projects / deliverable / linux.git / blob
? search:


a707dbdc0327762fd3da4d078008977c8db051e4
[deliverable/linux.git] / net / bridge / netfilter / ebtables.c
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34 "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37 ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43 * Each cpu has its own set of counters, so there is no need for write_lock in
44 * the softirq
45 * For reading or updating the counters, the user context needs to
46 * get a write_lock
47 */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53 COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58
59 static struct xt_target ebt_standard_target = {
60 .name = "standard",
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
63 .targetsize = sizeof(int),
64 };
65
66 static inline int
67 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68 struct xt_target_param *par)
69 {
70 par->target = w->u.watcher;
71 par->targinfo = w->data;
72 w->u.watcher->target(skb, par);
73 /* watchers don't give a verdict */
74 return 0;
75 }
76
77 static inline int ebt_do_match (struct ebt_entry_match *m,
78 const struct sk_buff *skb, struct xt_match_param *par)
79 {
80 par->match = m->u.match;
81 par->matchinfo = m->data;
82 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
83 }
84
85 static inline int
86 ebt_dev_check(const char *entry, const struct net_device *device)
87 {
88 int i = 0;
89 const char *devname;
90
91 if (*entry == '\0')
92 return 0;
93 if (!device)
94 return 1;
95 devname = device->name;
96 /* 1 is the wildcard token */
97 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
98 i++;
99 return (devname[i] != entry[i] && entry[i] != 1);
100 }
101
102 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
103 /* process standard matches */
104 static inline int
105 ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h,
106 const struct net_device *in, const struct net_device *out)
107 {
108 int verdict, i;
109
110 if (e->bitmask & EBT_802_3) {
111 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
112 return 1;
113 } else if (!(e->bitmask & EBT_NOPROTO) &&
114 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
115 return 1;
116
117 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
118 return 1;
119 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
120 return 1;
121 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
122 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
123 return 1;
124 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
125 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
126 return 1;
127
128 if (e->bitmask & EBT_SOURCEMAC) {
129 verdict = 0;
130 for (i = 0; i < 6; i++)
131 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
132 e->sourcemsk[i];
133 if (FWINV2(verdict != 0, EBT_ISOURCE) )
134 return 1;
135 }
136 if (e->bitmask & EBT_DESTMAC) {
137 verdict = 0;
138 for (i = 0; i < 6; i++)
139 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
140 e->destmsk[i];
141 if (FWINV2(verdict != 0, EBT_IDEST) )
142 return 1;
143 }
144 return 0;
145 }
146
147 static inline __pure
148 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
149 {
150 return (void *)entry + entry->next_offset;
151 }
152
153 /* Do some firewalling */
154 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
155 const struct net_device *in, const struct net_device *out,
156 struct ebt_table *table)
157 {
158 int i, nentries;
159 struct ebt_entry *point;
160 struct ebt_counter *counter_base, *cb_base;
161 const struct ebt_entry_target *t;
162 int verdict, sp = 0;
163 struct ebt_chainstack *cs;
164 struct ebt_entries *chaininfo;
165 const char *base;
166 const struct ebt_table_info *private;
167 bool hotdrop = false;
168 struct xt_match_param mtpar;
169 struct xt_target_param tgpar;
170
171 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
172 mtpar.in = tgpar.in = in;
173 mtpar.out = tgpar.out = out;
174 mtpar.hotdrop = &hotdrop;
175 mtpar.hooknum = tgpar.hooknum = hook;
176
177 read_lock_bh(&table->lock);
178 private = table->private;
179 cb_base = COUNTER_BASE(private->counters, private->nentries,
180 smp_processor_id());
181 if (private->chainstack)
182 cs = private->chainstack[smp_processor_id()];
183 else
184 cs = NULL;
185 chaininfo = private->hook_entry[hook];
186 nentries = private->hook_entry[hook]->nentries;
187 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
188 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
189 /* base for chain jumps */
190 base = private->entries;
191 i = 0;
192 while (i < nentries) {
193 if (ebt_basic_match(point, eth_hdr(skb), in, out))
194 goto letscontinue;
195
196 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
197 goto letscontinue;
198 if (hotdrop) {
199 read_unlock_bh(&table->lock);
200 return NF_DROP;
201 }
202
203 /* increase counter */
204 (*(counter_base + i)).pcnt++;
205 (*(counter_base + i)).bcnt += skb->len;
206
207 /* these should only watch: not modify, nor tell us
208 what to do with the packet */
209 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
210
211 t = (struct ebt_entry_target *)
212 (((char *)point) + point->target_offset);
213 /* standard target */
214 if (!t->u.target->target)
215 verdict = ((struct ebt_standard_target *)t)->verdict;
216 else {
217 tgpar.target = t->u.target;
218 tgpar.targinfo = t->data;
219 verdict = t->u.target->target(skb, &tgpar);
220 }
221 if (verdict == EBT_ACCEPT) {
222 read_unlock_bh(&table->lock);
223 return NF_ACCEPT;
224 }
225 if (verdict == EBT_DROP) {
226 read_unlock_bh(&table->lock);
227 return NF_DROP;
228 }
229 if (verdict == EBT_RETURN) {
230 letsreturn:
231 #ifdef CONFIG_NETFILTER_DEBUG
232 if (sp == 0) {
233 BUGPRINT("RETURN on base chain");
234 /* act like this is EBT_CONTINUE */
235 goto letscontinue;
236 }
237 #endif
238 sp--;
239 /* put all the local variables right */
240 i = cs[sp].n;
241 chaininfo = cs[sp].chaininfo;
242 nentries = chaininfo->nentries;
243 point = cs[sp].e;
244 counter_base = cb_base +
245 chaininfo->counter_offset;
246 continue;
247 }
248 if (verdict == EBT_CONTINUE)
249 goto letscontinue;
250 #ifdef CONFIG_NETFILTER_DEBUG
251 if (verdict < 0) {
252 BUGPRINT("bogus standard verdict\n");
253 read_unlock_bh(&table->lock);
254 return NF_DROP;
255 }
256 #endif
257 /* jump to a udc */
258 cs[sp].n = i + 1;
259 cs[sp].chaininfo = chaininfo;
260 cs[sp].e = ebt_next_entry(point);
261 i = 0;
262 chaininfo = (struct ebt_entries *) (base + verdict);
263 #ifdef CONFIG_NETFILTER_DEBUG
264 if (chaininfo->distinguisher) {
265 BUGPRINT("jump to non-chain\n");
266 read_unlock_bh(&table->lock);
267 return NF_DROP;
268 }
269 #endif
270 nentries = chaininfo->nentries;
271 point = (struct ebt_entry *)chaininfo->data;
272 counter_base = cb_base + chaininfo->counter_offset;
273 sp++;
274 continue;
275 letscontinue:
276 point = ebt_next_entry(point);
277 i++;
278 }
279
280 /* I actually like this :) */
281 if (chaininfo->policy == EBT_RETURN)
282 goto letsreturn;
283 if (chaininfo->policy == EBT_ACCEPT) {
284 read_unlock_bh(&table->lock);
285 return NF_ACCEPT;
286 }
287 read_unlock_bh(&table->lock);
288 return NF_DROP;
289 }
290
291 /* If it succeeds, returns element and locks mutex */
292 static inline void *
293 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
294 struct mutex *mutex)
295 {
296 struct {
297 struct list_head list;
298 char name[EBT_FUNCTION_MAXNAMELEN];
299 } *e;
300
301 *error = mutex_lock_interruptible(mutex);
302 if (*error != 0)
303 return NULL;
304
305 list_for_each_entry(e, head, list) {
306 if (strcmp(e->name, name) == 0)
307 return e;
308 }
309 *error = -ENOENT;
310 mutex_unlock(mutex);
311 return NULL;
312 }
313
314 static void *
315 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
316 int *error, struct mutex *mutex)
317 {
318 return try_then_request_module(
319 find_inlist_lock_noload(head, name, error, mutex),
320 "%s%s", prefix, name);
321 }
322
323 static inline struct ebt_table *
324 find_table_lock(struct net *net, const char *name, int *error,
325 struct mutex *mutex)
326 {
327 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
328 "ebtable_", error, mutex);
329 }
330
331 static inline int
332 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
333 unsigned int *cnt)
334 {
335 const struct ebt_entry *e = par->entryinfo;
336 struct xt_match *match;
337 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
338 int ret;
339
340 if (left < sizeof(struct ebt_entry_match) ||
341 left - sizeof(struct ebt_entry_match) < m->match_size)
342 return -EINVAL;
343
344 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
345 m->u.name, 0), "ebt_%s", m->u.name);
346 if (IS_ERR(match))
347 return PTR_ERR(match);
348 if (match == NULL)
349 return -ENOENT;
350 m->u.match = match;
351
352 par->match = match;
353 par->matchinfo = m->data;
354 ret = xt_check_match(par, m->match_size,
355 e->ethproto, e->invflags & EBT_IPROTO);
356 if (ret < 0) {
357 module_put(match->me);
358 return ret;
359 }
360
361 (*cnt)++;
362 return 0;
363 }
364
365 static inline int
366 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
367 unsigned int *cnt)
368 {
369 const struct ebt_entry *e = par->entryinfo;
370 struct xt_target *watcher;
371 size_t left = ((char *)e + e->target_offset) - (char *)w;
372 int ret;
373
374 if (left < sizeof(struct ebt_entry_watcher) ||
375 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
376 return -EINVAL;
377
378 watcher = try_then_request_module(
379 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
380 "ebt_%s", w->u.name);
381 if (IS_ERR(watcher))
382 return PTR_ERR(watcher);
383 if (watcher == NULL)
384 return -ENOENT;
385 w->u.watcher = watcher;
386
387 par->target = watcher;
388 par->targinfo = w->data;
389 ret = xt_check_target(par, w->watcher_size,
390 e->ethproto, e->invflags & EBT_IPROTO);
391 if (ret < 0) {
392 module_put(watcher->me);
393 return ret;
394 }
395
396 (*cnt)++;
397 return 0;
398 }
399
400 static int ebt_verify_pointers(const struct ebt_replace *repl,
401 struct ebt_table_info *newinfo)
402 {
403 unsigned int limit = repl->entries_size;
404 unsigned int valid_hooks = repl->valid_hooks;
405 unsigned int offset = 0;
406 int i;
407
408 for (i = 0; i < NF_BR_NUMHOOKS; i++)
409 newinfo->hook_entry[i] = NULL;
410
411 newinfo->entries_size = repl->entries_size;
412 newinfo->nentries = repl->nentries;
413
414 while (offset < limit) {
415 size_t left = limit - offset;
416 struct ebt_entry *e = (void *)newinfo->entries + offset;
417
418 if (left < sizeof(unsigned int))
419 break;
420
421 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
422 if ((valid_hooks & (1 << i)) == 0)
423 continue;
424 if ((char __user *)repl->hook_entry[i] ==
425 repl->entries + offset)
426 break;
427 }
428
429 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
430 if (e->bitmask != 0) {
431 /* we make userspace set this right,
432 so there is no misunderstanding */
433 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
434 "in distinguisher\n");
435 return -EINVAL;
436 }
437 if (i != NF_BR_NUMHOOKS)
438 newinfo->hook_entry[i] = (struct ebt_entries *)e;
439 if (left < sizeof(struct ebt_entries))
440 break;
441 offset += sizeof(struct ebt_entries);
442 } else {
443 if (left < sizeof(struct ebt_entry))
444 break;
445 if (left < e->next_offset)
446 break;
447 if (e->next_offset < sizeof(struct ebt_entry))
448 return -EINVAL;
449 offset += e->next_offset;
450 }
451 }
452 if (offset != limit) {
453 BUGPRINT("entries_size too small\n");
454 return -EINVAL;
455 }
456
457 /* check if all valid hooks have a chain */
458 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
459 if (!newinfo->hook_entry[i] &&
460 (valid_hooks & (1 << i))) {
461 BUGPRINT("Valid hook without chain\n");
462 return -EINVAL;
463 }
464 }
465 return 0;
466 }
467
468 /*
469 * this one is very careful, as it is the first function
470 * to parse the userspace data
471 */
472 static inline int
473 ebt_check_entry_size_and_hooks(const struct ebt_entry *e,
474 const struct ebt_table_info *newinfo,
475 unsigned int *n, unsigned int *cnt,
476 unsigned int *totalcnt, unsigned int *udc_cnt)
477 {
478 int i;
479
480 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
481 if ((void *)e == (void *)newinfo->hook_entry[i])
482 break;
483 }
484 /* beginning of a new chain
485 if i == NF_BR_NUMHOOKS it must be a user defined chain */
486 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
487 /* this checks if the previous chain has as many entries
488 as it said it has */
489 if (*n != *cnt) {
490 BUGPRINT("nentries does not equal the nr of entries "
491 "in the chain\n");
492 return -EINVAL;
493 }
494 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
495 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
496 /* only RETURN from udc */
497 if (i != NF_BR_NUMHOOKS ||
498 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
499 BUGPRINT("bad policy\n");
500 return -EINVAL;
501 }
502 }
503 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
504 (*udc_cnt)++;
505 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
506 BUGPRINT("counter_offset != totalcnt");
507 return -EINVAL;
508 }
509 *n = ((struct ebt_entries *)e)->nentries;
510 *cnt = 0;
511 return 0;
512 }
513 /* a plain old entry, heh */
514 if (sizeof(struct ebt_entry) > e->watchers_offset ||
515 e->watchers_offset > e->target_offset ||
516 e->target_offset >= e->next_offset) {
517 BUGPRINT("entry offsets not in right order\n");
518 return -EINVAL;
519 }
520 /* this is not checked anywhere else */
521 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
522 BUGPRINT("target size too small\n");
523 return -EINVAL;
524 }
525 (*cnt)++;
526 (*totalcnt)++;
527 return 0;
528 }
529
530 struct ebt_cl_stack
531 {
532 struct ebt_chainstack cs;
533 int from;
534 unsigned int hookmask;
535 };
536
537 /*
538 * we need these positions to check that the jumps to a different part of the
539 * entries is a jump to the beginning of a new chain.
540 */
541 static inline int
542 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
543 unsigned int *n, struct ebt_cl_stack *udc)
544 {
545 int i;
546
547 /* we're only interested in chain starts */
548 if (e->bitmask)
549 return 0;
550 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
551 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
552 break;
553 }
554 /* only care about udc */
555 if (i != NF_BR_NUMHOOKS)
556 return 0;
557
558 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
559 /* these initialisations are depended on later in check_chainloops() */
560 udc[*n].cs.n = 0;
561 udc[*n].hookmask = 0;
562
563 (*n)++;
564 return 0;
565 }
566
567 static inline int
568 ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
569 {
570 struct xt_mtdtor_param par;
571
572 if (i && (*i)-- == 0)
573 return 1;
574
575 par.net = net;
576 par.match = m->u.match;
577 par.matchinfo = m->data;
578 par.family = NFPROTO_BRIDGE;
579 if (par.match->destroy != NULL)
580 par.match->destroy(&par);
581 module_put(par.match->me);
582 return 0;
583 }
584
585 static inline int
586 ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
587 {
588 struct xt_tgdtor_param par;
589
590 if (i && (*i)-- == 0)
591 return 1;
592
593 par.net = net;
594 par.target = w->u.watcher;
595 par.targinfo = w->data;
596 par.family = NFPROTO_BRIDGE;
597 if (par.target->destroy != NULL)
598 par.target->destroy(&par);
599 module_put(par.target->me);
600 return 0;
601 }
602
603 static inline int
604 ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
605 {
606 struct xt_tgdtor_param par;
607 struct ebt_entry_target *t;
608
609 if (e->bitmask == 0)
610 return 0;
611 /* we're done */
612 if (cnt && (*cnt)-- == 0)
613 return 1;
614 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
615 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
616 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
617
618 par.net = net;
619 par.target = t->u.target;
620 par.targinfo = t->data;
621 par.family = NFPROTO_BRIDGE;
622 if (par.target->destroy != NULL)
623 par.target->destroy(&par);
624 module_put(par.target->me);
625 return 0;
626 }
627
628 static inline int
629 ebt_check_entry(struct ebt_entry *e, struct net *net,
630 const struct ebt_table_info *newinfo,
631 const char *name, unsigned int *cnt,
632 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
633 {
634 struct ebt_entry_target *t;
635 struct xt_target *target;
636 unsigned int i, j, hook = 0, hookmask = 0;
637 size_t gap;
638 int ret;
639 struct xt_mtchk_param mtpar;
640 struct xt_tgchk_param tgpar;
641
642 /* don't mess with the struct ebt_entries */
643 if (e->bitmask == 0)
644 return 0;
645
646 if (e->bitmask & ~EBT_F_MASK) {
647 BUGPRINT("Unknown flag for bitmask\n");
648 return -EINVAL;
649 }
650 if (e->invflags & ~EBT_INV_MASK) {
651 BUGPRINT("Unknown flag for inv bitmask\n");
652 return -EINVAL;
653 }
654 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
655 BUGPRINT("NOPROTO & 802_3 not allowed\n");
656 return -EINVAL;
657 }
658 /* what hook do we belong to? */
659 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
660 if (!newinfo->hook_entry[i])
661 continue;
662 if ((char *)newinfo->hook_entry[i] < (char *)e)
663 hook = i;
664 else
665 break;
666 }
667 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
668 a base chain */
669 if (i < NF_BR_NUMHOOKS)
670 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
671 else {
672 for (i = 0; i < udc_cnt; i++)
673 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
674 break;
675 if (i == 0)
676 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
677 else
678 hookmask = cl_s[i - 1].hookmask;
679 }
680 i = 0;
681
682 mtpar.net = tgpar.net = net;
683 mtpar.table = tgpar.table = name;
684 mtpar.entryinfo = tgpar.entryinfo = e;
685 mtpar.hook_mask = tgpar.hook_mask = hookmask;
686 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
687 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
688 if (ret != 0)
689 goto cleanup_matches;
690 j = 0;
691 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
692 if (ret != 0)
693 goto cleanup_watchers;
694 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
695 gap = e->next_offset - e->target_offset;
696
697 target = try_then_request_module(
698 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
699 "ebt_%s", t->u.name);
700 if (IS_ERR(target)) {
701 ret = PTR_ERR(target);
702 goto cleanup_watchers;
703 } else if (target == NULL) {
704 ret = -ENOENT;
705 goto cleanup_watchers;
706 }
707
708 t->u.target = target;
709 if (t->u.target == &ebt_standard_target) {
710 if (gap < sizeof(struct ebt_standard_target)) {
711 BUGPRINT("Standard target size too big\n");
712 ret = -EFAULT;
713 goto cleanup_watchers;
714 }
715 if (((struct ebt_standard_target *)t)->verdict <
716 -NUM_STANDARD_TARGETS) {
717 BUGPRINT("Invalid standard target\n");
718 ret = -EFAULT;
719 goto cleanup_watchers;
720 }
721 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
722 module_put(t->u.target->me);
723 ret = -EFAULT;
724 goto cleanup_watchers;
725 }
726
727 tgpar.target = target;
728 tgpar.targinfo = t->data;
729 ret = xt_check_target(&tgpar, t->target_size,
730 e->ethproto, e->invflags & EBT_IPROTO);
731 if (ret < 0) {
732 module_put(target->me);
733 goto cleanup_watchers;
734 }
735 (*cnt)++;
736 return 0;
737 cleanup_watchers:
738 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
739 cleanup_matches:
740 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
741 return ret;
742 }
743
744 /*
745 * checks for loops and sets the hook mask for udc
746 * the hook mask for udc tells us from which base chains the udc can be
747 * accessed. This mask is a parameter to the check() functions of the extensions
748 */
749 static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
750 unsigned int udc_cnt, unsigned int hooknr, char *base)
751 {
752 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
753 const struct ebt_entry *e = (struct ebt_entry *)chain->data;
754 const struct ebt_entry_target *t;
755
756 while (pos < nentries || chain_nr != -1) {
757 /* end of udc, go back one 'recursion' step */
758 if (pos == nentries) {
759 /* put back values of the time when this chain was called */
760 e = cl_s[chain_nr].cs.e;
761 if (cl_s[chain_nr].from != -1)
762 nentries =
763 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
764 else
765 nentries = chain->nentries;
766 pos = cl_s[chain_nr].cs.n;
767 /* make sure we won't see a loop that isn't one */
768 cl_s[chain_nr].cs.n = 0;
769 chain_nr = cl_s[chain_nr].from;
770 if (pos == nentries)
771 continue;
772 }
773 t = (struct ebt_entry_target *)
774 (((char *)e) + e->target_offset);
775 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
776 goto letscontinue;
777 if (e->target_offset + sizeof(struct ebt_standard_target) >
778 e->next_offset) {
779 BUGPRINT("Standard target size too big\n");
780 return -1;
781 }
782 verdict = ((struct ebt_standard_target *)t)->verdict;
783 if (verdict >= 0) { /* jump to another chain */
784 struct ebt_entries *hlp2 =
785 (struct ebt_entries *)(base + verdict);
786 for (i = 0; i < udc_cnt; i++)
787 if (hlp2 == cl_s[i].cs.chaininfo)
788 break;
789 /* bad destination or loop */
790 if (i == udc_cnt) {
791 BUGPRINT("bad destination\n");
792 return -1;
793 }
794 if (cl_s[i].cs.n) {
795 BUGPRINT("loop\n");
796 return -1;
797 }
798 if (cl_s[i].hookmask & (1 << hooknr))
799 goto letscontinue;
800 /* this can't be 0, so the loop test is correct */
801 cl_s[i].cs.n = pos + 1;
802 pos = 0;
803 cl_s[i].cs.e = ebt_next_entry(e);
804 e = (struct ebt_entry *)(hlp2->data);
805 nentries = hlp2->nentries;
806 cl_s[i].from = chain_nr;
807 chain_nr = i;
808 /* this udc is accessible from the base chain for hooknr */
809 cl_s[i].hookmask |= (1 << hooknr);
810 continue;
811 }
812 letscontinue:
813 e = ebt_next_entry(e);
814 pos++;
815 }
816 return 0;
817 }
818
819 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
820 static int translate_table(struct net *net, const char *name,
821 struct ebt_table_info *newinfo)
822 {
823 unsigned int i, j, k, udc_cnt;
824 int ret;
825 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
826
827 i = 0;
828 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
829 i++;
830 if (i == NF_BR_NUMHOOKS) {
831 BUGPRINT("No valid hooks specified\n");
832 return -EINVAL;
833 }
834 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
835 BUGPRINT("Chains don't start at beginning\n");
836 return -EINVAL;
837 }
838 /* make sure chains are ordered after each other in same order
839 as their corresponding hooks */
840 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
841 if (!newinfo->hook_entry[j])
842 continue;
843 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
844 BUGPRINT("Hook order must be followed\n");
845 return -EINVAL;
846 }
847 i = j;
848 }
849
850 /* do some early checkings and initialize some things */
851 i = 0; /* holds the expected nr. of entries for the chain */
852 j = 0; /* holds the up to now counted entries for the chain */
853 k = 0; /* holds the total nr. of entries, should equal
854 newinfo->nentries afterwards */
855 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
856 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
857 ebt_check_entry_size_and_hooks, newinfo,
858 &i, &j, &k, &udc_cnt);
859
860 if (ret != 0)
861 return ret;
862
863 if (i != j) {
864 BUGPRINT("nentries does not equal the nr of entries in the "
865 "(last) chain\n");
866 return -EINVAL;
867 }
868 if (k != newinfo->nentries) {
869 BUGPRINT("Total nentries is wrong\n");
870 return -EINVAL;
871 }
872
873 /* get the location of the udc, put them in an array
874 while we're at it, allocate the chainstack */
875 if (udc_cnt) {
876 /* this will get free'd in do_replace()/ebt_register_table()
877 if an error occurs */
878 newinfo->chainstack =
879 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
880 if (!newinfo->chainstack)
881 return -ENOMEM;
882 for_each_possible_cpu(i) {
883 newinfo->chainstack[i] =
884 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
885 if (!newinfo->chainstack[i]) {
886 while (i)
887 vfree(newinfo->chainstack[--i]);
888 vfree(newinfo->chainstack);
889 newinfo->chainstack = NULL;
890 return -ENOMEM;
891 }
892 }
893
894 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
895 if (!cl_s)
896 return -ENOMEM;
897 i = 0; /* the i'th udc */
898 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
899 ebt_get_udc_positions, newinfo, &i, cl_s);
900 /* sanity check */
901 if (i != udc_cnt) {
902 BUGPRINT("i != udc_cnt\n");
903 vfree(cl_s);
904 return -EFAULT;
905 }
906 }
907
908 /* Check for loops */
909 for (i = 0; i < NF_BR_NUMHOOKS; i++)
910 if (newinfo->hook_entry[i])
911 if (check_chainloops(newinfo->hook_entry[i],
912 cl_s, udc_cnt, i, newinfo->entries)) {
913 vfree(cl_s);
914 return -EINVAL;
915 }
916
917 /* we now know the following (along with E=mc²):
918 - the nr of entries in each chain is right
919 - the size of the allocated space is right
920 - all valid hooks have a corresponding chain
921 - there are no loops
922 - wrong data can still be on the level of a single entry
923 - could be there are jumps to places that are not the
924 beginning of a chain. This can only occur in chains that
925 are not accessible from any base chains, so we don't care. */
926
927 /* used to know what we need to clean up if something goes wrong */
928 i = 0;
929 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
930 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
931 if (ret != 0) {
932 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
933 ebt_cleanup_entry, net, &i);
934 }
935 vfree(cl_s);
936 return ret;
937 }
938
939 /* called under write_lock */
940 static void get_counters(const struct ebt_counter *oldcounters,
941 struct ebt_counter *counters, unsigned int nentries)
942 {
943 int i, cpu;
944 struct ebt_counter *counter_base;
945
946 /* counters of cpu 0 */
947 memcpy(counters, oldcounters,
948 sizeof(struct ebt_counter) * nentries);
949
950 /* add other counters to those of cpu 0 */
951 for_each_possible_cpu(cpu) {
952 if (cpu == 0)
953 continue;
954 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
955 for (i = 0; i < nentries; i++) {
956 counters[i].pcnt += counter_base[i].pcnt;
957 counters[i].bcnt += counter_base[i].bcnt;
958 }
959 }
960 }
961
962 static int do_replace_finish(struct net *net, struct ebt_replace *repl,
963 struct ebt_table_info *newinfo)
964 {
965 int ret, i;
966 struct ebt_counter *counterstmp = NULL;
967 /* used to be able to unlock earlier */
968 struct ebt_table_info *table;
969 struct ebt_table *t;
970
971 /* the user wants counters back
972 the check on the size is done later, when we have the lock */
973 if (repl->num_counters) {
974 unsigned long size = repl->num_counters * sizeof(*counterstmp);
975 counterstmp = vmalloc(size);
976 if (!counterstmp)
977 return -ENOMEM;
978 }
979
980 newinfo->chainstack = NULL;
981 ret = ebt_verify_pointers(repl, newinfo);
982 if (ret != 0)
983 goto free_counterstmp;
984
985 ret = translate_table(net, repl->name, newinfo);
986
987 if (ret != 0)
988 goto free_counterstmp;
989
990 t = find_table_lock(net, repl->name, &ret, &ebt_mutex);
991 if (!t) {
992 ret = -ENOENT;
993 goto free_iterate;
994 }
995
996 /* the table doesn't like it */
997 if (t->check && (ret = t->check(newinfo, repl->valid_hooks)))
998 goto free_unlock;
999
1000 if (repl->num_counters && repl->num_counters != t->private->nentries) {
1001 BUGPRINT("Wrong nr. of counters requested\n");
1002 ret = -EINVAL;
1003 goto free_unlock;
1004 }
1005
1006 /* we have the mutex lock, so no danger in reading this pointer */
1007 table = t->private;
1008 /* make sure the table can only be rmmod'ed if it contains no rules */
1009 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1010 ret = -ENOENT;
1011 goto free_unlock;
1012 } else if (table->nentries && !newinfo->nentries)
1013 module_put(t->me);
1014 /* we need an atomic snapshot of the counters */
1015 write_lock_bh(&t->lock);
1016 if (repl->num_counters)
1017 get_counters(t->private->counters, counterstmp,
1018 t->private->nentries);
1019
1020 t->private = newinfo;
1021 write_unlock_bh(&t->lock);
1022 mutex_unlock(&ebt_mutex);
1023 /* so, a user can change the chains while having messed up her counter
1024 allocation. Only reason why this is done is because this way the lock
1025 is held only once, while this doesn't bring the kernel into a
1026 dangerous state. */
1027 if (repl->num_counters &&
1028 copy_to_user(repl->counters, counterstmp,
1029 repl->num_counters * sizeof(struct ebt_counter))) {
1030 ret = -EFAULT;
1031 }
1032 else
1033 ret = 0;
1034
1035 /* decrease module count and free resources */
1036 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1037 ebt_cleanup_entry, net, NULL);
1038
1039 vfree(table->entries);
1040 if (table->chainstack) {
1041 for_each_possible_cpu(i)
1042 vfree(table->chainstack[i]);
1043 vfree(table->chainstack);
1044 }
1045 vfree(table);
1046
1047 vfree(counterstmp);
1048 return ret;
1049
1050 free_unlock:
1051 mutex_unlock(&ebt_mutex);
1052 free_iterate:
1053 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1054 ebt_cleanup_entry, net, NULL);
1055 free_counterstmp:
1056 vfree(counterstmp);
1057 /* can be initialized in translate_table() */
1058 if (newinfo->chainstack) {
1059 for_each_possible_cpu(i)
1060 vfree(newinfo->chainstack[i]);
1061 vfree(newinfo->chainstack);
1062 }
1063 return ret;
1064 }
1065
1066 /* replace the table */
1067 static int do_replace(struct net *net, const void __user *user,
1068 unsigned int len)
1069 {
1070 int ret, countersize;
1071 struct ebt_table_info *newinfo;
1072 struct ebt_replace tmp;
1073
1074 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1075 return -EFAULT;
1076
1077 if (len != sizeof(tmp) + tmp.entries_size) {
1078 BUGPRINT("Wrong len argument\n");
1079 return -EINVAL;
1080 }
1081
1082 if (tmp.entries_size == 0) {
1083 BUGPRINT("Entries_size never zero\n");
1084 return -EINVAL;
1085 }
1086 /* overflow check */
1087 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
1088 NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
1089 return -ENOMEM;
1090 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
1091 return -ENOMEM;
1092
1093 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
1094 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1095 if (!newinfo)
1096 return -ENOMEM;
1097
1098 if (countersize)
1099 memset(newinfo->counters, 0, countersize);
1100
1101 newinfo->entries = vmalloc(tmp.entries_size);
1102 if (!newinfo->entries) {
1103 ret = -ENOMEM;
1104 goto free_newinfo;
1105 }
1106 if (copy_from_user(
1107 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1108 BUGPRINT("Couldn't copy entries from userspace\n");
1109 ret = -EFAULT;
1110 goto free_entries;
1111 }
1112
1113 ret = do_replace_finish(net, &tmp, newinfo);
1114 if (ret == 0)
1115 return ret;
1116 free_entries:
1117 vfree(newinfo->entries);
1118 free_newinfo:
1119 vfree(newinfo);
1120 return ret;
1121 }
1122
1123 struct ebt_table *
1124 ebt_register_table(struct net *net, const struct ebt_table *input_table)
1125 {
1126 struct ebt_table_info *newinfo;
1127 struct ebt_table *t, *table;
1128 struct ebt_replace_kernel *repl;
1129 int ret, i, countersize;
1130 void *p;
1131
1132 if (input_table == NULL || (repl = input_table->table) == NULL ||
1133 repl->entries == 0 || repl->entries_size == 0 ||
1134 repl->counters != NULL || input_table->private != NULL) {
1135 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1136 return ERR_PTR(-EINVAL);
1137 }
1138
1139 /* Don't add one table to multiple lists. */
1140 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1141 if (!table) {
1142 ret = -ENOMEM;
1143 goto out;
1144 }
1145
1146 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1147 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1148 ret = -ENOMEM;
1149 if (!newinfo)
1150 goto free_table;
1151
1152 p = vmalloc(repl->entries_size);
1153 if (!p)
1154 goto free_newinfo;
1155
1156 memcpy(p, repl->entries, repl->entries_size);
1157 newinfo->entries = p;
1158
1159 newinfo->entries_size = repl->entries_size;
1160 newinfo->nentries = repl->nentries;
1161
1162 if (countersize)
1163 memset(newinfo->counters, 0, countersize);
1164
1165 /* fill in newinfo and parse the entries */
1166 newinfo->chainstack = NULL;
1167 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1168 if ((repl->valid_hooks & (1 << i)) == 0)
1169 newinfo->hook_entry[i] = NULL;
1170 else
1171 newinfo->hook_entry[i] = p +
1172 ((char *)repl->hook_entry[i] - repl->entries);
1173 }
1174 ret = translate_table(net, repl->name, newinfo);
1175 if (ret != 0) {
1176 BUGPRINT("Translate_table failed\n");
1177 goto free_chainstack;
1178 }
1179
1180 if (table->check && table->check(newinfo, table->valid_hooks)) {
1181 BUGPRINT("The table doesn't like its own initial data, lol\n");
1182 return ERR_PTR(-EINVAL);
1183 }
1184
1185 table->private = newinfo;
1186 rwlock_init(&table->lock);
1187 ret = mutex_lock_interruptible(&ebt_mutex);
1188 if (ret != 0)
1189 goto free_chainstack;
1190
1191 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1192 if (strcmp(t->name, table->name) == 0) {
1193 ret = -EEXIST;
1194 BUGPRINT("Table name already exists\n");
1195 goto free_unlock;
1196 }
1197 }
1198
1199 /* Hold a reference count if the chains aren't empty */
1200 if (newinfo->nentries && !try_module_get(table->me)) {
1201 ret = -ENOENT;
1202 goto free_unlock;
1203 }
1204 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1205 mutex_unlock(&ebt_mutex);
1206 return table;
1207 free_unlock:
1208 mutex_unlock(&ebt_mutex);
1209 free_chainstack:
1210 if (newinfo->chainstack) {
1211 for_each_possible_cpu(i)
1212 vfree(newinfo->chainstack[i]);
1213 vfree(newinfo->chainstack);
1214 }
1215 vfree(newinfo->entries);
1216 free_newinfo:
1217 vfree(newinfo);
1218 free_table:
1219 kfree(table);
1220 out:
1221 return ERR_PTR(ret);
1222 }
1223
1224 void ebt_unregister_table(struct net *net, struct ebt_table *table)
1225 {
1226 int i;
1227
1228 if (!table) {
1229 BUGPRINT("Request to unregister NULL table!!!\n");
1230 return;
1231 }
1232 mutex_lock(&ebt_mutex);
1233 list_del(&table->list);
1234 mutex_unlock(&ebt_mutex);
1235 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1236 ebt_cleanup_entry, net, NULL);
1237 if (table->private->nentries)
1238 module_put(table->me);
1239 vfree(table->private->entries);
1240 if (table->private->chainstack) {
1241 for_each_possible_cpu(i)
1242 vfree(table->private->chainstack[i]);
1243 vfree(table->private->chainstack);
1244 }
1245 vfree(table->private);
1246 kfree(table);
1247 }
1248
1249 /* userspace just supplied us with counters */
1250 static int update_counters(struct net *net, const void __user *user,
1251 unsigned int len)
1252 {
1253 int i, ret;
1254 struct ebt_counter *tmp;
1255 struct ebt_replace hlp;
1256 struct ebt_table *t;
1257
1258 if (copy_from_user(&hlp, user, sizeof(hlp)))
1259 return -EFAULT;
1260
1261 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1262 return -EINVAL;
1263 if (hlp.num_counters == 0)
1264 return -EINVAL;
1265
1266 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1267 MEMPRINT("Update_counters && nomemory\n");
1268 return -ENOMEM;
1269 }
1270
1271 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1272 if (!t)
1273 goto free_tmp;
1274
1275 if (hlp.num_counters != t->private->nentries) {
1276 BUGPRINT("Wrong nr of counters\n");
1277 ret = -EINVAL;
1278 goto unlock_mutex;
1279 }
1280
1281 if ( copy_from_user(tmp, hlp.counters,
1282 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1283 BUGPRINT("Updata_counters && !cfu\n");
1284 ret = -EFAULT;
1285 goto unlock_mutex;
1286 }
1287
1288 /* we want an atomic add of the counters */
1289 write_lock_bh(&t->lock);
1290
1291 /* we add to the counters of the first cpu */
1292 for (i = 0; i < hlp.num_counters; i++) {
1293 t->private->counters[i].pcnt += tmp[i].pcnt;
1294 t->private->counters[i].bcnt += tmp[i].bcnt;
1295 }
1296
1297 write_unlock_bh(&t->lock);
1298 ret = 0;
1299 unlock_mutex:
1300 mutex_unlock(&ebt_mutex);
1301 free_tmp:
1302 vfree(tmp);
1303 return ret;
1304 }
1305
1306 static inline int ebt_make_matchname(const struct ebt_entry_match *m,
1307 const char *base, char __user *ubase)
1308 {
1309 char __user *hlp = ubase + ((char *)m - base);
1310 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1311 return -EFAULT;
1312 return 0;
1313 }
1314
1315 static inline int ebt_make_watchername(const struct ebt_entry_watcher *w,
1316 const char *base, char __user *ubase)
1317 {
1318 char __user *hlp = ubase + ((char *)w - base);
1319 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1320 return -EFAULT;
1321 return 0;
1322 }
1323
1324 static inline int
1325 ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
1326 {
1327 int ret;
1328 char __user *hlp;
1329 const struct ebt_entry_target *t;
1330
1331 if (e->bitmask == 0)
1332 return 0;
1333
1334 hlp = ubase + (((char *)e + e->target_offset) - base);
1335 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1336
1337 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1338 if (ret != 0)
1339 return ret;
1340 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1341 if (ret != 0)
1342 return ret;
1343 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1344 return -EFAULT;
1345 return 0;
1346 }
1347
1348 /* called with ebt_mutex locked */
1349 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1350 const int *len, int cmd)
1351 {
1352 struct ebt_replace tmp;
1353 struct ebt_counter *counterstmp;
1354 const struct ebt_counter *oldcounters;
1355 unsigned int entries_size, nentries;
1356 char *entries;
1357
1358 if (cmd == EBT_SO_GET_ENTRIES) {
1359 entries_size = t->private->entries_size;
1360 nentries = t->private->nentries;
1361 entries = t->private->entries;
1362 oldcounters = t->private->counters;
1363 } else {
1364 entries_size = t->table->entries_size;
1365 nentries = t->table->nentries;
1366 entries = t->table->entries;
1367 oldcounters = t->table->counters;
1368 }
1369
1370 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1371 BUGPRINT("Cfu didn't work\n");
1372 return -EFAULT;
1373 }
1374
1375 if (*len != sizeof(struct ebt_replace) + entries_size +
1376 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1377 BUGPRINT("Wrong size\n");
1378 return -EINVAL;
1379 }
1380
1381 if (tmp.nentries != nentries) {
1382 BUGPRINT("Nentries wrong\n");
1383 return -EINVAL;
1384 }
1385
1386 if (tmp.entries_size != entries_size) {
1387 BUGPRINT("Wrong size\n");
1388 return -EINVAL;
1389 }
1390
1391 /* userspace might not need the counters */
1392 if (tmp.num_counters) {
1393 if (tmp.num_counters != nentries) {
1394 BUGPRINT("Num_counters wrong\n");
1395 return -EINVAL;
1396 }
1397 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1398 if (!counterstmp) {
1399 MEMPRINT("Couldn't copy counters, out of memory\n");
1400 return -ENOMEM;
1401 }
1402 write_lock_bh(&t->lock);
1403 get_counters(oldcounters, counterstmp, nentries);
1404 write_unlock_bh(&t->lock);
1405
1406 if (copy_to_user(tmp.counters, counterstmp,
1407 nentries * sizeof(struct ebt_counter))) {
1408 BUGPRINT("Couldn't copy counters to userspace\n");
1409 vfree(counterstmp);
1410 return -EFAULT;
1411 }
1412 vfree(counterstmp);
1413 }
1414
1415 if (copy_to_user(tmp.entries, entries, entries_size)) {
1416 BUGPRINT("Couldn't copy entries to userspace\n");
1417 return -EFAULT;
1418 }
1419 /* set the match/watcher/target names right */
1420 return EBT_ENTRY_ITERATE(entries, entries_size,
1421 ebt_make_names, entries, tmp.entries);
1422 }
1423
1424 static int do_ebt_set_ctl(struct sock *sk,
1425 int cmd, void __user *user, unsigned int len)
1426 {
1427 int ret;
1428
1429 if (!capable(CAP_NET_ADMIN))
1430 return -EPERM;
1431
1432 switch(cmd) {
1433 case EBT_SO_SET_ENTRIES:
1434 ret = do_replace(sock_net(sk), user, len);
1435 break;
1436 case EBT_SO_SET_COUNTERS:
1437 ret = update_counters(sock_net(sk), user, len);
1438 break;
1439 default:
1440 ret = -EINVAL;
1441 }
1442 return ret;
1443 }
1444
1445 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1446 {
1447 int ret;
1448 struct ebt_replace tmp;
1449 struct ebt_table *t;
1450
1451 if (!capable(CAP_NET_ADMIN))
1452 return -EPERM;
1453
1454 if (copy_from_user(&tmp, user, sizeof(tmp)))
1455 return -EFAULT;
1456
1457 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1458 if (!t)
1459 return ret;
1460
1461 switch(cmd) {
1462 case EBT_SO_GET_INFO:
1463 case EBT_SO_GET_INIT_INFO:
1464 if (*len != sizeof(struct ebt_replace)){
1465 ret = -EINVAL;
1466 mutex_unlock(&ebt_mutex);
1467 break;
1468 }
1469 if (cmd == EBT_SO_GET_INFO) {
1470 tmp.nentries = t->private->nentries;
1471 tmp.entries_size = t->private->entries_size;
1472 tmp.valid_hooks = t->valid_hooks;
1473 } else {
1474 tmp.nentries = t->table->nentries;
1475 tmp.entries_size = t->table->entries_size;
1476 tmp.valid_hooks = t->table->valid_hooks;
1477 }
1478 mutex_unlock(&ebt_mutex);
1479 if (copy_to_user(user, &tmp, *len) != 0){
1480 BUGPRINT("c2u Didn't work\n");
1481 ret = -EFAULT;
1482 break;
1483 }
1484 ret = 0;
1485 break;
1486
1487 case EBT_SO_GET_ENTRIES:
1488 case EBT_SO_GET_INIT_ENTRIES:
1489 ret = copy_everything_to_user(t, user, len, cmd);
1490 mutex_unlock(&ebt_mutex);
1491 break;
1492
1493 default:
1494 mutex_unlock(&ebt_mutex);
1495 ret = -EINVAL;
1496 }
1497
1498 return ret;
1499 }
1500
1501 static struct nf_sockopt_ops ebt_sockopts =
1502 {
1503 .pf = PF_INET,
1504 .set_optmin = EBT_BASE_CTL,
1505 .set_optmax = EBT_SO_SET_MAX + 1,
1506 .set = do_ebt_set_ctl,
1507 .get_optmin = EBT_BASE_CTL,
1508 .get_optmax = EBT_SO_GET_MAX + 1,
1509 .get = do_ebt_get_ctl,
1510 .owner = THIS_MODULE,
1511 };
1512
1513 static int __init ebtables_init(void)
1514 {
1515 int ret;
1516
1517 ret = xt_register_target(&ebt_standard_target);
1518 if (ret < 0)
1519 return ret;
1520 ret = nf_register_sockopt(&ebt_sockopts);
1521 if (ret < 0) {
1522 xt_unregister_target(&ebt_standard_target);
1523 return ret;
1524 }
1525
1526 printk(KERN_INFO "Ebtables v2.0 registered\n");
1527 return 0;
1528 }
1529
1530 static void __exit ebtables_fini(void)
1531 {
1532 nf_unregister_sockopt(&ebt_sockopts);
1533 xt_unregister_target(&ebt_standard_target);
1534 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1535 }
1536
1537 EXPORT_SYMBOL(ebt_register_table);
1538 EXPORT_SYMBOL(ebt_unregister_table);
1539 EXPORT_SYMBOL(ebt_do_table);
1540 module_init(ebtables_init);
1541 module_exit(ebtables_fini);
1542 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.090286 seconds and 4 git commands to generate.