Hi juraj, Sorry for the delay.
Minus 1 means for the acl# means no acl had matched, so this should be default deny, however the odd output from the dump means it needs a closer look. Please me the saved binary API trace from the moment of startup to the observation of the problem + the packet trace and I will take a look. Thanks! --a > On 28 Apr 2017, at 17:39, Juraj Linkes -X (jlinkes - PANTHEON TECHNOLOGIES at > Cisco) <jlin...@cisco.com> wrote: > > Hi vpp devs, > > I'm using vpp-17.04-release.x86_64 on CentOS 7.3 and I'm trying to figure out > what does this packet trace mean: > Packet 9 > > 00:15:18:177142: tapcli-rx > tap-2 > 00:15:18:177155: ethernet-input > IP4: fa:16:3e:eb:c6:6d -> fa:16:3e:9b:93:4a > 00:15:18:177159: l2-input > l2-input: sw_if_index 4 dst fa:16:3e:9b:93:4a src fa:16:3e:eb:c6:6d > 00:15:18:177161: l2-input-classify > l2-classify: sw_if_index 4, table 1, offset 0, next 21 > 00:15:18:177163: acl-plugin-in-ip4-l2 > acl-plugin: sw_if_index 4, next index 0, action: 0, match: acl -1 rule -1 > trace_bits 00000000 > pkt info 0000000000000000 7073c30a00000000 0000000000000000 > 0700640a00000000 0000000100000008 0000000000000400 > 00:15:18:177167: error-drop > acl-plugin-in-ip4-l2: ACL deny packets > > What do acl -1 and rule -1 mean? I expected to find acl and rule indices in > the trace, but I don't know what -1 means. I've looked at which acls are on > that inteface in vat: > vat# acl_interface_list_dump > vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 0, count: 0, > n_input: 0 > input > vat# vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 1, count: > 0, n_input: 0 > input > vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 2, count: 2, > n_input: 1 > input 83886080 > output 67108864 > vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 3, count: 2, > n_input: 1 > input 0 > output 16777216 > > vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 4, count: 0, > n_input: 0 > input > vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 6, count: 0, > n_input: 0 > input > vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 7, count: 0, > n_input: 0 > input > vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 8, count: 0, > n_input: 0 > input > > It says there are no acls associated with the interface. No sure how what > acls are being applied then. And what about the acls indices (83886080, > 67108864 and 16777216)? I only have six acls configured (indices 0-5) and the > indices are way off. Is it some sort of overflow? Note that we're using > honeycomb to configure these. > > Thanks, > Juraj > _______________________________________________ > vpp-dev mailing list > vpp-dev@lists.fd.io > https://lists.fd.io/mailman/listinfo/vpp-dev
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
