* [PATCH iproute2-next 1/2] tc: f_flower: Add option to match on related ct state
2021-05-21 17:07 [PATCH iproute2-next 0/2] tc: Add missing ct_state flags Ariel Levkovich
@ 2021-05-21 17:07 ` Ariel Levkovich
2021-05-21 17:07 ` [PATCH iproute2-next 2/2] tc: f_flower: Add missing ct_state flags to usage description Ariel Levkovich
2021-05-27 14:40 ` [PATCH iproute2-next 0/2] tc: Add missing ct_state flags David Ahern
2 siblings, 0 replies; 4+ messages in thread
From: Ariel Levkovich @ 2021-05-21 17:07 UTC (permalink / raw)
To: netdev; +Cc: Ariel Levkovich, Jiri Pirko
Add support for matching on ct_state flag related.
The related state indicates a packet is associated with an existing
connection.
Example:
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
ct_state -est-rel+trk \
action mirred egress redirect dev ens1f0_1
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
ct_state +rel+trk \
action mirred egress redirect dev ens1f0_1
Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
---
man/man8/tc-flower.8 | 2 ++
tc/f_flower.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index f7336b62..4541d937 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -391,6 +391,8 @@ rpl - The packet is in the reply direction, meaning that it is in the opposite d
.TP
inv - The state is invalid. The packet couldn't be associated to a connection.
.TP
+rel - The packet is related to an existing connection.
+.TP
Example: +trk+est
.RE
.TP
diff --git a/tc/f_flower.c b/tc/f_flower.c
index 53822a95..29db2e23 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -94,7 +94,7 @@ static void explain(void)
" LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
" FILTERID := X:Y:Z\n"
" MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
- " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n"
+ " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n"
" ACTION-SPEC := ... look at individual actions\n"
"\n"
"NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
@@ -345,6 +345,7 @@ static struct flower_ct_states {
{ "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
{ "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
{ "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
+ { "rel", TCA_FLOWER_KEY_CT_FLAGS_RELATED },
{ "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
{ "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
};
--
2.25.2
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH iproute2-next 2/2] tc: f_flower: Add missing ct_state flags to usage description
2021-05-21 17:07 [PATCH iproute2-next 0/2] tc: Add missing ct_state flags Ariel Levkovich
2021-05-21 17:07 ` [PATCH iproute2-next 1/2] tc: f_flower: Add option to match on related ct state Ariel Levkovich
@ 2021-05-21 17:07 ` Ariel Levkovich
2021-05-27 14:40 ` [PATCH iproute2-next 0/2] tc: Add missing ct_state flags David Ahern
2 siblings, 0 replies; 4+ messages in thread
From: Ariel Levkovich @ 2021-05-21 17:07 UTC (permalink / raw)
To: netdev; +Cc: Ariel Levkovich, Jiri Pirko
Add ct_state flags rpl and inv to the commands usage
description
Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
---
tc/f_flower.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tc/f_flower.c b/tc/f_flower.c
index 29db2e23..c5af0276 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -94,7 +94,7 @@ static void explain(void)
" LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
" FILTERID := X:Y:Z\n"
" MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
- " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n"
+ " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel,rpl,inv\n"
" ACTION-SPEC := ... look at individual actions\n"
"\n"
"NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
--
2.25.2
^ permalink raw reply related [flat|nested] 4+ messages in thread