[vpp-dev] acl packet trace interpretation help

[Juraj Linkes -X (jlinkes - PANTHEON TECHNOLOGIES at Cisco)]

Hi vpp devs,

I'm using vpp-17.04-release.x86_64 on CentOS 7.3 and I'm trying to figure out 
what does this packet trace mean:
Packet 9

00:15:18:177142: tapcli-rx
  tap-2
00:15:18:177155: ethernet-input
  IP4: fa:16:3e:eb:c6:6d -> fa:16:3e:9b:93:4a
00:15:18:177159: l2-input
  l2-input: sw_if_index 4 dst fa:16:3e:9b:93:4a src fa:16:3e:eb:c6:6d
00:15:18:177161: l2-input-classify
  l2-classify: sw_if_index 4, table 1, offset 0, next 21
00:15:18:177163: acl-plugin-in-ip4-l2
  acl-plugin: sw_if_index 4, next index 0, action: 0, match: acl -1 rule -1 
trace_bits 00000000
  pkt info 0000000000000000 7073c30a00000000 0000000000000000 0700640a00000000 
0000000100000008 0000000000000400
00:15:18:177167: error-drop
  acl-plugin-in-ip4-l2: ACL deny packets

What do acl -1 and rule -1 mean? I expected to find acl and rule indices in the 
trace, but I don't know what -1 means. I've looked at which acls are on that 
inteface in vat:
vat# acl_interface_list_dump
vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 0, count: 0, 
n_input: 0
   input
vat# vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 1, count: 0, 
n_input: 0
   input
vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 2, count: 2, 
n_input: 1
   input 83886080
  output 67108864
vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 3, count: 2, 
n_input: 1
   input 0
  output 16777216

vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 4, count: 0, 
n_input: 0
   input
vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 6, count: 0, 
n_input: 0
   input
vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 7, count: 0, 
n_input: 0
   input
vl_api_acl_interface_list_details_t_handler:152: sw_if_index: 8, count: 0, 
n_input: 0
   input

It says there are no acls associated with the interface. No sure how what acls 
are being applied then. And what about the acls indices (83886080, 67108864 and 
16777216)? I only have six acls configured (indices 0-5) and the indices are 
way off. Is it some sort of overflow? Note that we're using honeycomb to 
configure these.

Thanks,
Juraj

_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev