search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
code style scripts/checkpatch.pl (linux-3.9-rc1) formatting
[linux-2.6.32.60-moxart.git] / net / bridge / netfilter / ebtables.c
blobd73d47f2a4add9512f48a7bf32ee30b0eb410888
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18
19 #include <linux/kmod.h>
20 #include <linux/module.h>
21 #include <linux/vmalloc.h>
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_bridge/ebtables.h>
24 #include <linux/spinlock.h>
25 #include <linux/mutex.h>
26 #include <asm/uaccess.h>
27 #include <linux/smp.h>
28 #include <linux/cpumask.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
34 "report to author: "format, ## args)
35 /* #define BUGPRINT(format, args...) */
36 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
37 ": out of memory: "format, ## args)
38 /* #define MEMPRINT(format, args...) */
39
40
41
42 /*
43 * Each cpu has its own set of counters, so there is no need for write_lock in
44 * the softirq
45 * For reading or updating the counters, the user context needs to
46 * get a write_lock
47 */
48
49 /* The size of each set of counters is altered to get cache alignment */
50 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53 COUNTER_OFFSET(n) * cpu))
54
55
56
57 static DEFINE_MUTEX(ebt_mutex);
58
59 static struct xt_target ebt_standard_target = {
60 .name = "standard",
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
63 .targetsize = sizeof(int),
64 };
65
66 static inline int
67 ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68 struct xt_target_param *par)
69 {
70 par->target = w->u.watcher;
71 par->targinfo = w->data;
72 w->u.watcher->target(skb, par);
73 /* watchers don't give a verdict */
74 return 0;
75 }
76
77 static inline int ebt_do_match (struct ebt_entry_match *m,
78 const struct sk_buff *skb, struct xt_match_param *par)
79 {
80 par->match = m->u.match;
81 par->matchinfo = m->data;
82 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
83 }
84
85 static inline int ebt_dev_check(char *entry, const struct net_device *device)
86 {
87 int i = 0;
88 const char *devname;
89
90 if (*entry == '\0')
91 return 0;
92 if (!device)
93 return 1;
94 devname = device->name;
95 /* 1 is the wildcard token */
96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97 i++;
98 return (devname[i] != entry[i] && entry[i] != 1);
99 }
100
101 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102 /* process standard matches */
103 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104 const struct net_device *in, const struct net_device *out)
105 {
106 int verdict, i;
107
108 if (e->bitmask & EBT_802_3) {
109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110 return 1;
111 } else if (!(e->bitmask & EBT_NOPROTO) &&
112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113 return 1;
114
115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116 return 1;
117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118 return 1;
119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121 return 1;
122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124 return 1;
125
126 if (e->bitmask & EBT_SOURCEMAC) {
127 verdict = 0;
128 for (i = 0; i < 6; i++)
129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130 e->sourcemsk[i];
131 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132 return 1;
133 }
134 if (e->bitmask & EBT_DESTMAC) {
135 verdict = 0;
136 for (i = 0; i < 6; i++)
137 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138 e->destmsk[i];
139 if (FWINV2(verdict != 0, EBT_IDEST) )
140 return 1;
141 }
142 return 0;
143 }
144
145 static inline __pure
146 struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
147 {
148 return (void *)entry + entry->next_offset;
149 }
150
151 /* Do some firewalling */
152 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
153 const struct net_device *in, const struct net_device *out,
154 struct ebt_table *table)
155 {
156 int i, nentries;
157 struct ebt_entry *point;
158 struct ebt_counter *counter_base, *cb_base;
159 struct ebt_entry_target *t;
160 int verdict, sp = 0;
161 struct ebt_chainstack *cs;
162 struct ebt_entries *chaininfo;
163 char *base;
164 struct ebt_table_info *private;
165 bool hotdrop = false;
166 struct xt_match_param mtpar;
167 struct xt_target_param tgpar;
168
169 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
170 mtpar.in = tgpar.in = in;
171 mtpar.out = tgpar.out = out;
172 mtpar.hotdrop = &hotdrop;
173 mtpar.hooknum = tgpar.hooknum = hook;
174
175 read_lock_bh(&table->lock);
176 private = table->private;
177 cb_base = COUNTER_BASE(private->counters, private->nentries,
178 smp_processor_id());
179 if (private->chainstack)
180 cs = private->chainstack[smp_processor_id()];
181 else
182 cs = NULL;
183 chaininfo = private->hook_entry[hook];
184 nentries = private->hook_entry[hook]->nentries;
185 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
186 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
187 /* base for chain jumps */
188 base = private->entries;
189 i = 0;
190 while (i < nentries) {
191 if (ebt_basic_match(point, eth_hdr(skb), in, out))
192 goto letscontinue;
193
194 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
195 goto letscontinue;
196 if (hotdrop) {
197 read_unlock_bh(&table->lock);
198 return NF_DROP;
199 }
200
201 /* increase counter */
202 (*(counter_base + i)).pcnt++;
203 (*(counter_base + i)).bcnt += skb->len;
204
205 /* these should only watch: not modify, nor tell us
206 what to do with the packet */
207 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
208
209 t = (struct ebt_entry_target *)
210 (((char *)point) + point->target_offset);
211 /* standard target */
212 if (!t->u.target->target)
213 verdict = ((struct ebt_standard_target *)t)->verdict;
214 else {
215 tgpar.target = t->u.target;
216 tgpar.targinfo = t->data;
217 verdict = t->u.target->target(skb, &tgpar);
218 }
219 if (verdict == EBT_ACCEPT) {
220 read_unlock_bh(&table->lock);
221 return NF_ACCEPT;
222 }
223 if (verdict == EBT_DROP) {
224 read_unlock_bh(&table->lock);
225 return NF_DROP;
226 }
227 if (verdict == EBT_RETURN) {
228 letsreturn:
229 #ifdef CONFIG_NETFILTER_DEBUG
230 if (sp == 0) {
231 BUGPRINT("RETURN on base chain");
232 /* act like this is EBT_CONTINUE */
233 goto letscontinue;
234 }
235 #endif
236 sp--;
237 /* put all the local variables right */
238 i = cs[sp].n;
239 chaininfo = cs[sp].chaininfo;
240 nentries = chaininfo->nentries;
241 point = cs[sp].e;
242 counter_base = cb_base +
243 chaininfo->counter_offset;
244 continue;
245 }
246 if (verdict == EBT_CONTINUE)
247 goto letscontinue;
248 #ifdef CONFIG_NETFILTER_DEBUG
249 if (verdict < 0) {
250 BUGPRINT("bogus standard verdict\n");
251 read_unlock_bh(&table->lock);
252 return NF_DROP;
253 }
254 #endif
255 /* jump to a udc */
256 cs[sp].n = i + 1;
257 cs[sp].chaininfo = chaininfo;
258 cs[sp].e = ebt_next_entry(point);
259 i = 0;
260 chaininfo = (struct ebt_entries *) (base + verdict);
261 #ifdef CONFIG_NETFILTER_DEBUG
262 if (chaininfo->distinguisher) {
263 BUGPRINT("jump to non-chain\n");
264 read_unlock_bh(&table->lock);
265 return NF_DROP;
266 }
267 #endif
268 nentries = chaininfo->nentries;
269 point = (struct ebt_entry *)chaininfo->data;
270 counter_base = cb_base + chaininfo->counter_offset;
271 sp++;
272 continue;
273 letscontinue:
274 point = ebt_next_entry(point);
275 i++;
276 }
277
278 /* I actually like this :) */
279 if (chaininfo->policy == EBT_RETURN)
280 goto letsreturn;
281 if (chaininfo->policy == EBT_ACCEPT) {
282 read_unlock_bh(&table->lock);
283 return NF_ACCEPT;
284 }
285 read_unlock_bh(&table->lock);
286 return NF_DROP;
287 }
288
289 /* If it succeeds, returns element and locks mutex */
290 static inline void *
291 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
292 struct mutex *mutex)
293 {
294 struct {
295 struct list_head list;
296 char name[EBT_FUNCTION_MAXNAMELEN];
297 } *e;
298
299 *error = mutex_lock_interruptible(mutex);
300 if (*error != 0)
301 return NULL;
302
303 list_for_each_entry(e, head, list) {
304 if (strcmp(e->name, name) == 0)
305 return e;
306 }
307 *error = -ENOENT;
308 mutex_unlock(mutex);
309 return NULL;
310 }
311
312 static void *
313 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
314 int *error, struct mutex *mutex)
315 {
316 return try_then_request_module(
317 find_inlist_lock_noload(head, name, error, mutex),
318 "%s%s", prefix, name);
319 }
320
321 static inline struct ebt_table *
322 find_table_lock(struct net *net, const char *name, int *error,
323 struct mutex *mutex)
324 {
325 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
326 "ebtable_", error, mutex);
327 }
328
329 static inline int
330 ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
331 unsigned int *cnt)
332 {
333 const struct ebt_entry *e = par->entryinfo;
334 struct xt_match *match;
335 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
336 int ret;
337
338 if (left < sizeof(struct ebt_entry_match) ||
339 left - sizeof(struct ebt_entry_match) < m->match_size)
340 return -EINVAL;
341
342 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
343 m->u.name, 0), "ebt_%s", m->u.name);
344 if (IS_ERR(match))
345 return PTR_ERR(match);
346 if (match == NULL)
347 return -ENOENT;
348 m->u.match = match;
349
350 par->match = match;
351 par->matchinfo = m->data;
352 ret = xt_check_match(par, m->match_size,
353 e->ethproto, e->invflags & EBT_IPROTO);
354 if (ret < 0) {
355 module_put(match->me);
356 return ret;
357 }
358
359 (*cnt)++;
360 return 0;
361 }
362
363 static inline int
364 ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
365 unsigned int *cnt)
366 {
367 const struct ebt_entry *e = par->entryinfo;
368 struct xt_target *watcher;
369 size_t left = ((char *)e + e->target_offset) - (char *)w;
370 int ret;
371
372 if (left < sizeof(struct ebt_entry_watcher) ||
373 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
374 return -EINVAL;
375
376 watcher = try_then_request_module(
377 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
378 "ebt_%s", w->u.name);
379 if (IS_ERR(watcher))
380 return PTR_ERR(watcher);
381 if (watcher == NULL)
382 return -ENOENT;
383 w->u.watcher = watcher;
384
385 par->target = watcher;
386 par->targinfo = w->data;
387 ret = xt_check_target(par, w->watcher_size,
388 e->ethproto, e->invflags & EBT_IPROTO);
389 if (ret < 0) {
390 module_put(watcher->me);
391 return ret;
392 }
393
394 (*cnt)++;
395 return 0;
396 }
397
398 static int ebt_verify_pointers(struct ebt_replace *repl,
399 struct ebt_table_info *newinfo)
400 {
401 unsigned int limit = repl->entries_size;
402 unsigned int valid_hooks = repl->valid_hooks;
403 unsigned int offset = 0;
404 int i;
405
406 for (i = 0; i < NF_BR_NUMHOOKS; i++)
407 newinfo->hook_entry[i] = NULL;
408
409 newinfo->entries_size = repl->entries_size;
410 newinfo->nentries = repl->nentries;
411
412 while (offset < limit) {
413 size_t left = limit - offset;
414 struct ebt_entry *e = (void *)newinfo->entries + offset;
415
416 if (left < sizeof(unsigned int))
417 break;
418
419 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
420 if ((valid_hooks & (1 << i)) == 0)
421 continue;
422 if ((char __user *)repl->hook_entry[i] ==
423 repl->entries + offset)
424 break;
425 }
426
427 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
428 if (e->bitmask != 0) {
429 /* we make userspace set this right,
430 so there is no misunderstanding */
431 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
432 "in distinguisher\n");
433 return -EINVAL;
434 }
435 if (i != NF_BR_NUMHOOKS)
436 newinfo->hook_entry[i] = (struct ebt_entries *)e;
437 if (left < sizeof(struct ebt_entries))
438 break;
439 offset += sizeof(struct ebt_entries);
440 } else {
441 if (left < sizeof(struct ebt_entry))
442 break;
443 if (left < e->next_offset)
444 break;
445 offset += e->next_offset;
446 }
447 }
448 if (offset != limit) {
449 BUGPRINT("entries_size too small\n");
450 return -EINVAL;
451 }
452
453 /* check if all valid hooks have a chain */
454 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
455 if (!newinfo->hook_entry[i] &&
456 (valid_hooks & (1 << i))) {
457 BUGPRINT("Valid hook without chain\n");
458 return -EINVAL;
459 }
460 }
461 return 0;
462 }
463
464 /*
465 * this one is very careful, as it is the first function
466 * to parse the userspace data
467 */
468 static inline int
469 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
470 struct ebt_table_info *newinfo,
471 unsigned int *n, unsigned int *cnt,
472 unsigned int *totalcnt, unsigned int *udc_cnt)
473 {
474 int i;
475
476 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
477 if ((void *)e == (void *)newinfo->hook_entry[i])
478 break;
479 }
480 /* beginning of a new chain
481 if i == NF_BR_NUMHOOKS it must be a user defined chain */
482 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
483 /* this checks if the previous chain has as many entries
484 as it said it has */
485 if (*n != *cnt) {
486 BUGPRINT("nentries does not equal the nr of entries "
487 "in the chain\n");
488 return -EINVAL;
489 }
490 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492 /* only RETURN from udc */
493 if (i != NF_BR_NUMHOOKS ||
494 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495 BUGPRINT("bad policy\n");
496 return -EINVAL;
497 }
498 }
499 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500 (*udc_cnt)++;
501 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502 BUGPRINT("counter_offset != totalcnt");
503 return -EINVAL;
504 }
505 *n = ((struct ebt_entries *)e)->nentries;
506 *cnt = 0;
507 return 0;
508 }
509 /* a plain old entry, heh */
510 if (sizeof(struct ebt_entry) > e->watchers_offset ||
511 e->watchers_offset > e->target_offset ||
512 e->target_offset >= e->next_offset) {
513 BUGPRINT("entry offsets not in right order\n");
514 return -EINVAL;
515 }
516 /* this is not checked anywhere else */
517 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518 BUGPRINT("target size too small\n");
519 return -EINVAL;
520 }
521 (*cnt)++;
522 (*totalcnt)++;
523 return 0;
524 }
525
526 struct ebt_cl_stack
527 {
528 struct ebt_chainstack cs;
529 int from;
530 unsigned int hookmask;
531 };
532
533 /*
534 * we need these positions to check that the jumps to a different part of the
535 * entries is a jump to the beginning of a new chain.
536 */
537 static inline int
538 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
539 unsigned int *n, struct ebt_cl_stack *udc)
540 {
541 int i;
542
543 /* we're only interested in chain starts */
544 if (e->bitmask)
545 return 0;
546 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
547 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
548 break;
549 }
550 /* only care about udc */
551 if (i != NF_BR_NUMHOOKS)
552 return 0;
553
554 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
555 /* these initialisations are depended on later in check_chainloops() */
556 udc[*n].cs.n = 0;
557 udc[*n].hookmask = 0;
558
559 (*n)++;
560 return 0;
561 }
562
563 static inline int
564 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
565 {
566 struct xt_mtdtor_param par;
567
568 if (i && (*i)-- == 0)
569 return 1;
570
571 par.match = m->u.match;
572 par.matchinfo = m->data;
573 par.family = NFPROTO_BRIDGE;
574 if (par.match->destroy != NULL)
575 par.match->destroy(&par);
576 module_put(par.match->me);
577 return 0;
578 }
579
580 static inline int
581 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
582 {
583 struct xt_tgdtor_param par;
584
585 if (i && (*i)-- == 0)
586 return 1;
587
588 par.target = w->u.watcher;
589 par.targinfo = w->data;
590 par.family = NFPROTO_BRIDGE;
591 if (par.target->destroy != NULL)
592 par.target->destroy(&par);
593 module_put(par.target->me);
594 return 0;
595 }
596
597 static inline int
598 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
599 {
600 struct xt_tgdtor_param par;
601 struct ebt_entry_target *t;
602
603 if (e->bitmask == 0)
604 return 0;
605 /* we're done */
606 if (cnt && (*cnt)-- == 0)
607 return 1;
608 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
609 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
610 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
611
612 par.target = t->u.target;
613 par.targinfo = t->data;
614 par.family = NFPROTO_BRIDGE;
615 if (par.target->destroy != NULL)
616 par.target->destroy(&par);
617 module_put(par.target->me);
618 return 0;
619 }
620
621 static inline int
622 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
623 const char *name, unsigned int *cnt,
624 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
625 {
626 struct ebt_entry_target *t;
627 struct xt_target *target;
628 unsigned int i, j, hook = 0, hookmask = 0;
629 size_t gap;
630 int ret;
631 struct xt_mtchk_param mtpar;
632 struct xt_tgchk_param tgpar;
633
634 /* don't mess with the struct ebt_entries */
635 if (e->bitmask == 0)
636 return 0;
637
638 if (e->bitmask & ~EBT_F_MASK) {
639 BUGPRINT("Unknown flag for bitmask\n");
640 return -EINVAL;
641 }
642 if (e->invflags & ~EBT_INV_MASK) {
643 BUGPRINT("Unknown flag for inv bitmask\n");
644 return -EINVAL;
645 }
646 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
647 BUGPRINT("NOPROTO & 802_3 not allowed\n");
648 return -EINVAL;
649 }
650 /* what hook do we belong to? */
651 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
652 if (!newinfo->hook_entry[i])
653 continue;
654 if ((char *)newinfo->hook_entry[i] < (char *)e)
655 hook = i;
656 else
657 break;
658 }
659 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
660 a base chain */
661 if (i < NF_BR_NUMHOOKS)
662 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
663 else {
664 for (i = 0; i < udc_cnt; i++)
665 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
666 break;
667 if (i == 0)
668 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
669 else
670 hookmask = cl_s[i - 1].hookmask;
671 }
672 i = 0;
673
674 mtpar.table = tgpar.table = name;
675 mtpar.entryinfo = tgpar.entryinfo = e;
676 mtpar.hook_mask = tgpar.hook_mask = hookmask;
677 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
678 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
679 if (ret != 0)
680 goto cleanup_matches;
681 j = 0;
682 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
683 if (ret != 0)
684 goto cleanup_watchers;
685 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
686 gap = e->next_offset - e->target_offset;
687
688 target = try_then_request_module(
689 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
690 "ebt_%s", t->u.name);
691 if (IS_ERR(target)) {
692 ret = PTR_ERR(target);
693 goto cleanup_watchers;
694 } else if (target == NULL) {
695 ret = -ENOENT;
696 goto cleanup_watchers;
697 }
698
699 t->u.target = target;
700 if (t->u.target == &ebt_standard_target) {
701 if (gap < sizeof(struct ebt_standard_target)) {
702 BUGPRINT("Standard target size too big\n");
703 ret = -EFAULT;
704 goto cleanup_watchers;
705 }
706 if (((struct ebt_standard_target *)t)->verdict <
707 -NUM_STANDARD_TARGETS) {
708 BUGPRINT("Invalid standard target\n");
709 ret = -EFAULT;
710 goto cleanup_watchers;
711 }
712 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
713 module_put(t->u.target->me);
714 ret = -EFAULT;
715 goto cleanup_watchers;
716 }
717
718 tgpar.target = target;
719 tgpar.targinfo = t->data;
720 ret = xt_check_target(&tgpar, t->target_size,
721 e->ethproto, e->invflags & EBT_IPROTO);
722 if (ret < 0) {
723 module_put(target->me);
724 goto cleanup_watchers;
725 }
726 (*cnt)++;
727 return 0;
728 cleanup_watchers:
729 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
730 cleanup_matches:
731 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
732 return ret;
733 }
734
735 /*
736 * checks for loops and sets the hook mask for udc
737 * the hook mask for udc tells us from which base chains the udc can be
738 * accessed. This mask is a parameter to the check() functions of the extensions
739 */
740 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
741 unsigned int udc_cnt, unsigned int hooknr, char *base)
742 {
743 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
744 struct ebt_entry *e = (struct ebt_entry *)chain->data;
745 struct ebt_entry_target *t;
746
747 while (pos < nentries || chain_nr != -1) {
748 /* end of udc, go back one 'recursion' step */
749 if (pos == nentries) {
750 /* put back values of the time when this chain was called */
751 e = cl_s[chain_nr].cs.e;
752 if (cl_s[chain_nr].from != -1)
753 nentries =
754 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
755 else
756 nentries = chain->nentries;
757 pos = cl_s[chain_nr].cs.n;
758 /* make sure we won't see a loop that isn't one */
759 cl_s[chain_nr].cs.n = 0;
760 chain_nr = cl_s[chain_nr].from;
761 if (pos == nentries)
762 continue;
763 }
764 t = (struct ebt_entry_target *)
765 (((char *)e) + e->target_offset);
766 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
767 goto letscontinue;
768 if (e->target_offset + sizeof(struct ebt_standard_target) >
769 e->next_offset) {
770 BUGPRINT("Standard target size too big\n");
771 return -1;
772 }
773 verdict = ((struct ebt_standard_target *)t)->verdict;
774 if (verdict >= 0) { /* jump to another chain */
775 struct ebt_entries *hlp2 =
776 (struct ebt_entries *)(base + verdict);
777 for (i = 0; i < udc_cnt; i++)
778 if (hlp2 == cl_s[i].cs.chaininfo)
779 break;
780 /* bad destination or loop */
781 if (i == udc_cnt) {
782 BUGPRINT("bad destination\n");
783 return -1;
784 }
785 if (cl_s[i].cs.n) {
786 BUGPRINT("loop\n");
787 return -1;
788 }
789 if (cl_s[i].hookmask & (1 << hooknr))
790 goto letscontinue;
791 /* this can't be 0, so the loop test is correct */
792 cl_s[i].cs.n = pos + 1;
793 pos = 0;
794 cl_s[i].cs.e = ebt_next_entry(e);
795 e = (struct ebt_entry *)(hlp2->data);
796 nentries = hlp2->nentries;
797 cl_s[i].from = chain_nr;
798 chain_nr = i;
799 /* this udc is accessible from the base chain for hooknr */
800 cl_s[i].hookmask |= (1 << hooknr);
801 continue;
802 }
803 letscontinue:
804 e = ebt_next_entry(e);
805 pos++;
806 }
807 return 0;
808 }
809
810 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
811 static int translate_table(char *name, struct ebt_table_info *newinfo)
812 {
813 unsigned int i, j, k, udc_cnt;
814 int ret;
815 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
816
817 i = 0;
818 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
819 i++;
820 if (i == NF_BR_NUMHOOKS) {
821 BUGPRINT("No valid hooks specified\n");
822 return -EINVAL;
823 }
824 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
825 BUGPRINT("Chains don't start at beginning\n");
826 return -EINVAL;
827 }
828 /* make sure chains are ordered after each other in same order
829 as their corresponding hooks */
830 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
831 if (!newinfo->hook_entry[j])
832 continue;
833 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
834 BUGPRINT("Hook order must be followed\n");
835 return -EINVAL;
836 }
837 i = j;
838 }
839
840 /* do some early checkings and initialize some things */
841 i = 0; /* holds the expected nr. of entries for the chain */
842 j = 0; /* holds the up to now counted entries for the chain */
843 k = 0; /* holds the total nr. of entries, should equal
844 newinfo->nentries afterwards */
845 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
846 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
847 ebt_check_entry_size_and_hooks, newinfo,
848 &i, &j, &k, &udc_cnt);
849
850 if (ret != 0)
851 return ret;
852
853 if (i != j) {
854 BUGPRINT("nentries does not equal the nr of entries in the "
855 "(last) chain\n");
856 return -EINVAL;
857 }
858 if (k != newinfo->nentries) {
859 BUGPRINT("Total nentries is wrong\n");
860 return -EINVAL;
861 }
862
863 /* get the location of the udc, put them in an array
864 while we're at it, allocate the chainstack */
865 if (udc_cnt) {
866 /* this will get free'd in do_replace()/ebt_register_table()
867 if an error occurs */
868 newinfo->chainstack =
869 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
870 if (!newinfo->chainstack)
871 return -ENOMEM;
872 for_each_possible_cpu(i) {
873 newinfo->chainstack[i] =
874 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
875 if (!newinfo->chainstack[i]) {
876 while (i)
877 vfree(newinfo->chainstack[--i]);
878 vfree(newinfo->chainstack);
879 newinfo->chainstack = NULL;
880 return -ENOMEM;
881 }
882 }
883
884 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
885 if (!cl_s)
886 return -ENOMEM;
887 i = 0; /* the i'th udc */
888 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
889 ebt_get_udc_positions, newinfo, &i, cl_s);
890 /* sanity check */
891 if (i != udc_cnt) {
892 BUGPRINT("i != udc_cnt\n");
893 vfree(cl_s);
894 return -EFAULT;
895 }
896 }
897
898 /* Check for loops */
899 for (i = 0; i < NF_BR_NUMHOOKS; i++)
900 if (newinfo->hook_entry[i])
901 if (check_chainloops(newinfo->hook_entry[i],
902 cl_s, udc_cnt, i, newinfo->entries)) {
903 vfree(cl_s);
904 return -EINVAL;
905 }
906
907 /* we now know the following (along with E=mc²):
908 - the nr of entries in each chain is right
909 - the size of the allocated space is right
910 - all valid hooks have a corresponding chain
911 - there are no loops
912 - wrong data can still be on the level of a single entry
913 - could be there are jumps to places that are not the
914 beginning of a chain. This can only occur in chains that
915 are not accessible from any base chains, so we don't care. */
916
917 /* used to know what we need to clean up if something goes wrong */
918 i = 0;
919 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
920 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
921 if (ret != 0) {
922 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
923 ebt_cleanup_entry, &i);
924 }
925 vfree(cl_s);
926 return ret;
927 }
928
929 /* called under write_lock */
930 static void get_counters(struct ebt_counter *oldcounters,
931 struct ebt_counter *counters, unsigned int nentries)
932 {
933 int i, cpu;
934 struct ebt_counter *counter_base;
935
936 /* counters of cpu 0 */
937 memcpy(counters, oldcounters,
938 sizeof(struct ebt_counter) * nentries);
939
940 /* add other counters to those of cpu 0 */
941 for_each_possible_cpu(cpu) {
942 if (cpu == 0)
943 continue;
944 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
945 for (i = 0; i < nentries; i++) {
946 counters[i].pcnt += counter_base[i].pcnt;
947 counters[i].bcnt += counter_base[i].bcnt;
948 }
949 }
950 }
951
952 /* replace the table */
953 static int do_replace(struct net *net, void __user *user, unsigned int len)
954 {
955 int ret, i, countersize;
956 struct ebt_table_info *newinfo;
957 struct ebt_replace tmp;
958 struct ebt_table *t;
959 struct ebt_counter *counterstmp = NULL;
960 /* used to be able to unlock earlier */
961 struct ebt_table_info *table;
962
963 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
964 return -EFAULT;
965
966 if (len != sizeof(tmp) + tmp.entries_size) {
967 BUGPRINT("Wrong len argument\n");
968 return -EINVAL;
969 }
970
971 if (tmp.entries_size == 0) {
972 BUGPRINT("Entries_size never zero\n");
973 return -EINVAL;
974 }
975 /* overflow check */
976 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
977 SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
978 return -ENOMEM;
979 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
980 return -ENOMEM;
981
982 tmp.name[sizeof(tmp.name) - 1] = 0;
983
984 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
985 newinfo = vmalloc(sizeof(*newinfo) + countersize);
986 if (!newinfo)
987 return -ENOMEM;
988
989 if (countersize)
990 memset(newinfo->counters, 0, countersize);
991
992 newinfo->entries = vmalloc(tmp.entries_size);
993 if (!newinfo->entries) {
994 ret = -ENOMEM;
995 goto free_newinfo;
996 }
997 if (copy_from_user(
998 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
999 BUGPRINT("Couldn't copy entries from userspace\n");
1000 ret = -EFAULT;
1001 goto free_entries;
1002 }
1003
1004 /* the user wants counters back
1005 the check on the size is done later, when we have the lock */
1006 if (tmp.num_counters) {
1007 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1008 if (!counterstmp) {
1009 ret = -ENOMEM;
1010 goto free_entries;
1011 }
1012 }
1013 else
1014 counterstmp = NULL;
1015
1016 /* this can get initialized by translate_table() */
1017 newinfo->chainstack = NULL;
1018 ret = ebt_verify_pointers(&tmp, newinfo);
1019 if (ret != 0)
1020 goto free_counterstmp;
1021
1022 ret = translate_table(tmp.name, newinfo);
1023
1024 if (ret != 0)
1025 goto free_counterstmp;
1026
1027 t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1028 if (!t) {
1029 ret = -ENOENT;
1030 goto free_iterate;
1031 }
1032
1033 /* the table doesn't like it */
1034 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1035 goto free_unlock;
1036
1037 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1038 BUGPRINT("Wrong nr. of counters requested\n");
1039 ret = -EINVAL;
1040 goto free_unlock;
1041 }
1042
1043 /* we have the mutex lock, so no danger in reading this pointer */
1044 table = t->private;
1045 /* make sure the table can only be rmmod'ed if it contains no rules */
1046 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1047 ret = -ENOENT;
1048 goto free_unlock;
1049 } else if (table->nentries && !newinfo->nentries)
1050 module_put(t->me);
1051 /* we need an atomic snapshot of the counters */
1052 write_lock_bh(&t->lock);
1053 if (tmp.num_counters)
1054 get_counters(t->private->counters, counterstmp,
1055 t->private->nentries);
1056
1057 t->private = newinfo;
1058 write_unlock_bh(&t->lock);
1059 mutex_unlock(&ebt_mutex);
1060 /* so, a user can change the chains while having messed up her counter
1061 allocation. Only reason why this is done is because this way the lock
1062 is held only once, while this doesn't bring the kernel into a
1063 dangerous state. */
1064 if (tmp.num_counters &&
1065 copy_to_user(tmp.counters, counterstmp,
1066 tmp.num_counters * sizeof(struct ebt_counter))) {
1067 BUGPRINT("Couldn't copy counters to userspace\n");
1068 ret = -EFAULT;
1069 }
1070 else
1071 ret = 0;
1072
1073 /* decrease module count and free resources */
1074 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1075 ebt_cleanup_entry, NULL);
1076
1077 vfree(table->entries);
1078 if (table->chainstack) {
1079 for_each_possible_cpu(i)
1080 vfree(table->chainstack[i]);
1081 vfree(table->chainstack);
1082 }
1083 vfree(table);
1084
1085 vfree(counterstmp);
1086 return ret;
1087
1088 free_unlock:
1089 mutex_unlock(&ebt_mutex);
1090 free_iterate:
1091 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1092 ebt_cleanup_entry, NULL);
1093 free_counterstmp:
1094 vfree(counterstmp);
1095 /* can be initialized in translate_table() */
1096 if (newinfo->chainstack) {
1097 for_each_possible_cpu(i)
1098 vfree(newinfo->chainstack[i]);
1099 vfree(newinfo->chainstack);
1100 }
1101 free_entries:
1102 vfree(newinfo->entries);
1103 free_newinfo:
1104 vfree(newinfo);
1105 return ret;
1106 }
1107
1108 struct ebt_table *
1109 ebt_register_table(struct net *net, const struct ebt_table *input_table)
1110 {
1111 struct ebt_table_info *newinfo;
1112 struct ebt_table *t, *table;
1113 struct ebt_replace_kernel *repl;
1114 int ret, i, countersize;
1115 void *p;
1116
1117 if (input_table == NULL || (repl = input_table->table) == NULL ||
1118 repl->entries == 0 || repl->entries_size == 0 ||
1119 repl->counters != NULL || input_table->private != NULL) {
1120 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1121 return ERR_PTR(-EINVAL);
1122 }
1123
1124 /* Don't add one table to multiple lists. */
1125 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1126 if (!table) {
1127 ret = -ENOMEM;
1128 goto out;
1129 }
1130
1131 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
1132 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1133 ret = -ENOMEM;
1134 if (!newinfo)
1135 goto free_table;
1136
1137 p = vmalloc(repl->entries_size);
1138 if (!p)
1139 goto free_newinfo;
1140
1141 memcpy(p, repl->entries, repl->entries_size);
1142 newinfo->entries = p;
1143
1144 newinfo->entries_size = repl->entries_size;
1145 newinfo->nentries = repl->nentries;
1146
1147 if (countersize)
1148 memset(newinfo->counters, 0, countersize);
1149
1150 /* fill in newinfo and parse the entries */
1151 newinfo->chainstack = NULL;
1152 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1153 if ((repl->valid_hooks & (1 << i)) == 0)
1154 newinfo->hook_entry[i] = NULL;
1155 else
1156 newinfo->hook_entry[i] = p +
1157 ((char *)repl->hook_entry[i] - repl->entries);
1158 }
1159 ret = translate_table(repl->name, newinfo);
1160 if (ret != 0) {
1161 BUGPRINT("Translate_table failed\n");
1162 goto free_chainstack;
1163 }
1164
1165 if (table->check && table->check(newinfo, table->valid_hooks)) {
1166 BUGPRINT("The table doesn't like its own initial data, lol\n");
1167 return ERR_PTR(-EINVAL);
1168 }
1169
1170 table->private = newinfo;
1171 rwlock_init(&table->lock);
1172 ret = mutex_lock_interruptible(&ebt_mutex);
1173 if (ret != 0)
1174 goto free_chainstack;
1175
1176 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1177 if (strcmp(t->name, table->name) == 0) {
1178 ret = -EEXIST;
1179 BUGPRINT("Table name already exists\n");
1180 goto free_unlock;
1181 }
1182 }
1183
1184 /* Hold a reference count if the chains aren't empty */
1185 if (newinfo->nentries && !try_module_get(table->me)) {
1186 ret = -ENOENT;
1187 goto free_unlock;
1188 }
1189 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1190 mutex_unlock(&ebt_mutex);
1191 return table;
1192 free_unlock:
1193 mutex_unlock(&ebt_mutex);
1194 free_chainstack:
1195 if (newinfo->chainstack) {
1196 for_each_possible_cpu(i)
1197 vfree(newinfo->chainstack[i]);
1198 vfree(newinfo->chainstack);
1199 }
1200 vfree(newinfo->entries);
1201 free_newinfo:
1202 vfree(newinfo);
1203 free_table:
1204 kfree(table);
1205 out:
1206 return ERR_PTR(ret);
1207 }
1208
1209 void ebt_unregister_table(struct ebt_table *table)
1210 {
1211 int i;
1212
1213 if (!table) {
1214 BUGPRINT("Request to unregister NULL table!!!\n");
1215 return;
1216 }
1217 mutex_lock(&ebt_mutex);
1218 list_del(&table->list);
1219 mutex_unlock(&ebt_mutex);
1220 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1221 ebt_cleanup_entry, NULL);
1222 if (table->private->nentries)
1223 module_put(table->me);
1224 vfree(table->private->entries);
1225 if (table->private->chainstack) {
1226 for_each_possible_cpu(i)
1227 vfree(table->private->chainstack[i]);
1228 vfree(table->private->chainstack);
1229 }
1230 vfree(table->private);
1231 kfree(table);
1232 }
1233
1234 /* userspace just supplied us with counters */
1235 static int update_counters(struct net *net, void __user *user, unsigned int len)
1236 {
1237 int i, ret;
1238 struct ebt_counter *tmp;
1239 struct ebt_replace hlp;
1240 struct ebt_table *t;
1241
1242 if (copy_from_user(&hlp, user, sizeof(hlp)))
1243 return -EFAULT;
1244
1245 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1246 return -EINVAL;
1247 if (hlp.num_counters == 0)
1248 return -EINVAL;
1249
1250 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1251 MEMPRINT("Update_counters && nomemory\n");
1252 return -ENOMEM;
1253 }
1254
1255 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1256 if (!t)
1257 goto free_tmp;
1258
1259 if (hlp.num_counters != t->private->nentries) {
1260 BUGPRINT("Wrong nr of counters\n");
1261 ret = -EINVAL;
1262 goto unlock_mutex;
1263 }
1264
1265 if ( copy_from_user(tmp, hlp.counters,
1266 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1267 BUGPRINT("Updata_counters && !cfu\n");
1268 ret = -EFAULT;
1269 goto unlock_mutex;
1270 }
1271
1272 /* we want an atomic add of the counters */
1273 write_lock_bh(&t->lock);
1274
1275 /* we add to the counters of the first cpu */
1276 for (i = 0; i < hlp.num_counters; i++) {
1277 t->private->counters[i].pcnt += tmp[i].pcnt;
1278 t->private->counters[i].bcnt += tmp[i].bcnt;
1279 }
1280
1281 write_unlock_bh(&t->lock);
1282 ret = 0;
1283 unlock_mutex:
1284 mutex_unlock(&ebt_mutex);
1285 free_tmp:
1286 vfree(tmp);
1287 return ret;
1288 }
1289
1290 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1291 char *base, char __user *ubase)
1292 {
1293 char __user *hlp = ubase + ((char *)m - base);
1294 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1295 return -EFAULT;
1296 return 0;
1297 }
1298
1299 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1300 char *base, char __user *ubase)
1301 {
1302 char __user *hlp = ubase + ((char *)w - base);
1303 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1304 return -EFAULT;
1305 return 0;
1306 }
1307
1308 static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1309 {
1310 int ret;
1311 char __user *hlp;
1312 struct ebt_entry_target *t;
1313
1314 if (e->bitmask == 0)
1315 return 0;
1316
1317 hlp = ubase + (((char *)e + e->target_offset) - base);
1318 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1319
1320 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1321 if (ret != 0)
1322 return ret;
1323 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1324 if (ret != 0)
1325 return ret;
1326 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1327 return -EFAULT;
1328 return 0;
1329 }
1330
1331 /* called with ebt_mutex locked */
1332 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1333 int *len, int cmd)
1334 {
1335 struct ebt_replace tmp;
1336 struct ebt_counter *counterstmp, *oldcounters;
1337 unsigned int entries_size, nentries;
1338 char *entries;
1339
1340 if (cmd == EBT_SO_GET_ENTRIES) {
1341 entries_size = t->private->entries_size;
1342 nentries = t->private->nentries;
1343 entries = t->private->entries;
1344 oldcounters = t->private->counters;
1345 } else {
1346 entries_size = t->table->entries_size;
1347 nentries = t->table->nentries;
1348 entries = t->table->entries;
1349 oldcounters = t->table->counters;
1350 }
1351
1352 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1353 BUGPRINT("Cfu didn't work\n");
1354 return -EFAULT;
1355 }
1356
1357 if (*len != sizeof(struct ebt_replace) + entries_size +
1358 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1359 BUGPRINT("Wrong size\n");
1360 return -EINVAL;
1361 }
1362
1363 if (tmp.nentries != nentries) {
1364 BUGPRINT("Nentries wrong\n");
1365 return -EINVAL;
1366 }
1367
1368 if (tmp.entries_size != entries_size) {
1369 BUGPRINT("Wrong size\n");
1370 return -EINVAL;
1371 }
1372
1373 /* userspace might not need the counters */
1374 if (tmp.num_counters) {
1375 if (tmp.num_counters != nentries) {
1376 BUGPRINT("Num_counters wrong\n");
1377 return -EINVAL;
1378 }
1379 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1380 if (!counterstmp) {
1381 MEMPRINT("Couldn't copy counters, out of memory\n");
1382 return -ENOMEM;
1383 }
1384 write_lock_bh(&t->lock);
1385 get_counters(oldcounters, counterstmp, nentries);
1386 write_unlock_bh(&t->lock);
1387
1388 if (copy_to_user(tmp.counters, counterstmp,
1389 nentries * sizeof(struct ebt_counter))) {
1390 BUGPRINT("Couldn't copy counters to userspace\n");
1391 vfree(counterstmp);
1392 return -EFAULT;
1393 }
1394 vfree(counterstmp);
1395 }
1396
1397 if (copy_to_user(tmp.entries, entries, entries_size)) {
1398 BUGPRINT("Couldn't copy entries to userspace\n");
1399 return -EFAULT;
1400 }
1401 /* set the match/watcher/target names right */
1402 return EBT_ENTRY_ITERATE(entries, entries_size,
1403 ebt_make_names, entries, tmp.entries);
1404 }
1405
1406 static int do_ebt_set_ctl(struct sock *sk,
1407 int cmd, void __user *user, unsigned int len)
1408 {
1409 int ret;
1410
1411 if (!capable(CAP_NET_ADMIN))
1412 return -EPERM;
1413
1414 switch(cmd) {
1415 case EBT_SO_SET_ENTRIES:
1416 ret = do_replace(sock_net(sk), user, len);
1417 break;
1418 case EBT_SO_SET_COUNTERS:
1419 ret = update_counters(sock_net(sk), user, len);
1420 break;
1421 default:
1422 ret = -EINVAL;
1423 }
1424 return ret;
1425 }
1426
1427 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1428 {
1429 int ret;
1430 struct ebt_replace tmp;
1431 struct ebt_table *t;
1432
1433 if (!capable(CAP_NET_ADMIN))
1434 return -EPERM;
1435
1436 if (copy_from_user(&tmp, user, sizeof(tmp)))
1437 return -EFAULT;
1438
1439 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1440 if (!t)
1441 return ret;
1442
1443 switch(cmd) {
1444 case EBT_SO_GET_INFO:
1445 case EBT_SO_GET_INIT_INFO:
1446 if (*len != sizeof(struct ebt_replace)){
1447 ret = -EINVAL;
1448 mutex_unlock(&ebt_mutex);
1449 break;
1450 }
1451 if (cmd == EBT_SO_GET_INFO) {
1452 tmp.nentries = t->private->nentries;
1453 tmp.entries_size = t->private->entries_size;
1454 tmp.valid_hooks = t->valid_hooks;
1455 } else {
1456 tmp.nentries = t->table->nentries;
1457 tmp.entries_size = t->table->entries_size;
1458 tmp.valid_hooks = t->table->valid_hooks;
1459 }
1460 mutex_unlock(&ebt_mutex);
1461 if (copy_to_user(user, &tmp, *len) != 0){
1462 BUGPRINT("c2u Didn't work\n");
1463 ret = -EFAULT;
1464 break;
1465 }
1466 ret = 0;
1467 break;
1468
1469 case EBT_SO_GET_ENTRIES:
1470 case EBT_SO_GET_INIT_ENTRIES:
1471 ret = copy_everything_to_user(t, user, len, cmd);
1472 mutex_unlock(&ebt_mutex);
1473 break;
1474
1475 default:
1476 mutex_unlock(&ebt_mutex);
1477 ret = -EINVAL;
1478 }
1479
1480 return ret;
1481 }
1482
1483 static struct nf_sockopt_ops ebt_sockopts =
1484 {
1485 .pf = PF_INET,
1486 .set_optmin = EBT_BASE_CTL,
1487 .set_optmax = EBT_SO_SET_MAX + 1,
1488 .set = do_ebt_set_ctl,
1489 .get_optmin = EBT_BASE_CTL,
1490 .get_optmax = EBT_SO_GET_MAX + 1,
1491 .get = do_ebt_get_ctl,
1492 .owner = THIS_MODULE,
1493 };
1494
1495 static int __init ebtables_init(void)
1496 {
1497 int ret;
1498
1499 ret = xt_register_target(&ebt_standard_target);
1500 if (ret < 0)
1501 return ret;
1502 ret = nf_register_sockopt(&ebt_sockopts);
1503 if (ret < 0) {
1504 xt_unregister_target(&ebt_standard_target);
1505 return ret;
1506 }
1507
1508 printk(KERN_INFO "Ebtables v2.0 registered\n");
1509 return 0;
1510 }
1511
1512 static void __exit ebtables_fini(void)
1513 {
1514 nf_unregister_sockopt(&ebt_sockopts);
1515 xt_unregister_target(&ebt_standard_target);
1516 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1517 }
1518
1519 EXPORT_SYMBOL(ebt_register_table);
1520 EXPORT_SYMBOL(ebt_unregister_table);
1521 EXPORT_SYMBOL(ebt_do_table);
1522 module_init(ebtables_init);
1523 module_exit(ebtables_fini);
1524 MODULE_LICENSE("GPL");
Linux ARM platform port for MOXA ART SoC