Re: [PATCH net-next 2/2] net: sched: add em_ipt ematch for calling xtables matches

2018-01-25 Thread Eyal Birger
On Thu, Jan 25, 2018 at 2:00 AM, Pablo Neira Ayuso wrote: > On Wed, Jan 24, 2018 at 04:37:16PM -0500, David Miller wrote: >> From: Eyal Birger >> Date: Tue, 23 Jan 2018 11:17:32 +0200 >> >> > + network_offset = skb_network_offset(skb); >> > +

Re: [PATCH net-next 2/2] net: sched: add em_ipt ematch for calling xtables matches

2018-01-24 Thread Pablo Neira Ayuso
On Wed, Jan 24, 2018 at 04:37:16PM -0500, David Miller wrote: > From: Eyal Birger > Date: Tue, 23 Jan 2018 11:17:32 +0200 > > > + network_offset = skb_network_offset(skb); > > + skb_pull(skb, network_offset); > > + > > + rcu_read_lock(); > > + > > + if

Re: [PATCH net-next 2/2] net: sched: add em_ipt ematch for calling xtables matches

2018-01-24 Thread David Miller
From: Eyal Birger Date: Tue, 23 Jan 2018 11:17:32 +0200 > + network_offset = skb_network_offset(skb); > + skb_pull(skb, network_offset); > + > + rcu_read_lock(); > + > + if (skb->skb_iif) > + indev = dev_get_by_index_rcu(em->net, skb->skb_iif);

Re: [PATCH net-next 2/2] net: sched: add em_ipt ematch for calling xtables matches

2018-01-23 Thread Pablo Neira Ayuso
On Tue, Jan 23, 2018 at 11:17:32AM +0200, Eyal Birger wrote: > From: Eyal Birger > > This module allows performing tc classification based on data structures > and implementations provided by netfilter extensions. > > Example use case is classification based on the

[PATCH net-next 2/2] net: sched: add em_ipt ematch for calling xtables matches

2018-01-23 Thread Eyal Birger
From: Eyal Birger This module allows performing tc classification based on data structures and implementations provided by netfilter extensions. Example use case is classification based on the incoming IPSec policy used during decpsulation using the 'policy' iptables