ebtables.c revision 18219d3f7d6a5bc43825a41e0763158efbdb80d3
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 19#include <linux/kmod.h> 20#include <linux/module.h> 21#include <linux/vmalloc.h> 22#include <linux/netfilter/x_tables.h> 23#include <linux/netfilter_bridge/ebtables.h> 24#include <linux/spinlock.h> 25#include <linux/mutex.h> 26#include <asm/uaccess.h> 27#include <linux/smp.h> 28#include <linux/cpumask.h> 29#include <net/sock.h> 30/* needed for logical [in,out]-dev filtering */ 31#include "../br_private.h" 32 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 34 "report to author: "format, ## args) 35/* #define BUGPRINT(format, args...) */ 36#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 37 ": out of memory: "format, ## args) 38/* #define MEMPRINT(format, args...) */ 39 40 41 42/* 43 * Each cpu has its own set of counters, so there is no need for write_lock in 44 * the softirq 45 * For reading or updating the counters, the user context needs to 46 * get a write_lock 47 */ 48 49/* The size of each set of counters is altered to get cache alignment */ 50#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 51#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 52#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 53 COUNTER_OFFSET(n) * cpu)) 54 55 56 57static DEFINE_MUTEX(ebt_mutex); 58static LIST_HEAD(ebt_tables); 59static LIST_HEAD(ebt_targets); 60static LIST_HEAD(ebt_matches); 61static LIST_HEAD(ebt_watchers); 62 63static struct ebt_target ebt_standard_target = { 64 .name = "standard", 65}; 66 67static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 68 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 69 const struct net_device *out) 70{ 71 w->u.watcher->watcher(skb, hooknr, in, out, w->data, 72 w->watcher_size); 73 /* watchers don't give a verdict */ 74 return 0; 75} 76 77static inline int ebt_do_match (struct ebt_entry_match *m, 78 const struct sk_buff *skb, const struct net_device *in, 79 const struct net_device *out) 80{ 81 return m->u.match->match(skb, in, out, m->data, 82 m->match_size); 83} 84 85static inline int ebt_dev_check(char *entry, const struct net_device *device) 86{ 87 int i = 0; 88 const char *devname = device->name; 89 90 if (*entry == '\0') 91 return 0; 92 if (!device) 93 return 1; 94 /* 1 is the wildcard token */ 95 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 96 i++; 97 return (devname[i] != entry[i] && entry[i] != 1); 98} 99 100#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 101/* process standard matches */ 102static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 103 const struct net_device *in, const struct net_device *out) 104{ 105 int verdict, i; 106 107 if (e->bitmask & EBT_802_3) { 108 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 109 return 1; 110 } else if (!(e->bitmask & EBT_NOPROTO) && 111 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 112 return 1; 113 114 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 115 return 1; 116 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 117 return 1; 118 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 119 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 120 return 1; 121 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 122 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 123 return 1; 124 125 if (e->bitmask & EBT_SOURCEMAC) { 126 verdict = 0; 127 for (i = 0; i < 6; i++) 128 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 129 e->sourcemsk[i]; 130 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 131 return 1; 132 } 133 if (e->bitmask & EBT_DESTMAC) { 134 verdict = 0; 135 for (i = 0; i < 6; i++) 136 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 137 e->destmsk[i]; 138 if (FWINV2(verdict != 0, EBT_IDEST) ) 139 return 1; 140 } 141 return 0; 142} 143 144/* Do some firewalling */ 145unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, 146 const struct net_device *in, const struct net_device *out, 147 struct ebt_table *table) 148{ 149 int i, nentries; 150 struct ebt_entry *point; 151 struct ebt_counter *counter_base, *cb_base; 152 struct ebt_entry_target *t; 153 int verdict, sp = 0; 154 struct ebt_chainstack *cs; 155 struct ebt_entries *chaininfo; 156 char *base; 157 struct ebt_table_info *private; 158 159 read_lock_bh(&table->lock); 160 private = table->private; 161 cb_base = COUNTER_BASE(private->counters, private->nentries, 162 smp_processor_id()); 163 if (private->chainstack) 164 cs = private->chainstack[smp_processor_id()]; 165 else 166 cs = NULL; 167 chaininfo = private->hook_entry[hook]; 168 nentries = private->hook_entry[hook]->nentries; 169 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 170 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 171 /* base for chain jumps */ 172 base = private->entries; 173 i = 0; 174 while (i < nentries) { 175 if (ebt_basic_match(point, eth_hdr(skb), in, out)) 176 goto letscontinue; 177 178 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0) 179 goto letscontinue; 180 181 /* increase counter */ 182 (*(counter_base + i)).pcnt++; 183 (*(counter_base + i)).bcnt += skb->len; 184 185 /* these should only watch: not modify, nor tell us 186 what to do with the packet */ 187 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, 188 out); 189 190 t = (struct ebt_entry_target *) 191 (((char *)point) + point->target_offset); 192 /* standard target */ 193 if (!t->u.target->target) 194 verdict = ((struct ebt_standard_target *)t)->verdict; 195 else 196 verdict = t->u.target->target(skb, hook, 197 in, out, t->data, t->target_size); 198 if (verdict == EBT_ACCEPT) { 199 read_unlock_bh(&table->lock); 200 return NF_ACCEPT; 201 } 202 if (verdict == EBT_DROP) { 203 read_unlock_bh(&table->lock); 204 return NF_DROP; 205 } 206 if (verdict == EBT_RETURN) { 207letsreturn: 208#ifdef CONFIG_NETFILTER_DEBUG 209 if (sp == 0) { 210 BUGPRINT("RETURN on base chain"); 211 /* act like this is EBT_CONTINUE */ 212 goto letscontinue; 213 } 214#endif 215 sp--; 216 /* put all the local variables right */ 217 i = cs[sp].n; 218 chaininfo = cs[sp].chaininfo; 219 nentries = chaininfo->nentries; 220 point = cs[sp].e; 221 counter_base = cb_base + 222 chaininfo->counter_offset; 223 continue; 224 } 225 if (verdict == EBT_CONTINUE) 226 goto letscontinue; 227#ifdef CONFIG_NETFILTER_DEBUG 228 if (verdict < 0) { 229 BUGPRINT("bogus standard verdict\n"); 230 read_unlock_bh(&table->lock); 231 return NF_DROP; 232 } 233#endif 234 /* jump to a udc */ 235 cs[sp].n = i + 1; 236 cs[sp].chaininfo = chaininfo; 237 cs[sp].e = (struct ebt_entry *) 238 (((char *)point) + point->next_offset); 239 i = 0; 240 chaininfo = (struct ebt_entries *) (base + verdict); 241#ifdef CONFIG_NETFILTER_DEBUG 242 if (chaininfo->distinguisher) { 243 BUGPRINT("jump to non-chain\n"); 244 read_unlock_bh(&table->lock); 245 return NF_DROP; 246 } 247#endif 248 nentries = chaininfo->nentries; 249 point = (struct ebt_entry *)chaininfo->data; 250 counter_base = cb_base + chaininfo->counter_offset; 251 sp++; 252 continue; 253letscontinue: 254 point = (struct ebt_entry *) 255 (((char *)point) + point->next_offset); 256 i++; 257 } 258 259 /* I actually like this :) */ 260 if (chaininfo->policy == EBT_RETURN) 261 goto letsreturn; 262 if (chaininfo->policy == EBT_ACCEPT) { 263 read_unlock_bh(&table->lock); 264 return NF_ACCEPT; 265 } 266 read_unlock_bh(&table->lock); 267 return NF_DROP; 268} 269 270/* If it succeeds, returns element and locks mutex */ 271static inline void * 272find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 273 struct mutex *mutex) 274{ 275 struct { 276 struct list_head list; 277 char name[EBT_FUNCTION_MAXNAMELEN]; 278 } *e; 279 280 *error = mutex_lock_interruptible(mutex); 281 if (*error != 0) 282 return NULL; 283 284 list_for_each_entry(e, head, list) { 285 if (strcmp(e->name, name) == 0) 286 return e; 287 } 288 *error = -ENOENT; 289 mutex_unlock(mutex); 290 return NULL; 291} 292 293#ifndef CONFIG_KMOD 294#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) 295#else 296static void * 297find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 298 int *error, struct mutex *mutex) 299{ 300 void *ret; 301 302 ret = find_inlist_lock_noload(head, name, error, mutex); 303 if (!ret) { 304 request_module("%s%s", prefix, name); 305 ret = find_inlist_lock_noload(head, name, error, mutex); 306 } 307 return ret; 308} 309#endif 310 311static inline struct ebt_table * 312find_table_lock(const char *name, int *error, struct mutex *mutex) 313{ 314 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 315} 316 317static inline struct ebt_match * 318find_match_lock(const char *name, int *error, struct mutex *mutex) 319{ 320 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex); 321} 322 323static inline struct ebt_watcher * 324find_watcher_lock(const char *name, int *error, struct mutex *mutex) 325{ 326 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex); 327} 328 329static inline struct ebt_target * 330find_target_lock(const char *name, int *error, struct mutex *mutex) 331{ 332 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex); 333} 334 335static inline int 336ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 337 const char *name, unsigned int hookmask, unsigned int *cnt) 338{ 339 struct ebt_match *match; 340 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 341 int ret; 342 343 if (left < sizeof(struct ebt_entry_match) || 344 left - sizeof(struct ebt_entry_match) < m->match_size) 345 return -EINVAL; 346 match = find_match_lock(m->u.name, &ret, &ebt_mutex); 347 if (!match) 348 return ret; 349 m->u.match = match; 350 if (!try_module_get(match->me)) { 351 mutex_unlock(&ebt_mutex); 352 return -ENOENT; 353 } 354 mutex_unlock(&ebt_mutex); 355 if (XT_ALIGN(match->matchsize) != m->match_size && 356 match->matchsize != -1) { 357 /* 358 * ebt_among is exempt from centralized matchsize checking 359 * because it uses a dynamic-size data set. 360 */ 361 printk(KERN_WARNING "ebtables: %s match: " 362 "invalid size %Zu != %u\n", 363 match->name, XT_ALIGN(match->matchsize), m->match_size); 364 module_put(match->me); 365 return -EINVAL; 366 } 367 if (match->check && 368 match->check(name, hookmask, e, m->data, m->match_size) != 0) { 369 BUGPRINT("match->check failed\n"); 370 module_put(match->me); 371 return -EINVAL; 372 } 373 (*cnt)++; 374 return 0; 375} 376 377static inline int 378ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 379 const char *name, unsigned int hookmask, unsigned int *cnt) 380{ 381 struct ebt_watcher *watcher; 382 size_t left = ((char *)e + e->target_offset) - (char *)w; 383 int ret; 384 385 if (left < sizeof(struct ebt_entry_watcher) || 386 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 387 return -EINVAL; 388 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); 389 if (!watcher) 390 return ret; 391 w->u.watcher = watcher; 392 if (!try_module_get(watcher->me)) { 393 mutex_unlock(&ebt_mutex); 394 return -ENOENT; 395 } 396 mutex_unlock(&ebt_mutex); 397 if (XT_ALIGN(watcher->targetsize) != w->watcher_size) { 398 printk(KERN_WARNING "ebtables: %s watcher: " 399 "invalid size %Zu != %u\n", 400 watcher->name, XT_ALIGN(watcher->targetsize), 401 w->watcher_size); 402 module_put(watcher->me); 403 return -EINVAL; 404 } 405 if (watcher->check && 406 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { 407 BUGPRINT("watcher->check failed\n"); 408 module_put(watcher->me); 409 return -EINVAL; 410 } 411 (*cnt)++; 412 return 0; 413} 414 415static int ebt_verify_pointers(struct ebt_replace *repl, 416 struct ebt_table_info *newinfo) 417{ 418 unsigned int limit = repl->entries_size; 419 unsigned int valid_hooks = repl->valid_hooks; 420 unsigned int offset = 0; 421 int i; 422 423 for (i = 0; i < NF_BR_NUMHOOKS; i++) 424 newinfo->hook_entry[i] = NULL; 425 426 newinfo->entries_size = repl->entries_size; 427 newinfo->nentries = repl->nentries; 428 429 while (offset < limit) { 430 size_t left = limit - offset; 431 struct ebt_entry *e = (void *)newinfo->entries + offset; 432 433 if (left < sizeof(unsigned int)) 434 break; 435 436 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 437 if ((valid_hooks & (1 << i)) == 0) 438 continue; 439 if ((char __user *)repl->hook_entry[i] == 440 repl->entries + offset) 441 break; 442 } 443 444 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 445 if (e->bitmask != 0) { 446 /* we make userspace set this right, 447 so there is no misunderstanding */ 448 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 449 "in distinguisher\n"); 450 return -EINVAL; 451 } 452 if (i != NF_BR_NUMHOOKS) 453 newinfo->hook_entry[i] = (struct ebt_entries *)e; 454 if (left < sizeof(struct ebt_entries)) 455 break; 456 offset += sizeof(struct ebt_entries); 457 } else { 458 if (left < sizeof(struct ebt_entry)) 459 break; 460 if (left < e->next_offset) 461 break; 462 offset += e->next_offset; 463 } 464 } 465 if (offset != limit) { 466 BUGPRINT("entries_size too small\n"); 467 return -EINVAL; 468 } 469 470 /* check if all valid hooks have a chain */ 471 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 472 if (!newinfo->hook_entry[i] && 473 (valid_hooks & (1 << i))) { 474 BUGPRINT("Valid hook without chain\n"); 475 return -EINVAL; 476 } 477 } 478 return 0; 479} 480 481/* 482 * this one is very careful, as it is the first function 483 * to parse the userspace data 484 */ 485static inline int 486ebt_check_entry_size_and_hooks(struct ebt_entry *e, 487 struct ebt_table_info *newinfo, 488 unsigned int *n, unsigned int *cnt, 489 unsigned int *totalcnt, unsigned int *udc_cnt) 490{ 491 int i; 492 493 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 494 if ((void *)e == (void *)newinfo->hook_entry[i]) 495 break; 496 } 497 /* beginning of a new chain 498 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 499 if (i != NF_BR_NUMHOOKS || !e->bitmask) { 500 /* this checks if the previous chain has as many entries 501 as it said it has */ 502 if (*n != *cnt) { 503 BUGPRINT("nentries does not equal the nr of entries " 504 "in the chain\n"); 505 return -EINVAL; 506 } 507 if (((struct ebt_entries *)e)->policy != EBT_DROP && 508 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 509 /* only RETURN from udc */ 510 if (i != NF_BR_NUMHOOKS || 511 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 512 BUGPRINT("bad policy\n"); 513 return -EINVAL; 514 } 515 } 516 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 517 (*udc_cnt)++; 518 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 519 BUGPRINT("counter_offset != totalcnt"); 520 return -EINVAL; 521 } 522 *n = ((struct ebt_entries *)e)->nentries; 523 *cnt = 0; 524 return 0; 525 } 526 /* a plain old entry, heh */ 527 if (sizeof(struct ebt_entry) > e->watchers_offset || 528 e->watchers_offset > e->target_offset || 529 e->target_offset >= e->next_offset) { 530 BUGPRINT("entry offsets not in right order\n"); 531 return -EINVAL; 532 } 533 /* this is not checked anywhere else */ 534 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 535 BUGPRINT("target size too small\n"); 536 return -EINVAL; 537 } 538 (*cnt)++; 539 (*totalcnt)++; 540 return 0; 541} 542 543struct ebt_cl_stack 544{ 545 struct ebt_chainstack cs; 546 int from; 547 unsigned int hookmask; 548}; 549 550/* 551 * we need these positions to check that the jumps to a different part of the 552 * entries is a jump to the beginning of a new chain. 553 */ 554static inline int 555ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 556 unsigned int *n, struct ebt_cl_stack *udc) 557{ 558 int i; 559 560 /* we're only interested in chain starts */ 561 if (e->bitmask) 562 return 0; 563 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 564 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 565 break; 566 } 567 /* only care about udc */ 568 if (i != NF_BR_NUMHOOKS) 569 return 0; 570 571 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 572 /* these initialisations are depended on later in check_chainloops() */ 573 udc[*n].cs.n = 0; 574 udc[*n].hookmask = 0; 575 576 (*n)++; 577 return 0; 578} 579 580static inline int 581ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 582{ 583 if (i && (*i)-- == 0) 584 return 1; 585 if (m->u.match->destroy) 586 m->u.match->destroy(m->data, m->match_size); 587 module_put(m->u.match->me); 588 589 return 0; 590} 591 592static inline int 593ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 594{ 595 if (i && (*i)-- == 0) 596 return 1; 597 if (w->u.watcher->destroy) 598 w->u.watcher->destroy(w->data, w->watcher_size); 599 module_put(w->u.watcher->me); 600 601 return 0; 602} 603 604static inline int 605ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 606{ 607 struct ebt_entry_target *t; 608 609 if (e->bitmask == 0) 610 return 0; 611 /* we're done */ 612 if (cnt && (*cnt)-- == 0) 613 return 1; 614 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 615 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 616 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 617 if (t->u.target->destroy) 618 t->u.target->destroy(t->data, t->target_size); 619 module_put(t->u.target->me); 620 621 return 0; 622} 623 624static inline int 625ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 626 const char *name, unsigned int *cnt, 627 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 628{ 629 struct ebt_entry_target *t; 630 struct ebt_target *target; 631 unsigned int i, j, hook = 0, hookmask = 0; 632 size_t gap; 633 int ret; 634 635 /* don't mess with the struct ebt_entries */ 636 if (e->bitmask == 0) 637 return 0; 638 639 if (e->bitmask & ~EBT_F_MASK) { 640 BUGPRINT("Unknown flag for bitmask\n"); 641 return -EINVAL; 642 } 643 if (e->invflags & ~EBT_INV_MASK) { 644 BUGPRINT("Unknown flag for inv bitmask\n"); 645 return -EINVAL; 646 } 647 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 648 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 649 return -EINVAL; 650 } 651 /* what hook do we belong to? */ 652 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 653 if (!newinfo->hook_entry[i]) 654 continue; 655 if ((char *)newinfo->hook_entry[i] < (char *)e) 656 hook = i; 657 else 658 break; 659 } 660 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 661 a base chain */ 662 if (i < NF_BR_NUMHOOKS) 663 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 664 else { 665 for (i = 0; i < udc_cnt; i++) 666 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 667 break; 668 if (i == 0) 669 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 670 else 671 hookmask = cl_s[i - 1].hookmask; 672 } 673 i = 0; 674 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); 675 if (ret != 0) 676 goto cleanup_matches; 677 j = 0; 678 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); 679 if (ret != 0) 680 goto cleanup_watchers; 681 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 682 gap = e->next_offset - e->target_offset; 683 target = find_target_lock(t->u.name, &ret, &ebt_mutex); 684 if (!target) 685 goto cleanup_watchers; 686 if (!try_module_get(target->me)) { 687 mutex_unlock(&ebt_mutex); 688 ret = -ENOENT; 689 goto cleanup_watchers; 690 } 691 mutex_unlock(&ebt_mutex); 692 693 t->u.target = target; 694 if (t->u.target == &ebt_standard_target) { 695 if (gap < sizeof(struct ebt_standard_target)) { 696 BUGPRINT("Standard target size too big\n"); 697 ret = -EFAULT; 698 goto cleanup_watchers; 699 } 700 if (((struct ebt_standard_target *)t)->verdict < 701 -NUM_STANDARD_TARGETS) { 702 BUGPRINT("Invalid standard target\n"); 703 ret = -EFAULT; 704 goto cleanup_watchers; 705 } 706 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) { 707 module_put(t->u.target->me); 708 ret = -EFAULT; 709 goto cleanup_watchers; 710 } else if (XT_ALIGN(target->targetsize) != t->target_size) { 711 printk(KERN_WARNING "ebtables: %s target: " 712 "invalid size %Zu != %u\n", 713 target->name, XT_ALIGN(target->targetsize), 714 t->target_size); 715 module_put(t->u.target->me); 716 ret = -EINVAL; 717 goto cleanup_watchers; 718 } else if (t->u.target->check && 719 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0) { 720 module_put(t->u.target->me); 721 ret = -EFAULT; 722 goto cleanup_watchers; 723 } 724 (*cnt)++; 725 return 0; 726cleanup_watchers: 727 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 728cleanup_matches: 729 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 730 return ret; 731} 732 733/* 734 * checks for loops and sets the hook mask for udc 735 * the hook mask for udc tells us from which base chains the udc can be 736 * accessed. This mask is a parameter to the check() functions of the extensions 737 */ 738static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 739 unsigned int udc_cnt, unsigned int hooknr, char *base) 740{ 741 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 742 struct ebt_entry *e = (struct ebt_entry *)chain->data; 743 struct ebt_entry_target *t; 744 745 while (pos < nentries || chain_nr != -1) { 746 /* end of udc, go back one 'recursion' step */ 747 if (pos == nentries) { 748 /* put back values of the time when this chain was called */ 749 e = cl_s[chain_nr].cs.e; 750 if (cl_s[chain_nr].from != -1) 751 nentries = 752 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 753 else 754 nentries = chain->nentries; 755 pos = cl_s[chain_nr].cs.n; 756 /* make sure we won't see a loop that isn't one */ 757 cl_s[chain_nr].cs.n = 0; 758 chain_nr = cl_s[chain_nr].from; 759 if (pos == nentries) 760 continue; 761 } 762 t = (struct ebt_entry_target *) 763 (((char *)e) + e->target_offset); 764 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 765 goto letscontinue; 766 if (e->target_offset + sizeof(struct ebt_standard_target) > 767 e->next_offset) { 768 BUGPRINT("Standard target size too big\n"); 769 return -1; 770 } 771 verdict = ((struct ebt_standard_target *)t)->verdict; 772 if (verdict >= 0) { /* jump to another chain */ 773 struct ebt_entries *hlp2 = 774 (struct ebt_entries *)(base + verdict); 775 for (i = 0; i < udc_cnt; i++) 776 if (hlp2 == cl_s[i].cs.chaininfo) 777 break; 778 /* bad destination or loop */ 779 if (i == udc_cnt) { 780 BUGPRINT("bad destination\n"); 781 return -1; 782 } 783 if (cl_s[i].cs.n) { 784 BUGPRINT("loop\n"); 785 return -1; 786 } 787 if (cl_s[i].hookmask & (1 << hooknr)) 788 goto letscontinue; 789 /* this can't be 0, so the loop test is correct */ 790 cl_s[i].cs.n = pos + 1; 791 pos = 0; 792 cl_s[i].cs.e = ((void *)e + e->next_offset); 793 e = (struct ebt_entry *)(hlp2->data); 794 nentries = hlp2->nentries; 795 cl_s[i].from = chain_nr; 796 chain_nr = i; 797 /* this udc is accessible from the base chain for hooknr */ 798 cl_s[i].hookmask |= (1 << hooknr); 799 continue; 800 } 801letscontinue: 802 e = (void *)e + e->next_offset; 803 pos++; 804 } 805 return 0; 806} 807 808/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 809static int translate_table(char *name, struct ebt_table_info *newinfo) 810{ 811 unsigned int i, j, k, udc_cnt; 812 int ret; 813 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 814 815 i = 0; 816 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) 817 i++; 818 if (i == NF_BR_NUMHOOKS) { 819 BUGPRINT("No valid hooks specified\n"); 820 return -EINVAL; 821 } 822 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { 823 BUGPRINT("Chains don't start at beginning\n"); 824 return -EINVAL; 825 } 826 /* make sure chains are ordered after each other in same order 827 as their corresponding hooks */ 828 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 829 if (!newinfo->hook_entry[j]) 830 continue; 831 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { 832 BUGPRINT("Hook order must be followed\n"); 833 return -EINVAL; 834 } 835 i = j; 836 } 837 838 /* do some early checkings and initialize some things */ 839 i = 0; /* holds the expected nr. of entries for the chain */ 840 j = 0; /* holds the up to now counted entries for the chain */ 841 k = 0; /* holds the total nr. of entries, should equal 842 newinfo->nentries afterwards */ 843 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 844 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 845 ebt_check_entry_size_and_hooks, newinfo, 846 &i, &j, &k, &udc_cnt); 847 848 if (ret != 0) 849 return ret; 850 851 if (i != j) { 852 BUGPRINT("nentries does not equal the nr of entries in the " 853 "(last) chain\n"); 854 return -EINVAL; 855 } 856 if (k != newinfo->nentries) { 857 BUGPRINT("Total nentries is wrong\n"); 858 return -EINVAL; 859 } 860 861 /* get the location of the udc, put them in an array 862 while we're at it, allocate the chainstack */ 863 if (udc_cnt) { 864 /* this will get free'd in do_replace()/ebt_register_table() 865 if an error occurs */ 866 newinfo->chainstack = 867 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack))); 868 if (!newinfo->chainstack) 869 return -ENOMEM; 870 for_each_possible_cpu(i) { 871 newinfo->chainstack[i] = 872 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); 873 if (!newinfo->chainstack[i]) { 874 while (i) 875 vfree(newinfo->chainstack[--i]); 876 vfree(newinfo->chainstack); 877 newinfo->chainstack = NULL; 878 return -ENOMEM; 879 } 880 } 881 882 cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); 883 if (!cl_s) 884 return -ENOMEM; 885 i = 0; /* the i'th udc */ 886 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 887 ebt_get_udc_positions, newinfo, &i, cl_s); 888 /* sanity check */ 889 if (i != udc_cnt) { 890 BUGPRINT("i != udc_cnt\n"); 891 vfree(cl_s); 892 return -EFAULT; 893 } 894 } 895 896 /* Check for loops */ 897 for (i = 0; i < NF_BR_NUMHOOKS; i++) 898 if (newinfo->hook_entry[i]) 899 if (check_chainloops(newinfo->hook_entry[i], 900 cl_s, udc_cnt, i, newinfo->entries)) { 901 vfree(cl_s); 902 return -EINVAL; 903 } 904 905 /* we now know the following (along with E=mc²): 906 - the nr of entries in each chain is right 907 - the size of the allocated space is right 908 - all valid hooks have a corresponding chain 909 - there are no loops 910 - wrong data can still be on the level of a single entry 911 - could be there are jumps to places that are not the 912 beginning of a chain. This can only occur in chains that 913 are not accessible from any base chains, so we don't care. */ 914 915 /* used to know what we need to clean up if something goes wrong */ 916 i = 0; 917 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 918 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt); 919 if (ret != 0) { 920 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 921 ebt_cleanup_entry, &i); 922 } 923 vfree(cl_s); 924 return ret; 925} 926 927/* called under write_lock */ 928static void get_counters(struct ebt_counter *oldcounters, 929 struct ebt_counter *counters, unsigned int nentries) 930{ 931 int i, cpu; 932 struct ebt_counter *counter_base; 933 934 /* counters of cpu 0 */ 935 memcpy(counters, oldcounters, 936 sizeof(struct ebt_counter) * nentries); 937 938 /* add other counters to those of cpu 0 */ 939 for_each_possible_cpu(cpu) { 940 if (cpu == 0) 941 continue; 942 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 943 for (i = 0; i < nentries; i++) { 944 counters[i].pcnt += counter_base[i].pcnt; 945 counters[i].bcnt += counter_base[i].bcnt; 946 } 947 } 948} 949 950/* replace the table */ 951static int do_replace(void __user *user, unsigned int len) 952{ 953 int ret, i, countersize; 954 struct ebt_table_info *newinfo; 955 struct ebt_replace tmp; 956 struct ebt_table *t; 957 struct ebt_counter *counterstmp = NULL; 958 /* used to be able to unlock earlier */ 959 struct ebt_table_info *table; 960 961 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 962 return -EFAULT; 963 964 if (len != sizeof(tmp) + tmp.entries_size) { 965 BUGPRINT("Wrong len argument\n"); 966 return -EINVAL; 967 } 968 969 if (tmp.entries_size == 0) { 970 BUGPRINT("Entries_size never zero\n"); 971 return -EINVAL; 972 } 973 /* overflow check */ 974 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - 975 SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 976 return -ENOMEM; 977 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 978 return -ENOMEM; 979 980 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; 981 newinfo = vmalloc(sizeof(*newinfo) + countersize); 982 if (!newinfo) 983 return -ENOMEM; 984 985 if (countersize) 986 memset(newinfo->counters, 0, countersize); 987 988 newinfo->entries = vmalloc(tmp.entries_size); 989 if (!newinfo->entries) { 990 ret = -ENOMEM; 991 goto free_newinfo; 992 } 993 if (copy_from_user( 994 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 995 BUGPRINT("Couldn't copy entries from userspace\n"); 996 ret = -EFAULT; 997 goto free_entries; 998 } 999 1000 /* the user wants counters back 1001 the check on the size is done later, when we have the lock */ 1002 if (tmp.num_counters) { 1003 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp)); 1004 if (!counterstmp) { 1005 ret = -ENOMEM; 1006 goto free_entries; 1007 } 1008 } 1009 else 1010 counterstmp = NULL; 1011 1012 /* this can get initialized by translate_table() */ 1013 newinfo->chainstack = NULL; 1014 ret = ebt_verify_pointers(&tmp, newinfo); 1015 if (ret != 0) 1016 goto free_counterstmp; 1017 1018 ret = translate_table(tmp.name, newinfo); 1019 1020 if (ret != 0) 1021 goto free_counterstmp; 1022 1023 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1024 if (!t) { 1025 ret = -ENOENT; 1026 goto free_iterate; 1027 } 1028 1029 /* the table doesn't like it */ 1030 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 1031 goto free_unlock; 1032 1033 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 1034 BUGPRINT("Wrong nr. of counters requested\n"); 1035 ret = -EINVAL; 1036 goto free_unlock; 1037 } 1038 1039 /* we have the mutex lock, so no danger in reading this pointer */ 1040 table = t->private; 1041 /* make sure the table can only be rmmod'ed if it contains no rules */ 1042 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 1043 ret = -ENOENT; 1044 goto free_unlock; 1045 } else if (table->nentries && !newinfo->nentries) 1046 module_put(t->me); 1047 /* we need an atomic snapshot of the counters */ 1048 write_lock_bh(&t->lock); 1049 if (tmp.num_counters) 1050 get_counters(t->private->counters, counterstmp, 1051 t->private->nentries); 1052 1053 t->private = newinfo; 1054 write_unlock_bh(&t->lock); 1055 mutex_unlock(&ebt_mutex); 1056 /* so, a user can change the chains while having messed up her counter 1057 allocation. Only reason why this is done is because this way the lock 1058 is held only once, while this doesn't bring the kernel into a 1059 dangerous state. */ 1060 if (tmp.num_counters && 1061 copy_to_user(tmp.counters, counterstmp, 1062 tmp.num_counters * sizeof(struct ebt_counter))) { 1063 BUGPRINT("Couldn't copy counters to userspace\n"); 1064 ret = -EFAULT; 1065 } 1066 else 1067 ret = 0; 1068 1069 /* decrease module count and free resources */ 1070 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1071 ebt_cleanup_entry, NULL); 1072 1073 vfree(table->entries); 1074 if (table->chainstack) { 1075 for_each_possible_cpu(i) 1076 vfree(table->chainstack[i]); 1077 vfree(table->chainstack); 1078 } 1079 vfree(table); 1080 1081 vfree(counterstmp); 1082 return ret; 1083 1084free_unlock: 1085 mutex_unlock(&ebt_mutex); 1086free_iterate: 1087 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1088 ebt_cleanup_entry, NULL); 1089free_counterstmp: 1090 vfree(counterstmp); 1091 /* can be initialized in translate_table() */ 1092 if (newinfo->chainstack) { 1093 for_each_possible_cpu(i) 1094 vfree(newinfo->chainstack[i]); 1095 vfree(newinfo->chainstack); 1096 } 1097free_entries: 1098 vfree(newinfo->entries); 1099free_newinfo: 1100 vfree(newinfo); 1101 return ret; 1102} 1103 1104int ebt_register_target(struct ebt_target *target) 1105{ 1106 struct ebt_target *t; 1107 int ret; 1108 1109 ret = mutex_lock_interruptible(&ebt_mutex); 1110 if (ret != 0) 1111 return ret; 1112 list_for_each_entry(t, &ebt_targets, list) { 1113 if (strcmp(t->name, target->name) == 0) { 1114 mutex_unlock(&ebt_mutex); 1115 return -EEXIST; 1116 } 1117 } 1118 list_add(&target->list, &ebt_targets); 1119 mutex_unlock(&ebt_mutex); 1120 1121 return 0; 1122} 1123 1124void ebt_unregister_target(struct ebt_target *target) 1125{ 1126 mutex_lock(&ebt_mutex); 1127 list_del(&target->list); 1128 mutex_unlock(&ebt_mutex); 1129} 1130 1131int ebt_register_match(struct ebt_match *match) 1132{ 1133 struct ebt_match *m; 1134 int ret; 1135 1136 ret = mutex_lock_interruptible(&ebt_mutex); 1137 if (ret != 0) 1138 return ret; 1139 list_for_each_entry(m, &ebt_matches, list) { 1140 if (strcmp(m->name, match->name) == 0) { 1141 mutex_unlock(&ebt_mutex); 1142 return -EEXIST; 1143 } 1144 } 1145 list_add(&match->list, &ebt_matches); 1146 mutex_unlock(&ebt_mutex); 1147 1148 return 0; 1149} 1150 1151void ebt_unregister_match(struct ebt_match *match) 1152{ 1153 mutex_lock(&ebt_mutex); 1154 list_del(&match->list); 1155 mutex_unlock(&ebt_mutex); 1156} 1157 1158int ebt_register_watcher(struct ebt_watcher *watcher) 1159{ 1160 struct ebt_watcher *w; 1161 int ret; 1162 1163 ret = mutex_lock_interruptible(&ebt_mutex); 1164 if (ret != 0) 1165 return ret; 1166 list_for_each_entry(w, &ebt_watchers, list) { 1167 if (strcmp(w->name, watcher->name) == 0) { 1168 mutex_unlock(&ebt_mutex); 1169 return -EEXIST; 1170 } 1171 } 1172 list_add(&watcher->list, &ebt_watchers); 1173 mutex_unlock(&ebt_mutex); 1174 1175 return 0; 1176} 1177 1178void ebt_unregister_watcher(struct ebt_watcher *watcher) 1179{ 1180 mutex_lock(&ebt_mutex); 1181 list_del(&watcher->list); 1182 mutex_unlock(&ebt_mutex); 1183} 1184 1185int ebt_register_table(struct ebt_table *table) 1186{ 1187 struct ebt_table_info *newinfo; 1188 struct ebt_table *t; 1189 struct ebt_replace_kernel *repl; 1190 int ret, i, countersize; 1191 void *p; 1192 1193 if (!table || !(repl = table->table) || !repl->entries || 1194 repl->entries_size == 0 || 1195 repl->counters || table->private) { 1196 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1197 return -EINVAL; 1198 } 1199 1200 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids; 1201 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1202 ret = -ENOMEM; 1203 if (!newinfo) 1204 return -ENOMEM; 1205 1206 p = vmalloc(repl->entries_size); 1207 if (!p) 1208 goto free_newinfo; 1209 1210 memcpy(p, repl->entries, repl->entries_size); 1211 newinfo->entries = p; 1212 1213 newinfo->entries_size = repl->entries_size; 1214 newinfo->nentries = repl->nentries; 1215 1216 if (countersize) 1217 memset(newinfo->counters, 0, countersize); 1218 1219 /* fill in newinfo and parse the entries */ 1220 newinfo->chainstack = NULL; 1221 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 1222 if ((repl->valid_hooks & (1 << i)) == 0) 1223 newinfo->hook_entry[i] = NULL; 1224 else 1225 newinfo->hook_entry[i] = p + 1226 ((char *)repl->hook_entry[i] - repl->entries); 1227 } 1228 ret = translate_table(repl->name, newinfo); 1229 if (ret != 0) { 1230 BUGPRINT("Translate_table failed\n"); 1231 goto free_chainstack; 1232 } 1233 1234 if (table->check && table->check(newinfo, table->valid_hooks)) { 1235 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1236 return -EINVAL; 1237 } 1238 1239 table->private = newinfo; 1240 rwlock_init(&table->lock); 1241 ret = mutex_lock_interruptible(&ebt_mutex); 1242 if (ret != 0) 1243 goto free_chainstack; 1244 1245 list_for_each_entry(t, &ebt_tables, list) { 1246 if (strcmp(t->name, table->name) == 0) { 1247 ret = -EEXIST; 1248 BUGPRINT("Table name already exists\n"); 1249 goto free_unlock; 1250 } 1251 } 1252 1253 /* Hold a reference count if the chains aren't empty */ 1254 if (newinfo->nentries && !try_module_get(table->me)) { 1255 ret = -ENOENT; 1256 goto free_unlock; 1257 } 1258 list_add(&table->list, &ebt_tables); 1259 mutex_unlock(&ebt_mutex); 1260 return 0; 1261free_unlock: 1262 mutex_unlock(&ebt_mutex); 1263free_chainstack: 1264 if (newinfo->chainstack) { 1265 for_each_possible_cpu(i) 1266 vfree(newinfo->chainstack[i]); 1267 vfree(newinfo->chainstack); 1268 } 1269 vfree(newinfo->entries); 1270free_newinfo: 1271 vfree(newinfo); 1272 return ret; 1273} 1274 1275void ebt_unregister_table(struct ebt_table *table) 1276{ 1277 int i; 1278 1279 if (!table) { 1280 BUGPRINT("Request to unregister NULL table!!!\n"); 1281 return; 1282 } 1283 mutex_lock(&ebt_mutex); 1284 list_del(&table->list); 1285 mutex_unlock(&ebt_mutex); 1286 vfree(table->private->entries); 1287 if (table->private->chainstack) { 1288 for_each_possible_cpu(i) 1289 vfree(table->private->chainstack[i]); 1290 vfree(table->private->chainstack); 1291 } 1292 vfree(table->private); 1293} 1294 1295/* userspace just supplied us with counters */ 1296static int update_counters(void __user *user, unsigned int len) 1297{ 1298 int i, ret; 1299 struct ebt_counter *tmp; 1300 struct ebt_replace hlp; 1301 struct ebt_table *t; 1302 1303 if (copy_from_user(&hlp, user, sizeof(hlp))) 1304 return -EFAULT; 1305 1306 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1307 return -EINVAL; 1308 if (hlp.num_counters == 0) 1309 return -EINVAL; 1310 1311 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) { 1312 MEMPRINT("Update_counters && nomemory\n"); 1313 return -ENOMEM; 1314 } 1315 1316 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1317 if (!t) 1318 goto free_tmp; 1319 1320 if (hlp.num_counters != t->private->nentries) { 1321 BUGPRINT("Wrong nr of counters\n"); 1322 ret = -EINVAL; 1323 goto unlock_mutex; 1324 } 1325 1326 if ( copy_from_user(tmp, hlp.counters, 1327 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1328 BUGPRINT("Updata_counters && !cfu\n"); 1329 ret = -EFAULT; 1330 goto unlock_mutex; 1331 } 1332 1333 /* we want an atomic add of the counters */ 1334 write_lock_bh(&t->lock); 1335 1336 /* we add to the counters of the first cpu */ 1337 for (i = 0; i < hlp.num_counters; i++) { 1338 t->private->counters[i].pcnt += tmp[i].pcnt; 1339 t->private->counters[i].bcnt += tmp[i].bcnt; 1340 } 1341 1342 write_unlock_bh(&t->lock); 1343 ret = 0; 1344unlock_mutex: 1345 mutex_unlock(&ebt_mutex); 1346free_tmp: 1347 vfree(tmp); 1348 return ret; 1349} 1350 1351static inline int ebt_make_matchname(struct ebt_entry_match *m, 1352 char *base, char __user *ubase) 1353{ 1354 char __user *hlp = ubase + ((char *)m - base); 1355 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1356 return -EFAULT; 1357 return 0; 1358} 1359 1360static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1361 char *base, char __user *ubase) 1362{ 1363 char __user *hlp = ubase + ((char *)w - base); 1364 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1365 return -EFAULT; 1366 return 0; 1367} 1368 1369static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase) 1370{ 1371 int ret; 1372 char __user *hlp; 1373 struct ebt_entry_target *t; 1374 1375 if (e->bitmask == 0) 1376 return 0; 1377 1378 hlp = ubase + (((char *)e + e->target_offset) - base); 1379 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1380 1381 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1382 if (ret != 0) 1383 return ret; 1384 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1385 if (ret != 0) 1386 return ret; 1387 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1388 return -EFAULT; 1389 return 0; 1390} 1391 1392/* called with ebt_mutex locked */ 1393static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1394 int *len, int cmd) 1395{ 1396 struct ebt_replace tmp; 1397 struct ebt_counter *counterstmp, *oldcounters; 1398 unsigned int entries_size, nentries; 1399 char *entries; 1400 1401 if (cmd == EBT_SO_GET_ENTRIES) { 1402 entries_size = t->private->entries_size; 1403 nentries = t->private->nentries; 1404 entries = t->private->entries; 1405 oldcounters = t->private->counters; 1406 } else { 1407 entries_size = t->table->entries_size; 1408 nentries = t->table->nentries; 1409 entries = t->table->entries; 1410 oldcounters = t->table->counters; 1411 } 1412 1413 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1414 BUGPRINT("Cfu didn't work\n"); 1415 return -EFAULT; 1416 } 1417 1418 if (*len != sizeof(struct ebt_replace) + entries_size + 1419 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1420 BUGPRINT("Wrong size\n"); 1421 return -EINVAL; 1422 } 1423 1424 if (tmp.nentries != nentries) { 1425 BUGPRINT("Nentries wrong\n"); 1426 return -EINVAL; 1427 } 1428 1429 if (tmp.entries_size != entries_size) { 1430 BUGPRINT("Wrong size\n"); 1431 return -EINVAL; 1432 } 1433 1434 /* userspace might not need the counters */ 1435 if (tmp.num_counters) { 1436 if (tmp.num_counters != nentries) { 1437 BUGPRINT("Num_counters wrong\n"); 1438 return -EINVAL; 1439 } 1440 counterstmp = vmalloc(nentries * sizeof(*counterstmp)); 1441 if (!counterstmp) { 1442 MEMPRINT("Couldn't copy counters, out of memory\n"); 1443 return -ENOMEM; 1444 } 1445 write_lock_bh(&t->lock); 1446 get_counters(oldcounters, counterstmp, nentries); 1447 write_unlock_bh(&t->lock); 1448 1449 if (copy_to_user(tmp.counters, counterstmp, 1450 nentries * sizeof(struct ebt_counter))) { 1451 BUGPRINT("Couldn't copy counters to userspace\n"); 1452 vfree(counterstmp); 1453 return -EFAULT; 1454 } 1455 vfree(counterstmp); 1456 } 1457 1458 if (copy_to_user(tmp.entries, entries, entries_size)) { 1459 BUGPRINT("Couldn't copy entries to userspace\n"); 1460 return -EFAULT; 1461 } 1462 /* set the match/watcher/target names right */ 1463 return EBT_ENTRY_ITERATE(entries, entries_size, 1464 ebt_make_names, entries, tmp.entries); 1465} 1466 1467static int do_ebt_set_ctl(struct sock *sk, 1468 int cmd, void __user *user, unsigned int len) 1469{ 1470 int ret; 1471 1472 switch(cmd) { 1473 case EBT_SO_SET_ENTRIES: 1474 ret = do_replace(user, len); 1475 break; 1476 case EBT_SO_SET_COUNTERS: 1477 ret = update_counters(user, len); 1478 break; 1479 default: 1480 ret = -EINVAL; 1481 } 1482 return ret; 1483} 1484 1485static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1486{ 1487 int ret; 1488 struct ebt_replace tmp; 1489 struct ebt_table *t; 1490 1491 if (copy_from_user(&tmp, user, sizeof(tmp))) 1492 return -EFAULT; 1493 1494 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1495 if (!t) 1496 return ret; 1497 1498 switch(cmd) { 1499 case EBT_SO_GET_INFO: 1500 case EBT_SO_GET_INIT_INFO: 1501 if (*len != sizeof(struct ebt_replace)){ 1502 ret = -EINVAL; 1503 mutex_unlock(&ebt_mutex); 1504 break; 1505 } 1506 if (cmd == EBT_SO_GET_INFO) { 1507 tmp.nentries = t->private->nentries; 1508 tmp.entries_size = t->private->entries_size; 1509 tmp.valid_hooks = t->valid_hooks; 1510 } else { 1511 tmp.nentries = t->table->nentries; 1512 tmp.entries_size = t->table->entries_size; 1513 tmp.valid_hooks = t->table->valid_hooks; 1514 } 1515 mutex_unlock(&ebt_mutex); 1516 if (copy_to_user(user, &tmp, *len) != 0){ 1517 BUGPRINT("c2u Didn't work\n"); 1518 ret = -EFAULT; 1519 break; 1520 } 1521 ret = 0; 1522 break; 1523 1524 case EBT_SO_GET_ENTRIES: 1525 case EBT_SO_GET_INIT_ENTRIES: 1526 ret = copy_everything_to_user(t, user, len, cmd); 1527 mutex_unlock(&ebt_mutex); 1528 break; 1529 1530 default: 1531 mutex_unlock(&ebt_mutex); 1532 ret = -EINVAL; 1533 } 1534 1535 return ret; 1536} 1537 1538static struct nf_sockopt_ops ebt_sockopts = 1539{ 1540 .pf = PF_INET, 1541 .set_optmin = EBT_BASE_CTL, 1542 .set_optmax = EBT_SO_SET_MAX + 1, 1543 .set = do_ebt_set_ctl, 1544 .get_optmin = EBT_BASE_CTL, 1545 .get_optmax = EBT_SO_GET_MAX + 1, 1546 .get = do_ebt_get_ctl, 1547 .owner = THIS_MODULE, 1548}; 1549 1550static int __init ebtables_init(void) 1551{ 1552 int ret; 1553 1554 mutex_lock(&ebt_mutex); 1555 list_add(&ebt_standard_target.list, &ebt_targets); 1556 mutex_unlock(&ebt_mutex); 1557 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) 1558 return ret; 1559 1560 printk(KERN_INFO "Ebtables v2.0 registered\n"); 1561 return 0; 1562} 1563 1564static void __exit ebtables_fini(void) 1565{ 1566 nf_unregister_sockopt(&ebt_sockopts); 1567 printk(KERN_INFO "Ebtables v2.0 unregistered\n"); 1568} 1569 1570EXPORT_SYMBOL(ebt_register_table); 1571EXPORT_SYMBOL(ebt_unregister_table); 1572EXPORT_SYMBOL(ebt_register_match); 1573EXPORT_SYMBOL(ebt_unregister_match); 1574EXPORT_SYMBOL(ebt_register_watcher); 1575EXPORT_SYMBOL(ebt_unregister_watcher); 1576EXPORT_SYMBOL(ebt_register_target); 1577EXPORT_SYMBOL(ebt_unregister_target); 1578EXPORT_SYMBOL(ebt_do_table); 1579module_init(ebtables_init); 1580module_exit(ebtables_fini); 1581MODULE_LICENSE("GPL"); 1582