提交 77e0114a 编写于 作者: D Daniel Borkmann 提交者: David S. Miller

net: isdn: use sk_unattached_filter api

Similarly as in ppp, we need to migrate the ISDN/PPP code to make use
of the sk_unattached_filter api in order to decouple having direct
filter structure access. By using sk_unattached_filter_{create,destroy},
we can allow for the possibility to jit compile filters for faster
filter verdicts as well.

Joint work with Alexei Starovoitov.
Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
Cc: Karsten Keil <isdn@linux-pingi.de>
Cc: isdn4linux@listserv.isdn4linux.de
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 568f194e
...@@ -378,10 +378,15 @@ isdn_ppp_release(int min, struct file *file) ...@@ -378,10 +378,15 @@ isdn_ppp_release(int min, struct file *file)
is->slcomp = NULL; is->slcomp = NULL;
#endif #endif
#ifdef CONFIG_IPPP_FILTER #ifdef CONFIG_IPPP_FILTER
kfree(is->pass_filter); if (is->pass_filter) {
sk_unattached_filter_destroy(is->pass_filter);
is->pass_filter = NULL; is->pass_filter = NULL;
kfree(is->active_filter); }
if (is->active_filter) {
sk_unattached_filter_destroy(is->active_filter);
is->active_filter = NULL; is->active_filter = NULL;
}
#endif #endif
/* TODO: if this was the previous master: link the stuff to the new master */ /* TODO: if this was the previous master: link the stuff to the new master */
...@@ -629,25 +634,41 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -629,25 +634,41 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
#ifdef CONFIG_IPPP_FILTER #ifdef CONFIG_IPPP_FILTER
case PPPIOCSPASS: case PPPIOCSPASS:
{ {
struct sock_fprog fprog;
struct sock_filter *code; struct sock_filter *code;
int len = get_filter(argp, &code); int err, len = get_filter(argp, &code);
if (len < 0) if (len < 0)
return len; return len;
kfree(is->pass_filter);
is->pass_filter = code; fprog.len = len;
is->pass_len = len; fprog.filter = code;
break;
if (is->pass_filter)
sk_unattached_filter_destroy(is->pass_filter);
err = sk_unattached_filter_create(&is->pass_filter, &fprog);
kfree(code);
return err;
} }
case PPPIOCSACTIVE: case PPPIOCSACTIVE:
{ {
struct sock_fprog fprog;
struct sock_filter *code; struct sock_filter *code;
int len = get_filter(argp, &code); int err, len = get_filter(argp, &code);
if (len < 0) if (len < 0)
return len; return len;
kfree(is->active_filter);
is->active_filter = code; fprog.len = len;
is->active_len = len; fprog.filter = code;
break;
if (is->active_filter)
sk_unattached_filter_destroy(is->active_filter);
err = sk_unattached_filter_create(&is->active_filter, &fprog);
kfree(code);
return err;
} }
#endif /* CONFIG_IPPP_FILTER */ #endif /* CONFIG_IPPP_FILTER */
default: default:
...@@ -1147,14 +1168,14 @@ isdn_ppp_push_higher(isdn_net_dev *net_dev, isdn_net_local *lp, struct sk_buff * ...@@ -1147,14 +1168,14 @@ isdn_ppp_push_higher(isdn_net_dev *net_dev, isdn_net_local *lp, struct sk_buff *
} }
if (is->pass_filter if (is->pass_filter
&& sk_run_filter(skb, is->pass_filter) == 0) { && SK_RUN_FILTER(is->pass_filter, skb) == 0) {
if (is->debug & 0x2) if (is->debug & 0x2)
printk(KERN_DEBUG "IPPP: inbound frame filtered.\n"); printk(KERN_DEBUG "IPPP: inbound frame filtered.\n");
kfree_skb(skb); kfree_skb(skb);
return; return;
} }
if (!(is->active_filter if (!(is->active_filter
&& sk_run_filter(skb, is->active_filter) == 0)) { && SK_RUN_FILTER(is->active_filter, skb) == 0)) {
if (is->debug & 0x2) if (is->debug & 0x2)
printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n"); printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n");
lp->huptimer = 0; lp->huptimer = 0;
...@@ -1293,14 +1314,14 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev) ...@@ -1293,14 +1314,14 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev)
} }
if (ipt->pass_filter if (ipt->pass_filter
&& sk_run_filter(skb, ipt->pass_filter) == 0) { && SK_RUN_FILTER(ipt->pass_filter, skb) == 0) {
if (ipt->debug & 0x4) if (ipt->debug & 0x4)
printk(KERN_DEBUG "IPPP: outbound frame filtered.\n"); printk(KERN_DEBUG "IPPP: outbound frame filtered.\n");
kfree_skb(skb); kfree_skb(skb);
goto unlock; goto unlock;
} }
if (!(ipt->active_filter if (!(ipt->active_filter
&& sk_run_filter(skb, ipt->active_filter) == 0)) { && SK_RUN_FILTER(ipt->active_filter, skb) == 0)) {
if (ipt->debug & 0x4) if (ipt->debug & 0x4)
printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n"); printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n");
lp->huptimer = 0; lp->huptimer = 0;
...@@ -1490,9 +1511,9 @@ int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp) ...@@ -1490,9 +1511,9 @@ int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp)
} }
drop |= is->pass_filter drop |= is->pass_filter
&& sk_run_filter(skb, is->pass_filter) == 0; && SK_RUN_FILTER(is->pass_filter, skb) == 0;
drop |= is->active_filter drop |= is->active_filter
&& sk_run_filter(skb, is->active_filter) == 0; && SK_RUN_FILTER(is->active_filter, skb) == 0;
skb_push(skb, IPPP_MAX_HEADER - 4); skb_push(skb, IPPP_MAX_HEADER - 4);
return drop; return drop;
......
...@@ -180,9 +180,8 @@ struct ippp_struct { ...@@ -180,9 +180,8 @@ struct ippp_struct {
struct slcompress *slcomp; struct slcompress *slcomp;
#endif #endif
#ifdef CONFIG_IPPP_FILTER #ifdef CONFIG_IPPP_FILTER
struct sock_filter *pass_filter; /* filter for packets to pass */ struct sk_filter *pass_filter; /* filter for packets to pass */
struct sock_filter *active_filter; /* filter for pkts to reset idle */ struct sk_filter *active_filter; /* filter for pkts to reset idle */
unsigned pass_len, active_len;
#endif #endif
unsigned long debug; unsigned long debug;
struct isdn_ppp_compressor *compressor,*decompressor; struct isdn_ppp_compressor *compressor,*decompressor;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册