#include <linux/module.h>
#include <linux/types.h>
#include <linux/mm.h>
#include <linux/fcntl.h>
#include <linux/socket.h>
#include <linux/in.h>
#include <linux/inet.h>
#include <linux/netdevice.h>
#include <linux/if_packet.h>
#include <linux/gfp.h>
#include <net/ip.h>
#include <net/protocol.h>
#include <net/netlink.h>
#include <linux/skbuff.h>
#include <net/sock.h>
#include <linux/errno.h>
#include <linux/timer.h>
#include <asm/uaccess.h>
#include <asm/unaligned.h>
#include <linux/filter.h>
#include <linux/reciprocal_div.h>
#include <linux/ratelimit.h>
#include <linux/seccomp.h>
Go to the source code of this file.
#define ANCILLARY |
( |
|
CODE | ) |
|
Value:
code = BPF_S_ANC_##CODE; \
break
sk_attach_filter - attach a socket filter : the filter program : the socket to use
Attach the user's filter code. We first run some sanity checks on it to make sure it does not explode on us later. If an error occurs or there is insufficient memory for the filter a negative errno code is returned. On success the return is zero.
Definition at line 702 of file filter.c.
sk_chk_filter - verify socket filter code : filter to verify : length of filter
Check the user's filter code. If we let some ugly filter code slip through kaboom! The filter must contain no references or jumps that are out of range, no illegal instructions, and must end with a RET instruction.
All jumps are forward as they are not signed.
Returns 0 if the rule set is legal or -EINVAL if not.
Definition at line 470 of file filter.c.
sk_filter - run a packet through a socket filter : sock associated with &sk_buff : buffer to filter
Run the filter code and then cut skb->data to correct size returned by sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller than pkt_len we keep whole skb->data. This is the socket level wrapper to sk_run_filter. It returns 0 if the packet should be accepted or -EPERM if the packet should be tossed.
Definition at line 81 of file filter.c.
sk_filter_release_rcu - Release a socket filter by rcu_head : rcu_head that contains the sk_filter to free
Definition at line 622 of file filter.c.
sk_run_filter - run a filter on a socket : buffer to run the filter on : filter to apply
Decode and apply filter instructions to the skb->data. Return length to keep, 0 for none. is the data we are filtering, is the array of filter instructions. Because all jumps are guaranteed to be before last instruction, and last instruction guaranteed to be a RET, we dont need to check flen. (We used to pass to this function the length of filter)
Definition at line 123 of file filter.c.
sk_unattached_filter_create - create an unattached filter : the filter program : the unattached filter that is created
Create a filter independent of any socket. We first run some sanity checks on it to make sure it does not explode on us later. If an error occurs or there is insufficient memory for the filter a negative errno code is returned. On success the return is zero.
Definition at line 655 of file filter.c.