Pradeep,
At this time you can only look at the specific session for the debug purposes,
not the whole table.
To have the traffic create the session you need to use “permit+reflect” action.
So with our your configuring “deny” no sessions will be created.
--a
> On 22 Jan 2018, at 18:32, Pradeep Patel (pradpate) <pradp...@cisco.com> wrote:
>
> Team,
> I am trying to dump the session table (show acl-plugin sessions) to view the
> session info but don’t see any sessions getting created. Any input will be
> helpful.
>
> Plugin Version
> vat# acl_plugin_get_version
> vl_api_acl_plugin_get_version_reply_t_handler:133: ACL plugin version: 1.3
>
> Following is the acl plugin configuration:
> vat# acl_add_replace deny, ipv4 deny
> vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0
> vat# acl_interface_set_acl_list sw_if_index 1 input 0 output 0
> vat# acl_interface_set_acl_list sw_if_index 2 input 0 output 0
> vat# acl_add_replace 0 permit src 192.168.1.10/32, permit
> vl_api_acl_add_replace_reply_t_handler:107: ACL index: 0
> vat# acl_dump
> vl_api_acl_details_t_handler:193: acl_index: 0, count: 2
> tag {}
> ipv4 action 1 src 192.168.1.10/32 dst 0.0.0.0/0 proto 0 sport 0-65535
> dport 0-65535 tcpflags 0 mask 0,
> ipv4 action 1 src 0.0.0.0/0 dst 0.0.0.0/0 proto 0 sport 0-65535 dport
> 0-65535 tcpflags 0 mask 0
>
> Client IP : 192.168.1.10
>
> root@localhost:/sandbox/tests/vpp# nc 5.1.1.10 11000
> fdsdsf
>
> Server IP : 5.1.1.10
> root@localhost:~# nc -l 11000
> fdsdsf
>
> Trace Info
>
> Packet X
> 00:08:21:983273: acl-plugin-out-ip4-fa
> acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 0
> trace_bits 00000000
> pkt info 0000000000000000 0a01a8c000000000 0000000000000000
> 0a01010500000000 000200062af8a798 0502ffff00000002
> output sw_if_index 2 (lsb16 2) l3 ip4 192.168.1.10 -> 5.1.1.10 l4 proto 6
> l4_valid 1 port 42904 -> 11000 tcp flags (valid) 02 rsvd 0
> 00:08:21:983276: host-vpp_outside-output
> host-vpp_outside
> IP4: 02:fe:ec:db:35:b8 -> 92:93:a8:73:cd:7f
> TCP: 192.168.1.10 -> 5.1.1.10
> tos 0x00, ttl 63, length 60, checksum 0xee09
> fragment id 0x85f5, flags DONT_FRAGMENT
> TCP: 42904 -> 11000
> seq. 0xd64e1be2 ack 0x00000000
> flags 0x02 SYN, tcp header: 40 bytes
> window 29200, checksum 0x0000
>
> packet Y
> 00:08:21:983327: acl-plugin-in-ip4-fa
> acl-plugin: sw_if_index 2, next index 1, action: 1, match: acl 0 rule 1
> trace_bits 00000000
> pkt info 0000000000000000 0a01010500000000 0000000000000000
> 0a01a8c000000000 00020006a7982af8 0712ffff00000002
> input sw_if_index 2 (lsb16 2) l3 ip4 5.1.1.10 -> 192.168.1.10 l4 proto 6
> l4_valid 1 port 11000 -> 42904 tcp flags (valid) 12 rsvd 0
> 00:08:21:983329: ip4-lookup
> fib 0 dpo-idx 2 flow hash: 0x00000000
> TCP: 5.1.1.10 -> 192.168.1.10
> tos 0x00, ttl 64, length 60, checksum 0x72ff
>
> vpp# show acl-plugin sessions
> Sessions total: add 0 - del 0 = 0
>
>
> Per-thread data:
> Thread #0:
> connection add/del stats:
> sw_if_index 0: add 0 - del 0 = 0
> sw_if_index 1: add 0 - del 0 = 0
> sw_if_index 2: add 0 - del 0 = 0
> connection timeout type lists:
> fa_conn_list_head[0]: -1
> fa_conn_list_head[1]: -1
> fa_conn_list_head[2]: -1
> Next expiry time: 0
> Requeue until time: 0
> Current time wait interval: 0
> Count of deleted sessions: 0
> Delete already deleted: 0
> Session timers restarted: 0
> Swipe until this time: 0
> sw_if_index serviced bitmap: 0
> pending clear intfc bitmap : 0
> clear in progress: 0
> interrupt is pending: 0
> interrupt is needed: 0
> interrupt is unwanted: 0
> interrupt generation: 1898
>
>
> Conn cleaner thread counters:
> 0: delete_by_sw_index events
> 0: delete_by_sw_index handled ok
> 0: unknown events received
> 0: session idle timers restarted
> 1898: event wait with timeout called
> 1: event wait w/o timeout called
> 1898: total event cycles
> Interrupt generation: 1899
> Sessions per interval: min 1 max 100 increment: 100 ms current: 500 ms
>
> Session lookup hash table:
> Hash table ACL plugin FA session bihash
> 0 active elements
> 0 free lists
> 0 linear search buckets
> 0 cache hits, 0 cache misses
>
>
> vpp#
> _______________________________________________
> vpp-dev mailing list
> vpp-dev@lists.fd.io
> https://lists.fd.io/mailman/listinfo/vpp-dev
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
