Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID

On Mon, 23 Apr 2018 22:08:44 +0200 Florian Westphal wrote: > Ahmed Abdelsalam wrote: > > > > @@ -50,6 +62,12 @@ struct ip6t_srh { > > > > __u8segs_left; > > > > __u8last_entry; > > > > __u16

Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID

Ahmed Abdelsalam wrote: > > > @@ -50,6 +62,12 @@ struct ip6t_srh { > > > __u8segs_left; > > > __u8last_entry; > > > __u16 tag; > > > + struct in6_addr psid_addr; > > > + struct in6_addr nsid_addr;

Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID

On Mon, 23 Apr 2018 19:30:47 +0200 Pablo Neira Ayuso wrote: > On Mon, Apr 23, 2018 at 05:48:22AM -0500, Ahmed Abdelsalam wrote: > > Signed-off-by: Ahmed Abdelsalam > > --- > > include/uapi/linux/netfilter_ipv6/ip6t_srh.h | 22 +-- > >

Re: [nf-next] netfilter: extend SRH match to support matching previous, next and last SID

On Mon, Apr 23, 2018 at 05:48:22AM -0500, Ahmed Abdelsalam wrote: > IPv6 Segment Routing Header (SRH) contains a list of SIDs to be crossed by > SR encapsulated packet. Each SID is encoded as an IPv6 prefix. > > When a Firewall receives an SR encapsulated packet, it should be able to > identify

[nf-next] netfilter: extend SRH match to support matching previous, next and last SID

IPv6 Segment Routing Header (SRH) contains a list of SIDs to be crossed by SR encapsulated packet. Each SID is encoded as an IPv6 prefix. When a Firewall receives an SR encapsulated packet, it should be able to identify which node previously processed the packet (previous SID), which node is