tc: flower: Add support for ct_state reply flag

Matches on conntrack rpl ct_state. Example: $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \ ct_state +trk+est+rpl \ action mirred egress redirect dev ens1f0_1 $ tc filter add dev ens1f0_1 ingress prio 1 chain 1 proto ip flower \ ct_state +trk+est-rpl \ action mirred egress redirect dev ens1f0_0 Signed-off-by: Paul Blakey <paulb@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
2021-02-02 14:24:42 +02:00 · 2021-02-02 14:24:42 +02:00 · 049708a002
parent b8b8b6d4c9
commit 049708a002
2 changed files with 3 additions and 0 deletions
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@ -387,6 +387,8 @@ new - New connection.
 .TP
 est - Established connection.
 .TP
+rpl - The packet is in the reply direction, meaning that it is in the opposite direction from the packet that initiated the connection.
+.TP
 inv - The state is invalid. The packet couldn't be associated to a connection.
 .TP
 Example: +trk+est
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@ -346,6 +346,7 @@ static struct flower_ct_states {
 	{ "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
 	{ "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
 	{ "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
+	{ "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
 };

 static int flower_parse_ct_state(char *str, struct nlmsghdr *n)