]> git.ipfire.org Git - thirdparty/iptables.git/commit
projects / thirdparty / iptables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1cc84d4) | patch
xtables: SET target: Add mapping of meta informations (skbinfo ipset extension)
authorAnton Danilov <littlesmilingcloud@gmail.com>
Tue, 2 Sep 2014 10:15:53 +0000 (14:15 +0400)
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Sun, 14 Sep 2014 18:17:32 +0000 (20:17 +0200)
commit6d9ae2952a440b4ff28e86df6d18b53caa7ecd94
treed250695fb21b2d77883a6b69d2fc295656b81f43tree
parent1cc84d47766ad74be8609477d3496544848b75b1commit | diff
xtables: SET target: Add mapping of meta informations (skbinfo ipset extension)

This feature add support of mapping metainformation to packets like nftables maps or
ipfw tables. Currently we can map firewall mark, tc priority and hardware NIC queue.
Usage of this functionality allowed only from mangle table. We can map tc priority
only in OUTPUT/FORWARD/POSTROUTING chains because it rewrite by route decision.
If entry doesn't exist in the set nothing of fields changed.

Example of classify by destination address:
iptables -t mangle -A POSTROUTING -o eth0 -j SET --map-set DST2CLASS dst --map-prio

Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
extensions/libxt_SET.c diff | blob | blame | history
extensions/libxt_SET.man diff | blob | blame | history
include/linux/netfilter/ipset/ip_set.h diff | blob | blame | history
include/linux/netfilter/xt_set.h diff | blob | blame | history
Mirror of git://git.netfilter.org/iptables