#include <linux/seq_file.h>
#include <linux/string.h>
#include <linux/vmalloc.h>
-#include <linux/mutex.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_arp.h>
-
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("[ip,ip6,arp]_tables backend module");
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
struct xt_af {
- struct mutex mutex;
+ struct semaphore mutex;
struct list_head match;
struct list_head target;
struct list_head tables;
- struct mutex compat_mutex;
};
static struct xt_af *xt;
MATCH,
};
-static const char *xt_prefix[NPROTO] = {
- [AF_INET] = "ip",
- [AF_INET6] = "ip6",
- [NF_ARP] = "arp",
-};
-
/* Registration hooks for targets. */
int
-xt_register_target(struct xt_target *target)
+xt_register_target(int af, struct xt_target *target)
{
- int ret, af = target->family;
+ int ret;
- ret = mutex_lock_interruptible(&xt[af].mutex);
+ ret = down_interruptible(&xt[af].mutex);
if (ret != 0)
return ret;
list_add(&target->list, &xt[af].target);
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
return ret;
}
EXPORT_SYMBOL(xt_register_target);
void
-xt_unregister_target(struct xt_target *target)
+xt_unregister_target(int af, struct xt_target *target)
{
- int af = target->family;
-
- mutex_lock(&xt[af].mutex);
+ down(&xt[af].mutex);
LIST_DELETE(&xt[af].target, target);
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
}
EXPORT_SYMBOL(xt_unregister_target);
int
-xt_register_match(struct xt_match *match)
+xt_register_match(int af, struct xt_match *match)
{
- int ret, af = match->family;
+ int ret;
- ret = mutex_lock_interruptible(&xt[af].mutex);
+ ret = down_interruptible(&xt[af].mutex);
if (ret != 0)
return ret;
list_add(&match->list, &xt[af].match);
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
return ret;
}
EXPORT_SYMBOL(xt_register_match);
void
-xt_unregister_match(struct xt_match *match)
+xt_unregister_match(int af, struct xt_match *match)
{
- int af = match->family;
-
- mutex_lock(&xt[af].mutex);
+ down(&xt[af].mutex);
LIST_DELETE(&xt[af].match, match);
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
}
EXPORT_SYMBOL(xt_unregister_match);
struct xt_match *m;
int err = 0;
- if (mutex_lock_interruptible(&xt[af].mutex) != 0)
+ if (down_interruptible(&xt[af].mutex) != 0)
return ERR_PTR(-EINTR);
list_for_each_entry(m, &xt[af].match, list) {
if (strcmp(m->name, name) == 0) {
if (m->revision == revision) {
if (try_module_get(m->me)) {
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
return m;
}
} else
err = -EPROTOTYPE; /* Found something. */
}
}
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
return ERR_PTR(err);
}
EXPORT_SYMBOL(xt_find_match);
struct xt_target *t;
int err = 0;
- if (mutex_lock_interruptible(&xt[af].mutex) != 0)
+ if (down_interruptible(&xt[af].mutex) != 0)
return ERR_PTR(-EINTR);
list_for_each_entry(t, &xt[af].target, list) {
if (strcmp(t->name, name) == 0) {
if (t->revision == revision) {
if (try_module_get(t->me)) {
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
return t;
}
} else
err = -EPROTOTYPE; /* Found something. */
}
}
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
return ERR_PTR(err);
}
EXPORT_SYMBOL(xt_find_target);
+static const char *xt_prefix[NPROTO] = {
+ [AF_INET] = "ipt_%s",
+ [AF_INET6] = "ip6t_%s",
+ [NF_ARP] = "arpt_%s",
+};
+
struct xt_target *xt_request_find_target(int af, const char *name, u8 revision)
{
struct xt_target *target;
target = try_then_request_module(xt_find_target(af, name, revision),
- "%st_%s", xt_prefix[af], name);
+ xt_prefix[af], name);
if (IS_ERR(target) || !target)
return NULL;
return target;
{
int have_rev, best = -1;
- if (mutex_lock_interruptible(&xt[af].mutex) != 0) {
+ if (down_interruptible(&xt[af].mutex) != 0) {
*err = -EINTR;
return 1;
}
have_rev = target_revfn(af, name, revision, &best);
else
have_rev = match_revfn(af, name, revision, &best);
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
/* Nothing at all? Return 0 to try loading module. */
if (best == -1) {
}
EXPORT_SYMBOL_GPL(xt_find_revision);
-int xt_check_match(const struct xt_match *match, unsigned short family,
- unsigned int size, const char *table, unsigned int hook_mask,
- unsigned short proto, int inv_proto)
-{
- if (XT_ALIGN(match->matchsize) != size) {
- printk("%s_tables: %s match: invalid size %Zu != %u\n",
- xt_prefix[family], match->name,
- XT_ALIGN(match->matchsize), size);
- return -EINVAL;
- }
- if (match->table && strcmp(match->table, table)) {
- printk("%s_tables: %s match: only valid in %s table, not %s\n",
- xt_prefix[family], match->name, match->table, table);
- return -EINVAL;
- }
- if (match->hooks && (hook_mask & ~match->hooks) != 0) {
- printk("%s_tables: %s match: bad hook_mask %u\n",
- xt_prefix[family], match->name, hook_mask);
- return -EINVAL;
- }
- if (match->proto && (match->proto != proto || inv_proto)) {
- printk("%s_tables: %s match: only valid for protocol %u\n",
- xt_prefix[family], match->name, match->proto);
- return -EINVAL;
- }
- return 0;
-}
-EXPORT_SYMBOL_GPL(xt_check_match);
-
-#ifdef CONFIG_COMPAT
-int xt_compat_match(void *match, void **dstptr, int *size, int convert)
-{
- struct xt_match *m;
- struct compat_xt_entry_match *pcompat_m;
- struct xt_entry_match *pm;
- u_int16_t msize;
- int off, ret;
-
- ret = 0;
- m = ((struct xt_entry_match *)match)->u.kernel.match;
- off = XT_ALIGN(m->matchsize) - COMPAT_XT_ALIGN(m->matchsize);
- switch (convert) {
- case COMPAT_TO_USER:
- pm = (struct xt_entry_match *)match;
- msize = pm->u.user.match_size;
- if (copy_to_user(*dstptr, pm, msize)) {
- ret = -EFAULT;
- break;
- }
- msize -= off;
- if (put_user(msize, (u_int16_t *)*dstptr))
- ret = -EFAULT;
- *size -= off;
- *dstptr += msize;
- break;
- case COMPAT_FROM_USER:
- pcompat_m = (struct compat_xt_entry_match *)match;
- pm = (struct xt_entry_match *)*dstptr;
- msize = pcompat_m->u.user.match_size;
- memcpy(pm, pcompat_m, msize);
- msize += off;
- pm->u.user.match_size = msize;
- *size += off;
- *dstptr += msize;
- break;
- case COMPAT_CALC_SIZE:
- *size += off;
- break;
- default:
- ret = -ENOPROTOOPT;
- break;
- }
- return ret;
-}
-EXPORT_SYMBOL_GPL(xt_compat_match);
-#endif
-
-int xt_check_target(const struct xt_target *target, unsigned short family,
- unsigned int size, const char *table, unsigned int hook_mask,
- unsigned short proto, int inv_proto)
-{
- if (XT_ALIGN(target->targetsize) != size) {
- printk("%s_tables: %s target: invalid size %Zu != %u\n",
- xt_prefix[family], target->name,
- XT_ALIGN(target->targetsize), size);
- return -EINVAL;
- }
- if (target->table && strcmp(target->table, table)) {
- printk("%s_tables: %s target: only valid in %s table, not %s\n",
- xt_prefix[family], target->name, target->table, table);
- return -EINVAL;
- }
- if (target->hooks && (hook_mask & ~target->hooks) != 0) {
- printk("%s_tables: %s target: bad hook_mask %u\n",
- xt_prefix[family], target->name, hook_mask);
- return -EINVAL;
- }
- if (target->proto && (target->proto != proto || inv_proto)) {
- printk("%s_tables: %s target: only valid for protocol %u\n",
- xt_prefix[family], target->name, target->proto);
- return -EINVAL;
- }
- return 0;
-}
-EXPORT_SYMBOL_GPL(xt_check_target);
-
-#ifdef CONFIG_COMPAT
-int xt_compat_target(void *target, void **dstptr, int *size, int convert)
-{
- struct xt_target *t;
- struct compat_xt_entry_target *pcompat;
- struct xt_entry_target *pt;
- u_int16_t tsize;
- int off, ret;
-
- ret = 0;
- t = ((struct xt_entry_target *)target)->u.kernel.target;
- off = XT_ALIGN(t->targetsize) - COMPAT_XT_ALIGN(t->targetsize);
- switch (convert) {
- case COMPAT_TO_USER:
- pt = (struct xt_entry_target *)target;
- tsize = pt->u.user.target_size;
- if (copy_to_user(*dstptr, pt, tsize)) {
- ret = -EFAULT;
- break;
- }
- tsize -= off;
- if (put_user(tsize, (u_int16_t *)*dstptr))
- ret = -EFAULT;
- *size -= off;
- *dstptr += tsize;
- break;
- case COMPAT_FROM_USER:
- pcompat = (struct compat_xt_entry_target *)target;
- pt = (struct xt_entry_target *)*dstptr;
- tsize = pcompat->u.user.target_size;
- memcpy(pt, pcompat, tsize);
- tsize += off;
- pt->u.user.target_size = tsize;
- *size += off;
- *dstptr += tsize;
- break;
- case COMPAT_CALC_SIZE:
- *size += off;
- break;
- default:
- ret = -ENOPROTOOPT;
- break;
- }
- return ret;
-}
-EXPORT_SYMBOL_GPL(xt_compat_target);
-#endif
-
struct xt_table_info *xt_alloc_table_info(unsigned int size)
{
struct xt_table_info *newinfo;
newinfo->size = size;
- for_each_possible_cpu(cpu) {
+ for_each_cpu(cpu) {
if (size <= PAGE_SIZE)
newinfo->entries[cpu] = kmalloc_node(size,
GFP_KERNEL,
{
int cpu;
- for_each_possible_cpu(cpu) {
+ for_each_cpu(cpu) {
if (info->size <= PAGE_SIZE)
kfree(info->entries[cpu]);
else
{
struct xt_table *t;
- if (mutex_lock_interruptible(&xt[af].mutex) != 0)
+ if (down_interruptible(&xt[af].mutex) != 0)
return ERR_PTR(-EINTR);
list_for_each_entry(t, &xt[af].tables, list)
if (strcmp(t->name, name) == 0 && try_module_get(t->me))
return t;
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
return NULL;
}
EXPORT_SYMBOL_GPL(xt_find_table_lock);
void xt_table_unlock(struct xt_table *table)
{
- mutex_unlock(&xt[table->af].mutex);
+ up(&xt[table->af].mutex);
}
EXPORT_SYMBOL_GPL(xt_table_unlock);
-#ifdef CONFIG_COMPAT
-void xt_compat_lock(int af)
-{
- mutex_lock(&xt[af].compat_mutex);
-}
-EXPORT_SYMBOL_GPL(xt_compat_lock);
-
-void xt_compat_unlock(int af)
-{
- mutex_unlock(&xt[af].compat_mutex);
-}
-EXPORT_SYMBOL_GPL(xt_compat_unlock);
-#endif
struct xt_table_info *
xt_replace_table(struct xt_table *table,
int ret;
struct xt_table_info *private;
- ret = mutex_lock_interruptible(&xt[table->af].mutex);
+ ret = down_interruptible(&xt[table->af].mutex);
if (ret != 0)
return ret;
/* Simplifies replace_table code. */
table->private = bootstrap;
- rwlock_init(&table->lock);
if (!xt_replace_table(table, 0, newinfo, &ret))
goto unlock;
/* save number of initial entries */
private->initial_entries = private->number;
+ rwlock_init(&table->lock);
list_prepend(&xt[table->af].tables, table);
ret = 0;
unlock:
- mutex_unlock(&xt[table->af].mutex);
+ up(&xt[table->af].mutex);
return ret;
}
EXPORT_SYMBOL_GPL(xt_register_table);
{
struct xt_table_info *private;
- mutex_lock(&xt[table->af].mutex);
+ down(&xt[table->af].mutex);
private = table->private;
LIST_DELETE(&xt[table->af].tables, table);
- mutex_unlock(&xt[table->af].mutex);
+ up(&xt[table->af].mutex);
return private;
}
if (!list)
return NULL;
- if (mutex_lock_interruptible(&xt[af].mutex) != 0)
+ if (down_interruptible(&xt[af].mutex) != 0)
return NULL;
return xt_get_idx(list, seq, *pos);
struct proc_dir_entry *pde = seq->private;
u_int16_t af = (unsigned long)pde->data & 0xffff;
- mutex_unlock(&xt[af].mutex);
+ up(&xt[af].mutex);
}
static int xt_name_seq_show(struct seq_file *seq, void *v)
return -ENOMEM;
for (i = 0; i < NPROTO; i++) {
- mutex_init(&xt[i].mutex);
-#ifdef CONFIG_COMPAT
- mutex_init(&xt[i].compat_mutex);
-#endif
+ init_MUTEX(&xt[i].mutex);
INIT_LIST_HEAD(&xt[i].target);
INIT_LIST_HEAD(&xt[i].match);
INIT_LIST_HEAD(&xt[i].tables);