Hoi folks,
I noticed that the acl-plugin will allow to replace an existing ACL using
the API, but not while using the CLI.
As well I see an acl_del API call, but no equivalent CLI. I've added them
in https://gerrit.fd.io/r/c/vpp/+/37924
DBGvpp# set acl-plugin acl permit
ACL index:0
DBGvpp# set acl-plugin acl index 0 deny
DBGvpp# set acl-plugin acl index 1 deny
0: acl_add_list:361: acl-plugin-error: Trying to replace nonexistent ACL 1
(tag cli)
*## Fails because index 1 doesn't exist.*
ACL index:0
DBGvpp# show acl-plugin acl
acl-index 0 count 1 tag {cli}
0: ipv4 deny src 0.0.0.0/0 dst 0.0.0.0/0 proto 0 sport 0-65535
dport 0-65535
DBGvpp# set acl-plugin interface loop0 input acl 0
DBGvpp# delete acl-plugin acl index 0
delete acl-plugin acl: failed
*## Fails because index 0 is in use*
DBGvpp# set acl-plugin interface loop0 input acl 0 del
DBGvpp# delete acl-plugin acl index 0
Deleted ACL index:0
DBGvpp# show acl-plugin acl
DBGvpp#
Please take a look. I'd like to add ACLs to vppcfg, and this will allow the
planner to do some meaningful work.
groet,
Pim
--
Pim van Pelt <[email protected]>
PBVP1-RIPE - http://www.ipng.nl/
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22469): https://lists.fd.io/g/vpp-dev/message/22469
Mute This Topic: https://lists.fd.io/mt/96291919/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
