ietf-access-control list doesn't seem to support matching on 802.1q, we might need to augment matching.
Note for netlink: In the SW datapath, the indicated protocol matches on the outermost EtherType. If the packet is VLAN tagged, the protocol value needs to be 802.1q, not ip, even if IP is what is inside the VLAN tag. Matching on the inner IP is then done through flower vlan_ethtype key. This is unlike the HW datapath, where both protocol ip and protocol 802.1q would match.
ietf-access-control list doesn't seem to support matching on 802.1q, we might need to augment matching.
Note for netlink: In the SW datapath, the indicated protocol matches on the outermost EtherType. If the packet is VLAN tagged, the protocol value needs to be 802.1q, not ip, even if IP is what is inside the VLAN tag. Matching on the inner IP is then done through flower vlan_ethtype key. This is unlike the HW datapath, where both protocol ip and protocol 802.1q would match.