Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Macros | Functions
filter.c File Reference
#include <linux/module.h>
#include <linux/types.h>
#include <linux/mm.h>
#include <linux/fcntl.h>
#include <linux/socket.h>
#include <linux/in.h>
#include <linux/inet.h>
#include <linux/netdevice.h>
#include <linux/if_packet.h>
#include <linux/gfp.h>
#include <net/ip.h>
#include <net/protocol.h>
#include <net/netlink.h>
#include <linux/skbuff.h>
#include <net/sock.h>
#include <linux/errno.h>
#include <linux/timer.h>
#include <asm/uaccess.h>
#include <asm/unaligned.h>
#include <linux/filter.h>
#include <linux/reciprocal_div.h>
#include <linux/ratelimit.h>
#include <linux/seccomp.h>

Go to the source code of this file.

Macros

#define ANCILLARY(CODE)
 

Functions

voidbpf_internal_load_pointer_neg_helper (const struct sk_buff *skb, int k, unsigned int size)
 
int sk_filter (struct sock *sk, struct sk_buff *skb)
 
 EXPORT_SYMBOL (sk_filter)
 
unsigned int sk_run_filter (const struct sk_buff *skb, const struct sock_filter *fentry)
 
 EXPORT_SYMBOL (sk_run_filter)
 
int sk_chk_filter (struct sock_filter *filter, unsigned int flen)
 
 EXPORT_SYMBOL (sk_chk_filter)
 
void sk_filter_release_rcu (struct rcu_head *rcu)
 
 EXPORT_SYMBOL (sk_filter_release_rcu)
 
int sk_unattached_filter_create (struct sk_filter **pfp, struct sock_fprog *fprog)
 
 EXPORT_SYMBOL_GPL (sk_unattached_filter_create)
 
void sk_unattached_filter_destroy (struct sk_filter *fp)
 
 EXPORT_SYMBOL_GPL (sk_unattached_filter_destroy)
 
int sk_attach_filter (struct sock_fprog *fprog, struct sock *sk)
 
 EXPORT_SYMBOL_GPL (sk_attach_filter)
 
int sk_detach_filter (struct sock *sk)
 
 EXPORT_SYMBOL_GPL (sk_detach_filter)
 

Macro Definition Documentation

#define ANCILLARY (   CODE)
Value:
case SKF_AD_OFF + SKF_AD_##CODE: \
code = BPF_S_ANC_##CODE; \
break

Function Documentation

void* bpf_internal_load_pointer_neg_helper ( const struct sk_buff skb,
int  k,
unsigned int  size 
)

Definition at line 47 of file filter.c.

EXPORT_SYMBOL ( sk_filter  )
EXPORT_SYMBOL ( sk_run_filter  )
EXPORT_SYMBOL ( sk_chk_filter  )
EXPORT_SYMBOL ( sk_filter_release_rcu  )
EXPORT_SYMBOL_GPL ( sk_unattached_filter_create  )
EXPORT_SYMBOL_GPL ( sk_unattached_filter_destroy  )
EXPORT_SYMBOL_GPL ( sk_attach_filter  )
EXPORT_SYMBOL_GPL ( sk_detach_filter  )
int sk_attach_filter ( struct sock_fprog fprog,
struct sock sk 
)

sk_attach_filter - attach a socket filter : the filter program : the socket to use

Attach the user's filter code. We first run some sanity checks on it to make sure it does not explode on us later. If an error occurs or there is insufficient memory for the filter a negative errno code is returned. On success the return is zero.

Definition at line 702 of file filter.c.

int sk_chk_filter ( struct sock_filter filter,
unsigned int  flen 
)

sk_chk_filter - verify socket filter code : filter to verify : length of filter

Check the user's filter code. If we let some ugly filter code slip through kaboom! The filter must contain no references or jumps that are out of range, no illegal instructions, and must end with a RET instruction.

All jumps are forward as they are not signed.

Returns 0 if the rule set is legal or -EINVAL if not.

Definition at line 470 of file filter.c.

int sk_detach_filter ( struct sock sk)

Definition at line 739 of file filter.c.

int sk_filter ( struct sock sk,
struct sk_buff skb 
)

sk_filter - run a packet through a socket filter : sock associated with &sk_buff : buffer to filter

Run the filter code and then cut skb->data to correct size returned by sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller than pkt_len we keep whole skb->data. This is the socket level wrapper to sk_run_filter. It returns 0 if the packet should be accepted or -EPERM if the packet should be tossed.

Definition at line 81 of file filter.c.

void sk_filter_release_rcu ( struct rcu_head rcu)

sk_filter_release_rcu - Release a socket filter by rcu_head : rcu_head that contains the sk_filter to free

Definition at line 622 of file filter.c.

unsigned int sk_run_filter ( const struct sk_buff skb,
const struct sock_filter fentry 
)

sk_run_filter - run a filter on a socket : buffer to run the filter on : filter to apply

Decode and apply filter instructions to the skb->data. Return length to keep, 0 for none. is the data we are filtering, is the array of filter instructions. Because all jumps are guaranteed to be before last instruction, and last instruction guaranteed to be a RET, we dont need to check flen. (We used to pass to this function the length of filter)

Definition at line 123 of file filter.c.

int sk_unattached_filter_create ( struct sk_filter **  pfp,
struct sock_fprog fprog 
)

sk_unattached_filter_create - create an unattached filter : the filter program : the unattached filter that is created

Create a filter independent of any socket. We first run some sanity checks on it to make sure it does not explode on us later. If an error occurs or there is insufficient memory for the filter a negative errno code is returned. On success the return is zero.

Definition at line 655 of file filter.c.

void sk_unattached_filter_destroy ( struct sk_filter fp)

Definition at line 686 of file filter.c.

Generated on Thu Jan 10 2013 15:40:07 for Linux Kernel by   doxygen 1.8.2