Commit e99122d2 authored by David S. Miller's avatar David S. Miller Committed by Linus Torvalds

[NET]: Nuke CONFIG_FILTER.

parent a0b78018
...@@ -2262,7 +2262,7 @@ config PPP_MULTILINK ...@@ -2262,7 +2262,7 @@ config PPP_MULTILINK
config PPP_FILTER config PPP_FILTER
bool "PPP filtering" bool "PPP filtering"
depends on PPP && FILTER depends on PPP
help help
Say Y here if you want to be able to filter the packets passing over Say Y here if you want to be able to filter the packets passing over
PPP interfaces. This allows you to control which packets count as PPP interfaces. This allows you to control which packets count as
......
...@@ -48,9 +48,7 @@ ...@@ -48,9 +48,7 @@
#include <linux/skbuff.h> /* struct sk_buff */ #include <linux/skbuff.h> /* struct sk_buff */
#include <linux/security.h> #include <linux/security.h>
#ifdef CONFIG_FILTER
#include <linux/filter.h> #include <linux/filter.h>
#endif
#include <asm/atomic.h> #include <asm/atomic.h>
#include <net/dst.h> #include <net/dst.h>
...@@ -174,10 +172,8 @@ struct sock { ...@@ -174,10 +172,8 @@ struct sock {
long rcvtimeo; long rcvtimeo;
long sndtimeo; long sndtimeo;
#ifdef CONFIG_FILTER
/* Socket Filtering Instructions */ /* Socket Filtering Instructions */
struct sk_filter *filter; struct sk_filter *filter;
#endif /* CONFIG_FILTER */
/* This is where all the private (optional) areas that don't /* This is where all the private (optional) areas that don't
* overlap will eventually live. * overlap will eventually live.
...@@ -456,8 +452,6 @@ extern void sock_def_destruct(struct sock *); ...@@ -456,8 +452,6 @@ extern void sock_def_destruct(struct sock *);
/* Initialise core socket variables */ /* Initialise core socket variables */
extern void sock_init_data(struct socket *sock, struct sock *sk); extern void sock_init_data(struct socket *sock, struct sock *sk);
#ifdef CONFIG_FILTER
/** /**
* __sk_filter - run a packet through a socket filter * __sk_filter - run a packet through a socket filter
* @sk: sock associated with &sk_buff * @sk: sock associated with &sk_buff
...@@ -524,15 +518,6 @@ static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp) ...@@ -524,15 +518,6 @@ static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp)
atomic_add(sk_filter_len(fp), &sk->omem_alloc); atomic_add(sk_filter_len(fp), &sk->omem_alloc);
} }
#else
static inline int __sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
{
return 0;
}
#endif /* CONFIG_FILTER */
static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock) static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
{ {
int err; int err;
......
...@@ -118,22 +118,6 @@ config NETFILTER_DEBUG ...@@ -118,22 +118,6 @@ config NETFILTER_DEBUG
You can say Y here if you want to get additional messages useful in You can say Y here if you want to get additional messages useful in
debugging the netfilter code. debugging the netfilter code.
config FILTER
bool "Socket Filtering"
---help---
The Linux Socket Filter is derived from the Berkeley Packet Filter.
If you say Y here, user-space programs can attach a filter to any
socket and thereby tell the kernel that it should allow or disallow
certain types of data to get through the socket. Linux Socket
Filtering works on all socket types except TCP for now. See the
text file <file:Documentation/networking/filter.txt> for more
information.
You need to say Y here if you want to use PPP packet filtering
(see the CONFIG_PPP_FILTER option below).
If unsure, say N.
config UNIX config UNIX
tristate "Unix domain sockets" tristate "Unix domain sockets"
---help--- ---help---
......
...@@ -10,9 +10,7 @@ obj-y += sysctl_net_core.o ...@@ -10,9 +10,7 @@ obj-y += sysctl_net_core.o
endif endif
endif endif
obj-$(CONFIG_FILTER) += filter.o obj-$(CONFIG_NET) += dev.o dev_mcast.o dst.o neighbour.o rtnetlink.o utils.o link_watch.o filter.o
obj-$(CONFIG_NET) += dev.o dev_mcast.o dst.o neighbour.o rtnetlink.o utils.o link_watch.o
obj-$(CONFIG_NETFILTER) += netfilter.o obj-$(CONFIG_NETFILTER) += netfilter.o
obj-$(CONFIG_NET_DIVERT) += dv.o obj-$(CONFIG_NET_DIVERT) += dv.o
......
...@@ -15,9 +15,6 @@ ...@@ -15,9 +15,6 @@
* Andi Kleen - Fix a few bad bugs and races. * Andi Kleen - Fix a few bad bugs and races.
*/ */
#include <linux/config.h>
#if defined(CONFIG_FILTER)
#include <linux/module.h> #include <linux/module.h>
#include <linux/types.h> #include <linux/types.h>
#include <linux/sched.h> #include <linux/sched.h>
...@@ -495,4 +492,3 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) ...@@ -495,4 +492,3 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)
return (err); return (err);
} }
#endif /* CONFIG_FILTER */
...@@ -119,9 +119,7 @@ ...@@ -119,9 +119,7 @@
#include <net/sock.h> #include <net/sock.h>
#include <linux/ipsec.h> #include <linux/ipsec.h>
#ifdef CONFIG_FILTER
#include <linux/filter.h> #include <linux/filter.h>
#endif
#ifdef CONFIG_INET #ifdef CONFIG_INET
#include <net/tcp.h> #include <net/tcp.h>
...@@ -168,9 +166,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, ...@@ -168,9 +166,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
char *optval, int optlen) char *optval, int optlen)
{ {
struct sock *sk=sock->sk; struct sock *sk=sock->sk;
#ifdef CONFIG_FILTER
struct sk_filter *filter; struct sk_filter *filter;
#endif
int val; int val;
int valbool; int valbool;
struct linger ling; struct linger ling;
...@@ -381,7 +377,6 @@ int sock_setsockopt(struct socket *sock, int level, int optname, ...@@ -381,7 +377,6 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
#endif #endif
#ifdef CONFIG_FILTER
case SO_ATTACH_FILTER: case SO_ATTACH_FILTER:
ret = -EINVAL; ret = -EINVAL;
if (optlen == sizeof(struct sock_fprog)) { if (optlen == sizeof(struct sock_fprog)) {
...@@ -407,7 +402,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, ...@@ -407,7 +402,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
spin_unlock_bh(&sk->lock.slock); spin_unlock_bh(&sk->lock.slock);
ret = -ENONET; ret = -ENONET;
break; break;
#endif
/* We implement the SO_SNDLOWAT etc to /* We implement the SO_SNDLOWAT etc to
not be settable (1003.1g 5.3) */ not be settable (1003.1g 5.3) */
default: default:
...@@ -614,20 +609,16 @@ struct sock *sk_alloc(int family, int priority, int zero_it, kmem_cache_t *slab) ...@@ -614,20 +609,16 @@ struct sock *sk_alloc(int family, int priority, int zero_it, kmem_cache_t *slab)
void sk_free(struct sock *sk) void sk_free(struct sock *sk)
{ {
#ifdef CONFIG_FILTER
struct sk_filter *filter; struct sk_filter *filter;
#endif
if (sk->destruct) if (sk->destruct)
sk->destruct(sk); sk->destruct(sk);
#ifdef CONFIG_FILTER
filter = sk->filter; filter = sk->filter;
if (filter) { if (filter) {
sk_filter_release(sk, filter); sk_filter_release(sk, filter);
sk->filter = NULL; sk->filter = NULL;
} }
#endif
if (atomic_read(&sk->omem_alloc)) if (atomic_read(&sk->omem_alloc))
printk(KERN_DEBUG "sk_free: optmem leakage (%d bytes) detected.\n", atomic_read(&sk->omem_alloc)); printk(KERN_DEBUG "sk_free: optmem leakage (%d bytes) detected.\n", atomic_read(&sk->omem_alloc));
......
...@@ -645,9 +645,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct open_request *req, ...@@ -645,9 +645,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct open_request *req,
if(newsk != NULL) { if(newsk != NULL) {
struct tcp_opt *newtp; struct tcp_opt *newtp;
#ifdef CONFIG_FILTER
struct sk_filter *filter; struct sk_filter *filter;
#endif
memcpy(newsk, sk, sizeof(struct tcp_sock)); memcpy(newsk, sk, sizeof(struct tcp_sock));
newsk->state = TCP_SYN_RECV; newsk->state = TCP_SYN_RECV;
...@@ -677,10 +675,10 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct open_request *req, ...@@ -677,10 +675,10 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct open_request *req,
newsk->callback_lock = RW_LOCK_UNLOCKED; newsk->callback_lock = RW_LOCK_UNLOCKED;
skb_queue_head_init(&newsk->error_queue); skb_queue_head_init(&newsk->error_queue);
newsk->write_space = tcp_write_space; newsk->write_space = tcp_write_space;
#ifdef CONFIG_FILTER
if ((filter = newsk->filter) != NULL) if ((filter = newsk->filter) != NULL)
sk_filter_charge(newsk, filter); sk_filter_charge(newsk, filter);
#endif
if (unlikely(xfrm_sk_clone_policy(newsk))) { if (unlikely(xfrm_sk_clone_policy(newsk))) {
/* It is still raw copy of parent, so invalidate /* It is still raw copy of parent, so invalidate
* destructor and make plain sk_free() */ * destructor and make plain sk_free() */
......
...@@ -951,7 +951,6 @@ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) ...@@ -951,7 +951,6 @@ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
return -1; return -1;
} }
#if defined(CONFIG_FILTER)
if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) { if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) {
if (__udp_checksum_complete(skb)) { if (__udp_checksum_complete(skb)) {
UDP_INC_STATS_BH(UdpInErrors); UDP_INC_STATS_BH(UdpInErrors);
...@@ -960,7 +959,6 @@ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) ...@@ -960,7 +959,6 @@ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
} }
skb->ip_summed = CHECKSUM_UNNECESSARY; skb->ip_summed = CHECKSUM_UNNECESSARY;
} }
#endif
if (sock_queue_rcv_skb(sk,skb)<0) { if (sock_queue_rcv_skb(sk,skb)<0) {
UDP_INC_STATS_BH(UdpInErrors); UDP_INC_STATS_BH(UdpInErrors);
......
...@@ -273,7 +273,6 @@ void rawv6_err(struct sock *sk, struct sk_buff *skb, ...@@ -273,7 +273,6 @@ void rawv6_err(struct sock *sk, struct sk_buff *skb,
static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb) static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb)
{ {
#if defined(CONFIG_FILTER)
if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) { if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) {
if ((unsigned short)csum_fold(skb_checksum(skb, 0, skb->len, skb->csum))) { if ((unsigned short)csum_fold(skb_checksum(skb, 0, skb->len, skb->csum))) {
/* FIXME: increment a raw6 drops counter here */ /* FIXME: increment a raw6 drops counter here */
...@@ -282,7 +281,7 @@ static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb) ...@@ -282,7 +281,7 @@ static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb)
} }
skb->ip_summed = CHECKSUM_UNNECESSARY; skb->ip_summed = CHECKSUM_UNNECESSARY;
} }
#endif
/* Charge it to the socket. */ /* Charge it to the socket. */
if (sock_queue_rcv_skb(sk,skb)<0) { if (sock_queue_rcv_skb(sk,skb)<0) {
/* FIXME: increment a raw6 drops counter here */ /* FIXME: increment a raw6 drops counter here */
......
...@@ -547,7 +547,6 @@ static inline int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) ...@@ -547,7 +547,6 @@ static inline int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
return -1; return -1;
} }
#if defined(CONFIG_FILTER)
if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) { if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) {
if ((unsigned short)csum_fold(skb_checksum(skb, 0, skb->len, skb->csum))) { if ((unsigned short)csum_fold(skb_checksum(skb, 0, skb->len, skb->csum))) {
UDP6_INC_STATS_BH(UdpInErrors); UDP6_INC_STATS_BH(UdpInErrors);
...@@ -556,7 +555,7 @@ static inline int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) ...@@ -556,7 +555,7 @@ static inline int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
} }
skb->ip_summed = CHECKSUM_UNNECESSARY; skb->ip_summed = CHECKSUM_UNNECESSARY;
} }
#endif
if (sock_queue_rcv_skb(sk,skb)<0) { if (sock_queue_rcv_skb(sk,skb)<0) {
UDP6_INC_STATS_BH(UdpInErrors); UDP6_INC_STATS_BH(UdpInErrors);
kfree_skb(skb); kfree_skb(skb);
......
...@@ -171,10 +171,8 @@ EXPORT_SYMBOL(sock_kfree_s); ...@@ -171,10 +171,8 @@ EXPORT_SYMBOL(sock_kfree_s);
EXPORT_SYMBOL(sock_map_fd); EXPORT_SYMBOL(sock_map_fd);
EXPORT_SYMBOL(sockfd_lookup); EXPORT_SYMBOL(sockfd_lookup);
#ifdef CONFIG_FILTER
EXPORT_SYMBOL(sk_run_filter); EXPORT_SYMBOL(sk_run_filter);
EXPORT_SYMBOL(sk_chk_filter); EXPORT_SYMBOL(sk_chk_filter);
#endif
EXPORT_SYMBOL(neigh_table_init); EXPORT_SYMBOL(neigh_table_init);
EXPORT_SYMBOL(neigh_table_clear); EXPORT_SYMBOL(neigh_table_clear);
......
...@@ -401,9 +401,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe ...@@ -401,9 +401,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
struct packet_opt *po; struct packet_opt *po;
u8 * skb_head = skb->data; u8 * skb_head = skb->data;
int skb_len = skb->len; int skb_len = skb->len;
#ifdef CONFIG_FILTER
unsigned snaplen; unsigned snaplen;
#endif
if (skb->pkt_type == PACKET_LOOPBACK) if (skb->pkt_type == PACKET_LOOPBACK)
goto drop; goto drop;
...@@ -429,7 +427,6 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe ...@@ -429,7 +427,6 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
} }
} }
#ifdef CONFIG_FILTER
snaplen = skb->len; snaplen = skb->len;
if (sk->filter) { if (sk->filter) {
...@@ -446,7 +443,6 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe ...@@ -446,7 +443,6 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
if (snaplen > res) if (snaplen > res)
snaplen = res; snaplen = res;
} }
#endif /* CONFIG_FILTER */
if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf) if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf)
goto drop_n_acct; goto drop_n_acct;
...@@ -475,10 +471,8 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe ...@@ -475,10 +471,8 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
if (dev->hard_header_parse) if (dev->hard_header_parse)
sll->sll_halen = dev->hard_header_parse(skb, sll->sll_addr); sll->sll_halen = dev->hard_header_parse(skb, sll->sll_addr);
#ifdef CONFIG_FILTER
if (pskb_trim(skb, snaplen)) if (pskb_trim(skb, snaplen))
goto drop_n_acct; goto drop_n_acct;
#endif
skb_set_owner_r(skb, sk); skb_set_owner_r(skb, sk);
skb->dev = NULL; skb->dev = NULL;
...@@ -494,9 +488,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe ...@@ -494,9 +488,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
po->stats.tp_drops++; po->stats.tp_drops++;
spin_unlock(&sk->receive_queue.lock); spin_unlock(&sk->receive_queue.lock);
#ifdef CONFIG_FILTER
drop_n_restore: drop_n_restore:
#endif
if (skb_head != skb->data && skb_shared(skb)) { if (skb_head != skb->data && skb_shared(skb)) {
skb->data = skb_head; skb->data = skb_head;
skb->len = skb_len; skb->len = skb_len;
...@@ -539,7 +531,6 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct pack ...@@ -539,7 +531,6 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct pack
snaplen = skb->len; snaplen = skb->len;
#ifdef CONFIG_FILTER
if (sk->filter) { if (sk->filter) {
unsigned res = snaplen; unsigned res = snaplen;
struct sk_filter *filter; struct sk_filter *filter;
...@@ -554,7 +545,6 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct pack ...@@ -554,7 +545,6 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct pack
if (snaplen > res) if (snaplen > res)
snaplen = res; snaplen = res;
} }
#endif
if (sk->type == SOCK_DGRAM) { if (sk->type == SOCK_DGRAM) {
macoff = netoff = TPACKET_ALIGN(TPACKET_HDRLEN) + 16; macoff = netoff = TPACKET_ALIGN(TPACKET_HDRLEN) + 16;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment