From: Eyal Birger <e...@metanetworks.com>
The following patchset introduces a new tc ematch for matching IPSec
traffic from a tc context.
This allows early classification as well as mirroning/redirecting IPSec
traffic based on decapsulation criteria.
The matching functionality is based on the netfilter xt_policy match, and
shares code and data structures.
Eyal Birger (2):
net: netfilter: export xt_policy match_policy_in() as
xt_policy_match_policy_in()
net: sched: add xfrm policy ematch
include/net/netfilter/xt_policy.h | 12 ++++
include/uapi/linux/pkt_cls.h | 3 +-
net/netfilter/xt_policy.c | 18 +++---
net/sched/Kconfig | 10 ++++
net/sched/Makefile | 1 +
net/sched/em_policy.c | 117 ++++++++++++++++++++++++++++++++++++++
6 files changed, 152 insertions(+), 9 deletions(-)
create mode 100644 include/net/netfilter/xt_policy.h
create mode 100644 net/sched/em_policy.c
--
2.7.4
