patch-2.1.80 linux/net/core/sock.c

Next file: linux/net/ipv4/Config.in
Previous file: linux/net/core/skbuff.c
Back to the patch index
Back to the overall index

diff -u --recursive --new-file v2.1.79/linux/net/core/sock.c linux/net/core/sock.c
@@ -76,6 +76,7 @@
  *              Steve Whitehouse:       Added various other default routines
  *                                      common to several socket families.
  *              Chris Evans     :       Call suser() check last on F_SETOWN
+ *		Jay Schulist	:	Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
  *		Andi Kleen	:	Add sock_kmalloc()/sock_kfree_s()
  *
  * To Fix:
@@ -123,6 +124,10 @@
 #include <net/icmp.h>
 #include <linux/ipsec.h>
 
+#ifdef CONFIG_FILTER
+#include <linux/filter.h>
+#endif
+
 #define min(a,b)	((a)<(b)?(a):(b))
 
 /* Run time adjustable parameters. */
@@ -148,6 +153,10 @@
 	struct linger ling;
 	struct ifreq req;
 	int ret = 0;
+
+#ifdef CONFIG_FILTER
+	struct sock_fprog fprog;
+#endif
 	
 	/*
 	 *	Options without arguments
@@ -279,48 +288,6 @@
 			break;
 			
 			
-#ifdef CONFIG_NET_SECURITY			
-		/*
-		 *	FIXME: make these error things that are not
-		 *	available!
-		 */
-		 
-		case SO_SECURITY_AUTHENTICATION:
-			if(val<=IPSEC_LEVEL_DEFAULT)
-			{
-				sk->authentication=val;
-				return 0;
-			}
-			if(net_families[sock->ops->family]->authentication)
-				sk->authentication=val;
-			else
-				return -EINVAL;
-			break;
-			
-		case SO_SECURITY_ENCRYPTION_TRANSPORT:
-			if(val<=IPSEC_LEVEL_DEFAULT)
-			{
-				sk->encryption=val;
-				return 0;
-			}
-			if(net_families[sock->ops->family]->encryption)
-				sk->encryption = val;
-			else
-				return -EINVAL;
-			break;
-			
-		case SO_SECURITY_ENCRYPTION_NETWORK:
-			if(val<=IPSEC_LEVEL_DEFAULT)
-			{
-				sk->encrypt_net=val;
-				return 0;
-			}
-			if(net_families[sock->ops->family]->encrypt_net)
-				sk->encrypt_net = val;
-			else
-				return -EINVAL;
-			break;
-#endif
 		case SO_BINDTODEVICE:
 			/* Bind this socket to a particular device like "eth0",
 			 * as specified in an ifreq structure. If the device
@@ -361,6 +328,33 @@
 			return 0;
 
 
+#ifdef CONFIG_FILTER
+		case SO_ATTACH_FILTER:
+			if(optlen < sizeof(struct sock_fprog))
+				return -EINVAL;
+
+			if(copy_from_user(&fprog, optval, sizeof(fprog)))
+			{
+				ret = -EFAULT;
+				break;
+			}
+
+			ret = sk_attach_filter(&fprog, sk);
+			break;
+
+		case SO_DETACH_FILTER:
+                        if(sk->filter)
+			{
+				fprog.filter = sk->filter_data;
+				kfree_s(fprog.filter, (sizeof(fprog.filter) * sk->filter));
+				sk->filter_data = NULL;
+				sk->filter = 0;
+				return 0;
+			}
+			else
+				return -EINVAL;
+			break;
+#endif
 		/* We implement the SO_SNDLOWAT etc to
 		   not be settable (1003.1g 5.3) */
 		default:
@@ -471,20 +465,6 @@
 				return -EFAULT;
 			goto lenout;
 			
-#ifdef CONFIG_NET_SECURITY			
-			
-		case SO_SECURITY_AUTHENTICATION:
-			v.val = sk->authentication;
-			break;
-			
-		case SO_SECURITY_ENCRYPTION_TRANSPORT:
-			v.val = sk->encryption;
-			break;
-			
-		case SO_SECURITY_ENCRYPTION_NETWORK:
-			v.val = sk->encrypt_net;
-			break;
-#endif
 		default:
 			return(-ENOPROTOOPT);
 	}

FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen, slshen@lbl.gov