diff options
| author | Willem de Bruijn | 2013-01-18 08:17:30 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2013-01-21 12:20:19 +0100 |
| commit | e6f30c731718db45cec380964dfee210307cfc4a (patch) | |
| tree | e7be56bbf797e1632d65cbb98f9f557b2bf1a2e8 /net/netfilter/Makefile | |
| parent | netfilter: nf_ct_snmp: add include file (diff) | |
| download | kernel-qcow2-linux-e6f30c731718db45cec380964dfee210307cfc4a.tar.gz kernel-qcow2-linux-e6f30c731718db45cec380964dfee210307cfc4a.tar.xz kernel-qcow2-linux-e6f30c731718db45cec380964dfee210307cfc4a.zip | |
netfilter: x_tables: add xt_bpf match
Support arbitrary linux socket filter (BPF) programs as x_tables
match rules. This allows for very expressive filters, and on
platforms with BPF JIT appears competitive with traditional
hardcoded iptables rules using the u32 match.
The size of the filter has been artificially limited to 64
instructions maximum to avoid bloating the size of each rule
using this new match.
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/Makefile')
| -rw-r--r-- | net/netfilter/Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index b3bbda60945e..a1abf87d43bf 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile @@ -99,6 +99,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o # matches obj-$(CONFIG_NETFILTER_XT_MATCH_ADDRTYPE) += xt_addrtype.o +obj-$(CONFIG_NETFILTER_XT_MATCH_BPF) += xt_bpf.o obj-$(CONFIG_NETFILTER_XT_MATCH_CLUSTER) += xt_cluster.o obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o obj-$(CONFIG_NETFILTER_XT_MATCH_CONNBYTES) += xt_connbytes.o |