Message ID | 1612268682-29525-1-git-send-email-paulb@nvidia.com |
---|---|
State | New |
Headers | show |
Series | [iproute2/net-next] tc: flower: Add support for ct_state reply flag | expand |
On Tue, 2 Feb 2021, Marcelo Ricardo Leitner wrote: > On Tue, Feb 02, 2021 at 02:24:42PM +0200, Paul Blakey wrote: > > Matches on conntrack rpl ct_state. > > > > Example: > > $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \ > > ct_state +trk+est+rpl \ > > action mirred egress redirect dev ens1f0_1 > > $ tc filter add dev ens1f0_1 ingress prio 1 chain 1 proto ip flower \ > > ct_state +trk+est-rpl \ > > action mirred egress redirect dev ens1f0_0 > > > > Signed-off-by: Paul Blakey <paulb@nvidia.com> > > --- > > man/man8/tc-flower.8 | 2 ++ > > tc/f_flower.c | 1 + > > 2 files changed, 3 insertions(+) > > iproute has a header copy, include/uapi/linux/pkt_cls.h. > I think it needs updating as well. > > Marcelo > Hi, Commit 1e6190218050 ("Update kernel headers") from 02/02/2021 updated the headers to include the relevant flag. Thanks, Paul.
On 2/2/21 5:24 AM, Paul Blakey wrote: > Matches on conntrack rpl ct_state. > > Example: > $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \ > ct_state +trk+est+rpl \ > action mirred egress redirect dev ens1f0_1 > $ tc filter add dev ens1f0_1 ingress prio 1 chain 1 proto ip flower \ > ct_state +trk+est-rpl \ > action mirred egress redirect dev ens1f0_0 > > Signed-off-by: Paul Blakey <paulb@nvidia.com> > --- > man/man8/tc-flower.8 | 2 ++ > tc/f_flower.c | 1 + > 2 files changed, 3 insertions(+) > applied to iproute2-next. Thanks
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 index 226d1cc..f7336b6 100644 --- a/man/man8/tc-flower.8 +++ b/man/man8/tc-flower.8 @@ -387,6 +387,8 @@ new - New connection. .TP est - Established connection. .TP +rpl - The packet is in the reply direction, meaning that it is in the opposite direction from the packet that initiated the connection. +.TP inv - The state is invalid. The packet couldn't be associated to a connection. .TP Example: +trk+est diff --git a/tc/f_flower.c b/tc/f_flower.c index 85c1043..53822a9 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -346,6 +346,7 @@ static struct flower_ct_states { { "new", TCA_FLOWER_KEY_CT_FLAGS_NEW }, { "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED }, { "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID }, + { "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY }, }; static int flower_parse_ct_state(char *str, struct nlmsghdr *n)
Matches on conntrack rpl ct_state. Example: $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \ ct_state +trk+est+rpl \ action mirred egress redirect dev ens1f0_1 $ tc filter add dev ens1f0_1 ingress prio 1 chain 1 proto ip flower \ ct_state +trk+est-rpl \ action mirred egress redirect dev ens1f0_0 Signed-off-by: Paul Blakey <paulb@nvidia.com> --- man/man8/tc-flower.8 | 2 ++ tc/f_flower.c | 1 + 2 files changed, 3 insertions(+)