[NETFILTER]: Make unused signal code go away so nobody copies its brokenness
[linux-3.10.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <linux/cpumask.h>
30 #include <net/sock.h>
31 /* needed for logical [in,out]-dev filtering */
32 #include "../br_private.h"
33
34 /* list_named_find */
35 #define ASSERT_READ_LOCK(x)
36 #define ASSERT_WRITE_LOCK(x)
37 #include <linux/netfilter_ipv4/listhelp.h>
38 #include <linux/mutex.h>
39
40 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
41                                          "report to author: "format, ## args)
42 /* #define BUGPRINT(format, args...) */
43 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
44                                          ": out of memory: "format, ## args)
45 /* #define MEMPRINT(format, args...) */
46
47
48
49 /*
50  * Each cpu has its own set of counters, so there is no need for write_lock in
51  * the softirq
52  * For reading or updating the counters, the user context needs to
53  * get a write_lock
54  */
55
56 /* The size of each set of counters is altered to get cache alignment */
57 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
58 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
59 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
60    COUNTER_OFFSET(n) * cpu))
61
62
63
64 static DEFINE_MUTEX(ebt_mutex);
65 static LIST_HEAD(ebt_tables);
66 static LIST_HEAD(ebt_targets);
67 static LIST_HEAD(ebt_matches);
68 static LIST_HEAD(ebt_watchers);
69
70 static struct ebt_target ebt_standard_target =
71 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
72
73 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
74    const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
75    const struct net_device *out)
76 {
77         w->u.watcher->watcher(skb, hooknr, in, out, w->data,
78            w->watcher_size);
79         /* watchers don't give a verdict */
80         return 0;
81 }
82
83 static inline int ebt_do_match (struct ebt_entry_match *m,
84    const struct sk_buff *skb, const struct net_device *in,
85    const struct net_device *out)
86 {
87         return m->u.match->match(skb, in, out, m->data,
88            m->match_size);
89 }
90
91 static inline int ebt_dev_check(char *entry, const struct net_device *device)
92 {
93         int i = 0;
94         char *devname = device->name;
95
96         if (*entry == '\0')
97                 return 0;
98         if (!device)
99                 return 1;
100         /* 1 is the wildcard token */
101         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
102                 i++;
103         return (devname[i] != entry[i] && entry[i] != 1);
104 }
105
106 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
107 /* process standard matches */
108 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
109    const struct net_device *in, const struct net_device *out)
110 {
111         int verdict, i;
112
113         if (e->bitmask & EBT_802_3) {
114                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
115                         return 1;
116         } else if (!(e->bitmask & EBT_NOPROTO) &&
117            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
118                 return 1;
119
120         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
121                 return 1;
122         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
123                 return 1;
124         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
125            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
126                 return 1;
127         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
128            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
129                 return 1;
130
131         if (e->bitmask & EBT_SOURCEMAC) {
132                 verdict = 0;
133                 for (i = 0; i < 6; i++)
134                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
135                            e->sourcemsk[i];
136                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
137                         return 1;
138         }
139         if (e->bitmask & EBT_DESTMAC) {
140                 verdict = 0;
141                 for (i = 0; i < 6; i++)
142                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
143                            e->destmsk[i];
144                 if (FWINV2(verdict != 0, EBT_IDEST) )
145                         return 1;
146         }
147         return 0;
148 }
149
150 /* Do some firewalling */
151 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
152    const struct net_device *in, const struct net_device *out,
153    struct ebt_table *table)
154 {
155         int i, nentries;
156         struct ebt_entry *point;
157         struct ebt_counter *counter_base, *cb_base;
158         struct ebt_entry_target *t;
159         int verdict, sp = 0;
160         struct ebt_chainstack *cs;
161         struct ebt_entries *chaininfo;
162         char *base;
163         struct ebt_table_info *private;
164
165         read_lock_bh(&table->lock);
166         private = table->private;
167         cb_base = COUNTER_BASE(private->counters, private->nentries,
168            smp_processor_id());
169         if (private->chainstack)
170                 cs = private->chainstack[smp_processor_id()];
171         else
172                 cs = NULL;
173         chaininfo = private->hook_entry[hook];
174         nentries = private->hook_entry[hook]->nentries;
175         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
176         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
177         /* base for chain jumps */
178         base = private->entries;
179         i = 0;
180         while (i < nentries) {
181                 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
182                         goto letscontinue;
183
184                 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
185                         goto letscontinue;
186
187                 /* increase counter */
188                 (*(counter_base + i)).pcnt++;
189                 (*(counter_base + i)).bcnt+=(**pskb).len;
190
191                 /* these should only watch: not modify, nor tell us
192                    what to do with the packet */
193                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
194                    out);
195
196                 t = (struct ebt_entry_target *)
197                    (((char *)point) + point->target_offset);
198                 /* standard target */
199                 if (!t->u.target->target)
200                         verdict = ((struct ebt_standard_target *)t)->verdict;
201                 else
202                         verdict = t->u.target->target(pskb, hook,
203                            in, out, t->data, t->target_size);
204                 if (verdict == EBT_ACCEPT) {
205                         read_unlock_bh(&table->lock);
206                         return NF_ACCEPT;
207                 }
208                 if (verdict == EBT_DROP) {
209                         read_unlock_bh(&table->lock);
210                         return NF_DROP;
211                 }
212                 if (verdict == EBT_RETURN) {
213 letsreturn:
214 #ifdef CONFIG_NETFILTER_DEBUG
215                         if (sp == 0) {
216                                 BUGPRINT("RETURN on base chain");
217                                 /* act like this is EBT_CONTINUE */
218                                 goto letscontinue;
219                         }
220 #endif
221                         sp--;
222                         /* put all the local variables right */
223                         i = cs[sp].n;
224                         chaininfo = cs[sp].chaininfo;
225                         nentries = chaininfo->nentries;
226                         point = cs[sp].e;
227                         counter_base = cb_base +
228                            chaininfo->counter_offset;
229                         continue;
230                 }
231                 if (verdict == EBT_CONTINUE)
232                         goto letscontinue;
233 #ifdef CONFIG_NETFILTER_DEBUG
234                 if (verdict < 0) {
235                         BUGPRINT("bogus standard verdict\n");
236                         read_unlock_bh(&table->lock);
237                         return NF_DROP;
238                 }
239 #endif
240                 /* jump to a udc */
241                 cs[sp].n = i + 1;
242                 cs[sp].chaininfo = chaininfo;
243                 cs[sp].e = (struct ebt_entry *)
244                    (((char *)point) + point->next_offset);
245                 i = 0;
246                 chaininfo = (struct ebt_entries *) (base + verdict);
247 #ifdef CONFIG_NETFILTER_DEBUG
248                 if (chaininfo->distinguisher) {
249                         BUGPRINT("jump to non-chain\n");
250                         read_unlock_bh(&table->lock);
251                         return NF_DROP;
252                 }
253 #endif
254                 nentries = chaininfo->nentries;
255                 point = (struct ebt_entry *)chaininfo->data;
256                 counter_base = cb_base + chaininfo->counter_offset;
257                 sp++;
258                 continue;
259 letscontinue:
260                 point = (struct ebt_entry *)
261                    (((char *)point) + point->next_offset);
262                 i++;
263         }
264
265         /* I actually like this :) */
266         if (chaininfo->policy == EBT_RETURN)
267                 goto letsreturn;
268         if (chaininfo->policy == EBT_ACCEPT) {
269                 read_unlock_bh(&table->lock);
270                 return NF_ACCEPT;
271         }
272         read_unlock_bh(&table->lock);
273         return NF_DROP;
274 }
275
276 /* If it succeeds, returns element and locks mutex */
277 static inline void *
278 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
279    struct mutex *mutex)
280 {
281         void *ret;
282
283         *error = mutex_lock_interruptible(mutex);
284         if (*error != 0)
285                 return NULL;
286
287         ret = list_named_find(head, name);
288         if (!ret) {
289                 *error = -ENOENT;
290                 mutex_unlock(mutex);
291         }
292         return ret;
293 }
294
295 #ifndef CONFIG_KMOD
296 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
297 #else
298 static void *
299 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
300    int *error, struct mutex *mutex)
301 {
302         void *ret;
303
304         ret = find_inlist_lock_noload(head, name, error, mutex);
305         if (!ret) {
306                 request_module("%s%s", prefix, name);
307                 ret = find_inlist_lock_noload(head, name, error, mutex);
308         }
309         return ret;
310 }
311 #endif
312
313 static inline struct ebt_table *
314 find_table_lock(const char *name, int *error, struct mutex *mutex)
315 {
316         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
317 }
318
319 static inline struct ebt_match *
320 find_match_lock(const char *name, int *error, struct mutex *mutex)
321 {
322         return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
323 }
324
325 static inline struct ebt_watcher *
326 find_watcher_lock(const char *name, int *error, struct mutex *mutex)
327 {
328         return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
329 }
330
331 static inline struct ebt_target *
332 find_target_lock(const char *name, int *error, struct mutex *mutex)
333 {
334         return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
335 }
336
337 static inline int
338 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
339    const char *name, unsigned int hookmask, unsigned int *cnt)
340 {
341         struct ebt_match *match;
342         int ret;
343
344         if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
345            ((char *)e) + e->watchers_offset)
346                 return -EINVAL;
347         match = find_match_lock(m->u.name, &ret, &ebt_mutex);
348         if (!match)
349                 return ret;
350         m->u.match = match;
351         if (!try_module_get(match->me)) {
352                 mutex_unlock(&ebt_mutex);
353                 return -ENOENT;
354         }
355         mutex_unlock(&ebt_mutex);
356         if (match->check &&
357            match->check(name, hookmask, e, m->data, m->match_size) != 0) {
358                 BUGPRINT("match->check failed\n");
359                 module_put(match->me);
360                 return -EINVAL;
361         }
362         (*cnt)++;
363         return 0;
364 }
365
366 static inline int
367 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
368    const char *name, unsigned int hookmask, unsigned int *cnt)
369 {
370         struct ebt_watcher *watcher;
371         int ret;
372
373         if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
374            ((char *)e) + e->target_offset)
375                 return -EINVAL;
376         watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
377         if (!watcher)
378                 return ret;
379         w->u.watcher = watcher;
380         if (!try_module_get(watcher->me)) {
381                 mutex_unlock(&ebt_mutex);
382                 return -ENOENT;
383         }
384         mutex_unlock(&ebt_mutex);
385         if (watcher->check &&
386            watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
387                 BUGPRINT("watcher->check failed\n");
388                 module_put(watcher->me);
389                 return -EINVAL;
390         }
391         (*cnt)++;
392         return 0;
393 }
394
395 /*
396  * this one is very careful, as it is the first function
397  * to parse the userspace data
398  */
399 static inline int
400 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
401    struct ebt_table_info *newinfo, char *base, char *limit,
402    struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
403    unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
404 {
405         int i;
406
407         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
408                 if ((valid_hooks & (1 << i)) == 0)
409                         continue;
410                 if ( (char *)hook_entries[i] - base ==
411                    (char *)e - newinfo->entries)
412                         break;
413         }
414         /* beginning of a new chain
415            if i == NF_BR_NUMHOOKS it must be a user defined chain */
416         if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
417                 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
418                         /* we make userspace set this right,
419                            so there is no misunderstanding */
420                         BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
421                                  "in distinguisher\n");
422                         return -EINVAL;
423                 }
424                 /* this checks if the previous chain has as many entries
425                    as it said it has */
426                 if (*n != *cnt) {
427                         BUGPRINT("nentries does not equal the nr of entries "
428                                  "in the chain\n");
429                         return -EINVAL;
430                 }
431                 /* before we look at the struct, be sure it is not too big */
432                 if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
433                    > limit) {
434                         BUGPRINT("entries_size too small\n");
435                         return -EINVAL;
436                 }
437                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
438                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
439                         /* only RETURN from udc */
440                         if (i != NF_BR_NUMHOOKS ||
441                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
442                                 BUGPRINT("bad policy\n");
443                                 return -EINVAL;
444                         }
445                 }
446                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
447                         (*udc_cnt)++;
448                 else
449                         newinfo->hook_entry[i] = (struct ebt_entries *)e;
450                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
451                         BUGPRINT("counter_offset != totalcnt");
452                         return -EINVAL;
453                 }
454                 *n = ((struct ebt_entries *)e)->nentries;
455                 *cnt = 0;
456                 return 0;
457         }
458         /* a plain old entry, heh */
459         if (sizeof(struct ebt_entry) > e->watchers_offset ||
460            e->watchers_offset > e->target_offset ||
461            e->target_offset >= e->next_offset) {
462                 BUGPRINT("entry offsets not in right order\n");
463                 return -EINVAL;
464         }
465         /* this is not checked anywhere else */
466         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
467                 BUGPRINT("target size too small\n");
468                 return -EINVAL;
469         }
470
471         (*cnt)++;
472         (*totalcnt)++;
473         return 0;
474 }
475
476 struct ebt_cl_stack
477 {
478         struct ebt_chainstack cs;
479         int from;
480         unsigned int hookmask;
481 };
482
483 /*
484  * we need these positions to check that the jumps to a different part of the
485  * entries is a jump to the beginning of a new chain.
486  */
487 static inline int
488 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
489    struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
490    struct ebt_cl_stack *udc)
491 {
492         int i;
493
494         /* we're only interested in chain starts */
495         if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
496                 return 0;
497         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
498                 if ((valid_hooks & (1 << i)) == 0)
499                         continue;
500                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
501                         break;
502         }
503         /* only care about udc */
504         if (i != NF_BR_NUMHOOKS)
505                 return 0;
506
507         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
508         /* these initialisations are depended on later in check_chainloops() */
509         udc[*n].cs.n = 0;
510         udc[*n].hookmask = 0;
511
512         (*n)++;
513         return 0;
514 }
515
516 static inline int
517 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
518 {
519         if (i && (*i)-- == 0)
520                 return 1;
521         if (m->u.match->destroy)
522                 m->u.match->destroy(m->data, m->match_size);
523         module_put(m->u.match->me);
524
525         return 0;
526 }
527
528 static inline int
529 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
530 {
531         if (i && (*i)-- == 0)
532                 return 1;
533         if (w->u.watcher->destroy)
534                 w->u.watcher->destroy(w->data, w->watcher_size);
535         module_put(w->u.watcher->me);
536
537         return 0;
538 }
539
540 static inline int
541 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
542 {
543         struct ebt_entry_target *t;
544
545         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
546                 return 0;
547         /* we're done */
548         if (cnt && (*cnt)-- == 0)
549                 return 1;
550         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
551         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
552         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
553         if (t->u.target->destroy)
554                 t->u.target->destroy(t->data, t->target_size);
555         module_put(t->u.target->me);
556
557         return 0;
558 }
559
560 static inline int
561 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
562    const char *name, unsigned int *cnt, unsigned int valid_hooks,
563    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
564 {
565         struct ebt_entry_target *t;
566         struct ebt_target *target;
567         unsigned int i, j, hook = 0, hookmask = 0;
568         int ret;
569
570         /* don't mess with the struct ebt_entries */
571         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
572                 return 0;
573
574         if (e->bitmask & ~EBT_F_MASK) {
575                 BUGPRINT("Unknown flag for bitmask\n");
576                 return -EINVAL;
577         }
578         if (e->invflags & ~EBT_INV_MASK) {
579                 BUGPRINT("Unknown flag for inv bitmask\n");
580                 return -EINVAL;
581         }
582         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
583                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
584                 return -EINVAL;
585         }
586         /* what hook do we belong to? */
587         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
588                 if ((valid_hooks & (1 << i)) == 0)
589                         continue;
590                 if ((char *)newinfo->hook_entry[i] < (char *)e)
591                         hook = i;
592                 else
593                         break;
594         }
595         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
596            a base chain */
597         if (i < NF_BR_NUMHOOKS)
598                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
599         else {
600                 for (i = 0; i < udc_cnt; i++)
601                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
602                                 break;
603                 if (i == 0)
604                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
605                 else
606                         hookmask = cl_s[i - 1].hookmask;
607         }
608         i = 0;
609         ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
610         if (ret != 0)
611                 goto cleanup_matches;
612         j = 0;
613         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
614         if (ret != 0)
615                 goto cleanup_watchers;
616         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
617         target = find_target_lock(t->u.name, &ret, &ebt_mutex);
618         if (!target)
619                 goto cleanup_watchers;
620         if (!try_module_get(target->me)) {
621                 mutex_unlock(&ebt_mutex);
622                 ret = -ENOENT;
623                 goto cleanup_watchers;
624         }
625         mutex_unlock(&ebt_mutex);
626
627         t->u.target = target;
628         if (t->u.target == &ebt_standard_target) {
629                 if (e->target_offset + sizeof(struct ebt_standard_target) >
630                    e->next_offset) {
631                         BUGPRINT("Standard target size too big\n");
632                         ret = -EFAULT;
633                         goto cleanup_watchers;
634                 }
635                 if (((struct ebt_standard_target *)t)->verdict <
636                    -NUM_STANDARD_TARGETS) {
637                         BUGPRINT("Invalid standard target\n");
638                         ret = -EFAULT;
639                         goto cleanup_watchers;
640                 }
641         } else if ((e->target_offset + t->target_size +
642            sizeof(struct ebt_entry_target) > e->next_offset) ||
643            (t->u.target->check &&
644            t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
645                 module_put(t->u.target->me);
646                 ret = -EFAULT;
647                 goto cleanup_watchers;
648         }
649         (*cnt)++;
650         return 0;
651 cleanup_watchers:
652         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
653 cleanup_matches:
654         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
655         return ret;
656 }
657
658 /*
659  * checks for loops and sets the hook mask for udc
660  * the hook mask for udc tells us from which base chains the udc can be
661  * accessed. This mask is a parameter to the check() functions of the extensions
662  */
663 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
664    unsigned int udc_cnt, unsigned int hooknr, char *base)
665 {
666         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
667         struct ebt_entry *e = (struct ebt_entry *)chain->data;
668         struct ebt_entry_target *t;
669
670         while (pos < nentries || chain_nr != -1) {
671                 /* end of udc, go back one 'recursion' step */
672                 if (pos == nentries) {
673                         /* put back values of the time when this chain was called */
674                         e = cl_s[chain_nr].cs.e;
675                         if (cl_s[chain_nr].from != -1)
676                                 nentries =
677                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
678                         else
679                                 nentries = chain->nentries;
680                         pos = cl_s[chain_nr].cs.n;
681                         /* make sure we won't see a loop that isn't one */
682                         cl_s[chain_nr].cs.n = 0;
683                         chain_nr = cl_s[chain_nr].from;
684                         if (pos == nentries)
685                                 continue;
686                 }
687                 t = (struct ebt_entry_target *)
688                    (((char *)e) + e->target_offset);
689                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
690                         goto letscontinue;
691                 if (e->target_offset + sizeof(struct ebt_standard_target) >
692                    e->next_offset) {
693                         BUGPRINT("Standard target size too big\n");
694                         return -1;
695                 }
696                 verdict = ((struct ebt_standard_target *)t)->verdict;
697                 if (verdict >= 0) { /* jump to another chain */
698                         struct ebt_entries *hlp2 =
699                            (struct ebt_entries *)(base + verdict);
700                         for (i = 0; i < udc_cnt; i++)
701                                 if (hlp2 == cl_s[i].cs.chaininfo)
702                                         break;
703                         /* bad destination or loop */
704                         if (i == udc_cnt) {
705                                 BUGPRINT("bad destination\n");
706                                 return -1;
707                         }
708                         if (cl_s[i].cs.n) {
709                                 BUGPRINT("loop\n");
710                                 return -1;
711                         }
712                         /* this can't be 0, so the above test is correct */
713                         cl_s[i].cs.n = pos + 1;
714                         pos = 0;
715                         cl_s[i].cs.e = ((void *)e + e->next_offset);
716                         e = (struct ebt_entry *)(hlp2->data);
717                         nentries = hlp2->nentries;
718                         cl_s[i].from = chain_nr;
719                         chain_nr = i;
720                         /* this udc is accessible from the base chain for hooknr */
721                         cl_s[i].hookmask |= (1 << hooknr);
722                         continue;
723                 }
724 letscontinue:
725                 e = (void *)e + e->next_offset;
726                 pos++;
727         }
728         return 0;
729 }
730
731 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
732 static int translate_table(struct ebt_replace *repl,
733    struct ebt_table_info *newinfo)
734 {
735         unsigned int i, j, k, udc_cnt;
736         int ret;
737         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
738
739         i = 0;
740         while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
741                 i++;
742         if (i == NF_BR_NUMHOOKS) {
743                 BUGPRINT("No valid hooks specified\n");
744                 return -EINVAL;
745         }
746         if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
747                 BUGPRINT("Chains don't start at beginning\n");
748                 return -EINVAL;
749         }
750         /* make sure chains are ordered after each other in same order
751            as their corresponding hooks */
752         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
753                 if (!(repl->valid_hooks & (1 << j)))
754                         continue;
755                 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
756                         BUGPRINT("Hook order must be followed\n");
757                         return -EINVAL;
758                 }
759                 i = j;
760         }
761
762         for (i = 0; i < NF_BR_NUMHOOKS; i++)
763                 newinfo->hook_entry[i] = NULL;
764
765         newinfo->entries_size = repl->entries_size;
766         newinfo->nentries = repl->nentries;
767
768         /* do some early checkings and initialize some things */
769         i = 0; /* holds the expected nr. of entries for the chain */
770         j = 0; /* holds the up to now counted entries for the chain */
771         k = 0; /* holds the total nr. of entries, should equal
772                   newinfo->nentries afterwards */
773         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
774         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
775            ebt_check_entry_size_and_hooks, newinfo, repl->entries,
776            repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
777            &udc_cnt, repl->valid_hooks);
778
779         if (ret != 0)
780                 return ret;
781
782         if (i != j) {
783                 BUGPRINT("nentries does not equal the nr of entries in the "
784                          "(last) chain\n");
785                 return -EINVAL;
786         }
787         if (k != newinfo->nentries) {
788                 BUGPRINT("Total nentries is wrong\n");
789                 return -EINVAL;
790         }
791
792         /* check if all valid hooks have a chain */
793         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
794                 if (newinfo->hook_entry[i] == NULL &&
795                    (repl->valid_hooks & (1 << i))) {
796                         BUGPRINT("Valid hook without chain\n");
797                         return -EINVAL;
798                 }
799         }
800
801         /* get the location of the udc, put them in an array
802            while we're at it, allocate the chainstack */
803         if (udc_cnt) {
804                 /* this will get free'd in do_replace()/ebt_register_table()
805                    if an error occurs */
806                 newinfo->chainstack =
807                         vmalloc((highest_possible_processor_id()+1)
808                                         * sizeof(*(newinfo->chainstack)));
809                 if (!newinfo->chainstack)
810                         return -ENOMEM;
811                 for_each_possible_cpu(i) {
812                         newinfo->chainstack[i] =
813                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
814                         if (!newinfo->chainstack[i]) {
815                                 while (i)
816                                         vfree(newinfo->chainstack[--i]);
817                                 vfree(newinfo->chainstack);
818                                 newinfo->chainstack = NULL;
819                                 return -ENOMEM;
820                         }
821                 }
822
823                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
824                 if (!cl_s)
825                         return -ENOMEM;
826                 i = 0; /* the i'th udc */
827                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
828                    ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
829                    repl->valid_hooks, cl_s);
830                 /* sanity check */
831                 if (i != udc_cnt) {
832                         BUGPRINT("i != udc_cnt\n");
833                         vfree(cl_s);
834                         return -EFAULT;
835                 }
836         }
837
838         /* Check for loops */
839         for (i = 0; i < NF_BR_NUMHOOKS; i++)
840                 if (repl->valid_hooks & (1 << i))
841                         if (check_chainloops(newinfo->hook_entry[i],
842                            cl_s, udc_cnt, i, newinfo->entries)) {
843                                 vfree(cl_s);
844                                 return -EINVAL;
845                         }
846
847         /* we now know the following (along with E=mc²):
848            - the nr of entries in each chain is right
849            - the size of the allocated space is right
850            - all valid hooks have a corresponding chain
851            - there are no loops
852            - wrong data can still be on the level of a single entry
853            - could be there are jumps to places that are not the
854              beginning of a chain. This can only occur in chains that
855              are not accessible from any base chains, so we don't care. */
856
857         /* used to know what we need to clean up if something goes wrong */
858         i = 0;
859         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
860            ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
861            cl_s, udc_cnt);
862         if (ret != 0) {
863                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
864                    ebt_cleanup_entry, &i);
865         }
866         vfree(cl_s);
867         return ret;
868 }
869
870 /* called under write_lock */
871 static void get_counters(struct ebt_counter *oldcounters,
872    struct ebt_counter *counters, unsigned int nentries)
873 {
874         int i, cpu;
875         struct ebt_counter *counter_base;
876
877         /* counters of cpu 0 */
878         memcpy(counters, oldcounters,
879                sizeof(struct ebt_counter) * nentries);
880
881         /* add other counters to those of cpu 0 */
882         for_each_possible_cpu(cpu) {
883                 if (cpu == 0)
884                         continue;
885                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
886                 for (i = 0; i < nentries; i++) {
887                         counters[i].pcnt += counter_base[i].pcnt;
888                         counters[i].bcnt += counter_base[i].bcnt;
889                 }
890         }
891 }
892
893 /* replace the table */
894 static int do_replace(void __user *user, unsigned int len)
895 {
896         int ret, i, countersize;
897         struct ebt_table_info *newinfo;
898         struct ebt_replace tmp;
899         struct ebt_table *t;
900         struct ebt_counter *counterstmp = NULL;
901         /* used to be able to unlock earlier */
902         struct ebt_table_info *table;
903
904         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
905                 return -EFAULT;
906
907         if (len != sizeof(tmp) + tmp.entries_size) {
908                 BUGPRINT("Wrong len argument\n");
909                 return -EINVAL;
910         }
911
912         if (tmp.entries_size == 0) {
913                 BUGPRINT("Entries_size never zero\n");
914                 return -EINVAL;
915         }
916         /* overflow check */
917         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
918                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
919                 return -ENOMEM;
920         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
921                 return -ENOMEM;
922
923         countersize = COUNTER_OFFSET(tmp.nentries) * 
924                                         (highest_possible_processor_id()+1);
925         newinfo = vmalloc(sizeof(*newinfo) + countersize);
926         if (!newinfo)
927                 return -ENOMEM;
928
929         if (countersize)
930                 memset(newinfo->counters, 0, countersize);
931
932         newinfo->entries = vmalloc(tmp.entries_size);
933         if (!newinfo->entries) {
934                 ret = -ENOMEM;
935                 goto free_newinfo;
936         }
937         if (copy_from_user(
938            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
939                 BUGPRINT("Couldn't copy entries from userspace\n");
940                 ret = -EFAULT;
941                 goto free_entries;
942         }
943
944         /* the user wants counters back
945            the check on the size is done later, when we have the lock */
946         if (tmp.num_counters) {
947                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
948                 if (!counterstmp) {
949                         ret = -ENOMEM;
950                         goto free_entries;
951                 }
952         }
953         else
954                 counterstmp = NULL;
955
956         /* this can get initialized by translate_table() */
957         newinfo->chainstack = NULL;
958         ret = translate_table(&tmp, newinfo);
959
960         if (ret != 0)
961                 goto free_counterstmp;
962
963         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
964         if (!t) {
965                 ret = -ENOENT;
966                 goto free_iterate;
967         }
968
969         /* the table doesn't like it */
970         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
971                 goto free_unlock;
972
973         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
974                 BUGPRINT("Wrong nr. of counters requested\n");
975                 ret = -EINVAL;
976                 goto free_unlock;
977         }
978
979         /* we have the mutex lock, so no danger in reading this pointer */
980         table = t->private;
981         /* make sure the table can only be rmmod'ed if it contains no rules */
982         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
983                 ret = -ENOENT;
984                 goto free_unlock;
985         } else if (table->nentries && !newinfo->nentries)
986                 module_put(t->me);
987         /* we need an atomic snapshot of the counters */
988         write_lock_bh(&t->lock);
989         if (tmp.num_counters)
990                 get_counters(t->private->counters, counterstmp,
991                    t->private->nentries);
992
993         t->private = newinfo;
994         write_unlock_bh(&t->lock);
995         mutex_unlock(&ebt_mutex);
996         /* so, a user can change the chains while having messed up her counter
997            allocation. Only reason why this is done is because this way the lock
998            is held only once, while this doesn't bring the kernel into a
999            dangerous state. */
1000         if (tmp.num_counters &&
1001            copy_to_user(tmp.counters, counterstmp,
1002            tmp.num_counters * sizeof(struct ebt_counter))) {
1003                 BUGPRINT("Couldn't copy counters to userspace\n");
1004                 ret = -EFAULT;
1005         }
1006         else
1007                 ret = 0;
1008
1009         /* decrease module count and free resources */
1010         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1011            ebt_cleanup_entry, NULL);
1012
1013         vfree(table->entries);
1014         if (table->chainstack) {
1015                 for_each_possible_cpu(i)
1016                         vfree(table->chainstack[i]);
1017                 vfree(table->chainstack);
1018         }
1019         vfree(table);
1020
1021         vfree(counterstmp);
1022         return ret;
1023
1024 free_unlock:
1025         mutex_unlock(&ebt_mutex);
1026 free_iterate:
1027         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1028            ebt_cleanup_entry, NULL);
1029 free_counterstmp:
1030         vfree(counterstmp);
1031         /* can be initialized in translate_table() */
1032         if (newinfo->chainstack) {
1033                 for_each_possible_cpu(i)
1034                         vfree(newinfo->chainstack[i]);
1035                 vfree(newinfo->chainstack);
1036         }
1037 free_entries:
1038         vfree(newinfo->entries);
1039 free_newinfo:
1040         vfree(newinfo);
1041         return ret;
1042 }
1043
1044 int ebt_register_target(struct ebt_target *target)
1045 {
1046         int ret;
1047
1048         ret = mutex_lock_interruptible(&ebt_mutex);
1049         if (ret != 0)
1050                 return ret;
1051         if (!list_named_insert(&ebt_targets, target)) {
1052                 mutex_unlock(&ebt_mutex);
1053                 return -EEXIST;
1054         }
1055         mutex_unlock(&ebt_mutex);
1056
1057         return 0;
1058 }
1059
1060 void ebt_unregister_target(struct ebt_target *target)
1061 {
1062         mutex_lock(&ebt_mutex);
1063         LIST_DELETE(&ebt_targets, target);
1064         mutex_unlock(&ebt_mutex);
1065 }
1066
1067 int ebt_register_match(struct ebt_match *match)
1068 {
1069         int ret;
1070
1071         ret = mutex_lock_interruptible(&ebt_mutex);
1072         if (ret != 0)
1073                 return ret;
1074         if (!list_named_insert(&ebt_matches, match)) {
1075                 mutex_unlock(&ebt_mutex);
1076                 return -EEXIST;
1077         }
1078         mutex_unlock(&ebt_mutex);
1079
1080         return 0;
1081 }
1082
1083 void ebt_unregister_match(struct ebt_match *match)
1084 {
1085         mutex_lock(&ebt_mutex);
1086         LIST_DELETE(&ebt_matches, match);
1087         mutex_unlock(&ebt_mutex);
1088 }
1089
1090 int ebt_register_watcher(struct ebt_watcher *watcher)
1091 {
1092         int ret;
1093
1094         ret = mutex_lock_interruptible(&ebt_mutex);
1095         if (ret != 0)
1096                 return ret;
1097         if (!list_named_insert(&ebt_watchers, watcher)) {
1098                 mutex_unlock(&ebt_mutex);
1099                 return -EEXIST;
1100         }
1101         mutex_unlock(&ebt_mutex);
1102
1103         return 0;
1104 }
1105
1106 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1107 {
1108         mutex_lock(&ebt_mutex);
1109         LIST_DELETE(&ebt_watchers, watcher);
1110         mutex_unlock(&ebt_mutex);
1111 }
1112
1113 int ebt_register_table(struct ebt_table *table)
1114 {
1115         struct ebt_table_info *newinfo;
1116         int ret, i, countersize;
1117
1118         if (!table || !table->table ||!table->table->entries ||
1119             table->table->entries_size == 0 ||
1120             table->table->counters || table->private) {
1121                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1122                 return -EINVAL;
1123         }
1124
1125         countersize = COUNTER_OFFSET(table->table->nentries) *
1126                                         (highest_possible_processor_id()+1);
1127         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1128         ret = -ENOMEM;
1129         if (!newinfo)
1130                 return -ENOMEM;
1131
1132         newinfo->entries = vmalloc(table->table->entries_size);
1133         if (!(newinfo->entries))
1134                 goto free_newinfo;
1135
1136         memcpy(newinfo->entries, table->table->entries,
1137            table->table->entries_size);
1138
1139         if (countersize)
1140                 memset(newinfo->counters, 0, countersize);
1141
1142         /* fill in newinfo and parse the entries */
1143         newinfo->chainstack = NULL;
1144         ret = translate_table(table->table, newinfo);
1145         if (ret != 0) {
1146                 BUGPRINT("Translate_table failed\n");
1147                 goto free_chainstack;
1148         }
1149
1150         if (table->check && table->check(newinfo, table->valid_hooks)) {
1151                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1152                 return -EINVAL;
1153         }
1154
1155         table->private = newinfo;
1156         rwlock_init(&table->lock);
1157         ret = mutex_lock_interruptible(&ebt_mutex);
1158         if (ret != 0)
1159                 goto free_chainstack;
1160
1161         if (list_named_find(&ebt_tables, table->name)) {
1162                 ret = -EEXIST;
1163                 BUGPRINT("Table name already exists\n");
1164                 goto free_unlock;
1165         }
1166
1167         /* Hold a reference count if the chains aren't empty */
1168         if (newinfo->nentries && !try_module_get(table->me)) {
1169                 ret = -ENOENT;
1170                 goto free_unlock;
1171         }
1172         list_prepend(&ebt_tables, table);
1173         mutex_unlock(&ebt_mutex);
1174         return 0;
1175 free_unlock:
1176         mutex_unlock(&ebt_mutex);
1177 free_chainstack:
1178         if (newinfo->chainstack) {
1179                 for_each_possible_cpu(i)
1180                         vfree(newinfo->chainstack[i]);
1181                 vfree(newinfo->chainstack);
1182         }
1183         vfree(newinfo->entries);
1184 free_newinfo:
1185         vfree(newinfo);
1186         return ret;
1187 }
1188
1189 void ebt_unregister_table(struct ebt_table *table)
1190 {
1191         int i;
1192
1193         if (!table) {
1194                 BUGPRINT("Request to unregister NULL table!!!\n");
1195                 return;
1196         }
1197         mutex_lock(&ebt_mutex);
1198         LIST_DELETE(&ebt_tables, table);
1199         mutex_unlock(&ebt_mutex);
1200         vfree(table->private->entries);
1201         if (table->private->chainstack) {
1202                 for_each_possible_cpu(i)
1203                         vfree(table->private->chainstack[i]);
1204                 vfree(table->private->chainstack);
1205         }
1206         vfree(table->private);
1207 }
1208
1209 /* userspace just supplied us with counters */
1210 static int update_counters(void __user *user, unsigned int len)
1211 {
1212         int i, ret;
1213         struct ebt_counter *tmp;
1214         struct ebt_replace hlp;
1215         struct ebt_table *t;
1216
1217         if (copy_from_user(&hlp, user, sizeof(hlp)))
1218                 return -EFAULT;
1219
1220         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1221                 return -EINVAL;
1222         if (hlp.num_counters == 0)
1223                 return -EINVAL;
1224
1225         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1226                 MEMPRINT("Update_counters && nomemory\n");
1227                 return -ENOMEM;
1228         }
1229
1230         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1231         if (!t)
1232                 goto free_tmp;
1233
1234         if (hlp.num_counters != t->private->nentries) {
1235                 BUGPRINT("Wrong nr of counters\n");
1236                 ret = -EINVAL;
1237                 goto unlock_mutex;
1238         }
1239
1240         if ( copy_from_user(tmp, hlp.counters,
1241            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1242                 BUGPRINT("Updata_counters && !cfu\n");
1243                 ret = -EFAULT;
1244                 goto unlock_mutex;
1245         }
1246
1247         /* we want an atomic add of the counters */
1248         write_lock_bh(&t->lock);
1249
1250         /* we add to the counters of the first cpu */
1251         for (i = 0; i < hlp.num_counters; i++) {
1252                 t->private->counters[i].pcnt += tmp[i].pcnt;
1253                 t->private->counters[i].bcnt += tmp[i].bcnt;
1254         }
1255
1256         write_unlock_bh(&t->lock);
1257         ret = 0;
1258 unlock_mutex:
1259         mutex_unlock(&ebt_mutex);
1260 free_tmp:
1261         vfree(tmp);
1262         return ret;
1263 }
1264
1265 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1266    char *base, char *ubase)
1267 {
1268         char *hlp = ubase - base + (char *)m;
1269         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1270                 return -EFAULT;
1271         return 0;
1272 }
1273
1274 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1275    char *base, char *ubase)
1276 {
1277         char *hlp = ubase - base + (char *)w;
1278         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1279                 return -EFAULT;
1280         return 0;
1281 }
1282
1283 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1284 {
1285         int ret;
1286         char *hlp;
1287         struct ebt_entry_target *t;
1288
1289         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
1290                 return 0;
1291
1292         hlp = ubase - base + (char *)e + e->target_offset;
1293         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1294         
1295         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1296         if (ret != 0)
1297                 return ret;
1298         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1299         if (ret != 0)
1300                 return ret;
1301         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1302                 return -EFAULT;
1303         return 0;
1304 }
1305
1306 /* called with ebt_mutex locked */
1307 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1308    int *len, int cmd)
1309 {
1310         struct ebt_replace tmp;
1311         struct ebt_counter *counterstmp, *oldcounters;
1312         unsigned int entries_size, nentries;
1313         char *entries;
1314
1315         if (cmd == EBT_SO_GET_ENTRIES) {
1316                 entries_size = t->private->entries_size;
1317                 nentries = t->private->nentries;
1318                 entries = t->private->entries;
1319                 oldcounters = t->private->counters;
1320         } else {
1321                 entries_size = t->table->entries_size;
1322                 nentries = t->table->nentries;
1323                 entries = t->table->entries;
1324                 oldcounters = t->table->counters;
1325         }
1326
1327         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1328                 BUGPRINT("Cfu didn't work\n");
1329                 return -EFAULT;
1330         }
1331
1332         if (*len != sizeof(struct ebt_replace) + entries_size +
1333            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1334                 BUGPRINT("Wrong size\n");
1335                 return -EINVAL;
1336         }
1337
1338         if (tmp.nentries != nentries) {
1339                 BUGPRINT("Nentries wrong\n");
1340                 return -EINVAL;
1341         }
1342
1343         if (tmp.entries_size != entries_size) {
1344                 BUGPRINT("Wrong size\n");
1345                 return -EINVAL;
1346         }
1347
1348         /* userspace might not need the counters */
1349         if (tmp.num_counters) {
1350                 if (tmp.num_counters != nentries) {
1351                         BUGPRINT("Num_counters wrong\n");
1352                         return -EINVAL;
1353                 }
1354                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1355                 if (!counterstmp) {
1356                         MEMPRINT("Couldn't copy counters, out of memory\n");
1357                         return -ENOMEM;
1358                 }
1359                 write_lock_bh(&t->lock);
1360                 get_counters(oldcounters, counterstmp, nentries);
1361                 write_unlock_bh(&t->lock);
1362
1363                 if (copy_to_user(tmp.counters, counterstmp,
1364                    nentries * sizeof(struct ebt_counter))) {
1365                         BUGPRINT("Couldn't copy counters to userspace\n");
1366                         vfree(counterstmp);
1367                         return -EFAULT;
1368                 }
1369                 vfree(counterstmp);
1370         }
1371
1372         if (copy_to_user(tmp.entries, entries, entries_size)) {
1373                 BUGPRINT("Couldn't copy entries to userspace\n");
1374                 return -EFAULT;
1375         }
1376         /* set the match/watcher/target names right */
1377         return EBT_ENTRY_ITERATE(entries, entries_size,
1378            ebt_make_names, entries, tmp.entries);
1379 }
1380
1381 static int do_ebt_set_ctl(struct sock *sk,
1382         int cmd, void __user *user, unsigned int len)
1383 {
1384         int ret;
1385
1386         switch(cmd) {
1387         case EBT_SO_SET_ENTRIES:
1388                 ret = do_replace(user, len);
1389                 break;
1390         case EBT_SO_SET_COUNTERS:
1391                 ret = update_counters(user, len);
1392                 break;
1393         default:
1394                 ret = -EINVAL;
1395   }
1396         return ret;
1397 }
1398
1399 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1400 {
1401         int ret;
1402         struct ebt_replace tmp;
1403         struct ebt_table *t;
1404
1405         if (copy_from_user(&tmp, user, sizeof(tmp)))
1406                 return -EFAULT;
1407
1408         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1409         if (!t)
1410                 return ret;
1411
1412         switch(cmd) {
1413         case EBT_SO_GET_INFO:
1414         case EBT_SO_GET_INIT_INFO:
1415                 if (*len != sizeof(struct ebt_replace)){
1416                         ret = -EINVAL;
1417                         mutex_unlock(&ebt_mutex);
1418                         break;
1419                 }
1420                 if (cmd == EBT_SO_GET_INFO) {
1421                         tmp.nentries = t->private->nentries;
1422                         tmp.entries_size = t->private->entries_size;
1423                         tmp.valid_hooks = t->valid_hooks;
1424                 } else {
1425                         tmp.nentries = t->table->nentries;
1426                         tmp.entries_size = t->table->entries_size;
1427                         tmp.valid_hooks = t->table->valid_hooks;
1428                 }
1429                 mutex_unlock(&ebt_mutex);
1430                 if (copy_to_user(user, &tmp, *len) != 0){
1431                         BUGPRINT("c2u Didn't work\n");
1432                         ret = -EFAULT;
1433                         break;
1434                 }
1435                 ret = 0;
1436                 break;
1437
1438         case EBT_SO_GET_ENTRIES:
1439         case EBT_SO_GET_INIT_ENTRIES:
1440                 ret = copy_everything_to_user(t, user, len, cmd);
1441                 mutex_unlock(&ebt_mutex);
1442                 break;
1443
1444         default:
1445                 mutex_unlock(&ebt_mutex);
1446                 ret = -EINVAL;
1447         }
1448
1449         return ret;
1450 }
1451
1452 static struct nf_sockopt_ops ebt_sockopts =
1453 {
1454         .pf             = PF_INET,
1455         .set_optmin     = EBT_BASE_CTL,
1456         .set_optmax     = EBT_SO_SET_MAX + 1,
1457         .set            = do_ebt_set_ctl,
1458         .get_optmin     = EBT_BASE_CTL,
1459         .get_optmax     = EBT_SO_GET_MAX + 1,
1460         .get            = do_ebt_get_ctl,
1461 };
1462
1463 static int __init ebtables_init(void)
1464 {
1465         int ret;
1466
1467         mutex_lock(&ebt_mutex);
1468         list_named_insert(&ebt_targets, &ebt_standard_target);
1469         mutex_unlock(&ebt_mutex);
1470         if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1471                 return ret;
1472
1473         printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1474         return 0;
1475 }
1476
1477 static void __exit ebtables_fini(void)
1478 {
1479         nf_unregister_sockopt(&ebt_sockopts);
1480         printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1481 }
1482
1483 EXPORT_SYMBOL(ebt_register_table);
1484 EXPORT_SYMBOL(ebt_unregister_table);
1485 EXPORT_SYMBOL(ebt_register_match);
1486 EXPORT_SYMBOL(ebt_unregister_match);
1487 EXPORT_SYMBOL(ebt_register_watcher);
1488 EXPORT_SYMBOL(ebt_unregister_watcher);
1489 EXPORT_SYMBOL(ebt_register_target);
1490 EXPORT_SYMBOL(ebt_unregister_target);
1491 EXPORT_SYMBOL(ebt_do_table);
1492 module_init(ebtables_init);
1493 module_exit(ebtables_fini);
1494 MODULE_LICENSE("GPL");