diff options
| author | Florian Westphal <[email protected]> | 2012-07-11 10:56:57 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2012-07-12 07:54:46 -0700 |
| commit | 6d4fa852a023080101f1665ea189dd1844c87fef (patch) | |
| tree | 66d687daf267ae9143e3984b130b3aca6b4869c8 /scripts | |
| parent | fa919833e354b2e62b3c7d26920d1685ddc81eb2 (diff) | |
net: sched: add ipset ematch
Can be used to match packets against netfilter ip sets created via ipset(8).
skb->sk_iif is used as 'incoming interface', skb->dev is 'outgoing interface'.
Since ipset is usually called from netfilter, the ematch
initializes a fake xt_action_param, pulls the ip header into the
linear area and also sets skb->data to the IP header (otherwise
matching Layer 4 set types doesn't work).
Tested-by: Mr Dash Four <[email protected]>
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions