diff options
| author | Paul Moore <pmoore@redhat.com> | 2012-04-03 10:41:22 -0400 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2012-04-03 11:50:21 -0400 |
| commit | 6a8833ec31d8f16849667a60e8ade18618221260 (patch) | |
| tree | e3a0ae3bf1811cc2d88c15eaeecfc71132336c75 /tools/bpf.h | |
| parent | a665191c50b033c02f156ffd787e32b1d473b718 (diff) | |
| download | libseccomp-6a8833ec31d8f16849667a60e8ade18618221260.tar.gz | |
tools: update the seccomp/bpf definitions in bpf.h
There are also a number of changes to bpf_sim and bpf_disasm as a
result.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'tools/bpf.h')
| -rw-r--r-- | tools/bpf.h | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/tools/bpf.h b/tools/bpf.h index 154a5c5..13a82ee 100644 --- a/tools/bpf.h +++ b/tools/bpf.h @@ -23,42 +23,49 @@ #define _BPF_H #include <inttypes.h> +#include <stddef.h> /* most of these structures and values are designed to match the Linux Kernel's - * BPF interface (see /usr/include/linux/filter.h), but we define our own here - * so that we can function independent of the host OS */ + * BPF interface (see /usr/include/linux/{filter,seccomp}.h), but we define our + * own here so that we can function independent of the host OS */ /* XXX - need to verify these values */ -#define BPF_SYS_ARG_MAX 6 #define BPF_SCRATCH_SIZE 6 /** * Syscall record data format used by seccomp */ -struct bpf_syscall_data { - uint32_t sys; - uint32_t _reserved; - union { - uint32_t m32[BPF_SYS_ARG_MAX]; - uint64_t m64[BPF_SYS_ARG_MAX]; - } args; -} __attribute__ ((packed)); -#define BPF_SYSCALL_MAX_32 (8 + (4 * BPF_SYS_ARG_MAX)) -#define BPF_SYSCALL_MAX_64 (8 + (8 * BPF_SYS_ARG_MAX)) +#define BPF_SYS_ARG_MAX 6 +struct seccomp_data { + int nr; + uint32_t arch; + uint64_t instruction_pointer; + uint64_t args[BPF_SYS_ARG_MAX]; +}; +#define BPF_SYSCALL_MAX \ + (offsetof(struct seccomp_data, args[BPF_SYS_ARG_MAX])) /** * BPF instruction format */ -struct bpf_instr { - uint16_t op; +struct sock_filter { + uint16_t code; uint8_t jt; uint8_t jf; uint32_t k; } __attribute__ ((packed)); +typedef struct sock_filter bpf_instr_raw; + +/* seccomp return masks */ +#define SECCOMP_RET_ACTION 0x7fff0000U +#define SECCOMP_RET_DATA 0x0000ffffU -/* seccomp return values */ -#define BPF_SCMP_DENY 0x00000000 -#define BPF_SCMP_ALLOW 0xffffffff +/* seccomp action values */ +#define SECCOMP_RET_KILL 0x00000000U +#define SECCOMP_RET_TRAP 0x00030000U +#define SECCOMP_RET_ERRNO 0x00050000U +#define SECCOMP_RET_TRACE 0x7ff00000U +#define SECCOMP_RET_ALLOW 0x7fff0000U /* bpf command classes */ #define BPF_CLASS(code) ((code) & 0x07) |