summaryrefslogtreecommitdiffstats
path: root/kernel/linux2.5
diff options
context:
space:
mode:
authorBart De Schuymer <bdschuym@pandora.be>2003-01-11 15:27:05 +0000
committerBart De Schuymer <bdschuym@pandora.be>2003-01-11 15:27:05 +0000
commitc5f4ccd4a096b32b5ffcf697d778ff6af543da14 (patch)
treea2982e7e465928571479c1cc3ca6d88c7de06033 /kernel/linux2.5
parentb26057cad2d93ea622c3f42c152785540a49521c (diff)
use /* */ instead of // , update to Rusty's new module code scheme
Diffstat (limited to 'kernel/linux2.5')
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebtables.c287
1 files changed, 144 insertions, 143 deletions
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtables.c b/kernel/linux2.5/net/bridge/netfilter/ebtables.c
index 2244913..9b2bbe5 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebtables.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebtables.c
@@ -2,7 +2,7 @@
* ebtables
*
* Author:
- * Bart De Schuymer <bart.de.schuymer@pandora.be>
+ * Bart De Schuymer <bdschuym@pandora.be>
*
* ebtables.c,v 2.0, July, 2002
*
@@ -15,7 +15,7 @@
* 2 of the License, or (at your option) any later version.
*/
-// used for print_string
+/* used for print_string */
#include <linux/sched.h>
#include <linux/tty.h>
@@ -27,18 +27,20 @@
#include <asm/uaccess.h>
#include <linux/smp.h>
#include <net/sock.h>
-// needed for logical [in,out]-dev filtering
+/* needed for logical [in,out]-dev filtering */
#include "../br_private.h"
-// list_named_find
+/* list_named_find */
#define ASSERT_READ_LOCK(x)
#define ASSERT_WRITE_LOCK(x)
#include <linux/netfilter_ipv4/listhelp.h>
-#if 0 // use this for remote debugging
-// Copyright (C) 1998 by Ori Pomerantz
-// Print the string to the appropriate tty, the one
-// the current task uses
+#if 0
+/* use this for remote debugging
+ * Copyright (C) 1998 by Ori Pomerantz
+ * Print the string to the appropriate tty, the one
+ * the current task uses
+ */
static void print_string(char *str)
{
struct tty_struct *my_tty;
@@ -55,20 +57,22 @@ static void print_string(char *str)
#else
#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
"report to author: "format, ## args)
-// #define BUGPRINT(format, args...)
+/* #define BUGPRINT(format, args...) */
#endif
#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
": out of memory: "format, ## args)
-// #define MEMPRINT(format, args...)
+/* #define MEMPRINT(format, args...) */
-// Each cpu has its own set of counters, so there is no need for write_lock in
-// the softirq
-// For reading or updating the counters, the user context needs to
-// get a write_lock
+/*
+ * Each cpu has its own set of counters, so there is no need for write_lock in
+ * the softirq
+ * For reading or updating the counters, the user context needs to
+ * get a write_lock
+ */
-// The size of each set of counters is altered to get cache alignment
+/* The size of each set of counters is altered to get cache alignment */
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
@@ -91,7 +95,7 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
{
w->u.watcher->watcher(skb, in, out, w->data,
w->watcher_size);
- // watchers don't give a verdict
+ /* watchers don't give a verdict */
return 0;
}
@@ -113,7 +117,7 @@ static inline int ebt_dev_check(char *entry, const struct net_device *device)
}
#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
-// process standard matches
+/* process standard matches */
static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
const struct net_device *in, const struct net_device *out)
{
@@ -156,7 +160,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
return 0;
}
-// Do some firewalling
+/* Do some firewalling */
unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
struct ebt_table *table)
@@ -182,7 +186,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
nentries = private->hook_entry[hook]->nentries;
point = (struct ebt_entry *)(private->hook_entry[hook]->data);
counter_base = cb_base + private->hook_entry[hook]->counter_offset;
- // base for chain jumps
+ /* base for chain jumps */
base = private->entries;
i = 0;
while (i < nentries) {
@@ -192,18 +196,18 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
goto letscontinue;
- // increase counter
+ /* increase counter */
(*(counter_base + i)).pcnt++;
(*(counter_base + i)).bcnt+=(**pskb).len;
- // these should only watch: not modify, nor tell us
- // what to do with the packet
+ /* these should only watch: not modify, nor tell us
+ what to do with the packet */
EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, in,
out);
t = (struct ebt_entry_target *)
(((char *)point) + point->target_offset);
- // standard target
+ /* standard target */
if (!t->u.target->target)
verdict = ((struct ebt_standard_target *)t)->verdict;
else
@@ -222,12 +226,12 @@ letsreturn:
#ifdef CONFIG_NETFILTER_DEBUG
if (sp == 0) {
BUGPRINT("RETURN on base chain");
- // act like this is EBT_CONTINUE
+ /* act like this is EBT_CONTINUE */
goto letscontinue;
}
#endif
sp--;
- // put all the local variables right
+ /* put all the local variables right */
i = cs[sp].n;
chaininfo = cs[sp].chaininfo;
nentries = chaininfo->nentries;
@@ -245,7 +249,7 @@ letsreturn:
return NF_DROP;
}
#endif
- // jump to a udc
+ /* jump to a udc */
cs[sp].n = i + 1;
cs[sp].chaininfo = chaininfo;
cs[sp].e = (struct ebt_entry *)
@@ -270,7 +274,7 @@ letscontinue:
i++;
}
- // I actually like this :)
+ /* I actually like this :) */
if (chaininfo->policy == EBT_RETURN)
goto letsreturn;
if (chaininfo->policy == EBT_ACCEPT) {
@@ -281,7 +285,7 @@ letscontinue:
return NF_DROP;
}
-// If it succeeds, returns element and locks mutex
+/* If it succeeds, returns element and locks mutex */
static inline void *
find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
struct semaphore *mutex)
@@ -359,14 +363,15 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
if (!match)
return ret;
m->u.match = match;
- if (match->me)
- __MOD_INC_USE_COUNT(match->me);
+ if (!try_module_get(match->me)) {
+ up(&ebt_mutex);
+ return -EINVAL;
+ }
up(&ebt_mutex);
if (match->check &&
match->check(name, hookmask, e, m->data, m->match_size) != 0) {
BUGPRINT("match->check failed\n");
- if (match->me)
- __MOD_DEC_USE_COUNT(match->me);
+ module_put(match->me);
return -EINVAL;
}
(*cnt)++;
@@ -387,22 +392,25 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
if (!watcher)
return ret;
w->u.watcher = watcher;
- if (watcher->me)
- __MOD_INC_USE_COUNT(watcher->me);
+ if (!try_module_get(watcher->me)) {
+ up(&ebt_mutex);
+ return -EINVAL;
+ }
up(&ebt_mutex);
if (watcher->check &&
watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
BUGPRINT("watcher->check failed\n");
- if (watcher->me)
- __MOD_DEC_USE_COUNT(watcher->me);
+ module_put(watcher->me);
return -EINVAL;
}
(*cnt)++;
return 0;
}
-// this one is very careful, as it is the first function
-// to parse the userspace data
+/*
+ * this one is very careful, as it is the first function
+ * to parse the userspace data
+ */
static inline int
ebt_check_entry_size_and_hooks(struct ebt_entry *e,
struct ebt_table_info *newinfo, char *base, char *limit,
@@ -418,24 +426,24 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
(char *)e - newinfo->entries)
break;
}
- // beginning of a new chain
- // if i == NF_BR_NUMHOOKS it must be a user defined chain
+ /* beginning of a new chain
+ if i == NF_BR_NUMHOOKS it must be a user defined chain */
if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
- // we make userspace set this right,
- // so there is no misunderstanding
+ /* we make userspace set this right,
+ so there is no misunderstanding */
BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
"in distinguisher\n");
return -EINVAL;
}
- // this checks if the previous chain has as many entries
- // as it said it has
+ /* this checks if the previous chain has as many entries
+ as it said it has */
if (*n != *cnt) {
BUGPRINT("nentries does not equal the nr of entries "
"in the chain\n");
return -EINVAL;
}
- // before we look at the struct, be sure it is not too big
+ /* before we look at the struct, be sure it is not too big */
if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
> limit) {
BUGPRINT("entries_size too small\n");
@@ -443,14 +451,14 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
}
if (((struct ebt_entries *)e)->policy != EBT_DROP &&
((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
- // only RETURN from udc
+ /* only RETURN from udc */
if (i != NF_BR_NUMHOOKS ||
((struct ebt_entries *)e)->policy != EBT_RETURN) {
BUGPRINT("bad policy\n");
return -EINVAL;
}
}
- if (i == NF_BR_NUMHOOKS) // it's a user defined chain
+ if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
(*udc_cnt)++;
else
newinfo->hook_entry[i] = (struct ebt_entries *)e;
@@ -462,14 +470,14 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
*cnt = 0;
return 0;
}
- // a plain old entry, heh
+ /* a plain old entry, heh */
if (sizeof(struct ebt_entry) > e->watchers_offset ||
e->watchers_offset > e->target_offset ||
e->target_offset >= e->next_offset) {
BUGPRINT("entry offsets not in right order\n");
return -EINVAL;
}
- // this is not checked anywhere else
+ /* this is not checked anywhere else */
if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
BUGPRINT("target size too small\n");
return -EINVAL;
@@ -487,8 +495,10 @@ struct ebt_cl_stack
unsigned int hookmask;
};
-// we need these positions to check that the jumps to a different part of the
-// entries is a jump to the beginning of a new chain.
+/*
+ * we need these positions to check that the jumps to a different part of the
+ * entries is a jump to the beginning of a new chain.
+ */
static inline int
ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
@@ -496,7 +506,7 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
{
int i;
- // we're only interested in chain starts
+ /* we're only interested in chain starts */
if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
return 0;
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
@@ -505,12 +515,12 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
break;
}
- // only care about udc
+ /* only care about udc */
if (i != NF_BR_NUMHOOKS)
return 0;
udc[*n].cs.chaininfo = (struct ebt_entries *)e;
- // these initialisations are depended on later in check_chainloops()
+ /* these initialisations are depended on later in check_chainloops() */
udc[*n].cs.n = 0;
udc[*n].hookmask = 0;
@@ -525,8 +535,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
return 1;
if (m->u.match->destroy)
m->u.match->destroy(m->data, m->match_size);
- if (m->u.match->me)
- __MOD_DEC_USE_COUNT(m->u.match->me);
+ module_put(m->u.match->me);
return 0;
}
@@ -538,8 +547,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
return 1;
if (w->u.watcher->destroy)
w->u.watcher->destroy(w->data, w->watcher_size);
- if (w->u.watcher->me)
- __MOD_DEC_USE_COUNT(w->u.watcher->me);
+ module_put(w->u.watcher->me);
return 0;
}
@@ -551,7 +559,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
return 0;
- // we're done
+ /* we're done */
if (cnt && (*cnt)-- == 0)
return 1;
EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
@@ -559,8 +567,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
if (t->u.target->destroy)
t->u.target->destroy(t->data, t->target_size);
- if (t->u.target->me)
- __MOD_DEC_USE_COUNT(t->u.target->me);
+ module_put(t->u.target->me);
return 0;
}
@@ -575,7 +582,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
unsigned int i, j, hook = 0, hookmask = 0;
int ret;
- // Don't mess with the struct ebt_entries
+ /* don't mess with the struct ebt_entries */
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
return 0;
@@ -591,7 +598,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
BUGPRINT("NOPROTO & 802_3 not allowed\n");
return -EINVAL;
}
- // what hook do we belong to?
+ /* what hook do we belong to? */
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
if ((valid_hooks & (1 << i)) == 0)
continue;
@@ -600,8 +607,8 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
else
break;
}
- // (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
- // a base chain
+ /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
+ a base chain */
if (i < NF_BR_NUMHOOKS)
hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
else {
@@ -625,8 +632,10 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
target = find_target_lock(t->u.name, &ret, &ebt_mutex);
if (!target)
goto cleanup_watchers;
- if (target->me)
- __MOD_INC_USE_COUNT(target->me);
+ if (!try_module_get(target->me)) {
+ up(&ebt_mutex);
+ goto cleanup_watchers;
+ }
up(&ebt_mutex);
t->u.target = target;
@@ -647,8 +656,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
sizeof(struct ebt_entry_target) > e->next_offset) ||
(t->u.target->check &&
t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
- if (t->u.target->me)
- __MOD_DEC_USE_COUNT(t->u.target->me);
+ module_put(t->u.target->me);
ret = -EFAULT;
goto cleanup_watchers;
}
@@ -661,21 +669,22 @@ cleanup_matches:
return ret;
}
-// checks for loops and sets the hook mask for udc
-// the hook mask for udc tells us from which base chains the udc can be
-// accessed. This mask is a parameter to the check() functions of the extensions
-static int check_chainloops(struct ebt_entries *chain,
- struct ebt_cl_stack *cl_s, unsigned int udc_cnt,
- unsigned int hooknr, char *base)
+/*
+ * checks for loops and sets the hook mask for udc
+ * the hook mask for udc tells us from which base chains the udc can be
+ * accessed. This mask is a parameter to the check() functions of the extensions
+ */
+static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
+ unsigned int udc_cnt, unsigned int hooknr, char *base)
{
int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
struct ebt_entry *e = (struct ebt_entry *)chain->data;
struct ebt_entry_target *t;
while (pos < nentries || chain_nr != -1) {
- // end of udc, go back one 'recursion' step
+ /* end of udc, go back one 'recursion' step */
if (pos == nentries) {
- // put back values of the time when this chain was called
+ /* put back values of the time when this chain was called */
e = cl_s[chain_nr].cs.e;
if (cl_s[chain_nr].from != -1)
nentries =
@@ -683,7 +692,7 @@ static int check_chainloops(struct ebt_entries *chain,
else
nentries = chain->nentries;
pos = cl_s[chain_nr].cs.n;
- // make sure we won't see a loop that isn't one
+ /* make sure we won't see a loop that isn't one */
cl_s[chain_nr].cs.n = 0;
chain_nr = cl_s[chain_nr].from;
if (pos == nentries)
@@ -699,13 +708,13 @@ static int check_chainloops(struct ebt_entries *chain,
return -1;
}
verdict = ((struct ebt_standard_target *)t)->verdict;
- if (verdict >= 0) { // jump to another chain
+ if (verdict >= 0) { /* jump to another chain */
struct ebt_entries *hlp2 =
(struct ebt_entries *)(base + verdict);
for (i = 0; i < udc_cnt; i++)
if (hlp2 == cl_s[i].cs.chaininfo)
break;
- // bad destination or loop
+ /* bad destination or loop */
if (i == udc_cnt) {
BUGPRINT("bad destination\n");
return -1;
@@ -714,7 +723,7 @@ static int check_chainloops(struct ebt_entries *chain,
BUGPRINT("loop\n");
return -1;
}
- // this can't be 0, so the above test is correct
+ /* this can't be 0, so the above test is correct */
cl_s[i].cs.n = pos + 1;
pos = 0;
cl_s[i].cs.e = ((void *)e + e->next_offset);
@@ -722,7 +731,7 @@ static int check_chainloops(struct ebt_entries *chain,
nentries = hlp2->nentries;
cl_s[i].from = chain_nr;
chain_nr = i;
- // this udc is accessible from the base chain for hooknr
+ /* this udc is accessible from the base chain for hooknr */
cl_s[i].hookmask |= (1 << hooknr);
continue;
}
@@ -733,13 +742,13 @@ letscontinue:
return 0;
}
-// do the parsing of the table/chains/entries/matches/watchers/targets, heh
+/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
static int translate_table(struct ebt_replace *repl,
struct ebt_table_info *newinfo)
{
unsigned int i, j, k, udc_cnt;
int ret;
- struct ebt_cl_stack *cl_s = NULL; // used in the checking for chain loops
+ struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
i = 0;
while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
@@ -752,8 +761,8 @@ static int translate_table(struct ebt_replace *repl,
BUGPRINT("Chains don't start at beginning\n");
return -EINVAL;
}
- // make sure chains are ordered after each other in same order
- // as their corresponding hooks
+ /* make sure chains are ordered after each other in same order
+ as their corresponding hooks */
for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
if (!(repl->valid_hooks & (1 << j)))
continue;
@@ -770,12 +779,12 @@ static int translate_table(struct ebt_replace *repl,
newinfo->entries_size = repl->entries_size;
newinfo->nentries = repl->nentries;
- // do some early checkings and initialize some things
- i = 0; // holds the expected nr. of entries for the chain
- j = 0; // holds the up to now counted entries for the chain
- k = 0; // holds the total nr. of entries, should equal
- // newinfo->nentries afterwards
- udc_cnt = 0; // will hold the nr. of user defined chains (udc)
+ /* do some early checkings and initialize some things */
+ i = 0; /* holds the expected nr. of entries for the chain */
+ j = 0; /* holds the up to now counted entries for the chain */
+ k = 0; /* holds the total nr. of entries, should equal
+ newinfo->nentries afterwards */
+ udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
ebt_check_entry_size_and_hooks, newinfo, repl->entries,
repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
@@ -794,7 +803,7 @@ static int translate_table(struct ebt_replace *repl,
return -EINVAL;
}
- // check if all valid hooks have a chain
+ /* check if all valid hooks have a chain */
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
if (newinfo->hook_entry[i] == NULL &&
(repl->valid_hooks & (1 << i))) {
@@ -803,11 +812,11 @@ static int translate_table(struct ebt_replace *repl,
}
}
- // Get the location of the udc, put them in an array
- // While we're at it, allocate the chainstack
+ /* get the location of the udc, put them in an array
+ while we're at it, allocate the chainstack */
if (udc_cnt) {
- // this will get free'd in do_replace()/ebt_register_table()
- // if an error occurs
+ /* this will get free'd in do_replace()/ebt_register_table()
+ if an error occurs */
newinfo->chainstack = (struct ebt_chainstack **)
vmalloc(NR_CPUS * sizeof(struct ebt_chainstack));
if (!newinfo->chainstack)
@@ -828,11 +837,11 @@ static int translate_table(struct ebt_replace *repl,
vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
if (!cl_s)
return -ENOMEM;
- i = 0; // the i'th udc
+ i = 0; /* the i'th udc */
EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
repl->valid_hooks, cl_s);
- // sanity check
+ /* sanity check */
if (i != udc_cnt) {
BUGPRINT("i != udc_cnt\n");
vfree(cl_s);
@@ -840,7 +849,7 @@ static int translate_table(struct ebt_replace *repl,
}
}
- // Check for loops
+ /* Check for loops */
for (i = 0; i < NF_BR_NUMHOOKS; i++)
if (repl->valid_hooks & (1 << i))
if (check_chainloops(newinfo->hook_entry[i],
@@ -850,17 +859,17 @@ static int translate_table(struct ebt_replace *repl,
return -EINVAL;
}
- // we now know the following (along with E=mc˛):
- // - the nr of entries in each chain is right
- // - the size of the allocated space is right
- // - all valid hooks have a corresponding chain
- // - there are no loops
- // - wrong data can still be on the level of a single entry
- // - could be there are jumps to places that are not the
- // beginning of a chain. This can only occur in chains that
- // are not accessible from any base chains, so we don't care.
-
- // used to know what we need to clean up if something goes wrong
+ /* we now know the following (along with E=mc˛):
+ - the nr of entries in each chain is right
+ - the size of the allocated space is right
+ - all valid hooks have a corresponding chain
+ - there are no loops
+ - wrong data can still be on the level of a single entry
+ - could be there are jumps to places that are not the
+ beginning of a chain. This can only occur in chains that
+ are not accessible from any base chains, so we don't care. */
+
+ /* used to know what we need to clean up if something goes wrong */
i = 0;
ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
@@ -874,17 +883,17 @@ static int translate_table(struct ebt_replace *repl,
return ret;
}
-// called under write_lock
+/* called under write_lock */
static void get_counters(struct ebt_counter *oldcounters,
struct ebt_counter *counters, unsigned int nentries)
{
int i, cpu;
struct ebt_counter *counter_base;
- // counters of cpu 0
+ /* counters of cpu 0 */
memcpy(counters, oldcounters,
sizeof(struct ebt_counter) * nentries);
- // add other counters to those of cpu 0
+ /* add other counters to those of cpu 0 */
for (cpu = 1; cpu < NR_CPUS; cpu++) {
counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
for (i = 0; i < nentries; i++) {
@@ -894,7 +903,7 @@ static void get_counters(struct ebt_counter *oldcounters,
}
}
-// replace the table
+/* replace the table */
static int do_replace(void *user, unsigned int len)
{
int ret, i, countersize;
@@ -902,7 +911,7 @@ static int do_replace(void *user, unsigned int len)
struct ebt_replace tmp;
struct ebt_table *t;
struct ebt_counter *counterstmp = NULL;
- // used to be able to unlock earlier
+ /* used to be able to unlock earlier */
struct ebt_table_info *table;
if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
@@ -938,8 +947,8 @@ static int do_replace(void *user, unsigned int len)
goto free_entries;
}
- // the user wants counters back
- // the check on the size is done later, when we have the lock
+ /* the user wants counters back
+ the check on the size is done later, when we have the lock */
if (tmp.num_counters) {
counterstmp = (struct ebt_counter *)
vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
@@ -951,7 +960,7 @@ static int do_replace(void *user, unsigned int len)
else
counterstmp = NULL;
- // this can get initialized by translate_table()
+ /* this can get initialized by translate_table() */
newinfo->chainstack = NULL;
ret = translate_table(&tmp, newinfo);
@@ -962,7 +971,7 @@ static int do_replace(void *user, unsigned int len)
if (!t)
goto free_iterate;
- // the table doesn't like it
+ /* the table doesn't like it */
if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
goto free_unlock;
@@ -972,9 +981,9 @@ static int do_replace(void *user, unsigned int len)
goto free_unlock;
}
- // we have the mutex lock, so no danger in reading this pointer
+ /* we have the mutex lock, so no danger in reading this pointer */
table = t->private;
- // we need an atomic snapshot of the counters
+ /* we need an atomic snapshot of the counters */
write_lock_bh(&t->lock);
if (tmp.num_counters)
get_counters(t->private->counters, counterstmp,
@@ -983,10 +992,10 @@ static int do_replace(void *user, unsigned int len)
t->private = newinfo;
write_unlock_bh(&t->lock);
up(&ebt_mutex);
- // So, a user can change the chains while having messed up her counter
- // allocation. Only reason why this is done is because this way the lock
- // is held only once, while this doesn't bring the kernel into a
- // dangerous state.
+ /* so, a user can change the chains while having messed up her counter
+ allocation. Only reason why this is done is because this way the lock
+ is held only once, while this doesn't bring the kernel into a
+ dangerous state. */
if (tmp.num_counters &&
copy_to_user(tmp.counters, counterstmp,
tmp.num_counters * sizeof(struct ebt_counter))) {
@@ -996,7 +1005,7 @@ static int do_replace(void *user, unsigned int len)
else
ret = 0;
- // decrease module count and free resources
+ /* decrease module count and free resources */
EBT_ENTRY_ITERATE(table->entries, table->entries_size,
ebt_cleanup_entry, NULL);
@@ -1020,7 +1029,7 @@ free_iterate:
free_counterstmp:
if (counterstmp)
vfree(counterstmp);
- // can be initialized in translate_table()
+ /* can be initialized in translate_table() */
if (newinfo->chainstack) {
for (i = 0; i < NR_CPUS; i++)
vfree(newinfo->chainstack[i]);
@@ -1047,7 +1056,6 @@ int ebt_register_target(struct ebt_target *target)
return -EEXIST;
}
up(&ebt_mutex);
- MOD_INC_USE_COUNT;
return 0;
}
@@ -1057,7 +1065,6 @@ void ebt_unregister_target(struct ebt_target *target)
down(&ebt_mutex);
LIST_DELETE(&ebt_targets, target);
up(&ebt_mutex);
- MOD_DEC_USE_COUNT;
}
int ebt_register_match(struct ebt_match *match)
@@ -1072,7 +1079,6 @@ int ebt_register_match(struct ebt_match *match)
return -EEXIST;
}
up(&ebt_mutex);
- MOD_INC_USE_COUNT;
return 0;
}
@@ -1082,7 +1088,6 @@ void ebt_unregister_match(struct ebt_match *match)
down(&ebt_mutex);
LIST_DELETE(&ebt_matches, match);
up(&ebt_mutex);
- MOD_DEC_USE_COUNT;
}
int ebt_register_watcher(struct ebt_watcher *watcher)
@@ -1097,7 +1102,6 @@ int ebt_register_watcher(struct ebt_watcher *watcher)
return -EEXIST;
}
up(&ebt_mutex);
- MOD_INC_USE_COUNT;
return 0;
}
@@ -1107,7 +1111,6 @@ void ebt_unregister_watcher(struct ebt_watcher *watcher)
down(&ebt_mutex);
LIST_DELETE(&ebt_watchers, watcher);
up(&ebt_mutex);
- MOD_DEC_USE_COUNT;
}
int ebt_register_table(struct ebt_table *table)
@@ -1139,7 +1142,7 @@ int ebt_register_table(struct ebt_table *table)
if (countersize)
memset(newinfo->counters, 0, countersize);
- // fill in newinfo and parse the entries
+ /* fill in newinfo and parse the entries */
newinfo->chainstack = NULL;
ret = translate_table(table->table, newinfo);
if (ret != 0) {
@@ -1166,7 +1169,6 @@ int ebt_register_table(struct ebt_table *table)
list_prepend(&ebt_tables, table);
up(&ebt_mutex);
- MOD_INC_USE_COUNT;
return 0;
free_unlock:
up(&ebt_mutex);
@@ -1203,10 +1205,9 @@ void ebt_unregister_table(struct ebt_table *table)
vfree(table->private->chainstack);
}
vfree(table->private);
- MOD_DEC_USE_COUNT;
}
-// userspace just supplied us with counters
+/* userspace just supplied us with counters */
static int update_counters(void *user, unsigned int len)
{
int i, ret;
@@ -1245,10 +1246,10 @@ static int update_counters(void *user, unsigned int len)
goto unlock_mutex;
}
- // we want an atomic add of the counters
+ /* we want an atomic add of the counters */
write_lock_bh(&t->lock);
- // we add to the counters of the first cpu
+ /* we add to the counters of the first cpu */
for (i = 0; i < hlp.num_counters; i++) {
t->private->counters[i].pcnt += tmp[i].pcnt;
t->private->counters[i].bcnt += tmp[i].bcnt;
@@ -1304,7 +1305,7 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
return 0;
}
-// called with ebt_mutex down
+/* called with ebt_mutex down */
static int copy_everything_to_user(struct ebt_table *t, void *user,
int *len, int cmd)
{
@@ -1346,7 +1347,7 @@ static int copy_everything_to_user(struct ebt_table *t, void *user,
return -EINVAL;
}
- // userspace might not need the counters
+ /* userspace might not need the counters */
if (tmp.num_counters) {
if (tmp.num_counters != nentries) {
BUGPRINT("Num_counters wrong\n");
@@ -1375,7 +1376,7 @@ static int copy_everything_to_user(struct ebt_table *t, void *user,
BUGPRINT("Couldn't copy entries to userspace\n");
return -EFAULT;
}
- // set the match/watcher/target names right
+ /* set the match/watcher/target names right */
return EBT_ENTRY_ITERATE(entries, entries_size,
ebt_make_names, entries, tmp.entries);
}