Ravi,
appears that the commit 2f8cd914514fe54f91974c6d465d4769dfac8de8 has
hardcoded the IP address family in the CLI handler to IPv4:
0490db79b src/plugins/acl/acl.c (Neale Ranns 2020-03-24
15:09:41 +0000 2873) else if (unformat (line_input, "src %U/%d",
bf883bb086 src/plugins/acl/acl.c (Neale Ranns 2020-04-23
16:01:20 +0000 2874) unformat_ip46_address, &src,
IP46_TYPE_ANY,
bf883bb086 src/plugins/acl/acl.c (Neale Ranns 2020-04-23
16:01:20 +0000 2875) &src_prefix_length))
40490db79b src/plugins/acl/acl.c (Neale Ranns 2020-03-24
15:09:41 +0000 2876) {
40490db79b src/plugins/acl/acl.c (Neale Ranns 2020-03-24
15:09:41 +0000 2877) vec_validate_acl_rules (rules, rule_idx);
2f8cd91451 src/plugins/acl/acl.c (Jakub Grajciar 2020-03-27
06:55:06 +0100 2878) ip_address_encode (&src, IP46_TYPE_ANY,
2f8cd91451 src/plugins/acl/acl.c (Jakub Grajciar 2020-03-27
06:55:06 +0100 2879)
&rules[rule_idx].src_prefix.address);
2f8cd91451 src/plugins/acl/acl.c (Jakub Grajciar 2020-03-27
06:55:06 +0100 2880) rules[rule_idx].src_prefix.address.af =
ADDRESS_IP4;
2f8cd91451 src/plugins/acl/acl.c (Jakub Grajciar 2020-03-27
06:55:06 +0100 2881) rules[rule_idx].src_prefix.len =
src_prefix_length;
40490db79b src/plugins/acl/acl.c (Neale Ranns 2020-03-24
15:09:41 +0000 2882) }
40490db79b src/plugins/acl/acl.c (Neale Ranns 2020-03-24
15:09:41 +0000 2883) else if (unformat (line_input, "dst %U/%d",
bf883bb086 src/plugins/acl/acl.c (Neale Ranns 2020-04-23
16:01:20 +0000 2884) unformat_ip46_address, &dst,
IP46_TYPE_ANY,
I am including the commit author for the clarification on how that
code is supposed to work for the IPv6 case.
Workaround is to use the "binary-api" command which will use vat code
which will work for you:
vpp# binary-api acl_add_replace -1 permit src 2001:db8::1/128
vl_api_acl_add_replace_reply_t_handler:72: ACL index: 0
vpp# show acl acl
acl-index 0 count 1 tag {}
0: ipv6 permit src 2001:db8::1/128 dst ::/0 proto 0 sport
0-65535 dport 0-65535
vpp#
--a
On 7/14/21, RaviKiran Veldanda <ravi.jup...@gmail.com> wrote:
> Hi Experts,
> We were trying to create some ACL rules for IPv6 addresses,
> *"set acl-plugin acl permit src 2001:5b0:ffff:1150::0/64 " in vppctl.
> * "set acl-plugin acl permit ipv6 src 2001:5b0:ffff:1150::0/64 " in vppctl.
> giving ACL index but when I check "show acl_plugin acl" its not giving any
> information.
>
> vpp# set acl-plugin acl ipv6 permit src 2001:5b0:ffff:1150::0/64
> ACL index:1
> vpp# show acl-plugin acl
> acl-index 0 count 1 tag {cli}
> 0: ipv4 permit src 172.25.169.0/24 dst 0.0.0.0/0 proto 0 sport 0-65535 dport
> 0-65535
> acl-index 1 count 0 tag {cli}
> vpp#
> We are using VPP 20.05 stable version. We couldn't able to set the ACL for
> IPv6.
> We are not seeing any error message on the logs.
> We could able to set ACL for IPv4 without any issue.
> We tried same thing from vpp_api_test, still we couldn't able to set IPv6
> rule.
> Can you please provide some pointer for creating "acl rule for IPV6."
> Thanks for your help.
>
> //Ravi
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19772): https://lists.fd.io/g/vpp-dev/message/19772
Mute This Topic: https://lists.fd.io/mt/84212274/21656
Mute #acl_plugin:https://lists.fd.io/g/vpp-dev/mutehashtag/acl_plugin
Mute #ipv6:https://lists.fd.io/g/vpp-dev/mutehashtag/ipv6
Mute #vppctl:https://lists.fd.io/g/vpp-dev/mutehashtag/vppctl
Mute #acl:https://lists.fd.io/g/vpp-dev/mutehashtag/acl
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
