It does use ACLs for matching, that’s what allows you to specify src and dst IP ranges. Once matched the packet is forwarded on the path the specified by the policy. You can set this path to use your DPO. Use the EXCLUSIVE flag to do this.
/neale From: Vijay Kumar <vjkumar2...@gmail.com> Date: Wednesday, 16 June 2021 at 16:28 To: Neale Ranns <ne...@graphiant.com> Cc: vpp-dev <vpp-dev@lists.fd.io> Subject: Re: [vpp-dev] Regarding DPO object Hi Neale, The ABF is ACL based matching and forwarding plugin right. This would allow one to match a packet with ACL and forward it on a configured outbound interface. My case is different, I don't want to match ACL and forward packets out on an interface. I want the packet matching a certain SRC IP range to be sent to my new plugin (in this case XYZ ) which would do further processing specific to our product. For example, if IPSec traffic is originating from UE, we see the packets flow through these nodes. After ESP and GRE, the inner packet src IP is that of the UE. Is it possible for graph node XYZ to request for an IP packet matching certain SRC IP? UE ----------> [ESP4_decrypt----IP----GRE_Input-----IP----XYZ-----IP-----Interface]---------> internet host Regards. On Wed, Jun 16, 2021 at 7:07 PM Neale Ranns <ne...@graphiant.com<mailto:ne...@graphiant.com>> wrote: Hi Vijay, The FIB will only match against a destination prefix. If you want to use DPOs with more complex matching, try the ABF plugin. /neale From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> on behalf of Vijay Kumar via lists.fd.io<http://lists.fd.io> <vjkumar2003=gmail....@lists.fd.io<mailto:gmail....@lists.fd.io>> Date: Wednesday, 16 June 2021 at 15:04 To: vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Subject: [vpp-dev] Regarding DPO object Hi experts, I am creating a DPO object (for protocol IP4) and am tying an UE prefix for this DPO and adding the corresponding entry to the FIB table. I have a graph node to which I need to post all IP packets matching a range of source IPs. Does the DPO work only for packets destined to a certain prefix or range of IP prefixes or can we use DPO for requesting packets based on source IP range also? Regards, Vijay N Regards, Vijay N
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19581): https://lists.fd.io/g/vpp-dev/message/19581 Mute This Topic: https://lists.fd.io/mt/83579849/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
