projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netfilter: ebtables: split copy_everything_to_user into two functions
[deliverable/linux.git] / net / bridge / netfilter / ebtables.c
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34 "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36
37 /*
38 * Each cpu has its own set of counters, so there is no need for write_lock in
39 * the softirq
40 * For reading or updating the counters, the user context needs to
41 * get a write_lock
42 */
43
44 /* The size of each set of counters is altered to get cache alignment */
45 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
46 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
47 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
48 COUNTER_OFFSET(n) * cpu))
49
50
51
52 static DEFINE_MUTEX(ebt_mutex);
53
54 static struct xt_target ebt_standard_target = {
55 .name = "standard",
56 .revision = 0,
57 .family = NFPROTO_BRIDGE,
58 .targetsize = sizeof(int),
59 };
60
61 static inline int
62 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
63 struct xt_target_param *par)
64 {
65 par->target = w->u.watcher;
66 par->targinfo = w->data;
67 w->u.watcher->target(skb, par);
68 /* watchers don't give a verdict */
69 return 0;
70 }
71
72 static inline int ebt_do_match (struct ebt_entry_match *m,
73 const struct sk_buff *skb, struct xt_match_param *par)
74 {
75 par->match = m->u.match;
76 par->matchinfo = m->data;
77 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
78 }
79
80 static inline int
81 ebt_dev_check(const char *entry, const struct net_device *device)
82 {
83 int i = 0;
84 const char *devname;
85
86 if (*entry == '\0')
87 return 0;
88 if (!device)
89 return 1;
90 devname = device->name;
91 /* 1 is the wildcard token */
92 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
93 i++;
94 return (devname[i] != entry[i] && entry[i] != 1);
95 }
96
97 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
98 /* process standard matches */
99 static inline int
100 ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h,
101 const struct net_device *in, const struct net_device *out)
102 {
103 int verdict, i;
104
105 if (e->bitmask & EBT_802_3) {
106 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
107 return 1;
108 } else if (!(e->bitmask & EBT_NOPROTO) &&
109 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
110 return 1;
111
112 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
113 return 1;
114 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
115 return 1;
116 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
117 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
118 return 1;
119 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
121 return 1;
122
123 if (e->bitmask & EBT_SOURCEMAC) {
124 verdict = 0;
125 for (i = 0; i < 6; i++)
126 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
127 e->sourcemsk[i];
128 if (FWINV2(verdict != 0, EBT_ISOURCE) )
129 return 1;
130 }
131 if (e->bitmask & EBT_DESTMAC) {
132 verdict = 0;
133 for (i = 0; i < 6; i++)
134 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
135 e->destmsk[i];
136 if (FWINV2(verdict != 0, EBT_IDEST) )
137 return 1;
138 }
139 return 0;
140 }
141
142 static inline __pure
143 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
144 {
145 return (void *)entry + entry->next_offset;
146 }
147
148 /* Do some firewalling */
149 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
150 const struct net_device *in, const struct net_device *out,
151 struct ebt_table *table)
152 {
153 int i, nentries;
154 struct ebt_entry *point;
155 struct ebt_counter *counter_base, *cb_base;
156 const struct ebt_entry_target *t;
157 int verdict, sp = 0;
158 struct ebt_chainstack *cs;
159 struct ebt_entries *chaininfo;
160 const char *base;
161 const struct ebt_table_info *private;
162 bool hotdrop = false;
163 struct xt_match_param mtpar;
164 struct xt_target_param tgpar;
165
166 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
167 mtpar.in = tgpar.in = in;
168 mtpar.out = tgpar.out = out;
169 mtpar.hotdrop = &hotdrop;
170 mtpar.hooknum = tgpar.hooknum = hook;
171
172 read_lock_bh(&table->lock);
173 private = table->private;
174 cb_base = COUNTER_BASE(private->counters, private->nentries,
175 smp_processor_id());
176 if (private->chainstack)
177 cs = private->chainstack[smp_processor_id()];
178 else
179 cs = NULL;
180 chaininfo = private->hook_entry[hook];
181 nentries = private->hook_entry[hook]->nentries;
182 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
183 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
184 /* base for chain jumps */
185 base = private->entries;
186 i = 0;
187 while (i < nentries) {
188 if (ebt_basic_match(point, eth_hdr(skb), in, out))
189 goto letscontinue;
190
191 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
192 goto letscontinue;
193 if (hotdrop) {
194 read_unlock_bh(&table->lock);
195 return NF_DROP;
196 }
197
198 /* increase counter */
199 (*(counter_base + i)).pcnt++;
200 (*(counter_base + i)).bcnt += skb->len;
201
202 /* these should only watch: not modify, nor tell us
203 what to do with the packet */
204 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
205
206 t = (struct ebt_entry_target *)
207 (((char *)point) + point->target_offset);
208 /* standard target */
209 if (!t->u.target->target)
210 verdict = ((struct ebt_standard_target *)t)->verdict;
211 else {
212 tgpar.target = t->u.target;
213 tgpar.targinfo = t->data;
214 verdict = t->u.target->target(skb, &tgpar);
215 }
216 if (verdict == EBT_ACCEPT) {
217 read_unlock_bh(&table->lock);
218 return NF_ACCEPT;
219 }
220 if (verdict == EBT_DROP) {
221 read_unlock_bh(&table->lock);
222 return NF_DROP;
223 }
224 if (verdict == EBT_RETURN) {
225 letsreturn:
226 #ifdef CONFIG_NETFILTER_DEBUG
227 if (sp == 0) {
228 BUGPRINT("RETURN on base chain");
229 /* act like this is EBT_CONTINUE */
230 goto letscontinue;
231 }
232 #endif
233 sp--;
234 /* put all the local variables right */
235 i = cs[sp].n;
236 chaininfo = cs[sp].chaininfo;
237 nentries = chaininfo->nentries;
238 point = cs[sp].e;
239 counter_base = cb_base +
240 chaininfo->counter_offset;
241 continue;
242 }
243 if (verdict == EBT_CONTINUE)
244 goto letscontinue;
245 #ifdef CONFIG_NETFILTER_DEBUG
246 if (verdict < 0) {
247 BUGPRINT("bogus standard verdict\n");
248 read_unlock_bh(&table->lock);
249 return NF_DROP;
250 }
251 #endif
252 /* jump to a udc */
253 cs[sp].n = i + 1;
254 cs[sp].chaininfo = chaininfo;
255 cs[sp].e = ebt_next_entry(point);
256 i = 0;
257 chaininfo = (struct ebt_entries *) (base + verdict);
258 #ifdef CONFIG_NETFILTER_DEBUG
259 if (chaininfo->distinguisher) {
260 BUGPRINT("jump to non-chain\n");
261 read_unlock_bh(&table->lock);
262 return NF_DROP;
263 }
264 #endif
265 nentries = chaininfo->nentries;
266 point = (struct ebt_entry *)chaininfo->data;
267 counter_base = cb_base + chaininfo->counter_offset;
268 sp++;
269 continue;
270 letscontinue:
271 point = ebt_next_entry(point);
272 i++;
273 }
274
275 /* I actually like this :) */
276 if (chaininfo->policy == EBT_RETURN)
277 goto letsreturn;
278 if (chaininfo->policy == EBT_ACCEPT) {
279 read_unlock_bh(&table->lock);
280 return NF_ACCEPT;
281 }
282 read_unlock_bh(&table->lock);
283 return NF_DROP;
284 }
285
286 /* If it succeeds, returns element and locks mutex */
287 static inline void *
288 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
289 struct mutex *mutex)
290 {
291 struct {
292 struct list_head list;
293 char name[EBT_FUNCTION_MAXNAMELEN];
294 } *e;
295
296 *error = mutex_lock_interruptible(mutex);
297 if (*error != 0)
298 return NULL;
299
300 list_for_each_entry(e, head, list) {
301 if (strcmp(e->name, name) == 0)
302 return e;
303 }
304 *error = -ENOENT;
305 mutex_unlock(mutex);
306 return NULL;
307 }
308
309 static void *
310 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
311 int *error, struct mutex *mutex)
312 {
313 return try_then_request_module(
314 find_inlist_lock_noload(head, name, error, mutex),
315 "%s%s", prefix, name);
316 }
317
318 static inline struct ebt_table *
319 find_table_lock(struct net *net, const char *name, int *error,
320 struct mutex *mutex)
321 {
322 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
323 "ebtable_", error, mutex);
324 }
325
326 static inline int
327 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
328 unsigned int *cnt)
329 {
330 const struct ebt_entry *e = par->entryinfo;
331 struct xt_match *match;
332 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
333 int ret;
334
335 if (left < sizeof(struct ebt_entry_match) ||
336 left - sizeof(struct ebt_entry_match) < m->match_size)
337 return -EINVAL;
338
339 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
340 m->u.name, 0), "ebt_%s", m->u.name);
341 if (IS_ERR(match))
342 return PTR_ERR(match);
343 if (match == NULL)
344 return -ENOENT;
345 m->u.match = match;
346
347 par->match = match;
348 par->matchinfo = m->data;
349 ret = xt_check_match(par, m->match_size,
350 e->ethproto, e->invflags & EBT_IPROTO);
351 if (ret < 0) {
352 module_put(match->me);
353 return ret;
354 }
355
356 (*cnt)++;
357 return 0;
358 }
359
360 static inline int
361 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
362 unsigned int *cnt)
363 {
364 const struct ebt_entry *e = par->entryinfo;
365 struct xt_target *watcher;
366 size_t left = ((char *)e + e->target_offset) - (char *)w;
367 int ret;
368
369 if (left < sizeof(struct ebt_entry_watcher) ||
370 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
371 return -EINVAL;
372
373 watcher = try_then_request_module(
374 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
375 "ebt_%s", w->u.name);
376 if (IS_ERR(watcher))
377 return PTR_ERR(watcher);
378 if (watcher == NULL)
379 return -ENOENT;
380 w->u.watcher = watcher;
381
382 par->target = watcher;
383 par->targinfo = w->data;
384 ret = xt_check_target(par, w->watcher_size,
385 e->ethproto, e->invflags & EBT_IPROTO);
386 if (ret < 0) {
387 module_put(watcher->me);
388 return ret;
389 }
390
391 (*cnt)++;
392 return 0;
393 }
394
395 static int ebt_verify_pointers(const struct ebt_replace *repl,
396 struct ebt_table_info *newinfo)
397 {
398 unsigned int limit = repl->entries_size;
399 unsigned int valid_hooks = repl->valid_hooks;
400 unsigned int offset = 0;
401 int i;
402
403 for (i = 0; i < NF_BR_NUMHOOKS; i++)
404 newinfo->hook_entry[i] = NULL;
405
406 newinfo->entries_size = repl->entries_size;
407 newinfo->nentries = repl->nentries;
408
409 while (offset < limit) {
410 size_t left = limit - offset;
411 struct ebt_entry *e = (void *)newinfo->entries + offset;
412
413 if (left < sizeof(unsigned int))
414 break;
415
416 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
417 if ((valid_hooks & (1 << i)) == 0)
418 continue;
419 if ((char __user *)repl->hook_entry[i] ==
420 repl->entries + offset)
421 break;
422 }
423
424 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
425 if (e->bitmask != 0) {
426 /* we make userspace set this right,
427 so there is no misunderstanding */
428 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
429 "in distinguisher\n");
430 return -EINVAL;
431 }
432 if (i != NF_BR_NUMHOOKS)
433 newinfo->hook_entry[i] = (struct ebt_entries *)e;
434 if (left < sizeof(struct ebt_entries))
435 break;
436 offset += sizeof(struct ebt_entries);
437 } else {
438 if (left < sizeof(struct ebt_entry))
439 break;
440 if (left < e->next_offset)
441 break;
442 if (e->next_offset < sizeof(struct ebt_entry))
443 return -EINVAL;
444 offset += e->next_offset;
445 }
446 }
447 if (offset != limit) {
448 BUGPRINT("entries_size too small\n");
449 return -EINVAL;
450 }
451
452 /* check if all valid hooks have a chain */
453 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
454 if (!newinfo->hook_entry[i] &&
455 (valid_hooks & (1 << i))) {
456 BUGPRINT("Valid hook without chain\n");
457 return -EINVAL;
458 }
459 }
460 return 0;
461 }
462
463 /*
464 * this one is very careful, as it is the first function
465 * to parse the userspace data
466 */
467 static inline int
468 ebt_check_entry_size_and_hooks(const struct ebt_entry *e,
469 const struct ebt_table_info *newinfo,
470 unsigned int *n, unsigned int *cnt,
471 unsigned int *totalcnt, unsigned int *udc_cnt)
472 {
473 int i;
474
475 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
476 if ((void *)e == (void *)newinfo->hook_entry[i])
477 break;
478 }
479 /* beginning of a new chain
480 if i == NF_BR_NUMHOOKS it must be a user defined chain */
481 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
482 /* this checks if the previous chain has as many entries
483 as it said it has */
484 if (*n != *cnt) {
485 BUGPRINT("nentries does not equal the nr of entries "
486 "in the chain\n");
487 return -EINVAL;
488 }
489 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
490 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
491 /* only RETURN from udc */
492 if (i != NF_BR_NUMHOOKS ||
493 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
494 BUGPRINT("bad policy\n");
495 return -EINVAL;
496 }
497 }
498 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
499 (*udc_cnt)++;
500 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
501 BUGPRINT("counter_offset != totalcnt");
502 return -EINVAL;
503 }
504 *n = ((struct ebt_entries *)e)->nentries;
505 *cnt = 0;
506 return 0;
507 }
508 /* a plain old entry, heh */
509 if (sizeof(struct ebt_entry) > e->watchers_offset ||
510 e->watchers_offset > e->target_offset ||
511 e->target_offset >= e->next_offset) {
512 BUGPRINT("entry offsets not in right order\n");
513 return -EINVAL;
514 }
515 /* this is not checked anywhere else */
516 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
517 BUGPRINT("target size too small\n");
518 return -EINVAL;
519 }
520 (*cnt)++;
521 (*totalcnt)++;
522 return 0;
523 }
524
525 struct ebt_cl_stack
526 {
527 struct ebt_chainstack cs;
528 int from;
529 unsigned int hookmask;
530 };
531
532 /*
533 * we need these positions to check that the jumps to a different part of the
534 * entries is a jump to the beginning of a new chain.
535 */
536 static inline int
537 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
538 unsigned int *n, struct ebt_cl_stack *udc)
539 {
540 int i;
541
542 /* we're only interested in chain starts */
543 if (e->bitmask)
544 return 0;
545 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
546 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
547 break;
548 }
549 /* only care about udc */
550 if (i != NF_BR_NUMHOOKS)
551 return 0;
552
553 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
554 /* these initialisations are depended on later in check_chainloops() */
555 udc[*n].cs.n = 0;
556 udc[*n].hookmask = 0;
557
558 (*n)++;
559 return 0;
560 }
561
562 static inline int
563 ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
564 {
565 struct xt_mtdtor_param par;
566
567 if (i && (*i)-- == 0)
568 return 1;
569
570 par.net = net;
571 par.match = m->u.match;
572 par.matchinfo = m->data;
573 par.family = NFPROTO_BRIDGE;
574 if (par.match->destroy != NULL)
575 par.match->destroy(&par);
576 module_put(par.match->me);
577 return 0;
578 }
579
580 static inline int
581 ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
582 {
583 struct xt_tgdtor_param par;
584
585 if (i && (*i)-- == 0)
586 return 1;
587
588 par.net = net;
589 par.target = w->u.watcher;
590 par.targinfo = w->data;
591 par.family = NFPROTO_BRIDGE;
592 if (par.target->destroy != NULL)
593 par.target->destroy(&par);
594 module_put(par.target->me);
595 return 0;
596 }
597
598 static inline int
599 ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
600 {
601 struct xt_tgdtor_param par;
602 struct ebt_entry_target *t;
603
604 if (e->bitmask == 0)
605 return 0;
606 /* we're done */
607 if (cnt && (*cnt)-- == 0)
608 return 1;
609 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
610 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
611 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
612
613 par.net = net;
614 par.target = t->u.target;
615 par.targinfo = t->data;
616 par.family = NFPROTO_BRIDGE;
617 if (par.target->destroy != NULL)
618 par.target->destroy(&par);
619 module_put(par.target->me);
620 return 0;
621 }
622
623 static inline int
624 ebt_check_entry(struct ebt_entry *e, struct net *net,
625 const struct ebt_table_info *newinfo,
626 const char *name, unsigned int *cnt,
627 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
628 {
629 struct ebt_entry_target *t;
630 struct xt_target *target;
631 unsigned int i, j, hook = 0, hookmask = 0;
632 size_t gap;
633 int ret;
634 struct xt_mtchk_param mtpar;
635 struct xt_tgchk_param tgpar;
636
637 /* don't mess with the struct ebt_entries */
638 if (e->bitmask == 0)
639 return 0;
640
641 if (e->bitmask & ~EBT_F_MASK) {
642 BUGPRINT("Unknown flag for bitmask\n");
643 return -EINVAL;
644 }
645 if (e->invflags & ~EBT_INV_MASK) {
646 BUGPRINT("Unknown flag for inv bitmask\n");
647 return -EINVAL;
648 }
649 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
650 BUGPRINT("NOPROTO & 802_3 not allowed\n");
651 return -EINVAL;
652 }
653 /* what hook do we belong to? */
654 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
655 if (!newinfo->hook_entry[i])
656 continue;
657 if ((char *)newinfo->hook_entry[i] < (char *)e)
658 hook = i;
659 else
660 break;
661 }
662 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
663 a base chain */
664 if (i < NF_BR_NUMHOOKS)
665 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
666 else {
667 for (i = 0; i < udc_cnt; i++)
668 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
669 break;
670 if (i == 0)
671 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
672 else
673 hookmask = cl_s[i - 1].hookmask;
674 }
675 i = 0;
676
677 mtpar.net = tgpar.net = net;
678 mtpar.table = tgpar.table = name;
679 mtpar.entryinfo = tgpar.entryinfo = e;
680 mtpar.hook_mask = tgpar.hook_mask = hookmask;
681 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
682 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
683 if (ret != 0)
684 goto cleanup_matches;
685 j = 0;
686 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
687 if (ret != 0)
688 goto cleanup_watchers;
689 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
690 gap = e->next_offset - e->target_offset;
691
692 target = try_then_request_module(
693 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
694 "ebt_%s", t->u.name);
695 if (IS_ERR(target)) {
696 ret = PTR_ERR(target);
697 goto cleanup_watchers;
698 } else if (target == NULL) {
699 ret = -ENOENT;
700 goto cleanup_watchers;
701 }
702
703 t->u.target = target;
704 if (t->u.target == &ebt_standard_target) {
705 if (gap < sizeof(struct ebt_standard_target)) {
706 BUGPRINT("Standard target size too big\n");
707 ret = -EFAULT;
708 goto cleanup_watchers;
709 }
710 if (((struct ebt_standard_target *)t)->verdict <
711 -NUM_STANDARD_TARGETS) {
712 BUGPRINT("Invalid standard target\n");
713 ret = -EFAULT;
714 goto cleanup_watchers;
715 }
716 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
717 module_put(t->u.target->me);
718 ret = -EFAULT;
719 goto cleanup_watchers;
720 }
721
722 tgpar.target = target;
723 tgpar.targinfo = t->data;
724 ret = xt_check_target(&tgpar, t->target_size,
725 e->ethproto, e->invflags & EBT_IPROTO);
726 if (ret < 0) {
727 module_put(target->me);
728 goto cleanup_watchers;
729 }
730 (*cnt)++;
731 return 0;
732 cleanup_watchers:
733 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
734 cleanup_matches:
735 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
736 return ret;
737 }
738
739 /*
740 * checks for loops and sets the hook mask for udc
741 * the hook mask for udc tells us from which base chains the udc can be
742 * accessed. This mask is a parameter to the check() functions of the extensions
743 */
744 static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
745 unsigned int udc_cnt, unsigned int hooknr, char *base)
746 {
747 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
748 const struct ebt_entry *e = (struct ebt_entry *)chain->data;
749 const struct ebt_entry_target *t;
750
751 while (pos < nentries || chain_nr != -1) {
752 /* end of udc, go back one 'recursion' step */
753 if (pos == nentries) {
754 /* put back values of the time when this chain was called */
755 e = cl_s[chain_nr].cs.e;
756 if (cl_s[chain_nr].from != -1)
757 nentries =
758 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
759 else
760 nentries = chain->nentries;
761 pos = cl_s[chain_nr].cs.n;
762 /* make sure we won't see a loop that isn't one */
763 cl_s[chain_nr].cs.n = 0;
764 chain_nr = cl_s[chain_nr].from;
765 if (pos == nentries)
766 continue;
767 }
768 t = (struct ebt_entry_target *)
769 (((char *)e) + e->target_offset);
770 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
771 goto letscontinue;
772 if (e->target_offset + sizeof(struct ebt_standard_target) >
773 e->next_offset) {
774 BUGPRINT("Standard target size too big\n");
775 return -1;
776 }
777 verdict = ((struct ebt_standard_target *)t)->verdict;
778 if (verdict >= 0) { /* jump to another chain */
779 struct ebt_entries *hlp2 =
780 (struct ebt_entries *)(base + verdict);
781 for (i = 0; i < udc_cnt; i++)
782 if (hlp2 == cl_s[i].cs.chaininfo)
783 break;
784 /* bad destination or loop */
785 if (i == udc_cnt) {
786 BUGPRINT("bad destination\n");
787 return -1;
788 }
789 if (cl_s[i].cs.n) {
790 BUGPRINT("loop\n");
791 return -1;
792 }
793 if (cl_s[i].hookmask & (1 << hooknr))
794 goto letscontinue;
795 /* this can't be 0, so the loop test is correct */
796 cl_s[i].cs.n = pos + 1;
797 pos = 0;
798 cl_s[i].cs.e = ebt_next_entry(e);
799 e = (struct ebt_entry *)(hlp2->data);
800 nentries = hlp2->nentries;
801 cl_s[i].from = chain_nr;
802 chain_nr = i;
803 /* this udc is accessible from the base chain for hooknr */
804 cl_s[i].hookmask |= (1 << hooknr);
805 continue;
806 }
807 letscontinue:
808 e = ebt_next_entry(e);
809 pos++;
810 }
811 return 0;
812 }
813
814 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
815 static int translate_table(struct net *net, const char *name,
816 struct ebt_table_info *newinfo)
817 {
818 unsigned int i, j, k, udc_cnt;
819 int ret;
820 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
821
822 i = 0;
823 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
824 i++;
825 if (i == NF_BR_NUMHOOKS) {
826 BUGPRINT("No valid hooks specified\n");
827 return -EINVAL;
828 }
829 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
830 BUGPRINT("Chains don't start at beginning\n");
831 return -EINVAL;
832 }
833 /* make sure chains are ordered after each other in same order
834 as their corresponding hooks */
835 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
836 if (!newinfo->hook_entry[j])
837 continue;
838 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
839 BUGPRINT("Hook order must be followed\n");
840 return -EINVAL;
841 }
842 i = j;
843 }
844
845 /* do some early checkings and initialize some things */
846 i = 0; /* holds the expected nr. of entries for the chain */
847 j = 0; /* holds the up to now counted entries for the chain */
848 k = 0; /* holds the total nr. of entries, should equal
849 newinfo->nentries afterwards */
850 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
851 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
852 ebt_check_entry_size_and_hooks, newinfo,
853 &i, &j, &k, &udc_cnt);
854
855 if (ret != 0)
856 return ret;
857
858 if (i != j) {
859 BUGPRINT("nentries does not equal the nr of entries in the "
860 "(last) chain\n");
861 return -EINVAL;
862 }
863 if (k != newinfo->nentries) {
864 BUGPRINT("Total nentries is wrong\n");
865 return -EINVAL;
866 }
867
868 /* get the location of the udc, put them in an array
869 while we're at it, allocate the chainstack */
870 if (udc_cnt) {
871 /* this will get free'd in do_replace()/ebt_register_table()
872 if an error occurs */
873 newinfo->chainstack =
874 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
875 if (!newinfo->chainstack)
876 return -ENOMEM;
877 for_each_possible_cpu(i) {
878 newinfo->chainstack[i] =
879 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
880 if (!newinfo->chainstack[i]) {
881 while (i)
882 vfree(newinfo->chainstack[--i]);
883 vfree(newinfo->chainstack);
884 newinfo->chainstack = NULL;
885 return -ENOMEM;
886 }
887 }
888
889 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
890 if (!cl_s)
891 return -ENOMEM;
892 i = 0; /* the i'th udc */
893 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
894 ebt_get_udc_positions, newinfo, &i, cl_s);
895 /* sanity check */
896 if (i != udc_cnt) {
897 BUGPRINT("i != udc_cnt\n");
898 vfree(cl_s);
899 return -EFAULT;
900 }
901 }
902
903 /* Check for loops */
904 for (i = 0; i < NF_BR_NUMHOOKS; i++)
905 if (newinfo->hook_entry[i])
906 if (check_chainloops(newinfo->hook_entry[i],
907 cl_s, udc_cnt, i, newinfo->entries)) {
908 vfree(cl_s);
909 return -EINVAL;
910 }
911
912 /* we now know the following (along with E=mc²):
913 - the nr of entries in each chain is right
914 - the size of the allocated space is right
915 - all valid hooks have a corresponding chain
916 - there are no loops
917 - wrong data can still be on the level of a single entry
918 - could be there are jumps to places that are not the
919 beginning of a chain. This can only occur in chains that
920 are not accessible from any base chains, so we don't care. */
921
922 /* used to know what we need to clean up if something goes wrong */
923 i = 0;
924 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
925 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
926 if (ret != 0) {
927 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
928 ebt_cleanup_entry, net, &i);
929 }
930 vfree(cl_s);
931 return ret;
932 }
933
934 /* called under write_lock */
935 static void get_counters(const struct ebt_counter *oldcounters,
936 struct ebt_counter *counters, unsigned int nentries)
937 {
938 int i, cpu;
939 struct ebt_counter *counter_base;
940
941 /* counters of cpu 0 */
942 memcpy(counters, oldcounters,
943 sizeof(struct ebt_counter) * nentries);
944
945 /* add other counters to those of cpu 0 */
946 for_each_possible_cpu(cpu) {
947 if (cpu == 0)
948 continue;
949 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
950 for (i = 0; i < nentries; i++) {
951 counters[i].pcnt += counter_base[i].pcnt;
952 counters[i].bcnt += counter_base[i].bcnt;
953 }
954 }
955 }
956
957 static int do_replace_finish(struct net *net, struct ebt_replace *repl,
958 struct ebt_table_info *newinfo)
959 {
960 int ret, i;
961 struct ebt_counter *counterstmp = NULL;
962 /* used to be able to unlock earlier */
963 struct ebt_table_info *table;
964 struct ebt_table *t;
965
966 /* the user wants counters back
967 the check on the size is done later, when we have the lock */
968 if (repl->num_counters) {
969 unsigned long size = repl->num_counters * sizeof(*counterstmp);
970 counterstmp = vmalloc(size);
971 if (!counterstmp)
972 return -ENOMEM;
973 }
974
975 newinfo->chainstack = NULL;
976 ret = ebt_verify_pointers(repl, newinfo);
977 if (ret != 0)
978 goto free_counterstmp;
979
980 ret = translate_table(net, repl->name, newinfo);
981
982 if (ret != 0)
983 goto free_counterstmp;
984
985 t = find_table_lock(net, repl->name, &ret, &ebt_mutex);
986 if (!t) {
987 ret = -ENOENT;
988 goto free_iterate;
989 }
990
991 /* the table doesn't like it */
992 if (t->check && (ret = t->check(newinfo, repl->valid_hooks)))
993 goto free_unlock;
994
995 if (repl->num_counters && repl->num_counters != t->private->nentries) {
996 BUGPRINT("Wrong nr. of counters requested\n");
997 ret = -EINVAL;
998 goto free_unlock;
999 }
1000
1001 /* we have the mutex lock, so no danger in reading this pointer */
1002 table = t->private;
1003 /* make sure the table can only be rmmod'ed if it contains no rules */
1004 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1005 ret = -ENOENT;
1006 goto free_unlock;
1007 } else if (table->nentries && !newinfo->nentries)
1008 module_put(t->me);
1009 /* we need an atomic snapshot of the counters */
1010 write_lock_bh(&t->lock);
1011 if (repl->num_counters)
1012 get_counters(t->private->counters, counterstmp,
1013 t->private->nentries);
1014
1015 t->private = newinfo;
1016 write_unlock_bh(&t->lock);
1017 mutex_unlock(&ebt_mutex);
1018 /* so, a user can change the chains while having messed up her counter
1019 allocation. Only reason why this is done is because this way the lock
1020 is held only once, while this doesn't bring the kernel into a
1021 dangerous state. */
1022 if (repl->num_counters &&
1023 copy_to_user(repl->counters, counterstmp,
1024 repl->num_counters * sizeof(struct ebt_counter))) {
1025 ret = -EFAULT;
1026 }
1027 else
1028 ret = 0;
1029
1030 /* decrease module count and free resources */
1031 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1032 ebt_cleanup_entry, net, NULL);
1033
1034 vfree(table->entries);
1035 if (table->chainstack) {
1036 for_each_possible_cpu(i)
1037 vfree(table->chainstack[i]);
1038 vfree(table->chainstack);
1039 }
1040 vfree(table);
1041
1042 vfree(counterstmp);
1043 return ret;
1044
1045 free_unlock:
1046 mutex_unlock(&ebt_mutex);
1047 free_iterate:
1048 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1049 ebt_cleanup_entry, net, NULL);
1050 free_counterstmp:
1051 vfree(counterstmp);
1052 /* can be initialized in translate_table() */
1053 if (newinfo->chainstack) {
1054 for_each_possible_cpu(i)
1055 vfree(newinfo->chainstack[i]);
1056 vfree(newinfo->chainstack);
1057 }
1058 return ret;
1059 }
1060
1061 /* replace the table */
1062 static int do_replace(struct net *net, const void __user *user,
1063 unsigned int len)
1064 {
1065 int ret, countersize;
1066 struct ebt_table_info *newinfo;
1067 struct ebt_replace tmp;
1068
1069 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1070 return -EFAULT;
1071
1072 if (len != sizeof(tmp) + tmp.entries_size) {
1073 BUGPRINT("Wrong len argument\n");
1074 return -EINVAL;
1075 }
1076
1077 if (tmp.entries_size == 0) {
1078 BUGPRINT("Entries_size never zero\n");
1079 return -EINVAL;
1080 }
1081 /* overflow check */
1082 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
1083 NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
1084 return -ENOMEM;
1085 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
1086 return -ENOMEM;
1087
1088 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
1089 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1090 if (!newinfo)
1091 return -ENOMEM;
1092
1093 if (countersize)
1094 memset(newinfo->counters, 0, countersize);
1095
1096 newinfo->entries = vmalloc(tmp.entries_size);
1097 if (!newinfo->entries) {
1098 ret = -ENOMEM;
1099 goto free_newinfo;
1100 }
1101 if (copy_from_user(
1102 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1103 BUGPRINT("Couldn't copy entries from userspace\n");
1104 ret = -EFAULT;
1105 goto free_entries;
1106 }
1107
1108 ret = do_replace_finish(net, &tmp, newinfo);
1109 if (ret == 0)
1110 return ret;
1111 free_entries:
1112 vfree(newinfo->entries);
1113 free_newinfo:
1114 vfree(newinfo);
1115 return ret;
1116 }
1117
1118 struct ebt_table *
1119 ebt_register_table(struct net *net, const struct ebt_table *input_table)
1120 {
1121 struct ebt_table_info *newinfo;
1122 struct ebt_table *t, *table;
1123 struct ebt_replace_kernel *repl;
1124 int ret, i, countersize;
1125 void *p;
1126
1127 if (input_table == NULL || (repl = input_table->table) == NULL ||
1128 repl->entries == 0 || repl->entries_size == 0 ||
1129 repl->counters != NULL || input_table->private != NULL) {
1130 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1131 return ERR_PTR(-EINVAL);
1132 }
1133
1134 /* Don't add one table to multiple lists. */
1135 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1136 if (!table) {
1137 ret = -ENOMEM;
1138 goto out;
1139 }
1140
1141 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1142 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1143 ret = -ENOMEM;
1144 if (!newinfo)
1145 goto free_table;
1146
1147 p = vmalloc(repl->entries_size);
1148 if (!p)
1149 goto free_newinfo;
1150
1151 memcpy(p, repl->entries, repl->entries_size);
1152 newinfo->entries = p;
1153
1154 newinfo->entries_size = repl->entries_size;
1155 newinfo->nentries = repl->nentries;
1156
1157 if (countersize)
1158 memset(newinfo->counters, 0, countersize);
1159
1160 /* fill in newinfo and parse the entries */
1161 newinfo->chainstack = NULL;
1162 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1163 if ((repl->valid_hooks & (1 << i)) == 0)
1164 newinfo->hook_entry[i] = NULL;
1165 else
1166 newinfo->hook_entry[i] = p +
1167 ((char *)repl->hook_entry[i] - repl->entries);
1168 }
1169 ret = translate_table(net, repl->name, newinfo);
1170 if (ret != 0) {
1171 BUGPRINT("Translate_table failed\n");
1172 goto free_chainstack;
1173 }
1174
1175 if (table->check && table->check(newinfo, table->valid_hooks)) {
1176 BUGPRINT("The table doesn't like its own initial data, lol\n");
1177 return ERR_PTR(-EINVAL);
1178 }
1179
1180 table->private = newinfo;
1181 rwlock_init(&table->lock);
1182 ret = mutex_lock_interruptible(&ebt_mutex);
1183 if (ret != 0)
1184 goto free_chainstack;
1185
1186 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1187 if (strcmp(t->name, table->name) == 0) {
1188 ret = -EEXIST;
1189 BUGPRINT("Table name already exists\n");
1190 goto free_unlock;
1191 }
1192 }
1193
1194 /* Hold a reference count if the chains aren't empty */
1195 if (newinfo->nentries && !try_module_get(table->me)) {
1196 ret = -ENOENT;
1197 goto free_unlock;
1198 }
1199 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1200 mutex_unlock(&ebt_mutex);
1201 return table;
1202 free_unlock:
1203 mutex_unlock(&ebt_mutex);
1204 free_chainstack:
1205 if (newinfo->chainstack) {
1206 for_each_possible_cpu(i)
1207 vfree(newinfo->chainstack[i]);
1208 vfree(newinfo->chainstack);
1209 }
1210 vfree(newinfo->entries);
1211 free_newinfo:
1212 vfree(newinfo);
1213 free_table:
1214 kfree(table);
1215 out:
1216 return ERR_PTR(ret);
1217 }
1218
1219 void ebt_unregister_table(struct net *net, struct ebt_table *table)
1220 {
1221 int i;
1222
1223 if (!table) {
1224 BUGPRINT("Request to unregister NULL table!!!\n");
1225 return;
1226 }
1227 mutex_lock(&ebt_mutex);
1228 list_del(&table->list);
1229 mutex_unlock(&ebt_mutex);
1230 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1231 ebt_cleanup_entry, net, NULL);
1232 if (table->private->nentries)
1233 module_put(table->me);
1234 vfree(table->private->entries);
1235 if (table->private->chainstack) {
1236 for_each_possible_cpu(i)
1237 vfree(table->private->chainstack[i]);
1238 vfree(table->private->chainstack);
1239 }
1240 vfree(table->private);
1241 kfree(table);
1242 }
1243
1244 /* userspace just supplied us with counters */
1245 static int update_counters(struct net *net, const void __user *user,
1246 unsigned int len)
1247 {
1248 int i, ret;
1249 struct ebt_counter *tmp;
1250 struct ebt_replace hlp;
1251 struct ebt_table *t;
1252
1253 if (copy_from_user(&hlp, user, sizeof(hlp)))
1254 return -EFAULT;
1255
1256 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1257 return -EINVAL;
1258 if (hlp.num_counters == 0)
1259 return -EINVAL;
1260
1261 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp))))
1262 return -ENOMEM;
1263
1264 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1265 if (!t)
1266 goto free_tmp;
1267
1268 if (hlp.num_counters != t->private->nentries) {
1269 BUGPRINT("Wrong nr of counters\n");
1270 ret = -EINVAL;
1271 goto unlock_mutex;
1272 }
1273
1274 if ( copy_from_user(tmp, hlp.counters,
1275 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1276 BUGPRINT("Updata_counters && !cfu\n");
1277 ret = -EFAULT;
1278 goto unlock_mutex;
1279 }
1280
1281 /* we want an atomic add of the counters */
1282 write_lock_bh(&t->lock);
1283
1284 /* we add to the counters of the first cpu */
1285 for (i = 0; i < hlp.num_counters; i++) {
1286 t->private->counters[i].pcnt += tmp[i].pcnt;
1287 t->private->counters[i].bcnt += tmp[i].bcnt;
1288 }
1289
1290 write_unlock_bh(&t->lock);
1291 ret = 0;
1292 unlock_mutex:
1293 mutex_unlock(&ebt_mutex);
1294 free_tmp:
1295 vfree(tmp);
1296 return ret;
1297 }
1298
1299 static inline int ebt_make_matchname(const struct ebt_entry_match *m,
1300 const char *base, char __user *ubase)
1301 {
1302 char __user *hlp = ubase + ((char *)m - base);
1303 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1304 return -EFAULT;
1305 return 0;
1306 }
1307
1308 static inline int ebt_make_watchername(const struct ebt_entry_watcher *w,
1309 const char *base, char __user *ubase)
1310 {
1311 char __user *hlp = ubase + ((char *)w - base);
1312 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1313 return -EFAULT;
1314 return 0;
1315 }
1316
1317 static inline int
1318 ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
1319 {
1320 int ret;
1321 char __user *hlp;
1322 const struct ebt_entry_target *t;
1323
1324 if (e->bitmask == 0)
1325 return 0;
1326
1327 hlp = ubase + (((char *)e + e->target_offset) - base);
1328 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1329
1330 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1331 if (ret != 0)
1332 return ret;
1333 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1334 if (ret != 0)
1335 return ret;
1336 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1337 return -EFAULT;
1338 return 0;
1339 }
1340
1341 static int copy_counters_to_user(struct ebt_table *t,
1342 const struct ebt_counter *oldcounters,
1343 void __user *user, unsigned int num_counters,
1344 unsigned int nentries)
1345 {
1346 struct ebt_counter *counterstmp;
1347 int ret = 0;
1348
1349 /* userspace might not need the counters */
1350 if (num_counters == 0)
1351 return 0;
1352
1353 if (num_counters != nentries) {
1354 BUGPRINT("Num_counters wrong\n");
1355 return -EINVAL;
1356 }
1357
1358 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1359 if (!counterstmp)
1360 return -ENOMEM;
1361
1362 write_lock_bh(&t->lock);
1363 get_counters(oldcounters, counterstmp, nentries);
1364 write_unlock_bh(&t->lock);
1365
1366 if (copy_to_user(user, counterstmp,
1367 nentries * sizeof(struct ebt_counter)))
1368 ret = -EFAULT;
1369 vfree(counterstmp);
1370 return ret;
1371 }
1372
1373 /* called with ebt_mutex locked */
1374 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1375 const int *len, int cmd)
1376 {
1377 struct ebt_replace tmp;
1378 const struct ebt_counter *oldcounters;
1379 unsigned int entries_size, nentries;
1380 int ret;
1381 char *entries;
1382
1383 if (cmd == EBT_SO_GET_ENTRIES) {
1384 entries_size = t->private->entries_size;
1385 nentries = t->private->nentries;
1386 entries = t->private->entries;
1387 oldcounters = t->private->counters;
1388 } else {
1389 entries_size = t->table->entries_size;
1390 nentries = t->table->nentries;
1391 entries = t->table->entries;
1392 oldcounters = t->table->counters;
1393 }
1394
1395 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1396 BUGPRINT("Cfu didn't work\n");
1397 return -EFAULT;
1398 }
1399
1400 if (*len != sizeof(struct ebt_replace) + entries_size +
1401 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1402 BUGPRINT("Wrong size\n");
1403 return -EINVAL;
1404 }
1405
1406 if (tmp.nentries != nentries) {
1407 BUGPRINT("Nentries wrong\n");
1408 return -EINVAL;
1409 }
1410
1411 if (tmp.entries_size != entries_size) {
1412 BUGPRINT("Wrong size\n");
1413 return -EINVAL;
1414 }
1415
1416 ret = copy_counters_to_user(t, oldcounters, tmp.counters,
1417 tmp.num_counters, nentries);
1418 if (ret)
1419 return ret;
1420
1421 if (copy_to_user(tmp.entries, entries, entries_size)) {
1422 BUGPRINT("Couldn't copy entries to userspace\n");
1423 return -EFAULT;
1424 }
1425 /* set the match/watcher/target names right */
1426 return EBT_ENTRY_ITERATE(entries, entries_size,
1427 ebt_make_names, entries, tmp.entries);
1428 }
1429
1430 static int do_ebt_set_ctl(struct sock *sk,
1431 int cmd, void __user *user, unsigned int len)
1432 {
1433 int ret;
1434
1435 if (!capable(CAP_NET_ADMIN))
1436 return -EPERM;
1437
1438 switch(cmd) {
1439 case EBT_SO_SET_ENTRIES:
1440 ret = do_replace(sock_net(sk), user, len);
1441 break;
1442 case EBT_SO_SET_COUNTERS:
1443 ret = update_counters(sock_net(sk), user, len);
1444 break;
1445 default:
1446 ret = -EINVAL;
1447 }
1448 return ret;
1449 }
1450
1451 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1452 {
1453 int ret;
1454 struct ebt_replace tmp;
1455 struct ebt_table *t;
1456
1457 if (!capable(CAP_NET_ADMIN))
1458 return -EPERM;
1459
1460 if (copy_from_user(&tmp, user, sizeof(tmp)))
1461 return -EFAULT;
1462
1463 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1464 if (!t)
1465 return ret;
1466
1467 switch(cmd) {
1468 case EBT_SO_GET_INFO:
1469 case EBT_SO_GET_INIT_INFO:
1470 if (*len != sizeof(struct ebt_replace)){
1471 ret = -EINVAL;
1472 mutex_unlock(&ebt_mutex);
1473 break;
1474 }
1475 if (cmd == EBT_SO_GET_INFO) {
1476 tmp.nentries = t->private->nentries;
1477 tmp.entries_size = t->private->entries_size;
1478 tmp.valid_hooks = t->valid_hooks;
1479 } else {
1480 tmp.nentries = t->table->nentries;
1481 tmp.entries_size = t->table->entries_size;
1482 tmp.valid_hooks = t->table->valid_hooks;
1483 }
1484 mutex_unlock(&ebt_mutex);
1485 if (copy_to_user(user, &tmp, *len) != 0){
1486 BUGPRINT("c2u Didn't work\n");
1487 ret = -EFAULT;
1488 break;
1489 }
1490 ret = 0;
1491 break;
1492
1493 case EBT_SO_GET_ENTRIES:
1494 case EBT_SO_GET_INIT_ENTRIES:
1495 ret = copy_everything_to_user(t, user, len, cmd);
1496 mutex_unlock(&ebt_mutex);
1497 break;
1498
1499 default:
1500 mutex_unlock(&ebt_mutex);
1501 ret = -EINVAL;
1502 }
1503
1504 return ret;
1505 }
1506
1507 static struct nf_sockopt_ops ebt_sockopts =
1508 {
1509 .pf = PF_INET,
1510 .set_optmin = EBT_BASE_CTL,
1511 .set_optmax = EBT_SO_SET_MAX + 1,
1512 .set = do_ebt_set_ctl,
1513 .get_optmin = EBT_BASE_CTL,
1514 .get_optmax = EBT_SO_GET_MAX + 1,
1515 .get = do_ebt_get_ctl,
1516 .owner = THIS_MODULE,
1517 };
1518
1519 static int __init ebtables_init(void)
1520 {
1521 int ret;
1522
1523 ret = xt_register_target(&ebt_standard_target);
1524 if (ret < 0)
1525 return ret;
1526 ret = nf_register_sockopt(&ebt_sockopts);
1527 if (ret < 0) {
1528 xt_unregister_target(&ebt_standard_target);
1529 return ret;
1530 }
1531
1532 printk(KERN_INFO "Ebtables v2.0 registered\n");
1533 return 0;
1534 }
1535
1536 static void __exit ebtables_fini(void)
1537 {
1538 nf_unregister_sockopt(&ebt_sockopts);
1539 xt_unregister_target(&ebt_standard_target);
1540 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1541 }
1542
1543 EXPORT_SYMBOL(ebt_register_table);
1544 EXPORT_SYMBOL(ebt_unregister_table);
1545 EXPORT_SYMBOL(ebt_do_table);
1546 module_init(ebtables_init);
1547 module_exit(ebtables_fini);
1548 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.097673 seconds and 5 git commands to generate.