2 files changed, 85 insertions, 0 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 1350e47b02..f6bdef82a3 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -142,6 +142,12 @@ struct xt_counters_info
 #define ASSERT_WRITE_LOCK(x)
 #include <linux/netfilter_ipv4/listhelp.h>
+#ifdef CONFIG_COMPAT
+#define COMPAT_TO_USER          1
+#define COMPAT_FROM_USER        -1
+#define COMPAT_CALC_SIZE        0
+#endif
 struct xt_match
 {
        struct list_head list;
@@ -175,6 +181,9 @@ struct xt_match
        void (*destroy)(const struct xt_match *match, void *matchinfo,
                        unsigned int matchinfosize);
+        /* Called when userspace align differs from kernel space one */
+        int (*compat)(void *match, void **dstptr, int *size, int convert);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
@@ -220,6 +229,9 @@ struct xt_target
        void (*destroy)(const struct xt_target *target, void *targinfo,
                        unsigned int targinfosize);
+        /* Called when userspace align differs from kernel space one */
+        int (*compat)(void *target, void **dstptr, int *size, int convert);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
@@ -314,6 +326,61 @@ extern void xt_proto_fini(int af);
 extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
 extern void xt_free_table_info(struct xt_table_info *info);
+#ifdef CONFIG_COMPAT
+#include <net/compat.h>
+struct compat_xt_entry_match
+{
+        union {
+                struct {
+                        u_int16_t match_size;
+                        char name[XT_FUNCTION_MAXNAMELEN - 1];
+                        u_int8_t revision;
+                } user;
+                u_int16_t match_size;
+        } u;
+        unsigned char data[0];
+};
+struct compat_xt_entry_target
+{
+        union {
+                struct {
+                        u_int16_t target_size;
+                        char name[XT_FUNCTION_MAXNAMELEN - 1];
+                        u_int8_t revision;
+                } user;
+                u_int16_t target_size;
+        } u;
+        unsigned char data[0];
+};
+/* FIXME: this works only on 32 bit tasks
+ * need to change whole approach in order to calculate align as function of
+ * current task alignment */
+struct compat_xt_counters
+{
+        u_int32_t cnt[4];
+};
+struct compat_xt_counters_info
+{
+        char name[XT_TABLE_MAXNAMELEN];
+        compat_uint_t num_counters;
+        struct compat_xt_counters counters[0];
+};
+#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
+                & ~(__alignof__(struct compat_xt_counters)-1))
+extern void xt_compat_lock(int af);
+extern void xt_compat_unlock(int af);
+extern int xt_compat_match(void *match, void **dstptr, int *size, int convert);
+extern int xt_compat_target(void *target, void **dstptr, int *size,
+                int convert);
+#endif /* CONFIG_COMPAT */
 #endif /* __KERNEL__ */
 #endif /* _X_TABLES_H */
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index d5b8c0d6a1..c0dac16e19 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -316,5 +316,23 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
                                 void *userdata);
 #define IPT_ALIGN(s) XT_ALIGN(s)
+#ifdef CONFIG_COMPAT
+#include <net/compat.h>
+struct compat_ipt_entry
+{
+        struct ipt_ip ip;
+        compat_uint_t nfcache;
+        u_int16_t target_offset;
+        u_int16_t next_offset;
+        compat_uint_t comefrom;
+        struct compat_xt_counters counters;
+        unsigned char elems[0];
+};
+#define COMPAT_IPT_ALIGN(s)     COMPAT_XT_ALIGN(s)
+#endif /* CONFIG_COMPAT */
 #endif /*__KERNEL__*/
 #endif /* _IPTABLES_H */

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 1350e47b02..f6bdef82a3 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h
@@ -142,6 +142,12 @@ struct xt_counters_info
142	#define ASSERT_WRITE_LOCK(x)	142	#define ASSERT_WRITE_LOCK(x)
143	#include <linux/netfilter_ipv4/listhelp.h>	143	#include <linux/netfilter_ipv4/listhelp.h>
144		144
		145	#ifdef CONFIG_COMPAT
		146	#define COMPAT_TO_USER 1
		147	#define COMPAT_FROM_USER -1
		148	#define COMPAT_CALC_SIZE 0
		149	#endif
		150
145	struct xt_match	151	struct xt_match
146	{	152	{
147	struct list_head list;	153	struct list_head list;
@@ -175,6 +181,9 @@ struct xt_match
175	void (destroy)(const struct xt_match match, void *matchinfo,	181	void (destroy)(const struct xt_match match, void *matchinfo,
176	unsigned int matchinfosize);	182	unsigned int matchinfosize);
177		183
		184	/* Called when userspace align differs from kernel space one */
		185	int (compat)(void match, void *dstptr, int size, int convert);
		186
178	/* Set this to THIS_MODULE if you are a module, otherwise NULL */	187	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
179	struct module *me;	188	struct module *me;
180		189
@@ -220,6 +229,9 @@ struct xt_target
220	void (destroy)(const struct xt_target target, void *targinfo,	229	void (destroy)(const struct xt_target target, void *targinfo,
221	unsigned int targinfosize);	230	unsigned int targinfosize);
222		231
		232	/* Called when userspace align differs from kernel space one */
		233	int (compat)(void target, void *dstptr, int size, int convert);
		234
223	/* Set this to THIS_MODULE if you are a module, otherwise NULL */	235	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
224	struct module *me;	236	struct module *me;
225		237
@@ -314,6 +326,61 @@ extern void xt_proto_fini(int af);
314	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);	326	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
315	extern void xt_free_table_info(struct xt_table_info *info);	327	extern void xt_free_table_info(struct xt_table_info *info);
316		328
		329	#ifdef CONFIG_COMPAT
		330	#include <net/compat.h>
		331
		332	struct compat_xt_entry_match
		333	{
		334	union {
		335	struct {
		336	u_int16_t match_size;
		337	char name[XT_FUNCTION_MAXNAMELEN - 1];
		338	u_int8_t revision;
		339	} user;
		340	u_int16_t match_size;
		341	} u;
		342	unsigned char data[0];
		343	};
		344
		345	struct compat_xt_entry_target
		346	{
		347	union {
		348	struct {
		349	u_int16_t target_size;
		350	char name[XT_FUNCTION_MAXNAMELEN - 1];
		351	u_int8_t revision;
		352	} user;
		353	u_int16_t target_size;
		354	} u;
		355	unsigned char data[0];
		356	};
		357
		358	/* FIXME: this works only on 32 bit tasks
		359	* need to change whole approach in order to calculate align as function of
		360	* current task alignment */
		361
		362	struct compat_xt_counters
		363	{
		364	u_int32_t cnt[4];
		365	};
		366
		367	struct compat_xt_counters_info
		368	{
		369	char name[XT_TABLE_MAXNAMELEN];
		370	compat_uint_t num_counters;
		371	struct compat_xt_counters counters[0];
		372	};
		373
		374	#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
		375	& ~(__alignof__(struct compat_xt_counters)-1))
		376
		377	extern void xt_compat_lock(int af);
		378	extern void xt_compat_unlock(int af);
		379	extern int xt_compat_match(void match, void dstptr, int size, int convert);
		380	extern int xt_compat_target(void target, void dstptr, int size,
		381	int convert);
		382
		383	#endif /* CONFIG_COMPAT */
317	#endif /* __KERNEL__ */	384	#endif /* __KERNEL__ */
318		385
319	#endif /* _X_TABLES_H */	386	#endif /* _X_TABLES_H */


diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d5b8c0d6a1..c0dac16e19 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -316,5 +316,23 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
316	void *userdata);	316	void *userdata);
317		317
318	#define IPT_ALIGN(s) XT_ALIGN(s)	318	#define IPT_ALIGN(s) XT_ALIGN(s)
		319
		320	#ifdef CONFIG_COMPAT
		321	#include <net/compat.h>
		322
		323	struct compat_ipt_entry
		324	{
		325	struct ipt_ip ip;
		326	compat_uint_t nfcache;
		327	u_int16_t target_offset;
		328	u_int16_t next_offset;
		329	compat_uint_t comefrom;
		330	struct compat_xt_counters counters;
		331	unsigned char elems[0];
		332	};
		333
		334	#define COMPAT_IPT_ALIGN(s) COMPAT_XT_ALIGN(s)
		335
		336	#endif /* CONFIG_COMPAT */
319	#endif /__KERNEL__/	337	#endif /__KERNEL__/
320	#endif /* _IPTABLES_H */	338	#endif /* _IPTABLES_H */