On Wed, Apr 25, 2018 at 05:30:24AM -0500, Ahmed Abdelsalam wrote: > IPv6 Segment Routing Header (SRH) contains a list of SIDs to be crossed > by SR encapsulated packet. Each SID is encoded as an IPv6 prefix. > > When a Firewall receives an SR encapsulated packet, it should be able > to identify which node previously processed the packet (previous SID), > which node is going to process the packet next (next SID), and which > node is the last to process the packet (last SID) which represent the > final destination of the packet in case of inline SR mode. > > An example use-case of using these features could be SID list that > includes two firewalls. When the second firewall receives a packet, > it can check whether the packet has been processed by the first firewall > or not. Based on that check, it decides to apply all rules, apply just > subset of the rules, or totally skip all rules and forward the packet to > the next SID. > > This patch extends SRH match to support matching previous SID, next SID, > and last SID. Applied, thanks Ahmed. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
