Hi,
I am trying to insert our node (secmod4in) between nat44-ed-in2out and
ip4-lookup. Have done the feature ordering and the feature arc shows the
features enabled in the right order, but still the packet trace shows that
packets are not hitting my node after the NAT node, and directly going to
ip4-lookup.
Output of various CLIs:
1. sh feature verbose:
[16] ip4-unicast:
[ 0]: svs-ip4
[ 1]: srv6-as4-rewrite
[ 2]: srv6-ad4-rewrite
[ 3]: secmodl3ip4udpin
[ 4]: secmodl3ip4udpflowcreate
[ 5]: secmodl3ip4tcpin
[ 6]: secmodl3ip4tcpflowcreate
[ 7]: acl-plugin-in-ip4-fa
[ 8]: ip4-dhcp-client-detect
[ 9]: nat44-out2in-fast
[10]: nat44-ed-classify
[11]: nat44-ed-out2in
[12]: nat44-ed-in2out
[13]: ip4-gbp-lpm-classify
[14]: ip4-gbp-src-classify
[15]: nat44-out2in
[16]: secmod4in
2. sh interface host-vppclient features:
ip4-unicast:
nat44-ed-in2out
secmod4in
ip4-reassembly-feature
secmod4-reassembled-in
3. sh vlib graph:
nat44-ed-in2out ip4-lookup [0] nat44-ed-classify
error-drop [1] nat44-ed-out2in-reass
ip4-icmp-error [2] nat44-ed-out2in-slowpath
nat44-ed-in2out-slowpath [ nat44-ed-out2in
nat44-ed-in2out-reass [4]ip4-mpls-label-disposition
secmod4in [5] ip4-mpls-label-disposition
ip4-input-no-checksum
ip4-input
However, even after the above is configured, the packets are not hitting
secmod4in after the NAT node. I was going through the vpp-dev mailgroup and
came across this discussion - https://lists.fd.io/g/vpp-dev/topic/29379239#11967
Does this still hold true? Do I need to modify the nat plugin to achieve the
above redirection to the secmod4in node rather than sending to the default
ip4-lookup node.
Regards,
Rashmi
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13825): https://lists.fd.io/g/vpp-dev/message/13825
Mute This Topic: https://lists.fd.io/mt/32995780/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
