Pradeep, At this time you can only look at the specific session for the debug purposes, not the whole table.
To have the traffic create the session you need to use “permit+reflect” action. So with our your configuring “deny” no sessions will be created. --a > On 22 Jan 2018, at 18:32, Pradeep Patel (pradpate) <pradp...@cisco.com> wrote: > > Team, > I am trying to dump the session table (show acl-plugin sessions) to view the > session info but don’t see any sessions getting created. Any input will be > helpful. > > Plugin Version > vat# acl_plugin_get_version > vl_api_acl_plugin_get_version_reply_t_handler:133: ACL plugin version: 1.3 > > Following is the acl plugin configuration: > vat# acl_add_replace deny, ipv4 deny > vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0 > vat# acl_interface_set_acl_list sw_if_index 1 input 0 output 0 > vat# acl_interface_set_acl_list sw_if_index 2 input 0 output 0 > vat# acl_add_replace 0 permit src 192.168.1.10/32, permit > vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0 > vat# acl_dump > vl_api_acl_details_t_handler:193: acl_index: 0, count: 2 > tag {} > ipv4 action 1 src 192.168.1.10/32 dst 0.0.0.0/0 proto 0 sport 0-65535 > dport 0-65535 tcpflags 0 mask 0, > ipv4 action 1 src 0.0.0.0/0 dst 0.0.0.0/0 proto 0 sport 0-65535 dport > 0-65535 tcpflags 0 mask 0 > > Client IP : 192.168.1.10 > > root@localhost:/sandbox/tests/vpp# nc 5.1.1.10 11000 > fdsdsf > > Server IP : 5.1.1.10 > root@localhost:~# nc -l 11000 > fdsdsf > > Trace Info > > Packet X > 00:08:21:983273: acl-plugin-out-ip4-fa > acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 0 > trace_bits 00000000 > pkt info 0000000000000000 0a01a8c000000000 0000000000000000 > 0a01010500000000 000200062af8a798 0502ffff00000002 > output sw_if_index 2 (lsb16 2) l3 ip4 192.168.1.10 -> 5.1.1.10 l4 proto 6 > l4_valid 1 port 42904 -> 11000 tcp flags (valid) 02 rsvd 0 > 00:08:21:983276: host-vpp_outside-output > host-vpp_outside > IP4: 02:fe:ec:db:35:b8 -> 92:93:a8:73:cd:7f > TCP: 192.168.1.10 -> 5.1.1.10 > tos 0x00, ttl 63, length 60, checksum 0xee09 > fragment id 0x85f5, flags DONT_FRAGMENT > TCP: 42904 -> 11000 > seq. 0xd64e1be2 ack 0x00000000 > flags 0x02 SYN, tcp header: 40 bytes > window 29200, checksum 0x0000 > > packet Y > 00:08:21:983327: acl-plugin-in-ip4-fa > acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 1 > trace_bits 00000000 > pkt info 0000000000000000 0a01010500000000 0000000000000000 > 0a01a8c000000000 00020006a7982af8 0712ffff00000002 > input sw_if_index 2 (lsb16 2) l3 ip4 5.1.1.10 -> 192.168.1.10 l4 proto 6 > l4_valid 1 port 11000 -> 42904 tcp flags (valid) 12 rsvd 0 > 00:08:21:983329: ip4-lookup > fib 0 dpo-idx 2 flow hash: 0x00000000 > TCP: 5.1.1.10 -> 192.168.1.10 > tos 0x00, ttl 64, length 60, checksum 0x72ff > > vpp# show acl-plugin sessions > Sessions total: add 0 - del 0 = 0 > > > Per-thread data: > Thread #0: > connection add/del stats: > sw_if_index 0: add 0 - del 0 = 0 > sw_if_index 1: add 0 - del 0 = 0 > sw_if_index 2: add 0 - del 0 = 0 > connection timeout type lists: > fa_conn_list_head[0]: -1 > fa_conn_list_head[1]: -1 > fa_conn_list_head[2]: -1 > Next expiry time: 0 > Requeue until time: 0 > Current time wait interval: 0 > Count of deleted sessions: 0 > Delete already deleted: 0 > Session timers restarted: 0 > Swipe until this time: 0 > sw_if_index serviced bitmap: 0 > pending clear intfc bitmap : 0 > clear in progress: 0 > interrupt is pending: 0 > interrupt is needed: 0 > interrupt is unwanted: 0 > interrupt generation: 1898 > > > Conn cleaner thread counters: > 0: delete_by_sw_index events > 0: delete_by_sw_index handled ok > 0: unknown events received > 0: session idle timers restarted > 1898: event wait with timeout called > 1: event wait w/o timeout called > 1898: total event cycles > Interrupt generation: 1899 > Sessions per interval: min 1 max 100 increment: 100 ms current: 500 ms > > Session lookup hash table: > Hash table ACL plugin FA session bihash > 0 active elements > 0 free lists > 0 linear search buckets > 0 cache hits, 0 cache misses > > > vpp# > _______________________________________________ > vpp-dev mailing list > vpp-dev@lists.fd.io > https://lists.fd.io/mailman/listinfo/vpp-dev
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev