Re: [vpp-dev] VPP ACL plugin session info

2018-01-23 Thread Andrew Yourtchenko 
Pradeep,

At this time you can only look at the specific session for the debug purposes, 
not the whole table.

To have the traffic create the session you need to use “permit+reflect” action.

So with our your configuring “deny” no sessions will be created.

--a

> On 22 Jan 2018, at 18:32, Pradeep Patel (pradpate)  wrote:
> 
> Team,
> I am trying to dump the session table (show acl-plugin sessions) to view the 
> session info but don’t see any sessions getting created. Any input will be 
> helpful.
>  
> Plugin Version
> vat# acl_plugin_get_version
> vl_api_acl_plugin_get_version_reply_t_handler:133: ACL plugin version: 1.3  
>  
> Following is the acl plugin configuration:
> vat# acl_add_replace deny, ipv4 deny
> vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0
> vat# acl_interface_set_acl_list sw_if_index 1  input 0  output 0
> vat# acl_interface_set_acl_list sw_if_index 2 input 0  output 0
> vat# acl_add_replace  0 permit src 192.168.1.10/32, permit
> vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0
> vat# acl_dump
> vl_api_acl_details_t_handler:193: acl_index: 0, count: 2
>tag {}
>ipv4 action 1 src 192.168.1.10/32 dst 0.0.0.0/0 proto 0 sport 0-65535 
> dport 0-65535 tcpflags 0 mask 0,
>ipv4 action 1 src 0.0.0.0/0 dst 0.0.0.0/0 proto 0 sport 0-65535 dport 
> 0-65535 tcpflags 0 mask 0
>  
> Client IP : 192.168.1.10
>  
> root@localhost:/sandbox/tests/vpp# nc   5.1.1.10 11000
> fdsdsf
>  
> Server IP :   5.1.1.10
> root@localhost:~# nc -l 11000
> fdsdsf
>  
> Trace Info
>  
> Packet X
> 00:08:21:983273: acl-plugin-out-ip4-fa
>   acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 0 
> trace_bits 
>   pkt info  0a01a8c0  
> 0a010105 000200062af8a798 05020002
>output sw_if_index 2 (lsb16 2) l3 ip4 192.168.1.10 -> 5.1.1.10 l4 proto 6 
> l4_valid 1 port 42904 -> 11000 tcp flags (valid) 02 rsvd 0
> 00:08:21:983276: host-vpp_outside-output
>   host-vpp_outside
>   IP4: 02:fe:ec:db:35:b8 -> 92:93:a8:73:cd:7f
>   TCP: 192.168.1.10 -> 5.1.1.10
> tos 0x00, ttl 63, length 60, checksum 0xee09
> fragment id 0x85f5, flags DONT_FRAGMENT
>   TCP: 42904 -> 11000
> seq. 0xd64e1be2 ack 0x
> flags 0x02 SYN, tcp header: 40 bytes
> window 29200, checksum 0x
>  
> packet Y
> 00:08:21:983327: acl-plugin-in-ip4-fa
>   acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 1 
> trace_bits 
>   pkt info  0a010105  
> 0a01a8c0 00020006a7982af8 07120002
>input sw_if_index 2 (lsb16 2) l3 ip4 5.1.1.10 -> 192.168.1.10 l4 proto 6 
> l4_valid 1 port 11000 -> 42904 tcp flags (valid) 12 rsvd 0
> 00:08:21:983329: ip4-lookup
>   fib 0 dpo-idx 2 flow hash: 0x
>   TCP: 5.1.1.10 -> 192.168.1.10
> tos 0x00, ttl 64, length 60, checksum 0x72ff
>  
> vpp# show acl-plugin sessions
> Sessions total: add 0 - del 0 = 0
>  
>  
> Per-thread data:
> Thread #0:
>   connection add/del stats:
> sw_if_index 0: add 0 - del 0 = 0
> sw_if_index 1: add 0 - del 0 = 0
> sw_if_index 2: add 0 - del 0 = 0
>   connection timeout type lists:
>   fa_conn_list_head[0]: -1
>   fa_conn_list_head[1]: -1
>   fa_conn_list_head[2]: -1
>   Next expiry time: 0
>   Requeue until time: 0
>   Current time wait interval: 0
>   Count of deleted sessions: 0
>   Delete already deleted: 0
>   Session timers restarted: 0
>   Swipe until this time: 0
>   sw_if_index serviced bitmap: 0
>   pending clear intfc bitmap : 0
>   clear in progress: 0
>   interrupt is pending: 0
>   interrupt is needed: 0
>   interrupt is unwanted: 0
>   interrupt generation: 1898
>  
>  
> Conn cleaner thread counters:
> 0: delete_by_sw_index events
> 0: delete_by_sw_index handled ok
> 0: unknown events received
> 0: session idle timers restarted
>  1898: event wait with timeout called
> 1: event wait w/o timeout called
>  1898: total event cycles
> Interrupt generation: 1899
> Sessions per interval: min 1 max 100 increment: 100 ms current: 500 ms
>  
> Session lookup hash table:
> Hash table ACL plugin FA session bihash
> 0 active elements
> 0 free lists
> 0 linear search buckets
> 0 cache hits, 0 cache misses
>  
>  
> vpp#
> ___
> vpp-dev mailing list
> vpp-dev@lists.fd.io
> https://lists.fd.io/mailman/listinfo/vpp-dev
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] VPP ACL plugin session info

2018-01-22 Thread Pradeep Patel (pradpate) 
Team,
I am trying to dump the session table (show acl-plugin sessions) to view the 
session info but don’t see any sessions getting created. Any input will be 
helpful.

Plugin Version
vat# acl_plugin_get_version
vl_api_acl_plugin_get_version_reply_t_handler:133: ACL plugin version: 1.3

Following is the acl plugin configuration:
vat# acl_add_replace deny, ipv4 deny
vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0
vat# acl_interface_set_acl_list sw_if_index 1  input 0  output 0
vat# acl_interface_set_acl_list sw_if_index 2 input 0  output 0
vat# acl_add_replace  0 permit src 192.168.1.10/32, permit
vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0
vat# acl_dump
vl_api_acl_details_t_handler:193: acl_index: 0, count: 2
   tag {}
   ipv4 action 1 src 192.168.1.10/32 dst 0.0.0.0/0 proto 0 sport 0-65535 dport 
0-65535 tcpflags 0 mask 0,
   ipv4 action 1 src 0.0.0.0/0 dst 0.0.0.0/0 proto 0 sport 0-65535 dport 
0-65535 tcpflags 0 mask 0

Client IP : 192.168.1.10

root@localhost:/sandbox/tests/vpp# nc   5.1.1.10 11000
fdsdsf

Server IP :   5.1.1.10
root@localhost:~# nc -l 11000
fdsdsf

Trace Info

Packet X
00:08:21:983273: acl-plugin-out-ip4-fa
  acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 0 
trace_bits 
  pkt info  0a01a8c0  0a010105 
000200062af8a798 05020002
   output sw_if_index 2 (lsb16 2) l3 ip4 192.168.1.10 -> 5.1.1.10 l4 proto 6 
l4_valid 1 port 42904 -> 11000 tcp flags (valid) 02 rsvd 0
00:08:21:983276: host-vpp_outside-output
  host-vpp_outside
  IP4: 02:fe:ec:db:35:b8 -> 92:93:a8:73:cd:7f
  TCP: 192.168.1.10 -> 5.1.1.10
tos 0x00, ttl 63, length 60, checksum 0xee09
fragment id 0x85f5, flags DONT_FRAGMENT
  TCP: 42904 -> 11000
seq. 0xd64e1be2 ack 0x
flags 0x02 SYN, tcp header: 40 bytes
window 29200, checksum 0x

packet Y
00:08:21:983327: acl-plugin-in-ip4-fa
  acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 1 
trace_bits 
  pkt info  0a010105  0a01a8c0 
00020006a7982af8 07120002
   input sw_if_index 2 (lsb16 2) l3 ip4 5.1.1.10 -> 192.168.1.10 l4 proto 6 
l4_valid 1 port 11000 -> 42904 tcp flags (valid) 12 rsvd 0
00:08:21:983329: ip4-lookup
  fib 0 dpo-idx 2 flow hash: 0x
  TCP: 5.1.1.10 -> 192.168.1.10
tos 0x00, ttl 64, length 60, checksum 0x72ff

vpp# show acl-plugin sessions
Sessions total: add 0 - del 0 = 0


Per-thread data:
Thread #0:
  connection add/del stats:
sw_if_index 0: add 0 - del 0 = 0
sw_if_index 1: add 0 - del 0 = 0
sw_if_index 2: add 0 - del 0 = 0
  connection timeout type lists:
  fa_conn_list_head[0]: -1
  fa_conn_list_head[1]: -1
  fa_conn_list_head[2]: -1
  Next expiry time: 0
  Requeue until time: 0
  Current time wait interval: 0
  Count of deleted sessions: 0
  Delete already deleted: 0
  Session timers restarted: 0
  Swipe until this time: 0
  sw_if_index serviced bitmap: 0
  pending clear intfc bitmap : 0
  clear in progress: 0
  interrupt is pending: 0
  interrupt is needed: 0
  interrupt is unwanted: 0
  interrupt generation: 1898


Conn cleaner thread counters:
0: delete_by_sw_index events
0: delete_by_sw_index handled ok
0: unknown events received
0: session idle timers restarted
 1898: event wait with timeout called
1: event wait w/o timeout called
 1898: total event cycles
Interrupt generation: 1899
Sessions per interval: min 1 max 100 increment: 100 ms current: 500 ms

Session lookup hash table:
Hash table ACL plugin FA session bihash
0 active elements
0 free lists
0 linear search buckets
0 cache hits, 0 cache misses


vpp#
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev