| Age | Commit message (Collapse) | Author |
|---|
|
Adds meta collectors for all socket attributes that make sense
to be filtered upon. Some of them are only useful for debugging
but having them doesn't hurt.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The meta ematch allows comparing various metadata values against
static values from usersapce or other metadata values. It currently
supports various numeric meta values such as netfilter mark, packet
length, security level, interface indices, tc classid, load average,
a random value but also variable length values such as interface
names. Adding support for additional meta values is as easy as
writing a data collector (usually 1-5 lines of code) and assign it
to a id and type by putting it into the meta operations table.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The nbyte ematch allows comparing any number of bytes at an arbitary
offset based on one of the skb layers. Its main usage is intended
for IPv6 addresses but may be used for any kind of pattern.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The cmp ematch compares a static value provided by userspace against
a 8, 16, or 32bit chunk read from the packet. The reading offset is
provided by userspace and based on one of the skb layers (mac|nh|h).
The ematch provides functionality to transform the byte order of
the chunk and/or apply a mask and understands the operands eq, lt,
and gt. Basically, it is very similiar to the u32 (e)match but tries
filling the gaps left behind.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
