diff options
-rw-r--r-- | include/linux/netfilter_bridge/ebtables.h | 19 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtable_broute.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtable_filter.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtable_nat.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 19 |
5 files changed, 31 insertions, 13 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index 87775264ff0b..94e0a7dc0cb2 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h | |||
@@ -46,6 +46,23 @@ struct ebt_replace | |||
46 | /* total size of the entries */ | 46 | /* total size of the entries */ |
47 | unsigned int entries_size; | 47 | unsigned int entries_size; |
48 | /* start of the chains */ | 48 | /* start of the chains */ |
49 | struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS]; | ||
50 | /* nr of counters userspace expects back */ | ||
51 | unsigned int num_counters; | ||
52 | /* where the kernel will put the old counters */ | ||
53 | struct ebt_counter __user *counters; | ||
54 | char __user *entries; | ||
55 | }; | ||
56 | |||
57 | struct ebt_replace_kernel | ||
58 | { | ||
59 | char name[EBT_TABLE_MAXNAMELEN]; | ||
60 | unsigned int valid_hooks; | ||
61 | /* nr of rules in the table */ | ||
62 | unsigned int nentries; | ||
63 | /* total size of the entries */ | ||
64 | unsigned int entries_size; | ||
65 | /* start of the chains */ | ||
49 | struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; | 66 | struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; |
50 | /* nr of counters userspace expects back */ | 67 | /* nr of counters userspace expects back */ |
51 | unsigned int num_counters; | 68 | unsigned int num_counters; |
@@ -255,7 +272,7 @@ struct ebt_table | |||
255 | { | 272 | { |
256 | struct list_head list; | 273 | struct list_head list; |
257 | char name[EBT_TABLE_MAXNAMELEN]; | 274 | char name[EBT_TABLE_MAXNAMELEN]; |
258 | struct ebt_replace *table; | 275 | struct ebt_replace_kernel *table; |
259 | unsigned int valid_hooks; | 276 | unsigned int valid_hooks; |
260 | rwlock_t lock; | 277 | rwlock_t lock; |
261 | /* e.g. could be the table explicitly only allows certain | 278 | /* e.g. could be the table explicitly only allows certain |
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index 9a6e548e148b..d37ce0478938 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
@@ -23,7 +23,7 @@ static struct ebt_entries initial_chain = { | |||
23 | .policy = EBT_ACCEPT, | 23 | .policy = EBT_ACCEPT, |
24 | }; | 24 | }; |
25 | 25 | ||
26 | static struct ebt_replace initial_table = | 26 | static struct ebt_replace_kernel initial_table = |
27 | { | 27 | { |
28 | .name = "broute", | 28 | .name = "broute", |
29 | .valid_hooks = 1 << NF_BR_BROUTING, | 29 | .valid_hooks = 1 << NF_BR_BROUTING, |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index 3d5bd44f2395..127135ead2d5 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
@@ -30,7 +30,7 @@ static struct ebt_entries initial_chains[] = | |||
30 | }, | 30 | }, |
31 | }; | 31 | }; |
32 | 32 | ||
33 | static struct ebt_replace initial_table = | 33 | static struct ebt_replace_kernel initial_table = |
34 | { | 34 | { |
35 | .name = "filter", | 35 | .name = "filter", |
36 | .valid_hooks = FILTER_VALID_HOOKS, | 36 | .valid_hooks = FILTER_VALID_HOOKS, |
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index 04dd42efda1d..9c50488b62eb 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c | |||
@@ -30,7 +30,7 @@ static struct ebt_entries initial_chains[] = | |||
30 | } | 30 | } |
31 | }; | 31 | }; |
32 | 32 | ||
33 | static struct ebt_replace initial_table = | 33 | static struct ebt_replace_kernel initial_table = |
34 | { | 34 | { |
35 | .name = "nat", | 35 | .name = "nat", |
36 | .valid_hooks = NAT_VALID_HOOKS, | 36 | .valid_hooks = NAT_VALID_HOOKS, |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 00a89705c1c4..bee558a41800 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -417,7 +417,8 @@ static int ebt_verify_pointers(struct ebt_replace *repl, | |||
417 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | 417 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { |
418 | if ((valid_hooks & (1 << i)) == 0) | 418 | if ((valid_hooks & (1 << i)) == 0) |
419 | continue; | 419 | continue; |
420 | if ((char *)repl->hook_entry[i] == repl->entries + offset) | 420 | if ((char __user *)repl->hook_entry[i] == |
421 | repl->entries + offset) | ||
421 | break; | 422 | break; |
422 | } | 423 | } |
423 | 424 | ||
@@ -1156,7 +1157,7 @@ int ebt_register_table(struct ebt_table *table) | |||
1156 | { | 1157 | { |
1157 | struct ebt_table_info *newinfo; | 1158 | struct ebt_table_info *newinfo; |
1158 | struct ebt_table *t; | 1159 | struct ebt_table *t; |
1159 | struct ebt_replace *repl; | 1160 | struct ebt_replace_kernel *repl; |
1160 | int ret, i, countersize; | 1161 | int ret, i, countersize; |
1161 | void *p; | 1162 | void *p; |
1162 | 1163 | ||
@@ -1320,33 +1321,33 @@ free_tmp: | |||
1320 | } | 1321 | } |
1321 | 1322 | ||
1322 | static inline int ebt_make_matchname(struct ebt_entry_match *m, | 1323 | static inline int ebt_make_matchname(struct ebt_entry_match *m, |
1323 | char *base, char *ubase) | 1324 | char *base, char __user *ubase) |
1324 | { | 1325 | { |
1325 | char *hlp = ubase - base + (char *)m; | 1326 | char __user *hlp = ubase + ((char *)m - base); |
1326 | if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) | 1327 | if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) |
1327 | return -EFAULT; | 1328 | return -EFAULT; |
1328 | return 0; | 1329 | return 0; |
1329 | } | 1330 | } |
1330 | 1331 | ||
1331 | static inline int ebt_make_watchername(struct ebt_entry_watcher *w, | 1332 | static inline int ebt_make_watchername(struct ebt_entry_watcher *w, |
1332 | char *base, char *ubase) | 1333 | char *base, char __user *ubase) |
1333 | { | 1334 | { |
1334 | char *hlp = ubase - base + (char *)w; | 1335 | char __user *hlp = ubase + ((char *)w - base); |
1335 | if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) | 1336 | if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) |
1336 | return -EFAULT; | 1337 | return -EFAULT; |
1337 | return 0; | 1338 | return 0; |
1338 | } | 1339 | } |
1339 | 1340 | ||
1340 | static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) | 1341 | static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase) |
1341 | { | 1342 | { |
1342 | int ret; | 1343 | int ret; |
1343 | char *hlp; | 1344 | char __user *hlp; |
1344 | struct ebt_entry_target *t; | 1345 | struct ebt_entry_target *t; |
1345 | 1346 | ||
1346 | if (e->bitmask == 0) | 1347 | if (e->bitmask == 0) |
1347 | return 0; | 1348 | return 0; |
1348 | 1349 | ||
1349 | hlp = ubase - base + (char *)e + e->target_offset; | 1350 | hlp = ubase + (((char *)e + e->target_offset) - base); |
1350 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | 1351 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); |
1351 | 1352 | ||
1352 | ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); | 1353 | ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); |