sk_chk_filter(9) verify socket filter code

SYNOPSIS

int sk_chk_filter(struct sock_filter * filter, unsigned int flen);

ARGUMENTS

filter

filter to verify

flen

length of filter

DESCRIPTION

Check the user's filter code. If we let some ugly filter code slip through kaboom! The filter must contain no references or jumps that are out of range, no illegal instructions, and must end with a RET instruction.

All jumps are forward as they are not signed.

Returns 0 if the rule set is legal or -EINVAL if not.

COPYRIGHT