ebtables.c revision 6f912042256c12b0927438122594f5379b364f5d
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18/* used for print_string */ 19#include <linux/sched.h> 20#include <linux/tty.h> 21 22#include <linux/kmod.h> 23#include <linux/module.h> 24#include <linux/vmalloc.h> 25#include <linux/netfilter_bridge/ebtables.h> 26#include <linux/spinlock.h> 27#include <asm/uaccess.h> 28#include <linux/smp.h> 29#include <linux/cpumask.h> 30#include <net/sock.h> 31/* needed for logical [in,out]-dev filtering */ 32#include "../br_private.h" 33 34/* list_named_find */ 35#define ASSERT_READ_LOCK(x) 36#define ASSERT_WRITE_LOCK(x) 37#include <linux/netfilter_ipv4/listhelp.h> 38#include <linux/mutex.h> 39 40#if 0 41/* use this for remote debugging 42 * Copyright (C) 1998 by Ori Pomerantz 43 * Print the string to the appropriate tty, the one 44 * the current task uses 45 */ 46static void print_string(char *str) 47{ 48 struct tty_struct *my_tty; 49 50 /* The tty for the current task */ 51 my_tty = current->signal->tty; 52 if (my_tty != NULL) { 53 my_tty->driver->write(my_tty, 0, str, strlen(str)); 54 my_tty->driver->write(my_tty, 0, "\015\012", 2); 55 } 56} 57 58#define BUGPRINT(args) print_string(args); 59#else 60#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 61 "report to author: "format, ## args) 62/* #define BUGPRINT(format, args...) */ 63#endif 64#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 65 ": out of memory: "format, ## args) 66/* #define MEMPRINT(format, args...) */ 67 68 69 70/* 71 * Each cpu has its own set of counters, so there is no need for write_lock in 72 * the softirq 73 * For reading or updating the counters, the user context needs to 74 * get a write_lock 75 */ 76 77/* The size of each set of counters is altered to get cache alignment */ 78#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 79#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 80#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 81 COUNTER_OFFSET(n) * cpu)) 82 83 84 85static DEFINE_MUTEX(ebt_mutex); 86static LIST_HEAD(ebt_tables); 87static LIST_HEAD(ebt_targets); 88static LIST_HEAD(ebt_matches); 89static LIST_HEAD(ebt_watchers); 90 91static struct ebt_target ebt_standard_target = 92{ {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL}; 93 94static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 95 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 96 const struct net_device *out) 97{ 98 w->u.watcher->watcher(skb, hooknr, in, out, w->data, 99 w->watcher_size); 100 /* watchers don't give a verdict */ 101 return 0; 102} 103 104static inline int ebt_do_match (struct ebt_entry_match *m, 105 const struct sk_buff *skb, const struct net_device *in, 106 const struct net_device *out) 107{ 108 return m->u.match->match(skb, in, out, m->data, 109 m->match_size); 110} 111 112static inline int ebt_dev_check(char *entry, const struct net_device *device) 113{ 114 int i = 0; 115 char *devname = device->name; 116 117 if (*entry == '\0') 118 return 0; 119 if (!device) 120 return 1; 121 /* 1 is the wildcard token */ 122 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 123 i++; 124 return (devname[i] != entry[i] && entry[i] != 1); 125} 126 127#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 128/* process standard matches */ 129static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 130 const struct net_device *in, const struct net_device *out) 131{ 132 int verdict, i; 133 134 if (e->bitmask & EBT_802_3) { 135 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 136 return 1; 137 } else if (!(e->bitmask & EBT_NOPROTO) && 138 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 139 return 1; 140 141 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 142 return 1; 143 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 144 return 1; 145 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 146 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 147 return 1; 148 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 149 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 150 return 1; 151 152 if (e->bitmask & EBT_SOURCEMAC) { 153 verdict = 0; 154 for (i = 0; i < 6; i++) 155 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 156 e->sourcemsk[i]; 157 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 158 return 1; 159 } 160 if (e->bitmask & EBT_DESTMAC) { 161 verdict = 0; 162 for (i = 0; i < 6; i++) 163 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 164 e->destmsk[i]; 165 if (FWINV2(verdict != 0, EBT_IDEST) ) 166 return 1; 167 } 168 return 0; 169} 170 171/* Do some firewalling */ 172unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, 173 const struct net_device *in, const struct net_device *out, 174 struct ebt_table *table) 175{ 176 int i, nentries; 177 struct ebt_entry *point; 178 struct ebt_counter *counter_base, *cb_base; 179 struct ebt_entry_target *t; 180 int verdict, sp = 0; 181 struct ebt_chainstack *cs; 182 struct ebt_entries *chaininfo; 183 char *base; 184 struct ebt_table_info *private; 185 186 read_lock_bh(&table->lock); 187 private = table->private; 188 cb_base = COUNTER_BASE(private->counters, private->nentries, 189 smp_processor_id()); 190 if (private->chainstack) 191 cs = private->chainstack[smp_processor_id()]; 192 else 193 cs = NULL; 194 chaininfo = private->hook_entry[hook]; 195 nentries = private->hook_entry[hook]->nentries; 196 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 197 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 198 /* base for chain jumps */ 199 base = private->entries; 200 i = 0; 201 while (i < nentries) { 202 if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) 203 goto letscontinue; 204 205 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) 206 goto letscontinue; 207 208 /* increase counter */ 209 (*(counter_base + i)).pcnt++; 210 (*(counter_base + i)).bcnt+=(**pskb).len; 211 212 /* these should only watch: not modify, nor tell us 213 what to do with the packet */ 214 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, 215 out); 216 217 t = (struct ebt_entry_target *) 218 (((char *)point) + point->target_offset); 219 /* standard target */ 220 if (!t->u.target->target) 221 verdict = ((struct ebt_standard_target *)t)->verdict; 222 else 223 verdict = t->u.target->target(pskb, hook, 224 in, out, t->data, t->target_size); 225 if (verdict == EBT_ACCEPT) { 226 read_unlock_bh(&table->lock); 227 return NF_ACCEPT; 228 } 229 if (verdict == EBT_DROP) { 230 read_unlock_bh(&table->lock); 231 return NF_DROP; 232 } 233 if (verdict == EBT_RETURN) { 234letsreturn: 235#ifdef CONFIG_NETFILTER_DEBUG 236 if (sp == 0) { 237 BUGPRINT("RETURN on base chain"); 238 /* act like this is EBT_CONTINUE */ 239 goto letscontinue; 240 } 241#endif 242 sp--; 243 /* put all the local variables right */ 244 i = cs[sp].n; 245 chaininfo = cs[sp].chaininfo; 246 nentries = chaininfo->nentries; 247 point = cs[sp].e; 248 counter_base = cb_base + 249 chaininfo->counter_offset; 250 continue; 251 } 252 if (verdict == EBT_CONTINUE) 253 goto letscontinue; 254#ifdef CONFIG_NETFILTER_DEBUG 255 if (verdict < 0) { 256 BUGPRINT("bogus standard verdict\n"); 257 read_unlock_bh(&table->lock); 258 return NF_DROP; 259 } 260#endif 261 /* jump to a udc */ 262 cs[sp].n = i + 1; 263 cs[sp].chaininfo = chaininfo; 264 cs[sp].e = (struct ebt_entry *) 265 (((char *)point) + point->next_offset); 266 i = 0; 267 chaininfo = (struct ebt_entries *) (base + verdict); 268#ifdef CONFIG_NETFILTER_DEBUG 269 if (chaininfo->distinguisher) { 270 BUGPRINT("jump to non-chain\n"); 271 read_unlock_bh(&table->lock); 272 return NF_DROP; 273 } 274#endif 275 nentries = chaininfo->nentries; 276 point = (struct ebt_entry *)chaininfo->data; 277 counter_base = cb_base + chaininfo->counter_offset; 278 sp++; 279 continue; 280letscontinue: 281 point = (struct ebt_entry *) 282 (((char *)point) + point->next_offset); 283 i++; 284 } 285 286 /* I actually like this :) */ 287 if (chaininfo->policy == EBT_RETURN) 288 goto letsreturn; 289 if (chaininfo->policy == EBT_ACCEPT) { 290 read_unlock_bh(&table->lock); 291 return NF_ACCEPT; 292 } 293 read_unlock_bh(&table->lock); 294 return NF_DROP; 295} 296 297/* If it succeeds, returns element and locks mutex */ 298static inline void * 299find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 300 struct mutex *mutex) 301{ 302 void *ret; 303 304 *error = mutex_lock_interruptible(mutex); 305 if (*error != 0) 306 return NULL; 307 308 ret = list_named_find(head, name); 309 if (!ret) { 310 *error = -ENOENT; 311 mutex_unlock(mutex); 312 } 313 return ret; 314} 315 316#ifndef CONFIG_KMOD 317#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) 318#else 319static void * 320find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 321 int *error, struct mutex *mutex) 322{ 323 void *ret; 324 325 ret = find_inlist_lock_noload(head, name, error, mutex); 326 if (!ret) { 327 request_module("%s%s", prefix, name); 328 ret = find_inlist_lock_noload(head, name, error, mutex); 329 } 330 return ret; 331} 332#endif 333 334static inline struct ebt_table * 335find_table_lock(const char *name, int *error, struct mutex *mutex) 336{ 337 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 338} 339 340static inline struct ebt_match * 341find_match_lock(const char *name, int *error, struct mutex *mutex) 342{ 343 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex); 344} 345 346static inline struct ebt_watcher * 347find_watcher_lock(const char *name, int *error, struct mutex *mutex) 348{ 349 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex); 350} 351 352static inline struct ebt_target * 353find_target_lock(const char *name, int *error, struct mutex *mutex) 354{ 355 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex); 356} 357 358static inline int 359ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 360 const char *name, unsigned int hookmask, unsigned int *cnt) 361{ 362 struct ebt_match *match; 363 int ret; 364 365 if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) > 366 ((char *)e) + e->watchers_offset) 367 return -EINVAL; 368 match = find_match_lock(m->u.name, &ret, &ebt_mutex); 369 if (!match) 370 return ret; 371 m->u.match = match; 372 if (!try_module_get(match->me)) { 373 mutex_unlock(&ebt_mutex); 374 return -ENOENT; 375 } 376 mutex_unlock(&ebt_mutex); 377 if (match->check && 378 match->check(name, hookmask, e, m->data, m->match_size) != 0) { 379 BUGPRINT("match->check failed\n"); 380 module_put(match->me); 381 return -EINVAL; 382 } 383 (*cnt)++; 384 return 0; 385} 386 387static inline int 388ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 389 const char *name, unsigned int hookmask, unsigned int *cnt) 390{ 391 struct ebt_watcher *watcher; 392 int ret; 393 394 if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) > 395 ((char *)e) + e->target_offset) 396 return -EINVAL; 397 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); 398 if (!watcher) 399 return ret; 400 w->u.watcher = watcher; 401 if (!try_module_get(watcher->me)) { 402 mutex_unlock(&ebt_mutex); 403 return -ENOENT; 404 } 405 mutex_unlock(&ebt_mutex); 406 if (watcher->check && 407 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { 408 BUGPRINT("watcher->check failed\n"); 409 module_put(watcher->me); 410 return -EINVAL; 411 } 412 (*cnt)++; 413 return 0; 414} 415 416/* 417 * this one is very careful, as it is the first function 418 * to parse the userspace data 419 */ 420static inline int 421ebt_check_entry_size_and_hooks(struct ebt_entry *e, 422 struct ebt_table_info *newinfo, char *base, char *limit, 423 struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt, 424 unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks) 425{ 426 int i; 427 428 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 429 if ((valid_hooks & (1 << i)) == 0) 430 continue; 431 if ( (char *)hook_entries[i] - base == 432 (char *)e - newinfo->entries) 433 break; 434 } 435 /* beginning of a new chain 436 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 437 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 438 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) { 439 /* we make userspace set this right, 440 so there is no misunderstanding */ 441 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 442 "in distinguisher\n"); 443 return -EINVAL; 444 } 445 /* this checks if the previous chain has as many entries 446 as it said it has */ 447 if (*n != *cnt) { 448 BUGPRINT("nentries does not equal the nr of entries " 449 "in the chain\n"); 450 return -EINVAL; 451 } 452 /* before we look at the struct, be sure it is not too big */ 453 if ((char *)hook_entries[i] + sizeof(struct ebt_entries) 454 > limit) { 455 BUGPRINT("entries_size too small\n"); 456 return -EINVAL; 457 } 458 if (((struct ebt_entries *)e)->policy != EBT_DROP && 459 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 460 /* only RETURN from udc */ 461 if (i != NF_BR_NUMHOOKS || 462 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 463 BUGPRINT("bad policy\n"); 464 return -EINVAL; 465 } 466 } 467 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 468 (*udc_cnt)++; 469 else 470 newinfo->hook_entry[i] = (struct ebt_entries *)e; 471 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 472 BUGPRINT("counter_offset != totalcnt"); 473 return -EINVAL; 474 } 475 *n = ((struct ebt_entries *)e)->nentries; 476 *cnt = 0; 477 return 0; 478 } 479 /* a plain old entry, heh */ 480 if (sizeof(struct ebt_entry) > e->watchers_offset || 481 e->watchers_offset > e->target_offset || 482 e->target_offset >= e->next_offset) { 483 BUGPRINT("entry offsets not in right order\n"); 484 return -EINVAL; 485 } 486 /* this is not checked anywhere else */ 487 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 488 BUGPRINT("target size too small\n"); 489 return -EINVAL; 490 } 491 492 (*cnt)++; 493 (*totalcnt)++; 494 return 0; 495} 496 497struct ebt_cl_stack 498{ 499 struct ebt_chainstack cs; 500 int from; 501 unsigned int hookmask; 502}; 503 504/* 505 * we need these positions to check that the jumps to a different part of the 506 * entries is a jump to the beginning of a new chain. 507 */ 508static inline int 509ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 510 struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks, 511 struct ebt_cl_stack *udc) 512{ 513 int i; 514 515 /* we're only interested in chain starts */ 516 if (e->bitmask & EBT_ENTRY_OR_ENTRIES) 517 return 0; 518 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 519 if ((valid_hooks & (1 << i)) == 0) 520 continue; 521 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 522 break; 523 } 524 /* only care about udc */ 525 if (i != NF_BR_NUMHOOKS) 526 return 0; 527 528 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 529 /* these initialisations are depended on later in check_chainloops() */ 530 udc[*n].cs.n = 0; 531 udc[*n].hookmask = 0; 532 533 (*n)++; 534 return 0; 535} 536 537static inline int 538ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 539{ 540 if (i && (*i)-- == 0) 541 return 1; 542 if (m->u.match->destroy) 543 m->u.match->destroy(m->data, m->match_size); 544 module_put(m->u.match->me); 545 546 return 0; 547} 548 549static inline int 550ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 551{ 552 if (i && (*i)-- == 0) 553 return 1; 554 if (w->u.watcher->destroy) 555 w->u.watcher->destroy(w->data, w->watcher_size); 556 module_put(w->u.watcher->me); 557 558 return 0; 559} 560 561static inline int 562ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 563{ 564 struct ebt_entry_target *t; 565 566 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) 567 return 0; 568 /* we're done */ 569 if (cnt && (*cnt)-- == 0) 570 return 1; 571 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 572 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 573 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 574 if (t->u.target->destroy) 575 t->u.target->destroy(t->data, t->target_size); 576 module_put(t->u.target->me); 577 578 return 0; 579} 580 581static inline int 582ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 583 const char *name, unsigned int *cnt, unsigned int valid_hooks, 584 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 585{ 586 struct ebt_entry_target *t; 587 struct ebt_target *target; 588 unsigned int i, j, hook = 0, hookmask = 0; 589 int ret; 590 591 /* don't mess with the struct ebt_entries */ 592 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) 593 return 0; 594 595 if (e->bitmask & ~EBT_F_MASK) { 596 BUGPRINT("Unknown flag for bitmask\n"); 597 return -EINVAL; 598 } 599 if (e->invflags & ~EBT_INV_MASK) { 600 BUGPRINT("Unknown flag for inv bitmask\n"); 601 return -EINVAL; 602 } 603 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 604 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 605 return -EINVAL; 606 } 607 /* what hook do we belong to? */ 608 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 609 if ((valid_hooks & (1 << i)) == 0) 610 continue; 611 if ((char *)newinfo->hook_entry[i] < (char *)e) 612 hook = i; 613 else 614 break; 615 } 616 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 617 a base chain */ 618 if (i < NF_BR_NUMHOOKS) 619 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 620 else { 621 for (i = 0; i < udc_cnt; i++) 622 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 623 break; 624 if (i == 0) 625 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 626 else 627 hookmask = cl_s[i - 1].hookmask; 628 } 629 i = 0; 630 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); 631 if (ret != 0) 632 goto cleanup_matches; 633 j = 0; 634 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); 635 if (ret != 0) 636 goto cleanup_watchers; 637 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 638 target = find_target_lock(t->u.name, &ret, &ebt_mutex); 639 if (!target) 640 goto cleanup_watchers; 641 if (!try_module_get(target->me)) { 642 mutex_unlock(&ebt_mutex); 643 ret = -ENOENT; 644 goto cleanup_watchers; 645 } 646 mutex_unlock(&ebt_mutex); 647 648 t->u.target = target; 649 if (t->u.target == &ebt_standard_target) { 650 if (e->target_offset + sizeof(struct ebt_standard_target) > 651 e->next_offset) { 652 BUGPRINT("Standard target size too big\n"); 653 ret = -EFAULT; 654 goto cleanup_watchers; 655 } 656 if (((struct ebt_standard_target *)t)->verdict < 657 -NUM_STANDARD_TARGETS) { 658 BUGPRINT("Invalid standard target\n"); 659 ret = -EFAULT; 660 goto cleanup_watchers; 661 } 662 } else if ((e->target_offset + t->target_size + 663 sizeof(struct ebt_entry_target) > e->next_offset) || 664 (t->u.target->check && 665 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){ 666 module_put(t->u.target->me); 667 ret = -EFAULT; 668 goto cleanup_watchers; 669 } 670 (*cnt)++; 671 return 0; 672cleanup_watchers: 673 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 674cleanup_matches: 675 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 676 return ret; 677} 678 679/* 680 * checks for loops and sets the hook mask for udc 681 * the hook mask for udc tells us from which base chains the udc can be 682 * accessed. This mask is a parameter to the check() functions of the extensions 683 */ 684static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 685 unsigned int udc_cnt, unsigned int hooknr, char *base) 686{ 687 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 688 struct ebt_entry *e = (struct ebt_entry *)chain->data; 689 struct ebt_entry_target *t; 690 691 while (pos < nentries || chain_nr != -1) { 692 /* end of udc, go back one 'recursion' step */ 693 if (pos == nentries) { 694 /* put back values of the time when this chain was called */ 695 e = cl_s[chain_nr].cs.e; 696 if (cl_s[chain_nr].from != -1) 697 nentries = 698 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 699 else 700 nentries = chain->nentries; 701 pos = cl_s[chain_nr].cs.n; 702 /* make sure we won't see a loop that isn't one */ 703 cl_s[chain_nr].cs.n = 0; 704 chain_nr = cl_s[chain_nr].from; 705 if (pos == nentries) 706 continue; 707 } 708 t = (struct ebt_entry_target *) 709 (((char *)e) + e->target_offset); 710 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 711 goto letscontinue; 712 if (e->target_offset + sizeof(struct ebt_standard_target) > 713 e->next_offset) { 714 BUGPRINT("Standard target size too big\n"); 715 return -1; 716 } 717 verdict = ((struct ebt_standard_target *)t)->verdict; 718 if (verdict >= 0) { /* jump to another chain */ 719 struct ebt_entries *hlp2 = 720 (struct ebt_entries *)(base + verdict); 721 for (i = 0; i < udc_cnt; i++) 722 if (hlp2 == cl_s[i].cs.chaininfo) 723 break; 724 /* bad destination or loop */ 725 if (i == udc_cnt) { 726 BUGPRINT("bad destination\n"); 727 return -1; 728 } 729 if (cl_s[i].cs.n) { 730 BUGPRINT("loop\n"); 731 return -1; 732 } 733 /* this can't be 0, so the above test is correct */ 734 cl_s[i].cs.n = pos + 1; 735 pos = 0; 736 cl_s[i].cs.e = ((void *)e + e->next_offset); 737 e = (struct ebt_entry *)(hlp2->data); 738 nentries = hlp2->nentries; 739 cl_s[i].from = chain_nr; 740 chain_nr = i; 741 /* this udc is accessible from the base chain for hooknr */ 742 cl_s[i].hookmask |= (1 << hooknr); 743 continue; 744 } 745letscontinue: 746 e = (void *)e + e->next_offset; 747 pos++; 748 } 749 return 0; 750} 751 752/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 753static int translate_table(struct ebt_replace *repl, 754 struct ebt_table_info *newinfo) 755{ 756 unsigned int i, j, k, udc_cnt; 757 int ret; 758 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 759 760 i = 0; 761 while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) 762 i++; 763 if (i == NF_BR_NUMHOOKS) { 764 BUGPRINT("No valid hooks specified\n"); 765 return -EINVAL; 766 } 767 if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) { 768 BUGPRINT("Chains don't start at beginning\n"); 769 return -EINVAL; 770 } 771 /* make sure chains are ordered after each other in same order 772 as their corresponding hooks */ 773 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 774 if (!(repl->valid_hooks & (1 << j))) 775 continue; 776 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) { 777 BUGPRINT("Hook order must be followed\n"); 778 return -EINVAL; 779 } 780 i = j; 781 } 782 783 for (i = 0; i < NF_BR_NUMHOOKS; i++) 784 newinfo->hook_entry[i] = NULL; 785 786 newinfo->entries_size = repl->entries_size; 787 newinfo->nentries = repl->nentries; 788 789 /* do some early checkings and initialize some things */ 790 i = 0; /* holds the expected nr. of entries for the chain */ 791 j = 0; /* holds the up to now counted entries for the chain */ 792 k = 0; /* holds the total nr. of entries, should equal 793 newinfo->nentries afterwards */ 794 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 795 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 796 ebt_check_entry_size_and_hooks, newinfo, repl->entries, 797 repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k, 798 &udc_cnt, repl->valid_hooks); 799 800 if (ret != 0) 801 return ret; 802 803 if (i != j) { 804 BUGPRINT("nentries does not equal the nr of entries in the " 805 "(last) chain\n"); 806 return -EINVAL; 807 } 808 if (k != newinfo->nentries) { 809 BUGPRINT("Total nentries is wrong\n"); 810 return -EINVAL; 811 } 812 813 /* check if all valid hooks have a chain */ 814 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 815 if (newinfo->hook_entry[i] == NULL && 816 (repl->valid_hooks & (1 << i))) { 817 BUGPRINT("Valid hook without chain\n"); 818 return -EINVAL; 819 } 820 } 821 822 /* get the location of the udc, put them in an array 823 while we're at it, allocate the chainstack */ 824 if (udc_cnt) { 825 /* this will get free'd in do_replace()/ebt_register_table() 826 if an error occurs */ 827 newinfo->chainstack = (struct ebt_chainstack **) 828 vmalloc((highest_possible_processor_id()+1) 829 * sizeof(struct ebt_chainstack)); 830 if (!newinfo->chainstack) 831 return -ENOMEM; 832 for_each_possible_cpu(i) { 833 newinfo->chainstack[i] = 834 vmalloc(udc_cnt * sizeof(struct ebt_chainstack)); 835 if (!newinfo->chainstack[i]) { 836 while (i) 837 vfree(newinfo->chainstack[--i]); 838 vfree(newinfo->chainstack); 839 newinfo->chainstack = NULL; 840 return -ENOMEM; 841 } 842 } 843 844 cl_s = (struct ebt_cl_stack *) 845 vmalloc(udc_cnt * sizeof(struct ebt_cl_stack)); 846 if (!cl_s) 847 return -ENOMEM; 848 i = 0; /* the i'th udc */ 849 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 850 ebt_get_udc_positions, newinfo, repl->hook_entry, &i, 851 repl->valid_hooks, cl_s); 852 /* sanity check */ 853 if (i != udc_cnt) { 854 BUGPRINT("i != udc_cnt\n"); 855 vfree(cl_s); 856 return -EFAULT; 857 } 858 } 859 860 /* Check for loops */ 861 for (i = 0; i < NF_BR_NUMHOOKS; i++) 862 if (repl->valid_hooks & (1 << i)) 863 if (check_chainloops(newinfo->hook_entry[i], 864 cl_s, udc_cnt, i, newinfo->entries)) { 865 vfree(cl_s); 866 return -EINVAL; 867 } 868 869 /* we now know the following (along with E=mc�): 870 - the nr of entries in each chain is right 871 - the size of the allocated space is right 872 - all valid hooks have a corresponding chain 873 - there are no loops 874 - wrong data can still be on the level of a single entry 875 - could be there are jumps to places that are not the 876 beginning of a chain. This can only occur in chains that 877 are not accessible from any base chains, so we don't care. */ 878 879 /* used to know what we need to clean up if something goes wrong */ 880 i = 0; 881 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 882 ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks, 883 cl_s, udc_cnt); 884 if (ret != 0) { 885 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 886 ebt_cleanup_entry, &i); 887 } 888 vfree(cl_s); 889 return ret; 890} 891 892/* called under write_lock */ 893static void get_counters(struct ebt_counter *oldcounters, 894 struct ebt_counter *counters, unsigned int nentries) 895{ 896 int i, cpu; 897 struct ebt_counter *counter_base; 898 899 /* counters of cpu 0 */ 900 memcpy(counters, oldcounters, 901 sizeof(struct ebt_counter) * nentries); 902 903 /* add other counters to those of cpu 0 */ 904 for_each_possible_cpu(cpu) { 905 if (cpu == 0) 906 continue; 907 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 908 for (i = 0; i < nentries; i++) { 909 counters[i].pcnt += counter_base[i].pcnt; 910 counters[i].bcnt += counter_base[i].bcnt; 911 } 912 } 913} 914 915/* replace the table */ 916static int do_replace(void __user *user, unsigned int len) 917{ 918 int ret, i, countersize; 919 struct ebt_table_info *newinfo; 920 struct ebt_replace tmp; 921 struct ebt_table *t; 922 struct ebt_counter *counterstmp = NULL; 923 /* used to be able to unlock earlier */ 924 struct ebt_table_info *table; 925 926 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 927 return -EFAULT; 928 929 if (len != sizeof(tmp) + tmp.entries_size) { 930 BUGPRINT("Wrong len argument\n"); 931 return -EINVAL; 932 } 933 934 if (tmp.entries_size == 0) { 935 BUGPRINT("Entries_size never zero\n"); 936 return -EINVAL; 937 } 938 /* overflow check */ 939 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - 940 SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 941 return -ENOMEM; 942 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 943 return -ENOMEM; 944 945 countersize = COUNTER_OFFSET(tmp.nentries) * 946 (highest_possible_processor_id()+1); 947 newinfo = (struct ebt_table_info *) 948 vmalloc(sizeof(struct ebt_table_info) + countersize); 949 if (!newinfo) 950 return -ENOMEM; 951 952 if (countersize) 953 memset(newinfo->counters, 0, countersize); 954 955 newinfo->entries = vmalloc(tmp.entries_size); 956 if (!newinfo->entries) { 957 ret = -ENOMEM; 958 goto free_newinfo; 959 } 960 if (copy_from_user( 961 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 962 BUGPRINT("Couldn't copy entries from userspace\n"); 963 ret = -EFAULT; 964 goto free_entries; 965 } 966 967 /* the user wants counters back 968 the check on the size is done later, when we have the lock */ 969 if (tmp.num_counters) { 970 counterstmp = (struct ebt_counter *) 971 vmalloc(tmp.num_counters * sizeof(struct ebt_counter)); 972 if (!counterstmp) { 973 ret = -ENOMEM; 974 goto free_entries; 975 } 976 } 977 else 978 counterstmp = NULL; 979 980 /* this can get initialized by translate_table() */ 981 newinfo->chainstack = NULL; 982 ret = translate_table(&tmp, newinfo); 983 984 if (ret != 0) 985 goto free_counterstmp; 986 987 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 988 if (!t) { 989 ret = -ENOENT; 990 goto free_iterate; 991 } 992 993 /* the table doesn't like it */ 994 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 995 goto free_unlock; 996 997 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 998 BUGPRINT("Wrong nr. of counters requested\n"); 999 ret = -EINVAL; 1000 goto free_unlock; 1001 } 1002 1003 /* we have the mutex lock, so no danger in reading this pointer */ 1004 table = t->private; 1005 /* make sure the table can only be rmmod'ed if it contains no rules */ 1006 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 1007 ret = -ENOENT; 1008 goto free_unlock; 1009 } else if (table->nentries && !newinfo->nentries) 1010 module_put(t->me); 1011 /* we need an atomic snapshot of the counters */ 1012 write_lock_bh(&t->lock); 1013 if (tmp.num_counters) 1014 get_counters(t->private->counters, counterstmp, 1015 t->private->nentries); 1016 1017 t->private = newinfo; 1018 write_unlock_bh(&t->lock); 1019 mutex_unlock(&ebt_mutex); 1020 /* so, a user can change the chains while having messed up her counter 1021 allocation. Only reason why this is done is because this way the lock 1022 is held only once, while this doesn't bring the kernel into a 1023 dangerous state. */ 1024 if (tmp.num_counters && 1025 copy_to_user(tmp.counters, counterstmp, 1026 tmp.num_counters * sizeof(struct ebt_counter))) { 1027 BUGPRINT("Couldn't copy counters to userspace\n"); 1028 ret = -EFAULT; 1029 } 1030 else 1031 ret = 0; 1032 1033 /* decrease module count and free resources */ 1034 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1035 ebt_cleanup_entry, NULL); 1036 1037 vfree(table->entries); 1038 if (table->chainstack) { 1039 for_each_possible_cpu(i) 1040 vfree(table->chainstack[i]); 1041 vfree(table->chainstack); 1042 } 1043 vfree(table); 1044 1045 vfree(counterstmp); 1046 return ret; 1047 1048free_unlock: 1049 mutex_unlock(&ebt_mutex); 1050free_iterate: 1051 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1052 ebt_cleanup_entry, NULL); 1053free_counterstmp: 1054 vfree(counterstmp); 1055 /* can be initialized in translate_table() */ 1056 if (newinfo->chainstack) { 1057 for_each_possible_cpu(i) 1058 vfree(newinfo->chainstack[i]); 1059 vfree(newinfo->chainstack); 1060 } 1061free_entries: 1062 vfree(newinfo->entries); 1063free_newinfo: 1064 vfree(newinfo); 1065 return ret; 1066} 1067 1068int ebt_register_target(struct ebt_target *target) 1069{ 1070 int ret; 1071 1072 ret = mutex_lock_interruptible(&ebt_mutex); 1073 if (ret != 0) 1074 return ret; 1075 if (!list_named_insert(&ebt_targets, target)) { 1076 mutex_unlock(&ebt_mutex); 1077 return -EEXIST; 1078 } 1079 mutex_unlock(&ebt_mutex); 1080 1081 return 0; 1082} 1083 1084void ebt_unregister_target(struct ebt_target *target) 1085{ 1086 mutex_lock(&ebt_mutex); 1087 LIST_DELETE(&ebt_targets, target); 1088 mutex_unlock(&ebt_mutex); 1089} 1090 1091int ebt_register_match(struct ebt_match *match) 1092{ 1093 int ret; 1094 1095 ret = mutex_lock_interruptible(&ebt_mutex); 1096 if (ret != 0) 1097 return ret; 1098 if (!list_named_insert(&ebt_matches, match)) { 1099 mutex_unlock(&ebt_mutex); 1100 return -EEXIST; 1101 } 1102 mutex_unlock(&ebt_mutex); 1103 1104 return 0; 1105} 1106 1107void ebt_unregister_match(struct ebt_match *match) 1108{ 1109 mutex_lock(&ebt_mutex); 1110 LIST_DELETE(&ebt_matches, match); 1111 mutex_unlock(&ebt_mutex); 1112} 1113 1114int ebt_register_watcher(struct ebt_watcher *watcher) 1115{ 1116 int ret; 1117 1118 ret = mutex_lock_interruptible(&ebt_mutex); 1119 if (ret != 0) 1120 return ret; 1121 if (!list_named_insert(&ebt_watchers, watcher)) { 1122 mutex_unlock(&ebt_mutex); 1123 return -EEXIST; 1124 } 1125 mutex_unlock(&ebt_mutex); 1126 1127 return 0; 1128} 1129 1130void ebt_unregister_watcher(struct ebt_watcher *watcher) 1131{ 1132 mutex_lock(&ebt_mutex); 1133 LIST_DELETE(&ebt_watchers, watcher); 1134 mutex_unlock(&ebt_mutex); 1135} 1136 1137int ebt_register_table(struct ebt_table *table) 1138{ 1139 struct ebt_table_info *newinfo; 1140 int ret, i, countersize; 1141 1142 if (!table || !table->table ||!table->table->entries || 1143 table->table->entries_size == 0 || 1144 table->table->counters || table->private) { 1145 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1146 return -EINVAL; 1147 } 1148 1149 countersize = COUNTER_OFFSET(table->table->nentries) * 1150 (highest_possible_processor_id()+1); 1151 newinfo = (struct ebt_table_info *) 1152 vmalloc(sizeof(struct ebt_table_info) + countersize); 1153 ret = -ENOMEM; 1154 if (!newinfo) 1155 return -ENOMEM; 1156 1157 newinfo->entries = vmalloc(table->table->entries_size); 1158 if (!(newinfo->entries)) 1159 goto free_newinfo; 1160 1161 memcpy(newinfo->entries, table->table->entries, 1162 table->table->entries_size); 1163 1164 if (countersize) 1165 memset(newinfo->counters, 0, countersize); 1166 1167 /* fill in newinfo and parse the entries */ 1168 newinfo->chainstack = NULL; 1169 ret = translate_table(table->table, newinfo); 1170 if (ret != 0) { 1171 BUGPRINT("Translate_table failed\n"); 1172 goto free_chainstack; 1173 } 1174 1175 if (table->check && table->check(newinfo, table->valid_hooks)) { 1176 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1177 return -EINVAL; 1178 } 1179 1180 table->private = newinfo; 1181 rwlock_init(&table->lock); 1182 ret = mutex_lock_interruptible(&ebt_mutex); 1183 if (ret != 0) 1184 goto free_chainstack; 1185 1186 if (list_named_find(&ebt_tables, table->name)) { 1187 ret = -EEXIST; 1188 BUGPRINT("Table name already exists\n"); 1189 goto free_unlock; 1190 } 1191 1192 /* Hold a reference count if the chains aren't empty */ 1193 if (newinfo->nentries && !try_module_get(table->me)) { 1194 ret = -ENOENT; 1195 goto free_unlock; 1196 } 1197 list_prepend(&ebt_tables, table); 1198 mutex_unlock(&ebt_mutex); 1199 return 0; 1200free_unlock: 1201 mutex_unlock(&ebt_mutex); 1202free_chainstack: 1203 if (newinfo->chainstack) { 1204 for_each_possible_cpu(i) 1205 vfree(newinfo->chainstack[i]); 1206 vfree(newinfo->chainstack); 1207 } 1208 vfree(newinfo->entries); 1209free_newinfo: 1210 vfree(newinfo); 1211 return ret; 1212} 1213 1214void ebt_unregister_table(struct ebt_table *table) 1215{ 1216 int i; 1217 1218 if (!table) { 1219 BUGPRINT("Request to unregister NULL table!!!\n"); 1220 return; 1221 } 1222 mutex_lock(&ebt_mutex); 1223 LIST_DELETE(&ebt_tables, table); 1224 mutex_unlock(&ebt_mutex); 1225 vfree(table->private->entries); 1226 if (table->private->chainstack) { 1227 for_each_possible_cpu(i) 1228 vfree(table->private->chainstack[i]); 1229 vfree(table->private->chainstack); 1230 } 1231 vfree(table->private); 1232} 1233 1234/* userspace just supplied us with counters */ 1235static int update_counters(void __user *user, unsigned int len) 1236{ 1237 int i, ret; 1238 struct ebt_counter *tmp; 1239 struct ebt_replace hlp; 1240 struct ebt_table *t; 1241 1242 if (copy_from_user(&hlp, user, sizeof(hlp))) 1243 return -EFAULT; 1244 1245 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1246 return -EINVAL; 1247 if (hlp.num_counters == 0) 1248 return -EINVAL; 1249 1250 if ( !(tmp = (struct ebt_counter *) 1251 vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){ 1252 MEMPRINT("Update_counters && nomemory\n"); 1253 return -ENOMEM; 1254 } 1255 1256 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1257 if (!t) 1258 goto free_tmp; 1259 1260 if (hlp.num_counters != t->private->nentries) { 1261 BUGPRINT("Wrong nr of counters\n"); 1262 ret = -EINVAL; 1263 goto unlock_mutex; 1264 } 1265 1266 if ( copy_from_user(tmp, hlp.counters, 1267 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1268 BUGPRINT("Updata_counters && !cfu\n"); 1269 ret = -EFAULT; 1270 goto unlock_mutex; 1271 } 1272 1273 /* we want an atomic add of the counters */ 1274 write_lock_bh(&t->lock); 1275 1276 /* we add to the counters of the first cpu */ 1277 for (i = 0; i < hlp.num_counters; i++) { 1278 t->private->counters[i].pcnt += tmp[i].pcnt; 1279 t->private->counters[i].bcnt += tmp[i].bcnt; 1280 } 1281 1282 write_unlock_bh(&t->lock); 1283 ret = 0; 1284unlock_mutex: 1285 mutex_unlock(&ebt_mutex); 1286free_tmp: 1287 vfree(tmp); 1288 return ret; 1289} 1290 1291static inline int ebt_make_matchname(struct ebt_entry_match *m, 1292 char *base, char *ubase) 1293{ 1294 char *hlp = ubase - base + (char *)m; 1295 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1296 return -EFAULT; 1297 return 0; 1298} 1299 1300static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1301 char *base, char *ubase) 1302{ 1303 char *hlp = ubase - base + (char *)w; 1304 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1305 return -EFAULT; 1306 return 0; 1307} 1308 1309static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) 1310{ 1311 int ret; 1312 char *hlp; 1313 struct ebt_entry_target *t; 1314 1315 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) 1316 return 0; 1317 1318 hlp = ubase - base + (char *)e + e->target_offset; 1319 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1320 1321 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1322 if (ret != 0) 1323 return ret; 1324 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1325 if (ret != 0) 1326 return ret; 1327 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1328 return -EFAULT; 1329 return 0; 1330} 1331 1332/* called with ebt_mutex locked */ 1333static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1334 int *len, int cmd) 1335{ 1336 struct ebt_replace tmp; 1337 struct ebt_counter *counterstmp, *oldcounters; 1338 unsigned int entries_size, nentries; 1339 char *entries; 1340 1341 if (cmd == EBT_SO_GET_ENTRIES) { 1342 entries_size = t->private->entries_size; 1343 nentries = t->private->nentries; 1344 entries = t->private->entries; 1345 oldcounters = t->private->counters; 1346 } else { 1347 entries_size = t->table->entries_size; 1348 nentries = t->table->nentries; 1349 entries = t->table->entries; 1350 oldcounters = t->table->counters; 1351 } 1352 1353 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1354 BUGPRINT("Cfu didn't work\n"); 1355 return -EFAULT; 1356 } 1357 1358 if (*len != sizeof(struct ebt_replace) + entries_size + 1359 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1360 BUGPRINT("Wrong size\n"); 1361 return -EINVAL; 1362 } 1363 1364 if (tmp.nentries != nentries) { 1365 BUGPRINT("Nentries wrong\n"); 1366 return -EINVAL; 1367 } 1368 1369 if (tmp.entries_size != entries_size) { 1370 BUGPRINT("Wrong size\n"); 1371 return -EINVAL; 1372 } 1373 1374 /* userspace might not need the counters */ 1375 if (tmp.num_counters) { 1376 if (tmp.num_counters != nentries) { 1377 BUGPRINT("Num_counters wrong\n"); 1378 return -EINVAL; 1379 } 1380 counterstmp = (struct ebt_counter *) 1381 vmalloc(nentries * sizeof(struct ebt_counter)); 1382 if (!counterstmp) { 1383 MEMPRINT("Couldn't copy counters, out of memory\n"); 1384 return -ENOMEM; 1385 } 1386 write_lock_bh(&t->lock); 1387 get_counters(oldcounters, counterstmp, nentries); 1388 write_unlock_bh(&t->lock); 1389 1390 if (copy_to_user(tmp.counters, counterstmp, 1391 nentries * sizeof(struct ebt_counter))) { 1392 BUGPRINT("Couldn't copy counters to userspace\n"); 1393 vfree(counterstmp); 1394 return -EFAULT; 1395 } 1396 vfree(counterstmp); 1397 } 1398 1399 if (copy_to_user(tmp.entries, entries, entries_size)) { 1400 BUGPRINT("Couldn't copy entries to userspace\n"); 1401 return -EFAULT; 1402 } 1403 /* set the match/watcher/target names right */ 1404 return EBT_ENTRY_ITERATE(entries, entries_size, 1405 ebt_make_names, entries, tmp.entries); 1406} 1407 1408static int do_ebt_set_ctl(struct sock *sk, 1409 int cmd, void __user *user, unsigned int len) 1410{ 1411 int ret; 1412 1413 switch(cmd) { 1414 case EBT_SO_SET_ENTRIES: 1415 ret = do_replace(user, len); 1416 break; 1417 case EBT_SO_SET_COUNTERS: 1418 ret = update_counters(user, len); 1419 break; 1420 default: 1421 ret = -EINVAL; 1422 } 1423 return ret; 1424} 1425 1426static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1427{ 1428 int ret; 1429 struct ebt_replace tmp; 1430 struct ebt_table *t; 1431 1432 if (copy_from_user(&tmp, user, sizeof(tmp))) 1433 return -EFAULT; 1434 1435 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1436 if (!t) 1437 return ret; 1438 1439 switch(cmd) { 1440 case EBT_SO_GET_INFO: 1441 case EBT_SO_GET_INIT_INFO: 1442 if (*len != sizeof(struct ebt_replace)){ 1443 ret = -EINVAL; 1444 mutex_unlock(&ebt_mutex); 1445 break; 1446 } 1447 if (cmd == EBT_SO_GET_INFO) { 1448 tmp.nentries = t->private->nentries; 1449 tmp.entries_size = t->private->entries_size; 1450 tmp.valid_hooks = t->valid_hooks; 1451 } else { 1452 tmp.nentries = t->table->nentries; 1453 tmp.entries_size = t->table->entries_size; 1454 tmp.valid_hooks = t->table->valid_hooks; 1455 } 1456 mutex_unlock(&ebt_mutex); 1457 if (copy_to_user(user, &tmp, *len) != 0){ 1458 BUGPRINT("c2u Didn't work\n"); 1459 ret = -EFAULT; 1460 break; 1461 } 1462 ret = 0; 1463 break; 1464 1465 case EBT_SO_GET_ENTRIES: 1466 case EBT_SO_GET_INIT_ENTRIES: 1467 ret = copy_everything_to_user(t, user, len, cmd); 1468 mutex_unlock(&ebt_mutex); 1469 break; 1470 1471 default: 1472 mutex_unlock(&ebt_mutex); 1473 ret = -EINVAL; 1474 } 1475 1476 return ret; 1477} 1478 1479static struct nf_sockopt_ops ebt_sockopts = 1480{ 1481 .pf = PF_INET, 1482 .set_optmin = EBT_BASE_CTL, 1483 .set_optmax = EBT_SO_SET_MAX + 1, 1484 .set = do_ebt_set_ctl, 1485 .get_optmin = EBT_BASE_CTL, 1486 .get_optmax = EBT_SO_GET_MAX + 1, 1487 .get = do_ebt_get_ctl, 1488}; 1489 1490static int __init ebtables_init(void) 1491{ 1492 int ret; 1493 1494 mutex_lock(&ebt_mutex); 1495 list_named_insert(&ebt_targets, &ebt_standard_target); 1496 mutex_unlock(&ebt_mutex); 1497 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) 1498 return ret; 1499 1500 printk(KERN_NOTICE "Ebtables v2.0 registered\n"); 1501 return 0; 1502} 1503 1504static void __exit ebtables_fini(void) 1505{ 1506 nf_unregister_sockopt(&ebt_sockopts); 1507 printk(KERN_NOTICE "Ebtables v2.0 unregistered\n"); 1508} 1509 1510EXPORT_SYMBOL(ebt_register_table); 1511EXPORT_SYMBOL(ebt_unregister_table); 1512EXPORT_SYMBOL(ebt_register_match); 1513EXPORT_SYMBOL(ebt_unregister_match); 1514EXPORT_SYMBOL(ebt_register_watcher); 1515EXPORT_SYMBOL(ebt_unregister_watcher); 1516EXPORT_SYMBOL(ebt_register_target); 1517EXPORT_SYMBOL(ebt_unregister_target); 1518EXPORT_SYMBOL(ebt_do_table); 1519module_init(ebtables_init); 1520module_exit(ebtables_fini); 1521MODULE_LICENSE("GPL"); 1522