diff options
| author | Patrick McHardy <kaber@trash.net> | 2007-12-18 00:47:32 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:58:30 -0500 |
| commit | 73cd598df46a73d6f02063f2520df115a9b88aa5 (patch) | |
| tree | 14b243381c30965f73f7b49de41888ff5642fba7 /net | |
| parent | 30c08c41be75145b8850ea14b2d5ee4ee4b705d8 (diff) | |
[NETFILTER]: ip_tables: fix compat types
Use compat types and compat iterators when dealing with compat entries for
clarity. This doesn't actually make a difference for ip_tables, but is
needed for ip6_tables and arp_tables.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 51 |
1 files changed, 27 insertions, 24 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index cc896fe2fd92..d8caa1ed4879 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -1559,7 +1559,7 @@ compat_release_match(struct ipt_entry_match *m, unsigned int *i) | |||
| 1559 | } | 1559 | } |
| 1560 | 1560 | ||
| 1561 | static inline int | 1561 | static inline int |
| 1562 | compat_release_entry(struct ipt_entry *e, unsigned int *i) | 1562 | compat_release_entry(struct compat_ipt_entry *e, unsigned int *i) |
| 1563 | { | 1563 | { |
| 1564 | struct ipt_entry_target *t; | 1564 | struct ipt_entry_target *t; |
| 1565 | 1565 | ||
| @@ -1567,14 +1567,14 @@ compat_release_entry(struct ipt_entry *e, unsigned int *i) | |||
| 1567 | return 1; | 1567 | return 1; |
| 1568 | 1568 | ||
| 1569 | /* Cleanup all matches */ | 1569 | /* Cleanup all matches */ |
| 1570 | IPT_MATCH_ITERATE(e, compat_release_match, NULL); | 1570 | COMPAT_IPT_MATCH_ITERATE(e, compat_release_match, NULL); |
| 1571 | t = ipt_get_target(e); | 1571 | t = compat_ipt_get_target(e); |
| 1572 | module_put(t->u.kernel.target->me); | 1572 | module_put(t->u.kernel.target->me); |
| 1573 | return 0; | 1573 | return 0; |
| 1574 | } | 1574 | } |
| 1575 | 1575 | ||
| 1576 | static inline int | 1576 | static inline int |
| 1577 | check_compat_entry_size_and_hooks(struct ipt_entry *e, | 1577 | check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, |
| 1578 | struct xt_table_info *newinfo, | 1578 | struct xt_table_info *newinfo, |
| 1579 | unsigned int *size, | 1579 | unsigned int *size, |
| 1580 | unsigned char *base, | 1580 | unsigned char *base, |
| @@ -1603,19 +1603,20 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, | |||
| 1603 | return -EINVAL; | 1603 | return -EINVAL; |
| 1604 | } | 1604 | } |
| 1605 | 1605 | ||
| 1606 | ret = check_entry(e, name); | 1606 | /* For purposes of check_entry casting the compat entry is fine */ |
| 1607 | ret = check_entry((struct ipt_entry *)e, name); | ||
| 1607 | if (ret) | 1608 | if (ret) |
| 1608 | return ret; | 1609 | return ret; |
| 1609 | 1610 | ||
| 1610 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | 1611 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
| 1611 | entry_offset = (void *)e - (void *)base; | 1612 | entry_offset = (void *)e - (void *)base; |
| 1612 | j = 0; | 1613 | j = 0; |
| 1613 | ret = IPT_MATCH_ITERATE(e, compat_find_calc_match, name, &e->ip, | 1614 | ret = COMPAT_IPT_MATCH_ITERATE(e, compat_find_calc_match, name, |
| 1614 | e->comefrom, &off, &j); | 1615 | &e->ip, e->comefrom, &off, &j); |
| 1615 | if (ret != 0) | 1616 | if (ret != 0) |
| 1616 | goto release_matches; | 1617 | goto release_matches; |
| 1617 | 1618 | ||
| 1618 | t = ipt_get_target(e); | 1619 | t = compat_ipt_get_target(e); |
| 1619 | target = try_then_request_module(xt_find_target(AF_INET, | 1620 | target = try_then_request_module(xt_find_target(AF_INET, |
| 1620 | t->u.user.name, | 1621 | t->u.user.name, |
| 1621 | t->u.user.revision), | 1622 | t->u.user.revision), |
| @@ -1643,7 +1644,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, | |||
| 1643 | } | 1644 | } |
| 1644 | 1645 | ||
| 1645 | /* Clear counters and comefrom */ | 1646 | /* Clear counters and comefrom */ |
| 1646 | e->counters = ((struct ipt_counters) { 0, 0 }); | 1647 | memset(&e->counters, 0, sizeof(e->counters)); |
| 1647 | e->comefrom = 0; | 1648 | e->comefrom = 0; |
| 1648 | 1649 | ||
| 1649 | (*i)++; | 1650 | (*i)++; |
| @@ -1657,7 +1658,7 @@ release_matches: | |||
| 1657 | } | 1658 | } |
| 1658 | 1659 | ||
| 1659 | static int | 1660 | static int |
| 1660 | compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, | 1661 | compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr, |
| 1661 | unsigned int *size, const char *name, | 1662 | unsigned int *size, const char *name, |
| 1662 | struct xt_table_info *newinfo, unsigned char *base) | 1663 | struct xt_table_info *newinfo, unsigned char *base) |
| 1663 | { | 1664 | { |
| @@ -1671,15 +1672,17 @@ compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, | |||
| 1671 | origsize = *size; | 1672 | origsize = *size; |
| 1672 | de = (struct ipt_entry *)*dstptr; | 1673 | de = (struct ipt_entry *)*dstptr; |
| 1673 | memcpy(de, e, sizeof(struct ipt_entry)); | 1674 | memcpy(de, e, sizeof(struct ipt_entry)); |
| 1675 | memcpy(&de->counters, &e->counters, sizeof(e->counters)); | ||
| 1674 | 1676 | ||
| 1675 | *dstptr += sizeof(struct compat_ipt_entry); | 1677 | *dstptr += sizeof(struct ipt_entry); |
| 1676 | *size += sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | 1678 | *size += sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
| 1677 | 1679 | ||
| 1678 | ret = IPT_MATCH_ITERATE(e, xt_compat_match_from_user, dstptr, size); | 1680 | ret = COMPAT_IPT_MATCH_ITERATE(e, xt_compat_match_from_user, |
| 1681 | dstptr, size); | ||
| 1679 | if (ret) | 1682 | if (ret) |
| 1680 | return ret; | 1683 | return ret; |
| 1681 | de->target_offset = e->target_offset - (origsize - *size); | 1684 | de->target_offset = e->target_offset - (origsize - *size); |
| 1682 | t = ipt_get_target(e); | 1685 | t = compat_ipt_get_target(e); |
| 1683 | target = t->u.kernel.target; | 1686 | target = t->u.kernel.target; |
| 1684 | xt_compat_target_from_user(t, dstptr, size); | 1687 | xt_compat_target_from_user(t, dstptr, size); |
| 1685 | 1688 | ||
| @@ -1746,11 +1749,11 @@ translate_compat_table(const char *name, | |||
| 1746 | j = 0; | 1749 | j = 0; |
| 1747 | xt_compat_lock(AF_INET); | 1750 | xt_compat_lock(AF_INET); |
| 1748 | /* Walk through entries, checking offsets. */ | 1751 | /* Walk through entries, checking offsets. */ |
| 1749 | ret = IPT_ENTRY_ITERATE(entry0, total_size, | 1752 | ret = COMPAT_IPT_ENTRY_ITERATE(entry0, total_size, |
| 1750 | check_compat_entry_size_and_hooks, | 1753 | check_compat_entry_size_and_hooks, |
| 1751 | info, &size, entry0, | 1754 | info, &size, entry0, |
| 1752 | entry0 + total_size, | 1755 | entry0 + total_size, |
| 1753 | hook_entries, underflows, &j, name); | 1756 | hook_entries, underflows, &j, name); |
| 1754 | if (ret != 0) | 1757 | if (ret != 0) |
| 1755 | goto out_unlock; | 1758 | goto out_unlock; |
| 1756 | 1759 | ||
| @@ -1791,9 +1794,9 @@ translate_compat_table(const char *name, | |||
| 1791 | entry1 = newinfo->entries[raw_smp_processor_id()]; | 1794 | entry1 = newinfo->entries[raw_smp_processor_id()]; |
| 1792 | pos = entry1; | 1795 | pos = entry1; |
| 1793 | size = total_size; | 1796 | size = total_size; |
| 1794 | ret = IPT_ENTRY_ITERATE(entry0, total_size, | 1797 | ret = COMPAT_IPT_ENTRY_ITERATE(entry0, total_size, |
| 1795 | compat_copy_entry_from_user, &pos, &size, | 1798 | compat_copy_entry_from_user, &pos, &size, |
| 1796 | name, newinfo, entry1); | 1799 | name, newinfo, entry1); |
| 1797 | compat_flush_offsets(); | 1800 | compat_flush_offsets(); |
| 1798 | xt_compat_unlock(AF_INET); | 1801 | xt_compat_unlock(AF_INET); |
| 1799 | if (ret) | 1802 | if (ret) |
| @@ -1808,8 +1811,8 @@ translate_compat_table(const char *name, | |||
| 1808 | name, &i); | 1811 | name, &i); |
| 1809 | if (ret) { | 1812 | if (ret) { |
| 1810 | j -= i; | 1813 | j -= i; |
| 1811 | IPT_ENTRY_ITERATE_CONTINUE(entry1, newinfo->size, i, | 1814 | COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, |
| 1812 | compat_release_entry, &j); | 1815 | compat_release_entry, &j); |
| 1813 | IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i); | 1816 | IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i); |
| 1814 | xt_free_table_info(newinfo); | 1817 | xt_free_table_info(newinfo); |
| 1815 | return ret; | 1818 | return ret; |
| @@ -1828,7 +1831,7 @@ translate_compat_table(const char *name, | |||
| 1828 | free_newinfo: | 1831 | free_newinfo: |
| 1829 | xt_free_table_info(newinfo); | 1832 | xt_free_table_info(newinfo); |
| 1830 | out: | 1833 | out: |
| 1831 | IPT_ENTRY_ITERATE(entry0, total_size, compat_release_entry, &j); | 1834 | COMPAT_IPT_ENTRY_ITERATE(entry0, total_size, compat_release_entry, &j); |
| 1832 | return ret; | 1835 | return ret; |
| 1833 | out_unlock: | 1836 | out_unlock: |
| 1834 | compat_flush_offsets(); | 1837 | compat_flush_offsets(); |