On Fri, Jan 12, 2018 at 02:57:24PM +0200, Eyal Birger wrote:
> @@ -51,9 +52,9 @@ match_xfrm_state(const struct xfrm_state *x, const struct
> xt_policy_elem *e,
> MATCH(reqid, x->props.reqid);
> }
>
> -static int
> -match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info,
> - unsigned short family)
> +int xt_policy_match_policy_in(const struct sk_buff *skb,
> + const struct xt_policy_info *info,
> + unsigned short family)
> {
> const struct xt_policy_elem *e;
> const struct sec_path *sp = skb->sp;
> @@ -80,10 +81,11 @@ match_policy_in(const struct sk_buff *skb, const struct
> xt_policy_info *info,
>
> return strict ? 1 : 0;
> }
> +EXPORT_SYMBOL_GPL(xt_policy_match_policy_in);
If you just want to call xt_policy_match from tc, then you could use
tc ipt infrastructure instead.
