netfilter: xtables: move extension arguments into compound structure (3/6)
[linux-2.6.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34                                          "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37                                          ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43  * Each cpu has its own set of counters, so there is no need for write_lock in
44  * the softirq
45  * For reading or updating the counters, the user context needs to
46  * get a write_lock
47  */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53    COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58 static LIST_HEAD(ebt_tables);
59
60 static struct xt_target ebt_standard_target = {
61         .name       = "standard",
62         .revision   = 0,
63         .family     = NFPROTO_BRIDGE,
64         .targetsize = sizeof(int),
65 };
66
67 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
68    struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
69    const struct net_device *out)
70 {
71         w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data);
72         /* watchers don't give a verdict */
73         return 0;
74 }
75
76 static inline int ebt_do_match (struct ebt_entry_match *m,
77    const struct sk_buff *skb, struct xt_match_param *par)
78 {
79         par->match     = m->u.match;
80         par->matchinfo = m->data;
81         return m->u.match->match(skb, par);
82 }
83
84 static inline int ebt_dev_check(char *entry, const struct net_device *device)
85 {
86         int i = 0;
87         const char *devname = device->name;
88
89         if (*entry == '\0')
90                 return 0;
91         if (!device)
92                 return 1;
93         /* 1 is the wildcard token */
94         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
95                 i++;
96         return (devname[i] != entry[i] && entry[i] != 1);
97 }
98
99 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
100 /* process standard matches */
101 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
102    const struct net_device *in, const struct net_device *out)
103 {
104         int verdict, i;
105
106         if (e->bitmask & EBT_802_3) {
107                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
108                         return 1;
109         } else if (!(e->bitmask & EBT_NOPROTO) &&
110            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
111                 return 1;
112
113         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
114                 return 1;
115         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
116                 return 1;
117         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
118            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
119                 return 1;
120         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
121            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
122                 return 1;
123
124         if (e->bitmask & EBT_SOURCEMAC) {
125                 verdict = 0;
126                 for (i = 0; i < 6; i++)
127                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
128                            e->sourcemsk[i];
129                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
130                         return 1;
131         }
132         if (e->bitmask & EBT_DESTMAC) {
133                 verdict = 0;
134                 for (i = 0; i < 6; i++)
135                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
136                            e->destmsk[i];
137                 if (FWINV2(verdict != 0, EBT_IDEST) )
138                         return 1;
139         }
140         return 0;
141 }
142
143 /* Do some firewalling */
144 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
145    const struct net_device *in, const struct net_device *out,
146    struct ebt_table *table)
147 {
148         int i, nentries;
149         struct ebt_entry *point;
150         struct ebt_counter *counter_base, *cb_base;
151         struct ebt_entry_target *t;
152         int verdict, sp = 0;
153         struct ebt_chainstack *cs;
154         struct ebt_entries *chaininfo;
155         char *base;
156         struct ebt_table_info *private;
157         bool hotdrop = false;
158         struct xt_match_param mtpar;
159
160         mtpar.in      = in;
161         mtpar.out     = out;
162         mtpar.hotdrop = &hotdrop;
163
164         read_lock_bh(&table->lock);
165         private = table->private;
166         cb_base = COUNTER_BASE(private->counters, private->nentries,
167            smp_processor_id());
168         if (private->chainstack)
169                 cs = private->chainstack[smp_processor_id()];
170         else
171                 cs = NULL;
172         chaininfo = private->hook_entry[hook];
173         nentries = private->hook_entry[hook]->nentries;
174         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
175         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
176         /* base for chain jumps */
177         base = private->entries;
178         i = 0;
179         while (i < nentries) {
180                 if (ebt_basic_match(point, eth_hdr(skb), in, out))
181                         goto letscontinue;
182
183                 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
184                         goto letscontinue;
185                 if (hotdrop) {
186                         read_unlock_bh(&table->lock);
187                         return NF_DROP;
188                 }
189
190                 /* increase counter */
191                 (*(counter_base + i)).pcnt++;
192                 (*(counter_base + i)).bcnt += skb->len;
193
194                 /* these should only watch: not modify, nor tell us
195                    what to do with the packet */
196                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in,
197                    out);
198
199                 t = (struct ebt_entry_target *)
200                    (((char *)point) + point->target_offset);
201                 /* standard target */
202                 if (!t->u.target->target)
203                         verdict = ((struct ebt_standard_target *)t)->verdict;
204                 else
205                         verdict = t->u.target->target(skb, in, out, hook,
206                                   t->u.target, t->data);
207                 if (verdict == EBT_ACCEPT) {
208                         read_unlock_bh(&table->lock);
209                         return NF_ACCEPT;
210                 }
211                 if (verdict == EBT_DROP) {
212                         read_unlock_bh(&table->lock);
213                         return NF_DROP;
214                 }
215                 if (verdict == EBT_RETURN) {
216 letsreturn:
217 #ifdef CONFIG_NETFILTER_DEBUG
218                         if (sp == 0) {
219                                 BUGPRINT("RETURN on base chain");
220                                 /* act like this is EBT_CONTINUE */
221                                 goto letscontinue;
222                         }
223 #endif
224                         sp--;
225                         /* put all the local variables right */
226                         i = cs[sp].n;
227                         chaininfo = cs[sp].chaininfo;
228                         nentries = chaininfo->nentries;
229                         point = cs[sp].e;
230                         counter_base = cb_base +
231                            chaininfo->counter_offset;
232                         continue;
233                 }
234                 if (verdict == EBT_CONTINUE)
235                         goto letscontinue;
236 #ifdef CONFIG_NETFILTER_DEBUG
237                 if (verdict < 0) {
238                         BUGPRINT("bogus standard verdict\n");
239                         read_unlock_bh(&table->lock);
240                         return NF_DROP;
241                 }
242 #endif
243                 /* jump to a udc */
244                 cs[sp].n = i + 1;
245                 cs[sp].chaininfo = chaininfo;
246                 cs[sp].e = (struct ebt_entry *)
247                    (((char *)point) + point->next_offset);
248                 i = 0;
249                 chaininfo = (struct ebt_entries *) (base + verdict);
250 #ifdef CONFIG_NETFILTER_DEBUG
251                 if (chaininfo->distinguisher) {
252                         BUGPRINT("jump to non-chain\n");
253                         read_unlock_bh(&table->lock);
254                         return NF_DROP;
255                 }
256 #endif
257                 nentries = chaininfo->nentries;
258                 point = (struct ebt_entry *)chaininfo->data;
259                 counter_base = cb_base + chaininfo->counter_offset;
260                 sp++;
261                 continue;
262 letscontinue:
263                 point = (struct ebt_entry *)
264                    (((char *)point) + point->next_offset);
265                 i++;
266         }
267
268         /* I actually like this :) */
269         if (chaininfo->policy == EBT_RETURN)
270                 goto letsreturn;
271         if (chaininfo->policy == EBT_ACCEPT) {
272                 read_unlock_bh(&table->lock);
273                 return NF_ACCEPT;
274         }
275         read_unlock_bh(&table->lock);
276         return NF_DROP;
277 }
278
279 /* If it succeeds, returns element and locks mutex */
280 static inline void *
281 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
282    struct mutex *mutex)
283 {
284         struct {
285                 struct list_head list;
286                 char name[EBT_FUNCTION_MAXNAMELEN];
287         } *e;
288
289         *error = mutex_lock_interruptible(mutex);
290         if (*error != 0)
291                 return NULL;
292
293         list_for_each_entry(e, head, list) {
294                 if (strcmp(e->name, name) == 0)
295                         return e;
296         }
297         *error = -ENOENT;
298         mutex_unlock(mutex);
299         return NULL;
300 }
301
302 #ifndef CONFIG_KMOD
303 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
304 #else
305 static void *
306 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
307    int *error, struct mutex *mutex)
308 {
309         void *ret;
310
311         ret = find_inlist_lock_noload(head, name, error, mutex);
312         if (!ret) {
313                 request_module("%s%s", prefix, name);
314                 ret = find_inlist_lock_noload(head, name, error, mutex);
315         }
316         return ret;
317 }
318 #endif
319
320 static inline struct ebt_table *
321 find_table_lock(const char *name, int *error, struct mutex *mutex)
322 {
323         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
324 }
325
326 static inline int
327 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
328                 unsigned int *cnt)
329 {
330         const struct ebt_entry *e = par->entryinfo;
331         struct xt_match *match;
332         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
333         int ret;
334
335         if (left < sizeof(struct ebt_entry_match) ||
336             left - sizeof(struct ebt_entry_match) < m->match_size)
337                 return -EINVAL;
338
339         match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
340                 m->u.name, 0), "ebt_%s", m->u.name);
341         if (IS_ERR(match))
342                 return PTR_ERR(match);
343         if (match == NULL)
344                 return -ENOENT;
345         m->u.match = match;
346
347         par->match     = match;
348         par->matchinfo = m->data;
349         ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size,
350               e->ethproto, e->invflags & EBT_IPROTO);
351         if (ret < 0) {
352                 module_put(match->me);
353                 return ret;
354         }
355
356         (*cnt)++;
357         return 0;
358 }
359
360 static inline int
361 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
362    const char *name, unsigned int hookmask, unsigned int *cnt)
363 {
364         struct xt_target *watcher;
365         size_t left = ((char *)e + e->target_offset) - (char *)w;
366         int ret;
367
368         if (left < sizeof(struct ebt_entry_watcher) ||
369            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
370                 return -EINVAL;
371
372         watcher = try_then_request_module(
373                   xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
374                   "ebt_%s", w->u.name);
375         if (IS_ERR(watcher))
376                 return PTR_ERR(watcher);
377         if (watcher == NULL)
378                 return -ENOENT;
379         w->u.watcher = watcher;
380
381         ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
382               name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
383               e, w->data);
384         if (ret < 0) {
385                 module_put(watcher->me);
386                 return ret;
387         }
388
389         (*cnt)++;
390         return 0;
391 }
392
393 static int ebt_verify_pointers(struct ebt_replace *repl,
394                                struct ebt_table_info *newinfo)
395 {
396         unsigned int limit = repl->entries_size;
397         unsigned int valid_hooks = repl->valid_hooks;
398         unsigned int offset = 0;
399         int i;
400
401         for (i = 0; i < NF_BR_NUMHOOKS; i++)
402                 newinfo->hook_entry[i] = NULL;
403
404         newinfo->entries_size = repl->entries_size;
405         newinfo->nentries = repl->nentries;
406
407         while (offset < limit) {
408                 size_t left = limit - offset;
409                 struct ebt_entry *e = (void *)newinfo->entries + offset;
410
411                 if (left < sizeof(unsigned int))
412                         break;
413
414                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
415                         if ((valid_hooks & (1 << i)) == 0)
416                                 continue;
417                         if ((char __user *)repl->hook_entry[i] ==
418                              repl->entries + offset)
419                                 break;
420                 }
421
422                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
423                         if (e->bitmask != 0) {
424                                 /* we make userspace set this right,
425                                    so there is no misunderstanding */
426                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
427                                          "in distinguisher\n");
428                                 return -EINVAL;
429                         }
430                         if (i != NF_BR_NUMHOOKS)
431                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
432                         if (left < sizeof(struct ebt_entries))
433                                 break;
434                         offset += sizeof(struct ebt_entries);
435                 } else {
436                         if (left < sizeof(struct ebt_entry))
437                                 break;
438                         if (left < e->next_offset)
439                                 break;
440                         offset += e->next_offset;
441                 }
442         }
443         if (offset != limit) {
444                 BUGPRINT("entries_size too small\n");
445                 return -EINVAL;
446         }
447
448         /* check if all valid hooks have a chain */
449         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
450                 if (!newinfo->hook_entry[i] &&
451                    (valid_hooks & (1 << i))) {
452                         BUGPRINT("Valid hook without chain\n");
453                         return -EINVAL;
454                 }
455         }
456         return 0;
457 }
458
459 /*
460  * this one is very careful, as it is the first function
461  * to parse the userspace data
462  */
463 static inline int
464 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
465    struct ebt_table_info *newinfo,
466    unsigned int *n, unsigned int *cnt,
467    unsigned int *totalcnt, unsigned int *udc_cnt)
468 {
469         int i;
470
471         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
472                 if ((void *)e == (void *)newinfo->hook_entry[i])
473                         break;
474         }
475         /* beginning of a new chain
476            if i == NF_BR_NUMHOOKS it must be a user defined chain */
477         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
478                 /* this checks if the previous chain has as many entries
479                    as it said it has */
480                 if (*n != *cnt) {
481                         BUGPRINT("nentries does not equal the nr of entries "
482                                  "in the chain\n");
483                         return -EINVAL;
484                 }
485                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
486                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
487                         /* only RETURN from udc */
488                         if (i != NF_BR_NUMHOOKS ||
489                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
490                                 BUGPRINT("bad policy\n");
491                                 return -EINVAL;
492                         }
493                 }
494                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
495                         (*udc_cnt)++;
496                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
497                         BUGPRINT("counter_offset != totalcnt");
498                         return -EINVAL;
499                 }
500                 *n = ((struct ebt_entries *)e)->nentries;
501                 *cnt = 0;
502                 return 0;
503         }
504         /* a plain old entry, heh */
505         if (sizeof(struct ebt_entry) > e->watchers_offset ||
506            e->watchers_offset > e->target_offset ||
507            e->target_offset >= e->next_offset) {
508                 BUGPRINT("entry offsets not in right order\n");
509                 return -EINVAL;
510         }
511         /* this is not checked anywhere else */
512         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
513                 BUGPRINT("target size too small\n");
514                 return -EINVAL;
515         }
516         (*cnt)++;
517         (*totalcnt)++;
518         return 0;
519 }
520
521 struct ebt_cl_stack
522 {
523         struct ebt_chainstack cs;
524         int from;
525         unsigned int hookmask;
526 };
527
528 /*
529  * we need these positions to check that the jumps to a different part of the
530  * entries is a jump to the beginning of a new chain.
531  */
532 static inline int
533 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
534    unsigned int *n, struct ebt_cl_stack *udc)
535 {
536         int i;
537
538         /* we're only interested in chain starts */
539         if (e->bitmask)
540                 return 0;
541         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
542                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
543                         break;
544         }
545         /* only care about udc */
546         if (i != NF_BR_NUMHOOKS)
547                 return 0;
548
549         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
550         /* these initialisations are depended on later in check_chainloops() */
551         udc[*n].cs.n = 0;
552         udc[*n].hookmask = 0;
553
554         (*n)++;
555         return 0;
556 }
557
558 static inline int
559 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
560 {
561         struct xt_mtdtor_param par;
562
563         if (i && (*i)-- == 0)
564                 return 1;
565
566         par.match     = m->u.match;
567         par.matchinfo = m->data;
568         if (par.match->destroy != NULL)
569                 par.match->destroy(&par);
570         module_put(par.match->me);
571         return 0;
572 }
573
574 static inline int
575 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
576 {
577         if (i && (*i)-- == 0)
578                 return 1;
579         if (w->u.watcher->destroy)
580                 w->u.watcher->destroy(w->u.watcher, w->data);
581         module_put(w->u.watcher->me);
582
583         return 0;
584 }
585
586 static inline int
587 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
588 {
589         struct ebt_entry_target *t;
590
591         if (e->bitmask == 0)
592                 return 0;
593         /* we're done */
594         if (cnt && (*cnt)-- == 0)
595                 return 1;
596         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
597         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
598         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
599         if (t->u.target->destroy)
600                 t->u.target->destroy(t->u.target, t->data);
601         module_put(t->u.target->me);
602
603         return 0;
604 }
605
606 static inline int
607 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
608    const char *name, unsigned int *cnt,
609    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
610 {
611         struct ebt_entry_target *t;
612         struct xt_target *target;
613         unsigned int i, j, hook = 0, hookmask = 0;
614         size_t gap;
615         int ret;
616         struct xt_mtchk_param mtpar;
617
618         /* don't mess with the struct ebt_entries */
619         if (e->bitmask == 0)
620                 return 0;
621
622         if (e->bitmask & ~EBT_F_MASK) {
623                 BUGPRINT("Unknown flag for bitmask\n");
624                 return -EINVAL;
625         }
626         if (e->invflags & ~EBT_INV_MASK) {
627                 BUGPRINT("Unknown flag for inv bitmask\n");
628                 return -EINVAL;
629         }
630         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
631                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
632                 return -EINVAL;
633         }
634         /* what hook do we belong to? */
635         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
636                 if (!newinfo->hook_entry[i])
637                         continue;
638                 if ((char *)newinfo->hook_entry[i] < (char *)e)
639                         hook = i;
640                 else
641                         break;
642         }
643         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
644            a base chain */
645         if (i < NF_BR_NUMHOOKS)
646                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
647         else {
648                 for (i = 0; i < udc_cnt; i++)
649                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
650                                 break;
651                 if (i == 0)
652                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
653                 else
654                         hookmask = cl_s[i - 1].hookmask;
655         }
656         i = 0;
657
658         mtpar.table     = name;
659         mtpar.entryinfo = e;
660         mtpar.hook_mask = hookmask;
661         ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
662         if (ret != 0)
663                 goto cleanup_matches;
664         j = 0;
665         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
666         if (ret != 0)
667                 goto cleanup_watchers;
668         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
669         gap = e->next_offset - e->target_offset;
670
671         target = try_then_request_module(
672                  xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
673                  "ebt_%s", t->u.name);
674         if (IS_ERR(target)) {
675                 ret = PTR_ERR(target);
676                 goto cleanup_watchers;
677         } else if (target == NULL) {
678                 ret = -ENOENT;
679                 goto cleanup_watchers;
680         }
681
682         t->u.target = target;
683         if (t->u.target == &ebt_standard_target) {
684                 if (gap < sizeof(struct ebt_standard_target)) {
685                         BUGPRINT("Standard target size too big\n");
686                         ret = -EFAULT;
687                         goto cleanup_watchers;
688                 }
689                 if (((struct ebt_standard_target *)t)->verdict <
690                    -NUM_STANDARD_TARGETS) {
691                         BUGPRINT("Invalid standard target\n");
692                         ret = -EFAULT;
693                         goto cleanup_watchers;
694                 }
695         } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
696                 module_put(t->u.target->me);
697                 ret = -EFAULT;
698                 goto cleanup_watchers;
699         }
700
701         ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
702               name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
703               e, t->data);
704         if (ret < 0) {
705                 module_put(target->me);
706                 goto cleanup_watchers;
707         }
708         (*cnt)++;
709         return 0;
710 cleanup_watchers:
711         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
712 cleanup_matches:
713         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
714         return ret;
715 }
716
717 /*
718  * checks for loops and sets the hook mask for udc
719  * the hook mask for udc tells us from which base chains the udc can be
720  * accessed. This mask is a parameter to the check() functions of the extensions
721  */
722 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
723    unsigned int udc_cnt, unsigned int hooknr, char *base)
724 {
725         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
726         struct ebt_entry *e = (struct ebt_entry *)chain->data;
727         struct ebt_entry_target *t;
728
729         while (pos < nentries || chain_nr != -1) {
730                 /* end of udc, go back one 'recursion' step */
731                 if (pos == nentries) {
732                         /* put back values of the time when this chain was called */
733                         e = cl_s[chain_nr].cs.e;
734                         if (cl_s[chain_nr].from != -1)
735                                 nentries =
736                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
737                         else
738                                 nentries = chain->nentries;
739                         pos = cl_s[chain_nr].cs.n;
740                         /* make sure we won't see a loop that isn't one */
741                         cl_s[chain_nr].cs.n = 0;
742                         chain_nr = cl_s[chain_nr].from;
743                         if (pos == nentries)
744                                 continue;
745                 }
746                 t = (struct ebt_entry_target *)
747                    (((char *)e) + e->target_offset);
748                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
749                         goto letscontinue;
750                 if (e->target_offset + sizeof(struct ebt_standard_target) >
751                    e->next_offset) {
752                         BUGPRINT("Standard target size too big\n");
753                         return -1;
754                 }
755                 verdict = ((struct ebt_standard_target *)t)->verdict;
756                 if (verdict >= 0) { /* jump to another chain */
757                         struct ebt_entries *hlp2 =
758                            (struct ebt_entries *)(base + verdict);
759                         for (i = 0; i < udc_cnt; i++)
760                                 if (hlp2 == cl_s[i].cs.chaininfo)
761                                         break;
762                         /* bad destination or loop */
763                         if (i == udc_cnt) {
764                                 BUGPRINT("bad destination\n");
765                                 return -1;
766                         }
767                         if (cl_s[i].cs.n) {
768                                 BUGPRINT("loop\n");
769                                 return -1;
770                         }
771                         if (cl_s[i].hookmask & (1 << hooknr))
772                                 goto letscontinue;
773                         /* this can't be 0, so the loop test is correct */
774                         cl_s[i].cs.n = pos + 1;
775                         pos = 0;
776                         cl_s[i].cs.e = ((void *)e + e->next_offset);
777                         e = (struct ebt_entry *)(hlp2->data);
778                         nentries = hlp2->nentries;
779                         cl_s[i].from = chain_nr;
780                         chain_nr = i;
781                         /* this udc is accessible from the base chain for hooknr */
782                         cl_s[i].hookmask |= (1 << hooknr);
783                         continue;
784                 }
785 letscontinue:
786                 e = (void *)e + e->next_offset;
787                 pos++;
788         }
789         return 0;
790 }
791
792 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
793 static int translate_table(char *name, struct ebt_table_info *newinfo)
794 {
795         unsigned int i, j, k, udc_cnt;
796         int ret;
797         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
798
799         i = 0;
800         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
801                 i++;
802         if (i == NF_BR_NUMHOOKS) {
803                 BUGPRINT("No valid hooks specified\n");
804                 return -EINVAL;
805         }
806         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
807                 BUGPRINT("Chains don't start at beginning\n");
808                 return -EINVAL;
809         }
810         /* make sure chains are ordered after each other in same order
811            as their corresponding hooks */
812         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
813                 if (!newinfo->hook_entry[j])
814                         continue;
815                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
816                         BUGPRINT("Hook order must be followed\n");
817                         return -EINVAL;
818                 }
819                 i = j;
820         }
821
822         /* do some early checkings and initialize some things */
823         i = 0; /* holds the expected nr. of entries for the chain */
824         j = 0; /* holds the up to now counted entries for the chain */
825         k = 0; /* holds the total nr. of entries, should equal
826                   newinfo->nentries afterwards */
827         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
828         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
829            ebt_check_entry_size_and_hooks, newinfo,
830            &i, &j, &k, &udc_cnt);
831
832         if (ret != 0)
833                 return ret;
834
835         if (i != j) {
836                 BUGPRINT("nentries does not equal the nr of entries in the "
837                          "(last) chain\n");
838                 return -EINVAL;
839         }
840         if (k != newinfo->nentries) {
841                 BUGPRINT("Total nentries is wrong\n");
842                 return -EINVAL;
843         }
844
845         /* get the location of the udc, put them in an array
846            while we're at it, allocate the chainstack */
847         if (udc_cnt) {
848                 /* this will get free'd in do_replace()/ebt_register_table()
849                    if an error occurs */
850                 newinfo->chainstack =
851                         vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
852                 if (!newinfo->chainstack)
853                         return -ENOMEM;
854                 for_each_possible_cpu(i) {
855                         newinfo->chainstack[i] =
856                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
857                         if (!newinfo->chainstack[i]) {
858                                 while (i)
859                                         vfree(newinfo->chainstack[--i]);
860                                 vfree(newinfo->chainstack);
861                                 newinfo->chainstack = NULL;
862                                 return -ENOMEM;
863                         }
864                 }
865
866                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
867                 if (!cl_s)
868                         return -ENOMEM;
869                 i = 0; /* the i'th udc */
870                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
871                    ebt_get_udc_positions, newinfo, &i, cl_s);
872                 /* sanity check */
873                 if (i != udc_cnt) {
874                         BUGPRINT("i != udc_cnt\n");
875                         vfree(cl_s);
876                         return -EFAULT;
877                 }
878         }
879
880         /* Check for loops */
881         for (i = 0; i < NF_BR_NUMHOOKS; i++)
882                 if (newinfo->hook_entry[i])
883                         if (check_chainloops(newinfo->hook_entry[i],
884                            cl_s, udc_cnt, i, newinfo->entries)) {
885                                 vfree(cl_s);
886                                 return -EINVAL;
887                         }
888
889         /* we now know the following (along with E=mc²):
890            - the nr of entries in each chain is right
891            - the size of the allocated space is right
892            - all valid hooks have a corresponding chain
893            - there are no loops
894            - wrong data can still be on the level of a single entry
895            - could be there are jumps to places that are not the
896              beginning of a chain. This can only occur in chains that
897              are not accessible from any base chains, so we don't care. */
898
899         /* used to know what we need to clean up if something goes wrong */
900         i = 0;
901         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
902            ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
903         if (ret != 0) {
904                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
905                    ebt_cleanup_entry, &i);
906         }
907         vfree(cl_s);
908         return ret;
909 }
910
911 /* called under write_lock */
912 static void get_counters(struct ebt_counter *oldcounters,
913    struct ebt_counter *counters, unsigned int nentries)
914 {
915         int i, cpu;
916         struct ebt_counter *counter_base;
917
918         /* counters of cpu 0 */
919         memcpy(counters, oldcounters,
920                sizeof(struct ebt_counter) * nentries);
921
922         /* add other counters to those of cpu 0 */
923         for_each_possible_cpu(cpu) {
924                 if (cpu == 0)
925                         continue;
926                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
927                 for (i = 0; i < nentries; i++) {
928                         counters[i].pcnt += counter_base[i].pcnt;
929                         counters[i].bcnt += counter_base[i].bcnt;
930                 }
931         }
932 }
933
934 /* replace the table */
935 static int do_replace(void __user *user, unsigned int len)
936 {
937         int ret, i, countersize;
938         struct ebt_table_info *newinfo;
939         struct ebt_replace tmp;
940         struct ebt_table *t;
941         struct ebt_counter *counterstmp = NULL;
942         /* used to be able to unlock earlier */
943         struct ebt_table_info *table;
944
945         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
946                 return -EFAULT;
947
948         if (len != sizeof(tmp) + tmp.entries_size) {
949                 BUGPRINT("Wrong len argument\n");
950                 return -EINVAL;
951         }
952
953         if (tmp.entries_size == 0) {
954                 BUGPRINT("Entries_size never zero\n");
955                 return -EINVAL;
956         }
957         /* overflow check */
958         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
959                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
960                 return -ENOMEM;
961         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
962                 return -ENOMEM;
963
964         countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
965         newinfo = vmalloc(sizeof(*newinfo) + countersize);
966         if (!newinfo)
967                 return -ENOMEM;
968
969         if (countersize)
970                 memset(newinfo->counters, 0, countersize);
971
972         newinfo->entries = vmalloc(tmp.entries_size);
973         if (!newinfo->entries) {
974                 ret = -ENOMEM;
975                 goto free_newinfo;
976         }
977         if (copy_from_user(
978            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
979                 BUGPRINT("Couldn't copy entries from userspace\n");
980                 ret = -EFAULT;
981                 goto free_entries;
982         }
983
984         /* the user wants counters back
985            the check on the size is done later, when we have the lock */
986         if (tmp.num_counters) {
987                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
988                 if (!counterstmp) {
989                         ret = -ENOMEM;
990                         goto free_entries;
991                 }
992         }
993         else
994                 counterstmp = NULL;
995
996         /* this can get initialized by translate_table() */
997         newinfo->chainstack = NULL;
998         ret = ebt_verify_pointers(&tmp, newinfo);
999         if (ret != 0)
1000                 goto free_counterstmp;
1001
1002         ret = translate_table(tmp.name, newinfo);
1003
1004         if (ret != 0)
1005                 goto free_counterstmp;
1006
1007         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1008         if (!t) {
1009                 ret = -ENOENT;
1010                 goto free_iterate;
1011         }
1012
1013         /* the table doesn't like it */
1014         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1015                 goto free_unlock;
1016
1017         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1018                 BUGPRINT("Wrong nr. of counters requested\n");
1019                 ret = -EINVAL;
1020                 goto free_unlock;
1021         }
1022
1023         /* we have the mutex lock, so no danger in reading this pointer */
1024         table = t->private;
1025         /* make sure the table can only be rmmod'ed if it contains no rules */
1026         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1027                 ret = -ENOENT;
1028                 goto free_unlock;
1029         } else if (table->nentries && !newinfo->nentries)
1030                 module_put(t->me);
1031         /* we need an atomic snapshot of the counters */
1032         write_lock_bh(&t->lock);
1033         if (tmp.num_counters)
1034                 get_counters(t->private->counters, counterstmp,
1035                    t->private->nentries);
1036
1037         t->private = newinfo;
1038         write_unlock_bh(&t->lock);
1039         mutex_unlock(&ebt_mutex);
1040         /* so, a user can change the chains while having messed up her counter
1041            allocation. Only reason why this is done is because this way the lock
1042            is held only once, while this doesn't bring the kernel into a
1043            dangerous state. */
1044         if (tmp.num_counters &&
1045            copy_to_user(tmp.counters, counterstmp,
1046            tmp.num_counters * sizeof(struct ebt_counter))) {
1047                 BUGPRINT("Couldn't copy counters to userspace\n");
1048                 ret = -EFAULT;
1049         }
1050         else
1051                 ret = 0;
1052
1053         /* decrease module count and free resources */
1054         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1055            ebt_cleanup_entry, NULL);
1056
1057         vfree(table->entries);
1058         if (table->chainstack) {
1059                 for_each_possible_cpu(i)
1060                         vfree(table->chainstack[i]);
1061                 vfree(table->chainstack);
1062         }
1063         vfree(table);
1064
1065         vfree(counterstmp);
1066         return ret;
1067
1068 free_unlock:
1069         mutex_unlock(&ebt_mutex);
1070 free_iterate:
1071         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1072            ebt_cleanup_entry, NULL);
1073 free_counterstmp:
1074         vfree(counterstmp);
1075         /* can be initialized in translate_table() */
1076         if (newinfo->chainstack) {
1077                 for_each_possible_cpu(i)
1078                         vfree(newinfo->chainstack[i]);
1079                 vfree(newinfo->chainstack);
1080         }
1081 free_entries:
1082         vfree(newinfo->entries);
1083 free_newinfo:
1084         vfree(newinfo);
1085         return ret;
1086 }
1087
1088 int ebt_register_table(struct ebt_table *table)
1089 {
1090         struct ebt_table_info *newinfo;
1091         struct ebt_table *t;
1092         struct ebt_replace_kernel *repl;
1093         int ret, i, countersize;
1094         void *p;
1095
1096         if (!table || !(repl = table->table) || !repl->entries ||
1097             repl->entries_size == 0 ||
1098             repl->counters || table->private) {
1099                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1100                 return -EINVAL;
1101         }
1102
1103         countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1104         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1105         ret = -ENOMEM;
1106         if (!newinfo)
1107                 return -ENOMEM;
1108
1109         p = vmalloc(repl->entries_size);
1110         if (!p)
1111                 goto free_newinfo;
1112
1113         memcpy(p, repl->entries, repl->entries_size);
1114         newinfo->entries = p;
1115
1116         newinfo->entries_size = repl->entries_size;
1117         newinfo->nentries = repl->nentries;
1118
1119         if (countersize)
1120                 memset(newinfo->counters, 0, countersize);
1121
1122         /* fill in newinfo and parse the entries */
1123         newinfo->chainstack = NULL;
1124         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1125                 if ((repl->valid_hooks & (1 << i)) == 0)
1126                         newinfo->hook_entry[i] = NULL;
1127                 else
1128                         newinfo->hook_entry[i] = p +
1129                                 ((char *)repl->hook_entry[i] - repl->entries);
1130         }
1131         ret = translate_table(repl->name, newinfo);
1132         if (ret != 0) {
1133                 BUGPRINT("Translate_table failed\n");
1134                 goto free_chainstack;
1135         }
1136
1137         if (table->check && table->check(newinfo, table->valid_hooks)) {
1138                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1139                 return -EINVAL;
1140         }
1141
1142         table->private = newinfo;
1143         rwlock_init(&table->lock);
1144         ret = mutex_lock_interruptible(&ebt_mutex);
1145         if (ret != 0)
1146                 goto free_chainstack;
1147
1148         list_for_each_entry(t, &ebt_tables, list) {
1149                 if (strcmp(t->name, table->name) == 0) {
1150                         ret = -EEXIST;
1151                         BUGPRINT("Table name already exists\n");
1152                         goto free_unlock;
1153                 }
1154         }
1155
1156         /* Hold a reference count if the chains aren't empty */
1157         if (newinfo->nentries && !try_module_get(table->me)) {
1158                 ret = -ENOENT;
1159                 goto free_unlock;
1160         }
1161         list_add(&table->list, &ebt_tables);
1162         mutex_unlock(&ebt_mutex);
1163         return 0;
1164 free_unlock:
1165         mutex_unlock(&ebt_mutex);
1166 free_chainstack:
1167         if (newinfo->chainstack) {
1168                 for_each_possible_cpu(i)
1169                         vfree(newinfo->chainstack[i]);
1170                 vfree(newinfo->chainstack);
1171         }
1172         vfree(newinfo->entries);
1173 free_newinfo:
1174         vfree(newinfo);
1175         return ret;
1176 }
1177
1178 void ebt_unregister_table(struct ebt_table *table)
1179 {
1180         int i;
1181
1182         if (!table) {
1183                 BUGPRINT("Request to unregister NULL table!!!\n");
1184                 return;
1185         }
1186         mutex_lock(&ebt_mutex);
1187         list_del(&table->list);
1188         mutex_unlock(&ebt_mutex);
1189         vfree(table->private->entries);
1190         if (table->private->chainstack) {
1191                 for_each_possible_cpu(i)
1192                         vfree(table->private->chainstack[i]);
1193                 vfree(table->private->chainstack);
1194         }
1195         vfree(table->private);
1196 }
1197
1198 /* userspace just supplied us with counters */
1199 static int update_counters(void __user *user, unsigned int len)
1200 {
1201         int i, ret;
1202         struct ebt_counter *tmp;
1203         struct ebt_replace hlp;
1204         struct ebt_table *t;
1205
1206         if (copy_from_user(&hlp, user, sizeof(hlp)))
1207                 return -EFAULT;
1208
1209         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1210                 return -EINVAL;
1211         if (hlp.num_counters == 0)
1212                 return -EINVAL;
1213
1214         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1215                 MEMPRINT("Update_counters && nomemory\n");
1216                 return -ENOMEM;
1217         }
1218
1219         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1220         if (!t)
1221                 goto free_tmp;
1222
1223         if (hlp.num_counters != t->private->nentries) {
1224                 BUGPRINT("Wrong nr of counters\n");
1225                 ret = -EINVAL;
1226                 goto unlock_mutex;
1227         }
1228
1229         if ( copy_from_user(tmp, hlp.counters,
1230            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1231                 BUGPRINT("Updata_counters && !cfu\n");
1232                 ret = -EFAULT;
1233                 goto unlock_mutex;
1234         }
1235
1236         /* we want an atomic add of the counters */
1237         write_lock_bh(&t->lock);
1238
1239         /* we add to the counters of the first cpu */
1240         for (i = 0; i < hlp.num_counters; i++) {
1241                 t->private->counters[i].pcnt += tmp[i].pcnt;
1242                 t->private->counters[i].bcnt += tmp[i].bcnt;
1243         }
1244
1245         write_unlock_bh(&t->lock);
1246         ret = 0;
1247 unlock_mutex:
1248         mutex_unlock(&ebt_mutex);
1249 free_tmp:
1250         vfree(tmp);
1251         return ret;
1252 }
1253
1254 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1255    char *base, char __user *ubase)
1256 {
1257         char __user *hlp = ubase + ((char *)m - base);
1258         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1259                 return -EFAULT;
1260         return 0;
1261 }
1262
1263 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1264    char *base, char __user *ubase)
1265 {
1266         char __user *hlp = ubase + ((char *)w - base);
1267         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1268                 return -EFAULT;
1269         return 0;
1270 }
1271
1272 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1273 {
1274         int ret;
1275         char __user *hlp;
1276         struct ebt_entry_target *t;
1277
1278         if (e->bitmask == 0)
1279                 return 0;
1280
1281         hlp = ubase + (((char *)e + e->target_offset) - base);
1282         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1283
1284         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1285         if (ret != 0)
1286                 return ret;
1287         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1288         if (ret != 0)
1289                 return ret;
1290         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1291                 return -EFAULT;
1292         return 0;
1293 }
1294
1295 /* called with ebt_mutex locked */
1296 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1297    int *len, int cmd)
1298 {
1299         struct ebt_replace tmp;
1300         struct ebt_counter *counterstmp, *oldcounters;
1301         unsigned int entries_size, nentries;
1302         char *entries;
1303
1304         if (cmd == EBT_SO_GET_ENTRIES) {
1305                 entries_size = t->private->entries_size;
1306                 nentries = t->private->nentries;
1307                 entries = t->private->entries;
1308                 oldcounters = t->private->counters;
1309         } else {
1310                 entries_size = t->table->entries_size;
1311                 nentries = t->table->nentries;
1312                 entries = t->table->entries;
1313                 oldcounters = t->table->counters;
1314         }
1315
1316         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1317                 BUGPRINT("Cfu didn't work\n");
1318                 return -EFAULT;
1319         }
1320
1321         if (*len != sizeof(struct ebt_replace) + entries_size +
1322            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1323                 BUGPRINT("Wrong size\n");
1324                 return -EINVAL;
1325         }
1326
1327         if (tmp.nentries != nentries) {
1328                 BUGPRINT("Nentries wrong\n");
1329                 return -EINVAL;
1330         }
1331
1332         if (tmp.entries_size != entries_size) {
1333                 BUGPRINT("Wrong size\n");
1334                 return -EINVAL;
1335         }
1336
1337         /* userspace might not need the counters */
1338         if (tmp.num_counters) {
1339                 if (tmp.num_counters != nentries) {
1340                         BUGPRINT("Num_counters wrong\n");
1341                         return -EINVAL;
1342                 }
1343                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1344                 if (!counterstmp) {
1345                         MEMPRINT("Couldn't copy counters, out of memory\n");
1346                         return -ENOMEM;
1347                 }
1348                 write_lock_bh(&t->lock);
1349                 get_counters(oldcounters, counterstmp, nentries);
1350                 write_unlock_bh(&t->lock);
1351
1352                 if (copy_to_user(tmp.counters, counterstmp,
1353                    nentries * sizeof(struct ebt_counter))) {
1354                         BUGPRINT("Couldn't copy counters to userspace\n");
1355                         vfree(counterstmp);
1356                         return -EFAULT;
1357                 }
1358                 vfree(counterstmp);
1359         }
1360
1361         if (copy_to_user(tmp.entries, entries, entries_size)) {
1362                 BUGPRINT("Couldn't copy entries to userspace\n");
1363                 return -EFAULT;
1364         }
1365         /* set the match/watcher/target names right */
1366         return EBT_ENTRY_ITERATE(entries, entries_size,
1367            ebt_make_names, entries, tmp.entries);
1368 }
1369
1370 static int do_ebt_set_ctl(struct sock *sk,
1371         int cmd, void __user *user, unsigned int len)
1372 {
1373         int ret;
1374
1375         switch(cmd) {
1376         case EBT_SO_SET_ENTRIES:
1377                 ret = do_replace(user, len);
1378                 break;
1379         case EBT_SO_SET_COUNTERS:
1380                 ret = update_counters(user, len);
1381                 break;
1382         default:
1383                 ret = -EINVAL;
1384   }
1385         return ret;
1386 }
1387
1388 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1389 {
1390         int ret;
1391         struct ebt_replace tmp;
1392         struct ebt_table *t;
1393
1394         if (copy_from_user(&tmp, user, sizeof(tmp)))
1395                 return -EFAULT;
1396
1397         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1398         if (!t)
1399                 return ret;
1400
1401         switch(cmd) {
1402         case EBT_SO_GET_INFO:
1403         case EBT_SO_GET_INIT_INFO:
1404                 if (*len != sizeof(struct ebt_replace)){
1405                         ret = -EINVAL;
1406                         mutex_unlock(&ebt_mutex);
1407                         break;
1408                 }
1409                 if (cmd == EBT_SO_GET_INFO) {
1410                         tmp.nentries = t->private->nentries;
1411                         tmp.entries_size = t->private->entries_size;
1412                         tmp.valid_hooks = t->valid_hooks;
1413                 } else {
1414                         tmp.nentries = t->table->nentries;
1415                         tmp.entries_size = t->table->entries_size;
1416                         tmp.valid_hooks = t->table->valid_hooks;
1417                 }
1418                 mutex_unlock(&ebt_mutex);
1419                 if (copy_to_user(user, &tmp, *len) != 0){
1420                         BUGPRINT("c2u Didn't work\n");
1421                         ret = -EFAULT;
1422                         break;
1423                 }
1424                 ret = 0;
1425                 break;
1426
1427         case EBT_SO_GET_ENTRIES:
1428         case EBT_SO_GET_INIT_ENTRIES:
1429                 ret = copy_everything_to_user(t, user, len, cmd);
1430                 mutex_unlock(&ebt_mutex);
1431                 break;
1432
1433         default:
1434                 mutex_unlock(&ebt_mutex);
1435                 ret = -EINVAL;
1436         }
1437
1438         return ret;
1439 }
1440
1441 static struct nf_sockopt_ops ebt_sockopts =
1442 {
1443         .pf             = PF_INET,
1444         .set_optmin     = EBT_BASE_CTL,
1445         .set_optmax     = EBT_SO_SET_MAX + 1,
1446         .set            = do_ebt_set_ctl,
1447         .get_optmin     = EBT_BASE_CTL,
1448         .get_optmax     = EBT_SO_GET_MAX + 1,
1449         .get            = do_ebt_get_ctl,
1450         .owner          = THIS_MODULE,
1451 };
1452
1453 static int __init ebtables_init(void)
1454 {
1455         int ret;
1456
1457         ret = xt_register_target(&ebt_standard_target);
1458         if (ret < 0)
1459                 return ret;
1460         ret = nf_register_sockopt(&ebt_sockopts);
1461         if (ret < 0) {
1462                 xt_unregister_target(&ebt_standard_target);
1463                 return ret;
1464         }
1465
1466         printk(KERN_INFO "Ebtables v2.0 registered\n");
1467         return 0;
1468 }
1469
1470 static void __exit ebtables_fini(void)
1471 {
1472         nf_unregister_sockopt(&ebt_sockopts);
1473         xt_unregister_target(&ebt_standard_target);
1474         printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1475 }
1476
1477 EXPORT_SYMBOL(ebt_register_table);
1478 EXPORT_SYMBOL(ebt_unregister_table);
1479 EXPORT_SYMBOL(ebt_do_table);
1480 module_init(ebtables_init);
1481 module_exit(ebtables_fini);
1482 MODULE_LICENSE("GPL");