Hi Team, I have a question regarding tc filter behavior. I tried to look for the answer over the web and netdev FAQ but didn't get the answer. Hence I'm looking for your help.
I added ingress qdisc for interface enp0s25 and then configured the tc filter as shown below, but after adding filters I realize that rule is reflected as a result of both ingress and egress filter command? Is this the expected behaviour? or a bug? Why should the same filter be reflected in both ingress and egress path? I understand that policy is always configured for ingress traffic, so I believe that filters should not be reflected with egress. Behaviour is same when I offloaded ovs flow to the tc software datapath. Please advise or redirect me to the right channel if this is not the right place for this question. Below are the executed tc commands: tc qdisc add dev enp0s25 ingress tc -g qdisc show dev enp0s25 qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5.0ms interval 100.0ms memory_limit 32Mb ecn qdisc ingress ffff: parent ffff:fff1 ---------------- tc filter add dev enp0s25 protocol ip parent ffff: prio 1 flower dst_ip 192.168.1.1/0.0.0.0 ip_proto tcp skip_hw action drop tc filter show dev enp0s25 ingress filter parent ffff: protocol ip pref 1 flower chain 0 filter parent ffff: protocol ip pref 1 flower chain 0 handle 0x1 eth_type ipv4 ip_proto tcp skip_hw not_in_hw action order 1: gact action drop random type none pass val 0 index 1 ref 1 bind 1 tc filter show dev enp0s25 egress (Shows duplicate flows as above) filter parent ffff: protocol ip pref 1 flower chain 0 filter parent ffff: protocol ip pref 1 flower chain 0 handle 0x1 eth_type ipv4 ip_proto tcp skip_hw not_in_hw action order 1: gact action drop random type none pass val 0 index 1 ref 1 bind 1 Thanks Satish
