Re: [vpp-dev] output ACL is not effctive

Yosvany Thu, 04 Apr 2019 11:13:10 -0700

How can make this ACL form a network, example  with src 10.0.0.0/24????

Thanks


El 2 de abril de 2019 9:10:39 PM GMT-04:00, star <fx...@fiberhome.com> escribió:
>Hello all，
>
>I am trying to test ACL funtion, input ACL is OK, But output ACL is not
>effective
>
>my configuration as below, is there anything wrong in my configuration?
>Thanks for your response
>
>VPP1810# show version 
>vpp v18.10-7~g6ff8790-dirty built by root on localhost.localdomain at
>Mon Apr  1 15:06:48 EDT 2019
>
>VPP1810# classify table mask l3 ip4 src
>VPP1810# classify session acl-hit-next deny table-index 0 match l3 ip4
>src 10.0.0.2
>VPP1810# set interface output acl intfc host-eth8 ip4-table 0
>
>
>Packet 1
>
>00:04:29:245976: af-packet-input
>  af_packet: hw_if_index 5 next-index 4
>    tpacket2_hdr:
>      status 0x1 len 124 snaplen 124 mac 66 net 80
>      sec 0x5ca3021e nsec 0x1d5674aa vlan 0 vlan_tpid 0
>00:04:29:245984: ethernet-input
>  IP4: 00:10:94:00:00:02 -> ff:ff:ff:ff:ff:ff
>00:04:29:245989: ip4-input
>  unknown 253: 10.0.0.2 -> 10.1.1.2
>    tos 0x00, ttl 255, length 110, checksum 0xa585
>    fragment id 0x0009
>00:04:29:245994: ip4-lookup
>  fib 0 dpo-idx 2 flow hash: 0x00000000
>unknown 253: 10.0.0.2 -> 10.1.1.2                                      
>                                                                       
>    tos 0x00, ttl 255, length 110, checksum 0xa585
>    fragment id 0x0009
>00:04:29:245999: ip4-rewrite
>tx_sw_if_index 3 dpo-idx 2 : ipv4 via 10.1.1.2 host-eth8: mtu:0
>000c295a9070000c298abc980800 flow hash: 0x00000000
>00000000:
>000c295a9070000c298abc9808004500006e00090000fefda6850a0000020a01
>  00000020: 01020000000000000000000000000000000000000000000000000000
>00:04:29:246003: ip4-outacl
>  OUTACL: sw_if_index 3, next_index 1, table 0, offset -1
>00:04:29:246061: host-eth8-output
>  host-eth8
>  IP4: 00:0c:29:8a:bc:98 -> 00:0c:29:5a:90:70
>  unknown 253: 10.0.0.2 -> 10.1.1.2
>    tos 0x00, ttl 254, length 110, checksum 0xa685
>    fragment id 0x0009
>
>
>
>fx...@fiberhome.com

-- 
Enviado desde mi dispositivo Android con K-9 Mail. Por favor, disculpa mi 
brevedad.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12707): https://lists.fd.io/g/vpp-dev/message/12707
Mute This Topic: https://lists.fd.io/mt/30876208/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] output ACL is not effctive

Reply via email to