From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eyal Birger <eyal.birger@gmail.com>
Subject: [PATCH net-next 0/2] net: sched: Introduce em_policy ematch
Date: Fri, 12 Jan 2018 14:57:23 +0200
Message-ID: <1515761845-31323-1-git-send-email-eyal.birger@gmail.com>
Cc: coreteam@netfilter.org, shmulik@metanetworks.com,
        Eyal Birger <eyal@metanetworks.com>
To: netdev@vger.kernel.org, pablo@netfilter.org, jhs@mojatatu.com
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-wr0-f196.google.com ([209.85.128.196]:38681 "EHLO
        mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933428AbeALM6A (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 12 Jan 2018 07:58:00 -0500
Received: by mail-wr0-f196.google.com with SMTP id x1so1061838wrb.5
        for <netdev@vger.kernel.org>; Fri, 12 Jan 2018 04:57:59 -0800 (PST)
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Eyal Birger <eyal@metanetworks.com>

The following patchset introduces a new tc ematch for matching IPSec
traffic from a tc context.

This allows early classification as well as mirroning/redirecting IPSec
traffic based on decapsulation criteria.

The matching functionality is based on the netfilter xt_policy match, and
shares code and data structures.

Eyal Birger (2):
  net: netfilter: export xt_policy match_policy_in() as
    xt_policy_match_policy_in()
  net: sched: add xfrm policy ematch

 include/net/netfilter/xt_policy.h |  12 ++++
 include/uapi/linux/pkt_cls.h      |   3 +-
 net/netfilter/xt_policy.c         |  18 +++---
 net/sched/Kconfig                 |  10 ++++
 net/sched/Makefile                |   1 +
 net/sched/em_policy.c             | 117 ++++++++++++++++++++++++++++++++++++++
 6 files changed, 152 insertions(+), 9 deletions(-)
 create mode 100644 include/net/netfilter/xt_policy.h
 create mode 100644 net/sched/em_policy.c

-- 
2.7.4