@@ -1669,6 +1669,7 @@ restart:
for (i = 0 ; i < others_set->cnt ; i++) {
struct sock *cur = others_set->items[i].s;
+ unsigned int pkt_len;
others_set->items[i].skb = skb_clone(skb, GFP_KERNEL);
if (!others_set->items[i].skb) {
@@ -1676,6 +1677,13 @@ restart:
goto out_free;
}
skb_set_owner_w(others_set->items[i].skb, sk);
+
+ pkt_len = sk_filter(cur, others_set->items[i].skb);
+ if (pkt_len != 0) {
+ others_set->items[i].to_deliver = 0;
+ kfree_skb(others_set->items[i].skb);
+ continue;
+ }
}
for (i = 0 ; i < others_set->cnt ; i++) {
Linux Socket Filters can already be attached to Unix sockets with setsockopt(sockfd, SOL_SOCKET, SO_{ATTACH,DETACH}_FILTER, ...) But the filter was never used in Unix sockets so it did not work. This patch uses sk_filter() to filter buffers before delivery. Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk> --- net/unix/af_unix.c | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-)