Hi, Debug the code below in ip_inacl_inline(), It work if add "current-data-flag 1 current-data-offset -14" in classify table.line 261: if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA) h0 = (void *) vlib_buffer_get_current (b0) + t0->current_data_offset; else h0 = b0->data; Before add "current-data-flag 1 current-data-offset -14" in classify table, the gdb info as below, found that the offset between "p (void *) vlib_buffer_get_current (b0) + t0->current_data_offset" and "b0->data" is different.=====gdb info if ok, w/o vxlan=====(gdb) p (void *) vlib_buffer_get_current (b0) + t0->current_data_offset $1 = (void *) 0x7f0e631c144e (gdb) p b0->data $2 = 0x7f0e631c1440 "?"=====gdb info if nok, w/ vxlan=====(gdb) p (void *) vlib_buffer_get_current (b0) + t0->current_data_offset $20 = (void *) 0x7f497f9d0840 (gdb) p b0->data $21 = 0x7f497f9d0800 "\002t*<m\225ZyV\026·5\b"
BR,xliao ------------------------------------------------------------------发件人:st.linux.ily via vpp-dev <vpp-dev@lists.fd.io>发送时间:2017年12月25日(星期一) 18:27收件人:vpp-dev <vpp-dev@lists.fd.io>主 题:[vpp-dev] L3 ACL(ip4/6-inacl) miss if the packet come from a vxlan_tunnel0 interface Hi, Can L3 ACL work with inner packet of VxLAN? I found it miss at ip4/6-inacl. Topo: host-lan1 -> BD(vxlan_tunnel0 -> loop0[bvi]) -> host-wan1 Version: 17.10 Issue: When classifier apply to loop0 interface, L3 ACL(ip4/6-inacl) miss if the packet come from a vxlan_tunnel0 interface. But it hit if packet come from host-lan1 directly. CMD: # For IPv4 sudo vppctl classify table mask l3 ip4 dst buckets 2 miss-next 0 table 4294967295 next-table 4294967295 # For IPv6 sudo vppctl classify table mask l3 ip6 dst buckets 2 miss-next 4294967295 table 4294967295 next-table 4294967295 # For IPv4 sudo vppctl classify session hit-next 4294967295 table-index 0 match l3 ip4 dst 192.168.20.22 action set-ip4-fib-id 200 sudo vppctl classify session hit-next 4294967295 table-index 0 match l3 ip4 dst 192.168.30.22 action set-ip4-fib-id 201 # For IPv6 sudo vppctl classify session hit-next 4294967295 table-index 1 match l3 ip6 dst 2002:1::2 action set-ip6-fib-id 200 sudo vppctl classify session hit-next 4294967295 table-index 1 match l3 ip6 dst 2003:1::2 action set-ip6-fib-id 201 sudo vppctl set interface input acl intfc loop0 ip4-table 0 sudo vppctl set interface input acl intfc loop0 ip6-table 1 Trace: Packet 1 02:38:25:074644: af-packet-input af_packet: hw_if_index 1 next-index 4 tpacket2_hdr: status 0x20000001 len 148 snaplen 148 mac 66 net 80 sec 0x5a40cb35 nsec 0x2b2c3a54 vlan 0 vlan_tpid 0 02:38:25:074682: ethernet-input IP4: 8a:dd:c1:3b:4a:f4 -> 02:fe:d2:18:c7:99 02:38:25:074725: ip4-input UDP: 192.168.10.10 -> 192.168.10.9 tos 0x00, ttl 64, length 134, checksum 0xeb3b fragment id 0xf9c7 UDP: 39785 -> 4789 length 114, checksum 0x0000 02:38:25:074772: ip4-lookup fib 0 dpo-idx 22 flow hash: 0x00000000 UDP: 192.168.10.10 -> 192.168.10.9 tos 0x00, ttl 64, length 134, checksum 0xeb3b fragment id 0xf9c7 UDP: 39785 -> 4789 length 114, checksum 0x0000 02:38:25:074804: ip4-local UDP: 192.168.10.10 -> 192.168.10.9 tos 0x00, ttl 64, length 134, checksum 0xeb3b fragment id 0xf9c7 UDP: 39785 -> 4789 length 114, checksum 0x0000 02:38:25:074830: ip4-udp-lookup UDP: src-port 39785 dst-port 4789 02:38:25:074837: vxlan4-input VXLAN decap from vxlan_tunnel0 vni 101 next 1 error 0 02:38:25:074845: l2-input l2-input: sw_if_index 7 dst de:ad:00:00:00:00 src b6:0c:fa:57:f9:d2 02:38:25:074880: l2-learn l2-learn: sw_if_index 7 dst de:ad:00:00:00:00 src b6:0c:fa:57:f9:d2 bd_index 1 02:38:25:074892: l2-fwd l2-fwd: sw_if_index 7 dst de:ad:00:00:00:00 src b6:0c:fa:57:f9:d2 bd_index 1 02:38:25:074900: ip4-input ICMP: 192.168.1.2 -> 192.168.20.22 tos 0x00, ttl 64, length 84, checksum 0x6c61 fragment id 0x37df, flags DONT_FRAGMENT ICMP echo_request checksum 0x3314 02:38:25:074907: ip4-inacl INACL: sw_if_index 5, next_index 0, table 0, offset -1 02:38:25:074919: error-drop ip4-input: input ACL table-miss drops vpp# sh classify table verbose TableIdx Sessions NextTbl NextNode 0 2 -1 0 Heap: 4 objects, 332 of 2k used, 124 free, 0 reclaimed, 1k overhead, 2044k capacity nbuckets 2, skip 1 match 2 flag 0 offset 0 mask 0000000000000000000000000000ffffffff0000000000000000000000000000 linear-search buckets 0 [0]: heap offset 384, elts 2, normal 0: [384]: next_index -1 advance 0 opaque -1 action 1 metadata 2 k: 0000000000000000000000000000c0a81e160000000000000000000000000000 hits 0, last_heard 0.00 [1]: heap offset 192, elts 2, normal 0: [192]: next_index -1 advance 0 opaque -1 action 1 metadata 1 k: 0000000000000000000000000000c0a814160000000000000000000000000000 hits 0, last_heard 0.00 2 active elements 1 free lists 0 linear-search buckets 1 2 -1 -1 Heap: 6 objects, 352 of 2k used, 96 free, 0 reclaimed, 1k overhead, 2044k capacity nbuckets 2, skip 2 match 2 flag 0 offset 0 mask 000000000000ffffffffffffffffffffffffffffffff00000000000000000000 linear-search buckets 0 [1]: heap offset 192, elts 2, normal 0: [192]: next_index -1 advance 0 opaque -1 action 2 metadata 1 k: 0000000000002002000100000000000000000000000200000000000000000000 hits 0, last_heard 0.00 1: [256]: next_index -1 advance 0 opaque -1 action 2 metadata 2 k: 0000000000002003000100000000000000000000000200000000000000000000 hits 0, last_heard 0.00 2 active elements 1 free lists 0 linear-search buckets BR,xliao
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
