.. _clicmd_src_vnet_classify: =============================================================== Classify cli reference =============================================================== classify filter ------------------------------------------------------------------------- .. code-block:: console classify filter | pcap mask match | trace mask match [del] [buckets ] [memory-size ] Construct an arbitrary set of packet classifier tables for use with "pcap rx | tx trace," and with the vpp packet tracer Packets which match a rule in the classifier table chain will be traced. The tables are automatically ordered so that matches in the most specific table are tried first. It's reasonably likely that folks will configure a single table with one or two matches. As a result, we configure 8 hash buckets and 128K of match rule space. One can override the defaults by specifying "buckets " and "memory-size " as desired. To build up complex filter chains, repeatedly issue the classify filter debug CLI command. Each command must specify the desired mask and match values. If a classifier table with a suitable mask already exists, the CLI command adds a match rule to the existing table. If not, the CLI command add a new table and the indicated mask rule Here is a terse description of the "mask " syntax: l2 src dst proto tag1 tag2 ignore-tag1 ignore-tag2 cos1 cos2 dot1q dot1ad l3 ip4 ip6

version hdr_length src[/width] dst[/width] tos length fragment_id ttl protocol checksum version traffic-class flow-label src dst proto payload_length hop_limit protocol l4 tcp udp src_port dst_port src dst # ports src_port dst_port To construct matches, add the values to match after the indicated keywords: in the match syntax. For example: mask l3 ip4 src -> match l3 ip4 src 192.168.1.11 Configuring the classify filter Configure a simple classify filter, and configure pcap rx trace to use it: .. code-block:: console classify filter rx mask l3 ip4 src match l3 ip4 src 192.168.1.11 ``pcap rx trace on max 100 filter`` Configure another fairly simple filter .. code-block:: console classify filter mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10 Configure a filter for use with the vpp packet tracer: .. code-block:: console classify filter trace mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10 ``trace add dpdk-input 100 filter`` Clear classifier filters ``classify filter [trace | rx | tx | ] del`` To display the top-level classifier tables for each use case: ``show classify filter`` To inspect the classifier tables, use ``show classify table [verbose]`` The verbose form displays all of the match rules, with hit-counters Declaration: ``classify_filter`` `src/vnet/classify/vnet_classify.c line 2130 `_ Implementation: ``classify_filter_command_fn`` classify session ------------------------------------------------------------------------- .. code-block:: console classify session [hit-next|l2-input-hit-next|l2-output-hit-next|acl-hit-next |policer-hit-next ] table-index match [hex] [l2] [l3 ip4] [opaque-index ] [action set-ip4-fib-id|set-ip6-fib-id|set-sr-policy-index ] [del] Declaration: ``classify_session_command`` `src/vnet/classify/vnet_classify.c line 2935 `_ Implementation: ``classify_session_command_fn`` classify table ------------------------------------------------------------------------- .. code-block:: console classify table [miss-next|l2-miss_next|acl-miss-next ] mask buckets [skip ] [match ] [current-data-flag ] [current-data-offset ] [table ] [memory-size [M][G]] [next-table ] [del] [del-chain] Declaration: ``classify_table`` `src/vnet/classify/vnet_classify.c line 1642 `_ Implementation: ``classify_table_command_fn`` set flow classify ------------------------------------------------------------------------- .. code-block:: console set flow classify interface [ip4-table ] [ip6-table ] [del] Declaration: ``set_input_acl_command`` `src/vnet/classify/flow_classify.c line 154 `_ Implementation: ``set_flow_classify_command_fn`` set interface output acl ------------------------------------------------------------------------- .. code-block:: console set interface output acl intfc [ip4-table ] [ip6-table ] [l2-table ] [del] Declaration: ``set_output_acl_command`` `src/vnet/classify/in_out_acl.c line 267 `_ Implementation: ``set_output_acl_command_fn`` set policer classify ------------------------------------------------------------------------- .. code-block:: console set policer classify interface [ip4-table ] [ip6-table ] [l2-table ] [del] Declaration: ``set_policer_classify_command`` `src/vnet/classify/policer_classify.c line 168 `_ Implementation: ``set_policer_classify_command_fn`` show classify filter ------------------------------------------------------------------------- .. code-block:: console show classify filter [verbose [nn]] Declaration: ``show_classify_filter`` `src/vnet/classify/vnet_classify.c line 2220 `_ Implementation: ``show_classify_filter_command_fn`` show classify flow ------------------------------------------------------------------------- .. code-block:: console show classify flow type [ip4|ip6] Declaration: ``show_flow_classify_command`` `src/vnet/classify/flow_classify.c line 219 `_ Implementation: ``show_flow_classify_command_fn`` show classify policer ------------------------------------------------------------------------- .. code-block:: console show classify policer type [ip4|ip6|l2] Declaration: ``show_policer_classify_command`` `src/vnet/classify/policer_classify.c line 235 `_ Implementation: ``show_policer_classify_command_fn`` show classify tables ------------------------------------------------------------------------- .. code-block:: console show classify tables [index ] Declaration: ``show_classify_table_command`` `src/vnet/classify/vnet_classify.c line 2316 `_ Implementation: ``show_classify_tables_command_fn`` show inacl ------------------------------------------------------------------------- .. code-block:: console show inacl type [ip4|ip6|l2] Declaration: ``show_inacl_command`` `src/vnet/classify/in_out_acl.c line 396 `_ Implementation: ``show_inacl_command_fn`` show outacl ------------------------------------------------------------------------- .. code-block:: console show outacl type [ip4|ip6|l2] Declaration: ``show_outacl_command`` `src/vnet/classify/in_out_acl.c line 401 `_ Implementation: ``show_outacl_command_fn`` test classify ------------------------------------------------------------------------- .. code-block:: console test classify [src ] [sessions ] [buckets ] [seed ] [memory-size [M|G]] [churn-test] Declaration: ``test_classify_command`` `src/vnet/classify/vnet_classify.c line 3358 `_ Implementation: ``test_classify_command_fn``