On Sun, 28 Jan 2018 19:22:12 -0800
Cong Wang wrote:
> On Fri, Jan 26, 2018 at 11:57 AM, Eyal Birger
> wrote:
> > On Fri, Jan 26, 2018 at 8:50 PM, Pablo Neira Ayuso
> > wrote:
> >> Isn't there a way to reject the use of this from ->change()? ie.
> >> from control plane configuration.
> >
> >
On Fri, Jan 26, 2018 at 11:57 AM, Eyal Birger wrote:
> On Fri, Jan 26, 2018 at 8:50 PM, Pablo Neira Ayuso
> wrote:
>> Isn't there a way to reject the use of this from ->change()? ie. from
>> control plane configuration.
>
> I wasn't able to find a simple way of doing so:
>
> - AFAIU tc filters a
On Fri, Jan 26, 2018 at 8:50 PM, Pablo Neira Ayuso wrote:
> On Fri, Jan 26, 2018 at 06:48:53PM +0200, Eyal Birger wrote:
>> diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c
>> new file mode 100644
>> index 000..2103b30
>> --- /dev/null
>> +++ b/net/sched/em_ipt.c
> [...]
>> +static int em_
On Fri, Jan 26, 2018 at 06:48:53PM +0200, Eyal Birger wrote:
> diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c
> new file mode 100644
> index 000..2103b30
> --- /dev/null
> +++ b/net/sched/em_ipt.c
[...]
> +static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em,
> +
From: Eyal Birger
This module allows performing tc classification based on data structures
and implementations provided by netfilter extensions.
Example use case is classification based on the incoming IPSec policy used
during decpsulation using the 'policy' iptables extension (xt_policy).
Only
