From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mr Dash Four <mr.dash.four@googlemail.com>
Subject: Re: [ANNOUNCE] ipset 6.12 released
Date: Fri, 11 May 2012 23:58:05 +0100
Message-ID: <4FAD997D.8060104@googlemail.com>
References: <alpine.DEB.2.00.1205101211080.18562@blackhole.kfki.hu> <alpine.LNX.2.01.1205101238020.20012@frira.vanv.qr> <alpine.DEB.2.00.1205101316470.18862@blackhole.kfki.hu> <alpine.LNX.2.01.1205101327310.12733@frira.vanv.qr> <alpine.DEB.2.00.1205101337160.19028@blackhole.kfki.hu> <CAMQP0sn=2jKYzoiUVu+oTRYj-niL84Lg2Z1UoO0UnFXJjV8Ggw@mail.gmail.com> <CAMQP0s=uSzOn-o7jwKLyhTaZud4d04hMN=JXrCQLrFD+6Zinkw@mail.gmail.com> <alpine.DEB.2.00.1205101724370.19418@blackhole.kfki.hu> <CAMQP0sm+_8FytQxQHCgk44DVesxMycYQbMW9z+XR0-09NniT9Q@mail.gmail.com> <CAMQP0snnXgGCJqN1iuN+y9_rgpa7HMrRuM0akhCa-NtxmBz_QA@mail.gmail.com> <CAMQP0s=DvvYL9SKURz2nm9WuWHQEXBQv9UEQ487GQMwhqa_rgg@mail.gmail.com> <4FAC3A87.3010500@googlemail.com> <CAMQP0smebRtU8zpjYZTP0EKmOHS=Ncn+iShbcZQdBHnH7ed4bw@mail.gmail.com> <4FAD09FC.30
 707@googlemail.com> <alpine.DEB.2.00.1205112138580.22653@blackhole.kfki.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Neutron Soutmun <neo.neutron@gmail.com>,
	netfilter-devel@vger.kernel.org
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Return-path: <netfilter-devel-owner@vger.kernel.org>
Received: from mail-we0-f174.google.com ([74.125.82.174]:55141 "EHLO
	mail-we0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S964841Ab2EKW6N (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Fri, 11 May 2012 18:58:13 -0400
Received: by weyu7 with SMTP id u7so685668wey.19
        for <netfilter-devel@vger.kernel.org>; Fri, 11 May 2012 15:58:12 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.00.1205112138580.22653@blackhole.kfki.hu>
Sender: netfilter-devel-owner@vger.kernel.org
List-ID: <netfilter-devel.vger.kernel.org>


>> I don't suppose you are working on ways to include ipset targets in tc 
>> by any chance, are you? *hopeful look*
>>     
>
> Nothing required, all iptables targets are supported by tc.
>   
I meant ipsets themselves. In other words, instead of:

tc filter add dev ifb0 protocol ip parent be:0 prio 10 u32 match ip src 
10.1.1.1/24 match ip dst 10.2.1.1/24 match ip protocol 6 ...

to have  ipset matching on src, destination, protocol etc instead of 
specifying hard-coded values, like "10.1.1.1/24", "10.2.1.1/24" and 
"protocol 6" in the above example.

To my knowledge, that isn't yet possible or have I missed something?