netfilter: xtables: move extension arguments into compound structure (2/6)
[linux-3.10.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34                                          "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37                                          ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43  * Each cpu has its own set of counters, so there is no need for write_lock in
44  * the softirq
45  * For reading or updating the counters, the user context needs to
46  * get a write_lock
47  */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53    COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58 static LIST_HEAD(ebt_tables);
59
60 static struct xt_target ebt_standard_target = {
61         .name       = "standard",
62         .revision   = 0,
63         .family     = NFPROTO_BRIDGE,
64         .targetsize = sizeof(int),
65 };
66
67 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
68    struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
69    const struct net_device *out)
70 {
71         w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data);
72         /* watchers don't give a verdict */
73         return 0;
74 }
75
76 static inline int ebt_do_match (struct ebt_entry_match *m,
77    const struct sk_buff *skb, struct xt_match_param *par)
78 {
79         par->match     = m->u.match;
80         par->matchinfo = m->data;
81         return m->u.match->match(skb, par);
82 }
83
84 static inline int ebt_dev_check(char *entry, const struct net_device *device)
85 {
86         int i = 0;
87         const char *devname = device->name;
88
89         if (*entry == '\0')
90                 return 0;
91         if (!device)
92                 return 1;
93         /* 1 is the wildcard token */
94         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
95                 i++;
96         return (devname[i] != entry[i] && entry[i] != 1);
97 }
98
99 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
100 /* process standard matches */
101 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
102    const struct net_device *in, const struct net_device *out)
103 {
104         int verdict, i;
105
106         if (e->bitmask & EBT_802_3) {
107                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
108                         return 1;
109         } else if (!(e->bitmask & EBT_NOPROTO) &&
110            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
111                 return 1;
112
113         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
114                 return 1;
115         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
116                 return 1;
117         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
118            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
119                 return 1;
120         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
121            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
122                 return 1;
123
124         if (e->bitmask & EBT_SOURCEMAC) {
125                 verdict = 0;
126                 for (i = 0; i < 6; i++)
127                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
128                            e->sourcemsk[i];
129                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
130                         return 1;
131         }
132         if (e->bitmask & EBT_DESTMAC) {
133                 verdict = 0;
134                 for (i = 0; i < 6; i++)
135                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
136                            e->destmsk[i];
137                 if (FWINV2(verdict != 0, EBT_IDEST) )
138                         return 1;
139         }
140         return 0;
141 }
142
143 /* Do some firewalling */
144 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
145    const struct net_device *in, const struct net_device *out,
146    struct ebt_table *table)
147 {
148         int i, nentries;
149         struct ebt_entry *point;
150         struct ebt_counter *counter_base, *cb_base;
151         struct ebt_entry_target *t;
152         int verdict, sp = 0;
153         struct ebt_chainstack *cs;
154         struct ebt_entries *chaininfo;
155         char *base;
156         struct ebt_table_info *private;
157         bool hotdrop = false;
158         struct xt_match_param mtpar;
159
160         mtpar.in      = in;
161         mtpar.out     = out;
162         mtpar.hotdrop = &hotdrop;
163
164         read_lock_bh(&table->lock);
165         private = table->private;
166         cb_base = COUNTER_BASE(private->counters, private->nentries,
167            smp_processor_id());
168         if (private->chainstack)
169                 cs = private->chainstack[smp_processor_id()];
170         else
171                 cs = NULL;
172         chaininfo = private->hook_entry[hook];
173         nentries = private->hook_entry[hook]->nentries;
174         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
175         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
176         /* base for chain jumps */
177         base = private->entries;
178         i = 0;
179         while (i < nentries) {
180                 if (ebt_basic_match(point, eth_hdr(skb), in, out))
181                         goto letscontinue;
182
183                 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
184                         goto letscontinue;
185                 if (hotdrop) {
186                         read_unlock_bh(&table->lock);
187                         return NF_DROP;
188                 }
189
190                 /* increase counter */
191                 (*(counter_base + i)).pcnt++;
192                 (*(counter_base + i)).bcnt += skb->len;
193
194                 /* these should only watch: not modify, nor tell us
195                    what to do with the packet */
196                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in,
197                    out);
198
199                 t = (struct ebt_entry_target *)
200                    (((char *)point) + point->target_offset);
201                 /* standard target */
202                 if (!t->u.target->target)
203                         verdict = ((struct ebt_standard_target *)t)->verdict;
204                 else
205                         verdict = t->u.target->target(skb, in, out, hook,
206                                   t->u.target, t->data);
207                 if (verdict == EBT_ACCEPT) {
208                         read_unlock_bh(&table->lock);
209                         return NF_ACCEPT;
210                 }
211                 if (verdict == EBT_DROP) {
212                         read_unlock_bh(&table->lock);
213                         return NF_DROP;
214                 }
215                 if (verdict == EBT_RETURN) {
216 letsreturn:
217 #ifdef CONFIG_NETFILTER_DEBUG
218                         if (sp == 0) {
219                                 BUGPRINT("RETURN on base chain");
220                                 /* act like this is EBT_CONTINUE */
221                                 goto letscontinue;
222                         }
223 #endif
224                         sp--;
225                         /* put all the local variables right */
226                         i = cs[sp].n;
227                         chaininfo = cs[sp].chaininfo;
228                         nentries = chaininfo->nentries;
229                         point = cs[sp].e;
230                         counter_base = cb_base +
231                            chaininfo->counter_offset;
232                         continue;
233                 }
234                 if (verdict == EBT_CONTINUE)
235                         goto letscontinue;
236 #ifdef CONFIG_NETFILTER_DEBUG
237                 if (verdict < 0) {
238                         BUGPRINT("bogus standard verdict\n");
239                         read_unlock_bh(&table->lock);
240                         return NF_DROP;
241                 }
242 #endif
243                 /* jump to a udc */
244                 cs[sp].n = i + 1;
245                 cs[sp].chaininfo = chaininfo;
246                 cs[sp].e = (struct ebt_entry *)
247                    (((char *)point) + point->next_offset);
248                 i = 0;
249                 chaininfo = (struct ebt_entries *) (base + verdict);
250 #ifdef CONFIG_NETFILTER_DEBUG
251                 if (chaininfo->distinguisher) {
252                         BUGPRINT("jump to non-chain\n");
253                         read_unlock_bh(&table->lock);
254                         return NF_DROP;
255                 }
256 #endif
257                 nentries = chaininfo->nentries;
258                 point = (struct ebt_entry *)chaininfo->data;
259                 counter_base = cb_base + chaininfo->counter_offset;
260                 sp++;
261                 continue;
262 letscontinue:
263                 point = (struct ebt_entry *)
264                    (((char *)point) + point->next_offset);
265                 i++;
266         }
267
268         /* I actually like this :) */
269         if (chaininfo->policy == EBT_RETURN)
270                 goto letsreturn;
271         if (chaininfo->policy == EBT_ACCEPT) {
272                 read_unlock_bh(&table->lock);
273                 return NF_ACCEPT;
274         }
275         read_unlock_bh(&table->lock);
276         return NF_DROP;
277 }
278
279 /* If it succeeds, returns element and locks mutex */
280 static inline void *
281 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
282    struct mutex *mutex)
283 {
284         struct {
285                 struct list_head list;
286                 char name[EBT_FUNCTION_MAXNAMELEN];
287         } *e;
288
289         *error = mutex_lock_interruptible(mutex);
290         if (*error != 0)
291                 return NULL;
292
293         list_for_each_entry(e, head, list) {
294                 if (strcmp(e->name, name) == 0)
295                         return e;
296         }
297         *error = -ENOENT;
298         mutex_unlock(mutex);
299         return NULL;
300 }
301
302 #ifndef CONFIG_KMOD
303 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
304 #else
305 static void *
306 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
307    int *error, struct mutex *mutex)
308 {
309         void *ret;
310
311         ret = find_inlist_lock_noload(head, name, error, mutex);
312         if (!ret) {
313                 request_module("%s%s", prefix, name);
314                 ret = find_inlist_lock_noload(head, name, error, mutex);
315         }
316         return ret;
317 }
318 #endif
319
320 static inline struct ebt_table *
321 find_table_lock(const char *name, int *error, struct mutex *mutex)
322 {
323         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
324 }
325
326 static inline int
327 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
328                 unsigned int *cnt)
329 {
330         const struct ebt_entry *e = par->entryinfo;
331         struct xt_match *match;
332         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
333         int ret;
334
335         if (left < sizeof(struct ebt_entry_match) ||
336             left - sizeof(struct ebt_entry_match) < m->match_size)
337                 return -EINVAL;
338
339         match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
340                 m->u.name, 0), "ebt_%s", m->u.name);
341         if (IS_ERR(match))
342                 return PTR_ERR(match);
343         if (match == NULL)
344                 return -ENOENT;
345         m->u.match = match;
346
347         par->match     = match;
348         par->matchinfo = m->data;
349         ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size,
350               e->ethproto, e->invflags & EBT_IPROTO);
351         if (ret < 0) {
352                 module_put(match->me);
353                 return ret;
354         }
355
356         (*cnt)++;
357         return 0;
358 }
359
360 static inline int
361 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
362    const char *name, unsigned int hookmask, unsigned int *cnt)
363 {
364         struct xt_target *watcher;
365         size_t left = ((char *)e + e->target_offset) - (char *)w;
366         int ret;
367
368         if (left < sizeof(struct ebt_entry_watcher) ||
369            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
370                 return -EINVAL;
371
372         watcher = try_then_request_module(
373                   xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
374                   "ebt_%s", w->u.name);
375         if (IS_ERR(watcher))
376                 return PTR_ERR(watcher);
377         if (watcher == NULL)
378                 return -ENOENT;
379         w->u.watcher = watcher;
380
381         ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
382               name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
383               e, w->data);
384         if (ret < 0) {
385                 module_put(watcher->me);
386                 return ret;
387         }
388
389         (*cnt)++;
390         return 0;
391 }
392
393 static int ebt_verify_pointers(struct ebt_replace *repl,
394                                struct ebt_table_info *newinfo)
395 {
396         unsigned int limit = repl->entries_size;
397         unsigned int valid_hooks = repl->valid_hooks;
398         unsigned int offset = 0;
399         int i;
400
401         for (i = 0; i < NF_BR_NUMHOOKS; i++)
402                 newinfo->hook_entry[i] = NULL;
403
404         newinfo->entries_size = repl->entries_size;
405         newinfo->nentries = repl->nentries;
406
407         while (offset < limit) {
408                 size_t left = limit - offset;
409                 struct ebt_entry *e = (void *)newinfo->entries + offset;
410
411                 if (left < sizeof(unsigned int))
412                         break;
413
414                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
415                         if ((valid_hooks & (1 << i)) == 0)
416                                 continue;
417                         if ((char __user *)repl->hook_entry[i] ==
418                              repl->entries + offset)
419                                 break;
420                 }
421
422                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
423                         if (e->bitmask != 0) {
424                                 /* we make userspace set this right,
425                                    so there is no misunderstanding */
426                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
427                                          "in distinguisher\n");
428                                 return -EINVAL;
429                         }
430                         if (i != NF_BR_NUMHOOKS)
431                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
432                         if (left < sizeof(struct ebt_entries))
433                                 break;
434                         offset += sizeof(struct ebt_entries);
435                 } else {
436                         if (left < sizeof(struct ebt_entry))
437                                 break;
438                         if (left < e->next_offset)
439                                 break;
440                         offset += e->next_offset;
441                 }
442         }
443         if (offset != limit) {
444                 BUGPRINT("entries_size too small\n");
445                 return -EINVAL;
446         }
447
448         /* check if all valid hooks have a chain */
449         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
450                 if (!newinfo->hook_entry[i] &&
451                    (valid_hooks & (1 << i))) {
452                         BUGPRINT("Valid hook without chain\n");
453                         return -EINVAL;
454                 }
455         }
456         return 0;
457 }
458
459 /*
460  * this one is very careful, as it is the first function
461  * to parse the userspace data
462  */
463 static inline int
464 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
465    struct ebt_table_info *newinfo,
466    unsigned int *n, unsigned int *cnt,
467    unsigned int *totalcnt, unsigned int *udc_cnt)
468 {
469         int i;
470
471         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
472                 if ((void *)e == (void *)newinfo->hook_entry[i])
473                         break;
474         }
475         /* beginning of a new chain
476            if i == NF_BR_NUMHOOKS it must be a user defined chain */
477         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
478                 /* this checks if the previous chain has as many entries
479                    as it said it has */
480                 if (*n != *cnt) {
481                         BUGPRINT("nentries does not equal the nr of entries "
482                                  "in the chain\n");
483                         return -EINVAL;
484                 }
485                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
486                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
487                         /* only RETURN from udc */
488                         if (i != NF_BR_NUMHOOKS ||
489                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
490                                 BUGPRINT("bad policy\n");
491                                 return -EINVAL;
492                         }
493                 }
494                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
495                         (*udc_cnt)++;
496                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
497                         BUGPRINT("counter_offset != totalcnt");
498                         return -EINVAL;
499                 }
500                 *n = ((struct ebt_entries *)e)->nentries;
501                 *cnt = 0;
502                 return 0;
503         }
504         /* a plain old entry, heh */
505         if (sizeof(struct ebt_entry) > e->watchers_offset ||
506            e->watchers_offset > e->target_offset ||
507            e->target_offset >= e->next_offset) {
508                 BUGPRINT("entry offsets not in right order\n");
509                 return -EINVAL;
510         }
511         /* this is not checked anywhere else */
512         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
513                 BUGPRINT("target size too small\n");
514                 return -EINVAL;
515         }
516         (*cnt)++;
517         (*totalcnt)++;
518         return 0;
519 }
520
521 struct ebt_cl_stack
522 {
523         struct ebt_chainstack cs;
524         int from;
525         unsigned int hookmask;
526 };
527
528 /*
529  * we need these positions to check that the jumps to a different part of the
530  * entries is a jump to the beginning of a new chain.
531  */
532 static inline int
533 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
534    unsigned int *n, struct ebt_cl_stack *udc)
535 {
536         int i;
537
538         /* we're only interested in chain starts */
539         if (e->bitmask)
540                 return 0;
541         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
542                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
543                         break;
544         }
545         /* only care about udc */
546         if (i != NF_BR_NUMHOOKS)
547                 return 0;
548
549         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
550         /* these initialisations are depended on later in check_chainloops() */
551         udc[*n].cs.n = 0;
552         udc[*n].hookmask = 0;
553
554         (*n)++;
555         return 0;
556 }
557
558 static inline int
559 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
560 {
561         if (i && (*i)-- == 0)
562                 return 1;
563         if (m->u.match->destroy)
564                 m->u.match->destroy(m->u.match, m->data);
565         module_put(m->u.match->me);
566
567         return 0;
568 }
569
570 static inline int
571 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
572 {
573         if (i && (*i)-- == 0)
574                 return 1;
575         if (w->u.watcher->destroy)
576                 w->u.watcher->destroy(w->u.watcher, w->data);
577         module_put(w->u.watcher->me);
578
579         return 0;
580 }
581
582 static inline int
583 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
584 {
585         struct ebt_entry_target *t;
586
587         if (e->bitmask == 0)
588                 return 0;
589         /* we're done */
590         if (cnt && (*cnt)-- == 0)
591                 return 1;
592         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
593         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
594         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
595         if (t->u.target->destroy)
596                 t->u.target->destroy(t->u.target, t->data);
597         module_put(t->u.target->me);
598
599         return 0;
600 }
601
602 static inline int
603 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
604    const char *name, unsigned int *cnt,
605    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
606 {
607         struct ebt_entry_target *t;
608         struct xt_target *target;
609         unsigned int i, j, hook = 0, hookmask = 0;
610         size_t gap;
611         int ret;
612         struct xt_mtchk_param par;
613
614         /* don't mess with the struct ebt_entries */
615         if (e->bitmask == 0)
616                 return 0;
617
618         if (e->bitmask & ~EBT_F_MASK) {
619                 BUGPRINT("Unknown flag for bitmask\n");
620                 return -EINVAL;
621         }
622         if (e->invflags & ~EBT_INV_MASK) {
623                 BUGPRINT("Unknown flag for inv bitmask\n");
624                 return -EINVAL;
625         }
626         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
627                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
628                 return -EINVAL;
629         }
630         /* what hook do we belong to? */
631         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
632                 if (!newinfo->hook_entry[i])
633                         continue;
634                 if ((char *)newinfo->hook_entry[i] < (char *)e)
635                         hook = i;
636                 else
637                         break;
638         }
639         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
640            a base chain */
641         if (i < NF_BR_NUMHOOKS)
642                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
643         else {
644                 for (i = 0; i < udc_cnt; i++)
645                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
646                                 break;
647                 if (i == 0)
648                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
649                 else
650                         hookmask = cl_s[i - 1].hookmask;
651         }
652         i = 0;
653
654         par.table     = name;
655         par.entryinfo = e;
656         par.hook_mask = hookmask;
657         ret = EBT_MATCH_ITERATE(e, ebt_check_match, &par, &i);
658         if (ret != 0)
659                 goto cleanup_matches;
660         j = 0;
661         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
662         if (ret != 0)
663                 goto cleanup_watchers;
664         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
665         gap = e->next_offset - e->target_offset;
666
667         target = try_then_request_module(
668                  xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
669                  "ebt_%s", t->u.name);
670         if (IS_ERR(target)) {
671                 ret = PTR_ERR(target);
672                 goto cleanup_watchers;
673         } else if (target == NULL) {
674                 ret = -ENOENT;
675                 goto cleanup_watchers;
676         }
677
678         t->u.target = target;
679         if (t->u.target == &ebt_standard_target) {
680                 if (gap < sizeof(struct ebt_standard_target)) {
681                         BUGPRINT("Standard target size too big\n");
682                         ret = -EFAULT;
683                         goto cleanup_watchers;
684                 }
685                 if (((struct ebt_standard_target *)t)->verdict <
686                    -NUM_STANDARD_TARGETS) {
687                         BUGPRINT("Invalid standard target\n");
688                         ret = -EFAULT;
689                         goto cleanup_watchers;
690                 }
691         } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
692                 module_put(t->u.target->me);
693                 ret = -EFAULT;
694                 goto cleanup_watchers;
695         }
696
697         ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
698               name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
699               e, t->data);
700         if (ret < 0) {
701                 module_put(target->me);
702                 goto cleanup_watchers;
703         }
704         (*cnt)++;
705         return 0;
706 cleanup_watchers:
707         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
708 cleanup_matches:
709         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
710         return ret;
711 }
712
713 /*
714  * checks for loops and sets the hook mask for udc
715  * the hook mask for udc tells us from which base chains the udc can be
716  * accessed. This mask is a parameter to the check() functions of the extensions
717  */
718 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
719    unsigned int udc_cnt, unsigned int hooknr, char *base)
720 {
721         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
722         struct ebt_entry *e = (struct ebt_entry *)chain->data;
723         struct ebt_entry_target *t;
724
725         while (pos < nentries || chain_nr != -1) {
726                 /* end of udc, go back one 'recursion' step */
727                 if (pos == nentries) {
728                         /* put back values of the time when this chain was called */
729                         e = cl_s[chain_nr].cs.e;
730                         if (cl_s[chain_nr].from != -1)
731                                 nentries =
732                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
733                         else
734                                 nentries = chain->nentries;
735                         pos = cl_s[chain_nr].cs.n;
736                         /* make sure we won't see a loop that isn't one */
737                         cl_s[chain_nr].cs.n = 0;
738                         chain_nr = cl_s[chain_nr].from;
739                         if (pos == nentries)
740                                 continue;
741                 }
742                 t = (struct ebt_entry_target *)
743                    (((char *)e) + e->target_offset);
744                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
745                         goto letscontinue;
746                 if (e->target_offset + sizeof(struct ebt_standard_target) >
747                    e->next_offset) {
748                         BUGPRINT("Standard target size too big\n");
749                         return -1;
750                 }
751                 verdict = ((struct ebt_standard_target *)t)->verdict;
752                 if (verdict >= 0) { /* jump to another chain */
753                         struct ebt_entries *hlp2 =
754                            (struct ebt_entries *)(base + verdict);
755                         for (i = 0; i < udc_cnt; i++)
756                                 if (hlp2 == cl_s[i].cs.chaininfo)
757                                         break;
758                         /* bad destination or loop */
759                         if (i == udc_cnt) {
760                                 BUGPRINT("bad destination\n");
761                                 return -1;
762                         }
763                         if (cl_s[i].cs.n) {
764                                 BUGPRINT("loop\n");
765                                 return -1;
766                         }
767                         if (cl_s[i].hookmask & (1 << hooknr))
768                                 goto letscontinue;
769                         /* this can't be 0, so the loop test is correct */
770                         cl_s[i].cs.n = pos + 1;
771                         pos = 0;
772                         cl_s[i].cs.e = ((void *)e + e->next_offset);
773                         e = (struct ebt_entry *)(hlp2->data);
774                         nentries = hlp2->nentries;
775                         cl_s[i].from = chain_nr;
776                         chain_nr = i;
777                         /* this udc is accessible from the base chain for hooknr */
778                         cl_s[i].hookmask |= (1 << hooknr);
779                         continue;
780                 }
781 letscontinue:
782                 e = (void *)e + e->next_offset;
783                 pos++;
784         }
785         return 0;
786 }
787
788 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
789 static int translate_table(char *name, struct ebt_table_info *newinfo)
790 {
791         unsigned int i, j, k, udc_cnt;
792         int ret;
793         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
794
795         i = 0;
796         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
797                 i++;
798         if (i == NF_BR_NUMHOOKS) {
799                 BUGPRINT("No valid hooks specified\n");
800                 return -EINVAL;
801         }
802         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
803                 BUGPRINT("Chains don't start at beginning\n");
804                 return -EINVAL;
805         }
806         /* make sure chains are ordered after each other in same order
807            as their corresponding hooks */
808         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
809                 if (!newinfo->hook_entry[j])
810                         continue;
811                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
812                         BUGPRINT("Hook order must be followed\n");
813                         return -EINVAL;
814                 }
815                 i = j;
816         }
817
818         /* do some early checkings and initialize some things */
819         i = 0; /* holds the expected nr. of entries for the chain */
820         j = 0; /* holds the up to now counted entries for the chain */
821         k = 0; /* holds the total nr. of entries, should equal
822                   newinfo->nentries afterwards */
823         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
824         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
825            ebt_check_entry_size_and_hooks, newinfo,
826            &i, &j, &k, &udc_cnt);
827
828         if (ret != 0)
829                 return ret;
830
831         if (i != j) {
832                 BUGPRINT("nentries does not equal the nr of entries in the "
833                          "(last) chain\n");
834                 return -EINVAL;
835         }
836         if (k != newinfo->nentries) {
837                 BUGPRINT("Total nentries is wrong\n");
838                 return -EINVAL;
839         }
840
841         /* get the location of the udc, put them in an array
842            while we're at it, allocate the chainstack */
843         if (udc_cnt) {
844                 /* this will get free'd in do_replace()/ebt_register_table()
845                    if an error occurs */
846                 newinfo->chainstack =
847                         vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
848                 if (!newinfo->chainstack)
849                         return -ENOMEM;
850                 for_each_possible_cpu(i) {
851                         newinfo->chainstack[i] =
852                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
853                         if (!newinfo->chainstack[i]) {
854                                 while (i)
855                                         vfree(newinfo->chainstack[--i]);
856                                 vfree(newinfo->chainstack);
857                                 newinfo->chainstack = NULL;
858                                 return -ENOMEM;
859                         }
860                 }
861
862                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
863                 if (!cl_s)
864                         return -ENOMEM;
865                 i = 0; /* the i'th udc */
866                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
867                    ebt_get_udc_positions, newinfo, &i, cl_s);
868                 /* sanity check */
869                 if (i != udc_cnt) {
870                         BUGPRINT("i != udc_cnt\n");
871                         vfree(cl_s);
872                         return -EFAULT;
873                 }
874         }
875
876         /* Check for loops */
877         for (i = 0; i < NF_BR_NUMHOOKS; i++)
878                 if (newinfo->hook_entry[i])
879                         if (check_chainloops(newinfo->hook_entry[i],
880                            cl_s, udc_cnt, i, newinfo->entries)) {
881                                 vfree(cl_s);
882                                 return -EINVAL;
883                         }
884
885         /* we now know the following (along with E=mc²):
886            - the nr of entries in each chain is right
887            - the size of the allocated space is right
888            - all valid hooks have a corresponding chain
889            - there are no loops
890            - wrong data can still be on the level of a single entry
891            - could be there are jumps to places that are not the
892              beginning of a chain. This can only occur in chains that
893              are not accessible from any base chains, so we don't care. */
894
895         /* used to know what we need to clean up if something goes wrong */
896         i = 0;
897         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
898            ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
899         if (ret != 0) {
900                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
901                    ebt_cleanup_entry, &i);
902         }
903         vfree(cl_s);
904         return ret;
905 }
906
907 /* called under write_lock */
908 static void get_counters(struct ebt_counter *oldcounters,
909    struct ebt_counter *counters, unsigned int nentries)
910 {
911         int i, cpu;
912         struct ebt_counter *counter_base;
913
914         /* counters of cpu 0 */
915         memcpy(counters, oldcounters,
916                sizeof(struct ebt_counter) * nentries);
917
918         /* add other counters to those of cpu 0 */
919         for_each_possible_cpu(cpu) {
920                 if (cpu == 0)
921                         continue;
922                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
923                 for (i = 0; i < nentries; i++) {
924                         counters[i].pcnt += counter_base[i].pcnt;
925                         counters[i].bcnt += counter_base[i].bcnt;
926                 }
927         }
928 }
929
930 /* replace the table */
931 static int do_replace(void __user *user, unsigned int len)
932 {
933         int ret, i, countersize;
934         struct ebt_table_info *newinfo;
935         struct ebt_replace tmp;
936         struct ebt_table *t;
937         struct ebt_counter *counterstmp = NULL;
938         /* used to be able to unlock earlier */
939         struct ebt_table_info *table;
940
941         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
942                 return -EFAULT;
943
944         if (len != sizeof(tmp) + tmp.entries_size) {
945                 BUGPRINT("Wrong len argument\n");
946                 return -EINVAL;
947         }
948
949         if (tmp.entries_size == 0) {
950                 BUGPRINT("Entries_size never zero\n");
951                 return -EINVAL;
952         }
953         /* overflow check */
954         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
955                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
956                 return -ENOMEM;
957         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
958                 return -ENOMEM;
959
960         countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
961         newinfo = vmalloc(sizeof(*newinfo) + countersize);
962         if (!newinfo)
963                 return -ENOMEM;
964
965         if (countersize)
966                 memset(newinfo->counters, 0, countersize);
967
968         newinfo->entries = vmalloc(tmp.entries_size);
969         if (!newinfo->entries) {
970                 ret = -ENOMEM;
971                 goto free_newinfo;
972         }
973         if (copy_from_user(
974            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
975                 BUGPRINT("Couldn't copy entries from userspace\n");
976                 ret = -EFAULT;
977                 goto free_entries;
978         }
979
980         /* the user wants counters back
981            the check on the size is done later, when we have the lock */
982         if (tmp.num_counters) {
983                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
984                 if (!counterstmp) {
985                         ret = -ENOMEM;
986                         goto free_entries;
987                 }
988         }
989         else
990                 counterstmp = NULL;
991
992         /* this can get initialized by translate_table() */
993         newinfo->chainstack = NULL;
994         ret = ebt_verify_pointers(&tmp, newinfo);
995         if (ret != 0)
996                 goto free_counterstmp;
997
998         ret = translate_table(tmp.name, newinfo);
999
1000         if (ret != 0)
1001                 goto free_counterstmp;
1002
1003         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1004         if (!t) {
1005                 ret = -ENOENT;
1006                 goto free_iterate;
1007         }
1008
1009         /* the table doesn't like it */
1010         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1011                 goto free_unlock;
1012
1013         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1014                 BUGPRINT("Wrong nr. of counters requested\n");
1015                 ret = -EINVAL;
1016                 goto free_unlock;
1017         }
1018
1019         /* we have the mutex lock, so no danger in reading this pointer */
1020         table = t->private;
1021         /* make sure the table can only be rmmod'ed if it contains no rules */
1022         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1023                 ret = -ENOENT;
1024                 goto free_unlock;
1025         } else if (table->nentries && !newinfo->nentries)
1026                 module_put(t->me);
1027         /* we need an atomic snapshot of the counters */
1028         write_lock_bh(&t->lock);
1029         if (tmp.num_counters)
1030                 get_counters(t->private->counters, counterstmp,
1031                    t->private->nentries);
1032
1033         t->private = newinfo;
1034         write_unlock_bh(&t->lock);
1035         mutex_unlock(&ebt_mutex);
1036         /* so, a user can change the chains while having messed up her counter
1037            allocation. Only reason why this is done is because this way the lock
1038            is held only once, while this doesn't bring the kernel into a
1039            dangerous state. */
1040         if (tmp.num_counters &&
1041            copy_to_user(tmp.counters, counterstmp,
1042            tmp.num_counters * sizeof(struct ebt_counter))) {
1043                 BUGPRINT("Couldn't copy counters to userspace\n");
1044                 ret = -EFAULT;
1045         }
1046         else
1047                 ret = 0;
1048
1049         /* decrease module count and free resources */
1050         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1051            ebt_cleanup_entry, NULL);
1052
1053         vfree(table->entries);
1054         if (table->chainstack) {
1055                 for_each_possible_cpu(i)
1056                         vfree(table->chainstack[i]);
1057                 vfree(table->chainstack);
1058         }
1059         vfree(table);
1060
1061         vfree(counterstmp);
1062         return ret;
1063
1064 free_unlock:
1065         mutex_unlock(&ebt_mutex);
1066 free_iterate:
1067         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1068            ebt_cleanup_entry, NULL);
1069 free_counterstmp:
1070         vfree(counterstmp);
1071         /* can be initialized in translate_table() */
1072         if (newinfo->chainstack) {
1073                 for_each_possible_cpu(i)
1074                         vfree(newinfo->chainstack[i]);
1075                 vfree(newinfo->chainstack);
1076         }
1077 free_entries:
1078         vfree(newinfo->entries);
1079 free_newinfo:
1080         vfree(newinfo);
1081         return ret;
1082 }
1083
1084 int ebt_register_table(struct ebt_table *table)
1085 {
1086         struct ebt_table_info *newinfo;
1087         struct ebt_table *t;
1088         struct ebt_replace_kernel *repl;
1089         int ret, i, countersize;
1090         void *p;
1091
1092         if (!table || !(repl = table->table) || !repl->entries ||
1093             repl->entries_size == 0 ||
1094             repl->counters || table->private) {
1095                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1096                 return -EINVAL;
1097         }
1098
1099         countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1100         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1101         ret = -ENOMEM;
1102         if (!newinfo)
1103                 return -ENOMEM;
1104
1105         p = vmalloc(repl->entries_size);
1106         if (!p)
1107                 goto free_newinfo;
1108
1109         memcpy(p, repl->entries, repl->entries_size);
1110         newinfo->entries = p;
1111
1112         newinfo->entries_size = repl->entries_size;
1113         newinfo->nentries = repl->nentries;
1114
1115         if (countersize)
1116                 memset(newinfo->counters, 0, countersize);
1117
1118         /* fill in newinfo and parse the entries */
1119         newinfo->chainstack = NULL;
1120         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1121                 if ((repl->valid_hooks & (1 << i)) == 0)
1122                         newinfo->hook_entry[i] = NULL;
1123                 else
1124                         newinfo->hook_entry[i] = p +
1125                                 ((char *)repl->hook_entry[i] - repl->entries);
1126         }
1127         ret = translate_table(repl->name, newinfo);
1128         if (ret != 0) {
1129                 BUGPRINT("Translate_table failed\n");
1130                 goto free_chainstack;
1131         }
1132
1133         if (table->check && table->check(newinfo, table->valid_hooks)) {
1134                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1135                 return -EINVAL;
1136         }
1137
1138         table->private = newinfo;
1139         rwlock_init(&table->lock);
1140         ret = mutex_lock_interruptible(&ebt_mutex);
1141         if (ret != 0)
1142                 goto free_chainstack;
1143
1144         list_for_each_entry(t, &ebt_tables, list) {
1145                 if (strcmp(t->name, table->name) == 0) {
1146                         ret = -EEXIST;
1147                         BUGPRINT("Table name already exists\n");
1148                         goto free_unlock;
1149                 }
1150         }
1151
1152         /* Hold a reference count if the chains aren't empty */
1153         if (newinfo->nentries && !try_module_get(table->me)) {
1154                 ret = -ENOENT;
1155                 goto free_unlock;
1156         }
1157         list_add(&table->list, &ebt_tables);
1158         mutex_unlock(&ebt_mutex);
1159         return 0;
1160 free_unlock:
1161         mutex_unlock(&ebt_mutex);
1162 free_chainstack:
1163         if (newinfo->chainstack) {
1164                 for_each_possible_cpu(i)
1165                         vfree(newinfo->chainstack[i]);
1166                 vfree(newinfo->chainstack);
1167         }
1168         vfree(newinfo->entries);
1169 free_newinfo:
1170         vfree(newinfo);
1171         return ret;
1172 }
1173
1174 void ebt_unregister_table(struct ebt_table *table)
1175 {
1176         int i;
1177
1178         if (!table) {
1179                 BUGPRINT("Request to unregister NULL table!!!\n");
1180                 return;
1181         }
1182         mutex_lock(&ebt_mutex);
1183         list_del(&table->list);
1184         mutex_unlock(&ebt_mutex);
1185         vfree(table->private->entries);
1186         if (table->private->chainstack) {
1187                 for_each_possible_cpu(i)
1188                         vfree(table->private->chainstack[i]);
1189                 vfree(table->private->chainstack);
1190         }
1191         vfree(table->private);
1192 }
1193
1194 /* userspace just supplied us with counters */
1195 static int update_counters(void __user *user, unsigned int len)
1196 {
1197         int i, ret;
1198         struct ebt_counter *tmp;
1199         struct ebt_replace hlp;
1200         struct ebt_table *t;
1201
1202         if (copy_from_user(&hlp, user, sizeof(hlp)))
1203                 return -EFAULT;
1204
1205         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1206                 return -EINVAL;
1207         if (hlp.num_counters == 0)
1208                 return -EINVAL;
1209
1210         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1211                 MEMPRINT("Update_counters && nomemory\n");
1212                 return -ENOMEM;
1213         }
1214
1215         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1216         if (!t)
1217                 goto free_tmp;
1218
1219         if (hlp.num_counters != t->private->nentries) {
1220                 BUGPRINT("Wrong nr of counters\n");
1221                 ret = -EINVAL;
1222                 goto unlock_mutex;
1223         }
1224
1225         if ( copy_from_user(tmp, hlp.counters,
1226            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1227                 BUGPRINT("Updata_counters && !cfu\n");
1228                 ret = -EFAULT;
1229                 goto unlock_mutex;
1230         }
1231
1232         /* we want an atomic add of the counters */
1233         write_lock_bh(&t->lock);
1234
1235         /* we add to the counters of the first cpu */
1236         for (i = 0; i < hlp.num_counters; i++) {
1237                 t->private->counters[i].pcnt += tmp[i].pcnt;
1238                 t->private->counters[i].bcnt += tmp[i].bcnt;
1239         }
1240
1241         write_unlock_bh(&t->lock);
1242         ret = 0;
1243 unlock_mutex:
1244         mutex_unlock(&ebt_mutex);
1245 free_tmp:
1246         vfree(tmp);
1247         return ret;
1248 }
1249
1250 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1251    char *base, char __user *ubase)
1252 {
1253         char __user *hlp = ubase + ((char *)m - base);
1254         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1255                 return -EFAULT;
1256         return 0;
1257 }
1258
1259 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1260    char *base, char __user *ubase)
1261 {
1262         char __user *hlp = ubase + ((char *)w - base);
1263         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1264                 return -EFAULT;
1265         return 0;
1266 }
1267
1268 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1269 {
1270         int ret;
1271         char __user *hlp;
1272         struct ebt_entry_target *t;
1273
1274         if (e->bitmask == 0)
1275                 return 0;
1276
1277         hlp = ubase + (((char *)e + e->target_offset) - base);
1278         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1279
1280         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1281         if (ret != 0)
1282                 return ret;
1283         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1284         if (ret != 0)
1285                 return ret;
1286         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1287                 return -EFAULT;
1288         return 0;
1289 }
1290
1291 /* called with ebt_mutex locked */
1292 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1293    int *len, int cmd)
1294 {
1295         struct ebt_replace tmp;
1296         struct ebt_counter *counterstmp, *oldcounters;
1297         unsigned int entries_size, nentries;
1298         char *entries;
1299
1300         if (cmd == EBT_SO_GET_ENTRIES) {
1301                 entries_size = t->private->entries_size;
1302                 nentries = t->private->nentries;
1303                 entries = t->private->entries;
1304                 oldcounters = t->private->counters;
1305         } else {
1306                 entries_size = t->table->entries_size;
1307                 nentries = t->table->nentries;
1308                 entries = t->table->entries;
1309                 oldcounters = t->table->counters;
1310         }
1311
1312         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1313                 BUGPRINT("Cfu didn't work\n");
1314                 return -EFAULT;
1315         }
1316
1317         if (*len != sizeof(struct ebt_replace) + entries_size +
1318            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1319                 BUGPRINT("Wrong size\n");
1320                 return -EINVAL;
1321         }
1322
1323         if (tmp.nentries != nentries) {
1324                 BUGPRINT("Nentries wrong\n");
1325                 return -EINVAL;
1326         }
1327
1328         if (tmp.entries_size != entries_size) {
1329                 BUGPRINT("Wrong size\n");
1330                 return -EINVAL;
1331         }
1332
1333         /* userspace might not need the counters */
1334         if (tmp.num_counters) {
1335                 if (tmp.num_counters != nentries) {
1336                         BUGPRINT("Num_counters wrong\n");
1337                         return -EINVAL;
1338                 }
1339                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1340                 if (!counterstmp) {
1341                         MEMPRINT("Couldn't copy counters, out of memory\n");
1342                         return -ENOMEM;
1343                 }
1344                 write_lock_bh(&t->lock);
1345                 get_counters(oldcounters, counterstmp, nentries);
1346                 write_unlock_bh(&t->lock);
1347
1348                 if (copy_to_user(tmp.counters, counterstmp,
1349                    nentries * sizeof(struct ebt_counter))) {
1350                         BUGPRINT("Couldn't copy counters to userspace\n");
1351                         vfree(counterstmp);
1352                         return -EFAULT;
1353                 }
1354                 vfree(counterstmp);
1355         }
1356
1357         if (copy_to_user(tmp.entries, entries, entries_size)) {
1358                 BUGPRINT("Couldn't copy entries to userspace\n");
1359                 return -EFAULT;
1360         }
1361         /* set the match/watcher/target names right */
1362         return EBT_ENTRY_ITERATE(entries, entries_size,
1363            ebt_make_names, entries, tmp.entries);
1364 }
1365
1366 static int do_ebt_set_ctl(struct sock *sk,
1367         int cmd, void __user *user, unsigned int len)
1368 {
1369         int ret;
1370
1371         switch(cmd) {
1372         case EBT_SO_SET_ENTRIES:
1373                 ret = do_replace(user, len);
1374                 break;
1375         case EBT_SO_SET_COUNTERS:
1376                 ret = update_counters(user, len);
1377                 break;
1378         default:
1379                 ret = -EINVAL;
1380   }
1381         return ret;
1382 }
1383
1384 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1385 {
1386         int ret;
1387         struct ebt_replace tmp;
1388         struct ebt_table *t;
1389
1390         if (copy_from_user(&tmp, user, sizeof(tmp)))
1391                 return -EFAULT;
1392
1393         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1394         if (!t)
1395                 return ret;
1396
1397         switch(cmd) {
1398         case EBT_SO_GET_INFO:
1399         case EBT_SO_GET_INIT_INFO:
1400                 if (*len != sizeof(struct ebt_replace)){
1401                         ret = -EINVAL;
1402                         mutex_unlock(&ebt_mutex);
1403                         break;
1404                 }
1405                 if (cmd == EBT_SO_GET_INFO) {
1406                         tmp.nentries = t->private->nentries;
1407                         tmp.entries_size = t->private->entries_size;
1408                         tmp.valid_hooks = t->valid_hooks;
1409                 } else {
1410                         tmp.nentries = t->table->nentries;
1411                         tmp.entries_size = t->table->entries_size;
1412                         tmp.valid_hooks = t->table->valid_hooks;
1413                 }
1414                 mutex_unlock(&ebt_mutex);
1415                 if (copy_to_user(user, &tmp, *len) != 0){
1416                         BUGPRINT("c2u Didn't work\n");
1417                         ret = -EFAULT;
1418                         break;
1419                 }
1420                 ret = 0;
1421                 break;
1422
1423         case EBT_SO_GET_ENTRIES:
1424         case EBT_SO_GET_INIT_ENTRIES:
1425                 ret = copy_everything_to_user(t, user, len, cmd);
1426                 mutex_unlock(&ebt_mutex);
1427                 break;
1428
1429         default:
1430                 mutex_unlock(&ebt_mutex);
1431                 ret = -EINVAL;
1432         }
1433
1434         return ret;
1435 }
1436
1437 static struct nf_sockopt_ops ebt_sockopts =
1438 {
1439         .pf             = PF_INET,
1440         .set_optmin     = EBT_BASE_CTL,
1441         .set_optmax     = EBT_SO_SET_MAX + 1,
1442         .set            = do_ebt_set_ctl,
1443         .get_optmin     = EBT_BASE_CTL,
1444         .get_optmax     = EBT_SO_GET_MAX + 1,
1445         .get            = do_ebt_get_ctl,
1446         .owner          = THIS_MODULE,
1447 };
1448
1449 static int __init ebtables_init(void)
1450 {
1451         int ret;
1452
1453         ret = xt_register_target(&ebt_standard_target);
1454         if (ret < 0)
1455                 return ret;
1456         ret = nf_register_sockopt(&ebt_sockopts);
1457         if (ret < 0) {
1458                 xt_unregister_target(&ebt_standard_target);
1459                 return ret;
1460         }
1461
1462         printk(KERN_INFO "Ebtables v2.0 registered\n");
1463         return 0;
1464 }
1465
1466 static void __exit ebtables_fini(void)
1467 {
1468         nf_unregister_sockopt(&ebt_sockopts);
1469         xt_unregister_target(&ebt_standard_target);
1470         printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1471 }
1472
1473 EXPORT_SYMBOL(ebt_register_table);
1474 EXPORT_SYMBOL(ebt_unregister_table);
1475 EXPORT_SYMBOL(ebt_do_table);
1476 module_init(ebtables_init);
1477 module_exit(ebtables_fini);
1478 MODULE_LICENSE("GPL");