From 049708a002960e89f13002d06b3c378ae7ecacb3 Mon Sep 17 00:00:00 2001 From: Paul Blakey Date: Tue, 2 Feb 2021 14:24:42 +0200 Subject: [PATCH] tc: flower: Add support for ct_state reply flag Matches on conntrack rpl ct_state. Example: $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \ ct_state +trk+est+rpl \ action mirred egress redirect dev ens1f0_1 $ tc filter add dev ens1f0_1 ingress prio 1 chain 1 proto ip flower \ ct_state +trk+est-rpl \ action mirred egress redirect dev ens1f0_0 Signed-off-by: Paul Blakey Signed-off-by: David Ahern --- man/man8/tc-flower.8 | 2 ++ tc/f_flower.c | 1 + 2 files changed, 3 insertions(+) diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 index 226d1cc65..f7336b62c 100644 --- a/man/man8/tc-flower.8 +++ b/man/man8/tc-flower.8 @@ -387,6 +387,8 @@ new - New connection. .TP est - Established connection. .TP +rpl - The packet is in the reply direction, meaning that it is in the opposite direction from the packet that initiated the connection. +.TP inv - The state is invalid. The packet couldn't be associated to a connection. .TP Example: +trk+est diff --git a/tc/f_flower.c b/tc/f_flower.c index 85c1043a7..53822a954 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -346,6 +346,7 @@ static struct flower_ct_states { { "new", TCA_FLOWER_KEY_CT_FLAGS_NEW }, { "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED }, { "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID }, + { "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY }, }; static int flower_parse_ct_state(char *str, struct nlmsghdr *n) -- 2.47.2