Commit 7e75f93e authored by jamal's avatar jamal Committed by David S. Miller

pkt_sched: ingress socket filter by mark

Allow bpf to set a filter to drop packets that dont
match a specific mark
Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7c734359
...@@ -123,7 +123,8 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */ ...@@ -123,7 +123,8 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */
#define SKF_AD_IFINDEX 8 #define SKF_AD_IFINDEX 8
#define SKF_AD_NLATTR 12 #define SKF_AD_NLATTR 12
#define SKF_AD_NLATTR_NEST 16 #define SKF_AD_NLATTR_NEST 16
#define SKF_AD_MAX 20 #define SKF_AD_MARK 20
#define SKF_AD_MAX 24
#define SKF_NET_OFF (-0x100000) #define SKF_NET_OFF (-0x100000)
#define SKF_LL_OFF (-0x200000) #define SKF_LL_OFF (-0x200000)
......
...@@ -303,6 +303,9 @@ unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int ...@@ -303,6 +303,9 @@ unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int
case SKF_AD_IFINDEX: case SKF_AD_IFINDEX:
A = skb->dev->ifindex; A = skb->dev->ifindex;
continue; continue;
case SKF_AD_MARK:
A = skb->mark;
continue;
case SKF_AD_NLATTR: { case SKF_AD_NLATTR: {
struct nlattr *nla; struct nlattr *nla;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment