pkt_sched: ingress socket filter by mark

Allow bpf to set a filter to drop packets that dont match a specific mark Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
mariux64 · Oct 20, 2009 · 7e75f93 · 7e75f93
1 parent 7c73435
commit 7e75f93
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/include/linux/filter.h b/include/linux/filter.h
@@ -123,7 +123,8 @@ struct sock_fprog	/* Required for SO_ATTACH_FILTER. */
 #define SKF_AD_IFINDEX 	8
 #define SKF_AD_NLATTR	12
 #define SKF_AD_NLATTR_NEST	16
-#define SKF_AD_MAX	20
+#define SKF_AD_MARK 	20
+#define SKF_AD_MAX	24
 #define SKF_NET_OFF   (-0x100000)
 #define SKF_LL_OFF    (-0x200000)
 

diff --git a/net/core/filter.c b/net/core/filter.c
@@ -303,6 +303,9 @@ unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int
 		case SKF_AD_IFINDEX:
 			A = skb->dev->ifindex;
 			continue;
+		case SKF_AD_MARK:
+			A = skb->mark;
+			continue;
 		case SKF_AD_NLATTR: {
 			struct nlattr *nla;