diff options
| author | Eyal Birger <eyal.birger@gmail.com> | 2018-02-15 20:42:43 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-02-21 21:15:33 +0300 |
| commit | ccc007e4a746bb592d3e72106f00241f81d51410 (patch) | |
| tree | 986ff019562403f85554be3c7eb2f8ed9a635e83 /include/uapi/linux/tc_ematch/tc_em_ipt.h | |
| parent | 022ddbca86ce692518bc1809e2dfe27add669608 (diff) | |
| download | linux-ccc007e4a746bb592d3e72106f00241f81d51410.tar.xz | |
net: sched: add em_ipt ematch for calling xtables matches
The commit a new tc ematch for using netfilter xtable matches.
This allows early classification as well as mirroning/redirecting traffic
based on logic implemented in netfilter extensions.
Current supported use case is classification based on the incoming IPSec
state used during decpsulation using the 'policy' iptables extension
(xt_policy).
The module dynamically fetches the netfilter match module and calls
it using a fake xt_action_param structure based on validated userspace
provided parameters.
As the xt_policy match does not access skb->data, no skb modifications
are needed on match.
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/uapi/linux/tc_ematch/tc_em_ipt.h')
| -rw-r--r-- | include/uapi/linux/tc_ematch/tc_em_ipt.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/include/uapi/linux/tc_ematch/tc_em_ipt.h b/include/uapi/linux/tc_ematch/tc_em_ipt.h new file mode 100644 index 000000000000..49a65530992c --- /dev/null +++ b/include/uapi/linux/tc_ematch/tc_em_ipt.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __LINUX_TC_EM_IPT_H +#define __LINUX_TC_EM_IPT_H + +#include <linux/types.h> +#include <linux/pkt_cls.h> + +enum { + TCA_EM_IPT_UNSPEC, + TCA_EM_IPT_HOOK, + TCA_EM_IPT_MATCH_NAME, + TCA_EM_IPT_MATCH_REVISION, + TCA_EM_IPT_NFPROTO, + TCA_EM_IPT_MATCH_DATA, + __TCA_EM_IPT_MAX +}; + +#define TCA_EM_IPT_MAX (__TCA_EM_IPT_MAX - 1) + +#endif |