• D
    net: filter: keep original BPF program around · a3ea269b
    Daniel Borkmann 提交于
    In order to open up the possibility to internally transform a BPF program
    into an alternative and possibly non-trivial reversible representation, we
    need to keep the original BPF program around, so that it can be passed back
    to user space w/o the need of a complex decoder.
    
    The reason for that use case resides in commit a8fc9277 ("sk-filter:
    Add ability to get socket filter program (v2)"), that is, the ability
    to retrieve the currently attached BPF filter from a given socket used
    mainly by the checkpoint-restore project, for example.
    
    Therefore, we add two helpers sk_{store,release}_orig_filter for taking
    care of that. In the sk_unattached_filter_create() case, there's no such
    possibility/requirement to retrieve a loaded BPF program. Therefore, we
    can spare us the work in that case.
    
    This approach will simplify and slightly speed up both, sk_get_filter()
    and sock_diag_put_filterinfo() handlers as we won't need to successively
    decode filters anymore through sk_decode_filter(). As we still need
    sk_decode_filter() later on, we're keeping it around.
    
    Joint work with Alexei Starovoitov.
    Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
    Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
    Cc: Pavel Emelyanov <xemul@parallels.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    a3ea269b
sock_diag.c 5.5 KB