* [PATCH]: ingress socket filter by mark
@ 2009-10-19 12:17 jamal
0 siblings, 0 replies; only message in thread
From: jamal @ 2009-10-19 12:17 UTC (permalink / raw)
To: David Miller, netdev; +Cc: Eric Dumazet, Maciej Żenczykowski
[-- Attachment #1: Type: text/plain, Size: 70 bytes --]
apps can specify mark that they want to accept/reject.
cheers,
jamal
[-- Attachment #2: filt-sock-m-3 --]
[-- Type: text/plain, Size: 1099 bytes --]
commit ec187e3028db866161b881c5ac9eeea4e9bb0f1f
Author: Jamal Hadi Salim <hadi@cyberus.ca>
Date: Mon Oct 19 08:12:46 2009 -0400
[PATCH]: ingress socket filter by mark
Allow bpf to set a filter to drop packets that dont
match a specific mark
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 1354aaf..909193e 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -123,7 +123,8 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */
#define SKF_AD_IFINDEX 8
#define SKF_AD_NLATTR 12
#define SKF_AD_NLATTR_NEST 16
-#define SKF_AD_MAX 20
+#define SKF_AD_MARK 20
+#define SKF_AD_MAX 24
#define SKF_NET_OFF (-0x100000)
#define SKF_LL_OFF (-0x200000)
diff --git a/net/core/filter.c b/net/core/filter.c
index d1d779c..e3987e1 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -303,6 +303,9 @@ load_b:
case SKF_AD_IFINDEX:
A = skb->dev->ifindex;
continue;
+ case SKF_AD_MARK:
+ A = skb->mark;
+ continue;
case SKF_AD_NLATTR: {
struct nlattr *nla;
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2009-10-19 12:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-19 12:17 [PATCH]: ingress socket filter by mark jamal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox