Hi, I am trying to insert our node (secmod4in) between nat44-ed-in2out and ip4-lookup. Have done the feature ordering and the feature arc shows the features enabled in the right order, but still the packet trace shows that packets are not hitting my node after the NAT node, and directly going to ip4-lookup.
Output of various CLIs: 1. sh feature verbose: [16] ip4-unicast: [ 0]: svs-ip4 [ 1]: srv6-as4-rewrite [ 2]: srv6-ad4-rewrite [ 3]: secmodl3ip4udpin [ 4]: secmodl3ip4udpflowcreate [ 5]: secmodl3ip4tcpin [ 6]: secmodl3ip4tcpflowcreate [ 7]: acl-plugin-in-ip4-fa [ 8]: ip4-dhcp-client-detect [ 9]: nat44-out2in-fast [10]: nat44-ed-classify [11]: nat44-ed-out2in [12]: nat44-ed-in2out [13]: ip4-gbp-lpm-classify [14]: ip4-gbp-src-classify [15]: nat44-out2in [16]: secmod4in 2. sh interface host-vppclient features: ip4-unicast: nat44-ed-in2out secmod4in ip4-reassembly-feature secmod4-reassembled-in 3. sh vlib graph: nat44-ed-in2out ip4-lookup [0] nat44-ed-classify error-drop [1] nat44-ed-out2in-reass ip4-icmp-error [2] nat44-ed-out2in-slowpath nat44-ed-in2out-slowpath [ nat44-ed-out2in nat44-ed-in2out-reass [4]ip4-mpls-label-disposition secmod4in [5] ip4-mpls-label-disposition ip4-input-no-checksum ip4-input However, even after the above is configured, the packets are not hitting secmod4in after the NAT node. I was going through the vpp-dev mailgroup and came across this discussion - https://lists.fd.io/g/vpp-dev/topic/29379239#11967 Does this still hold true? Do I need to modify the nat plugin to achieve the above redirection to the secmod4in node rather than sending to the default ip4-lookup node. Regards, Rashmi
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13825): https://lists.fd.io/g/vpp-dev/message/13825 Mute This Topic: https://lists.fd.io/mt/32995780/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-