On Wed, Aug 14, 2019 at 10:00:37AM +0200, Pablo Neira Ayuso wrote: [...] > > >> @@ -86,6 +110,8 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx, > > >> len = sizeof(u8); > > >> break; > > >> case NFT_TUNNEL_ID: > > >> + case NFT_TUNNEL_SRC_IP: > > >> + case NFT_TUNNEL_DST_IP: > > > Missing policy updates, ie. nft_tunnel_key_policy. > > > > I don't understand why it need update nft_tunnel_key_policy > > which is used for tunnel_obj action. This NFT_TUNNEL_SRC/DST_IP is used > > for tunnel_expr > > It seems there is no policy object for _get_eval(), add it. There is. It is actually nft_tunnel_policy.
