Scroll to navigation

SK_CHK_FILTER(9) Linux Networking SK_CHK_FILTER(9)

NAME

sk_chk_filter - verify socket filter code

SYNOPSIS

int sk_chk_filter(struct sock_filter * filter, unsigned int flen);

ARGUMENTS

filter
filter to verify
flen
length of filter

DESCRIPTION

Check the user's filter code. If we let some ugly filter code slip through kaboom! The filter must contain no references or jumps that are out of range, no illegal instructions, and must end with a RET instruction.
All jumps are forward as they are not signed.
Returns 0 if the rule set is legal or -EINVAL if not.

COPYRIGHT

May 2018 Kernel Hackers Manual 3.16