On 5/6/2020 5:16 AM, xiangxia.m....@gmail.com wrote:
> From: Tonghao Zhang <xiangxia.m....@gmail.com>
>
> The commit 0a7fcb78cc21 ("net/mlx5e: Support inner header rewrite with
> goto action"), will decapsulate the tunnel packets if there is a goto
> action in chain 0. But in some case, we don't want do that, for example:
>
> $ tc filter add dev $VXLAN protocol ip parent ffff: prio 1 chain 0 \
> flower enc_dst_ip 2.2.2.100 enc_dst_port 4789 \
> action goto chain 2
> $ tc filter add dev $VXLAN protocol ip parent ffff: prio 1 chain 2 \
> flower dst_mac 00:11:22:33:44:55 enc_src_ip 2.2.2.200 \
> enc_dst_ip 2.2.2.100 enc_dst_port 4789 enc_key_id 100 \
> action tunnel_key unset action mirred egress redirect dev enp130s0f0_0
> $ tc filter add dev $VXLAN protocol ip parent ffff: prio 1 chain 2 \
> flower dst_mac 00:11:22:33:44:66 enc_src_ip 2.2.2.200 \
> enc_dst_ip 2.2.2.100 enc_dst_port 4789 enc_key_id 200 \
> action tunnel_key unset action mirred egress redirect dev enp130s0f0_1
Also the workaround for these to be actually offloaded is to use the same tunnel
match in chain 0 as well.
$ tc filter add dev $VXLAN protocol ip parent ffff: prio 1 chain 0 \
flower enc_dst_ip 2.2.2.100 enc_dst_port 4789 \
enc_src_ip 2.2.2.200 enc_dst_ip 2.2.2.100 enc_dst_port 4789 \
enc_key_id 100 \
action goto chain 2
$ tc filter add dev $VXLAN protocol ip parent ffff: prio 1 chain 2 \
flower dst_mac 00:11:22:33:44:55 enc_src_ip 2.2.2.200 \
enc_dst_ip 2.2.2.100 enc_dst_port 4789 enc_key_id 100 \
action tunnel_key unset action mirred egress redirect dev enp130s0f0_0
$ tc filter add dev $VXLAN protocol ip parent ffff: prio 1 chain 2 \
flower dst_mac 00:11:22:33:44:66 enc_src_ip 2.2.2.200 \
enc_dst_ip 2.2.2.100 enc_dst_port 4789 enc_key_id 200 \
action tunnel_key unset action mirred egress redirect dev enp130s0f0_1
or just make chain 2 chain 0 :|
