From patchwork Fri May  6 15:57:28 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
X-Patchwork-Id: 12531
X-Patchwork-Delegate: thomas@monjalon.net
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [IPv6:::1])
	by dpdk.org (Postfix) with ESMTP id A552737B8;
	Fri,  6 May 2016 18:00:42 +0200 (CEST)
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by dpdk.org (Postfix) with ESMTP id 2BAD73798
	for <dev@dpdk.org>; Fri,  6 May 2016 18:00:40 +0200 (CEST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
	by orsmga103.jf.intel.com with ESMTP; 06 May 2016 09:00:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.24,587,1455004800"; d="scan'208";a="970234040"
Received: from unknown (HELO Sent) ([10.217.248.166])
	by orsmga002.jf.intel.com with SMTP; 06 May 2016 09:00:36 -0700
Received: by Sent (sSMTP sendmail emulation); Fri, 06 May 2016 18:00:15 +0200
From: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
To: dev@dpdk.org
Cc: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Date: Fri,  6 May 2016 17:57:28 +0200
Message-Id: <1462550250-1256-5-git-send-email-michalx.k.jastrzebski@intel.com>
X-Mailer: git-send-email 2.7.0
In-Reply-To: 
 <1462550250-1256-1-git-send-email-michalx.k.jastrzebski@intel.com>
References: <1462550250-1256-1-git-send-email-michalx.k.jastrzebski@intel.com>
Subject: [dpdk-dev] [PATCH 4/6] examples/ip_pipeline: modifies firewall
	pipeline CLI
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Each command are merged into one: cmd_firewall_parsed.
ADD command format is changed:
p <pipeline ID> firewall add priority <priority> ipv4 <sipaddr>
<sipdepth> <dipaddr> <dipdepth> <sport0> <sport1> <dport0> <dport1>
<proto> <protomask> port <port ID>

and bulk command was modified:
1. firewall add bulk
File line format:
priority <priority> ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth>
<sport0> <sport1> <dport0> <dport1> <proto> <protomask> port <port ID>
(protomask is a hex value)
File line example:
priority 0 ipv4 1.2.3.0 24 10.20.30.40 32 0 63 64 127 6 0xF port 3

2. firewall del bulk
File line format:
ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth> <sport0> <sport1>
<dport0> <dport1> <proto> <protomask>
File line example:
ipv4 1.2.3.0 24 10.20.30.40 32 0 63 64 127 6 0xF

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
---
 examples/ip_pipeline/pipeline/pipeline_firewall.c | 1336 +++++++++------------
 1 file changed, 593 insertions(+), 743 deletions(-)

diff --git a/examples/ip_pipeline/pipeline/pipeline_firewall.c b/examples/ip_pipeline/pipeline/pipeline_firewall.c
index fd897d5..fb7a44a 100644
--- a/examples/ip_pipeline/pipeline/pipeline_firewall.c
+++ b/examples/ip_pipeline/pipeline/pipeline_firewall.c
@@ -30,9 +30,11 @@
  *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
+#include <errno.h>
 #include <stdio.h>
 #include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
 #include <sys/queue.h>
 #include <netinet/in.h>
 
@@ -50,6 +52,8 @@
 #include "app.h"
 #include "pipeline_common_fe.h"
 #include "pipeline_firewall.h"
+#include "parser.h"
+
 
 #define BUF_SIZE		1024
 
@@ -276,26 +280,32 @@ static int
 app_pipeline_add_bulk_parse_file(char *filename,
 		struct app_pipeline_add_bulk_params *params)
 {
-	FILE *f;
+	FILE *f = NULL;
 	char file_buf[BUF_SIZE];
-	uint32_t i;
+	uint32_t i, line = 0;
 	int status = 0;
 
 	f = fopen(filename, "r");
-	if (f == NULL)
+	if (f == NULL) {
+		if (getcwd(file_buf, sizeof(file_buf)) != NULL)
+			printf("not found file %s in the current working dir %s\n",
+					filename, file_buf);
 		return -1;
+	}
 
 	params->n_keys = 0;
 	while (fgets(file_buf, BUF_SIZE, f) != NULL)
-		params->n_keys++;
+		if (file_buf[0] != '\0' && file_buf[0] != '\n' && file_buf[0] != '#')
+			params->n_keys++;
 	rewind(f);
 
 	if (params->n_keys == 0) {
+		printf("not found any keys in the file %s\n", filename);
 		status = -1;
 		goto end;
 	}
 
-	params->keys = rte_malloc(NULL,
+	params->keys = rte_zmalloc(NULL,
 			params->n_keys * sizeof(struct pipeline_firewall_key),
 			RTE_CACHE_LINE_SIZE);
 	if (params->keys == NULL) {
@@ -321,137 +331,152 @@ app_pipeline_add_bulk_parse_file(char *filename,
 
 	i = 0;
 	while (fgets(file_buf, BUF_SIZE, f) != NULL) {
-		char *str;
+		char *tokens[17];
+		uint32_t n_tokens = RTE_DIM(tokens);
+		status = parse_tokenize_string(file_buf, tokens, &n_tokens);
+		uint32_t priority = 0;
+		struct in_addr sipaddr;
+		uint32_t sipdepth = 0;
+		struct in_addr dipaddr;
+		uint32_t dipdepth = 0;
+		uint16_t sport0 = 0;
+		uint16_t sport1 = 0;
+		uint16_t dport0 = 0;
+		uint16_t dport1 = 0;
+		uint8_t proto = 0;
+		uint8_t protomask = 0;
+		uint32_t port_id = 0;
 
-		str = strtok(file_buf, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
+		if (n_tokens == 0 || tokens[0][0] == '#') {
+			line++;
+			continue;
 		}
-		params->priorities[i] = atoi(str);
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (status != 0) {
+			printf("Too many tokens\n");
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (n_tokens != 15) {
+			printf("Bad number of tokens at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (strcmp(tokens[0], "priority") != 0) {
+			printf("Incorrect string for priority at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parser_read_uint32(&priority, tokens[1])) {
+			printf("Incorrect format for priority at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (strcmp(tokens[2], "ipv4")) {
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parse_ipv4_addr(tokens[3], &sipaddr)) {
+			printf("Incorrect format for sipaddr at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parser_read_uint32(&sipdepth, tokens[4])) {
+			printf("Incorrect format for sipdepth at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parse_ipv4_addr(tokens[5], &dipaddr)) {
+			printf("Incorrect format for dipaddr at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parser_read_uint32(&dipdepth, tokens[6])) {
+			printf("Incorrect format for dipdepth at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&sport0, tokens[7])) {
+			printf("Incorrect format for sport0 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&sport1, tokens[8])) {
+			printf("Incorrect format for sport1 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&dport0, tokens[9])) {
+			printf("Incorrect format for dport0 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&dport1, tokens[10])) {
+			printf("Incorrect format for dport1 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint8(&proto, tokens[11])) {
+			printf("Incorrect format for proto at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		char *e;
+		protomask = strtoul(tokens[12], &e, 16);
+		if (*e || errno == EINVAL || errno == ERANGE) {
+			printf("Incorrect format for protomask - should be in hex  at line"
+					" %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.proto = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (strcmp(tokens[13], "port")) {
+			printf("string supported port at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		/* Need to add 2 to str to skip leading 0x */
-		params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint32(&port_id, tokens[14])) {
+			printf("Incorrect format for port ID at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->port_ids[i] = atoi(str);
+
 		params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+		params->keys[i].key.ipv4_5tuple.src_ip = rte_bswap32(
+			(uint32_t) sipaddr.s_addr);
+		params->keys[i].key.ipv4_5tuple.src_ip_mask = sipdepth;
+		params->keys[i].key.ipv4_5tuple.dst_ip = rte_bswap32(
+			(uint32_t) dipaddr.s_addr);
+		params->keys[i].key.ipv4_5tuple.dst_ip_mask = dipdepth;
+		params->keys[i].key.ipv4_5tuple.src_port_from = sport0;
+		params->keys[i].key.ipv4_5tuple.src_port_to = sport1;
+		params->keys[i].key.ipv4_5tuple.dst_port_from = dport0;
+		params->keys[i].key.ipv4_5tuple.dst_port_to = dport1;
+		params->keys[i].key.ipv4_5tuple.proto = proto;
+		params->keys[i].key.ipv4_5tuple.proto_mask = protomask;
 
+		params->port_ids[i] = port_id;
+		params->priorities[i] = priority;
+
+		line++;
 		i++;
+
+
 	}
 
 end:
@@ -463,26 +488,32 @@ static int
 app_pipeline_del_bulk_parse_file(char *filename,
 		struct app_pipeline_del_bulk_params *params)
 {
-	FILE *f;
+	FILE *f = NULL;
 	char file_buf[BUF_SIZE];
-	uint32_t i;
+	uint32_t i, line = 0;
 	int status = 0;
 
 	f = fopen(filename, "r");
-	if (f == NULL)
+	if (f == NULL) {
+		if (getcwd(file_buf, sizeof(file_buf)) != NULL)
+			printf("not found file %s in the current working dir %s\n",
+					filename, file_buf);
 		return -1;
+	}
 
 	params->n_keys = 0;
 	while (fgets(file_buf, BUF_SIZE, f) != NULL)
-		params->n_keys++;
+		if (file_buf[0] != '\0' && file_buf[0] != '\n' && file_buf[0] != '#')
+			params->n_keys++;
 	rewind(f);
 
 	if (params->n_keys == 0) {
+		printf("not found any keys in the file %s\n", filename);
 		status = -1;
 		goto end;
 	}
 
-	params->keys = rte_malloc(NULL,
+	params->keys = rte_zmalloc(NULL,
 			params->n_keys * sizeof(struct pipeline_firewall_key),
 			RTE_CACHE_LINE_SIZE);
 	if (params->keys == NULL) {
@@ -492,124 +523,123 @@ app_pipeline_del_bulk_parse_file(char *filename,
 
 	i = 0;
 	while (fgets(file_buf, BUF_SIZE, f) != NULL) {
-		char *str;
+		char *tokens[17];
+		uint32_t n_tokens = RTE_DIM(tokens);
+		status = parse_tokenize_string(file_buf, tokens, &n_tokens);
+		struct in_addr sipaddr;
+		uint32_t sipdepth = 0;
+		struct in_addr dipaddr;
+		uint32_t dipdepth;
+		uint16_t sport0 = 0;
+		uint16_t sport1 = 0;
+		uint16_t dport0 = 0;
+		uint16_t dport1 = 0;
+		uint8_t proto = 0;
+		uint8_t protomask = 0;
 
-		str = strtok(file_buf, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
+		if (n_tokens == 0 || tokens[0][0] == '#') {
+					line++;
+					continue;
+				}
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (status != 0) {
+			printf("Too many tokens\n");
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (n_tokens != 11) {
 			status = -1;
+			printf("\nToo many tokens in bulk file at line %d\n", line + 1);
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (strcmp(tokens[0], "ipv4")) {
+			printf("\nThe line should begin with string 'ipv4' %d\n", line + 1);
 			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
+			goto end;		}
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parse_ipv4_addr(tokens[1], &sipaddr)) {
+			printf("\nIncorrect format for sipaddr at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parser_read_uint32(&sipdepth, tokens[2])) {
+			printf("\nIncorrect format for sipdepth at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parse_ipv4_addr(tokens[3], &dipaddr)) {
+			printf("\nIncorrect format for dipaddr at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
 
-		str = strtok(NULL, " .");
-		if (str == NULL) {
+		if (parser_read_uint32(&dipdepth, tokens[4])) {
+			printf("\nIncorrect format for dipdepth at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&sport0, tokens[5])) {
+			printf("\nIncorrect format for sport0 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&sport1, tokens[6])) {
+			printf("\nIncorrect format for sport1 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&dport0, tokens[7])) {
+			printf("\nIncorrect format for dport0 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint16(&dport1, tokens[8])) {
+			printf("\nIncorrect format for dport1 at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		if (parser_read_uint8(&proto, tokens[9])) {
+			printf("\nIncorrect format for proto at line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
+		char *e;
+		protomask = strtoul(tokens[10], &e, 16);
+		if (*e || errno == EINVAL || errno == ERANGE) {
+			printf("\nIncorrect format for protomask - should be in hex  at "
+					"line %d\n", line + 1);
 			status = -1;
 			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.proto = atoi(str);
 
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		/* Need to add 2 to str to skip leading 0x */
-		params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
 
 		params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+		params->keys[i].key.ipv4_5tuple.src_ip = rte_bswap32(
+			(uint32_t) sipaddr.s_addr);
+		params->keys[i].key.ipv4_5tuple.src_ip_mask = sipdepth;
+		params->keys[i].key.ipv4_5tuple.dst_ip = rte_bswap32(
+			(uint32_t) dipaddr.s_addr);
+		params->keys[i].key.ipv4_5tuple.dst_ip_mask = dipdepth;
+		params->keys[i].key.ipv4_5tuple.src_port_from = sport0;
+		params->keys[i].key.ipv4_5tuple.src_port_to = sport1;
+		params->keys[i].key.ipv4_5tuple.dst_port_from = dport0;
+		params->keys[i].key.ipv4_5tuple.dst_port_to = dport1;
+		params->keys[i].key.ipv4_5tuple.proto = proto;
+		params->keys[i].key.ipv4_5tuple.proto_mask = protomask;
 
+		line++;
 		i++;
+
 	}
 
 	for (i = 0; i < params->n_keys; i++) {
@@ -1196,663 +1226,483 @@ app_pipeline_firewall_delete_default_rule(struct app_params *app,
 	return 0;
 }
 
-/*
- * p firewall add ipv4
- */
-
-struct cmd_firewall_add_ipv4_result {
+struct cmd_firewall_parsed_result {
 	cmdline_fixed_string_t p_string;
 	uint32_t pipeline_id;
 	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t add_string;
-	cmdline_fixed_string_t ipv4_string;
-	int32_t priority;
-	cmdline_ipaddr_t src_ip;
-	uint32_t src_ip_mask;
-	cmdline_ipaddr_t dst_ip;
-	uint32_t dst_ip_mask;
-	uint16_t src_port_from;
-	uint16_t src_port_to;
-	uint16_t dst_port_from;
-	uint16_t dst_port_to;
-	uint8_t proto;
-	uint8_t proto_mask;
-	uint8_t port_id;
+	cmdline_multi_string_t multi_string;
 };
 
-static void
-cmd_firewall_add_ipv4_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_add_ipv4_result *params = parsed_result;
+static void cmd_firewall_parsed(void *parsed_result,
+		__attribute__((unused))  struct cmdline *cl, void *data) {
+	struct cmd_firewall_parsed_result *params = parsed_result;
 	struct app_params *app = data;
-	struct pipeline_firewall_key key;
 	int status;
+	struct pipeline_firewall_key key;
 
-	key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
-	key.key.ipv4_5tuple.src_ip = rte_bswap32(
-		(uint32_t) params->src_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
-	key.key.ipv4_5tuple.dst_ip = rte_bswap32(
-		(uint32_t) params->dst_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
-	key.key.ipv4_5tuple.src_port_from = params->src_port_from;
-	key.key.ipv4_5tuple.src_port_to = params->src_port_to;
-	key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
-	key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
-	key.key.ipv4_5tuple.proto = params->proto;
-	key.key.ipv4_5tuple.proto_mask = params->proto_mask;
-
-	status = app_pipeline_firewall_add_rule(app,
-		params->pipeline_id,
-		&key,
-		params->priority,
-		params->port_id);
-
-	if (status != 0) {
-		printf("Command failed\n");
-		return;
-	}
-}
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result, p_string,
-		"p");
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, pipeline_id,
-		UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		add_string, "add");
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_ipv4_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		ipv4_string, "ipv4");
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_priority =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, priority,
-		INT32);
-
-cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_src_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip_mask,
-		UINT32);
-
-cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_dst_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip_mask,
-		UINT32);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		src_port_from, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		src_port_to, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		dst_port_from, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		dst_port_to, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		proto, UINT8);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		proto_mask, UINT8);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_port_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		port_id, UINT8);
-
-cmdline_parse_inst_t cmd_firewall_add_ipv4 = {
-	.f = cmd_firewall_add_ipv4_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule add",
-	.tokens = {
-		(void *) &cmd_firewall_add_ipv4_p_string,
-		(void *) &cmd_firewall_add_ipv4_pipeline_id,
-		(void *) &cmd_firewall_add_ipv4_firewall_string,
-		(void *) &cmd_firewall_add_ipv4_add_string,
-		(void *) &cmd_firewall_add_ipv4_ipv4_string,
-		(void *) &cmd_firewall_add_ipv4_priority,
-		(void *) &cmd_firewall_add_ipv4_src_ip,
-		(void *) &cmd_firewall_add_ipv4_src_ip_mask,
-		(void *) &cmd_firewall_add_ipv4_dst_ip,
-		(void *) &cmd_firewall_add_ipv4_dst_ip_mask,
-		(void *) &cmd_firewall_add_ipv4_src_port_from,
-		(void *) &cmd_firewall_add_ipv4_src_port_to,
-		(void *) &cmd_firewall_add_ipv4_dst_port_from,
-		(void *) &cmd_firewall_add_ipv4_dst_port_to,
-		(void *) &cmd_firewall_add_ipv4_proto,
-		(void *) &cmd_firewall_add_ipv4_proto_mask,
-		(void *) &cmd_firewall_add_ipv4_port_id,
-		NULL,
-	},
-};
-
-/*
- * p firewall del ipv4
- */
-
-struct cmd_firewall_del_ipv4_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t del_string;
-	cmdline_fixed_string_t ipv4_string;
-	cmdline_ipaddr_t src_ip;
-	uint32_t src_ip_mask;
-	cmdline_ipaddr_t dst_ip;
-	uint32_t dst_ip_mask;
-	uint16_t src_port_from;
-	uint16_t src_port_to;
-	uint16_t dst_port_from;
-	uint16_t dst_port_to;
+	uint32_t priority;
+	struct in_addr sipaddr;
+	uint32_t sipdepth;
+	struct in_addr dipaddr;
+	uint32_t dipdepth;
+	uint16_t sport0;
+	uint16_t sport1;
+	uint16_t dport0;
+	uint16_t dport1;
 	uint8_t proto;
-	uint8_t proto_mask;
-};
+	uint8_t protomask;
+	uint32_t port_id;
+	char *filepath;
 
-static void
-cmd_firewall_del_ipv4_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_del_ipv4_result *params = parsed_result;
-	struct app_params *app = data;
-	struct pipeline_firewall_key key;
-	int status;
-
-	key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
-	key.key.ipv4_5tuple.src_ip = rte_bswap32(
-		(uint32_t) params->src_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
-	key.key.ipv4_5tuple.dst_ip = rte_bswap32(
-		(uint32_t) params->dst_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
-	key.key.ipv4_5tuple.src_port_from = params->src_port_from;
-	key.key.ipv4_5tuple.src_port_to = params->src_port_to;
-	key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
-	key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
-	key.key.ipv4_5tuple.proto = params->proto;
-	key.key.ipv4_5tuple.proto_mask = params->proto_mask;
-
-	status = app_pipeline_firewall_delete_rule(app,
-		params->pipeline_id,
-		&key);
+	char *tokens[17];
+	uint32_t n_tokens = RTE_DIM(tokens);
+	status = parse_tokenize_string(params->multi_string, tokens, &n_tokens);
 
 	if (status != 0) {
-		printf("Command failed\n");
+		printf("Too many tokens\n");
 		return;
 	}
-}
 
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result, p_string,
-		"p");
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, pipeline_id,
-		UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_del_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		del_string, "del");
-
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_ipv4_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		ipv4_string, "ipv4");
-
-cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_src_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip_mask,
-		UINT32);
-
-cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_dst_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip_mask,
-		UINT32);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		src_port_from, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_port_to,
-		UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		dst_port_from, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		dst_port_to, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		proto, UINT8);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, proto_mask,
-		UINT8);
-
-cmdline_parse_inst_t cmd_firewall_del_ipv4 = {
-	.f = cmd_firewall_del_ipv4_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule delete",
-	.tokens = {
-		(void *) &cmd_firewall_del_ipv4_p_string,
-		(void *) &cmd_firewall_del_ipv4_pipeline_id,
-		(void *) &cmd_firewall_del_ipv4_firewall_string,
-		(void *) &cmd_firewall_del_ipv4_del_string,
-		(void *) &cmd_firewall_del_ipv4_ipv4_string,
-		(void *) &cmd_firewall_del_ipv4_src_ip,
-		(void *) &cmd_firewall_del_ipv4_src_ip_mask,
-		(void *) &cmd_firewall_del_ipv4_dst_ip,
-		(void *) &cmd_firewall_del_ipv4_dst_ip_mask,
-		(void *) &cmd_firewall_del_ipv4_src_port_from,
-		(void *) &cmd_firewall_del_ipv4_src_port_to,
-		(void *) &cmd_firewall_del_ipv4_dst_port_from,
-		(void *) &cmd_firewall_del_ipv4_dst_port_to,
-		(void *) &cmd_firewall_del_ipv4_proto,
-		(void *) &cmd_firewall_del_ipv4_proto_mask,
-		NULL,
-	},
-};
-
-/*
- * p firewall add bulk
- */
-
-struct cmd_firewall_add_bulk_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t add_string;
-	cmdline_fixed_string_t bulk_string;
-	cmdline_fixed_string_t file_path;
-};
-
-static void
-cmd_firewall_add_bulk_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_add_bulk_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
-
-	struct app_pipeline_add_bulk_params add_bulk_params;
-
-	status = app_pipeline_add_bulk_parse_file(params->file_path, &add_bulk_params);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
+	if ((n_tokens > 0) && (0 != strcmp(tokens[0], "add")) && (0 != strcmp(tokens[0], "del"))
+			&& (0 != strcmp(tokens[0], "ls"))) {
+		printf("Usage: \n p <id> firewall add ... \n p <id> firewall del... \n p <id> firewall ls\n");
+		return;
 	}
 
-	status = app_pipeline_firewall_add_bulk(app, params->pipeline_id, add_bulk_params.keys,
-			add_bulk_params.n_keys, add_bulk_params.priorities, add_bulk_params.port_ids);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
+	/* Parsing add command*/
+	if ((n_tokens > 0) && (0 == strcmp(tokens[0], "add"))) {
+		if (n_tokens > 18) {
+			printf("Command failed firewall add too many arguments\n");
+			return;
+		}
+		if (n_tokens < 2) {
+			printf(
+					"Usage: \n p <id> firewall add priority ... \n p <id> "
+					"firewall add bulk ... \n p <id> firewall default ..\n");
+			return;
+		}
+
+		/* Parsing add priority */
+		if (0 == strcmp(tokens[1], "priority")) {
+
+			if (n_tokens > 16) {
+				printf(
+						"Usage\n too many arguments\n p <pipeline ID> firewall "
+						"add priority <priority> ipv4 <sipaddr> <sipdepth> "
+						"<dipaddr> <dipdepth> <sport0> <sport1> <dport0> "
+						"<dport1> <proto> <protomask> port <port ID>\n");
+				return;
+			}
+
+			if (n_tokens < 16) {
+				printf(
+						"Usage\nnot enough arguments\n p <pipeline ID> firewall"
+						" add priority <priority> ipv4 <sipaddr> <sipdepth>"
+						" <dipaddr> <dipdepth> <sport0> <sport1> <dport0> "
+						"<dport1> <proto> <protomask> port <port ID>\n");
+				return;
+			}
+
+			if (parser_read_uint32(&priority, tokens[2])) {
+				printf("Incorrect format for priority\n");
+				return;
+			}
+
+			if (strcmp(tokens[3], "ipv4")) {
+				printf("string  supported ipv4\n");
+				return;
+			}
+
+			if (parse_ipv4_addr(tokens[4], &sipaddr)) {
+				printf("Incorrect format for sipaddr\n");
+				return;
+			}
+
+			if (parser_read_uint32(&sipdepth, tokens[5])) {
+				printf("Incorrect format for sipdepth\n");
+				return;
+			}
+
+			if (parse_ipv4_addr(tokens[6], &dipaddr)) {
+				printf("Incorrect format for dipaddr\n");
+				return;
+			}
+
+			if (parser_read_uint32(&dipdepth, tokens[7])) {
+				printf("Incorrect format for dipdepth\n");
+				return;
+			}
+
+			if (parser_read_uint16(&sport0, tokens[8])) {
+				printf("Incorrect format for sport0\n");
+				return;
+			}
+
+			if (parser_read_uint16(&sport1, tokens[9])) {
+				printf("Incorrect format for sport1\n");
+				return;
+			}
+
+			if (parser_read_uint16(&dport0, tokens[10])) {
+				printf("Incorrect format for dport0\n");
+				return;
+			}
+
+			if (parser_read_uint16(&dport1, tokens[11])) {
+				printf("Incorrect format for dport1\n");
+				return;
+			}
+
+			if (parser_read_uint8(&proto, tokens[12])) {
+				printf("Incorrect format for proto\n");
+				return;
+			}
+
+			char *e;
+			protomask = strtoul(tokens[13], &e, 16);
+			if (*e || errno == EINVAL || errno == ERANGE) {
+				printf("Incorrect format for protomask - should be in hex \n");
+				return;
+			}
+
+			if (strcmp(tokens[14], "port")) {
+				printf("string  supported port\n");
+				return;
+			}
+
+			if (parser_read_uint32(&port_id, tokens[15])) {
+				printf("Incorrect format for port ID\n");
+				return;
+			}
+
+			key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+			key.key.ipv4_5tuple.src_ip = rte_bswap32((uint32_t) sipaddr.s_addr);
+			key.key.ipv4_5tuple.src_ip_mask = sipdepth;
+			key.key.ipv4_5tuple.dst_ip = rte_bswap32((uint32_t) dipaddr.s_addr);
+			key.key.ipv4_5tuple.dst_ip_mask = dipdepth;
+			key.key.ipv4_5tuple.src_port_from = sport0;
+			key.key.ipv4_5tuple.src_port_to = sport1;
+			key.key.ipv4_5tuple.dst_port_from = dport0;
+			key.key.ipv4_5tuple.dst_port_to = dport1;
+			key.key.ipv4_5tuple.proto = proto;
+			key.key.ipv4_5tuple.proto_mask = protomask;
+
+			status = app_pipeline_firewall_add_rule(app, params->pipeline_id,
+					&key, priority, port_id);
+
+			if (status != 0)
+				printf("Command failed\n");
+
+			return;
+
+		}
+
+		/* Parsing add default */
+		if ((0 == strcmp(tokens[1], "default"))
+				&& (0 != strcmp(tokens[1], "bulk"))
+				&& (0 != strcmp(tokens[1], "priority"))) {
+			if (n_tokens > 3) {
+				printf(
+						"too many arguments: \np <pipeline ID> firewall add "
+						"default <port ID>");
+				return;
+			}
+
+			if (n_tokens < 3) {
+				printf(
+						"not enough arguments \np <pipeline ID> firewall add "
+						"default <port ID>");
+				return;
+			}
+
+			if (parser_read_uint32(&port_id, tokens[2])) {
+				printf("Incorrect format for port ID\n");
+				return;
+			}
+
+			status = app_pipeline_firewall_add_default_rule(app,
+					params->pipeline_id, port_id);
+
+			if (status != 0)
+				printf("Command failed\n");
+
+			return;
+		}
+
+		/* Parsing add bulk */
+		if (0 == strcmp(tokens[1], "bulk")) {
+			if (n_tokens > 3) {
+				printf(
+						"too many arguments: \np <pipeline ID> firewall add "
+						"bulk <file>");
+				return;
+			}
+
+			if (n_tokens < 3) {
+				printf(
+						"not enough arguments \np <pipeline ID> firewall add "
+						"bulk <file>");
+				return;
+			}
+
+			filepath = tokens[2];
+			printf("%s", filepath);
+
+			struct app_pipeline_add_bulk_params add_bulk_params;
+			memset(&add_bulk_params, 0, sizeof(struct app_pipeline_add_bulk_params));
+
+			status = app_pipeline_add_bulk_parse_file(filepath,
+					&add_bulk_params);
+			if (status != 0) {
+				printf("Command failed\n");
+				goto end;
+			}
+
+			status = app_pipeline_firewall_add_bulk(app, params->pipeline_id,
+					add_bulk_params.keys, add_bulk_params.n_keys,
+					add_bulk_params.priorities, add_bulk_params.port_ids);
+			if (status != 0) {
+				printf("Command failed\n");
+				goto end;
+			}
+
+			return;
+
+			end:
+			rte_free(add_bulk_params.keys);
+			rte_free(add_bulk_params.priorities);
+			rte_free(add_bulk_params.port_ids);
+			return;
+
+		}
 	}
 
-end:
-	rte_free(add_bulk_params.keys);
-	rte_free(add_bulk_params.priorities);
-	rte_free(add_bulk_params.port_ids);
-}
-
-cmdline_parse_token_string_t cmd_firewall_add_bulk_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result, p_string,
-		"p");
-
-cmdline_parse_token_num_t cmd_firewall_add_bulk_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_bulk_result, pipeline_id,
-		UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_add_bulk_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_add_bulk_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		add_string, "add");
-
-cmdline_parse_token_string_t cmd_firewall_add_bulk_bulk_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		bulk_string, "bulk");
-
-cmdline_parse_token_string_t cmd_firewall_add_bulk_file_path_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		file_path, NULL);
-
-cmdline_parse_inst_t cmd_firewall_add_bulk = {
-	.f = cmd_firewall_add_bulk_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule add bulk",
-	.tokens = {
-		(void *) &cmd_firewall_add_bulk_p_string,
-		(void *) &cmd_firewall_add_bulk_pipeline_id,
-		(void *) &cmd_firewall_add_bulk_firewall_string,
-		(void *) &cmd_firewall_add_bulk_add_string,
-		(void *) &cmd_firewall_add_bulk_bulk_string,
-		(void *) &cmd_firewall_add_bulk_file_path_string,
-		NULL,
-	},
-};
-
-/*
- * p firewall del bulk
- */
-
-struct cmd_firewall_del_bulk_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t del_string;
-	cmdline_fixed_string_t bulk_string;
-	cmdline_fixed_string_t file_path;
-};
-
-static void
-cmd_firewall_del_bulk_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_del_bulk_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
-
-	struct app_pipeline_del_bulk_params del_bulk_params;
-
-	status = app_pipeline_del_bulk_parse_file(params->file_path, &del_bulk_params);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
+	/* Parsing del command */
+	if ((n_tokens > 0) && (0 == strcmp(tokens[0], "del"))) {
+		if (n_tokens > 15) {
+			printf("Command failed firewall add too many arguments\n");
+			return;
+		}
+		if (n_tokens < 2) {
+			printf(
+					"Usage: \n p <id> firewall del ipv4 ... \n p <id> firewall "
+					"del bulk ... \n p <id> firewall del default ...\n");
+			return;
+		}
+
+		if (strcmp(tokens[1], "ipv4") == 0) {
+			if (n_tokens > 12) {
+				printf(
+						"too many arguments: \np <pipeline ID> firewall del"
+						" ipv4 .. ");
+				return;
+			}
+
+			if (n_tokens < 12) {
+				printf(
+						"not enough arguments \np <pipeline ID> firewall del"
+						" ipv4 .. ");
+				return;
+			}
+
+			if (parse_ipv4_addr(tokens[2], &sipaddr)) {
+				printf("Incorrect format for sipaddr\n");
+				return;
+			}
+
+			if (parser_read_uint32(&sipdepth, tokens[3])) {
+				printf("Incorrect format for sipdepth\n");
+				return;
+			}
+
+			if (parse_ipv4_addr(tokens[4], &dipaddr)) {
+				printf("Incorrect format for dipaddr\n");
+				return;
+			}
+
+			if (parser_read_uint32(&dipdepth, tokens[5])) {
+				printf("Incorrect format for dipdepth\n");
+				return;
+			}
+
+			if (parser_read_uint16(&sport0, tokens[6])) {
+				printf("Incorrect format for sport0\n");
+				return;
+			}
+
+			if (parser_read_uint16(&sport1, tokens[7])) {
+				printf("Incorrect format for sport1\n");
+				return;
+			}
+			if (parser_read_uint16(&dport0, tokens[8])) {
+				printf("Incorrect format for dport0\n");
+				return;
+			}
+
+			if (parser_read_uint16(&dport1, tokens[9])) {
+				printf("Incorrect format for dport1\n");
+				return;
+			}
+
+			if (parser_read_uint8(&proto, tokens[10])) {
+				printf("Incorrect format for proto\n");
+				return;
+			}
+
+			char *e;
+			protomask = strtoul(tokens[11], &e, 16);
+			if (*e || errno == EINVAL || errno == ERANGE) {
+				printf("Incorrect format for protomask - should be in hex \n");
+				return;
+			}
+
+			key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+			key.key.ipv4_5tuple.src_ip = rte_bswap32((uint32_t) sipaddr.s_addr);
+			key.key.ipv4_5tuple.src_ip_mask = sipdepth;
+			key.key.ipv4_5tuple.dst_ip = rte_bswap32((uint32_t) dipaddr.s_addr);
+			key.key.ipv4_5tuple.dst_ip_mask = dipdepth;
+			key.key.ipv4_5tuple.src_port_from = sport0;
+			key.key.ipv4_5tuple.src_port_to = sport1;
+			key.key.ipv4_5tuple.dst_port_from = dport0;
+			key.key.ipv4_5tuple.dst_port_to = dport1;
+			key.key.ipv4_5tuple.proto = proto;
+			key.key.ipv4_5tuple.proto_mask = protomask;
+
+			status = app_pipeline_firewall_delete_rule(app, params->pipeline_id,
+					&key);
+
+			if (status != 0)
+				printf("Command failed\n");
+
+			return;
+		}
+
+		/* del bulk */
+		if (strcmp(tokens[1], "bulk") == 0) {
+			if (n_tokens > 3) {
+				printf(
+						"too many arguments: \np <pipeline ID> firewall del "
+						"bulk <file>");
+				return;
+			}
+
+			if (n_tokens < 3) {
+				printf(
+						"not enough arguments \np <pipeline ID> firewall del"
+						" bulk <file>");
+				return;
+			}
+
+			filepath = tokens[2];
+			struct app_pipeline_del_bulk_params del_bulk_params;
+			memset(&del_bulk_params, 0, sizeof(struct app_pipeline_del_bulk_params));
+
+			status = app_pipeline_del_bulk_parse_file(filepath,
+					&del_bulk_params);
+			if (status != 0) {
+				printf("Command failed\n");
+				goto end1;
+			}
+
+			status = app_pipeline_firewall_delete_bulk(app, params->pipeline_id,
+					del_bulk_params.keys, del_bulk_params.n_keys);
+			if (status != 0) {
+				printf("Command failed\n");
+				goto end1;
+			}
+			return;
+
+			end1: rte_free(del_bulk_params.keys);
+			return;
+
+		}
+
+		if (strcmp(tokens[1], "default") == 0) {
+			if (n_tokens > 2) {
+				printf(
+						"too many arguments: \np <pipeline ID> firewall del "
+						"default");
+				return;
+			}
+
+			if (n_tokens < 2) {
+				printf(
+						"not enough arguments \np <pipeline ID> firewall del "
+						"default");
+				return;
+			}
+
+			status = app_pipeline_firewall_delete_default_rule(app,
+					params->pipeline_id);
+
+			if (status != 0)
+				printf("Command failed\n");
+
+			return;
+
+		}
 	}
 
-	status = app_pipeline_firewall_delete_bulk(app, params->pipeline_id,
-			del_bulk_params.keys, del_bulk_params.n_keys);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
-	}
-
-end:
-	rte_free(del_bulk_params.keys);
-}
-
-cmdline_parse_token_string_t cmd_firewall_del_bulk_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result, p_string,
-		"p");
-
-cmdline_parse_token_num_t cmd_firewall_del_bulk_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_bulk_result, pipeline_id,
-		UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_del_bulk_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_del_bulk_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		del_string, "del");
-
-cmdline_parse_token_string_t cmd_firewall_del_bulk_bulk_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		bulk_string, "bulk");
-
-cmdline_parse_token_string_t cmd_firewall_del_bulk_file_path_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		file_path, NULL);
-
-cmdline_parse_inst_t cmd_firewall_del_bulk = {
-	.f = cmd_firewall_del_bulk_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule del bulk",
-	.tokens = {
-		(void *) &cmd_firewall_del_bulk_p_string,
-		(void *) &cmd_firewall_del_bulk_pipeline_id,
-		(void *) &cmd_firewall_del_bulk_firewall_string,
-		(void *) &cmd_firewall_del_bulk_add_string,
-		(void *) &cmd_firewall_del_bulk_bulk_string,
-		(void *) &cmd_firewall_del_bulk_file_path_string,
-		NULL,
-	},
-};
+	/* Parsing ls command */
+	if ((n_tokens > 0) && (0 == strcmp(tokens[0], "ls"))) {
 
-/*
- * p firewall add default
- */
-struct cmd_firewall_add_default_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t add_string;
-	cmdline_fixed_string_t default_string;
-	uint8_t port_id;
-};
+		if (n_tokens > 1) {
+			printf("Command firewall ls too many arguments\n");
+			return;
+		}
 
-static void
-cmd_firewall_add_default_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_add_default_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
+		status = app_pipeline_firewall_ls(app, params->pipeline_id);
 
-	status = app_pipeline_firewall_add_default_rule(app,
-		params->pipeline_id,
-		params->port_id);
+		if (status != 0)
+			printf("Command firewall ls failed\n");
 
-	if (status != 0) {
-		printf("Command failed\n");
 		return;
-	}
-}
-
-cmdline_parse_token_string_t cmd_firewall_add_default_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-		p_string, "p");
-
-cmdline_parse_token_num_t cmd_firewall_add_default_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result,
-		pipeline_id, UINT32);
 
-cmdline_parse_token_string_t cmd_firewall_add_default_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-	firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_add_default_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-	add_string, "add");
-
-cmdline_parse_token_string_t cmd_firewall_add_default_default_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-		default_string, "default");
-
-cmdline_parse_token_num_t cmd_firewall_add_default_port_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result, port_id,
-		UINT8);
-
-cmdline_parse_inst_t cmd_firewall_add_default = {
-	.f = cmd_firewall_add_default_parsed,
-	.data = NULL,
-	.help_str = "Firewall default rule add",
-	.tokens = {
-		(void *) &cmd_firewall_add_default_p_string,
-		(void *) &cmd_firewall_add_default_pipeline_id,
-		(void *) &cmd_firewall_add_default_firewall_string,
-		(void *) &cmd_firewall_add_default_add_string,
-		(void *) &cmd_firewall_add_default_default_string,
-		(void *) &cmd_firewall_add_default_port_id,
-		NULL,
-	},
-};
-
-/*
- * p firewall del default
- */
-struct cmd_firewall_del_default_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t del_string;
-	cmdline_fixed_string_t default_string;
-};
-
-static void
-cmd_firewall_del_default_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_del_default_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
-
-	status = app_pipeline_firewall_delete_default_rule(app,
-		params->pipeline_id);
-
-	if (status != 0) {
-		printf("Command failed\n");
-		return;
 	}
-}
-
-cmdline_parse_token_string_t cmd_firewall_del_default_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-		p_string, "p");
 
-cmdline_parse_token_num_t cmd_firewall_del_default_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_default_result,
-		pipeline_id, UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_del_default_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-	firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_del_default_del_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-		del_string, "del");
-
-cmdline_parse_token_string_t cmd_firewall_del_default_default_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-		default_string, "default");
-
-cmdline_parse_inst_t cmd_firewall_del_default = {
-	.f = cmd_firewall_del_default_parsed,
-	.data = NULL,
-	.help_str = "Firewall default rule delete",
-	.tokens = {
-		(void *) &cmd_firewall_del_default_p_string,
-		(void *) &cmd_firewall_del_default_pipeline_id,
-		(void *) &cmd_firewall_del_default_firewall_string,
-		(void *) &cmd_firewall_del_default_del_string,
-		(void *) &cmd_firewall_del_default_default_string,
-		NULL,
-	},
-};
-
-/*
- * p firewall ls
- */
-
-struct cmd_firewall_ls_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t ls_string;
-};
-
-static void
-cmd_firewall_ls_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_ls_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
-
-	status = app_pipeline_firewall_ls(app, params->pipeline_id);
-
-	if (status != 0) {
-		printf("Command failed\n");
-		return;
-	}
 }
 
-cmdline_parse_token_string_t cmd_firewall_ls_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, p_string,
+cmdline_parse_token_string_t cmd_firewall_p_string =
+	TOKEN_STRING_INITIALIZER(struct cmd_firewall_parsed_result, p_string,
 		"p");
 
-cmdline_parse_token_num_t cmd_firewall_ls_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_ls_result, pipeline_id,
+cmdline_parse_token_num_t cmd_firewall_pipeline_id =
+	TOKEN_NUM_INITIALIZER(struct cmd_firewall_parsed_result, pipeline_id,
 		UINT32);
 
-cmdline_parse_token_string_t cmd_firewall_ls_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result,
+cmdline_parse_token_string_t cmd_firewall_firewall_string =
+	TOKEN_STRING_INITIALIZER(struct cmd_firewall_parsed_result,
 	firewall_string, "firewall");
 
-cmdline_parse_token_string_t cmd_firewall_ls_ls_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, ls_string,
-	"ls");
+static cmdline_parse_token_string_t cmd_firewall_multi_string =
+	TOKEN_STRING_INITIALIZER(struct cmd_firewall_parsed_result, multi_string,
+	TOKEN_STRING_MULTI);
 
-cmdline_parse_inst_t cmd_firewall_ls = {
-	.f = cmd_firewall_ls_parsed,
+cmdline_parse_inst_t cmd_firewall = {
+	.f = cmd_firewall_parsed,
 	.data = NULL,
-	.help_str = "Firewall rule list",
+	.help_str = "\n p <pipeline ID> firewall add priority <priority> ipv4 "
+				"<sipaddr> <sipdepth> <dipaddr> <dipdepth> <sport0> <sport1> "
+				"<dport0> <dport1> <proto> <protomask> port <port ID> \n"
+				"\n p <pipeline ID> firewall add bulk <file>  \n"
+				"\n p <pipeline ID> firewall add default <port ID>\n"
+				"\n p <pipeline ID> firewall del ipv4 <sipaddr> <sipdepth>"
+				"<dipaddr> <dipdepth> <sport0> <sport1> <dport0> <dport1> "
+				"<proto> <protomask> \n"
+				"\n p <pipeline ID> firewall del bulk <file> \n"
+				"\n p <pipeline ID> firewall del default \n"
+				"\n p <pipeline ID> firewall ls \n",
 	.tokens = {
-		(void *) &cmd_firewall_ls_p_string,
-		(void *) &cmd_firewall_ls_pipeline_id,
-		(void *) &cmd_firewall_ls_firewall_string,
-		(void *) &cmd_firewall_ls_ls_string,
+		(void *) &cmd_firewall_p_string,
+		(void *) &cmd_firewall_pipeline_id,
+		(void *) &cmd_firewall_firewall_string,
+		(void *)&cmd_firewall_multi_string,
 		NULL,
 	},
 };
 
 static cmdline_parse_ctx_t pipeline_cmds[] = {
-	(cmdline_parse_inst_t *) &cmd_firewall_add_ipv4,
-	(cmdline_parse_inst_t *) &cmd_firewall_del_ipv4,
-	(cmdline_parse_inst_t *) &cmd_firewall_add_bulk,
-	(cmdline_parse_inst_t *) &cmd_firewall_del_bulk,
-	(cmdline_parse_inst_t *) &cmd_firewall_add_default,
-	(cmdline_parse_inst_t *) &cmd_firewall_del_default,
-	(cmdline_parse_inst_t *) &cmd_firewall_ls,
+	(cmdline_parse_inst_t *) &cmd_firewall,
 	NULL,
 };