net: filter: split 'struct sk_filter' into socket and bpf parts
clean up names related to socket filtering and bpf in the following way:
- everything that deals with sockets keeps 'sk_*' prefix
- everything that is pure BPF is changed to 'bpf_*' prefix
split 'struct sk_filter' into
struct sk_filter {
atomic_t refcnt;
struct rcu_head rcu;
struct bpf_prog *prog;
};
and
struct bpf_prog {
u32 jited:1,
len:31;
struct sock_fprog_kern *orig_prog;
unsigned int (*bpf_func)(const struct sk_buff *skb,
const struct bpf_insn *filter);
union {
struct sock_filter insns[0];
struct bpf_insn insnsi[0];
struct work_struct work;
};
};
so that 'struct bpf_prog' can be used independent of sockets and cleans up
'unattached' bpf use cases
split SK_RUN_FILTER macro into:
SK_RUN_FILTER to be used with 'struct sk_filter *' and
BPF_PROG_RUN to be used with 'struct bpf_prog *'
__sk_filter_release(struct sk_filter *) gains
__bpf_prog_release(struct bpf_prog *) helper function
also perform related renames for the functions that work
with 'struct bpf_prog *', since they're on the same lines:
sk_filter_size -> bpf_prog_size
sk_filter_select_runtime -> bpf_prog_select_runtime
sk_filter_free -> bpf_prog_free
sk_unattached_filter_create -> bpf_prog_create
sk_unattached_filter_destroy -> bpf_prog_destroy
sk_store_orig_filter -> bpf_prog_store_orig_filter
sk_release_orig_filter -> bpf_release_orig_filter
__sk_migrate_filter -> bpf_migrate_filter
__sk_prepare_filter -> bpf_prepare_filter
API for attaching classic BPF to a socket stays the same:
sk_attach_filter(prog, struct sock *)/sk_detach_filter(struct sock *)
and SK_RUN_FILTER(struct sk_filter *, ctx) to execute a program
which is used by sockets, tun, af_packet
API for 'unattached' BPF programs becomes:
bpf_prog_create(struct bpf_prog **)/bpf_prog_destroy(struct bpf_prog *)
and BPF_PROG_RUN(struct bpf_prog *, ctx) to execute a program
which is used by isdn, ppp, team, seccomp, ptp, xt_bpf, cls_bpf, test_bpf
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Alexei Starovoitov
zatwierdzone przez
David S. Miller
David S. Miller
rodzic
8fb575ca39
commit
7ae457c1e5
@@ -379,12 +379,12 @@ isdn_ppp_release(int min, struct file *file)
|
||||
#endif
|
||||
#ifdef CONFIG_IPPP_FILTER
|
||||
if (is->pass_filter) {
|
||||
sk_unattached_filter_destroy(is->pass_filter);
|
||||
bpf_prog_destroy(is->pass_filter);
|
||||
is->pass_filter = NULL;
|
||||
}
|
||||
|
||||
if (is->active_filter) {
|
||||
sk_unattached_filter_destroy(is->active_filter);
|
||||
bpf_prog_destroy(is->active_filter);
|
||||
is->active_filter = NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -639,12 +639,11 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
|
||||
fprog.filter = code;
|
||||
|
||||
if (is->pass_filter) {
|
||||
sk_unattached_filter_destroy(is->pass_filter);
|
||||
bpf_prog_destroy(is->pass_filter);
|
||||
is->pass_filter = NULL;
|
||||
}
|
||||
if (fprog.filter != NULL)
|
||||
err = sk_unattached_filter_create(&is->pass_filter,
|
||||
&fprog);
|
||||
err = bpf_prog_create(&is->pass_filter, &fprog);
|
||||
else
|
||||
err = 0;
|
||||
kfree(code);
|
||||
@@ -664,12 +663,11 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
|
||||
fprog.filter = code;
|
||||
|
||||
if (is->active_filter) {
|
||||
sk_unattached_filter_destroy(is->active_filter);
|
||||
bpf_prog_destroy(is->active_filter);
|
||||
is->active_filter = NULL;
|
||||
}
|
||||
if (fprog.filter != NULL)
|
||||
err = sk_unattached_filter_create(&is->active_filter,
|
||||
&fprog);
|
||||
err = bpf_prog_create(&is->active_filter, &fprog);
|
||||
else
|
||||
err = 0;
|
||||
kfree(code);
|
||||
@@ -1174,14 +1172,14 @@ isdn_ppp_push_higher(isdn_net_dev *net_dev, isdn_net_local *lp, struct sk_buff *
|
||||
}
|
||||
|
||||
if (is->pass_filter
|
||||
&& SK_RUN_FILTER(is->pass_filter, skb) == 0) {
|
||||
&& BPF_PROG_RUN(is->pass_filter, skb) == 0) {
|
||||
if (is->debug & 0x2)
|
||||
printk(KERN_DEBUG "IPPP: inbound frame filtered.\n");
|
||||
kfree_skb(skb);
|
||||
return;
|
||||
}
|
||||
if (!(is->active_filter
|
||||
&& SK_RUN_FILTER(is->active_filter, skb) == 0)) {
|
||||
&& BPF_PROG_RUN(is->active_filter, skb) == 0)) {
|
||||
if (is->debug & 0x2)
|
||||
printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n");
|
||||
lp->huptimer = 0;
|
||||
@@ -1320,14 +1318,14 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev)
|
||||
}
|
||||
|
||||
if (ipt->pass_filter
|
||||
&& SK_RUN_FILTER(ipt->pass_filter, skb) == 0) {
|
||||
&& BPF_PROG_RUN(ipt->pass_filter, skb) == 0) {
|
||||
if (ipt->debug & 0x4)
|
||||
printk(KERN_DEBUG "IPPP: outbound frame filtered.\n");
|
||||
kfree_skb(skb);
|
||||
goto unlock;
|
||||
}
|
||||
if (!(ipt->active_filter
|
||||
&& SK_RUN_FILTER(ipt->active_filter, skb) == 0)) {
|
||||
&& BPF_PROG_RUN(ipt->active_filter, skb) == 0)) {
|
||||
if (ipt->debug & 0x4)
|
||||
printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n");
|
||||
lp->huptimer = 0;
|
||||
@@ -1517,9 +1515,9 @@ int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp)
|
||||
}
|
||||
|
||||
drop |= is->pass_filter
|
||||
&& SK_RUN_FILTER(is->pass_filter, skb) == 0;
|
||||
&& BPF_PROG_RUN(is->pass_filter, skb) == 0;
|
||||
drop |= is->active_filter
|
||||
&& SK_RUN_FILTER(is->active_filter, skb) == 0;
|
||||
&& BPF_PROG_RUN(is->active_filter, skb) == 0;
|
||||
|
||||
skb_push(skb, IPPP_MAX_HEADER - 4);
|
||||
return drop;
|
||||
|
||||
Reference in New Issue
Block a user