lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jan 2018 11:17:30 +0200 From: Eyal Birger <eyal.birger@...il.com> To: jhs@...atatu.com, xiyou.wangcong@...il.com, davem@...emloft.net, netdev@...r.kernel.org, pablo@...filter.org Cc: shmulik@...anetworks.com, Eyal Birger <eyal@...anetworks.com> Subject: [PATCH net-next 0/2] net: sched: introduce em_ipt ematch From: Eyal Birger <eyal@...anetworks.com> The following patchset introduces a new tc ematch for matching using netfilter matches. This allows early classification as well as mirroning/redirecting traffic based on logic implemented in netfilter extensions. Example use case is classification based on the incoming IPSec policy used during decpsulation using the 'policy' iptables extension (xt_policy). This patchset is an enhancement of a former series ([1]) which allowed only policy matching following a suggestion by Pablo Neira Ayuso ([2]). [1] https://patchwork.ozlabs.org/cover/859887/ [2] https://patchwork.ozlabs.org/patch/859888/ Eyal Birger (2): net: sched: ematch: pass protocol to ematch 'change()' handlers net: sched: add em_ipt ematch for calling xtables matches include/net/pkt_cls.h | 2 +- include/uapi/linux/pkt_cls.h | 3 +- include/uapi/linux/tc_ematch/tc_em_ipt.h | 19 +++ net/sched/Kconfig | 10 ++ net/sched/Makefile | 1 + net/sched/em_canid.c | 4 +- net/sched/em_ipset.c | 4 +- net/sched/em_ipt.c | 244 +++++++++++++++++++++++++++++++ net/sched/em_meta.c | 2 +- net/sched/em_nbyte.c | 4 +- net/sched/em_text.c | 2 +- net/sched/ematch.c | 3 +- 12 files changed, 287 insertions(+), 11 deletions(-) create mode 100644 include/uapi/linux/tc_ematch/tc_em_ipt.h create mode 100644 net/sched/em_ipt.c -- 2.7.4
Powered by blists - more mailing lists