Dear all,
I have a question: what is the difference between l2-input-classify
and l2-input-acl.
They can all complete the ACL function, which one should I choose.
I create a classify table and session follow this:
classify table mask l2 dst
classify session acl-hit-next deny table-index 0 match l2 dst
11:22:33:44:55:66
L2-input-acl
(set interface input acl intfc host-vpp1 l2-table 0)
Trace:
00:09:52:891414: af-packet-input
af_packet: hw_if_index 2 next-index 4
tpacket2_hdr:
status 0x1 len 42 snaplen 42 mac 66 net 80
sec 0x5f588084 nsec 0x390f397c vlan 0 vlan_tpid 0
00:09:52:891634: ethernet-input
IP4: 33:33:33:33:33:33 -> 11:22:33:44:55:66
00:09:52:891662: l2-input
l2-input: sw_if_index 2 dst 11:22:33:44:55:66 src 33:33:33:33:33:33
00:09:52:891690: l2-input-acl
INACL: sw_if_index 2, next_index 0, table 0, offset 1200
00:09:52:891699: error-drop
rx:host-vpp1
00:09:52:891707: drop
l2-input-acl: input ACL session deny drops
L2-input-classify
(set interface l2 input classify intfc host-vpp1 ip4-table 0)
Trace:
00:05:11:825796: af-packet-input
af_packet: hw_if_index 2 next-index 4
tpacket2_hdr:
status 0x1 len 42 snaplen 42 mac 66 net 80
sec 0x5f587f6c nsec 0xd3080cf vlan 0 vlan_tpid 0
00:05:11:826012: ethernet-input
IP4: 33:33:33:33:33:33 -> 11:22:33:44:55:66
00:05:11:826046: l2-input
l2-input: sw_if_index 2 dst 11:22:33:44:55:66 src 33:33:33:33:33:33
00:05:11:826073: l2-input-classify
l2-classify: sw_if_index 2, table 0, offset 4b0, next 0
00:05:11:826086: error-drop
rx:host-vpp1
00:05:11:826094: drop
l2-input-classify: L2 Classify Drops
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17351): https://lists.fd.io/g/vpp-dev/message/17351
Mute This Topic: https://lists.fd.io/mt/76728051/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
