On 2/4/21 3:50 AM, [email protected] wrote:
> From: wenxu <[email protected]>
>
> TC flower doesn't support some ct state flags such as
> INVALID/SNAT/DNAT/REPLY. So it is better to reject this rule.
>
Fixes: 576126a931cd ("netdev-offload-tc: Add conntrack support")
> Signed-off-by: wenxu <[email protected]>
> ---
> lib/netdev-offload-tc.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
This version loogs good to me.
Marcelo, Paul, what do you think?
>
> diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c
> index 586d99d..7cdd849 100644
> --- a/lib/netdev-offload-tc.c
> +++ b/lib/netdev-offload-tc.c
> @@ -1646,6 +1646,7 @@ netdev_tc_flow_put(struct netdev *netdev, struct match
> *match,
> flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_NEW;
> }
> flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_NEW;
> + mask->ct_state &= ~OVS_CS_F_NEW;
> }
>
> if (mask->ct_state & OVS_CS_F_ESTABLISHED) {
> @@ -1653,6 +1654,7 @@ netdev_tc_flow_put(struct netdev *netdev, struct match
> *match,
> flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
> }
> flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
> + mask->ct_state &= ~OVS_CS_F_ESTABLISHED;
> }
>
> if (mask->ct_state & OVS_CS_F_TRACKED) {
> @@ -1660,14 +1662,13 @@ netdev_tc_flow_put(struct netdev *netdev, struct
> match *match,
> flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
> }
> flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
> + mask->ct_state &= ~OVS_CS_F_TRACKED;
> }
>
> if (flower.key.ct_state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED) {
> flower.key.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
> flower.mask.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
> }
> -
> - mask->ct_state = 0;
> }
>
> if (mask->ct_zone) {
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
