Hi Burcu, You can probably use ABF (https://wiki.fd.io/view/VPP/ABF) to do this. When you have linux-cp enabled and an interface is added to a linux-cp interface pair, the normal behavior is that packets received on that interface which are destined to the interface IP address will be punted to the host over the linux-cp tap. This occurs after the FIB lookup that occurs at the end of the ip4-unicast feature arc. ABF policies are evaluated earlier on the feature arc and can match packets and forward them elsewhere before they are punted to linux-cp.
You can create an ACL that has rules like this: 1. ipv4 deny src 0.0.0.0/0 dst 10.20.10.22/32 proto 6 sport 0 dport 22 - this deny rule will cause the tcp/22 packets to be excluded from ABF processing, so they will follow the normal path into linux-cp 2. ipv4 permit src 0.0.0.0/0 dst 10.20.10.22/32 proto 0 sport 0-65535 dport 0-65535 - this will match all the other packets which would normally be punted to linux-cp and cause them to be forwarded using ABF policy instead Then you can add an ABF policy referencing the ACL you created which sends packets 'via 10.10.1.4 memif0' and attach that policy to the hardware interface. The patch that enables the use of deny rules to exclude packets from ABF processing was added after the stable/2210 branch was created. So the above will only work on a build from VPP's master branch. -Matt On Thu, Feb 9, 2023 at 4:13 AM Burcu YUKSEL < burcu.yuk...@ulakhaberlesme.com.tr> wrote: > Hello Everyone, > > We want to transfer the SSH packets coming from Device A to Linux Stack, > other packets to Application B full duplex. We transferred packets with > using LCP plugin. However in this case we have transferred all the packets > to Linux stack. Is there a way to forward only TCP packets with port 22 to > Linux with LCP? > > > > VPP: > > lcp create TwentyFiveGigabitEthernetd8/0/0 host-if vpp-host > set interface state TwentyFiveGigabitEthernetd8/0/0 up > set interface ip address TwentyFiveGigabitEthernetd8/0/0 10.20.10.22/24 > ip route add 0.0.0.0/0 via 10.20.10.22 TwentyFiveGigabitEthernetd8/0/0 > > Linux Server: > > sudo ip link set vpp-host up > sudo ip addr add 10.20.10.22/24 dev vpp-host > sudo route add default gw 10.20.10.1 > > Best Regards, > Burcu > > Bu elektronik posta ve onunla iletilen bütün dosyalar sadece göndericisi > tarafından alması amaçlanan yetkili, gerçek ya da tüzel kişinin kullanımı > içindir. Eğer söz konusu yetkili alıcı değilseniz, bu elektronik postanın > içeriğini açıklamanız, kopyalamanız, yönlendirmeniz ve kullanmanız > kesinlikle yasaktır ve bu elektronik postayı derhal silmeniz gerekmektedir. > Şirketimiz bu mesajın içerdiği bilgilerin doğruluğu veya eksiksiz olduğu > konusunda herhangi bir garanti vermemektedir. Bu nedenle, bu bilgilerin ne > şekilde olursa olsun içeriğinden, iletilmesinden, alınmasından ve > saklanmasından sorumlu değildir. Bu mesajdaki görüşler yalnızca gönderen > kişiye aittir ve Şirketimizin görüşlerini yansıtmayabilir. Tarafınız ile > paylaşılan kişisel verilerin, 6698 sayılı Kişisel Verilerin Korunması > Kanununa uygun olarak işlenmesi gereğini bilginize sunarız. > ------------------------------ > > This e-mail and all files sent with it are intended for authorized natural > or legal persons, who should be the only persons to open and read them. If > you are not an authorized recipient, you are strictly prohibited from > disclosing, copying, forwarding, and using the contents of this e-mail, and > you must immediately delete it. Our company does not guarantee the accuracy > or thoroughness of the information contained in this message. It is > therefore in no way responsible for the content, sending, retrieval and > storage of this information. The opinions contained in this message are the > views of the sender only and do not necessarily reflect the views of the > company. We would like to inform you that any personal data shared with you > should be processed in accordance with the Law on Protection of Personal > Data numbered 6698. > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22575): https://lists.fd.io/g/vpp-dev/message/22575 Mute This Topic: https://lists.fd.io/mt/96850285/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
