* [PATCH 1/2] net: export attach/detach filter routines
[not found] <cover.1266144917.git.mst@redhat.com>
@ 2010-02-14 11:01 ` Michael S. Tsirkin
2010-02-14 11:01 ` [PATCH 2/2] tun: socket filter support Michael S. Tsirkin
1 sibling, 0 replies; 5+ messages in thread
From: Michael S. Tsirkin @ 2010-02-14 11:01 UTC (permalink / raw)
Cc: David S. Miller, Herbert Xu, Michael S. Tsirkin, Paul Moore,
David Woodhouse, Sridhar Samudrala, netdev, linux-kernel
Export sk_attach_filter/sk_detach_filter routines,
so that tun module can use them.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
net/core/filter.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index 4e0712a..08e40f3 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -530,6 +530,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)
sk_filter_delayed_uncharge(sk, old_fp);
return 0;
}
+EXPORT_SYMBOL_GPL(sk_attach_filter);
int sk_detach_filter(struct sock *sk)
{
@@ -546,3 +547,4 @@ int sk_detach_filter(struct sock *sk)
rcu_read_unlock_bh();
return ret;
}
+EXPORT_SYMBOL_GPL(sk_detach_filter);
--
1.6.6.144.g5c3af
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] tun: socket filter support
[not found] <cover.1266144917.git.mst@redhat.com>
2010-02-14 11:01 ` [PATCH 1/2] net: export attach/detach filter routines Michael S. Tsirkin
@ 2010-02-14 11:01 ` Michael S. Tsirkin
2010-02-15 15:24 ` Patrick McHardy
1 sibling, 1 reply; 5+ messages in thread
From: Michael S. Tsirkin @ 2010-02-14 11:01 UTC (permalink / raw)
Cc: David S. Miller, Herbert Xu, Michael S. Tsirkin, Paul Moore,
David Woodhouse, Sridhar Samudrala, netdev, linux-kernel
This patch adds Linux Socket Filter support to
tun driver.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
drivers/net/tun.c | 26 ++++++++++++++++++++++++++
include/linux/if_tun.h | 3 +++
2 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 5adb3d1..ce1efa4 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -61,6 +61,7 @@
#include <linux/crc32.h>
#include <linux/nsproxy.h>
#include <linux/virtio_net.h>
+#include <linux/rcupdate.h>
#include <net/net_namespace.h>
#include <net/netns/generic.h>
#include <net/rtnetlink.h>
@@ -366,6 +367,10 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev)
if (!check_filter(&tun->txflt, skb))
goto drop;
+ if (tun->socket.sk->sk_filter &&
+ sk_filter(tun->socket.sk, skb))
+ goto drop;
+
if (skb_queue_len(&tun->socket.sk->sk_receive_queue) >= dev->tx_queue_len) {
if (!(tun->flags & TUN_ONE_QUEUE)) {
/* Normal queueing mode. */
@@ -1162,6 +1167,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
void __user* argp = (void __user*)arg;
+ struct sock_fprog fprog;
struct ifreq ifr;
int sndbuf;
int ret;
@@ -1309,6 +1315,26 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
tun->socket.sk->sk_sndbuf = sndbuf;
break;
+ case TUNATTACHFILTER:
+ /* Can be set only for TAPs */
+ ret = -EINVAL;
+ if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
+ break;
+ ret = -EFAULT;
+ if (copy_from_user(&fprog, argp, sizeof(fprog)))
+ break;
+
+ ret = sk_attach_filter(&fprog, tun->socket.sk);
+ break;
+
+ case TUNDETACHFILTER:
+ /* Can be set only for TAPs */
+ ret = -EINVAL;
+ if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
+ break;
+ ret = sk_detach_filter(tun->socket.sk);
+ break;
+
default:
ret = -EINVAL;
break;
diff --git a/include/linux/if_tun.h b/include/linux/if_tun.h
index 404abe0..1350a24 100644
--- a/include/linux/if_tun.h
+++ b/include/linux/if_tun.h
@@ -18,6 +18,7 @@
#include <linux/types.h>
#include <linux/if_ether.h>
+#include <linux/filter.h>
/* Read queue size */
#define TUN_READQ_SIZE 500
@@ -48,6 +49,8 @@
#define TUNGETIFF _IOR('T', 210, unsigned int)
#define TUNGETSNDBUF _IOR('T', 211, int)
#define TUNSETSNDBUF _IOW('T', 212, int)
+#define TUNATTACHFILTER _IOW('T', 213, struct sock_fprog)
+#define TUNDETACHFILTER _IOW('T', 214, struct sock_fprog)
/* TUNSETIFF ifr flags */
#define IFF_TUN 0x0001
--
1.6.6.144.g5c3af
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] tun: socket filter support
2010-02-14 11:01 ` [PATCH 2/2] tun: socket filter support Michael S. Tsirkin
@ 2010-02-15 15:24 ` Patrick McHardy
2010-02-15 15:45 ` Arnd Bergmann
0 siblings, 1 reply; 5+ messages in thread
From: Patrick McHardy @ 2010-02-15 15:24 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: David S. Miller, Herbert Xu, Paul Moore, David Woodhouse,
Sridhar Samudrala, netdev, linux-kernel
Michael S. Tsirkin wrote:
> + case TUNATTACHFILTER:
> + /* Can be set only for TAPs */
> + ret = -EINVAL;
> + if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
> + break;
> + ret = -EFAULT;
> + if (copy_from_user(&fprog, argp, sizeof(fprog)))
> + break;
> +
> + ret = sk_attach_filter(&fprog, tun->socket.sk);
> + break;
> +
> + case TUNDETACHFILTER:
> + /* Can be set only for TAPs */
> + ret = -EINVAL;
> + if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
> + break;
> + ret = sk_detach_filter(tun->socket.sk);
> + break;
> +
I'm not sure how the tun socket is exposed, but won't the regular
SO_ATTACH_FILTER/SO_DETACH_FILTER setsockopts already work for
tun sockets?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] tun: socket filter support
2010-02-15 15:24 ` Patrick McHardy
@ 2010-02-15 15:45 ` Arnd Bergmann
2010-02-15 15:46 ` Patrick McHardy
0 siblings, 1 reply; 5+ messages in thread
From: Arnd Bergmann @ 2010-02-15 15:45 UTC (permalink / raw)
To: Patrick McHardy
Cc: Michael S. Tsirkin, David S. Miller, Herbert Xu, Paul Moore,
David Woodhouse, Sridhar Samudrala, netdev, linux-kernel
On Monday 15 February 2010, Patrick McHardy wrote:
> I'm not sure how the tun socket is exposed, but won't the regular
> SO_ATTACH_FILTER/SO_DETACH_FILTER setsockopts already work for
> tun sockets?
The tun socket is not exposed at all, it's an implementation detail
of the tun/tap driver, which only has a chardev interface with
ioctl methods.
Arnd
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] tun: socket filter support
2010-02-15 15:45 ` Arnd Bergmann
@ 2010-02-15 15:46 ` Patrick McHardy
0 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2010-02-15 15:46 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Michael S. Tsirkin, David S. Miller, Herbert Xu, Paul Moore,
David Woodhouse, Sridhar Samudrala, netdev, linux-kernel
Arnd Bergmann wrote:
> On Monday 15 February 2010, Patrick McHardy wrote:
>> I'm not sure how the tun socket is exposed, but won't the regular
>> SO_ATTACH_FILTER/SO_DETACH_FILTER setsockopts already work for
>> tun sockets?
>
> The tun socket is not exposed at all, it's an implementation detail
> of the tun/tap driver, which only has a chardev interface with
> ioctl methods.
I see, thanks for the explanation.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-02-15 15:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <cover.1266144917.git.mst@redhat.com>
2010-02-14 11:01 ` [PATCH 1/2] net: export attach/detach filter routines Michael S. Tsirkin
2010-02-14 11:01 ` [PATCH 2/2] tun: socket filter support Michael S. Tsirkin
2010-02-15 15:24 ` Patrick McHardy
2010-02-15 15:45 ` Arnd Bergmann
2010-02-15 15:46 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).