From: Ariel Levkovich <lariel@nvidia.com>
To: <netdev@vger.kernel.org>
Cc: Ariel Levkovich <lariel@nvidia.com>, Jiri Pirko <jiri@nvidia.com>
Subject: [PATCH iproute2-next 1/2] tc: f_flower: Add option to match on related ct state
Date: Fri, 21 May 2021 20:07:06 +0300 [thread overview]
Message-ID: <20210521170707.704274-2-lariel@nvidia.com> (raw)
In-Reply-To: <20210521170707.704274-1-lariel@nvidia.com>
Add support for matching on ct_state flag related.
The related state indicates a packet is associated with an existing
connection.
Example:
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
ct_state -est-rel+trk \
action mirred egress redirect dev ens1f0_1
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
ct_state +rel+trk \
action mirred egress redirect dev ens1f0_1
Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
---
man/man8/tc-flower.8 | 2 ++
tc/f_flower.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index f7336b62..4541d937 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -391,6 +391,8 @@ rpl - The packet is in the reply direction, meaning that it is in the opposite d
.TP
inv - The state is invalid. The packet couldn't be associated to a connection.
.TP
+rel - The packet is related to an existing connection.
+.TP
Example: +trk+est
.RE
.TP
diff --git a/tc/f_flower.c b/tc/f_flower.c
index 53822a95..29db2e23 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -94,7 +94,7 @@ static void explain(void)
" LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
" FILTERID := X:Y:Z\n"
" MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
- " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n"
+ " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n"
" ACTION-SPEC := ... look at individual actions\n"
"\n"
"NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
@@ -345,6 +345,7 @@ static struct flower_ct_states {
{ "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
{ "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
{ "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
+ { "rel", TCA_FLOWER_KEY_CT_FLAGS_RELATED },
{ "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
{ "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
};
--
2.25.2
next prev parent reply other threads:[~2021-05-21 17:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 17:07 [PATCH iproute2-next 0/2] tc: Add missing ct_state flags Ariel Levkovich
2021-05-21 17:07 ` Ariel Levkovich [this message]
2021-05-21 17:07 ` [PATCH iproute2-next 2/2] tc: f_flower: Add missing ct_state flags to usage description Ariel Levkovich
2021-05-27 14:40 ` [PATCH iproute2-next 0/2] tc: Add missing ct_state flags David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210521170707.704274-2-lariel@nvidia.com \
--to=lariel@nvidia.com \
--cc=jiri@nvidia.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.