pkt_sched: ingress socket filter by mark

Allow bpf to set a filter to drop packets that dont
match a specific mark

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/linux/filter.h b/include/linux/filter.h
index 1354aaf..909193e 100644 (file)
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -123,7 +123,8 @@ struct sock_fprog   /* Required for SO_ATTACH_FILTER. */
 #define SKF_AD_IFINDEX         8
 #define SKF_AD_NLATTR  12
 #define SKF_AD_NLATTR_NEST     16
-#define SKF_AD_MAX     20
+#define SKF_AD_MARK    20
+#define SKF_AD_MAX     24
 #define SKF_NET_OFF   (-0x100000)
 #define SKF_LL_OFF    (-0x200000)
 

diff --git a/net/core/filter.c b/net/core/filter.c
index d1d779c..e3987e1 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -303,6 +303,9 @@ load_b:
                case SKF_AD_IFINDEX:
                        A = skb->dev->ifindex;
                        continue;
+               case SKF_AD_MARK:
+                       A = skb->mark;
+                       continue;
                case SKF_AD_NLATTR: {
                        struct nlattr *nla;