ebtables.c revision 7eb3558655aaa87a3e71a0c065dfaddda521fa6d
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 19#include <linux/kmod.h> 20#include <linux/module.h> 21#include <linux/vmalloc.h> 22#include <linux/netfilter/x_tables.h> 23#include <linux/netfilter_bridge/ebtables.h> 24#include <linux/spinlock.h> 25#include <linux/mutex.h> 26#include <asm/uaccess.h> 27#include <linux/smp.h> 28#include <linux/cpumask.h> 29#include <net/sock.h> 30/* needed for logical [in,out]-dev filtering */ 31#include "../br_private.h" 32 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 34 "report to author: "format, ## args) 35/* #define BUGPRINT(format, args...) */ 36#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 37 ": out of memory: "format, ## args) 38/* #define MEMPRINT(format, args...) */ 39 40 41 42/* 43 * Each cpu has its own set of counters, so there is no need for write_lock in 44 * the softirq 45 * For reading or updating the counters, the user context needs to 46 * get a write_lock 47 */ 48 49/* The size of each set of counters is altered to get cache alignment */ 50#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 51#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 52#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 53 COUNTER_OFFSET(n) * cpu)) 54 55 56 57static DEFINE_MUTEX(ebt_mutex); 58static LIST_HEAD(ebt_tables); 59 60static struct xt_target ebt_standard_target = { 61 .name = "standard", 62 .revision = 0, 63 .family = NFPROTO_BRIDGE, 64 .targetsize = sizeof(int), 65}; 66 67static inline int 68ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, 69 struct xt_target_param *par) 70{ 71 par->target = w->u.watcher; 72 par->targinfo = w->data; 73 w->u.watcher->target(skb, par); 74 /* watchers don't give a verdict */ 75 return 0; 76} 77 78static inline int ebt_do_match (struct ebt_entry_match *m, 79 const struct sk_buff *skb, struct xt_match_param *par) 80{ 81 par->match = m->u.match; 82 par->matchinfo = m->data; 83 return m->u.match->match(skb, par); 84} 85 86static inline int ebt_dev_check(char *entry, const struct net_device *device) 87{ 88 int i = 0; 89 const char *devname = device->name; 90 91 if (*entry == '\0') 92 return 0; 93 if (!device) 94 return 1; 95 /* 1 is the wildcard token */ 96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 97 i++; 98 return (devname[i] != entry[i] && entry[i] != 1); 99} 100 101#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 102/* process standard matches */ 103static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 104 const struct net_device *in, const struct net_device *out) 105{ 106 int verdict, i; 107 108 if (e->bitmask & EBT_802_3) { 109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 110 return 1; 111 } else if (!(e->bitmask & EBT_NOPROTO) && 112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 113 return 1; 114 115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 116 return 1; 117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 118 return 1; 119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 121 return 1; 122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 124 return 1; 125 126 if (e->bitmask & EBT_SOURCEMAC) { 127 verdict = 0; 128 for (i = 0; i < 6; i++) 129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 130 e->sourcemsk[i]; 131 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 132 return 1; 133 } 134 if (e->bitmask & EBT_DESTMAC) { 135 verdict = 0; 136 for (i = 0; i < 6; i++) 137 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 138 e->destmsk[i]; 139 if (FWINV2(verdict != 0, EBT_IDEST) ) 140 return 1; 141 } 142 return 0; 143} 144 145/* Do some firewalling */ 146unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, 147 const struct net_device *in, const struct net_device *out, 148 struct ebt_table *table) 149{ 150 int i, nentries; 151 struct ebt_entry *point; 152 struct ebt_counter *counter_base, *cb_base; 153 struct ebt_entry_target *t; 154 int verdict, sp = 0; 155 struct ebt_chainstack *cs; 156 struct ebt_entries *chaininfo; 157 char *base; 158 struct ebt_table_info *private; 159 bool hotdrop = false; 160 struct xt_match_param mtpar; 161 struct xt_target_param tgpar; 162 163 mtpar.in = tgpar.in = in; 164 mtpar.out = tgpar.out = out; 165 mtpar.hotdrop = &hotdrop; 166 tgpar.hooknum = hook; 167 168 read_lock_bh(&table->lock); 169 private = table->private; 170 cb_base = COUNTER_BASE(private->counters, private->nentries, 171 smp_processor_id()); 172 if (private->chainstack) 173 cs = private->chainstack[smp_processor_id()]; 174 else 175 cs = NULL; 176 chaininfo = private->hook_entry[hook]; 177 nentries = private->hook_entry[hook]->nentries; 178 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 179 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 180 /* base for chain jumps */ 181 base = private->entries; 182 i = 0; 183 while (i < nentries) { 184 if (ebt_basic_match(point, eth_hdr(skb), in, out)) 185 goto letscontinue; 186 187 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0) 188 goto letscontinue; 189 if (hotdrop) { 190 read_unlock_bh(&table->lock); 191 return NF_DROP; 192 } 193 194 /* increase counter */ 195 (*(counter_base + i)).pcnt++; 196 (*(counter_base + i)).bcnt += skb->len; 197 198 /* these should only watch: not modify, nor tell us 199 what to do with the packet */ 200 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar); 201 202 t = (struct ebt_entry_target *) 203 (((char *)point) + point->target_offset); 204 /* standard target */ 205 if (!t->u.target->target) 206 verdict = ((struct ebt_standard_target *)t)->verdict; 207 else { 208 tgpar.target = t->u.target; 209 tgpar.targinfo = t->data; 210 verdict = t->u.target->target(skb, &tgpar); 211 } 212 if (verdict == EBT_ACCEPT) { 213 read_unlock_bh(&table->lock); 214 return NF_ACCEPT; 215 } 216 if (verdict == EBT_DROP) { 217 read_unlock_bh(&table->lock); 218 return NF_DROP; 219 } 220 if (verdict == EBT_RETURN) { 221letsreturn: 222#ifdef CONFIG_NETFILTER_DEBUG 223 if (sp == 0) { 224 BUGPRINT("RETURN on base chain"); 225 /* act like this is EBT_CONTINUE */ 226 goto letscontinue; 227 } 228#endif 229 sp--; 230 /* put all the local variables right */ 231 i = cs[sp].n; 232 chaininfo = cs[sp].chaininfo; 233 nentries = chaininfo->nentries; 234 point = cs[sp].e; 235 counter_base = cb_base + 236 chaininfo->counter_offset; 237 continue; 238 } 239 if (verdict == EBT_CONTINUE) 240 goto letscontinue; 241#ifdef CONFIG_NETFILTER_DEBUG 242 if (verdict < 0) { 243 BUGPRINT("bogus standard verdict\n"); 244 read_unlock_bh(&table->lock); 245 return NF_DROP; 246 } 247#endif 248 /* jump to a udc */ 249 cs[sp].n = i + 1; 250 cs[sp].chaininfo = chaininfo; 251 cs[sp].e = (struct ebt_entry *) 252 (((char *)point) + point->next_offset); 253 i = 0; 254 chaininfo = (struct ebt_entries *) (base + verdict); 255#ifdef CONFIG_NETFILTER_DEBUG 256 if (chaininfo->distinguisher) { 257 BUGPRINT("jump to non-chain\n"); 258 read_unlock_bh(&table->lock); 259 return NF_DROP; 260 } 261#endif 262 nentries = chaininfo->nentries; 263 point = (struct ebt_entry *)chaininfo->data; 264 counter_base = cb_base + chaininfo->counter_offset; 265 sp++; 266 continue; 267letscontinue: 268 point = (struct ebt_entry *) 269 (((char *)point) + point->next_offset); 270 i++; 271 } 272 273 /* I actually like this :) */ 274 if (chaininfo->policy == EBT_RETURN) 275 goto letsreturn; 276 if (chaininfo->policy == EBT_ACCEPT) { 277 read_unlock_bh(&table->lock); 278 return NF_ACCEPT; 279 } 280 read_unlock_bh(&table->lock); 281 return NF_DROP; 282} 283 284/* If it succeeds, returns element and locks mutex */ 285static inline void * 286find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 287 struct mutex *mutex) 288{ 289 struct { 290 struct list_head list; 291 char name[EBT_FUNCTION_MAXNAMELEN]; 292 } *e; 293 294 *error = mutex_lock_interruptible(mutex); 295 if (*error != 0) 296 return NULL; 297 298 list_for_each_entry(e, head, list) { 299 if (strcmp(e->name, name) == 0) 300 return e; 301 } 302 *error = -ENOENT; 303 mutex_unlock(mutex); 304 return NULL; 305} 306 307#ifndef CONFIG_KMOD 308#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) 309#else 310static void * 311find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 312 int *error, struct mutex *mutex) 313{ 314 void *ret; 315 316 ret = find_inlist_lock_noload(head, name, error, mutex); 317 if (!ret) { 318 request_module("%s%s", prefix, name); 319 ret = find_inlist_lock_noload(head, name, error, mutex); 320 } 321 return ret; 322} 323#endif 324 325static inline struct ebt_table * 326find_table_lock(const char *name, int *error, struct mutex *mutex) 327{ 328 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 329} 330 331static inline int 332ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par, 333 unsigned int *cnt) 334{ 335 const struct ebt_entry *e = par->entryinfo; 336 struct xt_match *match; 337 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 338 int ret; 339 340 if (left < sizeof(struct ebt_entry_match) || 341 left - sizeof(struct ebt_entry_match) < m->match_size) 342 return -EINVAL; 343 344 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, 345 m->u.name, 0), "ebt_%s", m->u.name); 346 if (IS_ERR(match)) 347 return PTR_ERR(match); 348 if (match == NULL) 349 return -ENOENT; 350 m->u.match = match; 351 352 par->match = match; 353 par->matchinfo = m->data; 354 ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size, 355 e->ethproto, e->invflags & EBT_IPROTO); 356 if (ret < 0) { 357 module_put(match->me); 358 return ret; 359 } 360 361 (*cnt)++; 362 return 0; 363} 364 365static inline int 366ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 367 const char *name, unsigned int hookmask, unsigned int *cnt) 368{ 369 struct xt_target *watcher; 370 size_t left = ((char *)e + e->target_offset) - (char *)w; 371 int ret; 372 373 if (left < sizeof(struct ebt_entry_watcher) || 374 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 375 return -EINVAL; 376 377 watcher = try_then_request_module( 378 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0), 379 "ebt_%s", w->u.name); 380 if (IS_ERR(watcher)) 381 return PTR_ERR(watcher); 382 if (watcher == NULL) 383 return -ENOENT; 384 w->u.watcher = watcher; 385 386 ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size, 387 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, 388 e, w->data); 389 if (ret < 0) { 390 module_put(watcher->me); 391 return ret; 392 } 393 394 (*cnt)++; 395 return 0; 396} 397 398static int ebt_verify_pointers(struct ebt_replace *repl, 399 struct ebt_table_info *newinfo) 400{ 401 unsigned int limit = repl->entries_size; 402 unsigned int valid_hooks = repl->valid_hooks; 403 unsigned int offset = 0; 404 int i; 405 406 for (i = 0; i < NF_BR_NUMHOOKS; i++) 407 newinfo->hook_entry[i] = NULL; 408 409 newinfo->entries_size = repl->entries_size; 410 newinfo->nentries = repl->nentries; 411 412 while (offset < limit) { 413 size_t left = limit - offset; 414 struct ebt_entry *e = (void *)newinfo->entries + offset; 415 416 if (left < sizeof(unsigned int)) 417 break; 418 419 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 420 if ((valid_hooks & (1 << i)) == 0) 421 continue; 422 if ((char __user *)repl->hook_entry[i] == 423 repl->entries + offset) 424 break; 425 } 426 427 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 428 if (e->bitmask != 0) { 429 /* we make userspace set this right, 430 so there is no misunderstanding */ 431 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 432 "in distinguisher\n"); 433 return -EINVAL; 434 } 435 if (i != NF_BR_NUMHOOKS) 436 newinfo->hook_entry[i] = (struct ebt_entries *)e; 437 if (left < sizeof(struct ebt_entries)) 438 break; 439 offset += sizeof(struct ebt_entries); 440 } else { 441 if (left < sizeof(struct ebt_entry)) 442 break; 443 if (left < e->next_offset) 444 break; 445 offset += e->next_offset; 446 } 447 } 448 if (offset != limit) { 449 BUGPRINT("entries_size too small\n"); 450 return -EINVAL; 451 } 452 453 /* check if all valid hooks have a chain */ 454 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 455 if (!newinfo->hook_entry[i] && 456 (valid_hooks & (1 << i))) { 457 BUGPRINT("Valid hook without chain\n"); 458 return -EINVAL; 459 } 460 } 461 return 0; 462} 463 464/* 465 * this one is very careful, as it is the first function 466 * to parse the userspace data 467 */ 468static inline int 469ebt_check_entry_size_and_hooks(struct ebt_entry *e, 470 struct ebt_table_info *newinfo, 471 unsigned int *n, unsigned int *cnt, 472 unsigned int *totalcnt, unsigned int *udc_cnt) 473{ 474 int i; 475 476 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 477 if ((void *)e == (void *)newinfo->hook_entry[i]) 478 break; 479 } 480 /* beginning of a new chain 481 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 482 if (i != NF_BR_NUMHOOKS || !e->bitmask) { 483 /* this checks if the previous chain has as many entries 484 as it said it has */ 485 if (*n != *cnt) { 486 BUGPRINT("nentries does not equal the nr of entries " 487 "in the chain\n"); 488 return -EINVAL; 489 } 490 if (((struct ebt_entries *)e)->policy != EBT_DROP && 491 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 492 /* only RETURN from udc */ 493 if (i != NF_BR_NUMHOOKS || 494 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 495 BUGPRINT("bad policy\n"); 496 return -EINVAL; 497 } 498 } 499 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 500 (*udc_cnt)++; 501 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 502 BUGPRINT("counter_offset != totalcnt"); 503 return -EINVAL; 504 } 505 *n = ((struct ebt_entries *)e)->nentries; 506 *cnt = 0; 507 return 0; 508 } 509 /* a plain old entry, heh */ 510 if (sizeof(struct ebt_entry) > e->watchers_offset || 511 e->watchers_offset > e->target_offset || 512 e->target_offset >= e->next_offset) { 513 BUGPRINT("entry offsets not in right order\n"); 514 return -EINVAL; 515 } 516 /* this is not checked anywhere else */ 517 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 518 BUGPRINT("target size too small\n"); 519 return -EINVAL; 520 } 521 (*cnt)++; 522 (*totalcnt)++; 523 return 0; 524} 525 526struct ebt_cl_stack 527{ 528 struct ebt_chainstack cs; 529 int from; 530 unsigned int hookmask; 531}; 532 533/* 534 * we need these positions to check that the jumps to a different part of the 535 * entries is a jump to the beginning of a new chain. 536 */ 537static inline int 538ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 539 unsigned int *n, struct ebt_cl_stack *udc) 540{ 541 int i; 542 543 /* we're only interested in chain starts */ 544 if (e->bitmask) 545 return 0; 546 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 547 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 548 break; 549 } 550 /* only care about udc */ 551 if (i != NF_BR_NUMHOOKS) 552 return 0; 553 554 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 555 /* these initialisations are depended on later in check_chainloops() */ 556 udc[*n].cs.n = 0; 557 udc[*n].hookmask = 0; 558 559 (*n)++; 560 return 0; 561} 562 563static inline int 564ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 565{ 566 struct xt_mtdtor_param par; 567 568 if (i && (*i)-- == 0) 569 return 1; 570 571 par.match = m->u.match; 572 par.matchinfo = m->data; 573 if (par.match->destroy != NULL) 574 par.match->destroy(&par); 575 module_put(par.match->me); 576 return 0; 577} 578 579static inline int 580ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 581{ 582 if (i && (*i)-- == 0) 583 return 1; 584 if (w->u.watcher->destroy) 585 w->u.watcher->destroy(w->u.watcher, w->data); 586 module_put(w->u.watcher->me); 587 588 return 0; 589} 590 591static inline int 592ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 593{ 594 struct ebt_entry_target *t; 595 596 if (e->bitmask == 0) 597 return 0; 598 /* we're done */ 599 if (cnt && (*cnt)-- == 0) 600 return 1; 601 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 602 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 603 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 604 if (t->u.target->destroy) 605 t->u.target->destroy(t->u.target, t->data); 606 module_put(t->u.target->me); 607 608 return 0; 609} 610 611static inline int 612ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 613 const char *name, unsigned int *cnt, 614 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 615{ 616 struct ebt_entry_target *t; 617 struct xt_target *target; 618 unsigned int i, j, hook = 0, hookmask = 0; 619 size_t gap; 620 int ret; 621 struct xt_mtchk_param mtpar; 622 623 /* don't mess with the struct ebt_entries */ 624 if (e->bitmask == 0) 625 return 0; 626 627 if (e->bitmask & ~EBT_F_MASK) { 628 BUGPRINT("Unknown flag for bitmask\n"); 629 return -EINVAL; 630 } 631 if (e->invflags & ~EBT_INV_MASK) { 632 BUGPRINT("Unknown flag for inv bitmask\n"); 633 return -EINVAL; 634 } 635 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 636 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 637 return -EINVAL; 638 } 639 /* what hook do we belong to? */ 640 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 641 if (!newinfo->hook_entry[i]) 642 continue; 643 if ((char *)newinfo->hook_entry[i] < (char *)e) 644 hook = i; 645 else 646 break; 647 } 648 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 649 a base chain */ 650 if (i < NF_BR_NUMHOOKS) 651 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 652 else { 653 for (i = 0; i < udc_cnt; i++) 654 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 655 break; 656 if (i == 0) 657 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 658 else 659 hookmask = cl_s[i - 1].hookmask; 660 } 661 i = 0; 662 663 mtpar.table = name; 664 mtpar.entryinfo = e; 665 mtpar.hook_mask = hookmask; 666 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i); 667 if (ret != 0) 668 goto cleanup_matches; 669 j = 0; 670 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); 671 if (ret != 0) 672 goto cleanup_watchers; 673 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 674 gap = e->next_offset - e->target_offset; 675 676 target = try_then_request_module( 677 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0), 678 "ebt_%s", t->u.name); 679 if (IS_ERR(target)) { 680 ret = PTR_ERR(target); 681 goto cleanup_watchers; 682 } else if (target == NULL) { 683 ret = -ENOENT; 684 goto cleanup_watchers; 685 } 686 687 t->u.target = target; 688 if (t->u.target == &ebt_standard_target) { 689 if (gap < sizeof(struct ebt_standard_target)) { 690 BUGPRINT("Standard target size too big\n"); 691 ret = -EFAULT; 692 goto cleanup_watchers; 693 } 694 if (((struct ebt_standard_target *)t)->verdict < 695 -NUM_STANDARD_TARGETS) { 696 BUGPRINT("Invalid standard target\n"); 697 ret = -EFAULT; 698 goto cleanup_watchers; 699 } 700 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) { 701 module_put(t->u.target->me); 702 ret = -EFAULT; 703 goto cleanup_watchers; 704 } 705 706 ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size, 707 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, 708 e, t->data); 709 if (ret < 0) { 710 module_put(target->me); 711 goto cleanup_watchers; 712 } 713 (*cnt)++; 714 return 0; 715cleanup_watchers: 716 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 717cleanup_matches: 718 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 719 return ret; 720} 721 722/* 723 * checks for loops and sets the hook mask for udc 724 * the hook mask for udc tells us from which base chains the udc can be 725 * accessed. This mask is a parameter to the check() functions of the extensions 726 */ 727static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 728 unsigned int udc_cnt, unsigned int hooknr, char *base) 729{ 730 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 731 struct ebt_entry *e = (struct ebt_entry *)chain->data; 732 struct ebt_entry_target *t; 733 734 while (pos < nentries || chain_nr != -1) { 735 /* end of udc, go back one 'recursion' step */ 736 if (pos == nentries) { 737 /* put back values of the time when this chain was called */ 738 e = cl_s[chain_nr].cs.e; 739 if (cl_s[chain_nr].from != -1) 740 nentries = 741 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 742 else 743 nentries = chain->nentries; 744 pos = cl_s[chain_nr].cs.n; 745 /* make sure we won't see a loop that isn't one */ 746 cl_s[chain_nr].cs.n = 0; 747 chain_nr = cl_s[chain_nr].from; 748 if (pos == nentries) 749 continue; 750 } 751 t = (struct ebt_entry_target *) 752 (((char *)e) + e->target_offset); 753 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 754 goto letscontinue; 755 if (e->target_offset + sizeof(struct ebt_standard_target) > 756 e->next_offset) { 757 BUGPRINT("Standard target size too big\n"); 758 return -1; 759 } 760 verdict = ((struct ebt_standard_target *)t)->verdict; 761 if (verdict >= 0) { /* jump to another chain */ 762 struct ebt_entries *hlp2 = 763 (struct ebt_entries *)(base + verdict); 764 for (i = 0; i < udc_cnt; i++) 765 if (hlp2 == cl_s[i].cs.chaininfo) 766 break; 767 /* bad destination or loop */ 768 if (i == udc_cnt) { 769 BUGPRINT("bad destination\n"); 770 return -1; 771 } 772 if (cl_s[i].cs.n) { 773 BUGPRINT("loop\n"); 774 return -1; 775 } 776 if (cl_s[i].hookmask & (1 << hooknr)) 777 goto letscontinue; 778 /* this can't be 0, so the loop test is correct */ 779 cl_s[i].cs.n = pos + 1; 780 pos = 0; 781 cl_s[i].cs.e = ((void *)e + e->next_offset); 782 e = (struct ebt_entry *)(hlp2->data); 783 nentries = hlp2->nentries; 784 cl_s[i].from = chain_nr; 785 chain_nr = i; 786 /* this udc is accessible from the base chain for hooknr */ 787 cl_s[i].hookmask |= (1 << hooknr); 788 continue; 789 } 790letscontinue: 791 e = (void *)e + e->next_offset; 792 pos++; 793 } 794 return 0; 795} 796 797/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 798static int translate_table(char *name, struct ebt_table_info *newinfo) 799{ 800 unsigned int i, j, k, udc_cnt; 801 int ret; 802 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 803 804 i = 0; 805 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) 806 i++; 807 if (i == NF_BR_NUMHOOKS) { 808 BUGPRINT("No valid hooks specified\n"); 809 return -EINVAL; 810 } 811 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { 812 BUGPRINT("Chains don't start at beginning\n"); 813 return -EINVAL; 814 } 815 /* make sure chains are ordered after each other in same order 816 as their corresponding hooks */ 817 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 818 if (!newinfo->hook_entry[j]) 819 continue; 820 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { 821 BUGPRINT("Hook order must be followed\n"); 822 return -EINVAL; 823 } 824 i = j; 825 } 826 827 /* do some early checkings and initialize some things */ 828 i = 0; /* holds the expected nr. of entries for the chain */ 829 j = 0; /* holds the up to now counted entries for the chain */ 830 k = 0; /* holds the total nr. of entries, should equal 831 newinfo->nentries afterwards */ 832 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 833 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 834 ebt_check_entry_size_and_hooks, newinfo, 835 &i, &j, &k, &udc_cnt); 836 837 if (ret != 0) 838 return ret; 839 840 if (i != j) { 841 BUGPRINT("nentries does not equal the nr of entries in the " 842 "(last) chain\n"); 843 return -EINVAL; 844 } 845 if (k != newinfo->nentries) { 846 BUGPRINT("Total nentries is wrong\n"); 847 return -EINVAL; 848 } 849 850 /* get the location of the udc, put them in an array 851 while we're at it, allocate the chainstack */ 852 if (udc_cnt) { 853 /* this will get free'd in do_replace()/ebt_register_table() 854 if an error occurs */ 855 newinfo->chainstack = 856 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack))); 857 if (!newinfo->chainstack) 858 return -ENOMEM; 859 for_each_possible_cpu(i) { 860 newinfo->chainstack[i] = 861 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); 862 if (!newinfo->chainstack[i]) { 863 while (i) 864 vfree(newinfo->chainstack[--i]); 865 vfree(newinfo->chainstack); 866 newinfo->chainstack = NULL; 867 return -ENOMEM; 868 } 869 } 870 871 cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); 872 if (!cl_s) 873 return -ENOMEM; 874 i = 0; /* the i'th udc */ 875 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 876 ebt_get_udc_positions, newinfo, &i, cl_s); 877 /* sanity check */ 878 if (i != udc_cnt) { 879 BUGPRINT("i != udc_cnt\n"); 880 vfree(cl_s); 881 return -EFAULT; 882 } 883 } 884 885 /* Check for loops */ 886 for (i = 0; i < NF_BR_NUMHOOKS; i++) 887 if (newinfo->hook_entry[i]) 888 if (check_chainloops(newinfo->hook_entry[i], 889 cl_s, udc_cnt, i, newinfo->entries)) { 890 vfree(cl_s); 891 return -EINVAL; 892 } 893 894 /* we now know the following (along with E=mc²): 895 - the nr of entries in each chain is right 896 - the size of the allocated space is right 897 - all valid hooks have a corresponding chain 898 - there are no loops 899 - wrong data can still be on the level of a single entry 900 - could be there are jumps to places that are not the 901 beginning of a chain. This can only occur in chains that 902 are not accessible from any base chains, so we don't care. */ 903 904 /* used to know what we need to clean up if something goes wrong */ 905 i = 0; 906 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 907 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt); 908 if (ret != 0) { 909 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 910 ebt_cleanup_entry, &i); 911 } 912 vfree(cl_s); 913 return ret; 914} 915 916/* called under write_lock */ 917static void get_counters(struct ebt_counter *oldcounters, 918 struct ebt_counter *counters, unsigned int nentries) 919{ 920 int i, cpu; 921 struct ebt_counter *counter_base; 922 923 /* counters of cpu 0 */ 924 memcpy(counters, oldcounters, 925 sizeof(struct ebt_counter) * nentries); 926 927 /* add other counters to those of cpu 0 */ 928 for_each_possible_cpu(cpu) { 929 if (cpu == 0) 930 continue; 931 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 932 for (i = 0; i < nentries; i++) { 933 counters[i].pcnt += counter_base[i].pcnt; 934 counters[i].bcnt += counter_base[i].bcnt; 935 } 936 } 937} 938 939/* replace the table */ 940static int do_replace(void __user *user, unsigned int len) 941{ 942 int ret, i, countersize; 943 struct ebt_table_info *newinfo; 944 struct ebt_replace tmp; 945 struct ebt_table *t; 946 struct ebt_counter *counterstmp = NULL; 947 /* used to be able to unlock earlier */ 948 struct ebt_table_info *table; 949 950 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 951 return -EFAULT; 952 953 if (len != sizeof(tmp) + tmp.entries_size) { 954 BUGPRINT("Wrong len argument\n"); 955 return -EINVAL; 956 } 957 958 if (tmp.entries_size == 0) { 959 BUGPRINT("Entries_size never zero\n"); 960 return -EINVAL; 961 } 962 /* overflow check */ 963 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - 964 SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 965 return -ENOMEM; 966 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 967 return -ENOMEM; 968 969 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; 970 newinfo = vmalloc(sizeof(*newinfo) + countersize); 971 if (!newinfo) 972 return -ENOMEM; 973 974 if (countersize) 975 memset(newinfo->counters, 0, countersize); 976 977 newinfo->entries = vmalloc(tmp.entries_size); 978 if (!newinfo->entries) { 979 ret = -ENOMEM; 980 goto free_newinfo; 981 } 982 if (copy_from_user( 983 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 984 BUGPRINT("Couldn't copy entries from userspace\n"); 985 ret = -EFAULT; 986 goto free_entries; 987 } 988 989 /* the user wants counters back 990 the check on the size is done later, when we have the lock */ 991 if (tmp.num_counters) { 992 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp)); 993 if (!counterstmp) { 994 ret = -ENOMEM; 995 goto free_entries; 996 } 997 } 998 else 999 counterstmp = NULL; 1000 1001 /* this can get initialized by translate_table() */ 1002 newinfo->chainstack = NULL; 1003 ret = ebt_verify_pointers(&tmp, newinfo); 1004 if (ret != 0) 1005 goto free_counterstmp; 1006 1007 ret = translate_table(tmp.name, newinfo); 1008 1009 if (ret != 0) 1010 goto free_counterstmp; 1011 1012 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1013 if (!t) { 1014 ret = -ENOENT; 1015 goto free_iterate; 1016 } 1017 1018 /* the table doesn't like it */ 1019 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 1020 goto free_unlock; 1021 1022 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 1023 BUGPRINT("Wrong nr. of counters requested\n"); 1024 ret = -EINVAL; 1025 goto free_unlock; 1026 } 1027 1028 /* we have the mutex lock, so no danger in reading this pointer */ 1029 table = t->private; 1030 /* make sure the table can only be rmmod'ed if it contains no rules */ 1031 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 1032 ret = -ENOENT; 1033 goto free_unlock; 1034 } else if (table->nentries && !newinfo->nentries) 1035 module_put(t->me); 1036 /* we need an atomic snapshot of the counters */ 1037 write_lock_bh(&t->lock); 1038 if (tmp.num_counters) 1039 get_counters(t->private->counters, counterstmp, 1040 t->private->nentries); 1041 1042 t->private = newinfo; 1043 write_unlock_bh(&t->lock); 1044 mutex_unlock(&ebt_mutex); 1045 /* so, a user can change the chains while having messed up her counter 1046 allocation. Only reason why this is done is because this way the lock 1047 is held only once, while this doesn't bring the kernel into a 1048 dangerous state. */ 1049 if (tmp.num_counters && 1050 copy_to_user(tmp.counters, counterstmp, 1051 tmp.num_counters * sizeof(struct ebt_counter))) { 1052 BUGPRINT("Couldn't copy counters to userspace\n"); 1053 ret = -EFAULT; 1054 } 1055 else 1056 ret = 0; 1057 1058 /* decrease module count and free resources */ 1059 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1060 ebt_cleanup_entry, NULL); 1061 1062 vfree(table->entries); 1063 if (table->chainstack) { 1064 for_each_possible_cpu(i) 1065 vfree(table->chainstack[i]); 1066 vfree(table->chainstack); 1067 } 1068 vfree(table); 1069 1070 vfree(counterstmp); 1071 return ret; 1072 1073free_unlock: 1074 mutex_unlock(&ebt_mutex); 1075free_iterate: 1076 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1077 ebt_cleanup_entry, NULL); 1078free_counterstmp: 1079 vfree(counterstmp); 1080 /* can be initialized in translate_table() */ 1081 if (newinfo->chainstack) { 1082 for_each_possible_cpu(i) 1083 vfree(newinfo->chainstack[i]); 1084 vfree(newinfo->chainstack); 1085 } 1086free_entries: 1087 vfree(newinfo->entries); 1088free_newinfo: 1089 vfree(newinfo); 1090 return ret; 1091} 1092 1093int ebt_register_table(struct ebt_table *table) 1094{ 1095 struct ebt_table_info *newinfo; 1096 struct ebt_table *t; 1097 struct ebt_replace_kernel *repl; 1098 int ret, i, countersize; 1099 void *p; 1100 1101 if (!table || !(repl = table->table) || !repl->entries || 1102 repl->entries_size == 0 || 1103 repl->counters || table->private) { 1104 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1105 return -EINVAL; 1106 } 1107 1108 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids; 1109 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1110 ret = -ENOMEM; 1111 if (!newinfo) 1112 return -ENOMEM; 1113 1114 p = vmalloc(repl->entries_size); 1115 if (!p) 1116 goto free_newinfo; 1117 1118 memcpy(p, repl->entries, repl->entries_size); 1119 newinfo->entries = p; 1120 1121 newinfo->entries_size = repl->entries_size; 1122 newinfo->nentries = repl->nentries; 1123 1124 if (countersize) 1125 memset(newinfo->counters, 0, countersize); 1126 1127 /* fill in newinfo and parse the entries */ 1128 newinfo->chainstack = NULL; 1129 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 1130 if ((repl->valid_hooks & (1 << i)) == 0) 1131 newinfo->hook_entry[i] = NULL; 1132 else 1133 newinfo->hook_entry[i] = p + 1134 ((char *)repl->hook_entry[i] - repl->entries); 1135 } 1136 ret = translate_table(repl->name, newinfo); 1137 if (ret != 0) { 1138 BUGPRINT("Translate_table failed\n"); 1139 goto free_chainstack; 1140 } 1141 1142 if (table->check && table->check(newinfo, table->valid_hooks)) { 1143 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1144 return -EINVAL; 1145 } 1146 1147 table->private = newinfo; 1148 rwlock_init(&table->lock); 1149 ret = mutex_lock_interruptible(&ebt_mutex); 1150 if (ret != 0) 1151 goto free_chainstack; 1152 1153 list_for_each_entry(t, &ebt_tables, list) { 1154 if (strcmp(t->name, table->name) == 0) { 1155 ret = -EEXIST; 1156 BUGPRINT("Table name already exists\n"); 1157 goto free_unlock; 1158 } 1159 } 1160 1161 /* Hold a reference count if the chains aren't empty */ 1162 if (newinfo->nentries && !try_module_get(table->me)) { 1163 ret = -ENOENT; 1164 goto free_unlock; 1165 } 1166 list_add(&table->list, &ebt_tables); 1167 mutex_unlock(&ebt_mutex); 1168 return 0; 1169free_unlock: 1170 mutex_unlock(&ebt_mutex); 1171free_chainstack: 1172 if (newinfo->chainstack) { 1173 for_each_possible_cpu(i) 1174 vfree(newinfo->chainstack[i]); 1175 vfree(newinfo->chainstack); 1176 } 1177 vfree(newinfo->entries); 1178free_newinfo: 1179 vfree(newinfo); 1180 return ret; 1181} 1182 1183void ebt_unregister_table(struct ebt_table *table) 1184{ 1185 int i; 1186 1187 if (!table) { 1188 BUGPRINT("Request to unregister NULL table!!!\n"); 1189 return; 1190 } 1191 mutex_lock(&ebt_mutex); 1192 list_del(&table->list); 1193 mutex_unlock(&ebt_mutex); 1194 vfree(table->private->entries); 1195 if (table->private->chainstack) { 1196 for_each_possible_cpu(i) 1197 vfree(table->private->chainstack[i]); 1198 vfree(table->private->chainstack); 1199 } 1200 vfree(table->private); 1201} 1202 1203/* userspace just supplied us with counters */ 1204static int update_counters(void __user *user, unsigned int len) 1205{ 1206 int i, ret; 1207 struct ebt_counter *tmp; 1208 struct ebt_replace hlp; 1209 struct ebt_table *t; 1210 1211 if (copy_from_user(&hlp, user, sizeof(hlp))) 1212 return -EFAULT; 1213 1214 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1215 return -EINVAL; 1216 if (hlp.num_counters == 0) 1217 return -EINVAL; 1218 1219 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) { 1220 MEMPRINT("Update_counters && nomemory\n"); 1221 return -ENOMEM; 1222 } 1223 1224 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1225 if (!t) 1226 goto free_tmp; 1227 1228 if (hlp.num_counters != t->private->nentries) { 1229 BUGPRINT("Wrong nr of counters\n"); 1230 ret = -EINVAL; 1231 goto unlock_mutex; 1232 } 1233 1234 if ( copy_from_user(tmp, hlp.counters, 1235 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1236 BUGPRINT("Updata_counters && !cfu\n"); 1237 ret = -EFAULT; 1238 goto unlock_mutex; 1239 } 1240 1241 /* we want an atomic add of the counters */ 1242 write_lock_bh(&t->lock); 1243 1244 /* we add to the counters of the first cpu */ 1245 for (i = 0; i < hlp.num_counters; i++) { 1246 t->private->counters[i].pcnt += tmp[i].pcnt; 1247 t->private->counters[i].bcnt += tmp[i].bcnt; 1248 } 1249 1250 write_unlock_bh(&t->lock); 1251 ret = 0; 1252unlock_mutex: 1253 mutex_unlock(&ebt_mutex); 1254free_tmp: 1255 vfree(tmp); 1256 return ret; 1257} 1258 1259static inline int ebt_make_matchname(struct ebt_entry_match *m, 1260 char *base, char __user *ubase) 1261{ 1262 char __user *hlp = ubase + ((char *)m - base); 1263 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1264 return -EFAULT; 1265 return 0; 1266} 1267 1268static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1269 char *base, char __user *ubase) 1270{ 1271 char __user *hlp = ubase + ((char *)w - base); 1272 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1273 return -EFAULT; 1274 return 0; 1275} 1276 1277static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase) 1278{ 1279 int ret; 1280 char __user *hlp; 1281 struct ebt_entry_target *t; 1282 1283 if (e->bitmask == 0) 1284 return 0; 1285 1286 hlp = ubase + (((char *)e + e->target_offset) - base); 1287 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1288 1289 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1290 if (ret != 0) 1291 return ret; 1292 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1293 if (ret != 0) 1294 return ret; 1295 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1296 return -EFAULT; 1297 return 0; 1298} 1299 1300/* called with ebt_mutex locked */ 1301static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1302 int *len, int cmd) 1303{ 1304 struct ebt_replace tmp; 1305 struct ebt_counter *counterstmp, *oldcounters; 1306 unsigned int entries_size, nentries; 1307 char *entries; 1308 1309 if (cmd == EBT_SO_GET_ENTRIES) { 1310 entries_size = t->private->entries_size; 1311 nentries = t->private->nentries; 1312 entries = t->private->entries; 1313 oldcounters = t->private->counters; 1314 } else { 1315 entries_size = t->table->entries_size; 1316 nentries = t->table->nentries; 1317 entries = t->table->entries; 1318 oldcounters = t->table->counters; 1319 } 1320 1321 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1322 BUGPRINT("Cfu didn't work\n"); 1323 return -EFAULT; 1324 } 1325 1326 if (*len != sizeof(struct ebt_replace) + entries_size + 1327 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1328 BUGPRINT("Wrong size\n"); 1329 return -EINVAL; 1330 } 1331 1332 if (tmp.nentries != nentries) { 1333 BUGPRINT("Nentries wrong\n"); 1334 return -EINVAL; 1335 } 1336 1337 if (tmp.entries_size != entries_size) { 1338 BUGPRINT("Wrong size\n"); 1339 return -EINVAL; 1340 } 1341 1342 /* userspace might not need the counters */ 1343 if (tmp.num_counters) { 1344 if (tmp.num_counters != nentries) { 1345 BUGPRINT("Num_counters wrong\n"); 1346 return -EINVAL; 1347 } 1348 counterstmp = vmalloc(nentries * sizeof(*counterstmp)); 1349 if (!counterstmp) { 1350 MEMPRINT("Couldn't copy counters, out of memory\n"); 1351 return -ENOMEM; 1352 } 1353 write_lock_bh(&t->lock); 1354 get_counters(oldcounters, counterstmp, nentries); 1355 write_unlock_bh(&t->lock); 1356 1357 if (copy_to_user(tmp.counters, counterstmp, 1358 nentries * sizeof(struct ebt_counter))) { 1359 BUGPRINT("Couldn't copy counters to userspace\n"); 1360 vfree(counterstmp); 1361 return -EFAULT; 1362 } 1363 vfree(counterstmp); 1364 } 1365 1366 if (copy_to_user(tmp.entries, entries, entries_size)) { 1367 BUGPRINT("Couldn't copy entries to userspace\n"); 1368 return -EFAULT; 1369 } 1370 /* set the match/watcher/target names right */ 1371 return EBT_ENTRY_ITERATE(entries, entries_size, 1372 ebt_make_names, entries, tmp.entries); 1373} 1374 1375static int do_ebt_set_ctl(struct sock *sk, 1376 int cmd, void __user *user, unsigned int len) 1377{ 1378 int ret; 1379 1380 switch(cmd) { 1381 case EBT_SO_SET_ENTRIES: 1382 ret = do_replace(user, len); 1383 break; 1384 case EBT_SO_SET_COUNTERS: 1385 ret = update_counters(user, len); 1386 break; 1387 default: 1388 ret = -EINVAL; 1389 } 1390 return ret; 1391} 1392 1393static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1394{ 1395 int ret; 1396 struct ebt_replace tmp; 1397 struct ebt_table *t; 1398 1399 if (copy_from_user(&tmp, user, sizeof(tmp))) 1400 return -EFAULT; 1401 1402 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1403 if (!t) 1404 return ret; 1405 1406 switch(cmd) { 1407 case EBT_SO_GET_INFO: 1408 case EBT_SO_GET_INIT_INFO: 1409 if (*len != sizeof(struct ebt_replace)){ 1410 ret = -EINVAL; 1411 mutex_unlock(&ebt_mutex); 1412 break; 1413 } 1414 if (cmd == EBT_SO_GET_INFO) { 1415 tmp.nentries = t->private->nentries; 1416 tmp.entries_size = t->private->entries_size; 1417 tmp.valid_hooks = t->valid_hooks; 1418 } else { 1419 tmp.nentries = t->table->nentries; 1420 tmp.entries_size = t->table->entries_size; 1421 tmp.valid_hooks = t->table->valid_hooks; 1422 } 1423 mutex_unlock(&ebt_mutex); 1424 if (copy_to_user(user, &tmp, *len) != 0){ 1425 BUGPRINT("c2u Didn't work\n"); 1426 ret = -EFAULT; 1427 break; 1428 } 1429 ret = 0; 1430 break; 1431 1432 case EBT_SO_GET_ENTRIES: 1433 case EBT_SO_GET_INIT_ENTRIES: 1434 ret = copy_everything_to_user(t, user, len, cmd); 1435 mutex_unlock(&ebt_mutex); 1436 break; 1437 1438 default: 1439 mutex_unlock(&ebt_mutex); 1440 ret = -EINVAL; 1441 } 1442 1443 return ret; 1444} 1445 1446static struct nf_sockopt_ops ebt_sockopts = 1447{ 1448 .pf = PF_INET, 1449 .set_optmin = EBT_BASE_CTL, 1450 .set_optmax = EBT_SO_SET_MAX + 1, 1451 .set = do_ebt_set_ctl, 1452 .get_optmin = EBT_BASE_CTL, 1453 .get_optmax = EBT_SO_GET_MAX + 1, 1454 .get = do_ebt_get_ctl, 1455 .owner = THIS_MODULE, 1456}; 1457 1458static int __init ebtables_init(void) 1459{ 1460 int ret; 1461 1462 ret = xt_register_target(&ebt_standard_target); 1463 if (ret < 0) 1464 return ret; 1465 ret = nf_register_sockopt(&ebt_sockopts); 1466 if (ret < 0) { 1467 xt_unregister_target(&ebt_standard_target); 1468 return ret; 1469 } 1470 1471 printk(KERN_INFO "Ebtables v2.0 registered\n"); 1472 return 0; 1473} 1474 1475static void __exit ebtables_fini(void) 1476{ 1477 nf_unregister_sockopt(&ebt_sockopts); 1478 xt_unregister_target(&ebt_standard_target); 1479 printk(KERN_INFO "Ebtables v2.0 unregistered\n"); 1480} 1481 1482EXPORT_SYMBOL(ebt_register_table); 1483EXPORT_SYMBOL(ebt_unregister_table); 1484EXPORT_SYMBOL(ebt_do_table); 1485module_init(ebtables_init); 1486module_exit(ebtables_fini); 1487MODULE_LICENSE("GPL"); 1488