I looked at the code at the first link below – thanks. The code is using an interface. Not a surprise, because ACLs are typically, if not always, configured on an interface. My use case to match both IP prefix and layer-4 port range uses a table. This is why I prefer working with bitmasks to directly program the classifier.
Hemant From: Andrew 👽 Yourtchenko <ayour...@gmail.com> Sent: Friday, March 05, 2021 4:41 PM To: hem...@mnkcg.com Cc: bga...@cisco.com; vpp-dev@lists.fd.io Subject: Re: [vpp-dev] IP subnet and port range match? Cool, would be really nice to get bigger company hacking on this stuff! :-) So what I am really after is to have a mergeable implementation of this sketch: https://gerrit.fd.io/r/c/vpp/+/28083 Which in turn enables things like this for example: https://gerrit.fd.io/r/c/vpp/+/28513 So in the combo of these two changes above we are using the existing “connection” infra, but replace the policy lookup completely. This was the initial trigger. But I would like to be able to decouple things more, since it would allow much more flexibility for everyone to plug their own stuff - whether open source or not, without redoing all the boring jobs of packet parsing and plumbing. The other point of usefulness is the above pipeline is currently unified for v4/v6, l2/l3, in/out, so you get 8 nodes for the price of maintenance of one. --a
smime.p7s
Description: S/MIME cryptographic signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18877): https://lists.fd.io/g/vpp-dev/message/18877 Mute This Topic: https://lists.fd.io/mt/81084196/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
