diff options
author | Eric Dumazet <edumazet@google.com> | 2012-10-27 02:26:17 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-10-31 14:00:15 -0400 |
commit | f3335031b9452baebfe49b8b5e55d3fe0c4677d1 (patch) | |
tree | c73f4d2827d3b58b4866488a35b4b462e52713ba /net | |
parent | 0f6ae8f14e7a6a068e9a98a0d3484ffa6bf2c6bb (diff) | |
download | linux-f3335031b9452baebfe49b8b5e55d3fe0c4677d1.tar.gz linux-f3335031b9452baebfe49b8b5e55d3fe0c4677d1.tar.bz2 linux-f3335031b9452baebfe49b8b5e55d3fe0c4677d1.zip |
net: filter: add vlan tag access
BPF filters lack ability to access skb->vlan_tci
This patch adds two new ancillary accessors :
SKF_AD_VLAN_TAG (44) mapped to vlan_tx_tag_get(skb)
SKF_AD_VLAN_TAG_PRESENT (48) mapped to vlan_tx_tag_present(skb)
This allows libpcap/tcpdump to use a kernel filter instead of
having to fallback to accept all packets, then filter them in
user space.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Suggested-by: Ani Sinha <ani@aristanetworks.com>
Suggested-by: Daniel Borkmann <danborkmann@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/core/filter.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 3d92ebb7fbcf..5a114d41bf11 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -39,6 +39,7 @@ #include <linux/reciprocal_div.h> #include <linux/ratelimit.h> #include <linux/seccomp.h> +#include <linux/if_vlan.h> /* No hurry in this branch * @@ -341,6 +342,12 @@ load_b: case BPF_S_ANC_CPU: A = raw_smp_processor_id(); continue; + case BPF_S_ANC_VLAN_TAG: + A = vlan_tx_tag_get(skb); + continue; + case BPF_S_ANC_VLAN_TAG_PRESENT: + A = !!vlan_tx_tag_present(skb); + continue; case BPF_S_ANC_NLATTR: { struct nlattr *nla; @@ -600,6 +607,8 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) ANCILLARY(RXHASH); ANCILLARY(CPU); ANCILLARY(ALU_XOR_X); + ANCILLARY(VLAN_TAG); + ANCILLARY(VLAN_TAG_PRESENT); } } ftest->code = code; |