• A
    net: filter: split 'struct sk_filter' into socket and bpf parts · 7ae457c1
    Alexei Starovoitov 提交于
    clean up names related to socket filtering and bpf in the following way:
    - everything that deals with sockets keeps 'sk_*' prefix
    - everything that is pure BPF is changed to 'bpf_*' prefix
    
    split 'struct sk_filter' into
    struct sk_filter {
    	atomic_t        refcnt;
    	struct rcu_head rcu;
    	struct bpf_prog *prog;
    };
    and
    struct bpf_prog {
            u32                     jited:1,
                                    len:31;
            struct sock_fprog_kern  *orig_prog;
            unsigned int            (*bpf_func)(const struct sk_buff *skb,
                                                const struct bpf_insn *filter);
            union {
                    struct sock_filter      insns[0];
                    struct bpf_insn         insnsi[0];
                    struct work_struct      work;
            };
    };
    so that 'struct bpf_prog' can be used independent of sockets and cleans up
    'unattached' bpf use cases
    
    split SK_RUN_FILTER macro into:
        SK_RUN_FILTER to be used with 'struct sk_filter *' and
        BPF_PROG_RUN to be used with 'struct bpf_prog *'
    
    __sk_filter_release(struct sk_filter *) gains
    __bpf_prog_release(struct bpf_prog *) helper function
    
    also perform related renames for the functions that work
    with 'struct bpf_prog *', since they're on the same lines:
    
    sk_filter_size -> bpf_prog_size
    sk_filter_select_runtime -> bpf_prog_select_runtime
    sk_filter_free -> bpf_prog_free
    sk_unattached_filter_create -> bpf_prog_create
    sk_unattached_filter_destroy -> bpf_prog_destroy
    sk_store_orig_filter -> bpf_prog_store_orig_filter
    sk_release_orig_filter -> bpf_release_orig_filter
    __sk_migrate_filter -> bpf_migrate_filter
    __sk_prepare_filter -> bpf_prepare_filter
    
    API for attaching classic BPF to a socket stays the same:
    sk_attach_filter(prog, struct sock *)/sk_detach_filter(struct sock *)
    and SK_RUN_FILTER(struct sk_filter *, ctx) to execute a program
    which is used by sockets, tun, af_packet
    
    API for 'unattached' BPF programs becomes:
    bpf_prog_create(struct bpf_prog **)/bpf_prog_destroy(struct bpf_prog *)
    and BPF_PROG_RUN(struct bpf_prog *, ctx) to execute a program
    which is used by isdn, ppp, team, seccomp, ptp, xt_bpf, cls_bpf, test_bpf
    Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    7ae457c1
seccomp.c 13.8 KB