On Wed, Aug 14, 2019 at 04:28:43PM +0800, wenxu wrote:
> 
> On 8/14/2019 4:19 PM, Pablo Neira Ayuso wrote:
> > On Wed, Aug 14, 2019 at 10:00:37AM +0200, Pablo Neira Ayuso wrote:
> > [...]
> >>>>> @@ -86,6 +110,8 @@ static int nft_tunnel_get_init(const struct nft_ctx 
> >>>>> *ctx,
> >>>>>                 len = sizeof(u8);
> >>>>>                 break;
> >>>>>         case NFT_TUNNEL_ID:
> >>>>> +       case NFT_TUNNEL_SRC_IP:
> >>>>> +       case NFT_TUNNEL_DST_IP:
> >>>> Missing policy updates, ie. nft_tunnel_key_policy.
> >>> I don't understand why it need update nft_tunnel_key_policy
> >>> which is used for tunnel_obj action. This NFT_TUNNEL_SRC/DST_IP is used
> >>> for tunnel_expr
> >> It seems there is no policy object for _get_eval(), add it.
> > There is. It is actually nft_tunnel_policy.
> 
> nft_tunnel_policy contain a NFTA_TUNNEL_KEY
> 
> NFTA_TUNNEL_KEY support NFT_TUNNEL_ID, NFT_TUNNEL_SRC/DST_IP
> 
> I think the NFTA_TUNNEL_KEY  means a match key which can be tun_id, tun_src, 
> tun_dst

Correct.

Reply via email to