ebtables.c revision 1f072c96fdf1a0caa11c6e8078dd96925bd02db5
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18/* used for print_string */ 19#include <linux/sched.h> 20#include <linux/tty.h> 21 22#include <linux/kmod.h> 23#include <linux/module.h> 24#include <linux/vmalloc.h> 25#include <linux/netfilter_bridge/ebtables.h> 26#include <linux/spinlock.h> 27#include <linux/mutex.h> 28#include <asm/uaccess.h> 29#include <linux/smp.h> 30#include <linux/cpumask.h> 31#include <net/sock.h> 32/* needed for logical [in,out]-dev filtering */ 33#include "../br_private.h" 34 35#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 36 "report to author: "format, ## args) 37/* #define BUGPRINT(format, args...) */ 38#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 39 ": out of memory: "format, ## args) 40/* #define MEMPRINT(format, args...) */ 41 42 43 44/* 45 * Each cpu has its own set of counters, so there is no need for write_lock in 46 * the softirq 47 * For reading or updating the counters, the user context needs to 48 * get a write_lock 49 */ 50 51/* The size of each set of counters is altered to get cache alignment */ 52#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 53#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 54#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 55 COUNTER_OFFSET(n) * cpu)) 56 57 58 59static DEFINE_MUTEX(ebt_mutex); 60static LIST_HEAD(ebt_tables); 61static LIST_HEAD(ebt_targets); 62static LIST_HEAD(ebt_matches); 63static LIST_HEAD(ebt_watchers); 64 65static struct ebt_target ebt_standard_target = 66{ {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL}; 67 68static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 69 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 70 const struct net_device *out) 71{ 72 w->u.watcher->watcher(skb, hooknr, in, out, w->data, 73 w->watcher_size); 74 /* watchers don't give a verdict */ 75 return 0; 76} 77 78static inline int ebt_do_match (struct ebt_entry_match *m, 79 const struct sk_buff *skb, const struct net_device *in, 80 const struct net_device *out) 81{ 82 return m->u.match->match(skb, in, out, m->data, 83 m->match_size); 84} 85 86static inline int ebt_dev_check(char *entry, const struct net_device *device) 87{ 88 int i = 0; 89 const char *devname = device->name; 90 91 if (*entry == '\0') 92 return 0; 93 if (!device) 94 return 1; 95 /* 1 is the wildcard token */ 96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 97 i++; 98 return (devname[i] != entry[i] && entry[i] != 1); 99} 100 101#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 102/* process standard matches */ 103static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 104 const struct net_device *in, const struct net_device *out) 105{ 106 int verdict, i; 107 108 if (e->bitmask & EBT_802_3) { 109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 110 return 1; 111 } else if (!(e->bitmask & EBT_NOPROTO) && 112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 113 return 1; 114 115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 116 return 1; 117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 118 return 1; 119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 121 return 1; 122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 124 return 1; 125 126 if (e->bitmask & EBT_SOURCEMAC) { 127 verdict = 0; 128 for (i = 0; i < 6; i++) 129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 130 e->sourcemsk[i]; 131 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 132 return 1; 133 } 134 if (e->bitmask & EBT_DESTMAC) { 135 verdict = 0; 136 for (i = 0; i < 6; i++) 137 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 138 e->destmsk[i]; 139 if (FWINV2(verdict != 0, EBT_IDEST) ) 140 return 1; 141 } 142 return 0; 143} 144 145/* Do some firewalling */ 146unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, 147 const struct net_device *in, const struct net_device *out, 148 struct ebt_table *table) 149{ 150 int i, nentries; 151 struct ebt_entry *point; 152 struct ebt_counter *counter_base, *cb_base; 153 struct ebt_entry_target *t; 154 int verdict, sp = 0; 155 struct ebt_chainstack *cs; 156 struct ebt_entries *chaininfo; 157 char *base; 158 struct ebt_table_info *private; 159 160 read_lock_bh(&table->lock); 161 private = table->private; 162 cb_base = COUNTER_BASE(private->counters, private->nentries, 163 smp_processor_id()); 164 if (private->chainstack) 165 cs = private->chainstack[smp_processor_id()]; 166 else 167 cs = NULL; 168 chaininfo = private->hook_entry[hook]; 169 nentries = private->hook_entry[hook]->nentries; 170 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 171 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 172 /* base for chain jumps */ 173 base = private->entries; 174 i = 0; 175 while (i < nentries) { 176 if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) 177 goto letscontinue; 178 179 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) 180 goto letscontinue; 181 182 /* increase counter */ 183 (*(counter_base + i)).pcnt++; 184 (*(counter_base + i)).bcnt+=(**pskb).len; 185 186 /* these should only watch: not modify, nor tell us 187 what to do with the packet */ 188 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, 189 out); 190 191 t = (struct ebt_entry_target *) 192 (((char *)point) + point->target_offset); 193 /* standard target */ 194 if (!t->u.target->target) 195 verdict = ((struct ebt_standard_target *)t)->verdict; 196 else 197 verdict = t->u.target->target(pskb, hook, 198 in, out, t->data, t->target_size); 199 if (verdict == EBT_ACCEPT) { 200 read_unlock_bh(&table->lock); 201 return NF_ACCEPT; 202 } 203 if (verdict == EBT_DROP) { 204 read_unlock_bh(&table->lock); 205 return NF_DROP; 206 } 207 if (verdict == EBT_RETURN) { 208letsreturn: 209#ifdef CONFIG_NETFILTER_DEBUG 210 if (sp == 0) { 211 BUGPRINT("RETURN on base chain"); 212 /* act like this is EBT_CONTINUE */ 213 goto letscontinue; 214 } 215#endif 216 sp--; 217 /* put all the local variables right */ 218 i = cs[sp].n; 219 chaininfo = cs[sp].chaininfo; 220 nentries = chaininfo->nentries; 221 point = cs[sp].e; 222 counter_base = cb_base + 223 chaininfo->counter_offset; 224 continue; 225 } 226 if (verdict == EBT_CONTINUE) 227 goto letscontinue; 228#ifdef CONFIG_NETFILTER_DEBUG 229 if (verdict < 0) { 230 BUGPRINT("bogus standard verdict\n"); 231 read_unlock_bh(&table->lock); 232 return NF_DROP; 233 } 234#endif 235 /* jump to a udc */ 236 cs[sp].n = i + 1; 237 cs[sp].chaininfo = chaininfo; 238 cs[sp].e = (struct ebt_entry *) 239 (((char *)point) + point->next_offset); 240 i = 0; 241 chaininfo = (struct ebt_entries *) (base + verdict); 242#ifdef CONFIG_NETFILTER_DEBUG 243 if (chaininfo->distinguisher) { 244 BUGPRINT("jump to non-chain\n"); 245 read_unlock_bh(&table->lock); 246 return NF_DROP; 247 } 248#endif 249 nentries = chaininfo->nentries; 250 point = (struct ebt_entry *)chaininfo->data; 251 counter_base = cb_base + chaininfo->counter_offset; 252 sp++; 253 continue; 254letscontinue: 255 point = (struct ebt_entry *) 256 (((char *)point) + point->next_offset); 257 i++; 258 } 259 260 /* I actually like this :) */ 261 if (chaininfo->policy == EBT_RETURN) 262 goto letsreturn; 263 if (chaininfo->policy == EBT_ACCEPT) { 264 read_unlock_bh(&table->lock); 265 return NF_ACCEPT; 266 } 267 read_unlock_bh(&table->lock); 268 return NF_DROP; 269} 270 271/* If it succeeds, returns element and locks mutex */ 272static inline void * 273find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 274 struct mutex *mutex) 275{ 276 struct { 277 struct list_head list; 278 char name[EBT_FUNCTION_MAXNAMELEN]; 279 } *e; 280 281 *error = mutex_lock_interruptible(mutex); 282 if (*error != 0) 283 return NULL; 284 285 list_for_each_entry(e, head, list) { 286 if (strcmp(e->name, name) == 0) 287 return e; 288 } 289 *error = -ENOENT; 290 mutex_unlock(mutex); 291 return NULL; 292} 293 294#ifndef CONFIG_KMOD 295#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) 296#else 297static void * 298find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 299 int *error, struct mutex *mutex) 300{ 301 void *ret; 302 303 ret = find_inlist_lock_noload(head, name, error, mutex); 304 if (!ret) { 305 request_module("%s%s", prefix, name); 306 ret = find_inlist_lock_noload(head, name, error, mutex); 307 } 308 return ret; 309} 310#endif 311 312static inline struct ebt_table * 313find_table_lock(const char *name, int *error, struct mutex *mutex) 314{ 315 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 316} 317 318static inline struct ebt_match * 319find_match_lock(const char *name, int *error, struct mutex *mutex) 320{ 321 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex); 322} 323 324static inline struct ebt_watcher * 325find_watcher_lock(const char *name, int *error, struct mutex *mutex) 326{ 327 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex); 328} 329 330static inline struct ebt_target * 331find_target_lock(const char *name, int *error, struct mutex *mutex) 332{ 333 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex); 334} 335 336static inline int 337ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 338 const char *name, unsigned int hookmask, unsigned int *cnt) 339{ 340 struct ebt_match *match; 341 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 342 int ret; 343 344 if (left < sizeof(struct ebt_entry_match) || 345 left - sizeof(struct ebt_entry_match) < m->match_size) 346 return -EINVAL; 347 match = find_match_lock(m->u.name, &ret, &ebt_mutex); 348 if (!match) 349 return ret; 350 m->u.match = match; 351 if (!try_module_get(match->me)) { 352 mutex_unlock(&ebt_mutex); 353 return -ENOENT; 354 } 355 mutex_unlock(&ebt_mutex); 356 if (match->check && 357 match->check(name, hookmask, e, m->data, m->match_size) != 0) { 358 BUGPRINT("match->check failed\n"); 359 module_put(match->me); 360 return -EINVAL; 361 } 362 (*cnt)++; 363 return 0; 364} 365 366static inline int 367ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 368 const char *name, unsigned int hookmask, unsigned int *cnt) 369{ 370 struct ebt_watcher *watcher; 371 size_t left = ((char *)e + e->target_offset) - (char *)w; 372 int ret; 373 374 if (left < sizeof(struct ebt_entry_watcher) || 375 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 376 return -EINVAL; 377 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); 378 if (!watcher) 379 return ret; 380 w->u.watcher = watcher; 381 if (!try_module_get(watcher->me)) { 382 mutex_unlock(&ebt_mutex); 383 return -ENOENT; 384 } 385 mutex_unlock(&ebt_mutex); 386 if (watcher->check && 387 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { 388 BUGPRINT("watcher->check failed\n"); 389 module_put(watcher->me); 390 return -EINVAL; 391 } 392 (*cnt)++; 393 return 0; 394} 395 396static int ebt_verify_pointers(struct ebt_replace *repl, 397 struct ebt_table_info *newinfo) 398{ 399 unsigned int limit = repl->entries_size; 400 unsigned int valid_hooks = repl->valid_hooks; 401 unsigned int offset = 0; 402 int i; 403 404 for (i = 0; i < NF_BR_NUMHOOKS; i++) 405 newinfo->hook_entry[i] = NULL; 406 407 newinfo->entries_size = repl->entries_size; 408 newinfo->nentries = repl->nentries; 409 410 while (offset < limit) { 411 size_t left = limit - offset; 412 struct ebt_entry *e = (void *)newinfo->entries + offset; 413 414 if (left < sizeof(unsigned int)) 415 break; 416 417 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 418 if ((valid_hooks & (1 << i)) == 0) 419 continue; 420 if ((char *)repl->hook_entry[i] == repl->entries + offset) 421 break; 422 } 423 424 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 425 if (e->bitmask != 0) { 426 /* we make userspace set this right, 427 so there is no misunderstanding */ 428 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 429 "in distinguisher\n"); 430 return -EINVAL; 431 } 432 if (i != NF_BR_NUMHOOKS) 433 newinfo->hook_entry[i] = (struct ebt_entries *)e; 434 if (left < sizeof(struct ebt_entries)) 435 break; 436 offset += sizeof(struct ebt_entries); 437 } else { 438 if (left < sizeof(struct ebt_entry)) 439 break; 440 if (left < e->next_offset) 441 break; 442 offset += e->next_offset; 443 } 444 } 445 if (offset != limit) { 446 BUGPRINT("entries_size too small\n"); 447 return -EINVAL; 448 } 449 450 /* check if all valid hooks have a chain */ 451 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 452 if (!newinfo->hook_entry[i] && 453 (valid_hooks & (1 << i))) { 454 BUGPRINT("Valid hook without chain\n"); 455 return -EINVAL; 456 } 457 } 458 return 0; 459} 460 461/* 462 * this one is very careful, as it is the first function 463 * to parse the userspace data 464 */ 465static inline int 466ebt_check_entry_size_and_hooks(struct ebt_entry *e, 467 struct ebt_table_info *newinfo, char *base, 468 struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt, 469 unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks) 470{ 471 unsigned int offset = (char *)e - newinfo->entries; 472 int i; 473 474 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 475 if ((valid_hooks & (1 << i)) == 0) 476 continue; 477 if ((char *)hook_entries[i] == base + offset) 478 break; 479 } 480 /* beginning of a new chain 481 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 482 if (i != NF_BR_NUMHOOKS || !e->bitmask) { 483 /* this checks if the previous chain has as many entries 484 as it said it has */ 485 if (*n != *cnt) { 486 BUGPRINT("nentries does not equal the nr of entries " 487 "in the chain\n"); 488 return -EINVAL; 489 } 490 if (((struct ebt_entries *)e)->policy != EBT_DROP && 491 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 492 /* only RETURN from udc */ 493 if (i != NF_BR_NUMHOOKS || 494 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 495 BUGPRINT("bad policy\n"); 496 return -EINVAL; 497 } 498 } 499 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 500 (*udc_cnt)++; 501 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 502 BUGPRINT("counter_offset != totalcnt"); 503 return -EINVAL; 504 } 505 *n = ((struct ebt_entries *)e)->nentries; 506 *cnt = 0; 507 return 0; 508 } 509 /* a plain old entry, heh */ 510 if (sizeof(struct ebt_entry) > e->watchers_offset || 511 e->watchers_offset > e->target_offset || 512 e->target_offset >= e->next_offset) { 513 BUGPRINT("entry offsets not in right order\n"); 514 return -EINVAL; 515 } 516 /* this is not checked anywhere else */ 517 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 518 BUGPRINT("target size too small\n"); 519 return -EINVAL; 520 } 521 (*cnt)++; 522 (*totalcnt)++; 523 return 0; 524} 525 526struct ebt_cl_stack 527{ 528 struct ebt_chainstack cs; 529 int from; 530 unsigned int hookmask; 531}; 532 533/* 534 * we need these positions to check that the jumps to a different part of the 535 * entries is a jump to the beginning of a new chain. 536 */ 537static inline int 538ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 539 struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks, 540 struct ebt_cl_stack *udc) 541{ 542 int i; 543 544 /* we're only interested in chain starts */ 545 if (e->bitmask) 546 return 0; 547 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 548 if ((valid_hooks & (1 << i)) == 0) 549 continue; 550 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 551 break; 552 } 553 /* only care about udc */ 554 if (i != NF_BR_NUMHOOKS) 555 return 0; 556 557 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 558 /* these initialisations are depended on later in check_chainloops() */ 559 udc[*n].cs.n = 0; 560 udc[*n].hookmask = 0; 561 562 (*n)++; 563 return 0; 564} 565 566static inline int 567ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 568{ 569 if (i && (*i)-- == 0) 570 return 1; 571 if (m->u.match->destroy) 572 m->u.match->destroy(m->data, m->match_size); 573 module_put(m->u.match->me); 574 575 return 0; 576} 577 578static inline int 579ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 580{ 581 if (i && (*i)-- == 0) 582 return 1; 583 if (w->u.watcher->destroy) 584 w->u.watcher->destroy(w->data, w->watcher_size); 585 module_put(w->u.watcher->me); 586 587 return 0; 588} 589 590static inline int 591ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 592{ 593 struct ebt_entry_target *t; 594 595 if (e->bitmask == 0) 596 return 0; 597 /* we're done */ 598 if (cnt && (*cnt)-- == 0) 599 return 1; 600 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 601 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 602 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 603 if (t->u.target->destroy) 604 t->u.target->destroy(t->data, t->target_size); 605 module_put(t->u.target->me); 606 607 return 0; 608} 609 610static inline int 611ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 612 const char *name, unsigned int *cnt, unsigned int valid_hooks, 613 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 614{ 615 struct ebt_entry_target *t; 616 struct ebt_target *target; 617 unsigned int i, j, hook = 0, hookmask = 0; 618 size_t gap = e->next_offset - e->target_offset; 619 int ret; 620 621 /* don't mess with the struct ebt_entries */ 622 if (e->bitmask == 0) 623 return 0; 624 625 if (e->bitmask & ~EBT_F_MASK) { 626 BUGPRINT("Unknown flag for bitmask\n"); 627 return -EINVAL; 628 } 629 if (e->invflags & ~EBT_INV_MASK) { 630 BUGPRINT("Unknown flag for inv bitmask\n"); 631 return -EINVAL; 632 } 633 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 634 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 635 return -EINVAL; 636 } 637 /* what hook do we belong to? */ 638 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 639 if ((valid_hooks & (1 << i)) == 0) 640 continue; 641 if ((char *)newinfo->hook_entry[i] < (char *)e) 642 hook = i; 643 else 644 break; 645 } 646 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 647 a base chain */ 648 if (i < NF_BR_NUMHOOKS) 649 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 650 else { 651 for (i = 0; i < udc_cnt; i++) 652 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 653 break; 654 if (i == 0) 655 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 656 else 657 hookmask = cl_s[i - 1].hookmask; 658 } 659 i = 0; 660 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); 661 if (ret != 0) 662 goto cleanup_matches; 663 j = 0; 664 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); 665 if (ret != 0) 666 goto cleanup_watchers; 667 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 668 target = find_target_lock(t->u.name, &ret, &ebt_mutex); 669 if (!target) 670 goto cleanup_watchers; 671 if (!try_module_get(target->me)) { 672 mutex_unlock(&ebt_mutex); 673 ret = -ENOENT; 674 goto cleanup_watchers; 675 } 676 mutex_unlock(&ebt_mutex); 677 678 t->u.target = target; 679 if (t->u.target == &ebt_standard_target) { 680 if (gap < sizeof(struct ebt_standard_target)) { 681 BUGPRINT("Standard target size too big\n"); 682 ret = -EFAULT; 683 goto cleanup_watchers; 684 } 685 if (((struct ebt_standard_target *)t)->verdict < 686 -NUM_STANDARD_TARGETS) { 687 BUGPRINT("Invalid standard target\n"); 688 ret = -EFAULT; 689 goto cleanup_watchers; 690 } 691 } else if (t->target_size > gap - sizeof(struct ebt_entry_target) || 692 (t->u.target->check && 693 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){ 694 module_put(t->u.target->me); 695 ret = -EFAULT; 696 goto cleanup_watchers; 697 } 698 (*cnt)++; 699 return 0; 700cleanup_watchers: 701 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 702cleanup_matches: 703 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 704 return ret; 705} 706 707/* 708 * checks for loops and sets the hook mask for udc 709 * the hook mask for udc tells us from which base chains the udc can be 710 * accessed. This mask is a parameter to the check() functions of the extensions 711 */ 712static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 713 unsigned int udc_cnt, unsigned int hooknr, char *base) 714{ 715 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 716 struct ebt_entry *e = (struct ebt_entry *)chain->data; 717 struct ebt_entry_target *t; 718 719 while (pos < nentries || chain_nr != -1) { 720 /* end of udc, go back one 'recursion' step */ 721 if (pos == nentries) { 722 /* put back values of the time when this chain was called */ 723 e = cl_s[chain_nr].cs.e; 724 if (cl_s[chain_nr].from != -1) 725 nentries = 726 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 727 else 728 nentries = chain->nentries; 729 pos = cl_s[chain_nr].cs.n; 730 /* make sure we won't see a loop that isn't one */ 731 cl_s[chain_nr].cs.n = 0; 732 chain_nr = cl_s[chain_nr].from; 733 if (pos == nentries) 734 continue; 735 } 736 t = (struct ebt_entry_target *) 737 (((char *)e) + e->target_offset); 738 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 739 goto letscontinue; 740 if (e->target_offset + sizeof(struct ebt_standard_target) > 741 e->next_offset) { 742 BUGPRINT("Standard target size too big\n"); 743 return -1; 744 } 745 verdict = ((struct ebt_standard_target *)t)->verdict; 746 if (verdict >= 0) { /* jump to another chain */ 747 struct ebt_entries *hlp2 = 748 (struct ebt_entries *)(base + verdict); 749 for (i = 0; i < udc_cnt; i++) 750 if (hlp2 == cl_s[i].cs.chaininfo) 751 break; 752 /* bad destination or loop */ 753 if (i == udc_cnt) { 754 BUGPRINT("bad destination\n"); 755 return -1; 756 } 757 if (cl_s[i].cs.n) { 758 BUGPRINT("loop\n"); 759 return -1; 760 } 761 if (cl_s[i].hookmask & (1 << hooknr)) 762 goto letscontinue; 763 /* this can't be 0, so the loop test is correct */ 764 cl_s[i].cs.n = pos + 1; 765 pos = 0; 766 cl_s[i].cs.e = ((void *)e + e->next_offset); 767 e = (struct ebt_entry *)(hlp2->data); 768 nentries = hlp2->nentries; 769 cl_s[i].from = chain_nr; 770 chain_nr = i; 771 /* this udc is accessible from the base chain for hooknr */ 772 cl_s[i].hookmask |= (1 << hooknr); 773 continue; 774 } 775letscontinue: 776 e = (void *)e + e->next_offset; 777 pos++; 778 } 779 return 0; 780} 781 782/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 783static int translate_table(struct ebt_replace *repl, 784 struct ebt_table_info *newinfo) 785{ 786 unsigned int i, j, k, udc_cnt; 787 int ret; 788 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 789 790 ret = ebt_verify_pointers(repl, newinfo); 791 if (ret != 0) 792 return ret; 793 794 i = 0; 795 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) 796 i++; 797 if (i == NF_BR_NUMHOOKS) { 798 BUGPRINT("No valid hooks specified\n"); 799 return -EINVAL; 800 } 801 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { 802 BUGPRINT("Chains don't start at beginning\n"); 803 return -EINVAL; 804 } 805 /* make sure chains are ordered after each other in same order 806 as their corresponding hooks */ 807 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 808 if (!newinfo->hook_entry[j]) 809 continue; 810 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { 811 BUGPRINT("Hook order must be followed\n"); 812 return -EINVAL; 813 } 814 i = j; 815 } 816 817 /* do some early checkings and initialize some things */ 818 i = 0; /* holds the expected nr. of entries for the chain */ 819 j = 0; /* holds the up to now counted entries for the chain */ 820 k = 0; /* holds the total nr. of entries, should equal 821 newinfo->nentries afterwards */ 822 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 823 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 824 ebt_check_entry_size_and_hooks, newinfo, repl->entries, 825 repl->hook_entry, &i, &j, &k, 826 &udc_cnt, repl->valid_hooks); 827 828 if (ret != 0) 829 return ret; 830 831 if (i != j) { 832 BUGPRINT("nentries does not equal the nr of entries in the " 833 "(last) chain\n"); 834 return -EINVAL; 835 } 836 if (k != newinfo->nentries) { 837 BUGPRINT("Total nentries is wrong\n"); 838 return -EINVAL; 839 } 840 841 /* get the location of the udc, put them in an array 842 while we're at it, allocate the chainstack */ 843 if (udc_cnt) { 844 /* this will get free'd in do_replace()/ebt_register_table() 845 if an error occurs */ 846 newinfo->chainstack = 847 vmalloc((highest_possible_processor_id()+1) 848 * sizeof(*(newinfo->chainstack))); 849 if (!newinfo->chainstack) 850 return -ENOMEM; 851 for_each_possible_cpu(i) { 852 newinfo->chainstack[i] = 853 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); 854 if (!newinfo->chainstack[i]) { 855 while (i) 856 vfree(newinfo->chainstack[--i]); 857 vfree(newinfo->chainstack); 858 newinfo->chainstack = NULL; 859 return -ENOMEM; 860 } 861 } 862 863 cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); 864 if (!cl_s) 865 return -ENOMEM; 866 i = 0; /* the i'th udc */ 867 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 868 ebt_get_udc_positions, newinfo, repl->hook_entry, &i, 869 repl->valid_hooks, cl_s); 870 /* sanity check */ 871 if (i != udc_cnt) { 872 BUGPRINT("i != udc_cnt\n"); 873 vfree(cl_s); 874 return -EFAULT; 875 } 876 } 877 878 /* Check for loops */ 879 for (i = 0; i < NF_BR_NUMHOOKS; i++) 880 if (newinfo->hook_entry[i]) 881 if (check_chainloops(newinfo->hook_entry[i], 882 cl_s, udc_cnt, i, newinfo->entries)) { 883 vfree(cl_s); 884 return -EINVAL; 885 } 886 887 /* we now know the following (along with E=mc�): 888 - the nr of entries in each chain is right 889 - the size of the allocated space is right 890 - all valid hooks have a corresponding chain 891 - there are no loops 892 - wrong data can still be on the level of a single entry 893 - could be there are jumps to places that are not the 894 beginning of a chain. This can only occur in chains that 895 are not accessible from any base chains, so we don't care. */ 896 897 /* used to know what we need to clean up if something goes wrong */ 898 i = 0; 899 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 900 ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks, 901 cl_s, udc_cnt); 902 if (ret != 0) { 903 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 904 ebt_cleanup_entry, &i); 905 } 906 vfree(cl_s); 907 return ret; 908} 909 910/* called under write_lock */ 911static void get_counters(struct ebt_counter *oldcounters, 912 struct ebt_counter *counters, unsigned int nentries) 913{ 914 int i, cpu; 915 struct ebt_counter *counter_base; 916 917 /* counters of cpu 0 */ 918 memcpy(counters, oldcounters, 919 sizeof(struct ebt_counter) * nentries); 920 921 /* add other counters to those of cpu 0 */ 922 for_each_possible_cpu(cpu) { 923 if (cpu == 0) 924 continue; 925 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 926 for (i = 0; i < nentries; i++) { 927 counters[i].pcnt += counter_base[i].pcnt; 928 counters[i].bcnt += counter_base[i].bcnt; 929 } 930 } 931} 932 933/* replace the table */ 934static int do_replace(void __user *user, unsigned int len) 935{ 936 int ret, i, countersize; 937 struct ebt_table_info *newinfo; 938 struct ebt_replace tmp; 939 struct ebt_table *t; 940 struct ebt_counter *counterstmp = NULL; 941 /* used to be able to unlock earlier */ 942 struct ebt_table_info *table; 943 944 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 945 return -EFAULT; 946 947 if (len != sizeof(tmp) + tmp.entries_size) { 948 BUGPRINT("Wrong len argument\n"); 949 return -EINVAL; 950 } 951 952 if (tmp.entries_size == 0) { 953 BUGPRINT("Entries_size never zero\n"); 954 return -EINVAL; 955 } 956 /* overflow check */ 957 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - 958 SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 959 return -ENOMEM; 960 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 961 return -ENOMEM; 962 963 countersize = COUNTER_OFFSET(tmp.nentries) * 964 (highest_possible_processor_id()+1); 965 newinfo = vmalloc(sizeof(*newinfo) + countersize); 966 if (!newinfo) 967 return -ENOMEM; 968 969 if (countersize) 970 memset(newinfo->counters, 0, countersize); 971 972 newinfo->entries = vmalloc(tmp.entries_size); 973 if (!newinfo->entries) { 974 ret = -ENOMEM; 975 goto free_newinfo; 976 } 977 if (copy_from_user( 978 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 979 BUGPRINT("Couldn't copy entries from userspace\n"); 980 ret = -EFAULT; 981 goto free_entries; 982 } 983 984 /* the user wants counters back 985 the check on the size is done later, when we have the lock */ 986 if (tmp.num_counters) { 987 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp)); 988 if (!counterstmp) { 989 ret = -ENOMEM; 990 goto free_entries; 991 } 992 } 993 else 994 counterstmp = NULL; 995 996 /* this can get initialized by translate_table() */ 997 newinfo->chainstack = NULL; 998 ret = translate_table(&tmp, newinfo); 999 1000 if (ret != 0) 1001 goto free_counterstmp; 1002 1003 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1004 if (!t) { 1005 ret = -ENOENT; 1006 goto free_iterate; 1007 } 1008 1009 /* the table doesn't like it */ 1010 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 1011 goto free_unlock; 1012 1013 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 1014 BUGPRINT("Wrong nr. of counters requested\n"); 1015 ret = -EINVAL; 1016 goto free_unlock; 1017 } 1018 1019 /* we have the mutex lock, so no danger in reading this pointer */ 1020 table = t->private; 1021 /* make sure the table can only be rmmod'ed if it contains no rules */ 1022 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 1023 ret = -ENOENT; 1024 goto free_unlock; 1025 } else if (table->nentries && !newinfo->nentries) 1026 module_put(t->me); 1027 /* we need an atomic snapshot of the counters */ 1028 write_lock_bh(&t->lock); 1029 if (tmp.num_counters) 1030 get_counters(t->private->counters, counterstmp, 1031 t->private->nentries); 1032 1033 t->private = newinfo; 1034 write_unlock_bh(&t->lock); 1035 mutex_unlock(&ebt_mutex); 1036 /* so, a user can change the chains while having messed up her counter 1037 allocation. Only reason why this is done is because this way the lock 1038 is held only once, while this doesn't bring the kernel into a 1039 dangerous state. */ 1040 if (tmp.num_counters && 1041 copy_to_user(tmp.counters, counterstmp, 1042 tmp.num_counters * sizeof(struct ebt_counter))) { 1043 BUGPRINT("Couldn't copy counters to userspace\n"); 1044 ret = -EFAULT; 1045 } 1046 else 1047 ret = 0; 1048 1049 /* decrease module count and free resources */ 1050 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1051 ebt_cleanup_entry, NULL); 1052 1053 vfree(table->entries); 1054 if (table->chainstack) { 1055 for_each_possible_cpu(i) 1056 vfree(table->chainstack[i]); 1057 vfree(table->chainstack); 1058 } 1059 vfree(table); 1060 1061 vfree(counterstmp); 1062 return ret; 1063 1064free_unlock: 1065 mutex_unlock(&ebt_mutex); 1066free_iterate: 1067 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1068 ebt_cleanup_entry, NULL); 1069free_counterstmp: 1070 vfree(counterstmp); 1071 /* can be initialized in translate_table() */ 1072 if (newinfo->chainstack) { 1073 for_each_possible_cpu(i) 1074 vfree(newinfo->chainstack[i]); 1075 vfree(newinfo->chainstack); 1076 } 1077free_entries: 1078 vfree(newinfo->entries); 1079free_newinfo: 1080 vfree(newinfo); 1081 return ret; 1082} 1083 1084int ebt_register_target(struct ebt_target *target) 1085{ 1086 struct ebt_target *t; 1087 int ret; 1088 1089 ret = mutex_lock_interruptible(&ebt_mutex); 1090 if (ret != 0) 1091 return ret; 1092 list_for_each_entry(t, &ebt_targets, list) { 1093 if (strcmp(t->name, target->name) == 0) { 1094 mutex_unlock(&ebt_mutex); 1095 return -EEXIST; 1096 } 1097 } 1098 list_add(&target->list, &ebt_targets); 1099 mutex_unlock(&ebt_mutex); 1100 1101 return 0; 1102} 1103 1104void ebt_unregister_target(struct ebt_target *target) 1105{ 1106 mutex_lock(&ebt_mutex); 1107 list_del(&target->list); 1108 mutex_unlock(&ebt_mutex); 1109} 1110 1111int ebt_register_match(struct ebt_match *match) 1112{ 1113 struct ebt_match *m; 1114 int ret; 1115 1116 ret = mutex_lock_interruptible(&ebt_mutex); 1117 if (ret != 0) 1118 return ret; 1119 list_for_each_entry(m, &ebt_matches, list) { 1120 if (strcmp(m->name, match->name) == 0) { 1121 mutex_unlock(&ebt_mutex); 1122 return -EEXIST; 1123 } 1124 } 1125 list_add(&match->list, &ebt_matches); 1126 mutex_unlock(&ebt_mutex); 1127 1128 return 0; 1129} 1130 1131void ebt_unregister_match(struct ebt_match *match) 1132{ 1133 mutex_lock(&ebt_mutex); 1134 list_del(&match->list); 1135 mutex_unlock(&ebt_mutex); 1136} 1137 1138int ebt_register_watcher(struct ebt_watcher *watcher) 1139{ 1140 struct ebt_watcher *w; 1141 int ret; 1142 1143 ret = mutex_lock_interruptible(&ebt_mutex); 1144 if (ret != 0) 1145 return ret; 1146 list_for_each_entry(w, &ebt_watchers, list) { 1147 if (strcmp(w->name, watcher->name) == 0) { 1148 mutex_unlock(&ebt_mutex); 1149 return -EEXIST; 1150 } 1151 } 1152 list_add(&watcher->list, &ebt_watchers); 1153 mutex_unlock(&ebt_mutex); 1154 1155 return 0; 1156} 1157 1158void ebt_unregister_watcher(struct ebt_watcher *watcher) 1159{ 1160 mutex_lock(&ebt_mutex); 1161 list_del(&watcher->list); 1162 mutex_unlock(&ebt_mutex); 1163} 1164 1165int ebt_register_table(struct ebt_table *table) 1166{ 1167 struct ebt_table_info *newinfo; 1168 struct ebt_table *t; 1169 int ret, i, countersize; 1170 1171 if (!table || !table->table ||!table->table->entries || 1172 table->table->entries_size == 0 || 1173 table->table->counters || table->private) { 1174 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1175 return -EINVAL; 1176 } 1177 1178 countersize = COUNTER_OFFSET(table->table->nentries) * 1179 (highest_possible_processor_id()+1); 1180 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1181 ret = -ENOMEM; 1182 if (!newinfo) 1183 return -ENOMEM; 1184 1185 newinfo->entries = vmalloc(table->table->entries_size); 1186 if (!(newinfo->entries)) 1187 goto free_newinfo; 1188 1189 memcpy(newinfo->entries, table->table->entries, 1190 table->table->entries_size); 1191 1192 if (countersize) 1193 memset(newinfo->counters, 0, countersize); 1194 1195 /* fill in newinfo and parse the entries */ 1196 newinfo->chainstack = NULL; 1197 ret = translate_table(table->table, newinfo); 1198 if (ret != 0) { 1199 BUGPRINT("Translate_table failed\n"); 1200 goto free_chainstack; 1201 } 1202 1203 if (table->check && table->check(newinfo, table->valid_hooks)) { 1204 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1205 return -EINVAL; 1206 } 1207 1208 table->private = newinfo; 1209 rwlock_init(&table->lock); 1210 ret = mutex_lock_interruptible(&ebt_mutex); 1211 if (ret != 0) 1212 goto free_chainstack; 1213 1214 list_for_each_entry(t, &ebt_tables, list) { 1215 if (strcmp(t->name, table->name) == 0) { 1216 ret = -EEXIST; 1217 BUGPRINT("Table name already exists\n"); 1218 goto free_unlock; 1219 } 1220 } 1221 1222 /* Hold a reference count if the chains aren't empty */ 1223 if (newinfo->nentries && !try_module_get(table->me)) { 1224 ret = -ENOENT; 1225 goto free_unlock; 1226 } 1227 list_add(&table->list, &ebt_tables); 1228 mutex_unlock(&ebt_mutex); 1229 return 0; 1230free_unlock: 1231 mutex_unlock(&ebt_mutex); 1232free_chainstack: 1233 if (newinfo->chainstack) { 1234 for_each_possible_cpu(i) 1235 vfree(newinfo->chainstack[i]); 1236 vfree(newinfo->chainstack); 1237 } 1238 vfree(newinfo->entries); 1239free_newinfo: 1240 vfree(newinfo); 1241 return ret; 1242} 1243 1244void ebt_unregister_table(struct ebt_table *table) 1245{ 1246 int i; 1247 1248 if (!table) { 1249 BUGPRINT("Request to unregister NULL table!!!\n"); 1250 return; 1251 } 1252 mutex_lock(&ebt_mutex); 1253 list_del(&table->list); 1254 mutex_unlock(&ebt_mutex); 1255 vfree(table->private->entries); 1256 if (table->private->chainstack) { 1257 for_each_possible_cpu(i) 1258 vfree(table->private->chainstack[i]); 1259 vfree(table->private->chainstack); 1260 } 1261 vfree(table->private); 1262} 1263 1264/* userspace just supplied us with counters */ 1265static int update_counters(void __user *user, unsigned int len) 1266{ 1267 int i, ret; 1268 struct ebt_counter *tmp; 1269 struct ebt_replace hlp; 1270 struct ebt_table *t; 1271 1272 if (copy_from_user(&hlp, user, sizeof(hlp))) 1273 return -EFAULT; 1274 1275 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1276 return -EINVAL; 1277 if (hlp.num_counters == 0) 1278 return -EINVAL; 1279 1280 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) { 1281 MEMPRINT("Update_counters && nomemory\n"); 1282 return -ENOMEM; 1283 } 1284 1285 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1286 if (!t) 1287 goto free_tmp; 1288 1289 if (hlp.num_counters != t->private->nentries) { 1290 BUGPRINT("Wrong nr of counters\n"); 1291 ret = -EINVAL; 1292 goto unlock_mutex; 1293 } 1294 1295 if ( copy_from_user(tmp, hlp.counters, 1296 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1297 BUGPRINT("Updata_counters && !cfu\n"); 1298 ret = -EFAULT; 1299 goto unlock_mutex; 1300 } 1301 1302 /* we want an atomic add of the counters */ 1303 write_lock_bh(&t->lock); 1304 1305 /* we add to the counters of the first cpu */ 1306 for (i = 0; i < hlp.num_counters; i++) { 1307 t->private->counters[i].pcnt += tmp[i].pcnt; 1308 t->private->counters[i].bcnt += tmp[i].bcnt; 1309 } 1310 1311 write_unlock_bh(&t->lock); 1312 ret = 0; 1313unlock_mutex: 1314 mutex_unlock(&ebt_mutex); 1315free_tmp: 1316 vfree(tmp); 1317 return ret; 1318} 1319 1320static inline int ebt_make_matchname(struct ebt_entry_match *m, 1321 char *base, char *ubase) 1322{ 1323 char *hlp = ubase - base + (char *)m; 1324 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1325 return -EFAULT; 1326 return 0; 1327} 1328 1329static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1330 char *base, char *ubase) 1331{ 1332 char *hlp = ubase - base + (char *)w; 1333 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1334 return -EFAULT; 1335 return 0; 1336} 1337 1338static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) 1339{ 1340 int ret; 1341 char *hlp; 1342 struct ebt_entry_target *t; 1343 1344 if (e->bitmask == 0) 1345 return 0; 1346 1347 hlp = ubase - base + (char *)e + e->target_offset; 1348 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1349 1350 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1351 if (ret != 0) 1352 return ret; 1353 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1354 if (ret != 0) 1355 return ret; 1356 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1357 return -EFAULT; 1358 return 0; 1359} 1360 1361/* called with ebt_mutex locked */ 1362static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1363 int *len, int cmd) 1364{ 1365 struct ebt_replace tmp; 1366 struct ebt_counter *counterstmp, *oldcounters; 1367 unsigned int entries_size, nentries; 1368 char *entries; 1369 1370 if (cmd == EBT_SO_GET_ENTRIES) { 1371 entries_size = t->private->entries_size; 1372 nentries = t->private->nentries; 1373 entries = t->private->entries; 1374 oldcounters = t->private->counters; 1375 } else { 1376 entries_size = t->table->entries_size; 1377 nentries = t->table->nentries; 1378 entries = t->table->entries; 1379 oldcounters = t->table->counters; 1380 } 1381 1382 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1383 BUGPRINT("Cfu didn't work\n"); 1384 return -EFAULT; 1385 } 1386 1387 if (*len != sizeof(struct ebt_replace) + entries_size + 1388 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1389 BUGPRINT("Wrong size\n"); 1390 return -EINVAL; 1391 } 1392 1393 if (tmp.nentries != nentries) { 1394 BUGPRINT("Nentries wrong\n"); 1395 return -EINVAL; 1396 } 1397 1398 if (tmp.entries_size != entries_size) { 1399 BUGPRINT("Wrong size\n"); 1400 return -EINVAL; 1401 } 1402 1403 /* userspace might not need the counters */ 1404 if (tmp.num_counters) { 1405 if (tmp.num_counters != nentries) { 1406 BUGPRINT("Num_counters wrong\n"); 1407 return -EINVAL; 1408 } 1409 counterstmp = vmalloc(nentries * sizeof(*counterstmp)); 1410 if (!counterstmp) { 1411 MEMPRINT("Couldn't copy counters, out of memory\n"); 1412 return -ENOMEM; 1413 } 1414 write_lock_bh(&t->lock); 1415 get_counters(oldcounters, counterstmp, nentries); 1416 write_unlock_bh(&t->lock); 1417 1418 if (copy_to_user(tmp.counters, counterstmp, 1419 nentries * sizeof(struct ebt_counter))) { 1420 BUGPRINT("Couldn't copy counters to userspace\n"); 1421 vfree(counterstmp); 1422 return -EFAULT; 1423 } 1424 vfree(counterstmp); 1425 } 1426 1427 if (copy_to_user(tmp.entries, entries, entries_size)) { 1428 BUGPRINT("Couldn't copy entries to userspace\n"); 1429 return -EFAULT; 1430 } 1431 /* set the match/watcher/target names right */ 1432 return EBT_ENTRY_ITERATE(entries, entries_size, 1433 ebt_make_names, entries, tmp.entries); 1434} 1435 1436static int do_ebt_set_ctl(struct sock *sk, 1437 int cmd, void __user *user, unsigned int len) 1438{ 1439 int ret; 1440 1441 switch(cmd) { 1442 case EBT_SO_SET_ENTRIES: 1443 ret = do_replace(user, len); 1444 break; 1445 case EBT_SO_SET_COUNTERS: 1446 ret = update_counters(user, len); 1447 break; 1448 default: 1449 ret = -EINVAL; 1450 } 1451 return ret; 1452} 1453 1454static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1455{ 1456 int ret; 1457 struct ebt_replace tmp; 1458 struct ebt_table *t; 1459 1460 if (copy_from_user(&tmp, user, sizeof(tmp))) 1461 return -EFAULT; 1462 1463 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1464 if (!t) 1465 return ret; 1466 1467 switch(cmd) { 1468 case EBT_SO_GET_INFO: 1469 case EBT_SO_GET_INIT_INFO: 1470 if (*len != sizeof(struct ebt_replace)){ 1471 ret = -EINVAL; 1472 mutex_unlock(&ebt_mutex); 1473 break; 1474 } 1475 if (cmd == EBT_SO_GET_INFO) { 1476 tmp.nentries = t->private->nentries; 1477 tmp.entries_size = t->private->entries_size; 1478 tmp.valid_hooks = t->valid_hooks; 1479 } else { 1480 tmp.nentries = t->table->nentries; 1481 tmp.entries_size = t->table->entries_size; 1482 tmp.valid_hooks = t->table->valid_hooks; 1483 } 1484 mutex_unlock(&ebt_mutex); 1485 if (copy_to_user(user, &tmp, *len) != 0){ 1486 BUGPRINT("c2u Didn't work\n"); 1487 ret = -EFAULT; 1488 break; 1489 } 1490 ret = 0; 1491 break; 1492 1493 case EBT_SO_GET_ENTRIES: 1494 case EBT_SO_GET_INIT_ENTRIES: 1495 ret = copy_everything_to_user(t, user, len, cmd); 1496 mutex_unlock(&ebt_mutex); 1497 break; 1498 1499 default: 1500 mutex_unlock(&ebt_mutex); 1501 ret = -EINVAL; 1502 } 1503 1504 return ret; 1505} 1506 1507static struct nf_sockopt_ops ebt_sockopts = 1508{ 1509 .pf = PF_INET, 1510 .set_optmin = EBT_BASE_CTL, 1511 .set_optmax = EBT_SO_SET_MAX + 1, 1512 .set = do_ebt_set_ctl, 1513 .get_optmin = EBT_BASE_CTL, 1514 .get_optmax = EBT_SO_GET_MAX + 1, 1515 .get = do_ebt_get_ctl, 1516}; 1517 1518static int __init ebtables_init(void) 1519{ 1520 int ret; 1521 1522 mutex_lock(&ebt_mutex); 1523 list_add(&ebt_standard_target.list, &ebt_targets); 1524 mutex_unlock(&ebt_mutex); 1525 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) 1526 return ret; 1527 1528 printk(KERN_NOTICE "Ebtables v2.0 registered\n"); 1529 return 0; 1530} 1531 1532static void __exit ebtables_fini(void) 1533{ 1534 nf_unregister_sockopt(&ebt_sockopts); 1535 printk(KERN_NOTICE "Ebtables v2.0 unregistered\n"); 1536} 1537 1538EXPORT_SYMBOL(ebt_register_table); 1539EXPORT_SYMBOL(ebt_unregister_table); 1540EXPORT_SYMBOL(ebt_register_match); 1541EXPORT_SYMBOL(ebt_unregister_match); 1542EXPORT_SYMBOL(ebt_register_watcher); 1543EXPORT_SYMBOL(ebt_unregister_watcher); 1544EXPORT_SYMBOL(ebt_register_target); 1545EXPORT_SYMBOL(ebt_unregister_target); 1546EXPORT_SYMBOL(ebt_do_table); 1547module_init(ebtables_init); 1548module_exit(ebtables_fini); 1549MODULE_LICENSE("GPL"); 1550