 |
FD.io VPP
v19.08.3-2-gbabecb413
Vector Packet Processing
|
|
FD.io VPP
v19.08.3-2-gbabecb413
Vector Packet Processing
|
classify filter <intfc> | pcap mask <mask-value> match <match-value>
| trace mask <mask-value> match <match-value> [del] [buckets <nn>] [memory-size <n>].
Construct an arbitrary set of packet classifier tables for use with "pcap rx | tx trace," and with the vpp packet tracer
Packets which match a rule in the classifier table chain will be traced. The tables are automatically ordered so that matches in the most specific table are tried first.
It's reasonably likely that folks will configure a single table with one or two matches. As a result, we configure 8 hash buckets and 128K of match rule space. One can override the defaults by specifiying "buckets <nnn>" and "memory-size <xxx>" as desired.
To build up complex filter chains, repeatedly issue the classify filter debug CLI command. Each command must specify the desired mask and match values. If a classifier table with a suitable mask already exists, the CLI command adds a match rule to the existing table. If not, the CLI command add a new table and the indicated mask rule
Here is a terse description of the "mask <xxx>" syntax:
l2 src dst proto tag1 tag2 ignore-tag1 ignore-tag2 cos1 cos2 dot1q dot1ad
l3 ip4 <ip4-mask> ip6 <ip6-mask>
<ip4-mask> version hdr_length src[/width] dst[/width] tos length fragment_id ttl protocol checksum
<ip6-mask> version traffic-class flow-label src dst proto payload_length hop_limit protocol
l4 tcp <tcp-mask> udp <udp_mask> src_port dst_port
<tcp-mask> src dst # ports
<udp-mask> src_port dst_port
To construct matches, add the values to match after the indicated keywords: in the match syntax. For example: mask l3 ip4 src -> match l3 ip4 src 192.168.1.11
Configure a simple classify filter, and configure pcap rx trace to use it:
classify filter rx mask l3 ip4 src match l3 ip4 src 192.168.1.11"
pcap rx trace on max 100 filter
Configure another fairly simple filter
classify filter mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10"
Configure a filter for use with the vpp packet tracer: classify filter trace mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10" trace add dpdk-input 100 filter
Clear classifier filters
classify filter [trace | rx | tx | <intfc>] del
To display the top-level classifier tables for each use case: show classify filter
To inspect the classifier tables, use
show classify table [verbose] The verbose form displays all of the match rules, with hit-counters
Declaration: classify_filter (src/vnet/classify/vnet_classify.c line 2021)
Implementation: classify_filter_command_fn.
classify session [hit-next|l2-input-hit-next|l2-output-hit-next|acl-hit-next <next_index>|policer-hit-next <policer_name>]
table-index <nn> match [hex] [l2] [l3 ip4] [opaque-index <index>] [action set-ip4-fib-id|set-ip6-fib-id|set-sr-policy-index <n>] [del].
Declaration: classify_session_command (src/vnet/classify/vnet_classify.c line 2816)
Implementation: classify_session_command_fn.
classify table [miss-next|l2-miss_next|acl-miss-next <next_index>]
mask <mask-value> buckets <nn> [skip <n>] [match <n>] [current-data-flag <n>] [current-data-offset <n>] [table <n>] [memory-size <nn>[M][G]] [next-table <n>] [del] [del-chain].
Declaration: classify_table (src/vnet/classify/vnet_classify.c line 1633)
Implementation: classify_table_command_fn.
set interface input acl intfc <int> [ip4-table <index>]
[ip6-table <index>] [l2-table <index>] [del].
Declaration: set_input_acl_command (src/vnet/classify/in_out_acl.c line 234)
Implementation: set_input_acl_command_fn.
set interface output acl intfc <int> [ip4-table <index>]
[ip6-table <index>] [l2-table <index>] [del].
Declaration: set_output_acl_command (src/vnet/classify/in_out_acl.c line 241)
Implementation: set_output_acl_command_fn.
set policer classify interface <int> [ip4-table <index>]
[ip6-table <index>] [l2-table <index>] [del].
Declaration: set_policer_classify_command (src/vnet/classify/policer_classify.c line 168)
Implementation: set_policer_classify_command_fn.
show classify filter [verbose [nn]].
Declaration: show_classify_filter (src/vnet/classify/vnet_classify.c line 2116)
Implementation: show_classify_filter_command_fn.
show classify flow type [ip4|ip6].
Declaration: show_flow_classify_command (src/vnet/classify/flow_classify.c line 219)
Implementation: show_flow_classify_command_fn.
show classify policer type [ip4|ip6|l2].
Declaration: show_policer_classify_command (src/vnet/classify/policer_classify.c line 235)
Implementation: show_policer_classify_command_fn.
show classify tables [index <nn>].
Declaration: show_classify_table_command (src/vnet/classify/vnet_classify.c line 2212)
Implementation: show_classify_tables_command_fn.
show inacl type [ip4|ip6|l2].
Declaration: show_inacl_command (src/vnet/classify/in_out_acl.c line 370)
Implementation: show_inacl_command_fn.
show outacl type [ip4|ip6|l2].
Declaration: show_outacl_command (src/vnet/classify/in_out_acl.c line 375)
Implementation: show_outacl_command_fn.
test classify [src <ip>] [sessions <nn>] [buckets <nn>] [seed <nnn>]
[memory-size <nn>[M|G]]
[churn-test].
Declaration: test_classify_command (src/vnet/classify/vnet_classify.c line 3247)
Implementation: test_classify_command_fn.
1.8.13