mirror_iproute2

proxmox-mirrors/mirror_iproute2

Fork 0

mirror of https://git.proxmox.com/git/mirror_iproute2 synced 2025-08-13 12:54:43 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Stephen Hemminger	69df9bf981	tc: fix spelling errors Minor spelling errors found by codespell Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>	2019-08-12 18:18:51 -07:00
Roi Dayan	17504be81d	tc: Fix compilation error with old iptables The compat_rev field does not exists in old versions of iptables. e.g. iptables 1.4. Fixes: `dd29621578` ("tc: add em_ipt ematch for calling xtables matches from tc matching context") Signed-off-by: Roi Dayan <roid@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>	2018-03-27 06:38:52 -07:00
Eyal Birger	dd29621578	tc: add em_ipt ematch for calling xtables matches from tc matching context The commit calls a new tc ematch for using netfilter xtable matches. This allows early classification as well as mirroning/redirecting traffic based on logic implemented in netfilter extensions. Current supported use case is classification based on the incoming IPSec state used during decpsulation using the 'policy' iptables extension (xt_policy). The matcher uses libxtables for parsing the input parameters. Example use for matching an IPSec state with reqid 1: tc qdisc add dev eth0 ingress tc filter add dev eth0 protocol ip parent ffff: \ basic match 'ipt(-m policy --dir in --pol ipsec --reqid 1)' \ action drop This is the user-space counter part of kernel commit ccc007e4a746 ("net: sched: add em_ipt ematch for calling xtables matches") Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Signed-off-by: David Ahern <dsahern@gmail.com>	2018-02-27 09:43:16 -08:00

Stephen Hemminger

69df9bf981

tc: fix spelling errors

Minor spelling errors found by codespell

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

2019-08-12 18:18:51 -07:00

Roi Dayan

17504be81d

tc: Fix compilation error with old iptables

The compat_rev field does not exists in old versions of iptables.
e.g. iptables 1.4.

Fixes: dd29621578 ("tc: add em_ipt ematch for calling xtables matches from tc matching context")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>

2018-03-27 06:38:52 -07:00

Eyal Birger

dd29621578

tc: add em_ipt ematch for calling xtables matches from tc matching context

The commit calls a new tc ematch for using netfilter xtable matches.

This allows early classification as well as mirroning/redirecting traffic
based on logic implemented in netfilter extensions.

Current supported use case is classification based on the incoming IPSec
state used during decpsulation using the 'policy' iptables extension
(xt_policy).

The matcher uses libxtables for parsing the input parameters.

Example use for matching an IPSec state with reqid 1:

tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ip parent ffff: \
    basic match 'ipt(-m policy --dir in --pol ipsec --reqid 1)' \
    action drop

This is the user-space counter part of kernel commit ccc007e4a746
("net: sched: add em_ipt ematch for calling xtables matches")

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>

2018-02-27 09:43:16 -08:00

3 Commits