Hi, We would like to be able to use the addrtype from tc for ACL rules and em_ipt seems the best place to add support for the already existing xt match. The biggest issue is that addrtype revision 1 (with ipv6 support) is NFPROTO_UNSPEC and currently em_ipt can't differentiate between v4/v6 if such xt match is used because it passes the match's family instead of the user-specified one. The first 4 patches make em_ipt match only on IP traffic (currently both policy and addrtype recognize such traffic only) and make it pass the actual packet's protocol instead of the xt match family. They also add support for NFPROTO_UNSPEC xt matches. The last patch allows to add addrtype rules via em_ipt.
Thank you, Nikolay Aleksandrov Nikolay Aleksandrov (5): net: sched: em_ipt: match only on ip/ipv6 traffic net: sched: em_ipt: set the family based on the protocol when matching net: sched: em_ipt: restrict matching to the respective protocol net: sched: em_ipt: keep the user-specified nfproto and use it net: sched: em_ipt: add support for addrtype matching net/sched/em_ipt.c | 52 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) -- 2.20.1
