Assuming your input interface is a subinterface then you would need the build which includes https://gerrit.fd.io/r/#/c/8519/ - and if that is the case already, then I would need to see the full sequence of steps needed to recreate the problem, to say something about it.
--a > On 19 Nov 2017, at 23:22, Yuliang Li <yuliang...@yale.edu> wrote: > > I tried some ACL config, but it does not work as I expected. > > I send traffic into interface 1, and vpp should send the traffic out through > interface 2. > > For ACL, I first add this ACL. > acl_add_replace ipv4 src 10.0.0.0/8 deny > > Then, I send traffic after adding each of the following 4 configs. > acl_interface_add_del sw_if_index 1 add input acl 0 > acl_interface_add_del sw_if_index 1 add output acl 0 > acl_interface_add_del sw_if_index 2 add input acl 0 > acl_interface_add_del sw_if_index 2 add output acl 0 > > I expect no traffic being sent out after adding the ACL to the input of > interface 1. However, I still see traffic going out of interface 2. > Only after the 4th config, no traffic is sent out. > > Also in the "show run" in vppctl, I can only see > "acl-plugin-fa-worker-cleaner-pinterrupt" and "acl-plugin-out-ip4-fa" that > are related to ACL. > I think this means ACL at the input of an interface is not working. > > Do you see anything wrong here? > > Thanks, > Yuliang > >> On Tue, Nov 14, 2017 at 5:10 AM, Andrew Yourtchenko <ayour...@gmail.com> >> wrote: >> Cool! >> >> Sure, you can use vat in that case as well. >> >> --a >> >>> On 13 Nov 2017, at 22:08, Yuliang Li <yuliang...@yale.edu> wrote: >>> >>> It works! Thanks. >>> >>> Another question: if I want to use ACL plugin in non-debug build (say, >>> build-release), is can I use vat? Or I need to use the python code? >>> >>>> On Mon, Nov 13, 2017 at 12:06 PM, Andrew Yourtchenko <ayour...@gmail.com> >>>> wrote: >>>> “Make build” in the VPP directory will get you a debug build. The $1 and >>>> such is just standard shell scripting, in case I need to pass some >>>> parameters to vat. I don’t think I had ever needed them... >>>> >>>> --a >>>> >>>>> On 13 Nov 2017, at 17:40, Yuliang Li <yuliang...@yale.edu> wrote: >>>>> >>>>> Maybe this is a stupid question.. Does vat have to work with debug >>>>> builds? And how to do the debug builds? What are the $1~$5 in your script? >>>>> >>>>> Thanks, >>>>> Yuliang >>>>> >>>>>> On Mon, Nov 13, 2017 at 3:03 AM, Andrew Yourtchenko <ayour...@gmail.com> >>>>>> wrote: >>>>>> When just running vat from within the source tree, it needs to know the >>>>>> path for the plugins, for debug builds I usually have the following >>>>>> small shell script which takes care of this without requiring me >>>>>> thinking every time (of course needs to be launched from the vpp top >>>>>> directory since it has relative paths: >>>>>> >>>>>> $ cat ~/bin/run-vat >>>>>> #!/bin/sh >>>>>> sudo ./build-root/install-vpp_debug-native/vpp/bin/vpp_api_test >>>>>> plugin_path >>>>>> ./build-root/install-vpp_debug-native/vpp/lib64/vpp_api_test_plugins/ $1 >>>>>> $2 $3 $4 $5 >>>>>> >>>>>> Not sure about the error with build-vat, I will let other folks comment >>>>>> on it if someone knows... >>>>>> >>>>>> —a >>>>>> >>>>>> > On 13 Nov 2017, at 03:14, Yuliang Li <yuliang...@yale.edu> wrote: >>>>>> > >>>>>> > Thanks for the quick reply. >>>>>> > >>>>>> > I still fail to use the vat to configure ACL. After make >>>>>> > build-release, I use sudo >>>>>> > build-root/build-vpp-native/vpp/vpp_api_test, but it tell me: >>>>>> > 'acl_plugin_get_version': function not found >>>>>> > Other ACL commands have the same problem. >>>>>> > >>>>>> > I also tried make build-vat, but it gives the following error: >>>>>> > @@@@ Arch for platform 'vpp' is native @@@@ >>>>>> > @@@@ Finding source for vpp-api-test @@@@ >>>>>> > @@@@ Package vpp-api-test not found with path /home/bright/tools/vpp >>>>>> > @@@@ >>>>>> > Makefile:780: recipe for target 'vpp-api-test-find-source' failed >>>>>> > make[1]: *** [vpp-api-test-find-source] Error 1 >>>>>> > make[1]: Leaving directory '/home/bright/tools/vpp/build-root' >>>>>> > Makefile:460: recipe for target 'build-vat' failed >>>>>> > make: *** [build-vat] Error 2 >>>>>> > >>>>>> > Am I doing something wrong here? >>>>>> > >>>>>> > Thanks, >>>>>> > Yuliang >>>>>> > >>>>>> > On Sun, Nov 12, 2017 at 5:15 PM, Andrew 👽 Yourtchenko >>>>>> > <ayour...@gmail.com> wrote: >>>>>> > Hi Yuliang, >>>>>> > >>>>>> > You can look at the test/test_acl_plugin_*.py files for the examples >>>>>> > of interactions with plugin from python code. >>>>>> > >>>>>> > Alternatively, you can use VPP API test tool (vat) which is built >>>>>> > together with VPP and then issue the API calls directly from there. >>>>>> > >>>>>> > Shout if you have any questions, will be happy to answer! :) >>>>>> > >>>>>> > --a >>>>>> > >>>>>> > On 11/12/17, Yuliang Li <yuliang...@yale.edu> wrote: >>>>>> > > Hi, >>>>>> > > >>>>>> > > I want to use the ACL plugin >>>>>> > > https://wiki.fd.io/view/VPP/SecurityGroups. It >>>>>> > > seems it can only be configured via API. I only used vppctl before. >>>>>> > > Can >>>>>> > > anyone please tell how to use the API to configure? Or is there >>>>>> > > other ways >>>>>> > > to configre? >>>>>> > > >>>>>> > > Thanks, >>>>>> > > -- >>>>>> > > Yuliang Li >>>>>> > > PhD student >>>>>> > > Department of Computer Science >>>>>> > > Yale University >>>>>> > > >>>>>> > >>>>>> > >>>>>> > >>>>>> > -- >>>>>> > Yuliang Li >>>>>> > PhD student >>>>>> > Department of Computer Science >>>>>> > Yale University >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Yuliang Li >>>>> PhD student >>>>> Department of Computer Science >>>>> Yale University >>> >>> >>> >>> -- >>> Yuliang Li >>> PhD student >>> Department of Computer Science >>> Yale University > > > > -- > Yuliang Li > PhD student > Department of Computer Science > Yale University
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
