Hello all,
I am trying to test ACL funtion, input ACL is OK, But output ACL is not
effective
my configuration as below, is there anything wrong in my configuration? Thanks
for your response
VPP1810# show version
vpp v18.10-7~g6ff8790-dirty built by root on localhost.localdomain at Mon Apr
1 15:06:48 EDT 2019
VPP1810# classify table mask l3 ip4 src
VPP1810# classify session acl-hit-next deny table-index 0 match l3 ip4 src
10.0.0.2
VPP1810# set interface output acl intfc host-eth8 ip4-table 0
Packet 1
00:04:29:245976: af-packet-input
af_packet: hw_if_index 5 next-index 4
tpacket2_hdr:
status 0x1 len 124 snaplen 124 mac 66 net 80
sec 0x5ca3021e nsec 0x1d5674aa vlan 0 vlan_tpid 0
00:04:29:245984: ethernet-input
IP4: 00:10:94:00:00:02 -> ff:ff:ff:ff:ff:ff
00:04:29:245989: ip4-input
unknown 253: 10.0.0.2 -> 10.1.1.2
tos 0x00, ttl 255, length 110, checksum 0xa585
fragment id 0x0009
00:04:29:245994: ip4-lookup
fib 0 dpo-idx 2 flow hash: 0x00000000
unknown 253: 10.0.0.2 -> 10.1.1.2
tos 0x00, ttl 255, length 110, checksum 0xa585
fragment id 0x0009
00:04:29:245999: ip4-rewrite
tx_sw_if_index 3 dpo-idx 2 : ipv4 via 10.1.1.2 host-eth8: mtu:0
000c295a9070000c298abc980800 flow hash: 0x00000000
00000000: 000c295a9070000c298abc9808004500006e00090000fefda6850a0000020a01
00000020: 01020000000000000000000000000000000000000000000000000000
00:04:29:246003: ip4-outacl
OUTACL: sw_if_index 3, next_index 1, table 0, offset -1
00:04:29:246061: host-eth8-output
host-eth8
IP4: 00:0c:29:8a:bc:98 -> 00:0c:29:5a:90:70
unknown 253: 10.0.0.2 -> 10.1.1.2
tos 0x00, ttl 254, length 110, checksum 0xa685
fragment id 0x0009
fx...@fiberhome.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12690): https://lists.fd.io/g/vpp-dev/message/12690
Mute This Topic: https://lists.fd.io/mt/30876208/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
