netfilter: xtables: add struct xt_mtchk_param::net
[safe/jmp/linux-2.6] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34                                          "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37                                          ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43  * Each cpu has its own set of counters, so there is no need for write_lock in
44  * the softirq
45  * For reading or updating the counters, the user context needs to
46  * get a write_lock
47  */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53    COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58
59 static struct xt_target ebt_standard_target = {
60         .name       = "standard",
61         .revision   = 0,
62         .family     = NFPROTO_BRIDGE,
63         .targetsize = sizeof(int),
64 };
65
66 static inline int
67 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68                struct xt_target_param *par)
69 {
70         par->target   = w->u.watcher;
71         par->targinfo = w->data;
72         w->u.watcher->target(skb, par);
73         /* watchers don't give a verdict */
74         return 0;
75 }
76
77 static inline int ebt_do_match (struct ebt_entry_match *m,
78    const struct sk_buff *skb, struct xt_match_param *par)
79 {
80         par->match     = m->u.match;
81         par->matchinfo = m->data;
82         return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
83 }
84
85 static inline int ebt_dev_check(char *entry, const struct net_device *device)
86 {
87         int i = 0;
88         const char *devname;
89
90         if (*entry == '\0')
91                 return 0;
92         if (!device)
93                 return 1;
94         devname = device->name;
95         /* 1 is the wildcard token */
96         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97                 i++;
98         return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104    const struct net_device *in, const struct net_device *out)
105 {
106         int verdict, i;
107
108         if (e->bitmask & EBT_802_3) {
109                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110                         return 1;
111         } else if (!(e->bitmask & EBT_NOPROTO) &&
112            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113                 return 1;
114
115         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116                 return 1;
117         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118                 return 1;
119         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121                 return 1;
122         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124                 return 1;
125
126         if (e->bitmask & EBT_SOURCEMAC) {
127                 verdict = 0;
128                 for (i = 0; i < 6; i++)
129                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130                            e->sourcemsk[i];
131                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132                         return 1;
133         }
134         if (e->bitmask & EBT_DESTMAC) {
135                 verdict = 0;
136                 for (i = 0; i < 6; i++)
137                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138                            e->destmsk[i];
139                 if (FWINV2(verdict != 0, EBT_IDEST) )
140                         return 1;
141         }
142         return 0;
143 }
144
145 static inline __pure
146 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
147 {
148         return (void *)entry + entry->next_offset;
149 }
150
151 /* Do some firewalling */
152 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
153    const struct net_device *in, const struct net_device *out,
154    struct ebt_table *table)
155 {
156         int i, nentries;
157         struct ebt_entry *point;
158         struct ebt_counter *counter_base, *cb_base;
159         struct ebt_entry_target *t;
160         int verdict, sp = 0;
161         struct ebt_chainstack *cs;
162         struct ebt_entries *chaininfo;
163         char *base;
164         struct ebt_table_info *private;
165         bool hotdrop = false;
166         struct xt_match_param mtpar;
167         struct xt_target_param tgpar;
168
169         mtpar.family  = tgpar.family = NFPROTO_BRIDGE;
170         mtpar.in      = tgpar.in  = in;
171         mtpar.out     = tgpar.out = out;
172         mtpar.hotdrop = &hotdrop;
173         mtpar.hooknum = tgpar.hooknum = hook;
174
175         read_lock_bh(&table->lock);
176         private = table->private;
177         cb_base = COUNTER_BASE(private->counters, private->nentries,
178            smp_processor_id());
179         if (private->chainstack)
180                 cs = private->chainstack[smp_processor_id()];
181         else
182                 cs = NULL;
183         chaininfo = private->hook_entry[hook];
184         nentries = private->hook_entry[hook]->nentries;
185         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
186         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
187         /* base for chain jumps */
188         base = private->entries;
189         i = 0;
190         while (i < nentries) {
191                 if (ebt_basic_match(point, eth_hdr(skb), in, out))
192                         goto letscontinue;
193
194                 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
195                         goto letscontinue;
196                 if (hotdrop) {
197                         read_unlock_bh(&table->lock);
198                         return NF_DROP;
199                 }
200
201                 /* increase counter */
202                 (*(counter_base + i)).pcnt++;
203                 (*(counter_base + i)).bcnt += skb->len;
204
205                 /* these should only watch: not modify, nor tell us
206                    what to do with the packet */
207                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
208
209                 t = (struct ebt_entry_target *)
210                    (((char *)point) + point->target_offset);
211                 /* standard target */
212                 if (!t->u.target->target)
213                         verdict = ((struct ebt_standard_target *)t)->verdict;
214                 else {
215                         tgpar.target   = t->u.target;
216                         tgpar.targinfo = t->data;
217                         verdict = t->u.target->target(skb, &tgpar);
218                 }
219                 if (verdict == EBT_ACCEPT) {
220                         read_unlock_bh(&table->lock);
221                         return NF_ACCEPT;
222                 }
223                 if (verdict == EBT_DROP) {
224                         read_unlock_bh(&table->lock);
225                         return NF_DROP;
226                 }
227                 if (verdict == EBT_RETURN) {
228 letsreturn:
229 #ifdef CONFIG_NETFILTER_DEBUG
230                         if (sp == 0) {
231                                 BUGPRINT("RETURN on base chain");
232                                 /* act like this is EBT_CONTINUE */
233                                 goto letscontinue;
234                         }
235 #endif
236                         sp--;
237                         /* put all the local variables right */
238                         i = cs[sp].n;
239                         chaininfo = cs[sp].chaininfo;
240                         nentries = chaininfo->nentries;
241                         point = cs[sp].e;
242                         counter_base = cb_base +
243                            chaininfo->counter_offset;
244                         continue;
245                 }
246                 if (verdict == EBT_CONTINUE)
247                         goto letscontinue;
248 #ifdef CONFIG_NETFILTER_DEBUG
249                 if (verdict < 0) {
250                         BUGPRINT("bogus standard verdict\n");
251                         read_unlock_bh(&table->lock);
252                         return NF_DROP;
253                 }
254 #endif
255                 /* jump to a udc */
256                 cs[sp].n = i + 1;
257                 cs[sp].chaininfo = chaininfo;
258                 cs[sp].e = ebt_next_entry(point);
259                 i = 0;
260                 chaininfo = (struct ebt_entries *) (base + verdict);
261 #ifdef CONFIG_NETFILTER_DEBUG
262                 if (chaininfo->distinguisher) {
263                         BUGPRINT("jump to non-chain\n");
264                         read_unlock_bh(&table->lock);
265                         return NF_DROP;
266                 }
267 #endif
268                 nentries = chaininfo->nentries;
269                 point = (struct ebt_entry *)chaininfo->data;
270                 counter_base = cb_base + chaininfo->counter_offset;
271                 sp++;
272                 continue;
273 letscontinue:
274                 point = ebt_next_entry(point);
275                 i++;
276         }
277
278         /* I actually like this :) */
279         if (chaininfo->policy == EBT_RETURN)
280                 goto letsreturn;
281         if (chaininfo->policy == EBT_ACCEPT) {
282                 read_unlock_bh(&table->lock);
283                 return NF_ACCEPT;
284         }
285         read_unlock_bh(&table->lock);
286         return NF_DROP;
287 }
288
289 /* If it succeeds, returns element and locks mutex */
290 static inline void *
291 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
292    struct mutex *mutex)
293 {
294         struct {
295                 struct list_head list;
296                 char name[EBT_FUNCTION_MAXNAMELEN];
297         } *e;
298
299         *error = mutex_lock_interruptible(mutex);
300         if (*error != 0)
301                 return NULL;
302
303         list_for_each_entry(e, head, list) {
304                 if (strcmp(e->name, name) == 0)
305                         return e;
306         }
307         *error = -ENOENT;
308         mutex_unlock(mutex);
309         return NULL;
310 }
311
312 static void *
313 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
314    int *error, struct mutex *mutex)
315 {
316         return try_then_request_module(
317                         find_inlist_lock_noload(head, name, error, mutex),
318                         "%s%s", prefix, name);
319 }
320
321 static inline struct ebt_table *
322 find_table_lock(struct net *net, const char *name, int *error,
323                 struct mutex *mutex)
324 {
325         return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
326                                 "ebtable_", error, mutex);
327 }
328
329 static inline int
330 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
331                 unsigned int *cnt)
332 {
333         const struct ebt_entry *e = par->entryinfo;
334         struct xt_match *match;
335         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
336         int ret;
337
338         if (left < sizeof(struct ebt_entry_match) ||
339             left - sizeof(struct ebt_entry_match) < m->match_size)
340                 return -EINVAL;
341
342         match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
343                 m->u.name, 0), "ebt_%s", m->u.name);
344         if (IS_ERR(match))
345                 return PTR_ERR(match);
346         if (match == NULL)
347                 return -ENOENT;
348         m->u.match = match;
349
350         par->match     = match;
351         par->matchinfo = m->data;
352         ret = xt_check_match(par, m->match_size,
353               e->ethproto, e->invflags & EBT_IPROTO);
354         if (ret < 0) {
355                 module_put(match->me);
356                 return ret;
357         }
358
359         (*cnt)++;
360         return 0;
361 }
362
363 static inline int
364 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
365                   unsigned int *cnt)
366 {
367         const struct ebt_entry *e = par->entryinfo;
368         struct xt_target *watcher;
369         size_t left = ((char *)e + e->target_offset) - (char *)w;
370         int ret;
371
372         if (left < sizeof(struct ebt_entry_watcher) ||
373            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
374                 return -EINVAL;
375
376         watcher = try_then_request_module(
377                   xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
378                   "ebt_%s", w->u.name);
379         if (IS_ERR(watcher))
380                 return PTR_ERR(watcher);
381         if (watcher == NULL)
382                 return -ENOENT;
383         w->u.watcher = watcher;
384
385         par->target   = watcher;
386         par->targinfo = w->data;
387         ret = xt_check_target(par, w->watcher_size,
388               e->ethproto, e->invflags & EBT_IPROTO);
389         if (ret < 0) {
390                 module_put(watcher->me);
391                 return ret;
392         }
393
394         (*cnt)++;
395         return 0;
396 }
397
398 static int ebt_verify_pointers(struct ebt_replace *repl,
399                                struct ebt_table_info *newinfo)
400 {
401         unsigned int limit = repl->entries_size;
402         unsigned int valid_hooks = repl->valid_hooks;
403         unsigned int offset = 0;
404         int i;
405
406         for (i = 0; i < NF_BR_NUMHOOKS; i++)
407                 newinfo->hook_entry[i] = NULL;
408
409         newinfo->entries_size = repl->entries_size;
410         newinfo->nentries = repl->nentries;
411
412         while (offset < limit) {
413                 size_t left = limit - offset;
414                 struct ebt_entry *e = (void *)newinfo->entries + offset;
415
416                 if (left < sizeof(unsigned int))
417                         break;
418
419                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
420                         if ((valid_hooks & (1 << i)) == 0)
421                                 continue;
422                         if ((char __user *)repl->hook_entry[i] ==
423                              repl->entries + offset)
424                                 break;
425                 }
426
427                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
428                         if (e->bitmask != 0) {
429                                 /* we make userspace set this right,
430                                    so there is no misunderstanding */
431                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
432                                          "in distinguisher\n");
433                                 return -EINVAL;
434                         }
435                         if (i != NF_BR_NUMHOOKS)
436                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
437                         if (left < sizeof(struct ebt_entries))
438                                 break;
439                         offset += sizeof(struct ebt_entries);
440                 } else {
441                         if (left < sizeof(struct ebt_entry))
442                                 break;
443                         if (left < e->next_offset)
444                                 break;
445                         offset += e->next_offset;
446                 }
447         }
448         if (offset != limit) {
449                 BUGPRINT("entries_size too small\n");
450                 return -EINVAL;
451         }
452
453         /* check if all valid hooks have a chain */
454         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
455                 if (!newinfo->hook_entry[i] &&
456                    (valid_hooks & (1 << i))) {
457                         BUGPRINT("Valid hook without chain\n");
458                         return -EINVAL;
459                 }
460         }
461         return 0;
462 }
463
464 /*
465  * this one is very careful, as it is the first function
466  * to parse the userspace data
467  */
468 static inline int
469 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
470    struct ebt_table_info *newinfo,
471    unsigned int *n, unsigned int *cnt,
472    unsigned int *totalcnt, unsigned int *udc_cnt)
473 {
474         int i;
475
476         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
477                 if ((void *)e == (void *)newinfo->hook_entry[i])
478                         break;
479         }
480         /* beginning of a new chain
481            if i == NF_BR_NUMHOOKS it must be a user defined chain */
482         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
483                 /* this checks if the previous chain has as many entries
484                    as it said it has */
485                 if (*n != *cnt) {
486                         BUGPRINT("nentries does not equal the nr of entries "
487                                  "in the chain\n");
488                         return -EINVAL;
489                 }
490                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492                         /* only RETURN from udc */
493                         if (i != NF_BR_NUMHOOKS ||
494                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495                                 BUGPRINT("bad policy\n");
496                                 return -EINVAL;
497                         }
498                 }
499                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500                         (*udc_cnt)++;
501                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502                         BUGPRINT("counter_offset != totalcnt");
503                         return -EINVAL;
504                 }
505                 *n = ((struct ebt_entries *)e)->nentries;
506                 *cnt = 0;
507                 return 0;
508         }
509         /* a plain old entry, heh */
510         if (sizeof(struct ebt_entry) > e->watchers_offset ||
511            e->watchers_offset > e->target_offset ||
512            e->target_offset >= e->next_offset) {
513                 BUGPRINT("entry offsets not in right order\n");
514                 return -EINVAL;
515         }
516         /* this is not checked anywhere else */
517         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518                 BUGPRINT("target size too small\n");
519                 return -EINVAL;
520         }
521         (*cnt)++;
522         (*totalcnt)++;
523         return 0;
524 }
525
526 struct ebt_cl_stack
527 {
528         struct ebt_chainstack cs;
529         int from;
530         unsigned int hookmask;
531 };
532
533 /*
534  * we need these positions to check that the jumps to a different part of the
535  * entries is a jump to the beginning of a new chain.
536  */
537 static inline int
538 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
539    unsigned int *n, struct ebt_cl_stack *udc)
540 {
541         int i;
542
543         /* we're only interested in chain starts */
544         if (e->bitmask)
545                 return 0;
546         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
547                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
548                         break;
549         }
550         /* only care about udc */
551         if (i != NF_BR_NUMHOOKS)
552                 return 0;
553
554         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
555         /* these initialisations are depended on later in check_chainloops() */
556         udc[*n].cs.n = 0;
557         udc[*n].hookmask = 0;
558
559         (*n)++;
560         return 0;
561 }
562
563 static inline int
564 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
565 {
566         struct xt_mtdtor_param par;
567
568         if (i && (*i)-- == 0)
569                 return 1;
570
571         par.match     = m->u.match;
572         par.matchinfo = m->data;
573         par.family    = NFPROTO_BRIDGE;
574         if (par.match->destroy != NULL)
575                 par.match->destroy(&par);
576         module_put(par.match->me);
577         return 0;
578 }
579
580 static inline int
581 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
582 {
583         struct xt_tgdtor_param par;
584
585         if (i && (*i)-- == 0)
586                 return 1;
587
588         par.target   = w->u.watcher;
589         par.targinfo = w->data;
590         par.family   = NFPROTO_BRIDGE;
591         if (par.target->destroy != NULL)
592                 par.target->destroy(&par);
593         module_put(par.target->me);
594         return 0;
595 }
596
597 static inline int
598 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
599 {
600         struct xt_tgdtor_param par;
601         struct ebt_entry_target *t;
602
603         if (e->bitmask == 0)
604                 return 0;
605         /* we're done */
606         if (cnt && (*cnt)-- == 0)
607                 return 1;
608         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
609         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
610         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
611
612         par.target   = t->u.target;
613         par.targinfo = t->data;
614         par.family   = NFPROTO_BRIDGE;
615         if (par.target->destroy != NULL)
616                 par.target->destroy(&par);
617         module_put(par.target->me);
618         return 0;
619 }
620
621 static inline int
622 ebt_check_entry(struct ebt_entry *e,
623    struct net *net,
624    struct ebt_table_info *newinfo,
625    const char *name, unsigned int *cnt,
626    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
627 {
628         struct ebt_entry_target *t;
629         struct xt_target *target;
630         unsigned int i, j, hook = 0, hookmask = 0;
631         size_t gap;
632         int ret;
633         struct xt_mtchk_param mtpar;
634         struct xt_tgchk_param tgpar;
635
636         /* don't mess with the struct ebt_entries */
637         if (e->bitmask == 0)
638                 return 0;
639
640         if (e->bitmask & ~EBT_F_MASK) {
641                 BUGPRINT("Unknown flag for bitmask\n");
642                 return -EINVAL;
643         }
644         if (e->invflags & ~EBT_INV_MASK) {
645                 BUGPRINT("Unknown flag for inv bitmask\n");
646                 return -EINVAL;
647         }
648         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
649                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
650                 return -EINVAL;
651         }
652         /* what hook do we belong to? */
653         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
654                 if (!newinfo->hook_entry[i])
655                         continue;
656                 if ((char *)newinfo->hook_entry[i] < (char *)e)
657                         hook = i;
658                 else
659                         break;
660         }
661         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
662            a base chain */
663         if (i < NF_BR_NUMHOOKS)
664                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
665         else {
666                 for (i = 0; i < udc_cnt; i++)
667                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
668                                 break;
669                 if (i == 0)
670                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
671                 else
672                         hookmask = cl_s[i - 1].hookmask;
673         }
674         i = 0;
675
676         mtpar.net       = net;
677         mtpar.table     = tgpar.table     = name;
678         mtpar.entryinfo = tgpar.entryinfo = e;
679         mtpar.hook_mask = tgpar.hook_mask = hookmask;
680         mtpar.family    = tgpar.family    = NFPROTO_BRIDGE;
681         ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
682         if (ret != 0)
683                 goto cleanup_matches;
684         j = 0;
685         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
686         if (ret != 0)
687                 goto cleanup_watchers;
688         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
689         gap = e->next_offset - e->target_offset;
690
691         target = try_then_request_module(
692                  xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
693                  "ebt_%s", t->u.name);
694         if (IS_ERR(target)) {
695                 ret = PTR_ERR(target);
696                 goto cleanup_watchers;
697         } else if (target == NULL) {
698                 ret = -ENOENT;
699                 goto cleanup_watchers;
700         }
701
702         t->u.target = target;
703         if (t->u.target == &ebt_standard_target) {
704                 if (gap < sizeof(struct ebt_standard_target)) {
705                         BUGPRINT("Standard target size too big\n");
706                         ret = -EFAULT;
707                         goto cleanup_watchers;
708                 }
709                 if (((struct ebt_standard_target *)t)->verdict <
710                    -NUM_STANDARD_TARGETS) {
711                         BUGPRINT("Invalid standard target\n");
712                         ret = -EFAULT;
713                         goto cleanup_watchers;
714                 }
715         } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
716                 module_put(t->u.target->me);
717                 ret = -EFAULT;
718                 goto cleanup_watchers;
719         }
720
721         tgpar.target   = target;
722         tgpar.targinfo = t->data;
723         ret = xt_check_target(&tgpar, t->target_size,
724               e->ethproto, e->invflags & EBT_IPROTO);
725         if (ret < 0) {
726                 module_put(target->me);
727                 goto cleanup_watchers;
728         }
729         (*cnt)++;
730         return 0;
731 cleanup_watchers:
732         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
733 cleanup_matches:
734         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
735         return ret;
736 }
737
738 /*
739  * checks for loops and sets the hook mask for udc
740  * the hook mask for udc tells us from which base chains the udc can be
741  * accessed. This mask is a parameter to the check() functions of the extensions
742  */
743 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
744    unsigned int udc_cnt, unsigned int hooknr, char *base)
745 {
746         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
747         struct ebt_entry *e = (struct ebt_entry *)chain->data;
748         struct ebt_entry_target *t;
749
750         while (pos < nentries || chain_nr != -1) {
751                 /* end of udc, go back one 'recursion' step */
752                 if (pos == nentries) {
753                         /* put back values of the time when this chain was called */
754                         e = cl_s[chain_nr].cs.e;
755                         if (cl_s[chain_nr].from != -1)
756                                 nentries =
757                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
758                         else
759                                 nentries = chain->nentries;
760                         pos = cl_s[chain_nr].cs.n;
761                         /* make sure we won't see a loop that isn't one */
762                         cl_s[chain_nr].cs.n = 0;
763                         chain_nr = cl_s[chain_nr].from;
764                         if (pos == nentries)
765                                 continue;
766                 }
767                 t = (struct ebt_entry_target *)
768                    (((char *)e) + e->target_offset);
769                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
770                         goto letscontinue;
771                 if (e->target_offset + sizeof(struct ebt_standard_target) >
772                    e->next_offset) {
773                         BUGPRINT("Standard target size too big\n");
774                         return -1;
775                 }
776                 verdict = ((struct ebt_standard_target *)t)->verdict;
777                 if (verdict >= 0) { /* jump to another chain */
778                         struct ebt_entries *hlp2 =
779                            (struct ebt_entries *)(base + verdict);
780                         for (i = 0; i < udc_cnt; i++)
781                                 if (hlp2 == cl_s[i].cs.chaininfo)
782                                         break;
783                         /* bad destination or loop */
784                         if (i == udc_cnt) {
785                                 BUGPRINT("bad destination\n");
786                                 return -1;
787                         }
788                         if (cl_s[i].cs.n) {
789                                 BUGPRINT("loop\n");
790                                 return -1;
791                         }
792                         if (cl_s[i].hookmask & (1 << hooknr))
793                                 goto letscontinue;
794                         /* this can't be 0, so the loop test is correct */
795                         cl_s[i].cs.n = pos + 1;
796                         pos = 0;
797                         cl_s[i].cs.e = ebt_next_entry(e);
798                         e = (struct ebt_entry *)(hlp2->data);
799                         nentries = hlp2->nentries;
800                         cl_s[i].from = chain_nr;
801                         chain_nr = i;
802                         /* this udc is accessible from the base chain for hooknr */
803                         cl_s[i].hookmask |= (1 << hooknr);
804                         continue;
805                 }
806 letscontinue:
807                 e = ebt_next_entry(e);
808                 pos++;
809         }
810         return 0;
811 }
812
813 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
814 static int translate_table(struct net *net, char *name,
815                            struct ebt_table_info *newinfo)
816 {
817         unsigned int i, j, k, udc_cnt;
818         int ret;
819         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
820
821         i = 0;
822         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
823                 i++;
824         if (i == NF_BR_NUMHOOKS) {
825                 BUGPRINT("No valid hooks specified\n");
826                 return -EINVAL;
827         }
828         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
829                 BUGPRINT("Chains don't start at beginning\n");
830                 return -EINVAL;
831         }
832         /* make sure chains are ordered after each other in same order
833            as their corresponding hooks */
834         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
835                 if (!newinfo->hook_entry[j])
836                         continue;
837                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
838                         BUGPRINT("Hook order must be followed\n");
839                         return -EINVAL;
840                 }
841                 i = j;
842         }
843
844         /* do some early checkings and initialize some things */
845         i = 0; /* holds the expected nr. of entries for the chain */
846         j = 0; /* holds the up to now counted entries for the chain */
847         k = 0; /* holds the total nr. of entries, should equal
848                   newinfo->nentries afterwards */
849         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
850         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
851            ebt_check_entry_size_and_hooks, newinfo,
852            &i, &j, &k, &udc_cnt);
853
854         if (ret != 0)
855                 return ret;
856
857         if (i != j) {
858                 BUGPRINT("nentries does not equal the nr of entries in the "
859                          "(last) chain\n");
860                 return -EINVAL;
861         }
862         if (k != newinfo->nentries) {
863                 BUGPRINT("Total nentries is wrong\n");
864                 return -EINVAL;
865         }
866
867         /* get the location of the udc, put them in an array
868            while we're at it, allocate the chainstack */
869         if (udc_cnt) {
870                 /* this will get free'd in do_replace()/ebt_register_table()
871                    if an error occurs */
872                 newinfo->chainstack =
873                         vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
874                 if (!newinfo->chainstack)
875                         return -ENOMEM;
876                 for_each_possible_cpu(i) {
877                         newinfo->chainstack[i] =
878                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
879                         if (!newinfo->chainstack[i]) {
880                                 while (i)
881                                         vfree(newinfo->chainstack[--i]);
882                                 vfree(newinfo->chainstack);
883                                 newinfo->chainstack = NULL;
884                                 return -ENOMEM;
885                         }
886                 }
887
888                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
889                 if (!cl_s)
890                         return -ENOMEM;
891                 i = 0; /* the i'th udc */
892                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
893                    ebt_get_udc_positions, newinfo, &i, cl_s);
894                 /* sanity check */
895                 if (i != udc_cnt) {
896                         BUGPRINT("i != udc_cnt\n");
897                         vfree(cl_s);
898                         return -EFAULT;
899                 }
900         }
901
902         /* Check for loops */
903         for (i = 0; i < NF_BR_NUMHOOKS; i++)
904                 if (newinfo->hook_entry[i])
905                         if (check_chainloops(newinfo->hook_entry[i],
906                            cl_s, udc_cnt, i, newinfo->entries)) {
907                                 vfree(cl_s);
908                                 return -EINVAL;
909                         }
910
911         /* we now know the following (along with E=mc²):
912            - the nr of entries in each chain is right
913            - the size of the allocated space is right
914            - all valid hooks have a corresponding chain
915            - there are no loops
916            - wrong data can still be on the level of a single entry
917            - could be there are jumps to places that are not the
918              beginning of a chain. This can only occur in chains that
919              are not accessible from any base chains, so we don't care. */
920
921         /* used to know what we need to clean up if something goes wrong */
922         i = 0;
923         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
924            ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
925         if (ret != 0) {
926                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
927                    ebt_cleanup_entry, &i);
928         }
929         vfree(cl_s);
930         return ret;
931 }
932
933 /* called under write_lock */
934 static void get_counters(struct ebt_counter *oldcounters,
935    struct ebt_counter *counters, unsigned int nentries)
936 {
937         int i, cpu;
938         struct ebt_counter *counter_base;
939
940         /* counters of cpu 0 */
941         memcpy(counters, oldcounters,
942                sizeof(struct ebt_counter) * nentries);
943
944         /* add other counters to those of cpu 0 */
945         for_each_possible_cpu(cpu) {
946                 if (cpu == 0)
947                         continue;
948                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
949                 for (i = 0; i < nentries; i++) {
950                         counters[i].pcnt += counter_base[i].pcnt;
951                         counters[i].bcnt += counter_base[i].bcnt;
952                 }
953         }
954 }
955
956 /* replace the table */
957 static int do_replace(struct net *net, void __user *user, unsigned int len)
958 {
959         int ret, i, countersize;
960         struct ebt_table_info *newinfo;
961         struct ebt_replace tmp;
962         struct ebt_table *t;
963         struct ebt_counter *counterstmp = NULL;
964         /* used to be able to unlock earlier */
965         struct ebt_table_info *table;
966
967         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
968                 return -EFAULT;
969
970         if (len != sizeof(tmp) + tmp.entries_size) {
971                 BUGPRINT("Wrong len argument\n");
972                 return -EINVAL;
973         }
974
975         if (tmp.entries_size == 0) {
976                 BUGPRINT("Entries_size never zero\n");
977                 return -EINVAL;
978         }
979         /* overflow check */
980         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
981                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
982                 return -ENOMEM;
983         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
984                 return -ENOMEM;
985
986         countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
987         newinfo = vmalloc(sizeof(*newinfo) + countersize);
988         if (!newinfo)
989                 return -ENOMEM;
990
991         if (countersize)
992                 memset(newinfo->counters, 0, countersize);
993
994         newinfo->entries = vmalloc(tmp.entries_size);
995         if (!newinfo->entries) {
996                 ret = -ENOMEM;
997                 goto free_newinfo;
998         }
999         if (copy_from_user(
1000            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1001                 BUGPRINT("Couldn't copy entries from userspace\n");
1002                 ret = -EFAULT;
1003                 goto free_entries;
1004         }
1005
1006         /* the user wants counters back
1007            the check on the size is done later, when we have the lock */
1008         if (tmp.num_counters) {
1009                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1010                 if (!counterstmp) {
1011                         ret = -ENOMEM;
1012                         goto free_entries;
1013                 }
1014         }
1015         else
1016                 counterstmp = NULL;
1017
1018         /* this can get initialized by translate_table() */
1019         newinfo->chainstack = NULL;
1020         ret = ebt_verify_pointers(&tmp, newinfo);
1021         if (ret != 0)
1022                 goto free_counterstmp;
1023
1024         ret = translate_table(net, tmp.name, newinfo);
1025
1026         if (ret != 0)
1027                 goto free_counterstmp;
1028
1029         t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1030         if (!t) {
1031                 ret = -ENOENT;
1032                 goto free_iterate;
1033         }
1034
1035         /* the table doesn't like it */
1036         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1037                 goto free_unlock;
1038
1039         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1040                 BUGPRINT("Wrong nr. of counters requested\n");
1041                 ret = -EINVAL;
1042                 goto free_unlock;
1043         }
1044
1045         /* we have the mutex lock, so no danger in reading this pointer */
1046         table = t->private;
1047         /* make sure the table can only be rmmod'ed if it contains no rules */
1048         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1049                 ret = -ENOENT;
1050                 goto free_unlock;
1051         } else if (table->nentries && !newinfo->nentries)
1052                 module_put(t->me);
1053         /* we need an atomic snapshot of the counters */
1054         write_lock_bh(&t->lock);
1055         if (tmp.num_counters)
1056                 get_counters(t->private->counters, counterstmp,
1057                    t->private->nentries);
1058
1059         t->private = newinfo;
1060         write_unlock_bh(&t->lock);
1061         mutex_unlock(&ebt_mutex);
1062         /* so, a user can change the chains while having messed up her counter
1063            allocation. Only reason why this is done is because this way the lock
1064            is held only once, while this doesn't bring the kernel into a
1065            dangerous state. */
1066         if (tmp.num_counters &&
1067            copy_to_user(tmp.counters, counterstmp,
1068            tmp.num_counters * sizeof(struct ebt_counter))) {
1069                 BUGPRINT("Couldn't copy counters to userspace\n");
1070                 ret = -EFAULT;
1071         }
1072         else
1073                 ret = 0;
1074
1075         /* decrease module count and free resources */
1076         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1077            ebt_cleanup_entry, NULL);
1078
1079         vfree(table->entries);
1080         if (table->chainstack) {
1081                 for_each_possible_cpu(i)
1082                         vfree(table->chainstack[i]);
1083                 vfree(table->chainstack);
1084         }
1085         vfree(table);
1086
1087         vfree(counterstmp);
1088         return ret;
1089
1090 free_unlock:
1091         mutex_unlock(&ebt_mutex);
1092 free_iterate:
1093         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1094            ebt_cleanup_entry, NULL);
1095 free_counterstmp:
1096         vfree(counterstmp);
1097         /* can be initialized in translate_table() */
1098         if (newinfo->chainstack) {
1099                 for_each_possible_cpu(i)
1100                         vfree(newinfo->chainstack[i]);
1101                 vfree(newinfo->chainstack);
1102         }
1103 free_entries:
1104         vfree(newinfo->entries);
1105 free_newinfo:
1106         vfree(newinfo);
1107         return ret;
1108 }
1109
1110 struct ebt_table *
1111 ebt_register_table(struct net *net, const struct ebt_table *input_table)
1112 {
1113         struct ebt_table_info *newinfo;
1114         struct ebt_table *t, *table;
1115         struct ebt_replace_kernel *repl;
1116         int ret, i, countersize;
1117         void *p;
1118
1119         if (input_table == NULL || (repl = input_table->table) == NULL ||
1120             repl->entries == 0 || repl->entries_size == 0 ||
1121             repl->counters != NULL || input_table->private != NULL) {
1122                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1123                 return ERR_PTR(-EINVAL);
1124         }
1125
1126         /* Don't add one table to multiple lists. */
1127         table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1128         if (!table) {
1129                 ret = -ENOMEM;
1130                 goto out;
1131         }
1132
1133         countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1134         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1135         ret = -ENOMEM;
1136         if (!newinfo)
1137                 goto free_table;
1138
1139         p = vmalloc(repl->entries_size);
1140         if (!p)
1141                 goto free_newinfo;
1142
1143         memcpy(p, repl->entries, repl->entries_size);
1144         newinfo->entries = p;
1145
1146         newinfo->entries_size = repl->entries_size;
1147         newinfo->nentries = repl->nentries;
1148
1149         if (countersize)
1150                 memset(newinfo->counters, 0, countersize);
1151
1152         /* fill in newinfo and parse the entries */
1153         newinfo->chainstack = NULL;
1154         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1155                 if ((repl->valid_hooks & (1 << i)) == 0)
1156                         newinfo->hook_entry[i] = NULL;
1157                 else
1158                         newinfo->hook_entry[i] = p +
1159                                 ((char *)repl->hook_entry[i] - repl->entries);
1160         }
1161         ret = translate_table(net, repl->name, newinfo);
1162         if (ret != 0) {
1163                 BUGPRINT("Translate_table failed\n");
1164                 goto free_chainstack;
1165         }
1166
1167         if (table->check && table->check(newinfo, table->valid_hooks)) {
1168                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1169                 return ERR_PTR(-EINVAL);
1170         }
1171
1172         table->private = newinfo;
1173         rwlock_init(&table->lock);
1174         ret = mutex_lock_interruptible(&ebt_mutex);
1175         if (ret != 0)
1176                 goto free_chainstack;
1177
1178         list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1179                 if (strcmp(t->name, table->name) == 0) {
1180                         ret = -EEXIST;
1181                         BUGPRINT("Table name already exists\n");
1182                         goto free_unlock;
1183                 }
1184         }
1185
1186         /* Hold a reference count if the chains aren't empty */
1187         if (newinfo->nentries && !try_module_get(table->me)) {
1188                 ret = -ENOENT;
1189                 goto free_unlock;
1190         }
1191         list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1192         mutex_unlock(&ebt_mutex);
1193         return table;
1194 free_unlock:
1195         mutex_unlock(&ebt_mutex);
1196 free_chainstack:
1197         if (newinfo->chainstack) {
1198                 for_each_possible_cpu(i)
1199                         vfree(newinfo->chainstack[i]);
1200                 vfree(newinfo->chainstack);
1201         }
1202         vfree(newinfo->entries);
1203 free_newinfo:
1204         vfree(newinfo);
1205 free_table:
1206         kfree(table);
1207 out:
1208         return ERR_PTR(ret);
1209 }
1210
1211 void ebt_unregister_table(struct ebt_table *table)
1212 {
1213         int i;
1214
1215         if (!table) {
1216                 BUGPRINT("Request to unregister NULL table!!!\n");
1217                 return;
1218         }
1219         mutex_lock(&ebt_mutex);
1220         list_del(&table->list);
1221         mutex_unlock(&ebt_mutex);
1222         EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1223                           ebt_cleanup_entry, NULL);
1224         if (table->private->nentries)
1225                 module_put(table->me);
1226         vfree(table->private->entries);
1227         if (table->private->chainstack) {
1228                 for_each_possible_cpu(i)
1229                         vfree(table->private->chainstack[i]);
1230                 vfree(table->private->chainstack);
1231         }
1232         vfree(table->private);
1233         kfree(table);
1234 }
1235
1236 /* userspace just supplied us with counters */
1237 static int update_counters(struct net *net, void __user *user, unsigned int len)
1238 {
1239         int i, ret;
1240         struct ebt_counter *tmp;
1241         struct ebt_replace hlp;
1242         struct ebt_table *t;
1243
1244         if (copy_from_user(&hlp, user, sizeof(hlp)))
1245                 return -EFAULT;
1246
1247         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1248                 return -EINVAL;
1249         if (hlp.num_counters == 0)
1250                 return -EINVAL;
1251
1252         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1253                 MEMPRINT("Update_counters && nomemory\n");
1254                 return -ENOMEM;
1255         }
1256
1257         t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1258         if (!t)
1259                 goto free_tmp;
1260
1261         if (hlp.num_counters != t->private->nentries) {
1262                 BUGPRINT("Wrong nr of counters\n");
1263                 ret = -EINVAL;
1264                 goto unlock_mutex;
1265         }
1266
1267         if ( copy_from_user(tmp, hlp.counters,
1268            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1269                 BUGPRINT("Updata_counters && !cfu\n");
1270                 ret = -EFAULT;
1271                 goto unlock_mutex;
1272         }
1273
1274         /* we want an atomic add of the counters */
1275         write_lock_bh(&t->lock);
1276
1277         /* we add to the counters of the first cpu */
1278         for (i = 0; i < hlp.num_counters; i++) {
1279                 t->private->counters[i].pcnt += tmp[i].pcnt;
1280                 t->private->counters[i].bcnt += tmp[i].bcnt;
1281         }
1282
1283         write_unlock_bh(&t->lock);
1284         ret = 0;
1285 unlock_mutex:
1286         mutex_unlock(&ebt_mutex);
1287 free_tmp:
1288         vfree(tmp);
1289         return ret;
1290 }
1291
1292 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1293    char *base, char __user *ubase)
1294 {
1295         char __user *hlp = ubase + ((char *)m - base);
1296         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1297                 return -EFAULT;
1298         return 0;
1299 }
1300
1301 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1302    char *base, char __user *ubase)
1303 {
1304         char __user *hlp = ubase + ((char *)w - base);
1305         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1306                 return -EFAULT;
1307         return 0;
1308 }
1309
1310 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1311 {
1312         int ret;
1313         char __user *hlp;
1314         struct ebt_entry_target *t;
1315
1316         if (e->bitmask == 0)
1317                 return 0;
1318
1319         hlp = ubase + (((char *)e + e->target_offset) - base);
1320         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1321
1322         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1323         if (ret != 0)
1324                 return ret;
1325         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1326         if (ret != 0)
1327                 return ret;
1328         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1329                 return -EFAULT;
1330         return 0;
1331 }
1332
1333 /* called with ebt_mutex locked */
1334 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1335    int *len, int cmd)
1336 {
1337         struct ebt_replace tmp;
1338         struct ebt_counter *counterstmp, *oldcounters;
1339         unsigned int entries_size, nentries;
1340         char *entries;
1341
1342         if (cmd == EBT_SO_GET_ENTRIES) {
1343                 entries_size = t->private->entries_size;
1344                 nentries = t->private->nentries;
1345                 entries = t->private->entries;
1346                 oldcounters = t->private->counters;
1347         } else {
1348                 entries_size = t->table->entries_size;
1349                 nentries = t->table->nentries;
1350                 entries = t->table->entries;
1351                 oldcounters = t->table->counters;
1352         }
1353
1354         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1355                 BUGPRINT("Cfu didn't work\n");
1356                 return -EFAULT;
1357         }
1358
1359         if (*len != sizeof(struct ebt_replace) + entries_size +
1360            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1361                 BUGPRINT("Wrong size\n");
1362                 return -EINVAL;
1363         }
1364
1365         if (tmp.nentries != nentries) {
1366                 BUGPRINT("Nentries wrong\n");
1367                 return -EINVAL;
1368         }
1369
1370         if (tmp.entries_size != entries_size) {
1371                 BUGPRINT("Wrong size\n");
1372                 return -EINVAL;
1373         }
1374
1375         /* userspace might not need the counters */
1376         if (tmp.num_counters) {
1377                 if (tmp.num_counters != nentries) {
1378                         BUGPRINT("Num_counters wrong\n");
1379                         return -EINVAL;
1380                 }
1381                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1382                 if (!counterstmp) {
1383                         MEMPRINT("Couldn't copy counters, out of memory\n");
1384                         return -ENOMEM;
1385                 }
1386                 write_lock_bh(&t->lock);
1387                 get_counters(oldcounters, counterstmp, nentries);
1388                 write_unlock_bh(&t->lock);
1389
1390                 if (copy_to_user(tmp.counters, counterstmp,
1391                    nentries * sizeof(struct ebt_counter))) {
1392                         BUGPRINT("Couldn't copy counters to userspace\n");
1393                         vfree(counterstmp);
1394                         return -EFAULT;
1395                 }
1396                 vfree(counterstmp);
1397         }
1398
1399         if (copy_to_user(tmp.entries, entries, entries_size)) {
1400                 BUGPRINT("Couldn't copy entries to userspace\n");
1401                 return -EFAULT;
1402         }
1403         /* set the match/watcher/target names right */
1404         return EBT_ENTRY_ITERATE(entries, entries_size,
1405            ebt_make_names, entries, tmp.entries);
1406 }
1407
1408 static int do_ebt_set_ctl(struct sock *sk,
1409         int cmd, void __user *user, unsigned int len)
1410 {
1411         int ret;
1412
1413         switch(cmd) {
1414         case EBT_SO_SET_ENTRIES:
1415                 ret = do_replace(sock_net(sk), user, len);
1416                 break;
1417         case EBT_SO_SET_COUNTERS:
1418                 ret = update_counters(sock_net(sk), user, len);
1419                 break;
1420         default:
1421                 ret = -EINVAL;
1422   }
1423         return ret;
1424 }
1425
1426 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1427 {
1428         int ret;
1429         struct ebt_replace tmp;
1430         struct ebt_table *t;
1431
1432         if (copy_from_user(&tmp, user, sizeof(tmp)))
1433                 return -EFAULT;
1434
1435         t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1436         if (!t)
1437                 return ret;
1438
1439         switch(cmd) {
1440         case EBT_SO_GET_INFO:
1441         case EBT_SO_GET_INIT_INFO:
1442                 if (*len != sizeof(struct ebt_replace)){
1443                         ret = -EINVAL;
1444                         mutex_unlock(&ebt_mutex);
1445                         break;
1446                 }
1447                 if (cmd == EBT_SO_GET_INFO) {
1448                         tmp.nentries = t->private->nentries;
1449                         tmp.entries_size = t->private->entries_size;
1450                         tmp.valid_hooks = t->valid_hooks;
1451                 } else {
1452                         tmp.nentries = t->table->nentries;
1453                         tmp.entries_size = t->table->entries_size;
1454                         tmp.valid_hooks = t->table->valid_hooks;
1455                 }
1456                 mutex_unlock(&ebt_mutex);
1457                 if (copy_to_user(user, &tmp, *len) != 0){
1458                         BUGPRINT("c2u Didn't work\n");
1459                         ret = -EFAULT;
1460                         break;
1461                 }
1462                 ret = 0;
1463                 break;
1464
1465         case EBT_SO_GET_ENTRIES:
1466         case EBT_SO_GET_INIT_ENTRIES:
1467                 ret = copy_everything_to_user(t, user, len, cmd);
1468                 mutex_unlock(&ebt_mutex);
1469                 break;
1470
1471         default:
1472                 mutex_unlock(&ebt_mutex);
1473                 ret = -EINVAL;
1474         }
1475
1476         return ret;
1477 }
1478
1479 static struct nf_sockopt_ops ebt_sockopts =
1480 {
1481         .pf             = PF_INET,
1482         .set_optmin     = EBT_BASE_CTL,
1483         .set_optmax     = EBT_SO_SET_MAX + 1,
1484         .set            = do_ebt_set_ctl,
1485         .get_optmin     = EBT_BASE_CTL,
1486         .get_optmax     = EBT_SO_GET_MAX + 1,
1487         .get            = do_ebt_get_ctl,
1488         .owner          = THIS_MODULE,
1489 };
1490
1491 static int __init ebtables_init(void)
1492 {
1493         int ret;
1494
1495         ret = xt_register_target(&ebt_standard_target);
1496         if (ret < 0)
1497                 return ret;
1498         ret = nf_register_sockopt(&ebt_sockopts);
1499         if (ret < 0) {
1500                 xt_unregister_target(&ebt_standard_target);
1501                 return ret;
1502         }
1503
1504         printk(KERN_INFO "Ebtables v2.0 registered\n");
1505         return 0;
1506 }
1507
1508 static void __exit ebtables_fini(void)
1509 {
1510         nf_unregister_sockopt(&ebt_sockopts);
1511         xt_unregister_target(&ebt_standard_target);
1512         printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1513 }
1514
1515 EXPORT_SYMBOL(ebt_register_table);
1516 EXPORT_SYMBOL(ebt_unregister_table);
1517 EXPORT_SYMBOL(ebt_do_table);
1518 module_init(ebtables_init);
1519 module_exit(ebtables_fini);
1520 MODULE_LICENSE("GPL");