diff options
| author | Florian Westphal <fw@strlen.de> | 2012-07-11 06:56:57 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-07-12 10:54:46 -0400 |
| commit | 6d4fa852a023080101f1665ea189dd1844c87fef (patch) | |
| tree | 66d687daf267ae9143e3984b130b3aca6b4869c8 /net/sched/Kconfig | |
| parent | fa919833e354b2e62b3c7d26920d1685ddc81eb2 (diff) | |
net: sched: add ipset ematch
Can be used to match packets against netfilter ip sets created via ipset(8).
skb->sk_iif is used as 'incoming interface', skb->dev is 'outgoing interface'.
Since ipset is usually called from netfilter, the ematch
initializes a fake xt_action_param, pulls the ip header into the
linear area and also sets skb->data to the IP header (otherwise
matching Layer 4 set types doesn't work).
Tested-by: Mr Dash Four <mr.dash.four@googlemail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched/Kconfig')
| -rw-r--r-- | net/sched/Kconfig | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/net/sched/Kconfig b/net/sched/Kconfig index 4a5d2bd4f789..62fb51face8a 100644 --- a/net/sched/Kconfig +++ b/net/sched/Kconfig | |||
| @@ -517,6 +517,16 @@ config NET_EMATCH_CANID | |||
| 517 | To compile this code as a module, choose M here: the | 517 | To compile this code as a module, choose M here: the |
| 518 | module will be called em_canid. | 518 | module will be called em_canid. |
| 519 | 519 | ||
| 520 | config NET_EMATCH_IPSET | ||
| 521 | tristate "IPset" | ||
| 522 | depends on NET_EMATCH && IP_SET | ||
| 523 | ---help--- | ||
| 524 | Say Y here if you want to be able to classify packets based on | ||
| 525 | ipset membership. | ||
| 526 | |||
| 527 | To compile this code as a module, choose M here: the | ||
| 528 | module will be called em_ipset. | ||
| 529 | |||
| 520 | config NET_CLS_ACT | 530 | config NET_CLS_ACT |
| 521 | bool "Actions" | 531 | bool "Actions" |
| 522 | ---help--- | 532 | ---help--- |