On Thu, Jan 17, 2019 at 3:34 PM Tonghao Zhang <xiangxia.m....@gmail.com> wrote: > On Thu, Jan 17, 2019 at 8:58 PM Or Gerlitz <gerlitz...@gmail.com> wrote: > > On Thu, Jan 17, 2019 at 11:28 AM <xiangxia.m....@gmail.com> wrote: > > > From: Tonghao Zhang <xiangxia.m....@gmail.com>
> with this patch, run the command [2], we will not get err log, > and the filter work in hw. This whole thing is done for a reason which is the inability of the current HW to adjust checksum/crc for few L3 protocols. Such adjustment is needed if you modify some fields of L3 headers, e.g re-write src/dst IP address. > We should consider ip_proto == 0, in some case, we only > modify dest ip or src ip. we can't let it go without clear matching on the ip protocol, as I explained above. With my proposed patch you will be able to NAT much more protocols (all of them expect for three, and we're working to reduce that), but you still need a tc rule per ip proto
