#include <linux/atomic.h>
#include <linux/compat.h>
#include <uapi/linux/filter.h>

Data Structures
struct	sk_filter

Macros
#define	SK_RUN_FILTER(FILTER, SKB) sk_run_filter(SKB, FILTER->insns)

Enumerations
enum	{ BPF_S_RET_K = 1, BPF_S_RET_A, BPF_S_ALU_ADD_K, BPF_S_ALU_ADD_X, BPF_S_ALU_SUB_K, BPF_S_ALU_SUB_X, BPF_S_ALU_MUL_K, BPF_S_ALU_MUL_X, BPF_S_ALU_DIV_X, BPF_S_ALU_MOD_K, BPF_S_ALU_MOD_X, BPF_S_ALU_AND_K, BPF_S_ALU_AND_X, BPF_S_ALU_OR_K, BPF_S_ALU_OR_X, BPF_S_ALU_XOR_K, BPF_S_ALU_XOR_X, BPF_S_ALU_LSH_K, BPF_S_ALU_LSH_X, BPF_S_ALU_RSH_K, BPF_S_ALU_RSH_X, BPF_S_ALU_NEG, BPF_S_LD_W_ABS, BPF_S_LD_H_ABS, BPF_S_LD_B_ABS, BPF_S_LD_W_LEN, BPF_S_LD_W_IND, BPF_S_LD_H_IND, BPF_S_LD_B_IND, BPF_S_LD_IMM, BPF_S_LDX_W_LEN, BPF_S_LDX_B_MSH, BPF_S_LDX_IMM, BPF_S_MISC_TAX, BPF_S_MISC_TXA, BPF_S_ALU_DIV_K, BPF_S_LD_MEM, BPF_S_LDX_MEM, BPF_S_ST, BPF_S_STX, BPF_S_JMP_JA, BPF_S_JMP_JEQ_K, BPF_S_JMP_JEQ_X, BPF_S_JMP_JGE_K, BPF_S_JMP_JGE_X, BPF_S_JMP_JGT_K, BPF_S_JMP_JGT_X, BPF_S_JMP_JSET_K, BPF_S_JMP_JSET_X, BPF_S_ANC_PROTOCOL, BPF_S_ANC_PKTTYPE, BPF_S_ANC_IFINDEX, BPF_S_ANC_NLATTR, BPF_S_ANC_NLATTR_NEST, BPF_S_ANC_MARK, BPF_S_ANC_QUEUE, BPF_S_ANC_HATYPE, BPF_S_ANC_RXHASH, BPF_S_ANC_CPU, BPF_S_ANC_ALU_XOR_X, BPF_S_ANC_SECCOMP_LD_W }

Functions
int	sk_filter (struct sock sk, struct sk_buff skb)

unsigned int	sk_run_filter (const struct sk_buff skb, const struct sock_filter filter)

int	sk_unattached_filter_create (struct sk_filter *pfp, struct sock_fprog fprog)

void	sk_unattached_filter_destroy (struct sk_filter *fp)

int	sk_attach_filter (struct sock_fprog fprog, struct sock sk)

int	sk_detach_filter (struct sock *sk)

int	sk_chk_filter (struct sock_filter *filter, unsigned int flen)

Macro Definition Documentation

#define SK_RUN_FILTER	(	FILTER,
		SKB
	)	sk_run_filter(SKB, FILTER->insns)

Definition at line 60 of file filter.h.

Enumeration Type Documentation

anonymous enum

Enumerator:

BPF_S_RET_K
BPF_S_RET_A
BPF_S_ALU_ADD_K
BPF_S_ALU_ADD_X
BPF_S_ALU_SUB_K
BPF_S_ALU_SUB_X
BPF_S_ALU_MUL_K
BPF_S_ALU_MUL_X
BPF_S_ALU_DIV_X
BPF_S_ALU_MOD_K
BPF_S_ALU_MOD_X
BPF_S_ALU_AND_K
BPF_S_ALU_AND_X
BPF_S_ALU_OR_K
BPF_S_ALU_OR_X
BPF_S_ALU_XOR_K
BPF_S_ALU_XOR_X
BPF_S_ALU_LSH_K
BPF_S_ALU_LSH_X
BPF_S_ALU_RSH_K
BPF_S_ALU_RSH_X
BPF_S_ALU_NEG
BPF_S_LD_W_ABS
BPF_S_LD_H_ABS
BPF_S_LD_B_ABS
BPF_S_LD_W_LEN
BPF_S_LD_W_IND
BPF_S_LD_H_IND
BPF_S_LD_B_IND
BPF_S_LD_IMM
BPF_S_LDX_W_LEN
BPF_S_LDX_B_MSH
BPF_S_LDX_IMM
BPF_S_MISC_TAX
BPF_S_MISC_TXA
BPF_S_ALU_DIV_K
BPF_S_LD_MEM
BPF_S_LDX_MEM
BPF_S_ST
BPF_S_STX
BPF_S_JMP_JA
BPF_S_JMP_JEQ_K
BPF_S_JMP_JEQ_X
BPF_S_JMP_JGE_K
BPF_S_JMP_JGE_X
BPF_S_JMP_JGT_K
BPF_S_JMP_JGT_X
BPF_S_JMP_JSET_K
BPF_S_JMP_JSET_X
BPF_S_ANC_PROTOCOL
BPF_S_ANC_PKTTYPE
BPF_S_ANC_IFINDEX
BPF_S_ANC_NLATTR
BPF_S_ANC_NLATTR_NEST
BPF_S_ANC_MARK
BPF_S_ANC_QUEUE
BPF_S_ANC_HATYPE
BPF_S_ANC_RXHASH
BPF_S_ANC_CPU
BPF_S_ANC_ALU_XOR_X
BPF_S_ANC_SECCOMP_LD_W

Definition at line 63 of file filter.h.

Function Documentation

int sk_attach_filter	(	struct sock_fprog *	fprog,
		struct sock *	sk
	)

sk_attach_filter - attach a socket filter : the filter program : the socket to use

Attach the user's filter code. We first run some sanity checks on it to make sure it does not explode on us later. If an error occurs or there is insufficient memory for the filter a negative errno code is returned. On success the return is zero.

Definition at line 702 of file filter.c.

int sk_chk_filter	(	struct sock_filter *	filter,
		unsigned int	flen
	)

sk_chk_filter - verify socket filter code : filter to verify : length of filter

Check the user's filter code. If we let some ugly filter code slip through kaboom! The filter must contain no references or jumps that are out of range, no illegal instructions, and must end with a RET instruction.

All jumps are forward as they are not signed.

Returns 0 if the rule set is legal or -EINVAL if not.

Definition at line 470 of file filter.c.

int sk_detach_filter ( struct sock * sk )

Definition at line 739 of file filter.c.

int sk_filter	(	struct sock *	sk,
		struct sk_buff *	skb
	)

sk_filter - run a packet through a socket filter : sock associated with &sk_buff : buffer to filter

Run the filter code and then cut skb->data to correct size returned by sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller than pkt_len we keep whole skb->data. This is the socket level wrapper to sk_run_filter. It returns 0 if the packet should be accepted or -EPERM if the packet should be tossed.

Definition at line 81 of file filter.c.

unsigned int sk_run_filter	(	const struct sk_buff *	skb,
		const struct sock_filter *	fentry
	)

sk_run_filter - run a filter on a socket : buffer to run the filter on : filter to apply

Decode and apply filter instructions to the skb->data. Return length to keep, 0 for none. is the data we are filtering, is the array of filter instructions. Because all jumps are guaranteed to be before last instruction, and last instruction guaranteed to be a RET, we dont need to check flen. (We used to pass to this function the length of filter)

Definition at line 123 of file filter.c.

int sk_unattached_filter_create	(	struct sk_filter **	pfp,
		struct sock_fprog *	fprog
	)

sk_unattached_filter_create - create an unattached filter : the filter program : the unattached filter that is created

Create a filter independent of any socket. We first run some sanity checks on it to make sure it does not explode on us later. If an error occurs or there is insufficient memory for the filter a negative errno code is returned. On success the return is zero.

Definition at line 655 of file filter.c.

void sk_unattached_filter_destroy ( struct sk_filter * fp )

Definition at line 686 of file filter.c.

Data Structures

Macros

Enumerations

Functions

Macro Definition Documentation

Enumeration Type Documentation

Function Documentation