projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netfilter: xtables: consolidate open-coded logic
[deliverable/linux.git] / net / bridge / netfilter / ebtables.c
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34 "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37 ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43 * Each cpu has its own set of counters, so there is no need for write_lock in
44 * the softirq
45 * For reading or updating the counters, the user context needs to
46 * get a write_lock
47 */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53 COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58
59 static struct xt_target ebt_standard_target = {
60 .name = "standard",
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
63 .targetsize = sizeof(int),
64 };
65
66 static inline int
67 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68 struct xt_target_param *par)
69 {
70 par->target = w->u.watcher;
71 par->targinfo = w->data;
72 w->u.watcher->target(skb, par);
73 /* watchers don't give a verdict */
74 return 0;
75 }
76
77 static inline int ebt_do_match (struct ebt_entry_match *m,
78 const struct sk_buff *skb, struct xt_match_param *par)
79 {
80 par->match = m->u.match;
81 par->matchinfo = m->data;
82 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
83 }
84
85 static inline int ebt_dev_check(char *entry, const struct net_device *device)
86 {
87 int i = 0;
88 const char *devname;
89
90 if (*entry == '\0')
91 return 0;
92 if (!device)
93 return 1;
94 devname = device->name;
95 /* 1 is the wildcard token */
96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97 i++;
98 return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104 const struct net_device *in, const struct net_device *out)
105 {
106 int verdict, i;
107
108 if (e->bitmask & EBT_802_3) {
109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110 return 1;
111 } else if (!(e->bitmask & EBT_NOPROTO) &&
112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113 return 1;
114
115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116 return 1;
117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118 return 1;
119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121 return 1;
122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124 return 1;
125
126 if (e->bitmask & EBT_SOURCEMAC) {
127 verdict = 0;
128 for (i = 0; i < 6; i++)
129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130 e->sourcemsk[i];
131 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132 return 1;
133 }
134 if (e->bitmask & EBT_DESTMAC) {
135 verdict = 0;
136 for (i = 0; i < 6; i++)
137 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138 e->destmsk[i];
139 if (FWINV2(verdict != 0, EBT_IDEST) )
140 return 1;
141 }
142 return 0;
143 }
144
145 static inline __pure
146 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
147 {
148 return (void *)entry + entry->next_offset;
149 }
150
151 /* Do some firewalling */
152 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
153 const struct net_device *in, const struct net_device *out,
154 struct ebt_table *table)
155 {
156 int i, nentries;
157 struct ebt_entry *point;
158 struct ebt_counter *counter_base, *cb_base;
159 struct ebt_entry_target *t;
160 int verdict, sp = 0;
161 struct ebt_chainstack *cs;
162 struct ebt_entries *chaininfo;
163 char *base;
164 struct ebt_table_info *private;
165 bool hotdrop = false;
166 struct xt_match_param mtpar;
167 struct xt_target_param tgpar;
168
169 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
170 mtpar.in = tgpar.in = in;
171 mtpar.out = tgpar.out = out;
172 mtpar.hotdrop = &hotdrop;
173 tgpar.hooknum = hook;
174
175 read_lock_bh(&table->lock);
176 private = table->private;
177 cb_base = COUNTER_BASE(private->counters, private->nentries,
178 smp_processor_id());
179 if (private->chainstack)
180 cs = private->chainstack[smp_processor_id()];
181 else
182 cs = NULL;
183 chaininfo = private->hook_entry[hook];
184 nentries = private->hook_entry[hook]->nentries;
185 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
186 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
187 /* base for chain jumps */
188 base = private->entries;
189 i = 0;
190 while (i < nentries) {
191 if (ebt_basic_match(point, eth_hdr(skb), in, out))
192 goto letscontinue;
193
194 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
195 goto letscontinue;
196 if (hotdrop) {
197 read_unlock_bh(&table->lock);
198 return NF_DROP;
199 }
200
201 /* increase counter */
202 (*(counter_base + i)).pcnt++;
203 (*(counter_base + i)).bcnt += skb->len;
204
205 /* these should only watch: not modify, nor tell us
206 what to do with the packet */
207 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
208
209 t = (struct ebt_entry_target *)
210 (((char *)point) + point->target_offset);
211 /* standard target */
212 if (!t->u.target->target)
213 verdict = ((struct ebt_standard_target *)t)->verdict;
214 else {
215 tgpar.target = t->u.target;
216 tgpar.targinfo = t->data;
217 verdict = t->u.target->target(skb, &tgpar);
218 }
219 if (verdict == EBT_ACCEPT) {
220 read_unlock_bh(&table->lock);
221 return NF_ACCEPT;
222 }
223 if (verdict == EBT_DROP) {
224 read_unlock_bh(&table->lock);
225 return NF_DROP;
226 }
227 if (verdict == EBT_RETURN) {
228 letsreturn:
229 #ifdef CONFIG_NETFILTER_DEBUG
230 if (sp == 0) {
231 BUGPRINT("RETURN on base chain");
232 /* act like this is EBT_CONTINUE */
233 goto letscontinue;
234 }
235 #endif
236 sp--;
237 /* put all the local variables right */
238 i = cs[sp].n;
239 chaininfo = cs[sp].chaininfo;
240 nentries = chaininfo->nentries;
241 point = cs[sp].e;
242 counter_base = cb_base +
243 chaininfo->counter_offset;
244 continue;
245 }
246 if (verdict == EBT_CONTINUE)
247 goto letscontinue;
248 #ifdef CONFIG_NETFILTER_DEBUG
249 if (verdict < 0) {
250 BUGPRINT("bogus standard verdict\n");
251 read_unlock_bh(&table->lock);
252 return NF_DROP;
253 }
254 #endif
255 /* jump to a udc */
256 cs[sp].n = i + 1;
257 cs[sp].chaininfo = chaininfo;
258 cs[sp].e = ebt_next_entry(point);
259 i = 0;
260 chaininfo = (struct ebt_entries *) (base + verdict);
261 #ifdef CONFIG_NETFILTER_DEBUG
262 if (chaininfo->distinguisher) {
263 BUGPRINT("jump to non-chain\n");
264 read_unlock_bh(&table->lock);
265 return NF_DROP;
266 }
267 #endif
268 nentries = chaininfo->nentries;
269 point = (struct ebt_entry *)chaininfo->data;
270 counter_base = cb_base + chaininfo->counter_offset;
271 sp++;
272 continue;
273 letscontinue:
274 point = ebt_next_entry(point);
275 i++;
276 }
277
278 /* I actually like this :) */
279 if (chaininfo->policy == EBT_RETURN)
280 goto letsreturn;
281 if (chaininfo->policy == EBT_ACCEPT) {
282 read_unlock_bh(&table->lock);
283 return NF_ACCEPT;
284 }
285 read_unlock_bh(&table->lock);
286 return NF_DROP;
287 }
288
289 /* If it succeeds, returns element and locks mutex */
290 static inline void *
291 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
292 struct mutex *mutex)
293 {
294 struct {
295 struct list_head list;
296 char name[EBT_FUNCTION_MAXNAMELEN];
297 } *e;
298
299 *error = mutex_lock_interruptible(mutex);
300 if (*error != 0)
301 return NULL;
302
303 list_for_each_entry(e, head, list) {
304 if (strcmp(e->name, name) == 0)
305 return e;
306 }
307 *error = -ENOENT;
308 mutex_unlock(mutex);
309 return NULL;
310 }
311
312 static void *
313 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
314 int *error, struct mutex *mutex)
315 {
316 return try_then_request_module(
317 find_inlist_lock_noload(head, name, error, mutex),
318 "%s%s", prefix, name);
319 }
320
321 static inline struct ebt_table *
322 find_table_lock(struct net *net, const char *name, int *error,
323 struct mutex *mutex)
324 {
325 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
326 "ebtable_", error, mutex);
327 }
328
329 static inline int
330 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
331 unsigned int *cnt)
332 {
333 const struct ebt_entry *e = par->entryinfo;
334 struct xt_match *match;
335 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
336 int ret;
337
338 if (left < sizeof(struct ebt_entry_match) ||
339 left - sizeof(struct ebt_entry_match) < m->match_size)
340 return -EINVAL;
341
342 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
343 m->u.name, 0), "ebt_%s", m->u.name);
344 if (IS_ERR(match))
345 return PTR_ERR(match);
346 if (match == NULL)
347 return -ENOENT;
348 m->u.match = match;
349
350 par->match = match;
351 par->matchinfo = m->data;
352 ret = xt_check_match(par, m->match_size,
353 e->ethproto, e->invflags & EBT_IPROTO);
354 if (ret < 0) {
355 module_put(match->me);
356 return ret;
357 }
358
359 (*cnt)++;
360 return 0;
361 }
362
363 static inline int
364 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
365 unsigned int *cnt)
366 {
367 const struct ebt_entry *e = par->entryinfo;
368 struct xt_target *watcher;
369 size_t left = ((char *)e + e->target_offset) - (char *)w;
370 int ret;
371
372 if (left < sizeof(struct ebt_entry_watcher) ||
373 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
374 return -EINVAL;
375
376 watcher = try_then_request_module(
377 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
378 "ebt_%s", w->u.name);
379 if (IS_ERR(watcher))
380 return PTR_ERR(watcher);
381 if (watcher == NULL)
382 return -ENOENT;
383 w->u.watcher = watcher;
384
385 par->target = watcher;
386 par->targinfo = w->data;
387 ret = xt_check_target(par, w->watcher_size,
388 e->ethproto, e->invflags & EBT_IPROTO);
389 if (ret < 0) {
390 module_put(watcher->me);
391 return ret;
392 }
393
394 (*cnt)++;
395 return 0;
396 }
397
398 static int ebt_verify_pointers(struct ebt_replace *repl,
399 struct ebt_table_info *newinfo)
400 {
401 unsigned int limit = repl->entries_size;
402 unsigned int valid_hooks = repl->valid_hooks;
403 unsigned int offset = 0;
404 int i;
405
406 for (i = 0; i < NF_BR_NUMHOOKS; i++)
407 newinfo->hook_entry[i] = NULL;
408
409 newinfo->entries_size = repl->entries_size;
410 newinfo->nentries = repl->nentries;
411
412 while (offset < limit) {
413 size_t left = limit - offset;
414 struct ebt_entry *e = (void *)newinfo->entries + offset;
415
416 if (left < sizeof(unsigned int))
417 break;
418
419 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
420 if ((valid_hooks & (1 << i)) == 0)
421 continue;
422 if ((char __user *)repl->hook_entry[i] ==
423 repl->entries + offset)
424 break;
425 }
426
427 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
428 if (e->bitmask != 0) {
429 /* we make userspace set this right,
430 so there is no misunderstanding */
431 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
432 "in distinguisher\n");
433 return -EINVAL;
434 }
435 if (i != NF_BR_NUMHOOKS)
436 newinfo->hook_entry[i] = (struct ebt_entries *)e;
437 if (left < sizeof(struct ebt_entries))
438 break;
439 offset += sizeof(struct ebt_entries);
440 } else {
441 if (left < sizeof(struct ebt_entry))
442 break;
443 if (left < e->next_offset)
444 break;
445 offset += e->next_offset;
446 }
447 }
448 if (offset != limit) {
449 BUGPRINT("entries_size too small\n");
450 return -EINVAL;
451 }
452
453 /* check if all valid hooks have a chain */
454 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
455 if (!newinfo->hook_entry[i] &&
456 (valid_hooks & (1 << i))) {
457 BUGPRINT("Valid hook without chain\n");
458 return -EINVAL;
459 }
460 }
461 return 0;
462 }
463
464 /*
465 * this one is very careful, as it is the first function
466 * to parse the userspace data
467 */
468 static inline int
469 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
470 struct ebt_table_info *newinfo,
471 unsigned int *n, unsigned int *cnt,
472 unsigned int *totalcnt, unsigned int *udc_cnt)
473 {
474 int i;
475
476 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
477 if ((void *)e == (void *)newinfo->hook_entry[i])
478 break;
479 }
480 /* beginning of a new chain
481 if i == NF_BR_NUMHOOKS it must be a user defined chain */
482 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
483 /* this checks if the previous chain has as many entries
484 as it said it has */
485 if (*n != *cnt) {
486 BUGPRINT("nentries does not equal the nr of entries "
487 "in the chain\n");
488 return -EINVAL;
489 }
490 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492 /* only RETURN from udc */
493 if (i != NF_BR_NUMHOOKS ||
494 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495 BUGPRINT("bad policy\n");
496 return -EINVAL;
497 }
498 }
499 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500 (*udc_cnt)++;
501 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502 BUGPRINT("counter_offset != totalcnt");
503 return -EINVAL;
504 }
505 *n = ((struct ebt_entries *)e)->nentries;
506 *cnt = 0;
507 return 0;
508 }
509 /* a plain old entry, heh */
510 if (sizeof(struct ebt_entry) > e->watchers_offset ||
511 e->watchers_offset > e->target_offset ||
512 e->target_offset >= e->next_offset) {
513 BUGPRINT("entry offsets not in right order\n");
514 return -EINVAL;
515 }
516 /* this is not checked anywhere else */
517 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518 BUGPRINT("target size too small\n");
519 return -EINVAL;
520 }
521 (*cnt)++;
522 (*totalcnt)++;
523 return 0;
524 }
525
526 struct ebt_cl_stack
527 {
528 struct ebt_chainstack cs;
529 int from;
530 unsigned int hookmask;
531 };
532
533 /*
534 * we need these positions to check that the jumps to a different part of the
535 * entries is a jump to the beginning of a new chain.
536 */
537 static inline int
538 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
539 unsigned int *n, struct ebt_cl_stack *udc)
540 {
541 int i;
542
543 /* we're only interested in chain starts */
544 if (e->bitmask)
545 return 0;
546 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
547 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
548 break;
549 }
550 /* only care about udc */
551 if (i != NF_BR_NUMHOOKS)
552 return 0;
553
554 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
555 /* these initialisations are depended on later in check_chainloops() */
556 udc[*n].cs.n = 0;
557 udc[*n].hookmask = 0;
558
559 (*n)++;
560 return 0;
561 }
562
563 static inline int
564 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
565 {
566 struct xt_mtdtor_param par;
567
568 if (i && (*i)-- == 0)
569 return 1;
570
571 par.match = m->u.match;
572 par.matchinfo = m->data;
573 par.family = NFPROTO_BRIDGE;
574 if (par.match->destroy != NULL)
575 par.match->destroy(&par);
576 module_put(par.match->me);
577 return 0;
578 }
579
580 static inline int
581 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
582 {
583 struct xt_tgdtor_param par;
584
585 if (i && (*i)-- == 0)
586 return 1;
587
588 par.target = w->u.watcher;
589 par.targinfo = w->data;
590 par.family = NFPROTO_BRIDGE;
591 if (par.target->destroy != NULL)
592 par.target->destroy(&par);
593 module_put(par.target->me);
594 return 0;
595 }
596
597 static inline int
598 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
599 {
600 struct xt_tgdtor_param par;
601 struct ebt_entry_target *t;
602
603 if (e->bitmask == 0)
604 return 0;
605 /* we're done */
606 if (cnt && (*cnt)-- == 0)
607 return 1;
608 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
609 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
610 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
611
612 par.target = t->u.target;
613 par.targinfo = t->data;
614 par.family = NFPROTO_BRIDGE;
615 if (par.target->destroy != NULL)
616 par.target->destroy(&par);
617 module_put(par.target->me);
618 return 0;
619 }
620
621 static inline int
622 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
623 const char *name, unsigned int *cnt,
624 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
625 {
626 struct ebt_entry_target *t;
627 struct xt_target *target;
628 unsigned int i, j, hook = 0, hookmask = 0;
629 size_t gap;
630 int ret;
631 struct xt_mtchk_param mtpar;
632 struct xt_tgchk_param tgpar;
633
634 /* don't mess with the struct ebt_entries */
635 if (e->bitmask == 0)
636 return 0;
637
638 if (e->bitmask & ~EBT_F_MASK) {
639 BUGPRINT("Unknown flag for bitmask\n");
640 return -EINVAL;
641 }
642 if (e->invflags & ~EBT_INV_MASK) {
643 BUGPRINT("Unknown flag for inv bitmask\n");
644 return -EINVAL;
645 }
646 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
647 BUGPRINT("NOPROTO & 802_3 not allowed\n");
648 return -EINVAL;
649 }
650 /* what hook do we belong to? */
651 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
652 if (!newinfo->hook_entry[i])
653 continue;
654 if ((char *)newinfo->hook_entry[i] < (char *)e)
655 hook = i;
656 else
657 break;
658 }
659 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
660 a base chain */
661 if (i < NF_BR_NUMHOOKS)
662 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
663 else {
664 for (i = 0; i < udc_cnt; i++)
665 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
666 break;
667 if (i == 0)
668 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
669 else
670 hookmask = cl_s[i - 1].hookmask;
671 }
672 i = 0;
673
674 mtpar.table = tgpar.table = name;
675 mtpar.entryinfo = tgpar.entryinfo = e;
676 mtpar.hook_mask = tgpar.hook_mask = hookmask;
677 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
678 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
679 if (ret != 0)
680 goto cleanup_matches;
681 j = 0;
682 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
683 if (ret != 0)
684 goto cleanup_watchers;
685 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
686 gap = e->next_offset - e->target_offset;
687
688 target = try_then_request_module(
689 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
690 "ebt_%s", t->u.name);
691 if (IS_ERR(target)) {
692 ret = PTR_ERR(target);
693 goto cleanup_watchers;
694 } else if (target == NULL) {
695 ret = -ENOENT;
696 goto cleanup_watchers;
697 }
698
699 t->u.target = target;
700 if (t->u.target == &ebt_standard_target) {
701 if (gap < sizeof(struct ebt_standard_target)) {
702 BUGPRINT("Standard target size too big\n");
703 ret = -EFAULT;
704 goto cleanup_watchers;
705 }
706 if (((struct ebt_standard_target *)t)->verdict <
707 -NUM_STANDARD_TARGETS) {
708 BUGPRINT("Invalid standard target\n");
709 ret = -EFAULT;
710 goto cleanup_watchers;
711 }
712 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
713 module_put(t->u.target->me);
714 ret = -EFAULT;
715 goto cleanup_watchers;
716 }
717
718 tgpar.target = target;
719 tgpar.targinfo = t->data;
720 ret = xt_check_target(&tgpar, t->target_size,
721 e->ethproto, e->invflags & EBT_IPROTO);
722 if (ret < 0) {
723 module_put(target->me);
724 goto cleanup_watchers;
725 }
726 (*cnt)++;
727 return 0;
728 cleanup_watchers:
729 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
730 cleanup_matches:
731 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
732 return ret;
733 }
734
735 /*
736 * checks for loops and sets the hook mask for udc
737 * the hook mask for udc tells us from which base chains the udc can be
738 * accessed. This mask is a parameter to the check() functions of the extensions
739 */
740 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
741 unsigned int udc_cnt, unsigned int hooknr, char *base)
742 {
743 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
744 struct ebt_entry *e = (struct ebt_entry *)chain->data;
745 struct ebt_entry_target *t;
746
747 while (pos < nentries || chain_nr != -1) {
748 /* end of udc, go back one 'recursion' step */
749 if (pos == nentries) {
750 /* put back values of the time when this chain was called */
751 e = cl_s[chain_nr].cs.e;
752 if (cl_s[chain_nr].from != -1)
753 nentries =
754 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
755 else
756 nentries = chain->nentries;
757 pos = cl_s[chain_nr].cs.n;
758 /* make sure we won't see a loop that isn't one */
759 cl_s[chain_nr].cs.n = 0;
760 chain_nr = cl_s[chain_nr].from;
761 if (pos == nentries)
762 continue;
763 }
764 t = (struct ebt_entry_target *)
765 (((char *)e) + e->target_offset);
766 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
767 goto letscontinue;
768 if (e->target_offset + sizeof(struct ebt_standard_target) >
769 e->next_offset) {
770 BUGPRINT("Standard target size too big\n");
771 return -1;
772 }
773 verdict = ((struct ebt_standard_target *)t)->verdict;
774 if (verdict >= 0) { /* jump to another chain */
775 struct ebt_entries *hlp2 =
776 (struct ebt_entries *)(base + verdict);
777 for (i = 0; i < udc_cnt; i++)
778 if (hlp2 == cl_s[i].cs.chaininfo)
779 break;
780 /* bad destination or loop */
781 if (i == udc_cnt) {
782 BUGPRINT("bad destination\n");
783 return -1;
784 }
785 if (cl_s[i].cs.n) {
786 BUGPRINT("loop\n");
787 return -1;
788 }
789 if (cl_s[i].hookmask & (1 << hooknr))
790 goto letscontinue;
791 /* this can't be 0, so the loop test is correct */
792 cl_s[i].cs.n = pos + 1;
793 pos = 0;
794 cl_s[i].cs.e = ebt_next_entry(e);
795 e = (struct ebt_entry *)(hlp2->data);
796 nentries = hlp2->nentries;
797 cl_s[i].from = chain_nr;
798 chain_nr = i;
799 /* this udc is accessible from the base chain for hooknr */
800 cl_s[i].hookmask |= (1 << hooknr);
801 continue;
802 }
803 letscontinue:
804 e = ebt_next_entry(e);
805 pos++;
806 }
807 return 0;
808 }
809
810 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
811 static int translate_table(char *name, struct ebt_table_info *newinfo)
812 {
813 unsigned int i, j, k, udc_cnt;
814 int ret;
815 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
816
817 i = 0;
818 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
819 i++;
820 if (i == NF_BR_NUMHOOKS) {
821 BUGPRINT("No valid hooks specified\n");
822 return -EINVAL;
823 }
824 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
825 BUGPRINT("Chains don't start at beginning\n");
826 return -EINVAL;
827 }
828 /* make sure chains are ordered after each other in same order
829 as their corresponding hooks */
830 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
831 if (!newinfo->hook_entry[j])
832 continue;
833 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
834 BUGPRINT("Hook order must be followed\n");
835 return -EINVAL;
836 }
837 i = j;
838 }
839
840 /* do some early checkings and initialize some things */
841 i = 0; /* holds the expected nr. of entries for the chain */
842 j = 0; /* holds the up to now counted entries for the chain */
843 k = 0; /* holds the total nr. of entries, should equal
844 newinfo->nentries afterwards */
845 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
846 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
847 ebt_check_entry_size_and_hooks, newinfo,
848 &i, &j, &k, &udc_cnt);
849
850 if (ret != 0)
851 return ret;
852
853 if (i != j) {
854 BUGPRINT("nentries does not equal the nr of entries in the "
855 "(last) chain\n");
856 return -EINVAL;
857 }
858 if (k != newinfo->nentries) {
859 BUGPRINT("Total nentries is wrong\n");
860 return -EINVAL;
861 }
862
863 /* get the location of the udc, put them in an array
864 while we're at it, allocate the chainstack */
865 if (udc_cnt) {
866 /* this will get free'd in do_replace()/ebt_register_table()
867 if an error occurs */
868 newinfo->chainstack =
869 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
870 if (!newinfo->chainstack)
871 return -ENOMEM;
872 for_each_possible_cpu(i) {
873 newinfo->chainstack[i] =
874 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
875 if (!newinfo->chainstack[i]) {
876 while (i)
877 vfree(newinfo->chainstack[--i]);
878 vfree(newinfo->chainstack);
879 newinfo->chainstack = NULL;
880 return -ENOMEM;
881 }
882 }
883
884 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
885 if (!cl_s)
886 return -ENOMEM;
887 i = 0; /* the i'th udc */
888 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
889 ebt_get_udc_positions, newinfo, &i, cl_s);
890 /* sanity check */
891 if (i != udc_cnt) {
892 BUGPRINT("i != udc_cnt\n");
893 vfree(cl_s);
894 return -EFAULT;
895 }
896 }
897
898 /* Check for loops */
899 for (i = 0; i < NF_BR_NUMHOOKS; i++)
900 if (newinfo->hook_entry[i])
901 if (check_chainloops(newinfo->hook_entry[i],
902 cl_s, udc_cnt, i, newinfo->entries)) {
903 vfree(cl_s);
904 return -EINVAL;
905 }
906
907 /* we now know the following (along with E=mc²):
908 - the nr of entries in each chain is right
909 - the size of the allocated space is right
910 - all valid hooks have a corresponding chain
911 - there are no loops
912 - wrong data can still be on the level of a single entry
913 - could be there are jumps to places that are not the
914 beginning of a chain. This can only occur in chains that
915 are not accessible from any base chains, so we don't care. */
916
917 /* used to know what we need to clean up if something goes wrong */
918 i = 0;
919 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
920 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
921 if (ret != 0) {
922 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
923 ebt_cleanup_entry, &i);
924 }
925 vfree(cl_s);
926 return ret;
927 }
928
929 /* called under write_lock */
930 static void get_counters(struct ebt_counter *oldcounters,
931 struct ebt_counter *counters, unsigned int nentries)
932 {
933 int i, cpu;
934 struct ebt_counter *counter_base;
935
936 /* counters of cpu 0 */
937 memcpy(counters, oldcounters,
938 sizeof(struct ebt_counter) * nentries);
939
940 /* add other counters to those of cpu 0 */
941 for_each_possible_cpu(cpu) {
942 if (cpu == 0)
943 continue;
944 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
945 for (i = 0; i < nentries; i++) {
946 counters[i].pcnt += counter_base[i].pcnt;
947 counters[i].bcnt += counter_base[i].bcnt;
948 }
949 }
950 }
951
952 /* replace the table */
953 static int do_replace(struct net *net, void __user *user, unsigned int len)
954 {
955 int ret, i, countersize;
956 struct ebt_table_info *newinfo;
957 struct ebt_replace tmp;
958 struct ebt_table *t;
959 struct ebt_counter *counterstmp = NULL;
960 /* used to be able to unlock earlier */
961 struct ebt_table_info *table;
962
963 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
964 return -EFAULT;
965
966 if (len != sizeof(tmp) + tmp.entries_size) {
967 BUGPRINT("Wrong len argument\n");
968 return -EINVAL;
969 }
970
971 if (tmp.entries_size == 0) {
972 BUGPRINT("Entries_size never zero\n");
973 return -EINVAL;
974 }
975 /* overflow check */
976 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
977 SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
978 return -ENOMEM;
979 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
980 return -ENOMEM;
981
982 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
983 newinfo = vmalloc(sizeof(*newinfo) + countersize);
984 if (!newinfo)
985 return -ENOMEM;
986
987 if (countersize)
988 memset(newinfo->counters, 0, countersize);
989
990 newinfo->entries = vmalloc(tmp.entries_size);
991 if (!newinfo->entries) {
992 ret = -ENOMEM;
993 goto free_newinfo;
994 }
995 if (copy_from_user(
996 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
997 BUGPRINT("Couldn't copy entries from userspace\n");
998 ret = -EFAULT;
999 goto free_entries;
1000 }
1001
1002 /* the user wants counters back
1003 the check on the size is done later, when we have the lock */
1004 if (tmp.num_counters) {
1005 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1006 if (!counterstmp) {
1007 ret = -ENOMEM;
1008 goto free_entries;
1009 }
1010 }
1011 else
1012 counterstmp = NULL;
1013
1014 /* this can get initialized by translate_table() */
1015 newinfo->chainstack = NULL;
1016 ret = ebt_verify_pointers(&tmp, newinfo);
1017 if (ret != 0)
1018 goto free_counterstmp;
1019
1020 ret = translate_table(tmp.name, newinfo);
1021
1022 if (ret != 0)
1023 goto free_counterstmp;
1024
1025 t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1026 if (!t) {
1027 ret = -ENOENT;
1028 goto free_iterate;
1029 }
1030
1031 /* the table doesn't like it */
1032 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1033 goto free_unlock;
1034
1035 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1036 BUGPRINT("Wrong nr. of counters requested\n");
1037 ret = -EINVAL;
1038 goto free_unlock;
1039 }
1040
1041 /* we have the mutex lock, so no danger in reading this pointer */
1042 table = t->private;
1043 /* make sure the table can only be rmmod'ed if it contains no rules */
1044 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1045 ret = -ENOENT;
1046 goto free_unlock;
1047 } else if (table->nentries && !newinfo->nentries)
1048 module_put(t->me);
1049 /* we need an atomic snapshot of the counters */
1050 write_lock_bh(&t->lock);
1051 if (tmp.num_counters)
1052 get_counters(t->private->counters, counterstmp,
1053 t->private->nentries);
1054
1055 t->private = newinfo;
1056 write_unlock_bh(&t->lock);
1057 mutex_unlock(&ebt_mutex);
1058 /* so, a user can change the chains while having messed up her counter
1059 allocation. Only reason why this is done is because this way the lock
1060 is held only once, while this doesn't bring the kernel into a
1061 dangerous state. */
1062 if (tmp.num_counters &&
1063 copy_to_user(tmp.counters, counterstmp,
1064 tmp.num_counters * sizeof(struct ebt_counter))) {
1065 BUGPRINT("Couldn't copy counters to userspace\n");
1066 ret = -EFAULT;
1067 }
1068 else
1069 ret = 0;
1070
1071 /* decrease module count and free resources */
1072 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1073 ebt_cleanup_entry, NULL);
1074
1075 vfree(table->entries);
1076 if (table->chainstack) {
1077 for_each_possible_cpu(i)
1078 vfree(table->chainstack[i]);
1079 vfree(table->chainstack);
1080 }
1081 vfree(table);
1082
1083 vfree(counterstmp);
1084 return ret;
1085
1086 free_unlock:
1087 mutex_unlock(&ebt_mutex);
1088 free_iterate:
1089 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1090 ebt_cleanup_entry, NULL);
1091 free_counterstmp:
1092 vfree(counterstmp);
1093 /* can be initialized in translate_table() */
1094 if (newinfo->chainstack) {
1095 for_each_possible_cpu(i)
1096 vfree(newinfo->chainstack[i]);
1097 vfree(newinfo->chainstack);
1098 }
1099 free_entries:
1100 vfree(newinfo->entries);
1101 free_newinfo:
1102 vfree(newinfo);
1103 return ret;
1104 }
1105
1106 struct ebt_table *ebt_register_table(struct net *net, struct ebt_table *table)
1107 {
1108 struct ebt_table_info *newinfo;
1109 struct ebt_table *t;
1110 struct ebt_replace_kernel *repl;
1111 int ret, i, countersize;
1112 void *p;
1113
1114 if (!table || !(repl = table->table) || !repl->entries ||
1115 repl->entries_size == 0 ||
1116 repl->counters || table->private) {
1117 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1118 return ERR_PTR(-EINVAL);
1119 }
1120
1121 /* Don't add one table to multiple lists. */
1122 table = kmemdup(table, sizeof(struct ebt_table), GFP_KERNEL);
1123 if (!table) {
1124 ret = -ENOMEM;
1125 goto out;
1126 }
1127
1128 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1129 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1130 ret = -ENOMEM;
1131 if (!newinfo)
1132 goto free_table;
1133
1134 p = vmalloc(repl->entries_size);
1135 if (!p)
1136 goto free_newinfo;
1137
1138 memcpy(p, repl->entries, repl->entries_size);
1139 newinfo->entries = p;
1140
1141 newinfo->entries_size = repl->entries_size;
1142 newinfo->nentries = repl->nentries;
1143
1144 if (countersize)
1145 memset(newinfo->counters, 0, countersize);
1146
1147 /* fill in newinfo and parse the entries */
1148 newinfo->chainstack = NULL;
1149 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1150 if ((repl->valid_hooks & (1 << i)) == 0)
1151 newinfo->hook_entry[i] = NULL;
1152 else
1153 newinfo->hook_entry[i] = p +
1154 ((char *)repl->hook_entry[i] - repl->entries);
1155 }
1156 ret = translate_table(repl->name, newinfo);
1157 if (ret != 0) {
1158 BUGPRINT("Translate_table failed\n");
1159 goto free_chainstack;
1160 }
1161
1162 if (table->check && table->check(newinfo, table->valid_hooks)) {
1163 BUGPRINT("The table doesn't like its own initial data, lol\n");
1164 return ERR_PTR(-EINVAL);
1165 }
1166
1167 table->private = newinfo;
1168 rwlock_init(&table->lock);
1169 ret = mutex_lock_interruptible(&ebt_mutex);
1170 if (ret != 0)
1171 goto free_chainstack;
1172
1173 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1174 if (strcmp(t->name, table->name) == 0) {
1175 ret = -EEXIST;
1176 BUGPRINT("Table name already exists\n");
1177 goto free_unlock;
1178 }
1179 }
1180
1181 /* Hold a reference count if the chains aren't empty */
1182 if (newinfo->nentries && !try_module_get(table->me)) {
1183 ret = -ENOENT;
1184 goto free_unlock;
1185 }
1186 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1187 mutex_unlock(&ebt_mutex);
1188 return table;
1189 free_unlock:
1190 mutex_unlock(&ebt_mutex);
1191 free_chainstack:
1192 if (newinfo->chainstack) {
1193 for_each_possible_cpu(i)
1194 vfree(newinfo->chainstack[i]);
1195 vfree(newinfo->chainstack);
1196 }
1197 vfree(newinfo->entries);
1198 free_newinfo:
1199 vfree(newinfo);
1200 free_table:
1201 kfree(table);
1202 out:
1203 return ERR_PTR(ret);
1204 }
1205
1206 void ebt_unregister_table(struct ebt_table *table)
1207 {
1208 int i;
1209
1210 if (!table) {
1211 BUGPRINT("Request to unregister NULL table!!!\n");
1212 return;
1213 }
1214 mutex_lock(&ebt_mutex);
1215 list_del(&table->list);
1216 mutex_unlock(&ebt_mutex);
1217 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1218 ebt_cleanup_entry, NULL);
1219 if (table->private->nentries)
1220 module_put(table->me);
1221 vfree(table->private->entries);
1222 if (table->private->chainstack) {
1223 for_each_possible_cpu(i)
1224 vfree(table->private->chainstack[i]);
1225 vfree(table->private->chainstack);
1226 }
1227 vfree(table->private);
1228 kfree(table);
1229 }
1230
1231 /* userspace just supplied us with counters */
1232 static int update_counters(struct net *net, void __user *user, unsigned int len)
1233 {
1234 int i, ret;
1235 struct ebt_counter *tmp;
1236 struct ebt_replace hlp;
1237 struct ebt_table *t;
1238
1239 if (copy_from_user(&hlp, user, sizeof(hlp)))
1240 return -EFAULT;
1241
1242 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1243 return -EINVAL;
1244 if (hlp.num_counters == 0)
1245 return -EINVAL;
1246
1247 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1248 MEMPRINT("Update_counters && nomemory\n");
1249 return -ENOMEM;
1250 }
1251
1252 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1253 if (!t)
1254 goto free_tmp;
1255
1256 if (hlp.num_counters != t->private->nentries) {
1257 BUGPRINT("Wrong nr of counters\n");
1258 ret = -EINVAL;
1259 goto unlock_mutex;
1260 }
1261
1262 if ( copy_from_user(tmp, hlp.counters,
1263 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1264 BUGPRINT("Updata_counters && !cfu\n");
1265 ret = -EFAULT;
1266 goto unlock_mutex;
1267 }
1268
1269 /* we want an atomic add of the counters */
1270 write_lock_bh(&t->lock);
1271
1272 /* we add to the counters of the first cpu */
1273 for (i = 0; i < hlp.num_counters; i++) {
1274 t->private->counters[i].pcnt += tmp[i].pcnt;
1275 t->private->counters[i].bcnt += tmp[i].bcnt;
1276 }
1277
1278 write_unlock_bh(&t->lock);
1279 ret = 0;
1280 unlock_mutex:
1281 mutex_unlock(&ebt_mutex);
1282 free_tmp:
1283 vfree(tmp);
1284 return ret;
1285 }
1286
1287 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1288 char *base, char __user *ubase)
1289 {
1290 char __user *hlp = ubase + ((char *)m - base);
1291 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1292 return -EFAULT;
1293 return 0;
1294 }
1295
1296 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1297 char *base, char __user *ubase)
1298 {
1299 char __user *hlp = ubase + ((char *)w - base);
1300 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1301 return -EFAULT;
1302 return 0;
1303 }
1304
1305 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1306 {
1307 int ret;
1308 char __user *hlp;
1309 struct ebt_entry_target *t;
1310
1311 if (e->bitmask == 0)
1312 return 0;
1313
1314 hlp = ubase + (((char *)e + e->target_offset) - base);
1315 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1316
1317 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1318 if (ret != 0)
1319 return ret;
1320 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1321 if (ret != 0)
1322 return ret;
1323 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1324 return -EFAULT;
1325 return 0;
1326 }
1327
1328 /* called with ebt_mutex locked */
1329 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1330 int *len, int cmd)
1331 {
1332 struct ebt_replace tmp;
1333 struct ebt_counter *counterstmp, *oldcounters;
1334 unsigned int entries_size, nentries;
1335 char *entries;
1336
1337 if (cmd == EBT_SO_GET_ENTRIES) {
1338 entries_size = t->private->entries_size;
1339 nentries = t->private->nentries;
1340 entries = t->private->entries;
1341 oldcounters = t->private->counters;
1342 } else {
1343 entries_size = t->table->entries_size;
1344 nentries = t->table->nentries;
1345 entries = t->table->entries;
1346 oldcounters = t->table->counters;
1347 }
1348
1349 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1350 BUGPRINT("Cfu didn't work\n");
1351 return -EFAULT;
1352 }
1353
1354 if (*len != sizeof(struct ebt_replace) + entries_size +
1355 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1356 BUGPRINT("Wrong size\n");
1357 return -EINVAL;
1358 }
1359
1360 if (tmp.nentries != nentries) {
1361 BUGPRINT("Nentries wrong\n");
1362 return -EINVAL;
1363 }
1364
1365 if (tmp.entries_size != entries_size) {
1366 BUGPRINT("Wrong size\n");
1367 return -EINVAL;
1368 }
1369
1370 /* userspace might not need the counters */
1371 if (tmp.num_counters) {
1372 if (tmp.num_counters != nentries) {
1373 BUGPRINT("Num_counters wrong\n");
1374 return -EINVAL;
1375 }
1376 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1377 if (!counterstmp) {
1378 MEMPRINT("Couldn't copy counters, out of memory\n");
1379 return -ENOMEM;
1380 }
1381 write_lock_bh(&t->lock);
1382 get_counters(oldcounters, counterstmp, nentries);
1383 write_unlock_bh(&t->lock);
1384
1385 if (copy_to_user(tmp.counters, counterstmp,
1386 nentries * sizeof(struct ebt_counter))) {
1387 BUGPRINT("Couldn't copy counters to userspace\n");
1388 vfree(counterstmp);
1389 return -EFAULT;
1390 }
1391 vfree(counterstmp);
1392 }
1393
1394 if (copy_to_user(tmp.entries, entries, entries_size)) {
1395 BUGPRINT("Couldn't copy entries to userspace\n");
1396 return -EFAULT;
1397 }
1398 /* set the match/watcher/target names right */
1399 return EBT_ENTRY_ITERATE(entries, entries_size,
1400 ebt_make_names, entries, tmp.entries);
1401 }
1402
1403 static int do_ebt_set_ctl(struct sock *sk,
1404 int cmd, void __user *user, unsigned int len)
1405 {
1406 int ret;
1407
1408 switch(cmd) {
1409 case EBT_SO_SET_ENTRIES:
1410 ret = do_replace(sock_net(sk), user, len);
1411 break;
1412 case EBT_SO_SET_COUNTERS:
1413 ret = update_counters(sock_net(sk), user, len);
1414 break;
1415 default:
1416 ret = -EINVAL;
1417 }
1418 return ret;
1419 }
1420
1421 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1422 {
1423 int ret;
1424 struct ebt_replace tmp;
1425 struct ebt_table *t;
1426
1427 if (copy_from_user(&tmp, user, sizeof(tmp)))
1428 return -EFAULT;
1429
1430 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1431 if (!t)
1432 return ret;
1433
1434 switch(cmd) {
1435 case EBT_SO_GET_INFO:
1436 case EBT_SO_GET_INIT_INFO:
1437 if (*len != sizeof(struct ebt_replace)){
1438 ret = -EINVAL;
1439 mutex_unlock(&ebt_mutex);
1440 break;
1441 }
1442 if (cmd == EBT_SO_GET_INFO) {
1443 tmp.nentries = t->private->nentries;
1444 tmp.entries_size = t->private->entries_size;
1445 tmp.valid_hooks = t->valid_hooks;
1446 } else {
1447 tmp.nentries = t->table->nentries;
1448 tmp.entries_size = t->table->entries_size;
1449 tmp.valid_hooks = t->table->valid_hooks;
1450 }
1451 mutex_unlock(&ebt_mutex);
1452 if (copy_to_user(user, &tmp, *len) != 0){
1453 BUGPRINT("c2u Didn't work\n");
1454 ret = -EFAULT;
1455 break;
1456 }
1457 ret = 0;
1458 break;
1459
1460 case EBT_SO_GET_ENTRIES:
1461 case EBT_SO_GET_INIT_ENTRIES:
1462 ret = copy_everything_to_user(t, user, len, cmd);
1463 mutex_unlock(&ebt_mutex);
1464 break;
1465
1466 default:
1467 mutex_unlock(&ebt_mutex);
1468 ret = -EINVAL;
1469 }
1470
1471 return ret;
1472 }
1473
1474 static struct nf_sockopt_ops ebt_sockopts =
1475 {
1476 .pf = PF_INET,
1477 .set_optmin = EBT_BASE_CTL,
1478 .set_optmax = EBT_SO_SET_MAX + 1,
1479 .set = do_ebt_set_ctl,
1480 .get_optmin = EBT_BASE_CTL,
1481 .get_optmax = EBT_SO_GET_MAX + 1,
1482 .get = do_ebt_get_ctl,
1483 .owner = THIS_MODULE,
1484 };
1485
1486 static int __init ebtables_init(void)
1487 {
1488 int ret;
1489
1490 ret = xt_register_target(&ebt_standard_target);
1491 if (ret < 0)
1492 return ret;
1493 ret = nf_register_sockopt(&ebt_sockopts);
1494 if (ret < 0) {
1495 xt_unregister_target(&ebt_standard_target);
1496 return ret;
1497 }
1498
1499 printk(KERN_INFO "Ebtables v2.0 registered\n");
1500 return 0;
1501 }
1502
1503 static void __exit ebtables_fini(void)
1504 {
1505 nf_unregister_sockopt(&ebt_sockopts);
1506 xt_unregister_target(&ebt_standard_target);
1507 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1508 }
1509
1510 EXPORT_SYMBOL(ebt_register_table);
1511 EXPORT_SYMBOL(ebt_unregister_table);
1512 EXPORT_SYMBOL(ebt_do_table);
1513 module_init(ebtables_init);
1514 module_exit(ebtables_fini);
1515 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.426027 seconds and 6 git commands to generate.