Merge branch 'master'
[linux-2.6] / net / bridge / netfilter / ebtables.c
1 /*
2  *  ebtables
3  *
4  *  Author:
5  *  Bart De Schuymer            <bdschuym@pandora.be>
6  *
7  *  ebtables.c,v 2.0, July, 2002
8  *
9  *  This code is stongly inspired on the iptables code which is
10  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11  *
12  *  This program is free software; you can redistribute it and/or
13  *  modify it under the terms of the GNU General Public License
14  *  as published by the Free Software Foundation; either version
15  *  2 of the License, or (at your option) any later version.
16  */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <linux/cpumask.h>
30 #include <net/sock.h>
31 /* needed for logical [in,out]-dev filtering */
32 #include "../br_private.h"
33
34 /* list_named_find */
35 #define ASSERT_READ_LOCK(x)
36 #define ASSERT_WRITE_LOCK(x)
37 #include <linux/netfilter_ipv4/listhelp.h>
38
39 #if 0
40 /* use this for remote debugging
41  * Copyright (C) 1998 by Ori Pomerantz
42  * Print the string to the appropriate tty, the one
43  * the current task uses
44  */
45 static void print_string(char *str)
46 {
47         struct tty_struct *my_tty;
48
49         /* The tty for the current task */
50         my_tty = current->signal->tty;
51         if (my_tty != NULL) {
52                 my_tty->driver->write(my_tty, 0, str, strlen(str));
53                 my_tty->driver->write(my_tty, 0, "\015\012", 2);
54         }
55 }
56
57 #define BUGPRINT(args) print_string(args);
58 #else
59 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
60                                          "report to author: "format, ## args)
61 /* #define BUGPRINT(format, args...) */
62 #endif
63 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
64                                          ": out of memory: "format, ## args)
65 /* #define MEMPRINT(format, args...) */
66
67
68
69 /*
70  * Each cpu has its own set of counters, so there is no need for write_lock in
71  * the softirq
72  * For reading or updating the counters, the user context needs to
73  * get a write_lock
74  */
75
76 /* The size of each set of counters is altered to get cache alignment */
77 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
78 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
79 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
80    COUNTER_OFFSET(n) * cpu))
81
82
83
84 static DECLARE_MUTEX(ebt_mutex);
85 static LIST_HEAD(ebt_tables);
86 static LIST_HEAD(ebt_targets);
87 static LIST_HEAD(ebt_matches);
88 static LIST_HEAD(ebt_watchers);
89
90 static struct ebt_target ebt_standard_target =
91 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
92
93 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
94    const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
95    const struct net_device *out)
96 {
97         w->u.watcher->watcher(skb, hooknr, in, out, w->data,
98            w->watcher_size);
99         /* watchers don't give a verdict */
100         return 0;
101 }
102
103 static inline int ebt_do_match (struct ebt_entry_match *m,
104    const struct sk_buff *skb, const struct net_device *in,
105    const struct net_device *out)
106 {
107         return m->u.match->match(skb, in, out, m->data,
108            m->match_size);
109 }
110
111 static inline int ebt_dev_check(char *entry, const struct net_device *device)
112 {
113         int i = 0;
114         char *devname = device->name;
115
116         if (*entry == '\0')
117                 return 0;
118         if (!device)
119                 return 1;
120         /* 1 is the wildcard token */
121         while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
122                 i++;
123         return (devname[i] != entry[i] && entry[i] != 1);
124 }
125
126 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
127 /* process standard matches */
128 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
129    const struct net_device *in, const struct net_device *out)
130 {
131         int verdict, i;
132
133         if (e->bitmask & EBT_802_3) {
134                 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
135                         return 1;
136         } else if (!(e->bitmask & EBT_NOPROTO) &&
137            FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
138                 return 1;
139
140         if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
141                 return 1;
142         if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
143                 return 1;
144         if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
145            e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
146                 return 1;
147         if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
148            e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
149                 return 1;
150
151         if (e->bitmask & EBT_SOURCEMAC) {
152                 verdict = 0;
153                 for (i = 0; i < 6; i++)
154                         verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
155                            e->sourcemsk[i];
156                 if (FWINV2(verdict != 0, EBT_ISOURCE) )
157                         return 1;
158         }
159         if (e->bitmask & EBT_DESTMAC) {
160                 verdict = 0;
161                 for (i = 0; i < 6; i++)
162                         verdict |= (h->h_dest[i] ^ e->destmac[i]) &
163                            e->destmsk[i];
164                 if (FWINV2(verdict != 0, EBT_IDEST) )
165                         return 1;
166         }
167         return 0;
168 }
169
170 /* Do some firewalling */
171 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
172    const struct net_device *in, const struct net_device *out,
173    struct ebt_table *table)
174 {
175         int i, nentries;
176         struct ebt_entry *point;
177         struct ebt_counter *counter_base, *cb_base;
178         struct ebt_entry_target *t;
179         int verdict, sp = 0;
180         struct ebt_chainstack *cs;
181         struct ebt_entries *chaininfo;
182         char *base;
183         struct ebt_table_info *private;
184
185         read_lock_bh(&table->lock);
186         private = table->private;
187         cb_base = COUNTER_BASE(private->counters, private->nentries,
188            smp_processor_id());
189         if (private->chainstack)
190                 cs = private->chainstack[smp_processor_id()];
191         else
192                 cs = NULL;
193         chaininfo = private->hook_entry[hook];
194         nentries = private->hook_entry[hook]->nentries;
195         point = (struct ebt_entry *)(private->hook_entry[hook]->data);
196         counter_base = cb_base + private->hook_entry[hook]->counter_offset;
197         /* base for chain jumps */
198         base = private->entries;
199         i = 0;
200         while (i < nentries) {
201                 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
202                         goto letscontinue;
203
204                 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
205                         goto letscontinue;
206
207                 /* increase counter */
208                 (*(counter_base + i)).pcnt++;
209                 (*(counter_base + i)).bcnt+=(**pskb).len;
210
211                 /* these should only watch: not modify, nor tell us
212                    what to do with the packet */
213                 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
214                    out);
215
216                 t = (struct ebt_entry_target *)
217                    (((char *)point) + point->target_offset);
218                 /* standard target */
219                 if (!t->u.target->target)
220                         verdict = ((struct ebt_standard_target *)t)->verdict;
221                 else
222                         verdict = t->u.target->target(pskb, hook,
223                            in, out, t->data, t->target_size);
224                 if (verdict == EBT_ACCEPT) {
225                         read_unlock_bh(&table->lock);
226                         return NF_ACCEPT;
227                 }
228                 if (verdict == EBT_DROP) {
229                         read_unlock_bh(&table->lock);
230                         return NF_DROP;
231                 }
232                 if (verdict == EBT_RETURN) {
233 letsreturn:
234 #ifdef CONFIG_NETFILTER_DEBUG
235                         if (sp == 0) {
236                                 BUGPRINT("RETURN on base chain");
237                                 /* act like this is EBT_CONTINUE */
238                                 goto letscontinue;
239                         }
240 #endif
241                         sp--;
242                         /* put all the local variables right */
243                         i = cs[sp].n;
244                         chaininfo = cs[sp].chaininfo;
245                         nentries = chaininfo->nentries;
246                         point = cs[sp].e;
247                         counter_base = cb_base +
248                            chaininfo->counter_offset;
249                         continue;
250                 }
251                 if (verdict == EBT_CONTINUE)
252                         goto letscontinue;
253 #ifdef CONFIG_NETFILTER_DEBUG
254                 if (verdict < 0) {
255                         BUGPRINT("bogus standard verdict\n");
256                         read_unlock_bh(&table->lock);
257                         return NF_DROP;
258                 }
259 #endif
260                 /* jump to a udc */
261                 cs[sp].n = i + 1;
262                 cs[sp].chaininfo = chaininfo;
263                 cs[sp].e = (struct ebt_entry *)
264                    (((char *)point) + point->next_offset);
265                 i = 0;
266                 chaininfo = (struct ebt_entries *) (base + verdict);
267 #ifdef CONFIG_NETFILTER_DEBUG
268                 if (chaininfo->distinguisher) {
269                         BUGPRINT("jump to non-chain\n");
270                         read_unlock_bh(&table->lock);
271                         return NF_DROP;
272                 }
273 #endif
274                 nentries = chaininfo->nentries;
275                 point = (struct ebt_entry *)chaininfo->data;
276                 counter_base = cb_base + chaininfo->counter_offset;
277                 sp++;
278                 continue;
279 letscontinue:
280                 point = (struct ebt_entry *)
281                    (((char *)point) + point->next_offset);
282                 i++;
283         }
284
285         /* I actually like this :) */
286         if (chaininfo->policy == EBT_RETURN)
287                 goto letsreturn;
288         if (chaininfo->policy == EBT_ACCEPT) {
289                 read_unlock_bh(&table->lock);
290                 return NF_ACCEPT;
291         }
292         read_unlock_bh(&table->lock);
293         return NF_DROP;
294 }
295
296 /* If it succeeds, returns element and locks mutex */
297 static inline void *
298 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
299    struct semaphore *mutex)
300 {
301         void *ret;
302
303         *error = down_interruptible(mutex);
304         if (*error != 0)
305                 return NULL;
306
307         ret = list_named_find(head, name);
308         if (!ret) {
309                 *error = -ENOENT;
310                 up(mutex);
311         }
312         return ret;
313 }
314
315 #ifndef CONFIG_KMOD
316 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
317 #else
318 static void *
319 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
320    int *error, struct semaphore *mutex)
321 {
322         void *ret;
323
324         ret = find_inlist_lock_noload(head, name, error, mutex);
325         if (!ret) {
326                 request_module("%s%s", prefix, name);
327                 ret = find_inlist_lock_noload(head, name, error, mutex);
328         }
329         return ret;
330 }
331 #endif
332
333 static inline struct ebt_table *
334 find_table_lock(const char *name, int *error, struct semaphore *mutex)
335 {
336         return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
337 }
338
339 static inline struct ebt_match *
340 find_match_lock(const char *name, int *error, struct semaphore *mutex)
341 {
342         return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
343 }
344
345 static inline struct ebt_watcher *
346 find_watcher_lock(const char *name, int *error, struct semaphore *mutex)
347 {
348         return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
349 }
350
351 static inline struct ebt_target *
352 find_target_lock(const char *name, int *error, struct semaphore *mutex)
353 {
354         return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
355 }
356
357 static inline int
358 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
359    const char *name, unsigned int hookmask, unsigned int *cnt)
360 {
361         struct ebt_match *match;
362         int ret;
363
364         if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
365            ((char *)e) + e->watchers_offset)
366                 return -EINVAL;
367         match = find_match_lock(m->u.name, &ret, &ebt_mutex);
368         if (!match)
369                 return ret;
370         m->u.match = match;
371         if (!try_module_get(match->me)) {
372                 up(&ebt_mutex);
373                 return -ENOENT;
374         }
375         up(&ebt_mutex);
376         if (match->check &&
377            match->check(name, hookmask, e, m->data, m->match_size) != 0) {
378                 BUGPRINT("match->check failed\n");
379                 module_put(match->me);
380                 return -EINVAL;
381         }
382         (*cnt)++;
383         return 0;
384 }
385
386 static inline int
387 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
388    const char *name, unsigned int hookmask, unsigned int *cnt)
389 {
390         struct ebt_watcher *watcher;
391         int ret;
392
393         if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
394            ((char *)e) + e->target_offset)
395                 return -EINVAL;
396         watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
397         if (!watcher)
398                 return ret;
399         w->u.watcher = watcher;
400         if (!try_module_get(watcher->me)) {
401                 up(&ebt_mutex);
402                 return -ENOENT;
403         }
404         up(&ebt_mutex);
405         if (watcher->check &&
406            watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
407                 BUGPRINT("watcher->check failed\n");
408                 module_put(watcher->me);
409                 return -EINVAL;
410         }
411         (*cnt)++;
412         return 0;
413 }
414
415 /*
416  * this one is very careful, as it is the first function
417  * to parse the userspace data
418  */
419 static inline int
420 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
421    struct ebt_table_info *newinfo, char *base, char *limit,
422    struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
423    unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
424 {
425         int i;
426
427         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
428                 if ((valid_hooks & (1 << i)) == 0)
429                         continue;
430                 if ( (char *)hook_entries[i] - base ==
431                    (char *)e - newinfo->entries)
432                         break;
433         }
434         /* beginning of a new chain
435            if i == NF_BR_NUMHOOKS it must be a user defined chain */
436         if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
437                 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
438                         /* we make userspace set this right,
439                            so there is no misunderstanding */
440                         BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
441                                  "in distinguisher\n");
442                         return -EINVAL;
443                 }
444                 /* this checks if the previous chain has as many entries
445                    as it said it has */
446                 if (*n != *cnt) {
447                         BUGPRINT("nentries does not equal the nr of entries "
448                                  "in the chain\n");
449                         return -EINVAL;
450                 }
451                 /* before we look at the struct, be sure it is not too big */
452                 if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
453                    > limit) {
454                         BUGPRINT("entries_size too small\n");
455                         return -EINVAL;
456                 }
457                 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
458                    ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
459                         /* only RETURN from udc */
460                         if (i != NF_BR_NUMHOOKS ||
461                            ((struct ebt_entries *)e)->policy != EBT_RETURN) {
462                                 BUGPRINT("bad policy\n");
463                                 return -EINVAL;
464                         }
465                 }
466                 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
467                         (*udc_cnt)++;
468                 else
469                         newinfo->hook_entry[i] = (struct ebt_entries *)e;
470                 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
471                         BUGPRINT("counter_offset != totalcnt");
472                         return -EINVAL;
473                 }
474                 *n = ((struct ebt_entries *)e)->nentries;
475                 *cnt = 0;
476                 return 0;
477         }
478         /* a plain old entry, heh */
479         if (sizeof(struct ebt_entry) > e->watchers_offset ||
480            e->watchers_offset > e->target_offset ||
481            e->target_offset >= e->next_offset) {
482                 BUGPRINT("entry offsets not in right order\n");
483                 return -EINVAL;
484         }
485         /* this is not checked anywhere else */
486         if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
487                 BUGPRINT("target size too small\n");
488                 return -EINVAL;
489         }
490
491         (*cnt)++;
492         (*totalcnt)++;
493         return 0;
494 }
495
496 struct ebt_cl_stack
497 {
498         struct ebt_chainstack cs;
499         int from;
500         unsigned int hookmask;
501 };
502
503 /*
504  * we need these positions to check that the jumps to a different part of the
505  * entries is a jump to the beginning of a new chain.
506  */
507 static inline int
508 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
509    struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
510    struct ebt_cl_stack *udc)
511 {
512         int i;
513
514         /* we're only interested in chain starts */
515         if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
516                 return 0;
517         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
518                 if ((valid_hooks & (1 << i)) == 0)
519                         continue;
520                 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
521                         break;
522         }
523         /* only care about udc */
524         if (i != NF_BR_NUMHOOKS)
525                 return 0;
526
527         udc[*n].cs.chaininfo = (struct ebt_entries *)e;
528         /* these initialisations are depended on later in check_chainloops() */
529         udc[*n].cs.n = 0;
530         udc[*n].hookmask = 0;
531
532         (*n)++;
533         return 0;
534 }
535
536 static inline int
537 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
538 {
539         if (i && (*i)-- == 0)
540                 return 1;
541         if (m->u.match->destroy)
542                 m->u.match->destroy(m->data, m->match_size);
543         module_put(m->u.match->me);
544
545         return 0;
546 }
547
548 static inline int
549 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
550 {
551         if (i && (*i)-- == 0)
552                 return 1;
553         if (w->u.watcher->destroy)
554                 w->u.watcher->destroy(w->data, w->watcher_size);
555         module_put(w->u.watcher->me);
556
557         return 0;
558 }
559
560 static inline int
561 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
562 {
563         struct ebt_entry_target *t;
564
565         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
566                 return 0;
567         /* we're done */
568         if (cnt && (*cnt)-- == 0)
569                 return 1;
570         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
571         EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
572         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
573         if (t->u.target->destroy)
574                 t->u.target->destroy(t->data, t->target_size);
575         module_put(t->u.target->me);
576
577         return 0;
578 }
579
580 static inline int
581 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
582    const char *name, unsigned int *cnt, unsigned int valid_hooks,
583    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
584 {
585         struct ebt_entry_target *t;
586         struct ebt_target *target;
587         unsigned int i, j, hook = 0, hookmask = 0;
588         int ret;
589
590         /* don't mess with the struct ebt_entries */
591         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
592                 return 0;
593
594         if (e->bitmask & ~EBT_F_MASK) {
595                 BUGPRINT("Unknown flag for bitmask\n");
596                 return -EINVAL;
597         }
598         if (e->invflags & ~EBT_INV_MASK) {
599                 BUGPRINT("Unknown flag for inv bitmask\n");
600                 return -EINVAL;
601         }
602         if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
603                 BUGPRINT("NOPROTO & 802_3 not allowed\n");
604                 return -EINVAL;
605         }
606         /* what hook do we belong to? */
607         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
608                 if ((valid_hooks & (1 << i)) == 0)
609                         continue;
610                 if ((char *)newinfo->hook_entry[i] < (char *)e)
611                         hook = i;
612                 else
613                         break;
614         }
615         /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
616            a base chain */
617         if (i < NF_BR_NUMHOOKS)
618                 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
619         else {
620                 for (i = 0; i < udc_cnt; i++)
621                         if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
622                                 break;
623                 if (i == 0)
624                         hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
625                 else
626                         hookmask = cl_s[i - 1].hookmask;
627         }
628         i = 0;
629         ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
630         if (ret != 0)
631                 goto cleanup_matches;
632         j = 0;
633         ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
634         if (ret != 0)
635                 goto cleanup_watchers;
636         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
637         target = find_target_lock(t->u.name, &ret, &ebt_mutex);
638         if (!target)
639                 goto cleanup_watchers;
640         if (!try_module_get(target->me)) {
641                 up(&ebt_mutex);
642                 ret = -ENOENT;
643                 goto cleanup_watchers;
644         }
645         up(&ebt_mutex);
646
647         t->u.target = target;
648         if (t->u.target == &ebt_standard_target) {
649                 if (e->target_offset + sizeof(struct ebt_standard_target) >
650                    e->next_offset) {
651                         BUGPRINT("Standard target size too big\n");
652                         ret = -EFAULT;
653                         goto cleanup_watchers;
654                 }
655                 if (((struct ebt_standard_target *)t)->verdict <
656                    -NUM_STANDARD_TARGETS) {
657                         BUGPRINT("Invalid standard target\n");
658                         ret = -EFAULT;
659                         goto cleanup_watchers;
660                 }
661         } else if ((e->target_offset + t->target_size +
662            sizeof(struct ebt_entry_target) > e->next_offset) ||
663            (t->u.target->check &&
664            t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
665                 module_put(t->u.target->me);
666                 ret = -EFAULT;
667                 goto cleanup_watchers;
668         }
669         (*cnt)++;
670         return 0;
671 cleanup_watchers:
672         EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
673 cleanup_matches:
674         EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
675         return ret;
676 }
677
678 /*
679  * checks for loops and sets the hook mask for udc
680  * the hook mask for udc tells us from which base chains the udc can be
681  * accessed. This mask is a parameter to the check() functions of the extensions
682  */
683 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
684    unsigned int udc_cnt, unsigned int hooknr, char *base)
685 {
686         int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
687         struct ebt_entry *e = (struct ebt_entry *)chain->data;
688         struct ebt_entry_target *t;
689
690         while (pos < nentries || chain_nr != -1) {
691                 /* end of udc, go back one 'recursion' step */
692                 if (pos == nentries) {
693                         /* put back values of the time when this chain was called */
694                         e = cl_s[chain_nr].cs.e;
695                         if (cl_s[chain_nr].from != -1)
696                                 nentries =
697                                 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
698                         else
699                                 nentries = chain->nentries;
700                         pos = cl_s[chain_nr].cs.n;
701                         /* make sure we won't see a loop that isn't one */
702                         cl_s[chain_nr].cs.n = 0;
703                         chain_nr = cl_s[chain_nr].from;
704                         if (pos == nentries)
705                                 continue;
706                 }
707                 t = (struct ebt_entry_target *)
708                    (((char *)e) + e->target_offset);
709                 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
710                         goto letscontinue;
711                 if (e->target_offset + sizeof(struct ebt_standard_target) >
712                    e->next_offset) {
713                         BUGPRINT("Standard target size too big\n");
714                         return -1;
715                 }
716                 verdict = ((struct ebt_standard_target *)t)->verdict;
717                 if (verdict >= 0) { /* jump to another chain */
718                         struct ebt_entries *hlp2 =
719                            (struct ebt_entries *)(base + verdict);
720                         for (i = 0; i < udc_cnt; i++)
721                                 if (hlp2 == cl_s[i].cs.chaininfo)
722                                         break;
723                         /* bad destination or loop */
724                         if (i == udc_cnt) {
725                                 BUGPRINT("bad destination\n");
726                                 return -1;
727                         }
728                         if (cl_s[i].cs.n) {
729                                 BUGPRINT("loop\n");
730                                 return -1;
731                         }
732                         /* this can't be 0, so the above test is correct */
733                         cl_s[i].cs.n = pos + 1;
734                         pos = 0;
735                         cl_s[i].cs.e = ((void *)e + e->next_offset);
736                         e = (struct ebt_entry *)(hlp2->data);
737                         nentries = hlp2->nentries;
738                         cl_s[i].from = chain_nr;
739                         chain_nr = i;
740                         /* this udc is accessible from the base chain for hooknr */
741                         cl_s[i].hookmask |= (1 << hooknr);
742                         continue;
743                 }
744 letscontinue:
745                 e = (void *)e + e->next_offset;
746                 pos++;
747         }
748         return 0;
749 }
750
751 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
752 static int translate_table(struct ebt_replace *repl,
753    struct ebt_table_info *newinfo)
754 {
755         unsigned int i, j, k, udc_cnt;
756         int ret;
757         struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
758
759         i = 0;
760         while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
761                 i++;
762         if (i == NF_BR_NUMHOOKS) {
763                 BUGPRINT("No valid hooks specified\n");
764                 return -EINVAL;
765         }
766         if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
767                 BUGPRINT("Chains don't start at beginning\n");
768                 return -EINVAL;
769         }
770         /* make sure chains are ordered after each other in same order
771            as their corresponding hooks */
772         for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
773                 if (!(repl->valid_hooks & (1 << j)))
774                         continue;
775                 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
776                         BUGPRINT("Hook order must be followed\n");
777                         return -EINVAL;
778                 }
779                 i = j;
780         }
781
782         for (i = 0; i < NF_BR_NUMHOOKS; i++)
783                 newinfo->hook_entry[i] = NULL;
784
785         newinfo->entries_size = repl->entries_size;
786         newinfo->nentries = repl->nentries;
787
788         /* do some early checkings and initialize some things */
789         i = 0; /* holds the expected nr. of entries for the chain */
790         j = 0; /* holds the up to now counted entries for the chain */
791         k = 0; /* holds the total nr. of entries, should equal
792                   newinfo->nentries afterwards */
793         udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
794         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
795            ebt_check_entry_size_and_hooks, newinfo, repl->entries,
796            repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
797            &udc_cnt, repl->valid_hooks);
798
799         if (ret != 0)
800                 return ret;
801
802         if (i != j) {
803                 BUGPRINT("nentries does not equal the nr of entries in the "
804                          "(last) chain\n");
805                 return -EINVAL;
806         }
807         if (k != newinfo->nentries) {
808                 BUGPRINT("Total nentries is wrong\n");
809                 return -EINVAL;
810         }
811
812         /* check if all valid hooks have a chain */
813         for (i = 0; i < NF_BR_NUMHOOKS; i++) {
814                 if (newinfo->hook_entry[i] == NULL &&
815                    (repl->valid_hooks & (1 << i))) {
816                         BUGPRINT("Valid hook without chain\n");
817                         return -EINVAL;
818                 }
819         }
820
821         /* get the location of the udc, put them in an array
822            while we're at it, allocate the chainstack */
823         if (udc_cnt) {
824                 /* this will get free'd in do_replace()/ebt_register_table()
825                    if an error occurs */
826                 newinfo->chainstack = (struct ebt_chainstack **)
827                    vmalloc((highest_possible_processor_id()+1) 
828                                                 * sizeof(struct ebt_chainstack));
829                 if (!newinfo->chainstack)
830                         return -ENOMEM;
831                 for_each_cpu(i) {
832                         newinfo->chainstack[i] =
833                            vmalloc(udc_cnt * sizeof(struct ebt_chainstack));
834                         if (!newinfo->chainstack[i]) {
835                                 while (i)
836                                         vfree(newinfo->chainstack[--i]);
837                                 vfree(newinfo->chainstack);
838                                 newinfo->chainstack = NULL;
839                                 return -ENOMEM;
840                         }
841                 }
842
843                 cl_s = (struct ebt_cl_stack *)
844                    vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
845                 if (!cl_s)
846                         return -ENOMEM;
847                 i = 0; /* the i'th udc */
848                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
849                    ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
850                    repl->valid_hooks, cl_s);
851                 /* sanity check */
852                 if (i != udc_cnt) {
853                         BUGPRINT("i != udc_cnt\n");
854                         vfree(cl_s);
855                         return -EFAULT;
856                 }
857         }
858
859         /* Check for loops */
860         for (i = 0; i < NF_BR_NUMHOOKS; i++)
861                 if (repl->valid_hooks & (1 << i))
862                         if (check_chainloops(newinfo->hook_entry[i],
863                            cl_s, udc_cnt, i, newinfo->entries)) {
864                                 vfree(cl_s);
865                                 return -EINVAL;
866                         }
867
868         /* we now know the following (along with E=mc²):
869            - the nr of entries in each chain is right
870            - the size of the allocated space is right
871            - all valid hooks have a corresponding chain
872            - there are no loops
873            - wrong data can still be on the level of a single entry
874            - could be there are jumps to places that are not the
875              beginning of a chain. This can only occur in chains that
876              are not accessible from any base chains, so we don't care. */
877
878         /* used to know what we need to clean up if something goes wrong */
879         i = 0;
880         ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
881            ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
882            cl_s, udc_cnt);
883         if (ret != 0) {
884                 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
885                    ebt_cleanup_entry, &i);
886         }
887         vfree(cl_s);
888         return ret;
889 }
890
891 /* called under write_lock */
892 static void get_counters(struct ebt_counter *oldcounters,
893    struct ebt_counter *counters, unsigned int nentries)
894 {
895         int i, cpu;
896         struct ebt_counter *counter_base;
897
898         /* counters of cpu 0 */
899         memcpy(counters, oldcounters,
900                sizeof(struct ebt_counter) * nentries);
901
902         /* add other counters to those of cpu 0 */
903         for_each_cpu(cpu) {
904                 if (cpu == 0)
905                         continue;
906                 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
907                 for (i = 0; i < nentries; i++) {
908                         counters[i].pcnt += counter_base[i].pcnt;
909                         counters[i].bcnt += counter_base[i].bcnt;
910                 }
911         }
912 }
913
914 /* replace the table */
915 static int do_replace(void __user *user, unsigned int len)
916 {
917         int ret, i, countersize;
918         struct ebt_table_info *newinfo;
919         struct ebt_replace tmp;
920         struct ebt_table *t;
921         struct ebt_counter *counterstmp = NULL;
922         /* used to be able to unlock earlier */
923         struct ebt_table_info *table;
924
925         if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
926                 return -EFAULT;
927
928         if (len != sizeof(tmp) + tmp.entries_size) {
929                 BUGPRINT("Wrong len argument\n");
930                 return -EINVAL;
931         }
932
933         if (tmp.entries_size == 0) {
934                 BUGPRINT("Entries_size never zero\n");
935                 return -EINVAL;
936         }
937         countersize = COUNTER_OFFSET(tmp.nentries) * 
938                                         (highest_possible_processor_id()+1);
939         newinfo = (struct ebt_table_info *)
940            vmalloc(sizeof(struct ebt_table_info) + countersize);
941         if (!newinfo)
942                 return -ENOMEM;
943
944         if (countersize)
945                 memset(newinfo->counters, 0, countersize);
946
947         newinfo->entries = (char *)vmalloc(tmp.entries_size);
948         if (!newinfo->entries) {
949                 ret = -ENOMEM;
950                 goto free_newinfo;
951         }
952         if (copy_from_user(
953            newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
954                 BUGPRINT("Couldn't copy entries from userspace\n");
955                 ret = -EFAULT;
956                 goto free_entries;
957         }
958
959         /* the user wants counters back
960            the check on the size is done later, when we have the lock */
961         if (tmp.num_counters) {
962                 counterstmp = (struct ebt_counter *)
963                    vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
964                 if (!counterstmp) {
965                         ret = -ENOMEM;
966                         goto free_entries;
967                 }
968         }
969         else
970                 counterstmp = NULL;
971
972         /* this can get initialized by translate_table() */
973         newinfo->chainstack = NULL;
974         ret = translate_table(&tmp, newinfo);
975
976         if (ret != 0)
977                 goto free_counterstmp;
978
979         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
980         if (!t) {
981                 ret = -ENOENT;
982                 goto free_iterate;
983         }
984
985         /* the table doesn't like it */
986         if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
987                 goto free_unlock;
988
989         if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
990                 BUGPRINT("Wrong nr. of counters requested\n");
991                 ret = -EINVAL;
992                 goto free_unlock;
993         }
994
995         /* we have the mutex lock, so no danger in reading this pointer */
996         table = t->private;
997         /* make sure the table can only be rmmod'ed if it contains no rules */
998         if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
999                 ret = -ENOENT;
1000                 goto free_unlock;
1001         } else if (table->nentries && !newinfo->nentries)
1002                 module_put(t->me);
1003         /* we need an atomic snapshot of the counters */
1004         write_lock_bh(&t->lock);
1005         if (tmp.num_counters)
1006                 get_counters(t->private->counters, counterstmp,
1007                    t->private->nentries);
1008
1009         t->private = newinfo;
1010         write_unlock_bh(&t->lock);
1011         up(&ebt_mutex);
1012         /* so, a user can change the chains while having messed up her counter
1013            allocation. Only reason why this is done is because this way the lock
1014            is held only once, while this doesn't bring the kernel into a
1015            dangerous state. */
1016         if (tmp.num_counters &&
1017            copy_to_user(tmp.counters, counterstmp,
1018            tmp.num_counters * sizeof(struct ebt_counter))) {
1019                 BUGPRINT("Couldn't copy counters to userspace\n");
1020                 ret = -EFAULT;
1021         }
1022         else
1023                 ret = 0;
1024
1025         /* decrease module count and free resources */
1026         EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1027            ebt_cleanup_entry, NULL);
1028
1029         vfree(table->entries);
1030         if (table->chainstack) {
1031                 for_each_cpu(i)
1032                         vfree(table->chainstack[i]);
1033                 vfree(table->chainstack);
1034         }
1035         vfree(table);
1036
1037         vfree(counterstmp);
1038         return ret;
1039
1040 free_unlock:
1041         up(&ebt_mutex);
1042 free_iterate:
1043         EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1044            ebt_cleanup_entry, NULL);
1045 free_counterstmp:
1046         vfree(counterstmp);
1047         /* can be initialized in translate_table() */
1048         if (newinfo->chainstack) {
1049                 for_each_cpu(i)
1050                         vfree(newinfo->chainstack[i]);
1051                 vfree(newinfo->chainstack);
1052         }
1053 free_entries:
1054         vfree(newinfo->entries);
1055 free_newinfo:
1056         vfree(newinfo);
1057         return ret;
1058 }
1059
1060 int ebt_register_target(struct ebt_target *target)
1061 {
1062         int ret;
1063
1064         ret = down_interruptible(&ebt_mutex);
1065         if (ret != 0)
1066                 return ret;
1067         if (!list_named_insert(&ebt_targets, target)) {
1068                 up(&ebt_mutex);
1069                 return -EEXIST;
1070         }
1071         up(&ebt_mutex);
1072
1073         return 0;
1074 }
1075
1076 void ebt_unregister_target(struct ebt_target *target)
1077 {
1078         down(&ebt_mutex);
1079         LIST_DELETE(&ebt_targets, target);
1080         up(&ebt_mutex);
1081 }
1082
1083 int ebt_register_match(struct ebt_match *match)
1084 {
1085         int ret;
1086
1087         ret = down_interruptible(&ebt_mutex);
1088         if (ret != 0)
1089                 return ret;
1090         if (!list_named_insert(&ebt_matches, match)) {
1091                 up(&ebt_mutex);
1092                 return -EEXIST;
1093         }
1094         up(&ebt_mutex);
1095
1096         return 0;
1097 }
1098
1099 void ebt_unregister_match(struct ebt_match *match)
1100 {
1101         down(&ebt_mutex);
1102         LIST_DELETE(&ebt_matches, match);
1103         up(&ebt_mutex);
1104 }
1105
1106 int ebt_register_watcher(struct ebt_watcher *watcher)
1107 {
1108         int ret;
1109
1110         ret = down_interruptible(&ebt_mutex);
1111         if (ret != 0)
1112                 return ret;
1113         if (!list_named_insert(&ebt_watchers, watcher)) {
1114                 up(&ebt_mutex);
1115                 return -EEXIST;
1116         }
1117         up(&ebt_mutex);
1118
1119         return 0;
1120 }
1121
1122 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1123 {
1124         down(&ebt_mutex);
1125         LIST_DELETE(&ebt_watchers, watcher);
1126         up(&ebt_mutex);
1127 }
1128
1129 int ebt_register_table(struct ebt_table *table)
1130 {
1131         struct ebt_table_info *newinfo;
1132         int ret, i, countersize;
1133
1134         if (!table || !table->table ||!table->table->entries ||
1135             table->table->entries_size == 0 ||
1136             table->table->counters || table->private) {
1137                 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1138                 return -EINVAL;
1139         }
1140
1141         countersize = COUNTER_OFFSET(table->table->nentries) *
1142                                         (highest_possible_processor_id()+1);
1143         newinfo = (struct ebt_table_info *)
1144            vmalloc(sizeof(struct ebt_table_info) + countersize);
1145         ret = -ENOMEM;
1146         if (!newinfo)
1147                 return -ENOMEM;
1148
1149         newinfo->entries = (char *)vmalloc(table->table->entries_size);
1150         if (!(newinfo->entries))
1151                 goto free_newinfo;
1152
1153         memcpy(newinfo->entries, table->table->entries,
1154            table->table->entries_size);
1155
1156         if (countersize)
1157                 memset(newinfo->counters, 0, countersize);
1158
1159         /* fill in newinfo and parse the entries */
1160         newinfo->chainstack = NULL;
1161         ret = translate_table(table->table, newinfo);
1162         if (ret != 0) {
1163                 BUGPRINT("Translate_table failed\n");
1164                 goto free_chainstack;
1165         }
1166
1167         if (table->check && table->check(newinfo, table->valid_hooks)) {
1168                 BUGPRINT("The table doesn't like its own initial data, lol\n");
1169                 return -EINVAL;
1170         }
1171
1172         table->private = newinfo;
1173         rwlock_init(&table->lock);
1174         ret = down_interruptible(&ebt_mutex);
1175         if (ret != 0)
1176                 goto free_chainstack;
1177
1178         if (list_named_find(&ebt_tables, table->name)) {
1179                 ret = -EEXIST;
1180                 BUGPRINT("Table name already exists\n");
1181                 goto free_unlock;
1182         }
1183
1184         /* Hold a reference count if the chains aren't empty */
1185         if (newinfo->nentries && !try_module_get(table->me)) {
1186                 ret = -ENOENT;
1187                 goto free_unlock;
1188         }
1189         list_prepend(&ebt_tables, table);
1190         up(&ebt_mutex);
1191         return 0;
1192 free_unlock:
1193         up(&ebt_mutex);
1194 free_chainstack:
1195         if (newinfo->chainstack) {
1196                 for_each_cpu(i)
1197                         vfree(newinfo->chainstack[i]);
1198                 vfree(newinfo->chainstack);
1199         }
1200         vfree(newinfo->entries);
1201 free_newinfo:
1202         vfree(newinfo);
1203         return ret;
1204 }
1205
1206 void ebt_unregister_table(struct ebt_table *table)
1207 {
1208         int i;
1209
1210         if (!table) {
1211                 BUGPRINT("Request to unregister NULL table!!!\n");
1212                 return;
1213         }
1214         down(&ebt_mutex);
1215         LIST_DELETE(&ebt_tables, table);
1216         up(&ebt_mutex);
1217         vfree(table->private->entries);
1218         if (table->private->chainstack) {
1219                 for_each_cpu(i)
1220                         vfree(table->private->chainstack[i]);
1221                 vfree(table->private->chainstack);
1222         }
1223         vfree(table->private);
1224 }
1225
1226 /* userspace just supplied us with counters */
1227 static int update_counters(void __user *user, unsigned int len)
1228 {
1229         int i, ret;
1230         struct ebt_counter *tmp;
1231         struct ebt_replace hlp;
1232         struct ebt_table *t;
1233
1234         if (copy_from_user(&hlp, user, sizeof(hlp)))
1235                 return -EFAULT;
1236
1237         if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1238                 return -EINVAL;
1239         if (hlp.num_counters == 0)
1240                 return -EINVAL;
1241
1242         if ( !(tmp = (struct ebt_counter *)
1243            vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1244                 MEMPRINT("Update_counters && nomemory\n");
1245                 return -ENOMEM;
1246         }
1247
1248         t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1249         if (!t)
1250                 goto free_tmp;
1251
1252         if (hlp.num_counters != t->private->nentries) {
1253                 BUGPRINT("Wrong nr of counters\n");
1254                 ret = -EINVAL;
1255                 goto unlock_mutex;
1256         }
1257
1258         if ( copy_from_user(tmp, hlp.counters,
1259            hlp.num_counters * sizeof(struct ebt_counter)) ) {
1260                 BUGPRINT("Updata_counters && !cfu\n");
1261                 ret = -EFAULT;
1262                 goto unlock_mutex;
1263         }
1264
1265         /* we want an atomic add of the counters */
1266         write_lock_bh(&t->lock);
1267
1268         /* we add to the counters of the first cpu */
1269         for (i = 0; i < hlp.num_counters; i++) {
1270                 t->private->counters[i].pcnt += tmp[i].pcnt;
1271                 t->private->counters[i].bcnt += tmp[i].bcnt;
1272         }
1273
1274         write_unlock_bh(&t->lock);
1275         ret = 0;
1276 unlock_mutex:
1277         up(&ebt_mutex);
1278 free_tmp:
1279         vfree(tmp);
1280         return ret;
1281 }
1282
1283 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1284    char *base, char *ubase)
1285 {
1286         char *hlp = ubase - base + (char *)m;
1287         if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1288                 return -EFAULT;
1289         return 0;
1290 }
1291
1292 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1293    char *base, char *ubase)
1294 {
1295         char *hlp = ubase - base + (char *)w;
1296         if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1297                 return -EFAULT;
1298         return 0;
1299 }
1300
1301 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1302 {
1303         int ret;
1304         char *hlp;
1305         struct ebt_entry_target *t;
1306
1307         if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
1308                 return 0;
1309
1310         hlp = ubase - base + (char *)e + e->target_offset;
1311         t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1312         
1313         ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1314         if (ret != 0)
1315                 return ret;
1316         ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1317         if (ret != 0)
1318                 return ret;
1319         if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1320                 return -EFAULT;
1321         return 0;
1322 }
1323
1324 /* called with ebt_mutex down */
1325 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1326    int *len, int cmd)
1327 {
1328         struct ebt_replace tmp;
1329         struct ebt_counter *counterstmp, *oldcounters;
1330         unsigned int entries_size, nentries;
1331         char *entries;
1332
1333         if (cmd == EBT_SO_GET_ENTRIES) {
1334                 entries_size = t->private->entries_size;
1335                 nentries = t->private->nentries;
1336                 entries = t->private->entries;
1337                 oldcounters = t->private->counters;
1338         } else {
1339                 entries_size = t->table->entries_size;
1340                 nentries = t->table->nentries;
1341                 entries = t->table->entries;
1342                 oldcounters = t->table->counters;
1343         }
1344
1345         if (copy_from_user(&tmp, user, sizeof(tmp))) {
1346                 BUGPRINT("Cfu didn't work\n");
1347                 return -EFAULT;
1348         }
1349
1350         if (*len != sizeof(struct ebt_replace) + entries_size +
1351            (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1352                 BUGPRINT("Wrong size\n");
1353                 return -EINVAL;
1354         }
1355
1356         if (tmp.nentries != nentries) {
1357                 BUGPRINT("Nentries wrong\n");
1358                 return -EINVAL;
1359         }
1360
1361         if (tmp.entries_size != entries_size) {
1362                 BUGPRINT("Wrong size\n");
1363                 return -EINVAL;
1364         }
1365
1366         /* userspace might not need the counters */
1367         if (tmp.num_counters) {
1368                 if (tmp.num_counters != nentries) {
1369                         BUGPRINT("Num_counters wrong\n");
1370                         return -EINVAL;
1371                 }
1372                 counterstmp = (struct ebt_counter *)
1373                    vmalloc(nentries * sizeof(struct ebt_counter));
1374                 if (!counterstmp) {
1375                         MEMPRINT("Couldn't copy counters, out of memory\n");
1376                         return -ENOMEM;
1377                 }
1378                 write_lock_bh(&t->lock);
1379                 get_counters(oldcounters, counterstmp, nentries);
1380                 write_unlock_bh(&t->lock);
1381
1382                 if (copy_to_user(tmp.counters, counterstmp,
1383                    nentries * sizeof(struct ebt_counter))) {
1384                         BUGPRINT("Couldn't copy counters to userspace\n");
1385                         vfree(counterstmp);
1386                         return -EFAULT;
1387                 }
1388                 vfree(counterstmp);
1389         }
1390
1391         if (copy_to_user(tmp.entries, entries, entries_size)) {
1392                 BUGPRINT("Couldn't copy entries to userspace\n");
1393                 return -EFAULT;
1394         }
1395         /* set the match/watcher/target names right */
1396         return EBT_ENTRY_ITERATE(entries, entries_size,
1397            ebt_make_names, entries, tmp.entries);
1398 }
1399
1400 static int do_ebt_set_ctl(struct sock *sk,
1401         int cmd, void __user *user, unsigned int len)
1402 {
1403         int ret;
1404
1405         switch(cmd) {
1406         case EBT_SO_SET_ENTRIES:
1407                 ret = do_replace(user, len);
1408                 break;
1409         case EBT_SO_SET_COUNTERS:
1410                 ret = update_counters(user, len);
1411                 break;
1412         default:
1413                 ret = -EINVAL;
1414   }
1415         return ret;
1416 }
1417
1418 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1419 {
1420         int ret;
1421         struct ebt_replace tmp;
1422         struct ebt_table *t;
1423
1424         if (copy_from_user(&tmp, user, sizeof(tmp)))
1425                 return -EFAULT;
1426
1427         t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1428         if (!t)
1429                 return ret;
1430
1431         switch(cmd) {
1432         case EBT_SO_GET_INFO:
1433         case EBT_SO_GET_INIT_INFO:
1434                 if (*len != sizeof(struct ebt_replace)){
1435                         ret = -EINVAL;
1436                         up(&ebt_mutex);
1437                         break;
1438                 }
1439                 if (cmd == EBT_SO_GET_INFO) {
1440                         tmp.nentries = t->private->nentries;
1441                         tmp.entries_size = t->private->entries_size;
1442                         tmp.valid_hooks = t->valid_hooks;
1443                 } else {
1444                         tmp.nentries = t->table->nentries;
1445                         tmp.entries_size = t->table->entries_size;
1446                         tmp.valid_hooks = t->table->valid_hooks;
1447                 }
1448                 up(&ebt_mutex);
1449                 if (copy_to_user(user, &tmp, *len) != 0){
1450                         BUGPRINT("c2u Didn't work\n");
1451                         ret = -EFAULT;
1452                         break;
1453                 }
1454                 ret = 0;
1455                 break;
1456
1457         case EBT_SO_GET_ENTRIES:
1458         case EBT_SO_GET_INIT_ENTRIES:
1459                 ret = copy_everything_to_user(t, user, len, cmd);
1460                 up(&ebt_mutex);
1461                 break;
1462
1463         default:
1464                 up(&ebt_mutex);
1465                 ret = -EINVAL;
1466         }
1467
1468         return ret;
1469 }
1470
1471 static struct nf_sockopt_ops ebt_sockopts =
1472 { { NULL, NULL }, PF_INET, EBT_BASE_CTL, EBT_SO_SET_MAX + 1, do_ebt_set_ctl,
1473     EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL
1474 };
1475
1476 static int __init init(void)
1477 {
1478         int ret;
1479
1480         down(&ebt_mutex);
1481         list_named_insert(&ebt_targets, &ebt_standard_target);
1482         up(&ebt_mutex);
1483         if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1484                 return ret;
1485
1486         printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1487         return 0;
1488 }
1489
1490 static void __exit fini(void)
1491 {
1492         nf_unregister_sockopt(&ebt_sockopts);
1493         printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1494 }
1495
1496 EXPORT_SYMBOL(ebt_register_table);
1497 EXPORT_SYMBOL(ebt_unregister_table);
1498 EXPORT_SYMBOL(ebt_register_match);
1499 EXPORT_SYMBOL(ebt_unregister_match);
1500 EXPORT_SYMBOL(ebt_register_watcher);
1501 EXPORT_SYMBOL(ebt_unregister_watcher);
1502 EXPORT_SYMBOL(ebt_register_target);
1503 EXPORT_SYMBOL(ebt_unregister_target);
1504 EXPORT_SYMBOL(ebt_do_table);
1505 module_init(init);
1506 module_exit(fini);
1507 MODULE_LICENSE("GPL");