Merge upstream (approx. 2.6.12-git8) into 'janitor' branch of netdev-2.6.
[linux-2.6] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 /* list_named_find */
34 #define ASSERT_READ_LOCK(x)
35 #define ASSERT_WRITE_LOCK(x)
36 #include <linux/netfilter_ipv4/listhelp.h>
37
38 #if 0
39 /* use this for remote debugging
40  * Copyright (C) 1998 by Ori Pomerantz
41  * Print the string to the appropriate tty, the one
42  * the current task uses
43  */
44 static void print_string(char *str)
45 {
46         struct tty_struct *my_tty;
47
48         /* The tty for the current task */
49         my_tty = current->signal->tty;
50         if (my_tty != NULL) {
51                 my_tty->driver->write(my_tty, 0, str, strlen(str));
52                 my_tty->driver->write(my_tty, 0, "\015\012", 2);
53         }
54 }
55
56 #define BUGPRINT(args) print_string(args);
57 #else
58 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
59                                          "report to author: "format, ## args)
60 /* #define BUGPRINT(format, args...) */
61 #endif
62 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
63                                          ": out of memory: "format, ## args)
64 /* #define MEMPRINT(format, args...) */
65
66
67
68 /*
69  * Each cpu has its own set of counters, so there is no need for write_lock in
70  * the softirq
71  * For reading or updating the counters, the user context needs to
72  * get a write_lock
73  */
74
75 /* The size of each set of counters is altered to get cache alignment */
76 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
77 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
78 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
79    COUNTER_OFFSET(n) * cpu))
80
81
82
83 static DECLARE_MUTEX(ebt_mutex);
84 static LIST_HEAD(ebt_tables);
85 static LIST_HEAD(ebt_targets);
86 static LIST_HEAD(ebt_matches);
87 static LIST_HEAD(ebt_watchers);
88
89 static struct ebt_target ebt_standard_target =
90 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
91
92 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
93    const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
94    const struct net_device *out)
95 {
96         w->u.watcher->watcher(skb, hooknr, in, out, w->data,
97            w->watcher_size);
98         /* watchers don't give a verdict */
99         return 0;
100 }
101
102 static inline int ebt_do_match (struct ebt_entry_match *m,
103    const struct sk_buff *skb, const struct net_device *in,
104    const struct net_device *out)
105 {
106         return m->u.match->match(skb, in, out, m->data,
107            m->match_size);
108 }
109
110 static inline int ebt_dev_check(char *entry, const struct net_device *device)
111 {
112         int i = 0;
113         char *devname = device->name;
114
115         if (*entry == '\0')
116                 return 0;
117         if (!device)
118                 return 1;
119         /* 1 is the wildcard token */
120         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
121                 i++;
122         return (devname[i] != entry[i] && entry[i] != 1);
123 }
124
125 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
126 /* process standard matches */
127 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
128    const struct net_device *in, const struct net_device *out)
129 {
130         int verdict, i;
131
132         if (e->bitmask & EBT_802_3) {
133                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
134                         return 1;
135         } else if (!(e->bitmask & EBT_NOPROTO) &&
136            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
137                 return 1;
138
139         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
140                 return 1;
141         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
142                 return 1;
143         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
144            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
145                 return 1;
146         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
147            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
148                 return 1;
149
150         if (e->bitmask & EBT_SOURCEMAC) {
151                 verdict = 0;
152                 for (i = 0; i < 6; i++)
153                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
154                            e->sourcemsk[i];
155                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
156                         return 1;
157         }
158         if (e->bitmask & EBT_DESTMAC) {
159                 verdict = 0;
160                 for (i = 0; i < 6; i++)
161                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
162                            e->destmsk[i];
163                 if (FWINV2(verdict != 0, EBT_IDEST) )
164                         return 1;
165         }
166         return 0;
167 }
168
169 /* Do some firewalling */
170 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
171    const struct net_device *in, const struct net_device *out,
172    struct ebt_table *table)
173 {
174         int i, nentries;
175         struct ebt_entry *point;
176         struct ebt_counter *counter_base, *cb_base;
177         struct ebt_entry_target *t;
178         int verdict, sp = 0;
179         struct ebt_chainstack *cs;
180         struct ebt_entries *chaininfo;
181         char *base;
182         struct ebt_table_info *private;
183
184         read_lock_bh(&table->lock);
185         private = table->private;
186         cb_base = COUNTER_BASE(private->counters, private->nentries,
187            smp_processor_id());
188         if (private->chainstack)
189                 cs = private->chainstack[smp_processor_id()];
190         else
191                 cs = NULL;
192         chaininfo = private->hook_entry[hook];
193         nentries = private->hook_entry[hook]->nentries;
194         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
195         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
196         /* base for chain jumps */
197         base = private->entries;
198         i = 0;
199         while (i < nentries) {
200                 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
201                         goto letscontinue;
202
203                 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
204                         goto letscontinue;
205
206                 /* increase counter */
207                 (*(counter_base + i)).pcnt++;
208                 (*(counter_base + i)).bcnt+=(**pskb).len;
209
210                 /* these should only watch: not modify, nor tell us
211                    what to do with the packet */
212                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
213                    out);
214
215                 t = (struct ebt_entry_target *)
216                    (((char *)point) + point->target_offset);
217                 /* standard target */
218                 if (!t->u.target->target)
219                         verdict = ((struct ebt_standard_target *)t)->verdict;
220                 else
221                         verdict = t->u.target->target(pskb, hook,
222                            in, out, t->data, t->target_size);
223                 if (verdict == EBT_ACCEPT) {
224                         read_unlock_bh(&table->lock);
225                         return NF_ACCEPT;
226                 }
227                 if (verdict == EBT_DROP) {
228                         read_unlock_bh(&table->lock);
229                         return NF_DROP;
230                 }
231                 if (verdict == EBT_RETURN) {
232 letsreturn:
233 #ifdef CONFIG_NETFILTER_DEBUG
234                         if (sp == 0) {
235                                 BUGPRINT("RETURN on base chain");
236                                 /* act like this is EBT_CONTINUE */
237                                 goto letscontinue;
238                         }
239 #endif
240                         sp--;
241                         /* put all the local variables right */
242                         i = cs[sp].n;
243                         chaininfo = cs[sp].chaininfo;
244                         nentries = chaininfo->nentries;
245                         point = cs[sp].e;
246                         counter_base = cb_base +
247                            chaininfo->counter_offset;
248                         continue;
249                 }
250                 if (verdict == EBT_CONTINUE)
251                         goto letscontinue;
252 #ifdef CONFIG_NETFILTER_DEBUG
253                 if (verdict < 0) {
254                         BUGPRINT("bogus standard verdict\n");
255                         read_unlock_bh(&table->lock);
256                         return NF_DROP;
257                 }
258 #endif
259                 /* jump to a udc */
260                 cs[sp].n = i + 1;
261                 cs[sp].chaininfo = chaininfo;
262                 cs[sp].e = (struct ebt_entry *)
263                    (((char *)point) + point->next_offset);
264                 i = 0;
265                 chaininfo = (struct ebt_entries *) (base + verdict);
266 #ifdef CONFIG_NETFILTER_DEBUG
267                 if (chaininfo->distinguisher) {
268                         BUGPRINT("jump to non-chain\n");
269                         read_unlock_bh(&table->lock);
270                         return NF_DROP;
271                 }
272 #endif
273                 nentries = chaininfo->nentries;
274                 point = (struct ebt_entry *)chaininfo->data;
275                 counter_base = cb_base + chaininfo->counter_offset;
276                 sp++;
277                 continue;
278 letscontinue:
279                 point = (struct ebt_entry *)
280                    (((char *)point) + point->next_offset);
281                 i++;
282         }
283
284         /* I actually like this :) */
285         if (chaininfo->policy == EBT_RETURN)
286                 goto letsreturn;
287         if (chaininfo->policy == EBT_ACCEPT) {
288                 read_unlock_bh(&table->lock);
289                 return NF_ACCEPT;
290         }
291         read_unlock_bh(&table->lock);
292         return NF_DROP;
293 }
294
295 /* If it succeeds, returns element and locks mutex */
296 static inline void *
297 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
298    struct semaphore *mutex)
299 {
300         void *ret;
301
302         *error = down_interruptible(mutex);
303         if (*error != 0)
304                 return NULL;
305
306         ret = list_named_find(head, name);
307         if (!ret) {
308                 *error = -ENOENT;
309                 up(mutex);
310         }
311         return ret;
312 }
313
314 #ifndef CONFIG_KMOD
315 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
316 #else
317 static void *
318 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
319    int *error, struct semaphore *mutex)
320 {
321         void *ret;
322
323         ret = find_inlist_lock_noload(head, name, error, mutex);
324         if (!ret) {
325                 request_module("%s%s", prefix, name);
326                 ret = find_inlist_lock_noload(head, name, error, mutex);
327         }
328         return ret;
329 }
330 #endif
331
332 static inline struct ebt_table *
333 find_table_lock(const char *name, int *error, struct semaphore *mutex)
334 {
335         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
336 }
337
338 static inline struct ebt_match *
339 find_match_lock(const char *name, int *error, struct semaphore *mutex)
340 {
341         return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
342 }
343
344 static inline struct ebt_watcher *
345 find_watcher_lock(const char *name, int *error, struct semaphore *mutex)
346 {
347         return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
348 }
349
350 static inline struct ebt_target *
351 find_target_lock(const char *name, int *error, struct semaphore *mutex)
352 {
353         return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
354 }
355
356 static inline int
357 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
358    const char *name, unsigned int hookmask, unsigned int *cnt)
359 {
360         struct ebt_match *match;
361         int ret;
362
363         if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
364            ((char *)e) + e->watchers_offset)
365                 return -EINVAL;
366         match = find_match_lock(m->u.name, &ret, &ebt_mutex);
367         if (!match)
368                 return ret;
369         m->u.match = match;
370         if (!try_module_get(match->me)) {
371                 up(&ebt_mutex);
372                 return -ENOENT;
373         }
374         up(&ebt_mutex);
375         if (match->check &&
376            match->check(name, hookmask, e, m->data, m->match_size) != 0) {
377                 BUGPRINT("match->check failed\n");
378                 module_put(match->me);
379                 return -EINVAL;
380         }
381         (*cnt)++;
382         return 0;
383 }
384
385 static inline int
386 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
387    const char *name, unsigned int hookmask, unsigned int *cnt)
388 {
389         struct ebt_watcher *watcher;
390         int ret;
391
392         if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
393            ((char *)e) + e->target_offset)
394                 return -EINVAL;
395         watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
396         if (!watcher)
397                 return ret;
398         w->u.watcher = watcher;
399         if (!try_module_get(watcher->me)) {
400                 up(&ebt_mutex);
401                 return -ENOENT;
402         }
403         up(&ebt_mutex);
404         if (watcher->check &&
405            watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
406                 BUGPRINT("watcher->check failed\n");
407                 module_put(watcher->me);
408                 return -EINVAL;
409         }
410         (*cnt)++;
411         return 0;
412 }
413
414 /*
415  * this one is very careful, as it is the first function
416  * to parse the userspace data
417  */
418 static inline int
419 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
420    struct ebt_table_info *newinfo, char *base, char *limit,
421    struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
422    unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
423 {
424         int i;
425
426         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
427                 if ((valid_hooks & (1 << i)) == 0)
428                         continue;
429                 if ( (char *)hook_entries[i] - base ==
430                    (char *)e - newinfo->entries)
431                         break;
432         }
433         /* beginning of a new chain
434            if i == NF_BR_NUMHOOKS it must be a user defined chain */
435         if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
436                 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
437                         /* we make userspace set this right,
438                            so there is no misunderstanding */
439                         BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
440                                  "in distinguisher\n");
441                         return -EINVAL;
442                 }
443                 /* this checks if the previous chain has as many entries
444                    as it said it has */
445                 if (*n != *cnt) {
446                         BUGPRINT("nentries does not equal the nr of entries "
447                                  "in the chain\n");
448                         return -EINVAL;
449                 }
450                 /* before we look at the struct, be sure it is not too big */
451                 if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
452                    > limit) {
453                         BUGPRINT("entries_size too small\n");
454                         return -EINVAL;
455                 }
456                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
457                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
458                         /* only RETURN from udc */
459                         if (i != NF_BR_NUMHOOKS ||
460                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
461                                 BUGPRINT("bad policy\n");
462                                 return -EINVAL;
463                         }
464                 }
465                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
466                         (*udc_cnt)++;
467                 else
468                         newinfo->hook_entry[i] = (struct ebt_entries *)e;
469                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
470                         BUGPRINT("counter_offset != totalcnt");
471                         return -EINVAL;
472                 }
473                 *n = ((struct ebt_entries *)e)->nentries;
474                 *cnt = 0;
475                 return 0;
476         }
477         /* a plain old entry, heh */
478         if (sizeof(struct ebt_entry) > e->watchers_offset ||
479            e->watchers_offset > e->target_offset ||
480            e->target_offset >= e->next_offset) {
481                 BUGPRINT("entry offsets not in right order\n");
482                 return -EINVAL;
483         }
484         /* this is not checked anywhere else */
485         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
486                 BUGPRINT("target size too small\n");
487                 return -EINVAL;
488         }
489
490         (*cnt)++;
491         (*totalcnt)++;
492         return 0;
493 }
494
495 struct ebt_cl_stack
496 {
497         struct ebt_chainstack cs;
498         int from;
499         unsigned int hookmask;
500 };
501
502 /*
503  * we need these positions to check that the jumps to a different part of the
504  * entries is a jump to the beginning of a new chain.
505  */
506 static inline int
507 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
508    struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
509    struct ebt_cl_stack *udc)
510 {
511         int i;
512
513         /* we're only interested in chain starts */
514         if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
515                 return 0;
516         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
517                 if ((valid_hooks & (1 << i)) == 0)
518                         continue;
519                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
520                         break;
521         }
522         /* only care about udc */
523         if (i != NF_BR_NUMHOOKS)
524                 return 0;
525
526         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
527         /* these initialisations are depended on later in check_chainloops() */
528         udc[*n].cs.n = 0;
529         udc[*n].hookmask = 0;
530
531         (*n)++;
532         return 0;
533 }
534
535 static inline int
536 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
537 {
538         if (i && (*i)-- == 0)
539                 return 1;
540         if (m->u.match->destroy)
541                 m->u.match->destroy(m->data, m->match_size);
542         module_put(m->u.match->me);
543
544         return 0;
545 }
546
547 static inline int
548 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
549 {
550         if (i && (*i)-- == 0)
551                 return 1;
552         if (w->u.watcher->destroy)
553                 w->u.watcher->destroy(w->data, w->watcher_size);
554         module_put(w->u.watcher->me);
555
556         return 0;
557 }
558
559 static inline int
560 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
561 {
562         struct ebt_entry_target *t;
563
564         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
565                 return 0;
566         /* we're done */
567         if (cnt && (*cnt)-- == 0)
568                 return 1;
569         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
570         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
571         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
572         if (t->u.target->destroy)
573                 t->u.target->destroy(t->data, t->target_size);
574         module_put(t->u.target->me);
575
576         return 0;
577 }
578
579 static inline int
580 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
581    const char *name, unsigned int *cnt, unsigned int valid_hooks,
582    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
583 {
584         struct ebt_entry_target *t;
585         struct ebt_target *target;
586         unsigned int i, j, hook = 0, hookmask = 0;
587         int ret;
588
589         /* don't mess with the struct ebt_entries */
590         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
591                 return 0;
592
593         if (e->bitmask & ~EBT_F_MASK) {
594                 BUGPRINT("Unknown flag for bitmask\n");
595                 return -EINVAL;
596         }
597         if (e->invflags & ~EBT_INV_MASK) {
598                 BUGPRINT("Unknown flag for inv bitmask\n");
599                 return -EINVAL;
600         }
601         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
602                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
603                 return -EINVAL;
604         }
605         /* what hook do we belong to? */
606         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
607                 if ((valid_hooks & (1 << i)) == 0)
608                         continue;
609                 if ((char *)newinfo->hook_entry[i] < (char *)e)
610                         hook = i;
611                 else
612                         break;
613         }
614         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
615            a base chain */
616         if (i < NF_BR_NUMHOOKS)
617                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
618         else {
619                 for (i = 0; i < udc_cnt; i++)
620                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
621                                 break;
622                 if (i == 0)
623                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
624                 else
625                         hookmask = cl_s[i - 1].hookmask;
626         }
627         i = 0;
628         ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
629         if (ret != 0)
630                 goto cleanup_matches;
631         j = 0;
632         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
633         if (ret != 0)
634                 goto cleanup_watchers;
635         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
636         target = find_target_lock(t->u.name, &ret, &ebt_mutex);
637         if (!target)
638                 goto cleanup_watchers;
639         if (!try_module_get(target->me)) {
640                 up(&ebt_mutex);
641                 ret = -ENOENT;
642                 goto cleanup_watchers;
643         }
644         up(&ebt_mutex);
645
646         t->u.target = target;
647         if (t->u.target == &ebt_standard_target) {
648                 if (e->target_offset + sizeof(struct ebt_standard_target) >
649                    e->next_offset) {
650                         BUGPRINT("Standard target size too big\n");
651                         ret = -EFAULT;
652                         goto cleanup_watchers;
653                 }
654                 if (((struct ebt_standard_target *)t)->verdict <
655                    -NUM_STANDARD_TARGETS) {
656                         BUGPRINT("Invalid standard target\n");
657                         ret = -EFAULT;
658                         goto cleanup_watchers;
659                 }
660         } else if ((e->target_offset + t->target_size +
661            sizeof(struct ebt_entry_target) > e->next_offset) ||
662            (t->u.target->check &&
663            t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
664                 module_put(t->u.target->me);
665                 ret = -EFAULT;
666                 goto cleanup_watchers;
667         }
668         (*cnt)++;
669         return 0;
670 cleanup_watchers:
671         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
672 cleanup_matches:
673         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
674         return ret;
675 }
676
677 /*
678  * checks for loops and sets the hook mask for udc
679  * the hook mask for udc tells us from which base chains the udc can be
680  * accessed. This mask is a parameter to the check() functions of the extensions
681  */
682 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
683    unsigned int udc_cnt, unsigned int hooknr, char *base)
684 {
685         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
686         struct ebt_entry *e = (struct ebt_entry *)chain->data;
687         struct ebt_entry_target *t;
688
689         while (pos < nentries || chain_nr != -1) {
690                 /* end of udc, go back one 'recursion' step */
691                 if (pos == nentries) {
692                         /* put back values of the time when this chain was called */
693                         e = cl_s[chain_nr].cs.e;
694                         if (cl_s[chain_nr].from != -1)
695                                 nentries =
696                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
697                         else
698                                 nentries = chain->nentries;
699                         pos = cl_s[chain_nr].cs.n;
700                         /* make sure we won't see a loop that isn't one */
701                         cl_s[chain_nr].cs.n = 0;
702                         chain_nr = cl_s[chain_nr].from;
703                         if (pos == nentries)
704                                 continue;
705                 }
706                 t = (struct ebt_entry_target *)
707                    (((char *)e) + e->target_offset);
708                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
709                         goto letscontinue;
710                 if (e->target_offset + sizeof(struct ebt_standard_target) >
711                    e->next_offset) {
712                         BUGPRINT("Standard target size too big\n");
713                         return -1;
714                 }
715                 verdict = ((struct ebt_standard_target *)t)->verdict;
716                 if (verdict >= 0) { /* jump to another chain */
717                         struct ebt_entries *hlp2 =
718                            (struct ebt_entries *)(base + verdict);
719                         for (i = 0; i < udc_cnt; i++)
720                                 if (hlp2 == cl_s[i].cs.chaininfo)
721                                         break;
722                         /* bad destination or loop */
723                         if (i == udc_cnt) {
724                                 BUGPRINT("bad destination\n");
725                                 return -1;
726                         }
727                         if (cl_s[i].cs.n) {
728                                 BUGPRINT("loop\n");
729                                 return -1;
730                         }
731                         /* this can't be 0, so the above test is correct */
732                         cl_s[i].cs.n = pos + 1;
733                         pos = 0;
734                         cl_s[i].cs.e = ((void *)e + e->next_offset);
735                         e = (struct ebt_entry *)(hlp2->data);
736                         nentries = hlp2->nentries;
737                         cl_s[i].from = chain_nr;
738                         chain_nr = i;
739                         /* this udc is accessible from the base chain for hooknr */
740                         cl_s[i].hookmask |= (1 << hooknr);
741                         continue;
742                 }
743 letscontinue:
744                 e = (void *)e + e->next_offset;
745                 pos++;
746         }
747         return 0;
748 }
749
750 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
751 static int translate_table(struct ebt_replace *repl,
752    struct ebt_table_info *newinfo)
753 {
754         unsigned int i, j, k, udc_cnt;
755         int ret;
756         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
757
758         i = 0;
759         while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
760                 i++;
761         if (i == NF_BR_NUMHOOKS) {
762                 BUGPRINT("No valid hooks specified\n");
763                 return -EINVAL;
764         }
765         if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
766                 BUGPRINT("Chains don't start at beginning\n");
767                 return -EINVAL;
768         }
769         /* make sure chains are ordered after each other in same order
770            as their corresponding hooks */
771         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
772                 if (!(repl->valid_hooks & (1 << j)))
773                         continue;
774                 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
775                         BUGPRINT("Hook order must be followed\n");
776                         return -EINVAL;
777                 }
778                 i = j;
779         }
780
781         for (i = 0; i < NF_BR_NUMHOOKS; i++)
782                 newinfo->hook_entry[i] = NULL;
783
784         newinfo->entries_size = repl->entries_size;
785         newinfo->nentries = repl->nentries;
786
787         /* do some early checkings and initialize some things */
788         i = 0; /* holds the expected nr. of entries for the chain */
789         j = 0; /* holds the up to now counted entries for the chain */
790         k = 0; /* holds the total nr. of entries, should equal
791                   newinfo->nentries afterwards */
792         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
793         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
794            ebt_check_entry_size_and_hooks, newinfo, repl->entries,
795            repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
796            &udc_cnt, repl->valid_hooks);
797
798         if (ret != 0)
799                 return ret;
800
801         if (i != j) {
802                 BUGPRINT("nentries does not equal the nr of entries in the "
803                          "(last) chain\n");
804                 return -EINVAL;
805         }
806         if (k != newinfo->nentries) {
807                 BUGPRINT("Total nentries is wrong\n");
808                 return -EINVAL;
809         }
810
811         /* check if all valid hooks have a chain */
812         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
813                 if (newinfo->hook_entry[i] == NULL &&
814                    (repl->valid_hooks & (1 << i))) {
815                         BUGPRINT("Valid hook without chain\n");
816                         return -EINVAL;
817                 }
818         }
819
820         /* get the location of the udc, put them in an array
821            while we're at it, allocate the chainstack */
822         if (udc_cnt) {
823                 /* this will get free'd in do_replace()/ebt_register_table()
824                    if an error occurs */
825                 newinfo->chainstack = (struct ebt_chainstack **)
826                    vmalloc(num_possible_cpus() * sizeof(struct ebt_chainstack));
827                 if (!newinfo->chainstack)
828                         return -ENOMEM;
829                 for (i = 0; i < num_possible_cpus(); i++) {
830                         newinfo->chainstack[i] =
831                            vmalloc(udc_cnt * sizeof(struct ebt_chainstack));
832                         if (!newinfo->chainstack[i]) {
833                                 while (i)
834                                         vfree(newinfo->chainstack[--i]);
835                                 vfree(newinfo->chainstack);
836                                 newinfo->chainstack = NULL;
837                                 return -ENOMEM;
838                         }
839                 }
840
841                 cl_s = (struct ebt_cl_stack *)
842                    vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
843                 if (!cl_s)
844                         return -ENOMEM;
845                 i = 0; /* the i'th udc */
846                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
847                    ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
848                    repl->valid_hooks, cl_s);
849                 /* sanity check */
850                 if (i != udc_cnt) {
851                         BUGPRINT("i != udc_cnt\n");
852                         vfree(cl_s);
853                         return -EFAULT;
854                 }
855         }
856
857         /* Check for loops */
858         for (i = 0; i < NF_BR_NUMHOOKS; i++)
859                 if (repl->valid_hooks & (1 << i))
860                         if (check_chainloops(newinfo->hook_entry[i],
861                            cl_s, udc_cnt, i, newinfo->entries)) {
862                                 vfree(cl_s);
863                                 return -EINVAL;
864                         }
865
866         /* we now know the following (along with E=mc²):
867            - the nr of entries in each chain is right
868            - the size of the allocated space is right
869            - all valid hooks have a corresponding chain
870            - there are no loops
871            - wrong data can still be on the level of a single entry
872            - could be there are jumps to places that are not the
873              beginning of a chain. This can only occur in chains that
874              are not accessible from any base chains, so we don't care. */
875
876         /* used to know what we need to clean up if something goes wrong */
877         i = 0;
878         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
879            ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
880            cl_s, udc_cnt);
881         if (ret != 0) {
882                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
883                    ebt_cleanup_entry, &i);
884         }
885         vfree(cl_s);
886         return ret;
887 }
888
889 /* called under write_lock */
890 static void get_counters(struct ebt_counter *oldcounters,
891    struct ebt_counter *counters, unsigned int nentries)
892 {
893         int i, cpu;
894         struct ebt_counter *counter_base;
895
896         /* counters of cpu 0 */
897         memcpy(counters, oldcounters,
898            sizeof(struct ebt_counter) * nentries);
899         /* add other counters to those of cpu 0 */
900         for (cpu = 1; cpu < num_possible_cpus(); cpu++) {
901                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
902                 for (i = 0; i < nentries; i++) {
903                         counters[i].pcnt += counter_base[i].pcnt;
904                         counters[i].bcnt += counter_base[i].bcnt;
905                 }
906         }
907 }
908
909 /* replace the table */
910 static int do_replace(void __user *user, unsigned int len)
911 {
912         int ret, i, countersize;
913         struct ebt_table_info *newinfo;
914         struct ebt_replace tmp;
915         struct ebt_table *t;
916         struct ebt_counter *counterstmp = NULL;
917         /* used to be able to unlock earlier */
918         struct ebt_table_info *table;
919
920         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
921                 return -EFAULT;
922
923         if (len != sizeof(tmp) + tmp.entries_size) {
924                 BUGPRINT("Wrong len argument\n");
925                 return -EINVAL;
926         }
927
928         if (tmp.entries_size == 0) {
929                 BUGPRINT("Entries_size never zero\n");
930                 return -EINVAL;
931         }
932         countersize = COUNTER_OFFSET(tmp.nentries) * num_possible_cpus();
933         newinfo = (struct ebt_table_info *)
934            vmalloc(sizeof(struct ebt_table_info) + countersize);
935         if (!newinfo)
936                 return -ENOMEM;
937
938         if (countersize)
939                 memset(newinfo->counters, 0, countersize);
940
941         newinfo->entries = (char *)vmalloc(tmp.entries_size);
942         if (!newinfo->entries) {
943                 ret = -ENOMEM;
944                 goto free_newinfo;
945         }
946         if (copy_from_user(
947            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
948                 BUGPRINT("Couldn't copy entries from userspace\n");
949                 ret = -EFAULT;
950                 goto free_entries;
951         }
952
953         /* the user wants counters back
954            the check on the size is done later, when we have the lock */
955         if (tmp.num_counters) {
956                 counterstmp = (struct ebt_counter *)
957                    vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
958                 if (!counterstmp) {
959                         ret = -ENOMEM;
960                         goto free_entries;
961                 }
962         }
963         else
964                 counterstmp = NULL;
965
966         /* this can get initialized by translate_table() */
967         newinfo->chainstack = NULL;
968         ret = translate_table(&tmp, newinfo);
969
970         if (ret != 0)
971                 goto free_counterstmp;
972
973         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
974         if (!t) {
975                 ret = -ENOENT;
976                 goto free_iterate;
977         }
978
979         /* the table doesn't like it */
980         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
981                 goto free_unlock;
982
983         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
984                 BUGPRINT("Wrong nr. of counters requested\n");
985                 ret = -EINVAL;
986                 goto free_unlock;
987         }
988
989         /* we have the mutex lock, so no danger in reading this pointer */
990         table = t->private;
991         /* make sure the table can only be rmmod'ed if it contains no rules */
992         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
993                 ret = -ENOENT;
994                 goto free_unlock;
995         } else if (table->nentries && !newinfo->nentries)
996                 module_put(t->me);
997         /* we need an atomic snapshot of the counters */
998         write_lock_bh(&t->lock);
999         if (tmp.num_counters)
1000                 get_counters(t->private->counters, counterstmp,
1001                    t->private->nentries);
1002
1003         t->private = newinfo;
1004         write_unlock_bh(&t->lock);
1005         up(&ebt_mutex);
1006         /* so, a user can change the chains while having messed up her counter
1007            allocation. Only reason why this is done is because this way the lock
1008            is held only once, while this doesn't bring the kernel into a
1009            dangerous state. */
1010         if (tmp.num_counters &&
1011            copy_to_user(tmp.counters, counterstmp,
1012            tmp.num_counters * sizeof(struct ebt_counter))) {
1013                 BUGPRINT("Couldn't copy counters to userspace\n");
1014                 ret = -EFAULT;
1015         }
1016         else
1017                 ret = 0;
1018
1019         /* decrease module count and free resources */
1020         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1021            ebt_cleanup_entry, NULL);
1022
1023         vfree(table->entries);
1024         if (table->chainstack) {
1025                 for (i = 0; i < num_possible_cpus(); i++)
1026                         vfree(table->chainstack[i]);
1027                 vfree(table->chainstack);
1028         }
1029         vfree(table);
1030
1031         vfree(counterstmp);
1032         return ret;
1033
1034 free_unlock:
1035         up(&ebt_mutex);
1036 free_iterate:
1037         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1038            ebt_cleanup_entry, NULL);
1039 free_counterstmp:
1040         vfree(counterstmp);
1041         /* can be initialized in translate_table() */
1042         if (newinfo->chainstack) {
1043                 for (i = 0; i < num_possible_cpus(); i++)
1044                         vfree(newinfo->chainstack[i]);
1045                 vfree(newinfo->chainstack);
1046         }
1047 free_entries:
1048         vfree(newinfo->entries);
1049 free_newinfo:
1050         vfree(newinfo);
1051         return ret;
1052 }
1053
1054 int ebt_register_target(struct ebt_target *target)
1055 {
1056         int ret;
1057
1058         ret = down_interruptible(&ebt_mutex);
1059         if (ret != 0)
1060                 return ret;
1061         if (!list_named_insert(&ebt_targets, target)) {
1062                 up(&ebt_mutex);
1063                 return -EEXIST;
1064         }
1065         up(&ebt_mutex);
1066
1067         return 0;
1068 }
1069
1070 void ebt_unregister_target(struct ebt_target *target)
1071 {
1072         down(&ebt_mutex);
1073         LIST_DELETE(&ebt_targets, target);
1074         up(&ebt_mutex);
1075 }
1076
1077 int ebt_register_match(struct ebt_match *match)
1078 {
1079         int ret;
1080
1081         ret = down_interruptible(&ebt_mutex);
1082         if (ret != 0)
1083                 return ret;
1084         if (!list_named_insert(&ebt_matches, match)) {
1085                 up(&ebt_mutex);
1086                 return -EEXIST;
1087         }
1088         up(&ebt_mutex);
1089
1090         return 0;
1091 }
1092
1093 void ebt_unregister_match(struct ebt_match *match)
1094 {
1095         down(&ebt_mutex);
1096         LIST_DELETE(&ebt_matches, match);
1097         up(&ebt_mutex);
1098 }
1099
1100 int ebt_register_watcher(struct ebt_watcher *watcher)
1101 {
1102         int ret;
1103
1104         ret = down_interruptible(&ebt_mutex);
1105         if (ret != 0)
1106                 return ret;
1107         if (!list_named_insert(&ebt_watchers, watcher)) {
1108                 up(&ebt_mutex);
1109                 return -EEXIST;
1110         }
1111         up(&ebt_mutex);
1112
1113         return 0;
1114 }
1115
1116 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1117 {
1118         down(&ebt_mutex);
1119         LIST_DELETE(&ebt_watchers, watcher);
1120         up(&ebt_mutex);
1121 }
1122
1123 int ebt_register_table(struct ebt_table *table)
1124 {
1125         struct ebt_table_info *newinfo;
1126         int ret, i, countersize;
1127
1128         if (!table || !table->table ||!table->table->entries ||
1129             table->table->entries_size == 0 ||
1130             table->table->counters || table->private) {
1131                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1132                 return -EINVAL;
1133         }
1134
1135         countersize = COUNTER_OFFSET(table->table->nentries) * num_possible_cpus();
1136         newinfo = (struct ebt_table_info *)
1137            vmalloc(sizeof(struct ebt_table_info) + countersize);
1138         ret = -ENOMEM;
1139         if (!newinfo)
1140                 return -ENOMEM;
1141
1142         newinfo->entries = (char *)vmalloc(table->table->entries_size);
1143         if (!(newinfo->entries))
1144                 goto free_newinfo;
1145
1146         memcpy(newinfo->entries, table->table->entries,
1147            table->table->entries_size);
1148
1149         if (countersize)
1150                 memset(newinfo->counters, 0, countersize);
1151
1152         /* fill in newinfo and parse the entries */
1153         newinfo->chainstack = NULL;
1154         ret = translate_table(table->table, newinfo);
1155         if (ret != 0) {
1156                 BUGPRINT("Translate_table failed\n");
1157                 goto free_chainstack;
1158         }
1159
1160         if (table->check && table->check(newinfo, table->valid_hooks)) {
1161                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1162                 return -EINVAL;
1163         }
1164
1165         table->private = newinfo;
1166         rwlock_init(&table->lock);
1167         ret = down_interruptible(&ebt_mutex);
1168         if (ret != 0)
1169                 goto free_chainstack;
1170
1171         if (list_named_find(&ebt_tables, table->name)) {
1172                 ret = -EEXIST;
1173                 BUGPRINT("Table name already exists\n");
1174                 goto free_unlock;
1175         }
1176
1177         /* Hold a reference count if the chains aren't empty */
1178         if (newinfo->nentries && !try_module_get(table->me)) {
1179                 ret = -ENOENT;
1180                 goto free_unlock;
1181         }
1182         list_prepend(&ebt_tables, table);
1183         up(&ebt_mutex);
1184         return 0;
1185 free_unlock:
1186         up(&ebt_mutex);
1187 free_chainstack:
1188         if (newinfo->chainstack) {
1189                 for (i = 0; i < num_possible_cpus(); i++)
1190                         vfree(newinfo->chainstack[i]);
1191                 vfree(newinfo->chainstack);
1192         }
1193         vfree(newinfo->entries);
1194 free_newinfo:
1195         vfree(newinfo);
1196         return ret;
1197 }
1198
1199 void ebt_unregister_table(struct ebt_table *table)
1200 {
1201         int i;
1202
1203         if (!table) {
1204                 BUGPRINT("Request to unregister NULL table!!!\n");
1205                 return;
1206         }
1207         down(&ebt_mutex);
1208         LIST_DELETE(&ebt_tables, table);
1209         up(&ebt_mutex);
1210         vfree(table->private->entries);
1211         if (table->private->chainstack) {
1212                 for (i = 0; i < num_possible_cpus(); i++)
1213                         vfree(table->private->chainstack[i]);
1214                 vfree(table->private->chainstack);
1215         }
1216         vfree(table->private);
1217 }
1218
1219 /* userspace just supplied us with counters */
1220 static int update_counters(void __user *user, unsigned int len)
1221 {
1222         int i, ret;
1223         struct ebt_counter *tmp;
1224         struct ebt_replace hlp;
1225         struct ebt_table *t;
1226
1227         if (copy_from_user(&hlp, user, sizeof(hlp)))
1228                 return -EFAULT;
1229
1230         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1231                 return -EINVAL;
1232         if (hlp.num_counters == 0)
1233                 return -EINVAL;
1234
1235         if ( !(tmp = (struct ebt_counter *)
1236            vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1237                 MEMPRINT("Update_counters && nomemory\n");
1238                 return -ENOMEM;
1239         }
1240
1241         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1242         if (!t)
1243                 goto free_tmp;
1244
1245         if (hlp.num_counters != t->private->nentries) {
1246                 BUGPRINT("Wrong nr of counters\n");
1247                 ret = -EINVAL;
1248                 goto unlock_mutex;
1249         }
1250
1251         if ( copy_from_user(tmp, hlp.counters,
1252            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1253                 BUGPRINT("Updata_counters && !cfu\n");
1254                 ret = -EFAULT;
1255                 goto unlock_mutex;
1256         }
1257
1258         /* we want an atomic add of the counters */
1259         write_lock_bh(&t->lock);
1260
1261         /* we add to the counters of the first cpu */
1262         for (i = 0; i < hlp.num_counters; i++) {
1263                 t->private->counters[i].pcnt += tmp[i].pcnt;
1264                 t->private->counters[i].bcnt += tmp[i].bcnt;
1265         }
1266
1267         write_unlock_bh(&t->lock);
1268         ret = 0;
1269 unlock_mutex:
1270         up(&ebt_mutex);
1271 free_tmp:
1272         vfree(tmp);
1273         return ret;
1274 }
1275
1276 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1277    char *base, char *ubase)
1278 {
1279         char *hlp = ubase - base + (char *)m;
1280         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1281                 return -EFAULT;
1282         return 0;
1283 }
1284
1285 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1286    char *base, char *ubase)
1287 {
1288         char *hlp = ubase - base + (char *)w;
1289         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1290                 return -EFAULT;
1291         return 0;
1292 }
1293
1294 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1295 {
1296         int ret;
1297         char *hlp;
1298         struct ebt_entry_target *t;
1299
1300         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
1301                 return 0;
1302
1303         hlp = ubase - base + (char *)e + e->target_offset;
1304         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1305         
1306         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1307         if (ret != 0)
1308                 return ret;
1309         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1310         if (ret != 0)
1311                 return ret;
1312         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1313                 return -EFAULT;
1314         return 0;
1315 }
1316
1317 /* called with ebt_mutex down */
1318 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1319    int *len, int cmd)
1320 {
1321         struct ebt_replace tmp;
1322         struct ebt_counter *counterstmp, *oldcounters;
1323         unsigned int entries_size, nentries;
1324         char *entries;
1325
1326         if (cmd == EBT_SO_GET_ENTRIES) {
1327                 entries_size = t->private->entries_size;
1328                 nentries = t->private->nentries;
1329                 entries = t->private->entries;
1330                 oldcounters = t->private->counters;
1331         } else {
1332                 entries_size = t->table->entries_size;
1333                 nentries = t->table->nentries;
1334                 entries = t->table->entries;
1335                 oldcounters = t->table->counters;
1336         }
1337
1338         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1339                 BUGPRINT("Cfu didn't work\n");
1340                 return -EFAULT;
1341         }
1342
1343         if (*len != sizeof(struct ebt_replace) + entries_size +
1344            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1345                 BUGPRINT("Wrong size\n");
1346                 return -EINVAL;
1347         }
1348
1349         if (tmp.nentries != nentries) {
1350                 BUGPRINT("Nentries wrong\n");
1351                 return -EINVAL;
1352         }
1353
1354         if (tmp.entries_size != entries_size) {
1355                 BUGPRINT("Wrong size\n");
1356                 return -EINVAL;
1357         }
1358
1359         /* userspace might not need the counters */
1360         if (tmp.num_counters) {
1361                 if (tmp.num_counters != nentries) {
1362                         BUGPRINT("Num_counters wrong\n");
1363                         return -EINVAL;
1364                 }
1365                 counterstmp = (struct ebt_counter *)
1366                    vmalloc(nentries * sizeof(struct ebt_counter));
1367                 if (!counterstmp) {
1368                         MEMPRINT("Couldn't copy counters, out of memory\n");
1369                         return -ENOMEM;
1370                 }
1371                 write_lock_bh(&t->lock);
1372                 get_counters(oldcounters, counterstmp, nentries);
1373                 write_unlock_bh(&t->lock);
1374
1375                 if (copy_to_user(tmp.counters, counterstmp,
1376                    nentries * sizeof(struct ebt_counter))) {
1377                         BUGPRINT("Couldn't copy counters to userspace\n");
1378                         vfree(counterstmp);
1379                         return -EFAULT;
1380                 }
1381                 vfree(counterstmp);
1382         }
1383
1384         if (copy_to_user(tmp.entries, entries, entries_size)) {
1385                 BUGPRINT("Couldn't copy entries to userspace\n");
1386                 return -EFAULT;
1387         }
1388         /* set the match/watcher/target names right */
1389         return EBT_ENTRY_ITERATE(entries, entries_size,
1390            ebt_make_names, entries, tmp.entries);
1391 }
1392
1393 static int do_ebt_set_ctl(struct sock *sk,
1394         int cmd, void __user *user, unsigned int len)
1395 {
1396         int ret;
1397
1398         switch(cmd) {
1399         case EBT_SO_SET_ENTRIES:
1400                 ret = do_replace(user, len);
1401                 break;
1402         case EBT_SO_SET_COUNTERS:
1403                 ret = update_counters(user, len);
1404                 break;
1405         default:
1406                 ret = -EINVAL;
1407   }
1408         return ret;
1409 }
1410
1411 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1412 {
1413         int ret;
1414         struct ebt_replace tmp;
1415         struct ebt_table *t;
1416
1417         if (copy_from_user(&tmp, user, sizeof(tmp)))
1418                 return -EFAULT;
1419
1420         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1421         if (!t)
1422                 return ret;
1423
1424         switch(cmd) {
1425         case EBT_SO_GET_INFO:
1426         case EBT_SO_GET_INIT_INFO:
1427                 if (*len != sizeof(struct ebt_replace)){
1428                         ret = -EINVAL;
1429                         up(&ebt_mutex);
1430                         break;
1431                 }
1432                 if (cmd == EBT_SO_GET_INFO) {
1433                         tmp.nentries = t->private->nentries;
1434                         tmp.entries_size = t->private->entries_size;
1435                         tmp.valid_hooks = t->valid_hooks;
1436                 } else {
1437                         tmp.nentries = t->table->nentries;
1438                         tmp.entries_size = t->table->entries_size;
1439                         tmp.valid_hooks = t->table->valid_hooks;
1440                 }
1441                 up(&ebt_mutex);
1442                 if (copy_to_user(user, &tmp, *len) != 0){
1443                         BUGPRINT("c2u Didn't work\n");
1444                         ret = -EFAULT;
1445                         break;
1446                 }
1447                 ret = 0;
1448                 break;
1449
1450         case EBT_SO_GET_ENTRIES:
1451         case EBT_SO_GET_INIT_ENTRIES:
1452                 ret = copy_everything_to_user(t, user, len, cmd);
1453                 up(&ebt_mutex);
1454                 break;
1455
1456         default:
1457                 up(&ebt_mutex);
1458                 ret = -EINVAL;
1459         }
1460
1461         return ret;
1462 }
1463
1464 static struct nf_sockopt_ops ebt_sockopts =
1465 { { NULL, NULL }, PF_INET, EBT_BASE_CTL, EBT_SO_SET_MAX + 1, do_ebt_set_ctl,
1466     EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL
1467 };
1468
1469 static int __init init(void)
1470 {
1471         int ret;
1472
1473         down(&ebt_mutex);
1474         list_named_insert(&ebt_targets, &ebt_standard_target);
1475         up(&ebt_mutex);
1476         if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1477                 return ret;
1478
1479         printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1480         return 0;
1481 }
1482
1483 static void __exit fini(void)
1484 {
1485         nf_unregister_sockopt(&ebt_sockopts);
1486         printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1487 }
1488
1489 EXPORT_SYMBOL(ebt_register_table);
1490 EXPORT_SYMBOL(ebt_unregister_table);
1491 EXPORT_SYMBOL(ebt_register_match);
1492 EXPORT_SYMBOL(ebt_unregister_match);
1493 EXPORT_SYMBOL(ebt_register_watcher);
1494 EXPORT_SYMBOL(ebt_unregister_watcher);
1495 EXPORT_SYMBOL(ebt_register_target);
1496 EXPORT_SYMBOL(ebt_unregister_target);
1497 EXPORT_SYMBOL(ebt_do_table);
1498 module_init(init);
1499 module_exit(fini);
1500 MODULE_LICENSE("GPL");