Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * ebtables | |
3 | * | |
4 | * Author: | |
5 | * Bart De Schuymer <bdschuym@pandora.be> | |
6 | * | |
7 | * ebtables.c,v 2.0, July, 2002 | |
8 | * | |
9 | * This code is stongly inspired on the iptables code which is | |
10 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling | |
11 | * | |
12 | * This program is free software; you can redistribute it and/or | |
13 | * modify it under the terms of the GNU General Public License | |
14 | * as published by the Free Software Foundation; either version | |
15 | * 2 of the License, or (at your option) any later version. | |
16 | */ | |
17 | ||
1da177e4 LT |
18 | |
19 | #include <linux/kmod.h> | |
20 | #include <linux/module.h> | |
21 | #include <linux/vmalloc.h> | |
18219d3f | 22 | #include <linux/netfilter/x_tables.h> |
1da177e4 LT |
23 | #include <linux/netfilter_bridge/ebtables.h> |
24 | #include <linux/spinlock.h> | |
df0933dc | 25 | #include <linux/mutex.h> |
1da177e4 LT |
26 | #include <asm/uaccess.h> |
27 | #include <linux/smp.h> | |
c8923c6b | 28 | #include <linux/cpumask.h> |
1da177e4 LT |
29 | #include <net/sock.h> |
30 | /* needed for logical [in,out]-dev filtering */ | |
31 | #include "../br_private.h" | |
32 | ||
1da177e4 | 33 | #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ |
9d6f229f | 34 | "report to author: "format, ## args) |
1da177e4 | 35 | /* #define BUGPRINT(format, args...) */ |
1da177e4 | 36 | #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ |
9d6f229f | 37 | ": out of memory: "format, ## args) |
1da177e4 LT |
38 | /* #define MEMPRINT(format, args...) */ |
39 | ||
40 | ||
41 | ||
42 | /* | |
43 | * Each cpu has its own set of counters, so there is no need for write_lock in | |
44 | * the softirq | |
45 | * For reading or updating the counters, the user context needs to | |
46 | * get a write_lock | |
47 | */ | |
48 | ||
49 | /* The size of each set of counters is altered to get cache alignment */ | |
50 | #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) | |
51 | #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) | |
52 | #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ | |
53 | COUNTER_OFFSET(n) * cpu)) | |
54 | ||
55 | ||
56 | ||
57b47a53 | 57 | static DEFINE_MUTEX(ebt_mutex); |
1da177e4 | 58 | static LIST_HEAD(ebt_tables); |
1da177e4 | 59 | |
043ef46c | 60 | static struct xt_target ebt_standard_target = { |
001a18d3 JE |
61 | .name = "standard", |
62 | .revision = 0, | |
63 | .family = NFPROTO_BRIDGE, | |
043ef46c | 64 | .targetsize = sizeof(int), |
18219d3f | 65 | }; |
1da177e4 LT |
66 | |
67 | static inline int ebt_do_watcher (struct ebt_entry_watcher *w, | |
2d06d4a5 | 68 | struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, |
1da177e4 LT |
69 | const struct net_device *out) |
70 | { | |
043ef46c | 71 | w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data); |
1da177e4 LT |
72 | /* watchers don't give a verdict */ |
73 | return 0; | |
74 | } | |
75 | ||
76 | static inline int ebt_do_match (struct ebt_entry_match *m, | |
f7108a20 | 77 | const struct sk_buff *skb, struct xt_match_param *par) |
1da177e4 | 78 | { |
f7108a20 JE |
79 | par->match = m->u.match; |
80 | par->matchinfo = m->data; | |
81 | return m->u.match->match(skb, par); | |
1da177e4 LT |
82 | } |
83 | ||
84 | static inline int ebt_dev_check(char *entry, const struct net_device *device) | |
85 | { | |
86 | int i = 0; | |
6f5b7ef6 | 87 | const char *devname = device->name; |
1da177e4 LT |
88 | |
89 | if (*entry == '\0') | |
90 | return 0; | |
91 | if (!device) | |
92 | return 1; | |
93 | /* 1 is the wildcard token */ | |
94 | while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) | |
95 | i++; | |
96 | return (devname[i] != entry[i] && entry[i] != 1); | |
97 | } | |
98 | ||
99 | #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) | |
100 | /* process standard matches */ | |
101 | static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, | |
102 | const struct net_device *in, const struct net_device *out) | |
103 | { | |
104 | int verdict, i; | |
105 | ||
106 | if (e->bitmask & EBT_802_3) { | |
107 | if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) | |
108 | return 1; | |
109 | } else if (!(e->bitmask & EBT_NOPROTO) && | |
110 | FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) | |
111 | return 1; | |
112 | ||
113 | if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) | |
114 | return 1; | |
115 | if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) | |
116 | return 1; | |
117 | if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( | |
118 | e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) | |
119 | return 1; | |
120 | if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( | |
121 | e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) | |
122 | return 1; | |
123 | ||
124 | if (e->bitmask & EBT_SOURCEMAC) { | |
125 | verdict = 0; | |
126 | for (i = 0; i < 6; i++) | |
127 | verdict |= (h->h_source[i] ^ e->sourcemac[i]) & | |
128 | e->sourcemsk[i]; | |
129 | if (FWINV2(verdict != 0, EBT_ISOURCE) ) | |
130 | return 1; | |
131 | } | |
132 | if (e->bitmask & EBT_DESTMAC) { | |
133 | verdict = 0; | |
134 | for (i = 0; i < 6; i++) | |
135 | verdict |= (h->h_dest[i] ^ e->destmac[i]) & | |
136 | e->destmsk[i]; | |
137 | if (FWINV2(verdict != 0, EBT_IDEST) ) | |
138 | return 1; | |
139 | } | |
140 | return 0; | |
141 | } | |
142 | ||
143 | /* Do some firewalling */ | |
3db05fea | 144 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, |
1da177e4 LT |
145 | const struct net_device *in, const struct net_device *out, |
146 | struct ebt_table *table) | |
147 | { | |
148 | int i, nentries; | |
149 | struct ebt_entry *point; | |
150 | struct ebt_counter *counter_base, *cb_base; | |
151 | struct ebt_entry_target *t; | |
152 | int verdict, sp = 0; | |
153 | struct ebt_chainstack *cs; | |
154 | struct ebt_entries *chaininfo; | |
155 | char *base; | |
156 | struct ebt_table_info *private; | |
5365f802 | 157 | bool hotdrop = false; |
f7108a20 JE |
158 | struct xt_match_param mtpar; |
159 | ||
160 | mtpar.in = in; | |
161 | mtpar.out = out; | |
162 | mtpar.hotdrop = &hotdrop; | |
1da177e4 LT |
163 | |
164 | read_lock_bh(&table->lock); | |
165 | private = table->private; | |
166 | cb_base = COUNTER_BASE(private->counters, private->nentries, | |
167 | smp_processor_id()); | |
168 | if (private->chainstack) | |
169 | cs = private->chainstack[smp_processor_id()]; | |
170 | else | |
171 | cs = NULL; | |
172 | chaininfo = private->hook_entry[hook]; | |
173 | nentries = private->hook_entry[hook]->nentries; | |
174 | point = (struct ebt_entry *)(private->hook_entry[hook]->data); | |
175 | counter_base = cb_base + private->hook_entry[hook]->counter_offset; | |
176 | /* base for chain jumps */ | |
177 | base = private->entries; | |
178 | i = 0; | |
179 | while (i < nentries) { | |
3db05fea | 180 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) |
1da177e4 LT |
181 | goto letscontinue; |
182 | ||
f7108a20 | 183 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0) |
1da177e4 | 184 | goto letscontinue; |
5365f802 JE |
185 | if (hotdrop) { |
186 | read_unlock_bh(&table->lock); | |
187 | return NF_DROP; | |
188 | } | |
1da177e4 LT |
189 | |
190 | /* increase counter */ | |
191 | (*(counter_base + i)).pcnt++; | |
3db05fea | 192 | (*(counter_base + i)).bcnt += skb->len; |
1da177e4 LT |
193 | |
194 | /* these should only watch: not modify, nor tell us | |
195 | what to do with the packet */ | |
3db05fea | 196 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, |
1da177e4 LT |
197 | out); |
198 | ||
199 | t = (struct ebt_entry_target *) | |
200 | (((char *)point) + point->target_offset); | |
201 | /* standard target */ | |
202 | if (!t->u.target->target) | |
203 | verdict = ((struct ebt_standard_target *)t)->verdict; | |
204 | else | |
2d06d4a5 | 205 | verdict = t->u.target->target(skb, in, out, hook, |
043ef46c | 206 | t->u.target, t->data); |
1da177e4 LT |
207 | if (verdict == EBT_ACCEPT) { |
208 | read_unlock_bh(&table->lock); | |
209 | return NF_ACCEPT; | |
210 | } | |
211 | if (verdict == EBT_DROP) { | |
212 | read_unlock_bh(&table->lock); | |
213 | return NF_DROP; | |
214 | } | |
215 | if (verdict == EBT_RETURN) { | |
216 | letsreturn: | |
217 | #ifdef CONFIG_NETFILTER_DEBUG | |
218 | if (sp == 0) { | |
219 | BUGPRINT("RETURN on base chain"); | |
220 | /* act like this is EBT_CONTINUE */ | |
221 | goto letscontinue; | |
222 | } | |
223 | #endif | |
224 | sp--; | |
225 | /* put all the local variables right */ | |
226 | i = cs[sp].n; | |
227 | chaininfo = cs[sp].chaininfo; | |
228 | nentries = chaininfo->nentries; | |
229 | point = cs[sp].e; | |
230 | counter_base = cb_base + | |
231 | chaininfo->counter_offset; | |
232 | continue; | |
233 | } | |
234 | if (verdict == EBT_CONTINUE) | |
235 | goto letscontinue; | |
236 | #ifdef CONFIG_NETFILTER_DEBUG | |
237 | if (verdict < 0) { | |
238 | BUGPRINT("bogus standard verdict\n"); | |
239 | read_unlock_bh(&table->lock); | |
240 | return NF_DROP; | |
241 | } | |
242 | #endif | |
243 | /* jump to a udc */ | |
244 | cs[sp].n = i + 1; | |
245 | cs[sp].chaininfo = chaininfo; | |
246 | cs[sp].e = (struct ebt_entry *) | |
247 | (((char *)point) + point->next_offset); | |
248 | i = 0; | |
249 | chaininfo = (struct ebt_entries *) (base + verdict); | |
250 | #ifdef CONFIG_NETFILTER_DEBUG | |
251 | if (chaininfo->distinguisher) { | |
252 | BUGPRINT("jump to non-chain\n"); | |
253 | read_unlock_bh(&table->lock); | |
254 | return NF_DROP; | |
255 | } | |
256 | #endif | |
257 | nentries = chaininfo->nentries; | |
258 | point = (struct ebt_entry *)chaininfo->data; | |
259 | counter_base = cb_base + chaininfo->counter_offset; | |
260 | sp++; | |
261 | continue; | |
262 | letscontinue: | |
263 | point = (struct ebt_entry *) | |
264 | (((char *)point) + point->next_offset); | |
265 | i++; | |
266 | } | |
267 | ||
268 | /* I actually like this :) */ | |
269 | if (chaininfo->policy == EBT_RETURN) | |
270 | goto letsreturn; | |
271 | if (chaininfo->policy == EBT_ACCEPT) { | |
272 | read_unlock_bh(&table->lock); | |
273 | return NF_ACCEPT; | |
274 | } | |
275 | read_unlock_bh(&table->lock); | |
276 | return NF_DROP; | |
277 | } | |
278 | ||
279 | /* If it succeeds, returns element and locks mutex */ | |
280 | static inline void * | |
281 | find_inlist_lock_noload(struct list_head *head, const char *name, int *error, | |
57b47a53 | 282 | struct mutex *mutex) |
1da177e4 | 283 | { |
df0933dc PM |
284 | struct { |
285 | struct list_head list; | |
286 | char name[EBT_FUNCTION_MAXNAMELEN]; | |
287 | } *e; | |
1da177e4 | 288 | |
57b47a53 | 289 | *error = mutex_lock_interruptible(mutex); |
1da177e4 LT |
290 | if (*error != 0) |
291 | return NULL; | |
292 | ||
df0933dc PM |
293 | list_for_each_entry(e, head, list) { |
294 | if (strcmp(e->name, name) == 0) | |
295 | return e; | |
1da177e4 | 296 | } |
df0933dc PM |
297 | *error = -ENOENT; |
298 | mutex_unlock(mutex); | |
299 | return NULL; | |
1da177e4 LT |
300 | } |
301 | ||
302 | #ifndef CONFIG_KMOD | |
303 | #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) | |
304 | #else | |
305 | static void * | |
306 | find_inlist_lock(struct list_head *head, const char *name, const char *prefix, | |
57b47a53 | 307 | int *error, struct mutex *mutex) |
1da177e4 LT |
308 | { |
309 | void *ret; | |
310 | ||
311 | ret = find_inlist_lock_noload(head, name, error, mutex); | |
312 | if (!ret) { | |
313 | request_module("%s%s", prefix, name); | |
314 | ret = find_inlist_lock_noload(head, name, error, mutex); | |
315 | } | |
316 | return ret; | |
317 | } | |
318 | #endif | |
319 | ||
320 | static inline struct ebt_table * | |
57b47a53 | 321 | find_table_lock(const char *name, int *error, struct mutex *mutex) |
1da177e4 LT |
322 | { |
323 | return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); | |
324 | } | |
325 | ||
1da177e4 | 326 | static inline int |
9b4fce7a JE |
327 | ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par, |
328 | unsigned int *cnt) | |
1da177e4 | 329 | { |
9b4fce7a | 330 | const struct ebt_entry *e = par->entryinfo; |
043ef46c | 331 | struct xt_match *match; |
14197d54 | 332 | size_t left = ((char *)e + e->watchers_offset) - (char *)m; |
1da177e4 LT |
333 | int ret; |
334 | ||
14197d54 AV |
335 | if (left < sizeof(struct ebt_entry_match) || |
336 | left - sizeof(struct ebt_entry_match) < m->match_size) | |
1da177e4 | 337 | return -EINVAL; |
043ef46c JE |
338 | |
339 | match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, | |
340 | m->u.name, 0), "ebt_%s", m->u.name); | |
341 | if (IS_ERR(match)) | |
342 | return PTR_ERR(match); | |
343 | if (match == NULL) | |
1da177e4 | 344 | return -ENOENT; |
043ef46c JE |
345 | m->u.match = match; |
346 | ||
9b4fce7a JE |
347 | par->match = match; |
348 | par->matchinfo = m->data; | |
349 | ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size, | |
350 | e->ethproto, e->invflags & EBT_IPROTO); | |
043ef46c JE |
351 | if (ret < 0) { |
352 | module_put(match->me); | |
353 | return ret; | |
1da177e4 | 354 | } |
043ef46c | 355 | |
1da177e4 LT |
356 | (*cnt)++; |
357 | return 0; | |
358 | } | |
359 | ||
360 | static inline int | |
361 | ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, | |
362 | const char *name, unsigned int hookmask, unsigned int *cnt) | |
363 | { | |
043ef46c | 364 | struct xt_target *watcher; |
14197d54 | 365 | size_t left = ((char *)e + e->target_offset) - (char *)w; |
1da177e4 LT |
366 | int ret; |
367 | ||
14197d54 AV |
368 | if (left < sizeof(struct ebt_entry_watcher) || |
369 | left - sizeof(struct ebt_entry_watcher) < w->watcher_size) | |
1da177e4 | 370 | return -EINVAL; |
043ef46c JE |
371 | |
372 | watcher = try_then_request_module( | |
373 | xt_find_target(NFPROTO_BRIDGE, w->u.name, 0), | |
374 | "ebt_%s", w->u.name); | |
375 | if (IS_ERR(watcher)) | |
376 | return PTR_ERR(watcher); | |
377 | if (watcher == NULL) | |
1da177e4 | 378 | return -ENOENT; |
043ef46c JE |
379 | w->u.watcher = watcher; |
380 | ||
381 | ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size, | |
367c6790 JE |
382 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, |
383 | e, w->data); | |
043ef46c JE |
384 | if (ret < 0) { |
385 | module_put(watcher->me); | |
386 | return ret; | |
1da177e4 | 387 | } |
043ef46c | 388 | |
1da177e4 LT |
389 | (*cnt)++; |
390 | return 0; | |
391 | } | |
392 | ||
70fe9af4 AV |
393 | static int ebt_verify_pointers(struct ebt_replace *repl, |
394 | struct ebt_table_info *newinfo) | |
1da177e4 | 395 | { |
70fe9af4 AV |
396 | unsigned int limit = repl->entries_size; |
397 | unsigned int valid_hooks = repl->valid_hooks; | |
398 | unsigned int offset = 0; | |
1da177e4 LT |
399 | int i; |
400 | ||
e4fd77de AV |
401 | for (i = 0; i < NF_BR_NUMHOOKS; i++) |
402 | newinfo->hook_entry[i] = NULL; | |
403 | ||
404 | newinfo->entries_size = repl->entries_size; | |
405 | newinfo->nentries = repl->nentries; | |
406 | ||
70fe9af4 AV |
407 | while (offset < limit) { |
408 | size_t left = limit - offset; | |
409 | struct ebt_entry *e = (void *)newinfo->entries + offset; | |
bb2ef25c | 410 | |
70fe9af4 | 411 | if (left < sizeof(unsigned int)) |
1da177e4 | 412 | break; |
70fe9af4 AV |
413 | |
414 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | |
415 | if ((valid_hooks & (1 << i)) == 0) | |
416 | continue; | |
1e419cd9 AV |
417 | if ((char __user *)repl->hook_entry[i] == |
418 | repl->entries + offset) | |
70fe9af4 AV |
419 | break; |
420 | } | |
421 | ||
422 | if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { | |
423 | if (e->bitmask != 0) { | |
424 | /* we make userspace set this right, | |
425 | so there is no misunderstanding */ | |
426 | BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " | |
427 | "in distinguisher\n"); | |
428 | return -EINVAL; | |
429 | } | |
430 | if (i != NF_BR_NUMHOOKS) | |
431 | newinfo->hook_entry[i] = (struct ebt_entries *)e; | |
432 | if (left < sizeof(struct ebt_entries)) | |
433 | break; | |
434 | offset += sizeof(struct ebt_entries); | |
435 | } else { | |
436 | if (left < sizeof(struct ebt_entry)) | |
437 | break; | |
438 | if (left < e->next_offset) | |
439 | break; | |
440 | offset += e->next_offset; | |
1da177e4 | 441 | } |
22b440bf | 442 | } |
70fe9af4 AV |
443 | if (offset != limit) { |
444 | BUGPRINT("entries_size too small\n"); | |
445 | return -EINVAL; | |
446 | } | |
e4fd77de AV |
447 | |
448 | /* check if all valid hooks have a chain */ | |
449 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | |
450 | if (!newinfo->hook_entry[i] && | |
451 | (valid_hooks & (1 << i))) { | |
452 | BUGPRINT("Valid hook without chain\n"); | |
453 | return -EINVAL; | |
454 | } | |
455 | } | |
22b440bf | 456 | return 0; |
22b440bf AV |
457 | } |
458 | ||
459 | /* | |
460 | * this one is very careful, as it is the first function | |
461 | * to parse the userspace data | |
462 | */ | |
463 | static inline int | |
464 | ebt_check_entry_size_and_hooks(struct ebt_entry *e, | |
0e795531 AV |
465 | struct ebt_table_info *newinfo, |
466 | unsigned int *n, unsigned int *cnt, | |
467 | unsigned int *totalcnt, unsigned int *udc_cnt) | |
22b440bf | 468 | { |
22b440bf AV |
469 | int i; |
470 | ||
471 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | |
0e795531 | 472 | if ((void *)e == (void *)newinfo->hook_entry[i]) |
22b440bf AV |
473 | break; |
474 | } | |
475 | /* beginning of a new chain | |
476 | if i == NF_BR_NUMHOOKS it must be a user defined chain */ | |
477 | if (i != NF_BR_NUMHOOKS || !e->bitmask) { | |
1da177e4 LT |
478 | /* this checks if the previous chain has as many entries |
479 | as it said it has */ | |
480 | if (*n != *cnt) { | |
481 | BUGPRINT("nentries does not equal the nr of entries " | |
9d6f229f | 482 | "in the chain\n"); |
1da177e4 LT |
483 | return -EINVAL; |
484 | } | |
1da177e4 LT |
485 | if (((struct ebt_entries *)e)->policy != EBT_DROP && |
486 | ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { | |
487 | /* only RETURN from udc */ | |
488 | if (i != NF_BR_NUMHOOKS || | |
489 | ((struct ebt_entries *)e)->policy != EBT_RETURN) { | |
490 | BUGPRINT("bad policy\n"); | |
491 | return -EINVAL; | |
492 | } | |
493 | } | |
494 | if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ | |
495 | (*udc_cnt)++; | |
1da177e4 LT |
496 | if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { |
497 | BUGPRINT("counter_offset != totalcnt"); | |
498 | return -EINVAL; | |
499 | } | |
500 | *n = ((struct ebt_entries *)e)->nentries; | |
501 | *cnt = 0; | |
502 | return 0; | |
503 | } | |
504 | /* a plain old entry, heh */ | |
505 | if (sizeof(struct ebt_entry) > e->watchers_offset || | |
506 | e->watchers_offset > e->target_offset || | |
507 | e->target_offset >= e->next_offset) { | |
508 | BUGPRINT("entry offsets not in right order\n"); | |
509 | return -EINVAL; | |
510 | } | |
511 | /* this is not checked anywhere else */ | |
512 | if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { | |
513 | BUGPRINT("target size too small\n"); | |
514 | return -EINVAL; | |
515 | } | |
1da177e4 LT |
516 | (*cnt)++; |
517 | (*totalcnt)++; | |
518 | return 0; | |
519 | } | |
520 | ||
521 | struct ebt_cl_stack | |
522 | { | |
523 | struct ebt_chainstack cs; | |
524 | int from; | |
525 | unsigned int hookmask; | |
526 | }; | |
527 | ||
528 | /* | |
529 | * we need these positions to check that the jumps to a different part of the | |
530 | * entries is a jump to the beginning of a new chain. | |
531 | */ | |
532 | static inline int | |
533 | ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, | |
177abc34 | 534 | unsigned int *n, struct ebt_cl_stack *udc) |
1da177e4 LT |
535 | { |
536 | int i; | |
537 | ||
538 | /* we're only interested in chain starts */ | |
40642f95 | 539 | if (e->bitmask) |
1da177e4 LT |
540 | return 0; |
541 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | |
1da177e4 LT |
542 | if (newinfo->hook_entry[i] == (struct ebt_entries *)e) |
543 | break; | |
544 | } | |
545 | /* only care about udc */ | |
546 | if (i != NF_BR_NUMHOOKS) | |
547 | return 0; | |
548 | ||
549 | udc[*n].cs.chaininfo = (struct ebt_entries *)e; | |
550 | /* these initialisations are depended on later in check_chainloops() */ | |
551 | udc[*n].cs.n = 0; | |
552 | udc[*n].hookmask = 0; | |
553 | ||
554 | (*n)++; | |
555 | return 0; | |
556 | } | |
557 | ||
558 | static inline int | |
559 | ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) | |
560 | { | |
6be3d859 JE |
561 | struct xt_mtdtor_param par; |
562 | ||
1da177e4 LT |
563 | if (i && (*i)-- == 0) |
564 | return 1; | |
1da177e4 | 565 | |
6be3d859 JE |
566 | par.match = m->u.match; |
567 | par.matchinfo = m->data; | |
568 | if (par.match->destroy != NULL) | |
569 | par.match->destroy(&par); | |
570 | module_put(par.match->me); | |
1da177e4 LT |
571 | return 0; |
572 | } | |
573 | ||
574 | static inline int | |
575 | ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) | |
576 | { | |
577 | if (i && (*i)-- == 0) | |
578 | return 1; | |
579 | if (w->u.watcher->destroy) | |
043ef46c | 580 | w->u.watcher->destroy(w->u.watcher, w->data); |
1da177e4 LT |
581 | module_put(w->u.watcher->me); |
582 | ||
583 | return 0; | |
584 | } | |
585 | ||
586 | static inline int | |
587 | ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) | |
588 | { | |
589 | struct ebt_entry_target *t; | |
590 | ||
40642f95 | 591 | if (e->bitmask == 0) |
1da177e4 LT |
592 | return 0; |
593 | /* we're done */ | |
594 | if (cnt && (*cnt)-- == 0) | |
595 | return 1; | |
596 | EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); | |
597 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); | |
598 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | |
599 | if (t->u.target->destroy) | |
043ef46c | 600 | t->u.target->destroy(t->u.target, t->data); |
1da177e4 LT |
601 | module_put(t->u.target->me); |
602 | ||
603 | return 0; | |
604 | } | |
605 | ||
606 | static inline int | |
607 | ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |
f7da79d9 | 608 | const char *name, unsigned int *cnt, |
1da177e4 LT |
609 | struct ebt_cl_stack *cl_s, unsigned int udc_cnt) |
610 | { | |
611 | struct ebt_entry_target *t; | |
043ef46c | 612 | struct xt_target *target; |
1da177e4 | 613 | unsigned int i, j, hook = 0, hookmask = 0; |
44f9a2fd | 614 | size_t gap; |
1da177e4 | 615 | int ret; |
6be3d859 | 616 | struct xt_mtchk_param mtpar; |
1da177e4 LT |
617 | |
618 | /* don't mess with the struct ebt_entries */ | |
40642f95 | 619 | if (e->bitmask == 0) |
1da177e4 LT |
620 | return 0; |
621 | ||
622 | if (e->bitmask & ~EBT_F_MASK) { | |
623 | BUGPRINT("Unknown flag for bitmask\n"); | |
624 | return -EINVAL; | |
625 | } | |
626 | if (e->invflags & ~EBT_INV_MASK) { | |
627 | BUGPRINT("Unknown flag for inv bitmask\n"); | |
628 | return -EINVAL; | |
629 | } | |
630 | if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { | |
631 | BUGPRINT("NOPROTO & 802_3 not allowed\n"); | |
632 | return -EINVAL; | |
633 | } | |
634 | /* what hook do we belong to? */ | |
635 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | |
f7da79d9 | 636 | if (!newinfo->hook_entry[i]) |
1da177e4 LT |
637 | continue; |
638 | if ((char *)newinfo->hook_entry[i] < (char *)e) | |
639 | hook = i; | |
640 | else | |
641 | break; | |
642 | } | |
643 | /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on | |
644 | a base chain */ | |
645 | if (i < NF_BR_NUMHOOKS) | |
646 | hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); | |
647 | else { | |
648 | for (i = 0; i < udc_cnt; i++) | |
649 | if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) | |
650 | break; | |
651 | if (i == 0) | |
652 | hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); | |
653 | else | |
654 | hookmask = cl_s[i - 1].hookmask; | |
655 | } | |
656 | i = 0; | |
9b4fce7a | 657 | |
6be3d859 JE |
658 | mtpar.table = name; |
659 | mtpar.entryinfo = e; | |
660 | mtpar.hook_mask = hookmask; | |
661 | ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i); | |
1da177e4 LT |
662 | if (ret != 0) |
663 | goto cleanup_matches; | |
664 | j = 0; | |
665 | ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); | |
666 | if (ret != 0) | |
667 | goto cleanup_watchers; | |
668 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | |
44f9a2fd | 669 | gap = e->next_offset - e->target_offset; |
1da177e4 | 670 | |
043ef46c JE |
671 | target = try_then_request_module( |
672 | xt_find_target(NFPROTO_BRIDGE, t->u.name, 0), | |
673 | "ebt_%s", t->u.name); | |
674 | if (IS_ERR(target)) { | |
675 | ret = PTR_ERR(target); | |
001a18d3 | 676 | goto cleanup_watchers; |
043ef46c JE |
677 | } else if (target == NULL) { |
678 | ret = -ENOENT; | |
001a18d3 JE |
679 | goto cleanup_watchers; |
680 | } | |
681 | ||
1da177e4 LT |
682 | t->u.target = target; |
683 | if (t->u.target == &ebt_standard_target) { | |
14197d54 | 684 | if (gap < sizeof(struct ebt_standard_target)) { |
1da177e4 LT |
685 | BUGPRINT("Standard target size too big\n"); |
686 | ret = -EFAULT; | |
687 | goto cleanup_watchers; | |
688 | } | |
689 | if (((struct ebt_standard_target *)t)->verdict < | |
690 | -NUM_STANDARD_TARGETS) { | |
691 | BUGPRINT("Invalid standard target\n"); | |
692 | ret = -EFAULT; | |
693 | goto cleanup_watchers; | |
694 | } | |
18219d3f JE |
695 | } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) { |
696 | module_put(t->u.target->me); | |
697 | ret = -EFAULT; | |
698 | goto cleanup_watchers; | |
043ef46c JE |
699 | } |
700 | ||
701 | ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size, | |
367c6790 JE |
702 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, |
703 | e, t->data); | |
043ef46c JE |
704 | if (ret < 0) { |
705 | module_put(target->me); | |
18219d3f | 706 | goto cleanup_watchers; |
1da177e4 LT |
707 | } |
708 | (*cnt)++; | |
709 | return 0; | |
710 | cleanup_watchers: | |
711 | EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); | |
712 | cleanup_matches: | |
713 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); | |
714 | return ret; | |
715 | } | |
716 | ||
717 | /* | |
718 | * checks for loops and sets the hook mask for udc | |
719 | * the hook mask for udc tells us from which base chains the udc can be | |
720 | * accessed. This mask is a parameter to the check() functions of the extensions | |
721 | */ | |
722 | static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, | |
723 | unsigned int udc_cnt, unsigned int hooknr, char *base) | |
724 | { | |
725 | int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; | |
726 | struct ebt_entry *e = (struct ebt_entry *)chain->data; | |
727 | struct ebt_entry_target *t; | |
728 | ||
729 | while (pos < nentries || chain_nr != -1) { | |
730 | /* end of udc, go back one 'recursion' step */ | |
731 | if (pos == nentries) { | |
732 | /* put back values of the time when this chain was called */ | |
733 | e = cl_s[chain_nr].cs.e; | |
734 | if (cl_s[chain_nr].from != -1) | |
735 | nentries = | |
736 | cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; | |
737 | else | |
738 | nentries = chain->nentries; | |
739 | pos = cl_s[chain_nr].cs.n; | |
740 | /* make sure we won't see a loop that isn't one */ | |
741 | cl_s[chain_nr].cs.n = 0; | |
742 | chain_nr = cl_s[chain_nr].from; | |
743 | if (pos == nentries) | |
744 | continue; | |
745 | } | |
746 | t = (struct ebt_entry_target *) | |
747 | (((char *)e) + e->target_offset); | |
748 | if (strcmp(t->u.name, EBT_STANDARD_TARGET)) | |
749 | goto letscontinue; | |
750 | if (e->target_offset + sizeof(struct ebt_standard_target) > | |
751 | e->next_offset) { | |
752 | BUGPRINT("Standard target size too big\n"); | |
753 | return -1; | |
754 | } | |
755 | verdict = ((struct ebt_standard_target *)t)->verdict; | |
756 | if (verdict >= 0) { /* jump to another chain */ | |
757 | struct ebt_entries *hlp2 = | |
758 | (struct ebt_entries *)(base + verdict); | |
759 | for (i = 0; i < udc_cnt; i++) | |
760 | if (hlp2 == cl_s[i].cs.chaininfo) | |
761 | break; | |
762 | /* bad destination or loop */ | |
763 | if (i == udc_cnt) { | |
764 | BUGPRINT("bad destination\n"); | |
765 | return -1; | |
766 | } | |
767 | if (cl_s[i].cs.n) { | |
768 | BUGPRINT("loop\n"); | |
769 | return -1; | |
770 | } | |
98a0824a AV |
771 | if (cl_s[i].hookmask & (1 << hooknr)) |
772 | goto letscontinue; | |
773 | /* this can't be 0, so the loop test is correct */ | |
1da177e4 LT |
774 | cl_s[i].cs.n = pos + 1; |
775 | pos = 0; | |
776 | cl_s[i].cs.e = ((void *)e + e->next_offset); | |
777 | e = (struct ebt_entry *)(hlp2->data); | |
778 | nentries = hlp2->nentries; | |
779 | cl_s[i].from = chain_nr; | |
780 | chain_nr = i; | |
781 | /* this udc is accessible from the base chain for hooknr */ | |
782 | cl_s[i].hookmask |= (1 << hooknr); | |
783 | continue; | |
784 | } | |
785 | letscontinue: | |
786 | e = (void *)e + e->next_offset; | |
787 | pos++; | |
788 | } | |
789 | return 0; | |
790 | } | |
791 | ||
792 | /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ | |
1bc2326c | 793 | static int translate_table(char *name, struct ebt_table_info *newinfo) |
1da177e4 LT |
794 | { |
795 | unsigned int i, j, k, udc_cnt; | |
796 | int ret; | |
797 | struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ | |
798 | ||
799 | i = 0; | |
1f072c96 | 800 | while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) |
1da177e4 LT |
801 | i++; |
802 | if (i == NF_BR_NUMHOOKS) { | |
803 | BUGPRINT("No valid hooks specified\n"); | |
804 | return -EINVAL; | |
805 | } | |
1f072c96 | 806 | if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { |
1da177e4 LT |
807 | BUGPRINT("Chains don't start at beginning\n"); |
808 | return -EINVAL; | |
809 | } | |
810 | /* make sure chains are ordered after each other in same order | |
811 | as their corresponding hooks */ | |
812 | for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { | |
1f072c96 | 813 | if (!newinfo->hook_entry[j]) |
1da177e4 | 814 | continue; |
1f072c96 | 815 | if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { |
1da177e4 LT |
816 | BUGPRINT("Hook order must be followed\n"); |
817 | return -EINVAL; | |
818 | } | |
819 | i = j; | |
820 | } | |
821 | ||
1da177e4 LT |
822 | /* do some early checkings and initialize some things */ |
823 | i = 0; /* holds the expected nr. of entries for the chain */ | |
824 | j = 0; /* holds the up to now counted entries for the chain */ | |
825 | k = 0; /* holds the total nr. of entries, should equal | |
9d6f229f | 826 | newinfo->nentries afterwards */ |
1da177e4 LT |
827 | udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ |
828 | ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | |
0e795531 AV |
829 | ebt_check_entry_size_and_hooks, newinfo, |
830 | &i, &j, &k, &udc_cnt); | |
1da177e4 LT |
831 | |
832 | if (ret != 0) | |
833 | return ret; | |
834 | ||
835 | if (i != j) { | |
836 | BUGPRINT("nentries does not equal the nr of entries in the " | |
9d6f229f | 837 | "(last) chain\n"); |
1da177e4 LT |
838 | return -EINVAL; |
839 | } | |
840 | if (k != newinfo->nentries) { | |
841 | BUGPRINT("Total nentries is wrong\n"); | |
842 | return -EINVAL; | |
843 | } | |
844 | ||
1da177e4 LT |
845 | /* get the location of the udc, put them in an array |
846 | while we're at it, allocate the chainstack */ | |
847 | if (udc_cnt) { | |
848 | /* this will get free'd in do_replace()/ebt_register_table() | |
849 | if an error occurs */ | |
7ad4d2f6 | 850 | newinfo->chainstack = |
53b8a315 | 851 | vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack))); |
1da177e4 LT |
852 | if (!newinfo->chainstack) |
853 | return -ENOMEM; | |
6f912042 | 854 | for_each_possible_cpu(i) { |
1da177e4 | 855 | newinfo->chainstack[i] = |
18bc89aa | 856 | vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); |
1da177e4 LT |
857 | if (!newinfo->chainstack[i]) { |
858 | while (i) | |
859 | vfree(newinfo->chainstack[--i]); | |
860 | vfree(newinfo->chainstack); | |
861 | newinfo->chainstack = NULL; | |
862 | return -ENOMEM; | |
863 | } | |
864 | } | |
865 | ||
18bc89aa | 866 | cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); |
1da177e4 LT |
867 | if (!cl_s) |
868 | return -ENOMEM; | |
869 | i = 0; /* the i'th udc */ | |
870 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | |
177abc34 | 871 | ebt_get_udc_positions, newinfo, &i, cl_s); |
1da177e4 LT |
872 | /* sanity check */ |
873 | if (i != udc_cnt) { | |
874 | BUGPRINT("i != udc_cnt\n"); | |
875 | vfree(cl_s); | |
876 | return -EFAULT; | |
877 | } | |
878 | } | |
879 | ||
880 | /* Check for loops */ | |
881 | for (i = 0; i < NF_BR_NUMHOOKS; i++) | |
1f072c96 | 882 | if (newinfo->hook_entry[i]) |
1da177e4 LT |
883 | if (check_chainloops(newinfo->hook_entry[i], |
884 | cl_s, udc_cnt, i, newinfo->entries)) { | |
68d31872 | 885 | vfree(cl_s); |
1da177e4 LT |
886 | return -EINVAL; |
887 | } | |
888 | ||
96de0e25 | 889 | /* we now know the following (along with E=mc²): |
1da177e4 LT |
890 | - the nr of entries in each chain is right |
891 | - the size of the allocated space is right | |
892 | - all valid hooks have a corresponding chain | |
893 | - there are no loops | |
894 | - wrong data can still be on the level of a single entry | |
895 | - could be there are jumps to places that are not the | |
896 | beginning of a chain. This can only occur in chains that | |
897 | are not accessible from any base chains, so we don't care. */ | |
898 | ||
899 | /* used to know what we need to clean up if something goes wrong */ | |
900 | i = 0; | |
901 | ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | |
1bc2326c | 902 | ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt); |
1da177e4 LT |
903 | if (ret != 0) { |
904 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | |
905 | ebt_cleanup_entry, &i); | |
906 | } | |
68d31872 | 907 | vfree(cl_s); |
1da177e4 LT |
908 | return ret; |
909 | } | |
910 | ||
911 | /* called under write_lock */ | |
912 | static void get_counters(struct ebt_counter *oldcounters, | |
913 | struct ebt_counter *counters, unsigned int nentries) | |
914 | { | |
915 | int i, cpu; | |
916 | struct ebt_counter *counter_base; | |
917 | ||
918 | /* counters of cpu 0 */ | |
919 | memcpy(counters, oldcounters, | |
c8923c6b DM |
920 | sizeof(struct ebt_counter) * nentries); |
921 | ||
1da177e4 | 922 | /* add other counters to those of cpu 0 */ |
6f912042 | 923 | for_each_possible_cpu(cpu) { |
c8923c6b DM |
924 | if (cpu == 0) |
925 | continue; | |
1da177e4 LT |
926 | counter_base = COUNTER_BASE(oldcounters, nentries, cpu); |
927 | for (i = 0; i < nentries; i++) { | |
928 | counters[i].pcnt += counter_base[i].pcnt; | |
929 | counters[i].bcnt += counter_base[i].bcnt; | |
930 | } | |
931 | } | |
932 | } | |
933 | ||
934 | /* replace the table */ | |
935 | static int do_replace(void __user *user, unsigned int len) | |
936 | { | |
937 | int ret, i, countersize; | |
938 | struct ebt_table_info *newinfo; | |
939 | struct ebt_replace tmp; | |
940 | struct ebt_table *t; | |
941 | struct ebt_counter *counterstmp = NULL; | |
942 | /* used to be able to unlock earlier */ | |
943 | struct ebt_table_info *table; | |
944 | ||
945 | if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) | |
946 | return -EFAULT; | |
947 | ||
948 | if (len != sizeof(tmp) + tmp.entries_size) { | |
949 | BUGPRINT("Wrong len argument\n"); | |
950 | return -EINVAL; | |
951 | } | |
952 | ||
953 | if (tmp.entries_size == 0) { | |
954 | BUGPRINT("Entries_size never zero\n"); | |
955 | return -EINVAL; | |
956 | } | |
ee4bb818 KK |
957 | /* overflow check */ |
958 | if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - | |
959 | SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) | |
960 | return -ENOMEM; | |
961 | if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) | |
962 | return -ENOMEM; | |
963 | ||
53b8a315 | 964 | countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; |
18bc89aa | 965 | newinfo = vmalloc(sizeof(*newinfo) + countersize); |
1da177e4 LT |
966 | if (!newinfo) |
967 | return -ENOMEM; | |
968 | ||
969 | if (countersize) | |
970 | memset(newinfo->counters, 0, countersize); | |
971 | ||
8b3a7005 | 972 | newinfo->entries = vmalloc(tmp.entries_size); |
1da177e4 LT |
973 | if (!newinfo->entries) { |
974 | ret = -ENOMEM; | |
975 | goto free_newinfo; | |
976 | } | |
977 | if (copy_from_user( | |
978 | newinfo->entries, tmp.entries, tmp.entries_size) != 0) { | |
979 | BUGPRINT("Couldn't copy entries from userspace\n"); | |
980 | ret = -EFAULT; | |
981 | goto free_entries; | |
982 | } | |
983 | ||
984 | /* the user wants counters back | |
985 | the check on the size is done later, when we have the lock */ | |
986 | if (tmp.num_counters) { | |
18bc89aa | 987 | counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp)); |
1da177e4 LT |
988 | if (!counterstmp) { |
989 | ret = -ENOMEM; | |
990 | goto free_entries; | |
991 | } | |
992 | } | |
993 | else | |
994 | counterstmp = NULL; | |
995 | ||
996 | /* this can get initialized by translate_table() */ | |
997 | newinfo->chainstack = NULL; | |
1bc2326c AV |
998 | ret = ebt_verify_pointers(&tmp, newinfo); |
999 | if (ret != 0) | |
1000 | goto free_counterstmp; | |
1001 | ||
1002 | ret = translate_table(tmp.name, newinfo); | |
1da177e4 LT |
1003 | |
1004 | if (ret != 0) | |
1005 | goto free_counterstmp; | |
1006 | ||
1007 | t = find_table_lock(tmp.name, &ret, &ebt_mutex); | |
1008 | if (!t) { | |
1009 | ret = -ENOENT; | |
1010 | goto free_iterate; | |
1011 | } | |
1012 | ||
1013 | /* the table doesn't like it */ | |
1014 | if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) | |
1015 | goto free_unlock; | |
1016 | ||
1017 | if (tmp.num_counters && tmp.num_counters != t->private->nentries) { | |
1018 | BUGPRINT("Wrong nr. of counters requested\n"); | |
1019 | ret = -EINVAL; | |
1020 | goto free_unlock; | |
1021 | } | |
1022 | ||
1023 | /* we have the mutex lock, so no danger in reading this pointer */ | |
1024 | table = t->private; | |
1025 | /* make sure the table can only be rmmod'ed if it contains no rules */ | |
1026 | if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { | |
1027 | ret = -ENOENT; | |
1028 | goto free_unlock; | |
1029 | } else if (table->nentries && !newinfo->nentries) | |
1030 | module_put(t->me); | |
1031 | /* we need an atomic snapshot of the counters */ | |
1032 | write_lock_bh(&t->lock); | |
1033 | if (tmp.num_counters) | |
1034 | get_counters(t->private->counters, counterstmp, | |
1035 | t->private->nentries); | |
1036 | ||
1037 | t->private = newinfo; | |
1038 | write_unlock_bh(&t->lock); | |
57b47a53 | 1039 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1040 | /* so, a user can change the chains while having messed up her counter |
1041 | allocation. Only reason why this is done is because this way the lock | |
1042 | is held only once, while this doesn't bring the kernel into a | |
1043 | dangerous state. */ | |
1044 | if (tmp.num_counters && | |
1045 | copy_to_user(tmp.counters, counterstmp, | |
1046 | tmp.num_counters * sizeof(struct ebt_counter))) { | |
1047 | BUGPRINT("Couldn't copy counters to userspace\n"); | |
1048 | ret = -EFAULT; | |
1049 | } | |
1050 | else | |
1051 | ret = 0; | |
1052 | ||
1053 | /* decrease module count and free resources */ | |
1054 | EBT_ENTRY_ITERATE(table->entries, table->entries_size, | |
1055 | ebt_cleanup_entry, NULL); | |
1056 | ||
1057 | vfree(table->entries); | |
1058 | if (table->chainstack) { | |
6f912042 | 1059 | for_each_possible_cpu(i) |
1da177e4 LT |
1060 | vfree(table->chainstack[i]); |
1061 | vfree(table->chainstack); | |
1062 | } | |
1063 | vfree(table); | |
1064 | ||
68d31872 | 1065 | vfree(counterstmp); |
1da177e4 LT |
1066 | return ret; |
1067 | ||
1068 | free_unlock: | |
57b47a53 | 1069 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1070 | free_iterate: |
1071 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | |
1072 | ebt_cleanup_entry, NULL); | |
1073 | free_counterstmp: | |
68d31872 | 1074 | vfree(counterstmp); |
1da177e4 LT |
1075 | /* can be initialized in translate_table() */ |
1076 | if (newinfo->chainstack) { | |
6f912042 | 1077 | for_each_possible_cpu(i) |
1da177e4 LT |
1078 | vfree(newinfo->chainstack[i]); |
1079 | vfree(newinfo->chainstack); | |
1080 | } | |
1081 | free_entries: | |
68d31872 | 1082 | vfree(newinfo->entries); |
1da177e4 | 1083 | free_newinfo: |
68d31872 | 1084 | vfree(newinfo); |
1da177e4 LT |
1085 | return ret; |
1086 | } | |
1087 | ||
1da177e4 LT |
1088 | int ebt_register_table(struct ebt_table *table) |
1089 | { | |
1090 | struct ebt_table_info *newinfo; | |
df0933dc | 1091 | struct ebt_table *t; |
1e419cd9 | 1092 | struct ebt_replace_kernel *repl; |
1da177e4 | 1093 | int ret, i, countersize; |
df07a81e | 1094 | void *p; |
1da177e4 | 1095 | |
df07a81e AV |
1096 | if (!table || !(repl = table->table) || !repl->entries || |
1097 | repl->entries_size == 0 || | |
1098 | repl->counters || table->private) { | |
1da177e4 LT |
1099 | BUGPRINT("Bad table data for ebt_register_table!!!\n"); |
1100 | return -EINVAL; | |
1101 | } | |
1102 | ||
53b8a315 | 1103 | countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids; |
18bc89aa | 1104 | newinfo = vmalloc(sizeof(*newinfo) + countersize); |
1da177e4 LT |
1105 | ret = -ENOMEM; |
1106 | if (!newinfo) | |
1107 | return -ENOMEM; | |
1108 | ||
df07a81e AV |
1109 | p = vmalloc(repl->entries_size); |
1110 | if (!p) | |
1da177e4 LT |
1111 | goto free_newinfo; |
1112 | ||
df07a81e AV |
1113 | memcpy(p, repl->entries, repl->entries_size); |
1114 | newinfo->entries = p; | |
1115 | ||
1116 | newinfo->entries_size = repl->entries_size; | |
1117 | newinfo->nentries = repl->nentries; | |
1da177e4 LT |
1118 | |
1119 | if (countersize) | |
1120 | memset(newinfo->counters, 0, countersize); | |
1121 | ||
1122 | /* fill in newinfo and parse the entries */ | |
1123 | newinfo->chainstack = NULL; | |
df07a81e AV |
1124 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { |
1125 | if ((repl->valid_hooks & (1 << i)) == 0) | |
1126 | newinfo->hook_entry[i] = NULL; | |
1127 | else | |
1128 | newinfo->hook_entry[i] = p + | |
1129 | ((char *)repl->hook_entry[i] - repl->entries); | |
1130 | } | |
1131 | ret = translate_table(repl->name, newinfo); | |
1da177e4 LT |
1132 | if (ret != 0) { |
1133 | BUGPRINT("Translate_table failed\n"); | |
1134 | goto free_chainstack; | |
1135 | } | |
1136 | ||
1137 | if (table->check && table->check(newinfo, table->valid_hooks)) { | |
1138 | BUGPRINT("The table doesn't like its own initial data, lol\n"); | |
1139 | return -EINVAL; | |
1140 | } | |
1141 | ||
1142 | table->private = newinfo; | |
1143 | rwlock_init(&table->lock); | |
57b47a53 | 1144 | ret = mutex_lock_interruptible(&ebt_mutex); |
1da177e4 LT |
1145 | if (ret != 0) |
1146 | goto free_chainstack; | |
1147 | ||
df0933dc PM |
1148 | list_for_each_entry(t, &ebt_tables, list) { |
1149 | if (strcmp(t->name, table->name) == 0) { | |
1150 | ret = -EEXIST; | |
1151 | BUGPRINT("Table name already exists\n"); | |
1152 | goto free_unlock; | |
1153 | } | |
1da177e4 LT |
1154 | } |
1155 | ||
1156 | /* Hold a reference count if the chains aren't empty */ | |
1157 | if (newinfo->nentries && !try_module_get(table->me)) { | |
1158 | ret = -ENOENT; | |
1159 | goto free_unlock; | |
1160 | } | |
df0933dc | 1161 | list_add(&table->list, &ebt_tables); |
57b47a53 | 1162 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1163 | return 0; |
1164 | free_unlock: | |
57b47a53 | 1165 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1166 | free_chainstack: |
1167 | if (newinfo->chainstack) { | |
6f912042 | 1168 | for_each_possible_cpu(i) |
1da177e4 LT |
1169 | vfree(newinfo->chainstack[i]); |
1170 | vfree(newinfo->chainstack); | |
1171 | } | |
1172 | vfree(newinfo->entries); | |
1173 | free_newinfo: | |
1174 | vfree(newinfo); | |
1175 | return ret; | |
1176 | } | |
1177 | ||
1178 | void ebt_unregister_table(struct ebt_table *table) | |
1179 | { | |
1180 | int i; | |
1181 | ||
1182 | if (!table) { | |
1183 | BUGPRINT("Request to unregister NULL table!!!\n"); | |
1184 | return; | |
1185 | } | |
57b47a53 | 1186 | mutex_lock(&ebt_mutex); |
df0933dc | 1187 | list_del(&table->list); |
57b47a53 | 1188 | mutex_unlock(&ebt_mutex); |
68d31872 | 1189 | vfree(table->private->entries); |
1da177e4 | 1190 | if (table->private->chainstack) { |
6f912042 | 1191 | for_each_possible_cpu(i) |
1da177e4 LT |
1192 | vfree(table->private->chainstack[i]); |
1193 | vfree(table->private->chainstack); | |
1194 | } | |
1195 | vfree(table->private); | |
1196 | } | |
1197 | ||
1198 | /* userspace just supplied us with counters */ | |
1199 | static int update_counters(void __user *user, unsigned int len) | |
1200 | { | |
1201 | int i, ret; | |
1202 | struct ebt_counter *tmp; | |
1203 | struct ebt_replace hlp; | |
1204 | struct ebt_table *t; | |
1205 | ||
1206 | if (copy_from_user(&hlp, user, sizeof(hlp))) | |
1207 | return -EFAULT; | |
1208 | ||
1209 | if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) | |
1210 | return -EINVAL; | |
1211 | if (hlp.num_counters == 0) | |
1212 | return -EINVAL; | |
1213 | ||
18bc89aa | 1214 | if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) { |
1da177e4 LT |
1215 | MEMPRINT("Update_counters && nomemory\n"); |
1216 | return -ENOMEM; | |
1217 | } | |
1218 | ||
1219 | t = find_table_lock(hlp.name, &ret, &ebt_mutex); | |
1220 | if (!t) | |
1221 | goto free_tmp; | |
1222 | ||
1223 | if (hlp.num_counters != t->private->nentries) { | |
1224 | BUGPRINT("Wrong nr of counters\n"); | |
1225 | ret = -EINVAL; | |
1226 | goto unlock_mutex; | |
1227 | } | |
1228 | ||
1229 | if ( copy_from_user(tmp, hlp.counters, | |
1230 | hlp.num_counters * sizeof(struct ebt_counter)) ) { | |
1231 | BUGPRINT("Updata_counters && !cfu\n"); | |
1232 | ret = -EFAULT; | |
1233 | goto unlock_mutex; | |
1234 | } | |
1235 | ||
1236 | /* we want an atomic add of the counters */ | |
1237 | write_lock_bh(&t->lock); | |
1238 | ||
1239 | /* we add to the counters of the first cpu */ | |
1240 | for (i = 0; i < hlp.num_counters; i++) { | |
1241 | t->private->counters[i].pcnt += tmp[i].pcnt; | |
1242 | t->private->counters[i].bcnt += tmp[i].bcnt; | |
1243 | } | |
1244 | ||
1245 | write_unlock_bh(&t->lock); | |
1246 | ret = 0; | |
1247 | unlock_mutex: | |
57b47a53 | 1248 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1249 | free_tmp: |
1250 | vfree(tmp); | |
1251 | return ret; | |
1252 | } | |
1253 | ||
1254 | static inline int ebt_make_matchname(struct ebt_entry_match *m, | |
1e419cd9 | 1255 | char *base, char __user *ubase) |
1da177e4 | 1256 | { |
1e419cd9 | 1257 | char __user *hlp = ubase + ((char *)m - base); |
1da177e4 LT |
1258 | if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) |
1259 | return -EFAULT; | |
1260 | return 0; | |
1261 | } | |
1262 | ||
1263 | static inline int ebt_make_watchername(struct ebt_entry_watcher *w, | |
1e419cd9 | 1264 | char *base, char __user *ubase) |
1da177e4 | 1265 | { |
1e419cd9 | 1266 | char __user *hlp = ubase + ((char *)w - base); |
1da177e4 LT |
1267 | if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) |
1268 | return -EFAULT; | |
1269 | return 0; | |
1270 | } | |
1271 | ||
1e419cd9 | 1272 | static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase) |
1da177e4 LT |
1273 | { |
1274 | int ret; | |
1e419cd9 | 1275 | char __user *hlp; |
1da177e4 LT |
1276 | struct ebt_entry_target *t; |
1277 | ||
40642f95 | 1278 | if (e->bitmask == 0) |
1da177e4 LT |
1279 | return 0; |
1280 | ||
1e419cd9 | 1281 | hlp = ubase + (((char *)e + e->target_offset) - base); |
1da177e4 | 1282 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); |
9d6f229f | 1283 | |
1da177e4 LT |
1284 | ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); |
1285 | if (ret != 0) | |
1286 | return ret; | |
1287 | ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); | |
1288 | if (ret != 0) | |
1289 | return ret; | |
1290 | if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) | |
1291 | return -EFAULT; | |
1292 | return 0; | |
1293 | } | |
1294 | ||
57b47a53 | 1295 | /* called with ebt_mutex locked */ |
1da177e4 LT |
1296 | static int copy_everything_to_user(struct ebt_table *t, void __user *user, |
1297 | int *len, int cmd) | |
1298 | { | |
1299 | struct ebt_replace tmp; | |
1300 | struct ebt_counter *counterstmp, *oldcounters; | |
1301 | unsigned int entries_size, nentries; | |
1302 | char *entries; | |
1303 | ||
1304 | if (cmd == EBT_SO_GET_ENTRIES) { | |
1305 | entries_size = t->private->entries_size; | |
1306 | nentries = t->private->nentries; | |
1307 | entries = t->private->entries; | |
1308 | oldcounters = t->private->counters; | |
1309 | } else { | |
1310 | entries_size = t->table->entries_size; | |
1311 | nentries = t->table->nentries; | |
1312 | entries = t->table->entries; | |
1313 | oldcounters = t->table->counters; | |
1314 | } | |
1315 | ||
1316 | if (copy_from_user(&tmp, user, sizeof(tmp))) { | |
1317 | BUGPRINT("Cfu didn't work\n"); | |
1318 | return -EFAULT; | |
1319 | } | |
1320 | ||
1321 | if (*len != sizeof(struct ebt_replace) + entries_size + | |
1322 | (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { | |
1323 | BUGPRINT("Wrong size\n"); | |
1324 | return -EINVAL; | |
1325 | } | |
1326 | ||
1327 | if (tmp.nentries != nentries) { | |
1328 | BUGPRINT("Nentries wrong\n"); | |
1329 | return -EINVAL; | |
1330 | } | |
1331 | ||
1332 | if (tmp.entries_size != entries_size) { | |
1333 | BUGPRINT("Wrong size\n"); | |
1334 | return -EINVAL; | |
1335 | } | |
1336 | ||
1337 | /* userspace might not need the counters */ | |
1338 | if (tmp.num_counters) { | |
1339 | if (tmp.num_counters != nentries) { | |
1340 | BUGPRINT("Num_counters wrong\n"); | |
1341 | return -EINVAL; | |
1342 | } | |
18bc89aa | 1343 | counterstmp = vmalloc(nentries * sizeof(*counterstmp)); |
1da177e4 LT |
1344 | if (!counterstmp) { |
1345 | MEMPRINT("Couldn't copy counters, out of memory\n"); | |
1346 | return -ENOMEM; | |
1347 | } | |
1348 | write_lock_bh(&t->lock); | |
1349 | get_counters(oldcounters, counterstmp, nentries); | |
1350 | write_unlock_bh(&t->lock); | |
1351 | ||
1352 | if (copy_to_user(tmp.counters, counterstmp, | |
1353 | nentries * sizeof(struct ebt_counter))) { | |
1354 | BUGPRINT("Couldn't copy counters to userspace\n"); | |
1355 | vfree(counterstmp); | |
1356 | return -EFAULT; | |
1357 | } | |
1358 | vfree(counterstmp); | |
1359 | } | |
1360 | ||
1361 | if (copy_to_user(tmp.entries, entries, entries_size)) { | |
1362 | BUGPRINT("Couldn't copy entries to userspace\n"); | |
1363 | return -EFAULT; | |
1364 | } | |
1365 | /* set the match/watcher/target names right */ | |
1366 | return EBT_ENTRY_ITERATE(entries, entries_size, | |
1367 | ebt_make_names, entries, tmp.entries); | |
1368 | } | |
1369 | ||
1370 | static int do_ebt_set_ctl(struct sock *sk, | |
1371 | int cmd, void __user *user, unsigned int len) | |
1372 | { | |
1373 | int ret; | |
1374 | ||
1375 | switch(cmd) { | |
1376 | case EBT_SO_SET_ENTRIES: | |
1377 | ret = do_replace(user, len); | |
1378 | break; | |
1379 | case EBT_SO_SET_COUNTERS: | |
1380 | ret = update_counters(user, len); | |
1381 | break; | |
1382 | default: | |
1383 | ret = -EINVAL; | |
1384 | } | |
1385 | return ret; | |
1386 | } | |
1387 | ||
1388 | static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |
1389 | { | |
1390 | int ret; | |
1391 | struct ebt_replace tmp; | |
1392 | struct ebt_table *t; | |
1393 | ||
1394 | if (copy_from_user(&tmp, user, sizeof(tmp))) | |
1395 | return -EFAULT; | |
1396 | ||
1397 | t = find_table_lock(tmp.name, &ret, &ebt_mutex); | |
1398 | if (!t) | |
1399 | return ret; | |
1400 | ||
1401 | switch(cmd) { | |
1402 | case EBT_SO_GET_INFO: | |
1403 | case EBT_SO_GET_INIT_INFO: | |
1404 | if (*len != sizeof(struct ebt_replace)){ | |
1405 | ret = -EINVAL; | |
57b47a53 | 1406 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1407 | break; |
1408 | } | |
1409 | if (cmd == EBT_SO_GET_INFO) { | |
1410 | tmp.nentries = t->private->nentries; | |
1411 | tmp.entries_size = t->private->entries_size; | |
1412 | tmp.valid_hooks = t->valid_hooks; | |
1413 | } else { | |
1414 | tmp.nentries = t->table->nentries; | |
1415 | tmp.entries_size = t->table->entries_size; | |
1416 | tmp.valid_hooks = t->table->valid_hooks; | |
1417 | } | |
57b47a53 | 1418 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1419 | if (copy_to_user(user, &tmp, *len) != 0){ |
1420 | BUGPRINT("c2u Didn't work\n"); | |
1421 | ret = -EFAULT; | |
1422 | break; | |
1423 | } | |
1424 | ret = 0; | |
1425 | break; | |
1426 | ||
1427 | case EBT_SO_GET_ENTRIES: | |
1428 | case EBT_SO_GET_INIT_ENTRIES: | |
1429 | ret = copy_everything_to_user(t, user, len, cmd); | |
57b47a53 | 1430 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1431 | break; |
1432 | ||
1433 | default: | |
57b47a53 | 1434 | mutex_unlock(&ebt_mutex); |
1da177e4 LT |
1435 | ret = -EINVAL; |
1436 | } | |
1437 | ||
1438 | return ret; | |
1439 | } | |
1440 | ||
1441 | static struct nf_sockopt_ops ebt_sockopts = | |
74ca4e5a AM |
1442 | { |
1443 | .pf = PF_INET, | |
1444 | .set_optmin = EBT_BASE_CTL, | |
1445 | .set_optmax = EBT_SO_SET_MAX + 1, | |
1446 | .set = do_ebt_set_ctl, | |
1447 | .get_optmin = EBT_BASE_CTL, | |
1448 | .get_optmax = EBT_SO_GET_MAX + 1, | |
1449 | .get = do_ebt_get_ctl, | |
16fcec35 | 1450 | .owner = THIS_MODULE, |
1da177e4 LT |
1451 | }; |
1452 | ||
65b4b4e8 | 1453 | static int __init ebtables_init(void) |
1da177e4 LT |
1454 | { |
1455 | int ret; | |
1456 | ||
043ef46c JE |
1457 | ret = xt_register_target(&ebt_standard_target); |
1458 | if (ret < 0) | |
1da177e4 | 1459 | return ret; |
043ef46c JE |
1460 | ret = nf_register_sockopt(&ebt_sockopts); |
1461 | if (ret < 0) { | |
1462 | xt_unregister_target(&ebt_standard_target); | |
1463 | return ret; | |
1464 | } | |
1da177e4 | 1465 | |
a887c1c1 | 1466 | printk(KERN_INFO "Ebtables v2.0 registered\n"); |
1da177e4 LT |
1467 | return 0; |
1468 | } | |
1469 | ||
65b4b4e8 | 1470 | static void __exit ebtables_fini(void) |
1da177e4 LT |
1471 | { |
1472 | nf_unregister_sockopt(&ebt_sockopts); | |
043ef46c | 1473 | xt_unregister_target(&ebt_standard_target); |
a887c1c1 | 1474 | printk(KERN_INFO "Ebtables v2.0 unregistered\n"); |
1da177e4 LT |
1475 | } |
1476 | ||
1477 | EXPORT_SYMBOL(ebt_register_table); | |
1478 | EXPORT_SYMBOL(ebt_unregister_table); | |
1da177e4 | 1479 | EXPORT_SYMBOL(ebt_do_table); |
65b4b4e8 AM |
1480 | module_init(ebtables_init); |
1481 | module_exit(ebtables_fini); | |
1da177e4 | 1482 | MODULE_LICENSE("GPL"); |