ebtables.c revision c8923c6b852d3a97c1faad0566e38fca330375a7
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18/* used for print_string */ 19#include <linux/sched.h> 20#include <linux/tty.h> 21 22#include <linux/kmod.h> 23#include <linux/module.h> 24#include <linux/vmalloc.h> 25#include <linux/netfilter_bridge/ebtables.h> 26#include <linux/spinlock.h> 27#include <asm/uaccess.h> 28#include <linux/smp.h> 29#include <linux/cpumask.h> 30#include <net/sock.h> 31/* needed for logical [in,out]-dev filtering */ 32#include "../br_private.h" 33 34/* list_named_find */ 35#define ASSERT_READ_LOCK(x) 36#define ASSERT_WRITE_LOCK(x) 37#include <linux/netfilter_ipv4/listhelp.h> 38 39#if 0 40/* use this for remote debugging 41 * Copyright (C) 1998 by Ori Pomerantz 42 * Print the string to the appropriate tty, the one 43 * the current task uses 44 */ 45static void print_string(char *str) 46{ 47 struct tty_struct *my_tty; 48 49 /* The tty for the current task */ 50 my_tty = current->signal->tty; 51 if (my_tty != NULL) { 52 my_tty->driver->write(my_tty, 0, str, strlen(str)); 53 my_tty->driver->write(my_tty, 0, "\015\012", 2); 54 } 55} 56 57#define BUGPRINT(args) print_string(args); 58#else 59#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 60 "report to author: "format, ## args) 61/* #define BUGPRINT(format, args...) */ 62#endif 63#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 64 ": out of memory: "format, ## args) 65/* #define MEMPRINT(format, args...) */ 66 67 68 69/* 70 * Each cpu has its own set of counters, so there is no need for write_lock in 71 * the softirq 72 * For reading or updating the counters, the user context needs to 73 * get a write_lock 74 */ 75 76/* The size of each set of counters is altered to get cache alignment */ 77#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 78#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 79#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 80 COUNTER_OFFSET(n) * cpu)) 81 82 83 84static DECLARE_MUTEX(ebt_mutex); 85static LIST_HEAD(ebt_tables); 86static LIST_HEAD(ebt_targets); 87static LIST_HEAD(ebt_matches); 88static LIST_HEAD(ebt_watchers); 89 90static struct ebt_target ebt_standard_target = 91{ {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL}; 92 93static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 94 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 95 const struct net_device *out) 96{ 97 w->u.watcher->watcher(skb, hooknr, in, out, w->data, 98 w->watcher_size); 99 /* watchers don't give a verdict */ 100 return 0; 101} 102 103static inline int ebt_do_match (struct ebt_entry_match *m, 104 const struct sk_buff *skb, const struct net_device *in, 105 const struct net_device *out) 106{ 107 return m->u.match->match(skb, in, out, m->data, 108 m->match_size); 109} 110 111static inline int ebt_dev_check(char *entry, const struct net_device *device) 112{ 113 int i = 0; 114 char *devname = device->name; 115 116 if (*entry == '\0') 117 return 0; 118 if (!device) 119 return 1; 120 /* 1 is the wildcard token */ 121 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 122 i++; 123 return (devname[i] != entry[i] && entry[i] != 1); 124} 125 126#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 127/* process standard matches */ 128static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 129 const struct net_device *in, const struct net_device *out) 130{ 131 int verdict, i; 132 133 if (e->bitmask & EBT_802_3) { 134 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 135 return 1; 136 } else if (!(e->bitmask & EBT_NOPROTO) && 137 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 138 return 1; 139 140 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 141 return 1; 142 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 143 return 1; 144 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 145 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 146 return 1; 147 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 148 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 149 return 1; 150 151 if (e->bitmask & EBT_SOURCEMAC) { 152 verdict = 0; 153 for (i = 0; i < 6; i++) 154 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 155 e->sourcemsk[i]; 156 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 157 return 1; 158 } 159 if (e->bitmask & EBT_DESTMAC) { 160 verdict = 0; 161 for (i = 0; i < 6; i++) 162 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 163 e->destmsk[i]; 164 if (FWINV2(verdict != 0, EBT_IDEST) ) 165 return 1; 166 } 167 return 0; 168} 169 170/* Do some firewalling */ 171unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, 172 const struct net_device *in, const struct net_device *out, 173 struct ebt_table *table) 174{ 175 int i, nentries; 176 struct ebt_entry *point; 177 struct ebt_counter *counter_base, *cb_base; 178 struct ebt_entry_target *t; 179 int verdict, sp = 0; 180 struct ebt_chainstack *cs; 181 struct ebt_entries *chaininfo; 182 char *base; 183 struct ebt_table_info *private; 184 185 read_lock_bh(&table->lock); 186 private = table->private; 187 cb_base = COUNTER_BASE(private->counters, private->nentries, 188 smp_processor_id()); 189 if (private->chainstack) 190 cs = private->chainstack[smp_processor_id()]; 191 else 192 cs = NULL; 193 chaininfo = private->hook_entry[hook]; 194 nentries = private->hook_entry[hook]->nentries; 195 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 196 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 197 /* base for chain jumps */ 198 base = private->entries; 199 i = 0; 200 while (i < nentries) { 201 if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) 202 goto letscontinue; 203 204 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) 205 goto letscontinue; 206 207 /* increase counter */ 208 (*(counter_base + i)).pcnt++; 209 (*(counter_base + i)).bcnt+=(**pskb).len; 210 211 /* these should only watch: not modify, nor tell us 212 what to do with the packet */ 213 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, 214 out); 215 216 t = (struct ebt_entry_target *) 217 (((char *)point) + point->target_offset); 218 /* standard target */ 219 if (!t->u.target->target) 220 verdict = ((struct ebt_standard_target *)t)->verdict; 221 else 222 verdict = t->u.target->target(pskb, hook, 223 in, out, t->data, t->target_size); 224 if (verdict == EBT_ACCEPT) { 225 read_unlock_bh(&table->lock); 226 return NF_ACCEPT; 227 } 228 if (verdict == EBT_DROP) { 229 read_unlock_bh(&table->lock); 230 return NF_DROP; 231 } 232 if (verdict == EBT_RETURN) { 233letsreturn: 234#ifdef CONFIG_NETFILTER_DEBUG 235 if (sp == 0) { 236 BUGPRINT("RETURN on base chain"); 237 /* act like this is EBT_CONTINUE */ 238 goto letscontinue; 239 } 240#endif 241 sp--; 242 /* put all the local variables right */ 243 i = cs[sp].n; 244 chaininfo = cs[sp].chaininfo; 245 nentries = chaininfo->nentries; 246 point = cs[sp].e; 247 counter_base = cb_base + 248 chaininfo->counter_offset; 249 continue; 250 } 251 if (verdict == EBT_CONTINUE) 252 goto letscontinue; 253#ifdef CONFIG_NETFILTER_DEBUG 254 if (verdict < 0) { 255 BUGPRINT("bogus standard verdict\n"); 256 read_unlock_bh(&table->lock); 257 return NF_DROP; 258 } 259#endif 260 /* jump to a udc */ 261 cs[sp].n = i + 1; 262 cs[sp].chaininfo = chaininfo; 263 cs[sp].e = (struct ebt_entry *) 264 (((char *)point) + point->next_offset); 265 i = 0; 266 chaininfo = (struct ebt_entries *) (base + verdict); 267#ifdef CONFIG_NETFILTER_DEBUG 268 if (chaininfo->distinguisher) { 269 BUGPRINT("jump to non-chain\n"); 270 read_unlock_bh(&table->lock); 271 return NF_DROP; 272 } 273#endif 274 nentries = chaininfo->nentries; 275 point = (struct ebt_entry *)chaininfo->data; 276 counter_base = cb_base + chaininfo->counter_offset; 277 sp++; 278 continue; 279letscontinue: 280 point = (struct ebt_entry *) 281 (((char *)point) + point->next_offset); 282 i++; 283 } 284 285 /* I actually like this :) */ 286 if (chaininfo->policy == EBT_RETURN) 287 goto letsreturn; 288 if (chaininfo->policy == EBT_ACCEPT) { 289 read_unlock_bh(&table->lock); 290 return NF_ACCEPT; 291 } 292 read_unlock_bh(&table->lock); 293 return NF_DROP; 294} 295 296/* If it succeeds, returns element and locks mutex */ 297static inline void * 298find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 299 struct semaphore *mutex) 300{ 301 void *ret; 302 303 *error = down_interruptible(mutex); 304 if (*error != 0) 305 return NULL; 306 307 ret = list_named_find(head, name); 308 if (!ret) { 309 *error = -ENOENT; 310 up(mutex); 311 } 312 return ret; 313} 314 315#ifndef CONFIG_KMOD 316#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) 317#else 318static void * 319find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 320 int *error, struct semaphore *mutex) 321{ 322 void *ret; 323 324 ret = find_inlist_lock_noload(head, name, error, mutex); 325 if (!ret) { 326 request_module("%s%s", prefix, name); 327 ret = find_inlist_lock_noload(head, name, error, mutex); 328 } 329 return ret; 330} 331#endif 332 333static inline struct ebt_table * 334find_table_lock(const char *name, int *error, struct semaphore *mutex) 335{ 336 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 337} 338 339static inline struct ebt_match * 340find_match_lock(const char *name, int *error, struct semaphore *mutex) 341{ 342 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex); 343} 344 345static inline struct ebt_watcher * 346find_watcher_lock(const char *name, int *error, struct semaphore *mutex) 347{ 348 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex); 349} 350 351static inline struct ebt_target * 352find_target_lock(const char *name, int *error, struct semaphore *mutex) 353{ 354 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex); 355} 356 357static inline int 358ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 359 const char *name, unsigned int hookmask, unsigned int *cnt) 360{ 361 struct ebt_match *match; 362 int ret; 363 364 if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) > 365 ((char *)e) + e->watchers_offset) 366 return -EINVAL; 367 match = find_match_lock(m->u.name, &ret, &ebt_mutex); 368 if (!match) 369 return ret; 370 m->u.match = match; 371 if (!try_module_get(match->me)) { 372 up(&ebt_mutex); 373 return -ENOENT; 374 } 375 up(&ebt_mutex); 376 if (match->check && 377 match->check(name, hookmask, e, m->data, m->match_size) != 0) { 378 BUGPRINT("match->check failed\n"); 379 module_put(match->me); 380 return -EINVAL; 381 } 382 (*cnt)++; 383 return 0; 384} 385 386static inline int 387ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 388 const char *name, unsigned int hookmask, unsigned int *cnt) 389{ 390 struct ebt_watcher *watcher; 391 int ret; 392 393 if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) > 394 ((char *)e) + e->target_offset) 395 return -EINVAL; 396 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); 397 if (!watcher) 398 return ret; 399 w->u.watcher = watcher; 400 if (!try_module_get(watcher->me)) { 401 up(&ebt_mutex); 402 return -ENOENT; 403 } 404 up(&ebt_mutex); 405 if (watcher->check && 406 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { 407 BUGPRINT("watcher->check failed\n"); 408 module_put(watcher->me); 409 return -EINVAL; 410 } 411 (*cnt)++; 412 return 0; 413} 414 415/* 416 * this one is very careful, as it is the first function 417 * to parse the userspace data 418 */ 419static inline int 420ebt_check_entry_size_and_hooks(struct ebt_entry *e, 421 struct ebt_table_info *newinfo, char *base, char *limit, 422 struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt, 423 unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks) 424{ 425 int i; 426 427 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 428 if ((valid_hooks & (1 << i)) == 0) 429 continue; 430 if ( (char *)hook_entries[i] - base == 431 (char *)e - newinfo->entries) 432 break; 433 } 434 /* beginning of a new chain 435 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 436 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 437 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) { 438 /* we make userspace set this right, 439 so there is no misunderstanding */ 440 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 441 "in distinguisher\n"); 442 return -EINVAL; 443 } 444 /* this checks if the previous chain has as many entries 445 as it said it has */ 446 if (*n != *cnt) { 447 BUGPRINT("nentries does not equal the nr of entries " 448 "in the chain\n"); 449 return -EINVAL; 450 } 451 /* before we look at the struct, be sure it is not too big */ 452 if ((char *)hook_entries[i] + sizeof(struct ebt_entries) 453 > limit) { 454 BUGPRINT("entries_size too small\n"); 455 return -EINVAL; 456 } 457 if (((struct ebt_entries *)e)->policy != EBT_DROP && 458 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 459 /* only RETURN from udc */ 460 if (i != NF_BR_NUMHOOKS || 461 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 462 BUGPRINT("bad policy\n"); 463 return -EINVAL; 464 } 465 } 466 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 467 (*udc_cnt)++; 468 else 469 newinfo->hook_entry[i] = (struct ebt_entries *)e; 470 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 471 BUGPRINT("counter_offset != totalcnt"); 472 return -EINVAL; 473 } 474 *n = ((struct ebt_entries *)e)->nentries; 475 *cnt = 0; 476 return 0; 477 } 478 /* a plain old entry, heh */ 479 if (sizeof(struct ebt_entry) > e->watchers_offset || 480 e->watchers_offset > e->target_offset || 481 e->target_offset >= e->next_offset) { 482 BUGPRINT("entry offsets not in right order\n"); 483 return -EINVAL; 484 } 485 /* this is not checked anywhere else */ 486 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 487 BUGPRINT("target size too small\n"); 488 return -EINVAL; 489 } 490 491 (*cnt)++; 492 (*totalcnt)++; 493 return 0; 494} 495 496struct ebt_cl_stack 497{ 498 struct ebt_chainstack cs; 499 int from; 500 unsigned int hookmask; 501}; 502 503/* 504 * we need these positions to check that the jumps to a different part of the 505 * entries is a jump to the beginning of a new chain. 506 */ 507static inline int 508ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 509 struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks, 510 struct ebt_cl_stack *udc) 511{ 512 int i; 513 514 /* we're only interested in chain starts */ 515 if (e->bitmask & EBT_ENTRY_OR_ENTRIES) 516 return 0; 517 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 518 if ((valid_hooks & (1 << i)) == 0) 519 continue; 520 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 521 break; 522 } 523 /* only care about udc */ 524 if (i != NF_BR_NUMHOOKS) 525 return 0; 526 527 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 528 /* these initialisations are depended on later in check_chainloops() */ 529 udc[*n].cs.n = 0; 530 udc[*n].hookmask = 0; 531 532 (*n)++; 533 return 0; 534} 535 536static inline int 537ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 538{ 539 if (i && (*i)-- == 0) 540 return 1; 541 if (m->u.match->destroy) 542 m->u.match->destroy(m->data, m->match_size); 543 module_put(m->u.match->me); 544 545 return 0; 546} 547 548static inline int 549ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 550{ 551 if (i && (*i)-- == 0) 552 return 1; 553 if (w->u.watcher->destroy) 554 w->u.watcher->destroy(w->data, w->watcher_size); 555 module_put(w->u.watcher->me); 556 557 return 0; 558} 559 560static inline int 561ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 562{ 563 struct ebt_entry_target *t; 564 565 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) 566 return 0; 567 /* we're done */ 568 if (cnt && (*cnt)-- == 0) 569 return 1; 570 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 571 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 572 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 573 if (t->u.target->destroy) 574 t->u.target->destroy(t->data, t->target_size); 575 module_put(t->u.target->me); 576 577 return 0; 578} 579 580static inline int 581ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 582 const char *name, unsigned int *cnt, unsigned int valid_hooks, 583 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 584{ 585 struct ebt_entry_target *t; 586 struct ebt_target *target; 587 unsigned int i, j, hook = 0, hookmask = 0; 588 int ret; 589 590 /* don't mess with the struct ebt_entries */ 591 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) 592 return 0; 593 594 if (e->bitmask & ~EBT_F_MASK) { 595 BUGPRINT("Unknown flag for bitmask\n"); 596 return -EINVAL; 597 } 598 if (e->invflags & ~EBT_INV_MASK) { 599 BUGPRINT("Unknown flag for inv bitmask\n"); 600 return -EINVAL; 601 } 602 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 603 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 604 return -EINVAL; 605 } 606 /* what hook do we belong to? */ 607 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 608 if ((valid_hooks & (1 << i)) == 0) 609 continue; 610 if ((char *)newinfo->hook_entry[i] < (char *)e) 611 hook = i; 612 else 613 break; 614 } 615 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 616 a base chain */ 617 if (i < NF_BR_NUMHOOKS) 618 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 619 else { 620 for (i = 0; i < udc_cnt; i++) 621 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 622 break; 623 if (i == 0) 624 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 625 else 626 hookmask = cl_s[i - 1].hookmask; 627 } 628 i = 0; 629 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); 630 if (ret != 0) 631 goto cleanup_matches; 632 j = 0; 633 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); 634 if (ret != 0) 635 goto cleanup_watchers; 636 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 637 target = find_target_lock(t->u.name, &ret, &ebt_mutex); 638 if (!target) 639 goto cleanup_watchers; 640 if (!try_module_get(target->me)) { 641 up(&ebt_mutex); 642 ret = -ENOENT; 643 goto cleanup_watchers; 644 } 645 up(&ebt_mutex); 646 647 t->u.target = target; 648 if (t->u.target == &ebt_standard_target) { 649 if (e->target_offset + sizeof(struct ebt_standard_target) > 650 e->next_offset) { 651 BUGPRINT("Standard target size too big\n"); 652 ret = -EFAULT; 653 goto cleanup_watchers; 654 } 655 if (((struct ebt_standard_target *)t)->verdict < 656 -NUM_STANDARD_TARGETS) { 657 BUGPRINT("Invalid standard target\n"); 658 ret = -EFAULT; 659 goto cleanup_watchers; 660 } 661 } else if ((e->target_offset + t->target_size + 662 sizeof(struct ebt_entry_target) > e->next_offset) || 663 (t->u.target->check && 664 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){ 665 module_put(t->u.target->me); 666 ret = -EFAULT; 667 goto cleanup_watchers; 668 } 669 (*cnt)++; 670 return 0; 671cleanup_watchers: 672 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 673cleanup_matches: 674 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 675 return ret; 676} 677 678/* 679 * checks for loops and sets the hook mask for udc 680 * the hook mask for udc tells us from which base chains the udc can be 681 * accessed. This mask is a parameter to the check() functions of the extensions 682 */ 683static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 684 unsigned int udc_cnt, unsigned int hooknr, char *base) 685{ 686 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 687 struct ebt_entry *e = (struct ebt_entry *)chain->data; 688 struct ebt_entry_target *t; 689 690 while (pos < nentries || chain_nr != -1) { 691 /* end of udc, go back one 'recursion' step */ 692 if (pos == nentries) { 693 /* put back values of the time when this chain was called */ 694 e = cl_s[chain_nr].cs.e; 695 if (cl_s[chain_nr].from != -1) 696 nentries = 697 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 698 else 699 nentries = chain->nentries; 700 pos = cl_s[chain_nr].cs.n; 701 /* make sure we won't see a loop that isn't one */ 702 cl_s[chain_nr].cs.n = 0; 703 chain_nr = cl_s[chain_nr].from; 704 if (pos == nentries) 705 continue; 706 } 707 t = (struct ebt_entry_target *) 708 (((char *)e) + e->target_offset); 709 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 710 goto letscontinue; 711 if (e->target_offset + sizeof(struct ebt_standard_target) > 712 e->next_offset) { 713 BUGPRINT("Standard target size too big\n"); 714 return -1; 715 } 716 verdict = ((struct ebt_standard_target *)t)->verdict; 717 if (verdict >= 0) { /* jump to another chain */ 718 struct ebt_entries *hlp2 = 719 (struct ebt_entries *)(base + verdict); 720 for (i = 0; i < udc_cnt; i++) 721 if (hlp2 == cl_s[i].cs.chaininfo) 722 break; 723 /* bad destination or loop */ 724 if (i == udc_cnt) { 725 BUGPRINT("bad destination\n"); 726 return -1; 727 } 728 if (cl_s[i].cs.n) { 729 BUGPRINT("loop\n"); 730 return -1; 731 } 732 /* this can't be 0, so the above test is correct */ 733 cl_s[i].cs.n = pos + 1; 734 pos = 0; 735 cl_s[i].cs.e = ((void *)e + e->next_offset); 736 e = (struct ebt_entry *)(hlp2->data); 737 nentries = hlp2->nentries; 738 cl_s[i].from = chain_nr; 739 chain_nr = i; 740 /* this udc is accessible from the base chain for hooknr */ 741 cl_s[i].hookmask |= (1 << hooknr); 742 continue; 743 } 744letscontinue: 745 e = (void *)e + e->next_offset; 746 pos++; 747 } 748 return 0; 749} 750 751/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 752static int translate_table(struct ebt_replace *repl, 753 struct ebt_table_info *newinfo) 754{ 755 unsigned int i, j, k, udc_cnt; 756 int ret; 757 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 758 759 i = 0; 760 while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) 761 i++; 762 if (i == NF_BR_NUMHOOKS) { 763 BUGPRINT("No valid hooks specified\n"); 764 return -EINVAL; 765 } 766 if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) { 767 BUGPRINT("Chains don't start at beginning\n"); 768 return -EINVAL; 769 } 770 /* make sure chains are ordered after each other in same order 771 as their corresponding hooks */ 772 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 773 if (!(repl->valid_hooks & (1 << j))) 774 continue; 775 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) { 776 BUGPRINT("Hook order must be followed\n"); 777 return -EINVAL; 778 } 779 i = j; 780 } 781 782 for (i = 0; i < NF_BR_NUMHOOKS; i++) 783 newinfo->hook_entry[i] = NULL; 784 785 newinfo->entries_size = repl->entries_size; 786 newinfo->nentries = repl->nentries; 787 788 /* do some early checkings and initialize some things */ 789 i = 0; /* holds the expected nr. of entries for the chain */ 790 j = 0; /* holds the up to now counted entries for the chain */ 791 k = 0; /* holds the total nr. of entries, should equal 792 newinfo->nentries afterwards */ 793 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 794 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 795 ebt_check_entry_size_and_hooks, newinfo, repl->entries, 796 repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k, 797 &udc_cnt, repl->valid_hooks); 798 799 if (ret != 0) 800 return ret; 801 802 if (i != j) { 803 BUGPRINT("nentries does not equal the nr of entries in the " 804 "(last) chain\n"); 805 return -EINVAL; 806 } 807 if (k != newinfo->nentries) { 808 BUGPRINT("Total nentries is wrong\n"); 809 return -EINVAL; 810 } 811 812 /* check if all valid hooks have a chain */ 813 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 814 if (newinfo->hook_entry[i] == NULL && 815 (repl->valid_hooks & (1 << i))) { 816 BUGPRINT("Valid hook without chain\n"); 817 return -EINVAL; 818 } 819 } 820 821 /* get the location of the udc, put them in an array 822 while we're at it, allocate the chainstack */ 823 if (udc_cnt) { 824 /* this will get free'd in do_replace()/ebt_register_table() 825 if an error occurs */ 826 newinfo->chainstack = (struct ebt_chainstack **) 827 vmalloc((highest_possible_processor_id()+1) 828 * sizeof(struct ebt_chainstack)); 829 if (!newinfo->chainstack) 830 return -ENOMEM; 831 for_each_cpu(i) { 832 newinfo->chainstack[i] = 833 vmalloc(udc_cnt * sizeof(struct ebt_chainstack)); 834 if (!newinfo->chainstack[i]) { 835 while (i) 836 vfree(newinfo->chainstack[--i]); 837 vfree(newinfo->chainstack); 838 newinfo->chainstack = NULL; 839 return -ENOMEM; 840 } 841 } 842 843 cl_s = (struct ebt_cl_stack *) 844 vmalloc(udc_cnt * sizeof(struct ebt_cl_stack)); 845 if (!cl_s) 846 return -ENOMEM; 847 i = 0; /* the i'th udc */ 848 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 849 ebt_get_udc_positions, newinfo, repl->hook_entry, &i, 850 repl->valid_hooks, cl_s); 851 /* sanity check */ 852 if (i != udc_cnt) { 853 BUGPRINT("i != udc_cnt\n"); 854 vfree(cl_s); 855 return -EFAULT; 856 } 857 } 858 859 /* Check for loops */ 860 for (i = 0; i < NF_BR_NUMHOOKS; i++) 861 if (repl->valid_hooks & (1 << i)) 862 if (check_chainloops(newinfo->hook_entry[i], 863 cl_s, udc_cnt, i, newinfo->entries)) { 864 vfree(cl_s); 865 return -EINVAL; 866 } 867 868 /* we now know the following (along with E=mc�): 869 - the nr of entries in each chain is right 870 - the size of the allocated space is right 871 - all valid hooks have a corresponding chain 872 - there are no loops 873 - wrong data can still be on the level of a single entry 874 - could be there are jumps to places that are not the 875 beginning of a chain. This can only occur in chains that 876 are not accessible from any base chains, so we don't care. */ 877 878 /* used to know what we need to clean up if something goes wrong */ 879 i = 0; 880 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 881 ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks, 882 cl_s, udc_cnt); 883 if (ret != 0) { 884 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 885 ebt_cleanup_entry, &i); 886 } 887 vfree(cl_s); 888 return ret; 889} 890 891/* called under write_lock */ 892static void get_counters(struct ebt_counter *oldcounters, 893 struct ebt_counter *counters, unsigned int nentries) 894{ 895 int i, cpu; 896 struct ebt_counter *counter_base; 897 898 /* counters of cpu 0 */ 899 memcpy(counters, oldcounters, 900 sizeof(struct ebt_counter) * nentries); 901 902 /* add other counters to those of cpu 0 */ 903 for_each_cpu(cpu) { 904 if (cpu == 0) 905 continue; 906 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 907 for (i = 0; i < nentries; i++) { 908 counters[i].pcnt += counter_base[i].pcnt; 909 counters[i].bcnt += counter_base[i].bcnt; 910 } 911 } 912} 913 914/* replace the table */ 915static int do_replace(void __user *user, unsigned int len) 916{ 917 int ret, i, countersize; 918 struct ebt_table_info *newinfo; 919 struct ebt_replace tmp; 920 struct ebt_table *t; 921 struct ebt_counter *counterstmp = NULL; 922 /* used to be able to unlock earlier */ 923 struct ebt_table_info *table; 924 925 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 926 return -EFAULT; 927 928 if (len != sizeof(tmp) + tmp.entries_size) { 929 BUGPRINT("Wrong len argument\n"); 930 return -EINVAL; 931 } 932 933 if (tmp.entries_size == 0) { 934 BUGPRINT("Entries_size never zero\n"); 935 return -EINVAL; 936 } 937 countersize = COUNTER_OFFSET(tmp.nentries) * 938 (highest_possible_processor_id()+1); 939 newinfo = (struct ebt_table_info *) 940 vmalloc(sizeof(struct ebt_table_info) + countersize); 941 if (!newinfo) 942 return -ENOMEM; 943 944 if (countersize) 945 memset(newinfo->counters, 0, countersize); 946 947 newinfo->entries = (char *)vmalloc(tmp.entries_size); 948 if (!newinfo->entries) { 949 ret = -ENOMEM; 950 goto free_newinfo; 951 } 952 if (copy_from_user( 953 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 954 BUGPRINT("Couldn't copy entries from userspace\n"); 955 ret = -EFAULT; 956 goto free_entries; 957 } 958 959 /* the user wants counters back 960 the check on the size is done later, when we have the lock */ 961 if (tmp.num_counters) { 962 counterstmp = (struct ebt_counter *) 963 vmalloc(tmp.num_counters * sizeof(struct ebt_counter)); 964 if (!counterstmp) { 965 ret = -ENOMEM; 966 goto free_entries; 967 } 968 } 969 else 970 counterstmp = NULL; 971 972 /* this can get initialized by translate_table() */ 973 newinfo->chainstack = NULL; 974 ret = translate_table(&tmp, newinfo); 975 976 if (ret != 0) 977 goto free_counterstmp; 978 979 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 980 if (!t) { 981 ret = -ENOENT; 982 goto free_iterate; 983 } 984 985 /* the table doesn't like it */ 986 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 987 goto free_unlock; 988 989 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 990 BUGPRINT("Wrong nr. of counters requested\n"); 991 ret = -EINVAL; 992 goto free_unlock; 993 } 994 995 /* we have the mutex lock, so no danger in reading this pointer */ 996 table = t->private; 997 /* make sure the table can only be rmmod'ed if it contains no rules */ 998 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 999 ret = -ENOENT; 1000 goto free_unlock; 1001 } else if (table->nentries && !newinfo->nentries) 1002 module_put(t->me); 1003 /* we need an atomic snapshot of the counters */ 1004 write_lock_bh(&t->lock); 1005 if (tmp.num_counters) 1006 get_counters(t->private->counters, counterstmp, 1007 t->private->nentries); 1008 1009 t->private = newinfo; 1010 write_unlock_bh(&t->lock); 1011 up(&ebt_mutex); 1012 /* so, a user can change the chains while having messed up her counter 1013 allocation. Only reason why this is done is because this way the lock 1014 is held only once, while this doesn't bring the kernel into a 1015 dangerous state. */ 1016 if (tmp.num_counters && 1017 copy_to_user(tmp.counters, counterstmp, 1018 tmp.num_counters * sizeof(struct ebt_counter))) { 1019 BUGPRINT("Couldn't copy counters to userspace\n"); 1020 ret = -EFAULT; 1021 } 1022 else 1023 ret = 0; 1024 1025 /* decrease module count and free resources */ 1026 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1027 ebt_cleanup_entry, NULL); 1028 1029 vfree(table->entries); 1030 if (table->chainstack) { 1031 for_each_cpu(i) 1032 vfree(table->chainstack[i]); 1033 vfree(table->chainstack); 1034 } 1035 vfree(table); 1036 1037 vfree(counterstmp); 1038 return ret; 1039 1040free_unlock: 1041 up(&ebt_mutex); 1042free_iterate: 1043 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1044 ebt_cleanup_entry, NULL); 1045free_counterstmp: 1046 vfree(counterstmp); 1047 /* can be initialized in translate_table() */ 1048 if (newinfo->chainstack) { 1049 for_each_cpu(i) 1050 vfree(newinfo->chainstack[i]); 1051 vfree(newinfo->chainstack); 1052 } 1053free_entries: 1054 vfree(newinfo->entries); 1055free_newinfo: 1056 vfree(newinfo); 1057 return ret; 1058} 1059 1060int ebt_register_target(struct ebt_target *target) 1061{ 1062 int ret; 1063 1064 ret = down_interruptible(&ebt_mutex); 1065 if (ret != 0) 1066 return ret; 1067 if (!list_named_insert(&ebt_targets, target)) { 1068 up(&ebt_mutex); 1069 return -EEXIST; 1070 } 1071 up(&ebt_mutex); 1072 1073 return 0; 1074} 1075 1076void ebt_unregister_target(struct ebt_target *target) 1077{ 1078 down(&ebt_mutex); 1079 LIST_DELETE(&ebt_targets, target); 1080 up(&ebt_mutex); 1081} 1082 1083int ebt_register_match(struct ebt_match *match) 1084{ 1085 int ret; 1086 1087 ret = down_interruptible(&ebt_mutex); 1088 if (ret != 0) 1089 return ret; 1090 if (!list_named_insert(&ebt_matches, match)) { 1091 up(&ebt_mutex); 1092 return -EEXIST; 1093 } 1094 up(&ebt_mutex); 1095 1096 return 0; 1097} 1098 1099void ebt_unregister_match(struct ebt_match *match) 1100{ 1101 down(&ebt_mutex); 1102 LIST_DELETE(&ebt_matches, match); 1103 up(&ebt_mutex); 1104} 1105 1106int ebt_register_watcher(struct ebt_watcher *watcher) 1107{ 1108 int ret; 1109 1110 ret = down_interruptible(&ebt_mutex); 1111 if (ret != 0) 1112 return ret; 1113 if (!list_named_insert(&ebt_watchers, watcher)) { 1114 up(&ebt_mutex); 1115 return -EEXIST; 1116 } 1117 up(&ebt_mutex); 1118 1119 return 0; 1120} 1121 1122void ebt_unregister_watcher(struct ebt_watcher *watcher) 1123{ 1124 down(&ebt_mutex); 1125 LIST_DELETE(&ebt_watchers, watcher); 1126 up(&ebt_mutex); 1127} 1128 1129int ebt_register_table(struct ebt_table *table) 1130{ 1131 struct ebt_table_info *newinfo; 1132 int ret, i, countersize; 1133 1134 if (!table || !table->table ||!table->table->entries || 1135 table->table->entries_size == 0 || 1136 table->table->counters || table->private) { 1137 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1138 return -EINVAL; 1139 } 1140 1141 countersize = COUNTER_OFFSET(table->table->nentries) * 1142 (highest_possible_processor_id()+1); 1143 newinfo = (struct ebt_table_info *) 1144 vmalloc(sizeof(struct ebt_table_info) + countersize); 1145 ret = -ENOMEM; 1146 if (!newinfo) 1147 return -ENOMEM; 1148 1149 newinfo->entries = (char *)vmalloc(table->table->entries_size); 1150 if (!(newinfo->entries)) 1151 goto free_newinfo; 1152 1153 memcpy(newinfo->entries, table->table->entries, 1154 table->table->entries_size); 1155 1156 if (countersize) 1157 memset(newinfo->counters, 0, countersize); 1158 1159 /* fill in newinfo and parse the entries */ 1160 newinfo->chainstack = NULL; 1161 ret = translate_table(table->table, newinfo); 1162 if (ret != 0) { 1163 BUGPRINT("Translate_table failed\n"); 1164 goto free_chainstack; 1165 } 1166 1167 if (table->check && table->check(newinfo, table->valid_hooks)) { 1168 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1169 return -EINVAL; 1170 } 1171 1172 table->private = newinfo; 1173 rwlock_init(&table->lock); 1174 ret = down_interruptible(&ebt_mutex); 1175 if (ret != 0) 1176 goto free_chainstack; 1177 1178 if (list_named_find(&ebt_tables, table->name)) { 1179 ret = -EEXIST; 1180 BUGPRINT("Table name already exists\n"); 1181 goto free_unlock; 1182 } 1183 1184 /* Hold a reference count if the chains aren't empty */ 1185 if (newinfo->nentries && !try_module_get(table->me)) { 1186 ret = -ENOENT; 1187 goto free_unlock; 1188 } 1189 list_prepend(&ebt_tables, table); 1190 up(&ebt_mutex); 1191 return 0; 1192free_unlock: 1193 up(&ebt_mutex); 1194free_chainstack: 1195 if (newinfo->chainstack) { 1196 for_each_cpu(i) 1197 vfree(newinfo->chainstack[i]); 1198 vfree(newinfo->chainstack); 1199 } 1200 vfree(newinfo->entries); 1201free_newinfo: 1202 vfree(newinfo); 1203 return ret; 1204} 1205 1206void ebt_unregister_table(struct ebt_table *table) 1207{ 1208 int i; 1209 1210 if (!table) { 1211 BUGPRINT("Request to unregister NULL table!!!\n"); 1212 return; 1213 } 1214 down(&ebt_mutex); 1215 LIST_DELETE(&ebt_tables, table); 1216 up(&ebt_mutex); 1217 vfree(table->private->entries); 1218 if (table->private->chainstack) { 1219 for_each_cpu(i) 1220 vfree(table->private->chainstack[i]); 1221 vfree(table->private->chainstack); 1222 } 1223 vfree(table->private); 1224} 1225 1226/* userspace just supplied us with counters */ 1227static int update_counters(void __user *user, unsigned int len) 1228{ 1229 int i, ret; 1230 struct ebt_counter *tmp; 1231 struct ebt_replace hlp; 1232 struct ebt_table *t; 1233 1234 if (copy_from_user(&hlp, user, sizeof(hlp))) 1235 return -EFAULT; 1236 1237 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1238 return -EINVAL; 1239 if (hlp.num_counters == 0) 1240 return -EINVAL; 1241 1242 if ( !(tmp = (struct ebt_counter *) 1243 vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){ 1244 MEMPRINT("Update_counters && nomemory\n"); 1245 return -ENOMEM; 1246 } 1247 1248 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1249 if (!t) 1250 goto free_tmp; 1251 1252 if (hlp.num_counters != t->private->nentries) { 1253 BUGPRINT("Wrong nr of counters\n"); 1254 ret = -EINVAL; 1255 goto unlock_mutex; 1256 } 1257 1258 if ( copy_from_user(tmp, hlp.counters, 1259 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1260 BUGPRINT("Updata_counters && !cfu\n"); 1261 ret = -EFAULT; 1262 goto unlock_mutex; 1263 } 1264 1265 /* we want an atomic add of the counters */ 1266 write_lock_bh(&t->lock); 1267 1268 /* we add to the counters of the first cpu */ 1269 for (i = 0; i < hlp.num_counters; i++) { 1270 t->private->counters[i].pcnt += tmp[i].pcnt; 1271 t->private->counters[i].bcnt += tmp[i].bcnt; 1272 } 1273 1274 write_unlock_bh(&t->lock); 1275 ret = 0; 1276unlock_mutex: 1277 up(&ebt_mutex); 1278free_tmp: 1279 vfree(tmp); 1280 return ret; 1281} 1282 1283static inline int ebt_make_matchname(struct ebt_entry_match *m, 1284 char *base, char *ubase) 1285{ 1286 char *hlp = ubase - base + (char *)m; 1287 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1288 return -EFAULT; 1289 return 0; 1290} 1291 1292static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1293 char *base, char *ubase) 1294{ 1295 char *hlp = ubase - base + (char *)w; 1296 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1297 return -EFAULT; 1298 return 0; 1299} 1300 1301static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) 1302{ 1303 int ret; 1304 char *hlp; 1305 struct ebt_entry_target *t; 1306 1307 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) 1308 return 0; 1309 1310 hlp = ubase - base + (char *)e + e->target_offset; 1311 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1312 1313 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1314 if (ret != 0) 1315 return ret; 1316 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1317 if (ret != 0) 1318 return ret; 1319 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1320 return -EFAULT; 1321 return 0; 1322} 1323 1324/* called with ebt_mutex down */ 1325static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1326 int *len, int cmd) 1327{ 1328 struct ebt_replace tmp; 1329 struct ebt_counter *counterstmp, *oldcounters; 1330 unsigned int entries_size, nentries; 1331 char *entries; 1332 1333 if (cmd == EBT_SO_GET_ENTRIES) { 1334 entries_size = t->private->entries_size; 1335 nentries = t->private->nentries; 1336 entries = t->private->entries; 1337 oldcounters = t->private->counters; 1338 } else { 1339 entries_size = t->table->entries_size; 1340 nentries = t->table->nentries; 1341 entries = t->table->entries; 1342 oldcounters = t->table->counters; 1343 } 1344 1345 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1346 BUGPRINT("Cfu didn't work\n"); 1347 return -EFAULT; 1348 } 1349 1350 if (*len != sizeof(struct ebt_replace) + entries_size + 1351 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1352 BUGPRINT("Wrong size\n"); 1353 return -EINVAL; 1354 } 1355 1356 if (tmp.nentries != nentries) { 1357 BUGPRINT("Nentries wrong\n"); 1358 return -EINVAL; 1359 } 1360 1361 if (tmp.entries_size != entries_size) { 1362 BUGPRINT("Wrong size\n"); 1363 return -EINVAL; 1364 } 1365 1366 /* userspace might not need the counters */ 1367 if (tmp.num_counters) { 1368 if (tmp.num_counters != nentries) { 1369 BUGPRINT("Num_counters wrong\n"); 1370 return -EINVAL; 1371 } 1372 counterstmp = (struct ebt_counter *) 1373 vmalloc(nentries * sizeof(struct ebt_counter)); 1374 if (!counterstmp) { 1375 MEMPRINT("Couldn't copy counters, out of memory\n"); 1376 return -ENOMEM; 1377 } 1378 write_lock_bh(&t->lock); 1379 get_counters(oldcounters, counterstmp, nentries); 1380 write_unlock_bh(&t->lock); 1381 1382 if (copy_to_user(tmp.counters, counterstmp, 1383 nentries * sizeof(struct ebt_counter))) { 1384 BUGPRINT("Couldn't copy counters to userspace\n"); 1385 vfree(counterstmp); 1386 return -EFAULT; 1387 } 1388 vfree(counterstmp); 1389 } 1390 1391 if (copy_to_user(tmp.entries, entries, entries_size)) { 1392 BUGPRINT("Couldn't copy entries to userspace\n"); 1393 return -EFAULT; 1394 } 1395 /* set the match/watcher/target names right */ 1396 return EBT_ENTRY_ITERATE(entries, entries_size, 1397 ebt_make_names, entries, tmp.entries); 1398} 1399 1400static int do_ebt_set_ctl(struct sock *sk, 1401 int cmd, void __user *user, unsigned int len) 1402{ 1403 int ret; 1404 1405 switch(cmd) { 1406 case EBT_SO_SET_ENTRIES: 1407 ret = do_replace(user, len); 1408 break; 1409 case EBT_SO_SET_COUNTERS: 1410 ret = update_counters(user, len); 1411 break; 1412 default: 1413 ret = -EINVAL; 1414 } 1415 return ret; 1416} 1417 1418static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1419{ 1420 int ret; 1421 struct ebt_replace tmp; 1422 struct ebt_table *t; 1423 1424 if (copy_from_user(&tmp, user, sizeof(tmp))) 1425 return -EFAULT; 1426 1427 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1428 if (!t) 1429 return ret; 1430 1431 switch(cmd) { 1432 case EBT_SO_GET_INFO: 1433 case EBT_SO_GET_INIT_INFO: 1434 if (*len != sizeof(struct ebt_replace)){ 1435 ret = -EINVAL; 1436 up(&ebt_mutex); 1437 break; 1438 } 1439 if (cmd == EBT_SO_GET_INFO) { 1440 tmp.nentries = t->private->nentries; 1441 tmp.entries_size = t->private->entries_size; 1442 tmp.valid_hooks = t->valid_hooks; 1443 } else { 1444 tmp.nentries = t->table->nentries; 1445 tmp.entries_size = t->table->entries_size; 1446 tmp.valid_hooks = t->table->valid_hooks; 1447 } 1448 up(&ebt_mutex); 1449 if (copy_to_user(user, &tmp, *len) != 0){ 1450 BUGPRINT("c2u Didn't work\n"); 1451 ret = -EFAULT; 1452 break; 1453 } 1454 ret = 0; 1455 break; 1456 1457 case EBT_SO_GET_ENTRIES: 1458 case EBT_SO_GET_INIT_ENTRIES: 1459 ret = copy_everything_to_user(t, user, len, cmd); 1460 up(&ebt_mutex); 1461 break; 1462 1463 default: 1464 up(&ebt_mutex); 1465 ret = -EINVAL; 1466 } 1467 1468 return ret; 1469} 1470 1471static struct nf_sockopt_ops ebt_sockopts = 1472{ { NULL, NULL }, PF_INET, EBT_BASE_CTL, EBT_SO_SET_MAX + 1, do_ebt_set_ctl, 1473 EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL 1474}; 1475 1476static int __init init(void) 1477{ 1478 int ret; 1479 1480 down(&ebt_mutex); 1481 list_named_insert(&ebt_targets, &ebt_standard_target); 1482 up(&ebt_mutex); 1483 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) 1484 return ret; 1485 1486 printk(KERN_NOTICE "Ebtables v2.0 registered\n"); 1487 return 0; 1488} 1489 1490static void __exit fini(void) 1491{ 1492 nf_unregister_sockopt(&ebt_sockopts); 1493 printk(KERN_NOTICE "Ebtables v2.0 unregistered\n"); 1494} 1495 1496EXPORT_SYMBOL(ebt_register_table); 1497EXPORT_SYMBOL(ebt_unregister_table); 1498EXPORT_SYMBOL(ebt_register_match); 1499EXPORT_SYMBOL(ebt_unregister_match); 1500EXPORT_SYMBOL(ebt_register_watcher); 1501EXPORT_SYMBOL(ebt_unregister_watcher); 1502EXPORT_SYMBOL(ebt_register_target); 1503EXPORT_SYMBOL(ebt_unregister_target); 1504EXPORT_SYMBOL(ebt_do_table); 1505module_init(init); 1506module_exit(fini); 1507MODULE_LICENSE("GPL"); 1508