nfp: flower: refactor function "is_post_ct_flow"

'ct_clear' action only or no ct action is supported for 'post_ct_flow'.
But in scenario of multiple ct zones, one non 'ct_clear' ct action or
more ct actions, including 'ct_clear action', may be present in one flow
rule. If ct state match key is 'ct_established', the flow rule is still
expected to be classified as 'post_ct_flow'. Check ct status first in
function "is_post_ct_flow" to achieve this.
Signed-off-by: Wentao Jia <wentao.jia@corigine.com>
Acked-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

drivers/net/ethernet/netronome/nfp/flower/conntrack.c

@@ -94,6 +94,11 @@ bool is_post_ct_flow(struct flow_cls_offload *flow)
 	struct flow_match_ct ct;
 	int i;
 
+	if (dissector->used_keys & BIT(FLOW_DISSECTOR_KEY_CT)) {
+		flow_rule_match_ct(rule, &ct);
+		if (ct.key->ct_state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED)
+			return true;
+	} else {
 		/* post ct entry cannot contains any ct action except ct_clear. */
 		flow_action_for_each(i, act, &flow->rule->action) {
 			if (act->id == FLOW_ACTION_CT) {
@@ -106,12 +111,6 @@ bool is_post_ct_flow(struct flow_cls_offload *flow)
 				return false;
 			}
 		}
-
-	if (dissector->used_keys & BIT(FLOW_DISSECTOR_KEY_CT)) {
-		flow_rule_match_ct(rule, &ct);
-		if (ct.key->ct_state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED)
-			return true;
-	} else {
 		/* when do nat with ct, the post ct entry ignore the ct status,
 		 * will match the nat field(sip/dip) instead. In this situation,
 		 * the flow chain index is not zero and contains ct clear action.