projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netfilter: add struct net * to target parameters
[deliverable/linux.git] / net / bridge / netfilter / ebtables.c
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34 "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37 ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43 * Each cpu has its own set of counters, so there is no need for write_lock in
44 * the softirq
45 * For reading or updating the counters, the user context needs to
46 * get a write_lock
47 */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53 COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58
59 static struct xt_target ebt_standard_target = {
60 .name = "standard",
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
63 .targetsize = sizeof(int),
64 };
65
66 static inline int
67 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68 struct xt_target_param *par)
69 {
70 par->target = w->u.watcher;
71 par->targinfo = w->data;
72 w->u.watcher->target(skb, par);
73 /* watchers don't give a verdict */
74 return 0;
75 }
76
77 static inline int ebt_do_match (struct ebt_entry_match *m,
78 const struct sk_buff *skb, struct xt_match_param *par)
79 {
80 par->match = m->u.match;
81 par->matchinfo = m->data;
82 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
83 }
84
85 static inline int ebt_dev_check(char *entry, const struct net_device *device)
86 {
87 int i = 0;
88 const char *devname;
89
90 if (*entry == '\0')
91 return 0;
92 if (!device)
93 return 1;
94 devname = device->name;
95 /* 1 is the wildcard token */
96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97 i++;
98 return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104 const struct net_device *in, const struct net_device *out)
105 {
106 int verdict, i;
107
108 if (e->bitmask & EBT_802_3) {
109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110 return 1;
111 } else if (!(e->bitmask & EBT_NOPROTO) &&
112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113 return 1;
114
115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116 return 1;
117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118 return 1;
119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121 return 1;
122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124 return 1;
125
126 if (e->bitmask & EBT_SOURCEMAC) {
127 verdict = 0;
128 for (i = 0; i < 6; i++)
129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130 e->sourcemsk[i];
131 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132 return 1;
133 }
134 if (e->bitmask & EBT_DESTMAC) {
135 verdict = 0;
136 for (i = 0; i < 6; i++)
137 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138 e->destmsk[i];
139 if (FWINV2(verdict != 0, EBT_IDEST) )
140 return 1;
141 }
142 return 0;
143 }
144
145 static inline __pure
146 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
147 {
148 return (void *)entry + entry->next_offset;
149 }
150
151 /* Do some firewalling */
152 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
153 const struct net_device *in, const struct net_device *out,
154 struct ebt_table *table)
155 {
156 int i, nentries;
157 struct ebt_entry *point;
158 struct ebt_counter *counter_base, *cb_base;
159 struct ebt_entry_target *t;
160 int verdict, sp = 0;
161 struct ebt_chainstack *cs;
162 struct ebt_entries *chaininfo;
163 char *base;
164 struct ebt_table_info *private;
165 bool hotdrop = false;
166 struct xt_match_param mtpar;
167 struct xt_target_param tgpar;
168
169 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
170 mtpar.in = tgpar.in = in;
171 mtpar.out = tgpar.out = out;
172 mtpar.hotdrop = &hotdrop;
173 mtpar.hooknum = tgpar.hooknum = hook;
174
175 read_lock_bh(&table->lock);
176 private = table->private;
177 cb_base = COUNTER_BASE(private->counters, private->nentries,
178 smp_processor_id());
179 if (private->chainstack)
180 cs = private->chainstack[smp_processor_id()];
181 else
182 cs = NULL;
183 chaininfo = private->hook_entry[hook];
184 nentries = private->hook_entry[hook]->nentries;
185 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
186 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
187 /* base for chain jumps */
188 base = private->entries;
189 i = 0;
190 while (i < nentries) {
191 if (ebt_basic_match(point, eth_hdr(skb), in, out))
192 goto letscontinue;
193
194 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
195 goto letscontinue;
196 if (hotdrop) {
197 read_unlock_bh(&table->lock);
198 return NF_DROP;
199 }
200
201 /* increase counter */
202 (*(counter_base + i)).pcnt++;
203 (*(counter_base + i)).bcnt += skb->len;
204
205 /* these should only watch: not modify, nor tell us
206 what to do with the packet */
207 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
208
209 t = (struct ebt_entry_target *)
210 (((char *)point) + point->target_offset);
211 /* standard target */
212 if (!t->u.target->target)
213 verdict = ((struct ebt_standard_target *)t)->verdict;
214 else {
215 tgpar.target = t->u.target;
216 tgpar.targinfo = t->data;
217 verdict = t->u.target->target(skb, &tgpar);
218 }
219 if (verdict == EBT_ACCEPT) {
220 read_unlock_bh(&table->lock);
221 return NF_ACCEPT;
222 }
223 if (verdict == EBT_DROP) {
224 read_unlock_bh(&table->lock);
225 return NF_DROP;
226 }
227 if (verdict == EBT_RETURN) {
228 letsreturn:
229 #ifdef CONFIG_NETFILTER_DEBUG
230 if (sp == 0) {
231 BUGPRINT("RETURN on base chain");
232 /* act like this is EBT_CONTINUE */
233 goto letscontinue;
234 }
235 #endif
236 sp--;
237 /* put all the local variables right */
238 i = cs[sp].n;
239 chaininfo = cs[sp].chaininfo;
240 nentries = chaininfo->nentries;
241 point = cs[sp].e;
242 counter_base = cb_base +
243 chaininfo->counter_offset;
244 continue;
245 }
246 if (verdict == EBT_CONTINUE)
247 goto letscontinue;
248 #ifdef CONFIG_NETFILTER_DEBUG
249 if (verdict < 0) {
250 BUGPRINT("bogus standard verdict\n");
251 read_unlock_bh(&table->lock);
252 return NF_DROP;
253 }
254 #endif
255 /* jump to a udc */
256 cs[sp].n = i + 1;
257 cs[sp].chaininfo = chaininfo;
258 cs[sp].e = ebt_next_entry(point);
259 i = 0;
260 chaininfo = (struct ebt_entries *) (base + verdict);
261 #ifdef CONFIG_NETFILTER_DEBUG
262 if (chaininfo->distinguisher) {
263 BUGPRINT("jump to non-chain\n");
264 read_unlock_bh(&table->lock);
265 return NF_DROP;
266 }
267 #endif
268 nentries = chaininfo->nentries;
269 point = (struct ebt_entry *)chaininfo->data;
270 counter_base = cb_base + chaininfo->counter_offset;
271 sp++;
272 continue;
273 letscontinue:
274 point = ebt_next_entry(point);
275 i++;
276 }
277
278 /* I actually like this :) */
279 if (chaininfo->policy == EBT_RETURN)
280 goto letsreturn;
281 if (chaininfo->policy == EBT_ACCEPT) {
282 read_unlock_bh(&table->lock);
283 return NF_ACCEPT;
284 }
285 read_unlock_bh(&table->lock);
286 return NF_DROP;
287 }
288
289 /* If it succeeds, returns element and locks mutex */
290 static inline void *
291 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
292 struct mutex *mutex)
293 {
294 struct {
295 struct list_head list;
296 char name[EBT_FUNCTION_MAXNAMELEN];
297 } *e;
298
299 *error = mutex_lock_interruptible(mutex);
300 if (*error != 0)
301 return NULL;
302
303 list_for_each_entry(e, head, list) {
304 if (strcmp(e->name, name) == 0)
305 return e;
306 }
307 *error = -ENOENT;
308 mutex_unlock(mutex);
309 return NULL;
310 }
311
312 static void *
313 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
314 int *error, struct mutex *mutex)
315 {
316 return try_then_request_module(
317 find_inlist_lock_noload(head, name, error, mutex),
318 "%s%s", prefix, name);
319 }
320
321 static inline struct ebt_table *
322 find_table_lock(struct net *net, const char *name, int *error,
323 struct mutex *mutex)
324 {
325 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
326 "ebtable_", error, mutex);
327 }
328
329 static inline int
330 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
331 unsigned int *cnt)
332 {
333 const struct ebt_entry *e = par->entryinfo;
334 struct xt_match *match;
335 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
336 int ret;
337
338 if (left < sizeof(struct ebt_entry_match) ||
339 left - sizeof(struct ebt_entry_match) < m->match_size)
340 return -EINVAL;
341
342 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
343 m->u.name, 0), "ebt_%s", m->u.name);
344 if (IS_ERR(match))
345 return PTR_ERR(match);
346 if (match == NULL)
347 return -ENOENT;
348 m->u.match = match;
349
350 par->match = match;
351 par->matchinfo = m->data;
352 ret = xt_check_match(par, m->match_size,
353 e->ethproto, e->invflags & EBT_IPROTO);
354 if (ret < 0) {
355 module_put(match->me);
356 return ret;
357 }
358
359 (*cnt)++;
360 return 0;
361 }
362
363 static inline int
364 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
365 unsigned int *cnt)
366 {
367 const struct ebt_entry *e = par->entryinfo;
368 struct xt_target *watcher;
369 size_t left = ((char *)e + e->target_offset) - (char *)w;
370 int ret;
371
372 if (left < sizeof(struct ebt_entry_watcher) ||
373 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
374 return -EINVAL;
375
376 watcher = try_then_request_module(
377 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
378 "ebt_%s", w->u.name);
379 if (IS_ERR(watcher))
380 return PTR_ERR(watcher);
381 if (watcher == NULL)
382 return -ENOENT;
383 w->u.watcher = watcher;
384
385 par->target = watcher;
386 par->targinfo = w->data;
387 ret = xt_check_target(par, w->watcher_size,
388 e->ethproto, e->invflags & EBT_IPROTO);
389 if (ret < 0) {
390 module_put(watcher->me);
391 return ret;
392 }
393
394 (*cnt)++;
395 return 0;
396 }
397
398 static int ebt_verify_pointers(struct ebt_replace *repl,
399 struct ebt_table_info *newinfo)
400 {
401 unsigned int limit = repl->entries_size;
402 unsigned int valid_hooks = repl->valid_hooks;
403 unsigned int offset = 0;
404 int i;
405
406 for (i = 0; i < NF_BR_NUMHOOKS; i++)
407 newinfo->hook_entry[i] = NULL;
408
409 newinfo->entries_size = repl->entries_size;
410 newinfo->nentries = repl->nentries;
411
412 while (offset < limit) {
413 size_t left = limit - offset;
414 struct ebt_entry *e = (void *)newinfo->entries + offset;
415
416 if (left < sizeof(unsigned int))
417 break;
418
419 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
420 if ((valid_hooks & (1 << i)) == 0)
421 continue;
422 if ((char __user *)repl->hook_entry[i] ==
423 repl->entries + offset)
424 break;
425 }
426
427 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
428 if (e->bitmask != 0) {
429 /* we make userspace set this right,
430 so there is no misunderstanding */
431 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
432 "in distinguisher\n");
433 return -EINVAL;
434 }
435 if (i != NF_BR_NUMHOOKS)
436 newinfo->hook_entry[i] = (struct ebt_entries *)e;
437 if (left < sizeof(struct ebt_entries))
438 break;
439 offset += sizeof(struct ebt_entries);
440 } else {
441 if (left < sizeof(struct ebt_entry))
442 break;
443 if (left < e->next_offset)
444 break;
445 offset += e->next_offset;
446 }
447 }
448 if (offset != limit) {
449 BUGPRINT("entries_size too small\n");
450 return -EINVAL;
451 }
452
453 /* check if all valid hooks have a chain */
454 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
455 if (!newinfo->hook_entry[i] &&
456 (valid_hooks & (1 << i))) {
457 BUGPRINT("Valid hook without chain\n");
458 return -EINVAL;
459 }
460 }
461 return 0;
462 }
463
464 /*
465 * this one is very careful, as it is the first function
466 * to parse the userspace data
467 */
468 static inline int
469 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
470 struct ebt_table_info *newinfo,
471 unsigned int *n, unsigned int *cnt,
472 unsigned int *totalcnt, unsigned int *udc_cnt)
473 {
474 int i;
475
476 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
477 if ((void *)e == (void *)newinfo->hook_entry[i])
478 break;
479 }
480 /* beginning of a new chain
481 if i == NF_BR_NUMHOOKS it must be a user defined chain */
482 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
483 /* this checks if the previous chain has as many entries
484 as it said it has */
485 if (*n != *cnt) {
486 BUGPRINT("nentries does not equal the nr of entries "
487 "in the chain\n");
488 return -EINVAL;
489 }
490 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492 /* only RETURN from udc */
493 if (i != NF_BR_NUMHOOKS ||
494 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495 BUGPRINT("bad policy\n");
496 return -EINVAL;
497 }
498 }
499 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500 (*udc_cnt)++;
501 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502 BUGPRINT("counter_offset != totalcnt");
503 return -EINVAL;
504 }
505 *n = ((struct ebt_entries *)e)->nentries;
506 *cnt = 0;
507 return 0;
508 }
509 /* a plain old entry, heh */
510 if (sizeof(struct ebt_entry) > e->watchers_offset ||
511 e->watchers_offset > e->target_offset ||
512 e->target_offset >= e->next_offset) {
513 BUGPRINT("entry offsets not in right order\n");
514 return -EINVAL;
515 }
516 /* this is not checked anywhere else */
517 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518 BUGPRINT("target size too small\n");
519 return -EINVAL;
520 }
521 (*cnt)++;
522 (*totalcnt)++;
523 return 0;
524 }
525
526 struct ebt_cl_stack
527 {
528 struct ebt_chainstack cs;
529 int from;
530 unsigned int hookmask;
531 };
532
533 /*
534 * we need these positions to check that the jumps to a different part of the
535 * entries is a jump to the beginning of a new chain.
536 */
537 static inline int
538 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
539 unsigned int *n, struct ebt_cl_stack *udc)
540 {
541 int i;
542
543 /* we're only interested in chain starts */
544 if (e->bitmask)
545 return 0;
546 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
547 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
548 break;
549 }
550 /* only care about udc */
551 if (i != NF_BR_NUMHOOKS)
552 return 0;
553
554 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
555 /* these initialisations are depended on later in check_chainloops() */
556 udc[*n].cs.n = 0;
557 udc[*n].hookmask = 0;
558
559 (*n)++;
560 return 0;
561 }
562
563 static inline int
564 ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
565 {
566 struct xt_mtdtor_param par;
567
568 if (i && (*i)-- == 0)
569 return 1;
570
571 par.net = net;
572 par.match = m->u.match;
573 par.matchinfo = m->data;
574 par.family = NFPROTO_BRIDGE;
575 if (par.match->destroy != NULL)
576 par.match->destroy(&par);
577 module_put(par.match->me);
578 return 0;
579 }
580
581 static inline int
582 ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
583 {
584 struct xt_tgdtor_param par;
585
586 if (i && (*i)-- == 0)
587 return 1;
588
589 par.net = net;
590 par.target = w->u.watcher;
591 par.targinfo = w->data;
592 par.family = NFPROTO_BRIDGE;
593 if (par.target->destroy != NULL)
594 par.target->destroy(&par);
595 module_put(par.target->me);
596 return 0;
597 }
598
599 static inline int
600 ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
601 {
602 struct xt_tgdtor_param par;
603 struct ebt_entry_target *t;
604
605 if (e->bitmask == 0)
606 return 0;
607 /* we're done */
608 if (cnt && (*cnt)-- == 0)
609 return 1;
610 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
611 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
612 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
613
614 par.net = net;
615 par.target = t->u.target;
616 par.targinfo = t->data;
617 par.family = NFPROTO_BRIDGE;
618 if (par.target->destroy != NULL)
619 par.target->destroy(&par);
620 module_put(par.target->me);
621 return 0;
622 }
623
624 static inline int
625 ebt_check_entry(struct ebt_entry *e,
626 struct net *net,
627 struct ebt_table_info *newinfo,
628 const char *name, unsigned int *cnt,
629 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
630 {
631 struct ebt_entry_target *t;
632 struct xt_target *target;
633 unsigned int i, j, hook = 0, hookmask = 0;
634 size_t gap;
635 int ret;
636 struct xt_mtchk_param mtpar;
637 struct xt_tgchk_param tgpar;
638
639 /* don't mess with the struct ebt_entries */
640 if (e->bitmask == 0)
641 return 0;
642
643 if (e->bitmask & ~EBT_F_MASK) {
644 BUGPRINT("Unknown flag for bitmask\n");
645 return -EINVAL;
646 }
647 if (e->invflags & ~EBT_INV_MASK) {
648 BUGPRINT("Unknown flag for inv bitmask\n");
649 return -EINVAL;
650 }
651 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
652 BUGPRINT("NOPROTO & 802_3 not allowed\n");
653 return -EINVAL;
654 }
655 /* what hook do we belong to? */
656 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
657 if (!newinfo->hook_entry[i])
658 continue;
659 if ((char *)newinfo->hook_entry[i] < (char *)e)
660 hook = i;
661 else
662 break;
663 }
664 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
665 a base chain */
666 if (i < NF_BR_NUMHOOKS)
667 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
668 else {
669 for (i = 0; i < udc_cnt; i++)
670 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
671 break;
672 if (i == 0)
673 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
674 else
675 hookmask = cl_s[i - 1].hookmask;
676 }
677 i = 0;
678
679 mtpar.net = tgpar.net = net;
680 mtpar.table = tgpar.table = name;
681 mtpar.entryinfo = tgpar.entryinfo = e;
682 mtpar.hook_mask = tgpar.hook_mask = hookmask;
683 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
684 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
685 if (ret != 0)
686 goto cleanup_matches;
687 j = 0;
688 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
689 if (ret != 0)
690 goto cleanup_watchers;
691 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
692 gap = e->next_offset - e->target_offset;
693
694 target = try_then_request_module(
695 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
696 "ebt_%s", t->u.name);
697 if (IS_ERR(target)) {
698 ret = PTR_ERR(target);
699 goto cleanup_watchers;
700 } else if (target == NULL) {
701 ret = -ENOENT;
702 goto cleanup_watchers;
703 }
704
705 t->u.target = target;
706 if (t->u.target == &ebt_standard_target) {
707 if (gap < sizeof(struct ebt_standard_target)) {
708 BUGPRINT("Standard target size too big\n");
709 ret = -EFAULT;
710 goto cleanup_watchers;
711 }
712 if (((struct ebt_standard_target *)t)->verdict <
713 -NUM_STANDARD_TARGETS) {
714 BUGPRINT("Invalid standard target\n");
715 ret = -EFAULT;
716 goto cleanup_watchers;
717 }
718 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
719 module_put(t->u.target->me);
720 ret = -EFAULT;
721 goto cleanup_watchers;
722 }
723
724 tgpar.target = target;
725 tgpar.targinfo = t->data;
726 ret = xt_check_target(&tgpar, t->target_size,
727 e->ethproto, e->invflags & EBT_IPROTO);
728 if (ret < 0) {
729 module_put(target->me);
730 goto cleanup_watchers;
731 }
732 (*cnt)++;
733 return 0;
734 cleanup_watchers:
735 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
736 cleanup_matches:
737 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
738 return ret;
739 }
740
741 /*
742 * checks for loops and sets the hook mask for udc
743 * the hook mask for udc tells us from which base chains the udc can be
744 * accessed. This mask is a parameter to the check() functions of the extensions
745 */
746 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
747 unsigned int udc_cnt, unsigned int hooknr, char *base)
748 {
749 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
750 struct ebt_entry *e = (struct ebt_entry *)chain->data;
751 struct ebt_entry_target *t;
752
753 while (pos < nentries || chain_nr != -1) {
754 /* end of udc, go back one 'recursion' step */
755 if (pos == nentries) {
756 /* put back values of the time when this chain was called */
757 e = cl_s[chain_nr].cs.e;
758 if (cl_s[chain_nr].from != -1)
759 nentries =
760 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
761 else
762 nentries = chain->nentries;
763 pos = cl_s[chain_nr].cs.n;
764 /* make sure we won't see a loop that isn't one */
765 cl_s[chain_nr].cs.n = 0;
766 chain_nr = cl_s[chain_nr].from;
767 if (pos == nentries)
768 continue;
769 }
770 t = (struct ebt_entry_target *)
771 (((char *)e) + e->target_offset);
772 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
773 goto letscontinue;
774 if (e->target_offset + sizeof(struct ebt_standard_target) >
775 e->next_offset) {
776 BUGPRINT("Standard target size too big\n");
777 return -1;
778 }
779 verdict = ((struct ebt_standard_target *)t)->verdict;
780 if (verdict >= 0) { /* jump to another chain */
781 struct ebt_entries *hlp2 =
782 (struct ebt_entries *)(base + verdict);
783 for (i = 0; i < udc_cnt; i++)
784 if (hlp2 == cl_s[i].cs.chaininfo)
785 break;
786 /* bad destination or loop */
787 if (i == udc_cnt) {
788 BUGPRINT("bad destination\n");
789 return -1;
790 }
791 if (cl_s[i].cs.n) {
792 BUGPRINT("loop\n");
793 return -1;
794 }
795 if (cl_s[i].hookmask & (1 << hooknr))
796 goto letscontinue;
797 /* this can't be 0, so the loop test is correct */
798 cl_s[i].cs.n = pos + 1;
799 pos = 0;
800 cl_s[i].cs.e = ebt_next_entry(e);
801 e = (struct ebt_entry *)(hlp2->data);
802 nentries = hlp2->nentries;
803 cl_s[i].from = chain_nr;
804 chain_nr = i;
805 /* this udc is accessible from the base chain for hooknr */
806 cl_s[i].hookmask |= (1 << hooknr);
807 continue;
808 }
809 letscontinue:
810 e = ebt_next_entry(e);
811 pos++;
812 }
813 return 0;
814 }
815
816 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
817 static int translate_table(struct net *net, char *name,
818 struct ebt_table_info *newinfo)
819 {
820 unsigned int i, j, k, udc_cnt;
821 int ret;
822 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
823
824 i = 0;
825 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
826 i++;
827 if (i == NF_BR_NUMHOOKS) {
828 BUGPRINT("No valid hooks specified\n");
829 return -EINVAL;
830 }
831 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
832 BUGPRINT("Chains don't start at beginning\n");
833 return -EINVAL;
834 }
835 /* make sure chains are ordered after each other in same order
836 as their corresponding hooks */
837 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
838 if (!newinfo->hook_entry[j])
839 continue;
840 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
841 BUGPRINT("Hook order must be followed\n");
842 return -EINVAL;
843 }
844 i = j;
845 }
846
847 /* do some early checkings and initialize some things */
848 i = 0; /* holds the expected nr. of entries for the chain */
849 j = 0; /* holds the up to now counted entries for the chain */
850 k = 0; /* holds the total nr. of entries, should equal
851 newinfo->nentries afterwards */
852 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
853 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
854 ebt_check_entry_size_and_hooks, newinfo,
855 &i, &j, &k, &udc_cnt);
856
857 if (ret != 0)
858 return ret;
859
860 if (i != j) {
861 BUGPRINT("nentries does not equal the nr of entries in the "
862 "(last) chain\n");
863 return -EINVAL;
864 }
865 if (k != newinfo->nentries) {
866 BUGPRINT("Total nentries is wrong\n");
867 return -EINVAL;
868 }
869
870 /* get the location of the udc, put them in an array
871 while we're at it, allocate the chainstack */
872 if (udc_cnt) {
873 /* this will get free'd in do_replace()/ebt_register_table()
874 if an error occurs */
875 newinfo->chainstack =
876 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
877 if (!newinfo->chainstack)
878 return -ENOMEM;
879 for_each_possible_cpu(i) {
880 newinfo->chainstack[i] =
881 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
882 if (!newinfo->chainstack[i]) {
883 while (i)
884 vfree(newinfo->chainstack[--i]);
885 vfree(newinfo->chainstack);
886 newinfo->chainstack = NULL;
887 return -ENOMEM;
888 }
889 }
890
891 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
892 if (!cl_s)
893 return -ENOMEM;
894 i = 0; /* the i'th udc */
895 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
896 ebt_get_udc_positions, newinfo, &i, cl_s);
897 /* sanity check */
898 if (i != udc_cnt) {
899 BUGPRINT("i != udc_cnt\n");
900 vfree(cl_s);
901 return -EFAULT;
902 }
903 }
904
905 /* Check for loops */
906 for (i = 0; i < NF_BR_NUMHOOKS; i++)
907 if (newinfo->hook_entry[i])
908 if (check_chainloops(newinfo->hook_entry[i],
909 cl_s, udc_cnt, i, newinfo->entries)) {
910 vfree(cl_s);
911 return -EINVAL;
912 }
913
914 /* we now know the following (along with E=mc²):
915 - the nr of entries in each chain is right
916 - the size of the allocated space is right
917 - all valid hooks have a corresponding chain
918 - there are no loops
919 - wrong data can still be on the level of a single entry
920 - could be there are jumps to places that are not the
921 beginning of a chain. This can only occur in chains that
922 are not accessible from any base chains, so we don't care. */
923
924 /* used to know what we need to clean up if something goes wrong */
925 i = 0;
926 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
927 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
928 if (ret != 0) {
929 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
930 ebt_cleanup_entry, net, &i);
931 }
932 vfree(cl_s);
933 return ret;
934 }
935
936 /* called under write_lock */
937 static void get_counters(struct ebt_counter *oldcounters,
938 struct ebt_counter *counters, unsigned int nentries)
939 {
940 int i, cpu;
941 struct ebt_counter *counter_base;
942
943 /* counters of cpu 0 */
944 memcpy(counters, oldcounters,
945 sizeof(struct ebt_counter) * nentries);
946
947 /* add other counters to those of cpu 0 */
948 for_each_possible_cpu(cpu) {
949 if (cpu == 0)
950 continue;
951 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
952 for (i = 0; i < nentries; i++) {
953 counters[i].pcnt += counter_base[i].pcnt;
954 counters[i].bcnt += counter_base[i].bcnt;
955 }
956 }
957 }
958
959 /* replace the table */
960 static int do_replace(struct net *net, void __user *user, unsigned int len)
961 {
962 int ret, i, countersize;
963 struct ebt_table_info *newinfo;
964 struct ebt_replace tmp;
965 struct ebt_table *t;
966 struct ebt_counter *counterstmp = NULL;
967 /* used to be able to unlock earlier */
968 struct ebt_table_info *table;
969
970 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
971 return -EFAULT;
972
973 if (len != sizeof(tmp) + tmp.entries_size) {
974 BUGPRINT("Wrong len argument\n");
975 return -EINVAL;
976 }
977
978 if (tmp.entries_size == 0) {
979 BUGPRINT("Entries_size never zero\n");
980 return -EINVAL;
981 }
982 /* overflow check */
983 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
984 SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
985 return -ENOMEM;
986 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
987 return -ENOMEM;
988
989 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
990 newinfo = vmalloc(sizeof(*newinfo) + countersize);
991 if (!newinfo)
992 return -ENOMEM;
993
994 if (countersize)
995 memset(newinfo->counters, 0, countersize);
996
997 newinfo->entries = vmalloc(tmp.entries_size);
998 if (!newinfo->entries) {
999 ret = -ENOMEM;
1000 goto free_newinfo;
1001 }
1002 if (copy_from_user(
1003 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1004 BUGPRINT("Couldn't copy entries from userspace\n");
1005 ret = -EFAULT;
1006 goto free_entries;
1007 }
1008
1009 /* the user wants counters back
1010 the check on the size is done later, when we have the lock */
1011 if (tmp.num_counters) {
1012 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1013 if (!counterstmp) {
1014 ret = -ENOMEM;
1015 goto free_entries;
1016 }
1017 }
1018 else
1019 counterstmp = NULL;
1020
1021 /* this can get initialized by translate_table() */
1022 newinfo->chainstack = NULL;
1023 ret = ebt_verify_pointers(&tmp, newinfo);
1024 if (ret != 0)
1025 goto free_counterstmp;
1026
1027 ret = translate_table(net, tmp.name, newinfo);
1028
1029 if (ret != 0)
1030 goto free_counterstmp;
1031
1032 t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1033 if (!t) {
1034 ret = -ENOENT;
1035 goto free_iterate;
1036 }
1037
1038 /* the table doesn't like it */
1039 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1040 goto free_unlock;
1041
1042 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1043 BUGPRINT("Wrong nr. of counters requested\n");
1044 ret = -EINVAL;
1045 goto free_unlock;
1046 }
1047
1048 /* we have the mutex lock, so no danger in reading this pointer */
1049 table = t->private;
1050 /* make sure the table can only be rmmod'ed if it contains no rules */
1051 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1052 ret = -ENOENT;
1053 goto free_unlock;
1054 } else if (table->nentries && !newinfo->nentries)
1055 module_put(t->me);
1056 /* we need an atomic snapshot of the counters */
1057 write_lock_bh(&t->lock);
1058 if (tmp.num_counters)
1059 get_counters(t->private->counters, counterstmp,
1060 t->private->nentries);
1061
1062 t->private = newinfo;
1063 write_unlock_bh(&t->lock);
1064 mutex_unlock(&ebt_mutex);
1065 /* so, a user can change the chains while having messed up her counter
1066 allocation. Only reason why this is done is because this way the lock
1067 is held only once, while this doesn't bring the kernel into a
1068 dangerous state. */
1069 if (tmp.num_counters &&
1070 copy_to_user(tmp.counters, counterstmp,
1071 tmp.num_counters * sizeof(struct ebt_counter))) {
1072 BUGPRINT("Couldn't copy counters to userspace\n");
1073 ret = -EFAULT;
1074 }
1075 else
1076 ret = 0;
1077
1078 /* decrease module count and free resources */
1079 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1080 ebt_cleanup_entry, net, NULL);
1081
1082 vfree(table->entries);
1083 if (table->chainstack) {
1084 for_each_possible_cpu(i)
1085 vfree(table->chainstack[i]);
1086 vfree(table->chainstack);
1087 }
1088 vfree(table);
1089
1090 vfree(counterstmp);
1091 return ret;
1092
1093 free_unlock:
1094 mutex_unlock(&ebt_mutex);
1095 free_iterate:
1096 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1097 ebt_cleanup_entry, net, NULL);
1098 free_counterstmp:
1099 vfree(counterstmp);
1100 /* can be initialized in translate_table() */
1101 if (newinfo->chainstack) {
1102 for_each_possible_cpu(i)
1103 vfree(newinfo->chainstack[i]);
1104 vfree(newinfo->chainstack);
1105 }
1106 free_entries:
1107 vfree(newinfo->entries);
1108 free_newinfo:
1109 vfree(newinfo);
1110 return ret;
1111 }
1112
1113 struct ebt_table *
1114 ebt_register_table(struct net *net, const struct ebt_table *input_table)
1115 {
1116 struct ebt_table_info *newinfo;
1117 struct ebt_table *t, *table;
1118 struct ebt_replace_kernel *repl;
1119 int ret, i, countersize;
1120 void *p;
1121
1122 if (input_table == NULL || (repl = input_table->table) == NULL ||
1123 repl->entries == 0 || repl->entries_size == 0 ||
1124 repl->counters != NULL || input_table->private != NULL) {
1125 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1126 return ERR_PTR(-EINVAL);
1127 }
1128
1129 /* Don't add one table to multiple lists. */
1130 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1131 if (!table) {
1132 ret = -ENOMEM;
1133 goto out;
1134 }
1135
1136 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1137 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1138 ret = -ENOMEM;
1139 if (!newinfo)
1140 goto free_table;
1141
1142 p = vmalloc(repl->entries_size);
1143 if (!p)
1144 goto free_newinfo;
1145
1146 memcpy(p, repl->entries, repl->entries_size);
1147 newinfo->entries = p;
1148
1149 newinfo->entries_size = repl->entries_size;
1150 newinfo->nentries = repl->nentries;
1151
1152 if (countersize)
1153 memset(newinfo->counters, 0, countersize);
1154
1155 /* fill in newinfo and parse the entries */
1156 newinfo->chainstack = NULL;
1157 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1158 if ((repl->valid_hooks & (1 << i)) == 0)
1159 newinfo->hook_entry[i] = NULL;
1160 else
1161 newinfo->hook_entry[i] = p +
1162 ((char *)repl->hook_entry[i] - repl->entries);
1163 }
1164 ret = translate_table(net, repl->name, newinfo);
1165 if (ret != 0) {
1166 BUGPRINT("Translate_table failed\n");
1167 goto free_chainstack;
1168 }
1169
1170 if (table->check && table->check(newinfo, table->valid_hooks)) {
1171 BUGPRINT("The table doesn't like its own initial data, lol\n");
1172 return ERR_PTR(-EINVAL);
1173 }
1174
1175 table->private = newinfo;
1176 rwlock_init(&table->lock);
1177 ret = mutex_lock_interruptible(&ebt_mutex);
1178 if (ret != 0)
1179 goto free_chainstack;
1180
1181 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1182 if (strcmp(t->name, table->name) == 0) {
1183 ret = -EEXIST;
1184 BUGPRINT("Table name already exists\n");
1185 goto free_unlock;
1186 }
1187 }
1188
1189 /* Hold a reference count if the chains aren't empty */
1190 if (newinfo->nentries && !try_module_get(table->me)) {
1191 ret = -ENOENT;
1192 goto free_unlock;
1193 }
1194 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1195 mutex_unlock(&ebt_mutex);
1196 return table;
1197 free_unlock:
1198 mutex_unlock(&ebt_mutex);
1199 free_chainstack:
1200 if (newinfo->chainstack) {
1201 for_each_possible_cpu(i)
1202 vfree(newinfo->chainstack[i]);
1203 vfree(newinfo->chainstack);
1204 }
1205 vfree(newinfo->entries);
1206 free_newinfo:
1207 vfree(newinfo);
1208 free_table:
1209 kfree(table);
1210 out:
1211 return ERR_PTR(ret);
1212 }
1213
1214 void ebt_unregister_table(struct net *net, struct ebt_table *table)
1215 {
1216 int i;
1217
1218 if (!table) {
1219 BUGPRINT("Request to unregister NULL table!!!\n");
1220 return;
1221 }
1222 mutex_lock(&ebt_mutex);
1223 list_del(&table->list);
1224 mutex_unlock(&ebt_mutex);
1225 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1226 ebt_cleanup_entry, net, NULL);
1227 if (table->private->nentries)
1228 module_put(table->me);
1229 vfree(table->private->entries);
1230 if (table->private->chainstack) {
1231 for_each_possible_cpu(i)
1232 vfree(table->private->chainstack[i]);
1233 vfree(table->private->chainstack);
1234 }
1235 vfree(table->private);
1236 kfree(table);
1237 }
1238
1239 /* userspace just supplied us with counters */
1240 static int update_counters(struct net *net, void __user *user, unsigned int len)
1241 {
1242 int i, ret;
1243 struct ebt_counter *tmp;
1244 struct ebt_replace hlp;
1245 struct ebt_table *t;
1246
1247 if (copy_from_user(&hlp, user, sizeof(hlp)))
1248 return -EFAULT;
1249
1250 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1251 return -EINVAL;
1252 if (hlp.num_counters == 0)
1253 return -EINVAL;
1254
1255 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1256 MEMPRINT("Update_counters && nomemory\n");
1257 return -ENOMEM;
1258 }
1259
1260 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1261 if (!t)
1262 goto free_tmp;
1263
1264 if (hlp.num_counters != t->private->nentries) {
1265 BUGPRINT("Wrong nr of counters\n");
1266 ret = -EINVAL;
1267 goto unlock_mutex;
1268 }
1269
1270 if ( copy_from_user(tmp, hlp.counters,
1271 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1272 BUGPRINT("Updata_counters && !cfu\n");
1273 ret = -EFAULT;
1274 goto unlock_mutex;
1275 }
1276
1277 /* we want an atomic add of the counters */
1278 write_lock_bh(&t->lock);
1279
1280 /* we add to the counters of the first cpu */
1281 for (i = 0; i < hlp.num_counters; i++) {
1282 t->private->counters[i].pcnt += tmp[i].pcnt;
1283 t->private->counters[i].bcnt += tmp[i].bcnt;
1284 }
1285
1286 write_unlock_bh(&t->lock);
1287 ret = 0;
1288 unlock_mutex:
1289 mutex_unlock(&ebt_mutex);
1290 free_tmp:
1291 vfree(tmp);
1292 return ret;
1293 }
1294
1295 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1296 char *base, char __user *ubase)
1297 {
1298 char __user *hlp = ubase + ((char *)m - base);
1299 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1300 return -EFAULT;
1301 return 0;
1302 }
1303
1304 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1305 char *base, char __user *ubase)
1306 {
1307 char __user *hlp = ubase + ((char *)w - base);
1308 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1309 return -EFAULT;
1310 return 0;
1311 }
1312
1313 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1314 {
1315 int ret;
1316 char __user *hlp;
1317 struct ebt_entry_target *t;
1318
1319 if (e->bitmask == 0)
1320 return 0;
1321
1322 hlp = ubase + (((char *)e + e->target_offset) - base);
1323 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1324
1325 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1326 if (ret != 0)
1327 return ret;
1328 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1329 if (ret != 0)
1330 return ret;
1331 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1332 return -EFAULT;
1333 return 0;
1334 }
1335
1336 /* called with ebt_mutex locked */
1337 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1338 int *len, int cmd)
1339 {
1340 struct ebt_replace tmp;
1341 struct ebt_counter *counterstmp, *oldcounters;
1342 unsigned int entries_size, nentries;
1343 char *entries;
1344
1345 if (cmd == EBT_SO_GET_ENTRIES) {
1346 entries_size = t->private->entries_size;
1347 nentries = t->private->nentries;
1348 entries = t->private->entries;
1349 oldcounters = t->private->counters;
1350 } else {
1351 entries_size = t->table->entries_size;
1352 nentries = t->table->nentries;
1353 entries = t->table->entries;
1354 oldcounters = t->table->counters;
1355 }
1356
1357 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1358 BUGPRINT("Cfu didn't work\n");
1359 return -EFAULT;
1360 }
1361
1362 if (*len != sizeof(struct ebt_replace) + entries_size +
1363 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1364 BUGPRINT("Wrong size\n");
1365 return -EINVAL;
1366 }
1367
1368 if (tmp.nentries != nentries) {
1369 BUGPRINT("Nentries wrong\n");
1370 return -EINVAL;
1371 }
1372
1373 if (tmp.entries_size != entries_size) {
1374 BUGPRINT("Wrong size\n");
1375 return -EINVAL;
1376 }
1377
1378 /* userspace might not need the counters */
1379 if (tmp.num_counters) {
1380 if (tmp.num_counters != nentries) {
1381 BUGPRINT("Num_counters wrong\n");
1382 return -EINVAL;
1383 }
1384 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1385 if (!counterstmp) {
1386 MEMPRINT("Couldn't copy counters, out of memory\n");
1387 return -ENOMEM;
1388 }
1389 write_lock_bh(&t->lock);
1390 get_counters(oldcounters, counterstmp, nentries);
1391 write_unlock_bh(&t->lock);
1392
1393 if (copy_to_user(tmp.counters, counterstmp,
1394 nentries * sizeof(struct ebt_counter))) {
1395 BUGPRINT("Couldn't copy counters to userspace\n");
1396 vfree(counterstmp);
1397 return -EFAULT;
1398 }
1399 vfree(counterstmp);
1400 }
1401
1402 if (copy_to_user(tmp.entries, entries, entries_size)) {
1403 BUGPRINT("Couldn't copy entries to userspace\n");
1404 return -EFAULT;
1405 }
1406 /* set the match/watcher/target names right */
1407 return EBT_ENTRY_ITERATE(entries, entries_size,
1408 ebt_make_names, entries, tmp.entries);
1409 }
1410
1411 static int do_ebt_set_ctl(struct sock *sk,
1412 int cmd, void __user *user, unsigned int len)
1413 {
1414 int ret;
1415
1416 switch(cmd) {
1417 case EBT_SO_SET_ENTRIES:
1418 ret = do_replace(sock_net(sk), user, len);
1419 break;
1420 case EBT_SO_SET_COUNTERS:
1421 ret = update_counters(sock_net(sk), user, len);
1422 break;
1423 default:
1424 ret = -EINVAL;
1425 }
1426 return ret;
1427 }
1428
1429 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1430 {
1431 int ret;
1432 struct ebt_replace tmp;
1433 struct ebt_table *t;
1434
1435 if (copy_from_user(&tmp, user, sizeof(tmp)))
1436 return -EFAULT;
1437
1438 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1439 if (!t)
1440 return ret;
1441
1442 switch(cmd) {
1443 case EBT_SO_GET_INFO:
1444 case EBT_SO_GET_INIT_INFO:
1445 if (*len != sizeof(struct ebt_replace)){
1446 ret = -EINVAL;
1447 mutex_unlock(&ebt_mutex);
1448 break;
1449 }
1450 if (cmd == EBT_SO_GET_INFO) {
1451 tmp.nentries = t->private->nentries;
1452 tmp.entries_size = t->private->entries_size;
1453 tmp.valid_hooks = t->valid_hooks;
1454 } else {
1455 tmp.nentries = t->table->nentries;
1456 tmp.entries_size = t->table->entries_size;
1457 tmp.valid_hooks = t->table->valid_hooks;
1458 }
1459 mutex_unlock(&ebt_mutex);
1460 if (copy_to_user(user, &tmp, *len) != 0){
1461 BUGPRINT("c2u Didn't work\n");
1462 ret = -EFAULT;
1463 break;
1464 }
1465 ret = 0;
1466 break;
1467
1468 case EBT_SO_GET_ENTRIES:
1469 case EBT_SO_GET_INIT_ENTRIES:
1470 ret = copy_everything_to_user(t, user, len, cmd);
1471 mutex_unlock(&ebt_mutex);
1472 break;
1473
1474 default:
1475 mutex_unlock(&ebt_mutex);
1476 ret = -EINVAL;
1477 }
1478
1479 return ret;
1480 }
1481
1482 static struct nf_sockopt_ops ebt_sockopts =
1483 {
1484 .pf = PF_INET,
1485 .set_optmin = EBT_BASE_CTL,
1486 .set_optmax = EBT_SO_SET_MAX + 1,
1487 .set = do_ebt_set_ctl,
1488 .get_optmin = EBT_BASE_CTL,
1489 .get_optmax = EBT_SO_GET_MAX + 1,
1490 .get = do_ebt_get_ctl,
1491 .owner = THIS_MODULE,
1492 };
1493
1494 static int __init ebtables_init(void)
1495 {
1496 int ret;
1497
1498 ret = xt_register_target(&ebt_standard_target);
1499 if (ret < 0)
1500 return ret;
1501 ret = nf_register_sockopt(&ebt_sockopts);
1502 if (ret < 0) {
1503 xt_unregister_target(&ebt_standard_target);
1504 return ret;
1505 }
1506
1507 printk(KERN_INFO "Ebtables v2.0 registered\n");
1508 return 0;
1509 }
1510
1511 static void __exit ebtables_fini(void)
1512 {
1513 nf_unregister_sockopt(&ebt_sockopts);
1514 xt_unregister_target(&ebt_standard_target);
1515 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1516 }
1517
1518 EXPORT_SYMBOL(ebt_register_table);
1519 EXPORT_SYMBOL(ebt_unregister_table);
1520 EXPORT_SYMBOL(ebt_do_table);
1521 module_init(ebtables_init);
1522 module_exit(ebtables_fini);
1523 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.065145 seconds and 5 git commands to generate.