projects / cascardo / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a406b0) | patch
netfilter: x_tables: add xt_bpf match
authorWillem de Bruijn <willemb@google.com>
Fri, 18 Jan 2013 07:17:30 +0000 (07:17 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 21 Jan 2013 11:20:19 +0000 (12:20 +0100)
commite6f30c731718db45cec380964dfee210307cfc4a
treee7be56bbf797e1632d65cbb98f9f557b2bf1a2e8tree | snapshot
parent5a406b0cdfa948c7d949b270374737b17ee1679fcommit | diff
netfilter: x_tables: add xt_bpf match

Support arbitrary linux socket filter (BPF) programs as x_tables
match rules. This allows for very expressive filters, and on
platforms with BPF JIT appears competitive with traditional
hardcoded iptables rules using the u32 match.

The size of the filter has been artificially limited to 64
instructions maximum to avoid bloating the size of each rule
using this new match.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/xt_bpf.h [new file with mode: 0644] blob
net/netfilter/Kconfig diff | blob | history
net/netfilter/Makefile diff | blob | history
net/netfilter/xt_bpf.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.