]> bbs.cooldavid.org Git - net-next-2.6.git/blame - net/bridge/netfilter/ebtables.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netfilter: xtables: consolidate code into xt_request_find_match
[net-next-2.6.git] / net / bridge / netfilter / ebtables.c
CommitLineData
1da177e4
LT		 1/*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
ff67e4e4 17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
1da177e4
LT		 18#include <linux/kmod.h>
19#include <linux/module.h>
20#include <linux/vmalloc.h>
18219d3f 21#include <linux/netfilter/x_tables.h>
1da177e4
LT		 22#include <linux/netfilter_bridge/ebtables.h>
23#include <linux/spinlock.h>
df0933dc 24#include <linux/mutex.h>
1da177e4
LT		 25#include <asm/uaccess.h>
26#include <linux/smp.h>
c8923c6b 27#include <linux/cpumask.h>
1da177e4
LT		 28#include <net/sock.h>
29/* needed for logical [in,out]-dev filtering */
30#include "../br_private.h"
31
1da177e4 32#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
9d6f229f 33 "report to author: "format, ## args)
1da177e4 34/* #define BUGPRINT(format, args...) */
1da177e4
LT		 35
36/*
37 * Each cpu has its own set of counters, so there is no need for write_lock in
38 * the softirq
39 * For reading or updating the counters, the user context needs to
40 * get a write_lock
41 */
42
43/* The size of each set of counters is altered to get cache alignment */
44#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
45#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
46#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
47 COUNTER_OFFSET(n) * cpu))
48
49
50
57b47a53 51static DEFINE_MUTEX(ebt_mutex);
1da177e4 52
81e675c2
FW		 53#ifdef CONFIG_COMPAT
54static void ebt_standard_compat_from_user(void *dst, const void *src)
55{
56 int v = *(compat_int_t *)src;
57
58 if (v >= 0)
59 v += xt_compat_calc_jump(NFPROTO_BRIDGE, v);
60 memcpy(dst, &v, sizeof(v));
61}
62
63static int ebt_standard_compat_to_user(void __user *dst, const void *src)
64{
65 compat_int_t cv = *(int *)src;
66
67 if (cv >= 0)
68 cv -= xt_compat_calc_jump(NFPROTO_BRIDGE, cv);
69 return copy_to_user(dst, &cv, sizeof(cv)) ? -EFAULT : 0;
70}
71#endif
72
73
043ef46c 74static struct xt_target ebt_standard_target = {
001a18d3
JE		 75 .name = "standard",
76 .revision = 0,
77 .family = NFPROTO_BRIDGE,
043ef46c 78 .targetsize = sizeof(int),
81e675c2
FW		 79#ifdef CONFIG_COMPAT
80 .compatsize = sizeof(compat_int_t),
81 .compat_from_user = ebt_standard_compat_from_user,
82 .compat_to_user = ebt_standard_compat_to_user,
83#endif
18219d3f 84};
1da177e4 85
7eb35586
JE		 86static inline int
87ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
88 struct xt_target_param *par)
1da177e4 89{
7eb35586
JE		 90 par->target = w->u.watcher;
91 par->targinfo = w->data;
92 w->u.watcher->target(skb, par);
1da177e4
LT		 93 /* watchers don't give a verdict */
94 return 0;
95}
96
97static inline int ebt_do_match (struct ebt_entry_match *m,
f7108a20 98 const struct sk_buff *skb, struct xt_match_param *par)
1da177e4 99{
f7108a20
JE		 100 par->match = m->u.match;
101 par->matchinfo = m->data;
d61ba9fd 102 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
1da177e4
LT		 103}
104
d5d1baa1
JE		 105static inline int
106ebt_dev_check(const char *entry, const struct net_device *device)
1da177e4
LT		 107{
108 int i = 0;
f3d8b2e4 109 const char *devname;
1da177e4
LT		 110
111 if (*entry == '\0')
112 return 0;
113 if (!device)
114 return 1;
f3d8b2e4 115 devname = device->name;
1da177e4
LT		 116 /* 1 is the wildcard token */
117 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
118 i++;
119 return (devname[i] != entry[i] && entry[i] != 1);
120}
121
122#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
123/* process standard matches */
d5d1baa1
JE		 124static inline int
125ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h,
126 const struct net_device *in, const struct net_device *out)
1da177e4
LT		 127{
128 int verdict, i;
129
130 if (e->bitmask & EBT_802_3) {
131 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
132 return 1;
133 } else if (!(e->bitmask & EBT_NOPROTO) &&
134 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
135 return 1;
136
137 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
138 return 1;
139 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
140 return 1;
141 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
142 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
143 return 1;
144 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
145 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
146 return 1;
147
148 if (e->bitmask & EBT_SOURCEMAC) {
149 verdict = 0;
150 for (i = 0; i < 6; i++)
151 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
152 e->sourcemsk[i];
153 if (FWINV2(verdict != 0, EBT_ISOURCE) )
154 return 1;
155 }
156 if (e->bitmask & EBT_DESTMAC) {
157 verdict = 0;
158 for (i = 0; i < 6; i++)
159 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
160 e->destmsk[i];
161 if (FWINV2(verdict != 0, EBT_IDEST) )
162 return 1;
163 }
164 return 0;
165}
166
98e86403
JE		 167static inline __pure
168struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
169{
170 return (void *)entry + entry->next_offset;
171}
172
1da177e4 173/* Do some firewalling */
3db05fea 174unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
1da177e4
LT		 175 const struct net_device *in, const struct net_device *out,
176 struct ebt_table *table)
177{
178 int i, nentries;
179 struct ebt_entry *point;
180 struct ebt_counter *counter_base, *cb_base;
d5d1baa1 181 const struct ebt_entry_target *t;
1da177e4
LT		 182 int verdict, sp = 0;
183 struct ebt_chainstack *cs;
184 struct ebt_entries *chaininfo;
d5d1baa1
JE		 185 const char *base;
186 const struct ebt_table_info *private;
5365f802 187 bool hotdrop = false;
f7108a20 188 struct xt_match_param mtpar;
7eb35586 189 struct xt_target_param tgpar;
f7108a20 190
916a917d 191 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
7eb35586
JE		 192 mtpar.in = tgpar.in = in;
193 mtpar.out = tgpar.out = out;
f7108a20 194 mtpar.hotdrop = &hotdrop;
a5e78820 195 mtpar.hooknum = tgpar.hooknum = hook;
1da177e4
LT		 196
197 read_lock_bh(&table->lock);
198 private = table->private;
199 cb_base = COUNTER_BASE(private->counters, private->nentries,
200 smp_processor_id());
201 if (private->chainstack)
202 cs = private->chainstack[smp_processor_id()];
203 else
204 cs = NULL;
205 chaininfo = private->hook_entry[hook];
206 nentries = private->hook_entry[hook]->nentries;
207 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
208 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
209 /* base for chain jumps */
210 base = private->entries;
211 i = 0;
212 while (i < nentries) {
3db05fea 213 if (ebt_basic_match(point, eth_hdr(skb), in, out))
1da177e4
LT		 214 goto letscontinue;
215
f7108a20 216 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
1da177e4 217 goto letscontinue;
5365f802
JE		 218 if (hotdrop) {
219 read_unlock_bh(&table->lock);
220 return NF_DROP;
221 }
1da177e4
LT		 222
223 /* increase counter */
224 (*(counter_base + i)).pcnt++;
3db05fea 225 (*(counter_base + i)).bcnt += skb->len;
1da177e4
LT		 226
227 /* these should only watch: not modify, nor tell us
228 what to do with the packet */
7eb35586 229 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
1da177e4
LT		 230
231 t = (struct ebt_entry_target *)
232 (((char *)point) + point->target_offset);
233 /* standard target */
234 if (!t->u.target->target)
235 verdict = ((struct ebt_standard_target *)t)->verdict;
7eb35586
JE		 236 else {
237 tgpar.target = t->u.target;
238 tgpar.targinfo = t->data;
239 verdict = t->u.target->target(skb, &tgpar);
240 }
1da177e4
LT		 241 if (verdict == EBT_ACCEPT) {
242 read_unlock_bh(&table->lock);
243 return NF_ACCEPT;
244 }
245 if (verdict == EBT_DROP) {
246 read_unlock_bh(&table->lock);
247 return NF_DROP;
248 }
249 if (verdict == EBT_RETURN) {
250letsreturn:
251#ifdef CONFIG_NETFILTER_DEBUG
252 if (sp == 0) {
253 BUGPRINT("RETURN on base chain");
254 /* act like this is EBT_CONTINUE */
255 goto letscontinue;
256 }
257#endif
258 sp--;
259 /* put all the local variables right */
260 i = cs[sp].n;
261 chaininfo = cs[sp].chaininfo;
262 nentries = chaininfo->nentries;
263 point = cs[sp].e;
264 counter_base = cb_base +
265 chaininfo->counter_offset;
266 continue;
267 }
268 if (verdict == EBT_CONTINUE)
269 goto letscontinue;
270#ifdef CONFIG_NETFILTER_DEBUG
271 if (verdict < 0) {
272 BUGPRINT("bogus standard verdict\n");
273 read_unlock_bh(&table->lock);
274 return NF_DROP;
275 }
276#endif
277 /* jump to a udc */
278 cs[sp].n = i + 1;
279 cs[sp].chaininfo = chaininfo;
98e86403 280 cs[sp].e = ebt_next_entry(point);
1da177e4
LT		 281 i = 0;
282 chaininfo = (struct ebt_entries *) (base + verdict);
283#ifdef CONFIG_NETFILTER_DEBUG
284 if (chaininfo->distinguisher) {
285 BUGPRINT("jump to non-chain\n");
286 read_unlock_bh(&table->lock);
287 return NF_DROP;
288 }
289#endif
290 nentries = chaininfo->nentries;
291 point = (struct ebt_entry *)chaininfo->data;
292 counter_base = cb_base + chaininfo->counter_offset;
293 sp++;
294 continue;
295letscontinue:
98e86403 296 point = ebt_next_entry(point);
1da177e4
LT		 297 i++;
298 }
299
300 /* I actually like this :) */
301 if (chaininfo->policy == EBT_RETURN)
302 goto letsreturn;
303 if (chaininfo->policy == EBT_ACCEPT) {
304 read_unlock_bh(&table->lock);
305 return NF_ACCEPT;
306 }
307 read_unlock_bh(&table->lock);
308 return NF_DROP;
309}
310
311/* If it succeeds, returns element and locks mutex */
312static inline void *
313find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
57b47a53 314 struct mutex *mutex)
1da177e4 315{
df0933dc
PM		 316 struct {
317 struct list_head list;
318 char name[EBT_FUNCTION_MAXNAMELEN];
319 } *e;
1da177e4 320
57b47a53 321 *error = mutex_lock_interruptible(mutex);
1da177e4
LT		 322 if (*error != 0)
323 return NULL;
324
df0933dc
PM		 325 list_for_each_entry(e, head, list) {
326 if (strcmp(e->name, name) == 0)
327 return e;
1da177e4 328 }
df0933dc
PM		 329 *error = -ENOENT;
330 mutex_unlock(mutex);
331 return NULL;
1da177e4
LT		 332}
333
1da177e4
LT		 334static void *
335find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
57b47a53 336 int *error, struct mutex *mutex)
1da177e4 337{
95a5afca
JB		 338 return try_then_request_module(
339 find_inlist_lock_noload(head, name, error, mutex),
340 "%s%s", prefix, name);
1da177e4 341}
1da177e4
LT		 342
343static inline struct ebt_table *
511061e2
AD		 344find_table_lock(struct net *net, const char *name, int *error,
345 struct mutex *mutex)
1da177e4 346{
511061e2
AD		 347 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
348 "ebtable_", error, mutex);
1da177e4
LT		 349}
350
1da177e4 351static inline int
9b4fce7a
JE		 352ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
353 unsigned int *cnt)
1da177e4 354{
9b4fce7a 355 const struct ebt_entry *e = par->entryinfo;
043ef46c 356 struct xt_match *match;
14197d54 357 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
1da177e4
LT		 358 int ret;
359
14197d54
AV		 360 if (left < sizeof(struct ebt_entry_match) ||
361 left - sizeof(struct ebt_entry_match) < m->match_size)
1da177e4 362 return -EINVAL;
043ef46c 363
fd0ec0e6 364 match = xt_request_find_match(NFPROTO_BRIDGE, m->u.name, 0);
043ef46c
JE		 365 if (IS_ERR(match))
366 return PTR_ERR(match);
043ef46c
JE		 367 m->u.match = match;
368
9b4fce7a
JE		 369 par->match = match;
370 par->matchinfo = m->data;
916a917d 371 ret = xt_check_match(par, m->match_size,
9b4fce7a 372 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 373 if (ret < 0) {
374 module_put(match->me);
375 return ret;
1da177e4 376 }
043ef46c 377
1da177e4
LT		 378 (*cnt)++;
379 return 0;
380}
381
382static inline int
af5d6dc2
JE		 383ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
384 unsigned int *cnt)
1da177e4 385{
af5d6dc2 386 const struct ebt_entry *e = par->entryinfo;
043ef46c 387 struct xt_target *watcher;
14197d54 388 size_t left = ((char *)e + e->target_offset) - (char *)w;
1da177e4
LT		 389 int ret;
390
14197d54
AV		 391 if (left < sizeof(struct ebt_entry_watcher) ||
392 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
1da177e4 393 return -EINVAL;
043ef46c 394
d2a7b6ba 395 watcher = xt_request_find_target(NFPROTO_BRIDGE, w->u.name, 0);
043ef46c
JE		 396 if (IS_ERR(watcher))
397 return PTR_ERR(watcher);
043ef46c
JE		 398 w->u.watcher = watcher;
399
af5d6dc2
JE		 400 par->target = watcher;
401 par->targinfo = w->data;
916a917d 402 ret = xt_check_target(par, w->watcher_size,
af5d6dc2 403 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 404 if (ret < 0) {
405 module_put(watcher->me);
406 return ret;
1da177e4 407 }
043ef46c 408
1da177e4
LT		 409 (*cnt)++;
410 return 0;
411}
412
d5d1baa1 413static int ebt_verify_pointers(const struct ebt_replace *repl,
70fe9af4 414 struct ebt_table_info *newinfo)
1da177e4 415{
70fe9af4
AV		 416 unsigned int limit = repl->entries_size;
417 unsigned int valid_hooks = repl->valid_hooks;
418 unsigned int offset = 0;
1da177e4
LT		 419 int i;
420
e4fd77de
AV		 421 for (i = 0; i < NF_BR_NUMHOOKS; i++)
422 newinfo->hook_entry[i] = NULL;
423
424 newinfo->entries_size = repl->entries_size;
425 newinfo->nentries = repl->nentries;
426
70fe9af4
AV		 427 while (offset < limit) {
428 size_t left = limit - offset;
429 struct ebt_entry *e = (void *)newinfo->entries + offset;
bb2ef25c 430
70fe9af4 431 if (left < sizeof(unsigned int))
1da177e4 432 break;
70fe9af4
AV		 433
434 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
435 if ((valid_hooks & (1 << i)) == 0)
436 continue;
1e419cd9
AV		 437 if ((char __user *)repl->hook_entry[i] ==
438 repl->entries + offset)
70fe9af4
AV		 439 break;
440 }
441
442 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
443 if (e->bitmask != 0) {
444 /* we make userspace set this right,
445 so there is no misunderstanding */
446 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
447 "in distinguisher\n");
448 return -EINVAL;
449 }
450 if (i != NF_BR_NUMHOOKS)
451 newinfo->hook_entry[i] = (struct ebt_entries *)e;
452 if (left < sizeof(struct ebt_entries))
453 break;
454 offset += sizeof(struct ebt_entries);
455 } else {
456 if (left < sizeof(struct ebt_entry))
457 break;
458 if (left < e->next_offset)
459 break;
1756de26
FW		 460 if (e->next_offset < sizeof(struct ebt_entry))
461 return -EINVAL;
70fe9af4 462 offset += e->next_offset;
1da177e4 463 }
22b440bf 464 }
70fe9af4
AV		 465 if (offset != limit) {
466 BUGPRINT("entries_size too small\n");
467 return -EINVAL;
468 }
e4fd77de
AV		 469
470 /* check if all valid hooks have a chain */
471 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
472 if (!newinfo->hook_entry[i] &&
473 (valid_hooks & (1 << i))) {
474 BUGPRINT("Valid hook without chain\n");
475 return -EINVAL;
476 }
477 }
22b440bf 478 return 0;
22b440bf
AV		 479}
480
481/*
482 * this one is very careful, as it is the first function
483 * to parse the userspace data
484 */
485static inline int
d5d1baa1
JE		 486ebt_check_entry_size_and_hooks(const struct ebt_entry *e,
487 const struct ebt_table_info *newinfo,
0e795531
AV		 488 unsigned int *n, unsigned int *cnt,
489 unsigned int *totalcnt, unsigned int *udc_cnt)
22b440bf 490{
22b440bf
AV		 491 int i;
492
493 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
0e795531 494 if ((void *)e == (void *)newinfo->hook_entry[i])
22b440bf
AV		 495 break;
496 }
497 /* beginning of a new chain
498 if i == NF_BR_NUMHOOKS it must be a user defined chain */
499 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
1da177e4
LT		 500 /* this checks if the previous chain has as many entries
501 as it said it has */
502 if (*n != *cnt) {
503 BUGPRINT("nentries does not equal the nr of entries "
9d6f229f 504 "in the chain\n");
1da177e4
LT		 505 return -EINVAL;
506 }
1da177e4
LT		 507 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
508 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
509 /* only RETURN from udc */
510 if (i != NF_BR_NUMHOOKS ||
511 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
512 BUGPRINT("bad policy\n");
513 return -EINVAL;
514 }
515 }
516 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
517 (*udc_cnt)++;
1da177e4
LT		 518 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
519 BUGPRINT("counter_offset != totalcnt");
520 return -EINVAL;
521 }
522 *n = ((struct ebt_entries *)e)->nentries;
523 *cnt = 0;
524 return 0;
525 }
526 /* a plain old entry, heh */
527 if (sizeof(struct ebt_entry) > e->watchers_offset ||
528 e->watchers_offset > e->target_offset ||
529 e->target_offset >= e->next_offset) {
530 BUGPRINT("entry offsets not in right order\n");
531 return -EINVAL;
532 }
533 /* this is not checked anywhere else */
534 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
535 BUGPRINT("target size too small\n");
536 return -EINVAL;
537 }
1da177e4
LT		 538 (*cnt)++;
539 (*totalcnt)++;
540 return 0;
541}
542
543struct ebt_cl_stack
544{
545 struct ebt_chainstack cs;
546 int from;
547 unsigned int hookmask;
548};
549
550/*
551 * we need these positions to check that the jumps to a different part of the
552 * entries is a jump to the beginning of a new chain.
553 */
554static inline int
555ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
177abc34 556 unsigned int *n, struct ebt_cl_stack *udc)
1da177e4
LT		 557{
558 int i;
559
560 /* we're only interested in chain starts */
40642f95 561 if (e->bitmask)
1da177e4
LT		 562 return 0;
563 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1da177e4
LT		 564 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
565 break;
566 }
567 /* only care about udc */
568 if (i != NF_BR_NUMHOOKS)
569 return 0;
570
571 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
572 /* these initialisations are depended on later in check_chainloops() */
573 udc[*n].cs.n = 0;
574 udc[*n].hookmask = 0;
575
576 (*n)++;
577 return 0;
578}
579
580static inline int
f54e9367 581ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
1da177e4 582{
6be3d859
JE		 583 struct xt_mtdtor_param par;
584
1da177e4
LT		 585 if (i && (*i)-- == 0)
586 return 1;
1da177e4 587
f54e9367 588 par.net = net;
6be3d859
JE		 589 par.match = m->u.match;
590 par.matchinfo = m->data;
916a917d 591 par.family = NFPROTO_BRIDGE;
6be3d859
JE		 592 if (par.match->destroy != NULL)
593 par.match->destroy(&par);
594 module_put(par.match->me);
1da177e4
LT		 595 return 0;
596}
597
598static inline int
add67461 599ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
1da177e4 600{
a2df1648
JE		 601 struct xt_tgdtor_param par;
602
1da177e4
LT		 603 if (i && (*i)-- == 0)
604 return 1;
1da177e4 605
add67461 606 par.net = net;
a2df1648
JE		 607 par.target = w->u.watcher;
608 par.targinfo = w->data;
916a917d 609 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 610 if (par.target->destroy != NULL)
611 par.target->destroy(&par);
612 module_put(par.target->me);
1da177e4
LT		 613 return 0;
614}
615
616static inline int
f54e9367 617ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
1da177e4 618{
a2df1648 619 struct xt_tgdtor_param par;
1da177e4
LT		 620 struct ebt_entry_target *t;
621
40642f95 622 if (e->bitmask == 0)
1da177e4
LT		 623 return 0;
624 /* we're done */
625 if (cnt && (*cnt)-- == 0)
626 return 1;
add67461 627 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
f54e9367 628 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
1da177e4 629 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1da177e4 630
add67461 631 par.net = net;
a2df1648
JE		 632 par.target = t->u.target;
633 par.targinfo = t->data;
916a917d 634 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 635 if (par.target->destroy != NULL)
636 par.target->destroy(&par);
637 module_put(par.target->me);
1da177e4
LT		 638 return 0;
639}
640
641static inline int
d5d1baa1
JE		 642ebt_check_entry(struct ebt_entry *e, struct net *net,
643 const struct ebt_table_info *newinfo,
f7da79d9 644 const char *name, unsigned int *cnt,
1da177e4
LT		 645 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
646{
647 struct ebt_entry_target *t;
043ef46c 648 struct xt_target *target;
1da177e4 649 unsigned int i, j, hook = 0, hookmask = 0;
44f9a2fd 650 size_t gap;
1da177e4 651 int ret;
6be3d859 652 struct xt_mtchk_param mtpar;
af5d6dc2 653 struct xt_tgchk_param tgpar;
1da177e4
LT		 654
655 /* don't mess with the struct ebt_entries */
40642f95 656 if (e->bitmask == 0)
1da177e4
LT		 657 return 0;
658
659 if (e->bitmask & ~EBT_F_MASK) {
660 BUGPRINT("Unknown flag for bitmask\n");
661 return -EINVAL;
662 }
663 if (e->invflags & ~EBT_INV_MASK) {
664 BUGPRINT("Unknown flag for inv bitmask\n");
665 return -EINVAL;
666 }
667 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
668 BUGPRINT("NOPROTO & 802_3 not allowed\n");
669 return -EINVAL;
670 }
671 /* what hook do we belong to? */
672 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
f7da79d9 673 if (!newinfo->hook_entry[i])
1da177e4
LT		 674 continue;
675 if ((char *)newinfo->hook_entry[i] < (char *)e)
676 hook = i;
677 else
678 break;
679 }
680 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
681 a base chain */
682 if (i < NF_BR_NUMHOOKS)
683 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
684 else {
685 for (i = 0; i < udc_cnt; i++)
686 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
687 break;
688 if (i == 0)
689 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
690 else
691 hookmask = cl_s[i - 1].hookmask;
692 }
693 i = 0;
9b4fce7a 694
add67461 695 mtpar.net = tgpar.net = net;
af5d6dc2
JE		 696 mtpar.table = tgpar.table = name;
697 mtpar.entryinfo = tgpar.entryinfo = e;
698 mtpar.hook_mask = tgpar.hook_mask = hookmask;
916a917d 699 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
6be3d859 700 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
1da177e4
LT		 701 if (ret != 0)
702 goto cleanup_matches;
703 j = 0;
af5d6dc2 704 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
1da177e4
LT		 705 if (ret != 0)
706 goto cleanup_watchers;
707 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
44f9a2fd 708 gap = e->next_offset - e->target_offset;
1da177e4 709
d2a7b6ba 710 target = xt_request_find_target(NFPROTO_BRIDGE, t->u.name, 0);
043ef46c
JE		 711 if (IS_ERR(target)) {
712 ret = PTR_ERR(target);
001a18d3 713 goto cleanup_watchers;
001a18d3
JE		 714 }
715
1da177e4
LT		 716 t->u.target = target;
717 if (t->u.target == &ebt_standard_target) {
14197d54 718 if (gap < sizeof(struct ebt_standard_target)) {
1da177e4
LT		 719 BUGPRINT("Standard target size too big\n");
720 ret = -EFAULT;
721 goto cleanup_watchers;
722 }
723 if (((struct ebt_standard_target *)t)->verdict <
724 -NUM_STANDARD_TARGETS) {
725 BUGPRINT("Invalid standard target\n");
726 ret = -EFAULT;
727 goto cleanup_watchers;
728 }
18219d3f
JE		 729 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
730 module_put(t->u.target->me);
731 ret = -EFAULT;
732 goto cleanup_watchers;
043ef46c
JE		 733 }
734
af5d6dc2
JE		 735 tgpar.target = target;
736 tgpar.targinfo = t->data;
916a917d 737 ret = xt_check_target(&tgpar, t->target_size,
af5d6dc2 738 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 739 if (ret < 0) {
740 module_put(target->me);
18219d3f 741 goto cleanup_watchers;
1da177e4
LT		 742 }
743 (*cnt)++;
744 return 0;
745cleanup_watchers:
add67461 746 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
1da177e4 747cleanup_matches:
f54e9367 748 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
1da177e4
LT		 749 return ret;
750}
751
752/*
753 * checks for loops and sets the hook mask for udc
754 * the hook mask for udc tells us from which base chains the udc can be
755 * accessed. This mask is a parameter to the check() functions of the extensions
756 */
d5d1baa1 757static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
1da177e4
LT		 758 unsigned int udc_cnt, unsigned int hooknr, char *base)
759{
760 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
d5d1baa1
JE		 761 const struct ebt_entry *e = (struct ebt_entry *)chain->data;
762 const struct ebt_entry_target *t;
1da177e4
LT		 763
764 while (pos < nentries || chain_nr != -1) {
765 /* end of udc, go back one 'recursion' step */
766 if (pos == nentries) {
767 /* put back values of the time when this chain was called */
768 e = cl_s[chain_nr].cs.e;
769 if (cl_s[chain_nr].from != -1)
770 nentries =
771 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
772 else
773 nentries = chain->nentries;
774 pos = cl_s[chain_nr].cs.n;
775 /* make sure we won't see a loop that isn't one */
776 cl_s[chain_nr].cs.n = 0;
777 chain_nr = cl_s[chain_nr].from;
778 if (pos == nentries)
779 continue;
780 }
781 t = (struct ebt_entry_target *)
782 (((char *)e) + e->target_offset);
783 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
784 goto letscontinue;
785 if (e->target_offset + sizeof(struct ebt_standard_target) >
786 e->next_offset) {
787 BUGPRINT("Standard target size too big\n");
788 return -1;
789 }
790 verdict = ((struct ebt_standard_target *)t)->verdict;
791 if (verdict >= 0) { /* jump to another chain */
792 struct ebt_entries *hlp2 =
793 (struct ebt_entries *)(base + verdict);
794 for (i = 0; i < udc_cnt; i++)
795 if (hlp2 == cl_s[i].cs.chaininfo)
796 break;
797 /* bad destination or loop */
798 if (i == udc_cnt) {
799 BUGPRINT("bad destination\n");
800 return -1;
801 }
802 if (cl_s[i].cs.n) {
803 BUGPRINT("loop\n");
804 return -1;
805 }
98a0824a
AV		 806 if (cl_s[i].hookmask & (1 << hooknr))
807 goto letscontinue;
808 /* this can't be 0, so the loop test is correct */
1da177e4
LT		 809 cl_s[i].cs.n = pos + 1;
810 pos = 0;
98e86403 811 cl_s[i].cs.e = ebt_next_entry(e);
1da177e4
LT		 812 e = (struct ebt_entry *)(hlp2->data);
813 nentries = hlp2->nentries;
814 cl_s[i].from = chain_nr;
815 chain_nr = i;
816 /* this udc is accessible from the base chain for hooknr */
817 cl_s[i].hookmask |= (1 << hooknr);
818 continue;
819 }
820letscontinue:
98e86403 821 e = ebt_next_entry(e);
1da177e4
LT		 822 pos++;
823 }
824 return 0;
825}
826
827/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
d5d1baa1 828static int translate_table(struct net *net, const char *name,
a83d8e8d 829 struct ebt_table_info *newinfo)
1da177e4
LT		 830{
831 unsigned int i, j, k, udc_cnt;
832 int ret;
833 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
834
835 i = 0;
1f072c96 836 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
1da177e4
LT		 837 i++;
838 if (i == NF_BR_NUMHOOKS) {
839 BUGPRINT("No valid hooks specified\n");
840 return -EINVAL;
841 }
1f072c96 842 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
1da177e4
LT		 843 BUGPRINT("Chains don't start at beginning\n");
844 return -EINVAL;
845 }
846 /* make sure chains are ordered after each other in same order
847 as their corresponding hooks */
848 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
1f072c96 849 if (!newinfo->hook_entry[j])
1da177e4 850 continue;
1f072c96 851 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
1da177e4
LT		 852 BUGPRINT("Hook order must be followed\n");
853 return -EINVAL;
854 }
855 i = j;
856 }
857
1da177e4
LT		 858 /* do some early checkings and initialize some things */
859 i = 0; /* holds the expected nr. of entries for the chain */
860 j = 0; /* holds the up to now counted entries for the chain */
861 k = 0; /* holds the total nr. of entries, should equal
9d6f229f 862 newinfo->nentries afterwards */
1da177e4
LT		 863 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
864 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
0e795531
AV		 865 ebt_check_entry_size_and_hooks, newinfo,
866 &i, &j, &k, &udc_cnt);
1da177e4
LT		 867
868 if (ret != 0)
869 return ret;
870
871 if (i != j) {
872 BUGPRINT("nentries does not equal the nr of entries in the "
9d6f229f 873 "(last) chain\n");
1da177e4
LT		 874 return -EINVAL;
875 }
876 if (k != newinfo->nentries) {
877 BUGPRINT("Total nentries is wrong\n");
878 return -EINVAL;
879 }
880
1da177e4
LT		 881 /* get the location of the udc, put them in an array
882 while we're at it, allocate the chainstack */
883 if (udc_cnt) {
884 /* this will get free'd in do_replace()/ebt_register_table()
885 if an error occurs */
7ad4d2f6 886 newinfo->chainstack =
53b8a315 887 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
1da177e4
LT		 888 if (!newinfo->chainstack)
889 return -ENOMEM;
6f912042 890 for_each_possible_cpu(i) {
1da177e4 891 newinfo->chainstack[i] =
18bc89aa 892 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
1da177e4
LT		 893 if (!newinfo->chainstack[i]) {
894 while (i)
895 vfree(newinfo->chainstack[--i]);
896 vfree(newinfo->chainstack);
897 newinfo->chainstack = NULL;
898 return -ENOMEM;
899 }
900 }
901
18bc89aa 902 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
1da177e4
LT		 903 if (!cl_s)
904 return -ENOMEM;
905 i = 0; /* the i'th udc */
906 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
177abc34 907 ebt_get_udc_positions, newinfo, &i, cl_s);
1da177e4
LT		 908 /* sanity check */
909 if (i != udc_cnt) {
910 BUGPRINT("i != udc_cnt\n");
911 vfree(cl_s);
912 return -EFAULT;
913 }
914 }
915
916 /* Check for loops */
917 for (i = 0; i < NF_BR_NUMHOOKS; i++)
1f072c96 918 if (newinfo->hook_entry[i])
1da177e4
LT		 919 if (check_chainloops(newinfo->hook_entry[i],
920 cl_s, udc_cnt, i, newinfo->entries)) {
68d31872 921 vfree(cl_s);
1da177e4
LT		 922 return -EINVAL;
923 }
924
96de0e25 925 /* we now know the following (along with E=mc²):
1da177e4
LT		 926 - the nr of entries in each chain is right
927 - the size of the allocated space is right
928 - all valid hooks have a corresponding chain
929 - there are no loops
930 - wrong data can still be on the level of a single entry
931 - could be there are jumps to places that are not the
932 beginning of a chain. This can only occur in chains that
933 are not accessible from any base chains, so we don't care. */
934
935 /* used to know what we need to clean up if something goes wrong */
936 i = 0;
937 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
a83d8e8d 938 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
1da177e4
LT		 939 if (ret != 0) {
940 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
f54e9367 941 ebt_cleanup_entry, net, &i);
1da177e4 942 }
68d31872 943 vfree(cl_s);
1da177e4
LT		 944 return ret;
945}
946
947/* called under write_lock */
d5d1baa1 948static void get_counters(const struct ebt_counter *oldcounters,
1da177e4
LT		 949 struct ebt_counter *counters, unsigned int nentries)
950{
951 int i, cpu;
952 struct ebt_counter *counter_base;
953
954 /* counters of cpu 0 */
955 memcpy(counters, oldcounters,
c8923c6b
DM		 956 sizeof(struct ebt_counter) * nentries);
957
1da177e4 958 /* add other counters to those of cpu 0 */
6f912042 959 for_each_possible_cpu(cpu) {
c8923c6b
DM		 960 if (cpu == 0)
961 continue;
1da177e4
LT		 962 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
963 for (i = 0; i < nentries; i++) {
964 counters[i].pcnt += counter_base[i].pcnt;
965 counters[i].bcnt += counter_base[i].bcnt;
966 }
967 }
968}
969
e788759f
FW		 970static int do_replace_finish(struct net *net, struct ebt_replace *repl,
971 struct ebt_table_info *newinfo)
1da177e4 972{
e788759f 973 int ret, i;
1da177e4
LT		 974 struct ebt_counter *counterstmp = NULL;
975 /* used to be able to unlock earlier */
976 struct ebt_table_info *table;
e788759f 977 struct ebt_table *t;
1da177e4
LT		 978
979 /* the user wants counters back
980 the check on the size is done later, when we have the lock */
e788759f
FW		 981 if (repl->num_counters) {
982 unsigned long size = repl->num_counters * sizeof(*counterstmp);
983 counterstmp = vmalloc(size);
984 if (!counterstmp)
985 return -ENOMEM;
1da177e4 986 }
1da177e4 987
1da177e4 988 newinfo->chainstack = NULL;
e788759f 989 ret = ebt_verify_pointers(repl, newinfo);
1bc2326c
AV		 990 if (ret != 0)
991 goto free_counterstmp;
992
e788759f 993 ret = translate_table(net, repl->name, newinfo);
1da177e4
LT		 994
995 if (ret != 0)
996 goto free_counterstmp;
997
e788759f 998 t = find_table_lock(net, repl->name, &ret, &ebt_mutex);
1da177e4
LT		 999 if (!t) {
1000 ret = -ENOENT;
1001 goto free_iterate;
1002 }
1003
1004 /* the table doesn't like it */
e788759f 1005 if (t->check && (ret = t->check(newinfo, repl->valid_hooks)))
1da177e4
LT		 1006 goto free_unlock;
1007
e788759f 1008 if (repl->num_counters && repl->num_counters != t->private->nentries) {
1da177e4
LT		 1009 BUGPRINT("Wrong nr. of counters requested\n");
1010 ret = -EINVAL;
1011 goto free_unlock;
1012 }
1013
1014 /* we have the mutex lock, so no danger in reading this pointer */
1015 table = t->private;
1016 /* make sure the table can only be rmmod'ed if it contains no rules */
1017 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1018 ret = -ENOENT;
1019 goto free_unlock;
1020 } else if (table->nentries && !newinfo->nentries)
1021 module_put(t->me);
1022 /* we need an atomic snapshot of the counters */
1023 write_lock_bh(&t->lock);
e788759f 1024 if (repl->num_counters)
1da177e4
LT		 1025 get_counters(t->private->counters, counterstmp,
1026 t->private->nentries);
1027
1028 t->private = newinfo;
1029 write_unlock_bh(&t->lock);
57b47a53 1030 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1031 /* so, a user can change the chains while having messed up her counter
1032 allocation. Only reason why this is done is because this way the lock
1033 is held only once, while this doesn't bring the kernel into a
1034 dangerous state. */
e788759f
FW		 1035 if (repl->num_counters &&
1036 copy_to_user(repl->counters, counterstmp,
1037 repl->num_counters * sizeof(struct ebt_counter))) {
1da177e4
LT		 1038 ret = -EFAULT;
1039 }
1040 else
1041 ret = 0;
1042
1043 /* decrease module count and free resources */
1044 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
f54e9367 1045 ebt_cleanup_entry, net, NULL);
1da177e4
LT		 1046
1047 vfree(table->entries);
1048 if (table->chainstack) {
6f912042 1049 for_each_possible_cpu(i)
1da177e4
LT		 1050 vfree(table->chainstack[i]);
1051 vfree(table->chainstack);
1052 }
1053 vfree(table);
1054
68d31872 1055 vfree(counterstmp);
1da177e4
LT		 1056 return ret;
1057
1058free_unlock:
57b47a53 1059 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1060free_iterate:
1061 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
f54e9367 1062 ebt_cleanup_entry, net, NULL);
1da177e4 1063free_counterstmp:
68d31872 1064 vfree(counterstmp);
1da177e4
LT		 1065 /* can be initialized in translate_table() */
1066 if (newinfo->chainstack) {
6f912042 1067 for_each_possible_cpu(i)
1da177e4
LT		 1068 vfree(newinfo->chainstack[i]);
1069 vfree(newinfo->chainstack);
1070 }
e788759f
FW		 1071 return ret;
1072}
1073
1074/* replace the table */
1075static int do_replace(struct net *net, const void __user *user,
1076 unsigned int len)
1077{
1078 int ret, countersize;
1079 struct ebt_table_info *newinfo;
1080 struct ebt_replace tmp;
1081
1082 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1083 return -EFAULT;
1084
1085 if (len != sizeof(tmp) + tmp.entries_size) {
1086 BUGPRINT("Wrong len argument\n");
1087 return -EINVAL;
1088 }
1089
1090 if (tmp.entries_size == 0) {
1091 BUGPRINT("Entries_size never zero\n");
1092 return -EINVAL;
1093 }
1094 /* overflow check */
1095 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
1096 NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
1097 return -ENOMEM;
1098 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
1099 return -ENOMEM;
1100
1101 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
1102 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1103 if (!newinfo)
1104 return -ENOMEM;
1105
1106 if (countersize)
1107 memset(newinfo->counters, 0, countersize);
1108
1109 newinfo->entries = vmalloc(tmp.entries_size);
1110 if (!newinfo->entries) {
1111 ret = -ENOMEM;
1112 goto free_newinfo;
1113 }
1114 if (copy_from_user(
1115 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1116 BUGPRINT("Couldn't copy entries from userspace\n");
1117 ret = -EFAULT;
1118 goto free_entries;
1119 }
1120
1121 ret = do_replace_finish(net, &tmp, newinfo);
1122 if (ret == 0)
1123 return ret;
1da177e4 1124free_entries:
68d31872 1125 vfree(newinfo->entries);
1da177e4 1126free_newinfo:
68d31872 1127 vfree(newinfo);
1da177e4
LT		 1128 return ret;
1129}
1130
35aad0ff
JE		 1131struct ebt_table *
1132ebt_register_table(struct net *net, const struct ebt_table *input_table)
1da177e4
LT		 1133{
1134 struct ebt_table_info *newinfo;
35aad0ff 1135 struct ebt_table *t, *table;
1e419cd9 1136 struct ebt_replace_kernel *repl;
1da177e4 1137 int ret, i, countersize;
df07a81e 1138 void *p;
1da177e4 1139
35aad0ff
JE		 1140 if (input_table == NULL || (repl = input_table->table) == NULL ||
1141 repl->entries == 0 || repl->entries_size == 0 ||
1142 repl->counters != NULL || input_table->private != NULL) {
1da177e4 1143 BUGPRINT("Bad table data for ebt_register_table!!!\n");
6beceee5
AD		 1144 return ERR_PTR(-EINVAL);
1145 }
1146
1147 /* Don't add one table to multiple lists. */
35aad0ff 1148 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
6beceee5
AD		 1149 if (!table) {
1150 ret = -ENOMEM;
1151 goto out;
1da177e4
LT		 1152 }
1153
53b8a315 1154 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
18bc89aa 1155 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1da177e4
LT		 1156 ret = -ENOMEM;
1157 if (!newinfo)
6beceee5 1158 goto free_table;
1da177e4 1159
df07a81e
AV		 1160 p = vmalloc(repl->entries_size);
1161 if (!p)
1da177e4
LT		 1162 goto free_newinfo;
1163
df07a81e
AV		 1164 memcpy(p, repl->entries, repl->entries_size);
1165 newinfo->entries = p;
1166
1167 newinfo->entries_size = repl->entries_size;
1168 newinfo->nentries = repl->nentries;
1da177e4
LT		 1169
1170 if (countersize)
1171 memset(newinfo->counters, 0, countersize);
1172
1173 /* fill in newinfo and parse the entries */
1174 newinfo->chainstack = NULL;
df07a81e
AV		 1175 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1176 if ((repl->valid_hooks & (1 << i)) == 0)
1177 newinfo->hook_entry[i] = NULL;
1178 else
1179 newinfo->hook_entry[i] = p +
1180 ((char *)repl->hook_entry[i] - repl->entries);
1181 }
a83d8e8d 1182 ret = translate_table(net, repl->name, newinfo);
1da177e4
LT		 1183 if (ret != 0) {
1184 BUGPRINT("Translate_table failed\n");
1185 goto free_chainstack;
1186 }
1187
1188 if (table->check && table->check(newinfo, table->valid_hooks)) {
1189 BUGPRINT("The table doesn't like its own initial data, lol\n");
6beceee5 1190 return ERR_PTR(-EINVAL);
1da177e4
LT		 1191 }
1192
1193 table->private = newinfo;
1194 rwlock_init(&table->lock);
57b47a53 1195 ret = mutex_lock_interruptible(&ebt_mutex);
1da177e4
LT		 1196 if (ret != 0)
1197 goto free_chainstack;
1198
511061e2 1199 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
df0933dc
PM		 1200 if (strcmp(t->name, table->name) == 0) {
1201 ret = -EEXIST;
1202 BUGPRINT("Table name already exists\n");
1203 goto free_unlock;
1204 }
1da177e4
LT		 1205 }
1206
1207 /* Hold a reference count if the chains aren't empty */
1208 if (newinfo->nentries && !try_module_get(table->me)) {
1209 ret = -ENOENT;
1210 goto free_unlock;
1211 }
511061e2 1212 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
57b47a53 1213 mutex_unlock(&ebt_mutex);
6beceee5 1214 return table;
1da177e4 1215free_unlock:
57b47a53 1216 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1217free_chainstack:
1218 if (newinfo->chainstack) {
6f912042 1219 for_each_possible_cpu(i)
1da177e4
LT		 1220 vfree(newinfo->chainstack[i]);
1221 vfree(newinfo->chainstack);
1222 }
1223 vfree(newinfo->entries);
1224free_newinfo:
1225 vfree(newinfo);
6beceee5
AD		 1226free_table:
1227 kfree(table);
1228out:
1229 return ERR_PTR(ret);
1da177e4
LT		 1230}
1231
f54e9367 1232void ebt_unregister_table(struct net *net, struct ebt_table *table)
1da177e4
LT		 1233{
1234 int i;
1235
1236 if (!table) {
1237 BUGPRINT("Request to unregister NULL table!!!\n");
1238 return;
1239 }
57b47a53 1240 mutex_lock(&ebt_mutex);
df0933dc 1241 list_del(&table->list);
57b47a53 1242 mutex_unlock(&ebt_mutex);
dbcdf85a 1243 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
f54e9367 1244 ebt_cleanup_entry, net, NULL);
dbcdf85a
AD		 1245 if (table->private->nentries)
1246 module_put(table->me);
68d31872 1247 vfree(table->private->entries);
1da177e4 1248 if (table->private->chainstack) {
6f912042 1249 for_each_possible_cpu(i)
1da177e4
LT		 1250 vfree(table->private->chainstack[i]);
1251 vfree(table->private->chainstack);
1252 }
1253 vfree(table->private);
6beceee5 1254 kfree(table);
1da177e4
LT		 1255}
1256
1257/* userspace just supplied us with counters */
49facff9
FW		 1258static int do_update_counters(struct net *net, const char *name,
1259 struct ebt_counter __user *counters,
1260 unsigned int num_counters,
1261 const void __user *user, unsigned int len)
1da177e4
LT		 1262{
1263 int i, ret;
1264 struct ebt_counter *tmp;
1da177e4
LT		 1265 struct ebt_table *t;
1266
49facff9 1267 if (num_counters == 0)
1da177e4
LT		 1268 return -EINVAL;
1269
49facff9
FW		 1270 tmp = vmalloc(num_counters * sizeof(*tmp));
1271 if (!tmp)
1da177e4 1272 return -ENOMEM;
1da177e4 1273
49facff9 1274 t = find_table_lock(net, name, &ret, &ebt_mutex);
1da177e4
LT		 1275 if (!t)
1276 goto free_tmp;
1277
49facff9 1278 if (num_counters != t->private->nentries) {
1da177e4
LT		 1279 BUGPRINT("Wrong nr of counters\n");
1280 ret = -EINVAL;
1281 goto unlock_mutex;
1282 }
1283
49facff9 1284 if (copy_from_user(tmp, counters, num_counters * sizeof(*counters))) {
1da177e4
LT		 1285 ret = -EFAULT;
1286 goto unlock_mutex;
1287 }
1288
1289 /* we want an atomic add of the counters */
1290 write_lock_bh(&t->lock);
1291
1292 /* we add to the counters of the first cpu */
49facff9 1293 for (i = 0; i < num_counters; i++) {
1da177e4
LT		 1294 t->private->counters[i].pcnt += tmp[i].pcnt;
1295 t->private->counters[i].bcnt += tmp[i].bcnt;
1296 }
1297
1298 write_unlock_bh(&t->lock);
1299 ret = 0;
1300unlock_mutex:
57b47a53 1301 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1302free_tmp:
1303 vfree(tmp);
1304 return ret;
1305}
1306
49facff9
FW		 1307static int update_counters(struct net *net, const void __user *user,
1308 unsigned int len)
1309{
1310 struct ebt_replace hlp;
1311
1312 if (copy_from_user(&hlp, user, sizeof(hlp)))
1313 return -EFAULT;
1314
1315 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1316 return -EINVAL;
1317
1318 return do_update_counters(net, hlp.name, hlp.counters,
1319 hlp.num_counters, user, len);
1320}
1321
d5d1baa1
JE		 1322static inline int ebt_make_matchname(const struct ebt_entry_match *m,
1323 const char *base, char __user *ubase)
1da177e4 1324{
1e419cd9 1325 char __user *hlp = ubase + ((char *)m - base);
1da177e4
LT		 1326 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1327 return -EFAULT;
1328 return 0;
1329}
1330
d5d1baa1
JE		 1331static inline int ebt_make_watchername(const struct ebt_entry_watcher *w,
1332 const char *base, char __user *ubase)
1da177e4 1333{
1e419cd9 1334 char __user *hlp = ubase + ((char *)w - base);
1da177e4
LT		 1335 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1336 return -EFAULT;
1337 return 0;
1338}
1339
d5d1baa1
JE		 1340static inline int
1341ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
1da177e4
LT		 1342{
1343 int ret;
1e419cd9 1344 char __user *hlp;
d5d1baa1 1345 const struct ebt_entry_target *t;
1da177e4 1346
40642f95 1347 if (e->bitmask == 0)
1da177e4
LT		 1348 return 0;
1349
1e419cd9 1350 hlp = ubase + (((char *)e + e->target_offset) - base);
1da177e4 1351 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
9d6f229f 1352
1da177e4
LT		 1353 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1354 if (ret != 0)
1355 return ret;
1356 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1357 if (ret != 0)
1358 return ret;
1359 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1360 return -EFAULT;
1361 return 0;
1362}
1363
837395aa
FW		 1364static int copy_counters_to_user(struct ebt_table *t,
1365 const struct ebt_counter *oldcounters,
1366 void __user *user, unsigned int num_counters,
1367 unsigned int nentries)
1368{
1369 struct ebt_counter *counterstmp;
1370 int ret = 0;
1371
1372 /* userspace might not need the counters */
1373 if (num_counters == 0)
1374 return 0;
1375
1376 if (num_counters != nentries) {
1377 BUGPRINT("Num_counters wrong\n");
1378 return -EINVAL;
1379 }
1380
1381 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1382 if (!counterstmp)
1383 return -ENOMEM;
1384
1385 write_lock_bh(&t->lock);
1386 get_counters(oldcounters, counterstmp, nentries);
1387 write_unlock_bh(&t->lock);
1388
1389 if (copy_to_user(user, counterstmp,
1390 nentries * sizeof(struct ebt_counter)))
1391 ret = -EFAULT;
1392 vfree(counterstmp);
1393 return ret;
1394}
1395
57b47a53 1396/* called with ebt_mutex locked */
1da177e4 1397static int copy_everything_to_user(struct ebt_table *t, void __user *user,
d5d1baa1 1398 const int *len, int cmd)
1da177e4
LT		 1399{
1400 struct ebt_replace tmp;
d5d1baa1 1401 const struct ebt_counter *oldcounters;
1da177e4 1402 unsigned int entries_size, nentries;
837395aa 1403 int ret;
1da177e4
LT		 1404 char *entries;
1405
1406 if (cmd == EBT_SO_GET_ENTRIES) {
1407 entries_size = t->private->entries_size;
1408 nentries = t->private->nentries;
1409 entries = t->private->entries;
1410 oldcounters = t->private->counters;
1411 } else {
1412 entries_size = t->table->entries_size;
1413 nentries = t->table->nentries;
1414 entries = t->table->entries;
1415 oldcounters = t->table->counters;
1416 }
1417
90b89af7 1418 if (copy_from_user(&tmp, user, sizeof(tmp)))
1da177e4 1419 return -EFAULT;
1da177e4
LT		 1420
1421 if (*len != sizeof(struct ebt_replace) + entries_size +
90b89af7 1422 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0))
1da177e4 1423 return -EINVAL;
1da177e4
LT		 1424
1425 if (tmp.nentries != nentries) {
1426 BUGPRINT("Nentries wrong\n");
1427 return -EINVAL;
1428 }
1429
1430 if (tmp.entries_size != entries_size) {
1431 BUGPRINT("Wrong size\n");
1432 return -EINVAL;
1433 }
1434
837395aa
FW		 1435 ret = copy_counters_to_user(t, oldcounters, tmp.counters,
1436 tmp.num_counters, nentries);
1437 if (ret)
1438 return ret;
1da177e4
LT		 1439
1440 if (copy_to_user(tmp.entries, entries, entries_size)) {
1441 BUGPRINT("Couldn't copy entries to userspace\n");
1442 return -EFAULT;
1443 }
1444 /* set the match/watcher/target names right */
1445 return EBT_ENTRY_ITERATE(entries, entries_size,
1446 ebt_make_names, entries, tmp.entries);
1447}
1448
1449static int do_ebt_set_ctl(struct sock *sk,
1450 int cmd, void __user *user, unsigned int len)
1451{
1452 int ret;
1453
dce766af
FW		 1454 if (!capable(CAP_NET_ADMIN))
1455 return -EPERM;
1456
1da177e4
LT		 1457 switch(cmd) {
1458 case EBT_SO_SET_ENTRIES:
511061e2 1459 ret = do_replace(sock_net(sk), user, len);
1da177e4
LT		 1460 break;
1461 case EBT_SO_SET_COUNTERS:
511061e2 1462 ret = update_counters(sock_net(sk), user, len);
1da177e4
LT		 1463 break;
1464 default:
1465 ret = -EINVAL;
81e675c2 1466 }
1da177e4
LT		 1467 return ret;
1468}
1469
1470static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1471{
1472 int ret;
1473 struct ebt_replace tmp;
1474 struct ebt_table *t;
1475
dce766af
FW		 1476 if (!capable(CAP_NET_ADMIN))
1477 return -EPERM;
1478
1da177e4
LT		 1479 if (copy_from_user(&tmp, user, sizeof(tmp)))
1480 return -EFAULT;
1481
511061e2 1482 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1da177e4
LT		 1483 if (!t)
1484 return ret;
1485
1486 switch(cmd) {
1487 case EBT_SO_GET_INFO:
1488 case EBT_SO_GET_INIT_INFO:
1489 if (*len != sizeof(struct ebt_replace)){
1490 ret = -EINVAL;
57b47a53 1491 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1492 break;
1493 }
1494 if (cmd == EBT_SO_GET_INFO) {
1495 tmp.nentries = t->private->nentries;
1496 tmp.entries_size = t->private->entries_size;
1497 tmp.valid_hooks = t->valid_hooks;
1498 } else {
1499 tmp.nentries = t->table->nentries;
1500 tmp.entries_size = t->table->entries_size;
1501 tmp.valid_hooks = t->table->valid_hooks;
1502 }
57b47a53 1503 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1504 if (copy_to_user(user, &tmp, *len) != 0){
1505 BUGPRINT("c2u Didn't work\n");
1506 ret = -EFAULT;
1507 break;
1508 }
1509 ret = 0;
1510 break;
1511
1512 case EBT_SO_GET_ENTRIES:
1513 case EBT_SO_GET_INIT_ENTRIES:
1514 ret = copy_everything_to_user(t, user, len, cmd);
57b47a53 1515 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1516 break;
1517
1518 default:
57b47a53 1519 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1520 ret = -EINVAL;
1521 }
1522
1523 return ret;
1524}
1525
81e675c2
FW		 1526#ifdef CONFIG_COMPAT
1527/* 32 bit-userspace compatibility definitions. */
1528struct compat_ebt_replace {
1529 char name[EBT_TABLE_MAXNAMELEN];
1530 compat_uint_t valid_hooks;
1531 compat_uint_t nentries;
1532 compat_uint_t entries_size;
1533 /* start of the chains */
1534 compat_uptr_t hook_entry[NF_BR_NUMHOOKS];
1535 /* nr of counters userspace expects back */
1536 compat_uint_t num_counters;
1537 /* where the kernel will put the old counters. */
1538 compat_uptr_t counters;
1539 compat_uptr_t entries;
1540};
1541
1542/* struct ebt_entry_match, _target and _watcher have same layout */
1543struct compat_ebt_entry_mwt {
1544 union {
1545 char name[EBT_FUNCTION_MAXNAMELEN];
1546 compat_uptr_t ptr;
1547 } u;
1548 compat_uint_t match_size;
1549 compat_uint_t data[0];
1550};
1551
1552/* account for possible padding between match_size and ->data */
1553static int ebt_compat_entry_padsize(void)
1554{
1555 BUILD_BUG_ON(XT_ALIGN(sizeof(struct ebt_entry_match)) <
1556 COMPAT_XT_ALIGN(sizeof(struct compat_ebt_entry_mwt)));
1557 return (int) XT_ALIGN(sizeof(struct ebt_entry_match)) -
1558 COMPAT_XT_ALIGN(sizeof(struct compat_ebt_entry_mwt));
1559}
1560
1561static int ebt_compat_match_offset(const struct xt_match *match,
1562 unsigned int userlen)
1563{
1564 /*
1565 * ebt_among needs special handling. The kernel .matchsize is
1566 * set to -1 at registration time; at runtime an EBT_ALIGN()ed
1567 * value is expected.
1568 * Example: userspace sends 4500, ebt_among.c wants 4504.
1569 */
1570 if (unlikely(match->matchsize == -1))
1571 return XT_ALIGN(userlen) - COMPAT_XT_ALIGN(userlen);
1572 return xt_compat_match_offset(match);
1573}
1574
1575static int compat_match_to_user(struct ebt_entry_match *m, void __user **dstptr,
1576 unsigned int *size)
1577{
1578 const struct xt_match *match = m->u.match;
1579 struct compat_ebt_entry_mwt __user *cm = *dstptr;
1580 int off = ebt_compat_match_offset(match, m->match_size);
1581 compat_uint_t msize = m->match_size - off;
1582
1583 BUG_ON(off >= m->match_size);
1584
1585 if (copy_to_user(cm->u.name, match->name,
1586 strlen(match->name) + 1) || put_user(msize, &cm->match_size))
1587 return -EFAULT;
1588
1589 if (match->compat_to_user) {
1590 if (match->compat_to_user(cm->data, m->data))
1591 return -EFAULT;
1592 } else if (copy_to_user(cm->data, m->data, msize))
1593 return -EFAULT;
1594
1595 *size -= ebt_compat_entry_padsize() + off;
1596 *dstptr = cm->data;
1597 *dstptr += msize;
1598 return 0;
1599}
1600
1601static int compat_target_to_user(struct ebt_entry_target *t,
1602 void __user **dstptr,
1603 unsigned int *size)
1604{
1605 const struct xt_target *target = t->u.target;
1606 struct compat_ebt_entry_mwt __user *cm = *dstptr;
1607 int off = xt_compat_target_offset(target);
1608 compat_uint_t tsize = t->target_size - off;
1609
1610 BUG_ON(off >= t->target_size);
1611
1612 if (copy_to_user(cm->u.name, target->name,
1613 strlen(target->name) + 1) || put_user(tsize, &cm->match_size))
1614 return -EFAULT;
1615
1616 if (target->compat_to_user) {
1617 if (target->compat_to_user(cm->data, t->data))
1618 return -EFAULT;
1619 } else if (copy_to_user(cm->data, t->data, tsize))
1620 return -EFAULT;
1621
1622 *size -= ebt_compat_entry_padsize() + off;
1623 *dstptr = cm->data;
1624 *dstptr += tsize;
1625 return 0;
1626}
1627
1628static int compat_watcher_to_user(struct ebt_entry_watcher *w,
1629 void __user **dstptr,
1630 unsigned int *size)
1631{
1632 return compat_target_to_user((struct ebt_entry_target *)w,
1633 dstptr, size);
1634}
1635
1636static int compat_copy_entry_to_user(struct ebt_entry *e, void __user **dstptr,
1637 unsigned int *size)
1638{
1639 struct ebt_entry_target *t;
1640 struct ebt_entry __user *ce;
1641 u32 watchers_offset, target_offset, next_offset;
1642 compat_uint_t origsize;
1643 int ret;
1644
1645 if (e->bitmask == 0) {
1646 if (*size < sizeof(struct ebt_entries))
1647 return -EINVAL;
1648 if (copy_to_user(*dstptr, e, sizeof(struct ebt_entries)))
1649 return -EFAULT;
1650
1651 *dstptr += sizeof(struct ebt_entries);
1652 *size -= sizeof(struct ebt_entries);
1653 return 0;
1654 }
1655
1656 if (*size < sizeof(*ce))
1657 return -EINVAL;
1658
1659 ce = (struct ebt_entry __user *)*dstptr;
1660 if (copy_to_user(ce, e, sizeof(*ce)))
1661 return -EFAULT;
1662
1663 origsize = *size;
1664 *dstptr += sizeof(*ce);
1665
1666 ret = EBT_MATCH_ITERATE(e, compat_match_to_user, dstptr, size);
1667 if (ret)
1668 return ret;
1669 watchers_offset = e->watchers_offset - (origsize - *size);
1670
1671 ret = EBT_WATCHER_ITERATE(e, compat_watcher_to_user, dstptr, size);
1672 if (ret)
1673 return ret;
1674 target_offset = e->target_offset - (origsize - *size);
1675
1676 t = (struct ebt_entry_target *) ((char *) e + e->target_offset);
1677
1678 ret = compat_target_to_user(t, dstptr, size);
1679 if (ret)
1680 return ret;
1681 next_offset = e->next_offset - (origsize - *size);
1682
1683 if (put_user(watchers_offset, &ce->watchers_offset) ||
1684 put_user(target_offset, &ce->target_offset) ||
1685 put_user(next_offset, &ce->next_offset))
1686 return -EFAULT;
1687
1688 *size -= sizeof(*ce);
1689 return 0;
1690}
1691
1692static int compat_calc_match(struct ebt_entry_match *m, int *off)
1693{
1694 *off += ebt_compat_match_offset(m->u.match, m->match_size);
1695 *off += ebt_compat_entry_padsize();
1696 return 0;
1697}
1698
1699static int compat_calc_watcher(struct ebt_entry_watcher *w, int *off)
1700{
1701 *off += xt_compat_target_offset(w->u.watcher);
1702 *off += ebt_compat_entry_padsize();
1703 return 0;
1704}
1705
1706static int compat_calc_entry(const struct ebt_entry *e,
1707 const struct ebt_table_info *info,
1708 const void *base,
1709 struct compat_ebt_replace *newinfo)
1710{
1711 const struct ebt_entry_target *t;
1712 unsigned int entry_offset;
1713 int off, ret, i;
1714
1715 if (e->bitmask == 0)
1716 return 0;
1717
1718 off = 0;
1719 entry_offset = (void *)e - base;
1720
1721 EBT_MATCH_ITERATE(e, compat_calc_match, &off);
1722 EBT_WATCHER_ITERATE(e, compat_calc_watcher, &off);
1723
1724 t = (const struct ebt_entry_target *) ((char *) e + e->target_offset);
1725
1726 off += xt_compat_target_offset(t->u.target);
1727 off += ebt_compat_entry_padsize();
1728
1729 newinfo->entries_size -= off;
1730
1731 ret = xt_compat_add_offset(NFPROTO_BRIDGE, entry_offset, off);
1732 if (ret)
1733 return ret;
1734
1735 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1736 const void *hookptr = info->hook_entry[i];
1737 if (info->hook_entry[i] &&
1738 (e < (struct ebt_entry *)(base - hookptr))) {
1739 newinfo->hook_entry[i] -= off;
1740 pr_debug("0x%08X -> 0x%08X\n",
1741 newinfo->hook_entry[i] + off,
1742 newinfo->hook_entry[i]);
1743 }
1744 }
1745
1746 return 0;
1747}
1748
1749
1750static int compat_table_info(const struct ebt_table_info *info,
1751 struct compat_ebt_replace *newinfo)
1752{
1753 unsigned int size = info->entries_size;
1754 const void *entries = info->entries;
1755
1756 newinfo->entries_size = size;
1757
1758 return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info,
1759 entries, newinfo);
1760}
1761
1762static int compat_copy_everything_to_user(struct ebt_table *t,
1763 void __user *user, int *len, int cmd)
1764{
1765 struct compat_ebt_replace repl, tmp;
1766 struct ebt_counter *oldcounters;
1767 struct ebt_table_info tinfo;
1768 int ret;
1769 void __user *pos;
1770
1771 memset(&tinfo, 0, sizeof(tinfo));
1772
1773 if (cmd == EBT_SO_GET_ENTRIES) {
1774 tinfo.entries_size = t->private->entries_size;
1775 tinfo.nentries = t->private->nentries;
1776 tinfo.entries = t->private->entries;
1777 oldcounters = t->private->counters;
1778 } else {
1779 tinfo.entries_size = t->table->entries_size;
1780 tinfo.nentries = t->table->nentries;
1781 tinfo.entries = t->table->entries;
1782 oldcounters = t->table->counters;
1783 }
1784
1785 if (copy_from_user(&tmp, user, sizeof(tmp)))
1786 return -EFAULT;
1787
1788 if (tmp.nentries != tinfo.nentries ||
1789 (tmp.num_counters && tmp.num_counters != tinfo.nentries))
1790 return -EINVAL;
1791
1792 memcpy(&repl, &tmp, sizeof(repl));
1793 if (cmd == EBT_SO_GET_ENTRIES)
1794 ret = compat_table_info(t->private, &repl);
1795 else
1796 ret = compat_table_info(&tinfo, &repl);
1797 if (ret)
1798 return ret;
1799
1800 if (*len != sizeof(tmp) + repl.entries_size +
1801 (tmp.num_counters? tinfo.nentries * sizeof(struct ebt_counter): 0)) {
1802 pr_err("wrong size: *len %d, entries_size %u, replsz %d\n",
1803 *len, tinfo.entries_size, repl.entries_size);
1804 return -EINVAL;
1805 }
1806
1807 /* userspace might not need the counters */
1808 ret = copy_counters_to_user(t, oldcounters, compat_ptr(tmp.counters),
1809 tmp.num_counters, tinfo.nentries);
1810 if (ret)
1811 return ret;
1812
1813 pos = compat_ptr(tmp.entries);
1814 return EBT_ENTRY_ITERATE(tinfo.entries, tinfo.entries_size,
1815 compat_copy_entry_to_user, &pos, &tmp.entries_size);
1816}
1817
1818struct ebt_entries_buf_state {
1819 char *buf_kern_start; /* kernel buffer to copy (translated) data to */
1820 u32 buf_kern_len; /* total size of kernel buffer */
1821 u32 buf_kern_offset; /* amount of data copied so far */
1822 u32 buf_user_offset; /* read position in userspace buffer */
1823};
1824
1825static int ebt_buf_count(struct ebt_entries_buf_state *state, unsigned int sz)
1826{
1827 state->buf_kern_offset += sz;
1828 return state->buf_kern_offset >= sz ? 0 : -EINVAL;
1829}
1830
1831static int ebt_buf_add(struct ebt_entries_buf_state *state,
1832 void *data, unsigned int sz)
1833{
1834 if (state->buf_kern_start == NULL)
1835 goto count_only;
1836
1837 BUG_ON(state->buf_kern_offset + sz > state->buf_kern_len);
1838
1839 memcpy(state->buf_kern_start + state->buf_kern_offset, data, sz);
1840
1841 count_only:
1842 state->buf_user_offset += sz;
1843 return ebt_buf_count(state, sz);
1844}
1845
1846static int ebt_buf_add_pad(struct ebt_entries_buf_state *state, unsigned int sz)
1847{
1848 char *b = state->buf_kern_start;
1849
1850 BUG_ON(b && state->buf_kern_offset > state->buf_kern_len);
1851
1852 if (b != NULL && sz > 0)
1853 memset(b + state->buf_kern_offset, 0, sz);
1854 /* do not adjust ->buf_user_offset here, we added kernel-side padding */
1855 return ebt_buf_count(state, sz);
1856}
1857
1858enum compat_mwt {
1859 EBT_COMPAT_MATCH,
1860 EBT_COMPAT_WATCHER,
1861 EBT_COMPAT_TARGET,
1862};
1863
1864static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
1865 enum compat_mwt compat_mwt,
1866 struct ebt_entries_buf_state *state,
1867 const unsigned char *base)
1868{
1869 char name[EBT_FUNCTION_MAXNAMELEN];
1870 struct xt_match *match;
1871 struct xt_target *wt;
1872 void *dst = NULL;
1873 int off, pad = 0, ret = 0;
1874 unsigned int size_kern, entry_offset, match_size = mwt->match_size;
1875
1876 strlcpy(name, mwt->u.name, sizeof(name));
1877
1878 if (state->buf_kern_start)
1879 dst = state->buf_kern_start + state->buf_kern_offset;
1880
1881 entry_offset = (unsigned char *) mwt - base;
1882 switch (compat_mwt) {
1883 case EBT_COMPAT_MATCH:
1884 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
1885 name, 0), "ebt_%s", name);
1886 if (match == NULL)
1887 return -ENOENT;
1888 if (IS_ERR(match))
1889 return PTR_ERR(match);
1890
1891 off = ebt_compat_match_offset(match, match_size);
1892 if (dst) {
1893 if (match->compat_from_user)
1894 match->compat_from_user(dst, mwt->data);
1895 else
1896 memcpy(dst, mwt->data, match_size);
1897 }
1898
1899 size_kern = match->matchsize;
1900 if (unlikely(size_kern == -1))
1901 size_kern = match_size;
1902 module_put(match->me);
1903 break;
1904 case EBT_COMPAT_WATCHER: /* fallthrough */
1905 case EBT_COMPAT_TARGET:
1906 wt = try_then_request_module(xt_find_target(NFPROTO_BRIDGE,
1907 name, 0), "ebt_%s", name);
1908 if (wt == NULL)
1909 return -ENOENT;
1910 if (IS_ERR(wt))
1911 return PTR_ERR(wt);
1912 off = xt_compat_target_offset(wt);
1913
1914 if (dst) {
1915 if (wt->compat_from_user)
1916 wt->compat_from_user(dst, mwt->data);
1917 else
1918 memcpy(dst, mwt->data, match_size);
1919 }
1920
1921 size_kern = wt->targetsize;
1922 module_put(wt->me);
1923 break;
1924 }
1925
1926 if (!dst) {
1927 ret = xt_compat_add_offset(NFPROTO_BRIDGE, entry_offset,
1928 off + ebt_compat_entry_padsize());
1929 if (ret < 0)
1930 return ret;
1931 }
1932
1933 state->buf_kern_offset += match_size + off;
1934 state->buf_user_offset += match_size;
1935 pad = XT_ALIGN(size_kern) - size_kern;
1936
1937 if (pad > 0 && dst) {
1938 BUG_ON(state->buf_kern_len <= pad);
1939 BUG_ON(state->buf_kern_offset - (match_size + off) + size_kern > state->buf_kern_len - pad);
1940 memset(dst + size_kern, 0, pad);
1941 }
1942 return off + match_size;
1943}
1944
1945/*
1946 * return size of all matches, watchers or target, including necessary
1947 * alignment and padding.
1948 */
1949static int ebt_size_mwt(struct compat_ebt_entry_mwt *match32,
1950 unsigned int size_left, enum compat_mwt type,
1951 struct ebt_entries_buf_state *state, const void *base)
1952{
1953 int growth = 0;
1954 char *buf;
1955
1956 if (size_left == 0)
1957 return 0;
1958
1959 buf = (char *) match32;
1960
1961 while (size_left >= sizeof(*match32)) {
1962 struct ebt_entry_match *match_kern;
1963 int ret;
1964
1965 match_kern = (struct ebt_entry_match *) state->buf_kern_start;
1966 if (match_kern) {
1967 char *tmp;
1968 tmp = state->buf_kern_start + state->buf_kern_offset;
1969 match_kern = (struct ebt_entry_match *) tmp;
1970 }
1971 ret = ebt_buf_add(state, buf, sizeof(*match32));
1972 if (ret < 0)
1973 return ret;
1974 size_left -= sizeof(*match32);
1975
1976 /* add padding before match->data (if any) */
1977 ret = ebt_buf_add_pad(state, ebt_compat_entry_padsize());
1978 if (ret < 0)
1979 return ret;
1980
1981 if (match32->match_size > size_left)
1982 return -EINVAL;
1983
1984 size_left -= match32->match_size;
1985
1986 ret = compat_mtw_from_user(match32, type, state, base);
1987 if (ret < 0)
1988 return ret;
1989
1990 BUG_ON(ret < match32->match_size);
1991 growth += ret - match32->match_size;
1992 growth += ebt_compat_entry_padsize();
1993
1994 buf += sizeof(*match32);
1995 buf += match32->match_size;
1996
1997 if (match_kern)
1998 match_kern->match_size = ret;
1999
2000 WARN_ON(type == EBT_COMPAT_TARGET && size_left);
2001 match32 = (struct compat_ebt_entry_mwt *) buf;
2002 }
2003
2004 return growth;
2005}
2006
2007#define EBT_COMPAT_WATCHER_ITERATE(e, fn, args...) \
2008({ \
2009 unsigned int __i; \
2010 int __ret = 0; \
2011 struct compat_ebt_entry_mwt *__watcher; \
2012 \
2013 for (__i = e->watchers_offset; \
2014 __i < (e)->target_offset; \
2015 __i += __watcher->watcher_size + \
2016 sizeof(struct compat_ebt_entry_mwt)) { \
2017 __watcher = (void *)(e) + __i; \
2018 __ret = fn(__watcher , ## args); \
2019 if (__ret != 0) \
2020 break; \
2021 } \
2022 if (__ret == 0) { \
2023 if (__i != (e)->target_offset) \
2024 __ret = -EINVAL; \
2025 } \
2026 __ret; \
2027})
2028
2029#define EBT_COMPAT_MATCH_ITERATE(e, fn, args...) \
2030({ \
2031 unsigned int __i; \
2032 int __ret = 0; \
2033 struct compat_ebt_entry_mwt *__match; \
2034 \
2035 for (__i = sizeof(struct ebt_entry); \
2036 __i < (e)->watchers_offset; \
2037 __i += __match->match_size + \
2038 sizeof(struct compat_ebt_entry_mwt)) { \
2039 __match = (void *)(e) + __i; \
2040 __ret = fn(__match , ## args); \
2041 if (__ret != 0) \
2042 break; \
2043 } \
2044 if (__ret == 0) { \
2045 if (__i != (e)->watchers_offset) \
2046 __ret = -EINVAL; \
2047 } \
2048 __ret; \
2049})
2050
2051/* called for all ebt_entry structures. */
2052static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base,
2053 unsigned int *total,
2054 struct ebt_entries_buf_state *state)
2055{
2056 unsigned int i, j, startoff, new_offset = 0;
2057 /* stores match/watchers/targets & offset of next struct ebt_entry: */
2058 unsigned int offsets[4];
2059 unsigned int *offsets_update = NULL;
2060 int ret;
2061 char *buf_start;
2062
2063 if (*total < sizeof(struct ebt_entries))
2064 return -EINVAL;
2065
2066 if (!entry->bitmask) {
2067 *total -= sizeof(struct ebt_entries);
2068 return ebt_buf_add(state, entry, sizeof(struct ebt_entries));
2069 }
2070 if (*total < sizeof(*entry) || entry->next_offset < sizeof(*entry))
2071 return -EINVAL;
2072
2073 startoff = state->buf_user_offset;
2074 /* pull in most part of ebt_entry, it does not need to be changed. */
2075 ret = ebt_buf_add(state, entry,
2076 offsetof(struct ebt_entry, watchers_offset));
2077 if (ret < 0)
2078 return ret;
2079
2080 offsets[0] = sizeof(struct ebt_entry); /* matches come first */
2081 memcpy(&offsets[1], &entry->watchers_offset,
2082 sizeof(offsets) - sizeof(offsets[0]));
2083
2084 if (state->buf_kern_start) {
2085 buf_start = state->buf_kern_start + state->buf_kern_offset;
2086 offsets_update = (unsigned int *) buf_start;
2087 }
2088 ret = ebt_buf_add(state, &offsets[1],
2089 sizeof(offsets) - sizeof(offsets[0]));
2090 if (ret < 0)
2091 return ret;
2092 buf_start = (char *) entry;
2093 /*
2094 * 0: matches offset, always follows ebt_entry.
2095 * 1: watchers offset, from ebt_entry structure
2096 * 2: target offset, from ebt_entry structure
2097 * 3: next ebt_entry offset, from ebt_entry structure
2098 *
2099 * offsets are relative to beginning of struct ebt_entry (i.e., 0).
2100 */
2101 for (i = 0, j = 1 ; j < 4 ; j++, i++) {
2102 struct compat_ebt_entry_mwt *match32;
2103 unsigned int size;
2104 char *buf = buf_start;
2105
2106 buf = buf_start + offsets[i];
2107 if (offsets[i] > offsets[j])
2108 return -EINVAL;
2109
2110 match32 = (struct compat_ebt_entry_mwt *) buf;
2111 size = offsets[j] - offsets[i];
2112 ret = ebt_size_mwt(match32, size, i, state, base);
2113 if (ret < 0)
2114 return ret;
2115 new_offset += ret;
2116 if (offsets_update && new_offset) {
ff67e4e4 2117 pr_debug("change offset %d to %d\n",
81e675c2
FW		 2118 offsets_update[i], offsets[j] + new_offset);
2119 offsets_update[i] = offsets[j] + new_offset;
2120 }
2121 }
2122
2123 startoff = state->buf_user_offset - startoff;
2124
2125 BUG_ON(*total < startoff);
2126 *total -= startoff;
2127 return 0;
2128}
2129
2130/*
2131 * repl->entries_size is the size of the ebt_entry blob in userspace.
2132 * It might need more memory when copied to a 64 bit kernel in case
2133 * userspace is 32-bit. So, first task: find out how much memory is needed.
2134 *
2135 * Called before validation is performed.
2136 */
2137static int compat_copy_entries(unsigned char *data, unsigned int size_user,
2138 struct ebt_entries_buf_state *state)
2139{
2140 unsigned int size_remaining = size_user;
2141 int ret;
2142
2143 ret = EBT_ENTRY_ITERATE(data, size_user, size_entry_mwt, data,
2144 &size_remaining, state);
2145 if (ret < 0)
2146 return ret;
2147
2148 WARN_ON(size_remaining);
2149 return state->buf_kern_offset;
2150}
2151
2152
2153static int compat_copy_ebt_replace_from_user(struct ebt_replace *repl,
2154 void __user *user, unsigned int len)
2155{
2156 struct compat_ebt_replace tmp;
2157 int i;
2158
2159 if (len < sizeof(tmp))
2160 return -EINVAL;
2161
2162 if (copy_from_user(&tmp, user, sizeof(tmp)))
2163 return -EFAULT;
2164
2165 if (len != sizeof(tmp) + tmp.entries_size)
2166 return -EINVAL;
2167
2168 if (tmp.entries_size == 0)
2169 return -EINVAL;
2170
2171 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
2172 NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
2173 return -ENOMEM;
2174 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
2175 return -ENOMEM;
2176
2177 memcpy(repl, &tmp, offsetof(struct ebt_replace, hook_entry));
2178
2179 /* starting with hook_entry, 32 vs. 64 bit structures are different */
2180 for (i = 0; i < NF_BR_NUMHOOKS; i++)
2181 repl->hook_entry[i] = compat_ptr(tmp.hook_entry[i]);
2182
2183 repl->num_counters = tmp.num_counters;
2184 repl->counters = compat_ptr(tmp.counters);
2185 repl->entries = compat_ptr(tmp.entries);
2186 return 0;
2187}
2188
2189static int compat_do_replace(struct net *net, void __user *user,
2190 unsigned int len)
2191{
2192 int ret, i, countersize, size64;
2193 struct ebt_table_info *newinfo;
2194 struct ebt_replace tmp;
2195 struct ebt_entries_buf_state state;
2196 void *entries_tmp;
2197
2198 ret = compat_copy_ebt_replace_from_user(&tmp, user, len);
90b89af7
FW		 2199 if (ret) {
2200 /* try real handler in case userland supplied needed padding */
2201 if (ret == -EINVAL && do_replace(net, user, len) == 0)
2202 ret = 0;
81e675c2 2203 return ret;
90b89af7 2204 }
81e675c2
FW		 2205
2206 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
2207 newinfo = vmalloc(sizeof(*newinfo) + countersize);
2208 if (!newinfo)
2209 return -ENOMEM;
2210
2211 if (countersize)
2212 memset(newinfo->counters, 0, countersize);
2213
2214 memset(&state, 0, sizeof(state));
2215
2216 newinfo->entries = vmalloc(tmp.entries_size);
2217 if (!newinfo->entries) {
2218 ret = -ENOMEM;
2219 goto free_newinfo;
2220 }
2221 if (copy_from_user(
2222 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
2223 ret = -EFAULT;
2224 goto free_entries;
2225 }
2226
2227 entries_tmp = newinfo->entries;
2228
2229 xt_compat_lock(NFPROTO_BRIDGE);
2230
2231 ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state);
2232 if (ret < 0)
2233 goto out_unlock;
2234
2235 pr_debug("tmp.entries_size %d, kern off %d, user off %d delta %d\n",
2236 tmp.entries_size, state.buf_kern_offset, state.buf_user_offset,
2237 xt_compat_calc_jump(NFPROTO_BRIDGE, tmp.entries_size));
2238
2239 size64 = ret;
2240 newinfo->entries = vmalloc(size64);
2241 if (!newinfo->entries) {
2242 vfree(entries_tmp);
2243 ret = -ENOMEM;
2244 goto out_unlock;
2245 }
2246
2247 memset(&state, 0, sizeof(state));
2248 state.buf_kern_start = newinfo->entries;
2249 state.buf_kern_len = size64;
2250
2251 ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state);
2252 BUG_ON(ret < 0); /* parses same data again */
2253
2254 vfree(entries_tmp);
2255 tmp.entries_size = size64;
2256
2257 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
2258 char __user *usrptr;
2259 if (tmp.hook_entry[i]) {
2260 unsigned int delta;
2261 usrptr = (char __user *) tmp.hook_entry[i];
2262 delta = usrptr - tmp.entries;
2263 usrptr += xt_compat_calc_jump(NFPROTO_BRIDGE, delta);
2264 tmp.hook_entry[i] = (struct ebt_entries __user *)usrptr;
2265 }
2266 }
2267
2268 xt_compat_flush_offsets(NFPROTO_BRIDGE);
2269 xt_compat_unlock(NFPROTO_BRIDGE);
2270
2271 ret = do_replace_finish(net, &tmp, newinfo);
2272 if (ret == 0)
2273 return ret;
2274free_entries:
2275 vfree(newinfo->entries);
2276free_newinfo:
2277 vfree(newinfo);
2278 return ret;
2279out_unlock:
2280 xt_compat_flush_offsets(NFPROTO_BRIDGE);
2281 xt_compat_unlock(NFPROTO_BRIDGE);
2282 goto free_entries;
2283}
2284
2285static int compat_update_counters(struct net *net, void __user *user,
2286 unsigned int len)
2287{
2288 struct compat_ebt_replace hlp;
2289
2290 if (copy_from_user(&hlp, user, sizeof(hlp)))
2291 return -EFAULT;
2292
90b89af7 2293 /* try real handler in case userland supplied needed padding */
81e675c2 2294 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
90b89af7 2295 return update_counters(net, user, len);
81e675c2
FW		 2296
2297 return do_update_counters(net, hlp.name, compat_ptr(hlp.counters),
2298 hlp.num_counters, user, len);
2299}
2300
2301static int compat_do_ebt_set_ctl(struct sock *sk,
2302 int cmd, void __user *user, unsigned int len)
2303{
2304 int ret;
2305
2306 if (!capable(CAP_NET_ADMIN))
2307 return -EPERM;
2308
2309 switch (cmd) {
2310 case EBT_SO_SET_ENTRIES:
2311 ret = compat_do_replace(sock_net(sk), user, len);
2312 break;
2313 case EBT_SO_SET_COUNTERS:
2314 ret = compat_update_counters(sock_net(sk), user, len);
2315 break;
2316 default:
2317 ret = -EINVAL;
2318 }
2319 return ret;
2320}
2321
2322static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
2323 void __user *user, int *len)
2324{
2325 int ret;
2326 struct compat_ebt_replace tmp;
2327 struct ebt_table *t;
2328
2329 if (!capable(CAP_NET_ADMIN))
2330 return -EPERM;
2331
90b89af7 2332 /* try real handler in case userland supplied needed padding */
81e675c2
FW		 2333 if ((cmd == EBT_SO_GET_INFO ||
2334 cmd == EBT_SO_GET_INIT_INFO) && *len != sizeof(tmp))
90b89af7 2335 return do_ebt_get_ctl(sk, cmd, user, len);
81e675c2
FW		 2336
2337 if (copy_from_user(&tmp, user, sizeof(tmp)))
2338 return -EFAULT;
2339
2340 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
2341 if (!t)
2342 return ret;
2343
2344 xt_compat_lock(NFPROTO_BRIDGE);
2345 switch (cmd) {
2346 case EBT_SO_GET_INFO:
2347 tmp.nentries = t->private->nentries;
2348 ret = compat_table_info(t->private, &tmp);
2349 if (ret)
2350 goto out;
2351 tmp.valid_hooks = t->valid_hooks;
2352
2353 if (copy_to_user(user, &tmp, *len) != 0) {
2354 ret = -EFAULT;
2355 break;
2356 }
2357 ret = 0;
2358 break;
2359 case EBT_SO_GET_INIT_INFO:
2360 tmp.nentries = t->table->nentries;
2361 tmp.entries_size = t->table->entries_size;
2362 tmp.valid_hooks = t->table->valid_hooks;
2363
2364 if (copy_to_user(user, &tmp, *len) != 0) {
2365 ret = -EFAULT;
2366 break;
2367 }
2368 ret = 0;
2369 break;
2370 case EBT_SO_GET_ENTRIES:
2371 case EBT_SO_GET_INIT_ENTRIES:
90b89af7
FW		 2372 /*
2373 * try real handler first in case of userland-side padding.
2374 * in case we are dealing with an 'ordinary' 32 bit binary
2375 * without 64bit compatibility padding, this will fail right
2376 * after copy_from_user when the *len argument is validated.
2377 *
2378 * the compat_ variant needs to do one pass over the kernel
2379 * data set to adjust for size differences before it the check.
2380 */
2381 if (copy_everything_to_user(t, user, len, cmd) == 0)
2382 ret = 0;
2383 else
2384 ret = compat_copy_everything_to_user(t, user, len, cmd);
81e675c2
FW		 2385 break;
2386 default:
2387 ret = -EINVAL;
2388 }
2389 out:
2390 xt_compat_flush_offsets(NFPROTO_BRIDGE);
2391 xt_compat_unlock(NFPROTO_BRIDGE);
2392 mutex_unlock(&ebt_mutex);
2393 return ret;
2394}
2395#endif
2396
1da177e4 2397static struct nf_sockopt_ops ebt_sockopts =
74ca4e5a
AM		 2398{
2399 .pf = PF_INET,
2400 .set_optmin = EBT_BASE_CTL,
2401 .set_optmax = EBT_SO_SET_MAX + 1,
2402 .set = do_ebt_set_ctl,
81e675c2
FW		 2403#ifdef CONFIG_COMPAT
2404 .compat_set = compat_do_ebt_set_ctl,
2405#endif
74ca4e5a
AM		 2406 .get_optmin = EBT_BASE_CTL,
2407 .get_optmax = EBT_SO_GET_MAX + 1,
2408 .get = do_ebt_get_ctl,
81e675c2
FW		 2409#ifdef CONFIG_COMPAT
2410 .compat_get = compat_do_ebt_get_ctl,
2411#endif
16fcec35 2412 .owner = THIS_MODULE,
1da177e4
LT		 2413};
2414
65b4b4e8 2415static int __init ebtables_init(void)
1da177e4
LT		 2416{
2417 int ret;
2418
043ef46c
JE		 2419 ret = xt_register_target(&ebt_standard_target);
2420 if (ret < 0)
1da177e4 2421 return ret;
043ef46c
JE		 2422 ret = nf_register_sockopt(&ebt_sockopts);
2423 if (ret < 0) {
2424 xt_unregister_target(&ebt_standard_target);
2425 return ret;
2426 }
1da177e4 2427
a887c1c1 2428 printk(KERN_INFO "Ebtables v2.0 registered\n");
1da177e4
LT		 2429 return 0;
2430}
2431
65b4b4e8 2432static void __exit ebtables_fini(void)
1da177e4
LT		 2433{
2434 nf_unregister_sockopt(&ebt_sockopts);
043ef46c 2435 xt_unregister_target(&ebt_standard_target);
a887c1c1 2436 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1da177e4
LT		 2437}
2438
2439EXPORT_SYMBOL(ebt_register_table);
2440EXPORT_SYMBOL(ebt_unregister_table);
1da177e4 2441EXPORT_SYMBOL(ebt_do_table);
65b4b4e8
AM		 2442module_init(ebtables_init);
2443module_exit(ebtables_fini);
1da177e4 2444MODULE_LICENSE("GPL");
Clone of davem's net-next-2.6 tree