Hi Gabriel, This looks interesting, and nice to meet you!
I'm working on stateful ACL session tracking: https://github.com/vpp-dev/vpp/tree/acl/plugins/l2sess-plugin which plugs into the ACL plugin: https://github.com/vpp-dev/vpp/tree/acl/plugins/acl-plugin Definitely would be interesting to chat. I am using the 5-tuple mask in the L2 classifier table for flow entries and was thinking too about having some application-specific data (like, for example, TCP state for the TCP sessions, etc.) as I am getting now to work on the actual tracking of the state. My current thinking i that if upon the session creation the flow gets assigned a unique number, with the constraint that a lowest available one gets chosen, then the app-specific data storage can be simply done in vectors close to a particular application needing that data, indexed by this unique number. Classifier conveniently gives a u32 opaque, which is moved around with the packet at least in the L2 case in L2 opaque - so it seems to allow for a nice loose coupling, and get things done with the least amount of new code. But would be interesting to chat more about this. Which timezone are you in ? I am in CET. We could chat on IRC in #fdio. --a On 11/9/16, gannega <gabriel.ga...@qosmos.com> wrote: > Hi, > > I'm currently working on writing a flowtable node for vpp (It can be > found in vppsb or on github > <https://github.com/GabrielGanne/vpp-flowtable>). > > In short, it inserts itself between given interface and ethernet-input, > and basically provides a buffer associated to the flow which can be > written externally. > > I heard that some people were working on stateful features such as ACL. > Would you be interested to see if those could work together ? > > In any case, I'd be happy to know what you think of it and what might be > missing. > > Best regards, > > -- > Gabriel Ganne > > This message and any attachments (the "message") are confidential, intended > solely for the addressees. If you are not the intended recipient, please > notify the sender immediately by e-mail and delete this message from your > system. In this case, you are not authorized to use, copy this message > and/or disclose the content to any other person. E-mails are susceptible to > alteration. Neither Qosmos nor any of its subsidiaries or affiliates shall > be liable for the message if altered, changed or falsified. > > Ce message et toutes ses pièces jointes (ci-après le "message")sont > confidentiels et établis à l'intention exclusive de ses destinataires. Si > vous avez reçu ce message par erreur, merci d’en informer immédiatement son > émetteur par courrier électronique et d’effacer ce message de votre système. > Dans cette hypothèse, vous n’êtes pas autorisé à utiliser, copier ce message > et/ou en divulguer le contenu à un tiers. Tout message électronique est > susceptible d'altération. Qosmos et ses filiales déclinent toute > responsabilité au titre de ce message s'il a été altéré, déformé ou > falsifié. > _______________________________________________ > vpp-dev mailing list > vpp-dev@lists.fd.io > https://lists.fd.io/mailman/listinfo/vpp-dev _______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
