Hoi, Linux CP forwards all (unicast, multicast, ARP) through the TAP tunnel to the Linux kernel. It's not possible to add a classifier that selectively forwards some but not all traffic. Matthew mentioned in a thread about NAT (which kind of wants to do the same thing, perform NAT on some of the inbound ports using session matching, but forward the rest to Linux), which has some interesting observations which help explain the current behavior: https://lists.fd.io/g/vpp-dev/topic/96783537#22553
groet, Pim On Thu, Feb 9, 2023 at 11:05 AM Burcu YUKSEL < burcu.yuk...@ulakhaberlesme.com.tr> wrote: > Hello Everyone, > > We want to transfer the SSH packets coming from Device A to Linux Stack, > other packets to Application B full duplex. We transferred packets with > using LCP plugin. However in this case we have transferred all the packets > to Linux stack. Is there a way to forward only TCP packets with port 22 to > Linux with LCP? > > VPP: > > lcp create TwentyFiveGigabitEthernetd8/0/0 host-if vpp-host > set interface state TwentyFiveGigabitEthernetd8/0/0 up > set interface ip address TwentyFiveGigabitEthernetd8/0/0 10.20.10.22/24 > ip route add 0.0.0.0/0 via 10.20.10.22 TwentyFiveGigabitEthernetd8/0/0 > > Linux Server: > > sudo ip link set vpp-host up > sudo ip addr add 10.20.10.22/24 dev vpp-host > sudo route add default gw 10.20.10.1 > > Best Regards, > Burcu > > Bu elektronik posta ve onunla iletilen bütün dosyalar sadece göndericisi > tarafından alması amaçlanan yetkili, gerçek ya da tüzel kişinin kullanımı > içindir. Eğer söz konusu yetkili alıcı değilseniz, bu elektronik postanın > içeriğini açıklamanız, kopyalamanız, yönlendirmeniz ve kullanmanız > kesinlikle yasaktır ve bu elektronik postayı derhal silmeniz gerekmektedir. > Şirketimiz bu mesajın içerdiği bilgilerin doğruluğu veya eksiksiz olduğu > konusunda herhangi bir garanti vermemektedir. Bu nedenle, bu bilgilerin ne > şekilde olursa olsun içeriğinden, iletilmesinden, alınmasından ve > saklanmasından sorumlu değildir. Bu mesajdaki görüşler yalnızca gönderen > kişiye aittir ve Şirketimizin görüşlerini yansıtmayabilir. Tarafınız ile > paylaşılan kişisel verilerin, 6698 sayılı Kişisel Verilerin Korunması > Kanununa uygun olarak işlenmesi gereğini bilginize sunarız. > ------------------------------ > > This e-mail and all files sent with it are intended for authorized natural > or legal persons, who should be the only persons to open and read them. If > you are not an authorized recipient, you are strictly prohibited from > disclosing, copying, forwarding, and using the contents of this e-mail, and > you must immediately delete it. Our company does not guarantee the accuracy > or thoroughness of the information contained in this message. It is > therefore in no way responsible for the content, sending, retrieval and > storage of this information. The opinions contained in this message are the > views of the sender only and do not necessarily reflect the views of the > company. We would like to inform you that any personal data shared with you > should be processed in accordance with the Law on Protection of Personal > Data numbered 6698. > > > > -- Pim van Pelt <p...@ipng.nl> PBVP1-RIPE - http://www.ipng.nl/
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22573): https://lists.fd.io/g/vpp-dev/message/22573 Mute This Topic: https://lists.fd.io/mt/96850285/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
