[NETFILTER]: iptables 32bit compat layer

This patch extends current iptables compatibility layer in order to get 32bit iptables to work on 64bit kernel. Current layer is insufficient due to alignment checks both in kernel and user space tools. Patch is for current net-2.6.17 with addition of move of ipt_entry_{match| target} definitions to xt_entry_{match|target}. Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-off-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Dmitry Mishin <dim@openvz.org> 2006-04-01 05:25:19 -0500
committer: David S. Miller <davem@davemloft.net> 2006-04-01 05:25:19 -0500
commit: 2722971cbe831117686039d5c334f2c0f560be13 (patch)
tree: b810ea96778e4f5de2a7713685c0551aa34c8f97 /include/linux
parent: e64a70be5175ac2c209fa742123a6ce845852e0e (diff)
2 files changed, 85 insertions, 0 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 1350e47b0234..f6bdef82a322 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -142,6 +142,12 @@ struct xt_counters_info
 #define ASSERT_WRITE_LOCK(x)
 #include <linux/netfilter_ipv4/listhelp.h>
+#ifdef CONFIG_COMPAT
+#define COMPAT_TO_USER          1
+#define COMPAT_FROM_USER        -1
+#define COMPAT_CALC_SIZE        0
+#endif
 struct xt_match
 {
        struct list_head list;
@@ -175,6 +181,9 @@ struct xt_match
        void (*destroy)(const struct xt_match *match, void *matchinfo,
                        unsigned int matchinfosize);
+        /* Called when userspace align differs from kernel space one */
+        int (*compat)(void *match, void **dstptr, int *size, int convert);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
@@ -220,6 +229,9 @@ struct xt_target
        void (*destroy)(const struct xt_target *target, void *targinfo,
                        unsigned int targinfosize);
+        /* Called when userspace align differs from kernel space one */
+        int (*compat)(void *target, void **dstptr, int *size, int convert);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
@@ -314,6 +326,61 @@ extern void xt_proto_fini(int af);
 extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
 extern void xt_free_table_info(struct xt_table_info *info);
+#ifdef CONFIG_COMPAT
+#include <net/compat.h>
+struct compat_xt_entry_match
+{
+        union {
+                struct {
+                        u_int16_t match_size;
+                        char name[XT_FUNCTION_MAXNAMELEN - 1];
+                        u_int8_t revision;
+                } user;
+                u_int16_t match_size;
+        } u;
+        unsigned char data[0];
+};
+struct compat_xt_entry_target
+{
+        union {
+                struct {
+                        u_int16_t target_size;
+                        char name[XT_FUNCTION_MAXNAMELEN - 1];
+                        u_int8_t revision;
+                } user;
+                u_int16_t target_size;
+        } u;
+        unsigned char data[0];
+};
+/* FIXME: this works only on 32 bit tasks
+ * need to change whole approach in order to calculate align as function of
+ * current task alignment */
+struct compat_xt_counters
+{
+        u_int32_t cnt[4];
+};
+struct compat_xt_counters_info
+{
+        char name[XT_TABLE_MAXNAMELEN];
+        compat_uint_t num_counters;
+        struct compat_xt_counters counters[0];
+};
+#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
+                & ~(__alignof__(struct compat_xt_counters)-1))
+extern void xt_compat_lock(int af);
+extern void xt_compat_unlock(int af);
+extern int xt_compat_match(void *match, void **dstptr, int *size, int convert);
+extern int xt_compat_target(void *target, void **dstptr, int *size,
+                int convert);
+#endif /* CONFIG_COMPAT */
 #endif /* __KERNEL__ */
 #endif /* _X_TABLES_H */
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index d5b8c0d6a12b..c0dac16e1902 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -316,5 +316,23 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
                                 void *userdata);
 #define IPT_ALIGN(s) XT_ALIGN(s)
+#ifdef CONFIG_COMPAT
+#include <net/compat.h>
+struct compat_ipt_entry
+{
+        struct ipt_ip ip;
+        compat_uint_t nfcache;
+        u_int16_t target_offset;
+        u_int16_t next_offset;
+        compat_uint_t comefrom;
+        struct compat_xt_counters counters;
+        unsigned char elems[0];
+};
+#define COMPAT_IPT_ALIGN(s)     COMPAT_XT_ALIGN(s)
+#endif /* CONFIG_COMPAT */
 #endif /*__KERNEL__*/
 #endif /* _IPTABLES_H */
author	Dmitry Mishin <dim@openvz.org>	2006-04-01 05:25:19 -0500
committer	David S. Miller <davem@davemloft.net>	2006-04-01 05:25:19 -0500
commit	2722971cbe831117686039d5c334f2c0f560be13 (patch)
tree	b810ea96778e4f5de2a7713685c0551aa34c8f97 /include/linux
parent	e64a70be5175ac2c209fa742123a6ce845852e0e (diff)

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 1350e47b0234..f6bdef82a322 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h
@@ -142,6 +142,12 @@ struct xt_counters_info
142	#define ASSERT_WRITE_LOCK(x)	142	#define ASSERT_WRITE_LOCK(x)
143	#include <linux/netfilter_ipv4/listhelp.h>	143	#include <linux/netfilter_ipv4/listhelp.h>
144		144
		145	#ifdef CONFIG_COMPAT
		146	#define COMPAT_TO_USER 1
		147	#define COMPAT_FROM_USER -1
		148	#define COMPAT_CALC_SIZE 0
		149	#endif
		150
145	struct xt_match	151	struct xt_match
146	{	152	{
147	struct list_head list;	153	struct list_head list;
@@ -175,6 +181,9 @@ struct xt_match
175	void (destroy)(const struct xt_match match, void *matchinfo,	181	void (destroy)(const struct xt_match match, void *matchinfo,
176	unsigned int matchinfosize);	182	unsigned int matchinfosize);
177		183
		184	/* Called when userspace align differs from kernel space one */
		185	int (compat)(void match, void *dstptr, int size, int convert);
		186
178	/* Set this to THIS_MODULE if you are a module, otherwise NULL */	187	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
179	struct module *me;	188	struct module *me;
180		189
@@ -220,6 +229,9 @@ struct xt_target
220	void (destroy)(const struct xt_target target, void *targinfo,	229	void (destroy)(const struct xt_target target, void *targinfo,
221	unsigned int targinfosize);	230	unsigned int targinfosize);
222		231
		232	/* Called when userspace align differs from kernel space one */
		233	int (compat)(void target, void *dstptr, int size, int convert);
		234
223	/* Set this to THIS_MODULE if you are a module, otherwise NULL */	235	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
224	struct module *me;	236	struct module *me;
225		237
@@ -314,6 +326,61 @@ extern void xt_proto_fini(int af);
314	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);	326	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
315	extern void xt_free_table_info(struct xt_table_info *info);	327	extern void xt_free_table_info(struct xt_table_info *info);
316		328
		329	#ifdef CONFIG_COMPAT
		330	#include <net/compat.h>
		331
		332	struct compat_xt_entry_match
		333	{
		334	union {
		335	struct {
		336	u_int16_t match_size;
		337	char name[XT_FUNCTION_MAXNAMELEN - 1];
		338	u_int8_t revision;
		339	} user;
		340	u_int16_t match_size;
		341	} u;
		342	unsigned char data[0];
		343	};
		344
		345	struct compat_xt_entry_target
		346	{
		347	union {
		348	struct {
		349	u_int16_t target_size;
		350	char name[XT_FUNCTION_MAXNAMELEN - 1];
		351	u_int8_t revision;
		352	} user;
		353	u_int16_t target_size;
		354	} u;
		355	unsigned char data[0];
		356	};
		357
		358	/* FIXME: this works only on 32 bit tasks
		359	* need to change whole approach in order to calculate align as function of
		360	* current task alignment */
		361
		362	struct compat_xt_counters
		363	{
		364	u_int32_t cnt[4];
		365	};
		366
		367	struct compat_xt_counters_info
		368	{
		369	char name[XT_TABLE_MAXNAMELEN];
		370	compat_uint_t num_counters;
		371	struct compat_xt_counters counters[0];
		372	};
		373
		374	#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
		375	& ~(__alignof__(struct compat_xt_counters)-1))
		376
		377	extern void xt_compat_lock(int af);
		378	extern void xt_compat_unlock(int af);
		379	extern int xt_compat_match(void match, void dstptr, int size, int convert);
		380	extern int xt_compat_target(void target, void dstptr, int size,
		381	int convert);
		382
		383	#endif /* CONFIG_COMPAT */
317	#endif /* __KERNEL__ */	384	#endif /* __KERNEL__ */
318		385
319	#endif /* _X_TABLES_H */	386	#endif /* _X_TABLES_H */


diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d5b8c0d6a12b..c0dac16e1902 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -316,5 +316,23 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
316	void *userdata);	316	void *userdata);
317		317
318	#define IPT_ALIGN(s) XT_ALIGN(s)	318	#define IPT_ALIGN(s) XT_ALIGN(s)
		319
		320	#ifdef CONFIG_COMPAT
		321	#include <net/compat.h>
		322
		323	struct compat_ipt_entry
		324	{
		325	struct ipt_ip ip;
		326	compat_uint_t nfcache;
		327	u_int16_t target_offset;
		328	u_int16_t next_offset;
		329	compat_uint_t comefrom;
		330	struct compat_xt_counters counters;
		331	unsigned char elems[0];
		332	};
		333
		334	#define COMPAT_IPT_ALIGN(s) COMPAT_XT_ALIGN(s)
		335
		336	#endif /* CONFIG_COMPAT */
319	#endif /__KERNEL__/	337	#endif /__KERNEL__/
320	#endif /* _IPTABLES_H */	338	#endif /* _IPTABLES_H */