[NET]: Nuke CONFIG_FILTER.

e99122d2 · David S. Miller · Linus Torvalds · a0b78018 · e99122d2 · e99122d2
Commit e99122d2 authored Mar 29, 2003 by David S. Miller Committed by Linus Torvalds Mar 29, 2003
12 changed files
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -2262,7 +2262,7 @@ config PPP_MULTILINK

 config PPP_FILTER
 	bool "PPP filtering"
-	depends on PPP && FILTER
+	depends on PPP
 	help
 	  Say Y here if you want to be able to filter the packets passing over
 	  PPP interfaces.  This allows you to control which packets count as

--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -48,9 +48,7 @@
 #include <linux/skbuff.h>	/* struct sk_buff */
 #include <linux/security.h>

-#ifdef CONFIG_FILTER
 #include <linux/filter.h>
-#endif

 #include <asm/atomic.h>
 #include <net/dst.h>
@@ -174,10 +172,8 @@ struct sock {
 	long			rcvtimeo;
 	long			sndtimeo;

-#ifdef CONFIG_FILTER
 	/* Socket Filtering Instructions */
 	struct sk_filter      	*filter;
-#endif /* CONFIG_FILTER */

 	/* This is where all the private (optional) areas that don't
 	 * overlap will eventually live. 
@@ -456,8 +452,6 @@ extern void sock_def_destruct(struct sock *);
 /* Initialise core socket variables */
 extern void sock_init_data(struct socket *sock, struct sock *sk);

-#ifdef CONFIG_FILTER
-
 /**
 *	__sk_filter - run a packet through a socket filter
 *	@sk: sock associated with &sk_buff
@@ -524,15 +518,6 @@ static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp)
 	atomic_add(sk_filter_len(fp), &sk->omem_alloc);
 }

-#else
-
-static inline int __sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
-{
-	return 0;
-}
-
-#endif /* CONFIG_FILTER */
-
 static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
 {
 	int err;

--- a/net/Kconfig
+++ b/net/Kconfig
@@ -118,22 +118,6 @@ config NETFILTER_DEBUG
 	  You can say Y here if you want to get additional messages useful in
 	  debugging the netfilter code.

-config FILTER
-	bool "Socket Filtering"
-	---help---
-	  The Linux Socket Filter is derived from the Berkeley Packet Filter.
-	  If you say Y here, user-space programs can attach a filter to any
-	  socket and thereby tell the kernel that it should allow or disallow
-	  certain types of data to get through the socket.  Linux Socket
-	  Filtering works on all socket types except TCP for now.  See the
-	  text file <file:Documentation/networking/filter.txt> for more
-	  information.
-
-	  You need to say Y here if you want to use PPP packet filtering
-	  (see the CONFIG_PPP_FILTER option below).
-
-	  If unsure, say N.
-
 config UNIX
 	tristate "Unix domain sockets"
 	---help---

--- a/net/core/Makefile
+++ b/net/core/Makefile
@@ -10,9 +10,7 @@ obj-y += sysctl_net_core.o
 endif
 endif

-obj-$(CONFIG_FILTER) += filter.o
-
-obj-$(CONFIG_NET) += dev.o dev_mcast.o dst.o neighbour.o rtnetlink.o utils.o link_watch.o
+obj-$(CONFIG_NET) += dev.o dev_mcast.o dst.o neighbour.o rtnetlink.o utils.o link_watch.o filter.o

 obj-$(CONFIG_NETFILTER) += netfilter.o
 obj-$(CONFIG_NET_DIVERT) += dv.o

--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -15,9 +15,6 @@
 * Andi Kleen - Fix a few bad bugs and races.
 */

-#include <linux/config.h>
-#if defined(CONFIG_FILTER)
-
 #include <linux/module.h>
 #include <linux/types.h>
 #include <linux/sched.h>
@@ -495,4 +492,3 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)

 	return (err);
 }
-#endif /* CONFIG_FILTER */
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -119,9 +119,7 @@
 #include <net/sock.h>
 #include <linux/ipsec.h>

-#ifdef CONFIG_FILTER
 #include <linux/filter.h>
-#endif

 #ifdef CONFIG_INET
 #include <net/tcp.h>
@@ -168,9 +166,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
 		    char *optval, int optlen)
 {
 	struct sock *sk=sock->sk;
-#ifdef CONFIG_FILTER
 	struct sk_filter *filter;
-#endif
 	int val;
 	int valbool;
 	struct linger ling;
@@ -381,7 +377,6 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
 #endif


-#ifdef CONFIG_FILTER
 		case SO_ATTACH_FILTER:
 			ret = -EINVAL;
 			if (optlen == sizeof(struct sock_fprog)) {
@@ -407,7 +402,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
 			spin_unlock_bh(&sk->lock.slock);
 			ret = -ENONET;
 			break;
-#endif
+
 		/* We implement the SO_SNDLOWAT etc to
 		   not be settable (1003.1g 5.3) */
 		default:
@@ -614,20 +609,16 @@ struct sock *sk_alloc(int family, int priority, int zero_it, kmem_cache_t *slab)

 void sk_free(struct sock *sk)
 {
-#ifdef CONFIG_FILTER
 	struct sk_filter *filter;
-#endif

 	if (sk->destruct)
 		sk->destruct(sk);

-#ifdef CONFIG_FILTER
 	filter = sk->filter;
 	if (filter) {
 		sk_filter_release(sk, filter);
 		sk->filter = NULL;
 	}
-#endif

 	if (atomic_read(&sk->omem_alloc))
 		printk(KERN_DEBUG "sk_free: optmem leakage (%d bytes) detected.\n", atomic_read(&sk->omem_alloc));

--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -645,9 +645,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct open_request *req,

 	if(newsk != NULL) {
 		struct tcp_opt *newtp;
-#ifdef CONFIG_FILTER
 		struct sk_filter *filter;
-#endif

 		memcpy(newsk, sk, sizeof(struct tcp_sock));
 		newsk->state = TCP_SYN_RECV;
@@ -677,10 +675,10 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct open_request *req,
 		newsk->callback_lock = RW_LOCK_UNLOCKED;
 		skb_queue_head_init(&newsk->error_queue);
 		newsk->write_space = tcp_write_space;
-#ifdef CONFIG_FILTER
+
 		if ((filter = newsk->filter) != NULL)
 			sk_filter_charge(newsk, filter);
-#endif
+
 		if (unlikely(xfrm_sk_clone_policy(newsk))) {
 			/* It is still raw copy of parent, so invalidate
 			 * destructor and make plain sk_free() */

--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -951,7 +951,6 @@ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
 		return -1;
 	}

-#if defined(CONFIG_FILTER)
 	if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) {
 		if (__udp_checksum_complete(skb)) {
 			UDP_INC_STATS_BH(UdpInErrors);
@@ -960,7 +959,6 @@ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
 		}
 		skb->ip_summed = CHECKSUM_UNNECESSARY;
 	}
-#endif

 	if (sock_queue_rcv_skb(sk,skb)<0) {
 		UDP_INC_STATS_BH(UdpInErrors);

--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -273,7 +273,6 @@ void rawv6_err(struct sock *sk, struct sk_buff *skb,

 static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb)
 {
-#if defined(CONFIG_FILTER)
 	if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) {
 		if ((unsigned short)csum_fold(skb_checksum(skb, 0, skb->len, skb->csum))) {
 			/* FIXME: increment a raw6 drops counter here */
@@ -282,7 +281,7 @@ static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb)
 		}
 		skb->ip_summed = CHECKSUM_UNNECESSARY;
 	}
-#endif
+
 	/* Charge it to the socket. */
 	if (sock_queue_rcv_skb(sk,skb)<0) {
 		/* FIXME: increment a raw6 drops counter here */

--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -547,7 +547,6 @@ static inline int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
 		return -1;
 	}

-#if defined(CONFIG_FILTER)
 	if (sk->filter && skb->ip_summed != CHECKSUM_UNNECESSARY) {
 		if ((unsigned short)csum_fold(skb_checksum(skb, 0, skb->len, skb->csum))) {
 			UDP6_INC_STATS_BH(UdpInErrors);
@@ -556,7 +555,7 @@ static inline int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
 		}
 		skb->ip_summed = CHECKSUM_UNNECESSARY;
 	}
-#endif
+
 	if (sock_queue_rcv_skb(sk,skb)<0) {
 		UDP6_INC_STATS_BH(UdpInErrors);
 		kfree_skb(skb);

--- a/net/netsyms.c
+++ b/net/netsyms.c
@@ -171,10 +171,8 @@ EXPORT_SYMBOL(sock_kfree_s);
 EXPORT_SYMBOL(sock_map_fd);
 EXPORT_SYMBOL(sockfd_lookup);

-#ifdef CONFIG_FILTER
 EXPORT_SYMBOL(sk_run_filter);
 EXPORT_SYMBOL(sk_chk_filter);
-#endif

 EXPORT_SYMBOL(neigh_table_init);
 EXPORT_SYMBOL(neigh_table_clear);

--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -401,9 +401,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,  struct packe
 	struct packet_opt *po;
 	u8 * skb_head = skb->data;
 	int skb_len = skb->len;
-#ifdef CONFIG_FILTER
 	unsigned snaplen;
-#endif

 	if (skb->pkt_type == PACKET_LOOPBACK)
 		goto drop;
@@ -429,7 +427,6 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,  struct packe
 		}
 	}

-#ifdef CONFIG_FILTER
 	snaplen = skb->len;

 	if (sk->filter) {
@@ -446,7 +443,6 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,  struct packe
 		if (snaplen > res)
 			snaplen = res;
 	}
-#endif /* CONFIG_FILTER */

 	if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf)
 		goto drop_n_acct;
@@ -475,10 +471,8 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,  struct packe
 	if (dev->hard_header_parse)
 		sll->sll_halen = dev->hard_header_parse(skb, sll->sll_addr);

-#ifdef CONFIG_FILTER
 	if (pskb_trim(skb, snaplen))
 		goto drop_n_acct;
-#endif

 	skb_set_owner_r(skb, sk);
 	skb->dev = NULL;
@@ -494,9 +488,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,  struct packe
 	po->stats.tp_drops++;
 	spin_unlock(&sk->receive_queue.lock);

-#ifdef CONFIG_FILTER
 drop_n_restore:
-#endif
 	if (skb_head != skb->data && skb_shared(skb)) {
 		skb->data = skb_head;
 		skb->len = skb_len;
@@ -539,7 +531,6 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,  struct pack

 	snaplen = skb->len;

-#ifdef CONFIG_FILTER
 	if (sk->filter) {
 		unsigned res = snaplen;
 		struct sk_filter *filter;
@@ -554,7 +545,6 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,  struct pack
 		if (snaplen > res)
 			snaplen = res;
 	}
-#endif

 	if (sk->type == SOCK_DGRAM) {
 		macoff = netoff = TPACKET_ALIGN(TPACKET_HDRLEN) + 16;