• E
    net: sched: add em_ipt ematch for calling xtables matches · ccc007e4
    Eyal Birger 提交于
    The commit a new tc ematch for using netfilter xtable matches.
    
    This allows early classification as well as mirroning/redirecting traffic
    based on logic implemented in netfilter extensions.
    
    Current supported use case is classification based on the incoming IPSec
    state used during decpsulation using the 'policy' iptables extension
    (xt_policy).
    
    The module dynamically fetches the netfilter match module and calls
    it using a fake xt_action_param structure based on validated userspace
    provided parameters.
    
    As the xt_policy match does not access skb->data, no skb modifications
    are needed on match.
    Signed-off-by: NEyal Birger <eyal.birger@gmail.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    ccc007e4
pkt_cls.h 11.7 KB