ebtables.c revision 5365f8022e04310f0276c95e82548da917d514db
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 19#include <linux/kmod.h> 20#include <linux/module.h> 21#include <linux/vmalloc.h> 22#include <linux/netfilter/x_tables.h> 23#include <linux/netfilter_bridge/ebtables.h> 24#include <linux/spinlock.h> 25#include <linux/mutex.h> 26#include <asm/uaccess.h> 27#include <linux/smp.h> 28#include <linux/cpumask.h> 29#include <net/sock.h> 30/* needed for logical [in,out]-dev filtering */ 31#include "../br_private.h" 32 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 34 "report to author: "format, ## args) 35/* #define BUGPRINT(format, args...) */ 36#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 37 ": out of memory: "format, ## args) 38/* #define MEMPRINT(format, args...) */ 39 40 41 42/* 43 * Each cpu has its own set of counters, so there is no need for write_lock in 44 * the softirq 45 * For reading or updating the counters, the user context needs to 46 * get a write_lock 47 */ 48 49/* The size of each set of counters is altered to get cache alignment */ 50#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 51#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 52#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 53 COUNTER_OFFSET(n) * cpu)) 54 55 56 57static DEFINE_MUTEX(ebt_mutex); 58static LIST_HEAD(ebt_tables); 59static LIST_HEAD(ebt_targets); 60static LIST_HEAD(ebt_matches); 61static LIST_HEAD(ebt_watchers); 62 63static struct xt_target ebt_standard_target = { 64 .name = "standard", 65 .revision = 0, 66 .family = NFPROTO_BRIDGE, 67 .targetsize = sizeof(int), 68}; 69 70static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 71 struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 72 const struct net_device *out) 73{ 74 w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data); 75 /* watchers don't give a verdict */ 76 return 0; 77} 78 79static inline int ebt_do_match (struct ebt_entry_match *m, 80 const struct sk_buff *skb, const struct net_device *in, 81 const struct net_device *out, bool *hotdrop) 82{ 83 return m->u.match->match(skb, in, out, m->u.match, 84 m->data, 0, 0, hotdrop); 85} 86 87static inline int ebt_dev_check(char *entry, const struct net_device *device) 88{ 89 int i = 0; 90 const char *devname = device->name; 91 92 if (*entry == '\0') 93 return 0; 94 if (!device) 95 return 1; 96 /* 1 is the wildcard token */ 97 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 98 i++; 99 return (devname[i] != entry[i] && entry[i] != 1); 100} 101 102#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 103/* process standard matches */ 104static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 105 const struct net_device *in, const struct net_device *out) 106{ 107 int verdict, i; 108 109 if (e->bitmask & EBT_802_3) { 110 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 111 return 1; 112 } else if (!(e->bitmask & EBT_NOPROTO) && 113 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 114 return 1; 115 116 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 117 return 1; 118 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 119 return 1; 120 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 121 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 122 return 1; 123 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 124 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 125 return 1; 126 127 if (e->bitmask & EBT_SOURCEMAC) { 128 verdict = 0; 129 for (i = 0; i < 6; i++) 130 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 131 e->sourcemsk[i]; 132 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 133 return 1; 134 } 135 if (e->bitmask & EBT_DESTMAC) { 136 verdict = 0; 137 for (i = 0; i < 6; i++) 138 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 139 e->destmsk[i]; 140 if (FWINV2(verdict != 0, EBT_IDEST) ) 141 return 1; 142 } 143 return 0; 144} 145 146/* Do some firewalling */ 147unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, 148 const struct net_device *in, const struct net_device *out, 149 struct ebt_table *table) 150{ 151 int i, nentries; 152 struct ebt_entry *point; 153 struct ebt_counter *counter_base, *cb_base; 154 struct ebt_entry_target *t; 155 int verdict, sp = 0; 156 struct ebt_chainstack *cs; 157 struct ebt_entries *chaininfo; 158 char *base; 159 struct ebt_table_info *private; 160 bool hotdrop = false; 161 162 read_lock_bh(&table->lock); 163 private = table->private; 164 cb_base = COUNTER_BASE(private->counters, private->nentries, 165 smp_processor_id()); 166 if (private->chainstack) 167 cs = private->chainstack[smp_processor_id()]; 168 else 169 cs = NULL; 170 chaininfo = private->hook_entry[hook]; 171 nentries = private->hook_entry[hook]->nentries; 172 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 173 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 174 /* base for chain jumps */ 175 base = private->entries; 176 i = 0; 177 while (i < nentries) { 178 if (ebt_basic_match(point, eth_hdr(skb), in, out)) 179 goto letscontinue; 180 181 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, 182 in, out, &hotdrop) != 0) 183 goto letscontinue; 184 if (hotdrop) { 185 read_unlock_bh(&table->lock); 186 return NF_DROP; 187 } 188 189 /* increase counter */ 190 (*(counter_base + i)).pcnt++; 191 (*(counter_base + i)).bcnt += skb->len; 192 193 /* these should only watch: not modify, nor tell us 194 what to do with the packet */ 195 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, 196 out); 197 198 t = (struct ebt_entry_target *) 199 (((char *)point) + point->target_offset); 200 /* standard target */ 201 if (!t->u.target->target) 202 verdict = ((struct ebt_standard_target *)t)->verdict; 203 else 204 verdict = t->u.target->target(skb, in, out, hook, 205 t->u.target, t->data); 206 if (verdict == EBT_ACCEPT) { 207 read_unlock_bh(&table->lock); 208 return NF_ACCEPT; 209 } 210 if (verdict == EBT_DROP) { 211 read_unlock_bh(&table->lock); 212 return NF_DROP; 213 } 214 if (verdict == EBT_RETURN) { 215letsreturn: 216#ifdef CONFIG_NETFILTER_DEBUG 217 if (sp == 0) { 218 BUGPRINT("RETURN on base chain"); 219 /* act like this is EBT_CONTINUE */ 220 goto letscontinue; 221 } 222#endif 223 sp--; 224 /* put all the local variables right */ 225 i = cs[sp].n; 226 chaininfo = cs[sp].chaininfo; 227 nentries = chaininfo->nentries; 228 point = cs[sp].e; 229 counter_base = cb_base + 230 chaininfo->counter_offset; 231 continue; 232 } 233 if (verdict == EBT_CONTINUE) 234 goto letscontinue; 235#ifdef CONFIG_NETFILTER_DEBUG 236 if (verdict < 0) { 237 BUGPRINT("bogus standard verdict\n"); 238 read_unlock_bh(&table->lock); 239 return NF_DROP; 240 } 241#endif 242 /* jump to a udc */ 243 cs[sp].n = i + 1; 244 cs[sp].chaininfo = chaininfo; 245 cs[sp].e = (struct ebt_entry *) 246 (((char *)point) + point->next_offset); 247 i = 0; 248 chaininfo = (struct ebt_entries *) (base + verdict); 249#ifdef CONFIG_NETFILTER_DEBUG 250 if (chaininfo->distinguisher) { 251 BUGPRINT("jump to non-chain\n"); 252 read_unlock_bh(&table->lock); 253 return NF_DROP; 254 } 255#endif 256 nentries = chaininfo->nentries; 257 point = (struct ebt_entry *)chaininfo->data; 258 counter_base = cb_base + chaininfo->counter_offset; 259 sp++; 260 continue; 261letscontinue: 262 point = (struct ebt_entry *) 263 (((char *)point) + point->next_offset); 264 i++; 265 } 266 267 /* I actually like this :) */ 268 if (chaininfo->policy == EBT_RETURN) 269 goto letsreturn; 270 if (chaininfo->policy == EBT_ACCEPT) { 271 read_unlock_bh(&table->lock); 272 return NF_ACCEPT; 273 } 274 read_unlock_bh(&table->lock); 275 return NF_DROP; 276} 277 278/* If it succeeds, returns element and locks mutex */ 279static inline void * 280find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 281 struct mutex *mutex) 282{ 283 struct { 284 struct list_head list; 285 char name[EBT_FUNCTION_MAXNAMELEN]; 286 } *e; 287 288 *error = mutex_lock_interruptible(mutex); 289 if (*error != 0) 290 return NULL; 291 292 list_for_each_entry(e, head, list) { 293 if (strcmp(e->name, name) == 0) 294 return e; 295 } 296 *error = -ENOENT; 297 mutex_unlock(mutex); 298 return NULL; 299} 300 301#ifndef CONFIG_KMOD 302#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) 303#else 304static void * 305find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 306 int *error, struct mutex *mutex) 307{ 308 void *ret; 309 310 ret = find_inlist_lock_noload(head, name, error, mutex); 311 if (!ret) { 312 request_module("%s%s", prefix, name); 313 ret = find_inlist_lock_noload(head, name, error, mutex); 314 } 315 return ret; 316} 317#endif 318 319static inline struct ebt_table * 320find_table_lock(const char *name, int *error, struct mutex *mutex) 321{ 322 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 323} 324 325static inline struct ebt_match * 326find_match_lock(const char *name, int *error, struct mutex *mutex) 327{ 328 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex); 329} 330 331static inline struct ebt_watcher * 332find_watcher_lock(const char *name, int *error, struct mutex *mutex) 333{ 334 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex); 335} 336 337static inline struct ebt_target * 338find_target_lock(const char *name, int *error, struct mutex *mutex) 339{ 340 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex); 341} 342 343static inline int 344ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 345 const char *name, unsigned int hookmask, unsigned int *cnt) 346{ 347 struct xt_match *match; 348 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 349 int ret; 350 351 if (left < sizeof(struct ebt_entry_match) || 352 left - sizeof(struct ebt_entry_match) < m->match_size) 353 return -EINVAL; 354 355 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, 356 m->u.name, 0), "ebt_%s", m->u.name); 357 if (IS_ERR(match)) 358 return PTR_ERR(match); 359 if (match == NULL) 360 return -ENOENT; 361 m->u.match = match; 362 363 ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size, 364 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); 365 if (ret < 0) { 366 module_put(match->me); 367 return ret; 368 } else if (match->checkentry != NULL && 369 !match->checkentry(name, e, NULL, m->data, hookmask)) { 370 module_put(match->me); 371 BUGPRINT("match->check failed\n"); 372 return -EINVAL; 373 } 374 375 (*cnt)++; 376 return 0; 377} 378 379static inline int 380ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 381 const char *name, unsigned int hookmask, unsigned int *cnt) 382{ 383 struct xt_target *watcher; 384 size_t left = ((char *)e + e->target_offset) - (char *)w; 385 int ret; 386 387 if (left < sizeof(struct ebt_entry_watcher) || 388 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 389 return -EINVAL; 390 391 watcher = try_then_request_module( 392 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0), 393 "ebt_%s", w->u.name); 394 if (IS_ERR(watcher)) 395 return PTR_ERR(watcher); 396 if (watcher == NULL) 397 return -ENOENT; 398 w->u.watcher = watcher; 399 400 ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size, 401 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); 402 if (ret < 0) { 403 module_put(watcher->me); 404 return ret; 405 } else if (watcher->checkentry != NULL && 406 !watcher->checkentry(name, e, NULL, w->data, hookmask)) { 407 module_put(watcher->me); 408 BUGPRINT("watcher->check failed\n"); 409 return -EINVAL; 410 } 411 412 (*cnt)++; 413 return 0; 414} 415 416static int ebt_verify_pointers(struct ebt_replace *repl, 417 struct ebt_table_info *newinfo) 418{ 419 unsigned int limit = repl->entries_size; 420 unsigned int valid_hooks = repl->valid_hooks; 421 unsigned int offset = 0; 422 int i; 423 424 for (i = 0; i < NF_BR_NUMHOOKS; i++) 425 newinfo->hook_entry[i] = NULL; 426 427 newinfo->entries_size = repl->entries_size; 428 newinfo->nentries = repl->nentries; 429 430 while (offset < limit) { 431 size_t left = limit - offset; 432 struct ebt_entry *e = (void *)newinfo->entries + offset; 433 434 if (left < sizeof(unsigned int)) 435 break; 436 437 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 438 if ((valid_hooks & (1 << i)) == 0) 439 continue; 440 if ((char __user *)repl->hook_entry[i] == 441 repl->entries + offset) 442 break; 443 } 444 445 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 446 if (e->bitmask != 0) { 447 /* we make userspace set this right, 448 so there is no misunderstanding */ 449 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 450 "in distinguisher\n"); 451 return -EINVAL; 452 } 453 if (i != NF_BR_NUMHOOKS) 454 newinfo->hook_entry[i] = (struct ebt_entries *)e; 455 if (left < sizeof(struct ebt_entries)) 456 break; 457 offset += sizeof(struct ebt_entries); 458 } else { 459 if (left < sizeof(struct ebt_entry)) 460 break; 461 if (left < e->next_offset) 462 break; 463 offset += e->next_offset; 464 } 465 } 466 if (offset != limit) { 467 BUGPRINT("entries_size too small\n"); 468 return -EINVAL; 469 } 470 471 /* check if all valid hooks have a chain */ 472 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 473 if (!newinfo->hook_entry[i] && 474 (valid_hooks & (1 << i))) { 475 BUGPRINT("Valid hook without chain\n"); 476 return -EINVAL; 477 } 478 } 479 return 0; 480} 481 482/* 483 * this one is very careful, as it is the first function 484 * to parse the userspace data 485 */ 486static inline int 487ebt_check_entry_size_and_hooks(struct ebt_entry *e, 488 struct ebt_table_info *newinfo, 489 unsigned int *n, unsigned int *cnt, 490 unsigned int *totalcnt, unsigned int *udc_cnt) 491{ 492 int i; 493 494 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 495 if ((void *)e == (void *)newinfo->hook_entry[i]) 496 break; 497 } 498 /* beginning of a new chain 499 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 500 if (i != NF_BR_NUMHOOKS || !e->bitmask) { 501 /* this checks if the previous chain has as many entries 502 as it said it has */ 503 if (*n != *cnt) { 504 BUGPRINT("nentries does not equal the nr of entries " 505 "in the chain\n"); 506 return -EINVAL; 507 } 508 if (((struct ebt_entries *)e)->policy != EBT_DROP && 509 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 510 /* only RETURN from udc */ 511 if (i != NF_BR_NUMHOOKS || 512 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 513 BUGPRINT("bad policy\n"); 514 return -EINVAL; 515 } 516 } 517 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 518 (*udc_cnt)++; 519 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 520 BUGPRINT("counter_offset != totalcnt"); 521 return -EINVAL; 522 } 523 *n = ((struct ebt_entries *)e)->nentries; 524 *cnt = 0; 525 return 0; 526 } 527 /* a plain old entry, heh */ 528 if (sizeof(struct ebt_entry) > e->watchers_offset || 529 e->watchers_offset > e->target_offset || 530 e->target_offset >= e->next_offset) { 531 BUGPRINT("entry offsets not in right order\n"); 532 return -EINVAL; 533 } 534 /* this is not checked anywhere else */ 535 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 536 BUGPRINT("target size too small\n"); 537 return -EINVAL; 538 } 539 (*cnt)++; 540 (*totalcnt)++; 541 return 0; 542} 543 544struct ebt_cl_stack 545{ 546 struct ebt_chainstack cs; 547 int from; 548 unsigned int hookmask; 549}; 550 551/* 552 * we need these positions to check that the jumps to a different part of the 553 * entries is a jump to the beginning of a new chain. 554 */ 555static inline int 556ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 557 unsigned int *n, struct ebt_cl_stack *udc) 558{ 559 int i; 560 561 /* we're only interested in chain starts */ 562 if (e->bitmask) 563 return 0; 564 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 565 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 566 break; 567 } 568 /* only care about udc */ 569 if (i != NF_BR_NUMHOOKS) 570 return 0; 571 572 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 573 /* these initialisations are depended on later in check_chainloops() */ 574 udc[*n].cs.n = 0; 575 udc[*n].hookmask = 0; 576 577 (*n)++; 578 return 0; 579} 580 581static inline int 582ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 583{ 584 if (i && (*i)-- == 0) 585 return 1; 586 if (m->u.match->destroy) 587 m->u.match->destroy(m->u.match, m->data); 588 module_put(m->u.match->me); 589 590 return 0; 591} 592 593static inline int 594ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 595{ 596 if (i && (*i)-- == 0) 597 return 1; 598 if (w->u.watcher->destroy) 599 w->u.watcher->destroy(w->u.watcher, w->data); 600 module_put(w->u.watcher->me); 601 602 return 0; 603} 604 605static inline int 606ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 607{ 608 struct ebt_entry_target *t; 609 610 if (e->bitmask == 0) 611 return 0; 612 /* we're done */ 613 if (cnt && (*cnt)-- == 0) 614 return 1; 615 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 616 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 617 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 618 if (t->u.target->destroy) 619 t->u.target->destroy(t->u.target, t->data); 620 module_put(t->u.target->me); 621 622 return 0; 623} 624 625static inline int 626ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 627 const char *name, unsigned int *cnt, 628 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 629{ 630 struct ebt_entry_target *t; 631 struct xt_target *target; 632 unsigned int i, j, hook = 0, hookmask = 0; 633 size_t gap; 634 int ret; 635 636 /* don't mess with the struct ebt_entries */ 637 if (e->bitmask == 0) 638 return 0; 639 640 if (e->bitmask & ~EBT_F_MASK) { 641 BUGPRINT("Unknown flag for bitmask\n"); 642 return -EINVAL; 643 } 644 if (e->invflags & ~EBT_INV_MASK) { 645 BUGPRINT("Unknown flag for inv bitmask\n"); 646 return -EINVAL; 647 } 648 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 649 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 650 return -EINVAL; 651 } 652 /* what hook do we belong to? */ 653 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 654 if (!newinfo->hook_entry[i]) 655 continue; 656 if ((char *)newinfo->hook_entry[i] < (char *)e) 657 hook = i; 658 else 659 break; 660 } 661 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 662 a base chain */ 663 if (i < NF_BR_NUMHOOKS) 664 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 665 else { 666 for (i = 0; i < udc_cnt; i++) 667 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 668 break; 669 if (i == 0) 670 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 671 else 672 hookmask = cl_s[i - 1].hookmask; 673 } 674 i = 0; 675 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); 676 if (ret != 0) 677 goto cleanup_matches; 678 j = 0; 679 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); 680 if (ret != 0) 681 goto cleanup_watchers; 682 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 683 gap = e->next_offset - e->target_offset; 684 685 target = try_then_request_module( 686 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0), 687 "ebt_%s", t->u.name); 688 if (IS_ERR(target)) { 689 ret = PTR_ERR(target); 690 goto cleanup_watchers; 691 } else if (target == NULL) { 692 ret = -ENOENT; 693 goto cleanup_watchers; 694 } 695 696 t->u.target = target; 697 if (t->u.target == &ebt_standard_target) { 698 if (gap < sizeof(struct ebt_standard_target)) { 699 BUGPRINT("Standard target size too big\n"); 700 ret = -EFAULT; 701 goto cleanup_watchers; 702 } 703 if (((struct ebt_standard_target *)t)->verdict < 704 -NUM_STANDARD_TARGETS) { 705 BUGPRINT("Invalid standard target\n"); 706 ret = -EFAULT; 707 goto cleanup_watchers; 708 } 709 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) { 710 module_put(t->u.target->me); 711 ret = -EFAULT; 712 goto cleanup_watchers; 713 } 714 715 ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size, 716 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); 717 if (ret < 0) { 718 module_put(target->me); 719 goto cleanup_watchers; 720 } else if (t->u.target->checkentry && 721 !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) { 722 module_put(t->u.target->me); 723 ret = -EFAULT; 724 goto cleanup_watchers; 725 } 726 (*cnt)++; 727 return 0; 728cleanup_watchers: 729 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 730cleanup_matches: 731 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 732 return ret; 733} 734 735/* 736 * checks for loops and sets the hook mask for udc 737 * the hook mask for udc tells us from which base chains the udc can be 738 * accessed. This mask is a parameter to the check() functions of the extensions 739 */ 740static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 741 unsigned int udc_cnt, unsigned int hooknr, char *base) 742{ 743 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 744 struct ebt_entry *e = (struct ebt_entry *)chain->data; 745 struct ebt_entry_target *t; 746 747 while (pos < nentries || chain_nr != -1) { 748 /* end of udc, go back one 'recursion' step */ 749 if (pos == nentries) { 750 /* put back values of the time when this chain was called */ 751 e = cl_s[chain_nr].cs.e; 752 if (cl_s[chain_nr].from != -1) 753 nentries = 754 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 755 else 756 nentries = chain->nentries; 757 pos = cl_s[chain_nr].cs.n; 758 /* make sure we won't see a loop that isn't one */ 759 cl_s[chain_nr].cs.n = 0; 760 chain_nr = cl_s[chain_nr].from; 761 if (pos == nentries) 762 continue; 763 } 764 t = (struct ebt_entry_target *) 765 (((char *)e) + e->target_offset); 766 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 767 goto letscontinue; 768 if (e->target_offset + sizeof(struct ebt_standard_target) > 769 e->next_offset) { 770 BUGPRINT("Standard target size too big\n"); 771 return -1; 772 } 773 verdict = ((struct ebt_standard_target *)t)->verdict; 774 if (verdict >= 0) { /* jump to another chain */ 775 struct ebt_entries *hlp2 = 776 (struct ebt_entries *)(base + verdict); 777 for (i = 0; i < udc_cnt; i++) 778 if (hlp2 == cl_s[i].cs.chaininfo) 779 break; 780 /* bad destination or loop */ 781 if (i == udc_cnt) { 782 BUGPRINT("bad destination\n"); 783 return -1; 784 } 785 if (cl_s[i].cs.n) { 786 BUGPRINT("loop\n"); 787 return -1; 788 } 789 if (cl_s[i].hookmask & (1 << hooknr)) 790 goto letscontinue; 791 /* this can't be 0, so the loop test is correct */ 792 cl_s[i].cs.n = pos + 1; 793 pos = 0; 794 cl_s[i].cs.e = ((void *)e + e->next_offset); 795 e = (struct ebt_entry *)(hlp2->data); 796 nentries = hlp2->nentries; 797 cl_s[i].from = chain_nr; 798 chain_nr = i; 799 /* this udc is accessible from the base chain for hooknr */ 800 cl_s[i].hookmask |= (1 << hooknr); 801 continue; 802 } 803letscontinue: 804 e = (void *)e + e->next_offset; 805 pos++; 806 } 807 return 0; 808} 809 810/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 811static int translate_table(char *name, struct ebt_table_info *newinfo) 812{ 813 unsigned int i, j, k, udc_cnt; 814 int ret; 815 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 816 817 i = 0; 818 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) 819 i++; 820 if (i == NF_BR_NUMHOOKS) { 821 BUGPRINT("No valid hooks specified\n"); 822 return -EINVAL; 823 } 824 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { 825 BUGPRINT("Chains don't start at beginning\n"); 826 return -EINVAL; 827 } 828 /* make sure chains are ordered after each other in same order 829 as their corresponding hooks */ 830 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 831 if (!newinfo->hook_entry[j]) 832 continue; 833 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { 834 BUGPRINT("Hook order must be followed\n"); 835 return -EINVAL; 836 } 837 i = j; 838 } 839 840 /* do some early checkings and initialize some things */ 841 i = 0; /* holds the expected nr. of entries for the chain */ 842 j = 0; /* holds the up to now counted entries for the chain */ 843 k = 0; /* holds the total nr. of entries, should equal 844 newinfo->nentries afterwards */ 845 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 846 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 847 ebt_check_entry_size_and_hooks, newinfo, 848 &i, &j, &k, &udc_cnt); 849 850 if (ret != 0) 851 return ret; 852 853 if (i != j) { 854 BUGPRINT("nentries does not equal the nr of entries in the " 855 "(last) chain\n"); 856 return -EINVAL; 857 } 858 if (k != newinfo->nentries) { 859 BUGPRINT("Total nentries is wrong\n"); 860 return -EINVAL; 861 } 862 863 /* get the location of the udc, put them in an array 864 while we're at it, allocate the chainstack */ 865 if (udc_cnt) { 866 /* this will get free'd in do_replace()/ebt_register_table() 867 if an error occurs */ 868 newinfo->chainstack = 869 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack))); 870 if (!newinfo->chainstack) 871 return -ENOMEM; 872 for_each_possible_cpu(i) { 873 newinfo->chainstack[i] = 874 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); 875 if (!newinfo->chainstack[i]) { 876 while (i) 877 vfree(newinfo->chainstack[--i]); 878 vfree(newinfo->chainstack); 879 newinfo->chainstack = NULL; 880 return -ENOMEM; 881 } 882 } 883 884 cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); 885 if (!cl_s) 886 return -ENOMEM; 887 i = 0; /* the i'th udc */ 888 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 889 ebt_get_udc_positions, newinfo, &i, cl_s); 890 /* sanity check */ 891 if (i != udc_cnt) { 892 BUGPRINT("i != udc_cnt\n"); 893 vfree(cl_s); 894 return -EFAULT; 895 } 896 } 897 898 /* Check for loops */ 899 for (i = 0; i < NF_BR_NUMHOOKS; i++) 900 if (newinfo->hook_entry[i]) 901 if (check_chainloops(newinfo->hook_entry[i], 902 cl_s, udc_cnt, i, newinfo->entries)) { 903 vfree(cl_s); 904 return -EINVAL; 905 } 906 907 /* we now know the following (along with E=mc²): 908 - the nr of entries in each chain is right 909 - the size of the allocated space is right 910 - all valid hooks have a corresponding chain 911 - there are no loops 912 - wrong data can still be on the level of a single entry 913 - could be there are jumps to places that are not the 914 beginning of a chain. This can only occur in chains that 915 are not accessible from any base chains, so we don't care. */ 916 917 /* used to know what we need to clean up if something goes wrong */ 918 i = 0; 919 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 920 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt); 921 if (ret != 0) { 922 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 923 ebt_cleanup_entry, &i); 924 } 925 vfree(cl_s); 926 return ret; 927} 928 929/* called under write_lock */ 930static void get_counters(struct ebt_counter *oldcounters, 931 struct ebt_counter *counters, unsigned int nentries) 932{ 933 int i, cpu; 934 struct ebt_counter *counter_base; 935 936 /* counters of cpu 0 */ 937 memcpy(counters, oldcounters, 938 sizeof(struct ebt_counter) * nentries); 939 940 /* add other counters to those of cpu 0 */ 941 for_each_possible_cpu(cpu) { 942 if (cpu == 0) 943 continue; 944 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 945 for (i = 0; i < nentries; i++) { 946 counters[i].pcnt += counter_base[i].pcnt; 947 counters[i].bcnt += counter_base[i].bcnt; 948 } 949 } 950} 951 952/* replace the table */ 953static int do_replace(void __user *user, unsigned int len) 954{ 955 int ret, i, countersize; 956 struct ebt_table_info *newinfo; 957 struct ebt_replace tmp; 958 struct ebt_table *t; 959 struct ebt_counter *counterstmp = NULL; 960 /* used to be able to unlock earlier */ 961 struct ebt_table_info *table; 962 963 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 964 return -EFAULT; 965 966 if (len != sizeof(tmp) + tmp.entries_size) { 967 BUGPRINT("Wrong len argument\n"); 968 return -EINVAL; 969 } 970 971 if (tmp.entries_size == 0) { 972 BUGPRINT("Entries_size never zero\n"); 973 return -EINVAL; 974 } 975 /* overflow check */ 976 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - 977 SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 978 return -ENOMEM; 979 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 980 return -ENOMEM; 981 982 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; 983 newinfo = vmalloc(sizeof(*newinfo) + countersize); 984 if (!newinfo) 985 return -ENOMEM; 986 987 if (countersize) 988 memset(newinfo->counters, 0, countersize); 989 990 newinfo->entries = vmalloc(tmp.entries_size); 991 if (!newinfo->entries) { 992 ret = -ENOMEM; 993 goto free_newinfo; 994 } 995 if (copy_from_user( 996 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 997 BUGPRINT("Couldn't copy entries from userspace\n"); 998 ret = -EFAULT; 999 goto free_entries; 1000 } 1001 1002 /* the user wants counters back 1003 the check on the size is done later, when we have the lock */ 1004 if (tmp.num_counters) { 1005 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp)); 1006 if (!counterstmp) { 1007 ret = -ENOMEM; 1008 goto free_entries; 1009 } 1010 } 1011 else 1012 counterstmp = NULL; 1013 1014 /* this can get initialized by translate_table() */ 1015 newinfo->chainstack = NULL; 1016 ret = ebt_verify_pointers(&tmp, newinfo); 1017 if (ret != 0) 1018 goto free_counterstmp; 1019 1020 ret = translate_table(tmp.name, newinfo); 1021 1022 if (ret != 0) 1023 goto free_counterstmp; 1024 1025 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1026 if (!t) { 1027 ret = -ENOENT; 1028 goto free_iterate; 1029 } 1030 1031 /* the table doesn't like it */ 1032 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 1033 goto free_unlock; 1034 1035 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 1036 BUGPRINT("Wrong nr. of counters requested\n"); 1037 ret = -EINVAL; 1038 goto free_unlock; 1039 } 1040 1041 /* we have the mutex lock, so no danger in reading this pointer */ 1042 table = t->private; 1043 /* make sure the table can only be rmmod'ed if it contains no rules */ 1044 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 1045 ret = -ENOENT; 1046 goto free_unlock; 1047 } else if (table->nentries && !newinfo->nentries) 1048 module_put(t->me); 1049 /* we need an atomic snapshot of the counters */ 1050 write_lock_bh(&t->lock); 1051 if (tmp.num_counters) 1052 get_counters(t->private->counters, counterstmp, 1053 t->private->nentries); 1054 1055 t->private = newinfo; 1056 write_unlock_bh(&t->lock); 1057 mutex_unlock(&ebt_mutex); 1058 /* so, a user can change the chains while having messed up her counter 1059 allocation. Only reason why this is done is because this way the lock 1060 is held only once, while this doesn't bring the kernel into a 1061 dangerous state. */ 1062 if (tmp.num_counters && 1063 copy_to_user(tmp.counters, counterstmp, 1064 tmp.num_counters * sizeof(struct ebt_counter))) { 1065 BUGPRINT("Couldn't copy counters to userspace\n"); 1066 ret = -EFAULT; 1067 } 1068 else 1069 ret = 0; 1070 1071 /* decrease module count and free resources */ 1072 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1073 ebt_cleanup_entry, NULL); 1074 1075 vfree(table->entries); 1076 if (table->chainstack) { 1077 for_each_possible_cpu(i) 1078 vfree(table->chainstack[i]); 1079 vfree(table->chainstack); 1080 } 1081 vfree(table); 1082 1083 vfree(counterstmp); 1084 return ret; 1085 1086free_unlock: 1087 mutex_unlock(&ebt_mutex); 1088free_iterate: 1089 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1090 ebt_cleanup_entry, NULL); 1091free_counterstmp: 1092 vfree(counterstmp); 1093 /* can be initialized in translate_table() */ 1094 if (newinfo->chainstack) { 1095 for_each_possible_cpu(i) 1096 vfree(newinfo->chainstack[i]); 1097 vfree(newinfo->chainstack); 1098 } 1099free_entries: 1100 vfree(newinfo->entries); 1101free_newinfo: 1102 vfree(newinfo); 1103 return ret; 1104} 1105 1106int ebt_register_target(struct ebt_target *target) 1107{ 1108 struct ebt_target *t; 1109 int ret; 1110 1111 ret = mutex_lock_interruptible(&ebt_mutex); 1112 if (ret != 0) 1113 return ret; 1114 list_for_each_entry(t, &ebt_targets, list) { 1115 if (strcmp(t->name, target->name) == 0) { 1116 mutex_unlock(&ebt_mutex); 1117 return -EEXIST; 1118 } 1119 } 1120 list_add(&target->list, &ebt_targets); 1121 mutex_unlock(&ebt_mutex); 1122 1123 return 0; 1124} 1125 1126void ebt_unregister_target(struct ebt_target *target) 1127{ 1128 mutex_lock(&ebt_mutex); 1129 list_del(&target->list); 1130 mutex_unlock(&ebt_mutex); 1131} 1132 1133int ebt_register_match(struct ebt_match *match) 1134{ 1135 struct ebt_match *m; 1136 int ret; 1137 1138 ret = mutex_lock_interruptible(&ebt_mutex); 1139 if (ret != 0) 1140 return ret; 1141 list_for_each_entry(m, &ebt_matches, list) { 1142 if (strcmp(m->name, match->name) == 0) { 1143 mutex_unlock(&ebt_mutex); 1144 return -EEXIST; 1145 } 1146 } 1147 list_add(&match->list, &ebt_matches); 1148 mutex_unlock(&ebt_mutex); 1149 1150 return 0; 1151} 1152 1153void ebt_unregister_match(struct ebt_match *match) 1154{ 1155 mutex_lock(&ebt_mutex); 1156 list_del(&match->list); 1157 mutex_unlock(&ebt_mutex); 1158} 1159 1160int ebt_register_watcher(struct ebt_watcher *watcher) 1161{ 1162 struct ebt_watcher *w; 1163 int ret; 1164 1165 ret = mutex_lock_interruptible(&ebt_mutex); 1166 if (ret != 0) 1167 return ret; 1168 list_for_each_entry(w, &ebt_watchers, list) { 1169 if (strcmp(w->name, watcher->name) == 0) { 1170 mutex_unlock(&ebt_mutex); 1171 return -EEXIST; 1172 } 1173 } 1174 list_add(&watcher->list, &ebt_watchers); 1175 mutex_unlock(&ebt_mutex); 1176 1177 return 0; 1178} 1179 1180void ebt_unregister_watcher(struct ebt_watcher *watcher) 1181{ 1182 mutex_lock(&ebt_mutex); 1183 list_del(&watcher->list); 1184 mutex_unlock(&ebt_mutex); 1185} 1186 1187int ebt_register_table(struct ebt_table *table) 1188{ 1189 struct ebt_table_info *newinfo; 1190 struct ebt_table *t; 1191 struct ebt_replace_kernel *repl; 1192 int ret, i, countersize; 1193 void *p; 1194 1195 if (!table || !(repl = table->table) || !repl->entries || 1196 repl->entries_size == 0 || 1197 repl->counters || table->private) { 1198 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1199 return -EINVAL; 1200 } 1201 1202 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids; 1203 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1204 ret = -ENOMEM; 1205 if (!newinfo) 1206 return -ENOMEM; 1207 1208 p = vmalloc(repl->entries_size); 1209 if (!p) 1210 goto free_newinfo; 1211 1212 memcpy(p, repl->entries, repl->entries_size); 1213 newinfo->entries = p; 1214 1215 newinfo->entries_size = repl->entries_size; 1216 newinfo->nentries = repl->nentries; 1217 1218 if (countersize) 1219 memset(newinfo->counters, 0, countersize); 1220 1221 /* fill in newinfo and parse the entries */ 1222 newinfo->chainstack = NULL; 1223 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 1224 if ((repl->valid_hooks & (1 << i)) == 0) 1225 newinfo->hook_entry[i] = NULL; 1226 else 1227 newinfo->hook_entry[i] = p + 1228 ((char *)repl->hook_entry[i] - repl->entries); 1229 } 1230 ret = translate_table(repl->name, newinfo); 1231 if (ret != 0) { 1232 BUGPRINT("Translate_table failed\n"); 1233 goto free_chainstack; 1234 } 1235 1236 if (table->check && table->check(newinfo, table->valid_hooks)) { 1237 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1238 return -EINVAL; 1239 } 1240 1241 table->private = newinfo; 1242 rwlock_init(&table->lock); 1243 ret = mutex_lock_interruptible(&ebt_mutex); 1244 if (ret != 0) 1245 goto free_chainstack; 1246 1247 list_for_each_entry(t, &ebt_tables, list) { 1248 if (strcmp(t->name, table->name) == 0) { 1249 ret = -EEXIST; 1250 BUGPRINT("Table name already exists\n"); 1251 goto free_unlock; 1252 } 1253 } 1254 1255 /* Hold a reference count if the chains aren't empty */ 1256 if (newinfo->nentries && !try_module_get(table->me)) { 1257 ret = -ENOENT; 1258 goto free_unlock; 1259 } 1260 list_add(&table->list, &ebt_tables); 1261 mutex_unlock(&ebt_mutex); 1262 return 0; 1263free_unlock: 1264 mutex_unlock(&ebt_mutex); 1265free_chainstack: 1266 if (newinfo->chainstack) { 1267 for_each_possible_cpu(i) 1268 vfree(newinfo->chainstack[i]); 1269 vfree(newinfo->chainstack); 1270 } 1271 vfree(newinfo->entries); 1272free_newinfo: 1273 vfree(newinfo); 1274 return ret; 1275} 1276 1277void ebt_unregister_table(struct ebt_table *table) 1278{ 1279 int i; 1280 1281 if (!table) { 1282 BUGPRINT("Request to unregister NULL table!!!\n"); 1283 return; 1284 } 1285 mutex_lock(&ebt_mutex); 1286 list_del(&table->list); 1287 mutex_unlock(&ebt_mutex); 1288 vfree(table->private->entries); 1289 if (table->private->chainstack) { 1290 for_each_possible_cpu(i) 1291 vfree(table->private->chainstack[i]); 1292 vfree(table->private->chainstack); 1293 } 1294 vfree(table->private); 1295} 1296 1297/* userspace just supplied us with counters */ 1298static int update_counters(void __user *user, unsigned int len) 1299{ 1300 int i, ret; 1301 struct ebt_counter *tmp; 1302 struct ebt_replace hlp; 1303 struct ebt_table *t; 1304 1305 if (copy_from_user(&hlp, user, sizeof(hlp))) 1306 return -EFAULT; 1307 1308 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1309 return -EINVAL; 1310 if (hlp.num_counters == 0) 1311 return -EINVAL; 1312 1313 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) { 1314 MEMPRINT("Update_counters && nomemory\n"); 1315 return -ENOMEM; 1316 } 1317 1318 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1319 if (!t) 1320 goto free_tmp; 1321 1322 if (hlp.num_counters != t->private->nentries) { 1323 BUGPRINT("Wrong nr of counters\n"); 1324 ret = -EINVAL; 1325 goto unlock_mutex; 1326 } 1327 1328 if ( copy_from_user(tmp, hlp.counters, 1329 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1330 BUGPRINT("Updata_counters && !cfu\n"); 1331 ret = -EFAULT; 1332 goto unlock_mutex; 1333 } 1334 1335 /* we want an atomic add of the counters */ 1336 write_lock_bh(&t->lock); 1337 1338 /* we add to the counters of the first cpu */ 1339 for (i = 0; i < hlp.num_counters; i++) { 1340 t->private->counters[i].pcnt += tmp[i].pcnt; 1341 t->private->counters[i].bcnt += tmp[i].bcnt; 1342 } 1343 1344 write_unlock_bh(&t->lock); 1345 ret = 0; 1346unlock_mutex: 1347 mutex_unlock(&ebt_mutex); 1348free_tmp: 1349 vfree(tmp); 1350 return ret; 1351} 1352 1353static inline int ebt_make_matchname(struct ebt_entry_match *m, 1354 char *base, char __user *ubase) 1355{ 1356 char __user *hlp = ubase + ((char *)m - base); 1357 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1358 return -EFAULT; 1359 return 0; 1360} 1361 1362static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1363 char *base, char __user *ubase) 1364{ 1365 char __user *hlp = ubase + ((char *)w - base); 1366 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1367 return -EFAULT; 1368 return 0; 1369} 1370 1371static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase) 1372{ 1373 int ret; 1374 char __user *hlp; 1375 struct ebt_entry_target *t; 1376 1377 if (e->bitmask == 0) 1378 return 0; 1379 1380 hlp = ubase + (((char *)e + e->target_offset) - base); 1381 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1382 1383 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1384 if (ret != 0) 1385 return ret; 1386 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1387 if (ret != 0) 1388 return ret; 1389 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1390 return -EFAULT; 1391 return 0; 1392} 1393 1394/* called with ebt_mutex locked */ 1395static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1396 int *len, int cmd) 1397{ 1398 struct ebt_replace tmp; 1399 struct ebt_counter *counterstmp, *oldcounters; 1400 unsigned int entries_size, nentries; 1401 char *entries; 1402 1403 if (cmd == EBT_SO_GET_ENTRIES) { 1404 entries_size = t->private->entries_size; 1405 nentries = t->private->nentries; 1406 entries = t->private->entries; 1407 oldcounters = t->private->counters; 1408 } else { 1409 entries_size = t->table->entries_size; 1410 nentries = t->table->nentries; 1411 entries = t->table->entries; 1412 oldcounters = t->table->counters; 1413 } 1414 1415 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1416 BUGPRINT("Cfu didn't work\n"); 1417 return -EFAULT; 1418 } 1419 1420 if (*len != sizeof(struct ebt_replace) + entries_size + 1421 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1422 BUGPRINT("Wrong size\n"); 1423 return -EINVAL; 1424 } 1425 1426 if (tmp.nentries != nentries) { 1427 BUGPRINT("Nentries wrong\n"); 1428 return -EINVAL; 1429 } 1430 1431 if (tmp.entries_size != entries_size) { 1432 BUGPRINT("Wrong size\n"); 1433 return -EINVAL; 1434 } 1435 1436 /* userspace might not need the counters */ 1437 if (tmp.num_counters) { 1438 if (tmp.num_counters != nentries) { 1439 BUGPRINT("Num_counters wrong\n"); 1440 return -EINVAL; 1441 } 1442 counterstmp = vmalloc(nentries * sizeof(*counterstmp)); 1443 if (!counterstmp) { 1444 MEMPRINT("Couldn't copy counters, out of memory\n"); 1445 return -ENOMEM; 1446 } 1447 write_lock_bh(&t->lock); 1448 get_counters(oldcounters, counterstmp, nentries); 1449 write_unlock_bh(&t->lock); 1450 1451 if (copy_to_user(tmp.counters, counterstmp, 1452 nentries * sizeof(struct ebt_counter))) { 1453 BUGPRINT("Couldn't copy counters to userspace\n"); 1454 vfree(counterstmp); 1455 return -EFAULT; 1456 } 1457 vfree(counterstmp); 1458 } 1459 1460 if (copy_to_user(tmp.entries, entries, entries_size)) { 1461 BUGPRINT("Couldn't copy entries to userspace\n"); 1462 return -EFAULT; 1463 } 1464 /* set the match/watcher/target names right */ 1465 return EBT_ENTRY_ITERATE(entries, entries_size, 1466 ebt_make_names, entries, tmp.entries); 1467} 1468 1469static int do_ebt_set_ctl(struct sock *sk, 1470 int cmd, void __user *user, unsigned int len) 1471{ 1472 int ret; 1473 1474 switch(cmd) { 1475 case EBT_SO_SET_ENTRIES: 1476 ret = do_replace(user, len); 1477 break; 1478 case EBT_SO_SET_COUNTERS: 1479 ret = update_counters(user, len); 1480 break; 1481 default: 1482 ret = -EINVAL; 1483 } 1484 return ret; 1485} 1486 1487static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1488{ 1489 int ret; 1490 struct ebt_replace tmp; 1491 struct ebt_table *t; 1492 1493 if (copy_from_user(&tmp, user, sizeof(tmp))) 1494 return -EFAULT; 1495 1496 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1497 if (!t) 1498 return ret; 1499 1500 switch(cmd) { 1501 case EBT_SO_GET_INFO: 1502 case EBT_SO_GET_INIT_INFO: 1503 if (*len != sizeof(struct ebt_replace)){ 1504 ret = -EINVAL; 1505 mutex_unlock(&ebt_mutex); 1506 break; 1507 } 1508 if (cmd == EBT_SO_GET_INFO) { 1509 tmp.nentries = t->private->nentries; 1510 tmp.entries_size = t->private->entries_size; 1511 tmp.valid_hooks = t->valid_hooks; 1512 } else { 1513 tmp.nentries = t->table->nentries; 1514 tmp.entries_size = t->table->entries_size; 1515 tmp.valid_hooks = t->table->valid_hooks; 1516 } 1517 mutex_unlock(&ebt_mutex); 1518 if (copy_to_user(user, &tmp, *len) != 0){ 1519 BUGPRINT("c2u Didn't work\n"); 1520 ret = -EFAULT; 1521 break; 1522 } 1523 ret = 0; 1524 break; 1525 1526 case EBT_SO_GET_ENTRIES: 1527 case EBT_SO_GET_INIT_ENTRIES: 1528 ret = copy_everything_to_user(t, user, len, cmd); 1529 mutex_unlock(&ebt_mutex); 1530 break; 1531 1532 default: 1533 mutex_unlock(&ebt_mutex); 1534 ret = -EINVAL; 1535 } 1536 1537 return ret; 1538} 1539 1540static struct nf_sockopt_ops ebt_sockopts = 1541{ 1542 .pf = PF_INET, 1543 .set_optmin = EBT_BASE_CTL, 1544 .set_optmax = EBT_SO_SET_MAX + 1, 1545 .set = do_ebt_set_ctl, 1546 .get_optmin = EBT_BASE_CTL, 1547 .get_optmax = EBT_SO_GET_MAX + 1, 1548 .get = do_ebt_get_ctl, 1549 .owner = THIS_MODULE, 1550}; 1551 1552static int __init ebtables_init(void) 1553{ 1554 int ret; 1555 1556 ret = xt_register_target(&ebt_standard_target); 1557 if (ret < 0) 1558 return ret; 1559 ret = nf_register_sockopt(&ebt_sockopts); 1560 if (ret < 0) { 1561 xt_unregister_target(&ebt_standard_target); 1562 return ret; 1563 } 1564 1565 printk(KERN_INFO "Ebtables v2.0 registered\n"); 1566 return 0; 1567} 1568 1569static void __exit ebtables_fini(void) 1570{ 1571 nf_unregister_sockopt(&ebt_sockopts); 1572 xt_unregister_target(&ebt_standard_target); 1573 printk(KERN_INFO "Ebtables v2.0 unregistered\n"); 1574} 1575 1576EXPORT_SYMBOL(ebt_register_table); 1577EXPORT_SYMBOL(ebt_unregister_table); 1578EXPORT_SYMBOL(ebt_register_match); 1579EXPORT_SYMBOL(ebt_unregister_match); 1580EXPORT_SYMBOL(ebt_register_watcher); 1581EXPORT_SYMBOL(ebt_unregister_watcher); 1582EXPORT_SYMBOL(ebt_register_target); 1583EXPORT_SYMBOL(ebt_unregister_target); 1584EXPORT_SYMBOL(ebt_do_table); 1585module_init(ebtables_init); 1586module_exit(ebtables_fini); 1587MODULE_LICENSE("GPL"); 1588