projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[EBTABLES]: Clean ebt_register_table() up.
[deliverable/linux.git] / net / bridge / netfilter / ebtables.c
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <linux/mutex.h>
28 #include <asm/uaccess.h>
29 #include <linux/smp.h>
30 #include <linux/cpumask.h>
31 #include <net/sock.h>
32 /* needed for logical [in,out]-dev filtering */
33 #include "../br_private.h"
34
35 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
36 "report to author: "format, ## args)
37 /* #define BUGPRINT(format, args...) */
38 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
39 ": out of memory: "format, ## args)
40 /* #define MEMPRINT(format, args...) */
41
42
43
44 /*
45 * Each cpu has its own set of counters, so there is no need for write_lock in
46 * the softirq
47 * For reading or updating the counters, the user context needs to
48 * get a write_lock
49 */
50
51 /* The size of each set of counters is altered to get cache alignment */
52 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
53 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
54 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
55 COUNTER_OFFSET(n) * cpu))
56
57
58
59 static DEFINE_MUTEX(ebt_mutex);
60 static LIST_HEAD(ebt_tables);
61 static LIST_HEAD(ebt_targets);
62 static LIST_HEAD(ebt_matches);
63 static LIST_HEAD(ebt_watchers);
64
65 static struct ebt_target ebt_standard_target =
66 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
67
68 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
69 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
70 const struct net_device *out)
71 {
72 w->u.watcher->watcher(skb, hooknr, in, out, w->data,
73 w->watcher_size);
74 /* watchers don't give a verdict */
75 return 0;
76 }
77
78 static inline int ebt_do_match (struct ebt_entry_match *m,
79 const struct sk_buff *skb, const struct net_device *in,
80 const struct net_device *out)
81 {
82 return m->u.match->match(skb, in, out, m->data,
83 m->match_size);
84 }
85
86 static inline int ebt_dev_check(char *entry, const struct net_device *device)
87 {
88 int i = 0;
89 const char *devname = device->name;
90
91 if (*entry == '\0')
92 return 0;
93 if (!device)
94 return 1;
95 /* 1 is the wildcard token */
96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97 i++;
98 return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104 const struct net_device *in, const struct net_device *out)
105 {
106 int verdict, i;
107
108 if (e->bitmask & EBT_802_3) {
109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110 return 1;
111 } else if (!(e->bitmask & EBT_NOPROTO) &&
112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113 return 1;
114
115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116 return 1;
117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118 return 1;
119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121 return 1;
122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124 return 1;
125
126 if (e->bitmask & EBT_SOURCEMAC) {
127 verdict = 0;
128 for (i = 0; i < 6; i++)
129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130 e->sourcemsk[i];
131 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132 return 1;
133 }
134 if (e->bitmask & EBT_DESTMAC) {
135 verdict = 0;
136 for (i = 0; i < 6; i++)
137 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138 e->destmsk[i];
139 if (FWINV2(verdict != 0, EBT_IDEST) )
140 return 1;
141 }
142 return 0;
143 }
144
145 /* Do some firewalling */
146 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
147 const struct net_device *in, const struct net_device *out,
148 struct ebt_table *table)
149 {
150 int i, nentries;
151 struct ebt_entry *point;
152 struct ebt_counter *counter_base, *cb_base;
153 struct ebt_entry_target *t;
154 int verdict, sp = 0;
155 struct ebt_chainstack *cs;
156 struct ebt_entries *chaininfo;
157 char *base;
158 struct ebt_table_info *private;
159
160 read_lock_bh(&table->lock);
161 private = table->private;
162 cb_base = COUNTER_BASE(private->counters, private->nentries,
163 smp_processor_id());
164 if (private->chainstack)
165 cs = private->chainstack[smp_processor_id()];
166 else
167 cs = NULL;
168 chaininfo = private->hook_entry[hook];
169 nentries = private->hook_entry[hook]->nentries;
170 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
171 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
172 /* base for chain jumps */
173 base = private->entries;
174 i = 0;
175 while (i < nentries) {
176 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
177 goto letscontinue;
178
179 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
180 goto letscontinue;
181
182 /* increase counter */
183 (*(counter_base + i)).pcnt++;
184 (*(counter_base + i)).bcnt+=(**pskb).len;
185
186 /* these should only watch: not modify, nor tell us
187 what to do with the packet */
188 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
189 out);
190
191 t = (struct ebt_entry_target *)
192 (((char *)point) + point->target_offset);
193 /* standard target */
194 if (!t->u.target->target)
195 verdict = ((struct ebt_standard_target *)t)->verdict;
196 else
197 verdict = t->u.target->target(pskb, hook,
198 in, out, t->data, t->target_size);
199 if (verdict == EBT_ACCEPT) {
200 read_unlock_bh(&table->lock);
201 return NF_ACCEPT;
202 }
203 if (verdict == EBT_DROP) {
204 read_unlock_bh(&table->lock);
205 return NF_DROP;
206 }
207 if (verdict == EBT_RETURN) {
208 letsreturn:
209 #ifdef CONFIG_NETFILTER_DEBUG
210 if (sp == 0) {
211 BUGPRINT("RETURN on base chain");
212 /* act like this is EBT_CONTINUE */
213 goto letscontinue;
214 }
215 #endif
216 sp--;
217 /* put all the local variables right */
218 i = cs[sp].n;
219 chaininfo = cs[sp].chaininfo;
220 nentries = chaininfo->nentries;
221 point = cs[sp].e;
222 counter_base = cb_base +
223 chaininfo->counter_offset;
224 continue;
225 }
226 if (verdict == EBT_CONTINUE)
227 goto letscontinue;
228 #ifdef CONFIG_NETFILTER_DEBUG
229 if (verdict < 0) {
230 BUGPRINT("bogus standard verdict\n");
231 read_unlock_bh(&table->lock);
232 return NF_DROP;
233 }
234 #endif
235 /* jump to a udc */
236 cs[sp].n = i + 1;
237 cs[sp].chaininfo = chaininfo;
238 cs[sp].e = (struct ebt_entry *)
239 (((char *)point) + point->next_offset);
240 i = 0;
241 chaininfo = (struct ebt_entries *) (base + verdict);
242 #ifdef CONFIG_NETFILTER_DEBUG
243 if (chaininfo->distinguisher) {
244 BUGPRINT("jump to non-chain\n");
245 read_unlock_bh(&table->lock);
246 return NF_DROP;
247 }
248 #endif
249 nentries = chaininfo->nentries;
250 point = (struct ebt_entry *)chaininfo->data;
251 counter_base = cb_base + chaininfo->counter_offset;
252 sp++;
253 continue;
254 letscontinue:
255 point = (struct ebt_entry *)
256 (((char *)point) + point->next_offset);
257 i++;
258 }
259
260 /* I actually like this :) */
261 if (chaininfo->policy == EBT_RETURN)
262 goto letsreturn;
263 if (chaininfo->policy == EBT_ACCEPT) {
264 read_unlock_bh(&table->lock);
265 return NF_ACCEPT;
266 }
267 read_unlock_bh(&table->lock);
268 return NF_DROP;
269 }
270
271 /* If it succeeds, returns element and locks mutex */
272 static inline void *
273 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
274 struct mutex *mutex)
275 {
276 struct {
277 struct list_head list;
278 char name[EBT_FUNCTION_MAXNAMELEN];
279 } *e;
280
281 *error = mutex_lock_interruptible(mutex);
282 if (*error != 0)
283 return NULL;
284
285 list_for_each_entry(e, head, list) {
286 if (strcmp(e->name, name) == 0)
287 return e;
288 }
289 *error = -ENOENT;
290 mutex_unlock(mutex);
291 return NULL;
292 }
293
294 #ifndef CONFIG_KMOD
295 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
296 #else
297 static void *
298 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
299 int *error, struct mutex *mutex)
300 {
301 void *ret;
302
303 ret = find_inlist_lock_noload(head, name, error, mutex);
304 if (!ret) {
305 request_module("%s%s", prefix, name);
306 ret = find_inlist_lock_noload(head, name, error, mutex);
307 }
308 return ret;
309 }
310 #endif
311
312 static inline struct ebt_table *
313 find_table_lock(const char *name, int *error, struct mutex *mutex)
314 {
315 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
316 }
317
318 static inline struct ebt_match *
319 find_match_lock(const char *name, int *error, struct mutex *mutex)
320 {
321 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
322 }
323
324 static inline struct ebt_watcher *
325 find_watcher_lock(const char *name, int *error, struct mutex *mutex)
326 {
327 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
328 }
329
330 static inline struct ebt_target *
331 find_target_lock(const char *name, int *error, struct mutex *mutex)
332 {
333 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
334 }
335
336 static inline int
337 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
338 const char *name, unsigned int hookmask, unsigned int *cnt)
339 {
340 struct ebt_match *match;
341 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
342 int ret;
343
344 if (left < sizeof(struct ebt_entry_match) ||
345 left - sizeof(struct ebt_entry_match) < m->match_size)
346 return -EINVAL;
347 match = find_match_lock(m->u.name, &ret, &ebt_mutex);
348 if (!match)
349 return ret;
350 m->u.match = match;
351 if (!try_module_get(match->me)) {
352 mutex_unlock(&ebt_mutex);
353 return -ENOENT;
354 }
355 mutex_unlock(&ebt_mutex);
356 if (match->check &&
357 match->check(name, hookmask, e, m->data, m->match_size) != 0) {
358 BUGPRINT("match->check failed\n");
359 module_put(match->me);
360 return -EINVAL;
361 }
362 (*cnt)++;
363 return 0;
364 }
365
366 static inline int
367 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
368 const char *name, unsigned int hookmask, unsigned int *cnt)
369 {
370 struct ebt_watcher *watcher;
371 size_t left = ((char *)e + e->target_offset) - (char *)w;
372 int ret;
373
374 if (left < sizeof(struct ebt_entry_watcher) ||
375 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
376 return -EINVAL;
377 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
378 if (!watcher)
379 return ret;
380 w->u.watcher = watcher;
381 if (!try_module_get(watcher->me)) {
382 mutex_unlock(&ebt_mutex);
383 return -ENOENT;
384 }
385 mutex_unlock(&ebt_mutex);
386 if (watcher->check &&
387 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
388 BUGPRINT("watcher->check failed\n");
389 module_put(watcher->me);
390 return -EINVAL;
391 }
392 (*cnt)++;
393 return 0;
394 }
395
396 static int ebt_verify_pointers(struct ebt_replace *repl,
397 struct ebt_table_info *newinfo)
398 {
399 unsigned int limit = repl->entries_size;
400 unsigned int valid_hooks = repl->valid_hooks;
401 unsigned int offset = 0;
402 int i;
403
404 for (i = 0; i < NF_BR_NUMHOOKS; i++)
405 newinfo->hook_entry[i] = NULL;
406
407 newinfo->entries_size = repl->entries_size;
408 newinfo->nentries = repl->nentries;
409
410 while (offset < limit) {
411 size_t left = limit - offset;
412 struct ebt_entry *e = (void *)newinfo->entries + offset;
413
414 if (left < sizeof(unsigned int))
415 break;
416
417 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
418 if ((valid_hooks & (1 << i)) == 0)
419 continue;
420 if ((char *)repl->hook_entry[i] == repl->entries + offset)
421 break;
422 }
423
424 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
425 if (e->bitmask != 0) {
426 /* we make userspace set this right,
427 so there is no misunderstanding */
428 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
429 "in distinguisher\n");
430 return -EINVAL;
431 }
432 if (i != NF_BR_NUMHOOKS)
433 newinfo->hook_entry[i] = (struct ebt_entries *)e;
434 if (left < sizeof(struct ebt_entries))
435 break;
436 offset += sizeof(struct ebt_entries);
437 } else {
438 if (left < sizeof(struct ebt_entry))
439 break;
440 if (left < e->next_offset)
441 break;
442 offset += e->next_offset;
443 }
444 }
445 if (offset != limit) {
446 BUGPRINT("entries_size too small\n");
447 return -EINVAL;
448 }
449
450 /* check if all valid hooks have a chain */
451 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
452 if (!newinfo->hook_entry[i] &&
453 (valid_hooks & (1 << i))) {
454 BUGPRINT("Valid hook without chain\n");
455 return -EINVAL;
456 }
457 }
458 return 0;
459 }
460
461 /*
462 * this one is very careful, as it is the first function
463 * to parse the userspace data
464 */
465 static inline int
466 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
467 struct ebt_table_info *newinfo,
468 unsigned int *n, unsigned int *cnt,
469 unsigned int *totalcnt, unsigned int *udc_cnt)
470 {
471 int i;
472
473 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
474 if ((void *)e == (void *)newinfo->hook_entry[i])
475 break;
476 }
477 /* beginning of a new chain
478 if i == NF_BR_NUMHOOKS it must be a user defined chain */
479 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
480 /* this checks if the previous chain has as many entries
481 as it said it has */
482 if (*n != *cnt) {
483 BUGPRINT("nentries does not equal the nr of entries "
484 "in the chain\n");
485 return -EINVAL;
486 }
487 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
488 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
489 /* only RETURN from udc */
490 if (i != NF_BR_NUMHOOKS ||
491 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
492 BUGPRINT("bad policy\n");
493 return -EINVAL;
494 }
495 }
496 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
497 (*udc_cnt)++;
498 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
499 BUGPRINT("counter_offset != totalcnt");
500 return -EINVAL;
501 }
502 *n = ((struct ebt_entries *)e)->nentries;
503 *cnt = 0;
504 return 0;
505 }
506 /* a plain old entry, heh */
507 if (sizeof(struct ebt_entry) > e->watchers_offset ||
508 e->watchers_offset > e->target_offset ||
509 e->target_offset >= e->next_offset) {
510 BUGPRINT("entry offsets not in right order\n");
511 return -EINVAL;
512 }
513 /* this is not checked anywhere else */
514 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
515 BUGPRINT("target size too small\n");
516 return -EINVAL;
517 }
518 (*cnt)++;
519 (*totalcnt)++;
520 return 0;
521 }
522
523 struct ebt_cl_stack
524 {
525 struct ebt_chainstack cs;
526 int from;
527 unsigned int hookmask;
528 };
529
530 /*
531 * we need these positions to check that the jumps to a different part of the
532 * entries is a jump to the beginning of a new chain.
533 */
534 static inline int
535 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
536 unsigned int *n, struct ebt_cl_stack *udc)
537 {
538 int i;
539
540 /* we're only interested in chain starts */
541 if (e->bitmask)
542 return 0;
543 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
544 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
545 break;
546 }
547 /* only care about udc */
548 if (i != NF_BR_NUMHOOKS)
549 return 0;
550
551 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
552 /* these initialisations are depended on later in check_chainloops() */
553 udc[*n].cs.n = 0;
554 udc[*n].hookmask = 0;
555
556 (*n)++;
557 return 0;
558 }
559
560 static inline int
561 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
562 {
563 if (i && (*i)-- == 0)
564 return 1;
565 if (m->u.match->destroy)
566 m->u.match->destroy(m->data, m->match_size);
567 module_put(m->u.match->me);
568
569 return 0;
570 }
571
572 static inline int
573 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
574 {
575 if (i && (*i)-- == 0)
576 return 1;
577 if (w->u.watcher->destroy)
578 w->u.watcher->destroy(w->data, w->watcher_size);
579 module_put(w->u.watcher->me);
580
581 return 0;
582 }
583
584 static inline int
585 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
586 {
587 struct ebt_entry_target *t;
588
589 if (e->bitmask == 0)
590 return 0;
591 /* we're done */
592 if (cnt && (*cnt)-- == 0)
593 return 1;
594 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
595 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
596 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
597 if (t->u.target->destroy)
598 t->u.target->destroy(t->data, t->target_size);
599 module_put(t->u.target->me);
600
601 return 0;
602 }
603
604 static inline int
605 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
606 const char *name, unsigned int *cnt,
607 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
608 {
609 struct ebt_entry_target *t;
610 struct ebt_target *target;
611 unsigned int i, j, hook = 0, hookmask = 0;
612 size_t gap = e->next_offset - e->target_offset;
613 int ret;
614
615 /* don't mess with the struct ebt_entries */
616 if (e->bitmask == 0)
617 return 0;
618
619 if (e->bitmask & ~EBT_F_MASK) {
620 BUGPRINT("Unknown flag for bitmask\n");
621 return -EINVAL;
622 }
623 if (e->invflags & ~EBT_INV_MASK) {
624 BUGPRINT("Unknown flag for inv bitmask\n");
625 return -EINVAL;
626 }
627 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
628 BUGPRINT("NOPROTO & 802_3 not allowed\n");
629 return -EINVAL;
630 }
631 /* what hook do we belong to? */
632 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
633 if (!newinfo->hook_entry[i])
634 continue;
635 if ((char *)newinfo->hook_entry[i] < (char *)e)
636 hook = i;
637 else
638 break;
639 }
640 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
641 a base chain */
642 if (i < NF_BR_NUMHOOKS)
643 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
644 else {
645 for (i = 0; i < udc_cnt; i++)
646 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
647 break;
648 if (i == 0)
649 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
650 else
651 hookmask = cl_s[i - 1].hookmask;
652 }
653 i = 0;
654 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
655 if (ret != 0)
656 goto cleanup_matches;
657 j = 0;
658 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
659 if (ret != 0)
660 goto cleanup_watchers;
661 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
662 target = find_target_lock(t->u.name, &ret, &ebt_mutex);
663 if (!target)
664 goto cleanup_watchers;
665 if (!try_module_get(target->me)) {
666 mutex_unlock(&ebt_mutex);
667 ret = -ENOENT;
668 goto cleanup_watchers;
669 }
670 mutex_unlock(&ebt_mutex);
671
672 t->u.target = target;
673 if (t->u.target == &ebt_standard_target) {
674 if (gap < sizeof(struct ebt_standard_target)) {
675 BUGPRINT("Standard target size too big\n");
676 ret = -EFAULT;
677 goto cleanup_watchers;
678 }
679 if (((struct ebt_standard_target *)t)->verdict <
680 -NUM_STANDARD_TARGETS) {
681 BUGPRINT("Invalid standard target\n");
682 ret = -EFAULT;
683 goto cleanup_watchers;
684 }
685 } else if (t->target_size > gap - sizeof(struct ebt_entry_target) ||
686 (t->u.target->check &&
687 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
688 module_put(t->u.target->me);
689 ret = -EFAULT;
690 goto cleanup_watchers;
691 }
692 (*cnt)++;
693 return 0;
694 cleanup_watchers:
695 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
696 cleanup_matches:
697 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
698 return ret;
699 }
700
701 /*
702 * checks for loops and sets the hook mask for udc
703 * the hook mask for udc tells us from which base chains the udc can be
704 * accessed. This mask is a parameter to the check() functions of the extensions
705 */
706 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
707 unsigned int udc_cnt, unsigned int hooknr, char *base)
708 {
709 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
710 struct ebt_entry *e = (struct ebt_entry *)chain->data;
711 struct ebt_entry_target *t;
712
713 while (pos < nentries || chain_nr != -1) {
714 /* end of udc, go back one 'recursion' step */
715 if (pos == nentries) {
716 /* put back values of the time when this chain was called */
717 e = cl_s[chain_nr].cs.e;
718 if (cl_s[chain_nr].from != -1)
719 nentries =
720 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
721 else
722 nentries = chain->nentries;
723 pos = cl_s[chain_nr].cs.n;
724 /* make sure we won't see a loop that isn't one */
725 cl_s[chain_nr].cs.n = 0;
726 chain_nr = cl_s[chain_nr].from;
727 if (pos == nentries)
728 continue;
729 }
730 t = (struct ebt_entry_target *)
731 (((char *)e) + e->target_offset);
732 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
733 goto letscontinue;
734 if (e->target_offset + sizeof(struct ebt_standard_target) >
735 e->next_offset) {
736 BUGPRINT("Standard target size too big\n");
737 return -1;
738 }
739 verdict = ((struct ebt_standard_target *)t)->verdict;
740 if (verdict >= 0) { /* jump to another chain */
741 struct ebt_entries *hlp2 =
742 (struct ebt_entries *)(base + verdict);
743 for (i = 0; i < udc_cnt; i++)
744 if (hlp2 == cl_s[i].cs.chaininfo)
745 break;
746 /* bad destination or loop */
747 if (i == udc_cnt) {
748 BUGPRINT("bad destination\n");
749 return -1;
750 }
751 if (cl_s[i].cs.n) {
752 BUGPRINT("loop\n");
753 return -1;
754 }
755 if (cl_s[i].hookmask & (1 << hooknr))
756 goto letscontinue;
757 /* this can't be 0, so the loop test is correct */
758 cl_s[i].cs.n = pos + 1;
759 pos = 0;
760 cl_s[i].cs.e = ((void *)e + e->next_offset);
761 e = (struct ebt_entry *)(hlp2->data);
762 nentries = hlp2->nentries;
763 cl_s[i].from = chain_nr;
764 chain_nr = i;
765 /* this udc is accessible from the base chain for hooknr */
766 cl_s[i].hookmask |= (1 << hooknr);
767 continue;
768 }
769 letscontinue:
770 e = (void *)e + e->next_offset;
771 pos++;
772 }
773 return 0;
774 }
775
776 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
777 static int translate_table(char *name, struct ebt_table_info *newinfo)
778 {
779 unsigned int i, j, k, udc_cnt;
780 int ret;
781 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
782
783 i = 0;
784 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
785 i++;
786 if (i == NF_BR_NUMHOOKS) {
787 BUGPRINT("No valid hooks specified\n");
788 return -EINVAL;
789 }
790 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
791 BUGPRINT("Chains don't start at beginning\n");
792 return -EINVAL;
793 }
794 /* make sure chains are ordered after each other in same order
795 as their corresponding hooks */
796 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
797 if (!newinfo->hook_entry[j])
798 continue;
799 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
800 BUGPRINT("Hook order must be followed\n");
801 return -EINVAL;
802 }
803 i = j;
804 }
805
806 /* do some early checkings and initialize some things */
807 i = 0; /* holds the expected nr. of entries for the chain */
808 j = 0; /* holds the up to now counted entries for the chain */
809 k = 0; /* holds the total nr. of entries, should equal
810 newinfo->nentries afterwards */
811 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
812 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
813 ebt_check_entry_size_and_hooks, newinfo,
814 &i, &j, &k, &udc_cnt);
815
816 if (ret != 0)
817 return ret;
818
819 if (i != j) {
820 BUGPRINT("nentries does not equal the nr of entries in the "
821 "(last) chain\n");
822 return -EINVAL;
823 }
824 if (k != newinfo->nentries) {
825 BUGPRINT("Total nentries is wrong\n");
826 return -EINVAL;
827 }
828
829 /* get the location of the udc, put them in an array
830 while we're at it, allocate the chainstack */
831 if (udc_cnt) {
832 /* this will get free'd in do_replace()/ebt_register_table()
833 if an error occurs */
834 newinfo->chainstack =
835 vmalloc((highest_possible_processor_id()+1)
836 * sizeof(*(newinfo->chainstack)));
837 if (!newinfo->chainstack)
838 return -ENOMEM;
839 for_each_possible_cpu(i) {
840 newinfo->chainstack[i] =
841 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
842 if (!newinfo->chainstack[i]) {
843 while (i)
844 vfree(newinfo->chainstack[--i]);
845 vfree(newinfo->chainstack);
846 newinfo->chainstack = NULL;
847 return -ENOMEM;
848 }
849 }
850
851 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
852 if (!cl_s)
853 return -ENOMEM;
854 i = 0; /* the i'th udc */
855 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
856 ebt_get_udc_positions, newinfo, &i, cl_s);
857 /* sanity check */
858 if (i != udc_cnt) {
859 BUGPRINT("i != udc_cnt\n");
860 vfree(cl_s);
861 return -EFAULT;
862 }
863 }
864
865 /* Check for loops */
866 for (i = 0; i < NF_BR_NUMHOOKS; i++)
867 if (newinfo->hook_entry[i])
868 if (check_chainloops(newinfo->hook_entry[i],
869 cl_s, udc_cnt, i, newinfo->entries)) {
870 vfree(cl_s);
871 return -EINVAL;
872 }
873
874 /* we now know the following (along with E=mc²):
875 - the nr of entries in each chain is right
876 - the size of the allocated space is right
877 - all valid hooks have a corresponding chain
878 - there are no loops
879 - wrong data can still be on the level of a single entry
880 - could be there are jumps to places that are not the
881 beginning of a chain. This can only occur in chains that
882 are not accessible from any base chains, so we don't care. */
883
884 /* used to know what we need to clean up if something goes wrong */
885 i = 0;
886 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
887 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
888 if (ret != 0) {
889 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
890 ebt_cleanup_entry, &i);
891 }
892 vfree(cl_s);
893 return ret;
894 }
895
896 /* called under write_lock */
897 static void get_counters(struct ebt_counter *oldcounters,
898 struct ebt_counter *counters, unsigned int nentries)
899 {
900 int i, cpu;
901 struct ebt_counter *counter_base;
902
903 /* counters of cpu 0 */
904 memcpy(counters, oldcounters,
905 sizeof(struct ebt_counter) * nentries);
906
907 /* add other counters to those of cpu 0 */
908 for_each_possible_cpu(cpu) {
909 if (cpu == 0)
910 continue;
911 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
912 for (i = 0; i < nentries; i++) {
913 counters[i].pcnt += counter_base[i].pcnt;
914 counters[i].bcnt += counter_base[i].bcnt;
915 }
916 }
917 }
918
919 /* replace the table */
920 static int do_replace(void __user *user, unsigned int len)
921 {
922 int ret, i, countersize;
923 struct ebt_table_info *newinfo;
924 struct ebt_replace tmp;
925 struct ebt_table *t;
926 struct ebt_counter *counterstmp = NULL;
927 /* used to be able to unlock earlier */
928 struct ebt_table_info *table;
929
930 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
931 return -EFAULT;
932
933 if (len != sizeof(tmp) + tmp.entries_size) {
934 BUGPRINT("Wrong len argument\n");
935 return -EINVAL;
936 }
937
938 if (tmp.entries_size == 0) {
939 BUGPRINT("Entries_size never zero\n");
940 return -EINVAL;
941 }
942 /* overflow check */
943 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
944 SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
945 return -ENOMEM;
946 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
947 return -ENOMEM;
948
949 countersize = COUNTER_OFFSET(tmp.nentries) *
950 (highest_possible_processor_id()+1);
951 newinfo = vmalloc(sizeof(*newinfo) + countersize);
952 if (!newinfo)
953 return -ENOMEM;
954
955 if (countersize)
956 memset(newinfo->counters, 0, countersize);
957
958 newinfo->entries = vmalloc(tmp.entries_size);
959 if (!newinfo->entries) {
960 ret = -ENOMEM;
961 goto free_newinfo;
962 }
963 if (copy_from_user(
964 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
965 BUGPRINT("Couldn't copy entries from userspace\n");
966 ret = -EFAULT;
967 goto free_entries;
968 }
969
970 /* the user wants counters back
971 the check on the size is done later, when we have the lock */
972 if (tmp.num_counters) {
973 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
974 if (!counterstmp) {
975 ret = -ENOMEM;
976 goto free_entries;
977 }
978 }
979 else
980 counterstmp = NULL;
981
982 /* this can get initialized by translate_table() */
983 newinfo->chainstack = NULL;
984 ret = ebt_verify_pointers(&tmp, newinfo);
985 if (ret != 0)
986 goto free_counterstmp;
987
988 ret = translate_table(tmp.name, newinfo);
989
990 if (ret != 0)
991 goto free_counterstmp;
992
993 t = find_table_lock(tmp.name, &ret, &ebt_mutex);
994 if (!t) {
995 ret = -ENOENT;
996 goto free_iterate;
997 }
998
999 /* the table doesn't like it */
1000 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1001 goto free_unlock;
1002
1003 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1004 BUGPRINT("Wrong nr. of counters requested\n");
1005 ret = -EINVAL;
1006 goto free_unlock;
1007 }
1008
1009 /* we have the mutex lock, so no danger in reading this pointer */
1010 table = t->private;
1011 /* make sure the table can only be rmmod'ed if it contains no rules */
1012 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1013 ret = -ENOENT;
1014 goto free_unlock;
1015 } else if (table->nentries && !newinfo->nentries)
1016 module_put(t->me);
1017 /* we need an atomic snapshot of the counters */
1018 write_lock_bh(&t->lock);
1019 if (tmp.num_counters)
1020 get_counters(t->private->counters, counterstmp,
1021 t->private->nentries);
1022
1023 t->private = newinfo;
1024 write_unlock_bh(&t->lock);
1025 mutex_unlock(&ebt_mutex);
1026 /* so, a user can change the chains while having messed up her counter
1027 allocation. Only reason why this is done is because this way the lock
1028 is held only once, while this doesn't bring the kernel into a
1029 dangerous state. */
1030 if (tmp.num_counters &&
1031 copy_to_user(tmp.counters, counterstmp,
1032 tmp.num_counters * sizeof(struct ebt_counter))) {
1033 BUGPRINT("Couldn't copy counters to userspace\n");
1034 ret = -EFAULT;
1035 }
1036 else
1037 ret = 0;
1038
1039 /* decrease module count and free resources */
1040 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1041 ebt_cleanup_entry, NULL);
1042
1043 vfree(table->entries);
1044 if (table->chainstack) {
1045 for_each_possible_cpu(i)
1046 vfree(table->chainstack[i]);
1047 vfree(table->chainstack);
1048 }
1049 vfree(table);
1050
1051 vfree(counterstmp);
1052 return ret;
1053
1054 free_unlock:
1055 mutex_unlock(&ebt_mutex);
1056 free_iterate:
1057 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1058 ebt_cleanup_entry, NULL);
1059 free_counterstmp:
1060 vfree(counterstmp);
1061 /* can be initialized in translate_table() */
1062 if (newinfo->chainstack) {
1063 for_each_possible_cpu(i)
1064 vfree(newinfo->chainstack[i]);
1065 vfree(newinfo->chainstack);
1066 }
1067 free_entries:
1068 vfree(newinfo->entries);
1069 free_newinfo:
1070 vfree(newinfo);
1071 return ret;
1072 }
1073
1074 int ebt_register_target(struct ebt_target *target)
1075 {
1076 struct ebt_target *t;
1077 int ret;
1078
1079 ret = mutex_lock_interruptible(&ebt_mutex);
1080 if (ret != 0)
1081 return ret;
1082 list_for_each_entry(t, &ebt_targets, list) {
1083 if (strcmp(t->name, target->name) == 0) {
1084 mutex_unlock(&ebt_mutex);
1085 return -EEXIST;
1086 }
1087 }
1088 list_add(&target->list, &ebt_targets);
1089 mutex_unlock(&ebt_mutex);
1090
1091 return 0;
1092 }
1093
1094 void ebt_unregister_target(struct ebt_target *target)
1095 {
1096 mutex_lock(&ebt_mutex);
1097 list_del(&target->list);
1098 mutex_unlock(&ebt_mutex);
1099 }
1100
1101 int ebt_register_match(struct ebt_match *match)
1102 {
1103 struct ebt_match *m;
1104 int ret;
1105
1106 ret = mutex_lock_interruptible(&ebt_mutex);
1107 if (ret != 0)
1108 return ret;
1109 list_for_each_entry(m, &ebt_matches, list) {
1110 if (strcmp(m->name, match->name) == 0) {
1111 mutex_unlock(&ebt_mutex);
1112 return -EEXIST;
1113 }
1114 }
1115 list_add(&match->list, &ebt_matches);
1116 mutex_unlock(&ebt_mutex);
1117
1118 return 0;
1119 }
1120
1121 void ebt_unregister_match(struct ebt_match *match)
1122 {
1123 mutex_lock(&ebt_mutex);
1124 list_del(&match->list);
1125 mutex_unlock(&ebt_mutex);
1126 }
1127
1128 int ebt_register_watcher(struct ebt_watcher *watcher)
1129 {
1130 struct ebt_watcher *w;
1131 int ret;
1132
1133 ret = mutex_lock_interruptible(&ebt_mutex);
1134 if (ret != 0)
1135 return ret;
1136 list_for_each_entry(w, &ebt_watchers, list) {
1137 if (strcmp(w->name, watcher->name) == 0) {
1138 mutex_unlock(&ebt_mutex);
1139 return -EEXIST;
1140 }
1141 }
1142 list_add(&watcher->list, &ebt_watchers);
1143 mutex_unlock(&ebt_mutex);
1144
1145 return 0;
1146 }
1147
1148 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1149 {
1150 mutex_lock(&ebt_mutex);
1151 list_del(&watcher->list);
1152 mutex_unlock(&ebt_mutex);
1153 }
1154
1155 int ebt_register_table(struct ebt_table *table)
1156 {
1157 struct ebt_table_info *newinfo;
1158 struct ebt_table *t;
1159 struct ebt_replace *repl;
1160 int ret, i, countersize;
1161 void *p;
1162
1163 if (!table || !(repl = table->table) || !repl->entries ||
1164 repl->entries_size == 0 ||
1165 repl->counters || table->private) {
1166 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1167 return -EINVAL;
1168 }
1169
1170 countersize = COUNTER_OFFSET(repl->nentries) *
1171 (highest_possible_processor_id()+1);
1172 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1173 ret = -ENOMEM;
1174 if (!newinfo)
1175 return -ENOMEM;
1176
1177 p = vmalloc(repl->entries_size);
1178 if (!p)
1179 goto free_newinfo;
1180
1181 memcpy(p, repl->entries, repl->entries_size);
1182 newinfo->entries = p;
1183
1184 newinfo->entries_size = repl->entries_size;
1185 newinfo->nentries = repl->nentries;
1186
1187 if (countersize)
1188 memset(newinfo->counters, 0, countersize);
1189
1190 /* fill in newinfo and parse the entries */
1191 newinfo->chainstack = NULL;
1192 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1193 if ((repl->valid_hooks & (1 << i)) == 0)
1194 newinfo->hook_entry[i] = NULL;
1195 else
1196 newinfo->hook_entry[i] = p +
1197 ((char *)repl->hook_entry[i] - repl->entries);
1198 }
1199 ret = translate_table(repl->name, newinfo);
1200 if (ret != 0) {
1201 BUGPRINT("Translate_table failed\n");
1202 goto free_chainstack;
1203 }
1204
1205 if (table->check && table->check(newinfo, table->valid_hooks)) {
1206 BUGPRINT("The table doesn't like its own initial data, lol\n");
1207 return -EINVAL;
1208 }
1209
1210 table->private = newinfo;
1211 rwlock_init(&table->lock);
1212 ret = mutex_lock_interruptible(&ebt_mutex);
1213 if (ret != 0)
1214 goto free_chainstack;
1215
1216 list_for_each_entry(t, &ebt_tables, list) {
1217 if (strcmp(t->name, table->name) == 0) {
1218 ret = -EEXIST;
1219 BUGPRINT("Table name already exists\n");
1220 goto free_unlock;
1221 }
1222 }
1223
1224 /* Hold a reference count if the chains aren't empty */
1225 if (newinfo->nentries && !try_module_get(table->me)) {
1226 ret = -ENOENT;
1227 goto free_unlock;
1228 }
1229 list_add(&table->list, &ebt_tables);
1230 mutex_unlock(&ebt_mutex);
1231 return 0;
1232 free_unlock:
1233 mutex_unlock(&ebt_mutex);
1234 free_chainstack:
1235 if (newinfo->chainstack) {
1236 for_each_possible_cpu(i)
1237 vfree(newinfo->chainstack[i]);
1238 vfree(newinfo->chainstack);
1239 }
1240 vfree(newinfo->entries);
1241 free_newinfo:
1242 vfree(newinfo);
1243 return ret;
1244 }
1245
1246 void ebt_unregister_table(struct ebt_table *table)
1247 {
1248 int i;
1249
1250 if (!table) {
1251 BUGPRINT("Request to unregister NULL table!!!\n");
1252 return;
1253 }
1254 mutex_lock(&ebt_mutex);
1255 list_del(&table->list);
1256 mutex_unlock(&ebt_mutex);
1257 vfree(table->private->entries);
1258 if (table->private->chainstack) {
1259 for_each_possible_cpu(i)
1260 vfree(table->private->chainstack[i]);
1261 vfree(table->private->chainstack);
1262 }
1263 vfree(table->private);
1264 }
1265
1266 /* userspace just supplied us with counters */
1267 static int update_counters(void __user *user, unsigned int len)
1268 {
1269 int i, ret;
1270 struct ebt_counter *tmp;
1271 struct ebt_replace hlp;
1272 struct ebt_table *t;
1273
1274 if (copy_from_user(&hlp, user, sizeof(hlp)))
1275 return -EFAULT;
1276
1277 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1278 return -EINVAL;
1279 if (hlp.num_counters == 0)
1280 return -EINVAL;
1281
1282 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1283 MEMPRINT("Update_counters && nomemory\n");
1284 return -ENOMEM;
1285 }
1286
1287 t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1288 if (!t)
1289 goto free_tmp;
1290
1291 if (hlp.num_counters != t->private->nentries) {
1292 BUGPRINT("Wrong nr of counters\n");
1293 ret = -EINVAL;
1294 goto unlock_mutex;
1295 }
1296
1297 if ( copy_from_user(tmp, hlp.counters,
1298 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1299 BUGPRINT("Updata_counters && !cfu\n");
1300 ret = -EFAULT;
1301 goto unlock_mutex;
1302 }
1303
1304 /* we want an atomic add of the counters */
1305 write_lock_bh(&t->lock);
1306
1307 /* we add to the counters of the first cpu */
1308 for (i = 0; i < hlp.num_counters; i++) {
1309 t->private->counters[i].pcnt += tmp[i].pcnt;
1310 t->private->counters[i].bcnt += tmp[i].bcnt;
1311 }
1312
1313 write_unlock_bh(&t->lock);
1314 ret = 0;
1315 unlock_mutex:
1316 mutex_unlock(&ebt_mutex);
1317 free_tmp:
1318 vfree(tmp);
1319 return ret;
1320 }
1321
1322 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1323 char *base, char *ubase)
1324 {
1325 char *hlp = ubase - base + (char *)m;
1326 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1327 return -EFAULT;
1328 return 0;
1329 }
1330
1331 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1332 char *base, char *ubase)
1333 {
1334 char *hlp = ubase - base + (char *)w;
1335 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1336 return -EFAULT;
1337 return 0;
1338 }
1339
1340 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1341 {
1342 int ret;
1343 char *hlp;
1344 struct ebt_entry_target *t;
1345
1346 if (e->bitmask == 0)
1347 return 0;
1348
1349 hlp = ubase - base + (char *)e + e->target_offset;
1350 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1351
1352 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1353 if (ret != 0)
1354 return ret;
1355 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1356 if (ret != 0)
1357 return ret;
1358 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1359 return -EFAULT;
1360 return 0;
1361 }
1362
1363 /* called with ebt_mutex locked */
1364 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1365 int *len, int cmd)
1366 {
1367 struct ebt_replace tmp;
1368 struct ebt_counter *counterstmp, *oldcounters;
1369 unsigned int entries_size, nentries;
1370 char *entries;
1371
1372 if (cmd == EBT_SO_GET_ENTRIES) {
1373 entries_size = t->private->entries_size;
1374 nentries = t->private->nentries;
1375 entries = t->private->entries;
1376 oldcounters = t->private->counters;
1377 } else {
1378 entries_size = t->table->entries_size;
1379 nentries = t->table->nentries;
1380 entries = t->table->entries;
1381 oldcounters = t->table->counters;
1382 }
1383
1384 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1385 BUGPRINT("Cfu didn't work\n");
1386 return -EFAULT;
1387 }
1388
1389 if (*len != sizeof(struct ebt_replace) + entries_size +
1390 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1391 BUGPRINT("Wrong size\n");
1392 return -EINVAL;
1393 }
1394
1395 if (tmp.nentries != nentries) {
1396 BUGPRINT("Nentries wrong\n");
1397 return -EINVAL;
1398 }
1399
1400 if (tmp.entries_size != entries_size) {
1401 BUGPRINT("Wrong size\n");
1402 return -EINVAL;
1403 }
1404
1405 /* userspace might not need the counters */
1406 if (tmp.num_counters) {
1407 if (tmp.num_counters != nentries) {
1408 BUGPRINT("Num_counters wrong\n");
1409 return -EINVAL;
1410 }
1411 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1412 if (!counterstmp) {
1413 MEMPRINT("Couldn't copy counters, out of memory\n");
1414 return -ENOMEM;
1415 }
1416 write_lock_bh(&t->lock);
1417 get_counters(oldcounters, counterstmp, nentries);
1418 write_unlock_bh(&t->lock);
1419
1420 if (copy_to_user(tmp.counters, counterstmp,
1421 nentries * sizeof(struct ebt_counter))) {
1422 BUGPRINT("Couldn't copy counters to userspace\n");
1423 vfree(counterstmp);
1424 return -EFAULT;
1425 }
1426 vfree(counterstmp);
1427 }
1428
1429 if (copy_to_user(tmp.entries, entries, entries_size)) {
1430 BUGPRINT("Couldn't copy entries to userspace\n");
1431 return -EFAULT;
1432 }
1433 /* set the match/watcher/target names right */
1434 return EBT_ENTRY_ITERATE(entries, entries_size,
1435 ebt_make_names, entries, tmp.entries);
1436 }
1437
1438 static int do_ebt_set_ctl(struct sock *sk,
1439 int cmd, void __user *user, unsigned int len)
1440 {
1441 int ret;
1442
1443 switch(cmd) {
1444 case EBT_SO_SET_ENTRIES:
1445 ret = do_replace(user, len);
1446 break;
1447 case EBT_SO_SET_COUNTERS:
1448 ret = update_counters(user, len);
1449 break;
1450 default:
1451 ret = -EINVAL;
1452 }
1453 return ret;
1454 }
1455
1456 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1457 {
1458 int ret;
1459 struct ebt_replace tmp;
1460 struct ebt_table *t;
1461
1462 if (copy_from_user(&tmp, user, sizeof(tmp)))
1463 return -EFAULT;
1464
1465 t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1466 if (!t)
1467 return ret;
1468
1469 switch(cmd) {
1470 case EBT_SO_GET_INFO:
1471 case EBT_SO_GET_INIT_INFO:
1472 if (*len != sizeof(struct ebt_replace)){
1473 ret = -EINVAL;
1474 mutex_unlock(&ebt_mutex);
1475 break;
1476 }
1477 if (cmd == EBT_SO_GET_INFO) {
1478 tmp.nentries = t->private->nentries;
1479 tmp.entries_size = t->private->entries_size;
1480 tmp.valid_hooks = t->valid_hooks;
1481 } else {
1482 tmp.nentries = t->table->nentries;
1483 tmp.entries_size = t->table->entries_size;
1484 tmp.valid_hooks = t->table->valid_hooks;
1485 }
1486 mutex_unlock(&ebt_mutex);
1487 if (copy_to_user(user, &tmp, *len) != 0){
1488 BUGPRINT("c2u Didn't work\n");
1489 ret = -EFAULT;
1490 break;
1491 }
1492 ret = 0;
1493 break;
1494
1495 case EBT_SO_GET_ENTRIES:
1496 case EBT_SO_GET_INIT_ENTRIES:
1497 ret = copy_everything_to_user(t, user, len, cmd);
1498 mutex_unlock(&ebt_mutex);
1499 break;
1500
1501 default:
1502 mutex_unlock(&ebt_mutex);
1503 ret = -EINVAL;
1504 }
1505
1506 return ret;
1507 }
1508
1509 static struct nf_sockopt_ops ebt_sockopts =
1510 {
1511 .pf = PF_INET,
1512 .set_optmin = EBT_BASE_CTL,
1513 .set_optmax = EBT_SO_SET_MAX + 1,
1514 .set = do_ebt_set_ctl,
1515 .get_optmin = EBT_BASE_CTL,
1516 .get_optmax = EBT_SO_GET_MAX + 1,
1517 .get = do_ebt_get_ctl,
1518 };
1519
1520 static int __init ebtables_init(void)
1521 {
1522 int ret;
1523
1524 mutex_lock(&ebt_mutex);
1525 list_add(&ebt_standard_target.list, &ebt_targets);
1526 mutex_unlock(&ebt_mutex);
1527 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1528 return ret;
1529
1530 printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1531 return 0;
1532 }
1533
1534 static void __exit ebtables_fini(void)
1535 {
1536 nf_unregister_sockopt(&ebt_sockopts);
1537 printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1538 }
1539
1540 EXPORT_SYMBOL(ebt_register_table);
1541 EXPORT_SYMBOL(ebt_unregister_table);
1542 EXPORT_SYMBOL(ebt_register_match);
1543 EXPORT_SYMBOL(ebt_unregister_match);
1544 EXPORT_SYMBOL(ebt_register_watcher);
1545 EXPORT_SYMBOL(ebt_unregister_watcher);
1546 EXPORT_SYMBOL(ebt_register_target);
1547 EXPORT_SYMBOL(ebt_unregister_target);
1548 EXPORT_SYMBOL(ebt_do_table);
1549 module_init(ebtables_init);
1550 module_exit(ebtables_fini);
1551 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.11186 seconds and 5 git commands to generate.