net: Remove CONFIG_KMOD from net/ (towards removing CONFIG_KMOD entirely)
[linux-2.6.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34                                          "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37                                          ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43  * Each cpu has its own set of counters, so there is no need for write_lock in
44  * the softirq
45  * For reading or updating the counters, the user context needs to
46  * get a write_lock
47  */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53    COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58 static LIST_HEAD(ebt_tables);
59
60 static struct xt_target ebt_standard_target = {
61         .name       = "standard",
62         .revision   = 0,
63         .family     = NFPROTO_BRIDGE,
64         .targetsize = sizeof(int),
65 };
66
67 static inline int
68 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
69                struct xt_target_param *par)
70 {
71         par->target   = w->u.watcher;
72         par->targinfo = w->data;
73         w->u.watcher->target(skb, par);
74         /* watchers don't give a verdict */
75         return 0;
76 }
77
78 static inline int ebt_do_match (struct ebt_entry_match *m,
79    const struct sk_buff *skb, struct xt_match_param *par)
80 {
81         par->match     = m->u.match;
82         par->matchinfo = m->data;
83         return m->u.match->match(skb, par);
84 }
85
86 static inline int ebt_dev_check(char *entry, const struct net_device *device)
87 {
88         int i = 0;
89         const char *devname = device->name;
90
91         if (*entry == '\0')
92                 return 0;
93         if (!device)
94                 return 1;
95         /* 1 is the wildcard token */
96         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97                 i++;
98         return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104    const struct net_device *in, const struct net_device *out)
105 {
106         int verdict, i;
107
108         if (e->bitmask & EBT_802_3) {
109                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110                         return 1;
111         } else if (!(e->bitmask & EBT_NOPROTO) &&
112            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113                 return 1;
114
115         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116                 return 1;
117         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118                 return 1;
119         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121                 return 1;
122         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124                 return 1;
125
126         if (e->bitmask & EBT_SOURCEMAC) {
127                 verdict = 0;
128                 for (i = 0; i < 6; i++)
129                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130                            e->sourcemsk[i];
131                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132                         return 1;
133         }
134         if (e->bitmask & EBT_DESTMAC) {
135                 verdict = 0;
136                 for (i = 0; i < 6; i++)
137                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138                            e->destmsk[i];
139                 if (FWINV2(verdict != 0, EBT_IDEST) )
140                         return 1;
141         }
142         return 0;
143 }
144
145 /* Do some firewalling */
146 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
147    const struct net_device *in, const struct net_device *out,
148    struct ebt_table *table)
149 {
150         int i, nentries;
151         struct ebt_entry *point;
152         struct ebt_counter *counter_base, *cb_base;
153         struct ebt_entry_target *t;
154         int verdict, sp = 0;
155         struct ebt_chainstack *cs;
156         struct ebt_entries *chaininfo;
157         char *base;
158         struct ebt_table_info *private;
159         bool hotdrop = false;
160         struct xt_match_param mtpar;
161         struct xt_target_param tgpar;
162
163         mtpar.family  = tgpar.family = NFPROTO_BRIDGE;
164         mtpar.in      = tgpar.in  = in;
165         mtpar.out     = tgpar.out = out;
166         mtpar.hotdrop = &hotdrop;
167         tgpar.hooknum = hook;
168
169         read_lock_bh(&table->lock);
170         private = table->private;
171         cb_base = COUNTER_BASE(private->counters, private->nentries,
172            smp_processor_id());
173         if (private->chainstack)
174                 cs = private->chainstack[smp_processor_id()];
175         else
176                 cs = NULL;
177         chaininfo = private->hook_entry[hook];
178         nentries = private->hook_entry[hook]->nentries;
179         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
180         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
181         /* base for chain jumps */
182         base = private->entries;
183         i = 0;
184         while (i < nentries) {
185                 if (ebt_basic_match(point, eth_hdr(skb), in, out))
186                         goto letscontinue;
187
188                 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
189                         goto letscontinue;
190                 if (hotdrop) {
191                         read_unlock_bh(&table->lock);
192                         return NF_DROP;
193                 }
194
195                 /* increase counter */
196                 (*(counter_base + i)).pcnt++;
197                 (*(counter_base + i)).bcnt += skb->len;
198
199                 /* these should only watch: not modify, nor tell us
200                    what to do with the packet */
201                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
202
203                 t = (struct ebt_entry_target *)
204                    (((char *)point) + point->target_offset);
205                 /* standard target */
206                 if (!t->u.target->target)
207                         verdict = ((struct ebt_standard_target *)t)->verdict;
208                 else {
209                         tgpar.target   = t->u.target;
210                         tgpar.targinfo = t->data;
211                         verdict = t->u.target->target(skb, &tgpar);
212                 }
213                 if (verdict == EBT_ACCEPT) {
214                         read_unlock_bh(&table->lock);
215                         return NF_ACCEPT;
216                 }
217                 if (verdict == EBT_DROP) {
218                         read_unlock_bh(&table->lock);
219                         return NF_DROP;
220                 }
221                 if (verdict == EBT_RETURN) {
222 letsreturn:
223 #ifdef CONFIG_NETFILTER_DEBUG
224                         if (sp == 0) {
225                                 BUGPRINT("RETURN on base chain");
226                                 /* act like this is EBT_CONTINUE */
227                                 goto letscontinue;
228                         }
229 #endif
230                         sp--;
231                         /* put all the local variables right */
232                         i = cs[sp].n;
233                         chaininfo = cs[sp].chaininfo;
234                         nentries = chaininfo->nentries;
235                         point = cs[sp].e;
236                         counter_base = cb_base +
237                            chaininfo->counter_offset;
238                         continue;
239                 }
240                 if (verdict == EBT_CONTINUE)
241                         goto letscontinue;
242 #ifdef CONFIG_NETFILTER_DEBUG
243                 if (verdict < 0) {
244                         BUGPRINT("bogus standard verdict\n");
245                         read_unlock_bh(&table->lock);
246                         return NF_DROP;
247                 }
248 #endif
249                 /* jump to a udc */
250                 cs[sp].n = i + 1;
251                 cs[sp].chaininfo = chaininfo;
252                 cs[sp].e = (struct ebt_entry *)
253                    (((char *)point) + point->next_offset);
254                 i = 0;
255                 chaininfo = (struct ebt_entries *) (base + verdict);
256 #ifdef CONFIG_NETFILTER_DEBUG
257                 if (chaininfo->distinguisher) {
258                         BUGPRINT("jump to non-chain\n");
259                         read_unlock_bh(&table->lock);
260                         return NF_DROP;
261                 }
262 #endif
263                 nentries = chaininfo->nentries;
264                 point = (struct ebt_entry *)chaininfo->data;
265                 counter_base = cb_base + chaininfo->counter_offset;
266                 sp++;
267                 continue;
268 letscontinue:
269                 point = (struct ebt_entry *)
270                    (((char *)point) + point->next_offset);
271                 i++;
272         }
273
274         /* I actually like this :) */
275         if (chaininfo->policy == EBT_RETURN)
276                 goto letsreturn;
277         if (chaininfo->policy == EBT_ACCEPT) {
278                 read_unlock_bh(&table->lock);
279                 return NF_ACCEPT;
280         }
281         read_unlock_bh(&table->lock);
282         return NF_DROP;
283 }
284
285 /* If it succeeds, returns element and locks mutex */
286 static inline void *
287 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
288    struct mutex *mutex)
289 {
290         struct {
291                 struct list_head list;
292                 char name[EBT_FUNCTION_MAXNAMELEN];
293         } *e;
294
295         *error = mutex_lock_interruptible(mutex);
296         if (*error != 0)
297                 return NULL;
298
299         list_for_each_entry(e, head, list) {
300                 if (strcmp(e->name, name) == 0)
301                         return e;
302         }
303         *error = -ENOENT;
304         mutex_unlock(mutex);
305         return NULL;
306 }
307
308 static void *
309 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
310    int *error, struct mutex *mutex)
311 {
312         return try_then_request_module(
313                         find_inlist_lock_noload(head, name, error, mutex),
314                         "%s%s", prefix, name);
315 }
316
317 static inline struct ebt_table *
318 find_table_lock(const char *name, int *error, struct mutex *mutex)
319 {
320         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
321 }
322
323 static inline int
324 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
325                 unsigned int *cnt)
326 {
327         const struct ebt_entry *e = par->entryinfo;
328         struct xt_match *match;
329         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
330         int ret;
331
332         if (left < sizeof(struct ebt_entry_match) ||
333             left - sizeof(struct ebt_entry_match) < m->match_size)
334                 return -EINVAL;
335
336         match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
337                 m->u.name, 0), "ebt_%s", m->u.name);
338         if (IS_ERR(match))
339                 return PTR_ERR(match);
340         if (match == NULL)
341                 return -ENOENT;
342         m->u.match = match;
343
344         par->match     = match;
345         par->matchinfo = m->data;
346         ret = xt_check_match(par, m->match_size,
347               e->ethproto, e->invflags & EBT_IPROTO);
348         if (ret < 0) {
349                 module_put(match->me);
350                 return ret;
351         }
352
353         (*cnt)++;
354         return 0;
355 }
356
357 static inline int
358 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
359                   unsigned int *cnt)
360 {
361         const struct ebt_entry *e = par->entryinfo;
362         struct xt_target *watcher;
363         size_t left = ((char *)e + e->target_offset) - (char *)w;
364         int ret;
365
366         if (left < sizeof(struct ebt_entry_watcher) ||
367            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
368                 return -EINVAL;
369
370         watcher = try_then_request_module(
371                   xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
372                   "ebt_%s", w->u.name);
373         if (IS_ERR(watcher))
374                 return PTR_ERR(watcher);
375         if (watcher == NULL)
376                 return -ENOENT;
377         w->u.watcher = watcher;
378
379         par->target   = watcher;
380         par->targinfo = w->data;
381         ret = xt_check_target(par, w->watcher_size,
382               e->ethproto, e->invflags & EBT_IPROTO);
383         if (ret < 0) {
384                 module_put(watcher->me);
385                 return ret;
386         }
387
388         (*cnt)++;
389         return 0;
390 }
391
392 static int ebt_verify_pointers(struct ebt_replace *repl,
393                                struct ebt_table_info *newinfo)
394 {
395         unsigned int limit = repl->entries_size;
396         unsigned int valid_hooks = repl->valid_hooks;
397         unsigned int offset = 0;
398         int i;
399
400         for (i = 0; i < NF_BR_NUMHOOKS; i++)
401                 newinfo->hook_entry[i] = NULL;
402
403         newinfo->entries_size = repl->entries_size;
404         newinfo->nentries = repl->nentries;
405
406         while (offset < limit) {
407                 size_t left = limit - offset;
408                 struct ebt_entry *e = (void *)newinfo->entries + offset;
409
410                 if (left < sizeof(unsigned int))
411                         break;
412
413                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
414                         if ((valid_hooks & (1 << i)) == 0)
415                                 continue;
416                         if ((char __user *)repl->hook_entry[i] ==
417                              repl->entries + offset)
418                                 break;
419                 }
420
421                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
422                         if (e->bitmask != 0) {
423                                 /* we make userspace set this right,
424                                    so there is no misunderstanding */
425                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
426                                          "in distinguisher\n");
427                                 return -EINVAL;
428                         }
429                         if (i != NF_BR_NUMHOOKS)
430                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
431                         if (left < sizeof(struct ebt_entries))
432                                 break;
433                         offset += sizeof(struct ebt_entries);
434                 } else {
435                         if (left < sizeof(struct ebt_entry))
436                                 break;
437                         if (left < e->next_offset)
438                                 break;
439                         offset += e->next_offset;
440                 }
441         }
442         if (offset != limit) {
443                 BUGPRINT("entries_size too small\n");
444                 return -EINVAL;
445         }
446
447         /* check if all valid hooks have a chain */
448         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
449                 if (!newinfo->hook_entry[i] &&
450                    (valid_hooks & (1 << i))) {
451                         BUGPRINT("Valid hook without chain\n");
452                         return -EINVAL;
453                 }
454         }
455         return 0;
456 }
457
458 /*
459  * this one is very careful, as it is the first function
460  * to parse the userspace data
461  */
462 static inline int
463 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
464    struct ebt_table_info *newinfo,
465    unsigned int *n, unsigned int *cnt,
466    unsigned int *totalcnt, unsigned int *udc_cnt)
467 {
468         int i;
469
470         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
471                 if ((void *)e == (void *)newinfo->hook_entry[i])
472                         break;
473         }
474         /* beginning of a new chain
475            if i == NF_BR_NUMHOOKS it must be a user defined chain */
476         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
477                 /* this checks if the previous chain has as many entries
478                    as it said it has */
479                 if (*n != *cnt) {
480                         BUGPRINT("nentries does not equal the nr of entries "
481                                  "in the chain\n");
482                         return -EINVAL;
483                 }
484                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
485                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
486                         /* only RETURN from udc */
487                         if (i != NF_BR_NUMHOOKS ||
488                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
489                                 BUGPRINT("bad policy\n");
490                                 return -EINVAL;
491                         }
492                 }
493                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
494                         (*udc_cnt)++;
495                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
496                         BUGPRINT("counter_offset != totalcnt");
497                         return -EINVAL;
498                 }
499                 *n = ((struct ebt_entries *)e)->nentries;
500                 *cnt = 0;
501                 return 0;
502         }
503         /* a plain old entry, heh */
504         if (sizeof(struct ebt_entry) > e->watchers_offset ||
505            e->watchers_offset > e->target_offset ||
506            e->target_offset >= e->next_offset) {
507                 BUGPRINT("entry offsets not in right order\n");
508                 return -EINVAL;
509         }
510         /* this is not checked anywhere else */
511         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
512                 BUGPRINT("target size too small\n");
513                 return -EINVAL;
514         }
515         (*cnt)++;
516         (*totalcnt)++;
517         return 0;
518 }
519
520 struct ebt_cl_stack
521 {
522         struct ebt_chainstack cs;
523         int from;
524         unsigned int hookmask;
525 };
526
527 /*
528  * we need these positions to check that the jumps to a different part of the
529  * entries is a jump to the beginning of a new chain.
530  */
531 static inline int
532 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
533    unsigned int *n, struct ebt_cl_stack *udc)
534 {
535         int i;
536
537         /* we're only interested in chain starts */
538         if (e->bitmask)
539                 return 0;
540         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
541                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
542                         break;
543         }
544         /* only care about udc */
545         if (i != NF_BR_NUMHOOKS)
546                 return 0;
547
548         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
549         /* these initialisations are depended on later in check_chainloops() */
550         udc[*n].cs.n = 0;
551         udc[*n].hookmask = 0;
552
553         (*n)++;
554         return 0;
555 }
556
557 static inline int
558 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
559 {
560         struct xt_mtdtor_param par;
561
562         if (i && (*i)-- == 0)
563                 return 1;
564
565         par.match     = m->u.match;
566         par.matchinfo = m->data;
567         par.family    = NFPROTO_BRIDGE;
568         if (par.match->destroy != NULL)
569                 par.match->destroy(&par);
570         module_put(par.match->me);
571         return 0;
572 }
573
574 static inline int
575 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
576 {
577         struct xt_tgdtor_param par;
578
579         if (i && (*i)-- == 0)
580                 return 1;
581
582         par.target   = w->u.watcher;
583         par.targinfo = w->data;
584         par.family   = NFPROTO_BRIDGE;
585         if (par.target->destroy != NULL)
586                 par.target->destroy(&par);
587         module_put(par.target->me);
588         return 0;
589 }
590
591 static inline int
592 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
593 {
594         struct xt_tgdtor_param par;
595         struct ebt_entry_target *t;
596
597         if (e->bitmask == 0)
598                 return 0;
599         /* we're done */
600         if (cnt && (*cnt)-- == 0)
601                 return 1;
602         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
603         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
604         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
605
606         par.target   = t->u.target;
607         par.targinfo = t->data;
608         par.family   = NFPROTO_BRIDGE;
609         if (par.target->destroy != NULL)
610                 par.target->destroy(&par);
611         module_put(par.target->me);
612         return 0;
613 }
614
615 static inline int
616 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
617    const char *name, unsigned int *cnt,
618    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
619 {
620         struct ebt_entry_target *t;
621         struct xt_target *target;
622         unsigned int i, j, hook = 0, hookmask = 0;
623         size_t gap;
624         int ret;
625         struct xt_mtchk_param mtpar;
626         struct xt_tgchk_param tgpar;
627
628         /* don't mess with the struct ebt_entries */
629         if (e->bitmask == 0)
630                 return 0;
631
632         if (e->bitmask & ~EBT_F_MASK) {
633                 BUGPRINT("Unknown flag for bitmask\n");
634                 return -EINVAL;
635         }
636         if (e->invflags & ~EBT_INV_MASK) {
637                 BUGPRINT("Unknown flag for inv bitmask\n");
638                 return -EINVAL;
639         }
640         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
641                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
642                 return -EINVAL;
643         }
644         /* what hook do we belong to? */
645         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
646                 if (!newinfo->hook_entry[i])
647                         continue;
648                 if ((char *)newinfo->hook_entry[i] < (char *)e)
649                         hook = i;
650                 else
651                         break;
652         }
653         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
654            a base chain */
655         if (i < NF_BR_NUMHOOKS)
656                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
657         else {
658                 for (i = 0; i < udc_cnt; i++)
659                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
660                                 break;
661                 if (i == 0)
662                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
663                 else
664                         hookmask = cl_s[i - 1].hookmask;
665         }
666         i = 0;
667
668         mtpar.table     = tgpar.table     = name;
669         mtpar.entryinfo = tgpar.entryinfo = e;
670         mtpar.hook_mask = tgpar.hook_mask = hookmask;
671         mtpar.family    = tgpar.family    = NFPROTO_BRIDGE;
672         ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
673         if (ret != 0)
674                 goto cleanup_matches;
675         j = 0;
676         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
677         if (ret != 0)
678                 goto cleanup_watchers;
679         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
680         gap = e->next_offset - e->target_offset;
681
682         target = try_then_request_module(
683                  xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
684                  "ebt_%s", t->u.name);
685         if (IS_ERR(target)) {
686                 ret = PTR_ERR(target);
687                 goto cleanup_watchers;
688         } else if (target == NULL) {
689                 ret = -ENOENT;
690                 goto cleanup_watchers;
691         }
692
693         t->u.target = target;
694         if (t->u.target == &ebt_standard_target) {
695                 if (gap < sizeof(struct ebt_standard_target)) {
696                         BUGPRINT("Standard target size too big\n");
697                         ret = -EFAULT;
698                         goto cleanup_watchers;
699                 }
700                 if (((struct ebt_standard_target *)t)->verdict <
701                    -NUM_STANDARD_TARGETS) {
702                         BUGPRINT("Invalid standard target\n");
703                         ret = -EFAULT;
704                         goto cleanup_watchers;
705                 }
706         } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
707                 module_put(t->u.target->me);
708                 ret = -EFAULT;
709                 goto cleanup_watchers;
710         }
711
712         tgpar.target   = target;
713         tgpar.targinfo = t->data;
714         ret = xt_check_target(&tgpar, t->target_size,
715               e->ethproto, e->invflags & EBT_IPROTO);
716         if (ret < 0) {
717                 module_put(target->me);
718                 goto cleanup_watchers;
719         }
720         (*cnt)++;
721         return 0;
722 cleanup_watchers:
723         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
724 cleanup_matches:
725         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
726         return ret;
727 }
728
729 /*
730  * checks for loops and sets the hook mask for udc
731  * the hook mask for udc tells us from which base chains the udc can be
732  * accessed. This mask is a parameter to the check() functions of the extensions
733  */
734 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
735    unsigned int udc_cnt, unsigned int hooknr, char *base)
736 {
737         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
738         struct ebt_entry *e = (struct ebt_entry *)chain->data;
739         struct ebt_entry_target *t;
740
741         while (pos < nentries || chain_nr != -1) {
742                 /* end of udc, go back one 'recursion' step */
743                 if (pos == nentries) {
744                         /* put back values of the time when this chain was called */
745                         e = cl_s[chain_nr].cs.e;
746                         if (cl_s[chain_nr].from != -1)
747                                 nentries =
748                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
749                         else
750                                 nentries = chain->nentries;
751                         pos = cl_s[chain_nr].cs.n;
752                         /* make sure we won't see a loop that isn't one */
753                         cl_s[chain_nr].cs.n = 0;
754                         chain_nr = cl_s[chain_nr].from;
755                         if (pos == nentries)
756                                 continue;
757                 }
758                 t = (struct ebt_entry_target *)
759                    (((char *)e) + e->target_offset);
760                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
761                         goto letscontinue;
762                 if (e->target_offset + sizeof(struct ebt_standard_target) >
763                    e->next_offset) {
764                         BUGPRINT("Standard target size too big\n");
765                         return -1;
766                 }
767                 verdict = ((struct ebt_standard_target *)t)->verdict;
768                 if (verdict >= 0) { /* jump to another chain */
769                         struct ebt_entries *hlp2 =
770                            (struct ebt_entries *)(base + verdict);
771                         for (i = 0; i < udc_cnt; i++)
772                                 if (hlp2 == cl_s[i].cs.chaininfo)
773                                         break;
774                         /* bad destination or loop */
775                         if (i == udc_cnt) {
776                                 BUGPRINT("bad destination\n");
777                                 return -1;
778                         }
779                         if (cl_s[i].cs.n) {
780                                 BUGPRINT("loop\n");
781                                 return -1;
782                         }
783                         if (cl_s[i].hookmask & (1 << hooknr))
784                                 goto letscontinue;
785                         /* this can't be 0, so the loop test is correct */
786                         cl_s[i].cs.n = pos + 1;
787                         pos = 0;
788                         cl_s[i].cs.e = ((void *)e + e->next_offset);
789                         e = (struct ebt_entry *)(hlp2->data);
790                         nentries = hlp2->nentries;
791                         cl_s[i].from = chain_nr;
792                         chain_nr = i;
793                         /* this udc is accessible from the base chain for hooknr */
794                         cl_s[i].hookmask |= (1 << hooknr);
795                         continue;
796                 }
797 letscontinue:
798                 e = (void *)e + e->next_offset;
799                 pos++;
800         }
801         return 0;
802 }
803
804 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
805 static int translate_table(char *name, struct ebt_table_info *newinfo)
806 {
807         unsigned int i, j, k, udc_cnt;
808         int ret;
809         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
810
811         i = 0;
812         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
813                 i++;
814         if (i == NF_BR_NUMHOOKS) {
815                 BUGPRINT("No valid hooks specified\n");
816                 return -EINVAL;
817         }
818         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
819                 BUGPRINT("Chains don't start at beginning\n");
820                 return -EINVAL;
821         }
822         /* make sure chains are ordered after each other in same order
823            as their corresponding hooks */
824         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
825                 if (!newinfo->hook_entry[j])
826                         continue;
827                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
828                         BUGPRINT("Hook order must be followed\n");
829                         return -EINVAL;
830                 }
831                 i = j;
832         }
833
834         /* do some early checkings and initialize some things */
835         i = 0; /* holds the expected nr. of entries for the chain */
836         j = 0; /* holds the up to now counted entries for the chain */
837         k = 0; /* holds the total nr. of entries, should equal
838                   newinfo->nentries afterwards */
839         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
840         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
841            ebt_check_entry_size_and_hooks, newinfo,
842            &i, &j, &k, &udc_cnt);
843
844         if (ret != 0)
845                 return ret;
846
847         if (i != j) {
848                 BUGPRINT("nentries does not equal the nr of entries in the "
849                          "(last) chain\n");
850                 return -EINVAL;
851         }
852         if (k != newinfo->nentries) {
853                 BUGPRINT("Total nentries is wrong\n");
854                 return -EINVAL;
855         }
856
857         /* get the location of the udc, put them in an array
858            while we're at it, allocate the chainstack */
859         if (udc_cnt) {
860                 /* this will get free'd in do_replace()/ebt_register_table()
861                    if an error occurs */
862                 newinfo->chainstack =
863                         vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
864                 if (!newinfo->chainstack)
865                         return -ENOMEM;
866                 for_each_possible_cpu(i) {
867                         newinfo->chainstack[i] =
868                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
869                         if (!newinfo->chainstack[i]) {
870                                 while (i)
871                                         vfree(newinfo->chainstack[--i]);
872                                 vfree(newinfo->chainstack);
873                                 newinfo->chainstack = NULL;
874                                 return -ENOMEM;
875                         }
876                 }
877
878                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
879                 if (!cl_s)
880                         return -ENOMEM;
881                 i = 0; /* the i'th udc */
882                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
883                    ebt_get_udc_positions, newinfo, &i, cl_s);
884                 /* sanity check */
885                 if (i != udc_cnt) {
886                         BUGPRINT("i != udc_cnt\n");
887                         vfree(cl_s);
888                         return -EFAULT;
889                 }
890         }
891
892         /* Check for loops */
893         for (i = 0; i < NF_BR_NUMHOOKS; i++)
894                 if (newinfo->hook_entry[i])
895                         if (check_chainloops(newinfo->hook_entry[i],
896                            cl_s, udc_cnt, i, newinfo->entries)) {
897                                 vfree(cl_s);
898                                 return -EINVAL;
899                         }
900
901         /* we now know the following (along with E=mc²):
902            - the nr of entries in each chain is right
903            - the size of the allocated space is right
904            - all valid hooks have a corresponding chain
905            - there are no loops
906            - wrong data can still be on the level of a single entry
907            - could be there are jumps to places that are not the
908              beginning of a chain. This can only occur in chains that
909              are not accessible from any base chains, so we don't care. */
910
911         /* used to know what we need to clean up if something goes wrong */
912         i = 0;
913         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
914            ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
915         if (ret != 0) {
916                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
917                    ebt_cleanup_entry, &i);
918         }
919         vfree(cl_s);
920         return ret;
921 }
922
923 /* called under write_lock */
924 static void get_counters(struct ebt_counter *oldcounters,
925    struct ebt_counter *counters, unsigned int nentries)
926 {
927         int i, cpu;
928         struct ebt_counter *counter_base;
929
930         /* counters of cpu 0 */
931         memcpy(counters, oldcounters,
932                sizeof(struct ebt_counter) * nentries);
933
934         /* add other counters to those of cpu 0 */
935         for_each_possible_cpu(cpu) {
936                 if (cpu == 0)
937                         continue;
938                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
939                 for (i = 0; i < nentries; i++) {
940                         counters[i].pcnt += counter_base[i].pcnt;
941                         counters[i].bcnt += counter_base[i].bcnt;
942                 }
943         }
944 }
945
946 /* replace the table */
947 static int do_replace(void __user *user, unsigned int len)
948 {
949         int ret, i, countersize;
950         struct ebt_table_info *newinfo;
951         struct ebt_replace tmp;
952         struct ebt_table *t;
953         struct ebt_counter *counterstmp = NULL;
954         /* used to be able to unlock earlier */
955         struct ebt_table_info *table;
956
957         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
958                 return -EFAULT;
959
960         if (len != sizeof(tmp) + tmp.entries_size) {
961                 BUGPRINT("Wrong len argument\n");
962                 return -EINVAL;
963         }
964
965         if (tmp.entries_size == 0) {
966                 BUGPRINT("Entries_size never zero\n");
967                 return -EINVAL;
968         }
969         /* overflow check */
970         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
971                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
972                 return -ENOMEM;
973         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
974                 return -ENOMEM;
975
976         countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
977         newinfo = vmalloc(sizeof(*newinfo) + countersize);
978         if (!newinfo)
979                 return -ENOMEM;
980
981         if (countersize)
982                 memset(newinfo->counters, 0, countersize);
983
984         newinfo->entries = vmalloc(tmp.entries_size);
985         if (!newinfo->entries) {
986                 ret = -ENOMEM;
987                 goto free_newinfo;
988         }
989         if (copy_from_user(
990            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
991                 BUGPRINT("Couldn't copy entries from userspace\n");
992                 ret = -EFAULT;
993                 goto free_entries;
994         }
995
996         /* the user wants counters back
997            the check on the size is done later, when we have the lock */
998         if (tmp.num_counters) {
999                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1000                 if (!counterstmp) {
1001                         ret = -ENOMEM;
1002                         goto free_entries;
1003                 }
1004         }
1005         else
1006                 counterstmp = NULL;
1007
1008         /* this can get initialized by translate_table() */
1009         newinfo->chainstack = NULL;
1010         ret = ebt_verify_pointers(&tmp, newinfo);
1011         if (ret != 0)
1012                 goto free_counterstmp;
1013
1014         ret = translate_table(tmp.name, newinfo);
1015
1016         if (ret != 0)
1017                 goto free_counterstmp;
1018
1019         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1020         if (!t) {
1021                 ret = -ENOENT;
1022                 goto free_iterate;
1023         }
1024
1025         /* the table doesn't like it */
1026         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1027                 goto free_unlock;
1028
1029         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1030                 BUGPRINT("Wrong nr. of counters requested\n");
1031                 ret = -EINVAL;
1032                 goto free_unlock;
1033         }
1034
1035         /* we have the mutex lock, so no danger in reading this pointer */
1036         table = t->private;
1037         /* make sure the table can only be rmmod'ed if it contains no rules */
1038         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1039                 ret = -ENOENT;
1040                 goto free_unlock;
1041         } else if (table->nentries && !newinfo->nentries)
1042                 module_put(t->me);
1043         /* we need an atomic snapshot of the counters */
1044         write_lock_bh(&t->lock);
1045         if (tmp.num_counters)
1046                 get_counters(t->private->counters, counterstmp,
1047                    t->private->nentries);
1048
1049         t->private = newinfo;
1050         write_unlock_bh(&t->lock);
1051         mutex_unlock(&ebt_mutex);
1052         /* so, a user can change the chains while having messed up her counter
1053            allocation. Only reason why this is done is because this way the lock
1054            is held only once, while this doesn't bring the kernel into a
1055            dangerous state. */
1056         if (tmp.num_counters &&
1057            copy_to_user(tmp.counters, counterstmp,
1058            tmp.num_counters * sizeof(struct ebt_counter))) {
1059                 BUGPRINT("Couldn't copy counters to userspace\n");
1060                 ret = -EFAULT;
1061         }
1062         else
1063                 ret = 0;
1064
1065         /* decrease module count and free resources */
1066         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1067            ebt_cleanup_entry, NULL);
1068
1069         vfree(table->entries);
1070         if (table->chainstack) {
1071                 for_each_possible_cpu(i)
1072                         vfree(table->chainstack[i]);
1073                 vfree(table->chainstack);
1074         }
1075         vfree(table);
1076
1077         vfree(counterstmp);
1078         return ret;
1079
1080 free_unlock:
1081         mutex_unlock(&ebt_mutex);
1082 free_iterate:
1083         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1084            ebt_cleanup_entry, NULL);
1085 free_counterstmp:
1086         vfree(counterstmp);
1087         /* can be initialized in translate_table() */
1088         if (newinfo->chainstack) {
1089                 for_each_possible_cpu(i)
1090                         vfree(newinfo->chainstack[i]);
1091                 vfree(newinfo->chainstack);
1092         }
1093 free_entries:
1094         vfree(newinfo->entries);
1095 free_newinfo:
1096         vfree(newinfo);
1097         return ret;
1098 }
1099
1100 int ebt_register_table(struct ebt_table *table)
1101 {
1102         struct ebt_table_info *newinfo;
1103         struct ebt_table *t;
1104         struct ebt_replace_kernel *repl;
1105         int ret, i, countersize;
1106         void *p;
1107
1108         if (!table || !(repl = table->table) || !repl->entries ||
1109             repl->entries_size == 0 ||
1110             repl->counters || table->private) {
1111                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1112                 return -EINVAL;
1113         }
1114
1115         countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1116         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1117         ret = -ENOMEM;
1118         if (!newinfo)
1119                 return -ENOMEM;
1120
1121         p = vmalloc(repl->entries_size);
1122         if (!p)
1123                 goto free_newinfo;
1124
1125         memcpy(p, repl->entries, repl->entries_size);
1126         newinfo->entries = p;
1127
1128         newinfo->entries_size = repl->entries_size;
1129         newinfo->nentries = repl->nentries;
1130
1131         if (countersize)
1132                 memset(newinfo->counters, 0, countersize);
1133
1134         /* fill in newinfo and parse the entries */
1135         newinfo->chainstack = NULL;
1136         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1137                 if ((repl->valid_hooks & (1 << i)) == 0)
1138                         newinfo->hook_entry[i] = NULL;
1139                 else
1140                         newinfo->hook_entry[i] = p +
1141                                 ((char *)repl->hook_entry[i] - repl->entries);
1142         }
1143         ret = translate_table(repl->name, newinfo);
1144         if (ret != 0) {
1145                 BUGPRINT("Translate_table failed\n");
1146                 goto free_chainstack;
1147         }
1148
1149         if (table->check && table->check(newinfo, table->valid_hooks)) {
1150                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1151                 return -EINVAL;
1152         }
1153
1154         table->private = newinfo;
1155         rwlock_init(&table->lock);
1156         ret = mutex_lock_interruptible(&ebt_mutex);
1157         if (ret != 0)
1158                 goto free_chainstack;
1159
1160         list_for_each_entry(t, &ebt_tables, list) {
1161                 if (strcmp(t->name, table->name) == 0) {
1162                         ret = -EEXIST;
1163                         BUGPRINT("Table name already exists\n");
1164                         goto free_unlock;
1165                 }
1166         }
1167
1168         /* Hold a reference count if the chains aren't empty */
1169         if (newinfo->nentries && !try_module_get(table->me)) {
1170                 ret = -ENOENT;
1171                 goto free_unlock;
1172         }
1173         list_add(&table->list, &ebt_tables);
1174         mutex_unlock(&ebt_mutex);
1175         return 0;
1176 free_unlock:
1177         mutex_unlock(&ebt_mutex);
1178 free_chainstack:
1179         if (newinfo->chainstack) {
1180                 for_each_possible_cpu(i)
1181                         vfree(newinfo->chainstack[i]);
1182                 vfree(newinfo->chainstack);
1183         }
1184         vfree(newinfo->entries);
1185 free_newinfo:
1186         vfree(newinfo);
1187         return ret;
1188 }
1189
1190 void ebt_unregister_table(struct ebt_table *table)
1191 {
1192         int i;
1193
1194         if (!table) {
1195                 BUGPRINT("Request to unregister NULL table!!!\n");
1196                 return;
1197         }
1198         mutex_lock(&ebt_mutex);
1199         list_del(&table->list);
1200         mutex_unlock(&ebt_mutex);
1201         vfree(table->private->entries);
1202         if (table->private->chainstack) {
1203                 for_each_possible_cpu(i)
1204                         vfree(table->private->chainstack[i]);
1205                 vfree(table->private->chainstack);
1206         }
1207         vfree(table->private);
1208 }
1209
1210 /* userspace just supplied us with counters */
1211 static int update_counters(void __user *user, unsigned int len)
1212 {
1213         int i, ret;
1214         struct ebt_counter *tmp;
1215         struct ebt_replace hlp;
1216         struct ebt_table *t;
1217
1218         if (copy_from_user(&hlp, user, sizeof(hlp)))
1219                 return -EFAULT;
1220
1221         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1222                 return -EINVAL;
1223         if (hlp.num_counters == 0)
1224                 return -EINVAL;
1225
1226         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1227                 MEMPRINT("Update_counters && nomemory\n");
1228                 return -ENOMEM;
1229         }
1230
1231         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1232         if (!t)
1233                 goto free_tmp;
1234
1235         if (hlp.num_counters != t->private->nentries) {
1236                 BUGPRINT("Wrong nr of counters\n");
1237                 ret = -EINVAL;
1238                 goto unlock_mutex;
1239         }
1240
1241         if ( copy_from_user(tmp, hlp.counters,
1242            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1243                 BUGPRINT("Updata_counters && !cfu\n");
1244                 ret = -EFAULT;
1245                 goto unlock_mutex;
1246         }
1247
1248         /* we want an atomic add of the counters */
1249         write_lock_bh(&t->lock);
1250
1251         /* we add to the counters of the first cpu */
1252         for (i = 0; i < hlp.num_counters; i++) {
1253                 t->private->counters[i].pcnt += tmp[i].pcnt;
1254                 t->private->counters[i].bcnt += tmp[i].bcnt;
1255         }
1256
1257         write_unlock_bh(&t->lock);
1258         ret = 0;
1259 unlock_mutex:
1260         mutex_unlock(&ebt_mutex);
1261 free_tmp:
1262         vfree(tmp);
1263         return ret;
1264 }
1265
1266 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1267    char *base, char __user *ubase)
1268 {
1269         char __user *hlp = ubase + ((char *)m - base);
1270         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1271                 return -EFAULT;
1272         return 0;
1273 }
1274
1275 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1276    char *base, char __user *ubase)
1277 {
1278         char __user *hlp = ubase + ((char *)w - base);
1279         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1280                 return -EFAULT;
1281         return 0;
1282 }
1283
1284 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1285 {
1286         int ret;
1287         char __user *hlp;
1288         struct ebt_entry_target *t;
1289
1290         if (e->bitmask == 0)
1291                 return 0;
1292
1293         hlp = ubase + (((char *)e + e->target_offset) - base);
1294         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1295
1296         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1297         if (ret != 0)
1298                 return ret;
1299         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1300         if (ret != 0)
1301                 return ret;
1302         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1303                 return -EFAULT;
1304         return 0;
1305 }
1306
1307 /* called with ebt_mutex locked */
1308 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1309    int *len, int cmd)
1310 {
1311         struct ebt_replace tmp;
1312         struct ebt_counter *counterstmp, *oldcounters;
1313         unsigned int entries_size, nentries;
1314         char *entries;
1315
1316         if (cmd == EBT_SO_GET_ENTRIES) {
1317                 entries_size = t->private->entries_size;
1318                 nentries = t->private->nentries;
1319                 entries = t->private->entries;
1320                 oldcounters = t->private->counters;
1321         } else {
1322                 entries_size = t->table->entries_size;
1323                 nentries = t->table->nentries;
1324                 entries = t->table->entries;
1325                 oldcounters = t->table->counters;
1326         }
1327
1328         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1329                 BUGPRINT("Cfu didn't work\n");
1330                 return -EFAULT;
1331         }
1332
1333         if (*len != sizeof(struct ebt_replace) + entries_size +
1334            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1335                 BUGPRINT("Wrong size\n");
1336                 return -EINVAL;
1337         }
1338
1339         if (tmp.nentries != nentries) {
1340                 BUGPRINT("Nentries wrong\n");
1341                 return -EINVAL;
1342         }
1343
1344         if (tmp.entries_size != entries_size) {
1345                 BUGPRINT("Wrong size\n");
1346                 return -EINVAL;
1347         }
1348
1349         /* userspace might not need the counters */
1350         if (tmp.num_counters) {
1351                 if (tmp.num_counters != nentries) {
1352                         BUGPRINT("Num_counters wrong\n");
1353                         return -EINVAL;
1354                 }
1355                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1356                 if (!counterstmp) {
1357                         MEMPRINT("Couldn't copy counters, out of memory\n");
1358                         return -ENOMEM;
1359                 }
1360                 write_lock_bh(&t->lock);
1361                 get_counters(oldcounters, counterstmp, nentries);
1362                 write_unlock_bh(&t->lock);
1363
1364                 if (copy_to_user(tmp.counters, counterstmp,
1365                    nentries * sizeof(struct ebt_counter))) {
1366                         BUGPRINT("Couldn't copy counters to userspace\n");
1367                         vfree(counterstmp);
1368                         return -EFAULT;
1369                 }
1370                 vfree(counterstmp);
1371         }
1372
1373         if (copy_to_user(tmp.entries, entries, entries_size)) {
1374                 BUGPRINT("Couldn't copy entries to userspace\n");
1375                 return -EFAULT;
1376         }
1377         /* set the match/watcher/target names right */
1378         return EBT_ENTRY_ITERATE(entries, entries_size,
1379            ebt_make_names, entries, tmp.entries);
1380 }
1381
1382 static int do_ebt_set_ctl(struct sock *sk,
1383         int cmd, void __user *user, unsigned int len)
1384 {
1385         int ret;
1386
1387         switch(cmd) {
1388         case EBT_SO_SET_ENTRIES:
1389                 ret = do_replace(user, len);
1390                 break;
1391         case EBT_SO_SET_COUNTERS:
1392                 ret = update_counters(user, len);
1393                 break;
1394         default:
1395                 ret = -EINVAL;
1396   }
1397         return ret;
1398 }
1399
1400 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1401 {
1402         int ret;
1403         struct ebt_replace tmp;
1404         struct ebt_table *t;
1405
1406         if (copy_from_user(&tmp, user, sizeof(tmp)))
1407                 return -EFAULT;
1408
1409         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1410         if (!t)
1411                 return ret;
1412
1413         switch(cmd) {
1414         case EBT_SO_GET_INFO:
1415         case EBT_SO_GET_INIT_INFO:
1416                 if (*len != sizeof(struct ebt_replace)){
1417                         ret = -EINVAL;
1418                         mutex_unlock(&ebt_mutex);
1419                         break;
1420                 }
1421                 if (cmd == EBT_SO_GET_INFO) {
1422                         tmp.nentries = t->private->nentries;
1423                         tmp.entries_size = t->private->entries_size;
1424                         tmp.valid_hooks = t->valid_hooks;
1425                 } else {
1426                         tmp.nentries = t->table->nentries;
1427                         tmp.entries_size = t->table->entries_size;
1428                         tmp.valid_hooks = t->table->valid_hooks;
1429                 }
1430                 mutex_unlock(&ebt_mutex);
1431                 if (copy_to_user(user, &tmp, *len) != 0){
1432                         BUGPRINT("c2u Didn't work\n");
1433                         ret = -EFAULT;
1434                         break;
1435                 }
1436                 ret = 0;
1437                 break;
1438
1439         case EBT_SO_GET_ENTRIES:
1440         case EBT_SO_GET_INIT_ENTRIES:
1441                 ret = copy_everything_to_user(t, user, len, cmd);
1442                 mutex_unlock(&ebt_mutex);
1443                 break;
1444
1445         default:
1446                 mutex_unlock(&ebt_mutex);
1447                 ret = -EINVAL;
1448         }
1449
1450         return ret;
1451 }
1452
1453 static struct nf_sockopt_ops ebt_sockopts =
1454 {
1455         .pf             = PF_INET,
1456         .set_optmin     = EBT_BASE_CTL,
1457         .set_optmax     = EBT_SO_SET_MAX + 1,
1458         .set            = do_ebt_set_ctl,
1459         .get_optmin     = EBT_BASE_CTL,
1460         .get_optmax     = EBT_SO_GET_MAX + 1,
1461         .get            = do_ebt_get_ctl,
1462         .owner          = THIS_MODULE,
1463 };
1464
1465 static int __init ebtables_init(void)
1466 {
1467         int ret;
1468
1469         ret = xt_register_target(&ebt_standard_target);
1470         if (ret < 0)
1471                 return ret;
1472         ret = nf_register_sockopt(&ebt_sockopts);
1473         if (ret < 0) {
1474                 xt_unregister_target(&ebt_standard_target);
1475                 return ret;
1476         }
1477
1478         printk(KERN_INFO "Ebtables v2.0 registered\n");
1479         return 0;
1480 }
1481
1482 static void __exit ebtables_fini(void)
1483 {
1484         nf_unregister_sockopt(&ebt_sockopts);
1485         xt_unregister_target(&ebt_standard_target);
1486         printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1487 }
1488
1489 EXPORT_SYMBOL(ebt_register_table);
1490 EXPORT_SYMBOL(ebt_unregister_table);
1491 EXPORT_SYMBOL(ebt_do_table);
1492 module_init(ebtables_init);
1493 module_exit(ebtables_fini);
1494 MODULE_LICENSE("GPL");