aboutsummaryrefslogtreecommitdiffstats
path: root/net/compat.c
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-12-18 00:50:37 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:58:36 -0500
commit3bc3fe5eed5e866c0871db6d745f3bf58af004ef (patch)
tree01c1906660209aeebd21307d61b5078d37e5baed /net/compat.c
parentd924357c50d83e76d30dd5b81b5804815a2ae31c (diff)
[NETFILTER]: ip6_tables: add compat support
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/compat.c')
-rw-r--r--net/compat.c106
1 files changed, 0 insertions, 106 deletions
diff --git a/net/compat.c b/net/compat.c
index f4ef4c04865..80013fb69a6 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -20,7 +20,6 @@
20#include <linux/syscalls.h> 20#include <linux/syscalls.h>
21#include <linux/filter.h> 21#include <linux/filter.h>
22#include <linux/compat.h> 22#include <linux/compat.h>
23#include <linux/netfilter_ipv4/ip_tables.h>
24#include <linux/security.h> 23#include <linux/security.h>
25 24
26#include <net/scm.h> 25#include <net/scm.h>
@@ -317,107 +316,6 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
317} 316}
318 317
319/* 318/*
320 * For now, we assume that the compatibility and native version
321 * of struct ipt_entry are the same - sfr. FIXME
322 */
323struct compat_ipt_replace {
324 char name[IPT_TABLE_MAXNAMELEN];
325 u32 valid_hooks;
326 u32 num_entries;
327 u32 size;
328 u32 hook_entry[NF_INET_NUMHOOKS];
329 u32 underflow[NF_INET_NUMHOOKS];
330 u32 num_counters;
331 compat_uptr_t counters; /* struct ipt_counters * */
332 struct ipt_entry entries[0];
333};
334
335static int do_netfilter_replace(int fd, int level, int optname,
336 char __user *optval, int optlen)
337{
338 struct compat_ipt_replace __user *urepl;
339 struct ipt_replace __user *repl_nat;
340 char name[IPT_TABLE_MAXNAMELEN];
341 u32 origsize, tmp32, num_counters;
342 unsigned int repl_nat_size;
343 int ret;
344 int i;
345 compat_uptr_t ucntrs;
346
347 urepl = (struct compat_ipt_replace __user *)optval;
348 if (get_user(origsize, &urepl->size))
349 return -EFAULT;
350
351 /* Hack: Causes ipchains to give correct error msg --RR */
352 if (optlen != sizeof(*urepl) + origsize)
353 return -ENOPROTOOPT;
354
355 /* XXX Assumes that size of ipt_entry is the same both in
356 * native and compat environments.
357 */
358 repl_nat_size = sizeof(*repl_nat) + origsize;
359 repl_nat = compat_alloc_user_space(repl_nat_size);
360
361 ret = -EFAULT;
362 if (put_user(origsize, &repl_nat->size))
363 goto out;
364
365 if (!access_ok(VERIFY_READ, urepl, optlen) ||
366 !access_ok(VERIFY_WRITE, repl_nat, optlen))
367 goto out;
368
369 if (__copy_from_user(name, urepl->name, sizeof(urepl->name)) ||
370 __copy_to_user(repl_nat->name, name, sizeof(repl_nat->name)))
371 goto out;
372
373 if (__get_user(tmp32, &urepl->valid_hooks) ||
374 __put_user(tmp32, &repl_nat->valid_hooks))
375 goto out;
376
377 if (__get_user(tmp32, &urepl->num_entries) ||
378 __put_user(tmp32, &repl_nat->num_entries))
379 goto out;
380
381 if (__get_user(num_counters, &urepl->num_counters) ||
382 __put_user(num_counters, &repl_nat->num_counters))
383 goto out;
384
385 if (__get_user(ucntrs, &urepl->counters) ||
386 __put_user(compat_ptr(ucntrs), &repl_nat->counters))
387 goto out;
388
389 if (__copy_in_user(&repl_nat->entries[0],
390 &urepl->entries[0],
391 origsize))
392 goto out;
393
394 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
395 if (__get_user(tmp32, &urepl->hook_entry[i]) ||
396 __put_user(tmp32, &repl_nat->hook_entry[i]) ||
397 __get_user(tmp32, &urepl->underflow[i]) ||
398 __put_user(tmp32, &repl_nat->underflow[i]))
399 goto out;
400 }
401
402 /*
403 * Since struct ipt_counters just contains two u_int64_t members
404 * we can just do the access_ok check here and pass the (converted)
405 * pointer into the standard syscall. We hope that the pointer is
406 * not misaligned ...
407 */
408 if (!access_ok(VERIFY_WRITE, compat_ptr(ucntrs),
409 num_counters * sizeof(struct ipt_counters)))
410 goto out;
411
412
413 ret = sys_setsockopt(fd, level, optname,
414 (char __user *)repl_nat, repl_nat_size);
415
416out:
417 return ret;
418}
419
420/*
421 * A struct sock_filter is architecture independent. 319 * A struct sock_filter is architecture independent.
422 */ 320 */
423struct compat_sock_fprog { 321struct compat_sock_fprog {
@@ -485,10 +383,6 @@ asmlinkage long compat_sys_setsockopt(int fd, int level, int optname,
485 int err; 383 int err;
486 struct socket *sock; 384 struct socket *sock;
487 385
488 if (level == SOL_IPV6 && optname == IPT_SO_SET_REPLACE)
489 return do_netfilter_replace(fd, level, optname,
490 optval, optlen);
491
492 if (optlen < 0) 386 if (optlen < 0)
493 return -EINVAL; 387 return -EINVAL;
494 388