a1156bab4a034c8963f44f2b34e513e03b5eff7d
[linux-2.6.git] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34                                          "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37                                          ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43  * Each cpu has its own set of counters, so there is no need for write_lock in
44  * the softirq
45  * For reading or updating the counters, the user context needs to
46  * get a write_lock
47  */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53    COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58 static LIST_HEAD(ebt_tables);
59
60 static struct xt_target ebt_standard_target = {
61         .name       = "standard",
62         .revision   = 0,
63         .family     = NFPROTO_BRIDGE,
64         .targetsize = sizeof(int),
65 };
66
67 static inline int
68 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
69                struct xt_target_param *par)
70 {
71         par->target   = w->u.watcher;
72         par->targinfo = w->data;
73         w->u.watcher->target(skb, par);
74         /* watchers don't give a verdict */
75         return 0;
76 }
77
78 static inline int ebt_do_match (struct ebt_entry_match *m,
79    const struct sk_buff *skb, struct xt_match_param *par)
80 {
81         par->match     = m->u.match;
82         par->matchinfo = m->data;
83         return m->u.match->match(skb, par);
84 }
85
86 static inline int ebt_dev_check(char *entry, const struct net_device *device)
87 {
88         int i = 0;
89         const char *devname = device->name;
90
91         if (*entry == '\0')
92                 return 0;
93         if (!device)
94                 return 1;
95         /* 1 is the wildcard token */
96         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97                 i++;
98         return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104    const struct net_device *in, const struct net_device *out)
105 {
106         int verdict, i;
107
108         if (e->bitmask & EBT_802_3) {
109                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110                         return 1;
111         } else if (!(e->bitmask & EBT_NOPROTO) &&
112            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113                 return 1;
114
115         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116                 return 1;
117         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118                 return 1;
119         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121                 return 1;
122         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124                 return 1;
125
126         if (e->bitmask & EBT_SOURCEMAC) {
127                 verdict = 0;
128                 for (i = 0; i < 6; i++)
129                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130                            e->sourcemsk[i];
131                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132                         return 1;
133         }
134         if (e->bitmask & EBT_DESTMAC) {
135                 verdict = 0;
136                 for (i = 0; i < 6; i++)
137                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138                            e->destmsk[i];
139                 if (FWINV2(verdict != 0, EBT_IDEST) )
140                         return 1;
141         }
142         return 0;
143 }
144
145 /* Do some firewalling */
146 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
147    const struct net_device *in, const struct net_device *out,
148    struct ebt_table *table)
149 {
150         int i, nentries;
151         struct ebt_entry *point;
152         struct ebt_counter *counter_base, *cb_base;
153         struct ebt_entry_target *t;
154         int verdict, sp = 0;
155         struct ebt_chainstack *cs;
156         struct ebt_entries *chaininfo;
157         char *base;
158         struct ebt_table_info *private;
159         bool hotdrop = false;
160         struct xt_match_param mtpar;
161         struct xt_target_param tgpar;
162
163         mtpar.in      = tgpar.in  = in;
164         mtpar.out     = tgpar.out = out;
165         mtpar.hotdrop = &hotdrop;
166         tgpar.hooknum = hook;
167
168         read_lock_bh(&table->lock);
169         private = table->private;
170         cb_base = COUNTER_BASE(private->counters, private->nentries,
171            smp_processor_id());
172         if (private->chainstack)
173                 cs = private->chainstack[smp_processor_id()];
174         else
175                 cs = NULL;
176         chaininfo = private->hook_entry[hook];
177         nentries = private->hook_entry[hook]->nentries;
178         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
179         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
180         /* base for chain jumps */
181         base = private->entries;
182         i = 0;
183         while (i < nentries) {
184                 if (ebt_basic_match(point, eth_hdr(skb), in, out))
185                         goto letscontinue;
186
187                 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
188                         goto letscontinue;
189                 if (hotdrop) {
190                         read_unlock_bh(&table->lock);
191                         return NF_DROP;
192                 }
193
194                 /* increase counter */
195                 (*(counter_base + i)).pcnt++;
196                 (*(counter_base + i)).bcnt += skb->len;
197
198                 /* these should only watch: not modify, nor tell us
199                    what to do with the packet */
200                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
201
202                 t = (struct ebt_entry_target *)
203                    (((char *)point) + point->target_offset);
204                 /* standard target */
205                 if (!t->u.target->target)
206                         verdict = ((struct ebt_standard_target *)t)->verdict;
207                 else {
208                         tgpar.target   = t->u.target;
209                         tgpar.targinfo = t->data;
210                         verdict = t->u.target->target(skb, &tgpar);
211                 }
212                 if (verdict == EBT_ACCEPT) {
213                         read_unlock_bh(&table->lock);
214                         return NF_ACCEPT;
215                 }
216                 if (verdict == EBT_DROP) {
217                         read_unlock_bh(&table->lock);
218                         return NF_DROP;
219                 }
220                 if (verdict == EBT_RETURN) {
221 letsreturn:
222 #ifdef CONFIG_NETFILTER_DEBUG
223                         if (sp == 0) {
224                                 BUGPRINT("RETURN on base chain");
225                                 /* act like this is EBT_CONTINUE */
226                                 goto letscontinue;
227                         }
228 #endif
229                         sp--;
230                         /* put all the local variables right */
231                         i = cs[sp].n;
232                         chaininfo = cs[sp].chaininfo;
233                         nentries = chaininfo->nentries;
234                         point = cs[sp].e;
235                         counter_base = cb_base +
236                            chaininfo->counter_offset;
237                         continue;
238                 }
239                 if (verdict == EBT_CONTINUE)
240                         goto letscontinue;
241 #ifdef CONFIG_NETFILTER_DEBUG
242                 if (verdict < 0) {
243                         BUGPRINT("bogus standard verdict\n");
244                         read_unlock_bh(&table->lock);
245                         return NF_DROP;
246                 }
247 #endif
248                 /* jump to a udc */
249                 cs[sp].n = i + 1;
250                 cs[sp].chaininfo = chaininfo;
251                 cs[sp].e = (struct ebt_entry *)
252                    (((char *)point) + point->next_offset);
253                 i = 0;
254                 chaininfo = (struct ebt_entries *) (base + verdict);
255 #ifdef CONFIG_NETFILTER_DEBUG
256                 if (chaininfo->distinguisher) {
257                         BUGPRINT("jump to non-chain\n");
258                         read_unlock_bh(&table->lock);
259                         return NF_DROP;
260                 }
261 #endif
262                 nentries = chaininfo->nentries;
263                 point = (struct ebt_entry *)chaininfo->data;
264                 counter_base = cb_base + chaininfo->counter_offset;
265                 sp++;
266                 continue;
267 letscontinue:
268                 point = (struct ebt_entry *)
269                    (((char *)point) + point->next_offset);
270                 i++;
271         }
272
273         /* I actually like this :) */
274         if (chaininfo->policy == EBT_RETURN)
275                 goto letsreturn;
276         if (chaininfo->policy == EBT_ACCEPT) {
277                 read_unlock_bh(&table->lock);
278                 return NF_ACCEPT;
279         }
280         read_unlock_bh(&table->lock);
281         return NF_DROP;
282 }
283
284 /* If it succeeds, returns element and locks mutex */
285 static inline void *
286 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
287    struct mutex *mutex)
288 {
289         struct {
290                 struct list_head list;
291                 char name[EBT_FUNCTION_MAXNAMELEN];
292         } *e;
293
294         *error = mutex_lock_interruptible(mutex);
295         if (*error != 0)
296                 return NULL;
297
298         list_for_each_entry(e, head, list) {
299                 if (strcmp(e->name, name) == 0)
300                         return e;
301         }
302         *error = -ENOENT;
303         mutex_unlock(mutex);
304         return NULL;
305 }
306
307 #ifndef CONFIG_KMOD
308 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
309 #else
310 static void *
311 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
312    int *error, struct mutex *mutex)
313 {
314         void *ret;
315
316         ret = find_inlist_lock_noload(head, name, error, mutex);
317         if (!ret) {
318                 request_module("%s%s", prefix, name);
319                 ret = find_inlist_lock_noload(head, name, error, mutex);
320         }
321         return ret;
322 }
323 #endif
324
325 static inline struct ebt_table *
326 find_table_lock(const char *name, int *error, struct mutex *mutex)
327 {
328         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
329 }
330
331 static inline int
332 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
333                 unsigned int *cnt)
334 {
335         const struct ebt_entry *e = par->entryinfo;
336         struct xt_match *match;
337         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
338         int ret;
339
340         if (left < sizeof(struct ebt_entry_match) ||
341             left - sizeof(struct ebt_entry_match) < m->match_size)
342                 return -EINVAL;
343
344         match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
345                 m->u.name, 0), "ebt_%s", m->u.name);
346         if (IS_ERR(match))
347                 return PTR_ERR(match);
348         if (match == NULL)
349                 return -ENOENT;
350         m->u.match = match;
351
352         par->match     = match;
353         par->matchinfo = m->data;
354         ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size,
355               e->ethproto, e->invflags & EBT_IPROTO);
356         if (ret < 0) {
357                 module_put(match->me);
358                 return ret;
359         }
360
361         (*cnt)++;
362         return 0;
363 }
364
365 static inline int
366 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
367    const char *name, unsigned int hookmask, unsigned int *cnt)
368 {
369         struct xt_target *watcher;
370         size_t left = ((char *)e + e->target_offset) - (char *)w;
371         int ret;
372
373         if (left < sizeof(struct ebt_entry_watcher) ||
374            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
375                 return -EINVAL;
376
377         watcher = try_then_request_module(
378                   xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
379                   "ebt_%s", w->u.name);
380         if (IS_ERR(watcher))
381                 return PTR_ERR(watcher);
382         if (watcher == NULL)
383                 return -ENOENT;
384         w->u.watcher = watcher;
385
386         ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
387               name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
388               e, w->data);
389         if (ret < 0) {
390                 module_put(watcher->me);
391                 return ret;
392         }
393
394         (*cnt)++;
395         return 0;
396 }
397
398 static int ebt_verify_pointers(struct ebt_replace *repl,
399                                struct ebt_table_info *newinfo)
400 {
401         unsigned int limit = repl->entries_size;
402         unsigned int valid_hooks = repl->valid_hooks;
403         unsigned int offset = 0;
404         int i;
405
406         for (i = 0; i < NF_BR_NUMHOOKS; i++)
407                 newinfo->hook_entry[i] = NULL;
408
409         newinfo->entries_size = repl->entries_size;
410         newinfo->nentries = repl->nentries;
411
412         while (offset < limit) {
413                 size_t left = limit - offset;
414                 struct ebt_entry *e = (void *)newinfo->entries + offset;
415
416                 if (left < sizeof(unsigned int))
417                         break;
418
419                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
420                         if ((valid_hooks & (1 << i)) == 0)
421                                 continue;
422                         if ((char __user *)repl->hook_entry[i] ==
423                              repl->entries + offset)
424                                 break;
425                 }
426
427                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
428                         if (e->bitmask != 0) {
429                                 /* we make userspace set this right,
430                                    so there is no misunderstanding */
431                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
432                                          "in distinguisher\n");
433                                 return -EINVAL;
434                         }
435                         if (i != NF_BR_NUMHOOKS)
436                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
437                         if (left < sizeof(struct ebt_entries))
438                                 break;
439                         offset += sizeof(struct ebt_entries);
440                 } else {
441                         if (left < sizeof(struct ebt_entry))
442                                 break;
443                         if (left < e->next_offset)
444                                 break;
445                         offset += e->next_offset;
446                 }
447         }
448         if (offset != limit) {
449                 BUGPRINT("entries_size too small\n");
450                 return -EINVAL;
451         }
452
453         /* check if all valid hooks have a chain */
454         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
455                 if (!newinfo->hook_entry[i] &&
456                    (valid_hooks & (1 << i))) {
457                         BUGPRINT("Valid hook without chain\n");
458                         return -EINVAL;
459                 }
460         }
461         return 0;
462 }
463
464 /*
465  * this one is very careful, as it is the first function
466  * to parse the userspace data
467  */
468 static inline int
469 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
470    struct ebt_table_info *newinfo,
471    unsigned int *n, unsigned int *cnt,
472    unsigned int *totalcnt, unsigned int *udc_cnt)
473 {
474         int i;
475
476         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
477                 if ((void *)e == (void *)newinfo->hook_entry[i])
478                         break;
479         }
480         /* beginning of a new chain
481            if i == NF_BR_NUMHOOKS it must be a user defined chain */
482         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
483                 /* this checks if the previous chain has as many entries
484                    as it said it has */
485                 if (*n != *cnt) {
486                         BUGPRINT("nentries does not equal the nr of entries "
487                                  "in the chain\n");
488                         return -EINVAL;
489                 }
490                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492                         /* only RETURN from udc */
493                         if (i != NF_BR_NUMHOOKS ||
494                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495                                 BUGPRINT("bad policy\n");
496                                 return -EINVAL;
497                         }
498                 }
499                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500                         (*udc_cnt)++;
501                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502                         BUGPRINT("counter_offset != totalcnt");
503                         return -EINVAL;
504                 }
505                 *n = ((struct ebt_entries *)e)->nentries;
506                 *cnt = 0;
507                 return 0;
508         }
509         /* a plain old entry, heh */
510         if (sizeof(struct ebt_entry) > e->watchers_offset ||
511            e->watchers_offset > e->target_offset ||
512            e->target_offset >= e->next_offset) {
513                 BUGPRINT("entry offsets not in right order\n");
514                 return -EINVAL;
515         }
516         /* this is not checked anywhere else */
517         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518                 BUGPRINT("target size too small\n");
519                 return -EINVAL;
520         }
521         (*cnt)++;
522         (*totalcnt)++;
523         return 0;
524 }
525
526 struct ebt_cl_stack
527 {
528         struct ebt_chainstack cs;
529         int from;
530         unsigned int hookmask;
531 };
532
533 /*
534  * we need these positions to check that the jumps to a different part of the
535  * entries is a jump to the beginning of a new chain.
536  */
537 static inline int
538 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
539    unsigned int *n, struct ebt_cl_stack *udc)
540 {
541         int i;
542
543         /* we're only interested in chain starts */
544         if (e->bitmask)
545                 return 0;
546         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
547                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
548                         break;
549         }
550         /* only care about udc */
551         if (i != NF_BR_NUMHOOKS)
552                 return 0;
553
554         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
555         /* these initialisations are depended on later in check_chainloops() */
556         udc[*n].cs.n = 0;
557         udc[*n].hookmask = 0;
558
559         (*n)++;
560         return 0;
561 }
562
563 static inline int
564 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
565 {
566         struct xt_mtdtor_param par;
567
568         if (i && (*i)-- == 0)
569                 return 1;
570
571         par.match     = m->u.match;
572         par.matchinfo = m->data;
573         if (par.match->destroy != NULL)
574                 par.match->destroy(&par);
575         module_put(par.match->me);
576         return 0;
577 }
578
579 static inline int
580 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
581 {
582         if (i && (*i)-- == 0)
583                 return 1;
584         if (w->u.watcher->destroy)
585                 w->u.watcher->destroy(w->u.watcher, w->data);
586         module_put(w->u.watcher->me);
587
588         return 0;
589 }
590
591 static inline int
592 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
593 {
594         struct ebt_entry_target *t;
595
596         if (e->bitmask == 0)
597                 return 0;
598         /* we're done */
599         if (cnt && (*cnt)-- == 0)
600                 return 1;
601         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
602         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
603         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
604         if (t->u.target->destroy)
605                 t->u.target->destroy(t->u.target, t->data);
606         module_put(t->u.target->me);
607
608         return 0;
609 }
610
611 static inline int
612 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
613    const char *name, unsigned int *cnt,
614    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
615 {
616         struct ebt_entry_target *t;
617         struct xt_target *target;
618         unsigned int i, j, hook = 0, hookmask = 0;
619         size_t gap;
620         int ret;
621         struct xt_mtchk_param mtpar;
622
623         /* don't mess with the struct ebt_entries */
624         if (e->bitmask == 0)
625                 return 0;
626
627         if (e->bitmask & ~EBT_F_MASK) {
628                 BUGPRINT("Unknown flag for bitmask\n");
629                 return -EINVAL;
630         }
631         if (e->invflags & ~EBT_INV_MASK) {
632                 BUGPRINT("Unknown flag for inv bitmask\n");
633                 return -EINVAL;
634         }
635         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
636                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
637                 return -EINVAL;
638         }
639         /* what hook do we belong to? */
640         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
641                 if (!newinfo->hook_entry[i])
642                         continue;
643                 if ((char *)newinfo->hook_entry[i] < (char *)e)
644                         hook = i;
645                 else
646                         break;
647         }
648         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
649            a base chain */
650         if (i < NF_BR_NUMHOOKS)
651                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
652         else {
653                 for (i = 0; i < udc_cnt; i++)
654                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
655                                 break;
656                 if (i == 0)
657                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
658                 else
659                         hookmask = cl_s[i - 1].hookmask;
660         }
661         i = 0;
662
663         mtpar.table     = name;
664         mtpar.entryinfo = e;
665         mtpar.hook_mask = hookmask;
666         ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
667         if (ret != 0)
668                 goto cleanup_matches;
669         j = 0;
670         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
671         if (ret != 0)
672                 goto cleanup_watchers;
673         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
674         gap = e->next_offset - e->target_offset;
675
676         target = try_then_request_module(
677                  xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
678                  "ebt_%s", t->u.name);
679         if (IS_ERR(target)) {
680                 ret = PTR_ERR(target);
681                 goto cleanup_watchers;
682         } else if (target == NULL) {
683                 ret = -ENOENT;
684                 goto cleanup_watchers;
685         }
686
687         t->u.target = target;
688         if (t->u.target == &ebt_standard_target) {
689                 if (gap < sizeof(struct ebt_standard_target)) {
690                         BUGPRINT("Standard target size too big\n");
691                         ret = -EFAULT;
692                         goto cleanup_watchers;
693                 }
694                 if (((struct ebt_standard_target *)t)->verdict <
695                    -NUM_STANDARD_TARGETS) {
696                         BUGPRINT("Invalid standard target\n");
697                         ret = -EFAULT;
698                         goto cleanup_watchers;
699                 }
700         } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
701                 module_put(t->u.target->me);
702                 ret = -EFAULT;
703                 goto cleanup_watchers;
704         }
705
706         ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
707               name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
708               e, t->data);
709         if (ret < 0) {
710                 module_put(target->me);
711                 goto cleanup_watchers;
712         }
713         (*cnt)++;
714         return 0;
715 cleanup_watchers:
716         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
717 cleanup_matches:
718         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
719         return ret;
720 }
721
722 /*
723  * checks for loops and sets the hook mask for udc
724  * the hook mask for udc tells us from which base chains the udc can be
725  * accessed. This mask is a parameter to the check() functions of the extensions
726  */
727 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
728    unsigned int udc_cnt, unsigned int hooknr, char *base)
729 {
730         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
731         struct ebt_entry *e = (struct ebt_entry *)chain->data;
732         struct ebt_entry_target *t;
733
734         while (pos < nentries || chain_nr != -1) {
735                 /* end of udc, go back one 'recursion' step */
736                 if (pos == nentries) {
737                         /* put back values of the time when this chain was called */
738                         e = cl_s[chain_nr].cs.e;
739                         if (cl_s[chain_nr].from != -1)
740                                 nentries =
741                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
742                         else
743                                 nentries = chain->nentries;
744                         pos = cl_s[chain_nr].cs.n;
745                         /* make sure we won't see a loop that isn't one */
746                         cl_s[chain_nr].cs.n = 0;
747                         chain_nr = cl_s[chain_nr].from;
748                         if (pos == nentries)
749                                 continue;
750                 }
751                 t = (struct ebt_entry_target *)
752                    (((char *)e) + e->target_offset);
753                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
754                         goto letscontinue;
755                 if (e->target_offset + sizeof(struct ebt_standard_target) >
756                    e->next_offset) {
757                         BUGPRINT("Standard target size too big\n");
758                         return -1;
759                 }
760                 verdict = ((struct ebt_standard_target *)t)->verdict;
761                 if (verdict >= 0) { /* jump to another chain */
762                         struct ebt_entries *hlp2 =
763                            (struct ebt_entries *)(base + verdict);
764                         for (i = 0; i < udc_cnt; i++)
765                                 if (hlp2 == cl_s[i].cs.chaininfo)
766                                         break;
767                         /* bad destination or loop */
768                         if (i == udc_cnt) {
769                                 BUGPRINT("bad destination\n");
770                                 return -1;
771                         }
772                         if (cl_s[i].cs.n) {
773                                 BUGPRINT("loop\n");
774                                 return -1;
775                         }
776                         if (cl_s[i].hookmask & (1 << hooknr))
777                                 goto letscontinue;
778                         /* this can't be 0, so the loop test is correct */
779                         cl_s[i].cs.n = pos + 1;
780                         pos = 0;
781                         cl_s[i].cs.e = ((void *)e + e->next_offset);
782                         e = (struct ebt_entry *)(hlp2->data);
783                         nentries = hlp2->nentries;
784                         cl_s[i].from = chain_nr;
785                         chain_nr = i;
786                         /* this udc is accessible from the base chain for hooknr */
787                         cl_s[i].hookmask |= (1 << hooknr);
788                         continue;
789                 }
790 letscontinue:
791                 e = (void *)e + e->next_offset;
792                 pos++;
793         }
794         return 0;
795 }
796
797 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
798 static int translate_table(char *name, struct ebt_table_info *newinfo)
799 {
800         unsigned int i, j, k, udc_cnt;
801         int ret;
802         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
803
804         i = 0;
805         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
806                 i++;
807         if (i == NF_BR_NUMHOOKS) {
808                 BUGPRINT("No valid hooks specified\n");
809                 return -EINVAL;
810         }
811         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
812                 BUGPRINT("Chains don't start at beginning\n");
813                 return -EINVAL;
814         }
815         /* make sure chains are ordered after each other in same order
816            as their corresponding hooks */
817         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
818                 if (!newinfo->hook_entry[j])
819                         continue;
820                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
821                         BUGPRINT("Hook order must be followed\n");
822                         return -EINVAL;
823                 }
824                 i = j;
825         }
826
827         /* do some early checkings and initialize some things */
828         i = 0; /* holds the expected nr. of entries for the chain */
829         j = 0; /* holds the up to now counted entries for the chain */
830         k = 0; /* holds the total nr. of entries, should equal
831                   newinfo->nentries afterwards */
832         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
833         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
834            ebt_check_entry_size_and_hooks, newinfo,
835            &i, &j, &k, &udc_cnt);
836
837         if (ret != 0)
838                 return ret;
839
840         if (i != j) {
841                 BUGPRINT("nentries does not equal the nr of entries in the "
842                          "(last) chain\n");
843                 return -EINVAL;
844         }
845         if (k != newinfo->nentries) {
846                 BUGPRINT("Total nentries is wrong\n");
847                 return -EINVAL;
848         }
849
850         /* get the location of the udc, put them in an array
851            while we're at it, allocate the chainstack */
852         if (udc_cnt) {
853                 /* this will get free'd in do_replace()/ebt_register_table()
854                    if an error occurs */
855                 newinfo->chainstack =
856                         vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
857                 if (!newinfo->chainstack)
858                         return -ENOMEM;
859                 for_each_possible_cpu(i) {
860                         newinfo->chainstack[i] =
861                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
862                         if (!newinfo->chainstack[i]) {
863                                 while (i)
864                                         vfree(newinfo->chainstack[--i]);
865                                 vfree(newinfo->chainstack);
866                                 newinfo->chainstack = NULL;
867                                 return -ENOMEM;
868                         }
869                 }
870
871                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
872                 if (!cl_s)
873                         return -ENOMEM;
874                 i = 0; /* the i'th udc */
875                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
876                    ebt_get_udc_positions, newinfo, &i, cl_s);
877                 /* sanity check */
878                 if (i != udc_cnt) {
879                         BUGPRINT("i != udc_cnt\n");
880                         vfree(cl_s);
881                         return -EFAULT;
882                 }
883         }
884
885         /* Check for loops */
886         for (i = 0; i < NF_BR_NUMHOOKS; i++)
887                 if (newinfo->hook_entry[i])
888                         if (check_chainloops(newinfo->hook_entry[i],
889                            cl_s, udc_cnt, i, newinfo->entries)) {
890                                 vfree(cl_s);
891                                 return -EINVAL;
892                         }
893
894         /* we now know the following (along with E=mc²):
895            - the nr of entries in each chain is right
896            - the size of the allocated space is right
897            - all valid hooks have a corresponding chain
898            - there are no loops
899            - wrong data can still be on the level of a single entry
900            - could be there are jumps to places that are not the
901              beginning of a chain. This can only occur in chains that
902              are not accessible from any base chains, so we don't care. */
903
904         /* used to know what we need to clean up if something goes wrong */
905         i = 0;
906         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
907            ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
908         if (ret != 0) {
909                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
910                    ebt_cleanup_entry, &i);
911         }
912         vfree(cl_s);
913         return ret;
914 }
915
916 /* called under write_lock */
917 static void get_counters(struct ebt_counter *oldcounters,
918    struct ebt_counter *counters, unsigned int nentries)
919 {
920         int i, cpu;
921         struct ebt_counter *counter_base;
922
923         /* counters of cpu 0 */
924         memcpy(counters, oldcounters,
925                sizeof(struct ebt_counter) * nentries);
926
927         /* add other counters to those of cpu 0 */
928         for_each_possible_cpu(cpu) {
929                 if (cpu == 0)
930                         continue;
931                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
932                 for (i = 0; i < nentries; i++) {
933                         counters[i].pcnt += counter_base[i].pcnt;
934                         counters[i].bcnt += counter_base[i].bcnt;
935                 }
936         }
937 }
938
939 /* replace the table */
940 static int do_replace(void __user *user, unsigned int len)
941 {
942         int ret, i, countersize;
943         struct ebt_table_info *newinfo;
944         struct ebt_replace tmp;
945         struct ebt_table *t;
946         struct ebt_counter *counterstmp = NULL;
947         /* used to be able to unlock earlier */
948         struct ebt_table_info *table;
949
950         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
951                 return -EFAULT;
952
953         if (len != sizeof(tmp) + tmp.entries_size) {
954                 BUGPRINT("Wrong len argument\n");
955                 return -EINVAL;
956         }
957
958         if (tmp.entries_size == 0) {
959                 BUGPRINT("Entries_size never zero\n");
960                 return -EINVAL;
961         }
962         /* overflow check */
963         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
964                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
965                 return -ENOMEM;
966         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
967                 return -ENOMEM;
968
969         countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
970         newinfo = vmalloc(sizeof(*newinfo) + countersize);
971         if (!newinfo)
972                 return -ENOMEM;
973
974         if (countersize)
975                 memset(newinfo->counters, 0, countersize);
976
977         newinfo->entries = vmalloc(tmp.entries_size);
978         if (!newinfo->entries) {
979                 ret = -ENOMEM;
980                 goto free_newinfo;
981         }
982         if (copy_from_user(
983            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
984                 BUGPRINT("Couldn't copy entries from userspace\n");
985                 ret = -EFAULT;
986                 goto free_entries;
987         }
988
989         /* the user wants counters back
990            the check on the size is done later, when we have the lock */
991         if (tmp.num_counters) {
992                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
993                 if (!counterstmp) {
994                         ret = -ENOMEM;
995                         goto free_entries;
996                 }
997         }
998         else
999                 counterstmp = NULL;
1000
1001         /* this can get initialized by translate_table() */
1002         newinfo->chainstack = NULL;
1003         ret = ebt_verify_pointers(&tmp, newinfo);
1004         if (ret != 0)
1005                 goto free_counterstmp;
1006
1007         ret = translate_table(tmp.name, newinfo);
1008
1009         if (ret != 0)
1010                 goto free_counterstmp;
1011
1012         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1013         if (!t) {
1014                 ret = -ENOENT;
1015                 goto free_iterate;
1016         }
1017
1018         /* the table doesn't like it */
1019         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1020                 goto free_unlock;
1021
1022         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1023                 BUGPRINT("Wrong nr. of counters requested\n");
1024                 ret = -EINVAL;
1025                 goto free_unlock;
1026         }
1027
1028         /* we have the mutex lock, so no danger in reading this pointer */
1029         table = t->private;
1030         /* make sure the table can only be rmmod'ed if it contains no rules */
1031         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1032                 ret = -ENOENT;
1033                 goto free_unlock;
1034         } else if (table->nentries && !newinfo->nentries)
1035                 module_put(t->me);
1036         /* we need an atomic snapshot of the counters */
1037         write_lock_bh(&t->lock);
1038         if (tmp.num_counters)
1039                 get_counters(t->private->counters, counterstmp,
1040                    t->private->nentries);
1041
1042         t->private = newinfo;
1043         write_unlock_bh(&t->lock);
1044         mutex_unlock(&ebt_mutex);
1045         /* so, a user can change the chains while having messed up her counter
1046            allocation. Only reason why this is done is because this way the lock
1047            is held only once, while this doesn't bring the kernel into a
1048            dangerous state. */
1049         if (tmp.num_counters &&
1050            copy_to_user(tmp.counters, counterstmp,
1051            tmp.num_counters * sizeof(struct ebt_counter))) {
1052                 BUGPRINT("Couldn't copy counters to userspace\n");
1053                 ret = -EFAULT;
1054         }
1055         else
1056                 ret = 0;
1057
1058         /* decrease module count and free resources */
1059         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1060            ebt_cleanup_entry, NULL);
1061
1062         vfree(table->entries);
1063         if (table->chainstack) {
1064                 for_each_possible_cpu(i)
1065                         vfree(table->chainstack[i]);
1066                 vfree(table->chainstack);
1067         }
1068         vfree(table);
1069
1070         vfree(counterstmp);
1071         return ret;
1072
1073 free_unlock:
1074         mutex_unlock(&ebt_mutex);
1075 free_iterate:
1076         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1077            ebt_cleanup_entry, NULL);
1078 free_counterstmp:
1079         vfree(counterstmp);
1080         /* can be initialized in translate_table() */
1081         if (newinfo->chainstack) {
1082                 for_each_possible_cpu(i)
1083                         vfree(newinfo->chainstack[i]);
1084                 vfree(newinfo->chainstack);
1085         }
1086 free_entries:
1087         vfree(newinfo->entries);
1088 free_newinfo:
1089         vfree(newinfo);
1090         return ret;
1091 }
1092
1093 int ebt_register_table(struct ebt_table *table)
1094 {
1095         struct ebt_table_info *newinfo;
1096         struct ebt_table *t;
1097         struct ebt_replace_kernel *repl;
1098         int ret, i, countersize;
1099         void *p;
1100
1101         if (!table || !(repl = table->table) || !repl->entries ||
1102             repl->entries_size == 0 ||
1103             repl->counters || table->private) {
1104                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1105                 return -EINVAL;
1106         }
1107
1108         countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1109         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1110         ret = -ENOMEM;
1111         if (!newinfo)
1112                 return -ENOMEM;
1113
1114         p = vmalloc(repl->entries_size);
1115         if (!p)
1116                 goto free_newinfo;
1117
1118         memcpy(p, repl->entries, repl->entries_size);
1119         newinfo->entries = p;
1120
1121         newinfo->entries_size = repl->entries_size;
1122         newinfo->nentries = repl->nentries;
1123
1124         if (countersize)
1125                 memset(newinfo->counters, 0, countersize);
1126
1127         /* fill in newinfo and parse the entries */
1128         newinfo->chainstack = NULL;
1129         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1130                 if ((repl->valid_hooks & (1 << i)) == 0)
1131                         newinfo->hook_entry[i] = NULL;
1132                 else
1133                         newinfo->hook_entry[i] = p +
1134                                 ((char *)repl->hook_entry[i] - repl->entries);
1135         }
1136         ret = translate_table(repl->name, newinfo);
1137         if (ret != 0) {
1138                 BUGPRINT("Translate_table failed\n");
1139                 goto free_chainstack;
1140         }
1141
1142         if (table->check && table->check(newinfo, table->valid_hooks)) {
1143                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1144                 return -EINVAL;
1145         }
1146
1147         table->private = newinfo;
1148         rwlock_init(&table->lock);
1149         ret = mutex_lock_interruptible(&ebt_mutex);
1150         if (ret != 0)
1151                 goto free_chainstack;
1152
1153         list_for_each_entry(t, &ebt_tables, list) {
1154                 if (strcmp(t->name, table->name) == 0) {
1155                         ret = -EEXIST;
1156                         BUGPRINT("Table name already exists\n");
1157                         goto free_unlock;
1158                 }
1159         }
1160
1161         /* Hold a reference count if the chains aren't empty */
1162         if (newinfo->nentries && !try_module_get(table->me)) {
1163                 ret = -ENOENT;
1164                 goto free_unlock;
1165         }
1166         list_add(&table->list, &ebt_tables);
1167         mutex_unlock(&ebt_mutex);
1168         return 0;
1169 free_unlock:
1170         mutex_unlock(&ebt_mutex);
1171 free_chainstack:
1172         if (newinfo->chainstack) {
1173                 for_each_possible_cpu(i)
1174                         vfree(newinfo->chainstack[i]);
1175                 vfree(newinfo->chainstack);
1176         }
1177         vfree(newinfo->entries);
1178 free_newinfo:
1179         vfree(newinfo);
1180         return ret;
1181 }
1182
1183 void ebt_unregister_table(struct ebt_table *table)
1184 {
1185         int i;
1186
1187         if (!table) {
1188                 BUGPRINT("Request to unregister NULL table!!!\n");
1189                 return;
1190         }
1191         mutex_lock(&ebt_mutex);
1192         list_del(&table->list);
1193         mutex_unlock(&ebt_mutex);
1194         vfree(table->private->entries);
1195         if (table->private->chainstack) {
1196                 for_each_possible_cpu(i)
1197                         vfree(table->private->chainstack[i]);
1198                 vfree(table->private->chainstack);
1199         }
1200         vfree(table->private);
1201 }
1202
1203 /* userspace just supplied us with counters */
1204 static int update_counters(void __user *user, unsigned int len)
1205 {
1206         int i, ret;
1207         struct ebt_counter *tmp;
1208         struct ebt_replace hlp;
1209         struct ebt_table *t;
1210
1211         if (copy_from_user(&hlp, user, sizeof(hlp)))
1212                 return -EFAULT;
1213
1214         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1215                 return -EINVAL;
1216         if (hlp.num_counters == 0)
1217                 return -EINVAL;
1218
1219         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1220                 MEMPRINT("Update_counters && nomemory\n");
1221                 return -ENOMEM;
1222         }
1223
1224         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1225         if (!t)
1226                 goto free_tmp;
1227
1228         if (hlp.num_counters != t->private->nentries) {
1229                 BUGPRINT("Wrong nr of counters\n");
1230                 ret = -EINVAL;
1231                 goto unlock_mutex;
1232         }
1233
1234         if ( copy_from_user(tmp, hlp.counters,
1235            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1236                 BUGPRINT("Updata_counters && !cfu\n");
1237                 ret = -EFAULT;
1238                 goto unlock_mutex;
1239         }
1240
1241         /* we want an atomic add of the counters */
1242         write_lock_bh(&t->lock);
1243
1244         /* we add to the counters of the first cpu */
1245         for (i = 0; i < hlp.num_counters; i++) {
1246                 t->private->counters[i].pcnt += tmp[i].pcnt;
1247                 t->private->counters[i].bcnt += tmp[i].bcnt;
1248         }
1249
1250         write_unlock_bh(&t->lock);
1251         ret = 0;
1252 unlock_mutex:
1253         mutex_unlock(&ebt_mutex);
1254 free_tmp:
1255         vfree(tmp);
1256         return ret;
1257 }
1258
1259 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1260    char *base, char __user *ubase)
1261 {
1262         char __user *hlp = ubase + ((char *)m - base);
1263         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1264                 return -EFAULT;
1265         return 0;
1266 }
1267
1268 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1269    char *base, char __user *ubase)
1270 {
1271         char __user *hlp = ubase + ((char *)w - base);
1272         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1273                 return -EFAULT;
1274         return 0;
1275 }
1276
1277 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1278 {
1279         int ret;
1280         char __user *hlp;
1281         struct ebt_entry_target *t;
1282
1283         if (e->bitmask == 0)
1284                 return 0;
1285
1286         hlp = ubase + (((char *)e + e->target_offset) - base);
1287         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1288
1289         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1290         if (ret != 0)
1291                 return ret;
1292         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1293         if (ret != 0)
1294                 return ret;
1295         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1296                 return -EFAULT;
1297         return 0;
1298 }
1299
1300 /* called with ebt_mutex locked */
1301 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1302    int *len, int cmd)
1303 {
1304         struct ebt_replace tmp;
1305         struct ebt_counter *counterstmp, *oldcounters;
1306         unsigned int entries_size, nentries;
1307         char *entries;
1308
1309         if (cmd == EBT_SO_GET_ENTRIES) {
1310                 entries_size = t->private->entries_size;
1311                 nentries = t->private->nentries;
1312                 entries = t->private->entries;
1313                 oldcounters = t->private->counters;
1314         } else {
1315                 entries_size = t->table->entries_size;
1316                 nentries = t->table->nentries;
1317                 entries = t->table->entries;
1318                 oldcounters = t->table->counters;
1319         }
1320
1321         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1322                 BUGPRINT("Cfu didn't work\n");
1323                 return -EFAULT;
1324         }
1325
1326         if (*len != sizeof(struct ebt_replace) + entries_size +
1327            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1328                 BUGPRINT("Wrong size\n");
1329                 return -EINVAL;
1330         }
1331
1332         if (tmp.nentries != nentries) {
1333                 BUGPRINT("Nentries wrong\n");
1334                 return -EINVAL;
1335         }
1336
1337         if (tmp.entries_size != entries_size) {
1338                 BUGPRINT("Wrong size\n");
1339                 return -EINVAL;
1340         }
1341
1342         /* userspace might not need the counters */
1343         if (tmp.num_counters) {
1344                 if (tmp.num_counters != nentries) {
1345                         BUGPRINT("Num_counters wrong\n");
1346                         return -EINVAL;
1347                 }
1348                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1349                 if (!counterstmp) {
1350                         MEMPRINT("Couldn't copy counters, out of memory\n");
1351                         return -ENOMEM;
1352                 }
1353                 write_lock_bh(&t->lock);
1354                 get_counters(oldcounters, counterstmp, nentries);
1355                 write_unlock_bh(&t->lock);
1356
1357                 if (copy_to_user(tmp.counters, counterstmp,
1358                    nentries * sizeof(struct ebt_counter))) {
1359                         BUGPRINT("Couldn't copy counters to userspace\n");
1360                         vfree(counterstmp);
1361                         return -EFAULT;
1362                 }
1363                 vfree(counterstmp);
1364         }
1365
1366         if (copy_to_user(tmp.entries, entries, entries_size)) {
1367                 BUGPRINT("Couldn't copy entries to userspace\n");
1368                 return -EFAULT;
1369         }
1370         /* set the match/watcher/target names right */
1371         return EBT_ENTRY_ITERATE(entries, entries_size,
1372            ebt_make_names, entries, tmp.entries);
1373 }
1374
1375 static int do_ebt_set_ctl(struct sock *sk,
1376         int cmd, void __user *user, unsigned int len)
1377 {
1378         int ret;
1379
1380         switch(cmd) {
1381         case EBT_SO_SET_ENTRIES:
1382                 ret = do_replace(user, len);
1383                 break;
1384         case EBT_SO_SET_COUNTERS:
1385                 ret = update_counters(user, len);
1386                 break;
1387         default:
1388                 ret = -EINVAL;
1389   }
1390         return ret;
1391 }
1392
1393 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1394 {
1395         int ret;
1396         struct ebt_replace tmp;
1397         struct ebt_table *t;
1398
1399         if (copy_from_user(&tmp, user, sizeof(tmp)))
1400                 return -EFAULT;
1401
1402         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1403         if (!t)
1404                 return ret;
1405
1406         switch(cmd) {
1407         case EBT_SO_GET_INFO:
1408         case EBT_SO_GET_INIT_INFO:
1409                 if (*len != sizeof(struct ebt_replace)){
1410                         ret = -EINVAL;
1411                         mutex_unlock(&ebt_mutex);
1412                         break;
1413                 }
1414                 if (cmd == EBT_SO_GET_INFO) {
1415                         tmp.nentries = t->private->nentries;
1416                         tmp.entries_size = t->private->entries_size;
1417                         tmp.valid_hooks = t->valid_hooks;
1418                 } else {
1419                         tmp.nentries = t->table->nentries;
1420                         tmp.entries_size = t->table->entries_size;
1421                         tmp.valid_hooks = t->table->valid_hooks;
1422                 }
1423                 mutex_unlock(&ebt_mutex);
1424                 if (copy_to_user(user, &tmp, *len) != 0){
1425                         BUGPRINT("c2u Didn't work\n");
1426                         ret = -EFAULT;
1427                         break;
1428                 }
1429                 ret = 0;
1430                 break;
1431
1432         case EBT_SO_GET_ENTRIES:
1433         case EBT_SO_GET_INIT_ENTRIES:
1434                 ret = copy_everything_to_user(t, user, len, cmd);
1435                 mutex_unlock(&ebt_mutex);
1436                 break;
1437
1438         default:
1439                 mutex_unlock(&ebt_mutex);
1440                 ret = -EINVAL;
1441         }
1442
1443         return ret;
1444 }
1445
1446 static struct nf_sockopt_ops ebt_sockopts =
1447 {
1448         .pf             = PF_INET,
1449         .set_optmin     = EBT_BASE_CTL,
1450         .set_optmax     = EBT_SO_SET_MAX + 1,
1451         .set            = do_ebt_set_ctl,
1452         .get_optmin     = EBT_BASE_CTL,
1453         .get_optmax     = EBT_SO_GET_MAX + 1,
1454         .get            = do_ebt_get_ctl,
1455         .owner          = THIS_MODULE,
1456 };
1457
1458 static int __init ebtables_init(void)
1459 {
1460         int ret;
1461
1462         ret = xt_register_target(&ebt_standard_target);
1463         if (ret < 0)
1464                 return ret;
1465         ret = nf_register_sockopt(&ebt_sockopts);
1466         if (ret < 0) {
1467                 xt_unregister_target(&ebt_standard_target);
1468                 return ret;
1469         }
1470
1471         printk(KERN_INFO "Ebtables v2.0 registered\n");
1472         return 0;
1473 }
1474
1475 static void __exit ebtables_fini(void)
1476 {
1477         nf_unregister_sockopt(&ebt_sockopts);
1478         xt_unregister_target(&ebt_standard_target);
1479         printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1480 }
1481
1482 EXPORT_SYMBOL(ebt_register_table);
1483 EXPORT_SYMBOL(ebt_unregister_table);
1484 EXPORT_SYMBOL(ebt_do_table);
1485 module_init(ebtables_init);
1486 module_exit(ebtables_fini);
1487 MODULE_LICENSE("GPL");