I tried some ACL config, but it does not work as I expected. I send traffic into interface 1, and vpp should send the traffic out through interface 2.
For ACL, I first add this ACL. acl_add_replace ipv4 src 10.0.0.0/8 deny Then, I send traffic after adding each of the following 4 configs. acl_interface_add_del sw_if_index 1 add input acl 0 acl_interface_add_del sw_if_index 1 add output acl 0 acl_interface_add_del sw_if_index 2 add input acl 0 acl_interface_add_del sw_if_index 2 add output acl 0 I expect no traffic being sent out after adding the ACL to the input of interface 1. However, I still see traffic going out of interface 2. Only after the 4th config, no traffic is sent out. Also in the "show run" in vppctl, I can only see "acl-plugin-fa-worker-cleaner-pinterrupt" and "acl-plugin-out-ip4-fa" that are related to ACL. I think this means ACL at the input of an interface is not working. Do you see anything wrong here? Thanks, Yuliang On Tue, Nov 14, 2017 at 5:10 AM, Andrew Yourtchenko <ayour...@gmail.com> wrote: > Cool! > > Sure, you can use vat in that case as well. > > --a > > On 13 Nov 2017, at 22:08, Yuliang Li <yuliang...@yale.edu> wrote: > > It works! Thanks. > > Another question: if I want to use ACL plugin in non-debug build (say, > build-release), is can I use vat? Or I need to use the python code? > > On Mon, Nov 13, 2017 at 12:06 PM, Andrew Yourtchenko <ayour...@gmail.com> > wrote: > >> “Make build” in the VPP directory will get you a debug build. The $1 and >> such is just standard shell scripting, in case I need to pass some >> parameters to vat. I don’t think I had ever needed them... >> >> --a >> >> On 13 Nov 2017, at 17:40, Yuliang Li <yuliang...@yale.edu> wrote: >> >> Maybe this is a stupid question.. Does vat have to work with debug >> builds? And how to do the debug builds? What are the $1~$5 in your script? >> >> Thanks, >> Yuliang >> >> On Mon, Nov 13, 2017 at 3:03 AM, Andrew Yourtchenko <ayour...@gmail.com> >> wrote: >> >>> When just running vat from within the source tree, it needs to know the >>> path for the plugins, for debug builds I usually have the following small >>> shell script which takes care of this without requiring me thinking every >>> time (of course needs to be launched from the vpp top directory since it >>> has relative paths: >>> >>> $ cat ~/bin/run-vat >>> #!/bin/sh >>> sudo ./build-root/install-vpp_debug-native/vpp/bin/vpp_api_test >>> plugin_path >>> ./build-root/install-vpp_debug-native/vpp/lib64/vpp_api_test_plugins/ >>> $1 $2 $3 $4 $5 >>> >>> Not sure about the error with build-vat, I will let other folks comment >>> on it if someone knows... >>> >>> —a >>> >>> > On 13 Nov 2017, at 03:14, Yuliang Li <yuliang...@yale.edu> wrote: >>> > >>> > Thanks for the quick reply. >>> > >>> > I still fail to use the vat to configure ACL. After make >>> build-release, I use sudo build-root/build-vpp-native/vpp/vpp_api_test, >>> but it tell me: >>> > 'acl_plugin_get_version': function not found >>> > Other ACL commands have the same problem. >>> > >>> > I also tried make build-vat, but it gives the following error: >>> > @@@@ Arch for platform 'vpp' is native @@@@ >>> > @@@@ Finding source for vpp-api-test @@@@ >>> > @@@@ Package vpp-api-test not found with path /home/bright/tools/vpp >>> @@@@ >>> > Makefile:780: recipe for target 'vpp-api-test-find-source' failed >>> > make[1]: *** [vpp-api-test-find-source] Error 1 >>> > make[1]: Leaving directory '/home/bright/tools/vpp/build-root' >>> > Makefile:460: recipe for target 'build-vat' failed >>> > make: *** [build-vat] Error 2 >>> > >>> > Am I doing something wrong here? >>> > >>> > Thanks, >>> > Yuliang >>> > >>> > On Sun, Nov 12, 2017 at 5:15 PM, Andrew 👽 Yourtchenko < >>> ayour...@gmail.com> wrote: >>> > Hi Yuliang, >>> > >>> > You can look at the test/test_acl_plugin_*.py files for the examples >>> > of interactions with plugin from python code. >>> > >>> > Alternatively, you can use VPP API test tool (vat) which is built >>> > together with VPP and then issue the API calls directly from there. >>> > >>> > Shout if you have any questions, will be happy to answer! :) >>> > >>> > --a >>> > >>> > On 11/12/17, Yuliang Li <yuliang...@yale.edu> wrote: >>> > > Hi, >>> > > >>> > > I want to use the ACL plugin https://wiki.fd.io/view/VPP/Se >>> curityGroups. It >>> > > seems it can only be configured via API. I only used vppctl before. >>> Can >>> > > anyone please tell how to use the API to configure? Or is there >>> other ways >>> > > to configre? >>> > > >>> > > Thanks, >>> > > -- >>> > > Yuliang Li >>> > > PhD student >>> > > Department of Computer Science >>> > > Yale University >>> > > >>> > >>> > >>> > >>> > -- >>> > Yuliang Li >>> > PhD student >>> > Department of Computer Science >>> > Yale University >>> >>> >> >> >> -- >> Yuliang Li >> PhD student >> Department of Computer Science >> Yale University >> >> > > > -- > Yuliang Li > PhD student > Department of Computer Science > Yale University > > -- Yuliang Li PhD student Department of Computer Science Yale University
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
