How to implement a whitelist for src addr?

[ShawnLeung87]

How to implement a whitelist for src addr? If lpm table is used as a whitelist, pkt_info in lookup_policy matches lookup_src_lpm_ipv4_policy first. Will pkt_info enter other policies?

[AltraMayor]

Try the example at section "The policy script" of the wiki page "Tips for Deployments". This example is easy to modify to meet your needs.

[ShawnLeung87]

Aren't the packets processed linearly? For example lookup_policy Policy plan A, src 1.1.1.1 granted to any dst address Policy plan B, dst 2.2.2.2 deny access to any src address lookup_policy order, plan A first, planB second At this time, which policy plan should the data packets from 1.1.1.1 to 2.2.2.2 follow?

[AltraMayor]

Given that (1) both plans match that packet, and (2) plan A comes before plan B, plan A will decide the fate of the flow (1.1.1.1, 2.2.2.2). That is, the flow will be granted.