Merge branch 'for-linus' of git://one.firstfloor.org/home/andi/git/linux-2.6
[linux-2.6] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18 /* used for print_string */
19 #include <linux/tty.h>
20
21 #include <linux/kmod.h>
22 #include <linux/module.h>
23 #include <linux/vmalloc.h>
24 #include <linux/netfilter_bridge/ebtables.h>
25 #include <linux/spinlock.h>
26 #include <linux/mutex.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <linux/cpumask.h>
30 #include <net/sock.h>
31 /* needed for logical [in,out]-dev filtering */
32 #include "../br_private.h"
33
34 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
35                                          "report to author: "format, ## args)
36 /* #define BUGPRINT(format, args...) */
37 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
38                                          ": out of memory: "format, ## args)
39 /* #define MEMPRINT(format, args...) */
40
41
42
43 /*
44  * Each cpu has its own set of counters, so there is no need for write_lock in
45  * the softirq
46  * For reading or updating the counters, the user context needs to
47  * get a write_lock
48  */
49
50 /* The size of each set of counters is altered to get cache alignment */
51 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
52 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
53 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
54    COUNTER_OFFSET(n) * cpu))
55
56
57
58 static DEFINE_MUTEX(ebt_mutex);
59 static LIST_HEAD(ebt_tables);
60 static LIST_HEAD(ebt_targets);
61 static LIST_HEAD(ebt_matches);
62 static LIST_HEAD(ebt_watchers);
63
64 static struct ebt_target ebt_standard_target =
65 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
66
67 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
68    const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
69    const struct net_device *out)
70 {
71         w->u.watcher->watcher(skb, hooknr, in, out, w->data,
72            w->watcher_size);
73         /* watchers don't give a verdict */
74         return 0;
75 }
76
77 static inline int ebt_do_match (struct ebt_entry_match *m,
78    const struct sk_buff *skb, const struct net_device *in,
79    const struct net_device *out)
80 {
81         return m->u.match->match(skb, in, out, m->data,
82            m->match_size);
83 }
84
85 static inline int ebt_dev_check(char *entry, const struct net_device *device)
86 {
87         int i = 0;
88         const char *devname = device->name;
89
90         if (*entry == '\0')
91                 return 0;
92         if (!device)
93                 return 1;
94         /* 1 is the wildcard token */
95         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
96                 i++;
97         return (devname[i] != entry[i] && entry[i] != 1);
98 }
99
100 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
101 /* process standard matches */
102 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
103    const struct net_device *in, const struct net_device *out)
104 {
105         int verdict, i;
106
107         if (e->bitmask & EBT_802_3) {
108                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
109                         return 1;
110         } else if (!(e->bitmask & EBT_NOPROTO) &&
111            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
112                 return 1;
113
114         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
115                 return 1;
116         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
117                 return 1;
118         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
119            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
120                 return 1;
121         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
122            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
123                 return 1;
124
125         if (e->bitmask & EBT_SOURCEMAC) {
126                 verdict = 0;
127                 for (i = 0; i < 6; i++)
128                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
129                            e->sourcemsk[i];
130                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
131                         return 1;
132         }
133         if (e->bitmask & EBT_DESTMAC) {
134                 verdict = 0;
135                 for (i = 0; i < 6; i++)
136                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
137                            e->destmsk[i];
138                 if (FWINV2(verdict != 0, EBT_IDEST) )
139                         return 1;
140         }
141         return 0;
142 }
143
144 /* Do some firewalling */
145 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
146    const struct net_device *in, const struct net_device *out,
147    struct ebt_table *table)
148 {
149         int i, nentries;
150         struct ebt_entry *point;
151         struct ebt_counter *counter_base, *cb_base;
152         struct ebt_entry_target *t;
153         int verdict, sp = 0;
154         struct ebt_chainstack *cs;
155         struct ebt_entries *chaininfo;
156         char *base;
157         struct ebt_table_info *private;
158
159         read_lock_bh(&table->lock);
160         private = table->private;
161         cb_base = COUNTER_BASE(private->counters, private->nentries,
162            smp_processor_id());
163         if (private->chainstack)
164                 cs = private->chainstack[smp_processor_id()];
165         else
166                 cs = NULL;
167         chaininfo = private->hook_entry[hook];
168         nentries = private->hook_entry[hook]->nentries;
169         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
170         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
171         /* base for chain jumps */
172         base = private->entries;
173         i = 0;
174         while (i < nentries) {
175                 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
176                         goto letscontinue;
177
178                 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
179                         goto letscontinue;
180
181                 /* increase counter */
182                 (*(counter_base + i)).pcnt++;
183                 (*(counter_base + i)).bcnt+=(**pskb).len;
184
185                 /* these should only watch: not modify, nor tell us
186                    what to do with the packet */
187                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
188                    out);
189
190                 t = (struct ebt_entry_target *)
191                    (((char *)point) + point->target_offset);
192                 /* standard target */
193                 if (!t->u.target->target)
194                         verdict = ((struct ebt_standard_target *)t)->verdict;
195                 else
196                         verdict = t->u.target->target(pskb, hook,
197                            in, out, t->data, t->target_size);
198                 if (verdict == EBT_ACCEPT) {
199                         read_unlock_bh(&table->lock);
200                         return NF_ACCEPT;
201                 }
202                 if (verdict == EBT_DROP) {
203                         read_unlock_bh(&table->lock);
204                         return NF_DROP;
205                 }
206                 if (verdict == EBT_RETURN) {
207 letsreturn:
208 #ifdef CONFIG_NETFILTER_DEBUG
209                         if (sp == 0) {
210                                 BUGPRINT("RETURN on base chain");
211                                 /* act like this is EBT_CONTINUE */
212                                 goto letscontinue;
213                         }
214 #endif
215                         sp--;
216                         /* put all the local variables right */
217                         i = cs[sp].n;
218                         chaininfo = cs[sp].chaininfo;
219                         nentries = chaininfo->nentries;
220                         point = cs[sp].e;
221                         counter_base = cb_base +
222                            chaininfo->counter_offset;
223                         continue;
224                 }
225                 if (verdict == EBT_CONTINUE)
226                         goto letscontinue;
227 #ifdef CONFIG_NETFILTER_DEBUG
228                 if (verdict < 0) {
229                         BUGPRINT("bogus standard verdict\n");
230                         read_unlock_bh(&table->lock);
231                         return NF_DROP;
232                 }
233 #endif
234                 /* jump to a udc */
235                 cs[sp].n = i + 1;
236                 cs[sp].chaininfo = chaininfo;
237                 cs[sp].e = (struct ebt_entry *)
238                    (((char *)point) + point->next_offset);
239                 i = 0;
240                 chaininfo = (struct ebt_entries *) (base + verdict);
241 #ifdef CONFIG_NETFILTER_DEBUG
242                 if (chaininfo->distinguisher) {
243                         BUGPRINT("jump to non-chain\n");
244                         read_unlock_bh(&table->lock);
245                         return NF_DROP;
246                 }
247 #endif
248                 nentries = chaininfo->nentries;
249                 point = (struct ebt_entry *)chaininfo->data;
250                 counter_base = cb_base + chaininfo->counter_offset;
251                 sp++;
252                 continue;
253 letscontinue:
254                 point = (struct ebt_entry *)
255                    (((char *)point) + point->next_offset);
256                 i++;
257         }
258
259         /* I actually like this :) */
260         if (chaininfo->policy == EBT_RETURN)
261                 goto letsreturn;
262         if (chaininfo->policy == EBT_ACCEPT) {
263                 read_unlock_bh(&table->lock);
264                 return NF_ACCEPT;
265         }
266         read_unlock_bh(&table->lock);
267         return NF_DROP;
268 }
269
270 /* If it succeeds, returns element and locks mutex */
271 static inline void *
272 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
273    struct mutex *mutex)
274 {
275         struct {
276                 struct list_head list;
277                 char name[EBT_FUNCTION_MAXNAMELEN];
278         } *e;
279
280         *error = mutex_lock_interruptible(mutex);
281         if (*error != 0)
282                 return NULL;
283
284         list_for_each_entry(e, head, list) {
285                 if (strcmp(e->name, name) == 0)
286                         return e;
287         }
288         *error = -ENOENT;
289         mutex_unlock(mutex);
290         return NULL;
291 }
292
293 #ifndef CONFIG_KMOD
294 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
295 #else
296 static void *
297 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
298    int *error, struct mutex *mutex)
299 {
300         void *ret;
301
302         ret = find_inlist_lock_noload(head, name, error, mutex);
303         if (!ret) {
304                 request_module("%s%s", prefix, name);
305                 ret = find_inlist_lock_noload(head, name, error, mutex);
306         }
307         return ret;
308 }
309 #endif
310
311 static inline struct ebt_table *
312 find_table_lock(const char *name, int *error, struct mutex *mutex)
313 {
314         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
315 }
316
317 static inline struct ebt_match *
318 find_match_lock(const char *name, int *error, struct mutex *mutex)
319 {
320         return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
321 }
322
323 static inline struct ebt_watcher *
324 find_watcher_lock(const char *name, int *error, struct mutex *mutex)
325 {
326         return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
327 }
328
329 static inline struct ebt_target *
330 find_target_lock(const char *name, int *error, struct mutex *mutex)
331 {
332         return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
333 }
334
335 static inline int
336 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
337    const char *name, unsigned int hookmask, unsigned int *cnt)
338 {
339         struct ebt_match *match;
340         size_t left = ((char *)e + e->watchers_offset) - (char *)m;
341         int ret;
342
343         if (left < sizeof(struct ebt_entry_match) ||
344             left - sizeof(struct ebt_entry_match) < m->match_size)
345                 return -EINVAL;
346         match = find_match_lock(m->u.name, &ret, &ebt_mutex);
347         if (!match)
348                 return ret;
349         m->u.match = match;
350         if (!try_module_get(match->me)) {
351                 mutex_unlock(&ebt_mutex);
352                 return -ENOENT;
353         }
354         mutex_unlock(&ebt_mutex);
355         if (match->check &&
356            match->check(name, hookmask, e, m->data, m->match_size) != 0) {
357                 BUGPRINT("match->check failed\n");
358                 module_put(match->me);
359                 return -EINVAL;
360         }
361         (*cnt)++;
362         return 0;
363 }
364
365 static inline int
366 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
367    const char *name, unsigned int hookmask, unsigned int *cnt)
368 {
369         struct ebt_watcher *watcher;
370         size_t left = ((char *)e + e->target_offset) - (char *)w;
371         int ret;
372
373         if (left < sizeof(struct ebt_entry_watcher) ||
374            left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
375                 return -EINVAL;
376         watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
377         if (!watcher)
378                 return ret;
379         w->u.watcher = watcher;
380         if (!try_module_get(watcher->me)) {
381                 mutex_unlock(&ebt_mutex);
382                 return -ENOENT;
383         }
384         mutex_unlock(&ebt_mutex);
385         if (watcher->check &&
386            watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
387                 BUGPRINT("watcher->check failed\n");
388                 module_put(watcher->me);
389                 return -EINVAL;
390         }
391         (*cnt)++;
392         return 0;
393 }
394
395 static int ebt_verify_pointers(struct ebt_replace *repl,
396                                struct ebt_table_info *newinfo)
397 {
398         unsigned int limit = repl->entries_size;
399         unsigned int valid_hooks = repl->valid_hooks;
400         unsigned int offset = 0;
401         int i;
402
403         for (i = 0; i < NF_BR_NUMHOOKS; i++)
404                 newinfo->hook_entry[i] = NULL;
405
406         newinfo->entries_size = repl->entries_size;
407         newinfo->nentries = repl->nentries;
408
409         while (offset < limit) {
410                 size_t left = limit - offset;
411                 struct ebt_entry *e = (void *)newinfo->entries + offset;
412
413                 if (left < sizeof(unsigned int))
414                         break;
415
416                 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
417                         if ((valid_hooks & (1 << i)) == 0)
418                                 continue;
419                         if ((char __user *)repl->hook_entry[i] ==
420                              repl->entries + offset)
421                                 break;
422                 }
423
424                 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
425                         if (e->bitmask != 0) {
426                                 /* we make userspace set this right,
427                                    so there is no misunderstanding */
428                                 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
429                                          "in distinguisher\n");
430                                 return -EINVAL;
431                         }
432                         if (i != NF_BR_NUMHOOKS)
433                                 newinfo->hook_entry[i] = (struct ebt_entries *)e;
434                         if (left < sizeof(struct ebt_entries))
435                                 break;
436                         offset += sizeof(struct ebt_entries);
437                 } else {
438                         if (left < sizeof(struct ebt_entry))
439                                 break;
440                         if (left < e->next_offset)
441                                 break;
442                         offset += e->next_offset;
443                 }
444         }
445         if (offset != limit) {
446                 BUGPRINT("entries_size too small\n");
447                 return -EINVAL;
448         }
449
450         /* check if all valid hooks have a chain */
451         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
452                 if (!newinfo->hook_entry[i] &&
453                    (valid_hooks & (1 << i))) {
454                         BUGPRINT("Valid hook without chain\n");
455                         return -EINVAL;
456                 }
457         }
458         return 0;
459 }
460
461 /*
462  * this one is very careful, as it is the first function
463  * to parse the userspace data
464  */
465 static inline int
466 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
467    struct ebt_table_info *newinfo,
468    unsigned int *n, unsigned int *cnt,
469    unsigned int *totalcnt, unsigned int *udc_cnt)
470 {
471         int i;
472
473         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
474                 if ((void *)e == (void *)newinfo->hook_entry[i])
475                         break;
476         }
477         /* beginning of a new chain
478            if i == NF_BR_NUMHOOKS it must be a user defined chain */
479         if (i != NF_BR_NUMHOOKS || !e->bitmask) {
480                 /* this checks if the previous chain has as many entries
481                    as it said it has */
482                 if (*n != *cnt) {
483                         BUGPRINT("nentries does not equal the nr of entries "
484                                  "in the chain\n");
485                         return -EINVAL;
486                 }
487                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
488                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
489                         /* only RETURN from udc */
490                         if (i != NF_BR_NUMHOOKS ||
491                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
492                                 BUGPRINT("bad policy\n");
493                                 return -EINVAL;
494                         }
495                 }
496                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
497                         (*udc_cnt)++;
498                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
499                         BUGPRINT("counter_offset != totalcnt");
500                         return -EINVAL;
501                 }
502                 *n = ((struct ebt_entries *)e)->nentries;
503                 *cnt = 0;
504                 return 0;
505         }
506         /* a plain old entry, heh */
507         if (sizeof(struct ebt_entry) > e->watchers_offset ||
508            e->watchers_offset > e->target_offset ||
509            e->target_offset >= e->next_offset) {
510                 BUGPRINT("entry offsets not in right order\n");
511                 return -EINVAL;
512         }
513         /* this is not checked anywhere else */
514         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
515                 BUGPRINT("target size too small\n");
516                 return -EINVAL;
517         }
518         (*cnt)++;
519         (*totalcnt)++;
520         return 0;
521 }
522
523 struct ebt_cl_stack
524 {
525         struct ebt_chainstack cs;
526         int from;
527         unsigned int hookmask;
528 };
529
530 /*
531  * we need these positions to check that the jumps to a different part of the
532  * entries is a jump to the beginning of a new chain.
533  */
534 static inline int
535 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
536    unsigned int *n, struct ebt_cl_stack *udc)
537 {
538         int i;
539
540         /* we're only interested in chain starts */
541         if (e->bitmask)
542                 return 0;
543         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
544                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
545                         break;
546         }
547         /* only care about udc */
548         if (i != NF_BR_NUMHOOKS)
549                 return 0;
550
551         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
552         /* these initialisations are depended on later in check_chainloops() */
553         udc[*n].cs.n = 0;
554         udc[*n].hookmask = 0;
555
556         (*n)++;
557         return 0;
558 }
559
560 static inline int
561 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
562 {
563         if (i && (*i)-- == 0)
564                 return 1;
565         if (m->u.match->destroy)
566                 m->u.match->destroy(m->data, m->match_size);
567         module_put(m->u.match->me);
568
569         return 0;
570 }
571
572 static inline int
573 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
574 {
575         if (i && (*i)-- == 0)
576                 return 1;
577         if (w->u.watcher->destroy)
578                 w->u.watcher->destroy(w->data, w->watcher_size);
579         module_put(w->u.watcher->me);
580
581         return 0;
582 }
583
584 static inline int
585 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
586 {
587         struct ebt_entry_target *t;
588
589         if (e->bitmask == 0)
590                 return 0;
591         /* we're done */
592         if (cnt && (*cnt)-- == 0)
593                 return 1;
594         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
595         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
596         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
597         if (t->u.target->destroy)
598                 t->u.target->destroy(t->data, t->target_size);
599         module_put(t->u.target->me);
600
601         return 0;
602 }
603
604 static inline int
605 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
606    const char *name, unsigned int *cnt,
607    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
608 {
609         struct ebt_entry_target *t;
610         struct ebt_target *target;
611         unsigned int i, j, hook = 0, hookmask = 0;
612         size_t gap;
613         int ret;
614
615         /* don't mess with the struct ebt_entries */
616         if (e->bitmask == 0)
617                 return 0;
618
619         if (e->bitmask & ~EBT_F_MASK) {
620                 BUGPRINT("Unknown flag for bitmask\n");
621                 return -EINVAL;
622         }
623         if (e->invflags & ~EBT_INV_MASK) {
624                 BUGPRINT("Unknown flag for inv bitmask\n");
625                 return -EINVAL;
626         }
627         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
628                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
629                 return -EINVAL;
630         }
631         /* what hook do we belong to? */
632         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
633                 if (!newinfo->hook_entry[i])
634                         continue;
635                 if ((char *)newinfo->hook_entry[i] < (char *)e)
636                         hook = i;
637                 else
638                         break;
639         }
640         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
641            a base chain */
642         if (i < NF_BR_NUMHOOKS)
643                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
644         else {
645                 for (i = 0; i < udc_cnt; i++)
646                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
647                                 break;
648                 if (i == 0)
649                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
650                 else
651                         hookmask = cl_s[i - 1].hookmask;
652         }
653         i = 0;
654         ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
655         if (ret != 0)
656                 goto cleanup_matches;
657         j = 0;
658         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
659         if (ret != 0)
660                 goto cleanup_watchers;
661         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
662         gap = e->next_offset - e->target_offset;
663         target = find_target_lock(t->u.name, &ret, &ebt_mutex);
664         if (!target)
665                 goto cleanup_watchers;
666         if (!try_module_get(target->me)) {
667                 mutex_unlock(&ebt_mutex);
668                 ret = -ENOENT;
669                 goto cleanup_watchers;
670         }
671         mutex_unlock(&ebt_mutex);
672
673         t->u.target = target;
674         if (t->u.target == &ebt_standard_target) {
675                 if (gap < sizeof(struct ebt_standard_target)) {
676                         BUGPRINT("Standard target size too big\n");
677                         ret = -EFAULT;
678                         goto cleanup_watchers;
679                 }
680                 if (((struct ebt_standard_target *)t)->verdict <
681                    -NUM_STANDARD_TARGETS) {
682                         BUGPRINT("Invalid standard target\n");
683                         ret = -EFAULT;
684                         goto cleanup_watchers;
685                 }
686         } else if (t->target_size > gap - sizeof(struct ebt_entry_target) ||
687            (t->u.target->check &&
688            t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
689                 module_put(t->u.target->me);
690                 ret = -EFAULT;
691                 goto cleanup_watchers;
692         }
693         (*cnt)++;
694         return 0;
695 cleanup_watchers:
696         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
697 cleanup_matches:
698         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
699         return ret;
700 }
701
702 /*
703  * checks for loops and sets the hook mask for udc
704  * the hook mask for udc tells us from which base chains the udc can be
705  * accessed. This mask is a parameter to the check() functions of the extensions
706  */
707 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
708    unsigned int udc_cnt, unsigned int hooknr, char *base)
709 {
710         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
711         struct ebt_entry *e = (struct ebt_entry *)chain->data;
712         struct ebt_entry_target *t;
713
714         while (pos < nentries || chain_nr != -1) {
715                 /* end of udc, go back one 'recursion' step */
716                 if (pos == nentries) {
717                         /* put back values of the time when this chain was called */
718                         e = cl_s[chain_nr].cs.e;
719                         if (cl_s[chain_nr].from != -1)
720                                 nentries =
721                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
722                         else
723                                 nentries = chain->nentries;
724                         pos = cl_s[chain_nr].cs.n;
725                         /* make sure we won't see a loop that isn't one */
726                         cl_s[chain_nr].cs.n = 0;
727                         chain_nr = cl_s[chain_nr].from;
728                         if (pos == nentries)
729                                 continue;
730                 }
731                 t = (struct ebt_entry_target *)
732                    (((char *)e) + e->target_offset);
733                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
734                         goto letscontinue;
735                 if (e->target_offset + sizeof(struct ebt_standard_target) >
736                    e->next_offset) {
737                         BUGPRINT("Standard target size too big\n");
738                         return -1;
739                 }
740                 verdict = ((struct ebt_standard_target *)t)->verdict;
741                 if (verdict >= 0) { /* jump to another chain */
742                         struct ebt_entries *hlp2 =
743                            (struct ebt_entries *)(base + verdict);
744                         for (i = 0; i < udc_cnt; i++)
745                                 if (hlp2 == cl_s[i].cs.chaininfo)
746                                         break;
747                         /* bad destination or loop */
748                         if (i == udc_cnt) {
749                                 BUGPRINT("bad destination\n");
750                                 return -1;
751                         }
752                         if (cl_s[i].cs.n) {
753                                 BUGPRINT("loop\n");
754                                 return -1;
755                         }
756                         if (cl_s[i].hookmask & (1 << hooknr))
757                                 goto letscontinue;
758                         /* this can't be 0, so the loop test is correct */
759                         cl_s[i].cs.n = pos + 1;
760                         pos = 0;
761                         cl_s[i].cs.e = ((void *)e + e->next_offset);
762                         e = (struct ebt_entry *)(hlp2->data);
763                         nentries = hlp2->nentries;
764                         cl_s[i].from = chain_nr;
765                         chain_nr = i;
766                         /* this udc is accessible from the base chain for hooknr */
767                         cl_s[i].hookmask |= (1 << hooknr);
768                         continue;
769                 }
770 letscontinue:
771                 e = (void *)e + e->next_offset;
772                 pos++;
773         }
774         return 0;
775 }
776
777 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
778 static int translate_table(char *name, struct ebt_table_info *newinfo)
779 {
780         unsigned int i, j, k, udc_cnt;
781         int ret;
782         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
783
784         i = 0;
785         while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
786                 i++;
787         if (i == NF_BR_NUMHOOKS) {
788                 BUGPRINT("No valid hooks specified\n");
789                 return -EINVAL;
790         }
791         if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
792                 BUGPRINT("Chains don't start at beginning\n");
793                 return -EINVAL;
794         }
795         /* make sure chains are ordered after each other in same order
796            as their corresponding hooks */
797         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
798                 if (!newinfo->hook_entry[j])
799                         continue;
800                 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
801                         BUGPRINT("Hook order must be followed\n");
802                         return -EINVAL;
803                 }
804                 i = j;
805         }
806
807         /* do some early checkings and initialize some things */
808         i = 0; /* holds the expected nr. of entries for the chain */
809         j = 0; /* holds the up to now counted entries for the chain */
810         k = 0; /* holds the total nr. of entries, should equal
811                   newinfo->nentries afterwards */
812         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
813         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
814            ebt_check_entry_size_and_hooks, newinfo,
815            &i, &j, &k, &udc_cnt);
816
817         if (ret != 0)
818                 return ret;
819
820         if (i != j) {
821                 BUGPRINT("nentries does not equal the nr of entries in the "
822                          "(last) chain\n");
823                 return -EINVAL;
824         }
825         if (k != newinfo->nentries) {
826                 BUGPRINT("Total nentries is wrong\n");
827                 return -EINVAL;
828         }
829
830         /* get the location of the udc, put them in an array
831            while we're at it, allocate the chainstack */
832         if (udc_cnt) {
833                 /* this will get free'd in do_replace()/ebt_register_table()
834                    if an error occurs */
835                 newinfo->chainstack =
836                         vmalloc((highest_possible_processor_id()+1)
837                                         * sizeof(*(newinfo->chainstack)));
838                 if (!newinfo->chainstack)
839                         return -ENOMEM;
840                 for_each_possible_cpu(i) {
841                         newinfo->chainstack[i] =
842                           vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
843                         if (!newinfo->chainstack[i]) {
844                                 while (i)
845                                         vfree(newinfo->chainstack[--i]);
846                                 vfree(newinfo->chainstack);
847                                 newinfo->chainstack = NULL;
848                                 return -ENOMEM;
849                         }
850                 }
851
852                 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
853                 if (!cl_s)
854                         return -ENOMEM;
855                 i = 0; /* the i'th udc */
856                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
857                    ebt_get_udc_positions, newinfo, &i, cl_s);
858                 /* sanity check */
859                 if (i != udc_cnt) {
860                         BUGPRINT("i != udc_cnt\n");
861                         vfree(cl_s);
862                         return -EFAULT;
863                 }
864         }
865
866         /* Check for loops */
867         for (i = 0; i < NF_BR_NUMHOOKS; i++)
868                 if (newinfo->hook_entry[i])
869                         if (check_chainloops(newinfo->hook_entry[i],
870                            cl_s, udc_cnt, i, newinfo->entries)) {
871                                 vfree(cl_s);
872                                 return -EINVAL;
873                         }
874
875         /* we now know the following (along with E=mc²):
876            - the nr of entries in each chain is right
877            - the size of the allocated space is right
878            - all valid hooks have a corresponding chain
879            - there are no loops
880            - wrong data can still be on the level of a single entry
881            - could be there are jumps to places that are not the
882              beginning of a chain. This can only occur in chains that
883              are not accessible from any base chains, so we don't care. */
884
885         /* used to know what we need to clean up if something goes wrong */
886         i = 0;
887         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
888            ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
889         if (ret != 0) {
890                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
891                    ebt_cleanup_entry, &i);
892         }
893         vfree(cl_s);
894         return ret;
895 }
896
897 /* called under write_lock */
898 static void get_counters(struct ebt_counter *oldcounters,
899    struct ebt_counter *counters, unsigned int nentries)
900 {
901         int i, cpu;
902         struct ebt_counter *counter_base;
903
904         /* counters of cpu 0 */
905         memcpy(counters, oldcounters,
906                sizeof(struct ebt_counter) * nentries);
907
908         /* add other counters to those of cpu 0 */
909         for_each_possible_cpu(cpu) {
910                 if (cpu == 0)
911                         continue;
912                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
913                 for (i = 0; i < nentries; i++) {
914                         counters[i].pcnt += counter_base[i].pcnt;
915                         counters[i].bcnt += counter_base[i].bcnt;
916                 }
917         }
918 }
919
920 /* replace the table */
921 static int do_replace(void __user *user, unsigned int len)
922 {
923         int ret, i, countersize;
924         struct ebt_table_info *newinfo;
925         struct ebt_replace tmp;
926         struct ebt_table *t;
927         struct ebt_counter *counterstmp = NULL;
928         /* used to be able to unlock earlier */
929         struct ebt_table_info *table;
930
931         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
932                 return -EFAULT;
933
934         if (len != sizeof(tmp) + tmp.entries_size) {
935                 BUGPRINT("Wrong len argument\n");
936                 return -EINVAL;
937         }
938
939         if (tmp.entries_size == 0) {
940                 BUGPRINT("Entries_size never zero\n");
941                 return -EINVAL;
942         }
943         /* overflow check */
944         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
945                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
946                 return -ENOMEM;
947         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
948                 return -ENOMEM;
949
950         countersize = COUNTER_OFFSET(tmp.nentries) *
951                                         (highest_possible_processor_id()+1);
952         newinfo = vmalloc(sizeof(*newinfo) + countersize);
953         if (!newinfo)
954                 return -ENOMEM;
955
956         if (countersize)
957                 memset(newinfo->counters, 0, countersize);
958
959         newinfo->entries = vmalloc(tmp.entries_size);
960         if (!newinfo->entries) {
961                 ret = -ENOMEM;
962                 goto free_newinfo;
963         }
964         if (copy_from_user(
965            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
966                 BUGPRINT("Couldn't copy entries from userspace\n");
967                 ret = -EFAULT;
968                 goto free_entries;
969         }
970
971         /* the user wants counters back
972            the check on the size is done later, when we have the lock */
973         if (tmp.num_counters) {
974                 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
975                 if (!counterstmp) {
976                         ret = -ENOMEM;
977                         goto free_entries;
978                 }
979         }
980         else
981                 counterstmp = NULL;
982
983         /* this can get initialized by translate_table() */
984         newinfo->chainstack = NULL;
985         ret = ebt_verify_pointers(&tmp, newinfo);
986         if (ret != 0)
987                 goto free_counterstmp;
988
989         ret = translate_table(tmp.name, newinfo);
990
991         if (ret != 0)
992                 goto free_counterstmp;
993
994         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
995         if (!t) {
996                 ret = -ENOENT;
997                 goto free_iterate;
998         }
999
1000         /* the table doesn't like it */
1001         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1002                 goto free_unlock;
1003
1004         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1005                 BUGPRINT("Wrong nr. of counters requested\n");
1006                 ret = -EINVAL;
1007                 goto free_unlock;
1008         }
1009
1010         /* we have the mutex lock, so no danger in reading this pointer */
1011         table = t->private;
1012         /* make sure the table can only be rmmod'ed if it contains no rules */
1013         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1014                 ret = -ENOENT;
1015                 goto free_unlock;
1016         } else if (table->nentries && !newinfo->nentries)
1017                 module_put(t->me);
1018         /* we need an atomic snapshot of the counters */
1019         write_lock_bh(&t->lock);
1020         if (tmp.num_counters)
1021                 get_counters(t->private->counters, counterstmp,
1022                    t->private->nentries);
1023
1024         t->private = newinfo;
1025         write_unlock_bh(&t->lock);
1026         mutex_unlock(&ebt_mutex);
1027         /* so, a user can change the chains while having messed up her counter
1028            allocation. Only reason why this is done is because this way the lock
1029            is held only once, while this doesn't bring the kernel into a
1030            dangerous state. */
1031         if (tmp.num_counters &&
1032            copy_to_user(tmp.counters, counterstmp,
1033            tmp.num_counters * sizeof(struct ebt_counter))) {
1034                 BUGPRINT("Couldn't copy counters to userspace\n");
1035                 ret = -EFAULT;
1036         }
1037         else
1038                 ret = 0;
1039
1040         /* decrease module count and free resources */
1041         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1042            ebt_cleanup_entry, NULL);
1043
1044         vfree(table->entries);
1045         if (table->chainstack) {
1046                 for_each_possible_cpu(i)
1047                         vfree(table->chainstack[i]);
1048                 vfree(table->chainstack);
1049         }
1050         vfree(table);
1051
1052         vfree(counterstmp);
1053         return ret;
1054
1055 free_unlock:
1056         mutex_unlock(&ebt_mutex);
1057 free_iterate:
1058         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1059            ebt_cleanup_entry, NULL);
1060 free_counterstmp:
1061         vfree(counterstmp);
1062         /* can be initialized in translate_table() */
1063         if (newinfo->chainstack) {
1064                 for_each_possible_cpu(i)
1065                         vfree(newinfo->chainstack[i]);
1066                 vfree(newinfo->chainstack);
1067         }
1068 free_entries:
1069         vfree(newinfo->entries);
1070 free_newinfo:
1071         vfree(newinfo);
1072         return ret;
1073 }
1074
1075 int ebt_register_target(struct ebt_target *target)
1076 {
1077         struct ebt_target *t;
1078         int ret;
1079
1080         ret = mutex_lock_interruptible(&ebt_mutex);
1081         if (ret != 0)
1082                 return ret;
1083         list_for_each_entry(t, &ebt_targets, list) {
1084                 if (strcmp(t->name, target->name) == 0) {
1085                         mutex_unlock(&ebt_mutex);
1086                         return -EEXIST;
1087                 }
1088         }
1089         list_add(&target->list, &ebt_targets);
1090         mutex_unlock(&ebt_mutex);
1091
1092         return 0;
1093 }
1094
1095 void ebt_unregister_target(struct ebt_target *target)
1096 {
1097         mutex_lock(&ebt_mutex);
1098         list_del(&target->list);
1099         mutex_unlock(&ebt_mutex);
1100 }
1101
1102 int ebt_register_match(struct ebt_match *match)
1103 {
1104         struct ebt_match *m;
1105         int ret;
1106
1107         ret = mutex_lock_interruptible(&ebt_mutex);
1108         if (ret != 0)
1109                 return ret;
1110         list_for_each_entry(m, &ebt_matches, list) {
1111                 if (strcmp(m->name, match->name) == 0) {
1112                         mutex_unlock(&ebt_mutex);
1113                         return -EEXIST;
1114                 }
1115         }
1116         list_add(&match->list, &ebt_matches);
1117         mutex_unlock(&ebt_mutex);
1118
1119         return 0;
1120 }
1121
1122 void ebt_unregister_match(struct ebt_match *match)
1123 {
1124         mutex_lock(&ebt_mutex);
1125         list_del(&match->list);
1126         mutex_unlock(&ebt_mutex);
1127 }
1128
1129 int ebt_register_watcher(struct ebt_watcher *watcher)
1130 {
1131         struct ebt_watcher *w;
1132         int ret;
1133
1134         ret = mutex_lock_interruptible(&ebt_mutex);
1135         if (ret != 0)
1136                 return ret;
1137         list_for_each_entry(w, &ebt_watchers, list) {
1138                 if (strcmp(w->name, watcher->name) == 0) {
1139                         mutex_unlock(&ebt_mutex);
1140                         return -EEXIST;
1141                 }
1142         }
1143         list_add(&watcher->list, &ebt_watchers);
1144         mutex_unlock(&ebt_mutex);
1145
1146         return 0;
1147 }
1148
1149 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1150 {
1151         mutex_lock(&ebt_mutex);
1152         list_del(&watcher->list);
1153         mutex_unlock(&ebt_mutex);
1154 }
1155
1156 int ebt_register_table(struct ebt_table *table)
1157 {
1158         struct ebt_table_info *newinfo;
1159         struct ebt_table *t;
1160         struct ebt_replace_kernel *repl;
1161         int ret, i, countersize;
1162         void *p;
1163
1164         if (!table || !(repl = table->table) || !repl->entries ||
1165             repl->entries_size == 0 ||
1166             repl->counters || table->private) {
1167                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1168                 return -EINVAL;
1169         }
1170
1171         countersize = COUNTER_OFFSET(repl->nentries) *
1172                                         (highest_possible_processor_id()+1);
1173         newinfo = vmalloc(sizeof(*newinfo) + countersize);
1174         ret = -ENOMEM;
1175         if (!newinfo)
1176                 return -ENOMEM;
1177
1178         p = vmalloc(repl->entries_size);
1179         if (!p)
1180                 goto free_newinfo;
1181
1182         memcpy(p, repl->entries, repl->entries_size);
1183         newinfo->entries = p;
1184
1185         newinfo->entries_size = repl->entries_size;
1186         newinfo->nentries = repl->nentries;
1187
1188         if (countersize)
1189                 memset(newinfo->counters, 0, countersize);
1190
1191         /* fill in newinfo and parse the entries */
1192         newinfo->chainstack = NULL;
1193         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1194                 if ((repl->valid_hooks & (1 << i)) == 0)
1195                         newinfo->hook_entry[i] = NULL;
1196                 else
1197                         newinfo->hook_entry[i] = p +
1198                                 ((char *)repl->hook_entry[i] - repl->entries);
1199         }
1200         ret = translate_table(repl->name, newinfo);
1201         if (ret != 0) {
1202                 BUGPRINT("Translate_table failed\n");
1203                 goto free_chainstack;
1204         }
1205
1206         if (table->check && table->check(newinfo, table->valid_hooks)) {
1207                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1208                 return -EINVAL;
1209         }
1210
1211         table->private = newinfo;
1212         rwlock_init(&table->lock);
1213         ret = mutex_lock_interruptible(&ebt_mutex);
1214         if (ret != 0)
1215                 goto free_chainstack;
1216
1217         list_for_each_entry(t, &ebt_tables, list) {
1218                 if (strcmp(t->name, table->name) == 0) {
1219                         ret = -EEXIST;
1220                         BUGPRINT("Table name already exists\n");
1221                         goto free_unlock;
1222                 }
1223         }
1224
1225         /* Hold a reference count if the chains aren't empty */
1226         if (newinfo->nentries && !try_module_get(table->me)) {
1227                 ret = -ENOENT;
1228                 goto free_unlock;
1229         }
1230         list_add(&table->list, &ebt_tables);
1231         mutex_unlock(&ebt_mutex);
1232         return 0;
1233 free_unlock:
1234         mutex_unlock(&ebt_mutex);
1235 free_chainstack:
1236         if (newinfo->chainstack) {
1237                 for_each_possible_cpu(i)
1238                         vfree(newinfo->chainstack[i]);
1239                 vfree(newinfo->chainstack);
1240         }
1241         vfree(newinfo->entries);
1242 free_newinfo:
1243         vfree(newinfo);
1244         return ret;
1245 }
1246
1247 void ebt_unregister_table(struct ebt_table *table)
1248 {
1249         int i;
1250
1251         if (!table) {
1252                 BUGPRINT("Request to unregister NULL table!!!\n");
1253                 return;
1254         }
1255         mutex_lock(&ebt_mutex);
1256         list_del(&table->list);
1257         mutex_unlock(&ebt_mutex);
1258         vfree(table->private->entries);
1259         if (table->private->chainstack) {
1260                 for_each_possible_cpu(i)
1261                         vfree(table->private->chainstack[i]);
1262                 vfree(table->private->chainstack);
1263         }
1264         vfree(table->private);
1265 }
1266
1267 /* userspace just supplied us with counters */
1268 static int update_counters(void __user *user, unsigned int len)
1269 {
1270         int i, ret;
1271         struct ebt_counter *tmp;
1272         struct ebt_replace hlp;
1273         struct ebt_table *t;
1274
1275         if (copy_from_user(&hlp, user, sizeof(hlp)))
1276                 return -EFAULT;
1277
1278         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1279                 return -EINVAL;
1280         if (hlp.num_counters == 0)
1281                 return -EINVAL;
1282
1283         if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1284                 MEMPRINT("Update_counters && nomemory\n");
1285                 return -ENOMEM;
1286         }
1287
1288         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1289         if (!t)
1290                 goto free_tmp;
1291
1292         if (hlp.num_counters != t->private->nentries) {
1293                 BUGPRINT("Wrong nr of counters\n");
1294                 ret = -EINVAL;
1295                 goto unlock_mutex;
1296         }
1297
1298         if ( copy_from_user(tmp, hlp.counters,
1299            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1300                 BUGPRINT("Updata_counters && !cfu\n");
1301                 ret = -EFAULT;
1302                 goto unlock_mutex;
1303         }
1304
1305         /* we want an atomic add of the counters */
1306         write_lock_bh(&t->lock);
1307
1308         /* we add to the counters of the first cpu */
1309         for (i = 0; i < hlp.num_counters; i++) {
1310                 t->private->counters[i].pcnt += tmp[i].pcnt;
1311                 t->private->counters[i].bcnt += tmp[i].bcnt;
1312         }
1313
1314         write_unlock_bh(&t->lock);
1315         ret = 0;
1316 unlock_mutex:
1317         mutex_unlock(&ebt_mutex);
1318 free_tmp:
1319         vfree(tmp);
1320         return ret;
1321 }
1322
1323 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1324    char *base, char __user *ubase)
1325 {
1326         char __user *hlp = ubase + ((char *)m - base);
1327         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1328                 return -EFAULT;
1329         return 0;
1330 }
1331
1332 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1333    char *base, char __user *ubase)
1334 {
1335         char __user *hlp = ubase + ((char *)w - base);
1336         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1337                 return -EFAULT;
1338         return 0;
1339 }
1340
1341 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1342 {
1343         int ret;
1344         char __user *hlp;
1345         struct ebt_entry_target *t;
1346
1347         if (e->bitmask == 0)
1348                 return 0;
1349
1350         hlp = ubase + (((char *)e + e->target_offset) - base);
1351         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1352
1353         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1354         if (ret != 0)
1355                 return ret;
1356         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1357         if (ret != 0)
1358                 return ret;
1359         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1360                 return -EFAULT;
1361         return 0;
1362 }
1363
1364 /* called with ebt_mutex locked */
1365 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1366    int *len, int cmd)
1367 {
1368         struct ebt_replace tmp;
1369         struct ebt_counter *counterstmp, *oldcounters;
1370         unsigned int entries_size, nentries;
1371         char *entries;
1372
1373         if (cmd == EBT_SO_GET_ENTRIES) {
1374                 entries_size = t->private->entries_size;
1375                 nentries = t->private->nentries;
1376                 entries = t->private->entries;
1377                 oldcounters = t->private->counters;
1378         } else {
1379                 entries_size = t->table->entries_size;
1380                 nentries = t->table->nentries;
1381                 entries = t->table->entries;
1382                 oldcounters = t->table->counters;
1383         }
1384
1385         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1386                 BUGPRINT("Cfu didn't work\n");
1387                 return -EFAULT;
1388         }
1389
1390         if (*len != sizeof(struct ebt_replace) + entries_size +
1391            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1392                 BUGPRINT("Wrong size\n");
1393                 return -EINVAL;
1394         }
1395
1396         if (tmp.nentries != nentries) {
1397                 BUGPRINT("Nentries wrong\n");
1398                 return -EINVAL;
1399         }
1400
1401         if (tmp.entries_size != entries_size) {
1402                 BUGPRINT("Wrong size\n");
1403                 return -EINVAL;
1404         }
1405
1406         /* userspace might not need the counters */
1407         if (tmp.num_counters) {
1408                 if (tmp.num_counters != nentries) {
1409                         BUGPRINT("Num_counters wrong\n");
1410                         return -EINVAL;
1411                 }
1412                 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1413                 if (!counterstmp) {
1414                         MEMPRINT("Couldn't copy counters, out of memory\n");
1415                         return -ENOMEM;
1416                 }
1417                 write_lock_bh(&t->lock);
1418                 get_counters(oldcounters, counterstmp, nentries);
1419                 write_unlock_bh(&t->lock);
1420
1421                 if (copy_to_user(tmp.counters, counterstmp,
1422                    nentries * sizeof(struct ebt_counter))) {
1423                         BUGPRINT("Couldn't copy counters to userspace\n");
1424                         vfree(counterstmp);
1425                         return -EFAULT;
1426                 }
1427                 vfree(counterstmp);
1428         }
1429
1430         if (copy_to_user(tmp.entries, entries, entries_size)) {
1431                 BUGPRINT("Couldn't copy entries to userspace\n");
1432                 return -EFAULT;
1433         }
1434         /* set the match/watcher/target names right */
1435         return EBT_ENTRY_ITERATE(entries, entries_size,
1436            ebt_make_names, entries, tmp.entries);
1437 }
1438
1439 static int do_ebt_set_ctl(struct sock *sk,
1440         int cmd, void __user *user, unsigned int len)
1441 {
1442         int ret;
1443
1444         switch(cmd) {
1445         case EBT_SO_SET_ENTRIES:
1446                 ret = do_replace(user, len);
1447                 break;
1448         case EBT_SO_SET_COUNTERS:
1449                 ret = update_counters(user, len);
1450                 break;
1451         default:
1452                 ret = -EINVAL;
1453   }
1454         return ret;
1455 }
1456
1457 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1458 {
1459         int ret;
1460         struct ebt_replace tmp;
1461         struct ebt_table *t;
1462
1463         if (copy_from_user(&tmp, user, sizeof(tmp)))
1464                 return -EFAULT;
1465
1466         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1467         if (!t)
1468                 return ret;
1469
1470         switch(cmd) {
1471         case EBT_SO_GET_INFO:
1472         case EBT_SO_GET_INIT_INFO:
1473                 if (*len != sizeof(struct ebt_replace)){
1474                         ret = -EINVAL;
1475                         mutex_unlock(&ebt_mutex);
1476                         break;
1477                 }
1478                 if (cmd == EBT_SO_GET_INFO) {
1479                         tmp.nentries = t->private->nentries;
1480                         tmp.entries_size = t->private->entries_size;
1481                         tmp.valid_hooks = t->valid_hooks;
1482                 } else {
1483                         tmp.nentries = t->table->nentries;
1484                         tmp.entries_size = t->table->entries_size;
1485                         tmp.valid_hooks = t->table->valid_hooks;
1486                 }
1487                 mutex_unlock(&ebt_mutex);
1488                 if (copy_to_user(user, &tmp, *len) != 0){
1489                         BUGPRINT("c2u Didn't work\n");
1490                         ret = -EFAULT;
1491                         break;
1492                 }
1493                 ret = 0;
1494                 break;
1495
1496         case EBT_SO_GET_ENTRIES:
1497         case EBT_SO_GET_INIT_ENTRIES:
1498                 ret = copy_everything_to_user(t, user, len, cmd);
1499                 mutex_unlock(&ebt_mutex);
1500                 break;
1501
1502         default:
1503                 mutex_unlock(&ebt_mutex);
1504                 ret = -EINVAL;
1505         }
1506
1507         return ret;
1508 }
1509
1510 static struct nf_sockopt_ops ebt_sockopts =
1511 {
1512         .pf             = PF_INET,
1513         .set_optmin     = EBT_BASE_CTL,
1514         .set_optmax     = EBT_SO_SET_MAX + 1,
1515         .set            = do_ebt_set_ctl,
1516         .get_optmin     = EBT_BASE_CTL,
1517         .get_optmax     = EBT_SO_GET_MAX + 1,
1518         .get            = do_ebt_get_ctl,
1519 };
1520
1521 static int __init ebtables_init(void)
1522 {
1523         int ret;
1524
1525         mutex_lock(&ebt_mutex);
1526         list_add(&ebt_standard_target.list, &ebt_targets);
1527         mutex_unlock(&ebt_mutex);
1528         if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1529                 return ret;
1530
1531         printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1532         return 0;
1533 }
1534
1535 static void __exit ebtables_fini(void)
1536 {
1537         nf_unregister_sockopt(&ebt_sockopts);
1538         printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1539 }
1540
1541 EXPORT_SYMBOL(ebt_register_table);
1542 EXPORT_SYMBOL(ebt_unregister_table);
1543 EXPORT_SYMBOL(ebt_register_match);
1544 EXPORT_SYMBOL(ebt_unregister_match);
1545 EXPORT_SYMBOL(ebt_register_watcher);
1546 EXPORT_SYMBOL(ebt_unregister_watcher);
1547 EXPORT_SYMBOL(ebt_register_target);
1548 EXPORT_SYMBOL(ebt_unregister_target);
1549 EXPORT_SYMBOL(ebt_do_table);
1550 module_init(ebtables_init);
1551 module_exit(ebtables_fini);
1552 MODULE_LICENSE("GPL");