pkt_sched: ingress socket filter by mark
authorjamal <hadi@cyberus.ca>
Mon, 19 Oct 2009 02:17:56 +0000 (02:17 +0000)
committerDavid S. Miller <davem@davemloft.net>
Tue, 20 Oct 2009 06:22:49 +0000 (23:22 -0700)
Allow bpf to set a filter to drop packets that dont
match a specific mark

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/filter.h
net/core/filter.c

index 1354aaf6abbee4350baedc893a003a7e57481fe7..909193e253953709335d344841fdf8315e0fc722 100644 (file)
@@ -123,7 +123,8 @@ struct sock_fprog   /* Required for SO_ATTACH_FILTER. */
 #define SKF_AD_IFINDEX         8
 #define SKF_AD_NLATTR  12
 #define SKF_AD_NLATTR_NEST     16
-#define SKF_AD_MAX     20
+#define SKF_AD_MARK    20
+#define SKF_AD_MAX     24
 #define SKF_NET_OFF   (-0x100000)
 #define SKF_LL_OFF    (-0x200000)
 
index d1d779ca096d6c70c3d556a8ae68a9255785cca0..e3987e1d4839384569e1e618bbaa7b83932ccec0 100644 (file)
@@ -303,6 +303,9 @@ load_b:
                case SKF_AD_IFINDEX:
                        A = skb->dev->ifindex;
                        continue;
+               case SKF_AD_MARK:
+                       A = skb->mark;
+                       continue;
                case SKF_AD_NLATTR: {
                        struct nlattr *nla;