- int sk_chk_filter(struct sock_filter * filter, unsigned int flen);
- filter to verify
- length of filter
Check the user's filter code. If we let some ugly filter code slip through kaboom! The filter must contain no references or jumps that are out of range, no illegal instructions, and must end with a RET instruction.
All jumps are forward as they are not signed.
Returns 0 if the rule set is legal or -EINVAL if not.