Hello, my name is Hitoshi Kaneko.
I belong to NTT Laboratories.
I evaluate VPP and there have been questions.
(1)Question 1
I have wanted to evaluate Access Control List of VPP.
About this feature, I have used acl_add_replace and
acl_interface_set_acl_list commands and I have seen packets stop, i. e. ,
I have input the commands bellow .
"acl_add_replace ipv4 deny src 192.168.10.15/32"
"acl_interface_set_acl_list sw_if_index 1 input 0 output"
But, at the same time, all the packets, i. e. , whose source IP
addresses are not 192.168.10.15/32 , also have stopped.
Please teach me how to stop the only packets whose source IP addresses
are 192.168.10.15/32 .
(Of course, all the packets have passed through the VPP if that ACL rule
has been deleted . )
(2)Question 2
Ultimately, I want the only packets whose source IP addresses are
192.168.10.15/32 to pass through the VPP, for example , bellow .
"acl_add_replace ipv4 deny"
"acl_add_replace ipv4 permit src 192.168.10.15/32"
"acl_interface_set_acl_list sw_if_index 1 input 0 1 output"
But, when I have input the commands bellow ,
"acl_add_replace ipv4 permit src 192.168.10.15/32"
"acl_interface_set_acl_list sw_if_index 1 input 0 output"
all the packets have stopped like the events of the question 1 .
Regards,
Hitoshi Kaneko
E-mail: kaneko.hito...@lab.ntt.co.jp <mailto:kaneko.hito...@lab.ntt.co.jp>
Phone: +81 422 59 4946
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
