tc: f_flower: Add option to match on related ct state

Add support for matching on ct_state flag related.
The related state indicates a packet is associated with an existing
connection.

Example:
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
  ct_state -est-rel+trk \
  action mirred egress redirect dev ens1f0_1

$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
  ct_state +rel+trk \
  action mirred egress redirect dev ens1f0_1

Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index f7336b62ca1dcd39420731a138fb2c4cb2020cc9..4541d937268411a3e573a994ad21771e3b858311 100644 (file)
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -391,6 +391,8 @@ rpl - The packet is in the reply direction, meaning that it is in the opposite d
 .TP
 inv - The state is invalid. The packet couldn't be associated to a connection.
 .TP
+rel - The packet is related to an existing connection.
+.TP
 Example: +trk+est
 .RE
 .TP

diff --git a/tc/f_flower.c b/tc/f_flower.c
index 53822a954c9e4534cb46eda389a3c08809ecba7c..29db2e23f47f63a8ed7bd9f20809e7826d7642d2 100644 (file)
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -94,7 +94,7 @@ static void explain(void)
                "       LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
                "       FILTERID := X:Y:Z\n"
                "       MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
-               "       MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n"
+               "       MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n"
                "       ACTION-SPEC := ... look at individual actions\n"
                "\n"
                "NOTE:  CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
@@ -345,6 +345,7 @@ static struct flower_ct_states {
        { "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
        { "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
        { "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
+       { "rel", TCA_FLOWER_KEY_CT_FLAGS_RELATED },
        { "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
        { "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
 };