diff options
| author | Florian Westphal <fw@strlen.de> | 2012-07-11 06:56:57 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-07-12 10:54:46 -0400 |
| commit | 6d4fa852a023080101f1665ea189dd1844c87fef (patch) | |
| tree | 66d687daf267ae9143e3984b130b3aca6b4869c8 /include | |
| parent | fa919833e354b2e62b3c7d26920d1685ddc81eb2 (diff) | |
net: sched: add ipset ematch
Can be used to match packets against netfilter ip sets created via ipset(8).
skb->sk_iif is used as 'incoming interface', skb->dev is 'outgoing interface'.
Since ipset is usually called from netfilter, the ematch
initializes a fake xt_action_param, pulls the ip header into the
linear area and also sets skb->data to the IP header (otherwise
matching Layer 4 set types doesn't work).
Tested-by: Mr Dash Four <mr.dash.four@googlemail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/pkt_cls.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h index 38fbd4bc20ab..082eafaf026b 100644 --- a/include/linux/pkt_cls.h +++ b/include/linux/pkt_cls.h | |||
| @@ -453,7 +453,8 @@ enum { | |||
| 453 | #define TCF_EM_TEXT 5 | 453 | #define TCF_EM_TEXT 5 |
| 454 | #define TCF_EM_VLAN 6 | 454 | #define TCF_EM_VLAN 6 |
| 455 | #define TCF_EM_CANID 7 | 455 | #define TCF_EM_CANID 7 |
| 456 | #define TCF_EM_MAX 7 | 456 | #define TCF_EM_IPSET 8 |
| 457 | #define TCF_EM_MAX 8 | ||
| 457 | 458 | ||
| 458 | enum { | 459 | enum { |
| 459 | TCF_EM_PROG_TC | 460 | TCF_EM_PROG_TC |