[PATCH 1/2] net: export attach/detach filter routines

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/2] net: export attach/detach filter routines
       [not found] <cover.1266144917.git.mst@redhat.com>
@ 2010-02-14 11:01 ` Michael S. Tsirkin
  2010-02-14 11:01 ` [PATCH 2/2] tun: socket filter support Michael S. Tsirkin
  1 sibling, 0 replies; 5+ messages in thread
From: Michael S. Tsirkin @ 2010-02-14 11:01 UTC (permalink / raw)
  Cc: David S. Miller, Herbert Xu, Michael S. Tsirkin, Paul Moore,
	David Woodhouse, Sridhar Samudrala, netdev, linux-kernel

Export sk_attach_filter/sk_detach_filter routines,
so that tun module can use them.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 net/core/filter.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/net/core/filter.c b/net/core/filter.c
index 4e0712a..08e40f3 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -530,6 +530,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)
 		sk_filter_delayed_uncharge(sk, old_fp);
 	return 0;
 }
+EXPORT_SYMBOL_GPL(sk_attach_filter);
 
 int sk_detach_filter(struct sock *sk)
 {
@@ -546,3 +547,4 @@ int sk_detach_filter(struct sock *sk)
 	rcu_read_unlock_bh();
 	return ret;
 }
+EXPORT_SYMBOL_GPL(sk_detach_filter);
-- 
1.6.6.144.g5c3af


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH 2/2] tun: socket filter support
       [not found] <cover.1266144917.git.mst@redhat.com>
  2010-02-14 11:01 ` [PATCH 1/2] net: export attach/detach filter routines Michael S. Tsirkin
@ 2010-02-14 11:01 ` Michael S. Tsirkin
  2010-02-15 15:24   ` Patrick McHardy
  1 sibling, 1 reply; 5+ messages in thread
From: Michael S. Tsirkin @ 2010-02-14 11:01 UTC (permalink / raw)
  Cc: David S. Miller, Herbert Xu, Michael S. Tsirkin, Paul Moore,
	David Woodhouse, Sridhar Samudrala, netdev, linux-kernel

This patch adds Linux Socket Filter support to
tun driver.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 drivers/net/tun.c      |   26 ++++++++++++++++++++++++++
 include/linux/if_tun.h |    3 +++
 2 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 5adb3d1..ce1efa4 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -61,6 +61,7 @@
 #include <linux/crc32.h>
 #include <linux/nsproxy.h>
 #include <linux/virtio_net.h>
+#include <linux/rcupdate.h>
 #include <net/net_namespace.h>
 #include <net/netns/generic.h>
 #include <net/rtnetlink.h>
@@ -366,6 +367,10 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev)
 	if (!check_filter(&tun->txflt, skb))
 		goto drop;
 
+	if (tun->socket.sk->sk_filter &&
+	    sk_filter(tun->socket.sk, skb))
+		goto drop;
+
 	if (skb_queue_len(&tun->socket.sk->sk_receive_queue) >= dev->tx_queue_len) {
 		if (!(tun->flags & TUN_ONE_QUEUE)) {
 			/* Normal queueing mode. */
@@ -1162,6 +1167,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 	struct tun_file *tfile = file->private_data;
 	struct tun_struct *tun;
 	void __user* argp = (void __user*)arg;
+	struct sock_fprog fprog;
 	struct ifreq ifr;
 	int sndbuf;
 	int ret;
@@ -1309,6 +1315,26 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 		tun->socket.sk->sk_sndbuf = sndbuf;
 		break;
 
+	case TUNATTACHFILTER:
+		/* Can be set only for TAPs */
+		ret = -EINVAL;
+		if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
+			break;
+		ret = -EFAULT;
+		if (copy_from_user(&fprog, argp, sizeof(fprog)))
+			break;
+
+		ret = sk_attach_filter(&fprog, tun->socket.sk);
+		break;
+
+	case TUNDETACHFILTER:
+		/* Can be set only for TAPs */
+		ret = -EINVAL;
+		if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
+			break;
+		ret = sk_detach_filter(tun->socket.sk);
+		break;
+
 	default:
 		ret = -EINVAL;
 		break;
diff --git a/include/linux/if_tun.h b/include/linux/if_tun.h
index 404abe0..1350a24 100644
--- a/include/linux/if_tun.h
+++ b/include/linux/if_tun.h
@@ -18,6 +18,7 @@
 
 #include <linux/types.h>
 #include <linux/if_ether.h>
+#include <linux/filter.h>
 
 /* Read queue size */
 #define TUN_READQ_SIZE	500
@@ -48,6 +49,8 @@
 #define TUNGETIFF      _IOR('T', 210, unsigned int)
 #define TUNGETSNDBUF   _IOR('T', 211, int)
 #define TUNSETSNDBUF   _IOW('T', 212, int)
+#define TUNATTACHFILTER _IOW('T', 213, struct sock_fprog)
+#define TUNDETACHFILTER _IOW('T', 214, struct sock_fprog)
 
 /* TUNSETIFF ifr flags */
 #define IFF_TUN		0x0001
-- 
1.6.6.144.g5c3af

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2] tun: socket filter support
  2010-02-14 11:01 ` [PATCH 2/2] tun: socket filter support Michael S. Tsirkin
@ 2010-02-15 15:24   ` Patrick McHardy
  2010-02-15 15:45     ` Arnd Bergmann
  0 siblings, 1 reply; 5+ messages in thread
From: Patrick McHardy @ 2010-02-15 15:24 UTC (permalink / raw)
  To: Michael S. Tsirkin
  Cc: David S. Miller, Herbert Xu, Paul Moore, David Woodhouse,
	Sridhar Samudrala, netdev, linux-kernel

Michael S. Tsirkin wrote:
> +	case TUNATTACHFILTER:
> +		/* Can be set only for TAPs */
> +		ret = -EINVAL;
> +		if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
> +			break;
> +		ret = -EFAULT;
> +		if (copy_from_user(&fprog, argp, sizeof(fprog)))
> +			break;
> +
> +		ret = sk_attach_filter(&fprog, tun->socket.sk);
> +		break;
> +
> +	case TUNDETACHFILTER:
> +		/* Can be set only for TAPs */
> +		ret = -EINVAL;
> +		if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
> +			break;
> +		ret = sk_detach_filter(tun->socket.sk);
> +		break;
> +

I'm not sure how the tun socket is exposed, but won't the regular
SO_ATTACH_FILTER/SO_DETACH_FILTER setsockopts already work for
tun sockets?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2] tun: socket filter support
  2010-02-15 15:24   ` Patrick McHardy
@ 2010-02-15 15:45     ` Arnd Bergmann
  2010-02-15 15:46       ` Patrick McHardy
  0 siblings, 1 reply; 5+ messages in thread
From: Arnd Bergmann @ 2010-02-15 15:45 UTC (permalink / raw)
  To: Patrick McHardy
  Cc: Michael S. Tsirkin, David S. Miller, Herbert Xu, Paul Moore,
	David Woodhouse, Sridhar Samudrala, netdev, linux-kernel

On Monday 15 February 2010, Patrick McHardy wrote:
> I'm not sure how the tun socket is exposed, but won't the regular
> SO_ATTACH_FILTER/SO_DETACH_FILTER setsockopts already work for
> tun sockets?

The tun socket is not exposed at all, it's an implementation detail
of the tun/tap driver, which only has a chardev interface with
ioctl methods.

	Arnd

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2] tun: socket filter support
  2010-02-15 15:45     ` Arnd Bergmann
@ 2010-02-15 15:46       ` Patrick McHardy
  0 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2010-02-15 15:46 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Michael S. Tsirkin, David S. Miller, Herbert Xu, Paul Moore,
	David Woodhouse, Sridhar Samudrala, netdev, linux-kernel

Arnd Bergmann wrote:
> On Monday 15 February 2010, Patrick McHardy wrote:
>> I'm not sure how the tun socket is exposed, but won't the regular
>> SO_ATTACH_FILTER/SO_DETACH_FILTER setsockopts already work for
>> tun sockets?
> 
> The tun socket is not exposed at all, it's an implementation detail
> of the tun/tap driver, which only has a chardev interface with
> ioctl methods.

I see, thanks for the explanation.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-02-15 15:46 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <cover.1266144917.git.mst@redhat.com>
2010-02-14 11:01 ` [PATCH 1/2] net: export attach/detach filter routines Michael S. Tsirkin
2010-02-14 11:01 ` [PATCH 2/2] tun: socket filter support Michael S. Tsirkin
2010-02-15 15:24   ` Patrick McHardy
2010-02-15 15:45     ` Arnd Bergmann
2010-02-15 15:46       ` Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).