Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/12913/?format=api
{ "id": 12913, "url": "https://patches.dpdk.org/api/patches/12913/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/1463754940-8114-4-git-send-email-piotrx.t.azarewicz@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1463754940-8114-4-git-send-email-piotrx.t.azarewicz@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1463754940-8114-4-git-send-email-piotrx.t.azarewicz@intel.com", "date": "2016-05-20T14:35:36", "name": "[dpdk-dev,v2,3/7] examples/ip_pipeline: modifies firewall pipeline CLI", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "b61a4f413a4c13bfb52ea265c91570ccdeb3fd6d", "submitter": { "id": 273, "url": "https://patches.dpdk.org/api/people/273/?format=api", "name": "Piotr Azarewicz", "email": "piotrx.t.azarewicz@intel.com" }, "delegate": { "id": 1, "url": "https://patches.dpdk.org/api/users/1/?format=api", "username": "tmonjalo", "first_name": "Thomas", "last_name": "Monjalon", "email": "thomas@monjalon.net" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/1463754940-8114-4-git-send-email-piotrx.t.azarewicz@intel.com/mbox/", "series": [], "comments": "https://patches.dpdk.org/api/patches/12913/comments/", "check": "pending", "checks": "https://patches.dpdk.org/api/patches/12913/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [IPv6:::1])\n\tby dpdk.org (Postfix) with ESMTP id 1A900B44F;\n\tFri, 20 May 2016 16:35:13 +0200 (CEST)", "from mga11.intel.com (mga11.intel.com [192.55.52.93])\n\tby dpdk.org (Postfix) with ESMTP id 55C1FB449\n\tfor <dev@dpdk.org>; Fri, 20 May 2016 16:35:10 +0200 (CEST)", "from fmsmga001.fm.intel.com ([10.253.24.23])\n\tby fmsmga102.fm.intel.com with ESMTP; 20 May 2016 07:35:09 -0700", "from gklab-246-018.igk.intel.com (HELO stargo) ([10.217.246.18])\n\tby fmsmga001.fm.intel.com with SMTP; 20 May 2016 07:35:06 -0700", "by stargo (sSMTP sendmail emulation);\n\tFri, 20 May 2016 16:38:26 +0200" ], "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.26,339,1459839600\"; d=\"scan'208\";a=\"971173539\"", "From": "Piotr Azarewicz <piotrx.t.azarewicz@intel.com>", "To": "dev@dpdk.org", "Cc": "Piotr Azarewicz <piotrx.t.azarewicz@intel.com>,\n\tDaniel Mrzyglod <danielx.t.mrzyglod@intel.com>", "Date": "Fri, 20 May 2016 16:35:36 +0200", "Message-Id": "<1463754940-8114-4-git-send-email-piotrx.t.azarewicz@intel.com>", "X-Mailer": "git-send-email 1.9.1", "In-Reply-To": "<1463754940-8114-1-git-send-email-piotrx.t.azarewicz@intel.com>", "References": "<1462550250-1256-1-git-send-email-michalx.k.jastrzebski@intel.com>\n\t<1463754940-8114-1-git-send-email-piotrx.t.azarewicz@intel.com>", "Subject": "[dpdk-dev] [PATCH v2 3/7] examples/ip_pipeline: modifies firewall\n\tpipeline CLI", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "patches and discussions about DPDK <dev.dpdk.org>", "List-Unsubscribe": "<http://dpdk.org/ml/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://dpdk.org/ml/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<http://dpdk.org/ml/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Each command are merged into one: cmd_firewall_parsed.\nADD command format is changed:\np <pipeline ID> firewall add priority <priority> ipv4 <sipaddr>\n<sipdepth> <dipaddr> <dipdepth> <sport0> <sport1> <dport0> <dport1>\n<proto> <protomask> port <port ID>\n\nand bulk command was modified:\n1. firewall add bulk\nFile line format:\npriority <priority> ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth>\n<sport0> <sport1> <dport0> <dport1> <proto> <protomask> port <port ID>\n(protomask is a hex value)\nFile line example:\npriority 0 ipv4 1.2.3.0 24 10.20.30.40 32 0 63 64 127 6 0xF port 3\n\n2. firewall del bulk\nFile line format:\nipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth> <sport0> <sport1>\n<dport0> <dport1> <proto> <protomask>\nFile line example:\nipv4 1.2.3.0 24 10.20.30.40 32 0 63 64 127 6 0xF\n\nSigned-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>\nAcked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>\n---\n examples/ip_pipeline/config/firewall.cfg | 68 +\n examples/ip_pipeline/config/firewall.sh | 13 +\n examples/ip_pipeline/config/firewall.txt | 9 +\n examples/ip_pipeline/pipeline/pipeline_firewall.c | 1461 ++++++++-------------\n examples/ip_pipeline/pipeline/pipeline_firewall.h | 12 +\n 5 files changed, 622 insertions(+), 941 deletions(-)\n create mode 100644 examples/ip_pipeline/config/firewall.cfg\n create mode 100644 examples/ip_pipeline/config/firewall.sh\n create mode 100644 examples/ip_pipeline/config/firewall.txt", "diff": "diff --git a/examples/ip_pipeline/config/firewall.cfg b/examples/ip_pipeline/config/firewall.cfg\nnew file mode 100644\nindex 0000000..2f5dd9f\n--- /dev/null\n+++ b/examples/ip_pipeline/config/firewall.cfg\n@@ -0,0 +1,68 @@\n+; BSD LICENSE\n+;\n+; Copyright(c) 2015-2016 Intel Corporation. All rights reserved.\n+; All rights reserved.\n+;\n+; Redistribution and use in source and binary forms, with or without\n+; modification, are permitted provided that the following conditions\n+; are met:\n+;\n+; * Redistributions of source code must retain the above copyright\n+; notice, this list of conditions and the following disclaimer.\n+; * Redistributions in binary form must reproduce the above copyright\n+; notice, this list of conditions and the following disclaimer in\n+; the documentation and/or other materials provided with the\n+; distribution.\n+; * Neither the name of Intel Corporation nor the names of its\n+; contributors may be used to endorse or promote products derived\n+; from this software without specific prior written permission.\n+;\n+; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n+; \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n+; LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n+; A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n+; OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n+; SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n+; LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n+; DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n+; THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n+; (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n+; OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n+\n+; _______________\n+; RXQ0.0 --->| |---> TXQ0.0\n+; | |\n+; RXQ1.0 --->| |---> TXQ1.0\n+; | Firewall |\n+; RXQ2.0 --->| |---> TXQ2.0\n+; | |\n+; RXQ3.0 --->| |---> TXQ3.0\n+; |_______________|\n+; |\n+; +-----------> SINK0 (default rule)\n+;\n+; Input packet: Ethernet/IPv4\n+;\n+; Packet buffer layout:\n+; #\tField Name\t\tOffset (Bytes)\tSize (Bytes)\n+; 0\tMbuf\t\t\t0 \t\t128\n+; 1\tHeadroom\t\t128 \t\t128\n+; 2\tEthernet header\t\t256 \t\t14\n+; 3\tIPv4 header\t\t270 \t\t20\n+\n+[EAL]\n+log_level = 0\n+\n+[PIPELINE0]\n+type = MASTER\n+core = 0\n+\n+[PIPELINE1]\n+type = FIREWALL\n+core = 1\n+pktq_in = RXQ0.0 RXQ1.0 RXQ2.0 RXQ3.0\n+pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 SINK0\n+n_rules = 4096\n+pkt_type = ipv4\n+;pkt_type = vlan_ipv4\n+;pkt_type = qinq_ipv4\ndiff --git a/examples/ip_pipeline/config/firewall.sh b/examples/ip_pipeline/config/firewall.sh\nnew file mode 100644\nindex 0000000..c83857e\n--- /dev/null\n+++ b/examples/ip_pipeline/config/firewall.sh\n@@ -0,0 +1,13 @@\n+#\n+# run ./config/firewall.sh\n+#\n+\n+p 1 firewall add default 4 #SINK0\n+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.0.0.0 10 0 65535 0 65535 6 0xF port 0\n+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.64.0.0 10 0 65535 0 65535 6 0xF port 1\n+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.128.0.0 10 0 65535 0 65535 6 0xF port 2\n+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.192.0.0 10 0 65535 0 65535 6 0xF port 3\n+\n+#p 1 firewall add bulk ./config/firewall.txt\n+\n+p 1 firewall ls\ndiff --git a/examples/ip_pipeline/config/firewall.txt b/examples/ip_pipeline/config/firewall.txt\nnew file mode 100644\nindex 0000000..54cfffd\n--- /dev/null\n+++ b/examples/ip_pipeline/config/firewall.txt\n@@ -0,0 +1,9 @@\n+#\n+# p <pipelineid> firewall add bulk ./config/firewall.txt\n+# p <pipelineid> firewall del bulk ./config/firewall.txt\n+#\n+\n+priority 1 ipv4 0.0.0.0 0 100.0.0.0 10 0 65535 0 65535 6 0xF port 0\n+priority 1 ipv4 0.0.0.0 0 100.64.0.0 10 0 65535 0 65535 6 0xF port 1\n+priority 1 ipv4 0.0.0.0 0 100.128.0.0 10 0 65535 0 65535 6 0xF port 2\n+priority 1 ipv4 0.0.0.0 0 100.192.0.0 10 0 65535 0 65535 6 0xF port 3\ndiff --git a/examples/ip_pipeline/pipeline/pipeline_firewall.c b/examples/ip_pipeline/pipeline/pipeline_firewall.c\nindex fd897d5..30b22a1 100644\n--- a/examples/ip_pipeline/pipeline/pipeline_firewall.c\n+++ b/examples/ip_pipeline/pipeline/pipeline_firewall.c\n@@ -30,9 +30,11 @@\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\n-\n+#include <errno.h>\n #include <stdio.h>\n #include <string.h>\n+#include <stdlib.h>\n+#include <unistd.h>\n #include <sys/queue.h>\n #include <netinet/in.h>\n \n@@ -43,15 +45,11 @@\n #include <cmdline_parse.h>\n #include <cmdline_parse_num.h>\n #include <cmdline_parse_string.h>\n-#include <cmdline_parse_ipaddr.h>\n-#include <cmdline_parse_etheraddr.h>\n-#include <cmdline_socket.h>\n \n #include \"app.h\"\n #include \"pipeline_common_fe.h\"\n #include \"pipeline_firewall.h\"\n-\n-#define BUF_SIZE\t\t1024\n+#include \"parser.h\"\n \n struct app_pipeline_firewall_rule {\n \tstruct pipeline_firewall_key key;\n@@ -75,18 +73,6 @@ struct app_pipeline_firewall {\n \tvoid *default_rule_entry_ptr;\n };\n \n-struct app_pipeline_add_bulk_params {\n-\tstruct pipeline_firewall_key *keys;\n-\tuint32_t n_keys;\n-\tuint32_t *priorities;\n-\tuint32_t *port_ids;\n-};\n-\n-struct app_pipeline_del_bulk_params {\n-\tstruct pipeline_firewall_key *keys;\n-\tuint32_t n_keys;\n-};\n-\n static void\n print_firewall_ipv4_rule(struct app_pipeline_firewall_rule *rule)\n {\n@@ -272,356 +258,118 @@ app_pipeline_firewall_key_check_and_normalize(struct pipeline_firewall_key *key)\n \t}\n }\n \n-static int\n-app_pipeline_add_bulk_parse_file(char *filename,\n-\t\tstruct app_pipeline_add_bulk_params *params)\n+int\n+app_pipeline_firewall_load_file(char *filename,\n+\tstruct pipeline_firewall_key *keys,\n+\tuint32_t *priorities,\n+\tuint32_t *port_ids,\n+\tuint32_t *n_keys,\n+\tuint32_t *line)\n {\n-\tFILE *f;\n-\tchar file_buf[BUF_SIZE];\n-\tuint32_t i;\n-\tint status = 0;\n+\tFILE *f = NULL;\n+\tchar file_buf[1024];\n+\tuint32_t i, l;\n \n-\tf = fopen(filename, \"r\");\n-\tif (f == NULL)\n+\t/* Check input arguments */\n+\tif ((filename == NULL) ||\n+\t\t(keys == NULL) ||\n+\t\t(priorities == NULL) ||\n+\t\t(port_ids == NULL) ||\n+\t\t(n_keys == NULL) ||\n+\t\t(*n_keys == 0) ||\n+\t\t(line == NULL)) {\n+\t\tif (line)\n+\t\t\t*line = 0;\n \t\treturn -1;\n-\n-\tparams->n_keys = 0;\n-\twhile (fgets(file_buf, BUF_SIZE, f) != NULL)\n-\t\tparams->n_keys++;\n-\trewind(f);\n-\n-\tif (params->n_keys == 0) {\n-\t\tstatus = -1;\n-\t\tgoto end;\n-\t}\n-\n-\tparams->keys = rte_malloc(NULL,\n-\t\t\tparams->n_keys * sizeof(struct pipeline_firewall_key),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n-\tif (params->keys == NULL) {\n-\t\tstatus = -1;\n-\t\tgoto end;\n-\t}\n-\n-\tparams->priorities = rte_malloc(NULL,\n-\t\t\tparams->n_keys * sizeof(uint32_t),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n-\tif (params->priorities == NULL) {\n-\t\tstatus = -1;\n-\t\tgoto end;\n-\t}\n-\n-\tparams->port_ids = rte_malloc(NULL,\n-\t\t\tparams->n_keys * sizeof(uint32_t),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n-\tif (params->port_ids == NULL) {\n-\t\tstatus = -1;\n-\t\tgoto end;\n-\t}\n-\n-\ti = 0;\n-\twhile (fgets(file_buf, BUF_SIZE, f) != NULL) {\n-\t\tchar *str;\n-\n-\t\tstr = strtok(file_buf, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->priorities[i] = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n \t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.proto = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\t/* Need to add 2 to str to skip leading 0x */\n-\t\tparams->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->port_ids[i] = atoi(str);\n-\t\tparams->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;\n-\n-\t\ti++;\n-\t}\n-\n-end:\n-\tfclose(f);\n-\treturn status;\n-}\n-\n-static int\n-app_pipeline_del_bulk_parse_file(char *filename,\n-\t\tstruct app_pipeline_del_bulk_params *params)\n-{\n-\tFILE *f;\n-\tchar file_buf[BUF_SIZE];\n-\tuint32_t i;\n-\tint status = 0;\n \n+\t/* Open input file */\n \tf = fopen(filename, \"r\");\n-\tif (f == NULL)\n+\tif (f == NULL) {\n+\t\t*line = 0;\n \t\treturn -1;\n-\n-\tparams->n_keys = 0;\n-\twhile (fgets(file_buf, BUF_SIZE, f) != NULL)\n-\t\tparams->n_keys++;\n-\trewind(f);\n-\n-\tif (params->n_keys == 0) {\n-\t\tstatus = -1;\n-\t\tgoto end;\n-\t}\n-\n-\tparams->keys = rte_malloc(NULL,\n-\t\t\tparams->n_keys * sizeof(struct pipeline_firewall_key),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n-\tif (params->keys == NULL) {\n-\t\tstatus = -1;\n-\t\tgoto end;\n \t}\n \n-\ti = 0;\n-\twhile (fgets(file_buf, BUF_SIZE, f) != NULL) {\n-\t\tchar *str;\n-\n-\t\tstr = strtok(file_buf, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;\n-\n-\t\tstr = strtok(NULL, \" .\");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\tparams->keys[i].key.ipv4_5tuple.proto = atoi(str);\n-\n-\t\tstr = strtok(NULL, \" \");\n-\t\tif (str == NULL) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t\t/* Need to add 2 to str to skip leading 0x */\n-\t\tparams->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);\n-\n-\t\tparams->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;\n+\t/* Read file */\n+\tfor (i = 0, l = 1; i < *n_keys; l++) {\n+\t\tchar *tokens[32];\n+\t\tuint32_t n_tokens = RTE_DIM(tokens);\n+\n+\t\tuint32_t priority = 0;\n+\t\tstruct in_addr sipaddr;\n+\t\tuint32_t sipdepth = 0;\n+\t\tstruct in_addr dipaddr;\n+\t\tuint32_t dipdepth = 0;\n+\t\tuint16_t sport0 = 0;\n+\t\tuint16_t sport1 = 0;\n+\t\tuint16_t dport0 = 0;\n+\t\tuint16_t dport1 = 0;\n+\t\tuint8_t proto = 0;\n+\t\tuint8_t protomask = 0;\n+\t\tuint32_t port_id = 0;\n+\n+\t\tint status;\n+\n+\t\tif (fgets(file_buf, sizeof(file_buf), f) == NULL)\n+\t\t\tbreak;\n+\n+\t\tstatus = parse_tokenize_string(file_buf, tokens, &n_tokens);\n+\t\tif (status)\n+\t\t\tgoto error1;\n+\n+\t\tif ((n_tokens == 0) || (tokens[0][0] == '#'))\n+\t\t\tcontinue;\n+\n+\t\tif ((n_tokens != 15) ||\n+\t\t\tstrcmp(tokens[0], \"priority\") ||\n+\t\t\tparser_read_uint32(&priority, tokens[1]) ||\n+\t\t\tstrcmp(tokens[2], \"ipv4\") ||\n+\t\t\tparse_ipv4_addr(tokens[3], &sipaddr) ||\n+\t\t\tparser_read_uint32(&sipdepth, tokens[4]) ||\n+\t\t\tparse_ipv4_addr(tokens[5], &dipaddr) ||\n+\t\t\tparser_read_uint32(&dipdepth, tokens[6]) ||\n+\t\t\tparser_read_uint16(&sport0, tokens[7]) ||\n+\t\t\tparser_read_uint16(&sport1, tokens[8]) ||\n+\t\t\tparser_read_uint16(&dport0, tokens[9]) ||\n+\t\t\tparser_read_uint16(&dport1, tokens[10]) ||\n+\t\t\tparser_read_uint8(&proto, tokens[11]) ||\n+\t\t\tparser_read_uint8_hex(&protomask, tokens[12]) ||\n+\t\t\tstrcmp(tokens[13], \"port\") ||\n+\t\t\tparser_read_uint32(&port_id, tokens[14]))\n+\t\t\tgoto error1;\n+\n+\t\tkeys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;\n+\t\tkeys[i].key.ipv4_5tuple.src_ip =\n+\t\t\trte_be_to_cpu_32(sipaddr.s_addr);\n+\t\tkeys[i].key.ipv4_5tuple.src_ip_mask = sipdepth;\n+\t\tkeys[i].key.ipv4_5tuple.dst_ip =\n+\t\t\trte_be_to_cpu_32(dipaddr.s_addr);\n+\t\tkeys[i].key.ipv4_5tuple.dst_ip_mask = dipdepth;\n+\t\tkeys[i].key.ipv4_5tuple.src_port_from = sport0;\n+\t\tkeys[i].key.ipv4_5tuple.src_port_to = sport1;\n+\t\tkeys[i].key.ipv4_5tuple.dst_port_from = dport0;\n+\t\tkeys[i].key.ipv4_5tuple.dst_port_to = dport1;\n+\t\tkeys[i].key.ipv4_5tuple.proto = proto;\n+\t\tkeys[i].key.ipv4_5tuple.proto_mask = protomask;\n+\n+\t\tport_ids[i] = port_id;\n+\t\tpriorities[i] = priority;\n+\n+\t\tif (app_pipeline_firewall_key_check_and_normalize(&keys[i]))\n+\t\t\tgoto error1;\n \n \t\ti++;\n \t}\n \n-\tfor (i = 0; i < params->n_keys; i++) {\n-\t\tif (app_pipeline_firewall_key_check_and_normalize(¶ms->keys[i]) != 0) {\n-\t\t\tstatus = -1;\n-\t\t\tgoto end;\n-\t\t}\n-\t}\n+\t/* Close file */\n+\t*n_keys = i;\n+\tfclose(f);\n+\treturn 0;\n \n-end:\n+error1:\n+\t*line = l;\n \tfclose(f);\n-\treturn status;\n+\treturn -1;\n }\n \n int\n@@ -804,14 +552,14 @@ app_pipeline_firewall_add_bulk(struct app_params *app,\n \t\treturn -1;\n \n \trules = rte_malloc(NULL,\n-\t\t\tn_keys * sizeof(struct app_pipeline_firewall_rule *),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\tn_keys * sizeof(struct app_pipeline_firewall_rule *),\n+\t\tRTE_CACHE_LINE_SIZE);\n \tif (rules == NULL)\n \t\treturn -1;\n \n \tnew_rules = rte_malloc(NULL,\n-\t\t\tn_keys * sizeof(int),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\tn_keys * sizeof(int),\n+\t\tRTE_CACHE_LINE_SIZE);\n \tif (new_rules == NULL) {\n \t\trte_free(rules);\n \t\treturn -1;\n@@ -834,8 +582,9 @@ app_pipeline_firewall_add_bulk(struct app_params *app,\n \t\trules[i] = app_pipeline_firewall_rule_find(p, &keys[i]);\n \t\tnew_rules[i] = (rules[i] == NULL);\n \t\tif (rules[i] == NULL) {\n-\t\t\trules[i] = rte_malloc(NULL, sizeof(*rules[i]),\n-\t\t\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\t\trules[i] = rte_malloc(NULL,\n+\t\t\t\tsizeof(*rules[i]),\n+\t\t\t\tRTE_CACHE_LINE_SIZE);\n \n \t\t\tif (rules[i] == NULL) {\n \t\t\t\tuint32_t j;\n@@ -852,8 +601,8 @@ app_pipeline_firewall_add_bulk(struct app_params *app,\n \t}\n \n \tkeys_found = rte_malloc(NULL,\n-\t\t\tn_keys * sizeof(int),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\tn_keys * sizeof(int),\n+\t\tRTE_CACHE_LINE_SIZE);\n \tif (keys_found == NULL) {\n \t\tuint32_t j;\n \n@@ -867,8 +616,8 @@ app_pipeline_firewall_add_bulk(struct app_params *app,\n \t}\n \n \tentries_ptr = rte_malloc(NULL,\n-\t\t\tn_keys * sizeof(struct rte_pipeline_table_entry *),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\tn_keys * sizeof(struct rte_pipeline_table_entry *),\n+\t\tRTE_CACHE_LINE_SIZE);\n \tif (entries_ptr == NULL) {\n \t\tuint32_t j;\n \n@@ -883,8 +632,8 @@ app_pipeline_firewall_add_bulk(struct app_params *app,\n \t}\n \tfor (i = 0; i < n_keys; i++) {\n \t\tentries_ptr[i] = rte_malloc(NULL,\n-\t\t\t\tsizeof(struct rte_pipeline_table_entry),\n-\t\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\t\tsizeof(struct rte_pipeline_table_entry),\n+\t\t\tRTE_CACHE_LINE_SIZE);\n \n \t\tif (entries_ptr[i] == NULL) {\n \t\t\tuint32_t j;\n@@ -1030,8 +779,8 @@ app_pipeline_firewall_delete_bulk(struct app_params *app,\n \t\treturn -1;\n \n \trules = rte_malloc(NULL,\n-\t\t\tn_keys * sizeof(struct app_pipeline_firewall_rule *),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\tn_keys * sizeof(struct app_pipeline_firewall_rule *),\n+\t\tRTE_CACHE_LINE_SIZE);\n \tif (rules == NULL)\n \t\treturn -1;\n \n@@ -1044,8 +793,8 @@ app_pipeline_firewall_delete_bulk(struct app_params *app,\n \t}\n \n \tkeys_found = rte_malloc(NULL,\n-\t\t\tn_keys * sizeof(int),\n-\t\t\tRTE_CACHE_LINE_SIZE);\n+\t\tn_keys * sizeof(int),\n+\t\tRTE_CACHE_LINE_SIZE);\n \tif (keys_found == NULL) {\n \t\trte_free(rules);\n \t\treturn -1;\n@@ -1197,662 +946,492 @@ app_pipeline_firewall_delete_default_rule(struct app_params *app,\n }\n \n /*\n- * p firewall add ipv4\n+ * firewall\n+ *\n+ * firewall add:\n+ * p <pipelineid> firewall add priority <priority>\n+ * ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth>\n+ * <sport0> <sport1> <dport0> <dport1> <proto> <protomask>\n+ * port <portid>\n+ * Note: <protomask> is a hex value\n+ *\n+ * p <pipelineid> firewall add bulk <file>\n+ *\n+ * firewall add default:\n+ * p <pipelineid> firewall add default <port ID>\n+ *\n+ * firewall del:\n+ * p <pipelineid> firewall del\n+ * ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth>\n+ * <sport0> <sport1> <dport0> <dport1> <proto> <protomask>\n+ *\n+ * p <pipelineid> firewall del bulk <file>\n+ *\n+ * firewall del default:\n+ * p <pipelineid> firewall del default\n+ *\n+ * firewall ls:\n+ * p <pipelineid> firewall ls\n */\n \n-struct cmd_firewall_add_ipv4_result {\n+struct cmd_firewall_result {\n \tcmdline_fixed_string_t p_string;\n \tuint32_t pipeline_id;\n \tcmdline_fixed_string_t firewall_string;\n-\tcmdline_fixed_string_t add_string;\n-\tcmdline_fixed_string_t ipv4_string;\n-\tint32_t priority;\n-\tcmdline_ipaddr_t src_ip;\n-\tuint32_t src_ip_mask;\n-\tcmdline_ipaddr_t dst_ip;\n-\tuint32_t dst_ip_mask;\n-\tuint16_t src_port_from;\n-\tuint16_t src_port_to;\n-\tuint16_t dst_port_from;\n-\tuint16_t dst_port_to;\n-\tuint8_t proto;\n-\tuint8_t proto_mask;\n-\tuint8_t port_id;\n+\tcmdline_multi_string_t multi_string;\n };\n \n-static void\n-cmd_firewall_add_ipv4_parsed(\n-\tvoid *parsed_result,\n-\t__attribute__((unused)) struct cmdline *cl,\n+static void cmd_firewall_parsed(void *parsed_result,\n+\t__attribute__((unused)) struct cmdline *cl,\n \tvoid *data)\n {\n-\tstruct cmd_firewall_add_ipv4_result *params = parsed_result;\n+\tstruct cmd_firewall_result *params = parsed_result;\n \tstruct app_params *app = data;\n-\tstruct pipeline_firewall_key key;\n \tint status;\n \n-\tkey.type = PIPELINE_FIREWALL_IPV4_5TUPLE;\n-\tkey.key.ipv4_5tuple.src_ip = rte_bswap32(\n-\t\t(uint32_t) params->src_ip.addr.ipv4.s_addr);\n-\tkey.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;\n-\tkey.key.ipv4_5tuple.dst_ip = rte_bswap32(\n-\t\t(uint32_t) params->dst_ip.addr.ipv4.s_addr);\n-\tkey.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;\n-\tkey.key.ipv4_5tuple.src_port_from = params->src_port_from;\n-\tkey.key.ipv4_5tuple.src_port_to = params->src_port_to;\n-\tkey.key.ipv4_5tuple.dst_port_from = params->dst_port_from;\n-\tkey.key.ipv4_5tuple.dst_port_to = params->dst_port_to;\n-\tkey.key.ipv4_5tuple.proto = params->proto;\n-\tkey.key.ipv4_5tuple.proto_mask = params->proto_mask;\n-\n-\tstatus = app_pipeline_firewall_add_rule(app,\n-\t\tparams->pipeline_id,\n-\t\t&key,\n-\t\tparams->priority,\n-\t\tparams->port_id);\n-\n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n-\t\treturn;\n-\t}\n-}\n-\n-cmdline_parse_token_string_t cmd_firewall_add_ipv4_p_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result, p_string,\n-\t\t\"p\");\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_pipeline_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, pipeline_id,\n-\t\tUINT32);\n-\n-cmdline_parse_token_string_t cmd_firewall_add_ipv4_firewall_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tfirewall_string, \"firewall\");\n-\n-cmdline_parse_token_string_t cmd_firewall_add_ipv4_add_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tadd_string, \"add\");\n-\n-cmdline_parse_token_string_t cmd_firewall_add_ipv4_ipv4_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tipv4_string, \"ipv4\");\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_priority =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, priority,\n-\t\tINT32);\n-\n-cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_src_ip =\n-\tTOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip);\n+\tchar *tokens[17];\n+\tuint32_t n_tokens = RTE_DIM(tokens);\n \n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_ip_mask =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip_mask,\n-\t\tUINT32);\n-\n-cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_dst_ip =\n-\tTOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_ip_mask =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip_mask,\n-\t\tUINT32);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_from =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tsrc_port_from, UINT16);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_to =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tsrc_port_to, UINT16);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_from =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tdst_port_from, UINT16);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_to =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tdst_port_to, UINT16);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tproto, UINT8);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto_mask =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tproto_mask, UINT8);\n-\n-cmdline_parse_token_num_t cmd_firewall_add_ipv4_port_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,\n-\t\tport_id, UINT8);\n-\n-cmdline_parse_inst_t cmd_firewall_add_ipv4 = {\n-\t.f = cmd_firewall_add_ipv4_parsed,\n-\t.data = NULL,\n-\t.help_str = \"Firewall rule add\",\n-\t.tokens = {\n-\t\t(void *) &cmd_firewall_add_ipv4_p_string,\n-\t\t(void *) &cmd_firewall_add_ipv4_pipeline_id,\n-\t\t(void *) &cmd_firewall_add_ipv4_firewall_string,\n-\t\t(void *) &cmd_firewall_add_ipv4_add_string,\n-\t\t(void *) &cmd_firewall_add_ipv4_ipv4_string,\n-\t\t(void *) &cmd_firewall_add_ipv4_priority,\n-\t\t(void *) &cmd_firewall_add_ipv4_src_ip,\n-\t\t(void *) &cmd_firewall_add_ipv4_src_ip_mask,\n-\t\t(void *) &cmd_firewall_add_ipv4_dst_ip,\n-\t\t(void *) &cmd_firewall_add_ipv4_dst_ip_mask,\n-\t\t(void *) &cmd_firewall_add_ipv4_src_port_from,\n-\t\t(void *) &cmd_firewall_add_ipv4_src_port_to,\n-\t\t(void *) &cmd_firewall_add_ipv4_dst_port_from,\n-\t\t(void *) &cmd_firewall_add_ipv4_dst_port_to,\n-\t\t(void *) &cmd_firewall_add_ipv4_proto,\n-\t\t(void *) &cmd_firewall_add_ipv4_proto_mask,\n-\t\t(void *) &cmd_firewall_add_ipv4_port_id,\n-\t\tNULL,\n-\t},\n-};\n-\n-/*\n- * p firewall del ipv4\n- */\n-\n-struct cmd_firewall_del_ipv4_result {\n-\tcmdline_fixed_string_t p_string;\n-\tuint32_t pipeline_id;\n-\tcmdline_fixed_string_t firewall_string;\n-\tcmdline_fixed_string_t del_string;\n-\tcmdline_fixed_string_t ipv4_string;\n-\tcmdline_ipaddr_t src_ip;\n-\tuint32_t src_ip_mask;\n-\tcmdline_ipaddr_t dst_ip;\n-\tuint32_t dst_ip_mask;\n-\tuint16_t src_port_from;\n-\tuint16_t src_port_to;\n-\tuint16_t dst_port_from;\n-\tuint16_t dst_port_to;\n-\tuint8_t proto;\n-\tuint8_t proto_mask;\n-};\n-\n-static void\n-cmd_firewall_del_ipv4_parsed(\n-\tvoid *parsed_result,\n-\t__attribute__((unused)) struct cmdline *cl,\n-\tvoid *data)\n-{\n-\tstruct cmd_firewall_del_ipv4_result *params = parsed_result;\n-\tstruct app_params *app = data;\n-\tstruct pipeline_firewall_key key;\n-\tint status;\n-\n-\tkey.type = PIPELINE_FIREWALL_IPV4_5TUPLE;\n-\tkey.key.ipv4_5tuple.src_ip = rte_bswap32(\n-\t\t(uint32_t) params->src_ip.addr.ipv4.s_addr);\n-\tkey.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;\n-\tkey.key.ipv4_5tuple.dst_ip = rte_bswap32(\n-\t\t(uint32_t) params->dst_ip.addr.ipv4.s_addr);\n-\tkey.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;\n-\tkey.key.ipv4_5tuple.src_port_from = params->src_port_from;\n-\tkey.key.ipv4_5tuple.src_port_to = params->src_port_to;\n-\tkey.key.ipv4_5tuple.dst_port_from = params->dst_port_from;\n-\tkey.key.ipv4_5tuple.dst_port_to = params->dst_port_to;\n-\tkey.key.ipv4_5tuple.proto = params->proto;\n-\tkey.key.ipv4_5tuple.proto_mask = params->proto_mask;\n-\n-\tstatus = app_pipeline_firewall_delete_rule(app,\n-\t\tparams->pipeline_id,\n-\t\t&key);\n-\n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n+\tstatus = parse_tokenize_string(params->multi_string, tokens, &n_tokens);\n+\tif (status) {\n+\t\tprintf(CMD_MSG_TOO_MANY_ARGS, \"firewall\");\n \t\treturn;\n \t}\n-}\n-\n-cmdline_parse_token_string_t cmd_firewall_del_ipv4_p_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result, p_string,\n-\t\t\"p\");\n-\n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_pipeline_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, pipeline_id,\n-\t\tUINT32);\n-\n-cmdline_parse_token_string_t cmd_firewall_del_ipv4_firewall_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,\n-\t\tfirewall_string, \"firewall\");\n-\n-cmdline_parse_token_string_t cmd_firewall_del_ipv4_del_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,\n-\t\tdel_string, \"del\");\n \n-cmdline_parse_token_string_t cmd_firewall_del_ipv4_ipv4_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,\n-\t\tipv4_string, \"ipv4\");\n-\n-cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_src_ip =\n-\tTOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip);\n-\n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_ip_mask =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip_mask,\n-\t\tUINT32);\n-\n-cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_dst_ip =\n-\tTOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip);\n-\n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_ip_mask =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip_mask,\n-\t\tUINT32);\n+\t/* firewall add */\n+\tif ((n_tokens >= 2) &&\n+\t\t(strcmp(tokens[0], \"add\") == 0) &&\n+\t\t(strcmp(tokens[1], \"priority\") == 0)) {\n+\t\tstruct pipeline_firewall_key key;\n+\t\tuint32_t priority;\n+\t\tstruct in_addr sipaddr;\n+\t\tuint32_t sipdepth;\n+\t\tstruct in_addr dipaddr;\n+\t\tuint32_t dipdepth;\n+\t\tuint16_t sport0;\n+\t\tuint16_t sport1;\n+\t\tuint16_t dport0;\n+\t\tuint16_t dport1;\n+\t\tuint8_t proto;\n+\t\tuint8_t protomask;\n+\t\tuint32_t port_id;\n+\n+\t\tmemset(&key, 0, sizeof(key));\n+\n+\t\tif (n_tokens != 16) {\n+\t\t\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall add\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_from =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,\n-\t\tsrc_port_from, UINT16);\n+\t\tif (parser_read_uint32(&priority, tokens[2])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"priority\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_to =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_port_to,\n-\t\tUINT16);\n+\t\tif (strcmp(tokens[3], \"ipv4\")) {\n+\t\t\tprintf(CMD_MSG_ARG_NOT_FOUND, \"ipv4\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_from =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,\n-\t\tdst_port_from, UINT16);\n+\t\tif (parse_ipv4_addr(tokens[4], &sipaddr)) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sipaddr\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_to =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,\n-\t\tdst_port_to, UINT16);\n+\t\tif (parser_read_uint32(&sipdepth, tokens[5])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sipdepth\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,\n-\t\tproto, UINT8);\n+\t\tif (parse_ipv4_addr(tokens[6], &dipaddr)) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dipaddr\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto_mask =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, proto_mask,\n-\t\tUINT8);\n+\t\tif (parser_read_uint32(&dipdepth, tokens[7])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dipdepth\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_inst_t cmd_firewall_del_ipv4 = {\n-\t.f = cmd_firewall_del_ipv4_parsed,\n-\t.data = NULL,\n-\t.help_str = \"Firewall rule delete\",\n-\t.tokens = {\n-\t\t(void *) &cmd_firewall_del_ipv4_p_string,\n-\t\t(void *) &cmd_firewall_del_ipv4_pipeline_id,\n-\t\t(void *) &cmd_firewall_del_ipv4_firewall_string,\n-\t\t(void *) &cmd_firewall_del_ipv4_del_string,\n-\t\t(void *) &cmd_firewall_del_ipv4_ipv4_string,\n-\t\t(void *) &cmd_firewall_del_ipv4_src_ip,\n-\t\t(void *) &cmd_firewall_del_ipv4_src_ip_mask,\n-\t\t(void *) &cmd_firewall_del_ipv4_dst_ip,\n-\t\t(void *) &cmd_firewall_del_ipv4_dst_ip_mask,\n-\t\t(void *) &cmd_firewall_del_ipv4_src_port_from,\n-\t\t(void *) &cmd_firewall_del_ipv4_src_port_to,\n-\t\t(void *) &cmd_firewall_del_ipv4_dst_port_from,\n-\t\t(void *) &cmd_firewall_del_ipv4_dst_port_to,\n-\t\t(void *) &cmd_firewall_del_ipv4_proto,\n-\t\t(void *) &cmd_firewall_del_ipv4_proto_mask,\n-\t\tNULL,\n-\t},\n-};\n+\t\tif (parser_read_uint16(&sport0, tokens[8])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sport0\");\n+\t\t\treturn;\n+\t\t}\n \n-/*\n- * p firewall add bulk\n- */\n+\t\tif (parser_read_uint16(&sport1, tokens[9])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sport1\");\n+\t\t\treturn;\n+\t\t}\n \n-struct cmd_firewall_add_bulk_result {\n-\tcmdline_fixed_string_t p_string;\n-\tuint32_t pipeline_id;\n-\tcmdline_fixed_string_t firewall_string;\n-\tcmdline_fixed_string_t add_string;\n-\tcmdline_fixed_string_t bulk_string;\n-\tcmdline_fixed_string_t file_path;\n-};\n+\t\tif (parser_read_uint16(&dport0, tokens[10])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dport0\");\n+\t\t\treturn;\n+\t\t}\n \n-static void\n-cmd_firewall_add_bulk_parsed(\n-\tvoid *parsed_result,\n-\t__attribute__((unused)) struct cmdline *cl,\n-\tvoid *data)\n-{\n-\tstruct cmd_firewall_add_bulk_result *params = parsed_result;\n-\tstruct app_params *app = data;\n-\tint status;\n+\t\tif (parser_read_uint16(&dport1, tokens[11])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dport1\");\n+\t\t\treturn;\n+\t\t}\n \n-\tstruct app_pipeline_add_bulk_params add_bulk_params;\n+\t\tif (parser_read_uint8(&proto, tokens[12])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"proto\");\n+\t\t\treturn;\n+\t\t}\n \n-\tstatus = app_pipeline_add_bulk_parse_file(params->file_path, &add_bulk_params);\n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n-\t\tgoto end;\n-\t}\n+\t\tif (parser_read_uint8_hex(&protomask, tokens[13])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"protomask\");\n+\t\t\treturn;\n+\t\t}\n \n-\tstatus = app_pipeline_firewall_add_bulk(app, params->pipeline_id, add_bulk_params.keys,\n-\t\t\tadd_bulk_params.n_keys, add_bulk_params.priorities, add_bulk_params.port_ids);\n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n-\t\tgoto end;\n-\t}\n+\t\tif (strcmp(tokens[14], \"port\")) {\n+\t\t\tprintf(CMD_MSG_ARG_NOT_FOUND, \"port\");\n+\t\t\treturn;\n+\t\t}\n \n-end:\n-\trte_free(add_bulk_params.keys);\n-\trte_free(add_bulk_params.priorities);\n-\trte_free(add_bulk_params.port_ids);\n-}\n+\t\tif (parser_read_uint32(&port_id, tokens[15])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"portid\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_add_bulk_p_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result, p_string,\n-\t\t\"p\");\n+\t\tkey.type = PIPELINE_FIREWALL_IPV4_5TUPLE;\n+\t\tkey.key.ipv4_5tuple.src_ip = rte_be_to_cpu_32(sipaddr.s_addr);\n+\t\tkey.key.ipv4_5tuple.src_ip_mask = sipdepth;\n+\t\tkey.key.ipv4_5tuple.dst_ip = rte_be_to_cpu_32(dipaddr.s_addr);\n+\t\tkey.key.ipv4_5tuple.dst_ip_mask = dipdepth;\n+\t\tkey.key.ipv4_5tuple.src_port_from = sport0;\n+\t\tkey.key.ipv4_5tuple.src_port_to = sport1;\n+\t\tkey.key.ipv4_5tuple.dst_port_from = dport0;\n+\t\tkey.key.ipv4_5tuple.dst_port_to = dport1;\n+\t\tkey.key.ipv4_5tuple.proto = proto;\n+\t\tkey.key.ipv4_5tuple.proto_mask = protomask;\n+\n+\t\tstatus = app_pipeline_firewall_add_rule(app,\n+\t\t\tparams->pipeline_id,\n+\t\t\t&key,\n+\t\t\tpriority,\n+\t\t\tport_id);\n+\t\tif (status)\n+\t\t\tprintf(CMD_MSG_FAIL, \"firewall add\");\n \n-cmdline_parse_token_num_t cmd_firewall_add_bulk_pipeline_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_bulk_result, pipeline_id,\n-\t\tUINT32);\n+\t\treturn;\n+\t} /* firewall add */\n+\n+\t/* firewall add bulk */\n+\tif ((n_tokens >= 2) &&\n+\t\t(strcmp(tokens[0], \"add\") == 0) &&\n+\t\t(strcmp(tokens[1], \"bulk\") == 0)) {\n+\t\tstruct pipeline_firewall_key *keys;\n+\t\tuint32_t *priorities, *port_ids, n_keys, line;\n+\t\tchar *filename;\n+\n+\t\tif (n_tokens != 3) {\n+\t\t\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall add bulk\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_add_bulk_firewall_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,\n-\t\tfirewall_string, \"firewall\");\n+\t\tfilename = tokens[2];\n \n-cmdline_parse_token_string_t cmd_firewall_add_bulk_add_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,\n-\t\tadd_string, \"add\");\n+\t\tn_keys = APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE;\n+\t\tkeys = malloc(n_keys * sizeof(struct pipeline_firewall_key));\n+\t\tif (keys == NULL) {\n+\t\t\tprintf(CMD_MSG_OUT_OF_MEMORY);\n+\t\t\treturn;\n+\t\t}\n+\t\tmemset(keys, 0, n_keys * sizeof(struct pipeline_firewall_key));\n \n-cmdline_parse_token_string_t cmd_firewall_add_bulk_bulk_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,\n-\t\tbulk_string, \"bulk\");\n+\t\tpriorities = malloc(n_keys * sizeof(uint32_t));\n+\t\tif (priorities == NULL) {\n+\t\t\tprintf(CMD_MSG_OUT_OF_MEMORY);\n+\t\t\tfree(keys);\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_add_bulk_file_path_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,\n-\t\tfile_path, NULL);\n+\t\tport_ids = malloc(n_keys * sizeof(uint32_t));\n+\t\tif (port_ids == NULL) {\n+\t\t\tprintf(CMD_MSG_OUT_OF_MEMORY);\n+\t\t\tfree(priorities);\n+\t\t\tfree(keys);\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_inst_t cmd_firewall_add_bulk = {\n-\t.f = cmd_firewall_add_bulk_parsed,\n-\t.data = NULL,\n-\t.help_str = \"Firewall rule add bulk\",\n-\t.tokens = {\n-\t\t(void *) &cmd_firewall_add_bulk_p_string,\n-\t\t(void *) &cmd_firewall_add_bulk_pipeline_id,\n-\t\t(void *) &cmd_firewall_add_bulk_firewall_string,\n-\t\t(void *) &cmd_firewall_add_bulk_add_string,\n-\t\t(void *) &cmd_firewall_add_bulk_bulk_string,\n-\t\t(void *) &cmd_firewall_add_bulk_file_path_string,\n-\t\tNULL,\n-\t},\n-};\n+\t\tstatus = app_pipeline_firewall_load_file(filename,\n+\t\t\tkeys,\n+\t\t\tpriorities,\n+\t\t\tport_ids,\n+\t\t\t&n_keys,\n+\t\t\t&line);\n+\t\tif (status != 0) {\n+\t\t\tprintf(CMD_MSG_FILE_ERR, filename, line);\n+\t\t\tfree(port_ids);\n+\t\t\tfree(priorities);\n+\t\t\tfree(keys);\n+\t\t\treturn;\n+\t\t}\n \n-/*\n- * p firewall del bulk\n- */\n+\t\tstatus = app_pipeline_firewall_add_bulk(app,\n+\t\t\tparams->pipeline_id,\n+\t\t\tkeys,\n+\t\t\tn_keys,\n+\t\t\tpriorities,\n+\t\t\tport_ids);\n+\t\tif (status)\n+\t\t\tprintf(CMD_MSG_FAIL, \"firewall add bulk\");\n+\n+\t\tfree(keys);\n+\t\tfree(priorities);\n+\t\tfree(port_ids);\n+\t\treturn;\n+\t} /* firewall add bulk */\n \n-struct cmd_firewall_del_bulk_result {\n-\tcmdline_fixed_string_t p_string;\n-\tuint32_t pipeline_id;\n-\tcmdline_fixed_string_t firewall_string;\n-\tcmdline_fixed_string_t del_string;\n-\tcmdline_fixed_string_t bulk_string;\n-\tcmdline_fixed_string_t file_path;\n-};\n+\t/* firewall add default */\n+\tif ((n_tokens >= 2) &&\n+\t\t(strcmp(tokens[0], \"add\") == 0) &&\n+\t\t(strcmp(tokens[1], \"default\") == 0)) {\n+\t\tuint32_t port_id;\n \n-static void\n-cmd_firewall_del_bulk_parsed(\n-\tvoid *parsed_result,\n-\t__attribute__((unused)) struct cmdline *cl,\n-\tvoid *data)\n-{\n-\tstruct cmd_firewall_del_bulk_result *params = parsed_result;\n-\tstruct app_params *app = data;\n-\tint status;\n+\t\tif (n_tokens != 3) {\n+\t\t\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall add default\");\n+\t\t\treturn;\n+\t\t}\n \n-\tstruct app_pipeline_del_bulk_params del_bulk_params;\n+\t\tif (parser_read_uint32(&port_id, tokens[2])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"portid\");\n+\t\t\treturn;\n+\t\t}\n \n-\tstatus = app_pipeline_del_bulk_parse_file(params->file_path, &del_bulk_params);\n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n-\t\tgoto end;\n-\t}\n+\t\tstatus = app_pipeline_firewall_add_default_rule(app,\n+\t\t\tparams->pipeline_id,\n+\t\t\tport_id);\n+\t\tif (status)\n+\t\t\tprintf(CMD_MSG_FAIL, \"firewall add default\");\n \n-\tstatus = app_pipeline_firewall_delete_bulk(app, params->pipeline_id,\n-\t\t\tdel_bulk_params.keys, del_bulk_params.n_keys);\n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n-\t\tgoto end;\n-\t}\n+\t\treturn;\n+\t} /* firewall add default */\n+\n+\t/* firewall del */\n+\tif ((n_tokens >= 2) &&\n+\t\t(strcmp(tokens[0], \"del\") == 0) &&\n+\t\t(strcmp(tokens[1], \"ipv4\") == 0)) {\n+\t\tstruct pipeline_firewall_key key;\n+\t\tstruct in_addr sipaddr;\n+\t\tuint32_t sipdepth;\n+\t\tstruct in_addr dipaddr;\n+\t\tuint32_t dipdepth;\n+\t\tuint16_t sport0;\n+\t\tuint16_t sport1;\n+\t\tuint16_t dport0;\n+\t\tuint16_t dport1;\n+\t\tuint8_t proto;\n+\t\tuint8_t protomask;\n+\n+\t\tmemset(&key, 0, sizeof(key));\n+\n+\t\tif (n_tokens != 12) {\n+\t\t\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall del\");\n+\t\t\treturn;\n+\t\t}\n \n-end:\n-\trte_free(del_bulk_params.keys);\n-}\n+\t\tif (parse_ipv4_addr(tokens[2], &sipaddr)) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sipaddr\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_del_bulk_p_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result, p_string,\n-\t\t\"p\");\n+\t\tif (parser_read_uint32(&sipdepth, tokens[3])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sipdepth\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_num_t cmd_firewall_del_bulk_pipeline_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_bulk_result, pipeline_id,\n-\t\tUINT32);\n+\t\tif (parse_ipv4_addr(tokens[4], &dipaddr)) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dipaddr\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_del_bulk_firewall_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,\n-\t\tfirewall_string, \"firewall\");\n+\t\tif (parser_read_uint32(&dipdepth, tokens[5])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dipdepth\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_del_bulk_add_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,\n-\t\tdel_string, \"del\");\n+\t\tif (parser_read_uint16(&sport0, tokens[6])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sport0\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_del_bulk_bulk_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,\n-\t\tbulk_string, \"bulk\");\n+\t\tif (parser_read_uint16(&sport1, tokens[7])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"sport1\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_del_bulk_file_path_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,\n-\t\tfile_path, NULL);\n+\t\tif (parser_read_uint16(&dport0, tokens[8])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dport0\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_inst_t cmd_firewall_del_bulk = {\n-\t.f = cmd_firewall_del_bulk_parsed,\n-\t.data = NULL,\n-\t.help_str = \"Firewall rule del bulk\",\n-\t.tokens = {\n-\t\t(void *) &cmd_firewall_del_bulk_p_string,\n-\t\t(void *) &cmd_firewall_del_bulk_pipeline_id,\n-\t\t(void *) &cmd_firewall_del_bulk_firewall_string,\n-\t\t(void *) &cmd_firewall_del_bulk_add_string,\n-\t\t(void *) &cmd_firewall_del_bulk_bulk_string,\n-\t\t(void *) &cmd_firewall_del_bulk_file_path_string,\n-\t\tNULL,\n-\t},\n-};\n+\t\tif (parser_read_uint16(&dport1, tokens[9])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"dport1\");\n+\t\t\treturn;\n+\t\t}\n \n-/*\n- * p firewall add default\n- */\n-struct cmd_firewall_add_default_result {\n-\tcmdline_fixed_string_t p_string;\n-\tuint32_t pipeline_id;\n-\tcmdline_fixed_string_t firewall_string;\n-\tcmdline_fixed_string_t add_string;\n-\tcmdline_fixed_string_t default_string;\n-\tuint8_t port_id;\n-};\n+\t\tif (parser_read_uint8(&proto, tokens[10])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"proto\");\n+\t\t\treturn;\n+\t\t}\n \n-static void\n-cmd_firewall_add_default_parsed(\n-\tvoid *parsed_result,\n-\t__attribute__((unused)) struct cmdline *cl,\n-\tvoid *data)\n-{\n-\tstruct cmd_firewall_add_default_result *params = parsed_result;\n-\tstruct app_params *app = data;\n-\tint status;\n+\t\tif (parser_read_uint8_hex(&protomask, tokens[11])) {\n+\t\t\tprintf(CMD_MSG_INVALID_ARG, \"protomask\");\n+\t\t\treturn;\n+\t\t}\n \n-\tstatus = app_pipeline_firewall_add_default_rule(app,\n-\t\tparams->pipeline_id,\n-\t\tparams->port_id);\n+\t\tkey.type = PIPELINE_FIREWALL_IPV4_5TUPLE;\n+\t\tkey.key.ipv4_5tuple.src_ip = rte_be_to_cpu_32(sipaddr.s_addr);\n+\t\tkey.key.ipv4_5tuple.src_ip_mask = sipdepth;\n+\t\tkey.key.ipv4_5tuple.dst_ip = rte_be_to_cpu_32(dipaddr.s_addr);\n+\t\tkey.key.ipv4_5tuple.dst_ip_mask = dipdepth;\n+\t\tkey.key.ipv4_5tuple.src_port_from = sport0;\n+\t\tkey.key.ipv4_5tuple.src_port_to = sport1;\n+\t\tkey.key.ipv4_5tuple.dst_port_from = dport0;\n+\t\tkey.key.ipv4_5tuple.dst_port_to = dport1;\n+\t\tkey.key.ipv4_5tuple.proto = proto;\n+\t\tkey.key.ipv4_5tuple.proto_mask = protomask;\n+\n+\t\tstatus = app_pipeline_firewall_delete_rule(app,\n+\t\t\tparams->pipeline_id,\n+\t\t\t&key);\n+\t\tif (status)\n+\t\t\tprintf(CMD_MSG_FAIL, \"firewall del\");\n \n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n \t\treturn;\n-\t}\n-}\n-\n-cmdline_parse_token_string_t cmd_firewall_add_default_p_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,\n-\t\tp_string, \"p\");\n-\n-cmdline_parse_token_num_t cmd_firewall_add_default_pipeline_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result,\n-\t\tpipeline_id, UINT32);\n-\n-cmdline_parse_token_string_t cmd_firewall_add_default_firewall_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,\n-\tfirewall_string, \"firewall\");\n-\n-cmdline_parse_token_string_t cmd_firewall_add_default_add_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,\n-\tadd_string, \"add\");\n+\t} /* firewall del */\n+\n+\t/* firewall del bulk */\n+\tif ((n_tokens >= 2) &&\n+\t\t(strcmp(tokens[0], \"del\") == 0) &&\n+\t\t(strcmp(tokens[1], \"bulk\") == 0)) {\n+\t\tstruct pipeline_firewall_key *keys;\n+\t\tuint32_t *priorities, *port_ids, n_keys, line;\n+\t\tchar *filename;\n+\n+\t\tif (n_tokens != 3) {\n+\t\t\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall del bulk\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_add_default_default_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,\n-\t\tdefault_string, \"default\");\n+\t\tfilename = tokens[2];\n \n-cmdline_parse_token_num_t cmd_firewall_add_default_port_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result, port_id,\n-\t\tUINT8);\n+\t\tn_keys = APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE;\n+\t\tkeys = malloc(n_keys * sizeof(struct pipeline_firewall_key));\n+\t\tif (keys == NULL) {\n+\t\t\tprintf(CMD_MSG_OUT_OF_MEMORY);\n+\t\t\treturn;\n+\t\t}\n+\t\tmemset(keys, 0, n_keys * sizeof(struct pipeline_firewall_key));\n \n-cmdline_parse_inst_t cmd_firewall_add_default = {\n-\t.f = cmd_firewall_add_default_parsed,\n-\t.data = NULL,\n-\t.help_str = \"Firewall default rule add\",\n-\t.tokens = {\n-\t\t(void *) &cmd_firewall_add_default_p_string,\n-\t\t(void *) &cmd_firewall_add_default_pipeline_id,\n-\t\t(void *) &cmd_firewall_add_default_firewall_string,\n-\t\t(void *) &cmd_firewall_add_default_add_string,\n-\t\t(void *) &cmd_firewall_add_default_default_string,\n-\t\t(void *) &cmd_firewall_add_default_port_id,\n-\t\tNULL,\n-\t},\n-};\n+\t\tpriorities = malloc(n_keys * sizeof(uint32_t));\n+\t\tif (priorities == NULL) {\n+\t\t\tprintf(CMD_MSG_OUT_OF_MEMORY);\n+\t\t\tfree(keys);\n+\t\t\treturn;\n+\t\t}\n \n-/*\n- * p firewall del default\n- */\n-struct cmd_firewall_del_default_result {\n-\tcmdline_fixed_string_t p_string;\n-\tuint32_t pipeline_id;\n-\tcmdline_fixed_string_t firewall_string;\n-\tcmdline_fixed_string_t del_string;\n-\tcmdline_fixed_string_t default_string;\n-};\n+\t\tport_ids = malloc(n_keys * sizeof(uint32_t));\n+\t\tif (port_ids == NULL) {\n+\t\t\tprintf(CMD_MSG_OUT_OF_MEMORY);\n+\t\t\tfree(priorities);\n+\t\t\tfree(keys);\n+\t\t\treturn;\n+\t\t}\n \n-static void\n-cmd_firewall_del_default_parsed(\n-\tvoid *parsed_result,\n-\t__attribute__((unused)) struct cmdline *cl,\n-\tvoid *data)\n-{\n-\tstruct cmd_firewall_del_default_result *params = parsed_result;\n-\tstruct app_params *app = data;\n-\tint status;\n+\t\tstatus = app_pipeline_firewall_load_file(filename,\n+\t\t\tkeys,\n+\t\t\tpriorities,\n+\t\t\tport_ids,\n+\t\t\t&n_keys,\n+\t\t\t&line);\n+\t\tif (status != 0) {\n+\t\t\tprintf(CMD_MSG_FILE_ERR, filename, line);\n+\t\t\tfree(port_ids);\n+\t\t\tfree(priorities);\n+\t\t\tfree(keys);\n+\t\t\treturn;\n+\t\t}\n \n-\tstatus = app_pipeline_firewall_delete_default_rule(app,\n-\t\tparams->pipeline_id);\n+\t\tstatus = app_pipeline_firewall_delete_bulk(app,\n+\t\t\tparams->pipeline_id,\n+\t\t\tkeys,\n+\t\t\tn_keys);\n+\t\tif (status)\n+\t\t\tprintf(CMD_MSG_FAIL, \"firewall del bulk\");\n \n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n+\t\tfree(port_ids);\n+\t\tfree(priorities);\n+\t\tfree(keys);\n \t\treturn;\n-\t}\n-}\n-\n-cmdline_parse_token_string_t cmd_firewall_del_default_p_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,\n-\t\tp_string, \"p\");\n-\n-cmdline_parse_token_num_t cmd_firewall_del_default_pipeline_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_del_default_result,\n-\t\tpipeline_id, UINT32);\n-\n-cmdline_parse_token_string_t cmd_firewall_del_default_firewall_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,\n-\tfirewall_string, \"firewall\");\n-\n-cmdline_parse_token_string_t cmd_firewall_del_default_del_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,\n-\t\tdel_string, \"del\");\n+\t} /* firewall del bulk */\n+\n+\t/* firewall del default */\n+\tif ((n_tokens >= 2) &&\n+\t\t(strcmp(tokens[0], \"del\") == 0) &&\n+\t\t(strcmp(tokens[1], \"default\") == 0)) {\n+\t\tif (n_tokens != 2) {\n+\t\t\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall del default\");\n+\t\t\treturn;\n+\t\t}\n \n-cmdline_parse_token_string_t cmd_firewall_del_default_default_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,\n-\t\tdefault_string, \"default\");\n+\t\tstatus = app_pipeline_firewall_delete_default_rule(app,\n+\t\t\tparams->pipeline_id);\n+\t\tif (status)\n+\t\t\tprintf(CMD_MSG_FAIL, \"firewall del default\");\n \n-cmdline_parse_inst_t cmd_firewall_del_default = {\n-\t.f = cmd_firewall_del_default_parsed,\n-\t.data = NULL,\n-\t.help_str = \"Firewall default rule delete\",\n-\t.tokens = {\n-\t\t(void *) &cmd_firewall_del_default_p_string,\n-\t\t(void *) &cmd_firewall_del_default_pipeline_id,\n-\t\t(void *) &cmd_firewall_del_default_firewall_string,\n-\t\t(void *) &cmd_firewall_del_default_del_string,\n-\t\t(void *) &cmd_firewall_del_default_default_string,\n-\t\tNULL,\n-\t},\n-};\n+\t\treturn;\n \n-/*\n- * p firewall ls\n- */\n+\t} /* firewall del default */\n \n-struct cmd_firewall_ls_result {\n-\tcmdline_fixed_string_t p_string;\n-\tuint32_t pipeline_id;\n-\tcmdline_fixed_string_t firewall_string;\n-\tcmdline_fixed_string_t ls_string;\n-};\n-\n-static void\n-cmd_firewall_ls_parsed(\n-\tvoid *parsed_result,\n-\t__attribute__((unused)) struct cmdline *cl,\n-\tvoid *data)\n-{\n-\tstruct cmd_firewall_ls_result *params = parsed_result;\n-\tstruct app_params *app = data;\n-\tint status;\n+\t/* firewall ls */\n+\tif ((n_tokens >= 1) && (strcmp(tokens[0], \"ls\") == 0)) {\n+\t\tif (n_tokens != 1) {\n+\t\t\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall ls\");\n+\t\t\treturn;\n+\t\t}\n \n-\tstatus = app_pipeline_firewall_ls(app, params->pipeline_id);\n+\t\tstatus = app_pipeline_firewall_ls(app, params->pipeline_id);\n+\t\tif (status)\n+\t\t\tprintf(CMD_MSG_FAIL, \"firewall ls\");\n \n-\tif (status != 0) {\n-\t\tprintf(\"Command failed\\n\");\n \t\treturn;\n-\t}\n+\t} /* firewall ls */\n+\n+\tprintf(CMD_MSG_MISMATCH_ARGS, \"firewall\");\n }\n \n-cmdline_parse_token_string_t cmd_firewall_ls_p_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, p_string,\n-\t\t\"p\");\n+static cmdline_parse_token_string_t cmd_firewall_p_string =\n+\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_result, p_string, \"p\");\n \n-cmdline_parse_token_num_t cmd_firewall_ls_pipeline_id =\n-\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_ls_result, pipeline_id,\n-\t\tUINT32);\n+static cmdline_parse_token_num_t cmd_firewall_pipeline_id =\n+\tTOKEN_NUM_INITIALIZER(struct cmd_firewall_result, pipeline_id, UINT32);\n \n-cmdline_parse_token_string_t cmd_firewall_ls_firewall_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result,\n-\tfirewall_string, \"firewall\");\n+static cmdline_parse_token_string_t cmd_firewall_firewall_string =\n+\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_result, firewall_string,\n+\t\"firewall\");\n \n-cmdline_parse_token_string_t cmd_firewall_ls_ls_string =\n-\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, ls_string,\n-\t\"ls\");\n+static cmdline_parse_token_string_t cmd_firewall_multi_string =\n+\tTOKEN_STRING_INITIALIZER(struct cmd_firewall_result, multi_string,\n+\tTOKEN_STRING_MULTI);\n \n-cmdline_parse_inst_t cmd_firewall_ls = {\n-\t.f = cmd_firewall_ls_parsed,\n+static cmdline_parse_inst_t cmd_firewall = {\n+\t.f = cmd_firewall_parsed,\n \t.data = NULL,\n-\t.help_str = \"Firewall rule list\",\n+\t.help_str =\t\"firewall add / add bulk / add default / del / del bulk\"\n+\t\t\" / del default / ls\",\n \t.tokens = {\n-\t\t(void *) &cmd_firewall_ls_p_string,\n-\t\t(void *) &cmd_firewall_ls_pipeline_id,\n-\t\t(void *) &cmd_firewall_ls_firewall_string,\n-\t\t(void *) &cmd_firewall_ls_ls_string,\n+\t\t(void *) &cmd_firewall_p_string,\n+\t\t(void *) &cmd_firewall_pipeline_id,\n+\t\t(void *) &cmd_firewall_firewall_string,\n+\t\t(void *) &cmd_firewall_multi_string,\n \t\tNULL,\n \t},\n };\n \n static cmdline_parse_ctx_t pipeline_cmds[] = {\n-\t(cmdline_parse_inst_t *) &cmd_firewall_add_ipv4,\n-\t(cmdline_parse_inst_t *) &cmd_firewall_del_ipv4,\n-\t(cmdline_parse_inst_t *) &cmd_firewall_add_bulk,\n-\t(cmdline_parse_inst_t *) &cmd_firewall_del_bulk,\n-\t(cmdline_parse_inst_t *) &cmd_firewall_add_default,\n-\t(cmdline_parse_inst_t *) &cmd_firewall_del_default,\n-\t(cmdline_parse_inst_t *) &cmd_firewall_ls,\n+\t(cmdline_parse_inst_t *) &cmd_firewall,\n \tNULL,\n };\n \ndiff --git a/examples/ip_pipeline/pipeline/pipeline_firewall.h b/examples/ip_pipeline/pipeline/pipeline_firewall.h\nindex ccc4e64..aa79a2a 100644\n--- a/examples/ip_pipeline/pipeline/pipeline_firewall.h\n+++ b/examples/ip_pipeline/pipeline/pipeline_firewall.h\n@@ -72,6 +72,18 @@ int\n app_pipeline_firewall_delete_default_rule(struct app_params *app,\n \tuint32_t pipeline_id);\n \n+#ifndef APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE\n+#define APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE\t\t65536\n+#endif\n+\n+int\n+app_pipeline_firewall_load_file(char *filename,\n+\tstruct pipeline_firewall_key *keys,\n+\tuint32_t *priorities,\n+\tuint32_t *port_ids,\n+\tuint32_t *n_keys,\n+\tuint32_t *line);\n+\n extern struct pipeline_type pipeline_firewall;\n \n #endif\n", "prefixes": [ "dpdk-dev", "v2", "3/7" ] }