cls_bpf: introduce integrated actions
authorDaniel Borkmann <daniel@iogearbox.net>
Wed, 16 Sep 2015 06:05:42 +0000 (23:05 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 18 Sep 2015 04:09:06 +0000 (21:09 -0700)
commit045efa82ff563cd4e656ca1c2e354fa5bf6bbda4
tree8a2604aef00d9d40a6eaa877431171c3a38c3663
parentf6c53334d6c6ac7088c2e7e70ff2941bfb33f52e
cls_bpf: introduce integrated actions

Often cls_bpf classifier is used with single action drop attached.
Optimize this use case and let cls_bpf return both classid and action.
For backwards compatibility reasons enable this feature under
TCA_BPF_FLAG_ACT_DIRECT flag.

Then more interesting programs like the following are easier to write:
int cls_bpf_prog(struct __sk_buff *skb)
{
  /* classify arp, ip, ipv6 into different traffic classes
   * and drop all other packets
   */
  switch (skb->protocol) {
  case htons(ETH_P_ARP):
    skb->tc_classid = 1;
    break;
  case htons(ETH_P_IP):
    skb->tc_classid = 2;
    break;
  case htons(ETH_P_IPV6):
    skb->tc_classid = 3;
    break;
  default:
    return TC_ACT_SHOT;
  }

  return TC_ACT_OK;
}

Joint work with Daniel Borkmann.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/sch_generic.h
include/uapi/linux/bpf.h
include/uapi/linux/pkt_cls.h
net/core/filter.c
net/sched/cls_bpf.c