Re: [vpp-dev] CLI acl replace + delete

Tue, 17 Jan 2023 08:44:05 -0800

Hi Pim,

Thanks a lot! I merged it.

A bit of a history: when creating the ACL plugin, I went a bit gung-ho on DRY, and since I had to write what is essentially CLI as part of a vat plugin for it, and since there was a way to call that from VPP, I never did the CLI. (Also, following the mantra that the CLI is for debugging). Then IIRC Neale added the specific CLI for the ACL, and this is how it all ended up where it ended up :-)

That said - indeed as Petr says - if you have an option to go with the API in lieu of CLI, that is always better. We have a somewhat user-friendly way of achieving the compatibility on API, but nothing like that on the CLI, since it is intended for the debug purposes. 

--a

On 15 Jan 2023, at 20:14, Pim van Pelt via lists.fd.io <pim=ipng...@lists.fd.io> wrote:


Hoi folks,

I noticed that the acl-plugin will allow to replace an existing ACL using the API, but not while using the CLI.
As well I see an acl_del API call, but no equivalent CLI. I've added them in https://gerrit.fd.io/r/c/vpp/+/37924

DBGvpp# set acl-plugin acl permit

ACL index:0

DBGvpp# set acl-plugin acl index 0 deny


DBGvpp# set acl-plugin acl index 1 deny

0: acl_add_list:361: acl-plugin-error: Trying to replace nonexistent ACL 1 (tag cli)

## Fails because index 1 doesn't exist.


ACL index:0

DBGvpp# show acl-plugin acl 

acl-index 0 count 1 tag {cli}

          0: ipv4 deny src 0.0.0.0/0 dst 0.0.0.0/0 proto 0 sport 0-65535 dport 0-65535

DBGvpp# set acl-plugin interface loop0 input acl 0


DBGvpp# delete acl-plugin acl index 0

delete acl-plugin acl: failed

## Fails because index 0 is in use


DBGvpp# set acl-plugin interface loop0 input acl 0 del

DBGvpp# delete acl-plugin acl index 0

Deleted ACL index:0


DBGvpp# show acl-plugin acl 

DBGvpp#

Please take a look. I'd like to add ACLs to vppcfg, and this will allow the planner to do some meaningful work.

groet,
Pim
--
Pim van Pelt <p...@ipng.nl>
PBVP1-RIPE - http://www.ipng.nl/



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22472): https://lists.fd.io/g/vpp-dev/message/22472
Mute This Topic: https://lists.fd.io/mt/96291919/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to