From patchwork Mon Oct 19 12:17:56 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: jamal X-Patchwork-Id: 36372 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id EEF3DB7088 for ; Mon, 19 Oct 2009 23:21:15 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755894AbZJSMVA (ORCPT ); Mon, 19 Oct 2009 08:21:00 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755699AbZJSMVA (ORCPT ); Mon, 19 Oct 2009 08:21:00 -0400 Received: from mail-px0-f179.google.com ([209.85.216.179]:38664 "EHLO mail-px0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755182AbZJSMU7 (ORCPT ); Mon, 19 Oct 2009 08:20:59 -0400 Received: by pxi9 with SMTP id 9so1072541pxi.4 for ; Mon, 19 Oct 2009 05:21:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:subject:from:reply-to :to:cc:content-type:date:message-id:mime-version:x-mailer; bh=rAw0hgtakC9ZtjnQbSbGEOENdMNnk0RNglHvWZ1zStM=; b=pt16//vFIghFVPOg+4LvhTgfthFBQ9JBEk1pLw3Q9VbdclnUhVtYfkkU+VVANaiNUc 2atDDR7jBvdN+BDGex4VA4+4wGuAOkfuFapKHLJL80Bgqe+PeSVn24x128nVIxJQris5 4ilVWdCfNsqF8r0ImjK5BI6Tp6CoHQZFVIEvg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:subject:from:reply-to:to:cc:content-type:date:message-id :mime-version:x-mailer; b=WM1TYvjSSpTqFefVf/VAG31MHN3YigY7ayF5gjPVVYaC0e82uTu9jzG5feWj3bVoV+ kjz0l86z/RS1VEevg8pW6tvo6fGmrEeHjBvONn8ywJquUJjYWrmXVkpIW+koIKH+V/xI giVH185oEcHUFbhEjjjk+uzzl6yfNrtfN5pQg= Received: by 10.115.99.4 with SMTP id b4mr6112754wam.88.1255954864221; Mon, 19 Oct 2009 05:21:04 -0700 (PDT) Received: from ?10.0.0.31? (CPE0030ab124d2f-CM001bd7a7f1a0.cpe.net.cable.rogers.com [99.240.75.67]) by mx.google.com with ESMTPS id 20sm444488pzk.5.2009.10.19.05.21.02 (version=SSLv3 cipher=RC4-MD5); Mon, 19 Oct 2009 05:21:03 -0700 (PDT) Subject: [PATCH]: ingress socket filter by mark From: jamal Reply-To: hadi@cyberus.ca To: David Miller , netdev@vger.kernel.org Cc: Eric Dumazet , Maciej =?UTF-8?Q?=C5=BBenczykowski?= Date: Mon, 19 Oct 2009 08:17:56 -0400 Message-Id: <1255954676.21059.7.camel@dogo.mojatatu.com> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org apps can specify mark that they want to accept/reject. cheers, jamal commit ec187e3028db866161b881c5ac9eeea4e9bb0f1f Author: Jamal Hadi Salim Date: Mon Oct 19 08:12:46 2009 -0400 [PATCH]: ingress socket filter by mark Allow bpf to set a filter to drop packets that dont match a specific mark Signed-off-by: Jamal Hadi Salim diff --git a/include/linux/filter.h b/include/linux/filter.h index 1354aaf..909193e 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -123,7 +123,8 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */ #define SKF_AD_IFINDEX 8 #define SKF_AD_NLATTR 12 #define SKF_AD_NLATTR_NEST 16 -#define SKF_AD_MAX 20 +#define SKF_AD_MARK 20 +#define SKF_AD_MAX 24 #define SKF_NET_OFF (-0x100000) #define SKF_LL_OFF (-0x200000) diff --git a/net/core/filter.c b/net/core/filter.c index d1d779c..e3987e1 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -303,6 +303,9 @@ load_b: case SKF_AD_IFINDEX: A = skb->dev->ifindex; continue; + case SKF_AD_MARK: + A = skb->mark; + continue; case SKF_AD_NLATTR: { struct nlattr *nla;