Dear Emma,
the behavior you are observing is expected. Since we do not do
in-flight reassembly, in order to make the ACL work for the fragment
we have to do first-match on a relaxed rule derived from L4 rule that
would have matched that packet.
I think just issuing "set acl-plugin l4-match-nonfir
Hi Dear VPP
When I was trying to test fragmentation feature in VPP, I encountered a
problem.
firstly, I added an acl as below:
acl_add_replace deny proto 1 sport 2-2 dport 3-3, permit+reflect
and then I saw that ICMP ping packets were passing through the VPP matching
with second rule.
At the next
