diff options
author | Michael S. Tsirkin <mst@redhat.com> | 2010-02-14 02:01:10 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-02-18 01:35:17 +0100 |
commit | 99405162598176e830d17ae6d4f3d9e070ad900c (patch) | |
tree | 41a23acd64d3f18de729c2abadc98f7c4687aa45 /drivers | |
parent | net: export attach/detach filter routines (diff) | |
download | linux-99405162598176e830d17ae6d4f3d9e070ad900c.tar.xz linux-99405162598176e830d17ae6d4f3d9e070ad900c.zip |
tun: socket filter support
This patch adds Linux Socket Filter support to
tun driver.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/net/tun.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 5adb3d150552..ce1efa4c0b0d 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -61,6 +61,7 @@ #include <linux/crc32.h> #include <linux/nsproxy.h> #include <linux/virtio_net.h> +#include <linux/rcupdate.h> #include <net/net_namespace.h> #include <net/netns/generic.h> #include <net/rtnetlink.h> @@ -366,6 +367,10 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev) if (!check_filter(&tun->txflt, skb)) goto drop; + if (tun->socket.sk->sk_filter && + sk_filter(tun->socket.sk, skb)) + goto drop; + if (skb_queue_len(&tun->socket.sk->sk_receive_queue) >= dev->tx_queue_len) { if (!(tun->flags & TUN_ONE_QUEUE)) { /* Normal queueing mode. */ @@ -1162,6 +1167,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, struct tun_file *tfile = file->private_data; struct tun_struct *tun; void __user* argp = (void __user*)arg; + struct sock_fprog fprog; struct ifreq ifr; int sndbuf; int ret; @@ -1309,6 +1315,26 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, tun->socket.sk->sk_sndbuf = sndbuf; break; + case TUNATTACHFILTER: + /* Can be set only for TAPs */ + ret = -EINVAL; + if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV) + break; + ret = -EFAULT; + if (copy_from_user(&fprog, argp, sizeof(fprog))) + break; + + ret = sk_attach_filter(&fprog, tun->socket.sk); + break; + + case TUNDETACHFILTER: + /* Can be set only for TAPs */ + ret = -EINVAL; + if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV) + break; + ret = sk_detach_filter(tun->socket.sk); + break; + default: ret = -EINVAL; break; |