diff options
author | Daniel Borkmann <daniel@iogearbox.net> | 2015-09-15 23:05:42 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-09-17 21:09:06 -0700 |
commit | 045efa82ff563cd4e656ca1c2e354fa5bf6bbda4 (patch) | |
tree | 8a2604aef00d9d40a6eaa877431171c3a38c3663 /net/xfrm | |
parent | f6c53334d6c6ac7088c2e7e70ff2941bfb33f52e (diff) | |
download | linux-045efa82ff563cd4e656ca1c2e354fa5bf6bbda4.tar.gz linux-045efa82ff563cd4e656ca1c2e354fa5bf6bbda4.tar.bz2 linux-045efa82ff563cd4e656ca1c2e354fa5bf6bbda4.zip |
cls_bpf: introduce integrated actions
Often cls_bpf classifier is used with single action drop attached.
Optimize this use case and let cls_bpf return both classid and action.
For backwards compatibility reasons enable this feature under
TCA_BPF_FLAG_ACT_DIRECT flag.
Then more interesting programs like the following are easier to write:
int cls_bpf_prog(struct __sk_buff *skb)
{
/* classify arp, ip, ipv6 into different traffic classes
* and drop all other packets
*/
switch (skb->protocol) {
case htons(ETH_P_ARP):
skb->tc_classid = 1;
break;
case htons(ETH_P_IP):
skb->tc_classid = 2;
break;
case htons(ETH_P_IPV6):
skb->tc_classid = 3;
break;
default:
return TC_ACT_SHOT;
}
return TC_ACT_OK;
}
Joint work with Daniel Borkmann.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
0 files changed, 0 insertions, 0 deletions