From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eyal Birger <eyal.birger@gmail.com>
Subject: [PATCH net-next,v2 0/2] net: sched: introduce em_ipt ematch
Date: Fri, 26 Jan 2018 18:48:51 +0200
Message-ID: <1516985333-5156-1-git-send-email-eyal.birger@gmail.com>
Cc: shmulik@metanetworks.com, Eyal Birger <eyal@metanetworks.com>
To: davem@davemloft.net, jhs@mojatatu.com, xiyou.wangcong@gmail.com,
        netdev@vger.kernel.org, pablo@netfilter.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-wm0-f66.google.com ([74.125.82.66]:52839 "EHLO
        mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751559AbeAZQt2 (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 26 Jan 2018 11:49:28 -0500
Received: by mail-wm0-f66.google.com with SMTP id g1so2509323wmg.2
        for <netdev@vger.kernel.org>; Fri, 26 Jan 2018 08:49:27 -0800 (PST)
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Eyal Birger <eyal@metanetworks.com>

The following patchset introduces a new tc ematch for matching using
netfilter matches.

This allows early classification as well as mirroning/redirecting traffic
based on logic implemented in netfilter extensions.

Example use case is classification based on the incoming IPSec policy used
during decpsulation using the 'policy' iptables extension (xt_policy).

This patchset is an enhancement of a former series ([1]) which allowed only
policy matching following a suggestion by Pablo Neira Ayuso ([2]).

[1] https://patchwork.ozlabs.org/cover/859887/
[2] https://patchwork.ozlabs.org/patch/859888/

v2:
  Remove skb push/pull and limit functionality to ingress

Eyal Birger (2):
  net: sched: ematch: pass protocol to ematch 'change()' handlers
  net: sched: add em_ipt ematch for calling xtables matches

 include/net/pkt_cls.h                    |   2 +-
 include/uapi/linux/pkt_cls.h             |   3 +-
 include/uapi/linux/tc_ematch/tc_em_ipt.h |  19 +++
 net/sched/Kconfig                        |  10 ++
 net/sched/Makefile                       |   1 +
 net/sched/em_canid.c                     |   4 +-
 net/sched/em_ipset.c                     |   4 +-
 net/sched/em_ipt.c                       | 244 +++++++++++++++++++++++++++++++
 net/sched/em_meta.c                      |   2 +-
 net/sched/em_nbyte.c                     |   4 +-
 net/sched/em_text.c                      |   2 +-
 net/sched/ematch.c                       |   3 +-
 12 files changed, 287 insertions(+), 11 deletions(-)
 create mode 100644 include/uapi/linux/tc_ematch/tc_em_ipt.h
 create mode 100644 net/sched/em_ipt.c

-- 
2.7.4