Skip to content

L
linux
Commit 68c578cd authored by Bart De Schuymer's avatar Bart De Schuymer Committed by David S. Miller
Browse files
Options

[ebtables] use Rustys new module scheme in ebtables.c, vs 2.5.56 

- use /* */ instead of //
- change my mail alias
- remove MOD_DEC_USE_COUNT and MOD_INC_USE_COUNT
- use try_module_get (and check result) and module_put instead of
  __MOD_INC_USE_COUNT and __MOD_DEC_USE_COUNT
- add \n in init/exit messages
parent 69e0d18e
Show whitespace changes
Inline Side-by-side
Showing with 145 additions and 143 deletions
net/bridge/netfilter/ebtables.c
View file @ 68c578cd
......@@ -2,7 +2,7 @@
* ebtables
*
* Author:
* Bart De Schuymer <bart.de.schuymer@pandora.be>
* Bart De Schuymer <bdschuym@pandora.be>
*
* ebtables.c,v 2.0, July, 2002
*
......@@ -15,7 +15,7 @@
* 2 of the License, or (at your option) any later version.
*/
// used for print_string
/* used for print_string */
#include <linux/sched.h>
#include <linux/tty.h>
......@@ -27,18 +27,20 @@
#include <asm/uaccess.h>
#include <linux/smp.h>
#include <net/sock.h>
// needed for logical [in,out]-dev filtering
/* needed for logical [in,out]-dev filtering */
#include "../br_private.h"
// list_named_find
/* list_named_find */
#define ASSERT_READ_LOCK(x)
#define ASSERT_WRITE_LOCK(x)
#include <linux/netfilter_ipv4/listhelp.h>
#if 0 // use this for remote debugging
// Copyright (C) 1998 by Ori Pomerantz
// Print the string to the appropriate tty, the one
// the current task uses
#if 0
/* use this for remote debugging
* Copyright (C) 1998 by Ori Pomerantz
* Print the string to the appropriate tty, the one
* the current task uses
*/
static void print_string(char *str)
{
struct tty_struct *my_tty;
......@@ -55,20 +57,22 @@ static void print_string(char *str)
#else
#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
"report to author: "format, ## args)
// #define BUGPRINT(format, args...)
/* #define BUGPRINT(format, args...) */
#endif
#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
": out of memory: "format, ## args)
// #define MEMPRINT(format, args...)
/* #define MEMPRINT(format, args...) */
// Each cpu has its own set of counters, so there is no need for write_lock in
// the softirq
// For reading or updating the counters, the user context needs to
// get a write_lock
/*
* Each cpu has its own set of counters, so there is no need for write_lock in
* the softirq
* For reading or updating the counters, the user context needs to
* get a write_lock
*/
// The size of each set of counters is altered to get cache alignment
/* The size of each set of counters is altered to get cache alignment */
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
......@@ -91,7 +95,7 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
{
w->u.watcher->watcher(skb, in, out, w->data,
w->watcher_size);
// watchers don't give a verdict
/* watchers don't give a verdict */
return 0;
}
......@@ -113,7 +117,7 @@ static inline int ebt_dev_check(char *entry, const struct net_device *device)
}
#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
// process standard matches
/* process standard matches */
static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
const struct net_device *in, const struct net_device *out)
{
......@@ -156,7 +160,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
return 0;
}
// Do some firewalling
/* Do some firewalling */
unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
struct ebt_table *table)
......@@ -182,7 +186,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
nentries = private->hook_entry[hook]->nentries;
point = (struct ebt_entry *)(private->hook_entry[hook]->data);
counter_base = cb_base + private->hook_entry[hook]->counter_offset;
// base for chain jumps
/* base for chain jumps */
base = private->entries;
i = 0;
while (i < nentries) {
......@@ -192,18 +196,18 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
goto letscontinue;
// increase counter
/* increase counter */
(*(counter_base + i)).pcnt++;
(*(counter_base + i)).bcnt+=(**pskb).len;
// these should only watch: not modify, nor tell us
// what to do with the packet
/* these should only watch: not modify, nor tell us
what to do with the packet */
EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, in,
out);
t = (struct ebt_entry_target *)
(((char *)point) + point->target_offset);
// standard target
/* standard target */
if (!t->u.target->target)
verdict = ((struct ebt_standard_target *)t)->verdict;
else
......@@ -222,12 +226,12 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
#ifdef CONFIG_NETFILTER_DEBUG
if (sp == 0) {
BUGPRINT("RETURN on base chain");
// act like this is EBT_CONTINUE
/* act like this is EBT_CONTINUE */
goto letscontinue;
}
#endif
sp--;
// put all the local variables right
/* put all the local variables right */
i = cs[sp].n;
chaininfo = cs[sp].chaininfo;
nentries = chaininfo->nentries;
......@@ -245,7 +249,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
return NF_DROP;
}
#endif
// jump to a udc
/* jump to a udc */
cs[sp].n = i + 1;
cs[sp].chaininfo = chaininfo;
cs[sp].e = (struct ebt_entry *)
......@@ -270,7 +274,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
i++;
}
// I actually like this :)
/* I actually like this :) */
if (chaininfo->policy == EBT_RETURN)
goto letsreturn;
if (chaininfo->policy == EBT_ACCEPT) {
......@@ -281,7 +285,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
return NF_DROP;
}
// If it succeeds, returns element and locks mutex
/* If it succeeds, returns element and locks mutex */
static inline void *
find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
struct semaphore *mutex)
......@@ -359,14 +363,15 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
if (!match)
return ret;
m->u.match = match;
if (match->me)
__MOD_INC_USE_COUNT(match->me);
if (!try_module_get(match->me)) {
up(&ebt_mutex);
return -EINVAL;
}
up(&ebt_mutex);
if (match->check &&
match->check(name, hookmask, e, m->data, m->match_size) != 0) {
BUGPRINT("match->check failed\n");
if (match->me)
__MOD_DEC_USE_COUNT(match->me);
module_put(match->me);
return -EINVAL;
}
(*cnt)++;
......@@ -387,22 +392,25 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
if (!watcher)
return ret;
w->u.watcher = watcher;
if (watcher->me)
__MOD_INC_USE_COUNT(watcher->me);
if (!try_module_get(watcher->me)) {
up(&ebt_mutex);
return -EINVAL;
}
up(&ebt_mutex);
if (watcher->check &&
watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
BUGPRINT("watcher->check failed\n");
if (watcher->me)
__MOD_DEC_USE_COUNT(watcher->me);
module_put(watcher->me);
return -EINVAL;
}
(*cnt)++;
return 0;
}
// this one is very careful, as it is the first function
// to parse the userspace data
/*
* this one is very careful, as it is the first function
* to parse the userspace data
*/
static inline int
ebt_check_entry_size_and_hooks(struct ebt_entry *e,
struct ebt_table_info *newinfo, char *base, char *limit,
......@@ -418,24 +426,24 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
(char *)e - newinfo->entries)
break;
}
// beginning of a new chain
// if i == NF_BR_NUMHOOKS it must be a user defined chain
/* beginning of a new chain
if i == NF_BR_NUMHOOKS it must be a user defined chain */
if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
// we make userspace set this right,
// so there is no misunderstanding
/* we make userspace set this right,
so there is no misunderstanding */
BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
"in distinguisher\n");
return -EINVAL;
}
// this checks if the previous chain has as many entries
// as it said it has
/* this checks if the previous chain has as many entries
as it said it has */
if (*n != *cnt) {
BUGPRINT("nentries does not equal the nr of entries "
"in the chain\n");
return -EINVAL;
}
// before we look at the struct, be sure it is not too big
/* before we look at the struct, be sure it is not too big */
if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
> limit) {
BUGPRINT("entries_size too small\n");
......@@ -443,14 +451,14 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
}
if (((struct ebt_entries *)e)->policy != EBT_DROP &&
((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
// only RETURN from udc
/* only RETURN from udc */
if (i != NF_BR_NUMHOOKS ||
((struct ebt_entries *)e)->policy != EBT_RETURN) {
BUGPRINT("bad policy\n");
return -EINVAL;
}
}
if (i == NF_BR_NUMHOOKS) // it's a user defined chain
if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
(*udc_cnt)++;
else
newinfo->hook_entry[i] = (struct ebt_entries *)e;
......@@ -462,14 +470,14 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
*cnt = 0;
return 0;
}
// a plain old entry, heh
/* a plain old entry, heh */
if (sizeof(struct ebt_entry) > e->watchers_offset ||
e->watchers_offset > e->target_offset ||
e->target_offset >= e->next_offset) {
BUGPRINT("entry offsets not in right order\n");
return -EINVAL;
}
// this is not checked anywhere else
/* this is not checked anywhere else */
if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
BUGPRINT("target size too small\n");
return -EINVAL;
......@@ -487,8 +495,10 @@ struct ebt_cl_stack
unsigned int hookmask;
};
// we need these positions to check that the jumps to a different part of the
// entries is a jump to the beginning of a new chain.
/*
* we need these positions to check that the jumps to a different part of the
* entries is a jump to the beginning of a new chain.
*/
static inline int
ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
......@@ -496,7 +506,7 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
{
int i;
// we're only interested in chain starts
/* we're only interested in chain starts */
if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
return 0;
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
......@@ -505,12 +515,12 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
break;
}
// only care about udc
/* only care about udc */
if (i != NF_BR_NUMHOOKS)
return 0;
udc[*n].cs.chaininfo = (struct ebt_entries *)e;
// these initialisations are depended on later in check_chainloops()
/* these initialisations are depended on later in check_chainloops() */
udc[*n].cs.n = 0;
udc[*n].hookmask = 0;
......@@ -525,8 +535,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
return 1;
if (m->u.match->destroy)
m->u.match->destroy(m->data, m->match_size);
if (m->u.match->me)
__MOD_DEC_USE_COUNT(m->u.match->me);
module_put(m->u.match->me);
return 0;
}
......@@ -538,8 +547,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
return 1;
if (w->u.watcher->destroy)
w->u.watcher->destroy(w->data, w->watcher_size);
if (w->u.watcher->me)
__MOD_DEC_USE_COUNT(w->u.watcher->me);
module_put(w->u.watcher->me);
return 0;
}
......@@ -551,7 +559,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
return 0;
// we're done
/* we're done */
if (cnt && (*cnt)-- == 0)
return 1;
EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
......@@ -559,8 +567,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
if (t->u.target->destroy)
t->u.target->destroy(t->data, t->target_size);
if (t->u.target->me)
__MOD_DEC_USE_COUNT(t->u.target->me);
module_put(t->u.target->me);
return 0;
}
......@@ -575,7 +582,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
unsigned int i, j, hook = 0, hookmask = 0;
int ret;
// Don't mess with the struct ebt_entries
/* don't mess with the struct ebt_entries */
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
return 0;
......@@ -591,7 +598,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
BUGPRINT("NOPROTO & 802_3 not allowed\n");
return -EINVAL;
}
// what hook do we belong to?
/* what hook do we belong to? */
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
if ((valid_hooks & (1 << i)) == 0)
continue;
......@@ -600,8 +607,8 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
else
break;
}
// (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
// a base chain
/* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
a base chain */
if (i < NF_BR_NUMHOOKS)
hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
else {
......@@ -625,8 +632,10 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
target = find_target_lock(t->u.name, &ret, &ebt_mutex);
if (!target)
goto cleanup_watchers;
if (target->me)
__MOD_INC_USE_COUNT(target->me);
if (!try_module_get(target->me)) {
up(&ebt_mutex);
goto cleanup_watchers;
}
up(&ebt_mutex);
t->u.target = target;
......@@ -647,8 +656,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
sizeof(struct ebt_entry_target) > e->next_offset) ||
(t->u.target->check &&
t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
if (t->u.target->me)
__MOD_DEC_USE_COUNT(t->u.target->me);
module_put(t->u.target->me);
ret = -EFAULT;
goto cleanup_watchers;
}
......@@ -661,10 +669,12 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
return ret;
}
// checks for loops and sets the hook mask for udc
// the hook mask for udc tells us from which base chains the udc can be
// accessed. This mask is a parameter to the check() functions of the extensions
int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
/*
* checks for loops and sets the hook mask for udc
* the hook mask for udc tells us from which base chains the udc can be
* accessed. This mask is a parameter to the check() functions of the extensions
*/
static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
unsigned int udc_cnt, unsigned int hooknr, char *base)
{
int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
......@@ -672,9 +682,9 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
struct ebt_entry_target *t;
while (pos < nentries || chain_nr != -1) {
// end of udc, go back one 'recursion' step
/* end of udc, go back one 'recursion' step */
if (pos == nentries) {
// put back values of the time when this chain was called
/* put back values of the time when this chain was called */
e = cl_s[chain_nr].cs.e;
if (cl_s[chain_nr].from != -1)
nentries =
......@@ -682,7 +692,7 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
else
nentries = chain->nentries;
pos = cl_s[chain_nr].cs.n;
// make sure we won't see a loop that isn't one
/* make sure we won't see a loop that isn't one */
cl_s[chain_nr].cs.n = 0;
chain_nr = cl_s[chain_nr].from;
if (pos == nentries)
......@@ -698,13 +708,13 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
return -1;
}
verdict = ((struct ebt_standard_target *)t)->verdict;
if (verdict >= 0) { // jump to another chain
if (verdict >= 0) { /* jump to another chain */
struct ebt_entries *hlp2 =
(struct ebt_entries *)(base + verdict);
for (i = 0; i < udc_cnt; i++)
if (hlp2 == cl_s[i].cs.chaininfo)
break;
// bad destination or loop
/* bad destination or loop */
if (i == udc_cnt) {
BUGPRINT("bad destination\n");
return -1;
......@@ -713,7 +723,7 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
BUGPRINT("loop\n");
return -1;
}
// this can't be 0, so the above test is correct
/* this can't be 0, so the above test is correct */
cl_s[i].cs.n = pos + 1;
pos = 0;
cl_s[i].cs.e = ((void *)e + e->next_offset);
......@@ -721,7 +731,7 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
nentries = hlp2->nentries;
cl_s[i].from = chain_nr;
chain_nr = i;
// this udc is accessible from the base chain for hooknr
/* this udc is accessible from the base chain for hooknr */
cl_s[i].hookmask |= (1 << hooknr);
continue;
}
......@@ -732,13 +742,13 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
return 0;
}
// do the parsing of the table/chains/entries/matches/watchers/targets, heh
/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
static int translate_table(struct ebt_replace *repl,
struct ebt_table_info *newinfo)
{
unsigned int i, j, k, udc_cnt;
int ret;
struct ebt_cl_stack *cl_s = NULL; // used in the checking for chain loops
struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
i = 0;
while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
......@@ -751,8 +761,8 @@ static int translate_table(struct ebt_replace *repl,
BUGPRINT("Chains don't start at beginning\n");
return -EINVAL;
}
// make sure chains are ordered after each other in same order
// as their corresponding hooks
/* make sure chains are ordered after each other in same order
as their corresponding hooks */
for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
if (!(repl->valid_hooks & (1 << j)))
continue;
......@@ -769,12 +779,12 @@ static int translate_table(struct ebt_replace *repl,
newinfo->entries_size = repl->entries_size;
newinfo->nentries = repl->nentries;
// do some early checkings and initialize some things
i = 0; // holds the expected nr. of entries for the chain
j = 0; // holds the up to now counted entries for the chain
k = 0; // holds the total nr. of entries, should equal
// newinfo->nentries afterwards
udc_cnt = 0; // will hold the nr. of user defined chains (udc)
/* do some early checkings and initialize some things */
i = 0; /* holds the expected nr. of entries for the chain */
j = 0; /* holds the up to now counted entries for the chain */
k = 0; /* holds the total nr. of entries, should equal
newinfo->nentries afterwards */
udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
ebt_check_entry_size_and_hooks, newinfo, repl->entries,
repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
......@@ -793,7 +803,7 @@ static int translate_table(struct ebt_replace *repl,
return -EINVAL;
}
// check if all valid hooks have a chain
/* check if all valid hooks have a chain */
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
if (newinfo->hook_entry[i] == NULL &&
(repl->valid_hooks & (1 << i))) {
......@@ -802,11 +812,11 @@ static int translate_table(struct ebt_replace *repl,
}
}
// Get the location of the udc, put them in an array
// While we're at it, allocate the chainstack
/* get the location of the udc, put them in an array
while we're at it, allocate the chainstack */
if (udc_cnt) {
// this will get free'd in do_replace()/ebt_register_table()
// if an error occurs
/* this will get free'd in do_replace()/ebt_register_table()
if an error occurs */
newinfo->chainstack = (struct ebt_chainstack **)
vmalloc(NR_CPUS * sizeof(struct ebt_chainstack));
if (!newinfo->chainstack)
......@@ -827,11 +837,11 @@ static int translate_table(struct ebt_replace *repl,
vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
if (!cl_s)
return -ENOMEM;
i = 0; // the i'th udc
i = 0; /* the i'th udc */
EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
repl->valid_hooks, cl_s);
// sanity check
/* sanity check */
if (i != udc_cnt) {
BUGPRINT("i != udc_cnt\n");
vfree(cl_s);
......@@ -839,7 +849,7 @@ static int translate_table(struct ebt_replace *repl,
}
}
// Check for loops
/* Check for loops */
for (i = 0; i < NF_BR_NUMHOOKS; i++)
if (repl->valid_hooks & (1 << i))
if (check_chainloops(newinfo->hook_entry[i],
......@@ -849,17 +859,17 @@ static int translate_table(struct ebt_replace *repl,
return -EINVAL;
}
// we now know the following (along with E=mc):
// - the nr of entries in each chain is right
// - the size of the allocated space is right
// - all valid hooks have a corresponding chain
// - there are no loops
// - wrong data can still be on the level of a single entry
// - could be there are jumps to places that are not the
// beginning of a chain. This can only occur in chains that
// are not accessible from any base chains, so we don't care.
/* we now know the following (along with E=mc):
- the nr of entries in each chain is right
- the size of the allocated space is right
- all valid hooks have a corresponding chain
- there are no loops
- wrong data can still be on the level of a single entry
- could be there are jumps to places that are not the
beginning of a chain. This can only occur in chains that
are not accessible from any base chains, so we don't care. */
// used to know what we need to clean up if something goes wrong
/* used to know what we need to clean up if something goes wrong */
i = 0;
ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
......@@ -873,17 +883,17 @@ static int translate_table(struct ebt_replace *repl,
return ret;
}
// called under write_lock
/* called under write_lock */
static void get_counters(struct ebt_counter *oldcounters,
struct ebt_counter *counters, unsigned int nentries)
{
int i, cpu;
struct ebt_counter *counter_base;
// counters of cpu 0
/* counters of cpu 0 */
memcpy(counters, oldcounters,
sizeof(struct ebt_counter) * nentries);
// add other counters to those of cpu 0
/* add other counters to those of cpu 0 */
for (cpu = 1; cpu < NR_CPUS; cpu++) {
counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
for (i = 0; i < nentries; i++) {
......@@ -893,7 +903,7 @@ static void get_counters(struct ebt_counter *oldcounters,
}
}
// replace the table
/* replace the table */
static int do_replace(void *user, unsigned int len)
{
int ret, i, countersize;
......@@ -901,7 +911,7 @@ static int do_replace(void *user, unsigned int len)
struct ebt_replace tmp;
struct ebt_table *t;
struct ebt_counter *counterstmp = NULL;
// used to be able to unlock earlier
/* used to be able to unlock earlier */
struct ebt_table_info *table;
if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
......@@ -937,8 +947,8 @@ static int do_replace(void *user, unsigned int len)
goto free_entries;
}
// the user wants counters back
// the check on the size is done later, when we have the lock
/* the user wants counters back
the check on the size is done later, when we have the lock */
if (tmp.num_counters) {
counterstmp = (struct ebt_counter *)
vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
......@@ -950,7 +960,7 @@ static int do_replace(void *user, unsigned int len)
else
counterstmp = NULL;
// this can get initialized by translate_table()
/* this can get initialized by translate_table() */
newinfo->chainstack = NULL;
ret = translate_table(&tmp, newinfo);
......@@ -961,7 +971,7 @@ static int do_replace(void *user, unsigned int len)
if (!t)
goto free_iterate;
// the table doesn't like it
/* the table doesn't like it */
if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
goto free_unlock;
......@@ -971,9 +981,9 @@ static int do_replace(void *user, unsigned int len)
goto free_unlock;
}
// we have the mutex lock, so no danger in reading this pointer
/* we have the mutex lock, so no danger in reading this pointer */
table = t->private;
// we need an atomic snapshot of the counters
/* we need an atomic snapshot of the counters */
write_lock_bh(&t->lock);
if (tmp.num_counters)
get_counters(t->private->counters, counterstmp,
......@@ -982,10 +992,10 @@ static int do_replace(void *user, unsigned int len)
t->private = newinfo;
write_unlock_bh(&t->lock);
up(&ebt_mutex);
// So, a user can change the chains while having messed up her counter
// allocation. Only reason why this is done is because this way the lock
// is held only once, while this doesn't bring the kernel into a
// dangerous state.
/* so, a user can change the chains while having messed up her counter
allocation. Only reason why this is done is because this way the lock
is held only once, while this doesn't bring the kernel into a
dangerous state. */
if (tmp.num_counters &&
copy_to_user(tmp.counters, counterstmp,
tmp.num_counters * sizeof(struct ebt_counter))) {
......@@ -995,7 +1005,7 @@ static int do_replace(void *user, unsigned int len)
else
ret = 0;
// decrease module count and free resources
/* decrease module count and free resources */
EBT_ENTRY_ITERATE(table->entries, table->entries_size,
ebt_cleanup_entry, NULL);
......@@ -1019,7 +1029,7 @@ static int do_replace(void *user, unsigned int len)
free_counterstmp:
if (counterstmp)
vfree(counterstmp);
// can be initialized in translate_table()
/* can be initialized in translate_table() */
if (newinfo->chainstack) {
for (i = 0; i < NR_CPUS; i++)
vfree(newinfo->chainstack[i]);
......@@ -1046,7 +1056,6 @@ int ebt_register_target(struct ebt_target *target)
return -EEXIST;
}
up(&ebt_mutex);
MOD_INC_USE_COUNT;
return 0;
}
......@@ -1056,7 +1065,6 @@ void ebt_unregister_target(struct ebt_target *target)
down(&ebt_mutex);
LIST_DELETE(&ebt_targets, target);
up(&ebt_mutex);
MOD_DEC_USE_COUNT;
}
int ebt_register_match(struct ebt_match *match)
......@@ -1071,7 +1079,6 @@ int ebt_register_match(struct ebt_match *match)
return -EEXIST;
}
up(&ebt_mutex);
MOD_INC_USE_COUNT;
return 0;
}
......@@ -1081,7 +1088,6 @@ void ebt_unregister_match(struct ebt_match *match)
down(&ebt_mutex);
LIST_DELETE(&ebt_matches, match);
up(&ebt_mutex);
MOD_DEC_USE_COUNT;
}
int ebt_register_watcher(struct ebt_watcher *watcher)
......@@ -1096,7 +1102,6 @@ int ebt_register_watcher(struct ebt_watcher *watcher)
return -EEXIST;
}
up(&ebt_mutex);
MOD_INC_USE_COUNT;
return 0;
}
......@@ -1106,7 +1111,6 @@ void ebt_unregister_watcher(struct ebt_watcher *watcher)
down(&ebt_mutex);
LIST_DELETE(&ebt_watchers, watcher);
up(&ebt_mutex);
MOD_DEC_USE_COUNT;
}
int ebt_register_table(struct ebt_table *table)
......@@ -1138,7 +1142,7 @@ int ebt_register_table(struct ebt_table *table)
if (countersize)
memset(newinfo->counters, 0, countersize);
// fill in newinfo and parse the entries
/* fill in newinfo and parse the entries */
newinfo->chainstack = NULL;
ret = translate_table(table->table, newinfo);
if (ret != 0) {
......@@ -1165,7 +1169,6 @@ int ebt_register_table(struct ebt_table *table)
list_prepend(&ebt_tables, table);
up(&ebt_mutex);
MOD_INC_USE_COUNT;
return 0;
free_unlock:
up(&ebt_mutex);
......@@ -1202,10 +1205,9 @@ void ebt_unregister_table(struct ebt_table *table)
vfree(table->private->chainstack);
}
vfree(table->private);
MOD_DEC_USE_COUNT;
}
// userspace just supplied us with counters
/* userspace just supplied us with counters */
static int update_counters(void *user, unsigned int len)
{
int i, ret;
......@@ -1244,10 +1246,10 @@ static int update_counters(void *user, unsigned int len)
goto unlock_mutex;
}
// we want an atomic add of the counters
/* we want an atomic add of the counters */
write_lock_bh(&t->lock);
// we add to the counters of the first cpu
/* we add to the counters of the first cpu */
for (i = 0; i < hlp.num_counters; i++) {
t->private->counters[i].pcnt += tmp[i].pcnt;
t->private->counters[i].bcnt += tmp[i].bcnt;
......@@ -1303,7 +1305,7 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
return 0;
}
// called with ebt_mutex down
/* called with ebt_mutex down */
static int copy_everything_to_user(struct ebt_table *t, void *user,
int *len, int cmd)
{
......@@ -1345,7 +1347,7 @@ static int copy_everything_to_user(struct ebt_table *t, void *user,
return -EINVAL;
}
// userspace might not need the counters
/* userspace might not need the counters */
if (tmp.num_counters) {
if (tmp.num_counters != nentries) {
BUGPRINT("Num_counters wrong\n");
......@@ -1374,7 +1376,7 @@ static int copy_everything_to_user(struct ebt_table *t, void *user,
BUGPRINT("Couldn't copy entries to userspace\n");
return -EFAULT;
}
// set the match/watcher/target names right
/* set the match/watcher/target names right */
return EBT_ENTRY_ITERATE(entries, entries_size,
ebt_make_names, entries, tmp.entries);
}
......@@ -1465,14 +1467,14 @@ static int __init init(void)
if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
return ret;
printk("Ebtables v2.0 registered");
printk(KERN_NOTICE "Ebtables v2.0 registered\n");
return 0;
}
static void __exit fini(void)
{
nf_unregister_sockopt(&ebt_sockopts);
printk("Ebtables v2.0 unregistered");
printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
}
EXPORT_SYMBOL(ebt_register_table);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7