Hi guys,
I looked into the source code of vpp/src/plugin/acl/fa_node.c,
in function full_acl_match_5tuple(), it seems that every ingress packet is
matching against each ACL rule stored in acl_main->acls in a for-loop manner.
This seems not fairly effective.
Besides, I notice that in vpp/src/plugin/acl/acl.c,when you call the function
acl_hook_l2_input_classify(), you will create a vnet_classify_table, but I
didn't see any code which adds classify_session to it, why?
Is there any document/idea could basically explain the relationships between
acl/fa_node and vnet_classify?
Any help will be much appreciated.
Best Regards,
Pan
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
