aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter_bridge/ebtables.h19
-rw-r--r--net/bridge/netfilter/ebtable_broute.c2
-rw-r--r--net/bridge/netfilter/ebtable_filter.c2
-rw-r--r--net/bridge/netfilter/ebtable_nat.c2
-rw-r--r--net/bridge/netfilter/ebtables.c19
5 files changed, 31 insertions, 13 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 87775264ff0b..94e0a7dc0cb2 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -46,6 +46,23 @@ struct ebt_replace
46 /* total size of the entries */ 46 /* total size of the entries */
47 unsigned int entries_size; 47 unsigned int entries_size;
48 /* start of the chains */ 48 /* start of the chains */
49 struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS];
50 /* nr of counters userspace expects back */
51 unsigned int num_counters;
52 /* where the kernel will put the old counters */
53 struct ebt_counter __user *counters;
54 char __user *entries;
55};
56
57struct ebt_replace_kernel
58{
59 char name[EBT_TABLE_MAXNAMELEN];
60 unsigned int valid_hooks;
61 /* nr of rules in the table */
62 unsigned int nentries;
63 /* total size of the entries */
64 unsigned int entries_size;
65 /* start of the chains */
49 struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; 66 struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
50 /* nr of counters userspace expects back */ 67 /* nr of counters userspace expects back */
51 unsigned int num_counters; 68 unsigned int num_counters;
@@ -255,7 +272,7 @@ struct ebt_table
255{ 272{
256 struct list_head list; 273 struct list_head list;
257 char name[EBT_TABLE_MAXNAMELEN]; 274 char name[EBT_TABLE_MAXNAMELEN];
258 struct ebt_replace *table; 275 struct ebt_replace_kernel *table;
259 unsigned int valid_hooks; 276 unsigned int valid_hooks;
260 rwlock_t lock; 277 rwlock_t lock;
261 /* e.g. could be the table explicitly only allows certain 278 /* e.g. could be the table explicitly only allows certain
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index 9a6e548e148b..d37ce0478938 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -23,7 +23,7 @@ static struct ebt_entries initial_chain = {
23 .policy = EBT_ACCEPT, 23 .policy = EBT_ACCEPT,
24}; 24};
25 25
26static struct ebt_replace initial_table = 26static struct ebt_replace_kernel initial_table =
27{ 27{
28 .name = "broute", 28 .name = "broute",
29 .valid_hooks = 1 << NF_BR_BROUTING, 29 .valid_hooks = 1 << NF_BR_BROUTING,
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 3d5bd44f2395..127135ead2d5 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -30,7 +30,7 @@ static struct ebt_entries initial_chains[] =
30 }, 30 },
31}; 31};
32 32
33static struct ebt_replace initial_table = 33static struct ebt_replace_kernel initial_table =
34{ 34{
35 .name = "filter", 35 .name = "filter",
36 .valid_hooks = FILTER_VALID_HOOKS, 36 .valid_hooks = FILTER_VALID_HOOKS,
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index 04dd42efda1d..9c50488b62eb 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -30,7 +30,7 @@ static struct ebt_entries initial_chains[] =
30 } 30 }
31}; 31};
32 32
33static struct ebt_replace initial_table = 33static struct ebt_replace_kernel initial_table =
34{ 34{
35 .name = "nat", 35 .name = "nat",
36 .valid_hooks = NAT_VALID_HOOKS, 36 .valid_hooks = NAT_VALID_HOOKS,
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 00a89705c1c4..bee558a41800 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -417,7 +417,8 @@ static int ebt_verify_pointers(struct ebt_replace *repl,
417 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 417 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
418 if ((valid_hooks & (1 << i)) == 0) 418 if ((valid_hooks & (1 << i)) == 0)
419 continue; 419 continue;
420 if ((char *)repl->hook_entry[i] == repl->entries + offset) 420 if ((char __user *)repl->hook_entry[i] ==
421 repl->entries + offset)
421 break; 422 break;
422 } 423 }
423 424
@@ -1156,7 +1157,7 @@ int ebt_register_table(struct ebt_table *table)
1156{ 1157{
1157 struct ebt_table_info *newinfo; 1158 struct ebt_table_info *newinfo;
1158 struct ebt_table *t; 1159 struct ebt_table *t;
1159 struct ebt_replace *repl; 1160 struct ebt_replace_kernel *repl;
1160 int ret, i, countersize; 1161 int ret, i, countersize;
1161 void *p; 1162 void *p;
1162 1163
@@ -1320,33 +1321,33 @@ free_tmp:
1320} 1321}
1321 1322
1322static inline int ebt_make_matchname(struct ebt_entry_match *m, 1323static inline int ebt_make_matchname(struct ebt_entry_match *m,
1323 char *base, char *ubase) 1324 char *base, char __user *ubase)
1324{ 1325{
1325 char *hlp = ubase - base + (char *)m; 1326 char __user *hlp = ubase + ((char *)m - base);
1326 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1327 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1327 return -EFAULT; 1328 return -EFAULT;
1328 return 0; 1329 return 0;
1329} 1330}
1330 1331
1331static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1332static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1332 char *base, char *ubase) 1333 char *base, char __user *ubase)
1333{ 1334{
1334 char *hlp = ubase - base + (char *)w; 1335 char __user *hlp = ubase + ((char *)w - base);
1335 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1336 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1336 return -EFAULT; 1337 return -EFAULT;
1337 return 0; 1338 return 0;
1338} 1339}
1339 1340
1340static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) 1341static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1341{ 1342{
1342 int ret; 1343 int ret;
1343 char *hlp; 1344 char __user *hlp;
1344 struct ebt_entry_target *t; 1345 struct ebt_entry_target *t;
1345 1346
1346 if (e->bitmask == 0) 1347 if (e->bitmask == 0)
1347 return 0; 1348 return 0;
1348 1349
1349 hlp = ubase - base + (char *)e + e->target_offset; 1350 hlp = ubase + (((char *)e + e->target_offset) - base);
1350 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1351 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1351 1352
1352 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1353 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);