void *parsed_result,
1738 __attribute__((unused)) struct cmdline *cl,
1741 struct cmd_firewall_del_default_result *params = parsed_result;
1742 struct app_params *app = data;
1745 status = app_pipeline_firewall_delete_default_rule(app,
1746 params->pipeline_id);
1749 printf("Command failed\n");
1754 cmdline_parse_token_string_t cmd_firewall_del_default_p_string =
1755 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1758 cmdline_parse_token_num_t cmd_firewall_del_default_pipeline_id =
1759 TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_default_result,
1760 pipeline_id, UINT32);
1762 cmdline_parse_token_string_t cmd_firewall_del_default_firewall_string =
1763 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1764 firewall_string, "firewall");
1766 cmdline_parse_token_string_t cmd_firewall_del_default_del_string =
1767 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1770 cmdline_parse_token_string_t cmd_firewall_del_default_default_string =
1771 TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
1772 default_string, "default");
1774 cmdline_parse_inst_t cmd_firewall_del_default = {
1775 .f = cmd_firewall_del_default_parsed,
1777 .help_str = "Firewall default rule delete",
1779 (void *) &cmd_firewall_del_default_p_string,
1780 (void *) &cmd_firewall_del_default_pipeline_id,
1781 (void *) &cmd_firewall_del_default_firewall_string,
1782 (void *) &cmd_firewall_del_default_del_string,
1783 (void *) &cmd_firewall_del_default_default_string,
1792 struct cmd_firewall_ls_result {
1793 cmdline_fixed_string_t p_string;
1794 uint32_t pipeline_id;
1795 cmdline_fixed_string_t firewall_string;
1796 cmdline_fixed_string_t ls_string;
1800 cmd_firewall_ls_parsed(
1801 void *parsed_result,
1802 __attribute__((unused)) struct cmdline *cl,
1805 struct cmd_firewall_ls_result *params = parsed_result;
1806 struct app_params *app = data;
1808 app_pipeline_firewall_ls(app, params->pipeline_id);
1811 cmdline_parse_token_string_t cmd_firewall_ls_p_string =
1812 TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, p_string,
1815 cmdline_parse_token_num_t cmd_firewall_ls_pipeline_id =
1816 TOKEN_NUM_INITIALIZER(struct cmd_firewall_ls_result, pipeline_id,
1819 cmdline_parse_token_string_t cmd_firewall_ls_firewall_string =
1820 TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result,
1821 firewall_string, "firewall");
1823 cmdline_parse_token_string_t cmd_firewall_ls_ls_string =
1824 TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, ls_string,
1827 cmdline_parse_inst_t cmd_firewall_ls = {
1828 .f = cmd_firewall_ls_parsed,
1830 .help_str = "Firewall rule list",
1832 (void *) &cmd_firewall_ls_p_string,
1833 (void *) &cmd_firewall_ls_pipeline_id,
1834 (void *) &cmd_firewall_ls_firewall_string,
1835 (void *) &cmd_firewall_ls_ls_string,
1840 static cmdline_parse_ctx_t pipeline_cmds[] = {
1841 (cmdline_parse_inst_t *) &cmd_firewall_add_ipv4,
1842 (cmdline_parse_inst_t *) &cmd_firewall_del_ipv4,
1843 (cmdline_parse_inst_t *) &cmd_firewall_add_bulk,
1844 (cmdline_parse_inst_t *) &cmd_firewall_del_bulk,
1845 (cmdline_parse_inst_t *) &cmd_firewall_add_default,
1846 (cmdline_parse_inst_t *) &cmd_firewall_del_default,
1847 (cmdline_parse_inst_t *) &cmd_firewall_ls,
1851 static struct pipeline_fe_ops pipeline_firewall_fe_ops = {
1852 .f_init = app_pipeline_firewall_init,
1853 .f_free = app_pipeline_firewall_free,
1854 .cmds = pipeline_cmds,
1857 struct pipeline_type pipeline_firewall = {
1859 .be_ops = &pipeline_firewall_be_ops,
1860 .fe_ops = &pipeline_firewall_fe_ops,