On Thu, Feb 04, 2021 at 03:34:41PM +0100, Ilya Maximets wrote:
> On 2/4/21 3:50 AM, we...@ucloud.cn wrote:
> > From: wenxu <we...@ucloud.cn>
> >
> > TC flower doesn't support some ct state flags such as
> > INVALID/SNAT/DNAT/REPLY. So it is better to reject this rule.
> >
>
> Fixes: 576126a931cd ("netdev-offload-tc: Add conntrack support")
>
> > Signed-off-by: wenxu <we...@ucloud.cn>
> > ---
> > lib/netdev-offload-tc.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
>
> This version loogs good to me.
> Marcelo, Paul, what do you think?
+1
Reviewed-by: Marcelo Ricardo Leitner <mleit...@redhat.com>
...
> > @@ -1660,14 +1662,13 @@ netdev_tc_flow_put(struct netdev *netdev, struct
> > match *match,
> > flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
> > }
> > flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
> > + mask->ct_state &= ~OVS_CS_F_TRACKED;
> > }
> >
> > if (flower.key.ct_state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED) {
> > flower.key.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
> > flower.mask.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
> > }
Btw, this check is probably useless as validate_ct_state() already does:
if (state & CS_NEW && state & CS_ESTABLISHED) {
ds_put_format(ds, "%s: invalid connection state: "
"\"new\" and \"est\" are mutually exclusive\n",
And it would be wrong if it was effective. The translation shouldn't
be saying which flag has preference.
> > -
> > - mask->ct_state = 0;
> > }
> >
> > if (mask->ct_zone) {
> >
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
