netfilter: add struct net * to target parameters
[linux-2.6.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34                                          "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37                                          ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43  * Each cpu has its own set of counters, so there is no need for write_lock in
44  * the softirq
45  * For reading or updating the counters, the user context needs to
46  * get a write_lock
47  */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53    COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58
59 static struct xt_target ebt_standard_target = {
60         .name       = "standard",
61         .revision   = 0,
62         .family     = NFPROTO_BRIDGE,
63         .targetsize = sizeof(int),
64 };
65
66 static inline int
67 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68                struct xt_target_param *par)
69 {
70         par->target   = w->u.watcher;
71         par->targinfo = w->data;
72         w->u.watcher->target(skb, par);
73         /* watchers don't give a verdict */
74         return 0;
75 }
76
77 static inline int ebt_do_match (struct ebt_entry_match *m,
78    const struct sk_buff *skb, struct xt_match_param *par)
79 {
80         par->match     = m->u.match;
81         par->matchinfo = m->data;
82         return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
83 }
84
85 static inline int ebt_dev_check(char *entry, const struct net_device *device)
86 {
87         int i = 0;
88         const char *devname;
89
90         if (*entry == '\0')
91                 return 0;
92         if (!device)
93                 return 1;
94         devname = device->name;
95         /* 1 is the wildcard token */
96         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97                 i++;
98         return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104    const struct net_device *in, const struct net_device *out)
105 {
106         int verdict, i;
107
108         if (e->bitmask & EBT_802_3) {
109                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110                         return 1;
111         } else if (!(e->bitmask & EBT_NOPROTO) &&
112            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113                 return 1;
114
115         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116                 return 1;
117         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118                 return 1;
119         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121                 return 1;
122         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124                 return 1;
125
126         if (e->bitmask & EBT_SOURCEMAC) {
127                 verdict = 0;
128                 for (i = 0; i < 6; i++)
129                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130                            e->sourcemsk[i];
131                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132                         return 1;
133         }
134         if (e->bitmask & EBT_DESTMAC) {
135                 verdict = 0;
136                 for (i = 0; i < 6; i++)
137                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138                            e->destmsk[i];
139                 if (FWINV2(verdict != 0, EBT_IDEST) )
140                         return 1;
141         }
142         return 0;
143 }
144
145 static inline __pure
146 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
147 {
148         return (void *)entry + entry->next_offset;
149 }
150
151 /* Do some firewalling */
152 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
153    const struct net_device *in, const struct net_device *out,
154    struct ebt_table *table)
155 {
156         int i, nentries;
157         struct ebt_entry *point;
158         struct ebt_counter *counter_base, *cb_base;
159         struct ebt_entry_target *t;
160         int verdict, sp = 0;
161         struct ebt_chainstack *cs;
162         struct ebt_entries *chaininfo;
163         char *base;
164         struct ebt_table_info *private;
165         bool hotdrop = false;
166         struct xt_match_param mtpar;
167         struct xt_target_param tgpar;
168
169         mtpar.family  = tgpar.family = NFPROTO_BRIDGE;
170         mtpar.in      = tgpar.in  = in;
171         mtpar.out     = tgpar.out = out;
172         mtpar.hotdrop = &hotdrop;
173         mtpar.hooknum = tgpar.hooknum = hook;
174
175         read_lock_bh(&table->lock);
176         private = table->private;
177         cb_base = COUNTER_BASE(private->counters, private->nentries,
178            smp_processor_id());
179         if (private->chainstack)
180                 cs = private->chainstack[smp_processor_id()];
181         else
182                 cs = NULL;
183         chaininfo = private->hook_entry[hook];
184         nentries = private->hook_entry[hook]->nentries;
185         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
186         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
187         /* base for chain jumps */
188         base = private->entries;
189         i = 0;
190         while (i < nentries) {
191                 if (ebt_basic_match(point, eth_hdr(skb), in, out))
192                         goto letscontinue;
193
194                 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
195                         goto letscontinue;
196                 if (hotdrop) {
197                         read_unlock_bh(&table->lock);
198                         return NF_DROP;
199                 }
200
201                 /* increase counter */
202                 (*(counter_base + i)).pcnt++;
203                 (*(counter_base + i)).bcnt += skb->len;
204
205                 /* these should only watch: not modify, nor tell us
206                    what to do with the packet */
207                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
208
209                 t = (struct ebt_entry_target *)
210                    (((char *)point) + point->target_offset);
211                 /* standard target */
212                 if (!t->u.target->target)
213                         verdict = ((struct ebt_standard_target *)t)->verdict;
214                 else {
215                         tgpar.target   = t->u.target;
216                         tgpar.targinfo = t->data;
217                         verdict = t->u.target->target(skb, &tgpar);
218                 }
219                 if (verdict == EBT_ACCEPT) {
220                         read_unlock_bh(&table->lock);
221                         return NF_ACCEPT;
222                 }
223                 if (verdict == EBT_DROP) {
224                         read_unlock_bh(&table->lock);
225                         return NF_DROP;
226                 }
227                 if (verdict == EBT_RETURN) {
228 letsreturn:
229 #ifdef CONFIG_NETFILTER_DEBUG
230                         if (sp == 0) {
231                                 BUGPRINT("RETURN on base chain");
232                                 /* act like this is EBT_CONTINUE */
233                                 goto letscontinue;
234                         }
235 #endif
236                         sp--;
237                         /* put all the local variables right */
238                         i = cs[sp].n;
239                         chaininfo = cs[sp].chaininfo;
240                         nentries = chaininfo->nentries;
241                         point = cs[sp].e;
242                         counter_base = cb_base +
243                            chaininfo->counter_offset;
244                         continue;
245                 }
246                 if (verdict == EBT_CONTINUE)
247                         goto letscontinue;
248 #ifdef CONFIG_NETFILTER_DEBUG
249                 if (verdict < 0) {
250                         BUGPRINT("bogus standard verdict\n");
251                         read_unlock_bh(&table->lock);
252                         return NF_DROP;
253                 }
254 #endif
255                 /* jump to a udc */
256                 cs[sp].n = i + 1;
257                 cs[sp].chaininfo = chaininfo;
258                 cs[sp].e = ebt_next_entry(point);
259                 i = 0;
260                 chaininfo = (struct ebt_entries *) (base + verdict);
261 #ifdef CONFIG_NETFILTER_DEBUG
262                 if (chaininfo->distinguisher) {
263                         BUGPRINT("jump to non-chain\n");
264                         read_unlock_bh(&table->lock);
265                         return NF_DROP;
266                 }
267 #endif
268                 nentries = chaininfo->nentries;
269                 point = (struct ebt_entry *)chaininfo->data;
270                 counter_base = cb_base + chaininfo->counter_offset;
271                 sp++;
272                 continue;
273 letscontinue:
274                 point = ebt_next_entry(point);
275                 i++;
276         }
277
278         /* I actually like this :) */
279         if (chaininfo->policy == EBT_RETURN)
280                 goto letsreturn;
281         if (chaininfo->policy == EBT_ACCEPT) {
282                 read_unlock_bh(&table->lock);
283                 return NF_ACCEPT;
284         }
285         read_unlock_bh(&table->lock);
286         return NF_DROP;
287 }
288
289 /* If it succeeds, returns element and locks mutex */
290 static inline void *
291 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
292    struct mutex *mutex)
293 {
294         struct {
295                 struct list_head list;
296                 char name[EBT_FUNCTION_MAXNAMELEN];
297         } *e;
298
299         *error = mutex_lock_interruptible(mutex);
300         if (*error != 0)
301                 return NULL;
302
303         list_for_each_entry(e, head, list) {
304                 if (strcmp(e->name, name) == 0)
305                         return e;
306         }
307         *error = -ENOENT;
308         mutex_unlock(mutex);
309         return NULL;
310 }
311
312 static void *
313 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
314    int *error, struct mutex *mutex)
315 {
316         return try_then_request_module(
317                         find_inlist_lock_noload(head, name, error, mutex),
318                         "%s%s", prefix, name);
319 }
320
321 static inline struct ebt_table *
322 find_table_lock(struct net *net, const char *name, int *error,
323                 struct mutex *mutex)
324 {
325         return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
326                                 "ebtable_", error, mutex);
327 }
328
329 static inline int
330 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
331                 unsigned int *cnt)
332 {
333         const struct ebt_entry *e = par->entryinfo;
334         struct xt_match *match;
335         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
336         int ret;
337
338         if (left < sizeof(struct ebt_entry_match) ||
339             left - sizeof(struct ebt_entry_match) < m->match_size)
340                 return -EINVAL;
341
342         match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
343                 m->u.name, 0), "ebt_%s", m->u.name);
344         if (IS_ERR(match))
345                 return PTR_ERR(match);
346         if (match == NULL)
347                 return -ENOENT;
348         m->u.match = match;
349
350         par->match     = match;
351         par->matchinfo = m->data;
352         ret = xt_check_match(par, m->match_size,
353               e->ethproto, e->invflags & EBT_IPROTO);
354         if (ret < 0) {
355                 module_put(match->me);
356                 return ret;
357         }
358
359         (*cnt)++;
360         return 0;
361 }
362
363 static inline int
364 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
365                   unsigned int *cnt)
366 {
367         const struct ebt_entry *e = par->entryinfo;
368         struct xt_target *watcher;
369         size_t left = ((char *)e + e->target_offset) - (char *)w;
370         int ret;
371
372         if (left < sizeof(struct ebt_entry_watcher) ||
373            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
374                 return -EINVAL;
375
376         watcher = try_then_request_module(
377                   xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
378                   "ebt_%s", w->u.name);
379         if (IS_ERR(watcher))
380                 return PTR_ERR(watcher);
381         if (watcher == NULL)
382                 return -ENOENT;
383         w->u.watcher = watcher;
384
385         par->target   = watcher;
386         par->targinfo = w->data;
387         ret = xt_check_target(par, w->watcher_size,
388               e->ethproto, e->invflags & EBT_IPROTO);
389         if (ret < 0) {
390                 module_put(watcher->me);
391                 return ret;
392         }
393
394         (*cnt)++;
395         return 0;
396 }
397
398 static int ebt_verify_pointers(struct ebt_replace *repl,
399                                struct ebt_table_info *newinfo)
400 {
401         unsigned int limit = repl->entries_size;
402         unsigned int valid_hooks = repl->valid_hooks;
403         unsigned int offset = 0;
404         int i;
405
406         for (i = 0; i < NF_BR_NUMHOOKS; i++)
407                 newinfo->hook_entry[i] = NULL;
408
409         newinfo->entries_size = repl->entries_size;
410         newinfo->nentries = repl->nentries;
411
412         while (offset < limit) {
413                 size_t left = limit - offset;
414                 struct ebt_entry *e = (void *)newinfo->entries + offset;
415
416                 if (left < sizeof(unsigned int))
417                         break;
418
419                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
420                         if ((valid_hooks & (1 << i)) == 0)
421                                 continue;
422                         if ((char __user *)repl->hook_entry[i] ==
423                              repl->entries + offset)
424                                 break;
425                 }
426
427                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
428                         if (e->bitmask != 0) {
429                                 /* we make userspace set this right,
430                                    so there is no misunderstanding */
431                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
432                                          "in distinguisher\n");
433                                 return -EINVAL;
434                         }
435                         if (i != NF_BR_NUMHOOKS)
436                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
437                         if (left < sizeof(struct ebt_entries))
438                                 break;
439                         offset += sizeof(struct ebt_entries);
440                 } else {
441                         if (left < sizeof(struct ebt_entry))
442                                 break;
443                         if (left < e->next_offset)
444                                 break;
445                         offset += e->next_offset;
446                 }
447         }
448         if (offset != limit) {
449                 BUGPRINT("entries_size too small\n");
450                 return -EINVAL;
451         }
452
453         /* check if all valid hooks have a chain */
454         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
455                 if (!newinfo->hook_entry[i] &&
456                    (valid_hooks & (1 << i))) {
457                         BUGPRINT("Valid hook without chain\n");
458                         return -EINVAL;
459                 }
460         }
461         return 0;
462 }
463
464 /*
465  * this one is very careful, as it is the first function
466  * to parse the userspace data
467  */
468 static inline int
469 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
470    struct ebt_table_info *newinfo,
471    unsigned int *n, unsigned int *cnt,
472    unsigned int *totalcnt, unsigned int *udc_cnt)
473 {
474         int i;
475
476         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
477                 if ((void *)e == (void *)newinfo->hook_entry[i])
478                         break;
479         }
480         /* beginning of a new chain
481            if i == NF_BR_NUMHOOKS it must be a user defined chain */
482         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
483                 /* this checks if the previous chain has as many entries
484                    as it said it has */
485                 if (*n != *cnt) {
486                         BUGPRINT("nentries does not equal the nr of entries "
487                                  "in the chain\n");
488                         return -EINVAL;
489                 }
490                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492                         /* only RETURN from udc */
493                         if (i != NF_BR_NUMHOOKS ||
494                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495                                 BUGPRINT("bad policy\n");
496                                 return -EINVAL;
497                         }
498                 }
499                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500                         (*udc_cnt)++;
501                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502                         BUGPRINT("counter_offset != totalcnt");
503                         return -EINVAL;
504                 }
505                 *n = ((struct ebt_entries *)e)->nentries;
506                 *cnt = 0;
507                 return 0;
508         }
509         /* a plain old entry, heh */
510         if (sizeof(struct ebt_entry) > e->watchers_offset ||
511            e->watchers_offset > e->target_offset ||
512            e->target_offset >= e->next_offset) {
513                 BUGPRINT("entry offsets not in right order\n");
514                 return -EINVAL;
515         }
516         /* this is not checked anywhere else */
517         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518                 BUGPRINT("target size too small\n");
519                 return -EINVAL;
520         }
521         (*cnt)++;
522         (*totalcnt)++;
523         return 0;
524 }
525
526 struct ebt_cl_stack
527 {
528         struct ebt_chainstack cs;
529         int from;
530         unsigned int hookmask;
531 };
532
533 /*
534  * we need these positions to check that the jumps to a different part of the
535  * entries is a jump to the beginning of a new chain.
536  */
537 static inline int
538 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
539    unsigned int *n, struct ebt_cl_stack *udc)
540 {
541         int i;
542
543         /* we're only interested in chain starts */
544         if (e->bitmask)
545                 return 0;
546         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
547                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
548                         break;
549         }
550         /* only care about udc */
551         if (i != NF_BR_NUMHOOKS)
552                 return 0;
553
554         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
555         /* these initialisations are depended on later in check_chainloops() */
556         udc[*n].cs.n = 0;
557         udc[*n].hookmask = 0;
558
559         (*n)++;
560         return 0;
561 }
562
563 static inline int
564 ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
565 {
566         struct xt_mtdtor_param par;
567
568         if (i && (*i)-- == 0)
569                 return 1;
570
571         par.net       = net;
572         par.match     = m->u.match;
573         par.matchinfo = m->data;
574         par.family    = NFPROTO_BRIDGE;
575         if (par.match->destroy != NULL)
576                 par.match->destroy(&par);
577         module_put(par.match->me);
578         return 0;
579 }
580
581 static inline int
582 ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
583 {
584         struct xt_tgdtor_param par;
585
586         if (i && (*i)-- == 0)
587                 return 1;
588
589         par.net      = net;
590         par.target   = w->u.watcher;
591         par.targinfo = w->data;
592         par.family   = NFPROTO_BRIDGE;
593         if (par.target->destroy != NULL)
594                 par.target->destroy(&par);
595         module_put(par.target->me);
596         return 0;
597 }
598
599 static inline int
600 ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
601 {
602         struct xt_tgdtor_param par;
603         struct ebt_entry_target *t;
604
605         if (e->bitmask == 0)
606                 return 0;
607         /* we're done */
608         if (cnt && (*cnt)-- == 0)
609                 return 1;
610         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
611         EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
612         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
613
614         par.net      = net;
615         par.target   = t->u.target;
616         par.targinfo = t->data;
617         par.family   = NFPROTO_BRIDGE;
618         if (par.target->destroy != NULL)
619                 par.target->destroy(&par);
620         module_put(par.target->me);
621         return 0;
622 }
623
624 static inline int
625 ebt_check_entry(struct ebt_entry *e,
626    struct net *net,
627    struct ebt_table_info *newinfo,
628    const char *name, unsigned int *cnt,
629    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
630 {
631         struct ebt_entry_target *t;
632         struct xt_target *target;
633         unsigned int i, j, hook = 0, hookmask = 0;
634         size_t gap;
635         int ret;
636         struct xt_mtchk_param mtpar;
637         struct xt_tgchk_param tgpar;
638
639         /* don't mess with the struct ebt_entries */
640         if (e->bitmask == 0)
641                 return 0;
642
643         if (e->bitmask & ~EBT_F_MASK) {
644                 BUGPRINT("Unknown flag for bitmask\n");
645                 return -EINVAL;
646         }
647         if (e->invflags & ~EBT_INV_MASK) {
648                 BUGPRINT("Unknown flag for inv bitmask\n");
649                 return -EINVAL;
650         }
651         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
652                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
653                 return -EINVAL;
654         }
655         /* what hook do we belong to? */
656         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
657                 if (!newinfo->hook_entry[i])
658                         continue;
659                 if ((char *)newinfo->hook_entry[i] < (char *)e)
660                         hook = i;
661                 else
662                         break;
663         }
664         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
665            a base chain */
666         if (i < NF_BR_NUMHOOKS)
667                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
668         else {
669                 for (i = 0; i < udc_cnt; i++)
670                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
671                                 break;
672                 if (i == 0)
673                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
674                 else
675                         hookmask = cl_s[i - 1].hookmask;
676         }
677         i = 0;
678
679         mtpar.net       = tgpar.net       = net;
680         mtpar.table     = tgpar.table     = name;
681         mtpar.entryinfo = tgpar.entryinfo = e;
682         mtpar.hook_mask = tgpar.hook_mask = hookmask;
683         mtpar.family    = tgpar.family    = NFPROTO_BRIDGE;
684         ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
685         if (ret != 0)
686                 goto cleanup_matches;
687         j = 0;
688         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
689         if (ret != 0)
690                 goto cleanup_watchers;
691         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
692         gap = e->next_offset - e->target_offset;
693
694         target = try_then_request_module(
695                  xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
696                  "ebt_%s", t->u.name);
697         if (IS_ERR(target)) {
698                 ret = PTR_ERR(target);
699                 goto cleanup_watchers;
700         } else if (target == NULL) {
701                 ret = -ENOENT;
702                 goto cleanup_watchers;
703         }
704
705         t->u.target = target;
706         if (t->u.target == &ebt_standard_target) {
707                 if (gap < sizeof(struct ebt_standard_target)) {
708                         BUGPRINT("Standard target size too big\n");
709                         ret = -EFAULT;
710                         goto cleanup_watchers;
711                 }
712                 if (((struct ebt_standard_target *)t)->verdict <
713                    -NUM_STANDARD_TARGETS) {
714                         BUGPRINT("Invalid standard target\n");
715                         ret = -EFAULT;
716                         goto cleanup_watchers;
717                 }
718         } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
719                 module_put(t->u.target->me);
720                 ret = -EFAULT;
721                 goto cleanup_watchers;
722         }
723
724         tgpar.target   = target;
725         tgpar.targinfo = t->data;
726         ret = xt_check_target(&tgpar, t->target_size,
727               e->ethproto, e->invflags & EBT_IPROTO);
728         if (ret < 0) {
729                 module_put(target->me);
730                 goto cleanup_watchers;
731         }
732         (*cnt)++;
733         return 0;
734 cleanup_watchers:
735         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
736 cleanup_matches:
737         EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
738         return ret;
739 }
740
741 /*
742  * checks for loops and sets the hook mask for udc
743  * the hook mask for udc tells us from which base chains the udc can be
744  * accessed. This mask is a parameter to the check() functions of the extensions
745  */
746 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
747    unsigned int udc_cnt, unsigned int hooknr, char *base)
748 {
749         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
750         struct ebt_entry *e = (struct ebt_entry *)chain->data;
751         struct ebt_entry_target *t;
752
753         while (pos < nentries || chain_nr != -1) {
754                 /* end of udc, go back one 'recursion' step */
755                 if (pos == nentries) {
756                         /* put back values of the time when this chain was called */
757                         e = cl_s[chain_nr].cs.e;
758                         if (cl_s[chain_nr].from != -1)
759                                 nentries =
760                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
761                         else
762                                 nentries = chain->nentries;
763                         pos = cl_s[chain_nr].cs.n;
764                         /* make sure we won't see a loop that isn't one */
765                         cl_s[chain_nr].cs.n = 0;
766                         chain_nr = cl_s[chain_nr].from;
767                         if (pos == nentries)
768                                 continue;
769                 }
770                 t = (struct ebt_entry_target *)
771                    (((char *)e) + e->target_offset);
772                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
773                         goto letscontinue;
774                 if (e->target_offset + sizeof(struct ebt_standard_target) >
775                    e->next_offset) {
776                         BUGPRINT("Standard target size too big\n");
777                         return -1;
778                 }
779                 verdict = ((struct ebt_standard_target *)t)->verdict;
780                 if (verdict >= 0) { /* jump to another chain */
781                         struct ebt_entries *hlp2 =
782                            (struct ebt_entries *)(base + verdict);
783                         for (i = 0; i < udc_cnt; i++)
784                                 if (hlp2 == cl_s[i].cs.chaininfo)
785                                         break;
786                         /* bad destination or loop */
787                         if (i == udc_cnt) {
788                                 BUGPRINT("bad destination\n");
789                                 return -1;
790                         }
791                         if (cl_s[i].cs.n) {
792                                 BUGPRINT("loop\n");
793                                 return -1;
794                         }
795                         if (cl_s[i].hookmask & (1 << hooknr))
796                                 goto letscontinue;
797                         /* this can't be 0, so the loop test is correct */
798                         cl_s[i].cs.n = pos + 1;
799                         pos = 0;
800                         cl_s[i].cs.e = ebt_next_entry(e);
801                         e = (struct ebt_entry *)(hlp2->data);
802                         nentries = hlp2->nentries;
803                         cl_s[i].from = chain_nr;
804                         chain_nr = i;
805                         /* this udc is accessible from the base chain for hooknr */
806                         cl_s[i].hookmask |= (1 << hooknr);
807                         continue;
808                 }
809 letscontinue:
810                 e = ebt_next_entry(e);
811                 pos++;
812         }
813         return 0;
814 }
815
816 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
817 static int translate_table(struct net *net, char *name,
818                            struct ebt_table_info *newinfo)
819 {
820         unsigned int i, j, k, udc_cnt;
821         int ret;
822         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
823
824         i = 0;
825         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
826                 i++;
827         if (i == NF_BR_NUMHOOKS) {
828                 BUGPRINT("No valid hooks specified\n");
829                 return -EINVAL;
830         }
831         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
832                 BUGPRINT("Chains don't start at beginning\n");
833                 return -EINVAL;
834         }
835         /* make sure chains are ordered after each other in same order
836            as their corresponding hooks */
837         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
838                 if (!newinfo->hook_entry[j])
839                         continue;
840                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
841                         BUGPRINT("Hook order must be followed\n");
842                         return -EINVAL;
843                 }
844                 i = j;
845         }
846
847         /* do some early checkings and initialize some things */
848         i = 0; /* holds the expected nr. of entries for the chain */
849         j = 0; /* holds the up to now counted entries for the chain */
850         k = 0; /* holds the total nr. of entries, should equal
851                   newinfo->nentries afterwards */
852         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
853         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
854            ebt_check_entry_size_and_hooks, newinfo,
855            &i, &j, &k, &udc_cnt);
856
857         if (ret != 0)
858                 return ret;
859
860         if (i != j) {
861                 BUGPRINT("nentries does not equal the nr of entries in the "
862                          "(last) chain\n");
863                 return -EINVAL;
864         }
865         if (k != newinfo->nentries) {
866                 BUGPRINT("Total nentries is wrong\n");
867                 return -EINVAL;
868         }
869
870         /* get the location of the udc, put them in an array
871            while we're at it, allocate the chainstack */
872         if (udc_cnt) {
873                 /* this will get free'd in do_replace()/ebt_register_table()
874                    if an error occurs */
875                 newinfo->chainstack =
876                         vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
877                 if (!newinfo->chainstack)
878                         return -ENOMEM;
879                 for_each_possible_cpu(i) {
880                         newinfo->chainstack[i] =
881                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
882                         if (!newinfo->chainstack[i]) {
883                                 while (i)
884                                         vfree(newinfo->chainstack[--i]);
885                                 vfree(newinfo->chainstack);
886                                 newinfo->chainstack = NULL;
887                                 return -ENOMEM;
888                         }
889                 }
890
891                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
892                 if (!cl_s)
893                         return -ENOMEM;
894                 i = 0; /* the i'th udc */
895                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
896                    ebt_get_udc_positions, newinfo, &i, cl_s);
897                 /* sanity check */
898                 if (i != udc_cnt) {
899                         BUGPRINT("i != udc_cnt\n");
900                         vfree(cl_s);
901                         return -EFAULT;
902                 }
903         }
904
905         /* Check for loops */
906         for (i = 0; i < NF_BR_NUMHOOKS; i++)
907                 if (newinfo->hook_entry[i])
908                         if (check_chainloops(newinfo->hook_entry[i],
909                            cl_s, udc_cnt, i, newinfo->entries)) {
910                                 vfree(cl_s);
911                                 return -EINVAL;
912                         }
913
914         /* we now know the following (along with E=mc²):
915            - the nr of entries in each chain is right
916            - the size of the allocated space is right
917            - all valid hooks have a corresponding chain
918            - there are no loops
919            - wrong data can still be on the level of a single entry
920            - could be there are jumps to places that are not the
921              beginning of a chain. This can only occur in chains that
922              are not accessible from any base chains, so we don't care. */
923
924         /* used to know what we need to clean up if something goes wrong */
925         i = 0;
926         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
927            ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
928         if (ret != 0) {
929                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
930                                   ebt_cleanup_entry, net, &i);
931         }
932         vfree(cl_s);
933         return ret;
934 }
935
936 /* called under write_lock */
937 static void get_counters(struct ebt_counter *oldcounters,
938    struct ebt_counter *counters, unsigned int nentries)
939 {
940         int i, cpu;
941         struct ebt_counter *counter_base;
942
943         /* counters of cpu 0 */
944         memcpy(counters, oldcounters,
945                sizeof(struct ebt_counter) * nentries);
946
947         /* add other counters to those of cpu 0 */
948         for_each_possible_cpu(cpu) {
949                 if (cpu == 0)
950                         continue;
951                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
952                 for (i = 0; i < nentries; i++) {
953                         counters[i].pcnt += counter_base[i].pcnt;
954                         counters[i].bcnt += counter_base[i].bcnt;
955                 }
956         }
957 }
958
959 /* replace the table */
960 static int do_replace(struct net *net, void __user *user, unsigned int len)
961 {
962         int ret, i, countersize;
963         struct ebt_table_info *newinfo;
964         struct ebt_replace tmp;
965         struct ebt_table *t;
966         struct ebt_counter *counterstmp = NULL;
967         /* used to be able to unlock earlier */
968         struct ebt_table_info *table;
969
970         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
971                 return -EFAULT;
972
973         if (len != sizeof(tmp) + tmp.entries_size) {
974                 BUGPRINT("Wrong len argument\n");
975                 return -EINVAL;
976         }
977
978         if (tmp.entries_size == 0) {
979                 BUGPRINT("Entries_size never zero\n");
980                 return -EINVAL;
981         }
982         /* overflow check */
983         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
984                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
985                 return -ENOMEM;
986         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
987                 return -ENOMEM;
988
989         countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
990         newinfo = vmalloc(sizeof(*newinfo) + countersize);
991         if (!newinfo)
992                 return -ENOMEM;
993
994         if (countersize)
995                 memset(newinfo->counters, 0, countersize);
996
997         newinfo->entries = vmalloc(tmp.entries_size);
998         if (!newinfo->entries) {
999                 ret = -ENOMEM;
1000                 goto free_newinfo;
1001         }
1002         if (copy_from_user(
1003            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1004                 BUGPRINT("Couldn't copy entries from userspace\n");
1005                 ret = -EFAULT;
1006                 goto free_entries;
1007         }
1008
1009         /* the user wants counters back
1010            the check on the size is done later, when we have the lock */
1011         if (tmp.num_counters) {
1012                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1013                 if (!counterstmp) {
1014                         ret = -ENOMEM;
1015                         goto free_entries;
1016                 }
1017         }
1018         else
1019                 counterstmp = NULL;
1020
1021         /* this can get initialized by translate_table() */
1022         newinfo->chainstack = NULL;
1023         ret = ebt_verify_pointers(&tmp, newinfo);
1024         if (ret != 0)
1025                 goto free_counterstmp;
1026
1027         ret = translate_table(net, tmp.name, newinfo);
1028
1029         if (ret != 0)
1030                 goto free_counterstmp;
1031
1032         t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1033         if (!t) {
1034                 ret = -ENOENT;
1035                 goto free_iterate;
1036         }
1037
1038         /* the table doesn't like it */
1039         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1040                 goto free_unlock;
1041
1042         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1043                 BUGPRINT("Wrong nr. of counters requested\n");
1044                 ret = -EINVAL;
1045                 goto free_unlock;
1046         }
1047
1048         /* we have the mutex lock, so no danger in reading this pointer */
1049         table = t->private;
1050         /* make sure the table can only be rmmod'ed if it contains no rules */
1051         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1052                 ret = -ENOENT;
1053                 goto free_unlock;
1054         } else if (table->nentries && !newinfo->nentries)
1055                 module_put(t->me);
1056         /* we need an atomic snapshot of the counters */
1057         write_lock_bh(&t->lock);
1058         if (tmp.num_counters)
1059                 get_counters(t->private->counters, counterstmp,
1060                    t->private->nentries);
1061
1062         t->private = newinfo;
1063         write_unlock_bh(&t->lock);
1064         mutex_unlock(&ebt_mutex);
1065         /* so, a user can change the chains while having messed up her counter
1066            allocation. Only reason why this is done is because this way the lock
1067            is held only once, while this doesn't bring the kernel into a
1068            dangerous state. */
1069         if (tmp.num_counters &&
1070            copy_to_user(tmp.counters, counterstmp,
1071            tmp.num_counters * sizeof(struct ebt_counter))) {
1072                 BUGPRINT("Couldn't copy counters to userspace\n");
1073                 ret = -EFAULT;
1074         }
1075         else
1076                 ret = 0;
1077
1078         /* decrease module count and free resources */
1079         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1080                           ebt_cleanup_entry, net, NULL);
1081
1082         vfree(table->entries);
1083         if (table->chainstack) {
1084                 for_each_possible_cpu(i)
1085                         vfree(table->chainstack[i]);
1086                 vfree(table->chainstack);
1087         }
1088         vfree(table);
1089
1090         vfree(counterstmp);
1091         return ret;
1092
1093 free_unlock:
1094         mutex_unlock(&ebt_mutex);
1095 free_iterate:
1096         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1097                           ebt_cleanup_entry, net, NULL);
1098 free_counterstmp:
1099         vfree(counterstmp);
1100         /* can be initialized in translate_table() */
1101         if (newinfo->chainstack) {
1102                 for_each_possible_cpu(i)
1103                         vfree(newinfo->chainstack[i]);
1104                 vfree(newinfo->chainstack);
1105         }
1106 free_entries:
1107         vfree(newinfo->entries);
1108 free_newinfo:
1109         vfree(newinfo);
1110         return ret;
1111 }
1112
1113 struct ebt_table *
1114 ebt_register_table(struct net *net, const struct ebt_table *input_table)
1115 {
1116         struct ebt_table_info *newinfo;
1117         struct ebt_table *t, *table;
1118         struct ebt_replace_kernel *repl;
1119         int ret, i, countersize;
1120         void *p;
1121
1122         if (input_table == NULL || (repl = input_table->table) == NULL ||
1123             repl->entries == 0 || repl->entries_size == 0 ||
1124             repl->counters != NULL || input_table->private != NULL) {
1125                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1126                 return ERR_PTR(-EINVAL);
1127         }
1128
1129         /* Don't add one table to multiple lists. */
1130         table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1131         if (!table) {
1132                 ret = -ENOMEM;
1133                 goto out;
1134         }
1135
1136         countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1137         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1138         ret = -ENOMEM;
1139         if (!newinfo)
1140                 goto free_table;
1141
1142         p = vmalloc(repl->entries_size);
1143         if (!p)
1144                 goto free_newinfo;
1145
1146         memcpy(p, repl->entries, repl->entries_size);
1147         newinfo->entries = p;
1148
1149         newinfo->entries_size = repl->entries_size;
1150         newinfo->nentries = repl->nentries;
1151
1152         if (countersize)
1153                 memset(newinfo->counters, 0, countersize);
1154
1155         /* fill in newinfo and parse the entries */
1156         newinfo->chainstack = NULL;
1157         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1158                 if ((repl->valid_hooks & (1 << i)) == 0)
1159                         newinfo->hook_entry[i] = NULL;
1160                 else
1161                         newinfo->hook_entry[i] = p +
1162                                 ((char *)repl->hook_entry[i] - repl->entries);
1163         }
1164         ret = translate_table(net, repl->name, newinfo);
1165         if (ret != 0) {
1166                 BUGPRINT("Translate_table failed\n");
1167                 goto free_chainstack;
1168         }
1169
1170         if (table->check && table->check(newinfo, table->valid_hooks)) {
1171                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1172                 return ERR_PTR(-EINVAL);
1173         }
1174
1175         table->private = newinfo;
1176         rwlock_init(&table->lock);
1177         ret = mutex_lock_interruptible(&ebt_mutex);
1178         if (ret != 0)
1179                 goto free_chainstack;
1180
1181         list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1182                 if (strcmp(t->name, table->name) == 0) {
1183                         ret = -EEXIST;
1184                         BUGPRINT("Table name already exists\n");
1185                         goto free_unlock;
1186                 }
1187         }
1188
1189         /* Hold a reference count if the chains aren't empty */
1190         if (newinfo->nentries && !try_module_get(table->me)) {
1191                 ret = -ENOENT;
1192                 goto free_unlock;
1193         }
1194         list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1195         mutex_unlock(&ebt_mutex);
1196         return table;
1197 free_unlock:
1198         mutex_unlock(&ebt_mutex);
1199 free_chainstack:
1200         if (newinfo->chainstack) {
1201                 for_each_possible_cpu(i)
1202                         vfree(newinfo->chainstack[i]);
1203                 vfree(newinfo->chainstack);
1204         }
1205         vfree(newinfo->entries);
1206 free_newinfo:
1207         vfree(newinfo);
1208 free_table:
1209         kfree(table);
1210 out:
1211         return ERR_PTR(ret);
1212 }
1213
1214 void ebt_unregister_table(struct net *net, struct ebt_table *table)
1215 {
1216         int i;
1217
1218         if (!table) {
1219                 BUGPRINT("Request to unregister NULL table!!!\n");
1220                 return;
1221         }
1222         mutex_lock(&ebt_mutex);
1223         list_del(&table->list);
1224         mutex_unlock(&ebt_mutex);
1225         EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1226                           ebt_cleanup_entry, net, NULL);
1227         if (table->private->nentries)
1228                 module_put(table->me);
1229         vfree(table->private->entries);
1230         if (table->private->chainstack) {
1231                 for_each_possible_cpu(i)
1232                         vfree(table->private->chainstack[i]);
1233                 vfree(table->private->chainstack);
1234         }
1235         vfree(table->private);
1236         kfree(table);
1237 }
1238
1239 /* userspace just supplied us with counters */
1240 static int update_counters(struct net *net, void __user *user, unsigned int len)
1241 {
1242         int i, ret;
1243         struct ebt_counter *tmp;
1244         struct ebt_replace hlp;
1245         struct ebt_table *t;
1246
1247         if (copy_from_user(&hlp, user, sizeof(hlp)))
1248                 return -EFAULT;
1249
1250         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1251                 return -EINVAL;
1252         if (hlp.num_counters == 0)
1253                 return -EINVAL;
1254
1255         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1256                 MEMPRINT("Update_counters && nomemory\n");
1257                 return -ENOMEM;
1258         }
1259
1260         t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1261         if (!t)
1262                 goto free_tmp;
1263
1264         if (hlp.num_counters != t->private->nentries) {
1265                 BUGPRINT("Wrong nr of counters\n");
1266                 ret = -EINVAL;
1267                 goto unlock_mutex;
1268         }
1269
1270         if ( copy_from_user(tmp, hlp.counters,
1271            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1272                 BUGPRINT("Updata_counters && !cfu\n");
1273                 ret = -EFAULT;
1274                 goto unlock_mutex;
1275         }
1276
1277         /* we want an atomic add of the counters */
1278         write_lock_bh(&t->lock);
1279
1280         /* we add to the counters of the first cpu */
1281         for (i = 0; i < hlp.num_counters; i++) {
1282                 t->private->counters[i].pcnt += tmp[i].pcnt;
1283                 t->private->counters[i].bcnt += tmp[i].bcnt;
1284         }
1285
1286         write_unlock_bh(&t->lock);
1287         ret = 0;
1288 unlock_mutex:
1289         mutex_unlock(&ebt_mutex);
1290 free_tmp:
1291         vfree(tmp);
1292         return ret;
1293 }
1294
1295 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1296    char *base, char __user *ubase)
1297 {
1298         char __user *hlp = ubase + ((char *)m - base);
1299         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1300                 return -EFAULT;
1301         return 0;
1302 }
1303
1304 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1305    char *base, char __user *ubase)
1306 {
1307         char __user *hlp = ubase + ((char *)w - base);
1308         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1309                 return -EFAULT;
1310         return 0;
1311 }
1312
1313 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1314 {
1315         int ret;
1316         char __user *hlp;
1317         struct ebt_entry_target *t;
1318
1319         if (e->bitmask == 0)
1320                 return 0;
1321
1322         hlp = ubase + (((char *)e + e->target_offset) - base);
1323         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1324
1325         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1326         if (ret != 0)
1327                 return ret;
1328         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1329         if (ret != 0)
1330                 return ret;
1331         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1332                 return -EFAULT;
1333         return 0;
1334 }
1335
1336 /* called with ebt_mutex locked */
1337 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1338    int *len, int cmd)
1339 {
1340         struct ebt_replace tmp;
1341         struct ebt_counter *counterstmp, *oldcounters;
1342         unsigned int entries_size, nentries;
1343         char *entries;
1344
1345         if (cmd == EBT_SO_GET_ENTRIES) {
1346                 entries_size = t->private->entries_size;
1347                 nentries = t->private->nentries;
1348                 entries = t->private->entries;
1349                 oldcounters = t->private->counters;
1350         } else {
1351                 entries_size = t->table->entries_size;
1352                 nentries = t->table->nentries;
1353                 entries = t->table->entries;
1354                 oldcounters = t->table->counters;
1355         }
1356
1357         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1358                 BUGPRINT("Cfu didn't work\n");
1359                 return -EFAULT;
1360         }
1361
1362         if (*len != sizeof(struct ebt_replace) + entries_size +
1363            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1364                 BUGPRINT("Wrong size\n");
1365                 return -EINVAL;
1366         }
1367
1368         if (tmp.nentries != nentries) {
1369                 BUGPRINT("Nentries wrong\n");
1370                 return -EINVAL;
1371         }
1372
1373         if (tmp.entries_size != entries_size) {
1374                 BUGPRINT("Wrong size\n");
1375                 return -EINVAL;
1376         }
1377
1378         /* userspace might not need the counters */
1379         if (tmp.num_counters) {
1380                 if (tmp.num_counters != nentries) {
1381                         BUGPRINT("Num_counters wrong\n");
1382                         return -EINVAL;
1383                 }
1384                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1385                 if (!counterstmp) {
1386                         MEMPRINT("Couldn't copy counters, out of memory\n");
1387                         return -ENOMEM;
1388                 }
1389                 write_lock_bh(&t->lock);
1390                 get_counters(oldcounters, counterstmp, nentries);
1391                 write_unlock_bh(&t->lock);
1392
1393                 if (copy_to_user(tmp.counters, counterstmp,
1394                    nentries * sizeof(struct ebt_counter))) {
1395                         BUGPRINT("Couldn't copy counters to userspace\n");
1396                         vfree(counterstmp);
1397                         return -EFAULT;
1398                 }
1399                 vfree(counterstmp);
1400         }
1401
1402         if (copy_to_user(tmp.entries, entries, entries_size)) {
1403                 BUGPRINT("Couldn't copy entries to userspace\n");
1404                 return -EFAULT;
1405         }
1406         /* set the match/watcher/target names right */
1407         return EBT_ENTRY_ITERATE(entries, entries_size,
1408            ebt_make_names, entries, tmp.entries);
1409 }
1410
1411 static int do_ebt_set_ctl(struct sock *sk,
1412         int cmd, void __user *user, unsigned int len)
1413 {
1414         int ret;
1415
1416         switch(cmd) {
1417         case EBT_SO_SET_ENTRIES:
1418                 ret = do_replace(sock_net(sk), user, len);
1419                 break;
1420         case EBT_SO_SET_COUNTERS:
1421                 ret = update_counters(sock_net(sk), user, len);
1422                 break;
1423         default:
1424                 ret = -EINVAL;
1425   }
1426         return ret;
1427 }
1428
1429 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1430 {
1431         int ret;
1432         struct ebt_replace tmp;
1433         struct ebt_table *t;
1434
1435         if (copy_from_user(&tmp, user, sizeof(tmp)))
1436                 return -EFAULT;
1437
1438         t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1439         if (!t)
1440                 return ret;
1441
1442         switch(cmd) {
1443         case EBT_SO_GET_INFO:
1444         case EBT_SO_GET_INIT_INFO:
1445                 if (*len != sizeof(struct ebt_replace)){
1446                         ret = -EINVAL;
1447                         mutex_unlock(&ebt_mutex);
1448                         break;
1449                 }
1450                 if (cmd == EBT_SO_GET_INFO) {
1451                         tmp.nentries = t->private->nentries;
1452                         tmp.entries_size = t->private->entries_size;
1453                         tmp.valid_hooks = t->valid_hooks;
1454                 } else {
1455                         tmp.nentries = t->table->nentries;
1456                         tmp.entries_size = t->table->entries_size;
1457                         tmp.valid_hooks = t->table->valid_hooks;
1458                 }
1459                 mutex_unlock(&ebt_mutex);
1460                 if (copy_to_user(user, &tmp, *len) != 0){
1461                         BUGPRINT("c2u Didn't work\n");
1462                         ret = -EFAULT;
1463                         break;
1464                 }
1465                 ret = 0;
1466                 break;
1467
1468         case EBT_SO_GET_ENTRIES:
1469         case EBT_SO_GET_INIT_ENTRIES:
1470                 ret = copy_everything_to_user(t, user, len, cmd);
1471                 mutex_unlock(&ebt_mutex);
1472                 break;
1473
1474         default:
1475                 mutex_unlock(&ebt_mutex);
1476                 ret = -EINVAL;
1477         }
1478
1479         return ret;
1480 }
1481
1482 static struct nf_sockopt_ops ebt_sockopts =
1483 {
1484         .pf             = PF_INET,
1485         .set_optmin     = EBT_BASE_CTL,
1486         .set_optmax     = EBT_SO_SET_MAX + 1,
1487         .set            = do_ebt_set_ctl,
1488         .get_optmin     = EBT_BASE_CTL,
1489         .get_optmax     = EBT_SO_GET_MAX + 1,
1490         .get            = do_ebt_get_ctl,
1491         .owner          = THIS_MODULE,
1492 };
1493
1494 static int __init ebtables_init(void)
1495 {
1496         int ret;
1497
1498         ret = xt_register_target(&ebt_standard_target);
1499         if (ret < 0)
1500                 return ret;
1501         ret = nf_register_sockopt(&ebt_sockopts);
1502         if (ret < 0) {
1503                 xt_unregister_target(&ebt_standard_target);
1504                 return ret;
1505         }
1506
1507         printk(KERN_INFO "Ebtables v2.0 registered\n");
1508         return 0;
1509 }
1510
1511 static void __exit ebtables_fini(void)
1512 {
1513         nf_unregister_sockopt(&ebt_sockopts);
1514         xt_unregister_target(&ebt_standard_target);
1515         printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1516 }
1517
1518 EXPORT_SYMBOL(ebt_register_table);
1519 EXPORT_SYMBOL(ebt_unregister_table);
1520 EXPORT_SYMBOL(ebt_do_table);
1521 module_init(ebtables_init);
1522 module_exit(ebtables_fini);
1523 MODULE_LICENSE("GPL");