tun: socket filter support

This patch adds Linux Socket Filter support to
tun driver.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 5adb3d150552e0c6f792755edff973fd69306cd1..ce1efa4c0b0dff284d94e05427f3743853aa1ac7 100644 (file)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -61,6 +61,7 @@
 #include <linux/crc32.h>
 #include <linux/nsproxy.h>
 #include <linux/virtio_net.h>
+#include <linux/rcupdate.h>
 #include <net/net_namespace.h>
 #include <net/netns/generic.h>
 #include <net/rtnetlink.h>
@@ -366,6 +367,10 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev)
        if (!check_filter(&tun->txflt, skb))
                goto drop;
 
+       if (tun->socket.sk->sk_filter &&
+           sk_filter(tun->socket.sk, skb))
+               goto drop;
+
        if (skb_queue_len(&tun->socket.sk->sk_receive_queue) >= dev->tx_queue_len) {
                if (!(tun->flags & TUN_ONE_QUEUE)) {
                        /* Normal queueing mode. */
@@ -1162,6 +1167,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
        struct tun_file *tfile = file->private_data;
        struct tun_struct *tun;
        void __user* argp = (void __user*)arg;
+       struct sock_fprog fprog;
        struct ifreq ifr;
        int sndbuf;
        int ret;
@@ -1309,6 +1315,26 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
                tun->socket.sk->sk_sndbuf = sndbuf;
                break;
 
+       case TUNATTACHFILTER:
+               /* Can be set only for TAPs */
+               ret = -EINVAL;
+               if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
+                       break;
+               ret = -EFAULT;
+               if (copy_from_user(&fprog, argp, sizeof(fprog)))
+                       break;
+
+               ret = sk_attach_filter(&fprog, tun->socket.sk);
+               break;
+
+       case TUNDETACHFILTER:
+               /* Can be set only for TAPs */
+               ret = -EINVAL;
+               if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV)
+                       break;
+               ret = sk_detach_filter(tun->socket.sk);
+               break;
+
        default:
                ret = -EINVAL;
                break;

diff --git a/include/linux/if_tun.h b/include/linux/if_tun.h
index 404abe00162c23026de3448ddcd3cd343962a5de..1350a246893a179675fe7cc529e1ebb52f20dcf0 100644 (file)
--- a/include/linux/if_tun.h
+++ b/include/linux/if_tun.h
@@ -18,6 +18,7 @@
 
 #include <linux/types.h>
 #include <linux/if_ether.h>
+#include <linux/filter.h>
 
 /* Read queue size */
 #define TUN_READQ_SIZE 500
@@ -48,6 +49,8 @@
 #define TUNGETIFF      _IOR('T', 210, unsigned int)
 #define TUNGETSNDBUF   _IOR('T', 211, int)
 #define TUNSETSNDBUF   _IOW('T', 212, int)
+#define TUNATTACHFILTER _IOW('T', 213, struct sock_fprog)
+#define TUNDETACHFILTER _IOW('T', 214, struct sock_fprog)
 
 /* TUNSETIFF ifr flags */
 #define IFF_TUN                0x0001