Matches on conntrack rpl ct_state.
Example:
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
ct_state +trk+est+rpl \
action mirred egress redirect dev ens1f0_1
$ tc filter add dev ens1f0_1 ingress prio 1 chain 1 proto ip flower \
ct_state +trk+est-rpl \
action mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey <pa...@nvidia.com>
---
man/man8/tc-flower.8 | 2 ++
tc/f_flower.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index 226d1cc..f7336b6 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -387,6 +387,8 @@ new - New connection.
.TP
est - Established connection.
.TP
+rpl - The packet is in the reply direction, meaning that it is in the opposite
direction from the packet that initiated the connection.
+.TP
inv - The state is invalid. The packet couldn't be associated to a connection.
.TP
Example: +trk+est
diff --git a/tc/f_flower.c b/tc/f_flower.c
index 85c1043..53822a9 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -346,6 +346,7 @@ static struct flower_ct_states {
{ "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
{ "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
{ "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
+ { "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
};
static int flower_parse_ct_state(char *str, struct nlmsghdr *n)
--
1.8.3.1
