Take a look at the snat plugin (.../src/plugins/snat/snat.c) for 2x complete
feature arc examples.
This macro arranges the ip4 input feature arc hookup:
/* Hook up input features */
VNET_FEATURE_INIT (ip4_snat_in2out, static) = {
.arc_name = "ip4-unicast",
.node_name = "snat-in2out",
.runs_before = VNET_FEATURES ("snat-out2in"),
};
This means: the “snat-in2out” feature belongs on the “ip4-unicast” [input]
feature arc. This feature runs before “snat-out2in” [defined elsewhere in
snat.c].
Note also the “show features”, “set interface feature”, and “show interface
features <intfc-name>” debug CLI commands.
If you want a code reading project, see vnet_feature_arc_init(...). It
generates a partial order of features using Warshall’s algorithm to do a
topological sort.
Thanks… Dave
From: John Pearson [mailto:[email protected]]
Sent: Wednesday, February 8, 2017 11:15 PM
To: Dave Barach (dbarach) <[email protected]>
Cc: Pierre Pfister (ppfister) <[email protected]>; [email protected]
Subject: Re: [vpp-dev] classify and redirect to tap
I am using IRB config.
I am using CLI and CLI docs to find these features.
Sorry, but I couldn't find ip input feature. I found input under interface: set
int input, but the only option under that was acl.
So basically:
clients with ip addresses 192.168.1.0/24<http://192.168.1.0/24> --->
dst_port=5000, dst_addr=customdomain.com<http://customdomain.com> ---> vpp
intercept ---> redirects ---> tap interface ---> server listening on linux
stack (192.168.1.3)
Yes, don't care about intercepting tcp traffic between clients on same subnet.
Thanks!
On Wed, Feb 8, 2017 at 3:27 PM, Dave Barach (dbarach)
<[email protected]<mailto:[email protected]>> wrote:
Assuming that you’re using an IRB config: I’d suggest using the ip input
feature arc; enable the feature on the IRB loopback interface and off you go.
FYI: we’re planning a significant rework of the L2 feature path. I’m guessing
that you don’t care about intercepting 192.168.1.10 tcp -> 192.168.1.11 tcp
dst=5000
D.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]<mailto:[email protected]>] On
Behalf Of John Pearson
Sent: Wednesday, February 8, 2017 5:36 PM
To: Pierre Pfister (ppfister) <[email protected]<mailto:[email protected]>>
Cc: [email protected]<mailto:[email protected]>
Subject: Re: [vpp-dev] classify and redirect to tap
@Dave
Every packet from any/all clients aimed at tcp 5000. Basically this would be
like a proxy server.
Client 1 (192.168.1.10) ---> dst_port=5000,
dst_addr=customdomain.com<http://customdomain.com> ---> vpp intercept --->
redirects ---> tap interface ---> server listening on linux stack (192.168.1.3)
@Pierre
Thank. I will take a look at the plugin.
On Wed, Feb 8, 2017 at 2:14 PM, Pierre Pfister (ppfister)
<[email protected]<mailto:[email protected]>> wrote:
Hello John,
IIRC tap inject is in VPP Sandbox "router" sub-project.
It is an experimental plugin allowing for doing what you are looking for.
It was intended to provide a way to run a routing protocol in linux and reflect
the result into VPP.
I don't know if it still compiles, but it definitely would be useful to have
someone updating it.
Cheers,
- Pierre
> Le 7 févr. 2017 à 06:56, John Pearson
> <[email protected]<mailto:[email protected]>> a écrit :
>
> Hi, I am trying to send/redirect outgoing tcp port 5000 traffic to tap device.
>
> I found another thread mention “tap inject” but couldn’t find any
> documentation on it and “inject” is an unknown input in vpp CLI.
>
> Any advice?
> _______________________________________________
> vpp-dev mailing list
> [email protected]<mailto:[email protected]>
> https://lists.fd.io/mailman/listinfo/vpp-dev
_______________________________________________
vpp-dev mailing list
[email protected]
https://lists.fd.io/mailman/listinfo/vpp-dev
