1 files changed, 18 insertions, 1 deletions

diff --git a/syscall_filter.h b/syscall_filter.h
index 019f3f0..304f8c0 100644
--- a/syscall_filter.h
+++ b/syscall_filter.h
@@ -9,6 +9,8 @@
 #ifndef SYSCALL_FILTER_H
 #define SYSCALL_FILTER_H
 
+#include <stdbool.h>
+
 #include "bpf.h"
 
 #ifdef __cplusplus
@@ -29,12 +31,18 @@ struct parser_state {
 	size_t line_number;
 };
 
-enum block_action { ACTION_RET_KILL = 0, ACTION_RET_TRAP, ACTION_RET_LOG };
+enum block_action {
+	ACTION_RET_KILL = 0,
+	ACTION_RET_TRAP,
+	ACTION_RET_LOG,
+	ACTION_RET_KILL_PROCESS,
+};
 
 struct filter_options {
 	enum block_action action;
 	int allow_logging;
 	int allow_syscalls_for_logging;
+	bool allow_duplicate_syscalls;
 };
 
 struct bpf_labels;
@@ -49,6 +57,7 @@ int compile_file(const char *filename, FILE *policy_file,
 		 struct filter_block *head, struct filter_block **arg_blocks,
 		 struct bpf_labels *labels,
 		 const struct filter_options *filteropts,
+		 struct parser_state **previous_syscalls,
 		 unsigned int include_level);
 
 int compile_filter(const char *filename, FILE *policy_file,
@@ -59,8 +68,16 @@ struct filter_block *new_filter_block(void);
 int flatten_block_list(struct filter_block *head, struct sock_filter *filter,
 		       size_t index, size_t cap);
 void free_block_list(struct filter_block *head);
+void free_previous_syscalls(struct parser_state **previous_syscalls);
 
 int seccomp_can_softfail(void);
+static inline bool allow_duplicate_syscalls(void)
+{
+#if defined(ALLOW_DUPLICATE_SYSCALLS)
+	return true;
+#endif
+	return false;
+}
 
 #ifdef __cplusplus
 }; /* extern "C" */