ebtables.c revision dbcdf85a2e3d2aa584dafd10b5a1f42764e673e7
1/* 2 * ebtables 3 * 4 * Author: 5 * Bart De Schuymer <bdschuym@pandora.be> 6 * 7 * ebtables.c,v 2.0, July, 2002 8 * 9 * This code is stongly inspired on the iptables code which is 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 19#include <linux/kmod.h> 20#include <linux/module.h> 21#include <linux/vmalloc.h> 22#include <linux/netfilter/x_tables.h> 23#include <linux/netfilter_bridge/ebtables.h> 24#include <linux/spinlock.h> 25#include <linux/mutex.h> 26#include <asm/uaccess.h> 27#include <linux/smp.h> 28#include <linux/cpumask.h> 29#include <net/sock.h> 30/* needed for logical [in,out]-dev filtering */ 31#include "../br_private.h" 32 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ 34 "report to author: "format, ## args) 35/* #define BUGPRINT(format, args...) */ 36#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ 37 ": out of memory: "format, ## args) 38/* #define MEMPRINT(format, args...) */ 39 40 41 42/* 43 * Each cpu has its own set of counters, so there is no need for write_lock in 44 * the softirq 45 * For reading or updating the counters, the user context needs to 46 * get a write_lock 47 */ 48 49/* The size of each set of counters is altered to get cache alignment */ 50#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 51#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) 52#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ 53 COUNTER_OFFSET(n) * cpu)) 54 55 56 57static DEFINE_MUTEX(ebt_mutex); 58 59static struct xt_target ebt_standard_target = { 60 .name = "standard", 61 .revision = 0, 62 .family = NFPROTO_BRIDGE, 63 .targetsize = sizeof(int), 64}; 65 66static inline int 67ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, 68 struct xt_target_param *par) 69{ 70 par->target = w->u.watcher; 71 par->targinfo = w->data; 72 w->u.watcher->target(skb, par); 73 /* watchers don't give a verdict */ 74 return 0; 75} 76 77static inline int ebt_do_match (struct ebt_entry_match *m, 78 const struct sk_buff *skb, struct xt_match_param *par) 79{ 80 par->match = m->u.match; 81 par->matchinfo = m->data; 82 return m->u.match->match(skb, par); 83} 84 85static inline int ebt_dev_check(char *entry, const struct net_device *device) 86{ 87 int i = 0; 88 const char *devname = device->name; 89 90 if (*entry == '\0') 91 return 0; 92 if (!device) 93 return 1; 94 /* 1 is the wildcard token */ 95 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i]) 96 i++; 97 return (devname[i] != entry[i] && entry[i] != 1); 98} 99 100#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) 101/* process standard matches */ 102static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, 103 const struct net_device *in, const struct net_device *out) 104{ 105 int verdict, i; 106 107 if (e->bitmask & EBT_802_3) { 108 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) 109 return 1; 110 } else if (!(e->bitmask & EBT_NOPROTO) && 111 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) 112 return 1; 113 114 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 115 return 1; 116 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 117 return 1; 118 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( 119 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN)) 120 return 1; 121 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( 122 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT)) 123 return 1; 124 125 if (e->bitmask & EBT_SOURCEMAC) { 126 verdict = 0; 127 for (i = 0; i < 6; i++) 128 verdict |= (h->h_source[i] ^ e->sourcemac[i]) & 129 e->sourcemsk[i]; 130 if (FWINV2(verdict != 0, EBT_ISOURCE) ) 131 return 1; 132 } 133 if (e->bitmask & EBT_DESTMAC) { 134 verdict = 0; 135 for (i = 0; i < 6; i++) 136 verdict |= (h->h_dest[i] ^ e->destmac[i]) & 137 e->destmsk[i]; 138 if (FWINV2(verdict != 0, EBT_IDEST) ) 139 return 1; 140 } 141 return 0; 142} 143 144/* Do some firewalling */ 145unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, 146 const struct net_device *in, const struct net_device *out, 147 struct ebt_table *table) 148{ 149 int i, nentries; 150 struct ebt_entry *point; 151 struct ebt_counter *counter_base, *cb_base; 152 struct ebt_entry_target *t; 153 int verdict, sp = 0; 154 struct ebt_chainstack *cs; 155 struct ebt_entries *chaininfo; 156 char *base; 157 struct ebt_table_info *private; 158 bool hotdrop = false; 159 struct xt_match_param mtpar; 160 struct xt_target_param tgpar; 161 162 mtpar.family = tgpar.family = NFPROTO_BRIDGE; 163 mtpar.in = tgpar.in = in; 164 mtpar.out = tgpar.out = out; 165 mtpar.hotdrop = &hotdrop; 166 tgpar.hooknum = hook; 167 168 read_lock_bh(&table->lock); 169 private = table->private; 170 cb_base = COUNTER_BASE(private->counters, private->nentries, 171 smp_processor_id()); 172 if (private->chainstack) 173 cs = private->chainstack[smp_processor_id()]; 174 else 175 cs = NULL; 176 chaininfo = private->hook_entry[hook]; 177 nentries = private->hook_entry[hook]->nentries; 178 point = (struct ebt_entry *)(private->hook_entry[hook]->data); 179 counter_base = cb_base + private->hook_entry[hook]->counter_offset; 180 /* base for chain jumps */ 181 base = private->entries; 182 i = 0; 183 while (i < nentries) { 184 if (ebt_basic_match(point, eth_hdr(skb), in, out)) 185 goto letscontinue; 186 187 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0) 188 goto letscontinue; 189 if (hotdrop) { 190 read_unlock_bh(&table->lock); 191 return NF_DROP; 192 } 193 194 /* increase counter */ 195 (*(counter_base + i)).pcnt++; 196 (*(counter_base + i)).bcnt += skb->len; 197 198 /* these should only watch: not modify, nor tell us 199 what to do with the packet */ 200 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar); 201 202 t = (struct ebt_entry_target *) 203 (((char *)point) + point->target_offset); 204 /* standard target */ 205 if (!t->u.target->target) 206 verdict = ((struct ebt_standard_target *)t)->verdict; 207 else { 208 tgpar.target = t->u.target; 209 tgpar.targinfo = t->data; 210 verdict = t->u.target->target(skb, &tgpar); 211 } 212 if (verdict == EBT_ACCEPT) { 213 read_unlock_bh(&table->lock); 214 return NF_ACCEPT; 215 } 216 if (verdict == EBT_DROP) { 217 read_unlock_bh(&table->lock); 218 return NF_DROP; 219 } 220 if (verdict == EBT_RETURN) { 221letsreturn: 222#ifdef CONFIG_NETFILTER_DEBUG 223 if (sp == 0) { 224 BUGPRINT("RETURN on base chain"); 225 /* act like this is EBT_CONTINUE */ 226 goto letscontinue; 227 } 228#endif 229 sp--; 230 /* put all the local variables right */ 231 i = cs[sp].n; 232 chaininfo = cs[sp].chaininfo; 233 nentries = chaininfo->nentries; 234 point = cs[sp].e; 235 counter_base = cb_base + 236 chaininfo->counter_offset; 237 continue; 238 } 239 if (verdict == EBT_CONTINUE) 240 goto letscontinue; 241#ifdef CONFIG_NETFILTER_DEBUG 242 if (verdict < 0) { 243 BUGPRINT("bogus standard verdict\n"); 244 read_unlock_bh(&table->lock); 245 return NF_DROP; 246 } 247#endif 248 /* jump to a udc */ 249 cs[sp].n = i + 1; 250 cs[sp].chaininfo = chaininfo; 251 cs[sp].e = (struct ebt_entry *) 252 (((char *)point) + point->next_offset); 253 i = 0; 254 chaininfo = (struct ebt_entries *) (base + verdict); 255#ifdef CONFIG_NETFILTER_DEBUG 256 if (chaininfo->distinguisher) { 257 BUGPRINT("jump to non-chain\n"); 258 read_unlock_bh(&table->lock); 259 return NF_DROP; 260 } 261#endif 262 nentries = chaininfo->nentries; 263 point = (struct ebt_entry *)chaininfo->data; 264 counter_base = cb_base + chaininfo->counter_offset; 265 sp++; 266 continue; 267letscontinue: 268 point = (struct ebt_entry *) 269 (((char *)point) + point->next_offset); 270 i++; 271 } 272 273 /* I actually like this :) */ 274 if (chaininfo->policy == EBT_RETURN) 275 goto letsreturn; 276 if (chaininfo->policy == EBT_ACCEPT) { 277 read_unlock_bh(&table->lock); 278 return NF_ACCEPT; 279 } 280 read_unlock_bh(&table->lock); 281 return NF_DROP; 282} 283 284/* If it succeeds, returns element and locks mutex */ 285static inline void * 286find_inlist_lock_noload(struct list_head *head, const char *name, int *error, 287 struct mutex *mutex) 288{ 289 struct { 290 struct list_head list; 291 char name[EBT_FUNCTION_MAXNAMELEN]; 292 } *e; 293 294 *error = mutex_lock_interruptible(mutex); 295 if (*error != 0) 296 return NULL; 297 298 list_for_each_entry(e, head, list) { 299 if (strcmp(e->name, name) == 0) 300 return e; 301 } 302 *error = -ENOENT; 303 mutex_unlock(mutex); 304 return NULL; 305} 306 307static void * 308find_inlist_lock(struct list_head *head, const char *name, const char *prefix, 309 int *error, struct mutex *mutex) 310{ 311 return try_then_request_module( 312 find_inlist_lock_noload(head, name, error, mutex), 313 "%s%s", prefix, name); 314} 315 316static inline struct ebt_table * 317find_table_lock(struct net *net, const char *name, int *error, 318 struct mutex *mutex) 319{ 320 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name, 321 "ebtable_", error, mutex); 322} 323 324static inline int 325ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par, 326 unsigned int *cnt) 327{ 328 const struct ebt_entry *e = par->entryinfo; 329 struct xt_match *match; 330 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 331 int ret; 332 333 if (left < sizeof(struct ebt_entry_match) || 334 left - sizeof(struct ebt_entry_match) < m->match_size) 335 return -EINVAL; 336 337 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, 338 m->u.name, 0), "ebt_%s", m->u.name); 339 if (IS_ERR(match)) 340 return PTR_ERR(match); 341 if (match == NULL) 342 return -ENOENT; 343 m->u.match = match; 344 345 par->match = match; 346 par->matchinfo = m->data; 347 ret = xt_check_match(par, m->match_size, 348 e->ethproto, e->invflags & EBT_IPROTO); 349 if (ret < 0) { 350 module_put(match->me); 351 return ret; 352 } 353 354 (*cnt)++; 355 return 0; 356} 357 358static inline int 359ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par, 360 unsigned int *cnt) 361{ 362 const struct ebt_entry *e = par->entryinfo; 363 struct xt_target *watcher; 364 size_t left = ((char *)e + e->target_offset) - (char *)w; 365 int ret; 366 367 if (left < sizeof(struct ebt_entry_watcher) || 368 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 369 return -EINVAL; 370 371 watcher = try_then_request_module( 372 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0), 373 "ebt_%s", w->u.name); 374 if (IS_ERR(watcher)) 375 return PTR_ERR(watcher); 376 if (watcher == NULL) 377 return -ENOENT; 378 w->u.watcher = watcher; 379 380 par->target = watcher; 381 par->targinfo = w->data; 382 ret = xt_check_target(par, w->watcher_size, 383 e->ethproto, e->invflags & EBT_IPROTO); 384 if (ret < 0) { 385 module_put(watcher->me); 386 return ret; 387 } 388 389 (*cnt)++; 390 return 0; 391} 392 393static int ebt_verify_pointers(struct ebt_replace *repl, 394 struct ebt_table_info *newinfo) 395{ 396 unsigned int limit = repl->entries_size; 397 unsigned int valid_hooks = repl->valid_hooks; 398 unsigned int offset = 0; 399 int i; 400 401 for (i = 0; i < NF_BR_NUMHOOKS; i++) 402 newinfo->hook_entry[i] = NULL; 403 404 newinfo->entries_size = repl->entries_size; 405 newinfo->nentries = repl->nentries; 406 407 while (offset < limit) { 408 size_t left = limit - offset; 409 struct ebt_entry *e = (void *)newinfo->entries + offset; 410 411 if (left < sizeof(unsigned int)) 412 break; 413 414 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 415 if ((valid_hooks & (1 << i)) == 0) 416 continue; 417 if ((char __user *)repl->hook_entry[i] == 418 repl->entries + offset) 419 break; 420 } 421 422 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { 423 if (e->bitmask != 0) { 424 /* we make userspace set this right, 425 so there is no misunderstanding */ 426 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " 427 "in distinguisher\n"); 428 return -EINVAL; 429 } 430 if (i != NF_BR_NUMHOOKS) 431 newinfo->hook_entry[i] = (struct ebt_entries *)e; 432 if (left < sizeof(struct ebt_entries)) 433 break; 434 offset += sizeof(struct ebt_entries); 435 } else { 436 if (left < sizeof(struct ebt_entry)) 437 break; 438 if (left < e->next_offset) 439 break; 440 offset += e->next_offset; 441 } 442 } 443 if (offset != limit) { 444 BUGPRINT("entries_size too small\n"); 445 return -EINVAL; 446 } 447 448 /* check if all valid hooks have a chain */ 449 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 450 if (!newinfo->hook_entry[i] && 451 (valid_hooks & (1 << i))) { 452 BUGPRINT("Valid hook without chain\n"); 453 return -EINVAL; 454 } 455 } 456 return 0; 457} 458 459/* 460 * this one is very careful, as it is the first function 461 * to parse the userspace data 462 */ 463static inline int 464ebt_check_entry_size_and_hooks(struct ebt_entry *e, 465 struct ebt_table_info *newinfo, 466 unsigned int *n, unsigned int *cnt, 467 unsigned int *totalcnt, unsigned int *udc_cnt) 468{ 469 int i; 470 471 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 472 if ((void *)e == (void *)newinfo->hook_entry[i]) 473 break; 474 } 475 /* beginning of a new chain 476 if i == NF_BR_NUMHOOKS it must be a user defined chain */ 477 if (i != NF_BR_NUMHOOKS || !e->bitmask) { 478 /* this checks if the previous chain has as many entries 479 as it said it has */ 480 if (*n != *cnt) { 481 BUGPRINT("nentries does not equal the nr of entries " 482 "in the chain\n"); 483 return -EINVAL; 484 } 485 if (((struct ebt_entries *)e)->policy != EBT_DROP && 486 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { 487 /* only RETURN from udc */ 488 if (i != NF_BR_NUMHOOKS || 489 ((struct ebt_entries *)e)->policy != EBT_RETURN) { 490 BUGPRINT("bad policy\n"); 491 return -EINVAL; 492 } 493 } 494 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ 495 (*udc_cnt)++; 496 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { 497 BUGPRINT("counter_offset != totalcnt"); 498 return -EINVAL; 499 } 500 *n = ((struct ebt_entries *)e)->nentries; 501 *cnt = 0; 502 return 0; 503 } 504 /* a plain old entry, heh */ 505 if (sizeof(struct ebt_entry) > e->watchers_offset || 506 e->watchers_offset > e->target_offset || 507 e->target_offset >= e->next_offset) { 508 BUGPRINT("entry offsets not in right order\n"); 509 return -EINVAL; 510 } 511 /* this is not checked anywhere else */ 512 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { 513 BUGPRINT("target size too small\n"); 514 return -EINVAL; 515 } 516 (*cnt)++; 517 (*totalcnt)++; 518 return 0; 519} 520 521struct ebt_cl_stack 522{ 523 struct ebt_chainstack cs; 524 int from; 525 unsigned int hookmask; 526}; 527 528/* 529 * we need these positions to check that the jumps to a different part of the 530 * entries is a jump to the beginning of a new chain. 531 */ 532static inline int 533ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, 534 unsigned int *n, struct ebt_cl_stack *udc) 535{ 536 int i; 537 538 /* we're only interested in chain starts */ 539 if (e->bitmask) 540 return 0; 541 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 542 if (newinfo->hook_entry[i] == (struct ebt_entries *)e) 543 break; 544 } 545 /* only care about udc */ 546 if (i != NF_BR_NUMHOOKS) 547 return 0; 548 549 udc[*n].cs.chaininfo = (struct ebt_entries *)e; 550 /* these initialisations are depended on later in check_chainloops() */ 551 udc[*n].cs.n = 0; 552 udc[*n].hookmask = 0; 553 554 (*n)++; 555 return 0; 556} 557 558static inline int 559ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 560{ 561 struct xt_mtdtor_param par; 562 563 if (i && (*i)-- == 0) 564 return 1; 565 566 par.match = m->u.match; 567 par.matchinfo = m->data; 568 par.family = NFPROTO_BRIDGE; 569 if (par.match->destroy != NULL) 570 par.match->destroy(&par); 571 module_put(par.match->me); 572 return 0; 573} 574 575static inline int 576ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 577{ 578 struct xt_tgdtor_param par; 579 580 if (i && (*i)-- == 0) 581 return 1; 582 583 par.target = w->u.watcher; 584 par.targinfo = w->data; 585 par.family = NFPROTO_BRIDGE; 586 if (par.target->destroy != NULL) 587 par.target->destroy(&par); 588 module_put(par.target->me); 589 return 0; 590} 591 592static inline int 593ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 594{ 595 struct xt_tgdtor_param par; 596 struct ebt_entry_target *t; 597 598 if (e->bitmask == 0) 599 return 0; 600 /* we're done */ 601 if (cnt && (*cnt)-- == 0) 602 return 1; 603 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 604 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 605 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 606 607 par.target = t->u.target; 608 par.targinfo = t->data; 609 par.family = NFPROTO_BRIDGE; 610 if (par.target->destroy != NULL) 611 par.target->destroy(&par); 612 module_put(par.target->me); 613 return 0; 614} 615 616static inline int 617ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, 618 const char *name, unsigned int *cnt, 619 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 620{ 621 struct ebt_entry_target *t; 622 struct xt_target *target; 623 unsigned int i, j, hook = 0, hookmask = 0; 624 size_t gap; 625 int ret; 626 struct xt_mtchk_param mtpar; 627 struct xt_tgchk_param tgpar; 628 629 /* don't mess with the struct ebt_entries */ 630 if (e->bitmask == 0) 631 return 0; 632 633 if (e->bitmask & ~EBT_F_MASK) { 634 BUGPRINT("Unknown flag for bitmask\n"); 635 return -EINVAL; 636 } 637 if (e->invflags & ~EBT_INV_MASK) { 638 BUGPRINT("Unknown flag for inv bitmask\n"); 639 return -EINVAL; 640 } 641 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { 642 BUGPRINT("NOPROTO & 802_3 not allowed\n"); 643 return -EINVAL; 644 } 645 /* what hook do we belong to? */ 646 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 647 if (!newinfo->hook_entry[i]) 648 continue; 649 if ((char *)newinfo->hook_entry[i] < (char *)e) 650 hook = i; 651 else 652 break; 653 } 654 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on 655 a base chain */ 656 if (i < NF_BR_NUMHOOKS) 657 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 658 else { 659 for (i = 0; i < udc_cnt; i++) 660 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) 661 break; 662 if (i == 0) 663 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); 664 else 665 hookmask = cl_s[i - 1].hookmask; 666 } 667 i = 0; 668 669 mtpar.table = tgpar.table = name; 670 mtpar.entryinfo = tgpar.entryinfo = e; 671 mtpar.hook_mask = tgpar.hook_mask = hookmask; 672 mtpar.family = tgpar.family = NFPROTO_BRIDGE; 673 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i); 674 if (ret != 0) 675 goto cleanup_matches; 676 j = 0; 677 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j); 678 if (ret != 0) 679 goto cleanup_watchers; 680 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 681 gap = e->next_offset - e->target_offset; 682 683 target = try_then_request_module( 684 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0), 685 "ebt_%s", t->u.name); 686 if (IS_ERR(target)) { 687 ret = PTR_ERR(target); 688 goto cleanup_watchers; 689 } else if (target == NULL) { 690 ret = -ENOENT; 691 goto cleanup_watchers; 692 } 693 694 t->u.target = target; 695 if (t->u.target == &ebt_standard_target) { 696 if (gap < sizeof(struct ebt_standard_target)) { 697 BUGPRINT("Standard target size too big\n"); 698 ret = -EFAULT; 699 goto cleanup_watchers; 700 } 701 if (((struct ebt_standard_target *)t)->verdict < 702 -NUM_STANDARD_TARGETS) { 703 BUGPRINT("Invalid standard target\n"); 704 ret = -EFAULT; 705 goto cleanup_watchers; 706 } 707 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) { 708 module_put(t->u.target->me); 709 ret = -EFAULT; 710 goto cleanup_watchers; 711 } 712 713 tgpar.target = target; 714 tgpar.targinfo = t->data; 715 ret = xt_check_target(&tgpar, t->target_size, 716 e->ethproto, e->invflags & EBT_IPROTO); 717 if (ret < 0) { 718 module_put(target->me); 719 goto cleanup_watchers; 720 } 721 (*cnt)++; 722 return 0; 723cleanup_watchers: 724 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 725cleanup_matches: 726 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 727 return ret; 728} 729 730/* 731 * checks for loops and sets the hook mask for udc 732 * the hook mask for udc tells us from which base chains the udc can be 733 * accessed. This mask is a parameter to the check() functions of the extensions 734 */ 735static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, 736 unsigned int udc_cnt, unsigned int hooknr, char *base) 737{ 738 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; 739 struct ebt_entry *e = (struct ebt_entry *)chain->data; 740 struct ebt_entry_target *t; 741 742 while (pos < nentries || chain_nr != -1) { 743 /* end of udc, go back one 'recursion' step */ 744 if (pos == nentries) { 745 /* put back values of the time when this chain was called */ 746 e = cl_s[chain_nr].cs.e; 747 if (cl_s[chain_nr].from != -1) 748 nentries = 749 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; 750 else 751 nentries = chain->nentries; 752 pos = cl_s[chain_nr].cs.n; 753 /* make sure we won't see a loop that isn't one */ 754 cl_s[chain_nr].cs.n = 0; 755 chain_nr = cl_s[chain_nr].from; 756 if (pos == nentries) 757 continue; 758 } 759 t = (struct ebt_entry_target *) 760 (((char *)e) + e->target_offset); 761 if (strcmp(t->u.name, EBT_STANDARD_TARGET)) 762 goto letscontinue; 763 if (e->target_offset + sizeof(struct ebt_standard_target) > 764 e->next_offset) { 765 BUGPRINT("Standard target size too big\n"); 766 return -1; 767 } 768 verdict = ((struct ebt_standard_target *)t)->verdict; 769 if (verdict >= 0) { /* jump to another chain */ 770 struct ebt_entries *hlp2 = 771 (struct ebt_entries *)(base + verdict); 772 for (i = 0; i < udc_cnt; i++) 773 if (hlp2 == cl_s[i].cs.chaininfo) 774 break; 775 /* bad destination or loop */ 776 if (i == udc_cnt) { 777 BUGPRINT("bad destination\n"); 778 return -1; 779 } 780 if (cl_s[i].cs.n) { 781 BUGPRINT("loop\n"); 782 return -1; 783 } 784 if (cl_s[i].hookmask & (1 << hooknr)) 785 goto letscontinue; 786 /* this can't be 0, so the loop test is correct */ 787 cl_s[i].cs.n = pos + 1; 788 pos = 0; 789 cl_s[i].cs.e = ((void *)e + e->next_offset); 790 e = (struct ebt_entry *)(hlp2->data); 791 nentries = hlp2->nentries; 792 cl_s[i].from = chain_nr; 793 chain_nr = i; 794 /* this udc is accessible from the base chain for hooknr */ 795 cl_s[i].hookmask |= (1 << hooknr); 796 continue; 797 } 798letscontinue: 799 e = (void *)e + e->next_offset; 800 pos++; 801 } 802 return 0; 803} 804 805/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 806static int translate_table(char *name, struct ebt_table_info *newinfo) 807{ 808 unsigned int i, j, k, udc_cnt; 809 int ret; 810 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 811 812 i = 0; 813 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) 814 i++; 815 if (i == NF_BR_NUMHOOKS) { 816 BUGPRINT("No valid hooks specified\n"); 817 return -EINVAL; 818 } 819 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { 820 BUGPRINT("Chains don't start at beginning\n"); 821 return -EINVAL; 822 } 823 /* make sure chains are ordered after each other in same order 824 as their corresponding hooks */ 825 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { 826 if (!newinfo->hook_entry[j]) 827 continue; 828 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { 829 BUGPRINT("Hook order must be followed\n"); 830 return -EINVAL; 831 } 832 i = j; 833 } 834 835 /* do some early checkings and initialize some things */ 836 i = 0; /* holds the expected nr. of entries for the chain */ 837 j = 0; /* holds the up to now counted entries for the chain */ 838 k = 0; /* holds the total nr. of entries, should equal 839 newinfo->nentries afterwards */ 840 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */ 841 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 842 ebt_check_entry_size_and_hooks, newinfo, 843 &i, &j, &k, &udc_cnt); 844 845 if (ret != 0) 846 return ret; 847 848 if (i != j) { 849 BUGPRINT("nentries does not equal the nr of entries in the " 850 "(last) chain\n"); 851 return -EINVAL; 852 } 853 if (k != newinfo->nentries) { 854 BUGPRINT("Total nentries is wrong\n"); 855 return -EINVAL; 856 } 857 858 /* get the location of the udc, put them in an array 859 while we're at it, allocate the chainstack */ 860 if (udc_cnt) { 861 /* this will get free'd in do_replace()/ebt_register_table() 862 if an error occurs */ 863 newinfo->chainstack = 864 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack))); 865 if (!newinfo->chainstack) 866 return -ENOMEM; 867 for_each_possible_cpu(i) { 868 newinfo->chainstack[i] = 869 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0]))); 870 if (!newinfo->chainstack[i]) { 871 while (i) 872 vfree(newinfo->chainstack[--i]); 873 vfree(newinfo->chainstack); 874 newinfo->chainstack = NULL; 875 return -ENOMEM; 876 } 877 } 878 879 cl_s = vmalloc(udc_cnt * sizeof(*cl_s)); 880 if (!cl_s) 881 return -ENOMEM; 882 i = 0; /* the i'th udc */ 883 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 884 ebt_get_udc_positions, newinfo, &i, cl_s); 885 /* sanity check */ 886 if (i != udc_cnt) { 887 BUGPRINT("i != udc_cnt\n"); 888 vfree(cl_s); 889 return -EFAULT; 890 } 891 } 892 893 /* Check for loops */ 894 for (i = 0; i < NF_BR_NUMHOOKS; i++) 895 if (newinfo->hook_entry[i]) 896 if (check_chainloops(newinfo->hook_entry[i], 897 cl_s, udc_cnt, i, newinfo->entries)) { 898 vfree(cl_s); 899 return -EINVAL; 900 } 901 902 /* we now know the following (along with E=mc²): 903 - the nr of entries in each chain is right 904 - the size of the allocated space is right 905 - all valid hooks have a corresponding chain 906 - there are no loops 907 - wrong data can still be on the level of a single entry 908 - could be there are jumps to places that are not the 909 beginning of a chain. This can only occur in chains that 910 are not accessible from any base chains, so we don't care. */ 911 912 /* used to know what we need to clean up if something goes wrong */ 913 i = 0; 914 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 915 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt); 916 if (ret != 0) { 917 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 918 ebt_cleanup_entry, &i); 919 } 920 vfree(cl_s); 921 return ret; 922} 923 924/* called under write_lock */ 925static void get_counters(struct ebt_counter *oldcounters, 926 struct ebt_counter *counters, unsigned int nentries) 927{ 928 int i, cpu; 929 struct ebt_counter *counter_base; 930 931 /* counters of cpu 0 */ 932 memcpy(counters, oldcounters, 933 sizeof(struct ebt_counter) * nentries); 934 935 /* add other counters to those of cpu 0 */ 936 for_each_possible_cpu(cpu) { 937 if (cpu == 0) 938 continue; 939 counter_base = COUNTER_BASE(oldcounters, nentries, cpu); 940 for (i = 0; i < nentries; i++) { 941 counters[i].pcnt += counter_base[i].pcnt; 942 counters[i].bcnt += counter_base[i].bcnt; 943 } 944 } 945} 946 947/* replace the table */ 948static int do_replace(struct net *net, void __user *user, unsigned int len) 949{ 950 int ret, i, countersize; 951 struct ebt_table_info *newinfo; 952 struct ebt_replace tmp; 953 struct ebt_table *t; 954 struct ebt_counter *counterstmp = NULL; 955 /* used to be able to unlock earlier */ 956 struct ebt_table_info *table; 957 958 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 959 return -EFAULT; 960 961 if (len != sizeof(tmp) + tmp.entries_size) { 962 BUGPRINT("Wrong len argument\n"); 963 return -EINVAL; 964 } 965 966 if (tmp.entries_size == 0) { 967 BUGPRINT("Entries_size never zero\n"); 968 return -EINVAL; 969 } 970 /* overflow check */ 971 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS - 972 SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) 973 return -ENOMEM; 974 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 975 return -ENOMEM; 976 977 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; 978 newinfo = vmalloc(sizeof(*newinfo) + countersize); 979 if (!newinfo) 980 return -ENOMEM; 981 982 if (countersize) 983 memset(newinfo->counters, 0, countersize); 984 985 newinfo->entries = vmalloc(tmp.entries_size); 986 if (!newinfo->entries) { 987 ret = -ENOMEM; 988 goto free_newinfo; 989 } 990 if (copy_from_user( 991 newinfo->entries, tmp.entries, tmp.entries_size) != 0) { 992 BUGPRINT("Couldn't copy entries from userspace\n"); 993 ret = -EFAULT; 994 goto free_entries; 995 } 996 997 /* the user wants counters back 998 the check on the size is done later, when we have the lock */ 999 if (tmp.num_counters) { 1000 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp)); 1001 if (!counterstmp) { 1002 ret = -ENOMEM; 1003 goto free_entries; 1004 } 1005 } 1006 else 1007 counterstmp = NULL; 1008 1009 /* this can get initialized by translate_table() */ 1010 newinfo->chainstack = NULL; 1011 ret = ebt_verify_pointers(&tmp, newinfo); 1012 if (ret != 0) 1013 goto free_counterstmp; 1014 1015 ret = translate_table(tmp.name, newinfo); 1016 1017 if (ret != 0) 1018 goto free_counterstmp; 1019 1020 t = find_table_lock(net, tmp.name, &ret, &ebt_mutex); 1021 if (!t) { 1022 ret = -ENOENT; 1023 goto free_iterate; 1024 } 1025 1026 /* the table doesn't like it */ 1027 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) 1028 goto free_unlock; 1029 1030 if (tmp.num_counters && tmp.num_counters != t->private->nentries) { 1031 BUGPRINT("Wrong nr. of counters requested\n"); 1032 ret = -EINVAL; 1033 goto free_unlock; 1034 } 1035 1036 /* we have the mutex lock, so no danger in reading this pointer */ 1037 table = t->private; 1038 /* make sure the table can only be rmmod'ed if it contains no rules */ 1039 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) { 1040 ret = -ENOENT; 1041 goto free_unlock; 1042 } else if (table->nentries && !newinfo->nentries) 1043 module_put(t->me); 1044 /* we need an atomic snapshot of the counters */ 1045 write_lock_bh(&t->lock); 1046 if (tmp.num_counters) 1047 get_counters(t->private->counters, counterstmp, 1048 t->private->nentries); 1049 1050 t->private = newinfo; 1051 write_unlock_bh(&t->lock); 1052 mutex_unlock(&ebt_mutex); 1053 /* so, a user can change the chains while having messed up her counter 1054 allocation. Only reason why this is done is because this way the lock 1055 is held only once, while this doesn't bring the kernel into a 1056 dangerous state. */ 1057 if (tmp.num_counters && 1058 copy_to_user(tmp.counters, counterstmp, 1059 tmp.num_counters * sizeof(struct ebt_counter))) { 1060 BUGPRINT("Couldn't copy counters to userspace\n"); 1061 ret = -EFAULT; 1062 } 1063 else 1064 ret = 0; 1065 1066 /* decrease module count and free resources */ 1067 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1068 ebt_cleanup_entry, NULL); 1069 1070 vfree(table->entries); 1071 if (table->chainstack) { 1072 for_each_possible_cpu(i) 1073 vfree(table->chainstack[i]); 1074 vfree(table->chainstack); 1075 } 1076 vfree(table); 1077 1078 vfree(counterstmp); 1079 return ret; 1080 1081free_unlock: 1082 mutex_unlock(&ebt_mutex); 1083free_iterate: 1084 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1085 ebt_cleanup_entry, NULL); 1086free_counterstmp: 1087 vfree(counterstmp); 1088 /* can be initialized in translate_table() */ 1089 if (newinfo->chainstack) { 1090 for_each_possible_cpu(i) 1091 vfree(newinfo->chainstack[i]); 1092 vfree(newinfo->chainstack); 1093 } 1094free_entries: 1095 vfree(newinfo->entries); 1096free_newinfo: 1097 vfree(newinfo); 1098 return ret; 1099} 1100 1101struct ebt_table *ebt_register_table(struct net *net, struct ebt_table *table) 1102{ 1103 struct ebt_table_info *newinfo; 1104 struct ebt_table *t; 1105 struct ebt_replace_kernel *repl; 1106 int ret, i, countersize; 1107 void *p; 1108 1109 if (!table || !(repl = table->table) || !repl->entries || 1110 repl->entries_size == 0 || 1111 repl->counters || table->private) { 1112 BUGPRINT("Bad table data for ebt_register_table!!!\n"); 1113 return ERR_PTR(-EINVAL); 1114 } 1115 1116 /* Don't add one table to multiple lists. */ 1117 table = kmemdup(table, sizeof(struct ebt_table), GFP_KERNEL); 1118 if (!table) { 1119 ret = -ENOMEM; 1120 goto out; 1121 } 1122 1123 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids; 1124 newinfo = vmalloc(sizeof(*newinfo) + countersize); 1125 ret = -ENOMEM; 1126 if (!newinfo) 1127 goto free_table; 1128 1129 p = vmalloc(repl->entries_size); 1130 if (!p) 1131 goto free_newinfo; 1132 1133 memcpy(p, repl->entries, repl->entries_size); 1134 newinfo->entries = p; 1135 1136 newinfo->entries_size = repl->entries_size; 1137 newinfo->nentries = repl->nentries; 1138 1139 if (countersize) 1140 memset(newinfo->counters, 0, countersize); 1141 1142 /* fill in newinfo and parse the entries */ 1143 newinfo->chainstack = NULL; 1144 for (i = 0; i < NF_BR_NUMHOOKS; i++) { 1145 if ((repl->valid_hooks & (1 << i)) == 0) 1146 newinfo->hook_entry[i] = NULL; 1147 else 1148 newinfo->hook_entry[i] = p + 1149 ((char *)repl->hook_entry[i] - repl->entries); 1150 } 1151 ret = translate_table(repl->name, newinfo); 1152 if (ret != 0) { 1153 BUGPRINT("Translate_table failed\n"); 1154 goto free_chainstack; 1155 } 1156 1157 if (table->check && table->check(newinfo, table->valid_hooks)) { 1158 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1159 return ERR_PTR(-EINVAL); 1160 } 1161 1162 table->private = newinfo; 1163 rwlock_init(&table->lock); 1164 ret = mutex_lock_interruptible(&ebt_mutex); 1165 if (ret != 0) 1166 goto free_chainstack; 1167 1168 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) { 1169 if (strcmp(t->name, table->name) == 0) { 1170 ret = -EEXIST; 1171 BUGPRINT("Table name already exists\n"); 1172 goto free_unlock; 1173 } 1174 } 1175 1176 /* Hold a reference count if the chains aren't empty */ 1177 if (newinfo->nentries && !try_module_get(table->me)) { 1178 ret = -ENOENT; 1179 goto free_unlock; 1180 } 1181 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]); 1182 mutex_unlock(&ebt_mutex); 1183 return table; 1184free_unlock: 1185 mutex_unlock(&ebt_mutex); 1186free_chainstack: 1187 if (newinfo->chainstack) { 1188 for_each_possible_cpu(i) 1189 vfree(newinfo->chainstack[i]); 1190 vfree(newinfo->chainstack); 1191 } 1192 vfree(newinfo->entries); 1193free_newinfo: 1194 vfree(newinfo); 1195free_table: 1196 kfree(table); 1197out: 1198 return ERR_PTR(ret); 1199} 1200 1201void ebt_unregister_table(struct ebt_table *table) 1202{ 1203 int i; 1204 1205 if (!table) { 1206 BUGPRINT("Request to unregister NULL table!!!\n"); 1207 return; 1208 } 1209 mutex_lock(&ebt_mutex); 1210 list_del(&table->list); 1211 mutex_unlock(&ebt_mutex); 1212 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size, 1213 ebt_cleanup_entry, NULL); 1214 if (table->private->nentries) 1215 module_put(table->me); 1216 vfree(table->private->entries); 1217 if (table->private->chainstack) { 1218 for_each_possible_cpu(i) 1219 vfree(table->private->chainstack[i]); 1220 vfree(table->private->chainstack); 1221 } 1222 vfree(table->private); 1223 kfree(table); 1224} 1225 1226/* userspace just supplied us with counters */ 1227static int update_counters(struct net *net, void __user *user, unsigned int len) 1228{ 1229 int i, ret; 1230 struct ebt_counter *tmp; 1231 struct ebt_replace hlp; 1232 struct ebt_table *t; 1233 1234 if (copy_from_user(&hlp, user, sizeof(hlp))) 1235 return -EFAULT; 1236 1237 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) 1238 return -EINVAL; 1239 if (hlp.num_counters == 0) 1240 return -EINVAL; 1241 1242 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) { 1243 MEMPRINT("Update_counters && nomemory\n"); 1244 return -ENOMEM; 1245 } 1246 1247 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex); 1248 if (!t) 1249 goto free_tmp; 1250 1251 if (hlp.num_counters != t->private->nentries) { 1252 BUGPRINT("Wrong nr of counters\n"); 1253 ret = -EINVAL; 1254 goto unlock_mutex; 1255 } 1256 1257 if ( copy_from_user(tmp, hlp.counters, 1258 hlp.num_counters * sizeof(struct ebt_counter)) ) { 1259 BUGPRINT("Updata_counters && !cfu\n"); 1260 ret = -EFAULT; 1261 goto unlock_mutex; 1262 } 1263 1264 /* we want an atomic add of the counters */ 1265 write_lock_bh(&t->lock); 1266 1267 /* we add to the counters of the first cpu */ 1268 for (i = 0; i < hlp.num_counters; i++) { 1269 t->private->counters[i].pcnt += tmp[i].pcnt; 1270 t->private->counters[i].bcnt += tmp[i].bcnt; 1271 } 1272 1273 write_unlock_bh(&t->lock); 1274 ret = 0; 1275unlock_mutex: 1276 mutex_unlock(&ebt_mutex); 1277free_tmp: 1278 vfree(tmp); 1279 return ret; 1280} 1281 1282static inline int ebt_make_matchname(struct ebt_entry_match *m, 1283 char *base, char __user *ubase) 1284{ 1285 char __user *hlp = ubase + ((char *)m - base); 1286 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1287 return -EFAULT; 1288 return 0; 1289} 1290 1291static inline int ebt_make_watchername(struct ebt_entry_watcher *w, 1292 char *base, char __user *ubase) 1293{ 1294 char __user *hlp = ubase + ((char *)w - base); 1295 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1296 return -EFAULT; 1297 return 0; 1298} 1299 1300static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase) 1301{ 1302 int ret; 1303 char __user *hlp; 1304 struct ebt_entry_target *t; 1305 1306 if (e->bitmask == 0) 1307 return 0; 1308 1309 hlp = ubase + (((char *)e + e->target_offset) - base); 1310 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 1311 1312 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); 1313 if (ret != 0) 1314 return ret; 1315 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1316 if (ret != 0) 1317 return ret; 1318 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1319 return -EFAULT; 1320 return 0; 1321} 1322 1323/* called with ebt_mutex locked */ 1324static int copy_everything_to_user(struct ebt_table *t, void __user *user, 1325 int *len, int cmd) 1326{ 1327 struct ebt_replace tmp; 1328 struct ebt_counter *counterstmp, *oldcounters; 1329 unsigned int entries_size, nentries; 1330 char *entries; 1331 1332 if (cmd == EBT_SO_GET_ENTRIES) { 1333 entries_size = t->private->entries_size; 1334 nentries = t->private->nentries; 1335 entries = t->private->entries; 1336 oldcounters = t->private->counters; 1337 } else { 1338 entries_size = t->table->entries_size; 1339 nentries = t->table->nentries; 1340 entries = t->table->entries; 1341 oldcounters = t->table->counters; 1342 } 1343 1344 if (copy_from_user(&tmp, user, sizeof(tmp))) { 1345 BUGPRINT("Cfu didn't work\n"); 1346 return -EFAULT; 1347 } 1348 1349 if (*len != sizeof(struct ebt_replace) + entries_size + 1350 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { 1351 BUGPRINT("Wrong size\n"); 1352 return -EINVAL; 1353 } 1354 1355 if (tmp.nentries != nentries) { 1356 BUGPRINT("Nentries wrong\n"); 1357 return -EINVAL; 1358 } 1359 1360 if (tmp.entries_size != entries_size) { 1361 BUGPRINT("Wrong size\n"); 1362 return -EINVAL; 1363 } 1364 1365 /* userspace might not need the counters */ 1366 if (tmp.num_counters) { 1367 if (tmp.num_counters != nentries) { 1368 BUGPRINT("Num_counters wrong\n"); 1369 return -EINVAL; 1370 } 1371 counterstmp = vmalloc(nentries * sizeof(*counterstmp)); 1372 if (!counterstmp) { 1373 MEMPRINT("Couldn't copy counters, out of memory\n"); 1374 return -ENOMEM; 1375 } 1376 write_lock_bh(&t->lock); 1377 get_counters(oldcounters, counterstmp, nentries); 1378 write_unlock_bh(&t->lock); 1379 1380 if (copy_to_user(tmp.counters, counterstmp, 1381 nentries * sizeof(struct ebt_counter))) { 1382 BUGPRINT("Couldn't copy counters to userspace\n"); 1383 vfree(counterstmp); 1384 return -EFAULT; 1385 } 1386 vfree(counterstmp); 1387 } 1388 1389 if (copy_to_user(tmp.entries, entries, entries_size)) { 1390 BUGPRINT("Couldn't copy entries to userspace\n"); 1391 return -EFAULT; 1392 } 1393 /* set the match/watcher/target names right */ 1394 return EBT_ENTRY_ITERATE(entries, entries_size, 1395 ebt_make_names, entries, tmp.entries); 1396} 1397 1398static int do_ebt_set_ctl(struct sock *sk, 1399 int cmd, void __user *user, unsigned int len) 1400{ 1401 int ret; 1402 1403 switch(cmd) { 1404 case EBT_SO_SET_ENTRIES: 1405 ret = do_replace(sock_net(sk), user, len); 1406 break; 1407 case EBT_SO_SET_COUNTERS: 1408 ret = update_counters(sock_net(sk), user, len); 1409 break; 1410 default: 1411 ret = -EINVAL; 1412 } 1413 return ret; 1414} 1415 1416static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 1417{ 1418 int ret; 1419 struct ebt_replace tmp; 1420 struct ebt_table *t; 1421 1422 if (copy_from_user(&tmp, user, sizeof(tmp))) 1423 return -EFAULT; 1424 1425 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex); 1426 if (!t) 1427 return ret; 1428 1429 switch(cmd) { 1430 case EBT_SO_GET_INFO: 1431 case EBT_SO_GET_INIT_INFO: 1432 if (*len != sizeof(struct ebt_replace)){ 1433 ret = -EINVAL; 1434 mutex_unlock(&ebt_mutex); 1435 break; 1436 } 1437 if (cmd == EBT_SO_GET_INFO) { 1438 tmp.nentries = t->private->nentries; 1439 tmp.entries_size = t->private->entries_size; 1440 tmp.valid_hooks = t->valid_hooks; 1441 } else { 1442 tmp.nentries = t->table->nentries; 1443 tmp.entries_size = t->table->entries_size; 1444 tmp.valid_hooks = t->table->valid_hooks; 1445 } 1446 mutex_unlock(&ebt_mutex); 1447 if (copy_to_user(user, &tmp, *len) != 0){ 1448 BUGPRINT("c2u Didn't work\n"); 1449 ret = -EFAULT; 1450 break; 1451 } 1452 ret = 0; 1453 break; 1454 1455 case EBT_SO_GET_ENTRIES: 1456 case EBT_SO_GET_INIT_ENTRIES: 1457 ret = copy_everything_to_user(t, user, len, cmd); 1458 mutex_unlock(&ebt_mutex); 1459 break; 1460 1461 default: 1462 mutex_unlock(&ebt_mutex); 1463 ret = -EINVAL; 1464 } 1465 1466 return ret; 1467} 1468 1469static struct nf_sockopt_ops ebt_sockopts = 1470{ 1471 .pf = PF_INET, 1472 .set_optmin = EBT_BASE_CTL, 1473 .set_optmax = EBT_SO_SET_MAX + 1, 1474 .set = do_ebt_set_ctl, 1475 .get_optmin = EBT_BASE_CTL, 1476 .get_optmax = EBT_SO_GET_MAX + 1, 1477 .get = do_ebt_get_ctl, 1478 .owner = THIS_MODULE, 1479}; 1480 1481static int __init ebtables_init(void) 1482{ 1483 int ret; 1484 1485 ret = xt_register_target(&ebt_standard_target); 1486 if (ret < 0) 1487 return ret; 1488 ret = nf_register_sockopt(&ebt_sockopts); 1489 if (ret < 0) { 1490 xt_unregister_target(&ebt_standard_target); 1491 return ret; 1492 } 1493 1494 printk(KERN_INFO "Ebtables v2.0 registered\n"); 1495 return 0; 1496} 1497 1498static void __exit ebtables_fini(void) 1499{ 1500 nf_unregister_sockopt(&ebt_sockopts); 1501 xt_unregister_target(&ebt_standard_target); 1502 printk(KERN_INFO "Ebtables v2.0 unregistered\n"); 1503} 1504 1505EXPORT_SYMBOL(ebt_register_table); 1506EXPORT_SYMBOL(ebt_unregister_table); 1507EXPORT_SYMBOL(ebt_do_table); 1508module_init(ebtables_init); 1509module_exit(ebtables_fini); 1510MODULE_LICENSE("GPL"); 1511