From: Jan Engelhardt <jengelh@medozas.de>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [PATCH 29/56] netfilter: xtables2: normal->compat match data translation
Date: Tue, 29 Jun 2010 10:43:09 +0200 [thread overview]
Message-ID: <1277801017-30600-30-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1277801017-30600-1-git-send-email-jengelh@medozas.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/linux/netfilter/x_tables.h | 5 ++++
net/ipv6/netfilter/ip6_tables.c | 1 +
net/netfilter/xt1_support.c | 42 +++++++++++++++++++++++++++++++++++-
net/netfilter/xt1_translat.c | 5 +++-
4 files changed, 51 insertions(+), 2 deletions(-)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 7ccc3fb..4103d17 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -422,6 +422,8 @@ struct xt_table_info {
* @etarget_size: size of the etarget header
* @standard_tgsize: size of the complete standard target, includes
* etarget_size and alignment padding
+ * @compat: whether requestor is in normal or compat mode
+ * affects selection of ematch->dsize vs compatsize
*/
struct xt1_xlat_info {
unsigned int marker_size;
@@ -429,6 +431,7 @@ struct xt1_xlat_info {
unsigned int ematch_size, etarget_size;
unsigned int standard_tgsize;
const char *first_match;
+ bool compat;
};
/*
@@ -748,6 +751,8 @@ extern int xts_rule_add_cmatch(struct xt2_rule *,
const struct xt_entry_match *);
extern int xts_rule_add_ctarget(struct xt2_rule *,
const struct xt_entry_target *);
+extern int xts_cmatch_to_xt1(void __user **, int *, unsigned int *,
+ const struct xt2_entry_match *);
#endif
extern struct xt2_rule *xt2_rule_new(struct xt2_chain *);
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index a3db2e0..586cd48 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1095,6 +1095,7 @@ static const struct xt1_xlat_info ip6t_compat_xlat_info = {
.etarget_size = sizeof(struct xt_entry_target),
.standard_tgsize = COMPAT_XT_ALIGN(sizeof(struct xt_entry_target) +
sizeof(compat_uint_t)),
+ .compat = true,
#endif
};
diff --git a/net/netfilter/xt1_support.c b/net/netfilter/xt1_support.c
index 5844b0d..ad52d5e 100644
--- a/net/netfilter/xt1_support.c
+++ b/net/netfilter/xt1_support.c
@@ -142,7 +142,14 @@ xts_blob_prep_rule(const struct xt2_rule *rule, const struct xt1_xlat_info *io,
if (ematch == quota_stop)
/* quotas included in entry_hdr */
break;
- z += io->ematch_size + ematch->dsize;
+ z += io->ematch_size;
+#ifdef CONFIG_COMPAT
+ if (ematch->ext->matchsize != -1 && io->compat &&
+ ematch->ext->compatsize != 0)
+ z += COMPAT_XT_ALIGN(ematch->ext->compatsize);
+ else
+#endif
+ z += ematch->dsize;
}
etarget = list_first_entry(&rule->target_list,
@@ -515,6 +522,39 @@ int xts_rule_add_ctarget(struct xt2_rule *rule,
return ret;
}
EXPORT_SYMBOL_GPL(xts_rule_add_ctarget);
+
+int xts_cmatch_to_xt1(void __user **user_ptr, int *len, unsigned int *z,
+ const struct xt2_entry_match *ematch)
+{
+ struct xt_entry_match blob;
+ unsigned int dsize;
+ int ret;
+
+ if (ematch->ext->compatsize == 0)
+ return xts_match_to_xt1(user_ptr, len, z, ematch);
+
+ dsize = COMPAT_XT_ALIGN(ematch->ext->compatsize);
+ blob.u.match_size = sizeof(blob) + dsize;
+ blob.u.user.revision = ematch->ext->revision;
+ strncpy(blob.u.user.name, ematch->ext->name, sizeof(blob.u.user.name));
+ ret = xts_copy_to_user(user_ptr, len, &blob, sizeof(blob), z);
+ if (ret < 0)
+ return ret;
+ /*
+ * The awkward semantics of compat_to_user means we cannot
+ * use xts_copy_to_user.
+ */
+ if (*len < dsize)
+ return -ENOSPC;
+ ret = ematch->ext->compat_to_user(*user_ptr, ematch->data);
+ if (ret < 0)
+ return ret;
+ *user_ptr += dsize;
+ *z += dsize;
+ *len -= dsize;
+ return 0;
+}
+EXPORT_SYMBOL_GPL(xts_cmatch_to_xt1);
#endif
MODULE_LICENSE("GPL");
diff --git a/net/netfilter/xt1_translat.c b/net/netfilter/xt1_translat.c
index c1e82b9..4e0ad52 100644
--- a/net/netfilter/xt1_translat.c
+++ b/net/netfilter/xt1_translat.c
@@ -19,9 +19,11 @@
#ifdef XTSUB_DO_COMPAT
# define xtsub_rule_add_match xts_rule_add_cmatch
# define xtsub_rule_add_target xts_rule_add_ctarget
+# define xtsub_match_to_xt1 xts_cmatch_to_xt1
#else
# define xtsub_rule_add_match xt2_rule_add_oldmatch
# define xtsub_rule_add_target xt2_rule_add_oldtarget
+# define xtsub_match_to_xt1 xts_match_to_xt1
#endif
#ifdef XTSUB_NFPROTO_IPV6
@@ -477,7 +479,7 @@ XTSUB2(rule_to_xt1)(void __user **user_ptr, int *len, unsigned int *z,
list_for_each_entry_continue(ematch, &rule->match_list, anchor) {
if (ematch == quota_ematch)
break;
- ret = xts_match_to_xt1(user_ptr, len, z, ematch);
+ ret = xtsub_match_to_xt1(user_ptr, len, z, ematch);
if (ret < 0)
return ret;
}
@@ -596,3 +598,4 @@ XTSUB2(do_replace)(struct net *net, const void __user *user, unsigned int len)
#undef xtsub_rule_add_match
#undef xtsub_rule_add_target
+#undef xtsub_match_to_xt1
--
1.7.1
next prev parent reply other threads:[~2010-06-29 8:44 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-29 8:42 xt2 table core Jan Engelhardt
2010-06-29 8:42 ` [PATCH 01/56] netfilter: ebtables: simplify a device in/out check Jan Engelhardt
2010-06-29 8:42 ` [PATCH 02/56] netfilter: ebtables: change ebt_basic_match to xt convention Jan Engelhardt
2010-06-29 8:42 ` [PATCH 03/56] netfilter: xtables: move functions around Jan Engelhardt
2010-06-29 8:42 ` [PATCH 04/56] netfilter: xtables: convert basic nfproto match functions into xt matches Jan Engelhardt
2010-06-29 8:42 ` [PATCH 05/56] netfilter: xtables2: initial table skeletal functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 06/56] netfilter: xtables2: initial chain " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 07/56] netfilter: xtables2: initial rule " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 08/56] netfilter: xtables: alternate size checking in xt_check_match Jan Engelhardt
2010-06-29 8:42 ` [PATCH 09/56] netfilter: xtables: alternate size checking in xt_check_target Jan Engelhardt
2010-06-29 8:42 ` [PATCH 10/56] netfilter: xtables2: per-rule match skeletal functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 11/56] netfilter: xtables2: per-rule target " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 12/56] netfilter: xtables2: xt_check_target in combination with xt2 contexts Jan Engelhardt
2010-06-29 8:42 ` [PATCH 13/56] netfilter: xtables2: jumpstack (de)allocation functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 14/56] netfilter: xtables2: table traversal Jan Engelhardt
2010-06-29 8:42 ` [PATCH 15/56] netfilter: xtables: add xt_quota revision 3 Jan Engelhardt
2010-06-29 8:42 ` [PATCH 16/56] netfilter: xtables2: make a copy of the ipv6_filter table Jan Engelhardt
2010-06-29 8:42 ` [PATCH 17/56] netfilter: xtables2: initial xt1->xt2 translation for tables Jan Engelhardt
2010-06-29 8:42 ` [PATCH 18/56] netfilter: xtables2: xt2->xt1 translation - GET_INFO support Jan Engelhardt
2010-06-29 8:42 ` [PATCH 19/56] netfilter: xtables2: xt2->xt1 translation - GET_ENTRIES support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 20/56] netfilter: xtables2: xt1->xt2 translation - SET_REPLACE support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 21/56] netfilter: xtables2: return counters after SET_REPLACE Jan Engelhardt
2010-06-29 8:43 ` [PATCH 22/56] netfilter: xtables2: xt1->xt2 translation - ADD_COUNTERS support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 23/56] netfilter: xtables2: xt2->xt1 translation - compat GET_INFO support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 24/56] netfilter: ip6tables: move mark_chains to xt1_perproto.c Jan Engelhardt
2010-06-29 8:43 ` [PATCH 25/56] netfilter: xtables2: xt2<->xt1 translation - compat GET_ENTRIES/SET_REPLACE support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 26/56] netfilter: xtables2: compat->normal match data translation Jan Engelhardt
2010-06-29 8:43 ` [PATCH 27/56] netfilter: xtables2: compat->normal target " Jan Engelhardt
2010-06-29 8:43 ` [PATCH 28/56] netfilter: xtables2: outsource code into xts_match_to_xt1 function Jan Engelhardt
2010-06-29 8:43 ` Jan Engelhardt [this message]
2010-06-29 8:43 ` [PATCH 30/56] netfilter: xtables2: normal->compat target data translation Jan Engelhardt
2010-06-29 8:43 ` [PATCH 31/56] netfilter: xtables2: packet tracing Jan Engelhardt
2010-06-29 8:43 ` [PATCH 32/56] netfilter: xtables: turn procfs entries to walk xt2 table list Jan Engelhardt
2010-06-29 8:43 ` [PATCH 33/56] netfilter: xtables2: switch ip6's tables to the xt2 table format Jan Engelhardt
2010-06-29 8:47 ` xt2 table core [*/33, not */56] Jan Engelhardt
2010-07-02 3:32 ` xt2 table core Simon Lodal
2010-07-04 13:56 ` Jan Engelhardt
2010-07-04 17:22 ` Simon Lodal
2010-07-04 18:00 ` Jan Engelhardt
2010-07-05 8:55 ` Patrick McHardy
2010-07-05 9:13 ` Jan Engelhardt
2010-07-05 9:15 ` Patrick McHardy
2010-07-05 9:36 ` Eric Dumazet
2010-07-05 9:42 ` Jan Engelhardt
2010-07-05 10:22 ` Eric Dumazet
2010-07-05 10:34 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1277801017-30600-30-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).