statzone

DNS zone file analyzer targeted at TLD zones
Log | Files | Refs | README | LICENSE

commit ac1eb3a6a09160770908d071507827387cc7f141
parent 58d137a3f438a73e45b7dbb8b9036edcb9d7f2a7
Author: Frederic Cambus <fred@statdns.com>
Date:   Sat, 26 Oct 2019 19:23:53 +0200

Define and use the STATZONE_SYSCALL_ALLOW macro to make code more readable.

Diffstat:
Msrc/seccomp.h | 31+++++++++++++------------------
1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/src/seccomp.h b/src/seccomp.h @@ -18,30 +18,25 @@ #include <linux/filter.h> #include <linux/seccomp.h> +#define STATZONE_SYSCALL_ALLOW(syscall) \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##syscall, 0, 1), \ + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) + static struct sock_filter filter[] = { BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_brk, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_close, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_exit_group, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_fstat, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_ioctl, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), + STATZONE_SYSCALL_ALLOW(brk), + STATZONE_SYSCALL_ALLOW(close), + STATZONE_SYSCALL_ALLOW(exit_group), + STATZONE_SYSCALL_ALLOW(fstat), + STATZONE_SYSCALL_ALLOW(ioctl), #if defined(SYS_open) - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_open, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), + STATZONE_SYSCALL_ALLOW(open), #else - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_openat, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), + STATZONE_SYSCALL_ALLOW(openat), #endif - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_read, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_writev, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), + STATZONE_SYSCALL_ALLOW(read), + STATZONE_SYSCALL_ALLOW(writev), BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) };