• Hangbin Liu's avatar
    net: sched: act_mirred: Reset ct info when mirror/redirect skb · d09c548d
    Hangbin Liu authored
    When mirror/redirect a skb to a different port, the ct info should be reset
    for reclassification. Or the pkts will match unexpected rules. For example,
    with following topology and commands:
    
        -----------
                  |
           veth0 -+-------
                  |
           veth1 -+-------
                  |
       ------------
    
     tc qdisc add dev veth0 clsact
     # The same with "action mirred egress mirror dev veth1" or "action mirred ingress redirect dev veth1"
     tc filter add dev veth0 egress chain 1 protocol ip flower ct_state +trk action mirred ingress mirror dev veth1
     tc filter add dev veth0 egress chain 0 protocol ip flower ct_state -inv action ct commit action goto chain 1
     tc qdisc add dev veth1 clsact
     tc filter add dev veth1 ingress chain 0 protocol ip flower ct_state +trk action drop
    
     ping <remove ip via veth0> &
     tc -s filter show dev veth1 ingress
    
    With command 'tc -s filter show', we can find the pkts were dropped on
    veth1.
    
    Fixes: b57dc7c1 ("net/sched: Introduce action ct")
    Signed-off-by: default avatarRoi Dayan <roid@nvidia.com>
    Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    d09c548d
act_mirred.c 12.3 KB