[EBTABLES]: Move more stuff into ebt_verify_pointers().
[linux-3.10.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <linux/mutex.h>
28 #include <asm/uaccess.h>
29 #include <linux/smp.h>
30 #include <linux/cpumask.h>
31 #include <net/sock.h>
32 /* needed for logical [in,out]-dev filtering */
33 #include "../br_private.h"
34
35 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
36                                          "report to author: "format, ## args)
37 /* #define BUGPRINT(format, args...) */
38 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
39                                          ": out of memory: "format, ## args)
40 /* #define MEMPRINT(format, args...) */
41
42
43
44 /*
45  * Each cpu has its own set of counters, so there is no need for write_lock in
46  * the softirq
47  * For reading or updating the counters, the user context needs to
48  * get a write_lock
49  */
50
51 /* The size of each set of counters is altered to get cache alignment */
52 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
53 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
54 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
55    COUNTER_OFFSET(n) * cpu))
56
57
58
59 static DEFINE_MUTEX(ebt_mutex);
60 static LIST_HEAD(ebt_tables);
61 static LIST_HEAD(ebt_targets);
62 static LIST_HEAD(ebt_matches);
63 static LIST_HEAD(ebt_watchers);
64
65 static struct ebt_target ebt_standard_target =
66 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
67
68 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
69    const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
70    const struct net_device *out)
71 {
72         w->u.watcher->watcher(skb, hooknr, in, out, w->data,
73            w->watcher_size);
74         /* watchers don't give a verdict */
75         return 0;
76 }
77
78 static inline int ebt_do_match (struct ebt_entry_match *m,
79    const struct sk_buff *skb, const struct net_device *in,
80    const struct net_device *out)
81 {
82         return m->u.match->match(skb, in, out, m->data,
83            m->match_size);
84 }
85
86 static inline int ebt_dev_check(char *entry, const struct net_device *device)
87 {
88         int i = 0;
89         const char *devname = device->name;
90
91         if (*entry == '\0')
92                 return 0;
93         if (!device)
94                 return 1;
95         /* 1 is the wildcard token */
96         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97                 i++;
98         return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104    const struct net_device *in, const struct net_device *out)
105 {
106         int verdict, i;
107
108         if (e->bitmask & EBT_802_3) {
109                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110                         return 1;
111         } else if (!(e->bitmask & EBT_NOPROTO) &&
112            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113                 return 1;
114
115         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116                 return 1;
117         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118                 return 1;
119         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121                 return 1;
122         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124                 return 1;
125
126         if (e->bitmask & EBT_SOURCEMAC) {
127                 verdict = 0;
128                 for (i = 0; i < 6; i++)
129                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130                            e->sourcemsk[i];
131                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132                         return 1;
133         }
134         if (e->bitmask & EBT_DESTMAC) {
135                 verdict = 0;
136                 for (i = 0; i < 6; i++)
137                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138                            e->destmsk[i];
139                 if (FWINV2(verdict != 0, EBT_IDEST) )
140                         return 1;
141         }
142         return 0;
143 }
144
145 /* Do some firewalling */
146 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
147    const struct net_device *in, const struct net_device *out,
148    struct ebt_table *table)
149 {
150         int i, nentries;
151         struct ebt_entry *point;
152         struct ebt_counter *counter_base, *cb_base;
153         struct ebt_entry_target *t;
154         int verdict, sp = 0;
155         struct ebt_chainstack *cs;
156         struct ebt_entries *chaininfo;
157         char *base;
158         struct ebt_table_info *private;
159
160         read_lock_bh(&table->lock);
161         private = table->private;
162         cb_base = COUNTER_BASE(private->counters, private->nentries,
163            smp_processor_id());
164         if (private->chainstack)
165                 cs = private->chainstack[smp_processor_id()];
166         else
167                 cs = NULL;
168         chaininfo = private->hook_entry[hook];
169         nentries = private->hook_entry[hook]->nentries;
170         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
171         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
172         /* base for chain jumps */
173         base = private->entries;
174         i = 0;
175         while (i < nentries) {
176                 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
177                         goto letscontinue;
178
179                 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
180                         goto letscontinue;
181
182                 /* increase counter */
183                 (*(counter_base + i)).pcnt++;
184                 (*(counter_base + i)).bcnt+=(**pskb).len;
185
186                 /* these should only watch: not modify, nor tell us
187                    what to do with the packet */
188                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
189                    out);
190
191                 t = (struct ebt_entry_target *)
192                    (((char *)point) + point->target_offset);
193                 /* standard target */
194                 if (!t->u.target->target)
195                         verdict = ((struct ebt_standard_target *)t)->verdict;
196                 else
197                         verdict = t->u.target->target(pskb, hook,
198                            in, out, t->data, t->target_size);
199                 if (verdict == EBT_ACCEPT) {
200                         read_unlock_bh(&table->lock);
201                         return NF_ACCEPT;
202                 }
203                 if (verdict == EBT_DROP) {
204                         read_unlock_bh(&table->lock);
205                         return NF_DROP;
206                 }
207                 if (verdict == EBT_RETURN) {
208 letsreturn:
209 #ifdef CONFIG_NETFILTER_DEBUG
210                         if (sp == 0) {
211                                 BUGPRINT("RETURN on base chain");
212                                 /* act like this is EBT_CONTINUE */
213                                 goto letscontinue;
214                         }
215 #endif
216                         sp--;
217                         /* put all the local variables right */
218                         i = cs[sp].n;
219                         chaininfo = cs[sp].chaininfo;
220                         nentries = chaininfo->nentries;
221                         point = cs[sp].e;
222                         counter_base = cb_base +
223                            chaininfo->counter_offset;
224                         continue;
225                 }
226                 if (verdict == EBT_CONTINUE)
227                         goto letscontinue;
228 #ifdef CONFIG_NETFILTER_DEBUG
229                 if (verdict < 0) {
230                         BUGPRINT("bogus standard verdict\n");
231                         read_unlock_bh(&table->lock);
232                         return NF_DROP;
233                 }
234 #endif
235                 /* jump to a udc */
236                 cs[sp].n = i + 1;
237                 cs[sp].chaininfo = chaininfo;
238                 cs[sp].e = (struct ebt_entry *)
239                    (((char *)point) + point->next_offset);
240                 i = 0;
241                 chaininfo = (struct ebt_entries *) (base + verdict);
242 #ifdef CONFIG_NETFILTER_DEBUG
243                 if (chaininfo->distinguisher) {
244                         BUGPRINT("jump to non-chain\n");
245                         read_unlock_bh(&table->lock);
246                         return NF_DROP;
247                 }
248 #endif
249                 nentries = chaininfo->nentries;
250                 point = (struct ebt_entry *)chaininfo->data;
251                 counter_base = cb_base + chaininfo->counter_offset;
252                 sp++;
253                 continue;
254 letscontinue:
255                 point = (struct ebt_entry *)
256                    (((char *)point) + point->next_offset);
257                 i++;
258         }
259
260         /* I actually like this :) */
261         if (chaininfo->policy == EBT_RETURN)
262                 goto letsreturn;
263         if (chaininfo->policy == EBT_ACCEPT) {
264                 read_unlock_bh(&table->lock);
265                 return NF_ACCEPT;
266         }
267         read_unlock_bh(&table->lock);
268         return NF_DROP;
269 }
270
271 /* If it succeeds, returns element and locks mutex */
272 static inline void *
273 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
274    struct mutex *mutex)
275 {
276         struct {
277                 struct list_head list;
278                 char name[EBT_FUNCTION_MAXNAMELEN];
279         } *e;
280
281         *error = mutex_lock_interruptible(mutex);
282         if (*error != 0)
283                 return NULL;
284
285         list_for_each_entry(e, head, list) {
286                 if (strcmp(e->name, name) == 0)
287                         return e;
288         }
289         *error = -ENOENT;
290         mutex_unlock(mutex);
291         return NULL;
292 }
293
294 #ifndef CONFIG_KMOD
295 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
296 #else
297 static void *
298 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
299    int *error, struct mutex *mutex)
300 {
301         void *ret;
302
303         ret = find_inlist_lock_noload(head, name, error, mutex);
304         if (!ret) {
305                 request_module("%s%s", prefix, name);
306                 ret = find_inlist_lock_noload(head, name, error, mutex);
307         }
308         return ret;
309 }
310 #endif
311
312 static inline struct ebt_table *
313 find_table_lock(const char *name, int *error, struct mutex *mutex)
314 {
315         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
316 }
317
318 static inline struct ebt_match *
319 find_match_lock(const char *name, int *error, struct mutex *mutex)
320 {
321         return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
322 }
323
324 static inline struct ebt_watcher *
325 find_watcher_lock(const char *name, int *error, struct mutex *mutex)
326 {
327         return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
328 }
329
330 static inline struct ebt_target *
331 find_target_lock(const char *name, int *error, struct mutex *mutex)
332 {
333         return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
334 }
335
336 static inline int
337 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
338    const char *name, unsigned int hookmask, unsigned int *cnt)
339 {
340         struct ebt_match *match;
341         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
342         int ret;
343
344         if (left < sizeof(struct ebt_entry_match) ||
345             left - sizeof(struct ebt_entry_match) < m->match_size)
346                 return -EINVAL;
347         match = find_match_lock(m->u.name, &ret, &ebt_mutex);
348         if (!match)
349                 return ret;
350         m->u.match = match;
351         if (!try_module_get(match->me)) {
352                 mutex_unlock(&ebt_mutex);
353                 return -ENOENT;
354         }
355         mutex_unlock(&ebt_mutex);
356         if (match->check &&
357            match->check(name, hookmask, e, m->data, m->match_size) != 0) {
358                 BUGPRINT("match->check failed\n");
359                 module_put(match->me);
360                 return -EINVAL;
361         }
362         (*cnt)++;
363         return 0;
364 }
365
366 static inline int
367 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
368    const char *name, unsigned int hookmask, unsigned int *cnt)
369 {
370         struct ebt_watcher *watcher;
371         size_t left = ((char *)e + e->target_offset) - (char *)w;
372         int ret;
373
374         if (left < sizeof(struct ebt_entry_watcher) ||
375            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
376                 return -EINVAL;
377         watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
378         if (!watcher)
379                 return ret;
380         w->u.watcher = watcher;
381         if (!try_module_get(watcher->me)) {
382                 mutex_unlock(&ebt_mutex);
383                 return -ENOENT;
384         }
385         mutex_unlock(&ebt_mutex);
386         if (watcher->check &&
387            watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
388                 BUGPRINT("watcher->check failed\n");
389                 module_put(watcher->me);
390                 return -EINVAL;
391         }
392         (*cnt)++;
393         return 0;
394 }
395
396 static int ebt_verify_pointers(struct ebt_replace *repl,
397                                struct ebt_table_info *newinfo)
398 {
399         unsigned int limit = repl->entries_size;
400         unsigned int valid_hooks = repl->valid_hooks;
401         unsigned int offset = 0;
402         int i;
403
404         for (i = 0; i < NF_BR_NUMHOOKS; i++)
405                 newinfo->hook_entry[i] = NULL;
406
407         newinfo->entries_size = repl->entries_size;
408         newinfo->nentries = repl->nentries;
409
410         while (offset < limit) {
411                 size_t left = limit - offset;
412                 struct ebt_entry *e = (void *)newinfo->entries + offset;
413
414                 if (left < sizeof(unsigned int))
415                         break;
416
417                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
418                         if ((valid_hooks & (1 << i)) == 0)
419                                 continue;
420                         if ((char *)repl->hook_entry[i] == repl->entries + offset)
421                                 break;
422                 }
423
424                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
425                         if (e->bitmask != 0) {
426                                 /* we make userspace set this right,
427                                    so there is no misunderstanding */
428                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
429                                          "in distinguisher\n");
430                                 return -EINVAL;
431                         }
432                         if (i != NF_BR_NUMHOOKS)
433                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
434                         if (left < sizeof(struct ebt_entries))
435                                 break;
436                         offset += sizeof(struct ebt_entries);
437                 } else {
438                         if (left < sizeof(struct ebt_entry))
439                                 break;
440                         if (left < e->next_offset)
441                                 break;
442                         offset += e->next_offset;
443                 }
444         }
445         if (offset != limit) {
446                 BUGPRINT("entries_size too small\n");
447                 return -EINVAL;
448         }
449
450         /* check if all valid hooks have a chain */
451         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
452                 if (!newinfo->hook_entry[i] &&
453                    (valid_hooks & (1 << i))) {
454                         BUGPRINT("Valid hook without chain\n");
455                         return -EINVAL;
456                 }
457         }
458         return 0;
459 }
460
461 /*
462  * this one is very careful, as it is the first function
463  * to parse the userspace data
464  */
465 static inline int
466 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
467    struct ebt_table_info *newinfo, char *base,
468    struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
469    unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
470 {
471         unsigned int offset = (char *)e - newinfo->entries;
472         int i;
473
474         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
475                 if ((valid_hooks & (1 << i)) == 0)
476                         continue;
477                 if ((char *)hook_entries[i] == base + offset)
478                         break;
479         }
480         /* beginning of a new chain
481            if i == NF_BR_NUMHOOKS it must be a user defined chain */
482         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
483                 /* this checks if the previous chain has as many entries
484                    as it said it has */
485                 if (*n != *cnt) {
486                         BUGPRINT("nentries does not equal the nr of entries "
487                                  "in the chain\n");
488                         return -EINVAL;
489                 }
490                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492                         /* only RETURN from udc */
493                         if (i != NF_BR_NUMHOOKS ||
494                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495                                 BUGPRINT("bad policy\n");
496                                 return -EINVAL;
497                         }
498                 }
499                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500                         (*udc_cnt)++;
501                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502                         BUGPRINT("counter_offset != totalcnt");
503                         return -EINVAL;
504                 }
505                 *n = ((struct ebt_entries *)e)->nentries;
506                 *cnt = 0;
507                 return 0;
508         }
509         /* a plain old entry, heh */
510         if (sizeof(struct ebt_entry) > e->watchers_offset ||
511            e->watchers_offset > e->target_offset ||
512            e->target_offset >= e->next_offset) {
513                 BUGPRINT("entry offsets not in right order\n");
514                 return -EINVAL;
515         }
516         /* this is not checked anywhere else */
517         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518                 BUGPRINT("target size too small\n");
519                 return -EINVAL;
520         }
521         (*cnt)++;
522         (*totalcnt)++;
523         return 0;
524 }
525
526 struct ebt_cl_stack
527 {
528         struct ebt_chainstack cs;
529         int from;
530         unsigned int hookmask;
531 };
532
533 /*
534  * we need these positions to check that the jumps to a different part of the
535  * entries is a jump to the beginning of a new chain.
536  */
537 static inline int
538 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
539    struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
540    struct ebt_cl_stack *udc)
541 {
542         int i;
543
544         /* we're only interested in chain starts */
545         if (e->bitmask)
546                 return 0;
547         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
548                 if ((valid_hooks & (1 << i)) == 0)
549                         continue;
550                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
551                         break;
552         }
553         /* only care about udc */
554         if (i != NF_BR_NUMHOOKS)
555                 return 0;
556
557         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
558         /* these initialisations are depended on later in check_chainloops() */
559         udc[*n].cs.n = 0;
560         udc[*n].hookmask = 0;
561
562         (*n)++;
563         return 0;
564 }
565
566 static inline int
567 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
568 {
569         if (i && (*i)-- == 0)
570                 return 1;
571         if (m->u.match->destroy)
572                 m->u.match->destroy(m->data, m->match_size);
573         module_put(m->u.match->me);
574
575         return 0;
576 }
577
578 static inline int
579 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
580 {
581         if (i && (*i)-- == 0)
582                 return 1;
583         if (w->u.watcher->destroy)
584                 w->u.watcher->destroy(w->data, w->watcher_size);
585         module_put(w->u.watcher->me);
586
587         return 0;
588 }
589
590 static inline int
591 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
592 {
593         struct ebt_entry_target *t;
594
595         if (e->bitmask == 0)
596                 return 0;
597         /* we're done */
598         if (cnt && (*cnt)-- == 0)
599                 return 1;
600         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
601         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
602         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
603         if (t->u.target->destroy)
604                 t->u.target->destroy(t->data, t->target_size);
605         module_put(t->u.target->me);
606
607         return 0;
608 }
609
610 static inline int
611 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
612    const char *name, unsigned int *cnt, unsigned int valid_hooks,
613    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
614 {
615         struct ebt_entry_target *t;
616         struct ebt_target *target;
617         unsigned int i, j, hook = 0, hookmask = 0;
618         size_t gap = e->next_offset - e->target_offset;
619         int ret;
620
621         /* don't mess with the struct ebt_entries */
622         if (e->bitmask == 0)
623                 return 0;
624
625         if (e->bitmask & ~EBT_F_MASK) {
626                 BUGPRINT("Unknown flag for bitmask\n");
627                 return -EINVAL;
628         }
629         if (e->invflags & ~EBT_INV_MASK) {
630                 BUGPRINT("Unknown flag for inv bitmask\n");
631                 return -EINVAL;
632         }
633         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
634                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
635                 return -EINVAL;
636         }
637         /* what hook do we belong to? */
638         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
639                 if ((valid_hooks & (1 << i)) == 0)
640                         continue;
641                 if ((char *)newinfo->hook_entry[i] < (char *)e)
642                         hook = i;
643                 else
644                         break;
645         }
646         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
647            a base chain */
648         if (i < NF_BR_NUMHOOKS)
649                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
650         else {
651                 for (i = 0; i < udc_cnt; i++)
652                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
653                                 break;
654                 if (i == 0)
655                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
656                 else
657                         hookmask = cl_s[i - 1].hookmask;
658         }
659         i = 0;
660         ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
661         if (ret != 0)
662                 goto cleanup_matches;
663         j = 0;
664         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
665         if (ret != 0)
666                 goto cleanup_watchers;
667         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
668         target = find_target_lock(t->u.name, &ret, &ebt_mutex);
669         if (!target)
670                 goto cleanup_watchers;
671         if (!try_module_get(target->me)) {
672                 mutex_unlock(&ebt_mutex);
673                 ret = -ENOENT;
674                 goto cleanup_watchers;
675         }
676         mutex_unlock(&ebt_mutex);
677
678         t->u.target = target;
679         if (t->u.target == &ebt_standard_target) {
680                 if (gap < sizeof(struct ebt_standard_target)) {
681                         BUGPRINT("Standard target size too big\n");
682                         ret = -EFAULT;
683                         goto cleanup_watchers;
684                 }
685                 if (((struct ebt_standard_target *)t)->verdict <
686                    -NUM_STANDARD_TARGETS) {
687                         BUGPRINT("Invalid standard target\n");
688                         ret = -EFAULT;
689                         goto cleanup_watchers;
690                 }
691         } else if (t->target_size > gap - sizeof(struct ebt_entry_target) ||
692            (t->u.target->check &&
693            t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
694                 module_put(t->u.target->me);
695                 ret = -EFAULT;
696                 goto cleanup_watchers;
697         }
698         (*cnt)++;
699         return 0;
700 cleanup_watchers:
701         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
702 cleanup_matches:
703         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
704         return ret;
705 }
706
707 /*
708  * checks for loops and sets the hook mask for udc
709  * the hook mask for udc tells us from which base chains the udc can be
710  * accessed. This mask is a parameter to the check() functions of the extensions
711  */
712 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
713    unsigned int udc_cnt, unsigned int hooknr, char *base)
714 {
715         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
716         struct ebt_entry *e = (struct ebt_entry *)chain->data;
717         struct ebt_entry_target *t;
718
719         while (pos < nentries || chain_nr != -1) {
720                 /* end of udc, go back one 'recursion' step */
721                 if (pos == nentries) {
722                         /* put back values of the time when this chain was called */
723                         e = cl_s[chain_nr].cs.e;
724                         if (cl_s[chain_nr].from != -1)
725                                 nentries =
726                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
727                         else
728                                 nentries = chain->nentries;
729                         pos = cl_s[chain_nr].cs.n;
730                         /* make sure we won't see a loop that isn't one */
731                         cl_s[chain_nr].cs.n = 0;
732                         chain_nr = cl_s[chain_nr].from;
733                         if (pos == nentries)
734                                 continue;
735                 }
736                 t = (struct ebt_entry_target *)
737                    (((char *)e) + e->target_offset);
738                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
739                         goto letscontinue;
740                 if (e->target_offset + sizeof(struct ebt_standard_target) >
741                    e->next_offset) {
742                         BUGPRINT("Standard target size too big\n");
743                         return -1;
744                 }
745                 verdict = ((struct ebt_standard_target *)t)->verdict;
746                 if (verdict >= 0) { /* jump to another chain */
747                         struct ebt_entries *hlp2 =
748                            (struct ebt_entries *)(base + verdict);
749                         for (i = 0; i < udc_cnt; i++)
750                                 if (hlp2 == cl_s[i].cs.chaininfo)
751                                         break;
752                         /* bad destination or loop */
753                         if (i == udc_cnt) {
754                                 BUGPRINT("bad destination\n");
755                                 return -1;
756                         }
757                         if (cl_s[i].cs.n) {
758                                 BUGPRINT("loop\n");
759                                 return -1;
760                         }
761                         if (cl_s[i].hookmask & (1 << hooknr))
762                                 goto letscontinue;
763                         /* this can't be 0, so the loop test is correct */
764                         cl_s[i].cs.n = pos + 1;
765                         pos = 0;
766                         cl_s[i].cs.e = ((void *)e + e->next_offset);
767                         e = (struct ebt_entry *)(hlp2->data);
768                         nentries = hlp2->nentries;
769                         cl_s[i].from = chain_nr;
770                         chain_nr = i;
771                         /* this udc is accessible from the base chain for hooknr */
772                         cl_s[i].hookmask |= (1 << hooknr);
773                         continue;
774                 }
775 letscontinue:
776                 e = (void *)e + e->next_offset;
777                 pos++;
778         }
779         return 0;
780 }
781
782 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
783 static int translate_table(struct ebt_replace *repl,
784    struct ebt_table_info *newinfo)
785 {
786         unsigned int i, j, k, udc_cnt;
787         int ret;
788         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
789
790         ret = ebt_verify_pointers(repl, newinfo);
791         if (ret != 0)
792                 return ret;
793
794         i = 0;
795         while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
796                 i++;
797         if (i == NF_BR_NUMHOOKS) {
798                 BUGPRINT("No valid hooks specified\n");
799                 return -EINVAL;
800         }
801         if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
802                 BUGPRINT("Chains don't start at beginning\n");
803                 return -EINVAL;
804         }
805         /* make sure chains are ordered after each other in same order
806            as their corresponding hooks */
807         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
808                 if (!(repl->valid_hooks & (1 << j)))
809                         continue;
810                 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
811                         BUGPRINT("Hook order must be followed\n");
812                         return -EINVAL;
813                 }
814                 i = j;
815         }
816
817         /* do some early checkings and initialize some things */
818         i = 0; /* holds the expected nr. of entries for the chain */
819         j = 0; /* holds the up to now counted entries for the chain */
820         k = 0; /* holds the total nr. of entries, should equal
821                   newinfo->nentries afterwards */
822         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
823         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
824            ebt_check_entry_size_and_hooks, newinfo, repl->entries,
825            repl->hook_entry, &i, &j, &k,
826            &udc_cnt, repl->valid_hooks);
827
828         if (ret != 0)
829                 return ret;
830
831         if (i != j) {
832                 BUGPRINT("nentries does not equal the nr of entries in the "
833                          "(last) chain\n");
834                 return -EINVAL;
835         }
836         if (k != newinfo->nentries) {
837                 BUGPRINT("Total nentries is wrong\n");
838                 return -EINVAL;
839         }
840
841         /* get the location of the udc, put them in an array
842            while we're at it, allocate the chainstack */
843         if (udc_cnt) {
844                 /* this will get free'd in do_replace()/ebt_register_table()
845                    if an error occurs */
846                 newinfo->chainstack =
847                         vmalloc((highest_possible_processor_id()+1)
848                                         * sizeof(*(newinfo->chainstack)));
849                 if (!newinfo->chainstack)
850                         return -ENOMEM;
851                 for_each_possible_cpu(i) {
852                         newinfo->chainstack[i] =
853                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
854                         if (!newinfo->chainstack[i]) {
855                                 while (i)
856                                         vfree(newinfo->chainstack[--i]);
857                                 vfree(newinfo->chainstack);
858                                 newinfo->chainstack = NULL;
859                                 return -ENOMEM;
860                         }
861                 }
862
863                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
864                 if (!cl_s)
865                         return -ENOMEM;
866                 i = 0; /* the i'th udc */
867                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
868                    ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
869                    repl->valid_hooks, cl_s);
870                 /* sanity check */
871                 if (i != udc_cnt) {
872                         BUGPRINT("i != udc_cnt\n");
873                         vfree(cl_s);
874                         return -EFAULT;
875                 }
876         }
877
878         /* Check for loops */
879         for (i = 0; i < NF_BR_NUMHOOKS; i++)
880                 if (repl->valid_hooks & (1 << i))
881                         if (check_chainloops(newinfo->hook_entry[i],
882                            cl_s, udc_cnt, i, newinfo->entries)) {
883                                 vfree(cl_s);
884                                 return -EINVAL;
885                         }
886
887         /* we now know the following (along with E=mc²):
888            - the nr of entries in each chain is right
889            - the size of the allocated space is right
890            - all valid hooks have a corresponding chain
891            - there are no loops
892            - wrong data can still be on the level of a single entry
893            - could be there are jumps to places that are not the
894              beginning of a chain. This can only occur in chains that
895              are not accessible from any base chains, so we don't care. */
896
897         /* used to know what we need to clean up if something goes wrong */
898         i = 0;
899         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
900            ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
901            cl_s, udc_cnt);
902         if (ret != 0) {
903                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
904                    ebt_cleanup_entry, &i);
905         }
906         vfree(cl_s);
907         return ret;
908 }
909
910 /* called under write_lock */
911 static void get_counters(struct ebt_counter *oldcounters,
912    struct ebt_counter *counters, unsigned int nentries)
913 {
914         int i, cpu;
915         struct ebt_counter *counter_base;
916
917         /* counters of cpu 0 */
918         memcpy(counters, oldcounters,
919                sizeof(struct ebt_counter) * nentries);
920
921         /* add other counters to those of cpu 0 */
922         for_each_possible_cpu(cpu) {
923                 if (cpu == 0)
924                         continue;
925                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
926                 for (i = 0; i < nentries; i++) {
927                         counters[i].pcnt += counter_base[i].pcnt;
928                         counters[i].bcnt += counter_base[i].bcnt;
929                 }
930         }
931 }
932
933 /* replace the table */
934 static int do_replace(void __user *user, unsigned int len)
935 {
936         int ret, i, countersize;
937         struct ebt_table_info *newinfo;
938         struct ebt_replace tmp;
939         struct ebt_table *t;
940         struct ebt_counter *counterstmp = NULL;
941         /* used to be able to unlock earlier */
942         struct ebt_table_info *table;
943
944         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
945                 return -EFAULT;
946
947         if (len != sizeof(tmp) + tmp.entries_size) {
948                 BUGPRINT("Wrong len argument\n");
949                 return -EINVAL;
950         }
951
952         if (tmp.entries_size == 0) {
953                 BUGPRINT("Entries_size never zero\n");
954                 return -EINVAL;
955         }
956         /* overflow check */
957         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
958                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
959                 return -ENOMEM;
960         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
961                 return -ENOMEM;
962
963         countersize = COUNTER_OFFSET(tmp.nentries) * 
964                                         (highest_possible_processor_id()+1);
965         newinfo = vmalloc(sizeof(*newinfo) + countersize);
966         if (!newinfo)
967                 return -ENOMEM;
968
969         if (countersize)
970                 memset(newinfo->counters, 0, countersize);
971
972         newinfo->entries = vmalloc(tmp.entries_size);
973         if (!newinfo->entries) {
974                 ret = -ENOMEM;
975                 goto free_newinfo;
976         }
977         if (copy_from_user(
978            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
979                 BUGPRINT("Couldn't copy entries from userspace\n");
980                 ret = -EFAULT;
981                 goto free_entries;
982         }
983
984         /* the user wants counters back
985            the check on the size is done later, when we have the lock */
986         if (tmp.num_counters) {
987                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
988                 if (!counterstmp) {
989                         ret = -ENOMEM;
990                         goto free_entries;
991                 }
992         }
993         else
994                 counterstmp = NULL;
995
996         /* this can get initialized by translate_table() */
997         newinfo->chainstack = NULL;
998         ret = translate_table(&tmp, newinfo);
999
1000         if (ret != 0)
1001                 goto free_counterstmp;
1002
1003         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1004         if (!t) {
1005                 ret = -ENOENT;
1006                 goto free_iterate;
1007         }
1008
1009         /* the table doesn't like it */
1010         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1011                 goto free_unlock;
1012
1013         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1014                 BUGPRINT("Wrong nr. of counters requested\n");
1015                 ret = -EINVAL;
1016                 goto free_unlock;
1017         }
1018
1019         /* we have the mutex lock, so no danger in reading this pointer */
1020         table = t->private;
1021         /* make sure the table can only be rmmod'ed if it contains no rules */
1022         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1023                 ret = -ENOENT;
1024                 goto free_unlock;
1025         } else if (table->nentries && !newinfo->nentries)
1026                 module_put(t->me);
1027         /* we need an atomic snapshot of the counters */
1028         write_lock_bh(&t->lock);
1029         if (tmp.num_counters)
1030                 get_counters(t->private->counters, counterstmp,
1031                    t->private->nentries);
1032
1033         t->private = newinfo;
1034         write_unlock_bh(&t->lock);
1035         mutex_unlock(&ebt_mutex);
1036         /* so, a user can change the chains while having messed up her counter
1037            allocation. Only reason why this is done is because this way the lock
1038            is held only once, while this doesn't bring the kernel into a
1039            dangerous state. */
1040         if (tmp.num_counters &&
1041            copy_to_user(tmp.counters, counterstmp,
1042            tmp.num_counters * sizeof(struct ebt_counter))) {
1043                 BUGPRINT("Couldn't copy counters to userspace\n");
1044                 ret = -EFAULT;
1045         }
1046         else
1047                 ret = 0;
1048
1049         /* decrease module count and free resources */
1050         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1051            ebt_cleanup_entry, NULL);
1052
1053         vfree(table->entries);
1054         if (table->chainstack) {
1055                 for_each_possible_cpu(i)
1056                         vfree(table->chainstack[i]);
1057                 vfree(table->chainstack);
1058         }
1059         vfree(table);
1060
1061         vfree(counterstmp);
1062         return ret;
1063
1064 free_unlock:
1065         mutex_unlock(&ebt_mutex);
1066 free_iterate:
1067         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1068            ebt_cleanup_entry, NULL);
1069 free_counterstmp:
1070         vfree(counterstmp);
1071         /* can be initialized in translate_table() */
1072         if (newinfo->chainstack) {
1073                 for_each_possible_cpu(i)
1074                         vfree(newinfo->chainstack[i]);
1075                 vfree(newinfo->chainstack);
1076         }
1077 free_entries:
1078         vfree(newinfo->entries);
1079 free_newinfo:
1080         vfree(newinfo);
1081         return ret;
1082 }
1083
1084 int ebt_register_target(struct ebt_target *target)
1085 {
1086         struct ebt_target *t;
1087         int ret;
1088
1089         ret = mutex_lock_interruptible(&ebt_mutex);
1090         if (ret != 0)
1091                 return ret;
1092         list_for_each_entry(t, &ebt_targets, list) {
1093                 if (strcmp(t->name, target->name) == 0) {
1094                         mutex_unlock(&ebt_mutex);
1095                         return -EEXIST;
1096                 }
1097         }
1098         list_add(&target->list, &ebt_targets);
1099         mutex_unlock(&ebt_mutex);
1100
1101         return 0;
1102 }
1103
1104 void ebt_unregister_target(struct ebt_target *target)
1105 {
1106         mutex_lock(&ebt_mutex);
1107         list_del(&target->list);
1108         mutex_unlock(&ebt_mutex);
1109 }
1110
1111 int ebt_register_match(struct ebt_match *match)
1112 {
1113         struct ebt_match *m;
1114         int ret;
1115
1116         ret = mutex_lock_interruptible(&ebt_mutex);
1117         if (ret != 0)
1118                 return ret;
1119         list_for_each_entry(m, &ebt_matches, list) {
1120                 if (strcmp(m->name, match->name) == 0) {
1121                         mutex_unlock(&ebt_mutex);
1122                         return -EEXIST;
1123                 }
1124         }
1125         list_add(&match->list, &ebt_matches);
1126         mutex_unlock(&ebt_mutex);
1127
1128         return 0;
1129 }
1130
1131 void ebt_unregister_match(struct ebt_match *match)
1132 {
1133         mutex_lock(&ebt_mutex);
1134         list_del(&match->list);
1135         mutex_unlock(&ebt_mutex);
1136 }
1137
1138 int ebt_register_watcher(struct ebt_watcher *watcher)
1139 {
1140         struct ebt_watcher *w;
1141         int ret;
1142
1143         ret = mutex_lock_interruptible(&ebt_mutex);
1144         if (ret != 0)
1145                 return ret;
1146         list_for_each_entry(w, &ebt_watchers, list) {
1147                 if (strcmp(w->name, watcher->name) == 0) {
1148                         mutex_unlock(&ebt_mutex);
1149                         return -EEXIST;
1150                 }
1151         }
1152         list_add(&watcher->list, &ebt_watchers);
1153         mutex_unlock(&ebt_mutex);
1154
1155         return 0;
1156 }
1157
1158 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1159 {
1160         mutex_lock(&ebt_mutex);
1161         list_del(&watcher->list);
1162         mutex_unlock(&ebt_mutex);
1163 }
1164
1165 int ebt_register_table(struct ebt_table *table)
1166 {
1167         struct ebt_table_info *newinfo;
1168         struct ebt_table *t;
1169         int ret, i, countersize;
1170
1171         if (!table || !table->table ||!table->table->entries ||
1172             table->table->entries_size == 0 ||
1173             table->table->counters || table->private) {
1174                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1175                 return -EINVAL;
1176         }
1177
1178         countersize = COUNTER_OFFSET(table->table->nentries) *
1179                                         (highest_possible_processor_id()+1);
1180         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1181         ret = -ENOMEM;
1182         if (!newinfo)
1183                 return -ENOMEM;
1184
1185         newinfo->entries = vmalloc(table->table->entries_size);
1186         if (!(newinfo->entries))
1187                 goto free_newinfo;
1188
1189         memcpy(newinfo->entries, table->table->entries,
1190            table->table->entries_size);
1191
1192         if (countersize)
1193                 memset(newinfo->counters, 0, countersize);
1194
1195         /* fill in newinfo and parse the entries */
1196         newinfo->chainstack = NULL;
1197         ret = translate_table(table->table, newinfo);
1198         if (ret != 0) {
1199                 BUGPRINT("Translate_table failed\n");
1200                 goto free_chainstack;
1201         }
1202
1203         if (table->check && table->check(newinfo, table->valid_hooks)) {
1204                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1205                 return -EINVAL;
1206         }
1207
1208         table->private = newinfo;
1209         rwlock_init(&table->lock);
1210         ret = mutex_lock_interruptible(&ebt_mutex);
1211         if (ret != 0)
1212                 goto free_chainstack;
1213
1214         list_for_each_entry(t, &ebt_tables, list) {
1215                 if (strcmp(t->name, table->name) == 0) {
1216                         ret = -EEXIST;
1217                         BUGPRINT("Table name already exists\n");
1218                         goto free_unlock;
1219                 }
1220         }
1221
1222         /* Hold a reference count if the chains aren't empty */
1223         if (newinfo->nentries && !try_module_get(table->me)) {
1224                 ret = -ENOENT;
1225                 goto free_unlock;
1226         }
1227         list_add(&table->list, &ebt_tables);
1228         mutex_unlock(&ebt_mutex);
1229         return 0;
1230 free_unlock:
1231         mutex_unlock(&ebt_mutex);
1232 free_chainstack:
1233         if (newinfo->chainstack) {
1234                 for_each_possible_cpu(i)
1235                         vfree(newinfo->chainstack[i]);
1236                 vfree(newinfo->chainstack);
1237         }
1238         vfree(newinfo->entries);
1239 free_newinfo:
1240         vfree(newinfo);
1241         return ret;
1242 }
1243
1244 void ebt_unregister_table(struct ebt_table *table)
1245 {
1246         int i;
1247
1248         if (!table) {
1249                 BUGPRINT("Request to unregister NULL table!!!\n");
1250                 return;
1251         }
1252         mutex_lock(&ebt_mutex);
1253         list_del(&table->list);
1254         mutex_unlock(&ebt_mutex);
1255         vfree(table->private->entries);
1256         if (table->private->chainstack) {
1257                 for_each_possible_cpu(i)
1258                         vfree(table->private->chainstack[i]);
1259                 vfree(table->private->chainstack);
1260         }
1261         vfree(table->private);
1262 }
1263
1264 /* userspace just supplied us with counters */
1265 static int update_counters(void __user *user, unsigned int len)
1266 {
1267         int i, ret;
1268         struct ebt_counter *tmp;
1269         struct ebt_replace hlp;
1270         struct ebt_table *t;
1271
1272         if (copy_from_user(&hlp, user, sizeof(hlp)))
1273                 return -EFAULT;
1274
1275         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1276                 return -EINVAL;
1277         if (hlp.num_counters == 0)
1278                 return -EINVAL;
1279
1280         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1281                 MEMPRINT("Update_counters && nomemory\n");
1282                 return -ENOMEM;
1283         }
1284
1285         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1286         if (!t)
1287                 goto free_tmp;
1288
1289         if (hlp.num_counters != t->private->nentries) {
1290                 BUGPRINT("Wrong nr of counters\n");
1291                 ret = -EINVAL;
1292                 goto unlock_mutex;
1293         }
1294
1295         if ( copy_from_user(tmp, hlp.counters,
1296            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1297                 BUGPRINT("Updata_counters && !cfu\n");
1298                 ret = -EFAULT;
1299                 goto unlock_mutex;
1300         }
1301
1302         /* we want an atomic add of the counters */
1303         write_lock_bh(&t->lock);
1304
1305         /* we add to the counters of the first cpu */
1306         for (i = 0; i < hlp.num_counters; i++) {
1307                 t->private->counters[i].pcnt += tmp[i].pcnt;
1308                 t->private->counters[i].bcnt += tmp[i].bcnt;
1309         }
1310
1311         write_unlock_bh(&t->lock);
1312         ret = 0;
1313 unlock_mutex:
1314         mutex_unlock(&ebt_mutex);
1315 free_tmp:
1316         vfree(tmp);
1317         return ret;
1318 }
1319
1320 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1321    char *base, char *ubase)
1322 {
1323         char *hlp = ubase - base + (char *)m;
1324         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1325                 return -EFAULT;
1326         return 0;
1327 }
1328
1329 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1330    char *base, char *ubase)
1331 {
1332         char *hlp = ubase - base + (char *)w;
1333         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1334                 return -EFAULT;
1335         return 0;
1336 }
1337
1338 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1339 {
1340         int ret;
1341         char *hlp;
1342         struct ebt_entry_target *t;
1343
1344         if (e->bitmask == 0)
1345                 return 0;
1346
1347         hlp = ubase - base + (char *)e + e->target_offset;
1348         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1349         
1350         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1351         if (ret != 0)
1352                 return ret;
1353         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1354         if (ret != 0)
1355                 return ret;
1356         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1357                 return -EFAULT;
1358         return 0;
1359 }
1360
1361 /* called with ebt_mutex locked */
1362 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1363    int *len, int cmd)
1364 {
1365         struct ebt_replace tmp;
1366         struct ebt_counter *counterstmp, *oldcounters;
1367         unsigned int entries_size, nentries;
1368         char *entries;
1369
1370         if (cmd == EBT_SO_GET_ENTRIES) {
1371                 entries_size = t->private->entries_size;
1372                 nentries = t->private->nentries;
1373                 entries = t->private->entries;
1374                 oldcounters = t->private->counters;
1375         } else {
1376                 entries_size = t->table->entries_size;
1377                 nentries = t->table->nentries;
1378                 entries = t->table->entries;
1379                 oldcounters = t->table->counters;
1380         }
1381
1382         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1383                 BUGPRINT("Cfu didn't work\n");
1384                 return -EFAULT;
1385         }
1386
1387         if (*len != sizeof(struct ebt_replace) + entries_size +
1388            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1389                 BUGPRINT("Wrong size\n");
1390                 return -EINVAL;
1391         }
1392
1393         if (tmp.nentries != nentries) {
1394                 BUGPRINT("Nentries wrong\n");
1395                 return -EINVAL;
1396         }
1397
1398         if (tmp.entries_size != entries_size) {
1399                 BUGPRINT("Wrong size\n");
1400                 return -EINVAL;
1401         }
1402
1403         /* userspace might not need the counters */
1404         if (tmp.num_counters) {
1405                 if (tmp.num_counters != nentries) {
1406                         BUGPRINT("Num_counters wrong\n");
1407                         return -EINVAL;
1408                 }
1409                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1410                 if (!counterstmp) {
1411                         MEMPRINT("Couldn't copy counters, out of memory\n");
1412                         return -ENOMEM;
1413                 }
1414                 write_lock_bh(&t->lock);
1415                 get_counters(oldcounters, counterstmp, nentries);
1416                 write_unlock_bh(&t->lock);
1417
1418                 if (copy_to_user(tmp.counters, counterstmp,
1419                    nentries * sizeof(struct ebt_counter))) {
1420                         BUGPRINT("Couldn't copy counters to userspace\n");
1421                         vfree(counterstmp);
1422                         return -EFAULT;
1423                 }
1424                 vfree(counterstmp);
1425         }
1426
1427         if (copy_to_user(tmp.entries, entries, entries_size)) {
1428                 BUGPRINT("Couldn't copy entries to userspace\n");
1429                 return -EFAULT;
1430         }
1431         /* set the match/watcher/target names right */
1432         return EBT_ENTRY_ITERATE(entries, entries_size,
1433            ebt_make_names, entries, tmp.entries);
1434 }
1435
1436 static int do_ebt_set_ctl(struct sock *sk,
1437         int cmd, void __user *user, unsigned int len)
1438 {
1439         int ret;
1440
1441         switch(cmd) {
1442         case EBT_SO_SET_ENTRIES:
1443                 ret = do_replace(user, len);
1444                 break;
1445         case EBT_SO_SET_COUNTERS:
1446                 ret = update_counters(user, len);
1447                 break;
1448         default:
1449                 ret = -EINVAL;
1450   }
1451         return ret;
1452 }
1453
1454 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1455 {
1456         int ret;
1457         struct ebt_replace tmp;
1458         struct ebt_table *t;
1459
1460         if (copy_from_user(&tmp, user, sizeof(tmp)))
1461                 return -EFAULT;
1462
1463         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1464         if (!t)
1465                 return ret;
1466
1467         switch(cmd) {
1468         case EBT_SO_GET_INFO:
1469         case EBT_SO_GET_INIT_INFO:
1470                 if (*len != sizeof(struct ebt_replace)){
1471                         ret = -EINVAL;
1472                         mutex_unlock(&ebt_mutex);
1473                         break;
1474                 }
1475                 if (cmd == EBT_SO_GET_INFO) {
1476                         tmp.nentries = t->private->nentries;
1477                         tmp.entries_size = t->private->entries_size;
1478                         tmp.valid_hooks = t->valid_hooks;
1479                 } else {
1480                         tmp.nentries = t->table->nentries;
1481                         tmp.entries_size = t->table->entries_size;
1482                         tmp.valid_hooks = t->table->valid_hooks;
1483                 }
1484                 mutex_unlock(&ebt_mutex);
1485                 if (copy_to_user(user, &tmp, *len) != 0){
1486                         BUGPRINT("c2u Didn't work\n");
1487                         ret = -EFAULT;
1488                         break;
1489                 }
1490                 ret = 0;
1491                 break;
1492
1493         case EBT_SO_GET_ENTRIES:
1494         case EBT_SO_GET_INIT_ENTRIES:
1495                 ret = copy_everything_to_user(t, user, len, cmd);
1496                 mutex_unlock(&ebt_mutex);
1497                 break;
1498
1499         default:
1500                 mutex_unlock(&ebt_mutex);
1501                 ret = -EINVAL;
1502         }
1503
1504         return ret;
1505 }
1506
1507 static struct nf_sockopt_ops ebt_sockopts =
1508 {
1509         .pf             = PF_INET,
1510         .set_optmin     = EBT_BASE_CTL,
1511         .set_optmax     = EBT_SO_SET_MAX + 1,
1512         .set            = do_ebt_set_ctl,
1513         .get_optmin     = EBT_BASE_CTL,
1514         .get_optmax     = EBT_SO_GET_MAX + 1,
1515         .get            = do_ebt_get_ctl,
1516 };
1517
1518 static int __init ebtables_init(void)
1519 {
1520         int ret;
1521
1522         mutex_lock(&ebt_mutex);
1523         list_add(&ebt_standard_target.list, &ebt_targets);
1524         mutex_unlock(&ebt_mutex);
1525         if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1526                 return ret;
1527
1528         printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1529         return 0;
1530 }
1531
1532 static void __exit ebtables_fini(void)
1533 {
1534         nf_unregister_sockopt(&ebt_sockopts);
1535         printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1536 }
1537
1538 EXPORT_SYMBOL(ebt_register_table);
1539 EXPORT_SYMBOL(ebt_unregister_table);
1540 EXPORT_SYMBOL(ebt_register_match);
1541 EXPORT_SYMBOL(ebt_unregister_match);
1542 EXPORT_SYMBOL(ebt_register_watcher);
1543 EXPORT_SYMBOL(ebt_unregister_watcher);
1544 EXPORT_SYMBOL(ebt_register_target);
1545 EXPORT_SYMBOL(ebt_unregister_target);
1546 EXPORT_SYMBOL(ebt_do_table);
1547 module_init(ebtables_init);
1548 module_exit(ebtables_fini);
1549 MODULE_LICENSE("GPL");