From d9bcc70051d23c62cc802a356dc7e4324398765e Mon Sep 17 00:00:00 2001
Message-Id: <d9bcc70051d23c62cc802a356dc7e4324398765e.1624894546.git.aclaudi@redhat.com>
From: Andrea Claudi <aclaudi@redhat.com>
Date: Mon, 28 Jun 2021 15:22:17 +0200
Subject: [PATCH] tc: f_flower: Add option to match on related ct state

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1957243
Upstream Status: unknown commit 7fda6c58

commit 7fda6c588a295ad381fdf0b9b9971169b2f9d9dc
Author: Ariel Levkovich <lariel@nvidia.com>
Date:   Fri May 21 20:07:06 2021 +0300

    tc: f_flower: Add option to match on related ct state

    Add support for matching on ct_state flag related.
    The related state indicates a packet is associated with an existing
    connection.

    Example:
    $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
      ct_state -est-rel+trk \
      action mirred egress redirect dev ens1f0_1

    $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
      ct_state +rel+trk \
      action mirred egress redirect dev ens1f0_1

    Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
    Reviewed-by: Jiri Pirko <jiri@nvidia.com>
    Signed-off-by: David Ahern <dsahern@kernel.org>
---
 man/man8/tc-flower.8 | 2 ++
 tc/f_flower.c        | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index f7336b62..4541d937 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -391,6 +391,8 @@ rpl - The packet is in the reply direction, meaning that it is in the opposite d
 .TP
 inv - The state is invalid. The packet couldn't be associated to a connection.
 .TP
+rel - The packet is related to an existing connection.
+.TP
 Example: +trk+est
 .RE
 .TP
diff --git a/tc/f_flower.c b/tc/f_flower.c
index 53822a95..29db2e23 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -94,7 +94,7 @@ static void explain(void)
 		"	LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
 		"	FILTERID := X:Y:Z\n"
 		"	MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
-		"	MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n"
+		"	MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n"
 		"	ACTION-SPEC := ... look at individual actions\n"
 		"\n"
 		"NOTE:	CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
@@ -345,6 +345,7 @@ static struct flower_ct_states {
 	{ "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
 	{ "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
 	{ "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
+	{ "rel", TCA_FLOWER_KEY_CT_FLAGS_RELATED },
 	{ "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
 	{ "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
 };
-- 
2.31.1