|
|
8792a8 |
From d9bcc70051d23c62cc802a356dc7e4324398765e Mon Sep 17 00:00:00 2001
|
|
|
8792a8 |
Message-Id: <d9bcc70051d23c62cc802a356dc7e4324398765e.1624894546.git.aclaudi@redhat.com>
|
|
|
8792a8 |
From: Andrea Claudi <aclaudi@redhat.com>
|
|
|
8792a8 |
Date: Mon, 28 Jun 2021 15:22:17 +0200
|
|
|
8792a8 |
Subject: [PATCH] tc: f_flower: Add option to match on related ct state
|
|
|
8792a8 |
|
|
|
8792a8 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1957243
|
|
|
8792a8 |
Upstream Status: unknown commit 7fda6c58
|
|
|
8792a8 |
|
|
|
8792a8 |
commit 7fda6c588a295ad381fdf0b9b9971169b2f9d9dc
|
|
|
8792a8 |
Author: Ariel Levkovich <lariel@nvidia.com>
|
|
|
8792a8 |
Date: Fri May 21 20:07:06 2021 +0300
|
|
|
8792a8 |
|
|
|
8792a8 |
tc: f_flower: Add option to match on related ct state
|
|
|
8792a8 |
|
|
|
8792a8 |
Add support for matching on ct_state flag related.
|
|
|
8792a8 |
The related state indicates a packet is associated with an existing
|
|
|
8792a8 |
connection.
|
|
|
8792a8 |
|
|
|
8792a8 |
Example:
|
|
|
8792a8 |
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
|
|
|
8792a8 |
ct_state -est-rel+trk \
|
|
|
8792a8 |
action mirred egress redirect dev ens1f0_1
|
|
|
8792a8 |
|
|
|
8792a8 |
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
|
|
|
8792a8 |
ct_state +rel+trk \
|
|
|
8792a8 |
action mirred egress redirect dev ens1f0_1
|
|
|
8792a8 |
|
|
|
8792a8 |
Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
|
|
|
8792a8 |
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
8792a8 |
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
|
8792a8 |
---
|
|
|
8792a8 |
man/man8/tc-flower.8 | 2 ++
|
|
|
8792a8 |
tc/f_flower.c | 3 ++-
|
|
|
8792a8 |
2 files changed, 4 insertions(+), 1 deletion(-)
|
|
|
8792a8 |
|
|
|
8792a8 |
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
|
|
|
8792a8 |
index f7336b62..4541d937 100644
|
|
|
8792a8 |
--- a/man/man8/tc-flower.8
|
|
|
8792a8 |
+++ b/man/man8/tc-flower.8
|
|
|
8792a8 |
@@ -391,6 +391,8 @@ rpl - The packet is in the reply direction, meaning that it is in the opposite d
|
|
|
8792a8 |
.TP
|
|
|
8792a8 |
inv - The state is invalid. The packet couldn't be associated to a connection.
|
|
|
8792a8 |
.TP
|
|
|
8792a8 |
+rel - The packet is related to an existing connection.
|
|
|
8792a8 |
+.TP
|
|
|
8792a8 |
Example: +trk+est
|
|
|
8792a8 |
.RE
|
|
|
8792a8 |
.TP
|
|
|
8792a8 |
diff --git a/tc/f_flower.c b/tc/f_flower.c
|
|
|
8792a8 |
index 53822a95..29db2e23 100644
|
|
|
8792a8 |
--- a/tc/f_flower.c
|
|
|
8792a8 |
+++ b/tc/f_flower.c
|
|
|
8792a8 |
@@ -94,7 +94,7 @@ static void explain(void)
|
|
|
8792a8 |
" LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
|
|
|
8792a8 |
" FILTERID := X:Y:Z\n"
|
|
|
8792a8 |
" MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
|
|
|
8792a8 |
- " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n"
|
|
|
8792a8 |
+ " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n"
|
|
|
8792a8 |
" ACTION-SPEC := ... look at individual actions\n"
|
|
|
8792a8 |
"\n"
|
|
|
8792a8 |
"NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
|
|
|
8792a8 |
@@ -345,6 +345,7 @@ static struct flower_ct_states {
|
|
|
8792a8 |
{ "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
|
|
|
8792a8 |
{ "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
|
|
|
8792a8 |
{ "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
|
|
|
8792a8 |
+ { "rel", TCA_FLOWER_KEY_CT_FLAGS_RELATED },
|
|
|
8792a8 |
{ "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
|
|
|
8792a8 |
{ "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
|
|
|
8792a8 |
};
|
|
|
8792a8 |
--
|
|
|
8792a8 |
2.31.1
|
|
|
8792a8 |
|