From: Chris Wright <chris@wirex.com>
To: James Morris <jmorris@intercode.com.au>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] remove __sk_filter
Date: Sun, 13 Apr 2003 22:54:58 -0700 [thread overview]
Message-ID: <20030413225458.A20174@figure1.int.wirex.com> (raw)
Now that CONFIG_FILTER was nuked, the __sk_filter helper can be collapsed
back into sk_filter. This eliminates bypassing the security hook by
using the wrong part of the api.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
===== include/net/sock.h 1.34 vs edited =====
--- 1.34/include/net/sock.h Sun Mar 30 01:45:41 2003
+++ edited/include/net/sock.h Sun Apr 13 22:45:21 2003
@@ -453,7 +453,7 @@
extern void sock_init_data(struct socket *sock, struct sock *sk);
/**
- * __sk_filter - run a packet through a socket filter
+ * sk_filter - run a packet through a socket filter
* @sk: sock associated with &sk_buff
* @skb: buffer to filter
* @needlock: set to 1 if the sock is not locked by caller.
@@ -464,14 +464,16 @@
* wrapper to sk_run_filter. It returns 0 if the packet should
* be accepted or -EPERM if the packet should be tossed.
*
- * This function should not be called directly, use sk_filter instead
- * to ensure that the LSM security check is also performed.
*/
-static inline int __sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
+static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
{
- int err = 0;
-
+ int err;
+
+ err = security_sock_rcv_skb(sk, skb);
+ if (err)
+ return err;
+
if (sk->filter) {
struct sk_filter *filter;
@@ -516,17 +518,6 @@
{
atomic_inc(&fp->refcnt);
atomic_add(sk_filter_len(fp), &sk->omem_alloc);
-}
-
-static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
-{
- int err;
-
- err = security_sock_rcv_skb(sk, skb);
- if (err)
- return err;
-
- return __sk_filter(sk, skb, needlock);
}
/*
next reply other threads:[~2003-04-14 5:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-14 5:54 Chris Wright [this message]
2003-04-14 14:48 ` [PATCH] remove __sk_filter James Morris
2003-04-14 14:44 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030413225458.A20174@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=jmorris@intercode.com.au \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).