patch-2.3.99-pre4 linux/net/core/filter.c

• Lines: 52
• Date: Sun Apr 2 15:38:54 2000
• Orig file: v2.3.99-pre3/linux/net/core/filter.c
• Orig date: Fri Jan 7 19:13:23 2000

diff -u --recursive --new-file v2.3.99-pre3/linux/net/core/filter.c linux/net/core/filter.c
@@ -54,7 +54,12 @@
 	return NULL;
 }
 
-/*
+/**
+ *	sk_run_filter	- 	run a filter on a socket
+ *	@skb: buffer to run the filter on
+ *	@filter: filter to apply
+ *	@flen: length of filter
+ *
  * Decode and apply filter instructions to the skb->data.
  * Return length to keep, 0 for none. skb is the data we are
  * filtering, filter is the array of filter instructions, and
@@ -341,9 +346,17 @@
 	return (0);
 }
 
-/*
+/**
+ *	sk_chk_filter - verify socket filter code
+ *	@filter: filter to verify
+ *	@flen: length of filter
+ *
  * Check the user's filter code. If we let some ugly
- * filter code slip through kaboom!
+ * filter code slip through kaboom! The filter must contain
+ * no references or jumps that are out of range, no illegal instructions
+ * and no backward jumps. It must end with a RET instruction
+ *
+ * Returns 0 if the rule set is legal or a negative errno code if not.
  */
 
 int sk_chk_filter(struct sock_filter *filter, int flen)
@@ -413,9 +426,15 @@
         return (BPF_CLASS(filter[flen - 1].code) == BPF_RET)?0:-EINVAL;
 }
 
-/*
+/**
+ *	sk_attach_filter - attach a socket filter
+ *	@fprog: the filter program
+ *	@sk: the socket to use
+ *
  * Attach the user's filter code. We first run some sanity checks on
- * it to make sure it does not explode on us later.
+ * it to make sure it does not explode on us later. If an error
+ * occurs or there is insufficient memory for the filter a negative
+ * errno code is returned. On success the return is zero.
  */
 
 int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)