diff mbox

: ingress socket filter by mark

Message ID 1255954676.21059.7.camel@dogo.mojatatu.com
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

jamal Oct. 19, 2009, 12:17 p.m. UTC 
apps can specify mark that they want to accept/reject.

cheers,
jamal
commit ec187e3028db866161b881c5ac9eeea4e9bb0f1f
Author: Jamal Hadi Salim <hadi@cyberus.ca>
Date:   Mon Oct 19 08:12:46 2009 -0400

    [PATCH]: ingress socket filter by mark
    
    Allow bpf to set a filter to drop packets that dont
    match a specific mark
    
    Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
diff mbox

Patch

diff --git a/include/linux/filter.h b/include/linux/filter.h
index 1354aaf..909193e 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -123,7 +123,8 @@  struct sock_fprog	/* Required for SO_ATTACH_FILTER. */
 #define SKF_AD_IFINDEX 	8
 #define SKF_AD_NLATTR	12
 #define SKF_AD_NLATTR_NEST	16
-#define SKF_AD_MAX	20
+#define SKF_AD_MARK 	20
+#define SKF_AD_MAX	24
 #define SKF_NET_OFF   (-0x100000)
 #define SKF_LL_OFF    (-0x200000)
 
diff --git a/net/core/filter.c b/net/core/filter.c
index d1d779c..e3987e1 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -303,6 +303,9 @@  load_b:
 		case SKF_AD_IFINDEX:
 			A = skb->dev->ifindex;
 			continue;
+		case SKF_AD_MARK:
+			A = skb->mark;
+			continue;
 		case SKF_AD_NLATTR: {
 			struct nlattr *nla;