On Wed, Aug 14, 2019 at 04:28:43PM +0800, wenxu wrote: > > On 8/14/2019 4:19 PM, Pablo Neira Ayuso wrote: > > On Wed, Aug 14, 2019 at 10:00:37AM +0200, Pablo Neira Ayuso wrote: > > [...] > >>>>> @@ -86,6 +110,8 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx, > >>>>> len = sizeof(u8); > >>>>> break; > >>>>> case NFT_TUNNEL_ID: > >>>>> + case NFT_TUNNEL_SRC_IP: > >>>>> + case NFT_TUNNEL_DST_IP: > >>>> Missing policy updates, ie. nft_tunnel_key_policy. > >>> I don't understand why it need update nft_tunnel_key_policy > >>> which is used for tunnel_obj action. This NFT_TUNNEL_SRC/DST_IP is used > >>> for tunnel_expr > >> It seems there is no policy object for _get_eval(), add it. > > There is. It is actually nft_tunnel_policy. > > nft_tunnel_policy contain a NFTA_TUNNEL_KEY > > NFTA_TUNNEL_KEY support NFT_TUNNEL_ID, NFT_TUNNEL_SRC/DST_IP > > I think the NFTA_TUNNEL_KEY means a match key which can be tun_id, tun_src, tun_dst Correct.
