ebtables.c revision 49facff9f92508413f3da598f86aaf6c1121ff27
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 19#include <linux/kmod.h> 20#include <linux/module.h> 21#include <linux/vmalloc.h> 22#include <linux/netfilter/x_tables.h> 23#include <linux/netfilter_bridge/ebtables.h> 24#include <linux/spinlock.h> 25#include <linux/mutex.h> 26#include <asm/uaccess.h> 27#include <linux/smp.h> 28#include <linux/cpumask.h> 29#include <net/sock.h> 30/* needed for logical [in,out]-dev filtering */ 31#include "../br_private.h" 32 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 34 "report to author: "format, ## args) 35/* #define BUGPRINT(format, args...) */ 36 37/* 38 * Each cpu has its own set of counters, so there is no need for write_lock in 39 * the softirq 40 * For reading or updating the counters, the user context needs to 41 * get a write_lock 42 */ 43 44/* The size of each set of counters is altered to get cache alignment */ 45#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 46#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 47#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 48 COUNTER_OFFSET(n) * cpu)) 49 50 51 52static DEFINE_MUTEX(ebt_mutex); 53 54static struct xt_target ebt_standard_target = { 55 .name = "standard", 56 .revision = 0, 57 .family = NFPROTO_BRIDGE, 58 .targetsize = sizeof(int), 59}; 60 61static inline int 62ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, 63 struct xt_target_param *par) 64{ 65 par->target = w->u.watcher; 66 par->targinfo = w->data; 67 w->u.watcher->target(skb, par); 68 /* watchers don't give a verdict */ 69 return 0; 70} 71 72static inline int ebt_do_match (struct ebt_entry_match *m, 73 const struct sk_buff *skb, struct xt_match_param *par) 74{ 75 par->match = m->u.match; 76 par->matchinfo = m->data; 77 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH; 78} 79 80static inline int 81ebt_dev_check(const char *entry, const struct net_device *device) 82{ 83 int i = 0; 84 const char *devname; 85 86 if (*entry == '\0') 87 return 0; 88 if (!device) 89 return 1; 90 devname = device->name; 91 /* 1 is the wildcard token */ 92 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 93 i++; 94 return (devname[i] != entry[i] && entry[i] != 1); 95} 96 97#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 98/* process standard matches */ 99static inline int 100ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h, 101 const struct net_device *in, const struct net_device *out) 102{ 103 int verdict, i; 104 105 if (e->bitmask & EBT_802_3) { 106 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 107 return 1; 108 } else if (!(e->bitmask & EBT_NOPROTO) && 109 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 110 return 1; 111 112 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 113 return 1; 114 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 115 return 1; 116 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 117 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 118 return 1; 119 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 120 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 121 return 1; 122 123 if (e->bitmask & EBT_SOURCEMAC) { 124 verdict = 0; 125 for (i = 0; i < 6; i++) 126 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 127 e->sourcemsk[i]; 128 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 129 return 1; 130 } 131 if (e->bitmask & EBT_DESTMAC) { 132 verdict = 0; 133 for (i = 0; i < 6; i++) 134 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 135 e->destmsk[i]; 136 if (FWINV2(verdict != 0, EBT_IDEST) ) 137 return 1; 138 } 139 return 0; 140} 141 142static inline __pure 143struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry) 144{ 145 return (void *)entry + entry->next_offset; 146} 147 148/* Do some firewalling */ 149unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, 150 const struct net_device *in, const struct net_device *out, 151 struct ebt_table *table) 152{ 153 int i, nentries; 154 struct ebt_entry *point; 155 struct ebt_counter *counter_base, *cb_base; 156 const struct ebt_entry_target *t; 157 int verdict, sp = 0; 158 struct ebt_chainstack *cs; 159 struct ebt_entries *chaininfo; 160 const char *base; 161 const struct ebt_table_info *private; 162 bool hotdrop = false; 163 struct xt_match_param mtpar; 164 struct xt_target_param tgpar; 165 166 mtpar.family = tgpar.family = NFPROTO_BRIDGE; 167 mtpar.in = tgpar.in = in; 168 mtpar.out = tgpar.out = out; 169 mtpar.hotdrop = &hotdrop; 170 mtpar.hooknum = tgpar.hooknum = hook; 171 172 read_lock_bh(&table->lock); 173 private = table->private; 174 cb_base = COUNTER_BASE(private->counters, private->nentries, 175 smp_processor_id()); 176 if (private->chainstack) 177 cs = private->chainstack[smp_processor_id()]; 178 else 179 cs = NULL; 180 chaininfo = private->hook_entry[hook]; 181 nentries = private->hook_entry[hook]->nentries; 182 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 183 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 184 /* base for chain jumps */ 185 base = private->entries; 186 i = 0; 187 while (i < nentries) { 188 if (ebt_basic_match(point, eth_hdr(skb), in, out)) 189 goto letscontinue; 190 191 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0) 192 goto letscontinue; 193 if (hotdrop) { 194 read_unlock_bh(&table->lock); 195 return NF_DROP; 196 } 197 198 /* increase counter */ 199 (*(counter_base + i)).pcnt++; 200 (*(counter_base + i)).bcnt += skb->len; 201 202 /* these should only watch: not modify, nor tell us 203 what to do with the packet */ 204 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar); 205 206 t = (struct ebt_entry_target *) 207 (((char *)point) + point->target_offset); 208 /* standard target */ 209 if (!t->u.target->target) 210 verdict = ((struct ebt_standard_target *)t)->verdict; 211 else { 212 tgpar.target = t->u.target; 213 tgpar.targinfo = t->data; 214 verdict = t->u.target->target(skb, &tgpar); 215 } 216 if (verdict == EBT_ACCEPT) { 217 read_unlock_bh(&table->lock); 218 return NF_ACCEPT; 219 } 220 if (verdict == EBT_DROP) { 221 read_unlock_bh(&table->lock); 222 return NF_DROP; 223 } 224 if (verdict == EBT_RETURN) { 225letsreturn: 226#ifdef CONFIG_NETFILTER_DEBUG 227 if (sp == 0) { 228 BUGPRINT("RETURN on base chain"); 229 /* act like this is EBT_CONTINUE */ 230 goto letscontinue; 231 } 232#endif 233 sp--; 234 /* put all the local variables right */ 235 i = cs[sp].n; 236 chaininfo = cs[sp].chaininfo; 237 nentries = chaininfo->nentries; 238 point = cs[sp].e; 239 counter_base = cb_base + 240 chaininfo->counter_offset; 241 continue; 242 } 243 if (verdict == EBT_CONTINUE) 244 goto letscontinue; 245#ifdef CONFIG_NETFILTER_DEBUG 246 if (verdict < 0) { 247 BUGPRINT("bogus standard verdict\n"); 248 read_unlock_bh(&table->lock); 249 return NF_DROP; 250 } 251#endif 252 /* jump to a udc */ 253 cs[sp].n = i + 1; 254 cs[sp].chaininfo = chaininfo; 255 cs[sp].e = ebt_next_entry(point); 256 i = 0; 257 chaininfo = (struct ebt_entries *) (base + verdict); 258#ifdef CONFIG_NETFILTER_DEBUG 259 if (chaininfo->distinguisher) { 260 BUGPRINT("jump to non-chain\n"); 261 read_unlock_bh(&table->lock); 262 return NF_DROP; 263 } 264#endif 265 nentries = chaininfo->nentries; 266 point = (struct ebt_entry *)chaininfo->data; 267 counter_base = cb_base + chaininfo->counter_offset; 268 sp++; 269 continue; 270letscontinue: 271 point = ebt_next_entry(point); 272 i++; 273 } 274 275 /* I actually like this :) */ 276 if (chaininfo->policy == EBT_RETURN) 277 goto letsreturn; 278 if (chaininfo->policy == EBT_ACCEPT) { 279 read_unlock_bh(&table->lock); 280 return NF_ACCEPT; 281 } 282 read_unlock_bh(&table->lock); 283 return NF_DROP; 284} 285 286/* If it succeeds, returns element and locks mutex */ 287static inline void * 288find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 289 struct mutex *mutex) 290{ 291 struct { 292 struct list_head list; 293 char name[EBT_FUNCTION_MAXNAMELEN]; 294 } *e; 295 296 *error = mutex_lock_interruptible(mutex); 297 if (*error != 0) 298 return NULL; 299 300 list_for_each_entry(e, head, list) { 301 if (strcmp(e->name, name) == 0) 302 return e; 303 } 304 *error = -ENOENT; 305 mutex_unlock(mutex); 306 return NULL; 307} 308 309static void * 310find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 311 int *error, struct mutex *mutex) 312{ 313 return try_then_request_module( 314 find_inlist_lock_noload(head, name, error, mutex), 315 "%s%s", prefix, name); 316} 317 318static inline struct ebt_table * 319find_table_lock(struct net *net, const char *name, int *error, 320 struct mutex *mutex) 321{ 322 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name, 323 "ebtable_", error, mutex); 324} 325 326static inline int 327ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par, 328 unsigned int *cnt) 329{ 330 const struct ebt_entry *e = par->entryinfo; 331 struct xt_match *match; 332 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 333 int ret; 334 335 if (left < sizeof(struct ebt_entry_match) || 336 left - sizeof(struct ebt_entry_match) < m->match_size) 337 return -EINVAL; 338 339 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, 340 m->u.name, 0), "ebt_%s", m->u.name); 341 if (IS_ERR(match)) 342 return PTR_ERR(match); 343 if (match == NULL) 344 return -ENOENT; 345 m->u.match = match; 346 347 par->match = match; 348 par->matchinfo = m->data; 349 ret = xt_check_match(par, m->match_size, 350 e->ethproto, e->invflags & EBT_IPROTO); 351 if (ret < 0) { 352 module_put(match->me); 353 return ret; 354 } 355 356 (*cnt)++; 357 return 0; 358} 359 360static inline int 361ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par, 362 unsigned int *cnt) 363{ 364 const struct ebt_entry *e = par->entryinfo; 365 struct xt_target *watcher; 366 size_t left = ((char *)e + e->target_offset) - (char *)w; 367 int ret; 368 369 if (left < sizeof(struct ebt_entry_watcher) || 370 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 371 return -EINVAL; 372 373 watcher = try_then_request_module( 374 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0), 375 "ebt_%s", w->u.name); 376 if (IS_ERR(watcher)) 377 return PTR_ERR(watcher); 378 if (watcher == NULL) 379 return -ENOENT; 380 w->u.watcher = watcher; 381 382 par->target = watcher; 383 par->targinfo = w->data; 384 ret = xt_check_target(par, w->watcher_size, 385 e->ethproto, e->invflags & EBT_IPROTO); 386 if (ret < 0) { 387 module_put(watcher->me); 388 return ret; 389 } 390 391 (*cnt)++; 392 return 0; 393} 394 395static int ebt_verify_pointers(const struct ebt_replace *repl, 396 struct ebt_table_info *newinfo) 397{ 398 unsigned int limit = repl->entries_size; 399 unsigned int valid_hooks = repl->valid_hooks; 400 unsigned int offset = 0; 401 int i; 402 403 for (i = 0; i < NF_BR_NUMHOOKS; i++) 404 newinfo->hook_entry[i] = NULL; 405 406 newinfo->entries_size = repl->entries_size; 407 newinfo->nentries = repl->nentries; 408 409 while (offset < limit) { 410 size_t left = limit - offset; 411 struct ebt_entry *e = (void *)newinfo->entries + offset; 412 413 if (left < sizeof(unsigned int)) 414 break; 415 416 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 417 if ((valid_hooks & (1 << i)) == 0) 418 continue; 419 if ((char __user *)repl->hook_entry[i] == 420 repl->entries + offset) 421 break; 422 } 423 424 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 425 if (e->bitmask != 0) { 426 /* we make userspace set this right, 427 so there is no misunderstanding */ 428 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 429 "in distinguisher\n"); 430 return -EINVAL; 431 } 432 if (i != NF_BR_NUMHOOKS) 433 newinfo->hook_entry[i] = (struct ebt_entries *)e; 434 if (left < sizeof(struct ebt_entries)) 435 break; 436 offset += sizeof(struct ebt_entries); 437 } else { 438 if (left < sizeof(struct ebt_entry)) 439 break; 440 if (left < e->next_offset) 441 break; 442 if (e->next_offset < sizeof(struct ebt_entry)) 443 return -EINVAL; 444 offset += e->next_offset; 445 } 446 } 447 if (offset != limit) { 448 BUGPRINT("entries_size too small\n"); 449 return -EINVAL; 450 } 451 452 /* check if all valid hooks have a chain */ 453 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 454 if (!newinfo->hook_entry[i] && 455 (valid_hooks & (1 << i))) { 456 BUGPRINT("Valid hook without chain\n"); 457 return -EINVAL; 458 } 459 } 460 return 0; 461} 462 463/* 464 * this one is very careful, as it is the first function 465 * to parse the userspace data 466 */ 467static inline int 468ebt_check_entry_size_and_hooks(const struct ebt_entry *e, 469 const struct ebt_table_info *newinfo, 470 unsigned int *n, unsigned int *cnt, 471 unsigned int *totalcnt, unsigned int *udc_cnt) 472{ 473 int i; 474 475 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 476 if ((void *)e == (void *)newinfo->hook_entry[i]) 477 break; 478 } 479 /* beginning of a new chain 480 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 481 if (i != NF_BR_NUMHOOKS || !e->bitmask) { 482 /* this checks if the previous chain has as many entries 483 as it said it has */ 484 if (*n != *cnt) { 485 BUGPRINT("nentries does not equal the nr of entries " 486 "in the chain\n"); 487 return -EINVAL; 488 } 489 if (((struct ebt_entries *)e)->policy != EBT_DROP && 490 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 491 /* only RETURN from udc */ 492 if (i != NF_BR_NUMHOOKS || 493 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 494 BUGPRINT("bad policy\n"); 495 return -EINVAL; 496 } 497 } 498 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 499 (*udc_cnt)++; 500 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 501 BUGPRINT("counter_offset != totalcnt"); 502 return -EINVAL; 503 } 504 *n = ((struct ebt_entries *)e)->nentries; 505 *cnt = 0; 506 return 0; 507 } 508 /* a plain old entry, heh */ 509 if (sizeof(struct ebt_entry) > e->watchers_offset || 510 e->watchers_offset > e->target_offset || 511 e->target_offset >= e->next_offset) { 512 BUGPRINT("entry offsets not in right order\n"); 513 return -EINVAL; 514 } 515 /* this is not checked anywhere else */ 516 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 517 BUGPRINT("target size too small\n"); 518 return -EINVAL; 519 } 520 (*cnt)++; 521 (*totalcnt)++; 522 return 0; 523} 524 525struct ebt_cl_stack 526{ 527 struct ebt_chainstack cs; 528 int from; 529 unsigned int hookmask; 530}; 531 532/* 533 * we need these positions to check that the jumps to a different part of the 534 * entries is a jump to the beginning of a new chain. 535 */ 536static inline int 537ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 538 unsigned int *n, struct ebt_cl_stack *udc) 539{ 540 int i; 541 542 /* we're only interested in chain starts */ 543 if (e->bitmask) 544 return 0; 545 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 546 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 547 break; 548 } 549 /* only care about udc */ 550 if (i != NF_BR_NUMHOOKS) 551 return 0; 552 553 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 554 /* these initialisations are depended on later in check_chainloops() */ 555 udc[*n].cs.n = 0; 556 udc[*n].hookmask = 0; 557 558 (*n)++; 559 return 0; 560} 561 562static inline int 563ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i) 564{ 565 struct xt_mtdtor_param par; 566 567 if (i && (*i)-- == 0) 568 return 1; 569 570 par.net = net; 571 par.match = m->u.match; 572 par.matchinfo = m->data; 573 par.family = NFPROTO_BRIDGE; 574 if (par.match->destroy != NULL) 575 par.match->destroy(&par); 576 module_put(par.match->me); 577 return 0; 578} 579 580static inline int 581ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i) 582{ 583 struct xt_tgdtor_param par; 584 585 if (i && (*i)-- == 0) 586 return 1; 587 588 par.net = net; 589 par.target = w->u.watcher; 590 par.targinfo = w->data; 591 par.family = NFPROTO_BRIDGE; 592 if (par.target->destroy != NULL) 593 par.target->destroy(&par); 594 module_put(par.target->me); 595 return 0; 596} 597 598static inline int 599ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt) 600{ 601 struct xt_tgdtor_param par; 602 struct ebt_entry_target *t; 603 604 if (e->bitmask == 0) 605 return 0; 606 /* we're done */ 607 if (cnt && (*cnt)-- == 0) 608 return 1; 609 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL); 610 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL); 611 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 612 613 par.net = net; 614 par.target = t->u.target; 615 par.targinfo = t->data; 616 par.family = NFPROTO_BRIDGE; 617 if (par.target->destroy != NULL) 618 par.target->destroy(&par); 619 module_put(par.target->me); 620 return 0; 621} 622 623static inline int 624ebt_check_entry(struct ebt_entry *e, struct net *net, 625 const struct ebt_table_info *newinfo, 626 const char *name, unsigned int *cnt, 627 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 628{ 629 struct ebt_entry_target *t; 630 struct xt_target *target; 631 unsigned int i, j, hook = 0, hookmask = 0; 632 size_t gap; 633 int ret; 634 struct xt_mtchk_param mtpar; 635 struct xt_tgchk_param tgpar; 636 637 /* don't mess with the struct ebt_entries */ 638 if (e->bitmask == 0) 639 return 0; 640 641 if (e->bitmask & ~EBT_F_MASK) { 642 BUGPRINT("Unknown flag for bitmask\n"); 643 return -EINVAL; 644 } 645 if (e->invflags & ~EBT_INV_MASK) { 646 BUGPRINT("Unknown flag for inv bitmask\n"); 647 return -EINVAL; 648 } 649 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 650 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 651 return -EINVAL; 652 } 653 /* what hook do we belong to? */ 654 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 655 if (!newinfo->hook_entry[i]) 656 continue; 657 if ((char *)newinfo->hook_entry[i] < (char *)e) 658 hook = i; 659 else 660 break; 661 } 662 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 663 a base chain */ 664 if (i < NF_BR_NUMHOOKS) 665 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 666 else { 667 for (i = 0; i < udc_cnt; i++) 668 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 669 break; 670 if (i == 0) 671 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 672 else 673 hookmask = cl_s[i - 1].hookmask; 674 } 675 i = 0; 676 677 mtpar.net = tgpar.net = net; 678 mtpar.table = tgpar.table = name; 679 mtpar.entryinfo = tgpar.entryinfo = e; 680 mtpar.hook_mask = tgpar.hook_mask = hookmask; 681 mtpar.family = tgpar.family = NFPROTO_BRIDGE; 682 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i); 683 if (ret != 0) 684 goto cleanup_matches; 685 j = 0; 686 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j); 687 if (ret != 0) 688 goto cleanup_watchers; 689 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 690 gap = e->next_offset - e->target_offset; 691 692 target = try_then_request_module( 693 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0), 694 "ebt_%s", t->u.name); 695 if (IS_ERR(target)) { 696 ret = PTR_ERR(target); 697 goto cleanup_watchers; 698 } else if (target == NULL) { 699 ret = -ENOENT; 700 goto cleanup_watchers; 701 } 702 703 t->u.target = target; 704 if (t->u.target == &ebt_standard_target) { 705 if (gap < sizeof(struct ebt_standard_target)) { 706 BUGPRINT("Standard target size too big\n"); 707 ret = -EFAULT; 708 goto cleanup_watchers; 709 } 710 if (((struct ebt_standard_target *)t)->verdict < 711 -NUM_STANDARD_TARGETS) { 712 BUGPRINT("Invalid standard target\n"); 713 ret = -EFAULT; 714 goto cleanup_watchers; 715 } 716 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) { 717 module_put(t->u.target->me); 718 ret = -EFAULT; 719 goto cleanup_watchers; 720 } 721 722 tgpar.target = target; 723 tgpar.targinfo = t->data; 724 ret = xt_check_target(&tgpar, t->target_size, 725 e->ethproto, e->invflags & EBT_IPROTO); 726 if (ret < 0) { 727 module_put(target->me); 728 goto cleanup_watchers; 729 } 730 (*cnt)++; 731 return 0; 732cleanup_watchers: 733 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j); 734cleanup_matches: 735 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i); 736 return ret; 737} 738 739/* 740 * checks for loops and sets the hook mask for udc 741 * the hook mask for udc tells us from which base chains the udc can be 742 * accessed. This mask is a parameter to the check() functions of the extensions 743 */ 744static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 745 unsigned int udc_cnt, unsigned int hooknr, char *base) 746{ 747 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 748 const struct ebt_entry *e = (struct ebt_entry *)chain->data; 749 const struct ebt_entry_target *t; 750 751 while (pos < nentries || chain_nr != -1) { 752 /* end of udc, go back one 'recursion' step */ 753 if (pos == nentries) { 754 /* put back values of the time when this chain was called */ 755 e = cl_s[chain_nr].cs.e; 756 if (cl_s[chain_nr].from != -1) 757 nentries = 758 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 759 else 760 nentries = chain->nentries; 761 pos = cl_s[chain_nr].cs.n; 762 /* make sure we won't see a loop that isn't one */ 763 cl_s[chain_nr].cs.n = 0; 764 chain_nr = cl_s[chain_nr].from; 765 if (pos == nentries) 766 continue; 767 } 768 t = (struct ebt_entry_target *) 769 (((char *)e) + e->target_offset); 770 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 771 goto letscontinue; 772 if (e->target_offset + sizeof(struct ebt_standard_target) > 773 e->next_offset) { 774 BUGPRINT("Standard target size too big\n"); 775 return -1; 776 } 777 verdict = ((struct ebt_standard_target *)t)->verdict; 778 if (verdict >= 0) { /* jump to another chain */ 779 struct ebt_entries *hlp2 = 780 (struct ebt_entries *)(base + verdict); 781 for (i = 0; i < udc_cnt; i++) 782 if (hlp2 == cl_s[i].cs.chaininfo) 783 break; 784 /* bad destination or loop */ 785 if (i == udc_cnt) { 786 BUGPRINT("bad destination\n"); 787 return -1; 788 } 789 if (cl_s[i].cs.n) { 790 BUGPRINT("loop\n"); 791 return -1; 792 } 793 if (cl_s[i].hookmask & (1 << hooknr)) 794 goto letscontinue; 795 /* this can't be 0, so the loop test is correct */ 796 cl_s[i].cs.n = pos + 1; 797 pos = 0; 798 cl_s[i].cs.e = ebt_next_entry(e); 799 e = (struct ebt_entry *)(hlp2->data); 800 nentries = hlp2->nentries; 801 cl_s[i].from = chain_nr; 802 chain_nr = i; 803 /* this udc is accessible from the base chain for hooknr */ 804 cl_s[i].hookmask |= (1 << hooknr); 805 continue; 806 } 807letscontinue: 808 e = ebt_next_entry(e); 809 pos++; 810 } 811 return 0; 812} 813 814/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 815static int translate_table(struct net *net, const char *name, 816 struct ebt_table_info *newinfo) 817{ 818 unsigned int i, j, k, udc_cnt; 819 int ret; 820 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 821 822 i = 0; 823 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) 824 i++; 825 if (i == NF_BR_NUMHOOKS) { 826 BUGPRINT("No valid hooks specified\n"); 827 return -EINVAL; 828 } 829 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { 830 BUGPRINT("Chains don't start at beginning\n"); 831 return -EINVAL; 832 } 833 /* make sure chains are ordered after each other in same order 834 as their corresponding hooks */ 835 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 836 if (!newinfo->hook_entry[j]) 837 continue; 838 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { 839 BUGPRINT("Hook order must be followed\n"); 840 return -EINVAL; 841 } 842 i = j; 843 } 844 845 /* do some early checkings and initialize some things */ 846 i = 0; /* holds the expected nr. of entries for the chain */ 847 j = 0; /* holds the up to now counted entries for the chain */ 848 k = 0; /* holds the total nr. of entries, should equal 849 newinfo->nentries afterwards */ 850 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 851 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 852 ebt_check_entry_size_and_hooks, newinfo, 853 &i, &j, &k, &udc_cnt); 854 855 if (ret != 0) 856 return ret; 857 858 if (i != j) { 859 BUGPRINT("nentries does not equal the nr of entries in the " 860 "(last) chain\n"); 861 return -EINVAL; 862 } 863 if (k != newinfo->nentries) { 864 BUGPRINT("Total nentries is wrong\n"); 865 return -EINVAL; 866 } 867 868 /* get the location of the udc, put them in an array 869 while we're at it, allocate the chainstack */ 870 if (udc_cnt) { 871 /* this will get free'd in do_replace()/ebt_register_table() 872 if an error occurs */ 873 newinfo->chainstack = 874 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack))); 875 if (!newinfo->chainstack) 876 return -ENOMEM; 877 for_each_possible_cpu(i) { 878 newinfo->chainstack[i] = 879 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); 880 if (!newinfo->chainstack[i]) { 881 while (i) 882 vfree(newinfo->chainstack[--i]); 883 vfree(newinfo->chainstack); 884 newinfo->chainstack = NULL; 885 return -ENOMEM; 886 } 887 } 888 889 cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); 890 if (!cl_s) 891 return -ENOMEM; 892 i = 0; /* the i'th udc */ 893 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 894 ebt_get_udc_positions, newinfo, &i, cl_s); 895 /* sanity check */ 896 if (i != udc_cnt) { 897 BUGPRINT("i != udc_cnt\n"); 898 vfree(cl_s); 899 return -EFAULT; 900 } 901 } 902 903 /* Check for loops */ 904 for (i = 0; i < NF_BR_NUMHOOKS; i++) 905 if (newinfo->hook_entry[i]) 906 if (check_chainloops(newinfo->hook_entry[i], 907 cl_s, udc_cnt, i, newinfo->entries)) { 908 vfree(cl_s); 909 return -EINVAL; 910 } 911 912 /* we now know the following (along with E=mc²): 913 - the nr of entries in each chain is right 914 - the size of the allocated space is right 915 - all valid hooks have a corresponding chain 916 - there are no loops 917 - wrong data can still be on the level of a single entry 918 - could be there are jumps to places that are not the 919 beginning of a chain. This can only occur in chains that 920 are not accessible from any base chains, so we don't care. */ 921 922 /* used to know what we need to clean up if something goes wrong */ 923 i = 0; 924 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 925 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt); 926 if (ret != 0) { 927 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 928 ebt_cleanup_entry, net, &i); 929 } 930 vfree(cl_s); 931 return ret; 932} 933 934/* called under write_lock */ 935static void get_counters(const struct ebt_counter *oldcounters, 936 struct ebt_counter *counters, unsigned int nentries) 937{ 938 int i, cpu; 939 struct ebt_counter *counter_base; 940 941 /* counters of cpu 0 */ 942 memcpy(counters, oldcounters, 943 sizeof(struct ebt_counter) * nentries); 944 945 /* add other counters to those of cpu 0 */ 946 for_each_possible_cpu(cpu) { 947 if (cpu == 0) 948 continue; 949 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 950 for (i = 0; i < nentries; i++) { 951 counters[i].pcnt += counter_base[i].pcnt; 952 counters[i].bcnt += counter_base[i].bcnt; 953 } 954 } 955} 956 957static int do_replace_finish(struct net *net, struct ebt_replace *repl, 958 struct ebt_table_info *newinfo) 959{ 960 int ret, i; 961 struct ebt_counter *counterstmp = NULL; 962 /* used to be able to unlock earlier */ 963 struct ebt_table_info *table; 964 struct ebt_table *t; 965 966 /* the user wants counters back 967 the check on the size is done later, when we have the lock */ 968 if (repl->num_counters) { 969 unsigned long size = repl->num_counters * sizeof(*counterstmp); 970 counterstmp = vmalloc(size); 971 if (!counterstmp) 972 return -ENOMEM; 973 } 974 975 newinfo->chainstack = NULL; 976 ret = ebt_verify_pointers(repl, newinfo); 977 if (ret != 0) 978 goto free_counterstmp; 979 980 ret = translate_table(net, repl->name, newinfo); 981 982 if (ret != 0) 983 goto free_counterstmp; 984 985 t = find_table_lock(net, repl->name, &ret, &ebt_mutex); 986 if (!t) { 987 ret = -ENOENT; 988 goto free_iterate; 989 } 990 991 /* the table doesn't like it */ 992 if (t->check && (ret = t->check(newinfo, repl->valid_hooks))) 993 goto free_unlock; 994 995 if (repl->num_counters && repl->num_counters != t->private->nentries) { 996 BUGPRINT("Wrong nr. of counters requested\n"); 997 ret = -EINVAL; 998 goto free_unlock; 999 } 1000 1001 /* we have the mutex lock, so no danger in reading this pointer */ 1002 table = t->private; 1003 /* make sure the table can only be rmmod'ed if it contains no rules */ 1004 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 1005 ret = -ENOENT; 1006 goto free_unlock; 1007 } else if (table->nentries && !newinfo->nentries) 1008 module_put(t->me); 1009 /* we need an atomic snapshot of the counters */ 1010 write_lock_bh(&t->lock); 1011 if (repl->num_counters) 1012 get_counters(t->private->counters, counterstmp, 1013 t->private->nentries); 1014 1015 t->private = newinfo; 1016 write_unlock_bh(&t->lock); 1017 mutex_unlock(&ebt_mutex); 1018 /* so, a user can change the chains while having messed up her counter 1019 allocation. Only reason why this is done is because this way the lock 1020 is held only once, while this doesn't bring the kernel into a 1021 dangerous state. */ 1022 if (repl->num_counters && 1023 copy_to_user(repl->counters, counterstmp, 1024 repl->num_counters * sizeof(struct ebt_counter))) { 1025 ret = -EFAULT; 1026 } 1027 else 1028 ret = 0; 1029 1030 /* decrease module count and free resources */ 1031 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1032 ebt_cleanup_entry, net, NULL); 1033 1034 vfree(table->entries); 1035 if (table->chainstack) { 1036 for_each_possible_cpu(i) 1037 vfree(table->chainstack[i]); 1038 vfree(table->chainstack); 1039 } 1040 vfree(table); 1041 1042 vfree(counterstmp); 1043 return ret; 1044 1045free_unlock: 1046 mutex_unlock(&ebt_mutex); 1047free_iterate: 1048 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1049 ebt_cleanup_entry, net, NULL); 1050free_counterstmp: 1051 vfree(counterstmp); 1052 /* can be initialized in translate_table() */ 1053 if (newinfo->chainstack) { 1054 for_each_possible_cpu(i) 1055 vfree(newinfo->chainstack[i]); 1056 vfree(newinfo->chainstack); 1057 } 1058 return ret; 1059} 1060 1061/* replace the table */ 1062static int do_replace(struct net *net, const void __user *user, 1063 unsigned int len) 1064{ 1065 int ret, countersize; 1066 struct ebt_table_info *newinfo; 1067 struct ebt_replace tmp; 1068 1069 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 1070 return -EFAULT; 1071 1072 if (len != sizeof(tmp) + tmp.entries_size) { 1073 BUGPRINT("Wrong len argument\n"); 1074 return -EINVAL; 1075 } 1076 1077 if (tmp.entries_size == 0) { 1078 BUGPRINT("Entries_size never zero\n"); 1079 return -EINVAL; 1080 } 1081 /* overflow check */ 1082 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / 1083 NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 1084 return -ENOMEM; 1085 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 1086 return -ENOMEM; 1087 1088 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; 1089 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1090 if (!newinfo) 1091 return -ENOMEM; 1092 1093 if (countersize) 1094 memset(newinfo->counters, 0, countersize); 1095 1096 newinfo->entries = vmalloc(tmp.entries_size); 1097 if (!newinfo->entries) { 1098 ret = -ENOMEM; 1099 goto free_newinfo; 1100 } 1101 if (copy_from_user( 1102 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 1103 BUGPRINT("Couldn't copy entries from userspace\n"); 1104 ret = -EFAULT; 1105 goto free_entries; 1106 } 1107 1108 ret = do_replace_finish(net, &tmp, newinfo); 1109 if (ret == 0) 1110 return ret; 1111free_entries: 1112 vfree(newinfo->entries); 1113free_newinfo: 1114 vfree(newinfo); 1115 return ret; 1116} 1117 1118struct ebt_table * 1119ebt_register_table(struct net *net, const struct ebt_table *input_table) 1120{ 1121 struct ebt_table_info *newinfo; 1122 struct ebt_table *t, *table; 1123 struct ebt_replace_kernel *repl; 1124 int ret, i, countersize; 1125 void *p; 1126 1127 if (input_table == NULL || (repl = input_table->table) == NULL || 1128 repl->entries == 0 || repl->entries_size == 0 || 1129 repl->counters != NULL || input_table->private != NULL) { 1130 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1131 return ERR_PTR(-EINVAL); 1132 } 1133 1134 /* Don't add one table to multiple lists. */ 1135 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL); 1136 if (!table) { 1137 ret = -ENOMEM; 1138 goto out; 1139 } 1140 1141 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids; 1142 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1143 ret = -ENOMEM; 1144 if (!newinfo) 1145 goto free_table; 1146 1147 p = vmalloc(repl->entries_size); 1148 if (!p) 1149 goto free_newinfo; 1150 1151 memcpy(p, repl->entries, repl->entries_size); 1152 newinfo->entries = p; 1153 1154 newinfo->entries_size = repl->entries_size; 1155 newinfo->nentries = repl->nentries; 1156 1157 if (countersize) 1158 memset(newinfo->counters, 0, countersize); 1159 1160 /* fill in newinfo and parse the entries */ 1161 newinfo->chainstack = NULL; 1162 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 1163 if ((repl->valid_hooks & (1 << i)) == 0) 1164 newinfo->hook_entry[i] = NULL; 1165 else 1166 newinfo->hook_entry[i] = p + 1167 ((char *)repl->hook_entry[i] - repl->entries); 1168 } 1169 ret = translate_table(net, repl->name, newinfo); 1170 if (ret != 0) { 1171 BUGPRINT("Translate_table failed\n"); 1172 goto free_chainstack; 1173 } 1174 1175 if (table->check && table->check(newinfo, table->valid_hooks)) { 1176 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1177 return ERR_PTR(-EINVAL); 1178 } 1179 1180 table->private = newinfo; 1181 rwlock_init(&table->lock); 1182 ret = mutex_lock_interruptible(&ebt_mutex); 1183 if (ret != 0) 1184 goto free_chainstack; 1185 1186 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) { 1187 if (strcmp(t->name, table->name) == 0) { 1188 ret = -EEXIST; 1189 BUGPRINT("Table name already exists\n"); 1190 goto free_unlock; 1191 } 1192 } 1193 1194 /* Hold a reference count if the chains aren't empty */ 1195 if (newinfo->nentries && !try_module_get(table->me)) { 1196 ret = -ENOENT; 1197 goto free_unlock; 1198 } 1199 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]); 1200 mutex_unlock(&ebt_mutex); 1201 return table; 1202free_unlock: 1203 mutex_unlock(&ebt_mutex); 1204free_chainstack: 1205 if (newinfo->chainstack) { 1206 for_each_possible_cpu(i) 1207 vfree(newinfo->chainstack[i]); 1208 vfree(newinfo->chainstack); 1209 } 1210 vfree(newinfo->entries); 1211free_newinfo: 1212 vfree(newinfo); 1213free_table: 1214 kfree(table); 1215out: 1216 return ERR_PTR(ret); 1217} 1218 1219void ebt_unregister_table(struct net *net, struct ebt_table *table) 1220{ 1221 int i; 1222 1223 if (!table) { 1224 BUGPRINT("Request to unregister NULL table!!!\n"); 1225 return; 1226 } 1227 mutex_lock(&ebt_mutex); 1228 list_del(&table->list); 1229 mutex_unlock(&ebt_mutex); 1230 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size, 1231 ebt_cleanup_entry, net, NULL); 1232 if (table->private->nentries) 1233 module_put(table->me); 1234 vfree(table->private->entries); 1235 if (table->private->chainstack) { 1236 for_each_possible_cpu(i) 1237 vfree(table->private->chainstack[i]); 1238 vfree(table->private->chainstack); 1239 } 1240 vfree(table->private); 1241 kfree(table); 1242} 1243 1244/* userspace just supplied us with counters */ 1245static int do_update_counters(struct net *net, const char *name, 1246 struct ebt_counter __user *counters, 1247 unsigned int num_counters, 1248 const void __user *user, unsigned int len) 1249{ 1250 int i, ret; 1251 struct ebt_counter *tmp; 1252 struct ebt_table *t; 1253 1254 if (num_counters == 0) 1255 return -EINVAL; 1256 1257 tmp = vmalloc(num_counters * sizeof(*tmp)); 1258 if (!tmp) 1259 return -ENOMEM; 1260 1261 t = find_table_lock(net, name, &ret, &ebt_mutex); 1262 if (!t) 1263 goto free_tmp; 1264 1265 if (num_counters != t->private->nentries) { 1266 BUGPRINT("Wrong nr of counters\n"); 1267 ret = -EINVAL; 1268 goto unlock_mutex; 1269 } 1270 1271 if (copy_from_user(tmp, counters, num_counters * sizeof(*counters))) { 1272 ret = -EFAULT; 1273 goto unlock_mutex; 1274 } 1275 1276 /* we want an atomic add of the counters */ 1277 write_lock_bh(&t->lock); 1278 1279 /* we add to the counters of the first cpu */ 1280 for (i = 0; i < num_counters; i++) { 1281 t->private->counters[i].pcnt += tmp[i].pcnt; 1282 t->private->counters[i].bcnt += tmp[i].bcnt; 1283 } 1284 1285 write_unlock_bh(&t->lock); 1286 ret = 0; 1287unlock_mutex: 1288 mutex_unlock(&ebt_mutex); 1289free_tmp: 1290 vfree(tmp); 1291 return ret; 1292} 1293 1294static int update_counters(struct net *net, const void __user *user, 1295 unsigned int len) 1296{ 1297 struct ebt_replace hlp; 1298 1299 if (copy_from_user(&hlp, user, sizeof(hlp))) 1300 return -EFAULT; 1301 1302 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1303 return -EINVAL; 1304 1305 return do_update_counters(net, hlp.name, hlp.counters, 1306 hlp.num_counters, user, len); 1307} 1308 1309static inline int ebt_make_matchname(const struct ebt_entry_match *m, 1310 const char *base, char __user *ubase) 1311{ 1312 char __user *hlp = ubase + ((char *)m - base); 1313 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1314 return -EFAULT; 1315 return 0; 1316} 1317 1318static inline int ebt_make_watchername(const struct ebt_entry_watcher *w, 1319 const char *base, char __user *ubase) 1320{ 1321 char __user *hlp = ubase + ((char *)w - base); 1322 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1323 return -EFAULT; 1324 return 0; 1325} 1326 1327static inline int 1328ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase) 1329{ 1330 int ret; 1331 char __user *hlp; 1332 const struct ebt_entry_target *t; 1333 1334 if (e->bitmask == 0) 1335 return 0; 1336 1337 hlp = ubase + (((char *)e + e->target_offset) - base); 1338 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1339 1340 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1341 if (ret != 0) 1342 return ret; 1343 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1344 if (ret != 0) 1345 return ret; 1346 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1347 return -EFAULT; 1348 return 0; 1349} 1350 1351static int copy_counters_to_user(struct ebt_table *t, 1352 const struct ebt_counter *oldcounters, 1353 void __user *user, unsigned int num_counters, 1354 unsigned int nentries) 1355{ 1356 struct ebt_counter *counterstmp; 1357 int ret = 0; 1358 1359 /* userspace might not need the counters */ 1360 if (num_counters == 0) 1361 return 0; 1362 1363 if (num_counters != nentries) { 1364 BUGPRINT("Num_counters wrong\n"); 1365 return -EINVAL; 1366 } 1367 1368 counterstmp = vmalloc(nentries * sizeof(*counterstmp)); 1369 if (!counterstmp) 1370 return -ENOMEM; 1371 1372 write_lock_bh(&t->lock); 1373 get_counters(oldcounters, counterstmp, nentries); 1374 write_unlock_bh(&t->lock); 1375 1376 if (copy_to_user(user, counterstmp, 1377 nentries * sizeof(struct ebt_counter))) 1378 ret = -EFAULT; 1379 vfree(counterstmp); 1380 return ret; 1381} 1382 1383/* called with ebt_mutex locked */ 1384static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1385 const int *len, int cmd) 1386{ 1387 struct ebt_replace tmp; 1388 const struct ebt_counter *oldcounters; 1389 unsigned int entries_size, nentries; 1390 int ret; 1391 char *entries; 1392 1393 if (cmd == EBT_SO_GET_ENTRIES) { 1394 entries_size = t->private->entries_size; 1395 nentries = t->private->nentries; 1396 entries = t->private->entries; 1397 oldcounters = t->private->counters; 1398 } else { 1399 entries_size = t->table->entries_size; 1400 nentries = t->table->nentries; 1401 entries = t->table->entries; 1402 oldcounters = t->table->counters; 1403 } 1404 1405 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1406 BUGPRINT("Cfu didn't work\n"); 1407 return -EFAULT; 1408 } 1409 1410 if (*len != sizeof(struct ebt_replace) + entries_size + 1411 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1412 BUGPRINT("Wrong size\n"); 1413 return -EINVAL; 1414 } 1415 1416 if (tmp.nentries != nentries) { 1417 BUGPRINT("Nentries wrong\n"); 1418 return -EINVAL; 1419 } 1420 1421 if (tmp.entries_size != entries_size) { 1422 BUGPRINT("Wrong size\n"); 1423 return -EINVAL; 1424 } 1425 1426 ret = copy_counters_to_user(t, oldcounters, tmp.counters, 1427 tmp.num_counters, nentries); 1428 if (ret) 1429 return ret; 1430 1431 if (copy_to_user(tmp.entries, entries, entries_size)) { 1432 BUGPRINT("Couldn't copy entries to userspace\n"); 1433 return -EFAULT; 1434 } 1435 /* set the match/watcher/target names right */ 1436 return EBT_ENTRY_ITERATE(entries, entries_size, 1437 ebt_make_names, entries, tmp.entries); 1438} 1439 1440static int do_ebt_set_ctl(struct sock *sk, 1441 int cmd, void __user *user, unsigned int len) 1442{ 1443 int ret; 1444 1445 if (!capable(CAP_NET_ADMIN)) 1446 return -EPERM; 1447 1448 switch(cmd) { 1449 case EBT_SO_SET_ENTRIES: 1450 ret = do_replace(sock_net(sk), user, len); 1451 break; 1452 case EBT_SO_SET_COUNTERS: 1453 ret = update_counters(sock_net(sk), user, len); 1454 break; 1455 default: 1456 ret = -EINVAL; 1457 } 1458 return ret; 1459} 1460 1461static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1462{ 1463 int ret; 1464 struct ebt_replace tmp; 1465 struct ebt_table *t; 1466 1467 if (!capable(CAP_NET_ADMIN)) 1468 return -EPERM; 1469 1470 if (copy_from_user(&tmp, user, sizeof(tmp))) 1471 return -EFAULT; 1472 1473 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex); 1474 if (!t) 1475 return ret; 1476 1477 switch(cmd) { 1478 case EBT_SO_GET_INFO: 1479 case EBT_SO_GET_INIT_INFO: 1480 if (*len != sizeof(struct ebt_replace)){ 1481 ret = -EINVAL; 1482 mutex_unlock(&ebt_mutex); 1483 break; 1484 } 1485 if (cmd == EBT_SO_GET_INFO) { 1486 tmp.nentries = t->private->nentries; 1487 tmp.entries_size = t->private->entries_size; 1488 tmp.valid_hooks = t->valid_hooks; 1489 } else { 1490 tmp.nentries = t->table->nentries; 1491 tmp.entries_size = t->table->entries_size; 1492 tmp.valid_hooks = t->table->valid_hooks; 1493 } 1494 mutex_unlock(&ebt_mutex); 1495 if (copy_to_user(user, &tmp, *len) != 0){ 1496 BUGPRINT("c2u Didn't work\n"); 1497 ret = -EFAULT; 1498 break; 1499 } 1500 ret = 0; 1501 break; 1502 1503 case EBT_SO_GET_ENTRIES: 1504 case EBT_SO_GET_INIT_ENTRIES: 1505 ret = copy_everything_to_user(t, user, len, cmd); 1506 mutex_unlock(&ebt_mutex); 1507 break; 1508 1509 default: 1510 mutex_unlock(&ebt_mutex); 1511 ret = -EINVAL; 1512 } 1513 1514 return ret; 1515} 1516 1517static struct nf_sockopt_ops ebt_sockopts = 1518{ 1519 .pf = PF_INET, 1520 .set_optmin = EBT_BASE_CTL, 1521 .set_optmax = EBT_SO_SET_MAX + 1, 1522 .set = do_ebt_set_ctl, 1523 .get_optmin = EBT_BASE_CTL, 1524 .get_optmax = EBT_SO_GET_MAX + 1, 1525 .get = do_ebt_get_ctl, 1526 .owner = THIS_MODULE, 1527}; 1528 1529static int __init ebtables_init(void) 1530{ 1531 int ret; 1532 1533 ret = xt_register_target(&ebt_standard_target); 1534 if (ret < 0) 1535 return ret; 1536 ret = nf_register_sockopt(&ebt_sockopts); 1537 if (ret < 0) { 1538 xt_unregister_target(&ebt_standard_target); 1539 return ret; 1540 } 1541 1542 printk(KERN_INFO "Ebtables v2.0 registered\n"); 1543 return 0; 1544} 1545 1546static void __exit ebtables_fini(void) 1547{ 1548 nf_unregister_sockopt(&ebt_sockopts); 1549 xt_unregister_target(&ebt_standard_target); 1550 printk(KERN_INFO "Ebtables v2.0 unregistered\n"); 1551} 1552 1553EXPORT_SYMBOL(ebt_register_table); 1554EXPORT_SYMBOL(ebt_unregister_table); 1555EXPORT_SYMBOL(ebt_do_table); 1556module_init(ebtables_init); 1557module_exit(ebtables_fini); 1558MODULE_LICENSE("GPL"); 1559