]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83187b0) | patch
netfilter: x_tables: add xt_bpf match
authorWillem de Bruijn <willemb@google.com>
Fri, 18 Jan 2013 07:17:30 +0000 (07:17 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 21 Jan 2013 11:20:19 +0000 (12:20 +0100)
commit2e3ed02a9a3d0572724502405a5779a81f03baf3
treee7be56bbf797e1632d65cbb98f9f557b2bf1a2e8tree | snapshot
parent83187b0abc6d5210bfa08aa5f852a5d097fc903bcommit | diff
netfilter: x_tables: add xt_bpf match

Support arbitrary linux socket filter (BPF) programs as x_tables
match rules. This allows for very expressive filters, and on
platforms with BPF JIT appears competitive with traditional
hardcoded iptables rules using the u32 match.

The size of the filter has been artificially limited to 64
instructions maximum to avoid bloating the size of each rule
using this new match.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/xt_bpf.h [new file with mode: 0644] blob
net/netfilter/Kconfig diff | blob | history
net/netfilter/Makefile diff | blob | history
net/netfilter/xt_bpf.c [new file with mode: 0644] blob
Linux Kernel Source Tree.