root/net/netfilter/x_tables.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. xt_register_target
  2. xt_unregister_target
  3. xt_register_targets
  4. xt_unregister_targets
  5. xt_register_match
  6. xt_unregister_match
  7. xt_register_matches
  8. xt_unregister_matches
  9. xt_find_match
  10. xt_request_find_match
  11. xt_find_target
  12. xt_request_find_target
  13. xt_obj_to_user
  14. xt_data_to_user
  15. xt_match_to_user
  16. xt_target_to_user
  17. match_revfn
  18. target_revfn
  19. xt_find_revision
  20. textify_hooks
  21. xt_check_proc_name
  22. xt_check_match
  23. xt_check_entry_match
  24. xt_check_table_hooks
  25. verdict_ok
  26. error_tg_ok
  27. xt_compat_add_offset
  28. xt_compat_flush_offsets
  29. xt_compat_calc_jump
  30. xt_compat_init_offsets
  31. xt_compat_match_offset
  32. xt_compat_match_from_user
  33. xt_compat_match_to_user
  34. xt_compat_check_entry_offsets
  35. xt_check_entry_offsets
  36. xt_alloc_entry_offsets
  37. xt_find_jump_offset
  38. xt_check_target
  39. xt_copy_counters_from_user
  40. xt_compat_target_offset
  41. xt_compat_target_from_user
  42. xt_compat_target_to_user
  43. xt_alloc_table_info
  44. xt_free_table_info
  45. xt_find_table_lock
  46. xt_request_find_table_lock
  47. xt_table_unlock
  48. xt_compat_lock
  49. xt_compat_unlock
  50. xt_jumpstack_alloc
  51. xt_counters_alloc
  52. xt_replace_table
  53. xt_register_table
  54. xt_unregister_table
  55. xt_table_seq_start
  56. xt_table_seq_next
  57. xt_table_seq_stop
  58. xt_table_seq_show
  59. xt_mttg_seq_next
  60. xt_mttg_seq_start
  61. xt_mttg_seq_stop
  62. xt_match_seq_start
  63. xt_match_seq_next
  64. xt_match_seq_show
  65. xt_target_seq_start
  66. xt_target_seq_next
  67. xt_target_seq_show
  68. xt_hook_ops_alloc
  69. xt_proto_init
  70. xt_proto_fini
  71. xt_percpu_counter_alloc
  72. xt_percpu_counter_free
  73. xt_net_init
  74. xt_net_exit
  75. xt_init
  76. xt_fini

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * x_tables core - Backend for {ip,ip6,arp}_tables
   4  *
   5  * Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org>
   6  * Copyright (C) 2006-2012 Patrick McHardy <kaber@trash.net>
   7  *
   8  * Based on existing ip_tables code which is
   9  *   Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
  10  *   Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>
  11  */
  12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  13 #include <linux/kernel.h>
  14 #include <linux/module.h>
  15 #include <linux/socket.h>
  16 #include <linux/net.h>
  17 #include <linux/proc_fs.h>
  18 #include <linux/seq_file.h>
  19 #include <linux/string.h>
  20 #include <linux/vmalloc.h>
  21 #include <linux/mutex.h>
  22 #include <linux/mm.h>
  23 #include <linux/slab.h>
  24 #include <linux/audit.h>
  25 #include <linux/user_namespace.h>
  26 #include <net/net_namespace.h>
  27 
  28 #include <linux/netfilter/x_tables.h>
  29 #include <linux/netfilter_arp.h>
  30 #include <linux/netfilter_ipv4/ip_tables.h>
  31 #include <linux/netfilter_ipv6/ip6_tables.h>
  32 #include <linux/netfilter_arp/arp_tables.h>
  33 
  34 MODULE_LICENSE("GPL");
  35 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
  36 MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module");
  37 
  38 #define XT_PCPU_BLOCK_SIZE 4096
  39 #define XT_MAX_TABLE_SIZE       (512 * 1024 * 1024)
  40 
  41 struct compat_delta {
  42         unsigned int offset; /* offset in kernel */
  43         int delta; /* delta in 32bit user land */
  44 };
  45 
  46 struct xt_af {
  47         struct mutex mutex;
  48         struct list_head match;
  49         struct list_head target;
  50 #ifdef CONFIG_COMPAT
  51         struct mutex compat_mutex;
  52         struct compat_delta *compat_tab;
  53         unsigned int number; /* number of slots in compat_tab[] */
  54         unsigned int cur; /* number of used slots in compat_tab[] */
  55 #endif
  56 };
  57 
  58 static struct xt_af *xt;
  59 
  60 static const char *const xt_prefix[NFPROTO_NUMPROTO] = {
  61         [NFPROTO_UNSPEC] = "x",
  62         [NFPROTO_IPV4]   = "ip",
  63         [NFPROTO_ARP]    = "arp",
  64         [NFPROTO_BRIDGE] = "eb",
  65         [NFPROTO_IPV6]   = "ip6",
  66 };
  67 
  68 /* Registration hooks for targets. */
  69 int xt_register_target(struct xt_target *target)
  70 {
  71         u_int8_t af = target->family;
  72 
  73         mutex_lock(&xt[af].mutex);
  74         list_add(&target->list, &xt[af].target);
  75         mutex_unlock(&xt[af].mutex);
  76         return 0;
  77 }
  78 EXPORT_SYMBOL(xt_register_target);
  79 
  80 void
  81 xt_unregister_target(struct xt_target *target)
  82 {
  83         u_int8_t af = target->family;
  84 
  85         mutex_lock(&xt[af].mutex);
  86         list_del(&target->list);
  87         mutex_unlock(&xt[af].mutex);
  88 }
  89 EXPORT_SYMBOL(xt_unregister_target);
  90 
  91 int
  92 xt_register_targets(struct xt_target *target, unsigned int n)
  93 {
  94         unsigned int i;
  95         int err = 0;
  96 
  97         for (i = 0; i < n; i++) {
  98                 err = xt_register_target(&target[i]);
  99                 if (err)
 100                         goto err;
 101         }
 102         return err;
 103 
 104 err:
 105         if (i > 0)
 106                 xt_unregister_targets(target, i);
 107         return err;
 108 }
 109 EXPORT_SYMBOL(xt_register_targets);
 110 
 111 void
 112 xt_unregister_targets(struct xt_target *target, unsigned int n)
 113 {
 114         while (n-- > 0)
 115                 xt_unregister_target(&target[n]);
 116 }
 117 EXPORT_SYMBOL(xt_unregister_targets);
 118 
 119 int xt_register_match(struct xt_match *match)
 120 {
 121         u_int8_t af = match->family;
 122 
 123         mutex_lock(&xt[af].mutex);
 124         list_add(&match->list, &xt[af].match);
 125         mutex_unlock(&xt[af].mutex);
 126         return 0;
 127 }
 128 EXPORT_SYMBOL(xt_register_match);
 129 
 130 void
 131 xt_unregister_match(struct xt_match *match)
 132 {
 133         u_int8_t af = match->family;
 134 
 135         mutex_lock(&xt[af].mutex);
 136         list_del(&match->list);
 137         mutex_unlock(&xt[af].mutex);
 138 }
 139 EXPORT_SYMBOL(xt_unregister_match);
 140 
 141 int
 142 xt_register_matches(struct xt_match *match, unsigned int n)
 143 {
 144         unsigned int i;
 145         int err = 0;
 146 
 147         for (i = 0; i < n; i++) {
 148                 err = xt_register_match(&match[i]);
 149                 if (err)
 150                         goto err;
 151         }
 152         return err;
 153 
 154 err:
 155         if (i > 0)
 156                 xt_unregister_matches(match, i);
 157         return err;
 158 }
 159 EXPORT_SYMBOL(xt_register_matches);
 160 
 161 void
 162 xt_unregister_matches(struct xt_match *match, unsigned int n)
 163 {
 164         while (n-- > 0)
 165                 xt_unregister_match(&match[n]);
 166 }
 167 EXPORT_SYMBOL(xt_unregister_matches);
 168 
 169 
 170 /*
 171  * These are weird, but module loading must not be done with mutex
 172  * held (since they will register), and we have to have a single
 173  * function to use.
 174  */
 175 
 176 /* Find match, grabs ref.  Returns ERR_PTR() on error. */
 177 struct xt_match *xt_find_match(u8 af, const char *name, u8 revision)
 178 {
 179         struct xt_match *m;
 180         int err = -ENOENT;
 181 
 182         if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 183                 return ERR_PTR(-EINVAL);
 184 
 185         mutex_lock(&xt[af].mutex);
 186         list_for_each_entry(m, &xt[af].match, list) {
 187                 if (strcmp(m->name, name) == 0) {
 188                         if (m->revision == revision) {
 189                                 if (try_module_get(m->me)) {
 190                                         mutex_unlock(&xt[af].mutex);
 191                                         return m;
 192                                 }
 193                         } else
 194                                 err = -EPROTOTYPE; /* Found something. */
 195                 }
 196         }
 197         mutex_unlock(&xt[af].mutex);
 198 
 199         if (af != NFPROTO_UNSPEC)
 200                 /* Try searching again in the family-independent list */
 201                 return xt_find_match(NFPROTO_UNSPEC, name, revision);
 202 
 203         return ERR_PTR(err);
 204 }
 205 EXPORT_SYMBOL(xt_find_match);
 206 
 207 struct xt_match *
 208 xt_request_find_match(uint8_t nfproto, const char *name, uint8_t revision)
 209 {
 210         struct xt_match *match;
 211 
 212         if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 213                 return ERR_PTR(-EINVAL);
 214 
 215         match = xt_find_match(nfproto, name, revision);
 216         if (IS_ERR(match)) {
 217                 request_module("%st_%s", xt_prefix[nfproto], name);
 218                 match = xt_find_match(nfproto, name, revision);
 219         }
 220 
 221         return match;
 222 }
 223 EXPORT_SYMBOL_GPL(xt_request_find_match);
 224 
 225 /* Find target, grabs ref.  Returns ERR_PTR() on error. */
 226 static struct xt_target *xt_find_target(u8 af, const char *name, u8 revision)
 227 {
 228         struct xt_target *t;
 229         int err = -ENOENT;
 230 
 231         if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 232                 return ERR_PTR(-EINVAL);
 233 
 234         mutex_lock(&xt[af].mutex);
 235         list_for_each_entry(t, &xt[af].target, list) {
 236                 if (strcmp(t->name, name) == 0) {
 237                         if (t->revision == revision) {
 238                                 if (try_module_get(t->me)) {
 239                                         mutex_unlock(&xt[af].mutex);
 240                                         return t;
 241                                 }
 242                         } else
 243                                 err = -EPROTOTYPE; /* Found something. */
 244                 }
 245         }
 246         mutex_unlock(&xt[af].mutex);
 247 
 248         if (af != NFPROTO_UNSPEC)
 249                 /* Try searching again in the family-independent list */
 250                 return xt_find_target(NFPROTO_UNSPEC, name, revision);
 251 
 252         return ERR_PTR(err);
 253 }
 254 
 255 struct xt_target *xt_request_find_target(u8 af, const char *name, u8 revision)
 256 {
 257         struct xt_target *target;
 258 
 259         if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 260                 return ERR_PTR(-EINVAL);
 261 
 262         target = xt_find_target(af, name, revision);
 263         if (IS_ERR(target)) {
 264                 request_module("%st_%s", xt_prefix[af], name);
 265                 target = xt_find_target(af, name, revision);
 266         }
 267 
 268         return target;
 269 }
 270 EXPORT_SYMBOL_GPL(xt_request_find_target);
 271 
 272 
 273 static int xt_obj_to_user(u16 __user *psize, u16 size,
 274                           void __user *pname, const char *name,
 275                           u8 __user *prev, u8 rev)
 276 {
 277         if (put_user(size, psize))
 278                 return -EFAULT;
 279         if (copy_to_user(pname, name, strlen(name) + 1))
 280                 return -EFAULT;
 281         if (put_user(rev, prev))
 282                 return -EFAULT;
 283 
 284         return 0;
 285 }
 286 
 287 #define XT_OBJ_TO_USER(U, K, TYPE, C_SIZE)                              \
 288         xt_obj_to_user(&U->u.TYPE##_size, C_SIZE ? : K->u.TYPE##_size,  \
 289                        U->u.user.name, K->u.kernel.TYPE->name,          \
 290                        &U->u.user.revision, K->u.kernel.TYPE->revision)
 291 
 292 int xt_data_to_user(void __user *dst, const void *src,
 293                     int usersize, int size, int aligned_size)
 294 {
 295         usersize = usersize ? : size;
 296         if (copy_to_user(dst, src, usersize))
 297                 return -EFAULT;
 298         if (usersize != aligned_size &&
 299             clear_user(dst + usersize, aligned_size - usersize))
 300                 return -EFAULT;
 301 
 302         return 0;
 303 }
 304 EXPORT_SYMBOL_GPL(xt_data_to_user);
 305 
 306 #define XT_DATA_TO_USER(U, K, TYPE)                                     \
 307         xt_data_to_user(U->data, K->data,                               \
 308                         K->u.kernel.TYPE->usersize,                     \
 309                         K->u.kernel.TYPE->TYPE##size,                   \
 310                         XT_ALIGN(K->u.kernel.TYPE->TYPE##size))
 311 
 312 int xt_match_to_user(const struct xt_entry_match *m,
 313                      struct xt_entry_match __user *u)
 314 {
 315         return XT_OBJ_TO_USER(u, m, match, 0) ||
 316                XT_DATA_TO_USER(u, m, match);
 317 }
 318 EXPORT_SYMBOL_GPL(xt_match_to_user);
 319 
 320 int xt_target_to_user(const struct xt_entry_target *t,
 321                       struct xt_entry_target __user *u)
 322 {
 323         return XT_OBJ_TO_USER(u, t, target, 0) ||
 324                XT_DATA_TO_USER(u, t, target);
 325 }
 326 EXPORT_SYMBOL_GPL(xt_target_to_user);
 327 
 328 static int match_revfn(u8 af, const char *name, u8 revision, int *bestp)
 329 {
 330         const struct xt_match *m;
 331         int have_rev = 0;
 332 
 333         list_for_each_entry(m, &xt[af].match, list) {
 334                 if (strcmp(m->name, name) == 0) {
 335                         if (m->revision > *bestp)
 336                                 *bestp = m->revision;
 337                         if (m->revision == revision)
 338                                 have_rev = 1;
 339                 }
 340         }
 341 
 342         if (af != NFPROTO_UNSPEC && !have_rev)
 343                 return match_revfn(NFPROTO_UNSPEC, name, revision, bestp);
 344 
 345         return have_rev;
 346 }
 347 
 348 static int target_revfn(u8 af, const char *name, u8 revision, int *bestp)
 349 {
 350         const struct xt_target *t;
 351         int have_rev = 0;
 352 
 353         list_for_each_entry(t, &xt[af].target, list) {
 354                 if (strcmp(t->name, name) == 0) {
 355                         if (t->revision > *bestp)
 356                                 *bestp = t->revision;
 357                         if (t->revision == revision)
 358                                 have_rev = 1;
 359                 }
 360         }
 361 
 362         if (af != NFPROTO_UNSPEC && !have_rev)
 363                 return target_revfn(NFPROTO_UNSPEC, name, revision, bestp);
 364 
 365         return have_rev;
 366 }
 367 
 368 /* Returns true or false (if no such extension at all) */
 369 int xt_find_revision(u8 af, const char *name, u8 revision, int target,
 370                      int *err)
 371 {
 372         int have_rev, best = -1;
 373 
 374         mutex_lock(&xt[af].mutex);
 375         if (target == 1)
 376                 have_rev = target_revfn(af, name, revision, &best);
 377         else
 378                 have_rev = match_revfn(af, name, revision, &best);
 379         mutex_unlock(&xt[af].mutex);
 380 
 381         /* Nothing at all?  Return 0 to try loading module. */
 382         if (best == -1) {
 383                 *err = -ENOENT;
 384                 return 0;
 385         }
 386 
 387         *err = best;
 388         if (!have_rev)
 389                 *err = -EPROTONOSUPPORT;
 390         return 1;
 391 }
 392 EXPORT_SYMBOL_GPL(xt_find_revision);
 393 
 394 static char *
 395 textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
 396 {
 397         static const char *const inetbr_names[] = {
 398                 "PREROUTING", "INPUT", "FORWARD",
 399                 "OUTPUT", "POSTROUTING", "BROUTING",
 400         };
 401         static const char *const arp_names[] = {
 402                 "INPUT", "FORWARD", "OUTPUT",
 403         };
 404         const char *const *names;
 405         unsigned int i, max;
 406         char *p = buf;
 407         bool np = false;
 408         int res;
 409 
 410         names = (nfproto == NFPROTO_ARP) ? arp_names : inetbr_names;
 411         max   = (nfproto == NFPROTO_ARP) ? ARRAY_SIZE(arp_names) :
 412                                            ARRAY_SIZE(inetbr_names);
 413         *p = '\0';
 414         for (i = 0; i < max; ++i) {
 415                 if (!(mask & (1 << i)))
 416                         continue;
 417                 res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]);
 418                 if (res > 0) {
 419                         size -= res;
 420                         p += res;
 421                 }
 422                 np = true;
 423         }
 424 
 425         return buf;
 426 }
 427 
 428 /**
 429  * xt_check_proc_name - check that name is suitable for /proc file creation
 430  *
 431  * @name: file name candidate
 432  * @size: length of buffer
 433  *
 434  * some x_tables modules wish to create a file in /proc.
 435  * This function makes sure that the name is suitable for this
 436  * purpose, it checks that name is NUL terminated and isn't a 'special'
 437  * name, like "..".
 438  *
 439  * returns negative number on error or 0 if name is useable.
 440  */
 441 int xt_check_proc_name(const char *name, unsigned int size)
 442 {
 443         if (name[0] == '\0')
 444                 return -EINVAL;
 445 
 446         if (strnlen(name, size) == size)
 447                 return -ENAMETOOLONG;
 448 
 449         if (strcmp(name, ".") == 0 ||
 450             strcmp(name, "..") == 0 ||
 451             strchr(name, '/'))
 452                 return -EINVAL;
 453 
 454         return 0;
 455 }
 456 EXPORT_SYMBOL(xt_check_proc_name);
 457 
 458 int xt_check_match(struct xt_mtchk_param *par,
 459                    unsigned int size, u16 proto, bool inv_proto)
 460 {
 461         int ret;
 462 
 463         if (XT_ALIGN(par->match->matchsize) != size &&
 464             par->match->matchsize != -1) {
 465                 /*
 466                  * ebt_among is exempt from centralized matchsize checking
 467                  * because it uses a dynamic-size data set.
 468                  */
 469                 pr_err_ratelimited("%s_tables: %s.%u match: invalid size %u (kernel) != (user) %u\n",
 470                                    xt_prefix[par->family], par->match->name,
 471                                    par->match->revision,
 472                                    XT_ALIGN(par->match->matchsize), size);
 473                 return -EINVAL;
 474         }
 475         if (par->match->table != NULL &&
 476             strcmp(par->match->table, par->table) != 0) {
 477                 pr_info_ratelimited("%s_tables: %s match: only valid in %s table, not %s\n",
 478                                     xt_prefix[par->family], par->match->name,
 479                                     par->match->table, par->table);
 480                 return -EINVAL;
 481         }
 482         if (par->match->hooks && (par->hook_mask & ~par->match->hooks) != 0) {
 483                 char used[64], allow[64];
 484 
 485                 pr_info_ratelimited("%s_tables: %s match: used from hooks %s, but only valid from %s\n",
 486                                     xt_prefix[par->family], par->match->name,
 487                                     textify_hooks(used, sizeof(used),
 488                                                   par->hook_mask, par->family),
 489                                     textify_hooks(allow, sizeof(allow),
 490                                                   par->match->hooks,
 491                                                   par->family));
 492                 return -EINVAL;
 493         }
 494         if (par->match->proto && (par->match->proto != proto || inv_proto)) {
 495                 pr_info_ratelimited("%s_tables: %s match: only valid for protocol %u\n",
 496                                     xt_prefix[par->family], par->match->name,
 497                                     par->match->proto);
 498                 return -EINVAL;
 499         }
 500         if (par->match->checkentry != NULL) {
 501                 ret = par->match->checkentry(par);
 502                 if (ret < 0)
 503                         return ret;
 504                 else if (ret > 0)
 505                         /* Flag up potential errors. */
 506                         return -EIO;
 507         }
 508         return 0;
 509 }
 510 EXPORT_SYMBOL_GPL(xt_check_match);
 511 
 512 /** xt_check_entry_match - check that matches end before start of target
 513  *
 514  * @match: beginning of xt_entry_match
 515  * @target: beginning of this rules target (alleged end of matches)
 516  * @alignment: alignment requirement of match structures
 517  *
 518  * Validates that all matches add up to the beginning of the target,
 519  * and that each match covers at least the base structure size.
 520  *
 521  * Return: 0 on success, negative errno on failure.
 522  */
 523 static int xt_check_entry_match(const char *match, const char *target,
 524                                 const size_t alignment)
 525 {
 526         const struct xt_entry_match *pos;
 527         int length = target - match;
 528 
 529         if (length == 0) /* no matches */
 530                 return 0;
 531 
 532         pos = (struct xt_entry_match *)match;
 533         do {
 534                 if ((unsigned long)pos % alignment)
 535                         return -EINVAL;
 536 
 537                 if (length < (int)sizeof(struct xt_entry_match))
 538                         return -EINVAL;
 539 
 540                 if (pos->u.match_size < sizeof(struct xt_entry_match))
 541                         return -EINVAL;
 542 
 543                 if (pos->u.match_size > length)
 544                         return -EINVAL;
 545 
 546                 length -= pos->u.match_size;
 547                 pos = ((void *)((char *)(pos) + (pos)->u.match_size));
 548         } while (length > 0);
 549 
 550         return 0;
 551 }
 552 
 553 /** xt_check_table_hooks - check hook entry points are sane
 554  *
 555  * @info xt_table_info to check
 556  * @valid_hooks - hook entry points that we can enter from
 557  *
 558  * Validates that the hook entry and underflows points are set up.
 559  *
 560  * Return: 0 on success, negative errno on failure.
 561  */
 562 int xt_check_table_hooks(const struct xt_table_info *info, unsigned int valid_hooks)
 563 {
 564         const char *err = "unsorted underflow";
 565         unsigned int i, max_uflow, max_entry;
 566         bool check_hooks = false;
 567 
 568         BUILD_BUG_ON(ARRAY_SIZE(info->hook_entry) != ARRAY_SIZE(info->underflow));
 569 
 570         max_entry = 0;
 571         max_uflow = 0;
 572 
 573         for (i = 0; i < ARRAY_SIZE(info->hook_entry); i++) {
 574                 if (!(valid_hooks & (1 << i)))
 575                         continue;
 576 
 577                 if (info->hook_entry[i] == 0xFFFFFFFF)
 578                         return -EINVAL;
 579                 if (info->underflow[i] == 0xFFFFFFFF)
 580                         return -EINVAL;
 581 
 582                 if (check_hooks) {
 583                         if (max_uflow > info->underflow[i])
 584                                 goto error;
 585 
 586                         if (max_uflow == info->underflow[i]) {
 587                                 err = "duplicate underflow";
 588                                 goto error;
 589                         }
 590                         if (max_entry > info->hook_entry[i]) {
 591                                 err = "unsorted entry";
 592                                 goto error;
 593                         }
 594                         if (max_entry == info->hook_entry[i]) {
 595                                 err = "duplicate entry";
 596                                 goto error;
 597                         }
 598                 }
 599                 max_entry = info->hook_entry[i];
 600                 max_uflow = info->underflow[i];
 601                 check_hooks = true;
 602         }
 603 
 604         return 0;
 605 error:
 606         pr_err_ratelimited("%s at hook %d\n", err, i);
 607         return -EINVAL;
 608 }
 609 EXPORT_SYMBOL(xt_check_table_hooks);
 610 
 611 static bool verdict_ok(int verdict)
 612 {
 613         if (verdict > 0)
 614                 return true;
 615 
 616         if (verdict < 0) {
 617                 int v = -verdict - 1;
 618 
 619                 if (verdict == XT_RETURN)
 620                         return true;
 621 
 622                 switch (v) {
 623                 case NF_ACCEPT: return true;
 624                 case NF_DROP: return true;
 625                 case NF_QUEUE: return true;
 626                 default:
 627                         break;
 628                 }
 629 
 630                 return false;
 631         }
 632 
 633         return false;
 634 }
 635 
 636 static bool error_tg_ok(unsigned int usersize, unsigned int kernsize,
 637                         const char *msg, unsigned int msglen)
 638 {
 639         return usersize == kernsize && strnlen(msg, msglen) < msglen;
 640 }
 641 
 642 #ifdef CONFIG_COMPAT
 643 int xt_compat_add_offset(u_int8_t af, unsigned int offset, int delta)
 644 {
 645         struct xt_af *xp = &xt[af];
 646 
 647         WARN_ON(!mutex_is_locked(&xt[af].compat_mutex));
 648 
 649         if (WARN_ON(!xp->compat_tab))
 650                 return -ENOMEM;
 651 
 652         if (xp->cur >= xp->number)
 653                 return -EINVAL;
 654 
 655         if (xp->cur)
 656                 delta += xp->compat_tab[xp->cur - 1].delta;
 657         xp->compat_tab[xp->cur].offset = offset;
 658         xp->compat_tab[xp->cur].delta = delta;
 659         xp->cur++;
 660         return 0;
 661 }
 662 EXPORT_SYMBOL_GPL(xt_compat_add_offset);
 663 
 664 void xt_compat_flush_offsets(u_int8_t af)
 665 {
 666         WARN_ON(!mutex_is_locked(&xt[af].compat_mutex));
 667 
 668         if (xt[af].compat_tab) {
 669                 vfree(xt[af].compat_tab);
 670                 xt[af].compat_tab = NULL;
 671                 xt[af].number = 0;
 672                 xt[af].cur = 0;
 673         }
 674 }
 675 EXPORT_SYMBOL_GPL(xt_compat_flush_offsets);
 676 
 677 int xt_compat_calc_jump(u_int8_t af, unsigned int offset)
 678 {
 679         struct compat_delta *tmp = xt[af].compat_tab;
 680         int mid, left = 0, right = xt[af].cur - 1;
 681 
 682         while (left <= right) {
 683                 mid = (left + right) >> 1;
 684                 if (offset > tmp[mid].offset)
 685                         left = mid + 1;
 686                 else if (offset < tmp[mid].offset)
 687                         right = mid - 1;
 688                 else
 689                         return mid ? tmp[mid - 1].delta : 0;
 690         }
 691         return left ? tmp[left - 1].delta : 0;
 692 }
 693 EXPORT_SYMBOL_GPL(xt_compat_calc_jump);
 694 
 695 int xt_compat_init_offsets(u8 af, unsigned int number)
 696 {
 697         size_t mem;
 698 
 699         WARN_ON(!mutex_is_locked(&xt[af].compat_mutex));
 700 
 701         if (!number || number > (INT_MAX / sizeof(struct compat_delta)))
 702                 return -EINVAL;
 703 
 704         if (WARN_ON(xt[af].compat_tab))
 705                 return -EINVAL;
 706 
 707         mem = sizeof(struct compat_delta) * number;
 708         if (mem > XT_MAX_TABLE_SIZE)
 709                 return -ENOMEM;
 710 
 711         xt[af].compat_tab = vmalloc(mem);
 712         if (!xt[af].compat_tab)
 713                 return -ENOMEM;
 714 
 715         xt[af].number = number;
 716         xt[af].cur = 0;
 717 
 718         return 0;
 719 }
 720 EXPORT_SYMBOL(xt_compat_init_offsets);
 721 
 722 int xt_compat_match_offset(const struct xt_match *match)
 723 {
 724         u_int16_t csize = match->compatsize ? : match->matchsize;
 725         return XT_ALIGN(match->matchsize) - COMPAT_XT_ALIGN(csize);
 726 }
 727 EXPORT_SYMBOL_GPL(xt_compat_match_offset);
 728 
 729 void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
 730                                unsigned int *size)
 731 {
 732         const struct xt_match *match = m->u.kernel.match;
 733         struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m;
 734         int pad, off = xt_compat_match_offset(match);
 735         u_int16_t msize = cm->u.user.match_size;
 736         char name[sizeof(m->u.user.name)];
 737 
 738         m = *dstptr;
 739         memcpy(m, cm, sizeof(*cm));
 740         if (match->compat_from_user)
 741                 match->compat_from_user(m->data, cm->data);
 742         else
 743                 memcpy(m->data, cm->data, msize - sizeof(*cm));
 744         pad = XT_ALIGN(match->matchsize) - match->matchsize;
 745         if (pad > 0)
 746                 memset(m->data + match->matchsize, 0, pad);
 747 
 748         msize += off;
 749         m->u.user.match_size = msize;
 750         strlcpy(name, match->name, sizeof(name));
 751         module_put(match->me);
 752         strncpy(m->u.user.name, name, sizeof(m->u.user.name));
 753 
 754         *size += off;
 755         *dstptr += msize;
 756 }
 757 EXPORT_SYMBOL_GPL(xt_compat_match_from_user);
 758 
 759 #define COMPAT_XT_DATA_TO_USER(U, K, TYPE, C_SIZE)                      \
 760         xt_data_to_user(U->data, K->data,                               \
 761                         K->u.kernel.TYPE->usersize,                     \
 762                         C_SIZE,                                         \
 763                         COMPAT_XT_ALIGN(C_SIZE))
 764 
 765 int xt_compat_match_to_user(const struct xt_entry_match *m,
 766                             void __user **dstptr, unsigned int *size)
 767 {
 768         const struct xt_match *match = m->u.kernel.match;
 769         struct compat_xt_entry_match __user *cm = *dstptr;
 770         int off = xt_compat_match_offset(match);
 771         u_int16_t msize = m->u.user.match_size - off;
 772 
 773         if (XT_OBJ_TO_USER(cm, m, match, msize))
 774                 return -EFAULT;
 775 
 776         if (match->compat_to_user) {
 777                 if (match->compat_to_user((void __user *)cm->data, m->data))
 778                         return -EFAULT;
 779         } else {
 780                 if (COMPAT_XT_DATA_TO_USER(cm, m, match, msize - sizeof(*cm)))
 781                         return -EFAULT;
 782         }
 783 
 784         *size -= off;
 785         *dstptr += msize;
 786         return 0;
 787 }
 788 EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
 789 
 790 /* non-compat version may have padding after verdict */
 791 struct compat_xt_standard_target {
 792         struct compat_xt_entry_target t;
 793         compat_uint_t verdict;
 794 };
 795 
 796 struct compat_xt_error_target {
 797         struct compat_xt_entry_target t;
 798         char errorname[XT_FUNCTION_MAXNAMELEN];
 799 };
 800 
 801 int xt_compat_check_entry_offsets(const void *base, const char *elems,
 802                                   unsigned int target_offset,
 803                                   unsigned int next_offset)
 804 {
 805         long size_of_base_struct = elems - (const char *)base;
 806         const struct compat_xt_entry_target *t;
 807         const char *e = base;
 808 
 809         if (target_offset < size_of_base_struct)
 810                 return -EINVAL;
 811 
 812         if (target_offset + sizeof(*t) > next_offset)
 813                 return -EINVAL;
 814 
 815         t = (void *)(e + target_offset);
 816         if (t->u.target_size < sizeof(*t))
 817                 return -EINVAL;
 818 
 819         if (target_offset + t->u.target_size > next_offset)
 820                 return -EINVAL;
 821 
 822         if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
 823                 const struct compat_xt_standard_target *st = (const void *)t;
 824 
 825                 if (COMPAT_XT_ALIGN(target_offset + sizeof(*st)) != next_offset)
 826                         return -EINVAL;
 827 
 828                 if (!verdict_ok(st->verdict))
 829                         return -EINVAL;
 830         } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0) {
 831                 const struct compat_xt_error_target *et = (const void *)t;
 832 
 833                 if (!error_tg_ok(t->u.target_size, sizeof(*et),
 834                                  et->errorname, sizeof(et->errorname)))
 835                         return -EINVAL;
 836         }
 837 
 838         /* compat_xt_entry match has less strict alignment requirements,
 839          * otherwise they are identical.  In case of padding differences
 840          * we need to add compat version of xt_check_entry_match.
 841          */
 842         BUILD_BUG_ON(sizeof(struct compat_xt_entry_match) != sizeof(struct xt_entry_match));
 843 
 844         return xt_check_entry_match(elems, base + target_offset,
 845                                     __alignof__(struct compat_xt_entry_match));
 846 }
 847 EXPORT_SYMBOL(xt_compat_check_entry_offsets);
 848 #endif /* CONFIG_COMPAT */
 849 
 850 /**
 851  * xt_check_entry_offsets - validate arp/ip/ip6t_entry
 852  *
 853  * @base: pointer to arp/ip/ip6t_entry
 854  * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems
 855  * @target_offset: the arp/ip/ip6_t->target_offset
 856  * @next_offset: the arp/ip/ip6_t->next_offset
 857  *
 858  * validates that target_offset and next_offset are sane and that all
 859  * match sizes (if any) align with the target offset.
 860  *
 861  * This function does not validate the targets or matches themselves, it
 862  * only tests that all the offsets and sizes are correct, that all
 863  * match structures are aligned, and that the last structure ends where
 864  * the target structure begins.
 865  *
 866  * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version.
 867  *
 868  * The arp/ip/ip6t_entry structure @base must have passed following tests:
 869  * - it must point to a valid memory location
 870  * - base to base + next_offset must be accessible, i.e. not exceed allocated
 871  *   length.
 872  *
 873  * A well-formed entry looks like this:
 874  *
 875  * ip(6)t_entry   match [mtdata]  match [mtdata] target [tgdata] ip(6)t_entry
 876  * e->elems[]-----'                              |               |
 877  *                matchsize                      |               |
 878  *                                matchsize      |               |
 879  *                                               |               |
 880  * target_offset---------------------------------'               |
 881  * next_offset---------------------------------------------------'
 882  *
 883  * elems[]: flexible array member at end of ip(6)/arpt_entry struct.
 884  *          This is where matches (if any) and the target reside.
 885  * target_offset: beginning of target.
 886  * next_offset: start of the next rule; also: size of this rule.
 887  * Since targets have a minimum size, target_offset + minlen <= next_offset.
 888  *
 889  * Every match stores its size, sum of sizes must not exceed target_offset.
 890  *
 891  * Return: 0 on success, negative errno on failure.
 892  */
 893 int xt_check_entry_offsets(const void *base,
 894                            const char *elems,
 895                            unsigned int target_offset,
 896                            unsigned int next_offset)
 897 {
 898         long size_of_base_struct = elems - (const char *)base;
 899         const struct xt_entry_target *t;
 900         const char *e = base;
 901 
 902         /* target start is within the ip/ip6/arpt_entry struct */
 903         if (target_offset < size_of_base_struct)
 904                 return -EINVAL;
 905 
 906         if (target_offset + sizeof(*t) > next_offset)
 907                 return -EINVAL;
 908 
 909         t = (void *)(e + target_offset);
 910         if (t->u.target_size < sizeof(*t))
 911                 return -EINVAL;
 912 
 913         if (target_offset + t->u.target_size > next_offset)
 914                 return -EINVAL;
 915 
 916         if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
 917                 const struct xt_standard_target *st = (const void *)t;
 918 
 919                 if (XT_ALIGN(target_offset + sizeof(*st)) != next_offset)
 920                         return -EINVAL;
 921 
 922                 if (!verdict_ok(st->verdict))
 923                         return -EINVAL;
 924         } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0) {
 925                 const struct xt_error_target *et = (const void *)t;
 926 
 927                 if (!error_tg_ok(t->u.target_size, sizeof(*et),
 928                                  et->errorname, sizeof(et->errorname)))
 929                         return -EINVAL;
 930         }
 931 
 932         return xt_check_entry_match(elems, base + target_offset,
 933                                     __alignof__(struct xt_entry_match));
 934 }
 935 EXPORT_SYMBOL(xt_check_entry_offsets);
 936 
 937 /**
 938  * xt_alloc_entry_offsets - allocate array to store rule head offsets
 939  *
 940  * @size: number of entries
 941  *
 942  * Return: NULL or kmalloc'd or vmalloc'd array
 943  */
 944 unsigned int *xt_alloc_entry_offsets(unsigned int size)
 945 {
 946         if (size > XT_MAX_TABLE_SIZE / sizeof(unsigned int))
 947                 return NULL;
 948 
 949         return kvmalloc_array(size, sizeof(unsigned int), GFP_KERNEL | __GFP_ZERO);
 950 
 951 }
 952 EXPORT_SYMBOL(xt_alloc_entry_offsets);
 953 
 954 /**
 955  * xt_find_jump_offset - check if target is a valid jump offset
 956  *
 957  * @offsets: array containing all valid rule start offsets of a rule blob
 958  * @target: the jump target to search for
 959  * @size: entries in @offset
 960  */
 961 bool xt_find_jump_offset(const unsigned int *offsets,
 962                          unsigned int target, unsigned int size)
 963 {
 964         int m, low = 0, hi = size;
 965 
 966         while (hi > low) {
 967                 m = (low + hi) / 2u;
 968 
 969                 if (offsets[m] > target)
 970                         hi = m;
 971                 else if (offsets[m] < target)
 972                         low = m + 1;
 973                 else
 974                         return true;
 975         }
 976 
 977         return false;
 978 }
 979 EXPORT_SYMBOL(xt_find_jump_offset);
 980 
 981 int xt_check_target(struct xt_tgchk_param *par,
 982                     unsigned int size, u16 proto, bool inv_proto)
 983 {
 984         int ret;
 985 
 986         if (XT_ALIGN(par->target->targetsize) != size) {
 987                 pr_err_ratelimited("%s_tables: %s.%u target: invalid size %u (kernel) != (user) %u\n",
 988                                    xt_prefix[par->family], par->target->name,
 989                                    par->target->revision,
 990                                    XT_ALIGN(par->target->targetsize), size);
 991                 return -EINVAL;
 992         }
 993         if (par->target->table != NULL &&
 994             strcmp(par->target->table, par->table) != 0) {
 995                 pr_info_ratelimited("%s_tables: %s target: only valid in %s table, not %s\n",
 996                                     xt_prefix[par->family], par->target->name,
 997                                     par->target->table, par->table);
 998                 return -EINVAL;
 999         }
1000         if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) {
1001                 char used[64], allow[64];
1002 
1003                 pr_info_ratelimited("%s_tables: %s target: used from hooks %s, but only usable from %s\n",
1004                                     xt_prefix[par->family], par->target->name,
1005                                     textify_hooks(used, sizeof(used),
1006                                                   par->hook_mask, par->family),
1007                                     textify_hooks(allow, sizeof(allow),
1008                                                   par->target->hooks,
1009                                                   par->family));
1010                 return -EINVAL;
1011         }
1012         if (par->target->proto && (par->target->proto != proto || inv_proto)) {
1013                 pr_info_ratelimited("%s_tables: %s target: only valid for protocol %u\n",
1014                                     xt_prefix[par->family], par->target->name,
1015                                     par->target->proto);
1016                 return -EINVAL;
1017         }
1018         if (par->target->checkentry != NULL) {
1019                 ret = par->target->checkentry(par);
1020                 if (ret < 0)
1021                         return ret;
1022                 else if (ret > 0)
1023                         /* Flag up potential errors. */
1024                         return -EIO;
1025         }
1026         return 0;
1027 }
1028 EXPORT_SYMBOL_GPL(xt_check_target);
1029 
1030 /**
1031  * xt_copy_counters_from_user - copy counters and metadata from userspace
1032  *
1033  * @user: src pointer to userspace memory
1034  * @len: alleged size of userspace memory
1035  * @info: where to store the xt_counters_info metadata
1036  * @compat: true if we setsockopt call is done by 32bit task on 64bit kernel
1037  *
1038  * Copies counter meta data from @user and stores it in @info.
1039  *
1040  * vmallocs memory to hold the counters, then copies the counter data
1041  * from @user to the new memory and returns a pointer to it.
1042  *
1043  * If @compat is true, @info gets converted automatically to the 64bit
1044  * representation.
1045  *
1046  * The metadata associated with the counters is stored in @info.
1047  *
1048  * Return: returns pointer that caller has to test via IS_ERR().
1049  * If IS_ERR is false, caller has to vfree the pointer.
1050  */
1051 void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
1052                                  struct xt_counters_info *info, bool compat)
1053 {
1054         void *mem;
1055         u64 size;
1056 
1057 #ifdef CONFIG_COMPAT
1058         if (compat) {
1059                 /* structures only differ in size due to alignment */
1060                 struct compat_xt_counters_info compat_tmp;
1061 
1062                 if (len <= sizeof(compat_tmp))
1063                         return ERR_PTR(-EINVAL);
1064 
1065                 len -= sizeof(compat_tmp);
1066                 if (copy_from_user(&compat_tmp, user, sizeof(compat_tmp)) != 0)
1067                         return ERR_PTR(-EFAULT);
1068 
1069                 memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
1070                 info->num_counters = compat_tmp.num_counters;
1071                 user += sizeof(compat_tmp);
1072         } else
1073 #endif
1074         {
1075                 if (len <= sizeof(*info))
1076                         return ERR_PTR(-EINVAL);
1077 
1078                 len -= sizeof(*info);
1079                 if (copy_from_user(info, user, sizeof(*info)) != 0)
1080                         return ERR_PTR(-EFAULT);
1081 
1082                 user += sizeof(*info);
1083         }
1084         info->name[sizeof(info->name) - 1] = '\0';
1085 
1086         size = sizeof(struct xt_counters);
1087         size *= info->num_counters;
1088 
1089         if (size != (u64)len)
1090                 return ERR_PTR(-EINVAL);
1091 
1092         mem = vmalloc(len);
1093         if (!mem)
1094                 return ERR_PTR(-ENOMEM);
1095 
1096         if (copy_from_user(mem, user, len) == 0)
1097                 return mem;
1098 
1099         vfree(mem);
1100         return ERR_PTR(-EFAULT);
1101 }
1102 EXPORT_SYMBOL_GPL(xt_copy_counters_from_user);
1103 
1104 #ifdef CONFIG_COMPAT
1105 int xt_compat_target_offset(const struct xt_target *target)
1106 {
1107         u_int16_t csize = target->compatsize ? : target->targetsize;
1108         return XT_ALIGN(target->targetsize) - COMPAT_XT_ALIGN(csize);
1109 }
1110 EXPORT_SYMBOL_GPL(xt_compat_target_offset);
1111 
1112 void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr,
1113                                 unsigned int *size)
1114 {
1115         const struct xt_target *target = t->u.kernel.target;
1116         struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t;
1117         int pad, off = xt_compat_target_offset(target);
1118         u_int16_t tsize = ct->u.user.target_size;
1119         char name[sizeof(t->u.user.name)];
1120 
1121         t = *dstptr;
1122         memcpy(t, ct, sizeof(*ct));
1123         if (target->compat_from_user)
1124                 target->compat_from_user(t->data, ct->data);
1125         else
1126                 memcpy(t->data, ct->data, tsize - sizeof(*ct));
1127         pad = XT_ALIGN(target->targetsize) - target->targetsize;
1128         if (pad > 0)
1129                 memset(t->data + target->targetsize, 0, pad);
1130 
1131         tsize += off;
1132         t->u.user.target_size = tsize;
1133         strlcpy(name, target->name, sizeof(name));
1134         module_put(target->me);
1135         strncpy(t->u.user.name, name, sizeof(t->u.user.name));
1136 
1137         *size += off;
1138         *dstptr += tsize;
1139 }
1140 EXPORT_SYMBOL_GPL(xt_compat_target_from_user);
1141 
1142 int xt_compat_target_to_user(const struct xt_entry_target *t,
1143                              void __user **dstptr, unsigned int *size)
1144 {
1145         const struct xt_target *target = t->u.kernel.target;
1146         struct compat_xt_entry_target __user *ct = *dstptr;
1147         int off = xt_compat_target_offset(target);
1148         u_int16_t tsize = t->u.user.target_size - off;
1149 
1150         if (XT_OBJ_TO_USER(ct, t, target, tsize))
1151                 return -EFAULT;
1152 
1153         if (target->compat_to_user) {
1154                 if (target->compat_to_user((void __user *)ct->data, t->data))
1155                         return -EFAULT;
1156         } else {
1157                 if (COMPAT_XT_DATA_TO_USER(ct, t, target, tsize - sizeof(*ct)))
1158                         return -EFAULT;
1159         }
1160 
1161         *size -= off;
1162         *dstptr += tsize;
1163         return 0;
1164 }
1165 EXPORT_SYMBOL_GPL(xt_compat_target_to_user);
1166 #endif
1167 
1168 struct xt_table_info *xt_alloc_table_info(unsigned int size)
1169 {
1170         struct xt_table_info *info = NULL;
1171         size_t sz = sizeof(*info) + size;
1172 
1173         if (sz < sizeof(*info) || sz >= XT_MAX_TABLE_SIZE)
1174                 return NULL;
1175 
1176         info = kvmalloc(sz, GFP_KERNEL_ACCOUNT);
1177         if (!info)
1178                 return NULL;
1179 
1180         memset(info, 0, sizeof(*info));
1181         info->size = size;
1182         return info;
1183 }
1184 EXPORT_SYMBOL(xt_alloc_table_info);
1185 
1186 void xt_free_table_info(struct xt_table_info *info)
1187 {
1188         int cpu;
1189 
1190         if (info->jumpstack != NULL) {
1191                 for_each_possible_cpu(cpu)
1192                         kvfree(info->jumpstack[cpu]);
1193                 kvfree(info->jumpstack);
1194         }
1195 
1196         kvfree(info);
1197 }
1198 EXPORT_SYMBOL(xt_free_table_info);
1199 
1200 /* Find table by name, grabs mutex & ref.  Returns ERR_PTR on error. */
1201 struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
1202                                     const char *name)
1203 {
1204         struct xt_table *t, *found = NULL;
1205 
1206         mutex_lock(&xt[af].mutex);
1207         list_for_each_entry(t, &net->xt.tables[af], list)
1208                 if (strcmp(t->name, name) == 0 && try_module_get(t->me))
1209                         return t;
1210 
1211         if (net == &init_net)
1212                 goto out;
1213 
1214         /* Table doesn't exist in this netns, re-try init */
1215         list_for_each_entry(t, &init_net.xt.tables[af], list) {
1216                 int err;
1217 
1218                 if (strcmp(t->name, name))
1219                         continue;
1220                 if (!try_module_get(t->me))
1221                         goto out;
1222                 mutex_unlock(&xt[af].mutex);
1223                 err = t->table_init(net);
1224                 if (err < 0) {
1225                         module_put(t->me);
1226                         return ERR_PTR(err);
1227                 }
1228 
1229                 found = t;
1230 
1231                 mutex_lock(&xt[af].mutex);
1232                 break;
1233         }
1234 
1235         if (!found)
1236                 goto out;
1237 
1238         /* and once again: */
1239         list_for_each_entry(t, &net->xt.tables[af], list)
1240                 if (strcmp(t->name, name) == 0)
1241                         return t;
1242 
1243         module_put(found->me);
1244  out:
1245         mutex_unlock(&xt[af].mutex);
1246         return ERR_PTR(-ENOENT);
1247 }
1248 EXPORT_SYMBOL_GPL(xt_find_table_lock);
1249 
1250 struct xt_table *xt_request_find_table_lock(struct net *net, u_int8_t af,
1251                                             const char *name)
1252 {
1253         struct xt_table *t = xt_find_table_lock(net, af, name);
1254 
1255 #ifdef CONFIG_MODULES
1256         if (IS_ERR(t)) {
1257                 int err = request_module("%stable_%s", xt_prefix[af], name);
1258                 if (err < 0)
1259                         return ERR_PTR(err);
1260                 t = xt_find_table_lock(net, af, name);
1261         }
1262 #endif
1263 
1264         return t;
1265 }
1266 EXPORT_SYMBOL_GPL(xt_request_find_table_lock);
1267 
1268 void xt_table_unlock(struct xt_table *table)
1269 {
1270         mutex_unlock(&xt[table->af].mutex);
1271 }
1272 EXPORT_SYMBOL_GPL(xt_table_unlock);
1273 
1274 #ifdef CONFIG_COMPAT
1275 void xt_compat_lock(u_int8_t af)
1276 {
1277         mutex_lock(&xt[af].compat_mutex);
1278 }
1279 EXPORT_SYMBOL_GPL(xt_compat_lock);
1280 
1281 void xt_compat_unlock(u_int8_t af)
1282 {
1283         mutex_unlock(&xt[af].compat_mutex);
1284 }
1285 EXPORT_SYMBOL_GPL(xt_compat_unlock);
1286 #endif
1287 
1288 DEFINE_PER_CPU(seqcount_t, xt_recseq);
1289 EXPORT_PER_CPU_SYMBOL_GPL(xt_recseq);
1290 
1291 struct static_key xt_tee_enabled __read_mostly;
1292 EXPORT_SYMBOL_GPL(xt_tee_enabled);
1293 
1294 static int xt_jumpstack_alloc(struct xt_table_info *i)
1295 {
1296         unsigned int size;
1297         int cpu;
1298 
1299         size = sizeof(void **) * nr_cpu_ids;
1300         if (size > PAGE_SIZE)
1301                 i->jumpstack = kvzalloc(size, GFP_KERNEL);
1302         else
1303                 i->jumpstack = kzalloc(size, GFP_KERNEL);
1304         if (i->jumpstack == NULL)
1305                 return -ENOMEM;
1306 
1307         /* ruleset without jumps -- no stack needed */
1308         if (i->stacksize == 0)
1309                 return 0;
1310 
1311         /* Jumpstack needs to be able to record two full callchains, one
1312          * from the first rule set traversal, plus one table reentrancy
1313          * via -j TEE without clobbering the callchain that brought us to
1314          * TEE target.
1315          *
1316          * This is done by allocating two jumpstacks per cpu, on reentry
1317          * the upper half of the stack is used.
1318          *
1319          * see the jumpstack setup in ipt_do_table() for more details.
1320          */
1321         size = sizeof(void *) * i->stacksize * 2u;
1322         for_each_possible_cpu(cpu) {
1323                 i->jumpstack[cpu] = kvmalloc_node(size, GFP_KERNEL,
1324                         cpu_to_node(cpu));
1325                 if (i->jumpstack[cpu] == NULL)
1326                         /*
1327                          * Freeing will be done later on by the callers. The
1328                          * chain is: xt_replace_table -> __do_replace ->
1329                          * do_replace -> xt_free_table_info.
1330                          */
1331                         return -ENOMEM;
1332         }
1333 
1334         return 0;
1335 }
1336 
1337 struct xt_counters *xt_counters_alloc(unsigned int counters)
1338 {
1339         struct xt_counters *mem;
1340 
1341         if (counters == 0 || counters > INT_MAX / sizeof(*mem))
1342                 return NULL;
1343 
1344         counters *= sizeof(*mem);
1345         if (counters > XT_MAX_TABLE_SIZE)
1346                 return NULL;
1347 
1348         return vzalloc(counters);
1349 }
1350 EXPORT_SYMBOL(xt_counters_alloc);
1351 
1352 struct xt_table_info *
1353 xt_replace_table(struct xt_table *table,
1354               unsigned int num_counters,
1355               struct xt_table_info *newinfo,
1356               int *error)
1357 {
1358         struct xt_table_info *private;
1359         unsigned int cpu;
1360         int ret;
1361 
1362         ret = xt_jumpstack_alloc(newinfo);
1363         if (ret < 0) {
1364                 *error = ret;
1365                 return NULL;
1366         }
1367 
1368         /* Do the substitution. */
1369         local_bh_disable();
1370         private = table->private;
1371 
1372         /* Check inside lock: is the old number correct? */
1373         if (num_counters != private->number) {
1374                 pr_debug("num_counters != table->private->number (%u/%u)\n",
1375                          num_counters, private->number);
1376                 local_bh_enable();
1377                 *error = -EAGAIN;
1378                 return NULL;
1379         }
1380 
1381         newinfo->initial_entries = private->initial_entries;
1382         /*
1383          * Ensure contents of newinfo are visible before assigning to
1384          * private.
1385          */
1386         smp_wmb();
1387         table->private = newinfo;
1388 
1389         /* make sure all cpus see new ->private value */
1390         smp_wmb();
1391 
1392         /*
1393          * Even though table entries have now been swapped, other CPU's
1394          * may still be using the old entries...
1395          */
1396         local_bh_enable();
1397 
1398         /* ... so wait for even xt_recseq on all cpus */
1399         for_each_possible_cpu(cpu) {
1400                 seqcount_t *s = &per_cpu(xt_recseq, cpu);
1401                 u32 seq = raw_read_seqcount(s);
1402 
1403                 if (seq & 1) {
1404                         do {
1405                                 cond_resched();
1406                                 cpu_relax();
1407                         } while (seq == raw_read_seqcount(s));
1408                 }
1409         }
1410 
1411 #ifdef CONFIG_AUDIT
1412         if (audit_enabled) {
1413                 audit_log(audit_context(), GFP_KERNEL,
1414                           AUDIT_NETFILTER_CFG,
1415                           "table=%s family=%u entries=%u",
1416                           table->name, table->af, private->number);
1417         }
1418 #endif
1419 
1420         return private;
1421 }
1422 EXPORT_SYMBOL_GPL(xt_replace_table);
1423 
1424 struct xt_table *xt_register_table(struct net *net,
1425                                    const struct xt_table *input_table,
1426                                    struct xt_table_info *bootstrap,
1427                                    struct xt_table_info *newinfo)
1428 {
1429         int ret;
1430         struct xt_table_info *private;
1431         struct xt_table *t, *table;
1432 
1433         /* Don't add one object to multiple lists. */
1434         table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL);
1435         if (!table) {
1436                 ret = -ENOMEM;
1437                 goto out;
1438         }
1439 
1440         mutex_lock(&xt[table->af].mutex);
1441         /* Don't autoload: we'd eat our tail... */
1442         list_for_each_entry(t, &net->xt.tables[table->af], list) {
1443                 if (strcmp(t->name, table->name) == 0) {
1444                         ret = -EEXIST;
1445                         goto unlock;
1446                 }
1447         }
1448 
1449         /* Simplifies replace_table code. */
1450         table->private = bootstrap;
1451 
1452         if (!xt_replace_table(table, 0, newinfo, &ret))
1453                 goto unlock;
1454 
1455         private = table->private;
1456         pr_debug("table->private->number = %u\n", private->number);
1457 
1458         /* save number of initial entries */
1459         private->initial_entries = private->number;
1460 
1461         list_add(&table->list, &net->xt.tables[table->af]);
1462         mutex_unlock(&xt[table->af].mutex);
1463         return table;
1464 
1465 unlock:
1466         mutex_unlock(&xt[table->af].mutex);
1467         kfree(table);
1468 out:
1469         return ERR_PTR(ret);
1470 }
1471 EXPORT_SYMBOL_GPL(xt_register_table);
1472 
1473 void *xt_unregister_table(struct xt_table *table)
1474 {
1475         struct xt_table_info *private;
1476 
1477         mutex_lock(&xt[table->af].mutex);
1478         private = table->private;
1479         list_del(&table->list);
1480         mutex_unlock(&xt[table->af].mutex);
1481         kfree(table);
1482 
1483         return private;
1484 }
1485 EXPORT_SYMBOL_GPL(xt_unregister_table);
1486 
1487 #ifdef CONFIG_PROC_FS
1488 static void *xt_table_seq_start(struct seq_file *seq, loff_t *pos)
1489 {
1490         struct net *net = seq_file_net(seq);
1491         u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
1492 
1493         mutex_lock(&xt[af].mutex);
1494         return seq_list_start(&net->xt.tables[af], *pos);
1495 }
1496 
1497 static void *xt_table_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1498 {
1499         struct net *net = seq_file_net(seq);
1500         u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
1501 
1502         return seq_list_next(v, &net->xt.tables[af], pos);
1503 }
1504 
1505 static void xt_table_seq_stop(struct seq_file *seq, void *v)
1506 {
1507         u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
1508 
1509         mutex_unlock(&xt[af].mutex);
1510 }
1511 
1512 static int xt_table_seq_show(struct seq_file *seq, void *v)
1513 {
1514         struct xt_table *table = list_entry(v, struct xt_table, list);
1515 
1516         if (*table->name)
1517                 seq_printf(seq, "%s\n", table->name);
1518         return 0;
1519 }
1520 
1521 static const struct seq_operations xt_table_seq_ops = {
1522         .start  = xt_table_seq_start,
1523         .next   = xt_table_seq_next,
1524         .stop   = xt_table_seq_stop,
1525         .show   = xt_table_seq_show,
1526 };
1527 
1528 /*
1529  * Traverse state for ip{,6}_{tables,matches} for helping crossing
1530  * the multi-AF mutexes.
1531  */
1532 struct nf_mttg_trav {
1533         struct list_head *head, *curr;
1534         uint8_t class;
1535 };
1536 
1537 enum {
1538         MTTG_TRAV_INIT,
1539         MTTG_TRAV_NFP_UNSPEC,
1540         MTTG_TRAV_NFP_SPEC,
1541         MTTG_TRAV_DONE,
1542 };
1543 
1544 static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos,
1545     bool is_target)
1546 {
1547         static const uint8_t next_class[] = {
1548                 [MTTG_TRAV_NFP_UNSPEC] = MTTG_TRAV_NFP_SPEC,
1549                 [MTTG_TRAV_NFP_SPEC]   = MTTG_TRAV_DONE,
1550         };
1551         uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file));
1552         struct nf_mttg_trav *trav = seq->private;
1553 
1554         if (ppos != NULL)
1555                 ++(*ppos);
1556 
1557         switch (trav->class) {
1558         case MTTG_TRAV_INIT:
1559                 trav->class = MTTG_TRAV_NFP_UNSPEC;
1560                 mutex_lock(&xt[NFPROTO_UNSPEC].mutex);
1561                 trav->head = trav->curr = is_target ?
1562                         &xt[NFPROTO_UNSPEC].target : &xt[NFPROTO_UNSPEC].match;
1563                 break;
1564         case MTTG_TRAV_NFP_UNSPEC:
1565                 trav->curr = trav->curr->next;
1566                 if (trav->curr != trav->head)
1567                         break;
1568                 mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
1569                 mutex_lock(&xt[nfproto].mutex);
1570                 trav->head = trav->curr = is_target ?
1571                         &xt[nfproto].target : &xt[nfproto].match;
1572                 trav->class = next_class[trav->class];
1573                 break;
1574         case MTTG_TRAV_NFP_SPEC:
1575                 trav->curr = trav->curr->next;
1576                 if (trav->curr != trav->head)
1577                         break;
1578                 /* fall through */
1579         default:
1580                 return NULL;
1581         }
1582         return trav;
1583 }
1584 
1585 static void *xt_mttg_seq_start(struct seq_file *seq, loff_t *pos,
1586     bool is_target)
1587 {
1588         struct nf_mttg_trav *trav = seq->private;
1589         unsigned int j;
1590 
1591         trav->class = MTTG_TRAV_INIT;
1592         for (j = 0; j < *pos; ++j)
1593                 if (xt_mttg_seq_next(seq, NULL, NULL, is_target) == NULL)
1594                         return NULL;
1595         return trav;
1596 }
1597 
1598 static void xt_mttg_seq_stop(struct seq_file *seq, void *v)
1599 {
1600         uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file));
1601         struct nf_mttg_trav *trav = seq->private;
1602 
1603         switch (trav->class) {
1604         case MTTG_TRAV_NFP_UNSPEC:
1605                 mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
1606                 break;
1607         case MTTG_TRAV_NFP_SPEC:
1608                 mutex_unlock(&xt[nfproto].mutex);
1609                 break;
1610         }
1611 }
1612 
1613 static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos)
1614 {
1615         return xt_mttg_seq_start(seq, pos, false);
1616 }
1617 
1618 static void *xt_match_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
1619 {
1620         return xt_mttg_seq_next(seq, v, ppos, false);
1621 }
1622 
1623 static int xt_match_seq_show(struct seq_file *seq, void *v)
1624 {
1625         const struct nf_mttg_trav *trav = seq->private;
1626         const struct xt_match *match;
1627 
1628         switch (trav->class) {
1629         case MTTG_TRAV_NFP_UNSPEC:
1630         case MTTG_TRAV_NFP_SPEC:
1631                 if (trav->curr == trav->head)
1632                         return 0;
1633                 match = list_entry(trav->curr, struct xt_match, list);
1634                 if (*match->name)
1635                         seq_printf(seq, "%s\n", match->name);
1636         }
1637         return 0;
1638 }
1639 
1640 static const struct seq_operations xt_match_seq_ops = {
1641         .start  = xt_match_seq_start,
1642         .next   = xt_match_seq_next,
1643         .stop   = xt_mttg_seq_stop,
1644         .show   = xt_match_seq_show,
1645 };
1646 
1647 static void *xt_target_seq_start(struct seq_file *seq, loff_t *pos)
1648 {
1649         return xt_mttg_seq_start(seq, pos, true);
1650 }
1651 
1652 static void *xt_target_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
1653 {
1654         return xt_mttg_seq_next(seq, v, ppos, true);
1655 }
1656 
1657 static int xt_target_seq_show(struct seq_file *seq, void *v)
1658 {
1659         const struct nf_mttg_trav *trav = seq->private;
1660         const struct xt_target *target;
1661 
1662         switch (trav->class) {
1663         case MTTG_TRAV_NFP_UNSPEC:
1664         case MTTG_TRAV_NFP_SPEC:
1665                 if (trav->curr == trav->head)
1666                         return 0;
1667                 target = list_entry(trav->curr, struct xt_target, list);
1668                 if (*target->name)
1669                         seq_printf(seq, "%s\n", target->name);
1670         }
1671         return 0;
1672 }
1673 
1674 static const struct seq_operations xt_target_seq_ops = {
1675         .start  = xt_target_seq_start,
1676         .next   = xt_target_seq_next,
1677         .stop   = xt_mttg_seq_stop,
1678         .show   = xt_target_seq_show,
1679 };
1680 
1681 #define FORMAT_TABLES   "_tables_names"
1682 #define FORMAT_MATCHES  "_tables_matches"
1683 #define FORMAT_TARGETS  "_tables_targets"
1684 
1685 #endif /* CONFIG_PROC_FS */
1686 
1687 /**
1688  * xt_hook_ops_alloc - set up hooks for a new table
1689  * @table:      table with metadata needed to set up hooks
1690  * @fn:         Hook function
1691  *
1692  * This function will create the nf_hook_ops that the x_table needs
1693  * to hand to xt_hook_link_net().
1694  */
1695 struct nf_hook_ops *
1696 xt_hook_ops_alloc(const struct xt_table *table, nf_hookfn *fn)
1697 {
1698         unsigned int hook_mask = table->valid_hooks;
1699         uint8_t i, num_hooks = hweight32(hook_mask);
1700         uint8_t hooknum;
1701         struct nf_hook_ops *ops;
1702 
1703         if (!num_hooks)
1704                 return ERR_PTR(-EINVAL);
1705 
1706         ops = kcalloc(num_hooks, sizeof(*ops), GFP_KERNEL);
1707         if (ops == NULL)
1708                 return ERR_PTR(-ENOMEM);
1709 
1710         for (i = 0, hooknum = 0; i < num_hooks && hook_mask != 0;
1711              hook_mask >>= 1, ++hooknum) {
1712                 if (!(hook_mask & 1))
1713                         continue;
1714                 ops[i].hook     = fn;
1715                 ops[i].pf       = table->af;
1716                 ops[i].hooknum  = hooknum;
1717                 ops[i].priority = table->priority;
1718                 ++i;
1719         }
1720 
1721         return ops;
1722 }
1723 EXPORT_SYMBOL_GPL(xt_hook_ops_alloc);
1724 
1725 int xt_proto_init(struct net *net, u_int8_t af)
1726 {
1727 #ifdef CONFIG_PROC_FS
1728         char buf[XT_FUNCTION_MAXNAMELEN];
1729         struct proc_dir_entry *proc;
1730         kuid_t root_uid;
1731         kgid_t root_gid;
1732 #endif
1733 
1734         if (af >= ARRAY_SIZE(xt_prefix))
1735                 return -EINVAL;
1736 
1737 
1738 #ifdef CONFIG_PROC_FS
1739         root_uid = make_kuid(net->user_ns, 0);
1740         root_gid = make_kgid(net->user_ns, 0);
1741 
1742         strlcpy(buf, xt_prefix[af], sizeof(buf));
1743         strlcat(buf, FORMAT_TABLES, sizeof(buf));
1744         proc = proc_create_net_data(buf, 0440, net->proc_net, &xt_table_seq_ops,
1745                         sizeof(struct seq_net_private),
1746                         (void *)(unsigned long)af);
1747         if (!proc)
1748                 goto out;
1749         if (uid_valid(root_uid) && gid_valid(root_gid))
1750                 proc_set_user(proc, root_uid, root_gid);
1751 
1752         strlcpy(buf, xt_prefix[af], sizeof(buf));
1753         strlcat(buf, FORMAT_MATCHES, sizeof(buf));
1754         proc = proc_create_seq_private(buf, 0440, net->proc_net,
1755                         &xt_match_seq_ops, sizeof(struct nf_mttg_trav),
1756                         (void *)(unsigned long)af);
1757         if (!proc)
1758                 goto out_remove_tables;
1759         if (uid_valid(root_uid) && gid_valid(root_gid))
1760                 proc_set_user(proc, root_uid, root_gid);
1761 
1762         strlcpy(buf, xt_prefix[af], sizeof(buf));
1763         strlcat(buf, FORMAT_TARGETS, sizeof(buf));
1764         proc = proc_create_seq_private(buf, 0440, net->proc_net,
1765                          &xt_target_seq_ops, sizeof(struct nf_mttg_trav),
1766                          (void *)(unsigned long)af);
1767         if (!proc)
1768                 goto out_remove_matches;
1769         if (uid_valid(root_uid) && gid_valid(root_gid))
1770                 proc_set_user(proc, root_uid, root_gid);
1771 #endif
1772 
1773         return 0;
1774 
1775 #ifdef CONFIG_PROC_FS
1776 out_remove_matches:
1777         strlcpy(buf, xt_prefix[af], sizeof(buf));
1778         strlcat(buf, FORMAT_MATCHES, sizeof(buf));
1779         remove_proc_entry(buf, net->proc_net);
1780 
1781 out_remove_tables:
1782         strlcpy(buf, xt_prefix[af], sizeof(buf));
1783         strlcat(buf, FORMAT_TABLES, sizeof(buf));
1784         remove_proc_entry(buf, net->proc_net);
1785 out:
1786         return -1;
1787 #endif
1788 }
1789 EXPORT_SYMBOL_GPL(xt_proto_init);
1790 
1791 void xt_proto_fini(struct net *net, u_int8_t af)
1792 {
1793 #ifdef CONFIG_PROC_FS
1794         char buf[XT_FUNCTION_MAXNAMELEN];
1795 
1796         strlcpy(buf, xt_prefix[af], sizeof(buf));
1797         strlcat(buf, FORMAT_TABLES, sizeof(buf));
1798         remove_proc_entry(buf, net->proc_net);
1799 
1800         strlcpy(buf, xt_prefix[af], sizeof(buf));
1801         strlcat(buf, FORMAT_TARGETS, sizeof(buf));
1802         remove_proc_entry(buf, net->proc_net);
1803 
1804         strlcpy(buf, xt_prefix[af], sizeof(buf));
1805         strlcat(buf, FORMAT_MATCHES, sizeof(buf));
1806         remove_proc_entry(buf, net->proc_net);
1807 #endif /*CONFIG_PROC_FS*/
1808 }
1809 EXPORT_SYMBOL_GPL(xt_proto_fini);
1810 
1811 /**
1812  * xt_percpu_counter_alloc - allocate x_tables rule counter
1813  *
1814  * @state: pointer to xt_percpu allocation state
1815  * @counter: pointer to counter struct inside the ip(6)/arpt_entry struct
1816  *
1817  * On SMP, the packet counter [ ip(6)t_entry->counters.pcnt ] will then
1818  * contain the address of the real (percpu) counter.
1819  *
1820  * Rule evaluation needs to use xt_get_this_cpu_counter() helper
1821  * to fetch the real percpu counter.
1822  *
1823  * To speed up allocation and improve data locality, a 4kb block is
1824  * allocated.  Freeing any counter may free an entire block, so all
1825  * counters allocated using the same state must be freed at the same
1826  * time.
1827  *
1828  * xt_percpu_counter_alloc_state contains the base address of the
1829  * allocated page and the current sub-offset.
1830  *
1831  * returns false on error.
1832  */
1833 bool xt_percpu_counter_alloc(struct xt_percpu_counter_alloc_state *state,
1834                              struct xt_counters *counter)
1835 {
1836         BUILD_BUG_ON(XT_PCPU_BLOCK_SIZE < (sizeof(*counter) * 2));
1837 
1838         if (nr_cpu_ids <= 1)
1839                 return true;
1840 
1841         if (!state->mem) {
1842                 state->mem = __alloc_percpu(XT_PCPU_BLOCK_SIZE,
1843                                             XT_PCPU_BLOCK_SIZE);
1844                 if (!state->mem)
1845                         return false;
1846         }
1847         counter->pcnt = (__force unsigned long)(state->mem + state->off);
1848         state->off += sizeof(*counter);
1849         if (state->off > (XT_PCPU_BLOCK_SIZE - sizeof(*counter))) {
1850                 state->mem = NULL;
1851                 state->off = 0;
1852         }
1853         return true;
1854 }
1855 EXPORT_SYMBOL_GPL(xt_percpu_counter_alloc);
1856 
1857 void xt_percpu_counter_free(struct xt_counters *counters)
1858 {
1859         unsigned long pcnt = counters->pcnt;
1860 
1861         if (nr_cpu_ids > 1 && (pcnt & (XT_PCPU_BLOCK_SIZE - 1)) == 0)
1862                 free_percpu((void __percpu *)pcnt);
1863 }
1864 EXPORT_SYMBOL_GPL(xt_percpu_counter_free);
1865 
1866 static int __net_init xt_net_init(struct net *net)
1867 {
1868         int i;
1869 
1870         for (i = 0; i < NFPROTO_NUMPROTO; i++)
1871                 INIT_LIST_HEAD(&net->xt.tables[i]);
1872         return 0;
1873 }
1874 
1875 static void __net_exit xt_net_exit(struct net *net)
1876 {
1877         int i;
1878 
1879         for (i = 0; i < NFPROTO_NUMPROTO; i++)
1880                 WARN_ON_ONCE(!list_empty(&net->xt.tables[i]));
1881 }
1882 
1883 static struct pernet_operations xt_net_ops = {
1884         .init = xt_net_init,
1885         .exit = xt_net_exit,
1886 };
1887 
1888 static int __init xt_init(void)
1889 {
1890         unsigned int i;
1891         int rv;
1892 
1893         for_each_possible_cpu(i) {
1894                 seqcount_init(&per_cpu(xt_recseq, i));
1895         }
1896 
1897         xt = kcalloc(NFPROTO_NUMPROTO, sizeof(struct xt_af), GFP_KERNEL);
1898         if (!xt)
1899                 return -ENOMEM;
1900 
1901         for (i = 0; i < NFPROTO_NUMPROTO; i++) {
1902                 mutex_init(&xt[i].mutex);
1903 #ifdef CONFIG_COMPAT
1904                 mutex_init(&xt[i].compat_mutex);
1905                 xt[i].compat_tab = NULL;
1906 #endif
1907                 INIT_LIST_HEAD(&xt[i].target);
1908                 INIT_LIST_HEAD(&xt[i].match);
1909         }
1910         rv = register_pernet_subsys(&xt_net_ops);
1911         if (rv < 0)
1912                 kfree(xt);
1913         return rv;
1914 }
1915 
1916 static void __exit xt_fini(void)
1917 {
1918         unregister_pernet_subsys(&xt_net_ops);
1919         kfree(xt);
1920 }
1921 
1922 module_init(xt_init);
1923 module_exit(xt_fini);
1924 

/* [<][>][^][v][top][bottom][index][help] */