Dmitry V. Levin
899220d28d
Linux socket filter uses almost the same classic BPF as seccomp filter, The only difference noticeable from strace PoV is the meaning of generic multiuse field. Transform the parser of seccomp filters to a more generic parser of classic BPF, parametrized with a method of parsing the generic multiuse field in BPF_STMT. * bpf_filter.c: New file. * bpf_filter.h: Likewise. * bpf_fprog.h: Likewise. * bpf_seccomp_filter.c: Likewise. * fetch_bpf_fprog.c: Likewise. * fetch_seccomp_fprog.c: Remove. * seccomp_fprog.h: Likewise. * Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h, bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c. Remove fetch_seccomp_fprog.c and seccomp_fprog.h. * seccomp.c: Do not include linux/filter.h and xlat header files. Do not define SECCOMP_RET_ACTION. (bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump, print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove. * defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog. (SYS_FUNC(seccomp)): Replace print_seccomp_filter with decode_seccomp_fprog. * prctl.c (SYS_FUNC(prctl)): Likewise.
10 lines
156 B
C
10 lines
156 B
C
#ifndef STRACE_BPF_FPROG_H
|
|
#define STRACE_BPF_FPROG_H
|
|
|
|
struct bpf_fprog {
|
|
unsigned short len;
|
|
kernel_ulong_t filter;
|
|
};
|
|
|
|
#endif /* !STRACE_BPF_FPROG_H */
|