[EBTABLES]: Clean up vmalloc usage in net/bridge/netfilter/ebtables.c
[linux-3.10.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <linux/cpumask.h>
30 #include <net/sock.h>
31 /* needed for logical [in,out]-dev filtering */
32 #include "../br_private.h"
33
34 /* list_named_find */
35 #define ASSERT_READ_LOCK(x)
36 #define ASSERT_WRITE_LOCK(x)
37 #include <linux/netfilter_ipv4/listhelp.h>
38 #include <linux/mutex.h>
39
40 #if 0
41 /* use this for remote debugging
42  * Copyright (C) 1998 by Ori Pomerantz
43  * Print the string to the appropriate tty, the one
44  * the current task uses
45  */
46 static void print_string(char *str)
47 {
48         struct tty_struct *my_tty;
49
50         /* The tty for the current task */
51         my_tty = current->signal->tty;
52         if (my_tty != NULL) {
53                 my_tty->driver->write(my_tty, 0, str, strlen(str));
54                 my_tty->driver->write(my_tty, 0, "\015\012", 2);
55         }
56 }
57
58 #define BUGPRINT(args) print_string(args);
59 #else
60 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
61                                          "report to author: "format, ## args)
62 /* #define BUGPRINT(format, args...) */
63 #endif
64 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
65                                          ": out of memory: "format, ## args)
66 /* #define MEMPRINT(format, args...) */
67
68
69
70 /*
71  * Each cpu has its own set of counters, so there is no need for write_lock in
72  * the softirq
73  * For reading or updating the counters, the user context needs to
74  * get a write_lock
75  */
76
77 /* The size of each set of counters is altered to get cache alignment */
78 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
79 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
80 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
81    COUNTER_OFFSET(n) * cpu))
82
83
84
85 static DEFINE_MUTEX(ebt_mutex);
86 static LIST_HEAD(ebt_tables);
87 static LIST_HEAD(ebt_targets);
88 static LIST_HEAD(ebt_matches);
89 static LIST_HEAD(ebt_watchers);
90
91 static struct ebt_target ebt_standard_target =
92 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
93
94 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
95    const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
96    const struct net_device *out)
97 {
98         w->u.watcher->watcher(skb, hooknr, in, out, w->data,
99            w->watcher_size);
100         /* watchers don't give a verdict */
101         return 0;
102 }
103
104 static inline int ebt_do_match (struct ebt_entry_match *m,
105    const struct sk_buff *skb, const struct net_device *in,
106    const struct net_device *out)
107 {
108         return m->u.match->match(skb, in, out, m->data,
109            m->match_size);
110 }
111
112 static inline int ebt_dev_check(char *entry, const struct net_device *device)
113 {
114         int i = 0;
115         char *devname = device->name;
116
117         if (*entry == '\0')
118                 return 0;
119         if (!device)
120                 return 1;
121         /* 1 is the wildcard token */
122         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
123                 i++;
124         return (devname[i] != entry[i] && entry[i] != 1);
125 }
126
127 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
128 /* process standard matches */
129 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
130    const struct net_device *in, const struct net_device *out)
131 {
132         int verdict, i;
133
134         if (e->bitmask & EBT_802_3) {
135                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
136                         return 1;
137         } else if (!(e->bitmask & EBT_NOPROTO) &&
138            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
139                 return 1;
140
141         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
142                 return 1;
143         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
144                 return 1;
145         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
146            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
147                 return 1;
148         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
149            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
150                 return 1;
151
152         if (e->bitmask & EBT_SOURCEMAC) {
153                 verdict = 0;
154                 for (i = 0; i < 6; i++)
155                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
156                            e->sourcemsk[i];
157                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
158                         return 1;
159         }
160         if (e->bitmask & EBT_DESTMAC) {
161                 verdict = 0;
162                 for (i = 0; i < 6; i++)
163                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
164                            e->destmsk[i];
165                 if (FWINV2(verdict != 0, EBT_IDEST) )
166                         return 1;
167         }
168         return 0;
169 }
170
171 /* Do some firewalling */
172 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
173    const struct net_device *in, const struct net_device *out,
174    struct ebt_table *table)
175 {
176         int i, nentries;
177         struct ebt_entry *point;
178         struct ebt_counter *counter_base, *cb_base;
179         struct ebt_entry_target *t;
180         int verdict, sp = 0;
181         struct ebt_chainstack *cs;
182         struct ebt_entries *chaininfo;
183         char *base;
184         struct ebt_table_info *private;
185
186         read_lock_bh(&table->lock);
187         private = table->private;
188         cb_base = COUNTER_BASE(private->counters, private->nentries,
189            smp_processor_id());
190         if (private->chainstack)
191                 cs = private->chainstack[smp_processor_id()];
192         else
193                 cs = NULL;
194         chaininfo = private->hook_entry[hook];
195         nentries = private->hook_entry[hook]->nentries;
196         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
197         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
198         /* base for chain jumps */
199         base = private->entries;
200         i = 0;
201         while (i < nentries) {
202                 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
203                         goto letscontinue;
204
205                 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
206                         goto letscontinue;
207
208                 /* increase counter */
209                 (*(counter_base + i)).pcnt++;
210                 (*(counter_base + i)).bcnt+=(**pskb).len;
211
212                 /* these should only watch: not modify, nor tell us
213                    what to do with the packet */
214                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
215                    out);
216
217                 t = (struct ebt_entry_target *)
218                    (((char *)point) + point->target_offset);
219                 /* standard target */
220                 if (!t->u.target->target)
221                         verdict = ((struct ebt_standard_target *)t)->verdict;
222                 else
223                         verdict = t->u.target->target(pskb, hook,
224                            in, out, t->data, t->target_size);
225                 if (verdict == EBT_ACCEPT) {
226                         read_unlock_bh(&table->lock);
227                         return NF_ACCEPT;
228                 }
229                 if (verdict == EBT_DROP) {
230                         read_unlock_bh(&table->lock);
231                         return NF_DROP;
232                 }
233                 if (verdict == EBT_RETURN) {
234 letsreturn:
235 #ifdef CONFIG_NETFILTER_DEBUG
236                         if (sp == 0) {
237                                 BUGPRINT("RETURN on base chain");
238                                 /* act like this is EBT_CONTINUE */
239                                 goto letscontinue;
240                         }
241 #endif
242                         sp--;
243                         /* put all the local variables right */
244                         i = cs[sp].n;
245                         chaininfo = cs[sp].chaininfo;
246                         nentries = chaininfo->nentries;
247                         point = cs[sp].e;
248                         counter_base = cb_base +
249                            chaininfo->counter_offset;
250                         continue;
251                 }
252                 if (verdict == EBT_CONTINUE)
253                         goto letscontinue;
254 #ifdef CONFIG_NETFILTER_DEBUG
255                 if (verdict < 0) {
256                         BUGPRINT("bogus standard verdict\n");
257                         read_unlock_bh(&table->lock);
258                         return NF_DROP;
259                 }
260 #endif
261                 /* jump to a udc */
262                 cs[sp].n = i + 1;
263                 cs[sp].chaininfo = chaininfo;
264                 cs[sp].e = (struct ebt_entry *)
265                    (((char *)point) + point->next_offset);
266                 i = 0;
267                 chaininfo = (struct ebt_entries *) (base + verdict);
268 #ifdef CONFIG_NETFILTER_DEBUG
269                 if (chaininfo->distinguisher) {
270                         BUGPRINT("jump to non-chain\n");
271                         read_unlock_bh(&table->lock);
272                         return NF_DROP;
273                 }
274 #endif
275                 nentries = chaininfo->nentries;
276                 point = (struct ebt_entry *)chaininfo->data;
277                 counter_base = cb_base + chaininfo->counter_offset;
278                 sp++;
279                 continue;
280 letscontinue:
281                 point = (struct ebt_entry *)
282                    (((char *)point) + point->next_offset);
283                 i++;
284         }
285
286         /* I actually like this :) */
287         if (chaininfo->policy == EBT_RETURN)
288                 goto letsreturn;
289         if (chaininfo->policy == EBT_ACCEPT) {
290                 read_unlock_bh(&table->lock);
291                 return NF_ACCEPT;
292         }
293         read_unlock_bh(&table->lock);
294         return NF_DROP;
295 }
296
297 /* If it succeeds, returns element and locks mutex */
298 static inline void *
299 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
300    struct mutex *mutex)
301 {
302         void *ret;
303
304         *error = mutex_lock_interruptible(mutex);
305         if (*error != 0)
306                 return NULL;
307
308         ret = list_named_find(head, name);
309         if (!ret) {
310                 *error = -ENOENT;
311                 mutex_unlock(mutex);
312         }
313         return ret;
314 }
315
316 #ifndef CONFIG_KMOD
317 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
318 #else
319 static void *
320 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
321    int *error, struct mutex *mutex)
322 {
323         void *ret;
324
325         ret = find_inlist_lock_noload(head, name, error, mutex);
326         if (!ret) {
327                 request_module("%s%s", prefix, name);
328                 ret = find_inlist_lock_noload(head, name, error, mutex);
329         }
330         return ret;
331 }
332 #endif
333
334 static inline struct ebt_table *
335 find_table_lock(const char *name, int *error, struct mutex *mutex)
336 {
337         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
338 }
339
340 static inline struct ebt_match *
341 find_match_lock(const char *name, int *error, struct mutex *mutex)
342 {
343         return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
344 }
345
346 static inline struct ebt_watcher *
347 find_watcher_lock(const char *name, int *error, struct mutex *mutex)
348 {
349         return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
350 }
351
352 static inline struct ebt_target *
353 find_target_lock(const char *name, int *error, struct mutex *mutex)
354 {
355         return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
356 }
357
358 static inline int
359 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
360    const char *name, unsigned int hookmask, unsigned int *cnt)
361 {
362         struct ebt_match *match;
363         int ret;
364
365         if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
366            ((char *)e) + e->watchers_offset)
367                 return -EINVAL;
368         match = find_match_lock(m->u.name, &ret, &ebt_mutex);
369         if (!match)
370                 return ret;
371         m->u.match = match;
372         if (!try_module_get(match->me)) {
373                 mutex_unlock(&ebt_mutex);
374                 return -ENOENT;
375         }
376         mutex_unlock(&ebt_mutex);
377         if (match->check &&
378            match->check(name, hookmask, e, m->data, m->match_size) != 0) {
379                 BUGPRINT("match->check failed\n");
380                 module_put(match->me);
381                 return -EINVAL;
382         }
383         (*cnt)++;
384         return 0;
385 }
386
387 static inline int
388 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
389    const char *name, unsigned int hookmask, unsigned int *cnt)
390 {
391         struct ebt_watcher *watcher;
392         int ret;
393
394         if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
395            ((char *)e) + e->target_offset)
396                 return -EINVAL;
397         watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
398         if (!watcher)
399                 return ret;
400         w->u.watcher = watcher;
401         if (!try_module_get(watcher->me)) {
402                 mutex_unlock(&ebt_mutex);
403                 return -ENOENT;
404         }
405         mutex_unlock(&ebt_mutex);
406         if (watcher->check &&
407            watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
408                 BUGPRINT("watcher->check failed\n");
409                 module_put(watcher->me);
410                 return -EINVAL;
411         }
412         (*cnt)++;
413         return 0;
414 }
415
416 /*
417  * this one is very careful, as it is the first function
418  * to parse the userspace data
419  */
420 static inline int
421 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
422    struct ebt_table_info *newinfo, char *base, char *limit,
423    struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
424    unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
425 {
426         int i;
427
428         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
429                 if ((valid_hooks & (1 << i)) == 0)
430                         continue;
431                 if ( (char *)hook_entries[i] - base ==
432                    (char *)e - newinfo->entries)
433                         break;
434         }
435         /* beginning of a new chain
436            if i == NF_BR_NUMHOOKS it must be a user defined chain */
437         if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
438                 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
439                         /* we make userspace set this right,
440                            so there is no misunderstanding */
441                         BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
442                                  "in distinguisher\n");
443                         return -EINVAL;
444                 }
445                 /* this checks if the previous chain has as many entries
446                    as it said it has */
447                 if (*n != *cnt) {
448                         BUGPRINT("nentries does not equal the nr of entries "
449                                  "in the chain\n");
450                         return -EINVAL;
451                 }
452                 /* before we look at the struct, be sure it is not too big */
453                 if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
454                    > limit) {
455                         BUGPRINT("entries_size too small\n");
456                         return -EINVAL;
457                 }
458                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
459                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
460                         /* only RETURN from udc */
461                         if (i != NF_BR_NUMHOOKS ||
462                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
463                                 BUGPRINT("bad policy\n");
464                                 return -EINVAL;
465                         }
466                 }
467                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
468                         (*udc_cnt)++;
469                 else
470                         newinfo->hook_entry[i] = (struct ebt_entries *)e;
471                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
472                         BUGPRINT("counter_offset != totalcnt");
473                         return -EINVAL;
474                 }
475                 *n = ((struct ebt_entries *)e)->nentries;
476                 *cnt = 0;
477                 return 0;
478         }
479         /* a plain old entry, heh */
480         if (sizeof(struct ebt_entry) > e->watchers_offset ||
481            e->watchers_offset > e->target_offset ||
482            e->target_offset >= e->next_offset) {
483                 BUGPRINT("entry offsets not in right order\n");
484                 return -EINVAL;
485         }
486         /* this is not checked anywhere else */
487         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
488                 BUGPRINT("target size too small\n");
489                 return -EINVAL;
490         }
491
492         (*cnt)++;
493         (*totalcnt)++;
494         return 0;
495 }
496
497 struct ebt_cl_stack
498 {
499         struct ebt_chainstack cs;
500         int from;
501         unsigned int hookmask;
502 };
503
504 /*
505  * we need these positions to check that the jumps to a different part of the
506  * entries is a jump to the beginning of a new chain.
507  */
508 static inline int
509 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
510    struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
511    struct ebt_cl_stack *udc)
512 {
513         int i;
514
515         /* we're only interested in chain starts */
516         if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
517                 return 0;
518         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
519                 if ((valid_hooks & (1 << i)) == 0)
520                         continue;
521                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
522                         break;
523         }
524         /* only care about udc */
525         if (i != NF_BR_NUMHOOKS)
526                 return 0;
527
528         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
529         /* these initialisations are depended on later in check_chainloops() */
530         udc[*n].cs.n = 0;
531         udc[*n].hookmask = 0;
532
533         (*n)++;
534         return 0;
535 }
536
537 static inline int
538 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
539 {
540         if (i && (*i)-- == 0)
541                 return 1;
542         if (m->u.match->destroy)
543                 m->u.match->destroy(m->data, m->match_size);
544         module_put(m->u.match->me);
545
546         return 0;
547 }
548
549 static inline int
550 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
551 {
552         if (i && (*i)-- == 0)
553                 return 1;
554         if (w->u.watcher->destroy)
555                 w->u.watcher->destroy(w->data, w->watcher_size);
556         module_put(w->u.watcher->me);
557
558         return 0;
559 }
560
561 static inline int
562 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
563 {
564         struct ebt_entry_target *t;
565
566         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
567                 return 0;
568         /* we're done */
569         if (cnt && (*cnt)-- == 0)
570                 return 1;
571         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
572         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
573         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
574         if (t->u.target->destroy)
575                 t->u.target->destroy(t->data, t->target_size);
576         module_put(t->u.target->me);
577
578         return 0;
579 }
580
581 static inline int
582 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
583    const char *name, unsigned int *cnt, unsigned int valid_hooks,
584    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
585 {
586         struct ebt_entry_target *t;
587         struct ebt_target *target;
588         unsigned int i, j, hook = 0, hookmask = 0;
589         int ret;
590
591         /* don't mess with the struct ebt_entries */
592         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
593                 return 0;
594
595         if (e->bitmask & ~EBT_F_MASK) {
596                 BUGPRINT("Unknown flag for bitmask\n");
597                 return -EINVAL;
598         }
599         if (e->invflags & ~EBT_INV_MASK) {
600                 BUGPRINT("Unknown flag for inv bitmask\n");
601                 return -EINVAL;
602         }
603         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
604                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
605                 return -EINVAL;
606         }
607         /* what hook do we belong to? */
608         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
609                 if ((valid_hooks & (1 << i)) == 0)
610                         continue;
611                 if ((char *)newinfo->hook_entry[i] < (char *)e)
612                         hook = i;
613                 else
614                         break;
615         }
616         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
617            a base chain */
618         if (i < NF_BR_NUMHOOKS)
619                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
620         else {
621                 for (i = 0; i < udc_cnt; i++)
622                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
623                                 break;
624                 if (i == 0)
625                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
626                 else
627                         hookmask = cl_s[i - 1].hookmask;
628         }
629         i = 0;
630         ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
631         if (ret != 0)
632                 goto cleanup_matches;
633         j = 0;
634         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
635         if (ret != 0)
636                 goto cleanup_watchers;
637         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
638         target = find_target_lock(t->u.name, &ret, &ebt_mutex);
639         if (!target)
640                 goto cleanup_watchers;
641         if (!try_module_get(target->me)) {
642                 mutex_unlock(&ebt_mutex);
643                 ret = -ENOENT;
644                 goto cleanup_watchers;
645         }
646         mutex_unlock(&ebt_mutex);
647
648         t->u.target = target;
649         if (t->u.target == &ebt_standard_target) {
650                 if (e->target_offset + sizeof(struct ebt_standard_target) >
651                    e->next_offset) {
652                         BUGPRINT("Standard target size too big\n");
653                         ret = -EFAULT;
654                         goto cleanup_watchers;
655                 }
656                 if (((struct ebt_standard_target *)t)->verdict <
657                    -NUM_STANDARD_TARGETS) {
658                         BUGPRINT("Invalid standard target\n");
659                         ret = -EFAULT;
660                         goto cleanup_watchers;
661                 }
662         } else if ((e->target_offset + t->target_size +
663            sizeof(struct ebt_entry_target) > e->next_offset) ||
664            (t->u.target->check &&
665            t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
666                 module_put(t->u.target->me);
667                 ret = -EFAULT;
668                 goto cleanup_watchers;
669         }
670         (*cnt)++;
671         return 0;
672 cleanup_watchers:
673         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
674 cleanup_matches:
675         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
676         return ret;
677 }
678
679 /*
680  * checks for loops and sets the hook mask for udc
681  * the hook mask for udc tells us from which base chains the udc can be
682  * accessed. This mask is a parameter to the check() functions of the extensions
683  */
684 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
685    unsigned int udc_cnt, unsigned int hooknr, char *base)
686 {
687         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
688         struct ebt_entry *e = (struct ebt_entry *)chain->data;
689         struct ebt_entry_target *t;
690
691         while (pos < nentries || chain_nr != -1) {
692                 /* end of udc, go back one 'recursion' step */
693                 if (pos == nentries) {
694                         /* put back values of the time when this chain was called */
695                         e = cl_s[chain_nr].cs.e;
696                         if (cl_s[chain_nr].from != -1)
697                                 nentries =
698                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
699                         else
700                                 nentries = chain->nentries;
701                         pos = cl_s[chain_nr].cs.n;
702                         /* make sure we won't see a loop that isn't one */
703                         cl_s[chain_nr].cs.n = 0;
704                         chain_nr = cl_s[chain_nr].from;
705                         if (pos == nentries)
706                                 continue;
707                 }
708                 t = (struct ebt_entry_target *)
709                    (((char *)e) + e->target_offset);
710                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
711                         goto letscontinue;
712                 if (e->target_offset + sizeof(struct ebt_standard_target) >
713                    e->next_offset) {
714                         BUGPRINT("Standard target size too big\n");
715                         return -1;
716                 }
717                 verdict = ((struct ebt_standard_target *)t)->verdict;
718                 if (verdict >= 0) { /* jump to another chain */
719                         struct ebt_entries *hlp2 =
720                            (struct ebt_entries *)(base + verdict);
721                         for (i = 0; i < udc_cnt; i++)
722                                 if (hlp2 == cl_s[i].cs.chaininfo)
723                                         break;
724                         /* bad destination or loop */
725                         if (i == udc_cnt) {
726                                 BUGPRINT("bad destination\n");
727                                 return -1;
728                         }
729                         if (cl_s[i].cs.n) {
730                                 BUGPRINT("loop\n");
731                                 return -1;
732                         }
733                         /* this can't be 0, so the above test is correct */
734                         cl_s[i].cs.n = pos + 1;
735                         pos = 0;
736                         cl_s[i].cs.e = ((void *)e + e->next_offset);
737                         e = (struct ebt_entry *)(hlp2->data);
738                         nentries = hlp2->nentries;
739                         cl_s[i].from = chain_nr;
740                         chain_nr = i;
741                         /* this udc is accessible from the base chain for hooknr */
742                         cl_s[i].hookmask |= (1 << hooknr);
743                         continue;
744                 }
745 letscontinue:
746                 e = (void *)e + e->next_offset;
747                 pos++;
748         }
749         return 0;
750 }
751
752 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
753 static int translate_table(struct ebt_replace *repl,
754    struct ebt_table_info *newinfo)
755 {
756         unsigned int i, j, k, udc_cnt;
757         int ret;
758         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
759
760         i = 0;
761         while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
762                 i++;
763         if (i == NF_BR_NUMHOOKS) {
764                 BUGPRINT("No valid hooks specified\n");
765                 return -EINVAL;
766         }
767         if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
768                 BUGPRINT("Chains don't start at beginning\n");
769                 return -EINVAL;
770         }
771         /* make sure chains are ordered after each other in same order
772            as their corresponding hooks */
773         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
774                 if (!(repl->valid_hooks & (1 << j)))
775                         continue;
776                 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
777                         BUGPRINT("Hook order must be followed\n");
778                         return -EINVAL;
779                 }
780                 i = j;
781         }
782
783         for (i = 0; i < NF_BR_NUMHOOKS; i++)
784                 newinfo->hook_entry[i] = NULL;
785
786         newinfo->entries_size = repl->entries_size;
787         newinfo->nentries = repl->nentries;
788
789         /* do some early checkings and initialize some things */
790         i = 0; /* holds the expected nr. of entries for the chain */
791         j = 0; /* holds the up to now counted entries for the chain */
792         k = 0; /* holds the total nr. of entries, should equal
793                   newinfo->nentries afterwards */
794         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
795         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
796            ebt_check_entry_size_and_hooks, newinfo, repl->entries,
797            repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
798            &udc_cnt, repl->valid_hooks);
799
800         if (ret != 0)
801                 return ret;
802
803         if (i != j) {
804                 BUGPRINT("nentries does not equal the nr of entries in the "
805                          "(last) chain\n");
806                 return -EINVAL;
807         }
808         if (k != newinfo->nentries) {
809                 BUGPRINT("Total nentries is wrong\n");
810                 return -EINVAL;
811         }
812
813         /* check if all valid hooks have a chain */
814         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
815                 if (newinfo->hook_entry[i] == NULL &&
816                    (repl->valid_hooks & (1 << i))) {
817                         BUGPRINT("Valid hook without chain\n");
818                         return -EINVAL;
819                 }
820         }
821
822         /* get the location of the udc, put them in an array
823            while we're at it, allocate the chainstack */
824         if (udc_cnt) {
825                 /* this will get free'd in do_replace()/ebt_register_table()
826                    if an error occurs */
827                 newinfo->chainstack =
828                         vmalloc((highest_possible_processor_id()+1)
829                                         * sizeof(*(newinfo->chainstack)));
830                 if (!newinfo->chainstack)
831                         return -ENOMEM;
832                 for_each_possible_cpu(i) {
833                         newinfo->chainstack[i] =
834                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
835                         if (!newinfo->chainstack[i]) {
836                                 while (i)
837                                         vfree(newinfo->chainstack[--i]);
838                                 vfree(newinfo->chainstack);
839                                 newinfo->chainstack = NULL;
840                                 return -ENOMEM;
841                         }
842                 }
843
844                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
845                 if (!cl_s)
846                         return -ENOMEM;
847                 i = 0; /* the i'th udc */
848                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
849                    ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
850                    repl->valid_hooks, cl_s);
851                 /* sanity check */
852                 if (i != udc_cnt) {
853                         BUGPRINT("i != udc_cnt\n");
854                         vfree(cl_s);
855                         return -EFAULT;
856                 }
857         }
858
859         /* Check for loops */
860         for (i = 0; i < NF_BR_NUMHOOKS; i++)
861                 if (repl->valid_hooks & (1 << i))
862                         if (check_chainloops(newinfo->hook_entry[i],
863                            cl_s, udc_cnt, i, newinfo->entries)) {
864                                 vfree(cl_s);
865                                 return -EINVAL;
866                         }
867
868         /* we now know the following (along with E=mc²):
869            - the nr of entries in each chain is right
870            - the size of the allocated space is right
871            - all valid hooks have a corresponding chain
872            - there are no loops
873            - wrong data can still be on the level of a single entry
874            - could be there are jumps to places that are not the
875              beginning of a chain. This can only occur in chains that
876              are not accessible from any base chains, so we don't care. */
877
878         /* used to know what we need to clean up if something goes wrong */
879         i = 0;
880         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
881            ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
882            cl_s, udc_cnt);
883         if (ret != 0) {
884                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
885                    ebt_cleanup_entry, &i);
886         }
887         vfree(cl_s);
888         return ret;
889 }
890
891 /* called under write_lock */
892 static void get_counters(struct ebt_counter *oldcounters,
893    struct ebt_counter *counters, unsigned int nentries)
894 {
895         int i, cpu;
896         struct ebt_counter *counter_base;
897
898         /* counters of cpu 0 */
899         memcpy(counters, oldcounters,
900                sizeof(struct ebt_counter) * nentries);
901
902         /* add other counters to those of cpu 0 */
903         for_each_possible_cpu(cpu) {
904                 if (cpu == 0)
905                         continue;
906                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
907                 for (i = 0; i < nentries; i++) {
908                         counters[i].pcnt += counter_base[i].pcnt;
909                         counters[i].bcnt += counter_base[i].bcnt;
910                 }
911         }
912 }
913
914 /* replace the table */
915 static int do_replace(void __user *user, unsigned int len)
916 {
917         int ret, i, countersize;
918         struct ebt_table_info *newinfo;
919         struct ebt_replace tmp;
920         struct ebt_table *t;
921         struct ebt_counter *counterstmp = NULL;
922         /* used to be able to unlock earlier */
923         struct ebt_table_info *table;
924
925         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
926                 return -EFAULT;
927
928         if (len != sizeof(tmp) + tmp.entries_size) {
929                 BUGPRINT("Wrong len argument\n");
930                 return -EINVAL;
931         }
932
933         if (tmp.entries_size == 0) {
934                 BUGPRINT("Entries_size never zero\n");
935                 return -EINVAL;
936         }
937         /* overflow check */
938         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
939                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
940                 return -ENOMEM;
941         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
942                 return -ENOMEM;
943
944         countersize = COUNTER_OFFSET(tmp.nentries) * 
945                                         (highest_possible_processor_id()+1);
946         newinfo = vmalloc(sizeof(*newinfo) + countersize);
947         if (!newinfo)
948                 return -ENOMEM;
949
950         if (countersize)
951                 memset(newinfo->counters, 0, countersize);
952
953         newinfo->entries = vmalloc(tmp.entries_size);
954         if (!newinfo->entries) {
955                 ret = -ENOMEM;
956                 goto free_newinfo;
957         }
958         if (copy_from_user(
959            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
960                 BUGPRINT("Couldn't copy entries from userspace\n");
961                 ret = -EFAULT;
962                 goto free_entries;
963         }
964
965         /* the user wants counters back
966            the check on the size is done later, when we have the lock */
967         if (tmp.num_counters) {
968                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
969                 if (!counterstmp) {
970                         ret = -ENOMEM;
971                         goto free_entries;
972                 }
973         }
974         else
975                 counterstmp = NULL;
976
977         /* this can get initialized by translate_table() */
978         newinfo->chainstack = NULL;
979         ret = translate_table(&tmp, newinfo);
980
981         if (ret != 0)
982                 goto free_counterstmp;
983
984         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
985         if (!t) {
986                 ret = -ENOENT;
987                 goto free_iterate;
988         }
989
990         /* the table doesn't like it */
991         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
992                 goto free_unlock;
993
994         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
995                 BUGPRINT("Wrong nr. of counters requested\n");
996                 ret = -EINVAL;
997                 goto free_unlock;
998         }
999
1000         /* we have the mutex lock, so no danger in reading this pointer */
1001         table = t->private;
1002         /* make sure the table can only be rmmod'ed if it contains no rules */
1003         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1004                 ret = -ENOENT;
1005                 goto free_unlock;
1006         } else if (table->nentries && !newinfo->nentries)
1007                 module_put(t->me);
1008         /* we need an atomic snapshot of the counters */
1009         write_lock_bh(&t->lock);
1010         if (tmp.num_counters)
1011                 get_counters(t->private->counters, counterstmp,
1012                    t->private->nentries);
1013
1014         t->private = newinfo;
1015         write_unlock_bh(&t->lock);
1016         mutex_unlock(&ebt_mutex);
1017         /* so, a user can change the chains while having messed up her counter
1018            allocation. Only reason why this is done is because this way the lock
1019            is held only once, while this doesn't bring the kernel into a
1020            dangerous state. */
1021         if (tmp.num_counters &&
1022            copy_to_user(tmp.counters, counterstmp,
1023            tmp.num_counters * sizeof(struct ebt_counter))) {
1024                 BUGPRINT("Couldn't copy counters to userspace\n");
1025                 ret = -EFAULT;
1026         }
1027         else
1028                 ret = 0;
1029
1030         /* decrease module count and free resources */
1031         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1032            ebt_cleanup_entry, NULL);
1033
1034         vfree(table->entries);
1035         if (table->chainstack) {
1036                 for_each_possible_cpu(i)
1037                         vfree(table->chainstack[i]);
1038                 vfree(table->chainstack);
1039         }
1040         vfree(table);
1041
1042         vfree(counterstmp);
1043         return ret;
1044
1045 free_unlock:
1046         mutex_unlock(&ebt_mutex);
1047 free_iterate:
1048         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1049            ebt_cleanup_entry, NULL);
1050 free_counterstmp:
1051         vfree(counterstmp);
1052         /* can be initialized in translate_table() */
1053         if (newinfo->chainstack) {
1054                 for_each_possible_cpu(i)
1055                         vfree(newinfo->chainstack[i]);
1056                 vfree(newinfo->chainstack);
1057         }
1058 free_entries:
1059         vfree(newinfo->entries);
1060 free_newinfo:
1061         vfree(newinfo);
1062         return ret;
1063 }
1064
1065 int ebt_register_target(struct ebt_target *target)
1066 {
1067         int ret;
1068
1069         ret = mutex_lock_interruptible(&ebt_mutex);
1070         if (ret != 0)
1071                 return ret;
1072         if (!list_named_insert(&ebt_targets, target)) {
1073                 mutex_unlock(&ebt_mutex);
1074                 return -EEXIST;
1075         }
1076         mutex_unlock(&ebt_mutex);
1077
1078         return 0;
1079 }
1080
1081 void ebt_unregister_target(struct ebt_target *target)
1082 {
1083         mutex_lock(&ebt_mutex);
1084         LIST_DELETE(&ebt_targets, target);
1085         mutex_unlock(&ebt_mutex);
1086 }
1087
1088 int ebt_register_match(struct ebt_match *match)
1089 {
1090         int ret;
1091
1092         ret = mutex_lock_interruptible(&ebt_mutex);
1093         if (ret != 0)
1094                 return ret;
1095         if (!list_named_insert(&ebt_matches, match)) {
1096                 mutex_unlock(&ebt_mutex);
1097                 return -EEXIST;
1098         }
1099         mutex_unlock(&ebt_mutex);
1100
1101         return 0;
1102 }
1103
1104 void ebt_unregister_match(struct ebt_match *match)
1105 {
1106         mutex_lock(&ebt_mutex);
1107         LIST_DELETE(&ebt_matches, match);
1108         mutex_unlock(&ebt_mutex);
1109 }
1110
1111 int ebt_register_watcher(struct ebt_watcher *watcher)
1112 {
1113         int ret;
1114
1115         ret = mutex_lock_interruptible(&ebt_mutex);
1116         if (ret != 0)
1117                 return ret;
1118         if (!list_named_insert(&ebt_watchers, watcher)) {
1119                 mutex_unlock(&ebt_mutex);
1120                 return -EEXIST;
1121         }
1122         mutex_unlock(&ebt_mutex);
1123
1124         return 0;
1125 }
1126
1127 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1128 {
1129         mutex_lock(&ebt_mutex);
1130         LIST_DELETE(&ebt_watchers, watcher);
1131         mutex_unlock(&ebt_mutex);
1132 }
1133
1134 int ebt_register_table(struct ebt_table *table)
1135 {
1136         struct ebt_table_info *newinfo;
1137         int ret, i, countersize;
1138
1139         if (!table || !table->table ||!table->table->entries ||
1140             table->table->entries_size == 0 ||
1141             table->table->counters || table->private) {
1142                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1143                 return -EINVAL;
1144         }
1145
1146         countersize = COUNTER_OFFSET(table->table->nentries) *
1147                                         (highest_possible_processor_id()+1);
1148         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1149         ret = -ENOMEM;
1150         if (!newinfo)
1151                 return -ENOMEM;
1152
1153         newinfo->entries = vmalloc(table->table->entries_size);
1154         if (!(newinfo->entries))
1155                 goto free_newinfo;
1156
1157         memcpy(newinfo->entries, table->table->entries,
1158            table->table->entries_size);
1159
1160         if (countersize)
1161                 memset(newinfo->counters, 0, countersize);
1162
1163         /* fill in newinfo and parse the entries */
1164         newinfo->chainstack = NULL;
1165         ret = translate_table(table->table, newinfo);
1166         if (ret != 0) {
1167                 BUGPRINT("Translate_table failed\n");
1168                 goto free_chainstack;
1169         }
1170
1171         if (table->check && table->check(newinfo, table->valid_hooks)) {
1172                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1173                 return -EINVAL;
1174         }
1175
1176         table->private = newinfo;
1177         rwlock_init(&table->lock);
1178         ret = mutex_lock_interruptible(&ebt_mutex);
1179         if (ret != 0)
1180                 goto free_chainstack;
1181
1182         if (list_named_find(&ebt_tables, table->name)) {
1183                 ret = -EEXIST;
1184                 BUGPRINT("Table name already exists\n");
1185                 goto free_unlock;
1186         }
1187
1188         /* Hold a reference count if the chains aren't empty */
1189         if (newinfo->nentries && !try_module_get(table->me)) {
1190                 ret = -ENOENT;
1191                 goto free_unlock;
1192         }
1193         list_prepend(&ebt_tables, table);
1194         mutex_unlock(&ebt_mutex);
1195         return 0;
1196 free_unlock:
1197         mutex_unlock(&ebt_mutex);
1198 free_chainstack:
1199         if (newinfo->chainstack) {
1200                 for_each_possible_cpu(i)
1201                         vfree(newinfo->chainstack[i]);
1202                 vfree(newinfo->chainstack);
1203         }
1204         vfree(newinfo->entries);
1205 free_newinfo:
1206         vfree(newinfo);
1207         return ret;
1208 }
1209
1210 void ebt_unregister_table(struct ebt_table *table)
1211 {
1212         int i;
1213
1214         if (!table) {
1215                 BUGPRINT("Request to unregister NULL table!!!\n");
1216                 return;
1217         }
1218         mutex_lock(&ebt_mutex);
1219         LIST_DELETE(&ebt_tables, table);
1220         mutex_unlock(&ebt_mutex);
1221         vfree(table->private->entries);
1222         if (table->private->chainstack) {
1223                 for_each_possible_cpu(i)
1224                         vfree(table->private->chainstack[i]);
1225                 vfree(table->private->chainstack);
1226         }
1227         vfree(table->private);
1228 }
1229
1230 /* userspace just supplied us with counters */
1231 static int update_counters(void __user *user, unsigned int len)
1232 {
1233         int i, ret;
1234         struct ebt_counter *tmp;
1235         struct ebt_replace hlp;
1236         struct ebt_table *t;
1237
1238         if (copy_from_user(&hlp, user, sizeof(hlp)))
1239                 return -EFAULT;
1240
1241         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1242                 return -EINVAL;
1243         if (hlp.num_counters == 0)
1244                 return -EINVAL;
1245
1246         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1247                 MEMPRINT("Update_counters && nomemory\n");
1248                 return -ENOMEM;
1249         }
1250
1251         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1252         if (!t)
1253                 goto free_tmp;
1254
1255         if (hlp.num_counters != t->private->nentries) {
1256                 BUGPRINT("Wrong nr of counters\n");
1257                 ret = -EINVAL;
1258                 goto unlock_mutex;
1259         }
1260
1261         if ( copy_from_user(tmp, hlp.counters,
1262            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1263                 BUGPRINT("Updata_counters && !cfu\n");
1264                 ret = -EFAULT;
1265                 goto unlock_mutex;
1266         }
1267
1268         /* we want an atomic add of the counters */
1269         write_lock_bh(&t->lock);
1270
1271         /* we add to the counters of the first cpu */
1272         for (i = 0; i < hlp.num_counters; i++) {
1273                 t->private->counters[i].pcnt += tmp[i].pcnt;
1274                 t->private->counters[i].bcnt += tmp[i].bcnt;
1275         }
1276
1277         write_unlock_bh(&t->lock);
1278         ret = 0;
1279 unlock_mutex:
1280         mutex_unlock(&ebt_mutex);
1281 free_tmp:
1282         vfree(tmp);
1283         return ret;
1284 }
1285
1286 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1287    char *base, char *ubase)
1288 {
1289         char *hlp = ubase - base + (char *)m;
1290         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1291                 return -EFAULT;
1292         return 0;
1293 }
1294
1295 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1296    char *base, char *ubase)
1297 {
1298         char *hlp = ubase - base + (char *)w;
1299         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1300                 return -EFAULT;
1301         return 0;
1302 }
1303
1304 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1305 {
1306         int ret;
1307         char *hlp;
1308         struct ebt_entry_target *t;
1309
1310         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
1311                 return 0;
1312
1313         hlp = ubase - base + (char *)e + e->target_offset;
1314         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1315         
1316         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1317         if (ret != 0)
1318                 return ret;
1319         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1320         if (ret != 0)
1321                 return ret;
1322         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1323                 return -EFAULT;
1324         return 0;
1325 }
1326
1327 /* called with ebt_mutex locked */
1328 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1329    int *len, int cmd)
1330 {
1331         struct ebt_replace tmp;
1332         struct ebt_counter *counterstmp, *oldcounters;
1333         unsigned int entries_size, nentries;
1334         char *entries;
1335
1336         if (cmd == EBT_SO_GET_ENTRIES) {
1337                 entries_size = t->private->entries_size;
1338                 nentries = t->private->nentries;
1339                 entries = t->private->entries;
1340                 oldcounters = t->private->counters;
1341         } else {
1342                 entries_size = t->table->entries_size;
1343                 nentries = t->table->nentries;
1344                 entries = t->table->entries;
1345                 oldcounters = t->table->counters;
1346         }
1347
1348         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1349                 BUGPRINT("Cfu didn't work\n");
1350                 return -EFAULT;
1351         }
1352
1353         if (*len != sizeof(struct ebt_replace) + entries_size +
1354            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1355                 BUGPRINT("Wrong size\n");
1356                 return -EINVAL;
1357         }
1358
1359         if (tmp.nentries != nentries) {
1360                 BUGPRINT("Nentries wrong\n");
1361                 return -EINVAL;
1362         }
1363
1364         if (tmp.entries_size != entries_size) {
1365                 BUGPRINT("Wrong size\n");
1366                 return -EINVAL;
1367         }
1368
1369         /* userspace might not need the counters */
1370         if (tmp.num_counters) {
1371                 if (tmp.num_counters != nentries) {
1372                         BUGPRINT("Num_counters wrong\n");
1373                         return -EINVAL;
1374                 }
1375                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1376                 if (!counterstmp) {
1377                         MEMPRINT("Couldn't copy counters, out of memory\n");
1378                         return -ENOMEM;
1379                 }
1380                 write_lock_bh(&t->lock);
1381                 get_counters(oldcounters, counterstmp, nentries);
1382                 write_unlock_bh(&t->lock);
1383
1384                 if (copy_to_user(tmp.counters, counterstmp,
1385                    nentries * sizeof(struct ebt_counter))) {
1386                         BUGPRINT("Couldn't copy counters to userspace\n");
1387                         vfree(counterstmp);
1388                         return -EFAULT;
1389                 }
1390                 vfree(counterstmp);
1391         }
1392
1393         if (copy_to_user(tmp.entries, entries, entries_size)) {
1394                 BUGPRINT("Couldn't copy entries to userspace\n");
1395                 return -EFAULT;
1396         }
1397         /* set the match/watcher/target names right */
1398         return EBT_ENTRY_ITERATE(entries, entries_size,
1399            ebt_make_names, entries, tmp.entries);
1400 }
1401
1402 static int do_ebt_set_ctl(struct sock *sk,
1403         int cmd, void __user *user, unsigned int len)
1404 {
1405         int ret;
1406
1407         switch(cmd) {
1408         case EBT_SO_SET_ENTRIES:
1409                 ret = do_replace(user, len);
1410                 break;
1411         case EBT_SO_SET_COUNTERS:
1412                 ret = update_counters(user, len);
1413                 break;
1414         default:
1415                 ret = -EINVAL;
1416   }
1417         return ret;
1418 }
1419
1420 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1421 {
1422         int ret;
1423         struct ebt_replace tmp;
1424         struct ebt_table *t;
1425
1426         if (copy_from_user(&tmp, user, sizeof(tmp)))
1427                 return -EFAULT;
1428
1429         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1430         if (!t)
1431                 return ret;
1432
1433         switch(cmd) {
1434         case EBT_SO_GET_INFO:
1435         case EBT_SO_GET_INIT_INFO:
1436                 if (*len != sizeof(struct ebt_replace)){
1437                         ret = -EINVAL;
1438                         mutex_unlock(&ebt_mutex);
1439                         break;
1440                 }
1441                 if (cmd == EBT_SO_GET_INFO) {
1442                         tmp.nentries = t->private->nentries;
1443                         tmp.entries_size = t->private->entries_size;
1444                         tmp.valid_hooks = t->valid_hooks;
1445                 } else {
1446                         tmp.nentries = t->table->nentries;
1447                         tmp.entries_size = t->table->entries_size;
1448                         tmp.valid_hooks = t->table->valid_hooks;
1449                 }
1450                 mutex_unlock(&ebt_mutex);
1451                 if (copy_to_user(user, &tmp, *len) != 0){
1452                         BUGPRINT("c2u Didn't work\n");
1453                         ret = -EFAULT;
1454                         break;
1455                 }
1456                 ret = 0;
1457                 break;
1458
1459         case EBT_SO_GET_ENTRIES:
1460         case EBT_SO_GET_INIT_ENTRIES:
1461                 ret = copy_everything_to_user(t, user, len, cmd);
1462                 mutex_unlock(&ebt_mutex);
1463                 break;
1464
1465         default:
1466                 mutex_unlock(&ebt_mutex);
1467                 ret = -EINVAL;
1468         }
1469
1470         return ret;
1471 }
1472
1473 static struct nf_sockopt_ops ebt_sockopts =
1474 {
1475         .pf             = PF_INET,
1476         .set_optmin     = EBT_BASE_CTL,
1477         .set_optmax     = EBT_SO_SET_MAX + 1,
1478         .set            = do_ebt_set_ctl,
1479         .get_optmin     = EBT_BASE_CTL,
1480         .get_optmax     = EBT_SO_GET_MAX + 1,
1481         .get            = do_ebt_get_ctl,
1482 };
1483
1484 static int __init ebtables_init(void)
1485 {
1486         int ret;
1487
1488         mutex_lock(&ebt_mutex);
1489         list_named_insert(&ebt_targets, &ebt_standard_target);
1490         mutex_unlock(&ebt_mutex);
1491         if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1492                 return ret;
1493
1494         printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1495         return 0;
1496 }
1497
1498 static void __exit ebtables_fini(void)
1499 {
1500         nf_unregister_sockopt(&ebt_sockopts);
1501         printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1502 }
1503
1504 EXPORT_SYMBOL(ebt_register_table);
1505 EXPORT_SYMBOL(ebt_unregister_table);
1506 EXPORT_SYMBOL(ebt_register_match);
1507 EXPORT_SYMBOL(ebt_unregister_match);
1508 EXPORT_SYMBOL(ebt_register_watcher);
1509 EXPORT_SYMBOL(ebt_unregister_watcher);
1510 EXPORT_SYMBOL(ebt_register_target);
1511 EXPORT_SYMBOL(ebt_unregister_target);
1512 EXPORT_SYMBOL(ebt_do_table);
1513 module_init(ebtables_init);
1514 module_exit(ebtables_fini);
1515 MODULE_LICENSE("GPL");