From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
To: netdev@vger.kernel.org
Cc: roopa@cumulusnetworks.com, pablo@netfilter.org,
xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us,
jhs@mojatatu.com, eyal.birger@gmail.com,
Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Subject: [PATCH net-next 0/5] em_ipt: add support for addrtype
Date: Wed, 26 Jun 2019 14:58:50 +0300 [thread overview]
Message-ID: <20190626115855.13241-1-nikolay@cumulusnetworks.com> (raw)
Hi,
We would like to be able to use the addrtype from tc for ACL rules and
em_ipt seems the best place to add support for the already existing xt
match. The biggest issue is that addrtype revision 1 (with ipv6 support)
is NFPROTO_UNSPEC and currently em_ipt can't differentiate between v4/v6
if such xt match is used because it passes the match's family instead of
the user-specified one. The first 4 patches make em_ipt match only on IP
traffic (currently both policy and addrtype recognize such traffic
only) and make it pass the actual packet's protocol instead of the xt
match family. They also add support for NFPROTO_UNSPEC xt matches.
The last patch allows to add addrtype rules via em_ipt.
Thank you,
Nikolay Aleksandrov
Nikolay Aleksandrov (5):
net: sched: em_ipt: match only on ip/ipv6 traffic
net: sched: em_ipt: set the family based on the protocol when matching
net: sched: em_ipt: restrict matching to the respective protocol
net: sched: em_ipt: keep the user-specified nfproto and use it
net: sched: em_ipt: add support for addrtype matching
net/sched/em_ipt.c | 52 ++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 50 insertions(+), 2 deletions(-)
--
2.20.1
next reply other threads:[~2019-06-26 12:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-26 11:58 Nikolay Aleksandrov [this message]
2019-06-26 11:58 ` [PATCH net-next 1/5] net: sched: em_ipt: match only on ip/ipv6 traffic Nikolay Aleksandrov
2019-06-26 11:58 ` [PATCH net-next 2/5] net: sched: em_ipt: set the family based on the protocol when matching Nikolay Aleksandrov
2019-06-26 13:33 ` Eyal Birger
2019-06-26 13:45 ` Nikolay Aleksandrov
2019-06-26 16:22 ` Eyal Birger
2019-06-26 16:38 ` nikolay
2019-06-26 11:58 ` [PATCH net-next 3/5] net: sched: em_ipt: restrict matching to the respective protocol Nikolay Aleksandrov
2019-06-26 11:58 ` [PATCH net-next 4/5] net: sched: em_ipt: keep the user-specified nfproto and use it Nikolay Aleksandrov
2019-06-26 11:58 ` [PATCH net-next 5/5] net: sched: em_ipt: add support for addrtype matching Nikolay Aleksandrov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190626115855.13241-1-nikolay@cumulusnetworks.com \
--to=nikolay@cumulusnetworks.com \
--cc=davem@davemloft.net \
--cc=eyal.birger@gmail.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=roopa@cumulusnetworks.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).