sock_diag: allow to dump bpf filters

#ifndef __SOCK_DIAG_H__

#define __SOCK_DIAG_H__

#include <linux/user_namespace.h>

#include <uapi/linux/sock_diag.h>

struct sk_buff;

void sock_diag_save_cookie(void *sk, __u32 *cookie);

int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attr);

int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk,

			     struct sk_buff *skb, int attrtype);

#endif

#define PACKET_SHOW_RING_CFG	0x00000004 /* Rings configuration parameters */

#define PACKET_SHOW_FANOUT	0x00000008

#define PACKET_SHOW_MEMINFO	0x00000010

#define PACKET_SHOW_FILTER	0x00000020

struct packet_diag_msg {

	__u8	pdiag_family;

	PACKET_DIAG_FANOUT,

	PACKET_DIAG_UID,

	PACKET_DIAG_MEMINFO,

	PACKET_DIAG_FILTER,

	__PACKET_DIAG_MAX,

};

}

EXPORT_SYMBOL_GPL(sock_diag_put_meminfo);

int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk,

			     struct sk_buff *skb, int attrtype)

{

	struct nlattr *attr;

	struct sk_filter *filter;

	unsigned int len;

	int err = 0;

	if (!ns_capable(user_ns, CAP_NET_ADMIN)) {

		nla_reserve(skb, attrtype, 0);

		return 0;

	}

	rcu_read_lock();

	filter = rcu_dereference(sk->sk_filter);

	len = filter ? filter->len * sizeof(struct sock_filter) : 0;

	attr = nla_reserve(skb, attrtype, len);

	if (attr == NULL) {

		err = -EMSGSIZE;

		goto out;

	}

	if (filter)

		memcpy(nla_data(attr), filter->insns, len);

out:

	rcu_read_unlock();

	return err;

}

EXPORT_SYMBOL(sock_diag_put_filterinfo);

void sock_diag_register_inet_compat(int (*fn)(struct sk_buff *skb, struct nlmsghdr *nlh))

{

	mutex_lock(&sock_diag_table_mutex);

	    sock_diag_put_meminfo(sk, skb, PACKET_DIAG_MEMINFO))

		goto out_nlmsg_trim;

	if ((req->pdiag_show & PACKET_SHOW_FILTER) &&

	    sock_diag_put_filterinfo(user_ns, sk, skb, PACKET_DIAG_FILTER))

		goto out_nlmsg_trim;

	return nlmsg_end(skb, nlh);

out_nlmsg_trim: