From: Andrew Yourtchenko [mailto:ayour...@gmail.com]
> > > Sent: Friday, June 16, 2017 17:51
> > > To: Luke, Chris <chris_l...@cable.comcast.com>
> > > Cc: Marco Varlese <marco.varl...@suse.com>; vpp-dev@lists.fd.io
> > > Subject: Re: [vpp-dev] Bind / Unb
+1
> -Original Message-
> From: Andrew Yourtchenko [mailto:ayour...@gmail.com]
> Sent: Saturday, June 17, 2017 5:28
> To: Luke, Chris <chris_l...@cable.comcast.com>
> Cc: Marco Varlese <marco.varl...@suse.com>; vpp-dev@lists.fd.io
> Subject: Re:
gt; Chris
>> >
>> >>>
>> >>> --a
>> >>>
>> >>>
>> >>>
>> >>>>
>> >>>>
>> >>>> Cheers,
>> >>>> Marco
>> >>>>
>> >>
ris <chris_l...@cable.comcast.com>
> Cc: Marco Varlese <marco.varl...@suse.com>; vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Bind / Unbind of ACL
>
> Ok! So what do you think if then we were to also disallow applying the ACL
> that doesn't exist yet ?
>
> It feels like it
t;>>> Assuming the only change is to effectively have
>>>>>> "unbind_acl_from_everywhere; delete_acl" instead of
>>>>>> "delete_acl", maybe it would be best to tackle that post-17.07
>>>>>> with a separate API message acl_
reflected sessions table does provide already plenty of it :)
> > > > >
> > > > > --a
> > > > >
> > > > > On 6/9/17, Luke, Chris <chris_l...@comcast.com> wrote:
> > > > > >
> > > > > >
> > > &g
flag on the interface (or globally),
> > > > > set
> > > > > when
> > > > > applying the ACL, that indicates the desired behavior when the ACL is
> > > > > empty
> > > > > or non-existent? At the moment to me it seems logical that
>> > > set
>> > > when
>> > > applying the ACL, that indicates the desired behavior when the ACL is
>> > > empty
>> > > or non-existent? At the moment to me it seems logical that this is
>> > > the
>> > > same
>> >
gical that this is the
> > > same
> > > behavior as when matching falls off the end of the ACL.
> > >
> > > Chris.
> > >
> > > >
> > > > -Original Message-
> > > > From: vpp-dev-boun...@lists.fd.io [mailto:vpp-
falls off the end of the ACL.
> >>
> >> Chris.
> >>
> >>> -Original Message-
> >>> From: vpp-dev-boun...@lists.fd.io
> [mailto:vpp-dev-boun...@lists.fd.io]
> >>> On
> >>> Behalf Of Andre
.@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io]
>>> On
>>> Behalf Of Andrew ?? Yourtchenko
>>> Sent: Friday, June 9, 2017 7:53
>>> To: Marco Varlese <marco.varl...@suse.com>
>>> Cc: vpp-dev@lists.fd.io
>>> Subject
>>> From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io]
>>> On
>>> Behalf Of Andrew ?? Yourtchenko
>>> Sent: Friday, June 9, 2017 7:53
>>> To: Marco Varlese <marco.varl...@suse.com>
>>> Cc: vpp-dev@lists.fd.io
>
On Fri, 2017-06-09 at 14:27 +0200, Andrew Yourtchenko wrote:
> Hi Marco,
>
> On 6/9/17, Marco Varlese wrote:
> >
> > Hi Andrew,
> >
> > On Fri, 2017-06-09 at 13:53 +0200, Andrew Yourtchenko wrote:
> > >
> > > Hi Marco,
> > >
> > > Yes, this works as expected,
ehalf Of Andrew ?? Yourtchenko
>> Sent: Friday, June 9, 2017 7:53
>> To: Marco Varlese <marco.varl...@suse.com>
>> Cc: vpp-dev@lists.fd.io
>> Subject: Re: [vpp-dev] Bind / Unbind of ACL
>>
>> Hi Marco,
>>
>> Yes, this works as expected, assuming afte
.
> -Original Message-
> From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io] On
> Behalf Of Andrew ?? Yourtchenko
> Sent: Friday, June 9, 2017 7:53
> To: Marco Varlese <marco.varl...@suse.com>
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] B
Hi Andrew,
On Fri, 2017-06-09 at 13:53 +0200, Andrew Yourtchenko wrote:
> Hi Marco,
>
> Yes, this works as expected, assuming after deletion *all* the traffic
> is denied, rather than just the SSH traffic.
>
> If you apply to an interface the ACL# that does not exist, that is the
> same as
Hi Marco,
Yes, this works as expected, assuming after deletion *all* the traffic
is denied, rather than just the SSH traffic.
If you apply to an interface the ACL# that does not exist, that is the
same as if there was an ACL with just the "deny all" semantics, to
avoid the perception that a
Hi,
I am trying the ACL functionality and I found a "strange" behaviour.
The steps I follow to use an ACL are:
* I create an ACL to deny SSH traffic between VMs (via the 'acl_add_replace'
function)
* Set that ACL to the interfaces involved (via the 'acl_interface_set_acl_list'
function)
After
18 matches
Mail list logo