diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/filter.h | 1 | ||||
-rw-r--r-- | include/net/sock.h | 35 |
2 files changed, 1 insertions, 35 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index bfc5d319b946..673e5677ebcc 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h | |||
@@ -142,6 +142,7 @@ static inline unsigned int sk_filter_len(const struct sk_filter *fp) | |||
142 | struct sk_buff; | 142 | struct sk_buff; |
143 | struct sock; | 143 | struct sock; |
144 | 144 | ||
145 | extern int sk_filter(struct sock *sk, struct sk_buff *skb); | ||
145 | extern unsigned int sk_run_filter(struct sk_buff *skb, | 146 | extern unsigned int sk_run_filter(struct sk_buff *skb, |
146 | struct sock_filter *filter, int flen); | 147 | struct sock_filter *filter, int flen); |
147 | extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); | 148 | extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); |
diff --git a/include/net/sock.h b/include/net/sock.h index f4fdd101c9a2..09255eae93e9 100644 --- a/include/net/sock.h +++ b/include/net/sock.h | |||
@@ -928,41 +928,6 @@ extern void sk_common_release(struct sock *sk); | |||
928 | extern void sock_init_data(struct socket *sock, struct sock *sk); | 928 | extern void sock_init_data(struct socket *sock, struct sock *sk); |
929 | 929 | ||
930 | /** | 930 | /** |
931 | * sk_filter - run a packet through a socket filter | ||
932 | * @sk: sock associated with &sk_buff | ||
933 | * @skb: buffer to filter | ||
934 | * @needlock: set to 1 if the sock is not locked by caller. | ||
935 | * | ||
936 | * Run the filter code and then cut skb->data to correct size returned by | ||
937 | * sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller | ||
938 | * than pkt_len we keep whole skb->data. This is the socket level | ||
939 | * wrapper to sk_run_filter. It returns 0 if the packet should | ||
940 | * be accepted or -EPERM if the packet should be tossed. | ||
941 | * | ||
942 | */ | ||
943 | |||
944 | static inline int sk_filter(struct sock *sk, struct sk_buff *skb) | ||
945 | { | ||
946 | int err; | ||
947 | struct sk_filter *filter; | ||
948 | |||
949 | err = security_sock_rcv_skb(sk, skb); | ||
950 | if (err) | ||
951 | return err; | ||
952 | |||
953 | rcu_read_lock_bh(); | ||
954 | filter = rcu_dereference(sk->sk_filter); | ||
955 | if (filter) { | ||
956 | unsigned int pkt_len = sk_run_filter(skb, filter->insns, | ||
957 | filter->len); | ||
958 | err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM; | ||
959 | } | ||
960 | rcu_read_unlock_bh(); | ||
961 | |||
962 | return err; | ||
963 | } | ||
964 | |||
965 | /** | ||
966 | * sk_filter_release: Release a socket filter | 931 | * sk_filter_release: Release a socket filter |
967 | * @sk: socket | 932 | * @sk: socket |
968 | * @fp: filter to remove | 933 | * @fp: filter to remove |