netfilter: ebtables: split copy_everything_to_user into two functions
[linux-2.6.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34                                          "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36
37 /*
38  * Each cpu has its own set of counters, so there is no need for write_lock in
39  * the softirq
40  * For reading or updating the counters, the user context needs to
41  * get a write_lock
42  */
43
44 /* The size of each set of counters is altered to get cache alignment */
45 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
46 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
47 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
48    COUNTER_OFFSET(n) * cpu))
49
50
51
52 static DEFINE_MUTEX(ebt_mutex);
53
54 static struct xt_target ebt_standard_target = {
55         .name       = "standard",
56         .revision   = 0,
57         .family     = NFPROTO_BRIDGE,
58         .targetsize = sizeof(int),
59 };
60
61 static inline int
62 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
63                struct xt_target_param *par)
64 {
65         par->target   = w->u.watcher;
66         par->targinfo = w->data;
67         w->u.watcher->target(skb, par);
68         /* watchers don't give a verdict */
69         return 0;
70 }
71
72 static inline int ebt_do_match (struct ebt_entry_match *m,
73    const struct sk_buff *skb, struct xt_match_param *par)
74 {
75         par->match     = m->u.match;
76         par->matchinfo = m->data;
77         return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
78 }
79
80 static inline int
81 ebt_dev_check(const char *entry, const struct net_device *device)
82 {
83         int i = 0;
84         const char *devname;
85
86         if (*entry == '\0')
87                 return 0;
88         if (!device)
89                 return 1;
90         devname = device->name;
91         /* 1 is the wildcard token */
92         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
93                 i++;
94         return (devname[i] != entry[i] && entry[i] != 1);
95 }
96
97 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
98 /* process standard matches */
99 static inline int
100 ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h,
101                 const struct net_device *in, const struct net_device *out)
102 {
103         int verdict, i;
104
105         if (e->bitmask & EBT_802_3) {
106                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
107                         return 1;
108         } else if (!(e->bitmask & EBT_NOPROTO) &&
109            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
110                 return 1;
111
112         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
113                 return 1;
114         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
115                 return 1;
116         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
117            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
118                 return 1;
119         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
120            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
121                 return 1;
122
123         if (e->bitmask & EBT_SOURCEMAC) {
124                 verdict = 0;
125                 for (i = 0; i < 6; i++)
126                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
127                            e->sourcemsk[i];
128                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
129                         return 1;
130         }
131         if (e->bitmask & EBT_DESTMAC) {
132                 verdict = 0;
133                 for (i = 0; i < 6; i++)
134                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
135                            e->destmsk[i];
136                 if (FWINV2(verdict != 0, EBT_IDEST) )
137                         return 1;
138         }
139         return 0;
140 }
141
142 static inline __pure
143 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
144 {
145         return (void *)entry + entry->next_offset;
146 }
147
148 /* Do some firewalling */
149 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
150    const struct net_device *in, const struct net_device *out,
151    struct ebt_table *table)
152 {
153         int i, nentries;
154         struct ebt_entry *point;
155         struct ebt_counter *counter_base, *cb_base;
156         const struct ebt_entry_target *t;
157         int verdict, sp = 0;
158         struct ebt_chainstack *cs;
159         struct ebt_entries *chaininfo;
160         const char *base;
161         const struct ebt_table_info *private;
162         bool hotdrop = false;
163         struct xt_match_param mtpar;
164         struct xt_target_param tgpar;
165
166         mtpar.family  = tgpar.family = NFPROTO_BRIDGE;
167         mtpar.in      = tgpar.in  = in;
168         mtpar.out     = tgpar.out = out;
169         mtpar.hotdrop = &hotdrop;
170         mtpar.hooknum = tgpar.hooknum = hook;
171
172         read_lock_bh(&table->lock);
173         private = table->private;
174         cb_base = COUNTER_BASE(private->counters, private->nentries,
175            smp_processor_id());
176         if (private->chainstack)
177                 cs = private->chainstack[smp_processor_id()];
178         else
179                 cs = NULL;
180         chaininfo = private->hook_entry[hook];
181         nentries = private->hook_entry[hook]->nentries;
182         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
183         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
184         /* base for chain jumps */
185         base = private->entries;
186         i = 0;
187         while (i < nentries) {
188                 if (ebt_basic_match(point, eth_hdr(skb), in, out))
189                         goto letscontinue;
190
191                 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
192                         goto letscontinue;
193                 if (hotdrop) {
194                         read_unlock_bh(&table->lock);
195                         return NF_DROP;
196                 }
197
198                 /* increase counter */
199                 (*(counter_base + i)).pcnt++;
200                 (*(counter_base + i)).bcnt += skb->len;
201
202                 /* these should only watch: not modify, nor tell us
203                    what to do with the packet */
204                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
205
206                 t = (struct ebt_entry_target *)
207                    (((char *)point) + point->target_offset);
208                 /* standard target */
209                 if (!t->u.target->target)
210                         verdict = ((struct ebt_standard_target *)t)->verdict;
211                 else {
212                         tgpar.target   = t->u.target;
213                         tgpar.targinfo = t->data;
214                         verdict = t->u.target->target(skb, &tgpar);
215                 }
216                 if (verdict == EBT_ACCEPT) {
217                         read_unlock_bh(&table->lock);
218                         return NF_ACCEPT;
219                 }
220                 if (verdict == EBT_DROP) {
221                         read_unlock_bh(&table->lock);
222                         return NF_DROP;
223                 }
224                 if (verdict == EBT_RETURN) {
225 letsreturn:
226 #ifdef CONFIG_NETFILTER_DEBUG
227                         if (sp == 0) {
228                                 BUGPRINT("RETURN on base chain");
229                                 /* act like this is EBT_CONTINUE */
230                                 goto letscontinue;
231                         }
232 #endif
233                         sp--;
234                         /* put all the local variables right */
235                         i = cs[sp].n;
236                         chaininfo = cs[sp].chaininfo;
237                         nentries = chaininfo->nentries;
238                         point = cs[sp].e;
239                         counter_base = cb_base +
240                            chaininfo->counter_offset;
241                         continue;
242                 }
243                 if (verdict == EBT_CONTINUE)
244                         goto letscontinue;
245 #ifdef CONFIG_NETFILTER_DEBUG
246                 if (verdict < 0) {
247                         BUGPRINT("bogus standard verdict\n");
248                         read_unlock_bh(&table->lock);
249                         return NF_DROP;
250                 }
251 #endif
252                 /* jump to a udc */
253                 cs[sp].n = i + 1;
254                 cs[sp].chaininfo = chaininfo;
255                 cs[sp].e = ebt_next_entry(point);
256                 i = 0;
257                 chaininfo = (struct ebt_entries *) (base + verdict);
258 #ifdef CONFIG_NETFILTER_DEBUG
259                 if (chaininfo->distinguisher) {
260                         BUGPRINT("jump to non-chain\n");
261                         read_unlock_bh(&table->lock);
262                         return NF_DROP;
263                 }
264 #endif
265                 nentries = chaininfo->nentries;
266                 point = (struct ebt_entry *)chaininfo->data;
267                 counter_base = cb_base + chaininfo->counter_offset;
268                 sp++;
269                 continue;
270 letscontinue:
271                 point = ebt_next_entry(point);
272                 i++;
273         }
274
275         /* I actually like this :) */
276         if (chaininfo->policy == EBT_RETURN)
277                 goto letsreturn;
278         if (chaininfo->policy == EBT_ACCEPT) {
279                 read_unlock_bh(&table->lock);
280                 return NF_ACCEPT;
281         }
282         read_unlock_bh(&table->lock);
283         return NF_DROP;
284 }
285
286 /* If it succeeds, returns element and locks mutex */
287 static inline void *
288 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
289    struct mutex *mutex)
290 {
291         struct {
292                 struct list_head list;
293                 char name[EBT_FUNCTION_MAXNAMELEN];
294         } *e;
295
296         *error = mutex_lock_interruptible(mutex);
297         if (*error != 0)
298                 return NULL;
299
300         list_for_each_entry(e, head, list) {
301                 if (strcmp(e->name, name) == 0)
302                         return e;
303         }
304         *error = -ENOENT;
305         mutex_unlock(mutex);
306         return NULL;
307 }
308
309 static void *
310 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
311    int *error, struct mutex *mutex)
312 {
313         return try_then_request_module(
314                         find_inlist_lock_noload(head, name, error, mutex),
315                         "%s%s", prefix, name);
316 }
317
318 static inline struct ebt_table *
319 find_table_lock(struct net *net, const char *name, int *error,
320                 struct mutex *mutex)
321 {
322         return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
323                                 "ebtable_", error, mutex);
324 }
325
326 static inline int
327 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
328                 unsigned int *cnt)
329 {
330         const struct ebt_entry *e = par->entryinfo;
331         struct xt_match *match;
332         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
333         int ret;
334
335         if (left < sizeof(struct ebt_entry_match) ||
336             left - sizeof(struct ebt_entry_match) < m->match_size)
337                 return -EINVAL;
338
339         match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
340                 m->u.name, 0), "ebt_%s", m->u.name);
341         if (IS_ERR(match))
342                 return PTR_ERR(match);
343         if (match == NULL)
344                 return -ENOENT;
345         m->u.match = match;
346
347         par->match     = match;
348         par->matchinfo = m->data;
349         ret = xt_check_match(par, m->match_size,
350               e->ethproto, e->invflags & EBT_IPROTO);
351         if (ret < 0) {
352                 module_put(match->me);
353                 return ret;
354         }
355
356         (*cnt)++;
357         return 0;
358 }
359
360 static inline int
361 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
362                   unsigned int *cnt)
363 {
364         const struct ebt_entry *e = par->entryinfo;
365         struct xt_target *watcher;
366         size_t left = ((char *)e + e->target_offset) - (char *)w;
367         int ret;
368
369         if (left < sizeof(struct ebt_entry_watcher) ||
370            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
371                 return -EINVAL;
372
373         watcher = try_then_request_module(
374                   xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
375                   "ebt_%s", w->u.name);
376         if (IS_ERR(watcher))
377                 return PTR_ERR(watcher);
378         if (watcher == NULL)
379                 return -ENOENT;
380         w->u.watcher = watcher;
381
382         par->target   = watcher;
383         par->targinfo = w->data;
384         ret = xt_check_target(par, w->watcher_size,
385               e->ethproto, e->invflags & EBT_IPROTO);
386         if (ret < 0) {
387                 module_put(watcher->me);
388                 return ret;
389         }
390
391         (*cnt)++;
392         return 0;
393 }
394
395 static int ebt_verify_pointers(const struct ebt_replace *repl,
396                                struct ebt_table_info *newinfo)
397 {
398         unsigned int limit = repl->entries_size;
399         unsigned int valid_hooks = repl->valid_hooks;
400         unsigned int offset = 0;
401         int i;
402
403         for (i = 0; i < NF_BR_NUMHOOKS; i++)
404                 newinfo->hook_entry[i] = NULL;
405
406         newinfo->entries_size = repl->entries_size;
407         newinfo->nentries = repl->nentries;
408
409         while (offset < limit) {
410                 size_t left = limit - offset;
411                 struct ebt_entry *e = (void *)newinfo->entries + offset;
412
413                 if (left < sizeof(unsigned int))
414                         break;
415
416                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
417                         if ((valid_hooks & (1 << i)) == 0)
418                                 continue;
419                         if ((char __user *)repl->hook_entry[i] ==
420                              repl->entries + offset)
421                                 break;
422                 }
423
424                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
425                         if (e->bitmask != 0) {
426                                 /* we make userspace set this right,
427                                    so there is no misunderstanding */
428                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
429                                          "in distinguisher\n");
430                                 return -EINVAL;
431                         }
432                         if (i != NF_BR_NUMHOOKS)
433                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
434                         if (left < sizeof(struct ebt_entries))
435                                 break;
436                         offset += sizeof(struct ebt_entries);
437                 } else {
438                         if (left < sizeof(struct ebt_entry))
439                                 break;
440                         if (left < e->next_offset)
441                                 break;
442                         if (e->next_offset < sizeof(struct ebt_entry))
443                                 return -EINVAL;
444                         offset += e->next_offset;
445                 }
446         }
447         if (offset != limit) {
448                 BUGPRINT("entries_size too small\n");
449                 return -EINVAL;
450         }
451
452         /* check if all valid hooks have a chain */
453         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
454                 if (!newinfo->hook_entry[i] &&
455                    (valid_hooks & (1 << i))) {
456                         BUGPRINT("Valid hook without chain\n");
457                         return -EINVAL;
458                 }
459         }
460         return 0;
461 }
462
463 /*
464  * this one is very careful, as it is the first function
465  * to parse the userspace data
466  */
467 static inline int
468 ebt_check_entry_size_and_hooks(const struct ebt_entry *e,
469    const struct ebt_table_info *newinfo,
470    unsigned int *n, unsigned int *cnt,
471    unsigned int *totalcnt, unsigned int *udc_cnt)
472 {
473         int i;
474
475         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
476                 if ((void *)e == (void *)newinfo->hook_entry[i])
477                         break;
478         }
479         /* beginning of a new chain
480            if i == NF_BR_NUMHOOKS it must be a user defined chain */
481         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
482                 /* this checks if the previous chain has as many entries
483                    as it said it has */
484                 if (*n != *cnt) {
485                         BUGPRINT("nentries does not equal the nr of entries "
486                                  "in the chain\n");
487                         return -EINVAL;
488                 }
489                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
490                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
491                         /* only RETURN from udc */
492                         if (i != NF_BR_NUMHOOKS ||
493                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
494                                 BUGPRINT("bad policy\n");
495                                 return -EINVAL;
496                         }
497                 }
498                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
499                         (*udc_cnt)++;
500                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
501                         BUGPRINT("counter_offset != totalcnt");
502                         return -EINVAL;
503                 }
504                 *n = ((struct ebt_entries *)e)->nentries;
505                 *cnt = 0;
506                 return 0;
507         }
508         /* a plain old entry, heh */
509         if (sizeof(struct ebt_entry) > e->watchers_offset ||
510            e->watchers_offset > e->target_offset ||
511            e->target_offset >= e->next_offset) {
512                 BUGPRINT("entry offsets not in right order\n");
513                 return -EINVAL;
514         }
515         /* this is not checked anywhere else */
516         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
517                 BUGPRINT("target size too small\n");
518                 return -EINVAL;
519         }
520         (*cnt)++;
521         (*totalcnt)++;
522         return 0;
523 }
524
525 struct ebt_cl_stack
526 {
527         struct ebt_chainstack cs;
528         int from;
529         unsigned int hookmask;
530 };
531
532 /*
533  * we need these positions to check that the jumps to a different part of the
534  * entries is a jump to the beginning of a new chain.
535  */
536 static inline int
537 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
538    unsigned int *n, struct ebt_cl_stack *udc)
539 {
540         int i;
541
542         /* we're only interested in chain starts */
543         if (e->bitmask)
544                 return 0;
545         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
546                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
547                         break;
548         }
549         /* only care about udc */
550         if (i != NF_BR_NUMHOOKS)
551                 return 0;
552
553         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
554         /* these initialisations are depended on later in check_chainloops() */
555         udc[*n].cs.n = 0;
556         udc[*n].hookmask = 0;
557
558         (*n)++;
559         return 0;
560 }
561
562 static inline int
563 ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
564 {
565         struct xt_mtdtor_param par;
566
567         if (i && (*i)-- == 0)
568                 return 1;
569
570         par.net       = net;
571         par.match     = m->u.match;
572         par.matchinfo = m->data;
573         par.family    = NFPROTO_BRIDGE;
574         if (par.match->destroy != NULL)
575                 par.match->destroy(&par);
576         module_put(par.match->me);
577         return 0;
578 }
579
580 static inline int
581 ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
582 {
583         struct xt_tgdtor_param par;
584
585         if (i && (*i)-- == 0)
586                 return 1;
587
588         par.net      = net;
589         par.target   = w->u.watcher;
590         par.targinfo = w->data;
591         par.family   = NFPROTO_BRIDGE;
592         if (par.target->destroy != NULL)
593                 par.target->destroy(&par);
594         module_put(par.target->me);
595         return 0;
596 }
597
598 static inline int
599 ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
600 {
601         struct xt_tgdtor_param par;
602         struct ebt_entry_target *t;
603
604         if (e->bitmask == 0)
605                 return 0;
606         /* we're done */
607         if (cnt && (*cnt)-- == 0)
608                 return 1;
609         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
610         EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
611         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
612
613         par.net      = net;
614         par.target   = t->u.target;
615         par.targinfo = t->data;
616         par.family   = NFPROTO_BRIDGE;
617         if (par.target->destroy != NULL)
618                 par.target->destroy(&par);
619         module_put(par.target->me);
620         return 0;
621 }
622
623 static inline int
624 ebt_check_entry(struct ebt_entry *e, struct net *net,
625    const struct ebt_table_info *newinfo,
626    const char *name, unsigned int *cnt,
627    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
628 {
629         struct ebt_entry_target *t;
630         struct xt_target *target;
631         unsigned int i, j, hook = 0, hookmask = 0;
632         size_t gap;
633         int ret;
634         struct xt_mtchk_param mtpar;
635         struct xt_tgchk_param tgpar;
636
637         /* don't mess with the struct ebt_entries */
638         if (e->bitmask == 0)
639                 return 0;
640
641         if (e->bitmask & ~EBT_F_MASK) {
642                 BUGPRINT("Unknown flag for bitmask\n");
643                 return -EINVAL;
644         }
645         if (e->invflags & ~EBT_INV_MASK) {
646                 BUGPRINT("Unknown flag for inv bitmask\n");
647                 return -EINVAL;
648         }
649         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
650                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
651                 return -EINVAL;
652         }
653         /* what hook do we belong to? */
654         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
655                 if (!newinfo->hook_entry[i])
656                         continue;
657                 if ((char *)newinfo->hook_entry[i] < (char *)e)
658                         hook = i;
659                 else
660                         break;
661         }
662         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
663            a base chain */
664         if (i < NF_BR_NUMHOOKS)
665                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
666         else {
667                 for (i = 0; i < udc_cnt; i++)
668                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
669                                 break;
670                 if (i == 0)
671                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
672                 else
673                         hookmask = cl_s[i - 1].hookmask;
674         }
675         i = 0;
676
677         mtpar.net       = tgpar.net       = net;
678         mtpar.table     = tgpar.table     = name;
679         mtpar.entryinfo = tgpar.entryinfo = e;
680         mtpar.hook_mask = tgpar.hook_mask = hookmask;
681         mtpar.family    = tgpar.family    = NFPROTO_BRIDGE;
682         ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
683         if (ret != 0)
684                 goto cleanup_matches;
685         j = 0;
686         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
687         if (ret != 0)
688                 goto cleanup_watchers;
689         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
690         gap = e->next_offset - e->target_offset;
691
692         target = try_then_request_module(
693                  xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
694                  "ebt_%s", t->u.name);
695         if (IS_ERR(target)) {
696                 ret = PTR_ERR(target);
697                 goto cleanup_watchers;
698         } else if (target == NULL) {
699                 ret = -ENOENT;
700                 goto cleanup_watchers;
701         }
702
703         t->u.target = target;
704         if (t->u.target == &ebt_standard_target) {
705                 if (gap < sizeof(struct ebt_standard_target)) {
706                         BUGPRINT("Standard target size too big\n");
707                         ret = -EFAULT;
708                         goto cleanup_watchers;
709                 }
710                 if (((struct ebt_standard_target *)t)->verdict <
711                    -NUM_STANDARD_TARGETS) {
712                         BUGPRINT("Invalid standard target\n");
713                         ret = -EFAULT;
714                         goto cleanup_watchers;
715                 }
716         } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
717                 module_put(t->u.target->me);
718                 ret = -EFAULT;
719                 goto cleanup_watchers;
720         }
721
722         tgpar.target   = target;
723         tgpar.targinfo = t->data;
724         ret = xt_check_target(&tgpar, t->target_size,
725               e->ethproto, e->invflags & EBT_IPROTO);
726         if (ret < 0) {
727                 module_put(target->me);
728                 goto cleanup_watchers;
729         }
730         (*cnt)++;
731         return 0;
732 cleanup_watchers:
733         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
734 cleanup_matches:
735         EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
736         return ret;
737 }
738
739 /*
740  * checks for loops and sets the hook mask for udc
741  * the hook mask for udc tells us from which base chains the udc can be
742  * accessed. This mask is a parameter to the check() functions of the extensions
743  */
744 static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
745    unsigned int udc_cnt, unsigned int hooknr, char *base)
746 {
747         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
748         const struct ebt_entry *e = (struct ebt_entry *)chain->data;
749         const struct ebt_entry_target *t;
750
751         while (pos < nentries || chain_nr != -1) {
752                 /* end of udc, go back one 'recursion' step */
753                 if (pos == nentries) {
754                         /* put back values of the time when this chain was called */
755                         e = cl_s[chain_nr].cs.e;
756                         if (cl_s[chain_nr].from != -1)
757                                 nentries =
758                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
759                         else
760                                 nentries = chain->nentries;
761                         pos = cl_s[chain_nr].cs.n;
762                         /* make sure we won't see a loop that isn't one */
763                         cl_s[chain_nr].cs.n = 0;
764                         chain_nr = cl_s[chain_nr].from;
765                         if (pos == nentries)
766                                 continue;
767                 }
768                 t = (struct ebt_entry_target *)
769                    (((char *)e) + e->target_offset);
770                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
771                         goto letscontinue;
772                 if (e->target_offset + sizeof(struct ebt_standard_target) >
773                    e->next_offset) {
774                         BUGPRINT("Standard target size too big\n");
775                         return -1;
776                 }
777                 verdict = ((struct ebt_standard_target *)t)->verdict;
778                 if (verdict >= 0) { /* jump to another chain */
779                         struct ebt_entries *hlp2 =
780                            (struct ebt_entries *)(base + verdict);
781                         for (i = 0; i < udc_cnt; i++)
782                                 if (hlp2 == cl_s[i].cs.chaininfo)
783                                         break;
784                         /* bad destination or loop */
785                         if (i == udc_cnt) {
786                                 BUGPRINT("bad destination\n");
787                                 return -1;
788                         }
789                         if (cl_s[i].cs.n) {
790                                 BUGPRINT("loop\n");
791                                 return -1;
792                         }
793                         if (cl_s[i].hookmask & (1 << hooknr))
794                                 goto letscontinue;
795                         /* this can't be 0, so the loop test is correct */
796                         cl_s[i].cs.n = pos + 1;
797                         pos = 0;
798                         cl_s[i].cs.e = ebt_next_entry(e);
799                         e = (struct ebt_entry *)(hlp2->data);
800                         nentries = hlp2->nentries;
801                         cl_s[i].from = chain_nr;
802                         chain_nr = i;
803                         /* this udc is accessible from the base chain for hooknr */
804                         cl_s[i].hookmask |= (1 << hooknr);
805                         continue;
806                 }
807 letscontinue:
808                 e = ebt_next_entry(e);
809                 pos++;
810         }
811         return 0;
812 }
813
814 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
815 static int translate_table(struct net *net, const char *name,
816                            struct ebt_table_info *newinfo)
817 {
818         unsigned int i, j, k, udc_cnt;
819         int ret;
820         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
821
822         i = 0;
823         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
824                 i++;
825         if (i == NF_BR_NUMHOOKS) {
826                 BUGPRINT("No valid hooks specified\n");
827                 return -EINVAL;
828         }
829         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
830                 BUGPRINT("Chains don't start at beginning\n");
831                 return -EINVAL;
832         }
833         /* make sure chains are ordered after each other in same order
834            as their corresponding hooks */
835         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
836                 if (!newinfo->hook_entry[j])
837                         continue;
838                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
839                         BUGPRINT("Hook order must be followed\n");
840                         return -EINVAL;
841                 }
842                 i = j;
843         }
844
845         /* do some early checkings and initialize some things */
846         i = 0; /* holds the expected nr. of entries for the chain */
847         j = 0; /* holds the up to now counted entries for the chain */
848         k = 0; /* holds the total nr. of entries, should equal
849                   newinfo->nentries afterwards */
850         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
851         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
852            ebt_check_entry_size_and_hooks, newinfo,
853            &i, &j, &k, &udc_cnt);
854
855         if (ret != 0)
856                 return ret;
857
858         if (i != j) {
859                 BUGPRINT("nentries does not equal the nr of entries in the "
860                          "(last) chain\n");
861                 return -EINVAL;
862         }
863         if (k != newinfo->nentries) {
864                 BUGPRINT("Total nentries is wrong\n");
865                 return -EINVAL;
866         }
867
868         /* get the location of the udc, put them in an array
869            while we're at it, allocate the chainstack */
870         if (udc_cnt) {
871                 /* this will get free'd in do_replace()/ebt_register_table()
872                    if an error occurs */
873                 newinfo->chainstack =
874                         vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
875                 if (!newinfo->chainstack)
876                         return -ENOMEM;
877                 for_each_possible_cpu(i) {
878                         newinfo->chainstack[i] =
879                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
880                         if (!newinfo->chainstack[i]) {
881                                 while (i)
882                                         vfree(newinfo->chainstack[--i]);
883                                 vfree(newinfo->chainstack);
884                                 newinfo->chainstack = NULL;
885                                 return -ENOMEM;
886                         }
887                 }
888
889                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
890                 if (!cl_s)
891                         return -ENOMEM;
892                 i = 0; /* the i'th udc */
893                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
894                    ebt_get_udc_positions, newinfo, &i, cl_s);
895                 /* sanity check */
896                 if (i != udc_cnt) {
897                         BUGPRINT("i != udc_cnt\n");
898                         vfree(cl_s);
899                         return -EFAULT;
900                 }
901         }
902
903         /* Check for loops */
904         for (i = 0; i < NF_BR_NUMHOOKS; i++)
905                 if (newinfo->hook_entry[i])
906                         if (check_chainloops(newinfo->hook_entry[i],
907                            cl_s, udc_cnt, i, newinfo->entries)) {
908                                 vfree(cl_s);
909                                 return -EINVAL;
910                         }
911
912         /* we now know the following (along with E=mc²):
913            - the nr of entries in each chain is right
914            - the size of the allocated space is right
915            - all valid hooks have a corresponding chain
916            - there are no loops
917            - wrong data can still be on the level of a single entry
918            - could be there are jumps to places that are not the
919              beginning of a chain. This can only occur in chains that
920              are not accessible from any base chains, so we don't care. */
921
922         /* used to know what we need to clean up if something goes wrong */
923         i = 0;
924         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
925            ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
926         if (ret != 0) {
927                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
928                                   ebt_cleanup_entry, net, &i);
929         }
930         vfree(cl_s);
931         return ret;
932 }
933
934 /* called under write_lock */
935 static void get_counters(const struct ebt_counter *oldcounters,
936    struct ebt_counter *counters, unsigned int nentries)
937 {
938         int i, cpu;
939         struct ebt_counter *counter_base;
940
941         /* counters of cpu 0 */
942         memcpy(counters, oldcounters,
943                sizeof(struct ebt_counter) * nentries);
944
945         /* add other counters to those of cpu 0 */
946         for_each_possible_cpu(cpu) {
947                 if (cpu == 0)
948                         continue;
949                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
950                 for (i = 0; i < nentries; i++) {
951                         counters[i].pcnt += counter_base[i].pcnt;
952                         counters[i].bcnt += counter_base[i].bcnt;
953                 }
954         }
955 }
956
957 static int do_replace_finish(struct net *net, struct ebt_replace *repl,
958                               struct ebt_table_info *newinfo)
959 {
960         int ret, i;
961         struct ebt_counter *counterstmp = NULL;
962         /* used to be able to unlock earlier */
963         struct ebt_table_info *table;
964         struct ebt_table *t;
965
966         /* the user wants counters back
967            the check on the size is done later, when we have the lock */
968         if (repl->num_counters) {
969                 unsigned long size = repl->num_counters * sizeof(*counterstmp);
970                 counterstmp = vmalloc(size);
971                 if (!counterstmp)
972                         return -ENOMEM;
973         }
974
975         newinfo->chainstack = NULL;
976         ret = ebt_verify_pointers(repl, newinfo);
977         if (ret != 0)
978                 goto free_counterstmp;
979
980         ret = translate_table(net, repl->name, newinfo);
981
982         if (ret != 0)
983                 goto free_counterstmp;
984
985         t = find_table_lock(net, repl->name, &ret, &ebt_mutex);
986         if (!t) {
987                 ret = -ENOENT;
988                 goto free_iterate;
989         }
990
991         /* the table doesn't like it */
992         if (t->check && (ret = t->check(newinfo, repl->valid_hooks)))
993                 goto free_unlock;
994
995         if (repl->num_counters && repl->num_counters != t->private->nentries) {
996                 BUGPRINT("Wrong nr. of counters requested\n");
997                 ret = -EINVAL;
998                 goto free_unlock;
999         }
1000
1001         /* we have the mutex lock, so no danger in reading this pointer */
1002         table = t->private;
1003         /* make sure the table can only be rmmod'ed if it contains no rules */
1004         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1005                 ret = -ENOENT;
1006                 goto free_unlock;
1007         } else if (table->nentries && !newinfo->nentries)
1008                 module_put(t->me);
1009         /* we need an atomic snapshot of the counters */
1010         write_lock_bh(&t->lock);
1011         if (repl->num_counters)
1012                 get_counters(t->private->counters, counterstmp,
1013                    t->private->nentries);
1014
1015         t->private = newinfo;
1016         write_unlock_bh(&t->lock);
1017         mutex_unlock(&ebt_mutex);
1018         /* so, a user can change the chains while having messed up her counter
1019            allocation. Only reason why this is done is because this way the lock
1020            is held only once, while this doesn't bring the kernel into a
1021            dangerous state. */
1022         if (repl->num_counters &&
1023            copy_to_user(repl->counters, counterstmp,
1024            repl->num_counters * sizeof(struct ebt_counter))) {
1025                 ret = -EFAULT;
1026         }
1027         else
1028                 ret = 0;
1029
1030         /* decrease module count and free resources */
1031         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1032                           ebt_cleanup_entry, net, NULL);
1033
1034         vfree(table->entries);
1035         if (table->chainstack) {
1036                 for_each_possible_cpu(i)
1037                         vfree(table->chainstack[i]);
1038                 vfree(table->chainstack);
1039         }
1040         vfree(table);
1041
1042         vfree(counterstmp);
1043         return ret;
1044
1045 free_unlock:
1046         mutex_unlock(&ebt_mutex);
1047 free_iterate:
1048         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1049                           ebt_cleanup_entry, net, NULL);
1050 free_counterstmp:
1051         vfree(counterstmp);
1052         /* can be initialized in translate_table() */
1053         if (newinfo->chainstack) {
1054                 for_each_possible_cpu(i)
1055                         vfree(newinfo->chainstack[i]);
1056                 vfree(newinfo->chainstack);
1057         }
1058         return ret;
1059 }
1060
1061 /* replace the table */
1062 static int do_replace(struct net *net, const void __user *user,
1063                       unsigned int len)
1064 {
1065         int ret, countersize;
1066         struct ebt_table_info *newinfo;
1067         struct ebt_replace tmp;
1068
1069         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1070                 return -EFAULT;
1071
1072         if (len != sizeof(tmp) + tmp.entries_size) {
1073                 BUGPRINT("Wrong len argument\n");
1074                 return -EINVAL;
1075         }
1076
1077         if (tmp.entries_size == 0) {
1078                 BUGPRINT("Entries_size never zero\n");
1079                 return -EINVAL;
1080         }
1081         /* overflow check */
1082         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
1083                         NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
1084                 return -ENOMEM;
1085         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
1086                 return -ENOMEM;
1087
1088         countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
1089         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1090         if (!newinfo)
1091                 return -ENOMEM;
1092
1093         if (countersize)
1094                 memset(newinfo->counters, 0, countersize);
1095
1096         newinfo->entries = vmalloc(tmp.entries_size);
1097         if (!newinfo->entries) {
1098                 ret = -ENOMEM;
1099                 goto free_newinfo;
1100         }
1101         if (copy_from_user(
1102            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1103                 BUGPRINT("Couldn't copy entries from userspace\n");
1104                 ret = -EFAULT;
1105                 goto free_entries;
1106         }
1107
1108         ret = do_replace_finish(net, &tmp, newinfo);
1109         if (ret == 0)
1110                 return ret;
1111 free_entries:
1112         vfree(newinfo->entries);
1113 free_newinfo:
1114         vfree(newinfo);
1115         return ret;
1116 }
1117
1118 struct ebt_table *
1119 ebt_register_table(struct net *net, const struct ebt_table *input_table)
1120 {
1121         struct ebt_table_info *newinfo;
1122         struct ebt_table *t, *table;
1123         struct ebt_replace_kernel *repl;
1124         int ret, i, countersize;
1125         void *p;
1126
1127         if (input_table == NULL || (repl = input_table->table) == NULL ||
1128             repl->entries == 0 || repl->entries_size == 0 ||
1129             repl->counters != NULL || input_table->private != NULL) {
1130                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1131                 return ERR_PTR(-EINVAL);
1132         }
1133
1134         /* Don't add one table to multiple lists. */
1135         table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1136         if (!table) {
1137                 ret = -ENOMEM;
1138                 goto out;
1139         }
1140
1141         countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1142         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1143         ret = -ENOMEM;
1144         if (!newinfo)
1145                 goto free_table;
1146
1147         p = vmalloc(repl->entries_size);
1148         if (!p)
1149                 goto free_newinfo;
1150
1151         memcpy(p, repl->entries, repl->entries_size);
1152         newinfo->entries = p;
1153
1154         newinfo->entries_size = repl->entries_size;
1155         newinfo->nentries = repl->nentries;
1156
1157         if (countersize)
1158                 memset(newinfo->counters, 0, countersize);
1159
1160         /* fill in newinfo and parse the entries */
1161         newinfo->chainstack = NULL;
1162         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1163                 if ((repl->valid_hooks & (1 << i)) == 0)
1164                         newinfo->hook_entry[i] = NULL;
1165                 else
1166                         newinfo->hook_entry[i] = p +
1167                                 ((char *)repl->hook_entry[i] - repl->entries);
1168         }
1169         ret = translate_table(net, repl->name, newinfo);
1170         if (ret != 0) {
1171                 BUGPRINT("Translate_table failed\n");
1172                 goto free_chainstack;
1173         }
1174
1175         if (table->check && table->check(newinfo, table->valid_hooks)) {
1176                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1177                 return ERR_PTR(-EINVAL);
1178         }
1179
1180         table->private = newinfo;
1181         rwlock_init(&table->lock);
1182         ret = mutex_lock_interruptible(&ebt_mutex);
1183         if (ret != 0)
1184                 goto free_chainstack;
1185
1186         list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1187                 if (strcmp(t->name, table->name) == 0) {
1188                         ret = -EEXIST;
1189                         BUGPRINT("Table name already exists\n");
1190                         goto free_unlock;
1191                 }
1192         }
1193
1194         /* Hold a reference count if the chains aren't empty */
1195         if (newinfo->nentries && !try_module_get(table->me)) {
1196                 ret = -ENOENT;
1197                 goto free_unlock;
1198         }
1199         list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1200         mutex_unlock(&ebt_mutex);
1201         return table;
1202 free_unlock:
1203         mutex_unlock(&ebt_mutex);
1204 free_chainstack:
1205         if (newinfo->chainstack) {
1206                 for_each_possible_cpu(i)
1207                         vfree(newinfo->chainstack[i]);
1208                 vfree(newinfo->chainstack);
1209         }
1210         vfree(newinfo->entries);
1211 free_newinfo:
1212         vfree(newinfo);
1213 free_table:
1214         kfree(table);
1215 out:
1216         return ERR_PTR(ret);
1217 }
1218
1219 void ebt_unregister_table(struct net *net, struct ebt_table *table)
1220 {
1221         int i;
1222
1223         if (!table) {
1224                 BUGPRINT("Request to unregister NULL table!!!\n");
1225                 return;
1226         }
1227         mutex_lock(&ebt_mutex);
1228         list_del(&table->list);
1229         mutex_unlock(&ebt_mutex);
1230         EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1231                           ebt_cleanup_entry, net, NULL);
1232         if (table->private->nentries)
1233                 module_put(table->me);
1234         vfree(table->private->entries);
1235         if (table->private->chainstack) {
1236                 for_each_possible_cpu(i)
1237                         vfree(table->private->chainstack[i]);
1238                 vfree(table->private->chainstack);
1239         }
1240         vfree(table->private);
1241         kfree(table);
1242 }
1243
1244 /* userspace just supplied us with counters */
1245 static int update_counters(struct net *net, const void __user *user,
1246                            unsigned int len)
1247 {
1248         int i, ret;
1249         struct ebt_counter *tmp;
1250         struct ebt_replace hlp;
1251         struct ebt_table *t;
1252
1253         if (copy_from_user(&hlp, user, sizeof(hlp)))
1254                 return -EFAULT;
1255
1256         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1257                 return -EINVAL;
1258         if (hlp.num_counters == 0)
1259                 return -EINVAL;
1260
1261         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp))))
1262                 return -ENOMEM;
1263
1264         t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1265         if (!t)
1266                 goto free_tmp;
1267
1268         if (hlp.num_counters != t->private->nentries) {
1269                 BUGPRINT("Wrong nr of counters\n");
1270                 ret = -EINVAL;
1271                 goto unlock_mutex;
1272         }
1273
1274         if ( copy_from_user(tmp, hlp.counters,
1275            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1276                 BUGPRINT("Updata_counters && !cfu\n");
1277                 ret = -EFAULT;
1278                 goto unlock_mutex;
1279         }
1280
1281         /* we want an atomic add of the counters */
1282         write_lock_bh(&t->lock);
1283
1284         /* we add to the counters of the first cpu */
1285         for (i = 0; i < hlp.num_counters; i++) {
1286                 t->private->counters[i].pcnt += tmp[i].pcnt;
1287                 t->private->counters[i].bcnt += tmp[i].bcnt;
1288         }
1289
1290         write_unlock_bh(&t->lock);
1291         ret = 0;
1292 unlock_mutex:
1293         mutex_unlock(&ebt_mutex);
1294 free_tmp:
1295         vfree(tmp);
1296         return ret;
1297 }
1298
1299 static inline int ebt_make_matchname(const struct ebt_entry_match *m,
1300     const char *base, char __user *ubase)
1301 {
1302         char __user *hlp = ubase + ((char *)m - base);
1303         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1304                 return -EFAULT;
1305         return 0;
1306 }
1307
1308 static inline int ebt_make_watchername(const struct ebt_entry_watcher *w,
1309     const char *base, char __user *ubase)
1310 {
1311         char __user *hlp = ubase + ((char *)w - base);
1312         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1313                 return -EFAULT;
1314         return 0;
1315 }
1316
1317 static inline int
1318 ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
1319 {
1320         int ret;
1321         char __user *hlp;
1322         const struct ebt_entry_target *t;
1323
1324         if (e->bitmask == 0)
1325                 return 0;
1326
1327         hlp = ubase + (((char *)e + e->target_offset) - base);
1328         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1329
1330         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1331         if (ret != 0)
1332                 return ret;
1333         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1334         if (ret != 0)
1335                 return ret;
1336         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1337                 return -EFAULT;
1338         return 0;
1339 }
1340
1341 static int copy_counters_to_user(struct ebt_table *t,
1342                                   const struct ebt_counter *oldcounters,
1343                                   void __user *user, unsigned int num_counters,
1344                                   unsigned int nentries)
1345 {
1346         struct ebt_counter *counterstmp;
1347         int ret = 0;
1348
1349         /* userspace might not need the counters */
1350         if (num_counters == 0)
1351                 return 0;
1352
1353         if (num_counters != nentries) {
1354                 BUGPRINT("Num_counters wrong\n");
1355                 return -EINVAL;
1356         }
1357
1358         counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1359         if (!counterstmp)
1360                 return -ENOMEM;
1361
1362         write_lock_bh(&t->lock);
1363         get_counters(oldcounters, counterstmp, nentries);
1364         write_unlock_bh(&t->lock);
1365
1366         if (copy_to_user(user, counterstmp,
1367            nentries * sizeof(struct ebt_counter)))
1368                 ret = -EFAULT;
1369         vfree(counterstmp);
1370         return ret;
1371 }
1372
1373 /* called with ebt_mutex locked */
1374 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1375     const int *len, int cmd)
1376 {
1377         struct ebt_replace tmp;
1378         const struct ebt_counter *oldcounters;
1379         unsigned int entries_size, nentries;
1380         int ret;
1381         char *entries;
1382
1383         if (cmd == EBT_SO_GET_ENTRIES) {
1384                 entries_size = t->private->entries_size;
1385                 nentries = t->private->nentries;
1386                 entries = t->private->entries;
1387                 oldcounters = t->private->counters;
1388         } else {
1389                 entries_size = t->table->entries_size;
1390                 nentries = t->table->nentries;
1391                 entries = t->table->entries;
1392                 oldcounters = t->table->counters;
1393         }
1394
1395         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1396                 BUGPRINT("Cfu didn't work\n");
1397                 return -EFAULT;
1398         }
1399
1400         if (*len != sizeof(struct ebt_replace) + entries_size +
1401            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1402                 BUGPRINT("Wrong size\n");
1403                 return -EINVAL;
1404         }
1405
1406         if (tmp.nentries != nentries) {
1407                 BUGPRINT("Nentries wrong\n");
1408                 return -EINVAL;
1409         }
1410
1411         if (tmp.entries_size != entries_size) {
1412                 BUGPRINT("Wrong size\n");
1413                 return -EINVAL;
1414         }
1415
1416         ret = copy_counters_to_user(t, oldcounters, tmp.counters,
1417                                         tmp.num_counters, nentries);
1418         if (ret)
1419                 return ret;
1420
1421         if (copy_to_user(tmp.entries, entries, entries_size)) {
1422                 BUGPRINT("Couldn't copy entries to userspace\n");
1423                 return -EFAULT;
1424         }
1425         /* set the match/watcher/target names right */
1426         return EBT_ENTRY_ITERATE(entries, entries_size,
1427            ebt_make_names, entries, tmp.entries);
1428 }
1429
1430 static int do_ebt_set_ctl(struct sock *sk,
1431         int cmd, void __user *user, unsigned int len)
1432 {
1433         int ret;
1434
1435         if (!capable(CAP_NET_ADMIN))
1436                 return -EPERM;
1437
1438         switch(cmd) {
1439         case EBT_SO_SET_ENTRIES:
1440                 ret = do_replace(sock_net(sk), user, len);
1441                 break;
1442         case EBT_SO_SET_COUNTERS:
1443                 ret = update_counters(sock_net(sk), user, len);
1444                 break;
1445         default:
1446                 ret = -EINVAL;
1447   }
1448         return ret;
1449 }
1450
1451 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1452 {
1453         int ret;
1454         struct ebt_replace tmp;
1455         struct ebt_table *t;
1456
1457         if (!capable(CAP_NET_ADMIN))
1458                 return -EPERM;
1459
1460         if (copy_from_user(&tmp, user, sizeof(tmp)))
1461                 return -EFAULT;
1462
1463         t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1464         if (!t)
1465                 return ret;
1466
1467         switch(cmd) {
1468         case EBT_SO_GET_INFO:
1469         case EBT_SO_GET_INIT_INFO:
1470                 if (*len != sizeof(struct ebt_replace)){
1471                         ret = -EINVAL;
1472                         mutex_unlock(&ebt_mutex);
1473                         break;
1474                 }
1475                 if (cmd == EBT_SO_GET_INFO) {
1476                         tmp.nentries = t->private->nentries;
1477                         tmp.entries_size = t->private->entries_size;
1478                         tmp.valid_hooks = t->valid_hooks;
1479                 } else {
1480                         tmp.nentries = t->table->nentries;
1481                         tmp.entries_size = t->table->entries_size;
1482                         tmp.valid_hooks = t->table->valid_hooks;
1483                 }
1484                 mutex_unlock(&ebt_mutex);
1485                 if (copy_to_user(user, &tmp, *len) != 0){
1486                         BUGPRINT("c2u Didn't work\n");
1487                         ret = -EFAULT;
1488                         break;
1489                 }
1490                 ret = 0;
1491                 break;
1492
1493         case EBT_SO_GET_ENTRIES:
1494         case EBT_SO_GET_INIT_ENTRIES:
1495                 ret = copy_everything_to_user(t, user, len, cmd);
1496                 mutex_unlock(&ebt_mutex);
1497                 break;
1498
1499         default:
1500                 mutex_unlock(&ebt_mutex);
1501                 ret = -EINVAL;
1502         }
1503
1504         return ret;
1505 }
1506
1507 static struct nf_sockopt_ops ebt_sockopts =
1508 {
1509         .pf             = PF_INET,
1510         .set_optmin     = EBT_BASE_CTL,
1511         .set_optmax     = EBT_SO_SET_MAX + 1,
1512         .set            = do_ebt_set_ctl,
1513         .get_optmin     = EBT_BASE_CTL,
1514         .get_optmax     = EBT_SO_GET_MAX + 1,
1515         .get            = do_ebt_get_ctl,
1516         .owner          = THIS_MODULE,
1517 };
1518
1519 static int __init ebtables_init(void)
1520 {
1521         int ret;
1522
1523         ret = xt_register_target(&ebt_standard_target);
1524         if (ret < 0)
1525                 return ret;
1526         ret = nf_register_sockopt(&ebt_sockopts);
1527         if (ret < 0) {
1528                 xt_unregister_target(&ebt_standard_target);
1529                 return ret;
1530         }
1531
1532         printk(KERN_INFO "Ebtables v2.0 registered\n");
1533         return 0;
1534 }
1535
1536 static void __exit ebtables_fini(void)
1537 {
1538         nf_unregister_sockopt(&ebt_sockopts);
1539         xt_unregister_target(&ebt_standard_target);
1540         printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1541 }
1542
1543 EXPORT_SYMBOL(ebt_register_table);
1544 EXPORT_SYMBOL(ebt_unregister_table);
1545 EXPORT_SYMBOL(ebt_do_table);
1546 module_init(ebtables_init);
1547 module_exit(ebtables_fini);
1548 MODULE_LICENSE("GPL");