Dear John, Where does the traffic come from? E.g. some vm that’s local to the vpp system, or are we talking about diverting every transit-switched packet aimed at TCP port 5000?
Regardless, you’ll end up wanting something equivalent to a 1-table, 1-rule classifier setup. If you feel like fiddling with the classifier, you could abuse the input ACL feature by creating a single “session” which matches proto==tcp, dst_port==5000. Program the classifier session next_index to the value obtained from vlib_node_add_next (vm, ip4|6_inacl.index, my_node.index). Create a graph arc from the input acl node to “my-node”. My-node sets vnet_buffer(b0)->sw_if_index[VLIB_TX] = tap_port_sw_if_index, rewinds the buffer, and enqueues it to “interface-tx”. When you’re confident that you have the classifier table setup down pat, decide whether you want an input feature or a post-rewrite feature. Create a new feature arc element by following the patterns. If you decide that you’d rather hand-code a single node to match proto==tcp, dst_port=5000 - I suspect that’s where you’ll land eventually - pick a feature arc and add a feature which classifies and either: (a) sets vnet_buffer(b0)->sw_if_index[VLIB_TX] = tap_port_sw_if_index, rewinds the buffer, and enqueues it to “interface-tx”, or (b) sends the packet to the next feature in the feature arc. (b) is really simple; just enqueue the packet as directed by: vnet_feature_next (sw_if_index0, &next0, b0); Normal feature-node coding practice is to call vnet_feature_next(...) - which sets next0 to enqueue to the next feature node - then do <whatever>, which might includes setting next0 to divert the packet elsewhere. HTH... Dave From: John Pearson [mailto:johnpearson...@gmail.com] Sent: Wednesday, February 8, 2017 3:22 PM To: Dave Barach (dbarach) <dbar...@cisco.com> Cc: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] classify and redirect to tap Hi Dave, A little clarification. Here is the setup: Client 1 + Client 2 | ---> TCP dat-port=5000, dst-addr=customdomain.com<http://customdomain.com> ---> vpp ---> tap interface ---> linux stack . . . . | Client N + dst-addr is _not_ for us, it’s going out into the world. VPP should intercept. Basically a proxy. On Wed, Feb 8, 2017 at 5:48 AM, Dave Barach (dbarach) <dbar...@cisco.com<mailto:dbar...@cisco.com>> wrote: Dear John, Is this picture what you have in mind? Client 1 + Client 2 | ---> TCP dst-port=5000, dst-addr=vpp intfc address -> vpp -> tap interface -> Linux stack .... Client N + As in: you want to redirect tcp-for-us dst-port=5000 packets to the Linux stack? If that’s correct, “ip[4|6]_register_protocol (IP_PROTOCOL_TCP, my_node.index);” will hand “my_node” all tcp-for-us packets, whereupon you can check for the indicated dst port and so forth. That’s true today. We’re developing a vpp tcp host-stack, which will be in 17.04. Mechanics will change. Before we go there, please confirm that I’m understanding what you need to do. Thanks… Dave From: John Pearson [mailto:johnpearson...@gmail.com<mailto:johnpearson...@gmail.com>] Sent: Tuesday, February 7, 2017 7:00 PM To: Dave Barach (dbarach) <dbar...@cisco.com<mailto:dbar...@cisco.com>> Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> Subject: Re: [vpp-dev] classify and redirect to tap Hi Dave, I have a custom application that processes packets sent on port 5000 by the clients. I can’t manually configure each client, so this requires redirecting packets with destination port 5000 to tap interface on which the application is listening. Thanks On Tue, Feb 7, 2017 at 4:53 AM, Dave Barach (dbarach) <dbar...@cisco.com<mailto:dbar...@cisco.com>> wrote: Dear John, Read at face value, you’ll probably want to implement an output feature to take care of it. Before I jump in and start describing the mechanics involved: please describe the use-case in some detail. The easiest-to-code solution would probably cost an annoying amount of performance on every packet. Depending on details, it may be possible to use e.g. FIB adjacencies to reduce the cost to zero for traffic that you don’t redirect. Thanks… Dave From: vpp-dev-boun...@lists.fd.io<mailto:vpp-dev-boun...@lists.fd.io> [mailto:vpp-dev-boun...@lists.fd.io<mailto:vpp-dev-boun...@lists.fd.io>] On Behalf Of John Pearson Sent: Tuesday, February 7, 2017 12:57 AM To: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> Subject: [vpp-dev] classify and redirect to tap Hi, I am trying to send/redirect outgoing tcp port 5000 traffic to tap device. I found another thread mention “tap inject” but couldn’t find any documentation on it and “inject” is an unknown input in vpp CLI. Any advice?
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
