[SCSI] fusion - memory leak, and initializing fields
[linux-2.6] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <linux/cpumask.h>
30 #include <net/sock.h>
31 /* needed for logical [in,out]-dev filtering */
32 #include "../br_private.h"
33
34 /* list_named_find */
35 #define ASSERT_READ_LOCK(x)
36 #define ASSERT_WRITE_LOCK(x)
37 #include <linux/netfilter_ipv4/listhelp.h>
38
39 #if 0
40 /* use this for remote debugging
41  * Copyright (C) 1998 by Ori Pomerantz
42  * Print the string to the appropriate tty, the one
43  * the current task uses
44  */
45 static void print_string(char *str)
46 {
47         struct tty_struct *my_tty;
48
49         /* The tty for the current task */
50         my_tty = current->signal->tty;
51         if (my_tty != NULL) {
52                 my_tty->driver->write(my_tty, 0, str, strlen(str));
53                 my_tty->driver->write(my_tty, 0, "\015\012", 2);
54         }
55 }
56
57 #define BUGPRINT(args) print_string(args);
58 #else
59 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
60                                          "report to author: "format, ## args)
61 /* #define BUGPRINT(format, args...) */
62 #endif
63 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
64                                          ": out of memory: "format, ## args)
65 /* #define MEMPRINT(format, args...) */
66
67
68
69 /*
70  * Each cpu has its own set of counters, so there is no need for write_lock in
71  * the softirq
72  * For reading or updating the counters, the user context needs to
73  * get a write_lock
74  */
75
76 /* The size of each set of counters is altered to get cache alignment */
77 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
78 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
79 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
80    COUNTER_OFFSET(n) * cpu))
81
82
83
84 static DECLARE_MUTEX(ebt_mutex);
85 static LIST_HEAD(ebt_tables);
86 static LIST_HEAD(ebt_targets);
87 static LIST_HEAD(ebt_matches);
88 static LIST_HEAD(ebt_watchers);
89
90 static struct ebt_target ebt_standard_target =
91 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
92
93 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
94    const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
95    const struct net_device *out)
96 {
97         w->u.watcher->watcher(skb, hooknr, in, out, w->data,
98            w->watcher_size);
99         /* watchers don't give a verdict */
100         return 0;
101 }
102
103 static inline int ebt_do_match (struct ebt_entry_match *m,
104    const struct sk_buff *skb, const struct net_device *in,
105    const struct net_device *out)
106 {
107         return m->u.match->match(skb, in, out, m->data,
108            m->match_size);
109 }
110
111 static inline int ebt_dev_check(char *entry, const struct net_device *device)
112 {
113         int i = 0;
114         char *devname = device->name;
115
116         if (*entry == '\0')
117                 return 0;
118         if (!device)
119                 return 1;
120         /* 1 is the wildcard token */
121         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
122                 i++;
123         return (devname[i] != entry[i] && entry[i] != 1);
124 }
125
126 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
127 /* process standard matches */
128 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
129    const struct net_device *in, const struct net_device *out)
130 {
131         int verdict, i;
132
133         if (e->bitmask & EBT_802_3) {
134                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
135                         return 1;
136         } else if (!(e->bitmask & EBT_NOPROTO) &&
137            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
138                 return 1;
139
140         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
141                 return 1;
142         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
143                 return 1;
144         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
145            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
146                 return 1;
147         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
148            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
149                 return 1;
150
151         if (e->bitmask & EBT_SOURCEMAC) {
152                 verdict = 0;
153                 for (i = 0; i < 6; i++)
154                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
155                            e->sourcemsk[i];
156                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
157                         return 1;
158         }
159         if (e->bitmask & EBT_DESTMAC) {
160                 verdict = 0;
161                 for (i = 0; i < 6; i++)
162                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
163                            e->destmsk[i];
164                 if (FWINV2(verdict != 0, EBT_IDEST) )
165                         return 1;
166         }
167         return 0;
168 }
169
170 /* Do some firewalling */
171 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
172    const struct net_device *in, const struct net_device *out,
173    struct ebt_table *table)
174 {
175         int i, nentries;
176         struct ebt_entry *point;
177         struct ebt_counter *counter_base, *cb_base;
178         struct ebt_entry_target *t;
179         int verdict, sp = 0;
180         struct ebt_chainstack *cs;
181         struct ebt_entries *chaininfo;
182         char *base;
183         struct ebt_table_info *private;
184
185         read_lock_bh(&table->lock);
186         private = table->private;
187         cb_base = COUNTER_BASE(private->counters, private->nentries,
188            smp_processor_id());
189         if (private->chainstack)
190                 cs = private->chainstack[smp_processor_id()];
191         else
192                 cs = NULL;
193         chaininfo = private->hook_entry[hook];
194         nentries = private->hook_entry[hook]->nentries;
195         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
196         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
197         /* base for chain jumps */
198         base = private->entries;
199         i = 0;
200         while (i < nentries) {
201                 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
202                         goto letscontinue;
203
204                 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
205                         goto letscontinue;
206
207                 /* increase counter */
208                 (*(counter_base + i)).pcnt++;
209                 (*(counter_base + i)).bcnt+=(**pskb).len;
210
211                 /* these should only watch: not modify, nor tell us
212                    what to do with the packet */
213                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
214                    out);
215
216                 t = (struct ebt_entry_target *)
217                    (((char *)point) + point->target_offset);
218                 /* standard target */
219                 if (!t->u.target->target)
220                         verdict = ((struct ebt_standard_target *)t)->verdict;
221                 else
222                         verdict = t->u.target->target(pskb, hook,
223                            in, out, t->data, t->target_size);
224                 if (verdict == EBT_ACCEPT) {
225                         read_unlock_bh(&table->lock);
226                         return NF_ACCEPT;
227                 }
228                 if (verdict == EBT_DROP) {
229                         read_unlock_bh(&table->lock);
230                         return NF_DROP;
231                 }
232                 if (verdict == EBT_RETURN) {
233 letsreturn:
234 #ifdef CONFIG_NETFILTER_DEBUG
235                         if (sp == 0) {
236                                 BUGPRINT("RETURN on base chain");
237                                 /* act like this is EBT_CONTINUE */
238                                 goto letscontinue;
239                         }
240 #endif
241                         sp--;
242                         /* put all the local variables right */
243                         i = cs[sp].n;
244                         chaininfo = cs[sp].chaininfo;
245                         nentries = chaininfo->nentries;
246                         point = cs[sp].e;
247                         counter_base = cb_base +
248                            chaininfo->counter_offset;
249                         continue;
250                 }
251                 if (verdict == EBT_CONTINUE)
252                         goto letscontinue;
253 #ifdef CONFIG_NETFILTER_DEBUG
254                 if (verdict < 0) {
255                         BUGPRINT("bogus standard verdict\n");
256                         read_unlock_bh(&table->lock);
257                         return NF_DROP;
258                 }
259 #endif
260                 /* jump to a udc */
261                 cs[sp].n = i + 1;
262                 cs[sp].chaininfo = chaininfo;
263                 cs[sp].e = (struct ebt_entry *)
264                    (((char *)point) + point->next_offset);
265                 i = 0;
266                 chaininfo = (struct ebt_entries *) (base + verdict);
267 #ifdef CONFIG_NETFILTER_DEBUG
268                 if (chaininfo->distinguisher) {
269                         BUGPRINT("jump to non-chain\n");
270                         read_unlock_bh(&table->lock);
271                         return NF_DROP;
272                 }
273 #endif
274                 nentries = chaininfo->nentries;
275                 point = (struct ebt_entry *)chaininfo->data;
276                 counter_base = cb_base + chaininfo->counter_offset;
277                 sp++;
278                 continue;
279 letscontinue:
280                 point = (struct ebt_entry *)
281                    (((char *)point) + point->next_offset);
282                 i++;
283         }
284
285         /* I actually like this :) */
286         if (chaininfo->policy == EBT_RETURN)
287                 goto letsreturn;
288         if (chaininfo->policy == EBT_ACCEPT) {
289                 read_unlock_bh(&table->lock);
290                 return NF_ACCEPT;
291         }
292         read_unlock_bh(&table->lock);
293         return NF_DROP;
294 }
295
296 /* If it succeeds, returns element and locks mutex */
297 static inline void *
298 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
299    struct semaphore *mutex)
300 {
301         void *ret;
302
303         *error = down_interruptible(mutex);
304         if (*error != 0)
305                 return NULL;
306
307         ret = list_named_find(head, name);
308         if (!ret) {
309                 *error = -ENOENT;
310                 up(mutex);
311         }
312         return ret;
313 }
314
315 #ifndef CONFIG_KMOD
316 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
317 #else
318 static void *
319 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
320    int *error, struct semaphore *mutex)
321 {
322         void *ret;
323
324         ret = find_inlist_lock_noload(head, name, error, mutex);
325         if (!ret) {
326                 request_module("%s%s", prefix, name);
327                 ret = find_inlist_lock_noload(head, name, error, mutex);
328         }
329         return ret;
330 }
331 #endif
332
333 static inline struct ebt_table *
334 find_table_lock(const char *name, int *error, struct semaphore *mutex)
335 {
336         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
337 }
338
339 static inline struct ebt_match *
340 find_match_lock(const char *name, int *error, struct semaphore *mutex)
341 {
342         return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
343 }
344
345 static inline struct ebt_watcher *
346 find_watcher_lock(const char *name, int *error, struct semaphore *mutex)
347 {
348         return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
349 }
350
351 static inline struct ebt_target *
352 find_target_lock(const char *name, int *error, struct semaphore *mutex)
353 {
354         return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
355 }
356
357 static inline int
358 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
359    const char *name, unsigned int hookmask, unsigned int *cnt)
360 {
361         struct ebt_match *match;
362         int ret;
363
364         if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
365            ((char *)e) + e->watchers_offset)
366                 return -EINVAL;
367         match = find_match_lock(m->u.name, &ret, &ebt_mutex);
368         if (!match)
369                 return ret;
370         m->u.match = match;
371         if (!try_module_get(match->me)) {
372                 up(&ebt_mutex);
373                 return -ENOENT;
374         }
375         up(&ebt_mutex);
376         if (match->check &&
377            match->check(name, hookmask, e, m->data, m->match_size) != 0) {
378                 BUGPRINT("match->check failed\n");
379                 module_put(match->me);
380                 return -EINVAL;
381         }
382         (*cnt)++;
383         return 0;
384 }
385
386 static inline int
387 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
388    const char *name, unsigned int hookmask, unsigned int *cnt)
389 {
390         struct ebt_watcher *watcher;
391         int ret;
392
393         if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
394            ((char *)e) + e->target_offset)
395                 return -EINVAL;
396         watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
397         if (!watcher)
398                 return ret;
399         w->u.watcher = watcher;
400         if (!try_module_get(watcher->me)) {
401                 up(&ebt_mutex);
402                 return -ENOENT;
403         }
404         up(&ebt_mutex);
405         if (watcher->check &&
406            watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
407                 BUGPRINT("watcher->check failed\n");
408                 module_put(watcher->me);
409                 return -EINVAL;
410         }
411         (*cnt)++;
412         return 0;
413 }
414
415 /*
416  * this one is very careful, as it is the first function
417  * to parse the userspace data
418  */
419 static inline int
420 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
421    struct ebt_table_info *newinfo, char *base, char *limit,
422    struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
423    unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
424 {
425         int i;
426
427         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
428                 if ((valid_hooks & (1 << i)) == 0)
429                         continue;
430                 if ( (char *)hook_entries[i] - base ==
431                    (char *)e - newinfo->entries)
432                         break;
433         }
434         /* beginning of a new chain
435            if i == NF_BR_NUMHOOKS it must be a user defined chain */
436         if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
437                 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
438                         /* we make userspace set this right,
439                            so there is no misunderstanding */
440                         BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
441                                  "in distinguisher\n");
442                         return -EINVAL;
443                 }
444                 /* this checks if the previous chain has as many entries
445                    as it said it has */
446                 if (*n != *cnt) {
447                         BUGPRINT("nentries does not equal the nr of entries "
448                                  "in the chain\n");
449                         return -EINVAL;
450                 }
451                 /* before we look at the struct, be sure it is not too big */
452                 if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
453                    > limit) {
454                         BUGPRINT("entries_size too small\n");
455                         return -EINVAL;
456                 }
457                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
458                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
459                         /* only RETURN from udc */
460                         if (i != NF_BR_NUMHOOKS ||
461                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
462                                 BUGPRINT("bad policy\n");
463                                 return -EINVAL;
464                         }
465                 }
466                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
467                         (*udc_cnt)++;
468                 else
469                         newinfo->hook_entry[i] = (struct ebt_entries *)e;
470                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
471                         BUGPRINT("counter_offset != totalcnt");
472                         return -EINVAL;
473                 }
474                 *n = ((struct ebt_entries *)e)->nentries;
475                 *cnt = 0;
476                 return 0;
477         }
478         /* a plain old entry, heh */
479         if (sizeof(struct ebt_entry) > e->watchers_offset ||
480            e->watchers_offset > e->target_offset ||
481            e->target_offset >= e->next_offset) {
482                 BUGPRINT("entry offsets not in right order\n");
483                 return -EINVAL;
484         }
485         /* this is not checked anywhere else */
486         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
487                 BUGPRINT("target size too small\n");
488                 return -EINVAL;
489         }
490
491         (*cnt)++;
492         (*totalcnt)++;
493         return 0;
494 }
495
496 struct ebt_cl_stack
497 {
498         struct ebt_chainstack cs;
499         int from;
500         unsigned int hookmask;
501 };
502
503 /*
504  * we need these positions to check that the jumps to a different part of the
505  * entries is a jump to the beginning of a new chain.
506  */
507 static inline int
508 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
509    struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
510    struct ebt_cl_stack *udc)
511 {
512         int i;
513
514         /* we're only interested in chain starts */
515         if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
516                 return 0;
517         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
518                 if ((valid_hooks & (1 << i)) == 0)
519                         continue;
520                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
521                         break;
522         }
523         /* only care about udc */
524         if (i != NF_BR_NUMHOOKS)
525                 return 0;
526
527         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
528         /* these initialisations are depended on later in check_chainloops() */
529         udc[*n].cs.n = 0;
530         udc[*n].hookmask = 0;
531
532         (*n)++;
533         return 0;
534 }
535
536 static inline int
537 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
538 {
539         if (i && (*i)-- == 0)
540                 return 1;
541         if (m->u.match->destroy)
542                 m->u.match->destroy(m->data, m->match_size);
543         module_put(m->u.match->me);
544
545         return 0;
546 }
547
548 static inline int
549 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
550 {
551         if (i && (*i)-- == 0)
552                 return 1;
553         if (w->u.watcher->destroy)
554                 w->u.watcher->destroy(w->data, w->watcher_size);
555         module_put(w->u.watcher->me);
556
557         return 0;
558 }
559
560 static inline int
561 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
562 {
563         struct ebt_entry_target *t;
564
565         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
566                 return 0;
567         /* we're done */
568         if (cnt && (*cnt)-- == 0)
569                 return 1;
570         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
571         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
572         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
573         if (t->u.target->destroy)
574                 t->u.target->destroy(t->data, t->target_size);
575         module_put(t->u.target->me);
576
577         return 0;
578 }
579
580 static inline int
581 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
582    const char *name, unsigned int *cnt, unsigned int valid_hooks,
583    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
584 {
585         struct ebt_entry_target *t;
586         struct ebt_target *target;
587         unsigned int i, j, hook = 0, hookmask = 0;
588         int ret;
589
590         /* don't mess with the struct ebt_entries */
591         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
592                 return 0;
593
594         if (e->bitmask & ~EBT_F_MASK) {
595                 BUGPRINT("Unknown flag for bitmask\n");
596                 return -EINVAL;
597         }
598         if (e->invflags & ~EBT_INV_MASK) {
599                 BUGPRINT("Unknown flag for inv bitmask\n");
600                 return -EINVAL;
601         }
602         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
603                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
604                 return -EINVAL;
605         }
606         /* what hook do we belong to? */
607         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
608                 if ((valid_hooks & (1 << i)) == 0)
609                         continue;
610                 if ((char *)newinfo->hook_entry[i] < (char *)e)
611                         hook = i;
612                 else
613                         break;
614         }
615         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
616            a base chain */
617         if (i < NF_BR_NUMHOOKS)
618                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
619         else {
620                 for (i = 0; i < udc_cnt; i++)
621                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
622                                 break;
623                 if (i == 0)
624                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
625                 else
626                         hookmask = cl_s[i - 1].hookmask;
627         }
628         i = 0;
629         ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
630         if (ret != 0)
631                 goto cleanup_matches;
632         j = 0;
633         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
634         if (ret != 0)
635                 goto cleanup_watchers;
636         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
637         target = find_target_lock(t->u.name, &ret, &ebt_mutex);
638         if (!target)
639                 goto cleanup_watchers;
640         if (!try_module_get(target->me)) {
641                 up(&ebt_mutex);
642                 ret = -ENOENT;
643                 goto cleanup_watchers;
644         }
645         up(&ebt_mutex);
646
647         t->u.target = target;
648         if (t->u.target == &ebt_standard_target) {
649                 if (e->target_offset + sizeof(struct ebt_standard_target) >
650                    e->next_offset) {
651                         BUGPRINT("Standard target size too big\n");
652                         ret = -EFAULT;
653                         goto cleanup_watchers;
654                 }
655                 if (((struct ebt_standard_target *)t)->verdict <
656                    -NUM_STANDARD_TARGETS) {
657                         BUGPRINT("Invalid standard target\n");
658                         ret = -EFAULT;
659                         goto cleanup_watchers;
660                 }
661         } else if ((e->target_offset + t->target_size +
662            sizeof(struct ebt_entry_target) > e->next_offset) ||
663            (t->u.target->check &&
664            t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
665                 module_put(t->u.target->me);
666                 ret = -EFAULT;
667                 goto cleanup_watchers;
668         }
669         (*cnt)++;
670         return 0;
671 cleanup_watchers:
672         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
673 cleanup_matches:
674         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
675         return ret;
676 }
677
678 /*
679  * checks for loops and sets the hook mask for udc
680  * the hook mask for udc tells us from which base chains the udc can be
681  * accessed. This mask is a parameter to the check() functions of the extensions
682  */
683 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
684    unsigned int udc_cnt, unsigned int hooknr, char *base)
685 {
686         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
687         struct ebt_entry *e = (struct ebt_entry *)chain->data;
688         struct ebt_entry_target *t;
689
690         while (pos < nentries || chain_nr != -1) {
691                 /* end of udc, go back one 'recursion' step */
692                 if (pos == nentries) {
693                         /* put back values of the time when this chain was called */
694                         e = cl_s[chain_nr].cs.e;
695                         if (cl_s[chain_nr].from != -1)
696                                 nentries =
697                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
698                         else
699                                 nentries = chain->nentries;
700                         pos = cl_s[chain_nr].cs.n;
701                         /* make sure we won't see a loop that isn't one */
702                         cl_s[chain_nr].cs.n = 0;
703                         chain_nr = cl_s[chain_nr].from;
704                         if (pos == nentries)
705                                 continue;
706                 }
707                 t = (struct ebt_entry_target *)
708                    (((char *)e) + e->target_offset);
709                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
710                         goto letscontinue;
711                 if (e->target_offset + sizeof(struct ebt_standard_target) >
712                    e->next_offset) {
713                         BUGPRINT("Standard target size too big\n");
714                         return -1;
715                 }
716                 verdict = ((struct ebt_standard_target *)t)->verdict;
717                 if (verdict >= 0) { /* jump to another chain */
718                         struct ebt_entries *hlp2 =
719                            (struct ebt_entries *)(base + verdict);
720                         for (i = 0; i < udc_cnt; i++)
721                                 if (hlp2 == cl_s[i].cs.chaininfo)
722                                         break;
723                         /* bad destination or loop */
724                         if (i == udc_cnt) {
725                                 BUGPRINT("bad destination\n");
726                                 return -1;
727                         }
728                         if (cl_s[i].cs.n) {
729                                 BUGPRINT("loop\n");
730                                 return -1;
731                         }
732                         /* this can't be 0, so the above test is correct */
733                         cl_s[i].cs.n = pos + 1;
734                         pos = 0;
735                         cl_s[i].cs.e = ((void *)e + e->next_offset);
736                         e = (struct ebt_entry *)(hlp2->data);
737                         nentries = hlp2->nentries;
738                         cl_s[i].from = chain_nr;
739                         chain_nr = i;
740                         /* this udc is accessible from the base chain for hooknr */
741                         cl_s[i].hookmask |= (1 << hooknr);
742                         continue;
743                 }
744 letscontinue:
745                 e = (void *)e + e->next_offset;
746                 pos++;
747         }
748         return 0;
749 }
750
751 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
752 static int translate_table(struct ebt_replace *repl,
753    struct ebt_table_info *newinfo)
754 {
755         unsigned int i, j, k, udc_cnt;
756         int ret;
757         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
758
759         i = 0;
760         while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
761                 i++;
762         if (i == NF_BR_NUMHOOKS) {
763                 BUGPRINT("No valid hooks specified\n");
764                 return -EINVAL;
765         }
766         if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
767                 BUGPRINT("Chains don't start at beginning\n");
768                 return -EINVAL;
769         }
770         /* make sure chains are ordered after each other in same order
771            as their corresponding hooks */
772         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
773                 if (!(repl->valid_hooks & (1 << j)))
774                         continue;
775                 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
776                         BUGPRINT("Hook order must be followed\n");
777                         return -EINVAL;
778                 }
779                 i = j;
780         }
781
782         for (i = 0; i < NF_BR_NUMHOOKS; i++)
783                 newinfo->hook_entry[i] = NULL;
784
785         newinfo->entries_size = repl->entries_size;
786         newinfo->nentries = repl->nentries;
787
788         /* do some early checkings and initialize some things */
789         i = 0; /* holds the expected nr. of entries for the chain */
790         j = 0; /* holds the up to now counted entries for the chain */
791         k = 0; /* holds the total nr. of entries, should equal
792                   newinfo->nentries afterwards */
793         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
794         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
795            ebt_check_entry_size_and_hooks, newinfo, repl->entries,
796            repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
797            &udc_cnt, repl->valid_hooks);
798
799         if (ret != 0)
800                 return ret;
801
802         if (i != j) {
803                 BUGPRINT("nentries does not equal the nr of entries in the "
804                          "(last) chain\n");
805                 return -EINVAL;
806         }
807         if (k != newinfo->nentries) {
808                 BUGPRINT("Total nentries is wrong\n");
809                 return -EINVAL;
810         }
811
812         /* check if all valid hooks have a chain */
813         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
814                 if (newinfo->hook_entry[i] == NULL &&
815                    (repl->valid_hooks & (1 << i))) {
816                         BUGPRINT("Valid hook without chain\n");
817                         return -EINVAL;
818                 }
819         }
820
821         /* get the location of the udc, put them in an array
822            while we're at it, allocate the chainstack */
823         if (udc_cnt) {
824                 /* this will get free'd in do_replace()/ebt_register_table()
825                    if an error occurs */
826                 newinfo->chainstack = (struct ebt_chainstack **)
827                    vmalloc((highest_possible_processor_id()+1) 
828                                                 * sizeof(struct ebt_chainstack));
829                 if (!newinfo->chainstack)
830                         return -ENOMEM;
831                 for_each_cpu(i) {
832                         newinfo->chainstack[i] =
833                            vmalloc(udc_cnt * sizeof(struct ebt_chainstack));
834                         if (!newinfo->chainstack[i]) {
835                                 while (i)
836                                         vfree(newinfo->chainstack[--i]);
837                                 vfree(newinfo->chainstack);
838                                 newinfo->chainstack = NULL;
839                                 return -ENOMEM;
840                         }
841                 }
842
843                 cl_s = (struct ebt_cl_stack *)
844                    vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
845                 if (!cl_s)
846                         return -ENOMEM;
847                 i = 0; /* the i'th udc */
848                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
849                    ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
850                    repl->valid_hooks, cl_s);
851                 /* sanity check */
852                 if (i != udc_cnt) {
853                         BUGPRINT("i != udc_cnt\n");
854                         vfree(cl_s);
855                         return -EFAULT;
856                 }
857         }
858
859         /* Check for loops */
860         for (i = 0; i < NF_BR_NUMHOOKS; i++)
861                 if (repl->valid_hooks & (1 << i))
862                         if (check_chainloops(newinfo->hook_entry[i],
863                            cl_s, udc_cnt, i, newinfo->entries)) {
864                                 vfree(cl_s);
865                                 return -EINVAL;
866                         }
867
868         /* we now know the following (along with E=mc²):
869            - the nr of entries in each chain is right
870            - the size of the allocated space is right
871            - all valid hooks have a corresponding chain
872            - there are no loops
873            - wrong data can still be on the level of a single entry
874            - could be there are jumps to places that are not the
875              beginning of a chain. This can only occur in chains that
876              are not accessible from any base chains, so we don't care. */
877
878         /* used to know what we need to clean up if something goes wrong */
879         i = 0;
880         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
881            ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
882            cl_s, udc_cnt);
883         if (ret != 0) {
884                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
885                    ebt_cleanup_entry, &i);
886         }
887         vfree(cl_s);
888         return ret;
889 }
890
891 /* called under write_lock */
892 static void get_counters(struct ebt_counter *oldcounters,
893    struct ebt_counter *counters, unsigned int nentries)
894 {
895         int i, cpu;
896         struct ebt_counter *counter_base;
897
898         /* counters of cpu 0 */
899         memcpy(counters, oldcounters,
900                sizeof(struct ebt_counter) * nentries);
901
902         /* add other counters to those of cpu 0 */
903         for_each_cpu(cpu) {
904                 if (cpu == 0)
905                         continue;
906                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
907                 for (i = 0; i < nentries; i++) {
908                         counters[i].pcnt += counter_base[i].pcnt;
909                         counters[i].bcnt += counter_base[i].bcnt;
910                 }
911         }
912 }
913
914 /* replace the table */
915 static int do_replace(void __user *user, unsigned int len)
916 {
917         int ret, i, countersize;
918         struct ebt_table_info *newinfo;
919         struct ebt_replace tmp;
920         struct ebt_table *t;
921         struct ebt_counter *counterstmp = NULL;
922         /* used to be able to unlock earlier */
923         struct ebt_table_info *table;
924
925         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
926                 return -EFAULT;
927
928         if (len != sizeof(tmp) + tmp.entries_size) {
929                 BUGPRINT("Wrong len argument\n");
930                 return -EINVAL;
931         }
932
933         if (tmp.entries_size == 0) {
934                 BUGPRINT("Entries_size never zero\n");
935                 return -EINVAL;
936         }
937         /* overflow check */
938         if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
939                         SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
940                 return -ENOMEM;
941         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
942                 return -ENOMEM;
943
944         countersize = COUNTER_OFFSET(tmp.nentries) * 
945                                         (highest_possible_processor_id()+1);
946         newinfo = (struct ebt_table_info *)
947            vmalloc(sizeof(struct ebt_table_info) + countersize);
948         if (!newinfo)
949                 return -ENOMEM;
950
951         if (countersize)
952                 memset(newinfo->counters, 0, countersize);
953
954         newinfo->entries = vmalloc(tmp.entries_size);
955         if (!newinfo->entries) {
956                 ret = -ENOMEM;
957                 goto free_newinfo;
958         }
959         if (copy_from_user(
960            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
961                 BUGPRINT("Couldn't copy entries from userspace\n");
962                 ret = -EFAULT;
963                 goto free_entries;
964         }
965
966         /* the user wants counters back
967            the check on the size is done later, when we have the lock */
968         if (tmp.num_counters) {
969                 counterstmp = (struct ebt_counter *)
970                    vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
971                 if (!counterstmp) {
972                         ret = -ENOMEM;
973                         goto free_entries;
974                 }
975         }
976         else
977                 counterstmp = NULL;
978
979         /* this can get initialized by translate_table() */
980         newinfo->chainstack = NULL;
981         ret = translate_table(&tmp, newinfo);
982
983         if (ret != 0)
984                 goto free_counterstmp;
985
986         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
987         if (!t) {
988                 ret = -ENOENT;
989                 goto free_iterate;
990         }
991
992         /* the table doesn't like it */
993         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
994                 goto free_unlock;
995
996         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
997                 BUGPRINT("Wrong nr. of counters requested\n");
998                 ret = -EINVAL;
999                 goto free_unlock;
1000         }
1001
1002         /* we have the mutex lock, so no danger in reading this pointer */
1003         table = t->private;
1004         /* make sure the table can only be rmmod'ed if it contains no rules */
1005         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1006                 ret = -ENOENT;
1007                 goto free_unlock;
1008         } else if (table->nentries && !newinfo->nentries)
1009                 module_put(t->me);
1010         /* we need an atomic snapshot of the counters */
1011         write_lock_bh(&t->lock);
1012         if (tmp.num_counters)
1013                 get_counters(t->private->counters, counterstmp,
1014                    t->private->nentries);
1015
1016         t->private = newinfo;
1017         write_unlock_bh(&t->lock);
1018         up(&ebt_mutex);
1019         /* so, a user can change the chains while having messed up her counter
1020            allocation. Only reason why this is done is because this way the lock
1021            is held only once, while this doesn't bring the kernel into a
1022            dangerous state. */
1023         if (tmp.num_counters &&
1024            copy_to_user(tmp.counters, counterstmp,
1025            tmp.num_counters * sizeof(struct ebt_counter))) {
1026                 BUGPRINT("Couldn't copy counters to userspace\n");
1027                 ret = -EFAULT;
1028         }
1029         else
1030                 ret = 0;
1031
1032         /* decrease module count and free resources */
1033         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1034            ebt_cleanup_entry, NULL);
1035
1036         vfree(table->entries);
1037         if (table->chainstack) {
1038                 for_each_cpu(i)
1039                         vfree(table->chainstack[i]);
1040                 vfree(table->chainstack);
1041         }
1042         vfree(table);
1043
1044         vfree(counterstmp);
1045         return ret;
1046
1047 free_unlock:
1048         up(&ebt_mutex);
1049 free_iterate:
1050         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1051            ebt_cleanup_entry, NULL);
1052 free_counterstmp:
1053         vfree(counterstmp);
1054         /* can be initialized in translate_table() */
1055         if (newinfo->chainstack) {
1056                 for_each_cpu(i)
1057                         vfree(newinfo->chainstack[i]);
1058                 vfree(newinfo->chainstack);
1059         }
1060 free_entries:
1061         vfree(newinfo->entries);
1062 free_newinfo:
1063         vfree(newinfo);
1064         return ret;
1065 }
1066
1067 int ebt_register_target(struct ebt_target *target)
1068 {
1069         int ret;
1070
1071         ret = down_interruptible(&ebt_mutex);
1072         if (ret != 0)
1073                 return ret;
1074         if (!list_named_insert(&ebt_targets, target)) {
1075                 up(&ebt_mutex);
1076                 return -EEXIST;
1077         }
1078         up(&ebt_mutex);
1079
1080         return 0;
1081 }
1082
1083 void ebt_unregister_target(struct ebt_target *target)
1084 {
1085         down(&ebt_mutex);
1086         LIST_DELETE(&ebt_targets, target);
1087         up(&ebt_mutex);
1088 }
1089
1090 int ebt_register_match(struct ebt_match *match)
1091 {
1092         int ret;
1093
1094         ret = down_interruptible(&ebt_mutex);
1095         if (ret != 0)
1096                 return ret;
1097         if (!list_named_insert(&ebt_matches, match)) {
1098                 up(&ebt_mutex);
1099                 return -EEXIST;
1100         }
1101         up(&ebt_mutex);
1102
1103         return 0;
1104 }
1105
1106 void ebt_unregister_match(struct ebt_match *match)
1107 {
1108         down(&ebt_mutex);
1109         LIST_DELETE(&ebt_matches, match);
1110         up(&ebt_mutex);
1111 }
1112
1113 int ebt_register_watcher(struct ebt_watcher *watcher)
1114 {
1115         int ret;
1116
1117         ret = down_interruptible(&ebt_mutex);
1118         if (ret != 0)
1119                 return ret;
1120         if (!list_named_insert(&ebt_watchers, watcher)) {
1121                 up(&ebt_mutex);
1122                 return -EEXIST;
1123         }
1124         up(&ebt_mutex);
1125
1126         return 0;
1127 }
1128
1129 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1130 {
1131         down(&ebt_mutex);
1132         LIST_DELETE(&ebt_watchers, watcher);
1133         up(&ebt_mutex);
1134 }
1135
1136 int ebt_register_table(struct ebt_table *table)
1137 {
1138         struct ebt_table_info *newinfo;
1139         int ret, i, countersize;
1140
1141         if (!table || !table->table ||!table->table->entries ||
1142             table->table->entries_size == 0 ||
1143             table->table->counters || table->private) {
1144                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1145                 return -EINVAL;
1146         }
1147
1148         countersize = COUNTER_OFFSET(table->table->nentries) *
1149                                         (highest_possible_processor_id()+1);
1150         newinfo = (struct ebt_table_info *)
1151            vmalloc(sizeof(struct ebt_table_info) + countersize);
1152         ret = -ENOMEM;
1153         if (!newinfo)
1154                 return -ENOMEM;
1155
1156         newinfo->entries = vmalloc(table->table->entries_size);
1157         if (!(newinfo->entries))
1158                 goto free_newinfo;
1159
1160         memcpy(newinfo->entries, table->table->entries,
1161            table->table->entries_size);
1162
1163         if (countersize)
1164                 memset(newinfo->counters, 0, countersize);
1165
1166         /* fill in newinfo and parse the entries */
1167         newinfo->chainstack = NULL;
1168         ret = translate_table(table->table, newinfo);
1169         if (ret != 0) {
1170                 BUGPRINT("Translate_table failed\n");
1171                 goto free_chainstack;
1172         }
1173
1174         if (table->check && table->check(newinfo, table->valid_hooks)) {
1175                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1176                 return -EINVAL;
1177         }
1178
1179         table->private = newinfo;
1180         rwlock_init(&table->lock);
1181         ret = down_interruptible(&ebt_mutex);
1182         if (ret != 0)
1183                 goto free_chainstack;
1184
1185         if (list_named_find(&ebt_tables, table->name)) {
1186                 ret = -EEXIST;
1187                 BUGPRINT("Table name already exists\n");
1188                 goto free_unlock;
1189         }
1190
1191         /* Hold a reference count if the chains aren't empty */
1192         if (newinfo->nentries && !try_module_get(table->me)) {
1193                 ret = -ENOENT;
1194                 goto free_unlock;
1195         }
1196         list_prepend(&ebt_tables, table);
1197         up(&ebt_mutex);
1198         return 0;
1199 free_unlock:
1200         up(&ebt_mutex);
1201 free_chainstack:
1202         if (newinfo->chainstack) {
1203                 for_each_cpu(i)
1204                         vfree(newinfo->chainstack[i]);
1205                 vfree(newinfo->chainstack);
1206         }
1207         vfree(newinfo->entries);
1208 free_newinfo:
1209         vfree(newinfo);
1210         return ret;
1211 }
1212
1213 void ebt_unregister_table(struct ebt_table *table)
1214 {
1215         int i;
1216
1217         if (!table) {
1218                 BUGPRINT("Request to unregister NULL table!!!\n");
1219                 return;
1220         }
1221         down(&ebt_mutex);
1222         LIST_DELETE(&ebt_tables, table);
1223         up(&ebt_mutex);
1224         vfree(table->private->entries);
1225         if (table->private->chainstack) {
1226                 for_each_cpu(i)
1227                         vfree(table->private->chainstack[i]);
1228                 vfree(table->private->chainstack);
1229         }
1230         vfree(table->private);
1231 }
1232
1233 /* userspace just supplied us with counters */
1234 static int update_counters(void __user *user, unsigned int len)
1235 {
1236         int i, ret;
1237         struct ebt_counter *tmp;
1238         struct ebt_replace hlp;
1239         struct ebt_table *t;
1240
1241         if (copy_from_user(&hlp, user, sizeof(hlp)))
1242                 return -EFAULT;
1243
1244         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1245                 return -EINVAL;
1246         if (hlp.num_counters == 0)
1247                 return -EINVAL;
1248
1249         if ( !(tmp = (struct ebt_counter *)
1250            vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1251                 MEMPRINT("Update_counters && nomemory\n");
1252                 return -ENOMEM;
1253         }
1254
1255         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1256         if (!t)
1257                 goto free_tmp;
1258
1259         if (hlp.num_counters != t->private->nentries) {
1260                 BUGPRINT("Wrong nr of counters\n");
1261                 ret = -EINVAL;
1262                 goto unlock_mutex;
1263         }
1264
1265         if ( copy_from_user(tmp, hlp.counters,
1266            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1267                 BUGPRINT("Updata_counters && !cfu\n");
1268                 ret = -EFAULT;
1269                 goto unlock_mutex;
1270         }
1271
1272         /* we want an atomic add of the counters */
1273         write_lock_bh(&t->lock);
1274
1275         /* we add to the counters of the first cpu */
1276         for (i = 0; i < hlp.num_counters; i++) {
1277                 t->private->counters[i].pcnt += tmp[i].pcnt;
1278                 t->private->counters[i].bcnt += tmp[i].bcnt;
1279         }
1280
1281         write_unlock_bh(&t->lock);
1282         ret = 0;
1283 unlock_mutex:
1284         up(&ebt_mutex);
1285 free_tmp:
1286         vfree(tmp);
1287         return ret;
1288 }
1289
1290 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1291    char *base, char *ubase)
1292 {
1293         char *hlp = ubase - base + (char *)m;
1294         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1295                 return -EFAULT;
1296         return 0;
1297 }
1298
1299 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1300    char *base, char *ubase)
1301 {
1302         char *hlp = ubase - base + (char *)w;
1303         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1304                 return -EFAULT;
1305         return 0;
1306 }
1307
1308 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1309 {
1310         int ret;
1311         char *hlp;
1312         struct ebt_entry_target *t;
1313
1314         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
1315                 return 0;
1316
1317         hlp = ubase - base + (char *)e + e->target_offset;
1318         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1319         
1320         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1321         if (ret != 0)
1322                 return ret;
1323         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1324         if (ret != 0)
1325                 return ret;
1326         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1327                 return -EFAULT;
1328         return 0;
1329 }
1330
1331 /* called with ebt_mutex down */
1332 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1333    int *len, int cmd)
1334 {
1335         struct ebt_replace tmp;
1336         struct ebt_counter *counterstmp, *oldcounters;
1337         unsigned int entries_size, nentries;
1338         char *entries;
1339
1340         if (cmd == EBT_SO_GET_ENTRIES) {
1341                 entries_size = t->private->entries_size;
1342                 nentries = t->private->nentries;
1343                 entries = t->private->entries;
1344                 oldcounters = t->private->counters;
1345         } else {
1346                 entries_size = t->table->entries_size;
1347                 nentries = t->table->nentries;
1348                 entries = t->table->entries;
1349                 oldcounters = t->table->counters;
1350         }
1351
1352         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1353                 BUGPRINT("Cfu didn't work\n");
1354                 return -EFAULT;
1355         }
1356
1357         if (*len != sizeof(struct ebt_replace) + entries_size +
1358            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1359                 BUGPRINT("Wrong size\n");
1360                 return -EINVAL;
1361         }
1362
1363         if (tmp.nentries != nentries) {
1364                 BUGPRINT("Nentries wrong\n");
1365                 return -EINVAL;
1366         }
1367
1368         if (tmp.entries_size != entries_size) {
1369                 BUGPRINT("Wrong size\n");
1370                 return -EINVAL;
1371         }
1372
1373         /* userspace might not need the counters */
1374         if (tmp.num_counters) {
1375                 if (tmp.num_counters != nentries) {
1376                         BUGPRINT("Num_counters wrong\n");
1377                         return -EINVAL;
1378                 }
1379                 counterstmp = (struct ebt_counter *)
1380                    vmalloc(nentries * sizeof(struct ebt_counter));
1381                 if (!counterstmp) {
1382                         MEMPRINT("Couldn't copy counters, out of memory\n");
1383                         return -ENOMEM;
1384                 }
1385                 write_lock_bh(&t->lock);
1386                 get_counters(oldcounters, counterstmp, nentries);
1387                 write_unlock_bh(&t->lock);
1388
1389                 if (copy_to_user(tmp.counters, counterstmp,
1390                    nentries * sizeof(struct ebt_counter))) {
1391                         BUGPRINT("Couldn't copy counters to userspace\n");
1392                         vfree(counterstmp);
1393                         return -EFAULT;
1394                 }
1395                 vfree(counterstmp);
1396         }
1397
1398         if (copy_to_user(tmp.entries, entries, entries_size)) {
1399                 BUGPRINT("Couldn't copy entries to userspace\n");
1400                 return -EFAULT;
1401         }
1402         /* set the match/watcher/target names right */
1403         return EBT_ENTRY_ITERATE(entries, entries_size,
1404            ebt_make_names, entries, tmp.entries);
1405 }
1406
1407 static int do_ebt_set_ctl(struct sock *sk,
1408         int cmd, void __user *user, unsigned int len)
1409 {
1410         int ret;
1411
1412         switch(cmd) {
1413         case EBT_SO_SET_ENTRIES:
1414                 ret = do_replace(user, len);
1415                 break;
1416         case EBT_SO_SET_COUNTERS:
1417                 ret = update_counters(user, len);
1418                 break;
1419         default:
1420                 ret = -EINVAL;
1421   }
1422         return ret;
1423 }
1424
1425 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1426 {
1427         int ret;
1428         struct ebt_replace tmp;
1429         struct ebt_table *t;
1430
1431         if (copy_from_user(&tmp, user, sizeof(tmp)))
1432                 return -EFAULT;
1433
1434         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1435         if (!t)
1436                 return ret;
1437
1438         switch(cmd) {
1439         case EBT_SO_GET_INFO:
1440         case EBT_SO_GET_INIT_INFO:
1441                 if (*len != sizeof(struct ebt_replace)){
1442                         ret = -EINVAL;
1443                         up(&ebt_mutex);
1444                         break;
1445                 }
1446                 if (cmd == EBT_SO_GET_INFO) {
1447                         tmp.nentries = t->private->nentries;
1448                         tmp.entries_size = t->private->entries_size;
1449                         tmp.valid_hooks = t->valid_hooks;
1450                 } else {
1451                         tmp.nentries = t->table->nentries;
1452                         tmp.entries_size = t->table->entries_size;
1453                         tmp.valid_hooks = t->table->valid_hooks;
1454                 }
1455                 up(&ebt_mutex);
1456                 if (copy_to_user(user, &tmp, *len) != 0){
1457                         BUGPRINT("c2u Didn't work\n");
1458                         ret = -EFAULT;
1459                         break;
1460                 }
1461                 ret = 0;
1462                 break;
1463
1464         case EBT_SO_GET_ENTRIES:
1465         case EBT_SO_GET_INIT_ENTRIES:
1466                 ret = copy_everything_to_user(t, user, len, cmd);
1467                 up(&ebt_mutex);
1468                 break;
1469
1470         default:
1471                 up(&ebt_mutex);
1472                 ret = -EINVAL;
1473         }
1474
1475         return ret;
1476 }
1477
1478 static struct nf_sockopt_ops ebt_sockopts =
1479 { { NULL, NULL }, PF_INET, EBT_BASE_CTL, EBT_SO_SET_MAX + 1, do_ebt_set_ctl,
1480     EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL
1481 };
1482
1483 static int __init init(void)
1484 {
1485         int ret;
1486
1487         down(&ebt_mutex);
1488         list_named_insert(&ebt_targets, &ebt_standard_target);
1489         up(&ebt_mutex);
1490         if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1491                 return ret;
1492
1493         printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1494         return 0;
1495 }
1496
1497 static void __exit fini(void)
1498 {
1499         nf_unregister_sockopt(&ebt_sockopts);
1500         printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1501 }
1502
1503 EXPORT_SYMBOL(ebt_register_table);
1504 EXPORT_SYMBOL(ebt_unregister_table);
1505 EXPORT_SYMBOL(ebt_register_match);
1506 EXPORT_SYMBOL(ebt_unregister_match);
1507 EXPORT_SYMBOL(ebt_register_watcher);
1508 EXPORT_SYMBOL(ebt_unregister_watcher);
1509 EXPORT_SYMBOL(ebt_register_target);
1510 EXPORT_SYMBOL(ebt_unregister_target);
1511 EXPORT_SYMBOL(ebt_do_table);
1512 module_init(init);
1513 module_exit(fini);
1514 MODULE_LICENSE("GPL");