diff options
| author | Daniel Borkmann <daniel@iogearbox.net> | 2015-09-16 02:05:42 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-09-18 00:09:06 -0400 |
| commit | 045efa82ff563cd4e656ca1c2e354fa5bf6bbda4 (patch) | |
| tree | 8a2604aef00d9d40a6eaa877431171c3a38c3663 /include | |
| parent | f6c53334d6c6ac7088c2e7e70ff2941bfb33f52e (diff) | |
cls_bpf: introduce integrated actions
Often cls_bpf classifier is used with single action drop attached.
Optimize this use case and let cls_bpf return both classid and action.
For backwards compatibility reasons enable this feature under
TCA_BPF_FLAG_ACT_DIRECT flag.
Then more interesting programs like the following are easier to write:
int cls_bpf_prog(struct __sk_buff *skb)
{
/* classify arp, ip, ipv6 into different traffic classes
* and drop all other packets
*/
switch (skb->protocol) {
case htons(ETH_P_ARP):
skb->tc_classid = 1;
break;
case htons(ETH_P_IP):
skb->tc_classid = 2;
break;
case htons(ETH_P_IPV6):
skb->tc_classid = 3;
break;
default:
return TC_ACT_SHOT;
}
return TC_ACT_OK;
}
Joint work with Daniel Borkmann.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/sch_generic.h | 2 | ||||
| -rw-r--r-- | include/uapi/linux/bpf.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/pkt_cls.h | 3 |
3 files changed, 5 insertions, 1 deletions
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h index 444faa89a55f..da61febb9091 100644 --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h | |||
| @@ -251,7 +251,7 @@ struct tcf_proto { | |||
| 251 | struct qdisc_skb_cb { | 251 | struct qdisc_skb_cb { |
| 252 | unsigned int pkt_len; | 252 | unsigned int pkt_len; |
| 253 | u16 slave_dev_queue_mapping; | 253 | u16 slave_dev_queue_mapping; |
| 254 | u16 _pad; | 254 | u16 tc_classid; |
| 255 | #define QDISC_CB_PRIV_LEN 20 | 255 | #define QDISC_CB_PRIV_LEN 20 |
| 256 | unsigned char data[QDISC_CB_PRIV_LEN]; | 256 | unsigned char data[QDISC_CB_PRIV_LEN]; |
| 257 | }; | 257 | }; |
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 92a48e2d5461..2fbd1c71fa3b 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h | |||
| @@ -293,6 +293,7 @@ struct __sk_buff { | |||
| 293 | __u32 tc_index; | 293 | __u32 tc_index; |
| 294 | __u32 cb[5]; | 294 | __u32 cb[5]; |
| 295 | __u32 hash; | 295 | __u32 hash; |
| 296 | __u32 tc_classid; | ||
| 296 | }; | 297 | }; |
| 297 | 298 | ||
| 298 | struct bpf_tunnel_key { | 299 | struct bpf_tunnel_key { |
diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h index 4f0d1bc3647d..0a262a83f9d4 100644 --- a/include/uapi/linux/pkt_cls.h +++ b/include/uapi/linux/pkt_cls.h | |||
| @@ -373,6 +373,8 @@ enum { | |||
| 373 | 373 | ||
| 374 | /* BPF classifier */ | 374 | /* BPF classifier */ |
| 375 | 375 | ||
| 376 | #define TCA_BPF_FLAG_ACT_DIRECT (1 << 0) | ||
| 377 | |||
| 376 | enum { | 378 | enum { |
| 377 | TCA_BPF_UNSPEC, | 379 | TCA_BPF_UNSPEC, |
| 378 | TCA_BPF_ACT, | 380 | TCA_BPF_ACT, |
| @@ -382,6 +384,7 @@ enum { | |||
| 382 | TCA_BPF_OPS, | 384 | TCA_BPF_OPS, |
| 383 | TCA_BPF_FD, | 385 | TCA_BPF_FD, |
| 384 | TCA_BPF_NAME, | 386 | TCA_BPF_NAME, |
| 387 | TCA_BPF_FLAGS, | ||
| 385 | __TCA_BPF_MAX, | 388 | __TCA_BPF_MAX, |
| 386 | }; | 389 | }; |
| 387 | 390 | ||