ebtables.c revision 98a0824a0f33d051f31ca8ff59e289755b244ede
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18/* used for print_string */ 19#include <linux/sched.h> 20#include <linux/tty.h> 21 22#include <linux/kmod.h> 23#include <linux/module.h> 24#include <linux/vmalloc.h> 25#include <linux/netfilter_bridge/ebtables.h> 26#include <linux/spinlock.h> 27#include <linux/mutex.h> 28#include <asm/uaccess.h> 29#include <linux/smp.h> 30#include <linux/cpumask.h> 31#include <net/sock.h> 32/* needed for logical [in,out]-dev filtering */ 33#include "../br_private.h" 34 35#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 36 "report to author: "format, ## args) 37/* #define BUGPRINT(format, args...) */ 38#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 39 ": out of memory: "format, ## args) 40/* #define MEMPRINT(format, args...) */ 41 42 43 44/* 45 * Each cpu has its own set of counters, so there is no need for write_lock in 46 * the softirq 47 * For reading or updating the counters, the user context needs to 48 * get a write_lock 49 */ 50 51/* The size of each set of counters is altered to get cache alignment */ 52#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 53#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 54#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 55 COUNTER_OFFSET(n) * cpu)) 56 57 58 59static DEFINE_MUTEX(ebt_mutex); 60static LIST_HEAD(ebt_tables); 61static LIST_HEAD(ebt_targets); 62static LIST_HEAD(ebt_matches); 63static LIST_HEAD(ebt_watchers); 64 65static struct ebt_target ebt_standard_target = 66{ {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL}; 67 68static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 69 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 70 const struct net_device *out) 71{ 72 w->u.watcher->watcher(skb, hooknr, in, out, w->data, 73 w->watcher_size); 74 /* watchers don't give a verdict */ 75 return 0; 76} 77 78static inline int ebt_do_match (struct ebt_entry_match *m, 79 const struct sk_buff *skb, const struct net_device *in, 80 const struct net_device *out) 81{ 82 return m->u.match->match(skb, in, out, m->data, 83 m->match_size); 84} 85 86static inline int ebt_dev_check(char *entry, const struct net_device *device) 87{ 88 int i = 0; 89 const char *devname = device->name; 90 91 if (*entry == '\0') 92 return 0; 93 if (!device) 94 return 1; 95 /* 1 is the wildcard token */ 96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 97 i++; 98 return (devname[i] != entry[i] && entry[i] != 1); 99} 100 101#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 102/* process standard matches */ 103static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 104 const struct net_device *in, const struct net_device *out) 105{ 106 int verdict, i; 107 108 if (e->bitmask & EBT_802_3) { 109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 110 return 1; 111 } else if (!(e->bitmask & EBT_NOPROTO) && 112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 113 return 1; 114 115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 116 return 1; 117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 118 return 1; 119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 121 return 1; 122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 124 return 1; 125 126 if (e->bitmask & EBT_SOURCEMAC) { 127 verdict = 0; 128 for (i = 0; i < 6; i++) 129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 130 e->sourcemsk[i]; 131 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 132 return 1; 133 } 134 if (e->bitmask & EBT_DESTMAC) { 135 verdict = 0; 136 for (i = 0; i < 6; i++) 137 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 138 e->destmsk[i]; 139 if (FWINV2(verdict != 0, EBT_IDEST) ) 140 return 1; 141 } 142 return 0; 143} 144 145/* Do some firewalling */ 146unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, 147 const struct net_device *in, const struct net_device *out, 148 struct ebt_table *table) 149{ 150 int i, nentries; 151 struct ebt_entry *point; 152 struct ebt_counter *counter_base, *cb_base; 153 struct ebt_entry_target *t; 154 int verdict, sp = 0; 155 struct ebt_chainstack *cs; 156 struct ebt_entries *chaininfo; 157 char *base; 158 struct ebt_table_info *private; 159 160 read_lock_bh(&table->lock); 161 private = table->private; 162 cb_base = COUNTER_BASE(private->counters, private->nentries, 163 smp_processor_id()); 164 if (private->chainstack) 165 cs = private->chainstack[smp_processor_id()]; 166 else 167 cs = NULL; 168 chaininfo = private->hook_entry[hook]; 169 nentries = private->hook_entry[hook]->nentries; 170 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 171 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 172 /* base for chain jumps */ 173 base = private->entries; 174 i = 0; 175 while (i < nentries) { 176 if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) 177 goto letscontinue; 178 179 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) 180 goto letscontinue; 181 182 /* increase counter */ 183 (*(counter_base + i)).pcnt++; 184 (*(counter_base + i)).bcnt+=(**pskb).len; 185 186 /* these should only watch: not modify, nor tell us 187 what to do with the packet */ 188 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, 189 out); 190 191 t = (struct ebt_entry_target *) 192 (((char *)point) + point->target_offset); 193 /* standard target */ 194 if (!t->u.target->target) 195 verdict = ((struct ebt_standard_target *)t)->verdict; 196 else 197 verdict = t->u.target->target(pskb, hook, 198 in, out, t->data, t->target_size); 199 if (verdict == EBT_ACCEPT) { 200 read_unlock_bh(&table->lock); 201 return NF_ACCEPT; 202 } 203 if (verdict == EBT_DROP) { 204 read_unlock_bh(&table->lock); 205 return NF_DROP; 206 } 207 if (verdict == EBT_RETURN) { 208letsreturn: 209#ifdef CONFIG_NETFILTER_DEBUG 210 if (sp == 0) { 211 BUGPRINT("RETURN on base chain"); 212 /* act like this is EBT_CONTINUE */ 213 goto letscontinue; 214 } 215#endif 216 sp--; 217 /* put all the local variables right */ 218 i = cs[sp].n; 219 chaininfo = cs[sp].chaininfo; 220 nentries = chaininfo->nentries; 221 point = cs[sp].e; 222 counter_base = cb_base + 223 chaininfo->counter_offset; 224 continue; 225 } 226 if (verdict == EBT_CONTINUE) 227 goto letscontinue; 228#ifdef CONFIG_NETFILTER_DEBUG 229 if (verdict < 0) { 230 BUGPRINT("bogus standard verdict\n"); 231 read_unlock_bh(&table->lock); 232 return NF_DROP; 233 } 234#endif 235 /* jump to a udc */ 236 cs[sp].n = i + 1; 237 cs[sp].chaininfo = chaininfo; 238 cs[sp].e = (struct ebt_entry *) 239 (((char *)point) + point->next_offset); 240 i = 0; 241 chaininfo = (struct ebt_entries *) (base + verdict); 242#ifdef CONFIG_NETFILTER_DEBUG 243 if (chaininfo->distinguisher) { 244 BUGPRINT("jump to non-chain\n"); 245 read_unlock_bh(&table->lock); 246 return NF_DROP; 247 } 248#endif 249 nentries = chaininfo->nentries; 250 point = (struct ebt_entry *)chaininfo->data; 251 counter_base = cb_base + chaininfo->counter_offset; 252 sp++; 253 continue; 254letscontinue: 255 point = (struct ebt_entry *) 256 (((char *)point) + point->next_offset); 257 i++; 258 } 259 260 /* I actually like this :) */ 261 if (chaininfo->policy == EBT_RETURN) 262 goto letsreturn; 263 if (chaininfo->policy == EBT_ACCEPT) { 264 read_unlock_bh(&table->lock); 265 return NF_ACCEPT; 266 } 267 read_unlock_bh(&table->lock); 268 return NF_DROP; 269} 270 271/* If it succeeds, returns element and locks mutex */ 272static inline void * 273find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 274 struct mutex *mutex) 275{ 276 struct { 277 struct list_head list; 278 char name[EBT_FUNCTION_MAXNAMELEN]; 279 } *e; 280 281 *error = mutex_lock_interruptible(mutex); 282 if (*error != 0) 283 return NULL; 284 285 list_for_each_entry(e, head, list) { 286 if (strcmp(e->name, name) == 0) 287 return e; 288 } 289 *error = -ENOENT; 290 mutex_unlock(mutex); 291 return NULL; 292} 293 294#ifndef CONFIG_KMOD 295#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) 296#else 297static void * 298find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 299 int *error, struct mutex *mutex) 300{ 301 void *ret; 302 303 ret = find_inlist_lock_noload(head, name, error, mutex); 304 if (!ret) { 305 request_module("%s%s", prefix, name); 306 ret = find_inlist_lock_noload(head, name, error, mutex); 307 } 308 return ret; 309} 310#endif 311 312static inline struct ebt_table * 313find_table_lock(const char *name, int *error, struct mutex *mutex) 314{ 315 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 316} 317 318static inline struct ebt_match * 319find_match_lock(const char *name, int *error, struct mutex *mutex) 320{ 321 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex); 322} 323 324static inline struct ebt_watcher * 325find_watcher_lock(const char *name, int *error, struct mutex *mutex) 326{ 327 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex); 328} 329 330static inline struct ebt_target * 331find_target_lock(const char *name, int *error, struct mutex *mutex) 332{ 333 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex); 334} 335 336static inline int 337ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 338 const char *name, unsigned int hookmask, unsigned int *cnt) 339{ 340 struct ebt_match *match; 341 int ret; 342 343 if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) > 344 ((char *)e) + e->watchers_offset) 345 return -EINVAL; 346 match = find_match_lock(m->u.name, &ret, &ebt_mutex); 347 if (!match) 348 return ret; 349 m->u.match = match; 350 if (!try_module_get(match->me)) { 351 mutex_unlock(&ebt_mutex); 352 return -ENOENT; 353 } 354 mutex_unlock(&ebt_mutex); 355 if (match->check && 356 match->check(name, hookmask, e, m->data, m->match_size) != 0) { 357 BUGPRINT("match->check failed\n"); 358 module_put(match->me); 359 return -EINVAL; 360 } 361 (*cnt)++; 362 return 0; 363} 364 365static inline int 366ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 367 const char *name, unsigned int hookmask, unsigned int *cnt) 368{ 369 struct ebt_watcher *watcher; 370 int ret; 371 372 if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) > 373 ((char *)e) + e->target_offset) 374 return -EINVAL; 375 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); 376 if (!watcher) 377 return ret; 378 w->u.watcher = watcher; 379 if (!try_module_get(watcher->me)) { 380 mutex_unlock(&ebt_mutex); 381 return -ENOENT; 382 } 383 mutex_unlock(&ebt_mutex); 384 if (watcher->check && 385 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { 386 BUGPRINT("watcher->check failed\n"); 387 module_put(watcher->me); 388 return -EINVAL; 389 } 390 (*cnt)++; 391 return 0; 392} 393 394/* 395 * this one is very careful, as it is the first function 396 * to parse the userspace data 397 */ 398static inline int 399ebt_check_entry_size_and_hooks(struct ebt_entry *e, 400 struct ebt_table_info *newinfo, char *base, char *limit, 401 struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt, 402 unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks) 403{ 404 unsigned int offset = (char *)e - newinfo->entries; 405 size_t left = (limit - base) - offset; 406 int i; 407 408 if (left < sizeof(unsigned int)) 409 goto Esmall; 410 411 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 412 if ((valid_hooks & (1 << i)) == 0) 413 continue; 414 if ((char *)hook_entries[i] == base + offset) 415 break; 416 } 417 /* beginning of a new chain 418 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 419 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 420 if (e->bitmask != 0) { 421 /* we make userspace set this right, 422 so there is no misunderstanding */ 423 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 424 "in distinguisher\n"); 425 return -EINVAL; 426 } 427 /* this checks if the previous chain has as many entries 428 as it said it has */ 429 if (*n != *cnt) { 430 BUGPRINT("nentries does not equal the nr of entries " 431 "in the chain\n"); 432 return -EINVAL; 433 } 434 /* before we look at the struct, be sure it is not too big */ 435 if (left < sizeof(struct ebt_entries)) 436 goto Esmall; 437 if (((struct ebt_entries *)e)->policy != EBT_DROP && 438 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 439 /* only RETURN from udc */ 440 if (i != NF_BR_NUMHOOKS || 441 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 442 BUGPRINT("bad policy\n"); 443 return -EINVAL; 444 } 445 } 446 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 447 (*udc_cnt)++; 448 else 449 newinfo->hook_entry[i] = (struct ebt_entries *)e; 450 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 451 BUGPRINT("counter_offset != totalcnt"); 452 return -EINVAL; 453 } 454 *n = ((struct ebt_entries *)e)->nentries; 455 *cnt = 0; 456 return 0; 457 } 458 /* a plain old entry, heh */ 459 if (left < sizeof(struct ebt_entry)) 460 goto Esmall; 461 if (sizeof(struct ebt_entry) > e->watchers_offset || 462 e->watchers_offset > e->target_offset || 463 e->target_offset >= e->next_offset) { 464 BUGPRINT("entry offsets not in right order\n"); 465 return -EINVAL; 466 } 467 /* this is not checked anywhere else */ 468 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 469 BUGPRINT("target size too small\n"); 470 return -EINVAL; 471 } 472 if (left < e->next_offset) 473 goto Esmall; 474 475 (*cnt)++; 476 (*totalcnt)++; 477 return 0; 478 479Esmall: 480 BUGPRINT("entries_size too small\n"); 481 return -EINVAL; 482} 483 484struct ebt_cl_stack 485{ 486 struct ebt_chainstack cs; 487 int from; 488 unsigned int hookmask; 489}; 490 491/* 492 * we need these positions to check that the jumps to a different part of the 493 * entries is a jump to the beginning of a new chain. 494 */ 495static inline int 496ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 497 struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks, 498 struct ebt_cl_stack *udc) 499{ 500 int i; 501 502 /* we're only interested in chain starts */ 503 if (e->bitmask) 504 return 0; 505 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 506 if ((valid_hooks & (1 << i)) == 0) 507 continue; 508 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 509 break; 510 } 511 /* only care about udc */ 512 if (i != NF_BR_NUMHOOKS) 513 return 0; 514 515 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 516 /* these initialisations are depended on later in check_chainloops() */ 517 udc[*n].cs.n = 0; 518 udc[*n].hookmask = 0; 519 520 (*n)++; 521 return 0; 522} 523 524static inline int 525ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 526{ 527 if (i && (*i)-- == 0) 528 return 1; 529 if (m->u.match->destroy) 530 m->u.match->destroy(m->data, m->match_size); 531 module_put(m->u.match->me); 532 533 return 0; 534} 535 536static inline int 537ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 538{ 539 if (i && (*i)-- == 0) 540 return 1; 541 if (w->u.watcher->destroy) 542 w->u.watcher->destroy(w->data, w->watcher_size); 543 module_put(w->u.watcher->me); 544 545 return 0; 546} 547 548static inline int 549ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 550{ 551 struct ebt_entry_target *t; 552 553 if (e->bitmask == 0) 554 return 0; 555 /* we're done */ 556 if (cnt && (*cnt)-- == 0) 557 return 1; 558 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 559 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 560 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 561 if (t->u.target->destroy) 562 t->u.target->destroy(t->data, t->target_size); 563 module_put(t->u.target->me); 564 565 return 0; 566} 567 568static inline int 569ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 570 const char *name, unsigned int *cnt, unsigned int valid_hooks, 571 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 572{ 573 struct ebt_entry_target *t; 574 struct ebt_target *target; 575 unsigned int i, j, hook = 0, hookmask = 0; 576 int ret; 577 578 /* don't mess with the struct ebt_entries */ 579 if (e->bitmask == 0) 580 return 0; 581 582 if (e->bitmask & ~EBT_F_MASK) { 583 BUGPRINT("Unknown flag for bitmask\n"); 584 return -EINVAL; 585 } 586 if (e->invflags & ~EBT_INV_MASK) { 587 BUGPRINT("Unknown flag for inv bitmask\n"); 588 return -EINVAL; 589 } 590 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 591 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 592 return -EINVAL; 593 } 594 /* what hook do we belong to? */ 595 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 596 if ((valid_hooks & (1 << i)) == 0) 597 continue; 598 if ((char *)newinfo->hook_entry[i] < (char *)e) 599 hook = i; 600 else 601 break; 602 } 603 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 604 a base chain */ 605 if (i < NF_BR_NUMHOOKS) 606 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 607 else { 608 for (i = 0; i < udc_cnt; i++) 609 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 610 break; 611 if (i == 0) 612 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 613 else 614 hookmask = cl_s[i - 1].hookmask; 615 } 616 i = 0; 617 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); 618 if (ret != 0) 619 goto cleanup_matches; 620 j = 0; 621 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); 622 if (ret != 0) 623 goto cleanup_watchers; 624 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 625 target = find_target_lock(t->u.name, &ret, &ebt_mutex); 626 if (!target) 627 goto cleanup_watchers; 628 if (!try_module_get(target->me)) { 629 mutex_unlock(&ebt_mutex); 630 ret = -ENOENT; 631 goto cleanup_watchers; 632 } 633 mutex_unlock(&ebt_mutex); 634 635 t->u.target = target; 636 if (t->u.target == &ebt_standard_target) { 637 if (e->target_offset + sizeof(struct ebt_standard_target) > 638 e->next_offset) { 639 BUGPRINT("Standard target size too big\n"); 640 ret = -EFAULT; 641 goto cleanup_watchers; 642 } 643 if (((struct ebt_standard_target *)t)->verdict < 644 -NUM_STANDARD_TARGETS) { 645 BUGPRINT("Invalid standard target\n"); 646 ret = -EFAULT; 647 goto cleanup_watchers; 648 } 649 } else if ((e->target_offset + t->target_size + 650 sizeof(struct ebt_entry_target) > e->next_offset) || 651 (t->u.target->check && 652 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){ 653 module_put(t->u.target->me); 654 ret = -EFAULT; 655 goto cleanup_watchers; 656 } 657 (*cnt)++; 658 return 0; 659cleanup_watchers: 660 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 661cleanup_matches: 662 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 663 return ret; 664} 665 666/* 667 * checks for loops and sets the hook mask for udc 668 * the hook mask for udc tells us from which base chains the udc can be 669 * accessed. This mask is a parameter to the check() functions of the extensions 670 */ 671static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 672 unsigned int udc_cnt, unsigned int hooknr, char *base) 673{ 674 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 675 struct ebt_entry *e = (struct ebt_entry *)chain->data; 676 struct ebt_entry_target *t; 677 678 while (pos < nentries || chain_nr != -1) { 679 /* end of udc, go back one 'recursion' step */ 680 if (pos == nentries) { 681 /* put back values of the time when this chain was called */ 682 e = cl_s[chain_nr].cs.e; 683 if (cl_s[chain_nr].from != -1) 684 nentries = 685 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 686 else 687 nentries = chain->nentries; 688 pos = cl_s[chain_nr].cs.n; 689 /* make sure we won't see a loop that isn't one */ 690 cl_s[chain_nr].cs.n = 0; 691 chain_nr = cl_s[chain_nr].from; 692 if (pos == nentries) 693 continue; 694 } 695 t = (struct ebt_entry_target *) 696 (((char *)e) + e->target_offset); 697 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 698 goto letscontinue; 699 if (e->target_offset + sizeof(struct ebt_standard_target) > 700 e->next_offset) { 701 BUGPRINT("Standard target size too big\n"); 702 return -1; 703 } 704 verdict = ((struct ebt_standard_target *)t)->verdict; 705 if (verdict >= 0) { /* jump to another chain */ 706 struct ebt_entries *hlp2 = 707 (struct ebt_entries *)(base + verdict); 708 for (i = 0; i < udc_cnt; i++) 709 if (hlp2 == cl_s[i].cs.chaininfo) 710 break; 711 /* bad destination or loop */ 712 if (i == udc_cnt) { 713 BUGPRINT("bad destination\n"); 714 return -1; 715 } 716 if (cl_s[i].cs.n) { 717 BUGPRINT("loop\n"); 718 return -1; 719 } 720 if (cl_s[i].hookmask & (1 << hooknr)) 721 goto letscontinue; 722 /* this can't be 0, so the loop test is correct */ 723 cl_s[i].cs.n = pos + 1; 724 pos = 0; 725 cl_s[i].cs.e = ((void *)e + e->next_offset); 726 e = (struct ebt_entry *)(hlp2->data); 727 nentries = hlp2->nentries; 728 cl_s[i].from = chain_nr; 729 chain_nr = i; 730 /* this udc is accessible from the base chain for hooknr */ 731 cl_s[i].hookmask |= (1 << hooknr); 732 continue; 733 } 734letscontinue: 735 e = (void *)e + e->next_offset; 736 pos++; 737 } 738 return 0; 739} 740 741/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 742static int translate_table(struct ebt_replace *repl, 743 struct ebt_table_info *newinfo) 744{ 745 unsigned int i, j, k, udc_cnt; 746 int ret; 747 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 748 749 i = 0; 750 while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) 751 i++; 752 if (i == NF_BR_NUMHOOKS) { 753 BUGPRINT("No valid hooks specified\n"); 754 return -EINVAL; 755 } 756 if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) { 757 BUGPRINT("Chains don't start at beginning\n"); 758 return -EINVAL; 759 } 760 /* make sure chains are ordered after each other in same order 761 as their corresponding hooks */ 762 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 763 if (!(repl->valid_hooks & (1 << j))) 764 continue; 765 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) { 766 BUGPRINT("Hook order must be followed\n"); 767 return -EINVAL; 768 } 769 i = j; 770 } 771 772 for (i = 0; i < NF_BR_NUMHOOKS; i++) 773 newinfo->hook_entry[i] = NULL; 774 775 newinfo->entries_size = repl->entries_size; 776 newinfo->nentries = repl->nentries; 777 778 /* do some early checkings and initialize some things */ 779 i = 0; /* holds the expected nr. of entries for the chain */ 780 j = 0; /* holds the up to now counted entries for the chain */ 781 k = 0; /* holds the total nr. of entries, should equal 782 newinfo->nentries afterwards */ 783 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 784 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 785 ebt_check_entry_size_and_hooks, newinfo, repl->entries, 786 repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k, 787 &udc_cnt, repl->valid_hooks); 788 789 if (ret != 0) 790 return ret; 791 792 if (i != j) { 793 BUGPRINT("nentries does not equal the nr of entries in the " 794 "(last) chain\n"); 795 return -EINVAL; 796 } 797 if (k != newinfo->nentries) { 798 BUGPRINT("Total nentries is wrong\n"); 799 return -EINVAL; 800 } 801 802 /* check if all valid hooks have a chain */ 803 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 804 if (newinfo->hook_entry[i] == NULL && 805 (repl->valid_hooks & (1 << i))) { 806 BUGPRINT("Valid hook without chain\n"); 807 return -EINVAL; 808 } 809 } 810 811 /* get the location of the udc, put them in an array 812 while we're at it, allocate the chainstack */ 813 if (udc_cnt) { 814 /* this will get free'd in do_replace()/ebt_register_table() 815 if an error occurs */ 816 newinfo->chainstack = 817 vmalloc((highest_possible_processor_id()+1) 818 * sizeof(*(newinfo->chainstack))); 819 if (!newinfo->chainstack) 820 return -ENOMEM; 821 for_each_possible_cpu(i) { 822 newinfo->chainstack[i] = 823 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); 824 if (!newinfo->chainstack[i]) { 825 while (i) 826 vfree(newinfo->chainstack[--i]); 827 vfree(newinfo->chainstack); 828 newinfo->chainstack = NULL; 829 return -ENOMEM; 830 } 831 } 832 833 cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); 834 if (!cl_s) 835 return -ENOMEM; 836 i = 0; /* the i'th udc */ 837 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 838 ebt_get_udc_positions, newinfo, repl->hook_entry, &i, 839 repl->valid_hooks, cl_s); 840 /* sanity check */ 841 if (i != udc_cnt) { 842 BUGPRINT("i != udc_cnt\n"); 843 vfree(cl_s); 844 return -EFAULT; 845 } 846 } 847 848 /* Check for loops */ 849 for (i = 0; i < NF_BR_NUMHOOKS; i++) 850 if (repl->valid_hooks & (1 << i)) 851 if (check_chainloops(newinfo->hook_entry[i], 852 cl_s, udc_cnt, i, newinfo->entries)) { 853 vfree(cl_s); 854 return -EINVAL; 855 } 856 857 /* we now know the following (along with E=mc�): 858 - the nr of entries in each chain is right 859 - the size of the allocated space is right 860 - all valid hooks have a corresponding chain 861 - there are no loops 862 - wrong data can still be on the level of a single entry 863 - could be there are jumps to places that are not the 864 beginning of a chain. This can only occur in chains that 865 are not accessible from any base chains, so we don't care. */ 866 867 /* used to know what we need to clean up if something goes wrong */ 868 i = 0; 869 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 870 ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks, 871 cl_s, udc_cnt); 872 if (ret != 0) { 873 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 874 ebt_cleanup_entry, &i); 875 } 876 vfree(cl_s); 877 return ret; 878} 879 880/* called under write_lock */ 881static void get_counters(struct ebt_counter *oldcounters, 882 struct ebt_counter *counters, unsigned int nentries) 883{ 884 int i, cpu; 885 struct ebt_counter *counter_base; 886 887 /* counters of cpu 0 */ 888 memcpy(counters, oldcounters, 889 sizeof(struct ebt_counter) * nentries); 890 891 /* add other counters to those of cpu 0 */ 892 for_each_possible_cpu(cpu) { 893 if (cpu == 0) 894 continue; 895 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 896 for (i = 0; i < nentries; i++) { 897 counters[i].pcnt += counter_base[i].pcnt; 898 counters[i].bcnt += counter_base[i].bcnt; 899 } 900 } 901} 902 903/* replace the table */ 904static int do_replace(void __user *user, unsigned int len) 905{ 906 int ret, i, countersize; 907 struct ebt_table_info *newinfo; 908 struct ebt_replace tmp; 909 struct ebt_table *t; 910 struct ebt_counter *counterstmp = NULL; 911 /* used to be able to unlock earlier */ 912 struct ebt_table_info *table; 913 914 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 915 return -EFAULT; 916 917 if (len != sizeof(tmp) + tmp.entries_size) { 918 BUGPRINT("Wrong len argument\n"); 919 return -EINVAL; 920 } 921 922 if (tmp.entries_size == 0) { 923 BUGPRINT("Entries_size never zero\n"); 924 return -EINVAL; 925 } 926 /* overflow check */ 927 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - 928 SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 929 return -ENOMEM; 930 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 931 return -ENOMEM; 932 933 countersize = COUNTER_OFFSET(tmp.nentries) * 934 (highest_possible_processor_id()+1); 935 newinfo = vmalloc(sizeof(*newinfo) + countersize); 936 if (!newinfo) 937 return -ENOMEM; 938 939 if (countersize) 940 memset(newinfo->counters, 0, countersize); 941 942 newinfo->entries = vmalloc(tmp.entries_size); 943 if (!newinfo->entries) { 944 ret = -ENOMEM; 945 goto free_newinfo; 946 } 947 if (copy_from_user( 948 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 949 BUGPRINT("Couldn't copy entries from userspace\n"); 950 ret = -EFAULT; 951 goto free_entries; 952 } 953 954 /* the user wants counters back 955 the check on the size is done later, when we have the lock */ 956 if (tmp.num_counters) { 957 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp)); 958 if (!counterstmp) { 959 ret = -ENOMEM; 960 goto free_entries; 961 } 962 } 963 else 964 counterstmp = NULL; 965 966 /* this can get initialized by translate_table() */ 967 newinfo->chainstack = NULL; 968 ret = translate_table(&tmp, newinfo); 969 970 if (ret != 0) 971 goto free_counterstmp; 972 973 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 974 if (!t) { 975 ret = -ENOENT; 976 goto free_iterate; 977 } 978 979 /* the table doesn't like it */ 980 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 981 goto free_unlock; 982 983 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 984 BUGPRINT("Wrong nr. of counters requested\n"); 985 ret = -EINVAL; 986 goto free_unlock; 987 } 988 989 /* we have the mutex lock, so no danger in reading this pointer */ 990 table = t->private; 991 /* make sure the table can only be rmmod'ed if it contains no rules */ 992 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 993 ret = -ENOENT; 994 goto free_unlock; 995 } else if (table->nentries && !newinfo->nentries) 996 module_put(t->me); 997 /* we need an atomic snapshot of the counters */ 998 write_lock_bh(&t->lock); 999 if (tmp.num_counters) 1000 get_counters(t->private->counters, counterstmp, 1001 t->private->nentries); 1002 1003 t->private = newinfo; 1004 write_unlock_bh(&t->lock); 1005 mutex_unlock(&ebt_mutex); 1006 /* so, a user can change the chains while having messed up her counter 1007 allocation. Only reason why this is done is because this way the lock 1008 is held only once, while this doesn't bring the kernel into a 1009 dangerous state. */ 1010 if (tmp.num_counters && 1011 copy_to_user(tmp.counters, counterstmp, 1012 tmp.num_counters * sizeof(struct ebt_counter))) { 1013 BUGPRINT("Couldn't copy counters to userspace\n"); 1014 ret = -EFAULT; 1015 } 1016 else 1017 ret = 0; 1018 1019 /* decrease module count and free resources */ 1020 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1021 ebt_cleanup_entry, NULL); 1022 1023 vfree(table->entries); 1024 if (table->chainstack) { 1025 for_each_possible_cpu(i) 1026 vfree(table->chainstack[i]); 1027 vfree(table->chainstack); 1028 } 1029 vfree(table); 1030 1031 vfree(counterstmp); 1032 return ret; 1033 1034free_unlock: 1035 mutex_unlock(&ebt_mutex); 1036free_iterate: 1037 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1038 ebt_cleanup_entry, NULL); 1039free_counterstmp: 1040 vfree(counterstmp); 1041 /* can be initialized in translate_table() */ 1042 if (newinfo->chainstack) { 1043 for_each_possible_cpu(i) 1044 vfree(newinfo->chainstack[i]); 1045 vfree(newinfo->chainstack); 1046 } 1047free_entries: 1048 vfree(newinfo->entries); 1049free_newinfo: 1050 vfree(newinfo); 1051 return ret; 1052} 1053 1054int ebt_register_target(struct ebt_target *target) 1055{ 1056 struct ebt_target *t; 1057 int ret; 1058 1059 ret = mutex_lock_interruptible(&ebt_mutex); 1060 if (ret != 0) 1061 return ret; 1062 list_for_each_entry(t, &ebt_targets, list) { 1063 if (strcmp(t->name, target->name) == 0) { 1064 mutex_unlock(&ebt_mutex); 1065 return -EEXIST; 1066 } 1067 } 1068 list_add(&target->list, &ebt_targets); 1069 mutex_unlock(&ebt_mutex); 1070 1071 return 0; 1072} 1073 1074void ebt_unregister_target(struct ebt_target *target) 1075{ 1076 mutex_lock(&ebt_mutex); 1077 list_del(&target->list); 1078 mutex_unlock(&ebt_mutex); 1079} 1080 1081int ebt_register_match(struct ebt_match *match) 1082{ 1083 struct ebt_match *m; 1084 int ret; 1085 1086 ret = mutex_lock_interruptible(&ebt_mutex); 1087 if (ret != 0) 1088 return ret; 1089 list_for_each_entry(m, &ebt_matches, list) { 1090 if (strcmp(m->name, match->name) == 0) { 1091 mutex_unlock(&ebt_mutex); 1092 return -EEXIST; 1093 } 1094 } 1095 list_add(&match->list, &ebt_matches); 1096 mutex_unlock(&ebt_mutex); 1097 1098 return 0; 1099} 1100 1101void ebt_unregister_match(struct ebt_match *match) 1102{ 1103 mutex_lock(&ebt_mutex); 1104 list_del(&match->list); 1105 mutex_unlock(&ebt_mutex); 1106} 1107 1108int ebt_register_watcher(struct ebt_watcher *watcher) 1109{ 1110 struct ebt_watcher *w; 1111 int ret; 1112 1113 ret = mutex_lock_interruptible(&ebt_mutex); 1114 if (ret != 0) 1115 return ret; 1116 list_for_each_entry(w, &ebt_watchers, list) { 1117 if (strcmp(w->name, watcher->name) == 0) { 1118 mutex_unlock(&ebt_mutex); 1119 return -EEXIST; 1120 } 1121 } 1122 list_add(&watcher->list, &ebt_watchers); 1123 mutex_unlock(&ebt_mutex); 1124 1125 return 0; 1126} 1127 1128void ebt_unregister_watcher(struct ebt_watcher *watcher) 1129{ 1130 mutex_lock(&ebt_mutex); 1131 list_del(&watcher->list); 1132 mutex_unlock(&ebt_mutex); 1133} 1134 1135int ebt_register_table(struct ebt_table *table) 1136{ 1137 struct ebt_table_info *newinfo; 1138 struct ebt_table *t; 1139 int ret, i, countersize; 1140 1141 if (!table || !table->table ||!table->table->entries || 1142 table->table->entries_size == 0 || 1143 table->table->counters || table->private) { 1144 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1145 return -EINVAL; 1146 } 1147 1148 countersize = COUNTER_OFFSET(table->table->nentries) * 1149 (highest_possible_processor_id()+1); 1150 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1151 ret = -ENOMEM; 1152 if (!newinfo) 1153 return -ENOMEM; 1154 1155 newinfo->entries = vmalloc(table->table->entries_size); 1156 if (!(newinfo->entries)) 1157 goto free_newinfo; 1158 1159 memcpy(newinfo->entries, table->table->entries, 1160 table->table->entries_size); 1161 1162 if (countersize) 1163 memset(newinfo->counters, 0, countersize); 1164 1165 /* fill in newinfo and parse the entries */ 1166 newinfo->chainstack = NULL; 1167 ret = translate_table(table->table, newinfo); 1168 if (ret != 0) { 1169 BUGPRINT("Translate_table failed\n"); 1170 goto free_chainstack; 1171 } 1172 1173 if (table->check && table->check(newinfo, table->valid_hooks)) { 1174 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1175 return -EINVAL; 1176 } 1177 1178 table->private = newinfo; 1179 rwlock_init(&table->lock); 1180 ret = mutex_lock_interruptible(&ebt_mutex); 1181 if (ret != 0) 1182 goto free_chainstack; 1183 1184 list_for_each_entry(t, &ebt_tables, list) { 1185 if (strcmp(t->name, table->name) == 0) { 1186 ret = -EEXIST; 1187 BUGPRINT("Table name already exists\n"); 1188 goto free_unlock; 1189 } 1190 } 1191 1192 /* Hold a reference count if the chains aren't empty */ 1193 if (newinfo->nentries && !try_module_get(table->me)) { 1194 ret = -ENOENT; 1195 goto free_unlock; 1196 } 1197 list_add(&table->list, &ebt_tables); 1198 mutex_unlock(&ebt_mutex); 1199 return 0; 1200free_unlock: 1201 mutex_unlock(&ebt_mutex); 1202free_chainstack: 1203 if (newinfo->chainstack) { 1204 for_each_possible_cpu(i) 1205 vfree(newinfo->chainstack[i]); 1206 vfree(newinfo->chainstack); 1207 } 1208 vfree(newinfo->entries); 1209free_newinfo: 1210 vfree(newinfo); 1211 return ret; 1212} 1213 1214void ebt_unregister_table(struct ebt_table *table) 1215{ 1216 int i; 1217 1218 if (!table) { 1219 BUGPRINT("Request to unregister NULL table!!!\n"); 1220 return; 1221 } 1222 mutex_lock(&ebt_mutex); 1223 list_del(&table->list); 1224 mutex_unlock(&ebt_mutex); 1225 vfree(table->private->entries); 1226 if (table->private->chainstack) { 1227 for_each_possible_cpu(i) 1228 vfree(table->private->chainstack[i]); 1229 vfree(table->private->chainstack); 1230 } 1231 vfree(table->private); 1232} 1233 1234/* userspace just supplied us with counters */ 1235static int update_counters(void __user *user, unsigned int len) 1236{ 1237 int i, ret; 1238 struct ebt_counter *tmp; 1239 struct ebt_replace hlp; 1240 struct ebt_table *t; 1241 1242 if (copy_from_user(&hlp, user, sizeof(hlp))) 1243 return -EFAULT; 1244 1245 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1246 return -EINVAL; 1247 if (hlp.num_counters == 0) 1248 return -EINVAL; 1249 1250 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) { 1251 MEMPRINT("Update_counters && nomemory\n"); 1252 return -ENOMEM; 1253 } 1254 1255 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1256 if (!t) 1257 goto free_tmp; 1258 1259 if (hlp.num_counters != t->private->nentries) { 1260 BUGPRINT("Wrong nr of counters\n"); 1261 ret = -EINVAL; 1262 goto unlock_mutex; 1263 } 1264 1265 if ( copy_from_user(tmp, hlp.counters, 1266 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1267 BUGPRINT("Updata_counters && !cfu\n"); 1268 ret = -EFAULT; 1269 goto unlock_mutex; 1270 } 1271 1272 /* we want an atomic add of the counters */ 1273 write_lock_bh(&t->lock); 1274 1275 /* we add to the counters of the first cpu */ 1276 for (i = 0; i < hlp.num_counters; i++) { 1277 t->private->counters[i].pcnt += tmp[i].pcnt; 1278 t->private->counters[i].bcnt += tmp[i].bcnt; 1279 } 1280 1281 write_unlock_bh(&t->lock); 1282 ret = 0; 1283unlock_mutex: 1284 mutex_unlock(&ebt_mutex); 1285free_tmp: 1286 vfree(tmp); 1287 return ret; 1288} 1289 1290static inline int ebt_make_matchname(struct ebt_entry_match *m, 1291 char *base, char *ubase) 1292{ 1293 char *hlp = ubase - base + (char *)m; 1294 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1295 return -EFAULT; 1296 return 0; 1297} 1298 1299static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1300 char *base, char *ubase) 1301{ 1302 char *hlp = ubase - base + (char *)w; 1303 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1304 return -EFAULT; 1305 return 0; 1306} 1307 1308static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) 1309{ 1310 int ret; 1311 char *hlp; 1312 struct ebt_entry_target *t; 1313 1314 if (e->bitmask == 0) 1315 return 0; 1316 1317 hlp = ubase - base + (char *)e + e->target_offset; 1318 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1319 1320 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1321 if (ret != 0) 1322 return ret; 1323 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1324 if (ret != 0) 1325 return ret; 1326 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1327 return -EFAULT; 1328 return 0; 1329} 1330 1331/* called with ebt_mutex locked */ 1332static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1333 int *len, int cmd) 1334{ 1335 struct ebt_replace tmp; 1336 struct ebt_counter *counterstmp, *oldcounters; 1337 unsigned int entries_size, nentries; 1338 char *entries; 1339 1340 if (cmd == EBT_SO_GET_ENTRIES) { 1341 entries_size = t->private->entries_size; 1342 nentries = t->private->nentries; 1343 entries = t->private->entries; 1344 oldcounters = t->private->counters; 1345 } else { 1346 entries_size = t->table->entries_size; 1347 nentries = t->table->nentries; 1348 entries = t->table->entries; 1349 oldcounters = t->table->counters; 1350 } 1351 1352 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1353 BUGPRINT("Cfu didn't work\n"); 1354 return -EFAULT; 1355 } 1356 1357 if (*len != sizeof(struct ebt_replace) + entries_size + 1358 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1359 BUGPRINT("Wrong size\n"); 1360 return -EINVAL; 1361 } 1362 1363 if (tmp.nentries != nentries) { 1364 BUGPRINT("Nentries wrong\n"); 1365 return -EINVAL; 1366 } 1367 1368 if (tmp.entries_size != entries_size) { 1369 BUGPRINT("Wrong size\n"); 1370 return -EINVAL; 1371 } 1372 1373 /* userspace might not need the counters */ 1374 if (tmp.num_counters) { 1375 if (tmp.num_counters != nentries) { 1376 BUGPRINT("Num_counters wrong\n"); 1377 return -EINVAL; 1378 } 1379 counterstmp = vmalloc(nentries * sizeof(*counterstmp)); 1380 if (!counterstmp) { 1381 MEMPRINT("Couldn't copy counters, out of memory\n"); 1382 return -ENOMEM; 1383 } 1384 write_lock_bh(&t->lock); 1385 get_counters(oldcounters, counterstmp, nentries); 1386 write_unlock_bh(&t->lock); 1387 1388 if (copy_to_user(tmp.counters, counterstmp, 1389 nentries * sizeof(struct ebt_counter))) { 1390 BUGPRINT("Couldn't copy counters to userspace\n"); 1391 vfree(counterstmp); 1392 return -EFAULT; 1393 } 1394 vfree(counterstmp); 1395 } 1396 1397 if (copy_to_user(tmp.entries, entries, entries_size)) { 1398 BUGPRINT("Couldn't copy entries to userspace\n"); 1399 return -EFAULT; 1400 } 1401 /* set the match/watcher/target names right */ 1402 return EBT_ENTRY_ITERATE(entries, entries_size, 1403 ebt_make_names, entries, tmp.entries); 1404} 1405 1406static int do_ebt_set_ctl(struct sock *sk, 1407 int cmd, void __user *user, unsigned int len) 1408{ 1409 int ret; 1410 1411 switch(cmd) { 1412 case EBT_SO_SET_ENTRIES: 1413 ret = do_replace(user, len); 1414 break; 1415 case EBT_SO_SET_COUNTERS: 1416 ret = update_counters(user, len); 1417 break; 1418 default: 1419 ret = -EINVAL; 1420 } 1421 return ret; 1422} 1423 1424static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1425{ 1426 int ret; 1427 struct ebt_replace tmp; 1428 struct ebt_table *t; 1429 1430 if (copy_from_user(&tmp, user, sizeof(tmp))) 1431 return -EFAULT; 1432 1433 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1434 if (!t) 1435 return ret; 1436 1437 switch(cmd) { 1438 case EBT_SO_GET_INFO: 1439 case EBT_SO_GET_INIT_INFO: 1440 if (*len != sizeof(struct ebt_replace)){ 1441 ret = -EINVAL; 1442 mutex_unlock(&ebt_mutex); 1443 break; 1444 } 1445 if (cmd == EBT_SO_GET_INFO) { 1446 tmp.nentries = t->private->nentries; 1447 tmp.entries_size = t->private->entries_size; 1448 tmp.valid_hooks = t->valid_hooks; 1449 } else { 1450 tmp.nentries = t->table->nentries; 1451 tmp.entries_size = t->table->entries_size; 1452 tmp.valid_hooks = t->table->valid_hooks; 1453 } 1454 mutex_unlock(&ebt_mutex); 1455 if (copy_to_user(user, &tmp, *len) != 0){ 1456 BUGPRINT("c2u Didn't work\n"); 1457 ret = -EFAULT; 1458 break; 1459 } 1460 ret = 0; 1461 break; 1462 1463 case EBT_SO_GET_ENTRIES: 1464 case EBT_SO_GET_INIT_ENTRIES: 1465 ret = copy_everything_to_user(t, user, len, cmd); 1466 mutex_unlock(&ebt_mutex); 1467 break; 1468 1469 default: 1470 mutex_unlock(&ebt_mutex); 1471 ret = -EINVAL; 1472 } 1473 1474 return ret; 1475} 1476 1477static struct nf_sockopt_ops ebt_sockopts = 1478{ 1479 .pf = PF_INET, 1480 .set_optmin = EBT_BASE_CTL, 1481 .set_optmax = EBT_SO_SET_MAX + 1, 1482 .set = do_ebt_set_ctl, 1483 .get_optmin = EBT_BASE_CTL, 1484 .get_optmax = EBT_SO_GET_MAX + 1, 1485 .get = do_ebt_get_ctl, 1486}; 1487 1488static int __init ebtables_init(void) 1489{ 1490 int ret; 1491 1492 mutex_lock(&ebt_mutex); 1493 list_add(&ebt_standard_target.list, &ebt_targets); 1494 mutex_unlock(&ebt_mutex); 1495 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) 1496 return ret; 1497 1498 printk(KERN_NOTICE "Ebtables v2.0 registered\n"); 1499 return 0; 1500} 1501 1502static void __exit ebtables_fini(void) 1503{ 1504 nf_unregister_sockopt(&ebt_sockopts); 1505 printk(KERN_NOTICE "Ebtables v2.0 unregistered\n"); 1506} 1507 1508EXPORT_SYMBOL(ebt_register_table); 1509EXPORT_SYMBOL(ebt_unregister_table); 1510EXPORT_SYMBOL(ebt_register_match); 1511EXPORT_SYMBOL(ebt_unregister_match); 1512EXPORT_SYMBOL(ebt_register_watcher); 1513EXPORT_SYMBOL(ebt_unregister_watcher); 1514EXPORT_SYMBOL(ebt_register_target); 1515EXPORT_SYMBOL(ebt_unregister_target); 1516EXPORT_SYMBOL(ebt_do_table); 1517module_init(ebtables_init); 1518module_exit(ebtables_fini); 1519MODULE_LICENSE("GPL"); 1520