From: wenxu <wenxu@ucloud.cn>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: fw@strlen.de, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next v3 5/9] netfilter: nft_tunnel: support NFT_TUNNEL_SRC/DST_IP match
Date: Wed, 14 Aug 2019 16:28:43 +0800 [thread overview]
Message-ID: <5690e59a-1e03-1463-a876-c592949ceb64@ucloud.cn> (raw)
In-Reply-To: <20190814081915.xnogz4ktan6siowo@salvia>
On 8/14/2019 4:19 PM, Pablo Neira Ayuso wrote:
> On Wed, Aug 14, 2019 at 10:00:37AM +0200, Pablo Neira Ayuso wrote:
> [...]
>>>>> @@ -86,6 +110,8 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx,
>>>>> len = sizeof(u8);
>>>>> break;
>>>>> case NFT_TUNNEL_ID:
>>>>> + case NFT_TUNNEL_SRC_IP:
>>>>> + case NFT_TUNNEL_DST_IP:
>>>> Missing policy updates, ie. nft_tunnel_key_policy.
>>> I don't understand why it need update nft_tunnel_key_policy
>>> which is used for tunnel_obj action. This NFT_TUNNEL_SRC/DST_IP is used
>>> for tunnel_expr
>> It seems there is no policy object for _get_eval(), add it.
> There is. It is actually nft_tunnel_policy.
nft_tunnel_policy contain a NFTA_TUNNEL_KEY
NFTA_TUNNEL_KEY support NFT_TUNNEL_ID, NFT_TUNNEL_SRC/DST_IP
I think the NFTA_TUNNEL_KEY means a match key which can be tun_id, tun_src, tun_dst
next prev parent reply other threads:[~2019-08-14 8:28 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-01 14:01 [PATCH nf-next v3 0/9] netfilter: nf_tables_offload: support more expr and obj offload wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 1/9] netfilter: nf_flow_offload: add net in offload_ctx wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 2/9] netfilter: nf_tables_offload: add offload_actions callback wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 3/9] netfilter: nft_fwd_netdev: add fw_netdev action support wenxu
2019-08-07 12:15 ` kbuild test robot
2019-08-08 6:06 ` wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 4/9] netfilter: nft_payload: add nft_set_payload offload support wenxu
2019-08-07 12:18 ` kbuild test robot
2019-08-08 6:07 ` wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 5/9] netfilter: nft_tunnel: support NFT_TUNNEL_SRC/DST_IP match wenxu
2019-08-13 18:19 ` Pablo Neira Ayuso
2019-08-14 7:54 ` wenxu
2019-08-14 8:00 ` Pablo Neira Ayuso
2019-08-14 8:19 ` Pablo Neira Ayuso
2019-08-14 8:28 ` wenxu [this message]
2019-08-14 9:17 ` Pablo Neira Ayuso
2019-08-14 8:22 ` wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 6/9] netfilter: nft_tunnel: support tunnel meta match offload wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 7/9] netfilter: nft_tunnel: add NFTA_TUNNEL_KEY_RELEASE action wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 8/9] netfilter: nft_objref: add nft_objref_type offload wenxu
2019-08-01 14:01 ` [PATCH nf-next v3 9/9] netfilter: nft_tunnel: support nft_tunnel_obj offload wenxu
2019-08-13 10:58 ` [PATCH nf-next v3 0/9] netfilter: nf_tables_offload: support more expr and obj offload wenxu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5690e59a-1e03-1463-a876-c592949ceb64@ucloud.cn \
--to=wenxu@ucloud.cn \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).