• Daniel Borkmann's avatar
    cls_bpf: introduce integrated actions · 045efa82
    Daniel Borkmann authored
    Often cls_bpf classifier is used with single action drop attached.
    Optimize this use case and let cls_bpf return both classid and action.
    For backwards compatibility reasons enable this feature under
    TCA_BPF_FLAG_ACT_DIRECT flag.
    
    Then more interesting programs like the following are easier to write:
    int cls_bpf_prog(struct __sk_buff *skb)
    {
      /* classify arp, ip, ipv6 into different traffic classes
       * and drop all other packets
       */
      switch (skb->protocol) {
      case htons(ETH_P_ARP):
        skb->tc_classid = 1;
        break;
      case htons(ETH_P_IP):
        skb->tc_classid = 2;
        break;
      case htons(ETH_P_IPV6):
        skb->tc_classid = 3;
        break;
      default:
        return TC_ACT_SHOT;
      }
    
      return TC_ACT_OK;
    }
    
    Joint work with Daniel Borkmann.
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    045efa82
cls_bpf.c 11.6 KB