From: wenxu <we...@ucloud.cn>
TC flower doesn't support some ct state flags such as
INVALID/SNAT/DNAT/REPLY. So it is better to reject this rule.
Signed-off-by: wenxu <we...@ucloud.cn>
---
lib/netdev-offload-tc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c
index 586d99d..7cdd849 100644
--- a/lib/netdev-offload-tc.c
+++ b/lib/netdev-offload-tc.c
@@ -1646,6 +1646,7 @@ netdev_tc_flow_put(struct netdev *netdev, struct match
*match,
flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_NEW;
}
flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_NEW;
+ mask->ct_state &= ~OVS_CS_F_NEW;
}
if (mask->ct_state & OVS_CS_F_ESTABLISHED) {
@@ -1653,6 +1654,7 @@ netdev_tc_flow_put(struct netdev *netdev, struct match
*match,
flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
}
flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
+ mask->ct_state &= ~OVS_CS_F_ESTABLISHED;
}
if (mask->ct_state & OVS_CS_F_TRACKED) {
@@ -1660,14 +1662,13 @@ netdev_tc_flow_put(struct netdev *netdev, struct match
*match,
flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
}
flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
+ mask->ct_state &= ~OVS_CS_F_TRACKED;
}
if (flower.key.ct_state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED) {
flower.key.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
flower.mask.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
}
-
- mask->ct_state = 0;
}
if (mask->ct_zone) {
--
1.8.3.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
