[NETFILTER]: ipt_SAME: add compat conversion functions ipt_SAME should have the compat function cause its entry structure (ipt_same_info) contains a pointer between data filled/checked in both kernel and userspace. Signed-off-by: Konstantin Khorenko <khorenko@xxxxx> --- Thank you, Konstantin Khorenko SWsoft Virtuozzo/OpenVZ Linux kernel team
--- ./net/ipv4/netfilter/ipt_SAME.c.SAME 2007-11-06 13:55:16.000000000 +0300 +++ ./net/ipv4/netfilter/ipt_SAME.c 2007-11-09 16:50:38.000000000 +0300 @@ -152,6 +152,47 @@ same_target(struct sk_buff *skb, return nf_nat_setup_info(ct, &newrange, hooknum); } +#ifdef CONFIG_COMPAT +struct compat_ipt_same_info +{ + unsigned char info; + u_int32_t rangesize; + u_int32_t ipnum; + compat_uptr_t iparray; + + /* hangs off end. */ + struct nf_nat_range range[IPT_SAME_MAX_RANGE]; +}; + +static void compat_from_user(void *dst, void *src) +{ + const struct compat_ipt_same_info *cl = src; + struct ipt_same_info l = { + .info = cl->info, + .rangesize = cl->rangesize, + .ipnum = 0, + .iparray = NULL, + }; + + memcpy(l.range, cl->range, sizeof(l.range)); + memcpy(dst, &l, sizeof(l)); +} + +static int compat_to_user(void __user *dst, void *src) +{ + const struct ipt_same_info *l = src; + struct compat_ipt_same_info cl = { + .info = l->info, + .rangesize = l->rangesize, + .ipnum = 0, + .iparray = (compat_uptr_t)NULL, + }; + + memcpy(cl.range, l->range, sizeof(cl.range)); + return copy_to_user(dst, &cl, sizeof(cl)) ? -EFAULT : 0; +} +#endif /* CONFIG_COMPAT */ + static struct xt_target same_reg __read_mostly = { .name = "SAME", .family = AF_INET, @@ -161,6 +202,11 @@ static struct xt_target same_reg __read_ .hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING), .checkentry = same_check, .destroy = same_destroy, +#ifdef CONFIG_COMPAT + .compatsize = sizeof(struct compat_ipt_same_info), + .compat_from_user = compat_from_user, + .compat_to_user = compat_to_user, +#endif .me = THIS_MODULE, };