hi Xue, could you send the output of "show classify tables index 0 verbose" after you set that table as outacl ?
Thanks! --a On 4/4/19, xyxue <xy...@fiberhome.com> wrote: > > Hi guys, > > I am trying to test ACL funtion, input ACL is OK, But output ACL is not > effective > > my configuration as below, is there anything wrong in my configuration? > Thanks for your response > > VPP1810# show version > vpp v18.10-7~g6ff8790-dirty built by root on localhost.localdomain at Mon > Apr 1 15:06:48 EDT 2019 > > VPP1810# classify table mask l3 ip4 src > VPP1810# classify session acl-hit-next deny table-index 0 match l3 ip4 src > 10.0.0.2 > VPP1810# set interface output acl intfc host-eth8 ip4-table 0 > > > Packet 1 > > 00:04:29:245976: af-packet-input > af_packet: hw_if_index 5 next-index 4 > tpacket2_hdr: > status 0x1 len 124 snaplen 124 mac 66 net 80 > sec 0x5ca3021e nsec 0x1d5674aa vlan 0 vlan_tpid 0 > 00:04:29:245984: ethernet-input > IP4: 00:10:94:00:00:02 -> ff:ff:ff:ff:ff:ff > 00:04:29:245989: ip4-input > unknown 253: 10.0.0.2 -> 10.1.1.2 > tos 0x00, ttl 255, length 110, checksum 0xa585 > fragment id 0x0009 > 00:04:29:245994: ip4-lookup > fib 0 dpo-idx 2 flow hash: 0x00000000 > unknown 253: 10.0.0.2 -> 10.1.1.2 > > > > tos 0x00, ttl 255, length 110, checksum 0xa585 > fragment id 0x0009 > 00:04:29:245999: ip4-rewrite > tx_sw_if_index 3 dpo-idx 2 : ipv4 via 10.1.1.2 host-eth8: mtu:0 > 000c295a9070000c298abc980800 flow hash: 0x00000000 > 00000000: > 000c295a9070000c298abc9808004500006e00090000fefda6850a0000020a01 > 00000020: 01020000000000000000000000000000000000000000000000000000 > 00:04:29:246003: ip4-outacl > OUTACL: sw_if_index 3, next_index 1, table 0, offset -1 > 00:04:29:246061: host-eth8-output > host-eth8 > IP4: 00:0c:29:8a:bc:98 -> 00:0c:29:5a:90:70 > unknown 253: 10.0.0.2 -> 10.1.1.2 > tos 0x00, ttl 254, length 110, checksum 0xa685 > fragment id 0x0009 > > Thanks, > Xue > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#12701): https://lists.fd.io/g/vpp-dev/message/12701 Mute This Topic: https://lists.fd.io/mt/30894420/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
