diff options
author | Li RongQing <roy.qing.li@gmail.com> | 2014-10-10 13:56:51 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-10-10 15:11:51 -0400 |
commit | 8ea6e345a6123fa831e42cd8747f55892a58abff (patch) | |
tree | 776a24e2cf26319a43ef537e0cbb3112ac690a25 /net/core | |
parent | 1a9525f68e948d53cf99c963bdbf01223a08f4ed (diff) | |
download | linux-8ea6e345a6123fa831e42cd8747f55892a58abff.tar.gz linux-8ea6e345a6123fa831e42cd8747f55892a58abff.tar.bz2 linux-8ea6e345a6123fa831e42cd8747f55892a58abff.zip |
net: filter: fix the comments
1. sk_run_filter has been renamed, sk_filter() is using SK_RUN_FILTER.
2. Remove wrong comments about storing intermediate value.
3. replace sk_run_filter with __bpf_prog_run for check_load_and_stores's
comments
Cc: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
-rw-r--r-- | net/core/filter.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index fcd3f6742a6a..647b12265e18 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -51,9 +51,9 @@ * @skb: buffer to filter * * Run the filter code and then cut skb->data to correct size returned by - * sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller + * SK_RUN_FILTER. If pkt_len is 0 we toss packet. If skb->len is smaller * than pkt_len we keep whole skb->data. This is the socket level - * wrapper to sk_run_filter. It returns 0 if the packet should + * wrapper to SK_RUN_FILTER. It returns 0 if the packet should * be accepted or -EPERM if the packet should be tossed. * */ @@ -566,11 +566,8 @@ err: /* Security: * - * A BPF program is able to use 16 cells of memory to store intermediate - * values (check u32 mem[BPF_MEMWORDS] in sk_run_filter()). - * * As we dont want to clear mem[] array for each packet going through - * sk_run_filter(), we check that filter loaded by user never try to read + * __bpf_prog_run(), we check that filter loaded by user never try to read * a cell if not previously written, and we check all branches to be sure * a malicious user doesn't try to abuse us. */ |