net: sched: add ipset ematch
Can be used to match packets against netfilter ip sets created via ipset(8). skb->sk_iif is used as 'incoming interface', skb->dev is 'outgoing interface'. Since ipset is usually called from netfilter, the ematch initializes a fake xt_action_param, pulls the ip header into the linear area and also sets skb->data to the IP header (otherwise matching Layer 4 set types doesn't work). Tested-by: Mr Dash Four <mr.dash.four@googlemail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Florian Westphal
committed by
David S. Miller
David S. Miller
parent
fa919833e3
commit
6d4fa852a0
@@ -453,7 +453,8 @@ enum {
|
||||
#define TCF_EM_TEXT 5
|
||||
#define TCF_EM_VLAN 6
|
||||
#define TCF_EM_CANID 7
|
||||
#define TCF_EM_MAX 7
|
||||
#define TCF_EM_IPSET 8
|
||||
#define TCF_EM_MAX 8
|
||||
|
||||
enum {
|
||||
TCF_EM_PROG_TC
|
||||
|
||||
Reference in New Issue
Block a user