/* * Seccomp BPF example using a macro-based generator. * * Copyright (c) 2012 The Chromium OS Authors * Author: Will Drewry * * The code may be used by anyone for any purpose, * and can serve as a starting point for developing * applications using prctl(PR_ATTACH_SECCOMP_FILTER). */ #include #include #include #include #include #include #include #include "bpf-helper.h" #ifndef PR_SET_NO_NEW_PRIVS #define PR_SET_NO_NEW_PRIVS 38 #endif int main(int argc, char **argv) { struct bpf_labels l = { .count = 0, }; static const char msg1[] = "Please type something: "; static const char msg2[] = "You typed: "; char buf[256]; struct sock_filter filter[] = { /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */ LOAD_SYSCALL_NR, SYSCALL(__NR_exit, ALLOW), SYSCALL(__NR_exit_group, ALLOW), SYSCALL(__NR_write, JUMP(&l, write_fd)), SYSCALL(__NR_read, JUMP(&l, read)), DENY, /* Don't passthrough into a label */ LABEL(&l, read), ARG(0), JNE(STDIN_FILENO, DENY), ARG(1), JNE((unsigned long)buf, DENY), ARG(2), JGE(sizeof(buf), DENY), ALLOW, LABEL(&l, write_fd), ARG(0), JEQ(STDOUT_FILENO, JUMP(&l, write_buf)), JEQ(STDERR_FILENO, JUMP(&l, write_buf)), DENY, LABEL(&l, write_buf), ARG(1), JEQ((unsigned long)msg1, JUMP(&l, msg1_len)), JEQ((unsigned long)msg2, JUMP(&l, msg2_len)), JEQ((unsigned long)buf, JUMP(&l, buf_len)), DENY, LABEL(&l, msg1_len), ARG(2), JLT(sizeof(msg1), ALLOW), DENY, LABEL(&l, msg2_len), ARG(2), JLT(sizeof(msg2), ALLOW), DENY, LABEL(&l, buf_len), ARG(2), JLT(sizeof(buf), ALLOW), DENY, }; struct sock_fprog prog = { .filter = filter, .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), }; ssize_t bytes; bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter)); if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { perror("prctl(NO_NEW_PRIVS)"); return 1; } if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { perror("prctl(SECCOMP)"); return 1; } syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1)); bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1); bytes = (bytes > 0 ? bytes : 0); syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)); syscall(__NR_write, STDERR_FILENO, buf, bytes); /* Now get killed */ syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2); return 0; } ct name='qt'>
path: root/net/sctp/output.c
diff options
context:
space:
mode:
authorJulian Anastasov <ja@ssi.bg>2017-02-06 23:14:13 +0200
committerDavid S. Miller <davem@davemloft.net>2017-02-07 13:07:46 -0500
commitc86a773c78025f5b825bacd7b846f4fa60dc0317 (patch)
tree4ccbab5f25aafd2682341852882bb05d45174cbe /net/sctp/output.c
parent4ff0620354f2b39b9fe2a91c22c4de9d1fba0c8e (diff)
sctp: add dst_pending_confirm flag
Add new transport flag to allow sockets to confirm neighbour. When same struct dst_entry can be used for many different neighbours we can not use it for pending confirmations. The flag is propagated from transport to every packet. It is reset when cached dst is reset. Reported-by: YueHaibing <yuehaibing@huawei.com> Fixes: 5110effee8fd ("net: Do delayed neigh confirmation.") Fixes: f2bb4bedf35d ("ipv4: Cache output routes in fib_info nexthops.") Signed-off-by: Julian Anastasov <ja@ssi.bg> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/output.c')
-rw-r--r--net/sctp/output.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/net/sctp/output.c b/net/sctp/output.c