Mr Dash Four <mr.dash.four@xxxxxxxxxxxxxx> wrote: [ CC'd Jozsef ] > To build my traffic shaping policies, I currently use tc statements like: > > tc filter add dev ifb0 protocol ip parent be:0 prio 10 u32 match ip > src 10.1.1.1/24 match ip dst 10.2.1.1/24 match ip protocol 6 ... > > This, although quick and "efficient" causes a great deal of > inconvenience for me, as when combined with the use of ipsets I have > to synchronise the (possible) contents of these sets with the above > tc statements in order to build my traffic shaping policies. So, my > question to the TC devs/contributors is very simple: would it be > possible to bring ipset into tc? > In other words, to have tc ipset matching on src, destination, > protocol etc, instead of specifying hard-coded values like > "10.1.1.1/24", "10.2.1.1/24" and "protocol 6" in the example I used > above. > > If that is not possible, what are the obstacles in implementing > this? If it is indeed possible to implement this, are there any > plans to do so, has the implementation already started (do you need > any volunteers :-) )? Many thanks in advance! If you're really desperate you could try http://git.breakpoint.cc/gitweb/?p=fw/nf-next.git;a=shortlog;h=refs/heads/em_ipset_3 userspace counterpart at: http://git.breakpoint.cc/gitweb/?p=fw/iproute2.git;a=shortlog;h=refs/heads/em_ipset_3 But beware. This code is more than 6 months old; I never got around to actually test it on a live system. Its also bit of a hack since ip_set_test() assumes its called from netfilter (the ematch passes in a fake xt_action_param ...) I've rebased it on the current tree and it should at least compile with recent kernels. Its an ematch, so something like tc filter add dev ifb0 protocol ip parent be:0 prio 10 basic match \ ipset'(foo src)' and ipset'(bar dst)'... might work for you (or ipset'(foo src,dst)' if you have src/dst pairs in single set). Thanks, Florian -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
