search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
OMAP3: PM: Ensure MUSB block can idle when driver not loaded
[linux-ginger.git] / net / ipv4 / netfilter / arp_tables.c
blob831fe1879dc07dfacdb8eff3970829140f748e16
1 /*
2 * Packet matching code for ARP packets.
3 *
4 * Based heavily, if not almost entirely, upon ip_tables.c framework.
5 *
6 * Some ARP specific bits are:
7 *
8 * Copyright (C) 2002 David S. Miller (davem@redhat.com)
9 *
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/skbuff.h>
14 #include <linux/netdevice.h>
15 #include <linux/capability.h>
16 #include <linux/if_arp.h>
17 #include <linux/kmod.h>
18 #include <linux/vmalloc.h>
19 #include <linux/proc_fs.h>
20 #include <linux/module.h>
21 #include <linux/init.h>
22 #include <linux/mutex.h>
23 #include <linux/err.h>
24 #include <net/compat.h>
25 #include <net/sock.h>
26 #include <asm/uaccess.h>
27
28 #include <linux/netfilter/x_tables.h>
29 #include <linux/netfilter_arp/arp_tables.h>
30
31 MODULE_LICENSE("GPL");
32 MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
33 MODULE_DESCRIPTION("arptables core");
34
35 /*#define DEBUG_ARP_TABLES*/
36 /*#define DEBUG_ARP_TABLES_USER*/
37
38 #ifdef DEBUG_ARP_TABLES
39 #define dprintf(format, args...) printk(format , ## args)
40 #else
41 #define dprintf(format, args...)
42 #endif
43
44 #ifdef DEBUG_ARP_TABLES_USER
45 #define duprintf(format, args...) printk(format , ## args)
46 #else
47 #define duprintf(format, args...)
48 #endif
49
50 #ifdef CONFIG_NETFILTER_DEBUG
51 #define ARP_NF_ASSERT(x) \
52 do { \
53 if (!(x)) \
54 printk("ARP_NF_ASSERT: %s:%s:%u\n", \
55 __func__, __FILE__, __LINE__); \
56 } while(0)
57 #else
58 #define ARP_NF_ASSERT(x)
59 #endif
60
61 static inline int arp_devaddr_compare(const struct arpt_devaddr_info *ap,
62 const char *hdr_addr, int len)
63 {
64 int i, ret;
65
66 if (len > ARPT_DEV_ADDR_LEN_MAX)
67 len = ARPT_DEV_ADDR_LEN_MAX;
68
69 ret = 0;
70 for (i = 0; i < len; i++)
71 ret |= (hdr_addr[i] ^ ap->addr[i]) & ap->mask[i];
72
73 return (ret != 0);
74 }
75
76 /*
77 * Unfortunatly, _b and _mask are not aligned to an int (or long int)
78 * Some arches dont care, unrolling the loop is a win on them.
79 * For other arches, we only have a 16bit alignement.
80 */
81 static unsigned long ifname_compare(const char *_a, const char *_b, const char *_mask)
82 {
83 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
84 unsigned long ret = ifname_compare_aligned(_a, _b, _mask);
85 #else
86 unsigned long ret = 0;
87 const u16 *a = (const u16 *)_a;
88 const u16 *b = (const u16 *)_b;
89 const u16 *mask = (const u16 *)_mask;
90 int i;
91
92 for (i = 0; i < IFNAMSIZ/sizeof(u16); i++)
93 ret |= (a[i] ^ b[i]) & mask[i];
94 #endif
95 return ret;
96 }
97
98 /* Returns whether packet matches rule or not. */
99 static inline int arp_packet_match(const struct arphdr *arphdr,
100 struct net_device *dev,
101 const char *indev,
102 const char *outdev,
103 const struct arpt_arp *arpinfo)
104 {
105 const char *arpptr = (char *)(arphdr + 1);
106 const char *src_devaddr, *tgt_devaddr;
107 __be32 src_ipaddr, tgt_ipaddr;
108 long ret;
109
110 #define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg)))
111
112 if (FWINV((arphdr->ar_op & arpinfo->arpop_mask) != arpinfo->arpop,
113 ARPT_INV_ARPOP)) {
114 dprintf("ARP operation field mismatch.\n");
115 dprintf("ar_op: %04x info->arpop: %04x info->arpop_mask: %04x\n",
116 arphdr->ar_op, arpinfo->arpop, arpinfo->arpop_mask);
117 return 0;
118 }
119
120 if (FWINV((arphdr->ar_hrd & arpinfo->arhrd_mask) != arpinfo->arhrd,
121 ARPT_INV_ARPHRD)) {
122 dprintf("ARP hardware address format mismatch.\n");
123 dprintf("ar_hrd: %04x info->arhrd: %04x info->arhrd_mask: %04x\n",
124 arphdr->ar_hrd, arpinfo->arhrd, arpinfo->arhrd_mask);
125 return 0;
126 }
127
128 if (FWINV((arphdr->ar_pro & arpinfo->arpro_mask) != arpinfo->arpro,
129 ARPT_INV_ARPPRO)) {
130 dprintf("ARP protocol address format mismatch.\n");
131 dprintf("ar_pro: %04x info->arpro: %04x info->arpro_mask: %04x\n",
132 arphdr->ar_pro, arpinfo->arpro, arpinfo->arpro_mask);
133 return 0;
134 }
135
136 if (FWINV((arphdr->ar_hln & arpinfo->arhln_mask) != arpinfo->arhln,
137 ARPT_INV_ARPHLN)) {
138 dprintf("ARP hardware address length mismatch.\n");
139 dprintf("ar_hln: %02x info->arhln: %02x info->arhln_mask: %02x\n",
140 arphdr->ar_hln, arpinfo->arhln, arpinfo->arhln_mask);
141 return 0;
142 }
143
144 src_devaddr = arpptr;
145 arpptr += dev->addr_len;
146 memcpy(&src_ipaddr, arpptr, sizeof(u32));
147 arpptr += sizeof(u32);
148 tgt_devaddr = arpptr;
149 arpptr += dev->addr_len;
150 memcpy(&tgt_ipaddr, arpptr, sizeof(u32));
151
152 if (FWINV(arp_devaddr_compare(&arpinfo->src_devaddr, src_devaddr, dev->addr_len),
153 ARPT_INV_SRCDEVADDR) ||
154 FWINV(arp_devaddr_compare(&arpinfo->tgt_devaddr, tgt_devaddr, dev->addr_len),
155 ARPT_INV_TGTDEVADDR)) {
156 dprintf("Source or target device address mismatch.\n");
157
158 return 0;
159 }
160
161 if (FWINV((src_ipaddr & arpinfo->smsk.s_addr) != arpinfo->src.s_addr,
162 ARPT_INV_SRCIP) ||
163 FWINV(((tgt_ipaddr & arpinfo->tmsk.s_addr) != arpinfo->tgt.s_addr),
164 ARPT_INV_TGTIP)) {
165 dprintf("Source or target IP address mismatch.\n");
166
167 dprintf("SRC: %pI4. Mask: %pI4. Target: %pI4.%s\n",
168 &src_ipaddr,
169 &arpinfo->smsk.s_addr,
170 &arpinfo->src.s_addr,
171 arpinfo->invflags & ARPT_INV_SRCIP ? " (INV)" : "");
172 dprintf("TGT: %pI4 Mask: %pI4 Target: %pI4.%s\n",
173 &tgt_ipaddr,
174 &arpinfo->tmsk.s_addr,
175 &arpinfo->tgt.s_addr,
176 arpinfo->invflags & ARPT_INV_TGTIP ? " (INV)" : "");
177 return 0;
178 }
179
180 /* Look for ifname matches. */
181 ret = ifname_compare(indev, arpinfo->iniface, arpinfo->iniface_mask);
182
183 if (FWINV(ret != 0, ARPT_INV_VIA_IN)) {
184 dprintf("VIA in mismatch (%s vs %s).%s\n",
185 indev, arpinfo->iniface,
186 arpinfo->invflags&ARPT_INV_VIA_IN ?" (INV)":"");
187 return 0;
188 }
189
190 ret = ifname_compare(outdev, arpinfo->outiface, arpinfo->outiface_mask);
191
192 if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) {
193 dprintf("VIA out mismatch (%s vs %s).%s\n",
194 outdev, arpinfo->outiface,
195 arpinfo->invflags&ARPT_INV_VIA_OUT ?" (INV)":"");
196 return 0;
197 }
198
199 return 1;
200 #undef FWINV
201 }
202
203 static inline int arp_checkentry(const struct arpt_arp *arp)
204 {
205 if (arp->flags & ~ARPT_F_MASK) {
206 duprintf("Unknown flag bits set: %08X\n",
207 arp->flags & ~ARPT_F_MASK);
208 return 0;
209 }
210 if (arp->invflags & ~ARPT_INV_MASK) {
211 duprintf("Unknown invflag bits set: %08X\n",
212 arp->invflags & ~ARPT_INV_MASK);
213 return 0;
214 }
215
216 return 1;
217 }
218
219 static unsigned int
220 arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
221 {
222 if (net_ratelimit())
223 printk("arp_tables: error: '%s'\n",
224 (const char *)par->targinfo);
225
226 return NF_DROP;
227 }
228
229 static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
230 {
231 return (struct arpt_entry *)(base + offset);
232 }
233
234 unsigned int arpt_do_table(struct sk_buff *skb,
235 unsigned int hook,
236 const struct net_device *in,
237 const struct net_device *out,
238 struct xt_table *table)
239 {
240 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
241 unsigned int verdict = NF_DROP;
242 const struct arphdr *arp;
243 bool hotdrop = false;
244 struct arpt_entry *e, *back;
245 const char *indev, *outdev;
246 void *table_base;
247 const struct xt_table_info *private;
248 struct xt_target_param tgpar;
249
250 if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
251 return NF_DROP;
252
253 indev = in ? in->name : nulldevname;
254 outdev = out ? out->name : nulldevname;
255
256 xt_info_rdlock_bh();
257 private = table->private;
258 table_base = private->entries[smp_processor_id()];
259
260 e = get_entry(table_base, private->hook_entry[hook]);
261 back = get_entry(table_base, private->underflow[hook]);
262
263 tgpar.in = in;
264 tgpar.out = out;
265 tgpar.hooknum = hook;
266 tgpar.family = NFPROTO_ARP;
267
268 arp = arp_hdr(skb);
269 do {
270 if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
271 struct arpt_entry_target *t;
272 int hdr_len;
273
274 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
275 (2 * skb->dev->addr_len);
276
277 ADD_COUNTER(e->counters, hdr_len, 1);
278
279 t = arpt_get_target(e);
280
281 /* Standard target? */
282 if (!t->u.kernel.target->target) {
283 int v;
284
285 v = ((struct arpt_standard_target *)t)->verdict;
286 if (v < 0) {
287 /* Pop from stack? */
288 if (v != ARPT_RETURN) {
289 verdict = (unsigned)(-v) - 1;
290 break;
291 }
292 e = back;
293 back = get_entry(table_base,
294 back->comefrom);
295 continue;
296 }
297 if (table_base + v
298 != (void *)e + e->next_offset) {
299 /* Save old back ptr in next entry */
300 struct arpt_entry *next
301 = (void *)e + e->next_offset;
302 next->comefrom =
303 (void *)back - table_base;
304
305 /* set back pointer to next entry */
306 back = next;
307 }
308
309 e = get_entry(table_base, v);
310 } else {
311 /* Targets which reenter must return
312 * abs. verdicts
313 */
314 tgpar.target = t->u.kernel.target;
315 tgpar.targinfo = t->data;
316 verdict = t->u.kernel.target->target(skb,
317 &tgpar);
318
319 /* Target might have changed stuff. */
320 arp = arp_hdr(skb);
321
322 if (verdict == ARPT_CONTINUE)
323 e = (void *)e + e->next_offset;
324 else
325 /* Verdict */
326 break;
327 }
328 } else {
329 e = (void *)e + e->next_offset;
330 }
331 } while (!hotdrop);
332 xt_info_rdunlock_bh();
333
334 if (hotdrop)
335 return NF_DROP;
336 else
337 return verdict;
338 }
339
340 /* All zeroes == unconditional rule. */
341 static inline int unconditional(const struct arpt_arp *arp)
342 {
343 unsigned int i;
344
345 for (i = 0; i < sizeof(*arp)/sizeof(__u32); i++)
346 if (((__u32 *)arp)[i])
347 return 0;
348
349 return 1;
350 }
351
352 /* Figures out from what hook each rule can be called: returns 0 if
353 * there are loops. Puts hook bitmask in comefrom.
354 */
355 static int mark_source_chains(struct xt_table_info *newinfo,
356 unsigned int valid_hooks, void *entry0)
357 {
358 unsigned int hook;
359
360 /* No recursion; use packet counter to save back ptrs (reset
361 * to 0 as we leave), and comefrom to save source hook bitmask.
362 */
363 for (hook = 0; hook < NF_ARP_NUMHOOKS; hook++) {
364 unsigned int pos = newinfo->hook_entry[hook];
365 struct arpt_entry *e
366 = (struct arpt_entry *)(entry0 + pos);
367
368 if (!(valid_hooks & (1 << hook)))
369 continue;
370
371 /* Set initial back pointer. */
372 e->counters.pcnt = pos;
373
374 for (;;) {
375 const struct arpt_standard_target *t
376 = (void *)arpt_get_target(e);
377 int visited = e->comefrom & (1 << hook);
378
379 if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) {
380 printk("arptables: loop hook %u pos %u %08X.\n",
381 hook, pos, e->comefrom);
382 return 0;
383 }
384 e->comefrom
385 |= ((1 << hook) | (1 << NF_ARP_NUMHOOKS));
386
387 /* Unconditional return/END. */
388 if ((e->target_offset == sizeof(struct arpt_entry)
389 && (strcmp(t->target.u.user.name,
390 ARPT_STANDARD_TARGET) == 0)
391 && t->verdict < 0
392 && unconditional(&e->arp)) || visited) {
393 unsigned int oldpos, size;
394
395 if ((strcmp(t->target.u.user.name,
396 ARPT_STANDARD_TARGET) == 0) &&
397 t->verdict < -NF_MAX_VERDICT - 1) {
398 duprintf("mark_source_chains: bad "
399 "negative verdict (%i)\n",
400 t->verdict);
401 return 0;
402 }
403
404 /* Return: backtrack through the last
405 * big jump.
406 */
407 do {
408 e->comefrom ^= (1<<NF_ARP_NUMHOOKS);
409 oldpos = pos;
410 pos = e->counters.pcnt;
411 e->counters.pcnt = 0;
412
413 /* We're at the start. */
414 if (pos == oldpos)
415 goto next;
416
417 e = (struct arpt_entry *)
418 (entry0 + pos);
419 } while (oldpos == pos + e->next_offset);
420
421 /* Move along one */
422 size = e->next_offset;
423 e = (struct arpt_entry *)
424 (entry0 + pos + size);
425 e->counters.pcnt = pos;
426 pos += size;
427 } else {
428 int newpos = t->verdict;
429
430 if (strcmp(t->target.u.user.name,
431 ARPT_STANDARD_TARGET) == 0
432 && newpos >= 0) {
433 if (newpos > newinfo->size -
434 sizeof(struct arpt_entry)) {
435 duprintf("mark_source_chains: "
436 "bad verdict (%i)\n",
437 newpos);
438 return 0;
439 }
440
441 /* This a jump; chase it. */
442 duprintf("Jump rule %u -> %u\n",
443 pos, newpos);
444 } else {
445 /* ... this is a fallthru */
446 newpos = pos + e->next_offset;
447 }
448 e = (struct arpt_entry *)
449 (entry0 + newpos);
450 e->counters.pcnt = pos;
451 pos = newpos;
452 }
453 }
454 next:
455 duprintf("Finished chain %u\n", hook);
456 }
457 return 1;
458 }
459
460 static inline int check_entry(struct arpt_entry *e, const char *name)
461 {
462 const struct arpt_entry_target *t;
463
464 if (!arp_checkentry(&e->arp)) {
465 duprintf("arp_tables: arp check failed %p %s.\n", e, name);
466 return -EINVAL;
467 }
468
469 if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset)
470 return -EINVAL;
471
472 t = arpt_get_target(e);
473 if (e->target_offset + t->u.target_size > e->next_offset)
474 return -EINVAL;
475
476 return 0;
477 }
478
479 static inline int check_target(struct arpt_entry *e, const char *name)
480 {
481 struct arpt_entry_target *t = arpt_get_target(e);
482 int ret;
483 struct xt_tgchk_param par = {
484 .table = name,
485 .entryinfo = e,
486 .target = t->u.kernel.target,
487 .targinfo = t->data,
488 .hook_mask = e->comefrom,
489 .family = NFPROTO_ARP,
490 };
491
492 ret = xt_check_target(&par, t->u.target_size - sizeof(*t), 0, false);
493 if (ret < 0) {
494 duprintf("arp_tables: check failed for `%s'.\n",
495 t->u.kernel.target->name);
496 return ret;
497 }
498 return 0;
499 }
500
501 static inline int
502 find_check_entry(struct arpt_entry *e, const char *name, unsigned int size,
503 unsigned int *i)
504 {
505 struct arpt_entry_target *t;
506 struct xt_target *target;
507 int ret;
508
509 ret = check_entry(e, name);
510 if (ret)
511 return ret;
512
513 t = arpt_get_target(e);
514 target = try_then_request_module(xt_find_target(NFPROTO_ARP,
515 t->u.user.name,
516 t->u.user.revision),
517 "arpt_%s", t->u.user.name);
518 if (IS_ERR(target) || !target) {
519 duprintf("find_check_entry: `%s' not found\n", t->u.user.name);
520 ret = target ? PTR_ERR(target) : -ENOENT;
521 goto out;
522 }
523 t->u.kernel.target = target;
524
525 ret = check_target(e, name);
526 if (ret)
527 goto err;
528
529 (*i)++;
530 return 0;
531 err:
532 module_put(t->u.kernel.target->me);
533 out:
534 return ret;
535 }
536
537 static inline int check_entry_size_and_hooks(struct arpt_entry *e,
538 struct xt_table_info *newinfo,
539 unsigned char *base,
540 unsigned char *limit,
541 const unsigned int *hook_entries,
542 const unsigned int *underflows,
543 unsigned int *i)
544 {
545 unsigned int h;
546
547 if ((unsigned long)e % __alignof__(struct arpt_entry) != 0
548 || (unsigned char *)e + sizeof(struct arpt_entry) >= limit) {
549 duprintf("Bad offset %p\n", e);
550 return -EINVAL;
551 }
552
553 if (e->next_offset
554 < sizeof(struct arpt_entry) + sizeof(struct arpt_entry_target)) {
555 duprintf("checking: element %p size %u\n",
556 e, e->next_offset);
557 return -EINVAL;
558 }
559
560 /* Check hooks & underflows */
561 for (h = 0; h < NF_ARP_NUMHOOKS; h++) {
562 if ((unsigned char *)e - base == hook_entries[h])
563 newinfo->hook_entry[h] = hook_entries[h];
564 if ((unsigned char *)e - base == underflows[h])
565 newinfo->underflow[h] = underflows[h];
566 }
567
568 /* FIXME: underflows must be unconditional, standard verdicts
569 < 0 (not ARPT_RETURN). --RR */
570
571 /* Clear counters and comefrom */
572 e->counters = ((struct xt_counters) { 0, 0 });
573 e->comefrom = 0;
574
575 (*i)++;
576 return 0;
577 }
578
579 static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i)
580 {
581 struct xt_tgdtor_param par;
582 struct arpt_entry_target *t;
583
584 if (i && (*i)-- == 0)
585 return 1;
586
587 t = arpt_get_target(e);
588 par.target = t->u.kernel.target;
589 par.targinfo = t->data;
590 par.family = NFPROTO_ARP;
591 if (par.target->destroy != NULL)
592 par.target->destroy(&par);
593 module_put(par.target->me);
594 return 0;
595 }
596
597 /* Checks and translates the user-supplied table segment (held in
598 * newinfo).
599 */
600 static int translate_table(const char *name,
601 unsigned int valid_hooks,
602 struct xt_table_info *newinfo,
603 void *entry0,
604 unsigned int size,
605 unsigned int number,
606 const unsigned int *hook_entries,
607 const unsigned int *underflows)
608 {
609 unsigned int i;
610 int ret;
611
612 newinfo->size = size;
613 newinfo->number = number;
614
615 /* Init all hooks to impossible value. */
616 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
617 newinfo->hook_entry[i] = 0xFFFFFFFF;
618 newinfo->underflow[i] = 0xFFFFFFFF;
619 }
620
621 duprintf("translate_table: size %u\n", newinfo->size);
622 i = 0;
623
624 /* Walk through entries, checking offsets. */
625 ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
626 check_entry_size_and_hooks,
627 newinfo,
628 entry0,
629 entry0 + size,
630 hook_entries, underflows, &i);
631 duprintf("translate_table: ARPT_ENTRY_ITERATE gives %d\n", ret);
632 if (ret != 0)
633 return ret;
634
635 if (i != number) {
636 duprintf("translate_table: %u not %u entries\n",
637 i, number);
638 return -EINVAL;
639 }
640
641 /* Check hooks all assigned */
642 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
643 /* Only hooks which are valid */
644 if (!(valid_hooks & (1 << i)))
645 continue;
646 if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
647 duprintf("Invalid hook entry %u %u\n",
648 i, hook_entries[i]);
649 return -EINVAL;
650 }
651 if (newinfo->underflow[i] == 0xFFFFFFFF) {
652 duprintf("Invalid underflow %u %u\n",
653 i, underflows[i]);
654 return -EINVAL;
655 }
656 }
657
658 if (!mark_source_chains(newinfo, valid_hooks, entry0)) {
659 duprintf("Looping hook\n");
660 return -ELOOP;
661 }
662
663 /* Finally, each sanity check must pass */
664 i = 0;
665 ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
666 find_check_entry, name, size, &i);
667
668 if (ret != 0) {
669 ARPT_ENTRY_ITERATE(entry0, newinfo->size,
670 cleanup_entry, &i);
671 return ret;
672 }
673
674 /* And one copy for every other CPU */
675 for_each_possible_cpu(i) {
676 if (newinfo->entries[i] && newinfo->entries[i] != entry0)
677 memcpy(newinfo->entries[i], entry0, newinfo->size);
678 }
679
680 return ret;
681 }
682
683 /* Gets counters. */
684 static inline int add_entry_to_counter(const struct arpt_entry *e,
685 struct xt_counters total[],
686 unsigned int *i)
687 {
688 ADD_COUNTER(total[*i], e->counters.bcnt, e->counters.pcnt);
689
690 (*i)++;
691 return 0;
692 }
693
694 static inline int set_entry_to_counter(const struct arpt_entry *e,
695 struct xt_counters total[],
696 unsigned int *i)
697 {
698 SET_COUNTER(total[*i], e->counters.bcnt, e->counters.pcnt);
699
700 (*i)++;
701 return 0;
702 }
703
704 static void get_counters(const struct xt_table_info *t,
705 struct xt_counters counters[])
706 {
707 unsigned int cpu;
708 unsigned int i;
709 unsigned int curcpu;
710
711 /* Instead of clearing (by a previous call to memset())
712 * the counters and using adds, we set the counters
713 * with data used by 'current' CPU
714 *
715 * Bottom half has to be disabled to prevent deadlock
716 * if new softirq were to run and call ipt_do_table
717 */
718 local_bh_disable();
719 curcpu = smp_processor_id();
720
721 i = 0;
722 ARPT_ENTRY_ITERATE(t->entries[curcpu],
723 t->size,
724 set_entry_to_counter,
725 counters,
726 &i);
727
728 for_each_possible_cpu(cpu) {
729 if (cpu == curcpu)
730 continue;
731 i = 0;
732 xt_info_wrlock(cpu);
733 ARPT_ENTRY_ITERATE(t->entries[cpu],
734 t->size,
735 add_entry_to_counter,
736 counters,
737 &i);
738 xt_info_wrunlock(cpu);
739 }
740 local_bh_enable();
741 }
742
743 static struct xt_counters *alloc_counters(struct xt_table *table)
744 {
745 unsigned int countersize;
746 struct xt_counters *counters;
747 struct xt_table_info *private = table->private;
748
749 /* We need atomic snapshot of counters: rest doesn't change
750 * (other than comefrom, which userspace doesn't care
751 * about).
752 */
753 countersize = sizeof(struct xt_counters) * private->number;
754 counters = vmalloc_node(countersize, numa_node_id());
755
756 if (counters == NULL)
757 return ERR_PTR(-ENOMEM);
758
759 get_counters(private, counters);
760
761 return counters;
762 }
763
764 static int copy_entries_to_user(unsigned int total_size,
765 struct xt_table *table,
766 void __user *userptr)
767 {
768 unsigned int off, num;
769 struct arpt_entry *e;
770 struct xt_counters *counters;
771 struct xt_table_info *private = table->private;
772 int ret = 0;
773 void *loc_cpu_entry;
774
775 counters = alloc_counters(table);
776 if (IS_ERR(counters))
777 return PTR_ERR(counters);
778
779 loc_cpu_entry = private->entries[raw_smp_processor_id()];
780 /* ... then copy entire thing ... */
781 if (copy_to_user(userptr, loc_cpu_entry, total_size) != 0) {
782 ret = -EFAULT;
783 goto free_counters;
784 }
785
786 /* FIXME: use iterator macros --RR */
787 /* ... then go back and fix counters and names */
788 for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
789 struct arpt_entry_target *t;
790
791 e = (struct arpt_entry *)(loc_cpu_entry + off);
792 if (copy_to_user(userptr + off
793 + offsetof(struct arpt_entry, counters),
794 &counters[num],
795 sizeof(counters[num])) != 0) {
796 ret = -EFAULT;
797 goto free_counters;
798 }
799
800 t = arpt_get_target(e);
801 if (copy_to_user(userptr + off + e->target_offset
802 + offsetof(struct arpt_entry_target,
803 u.user.name),
804 t->u.kernel.target->name,
805 strlen(t->u.kernel.target->name)+1) != 0) {
806 ret = -EFAULT;
807 goto free_counters;
808 }
809 }
810
811 free_counters:
812 vfree(counters);
813 return ret;
814 }
815
816 #ifdef CONFIG_COMPAT
817 static void compat_standard_from_user(void *dst, void *src)
818 {
819 int v = *(compat_int_t *)src;
820
821 if (v > 0)
822 v += xt_compat_calc_jump(NFPROTO_ARP, v);
823 memcpy(dst, &v, sizeof(v));
824 }
825
826 static int compat_standard_to_user(void __user *dst, void *src)
827 {
828 compat_int_t cv = *(int *)src;
829
830 if (cv > 0)
831 cv -= xt_compat_calc_jump(NFPROTO_ARP, cv);
832 return copy_to_user(dst, &cv, sizeof(cv)) ? -EFAULT : 0;
833 }
834
835 static int compat_calc_entry(struct arpt_entry *e,
836 const struct xt_table_info *info,
837 void *base, struct xt_table_info *newinfo)
838 {
839 struct arpt_entry_target *t;
840 unsigned int entry_offset;
841 int off, i, ret;
842
843 off = sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
844 entry_offset = (void *)e - base;
845
846 t = arpt_get_target(e);
847 off += xt_compat_target_offset(t->u.kernel.target);
848 newinfo->size -= off;
849 ret = xt_compat_add_offset(NFPROTO_ARP, entry_offset, off);
850 if (ret)
851 return ret;
852
853 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
854 if (info->hook_entry[i] &&
855 (e < (struct arpt_entry *)(base + info->hook_entry[i])))
856 newinfo->hook_entry[i] -= off;
857 if (info->underflow[i] &&
858 (e < (struct arpt_entry *)(base + info->underflow[i])))
859 newinfo->underflow[i] -= off;
860 }
861 return 0;
862 }
863
864 static int compat_table_info(const struct xt_table_info *info,
865 struct xt_table_info *newinfo)
866 {
867 void *loc_cpu_entry;
868
869 if (!newinfo || !info)
870 return -EINVAL;
871
872 /* we dont care about newinfo->entries[] */
873 memcpy(newinfo, info, offsetof(struct xt_table_info, entries));
874 newinfo->initial_entries = 0;
875 loc_cpu_entry = info->entries[raw_smp_processor_id()];
876 return ARPT_ENTRY_ITERATE(loc_cpu_entry, info->size,
877 compat_calc_entry, info, loc_cpu_entry,
878 newinfo);
879 }
880 #endif
881
882 static int get_info(struct net *net, void __user *user, int *len, int compat)
883 {
884 char name[ARPT_TABLE_MAXNAMELEN];
885 struct xt_table *t;
886 int ret;
887
888 if (*len != sizeof(struct arpt_getinfo)) {
889 duprintf("length %u != %Zu\n", *len,
890 sizeof(struct arpt_getinfo));
891 return -EINVAL;
892 }
893
894 if (copy_from_user(name, user, sizeof(name)) != 0)
895 return -EFAULT;
896
897 name[ARPT_TABLE_MAXNAMELEN-1] = '\0';
898 #ifdef CONFIG_COMPAT
899 if (compat)
900 xt_compat_lock(NFPROTO_ARP);
901 #endif
902 t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name),
903 "arptable_%s", name);
904 if (t && !IS_ERR(t)) {
905 struct arpt_getinfo info;
906 const struct xt_table_info *private = t->private;
907
908 #ifdef CONFIG_COMPAT
909 if (compat) {
910 struct xt_table_info tmp;
911 ret = compat_table_info(private, &tmp);
912 xt_compat_flush_offsets(NFPROTO_ARP);
913 private = &tmp;
914 }
915 #endif
916 info.valid_hooks = t->valid_hooks;
917 memcpy(info.hook_entry, private->hook_entry,
918 sizeof(info.hook_entry));
919 memcpy(info.underflow, private->underflow,
920 sizeof(info.underflow));
921 info.num_entries = private->number;
922 info.size = private->size;
923 strcpy(info.name, name);
924
925 if (copy_to_user(user, &info, *len) != 0)
926 ret = -EFAULT;
927 else
928 ret = 0;
929 xt_table_unlock(t);
930 module_put(t->me);
931 } else
932 ret = t ? PTR_ERR(t) : -ENOENT;
933 #ifdef CONFIG_COMPAT
934 if (compat)
935 xt_compat_unlock(NFPROTO_ARP);
936 #endif
937 return ret;
938 }
939
940 static int get_entries(struct net *net, struct arpt_get_entries __user *uptr,
941 int *len)
942 {
943 int ret;
944 struct arpt_get_entries get;
945 struct xt_table *t;
946
947 if (*len < sizeof(get)) {
948 duprintf("get_entries: %u < %Zu\n", *len, sizeof(get));
949 return -EINVAL;
950 }
951 if (copy_from_user(&get, uptr, sizeof(get)) != 0)
952 return -EFAULT;
953 if (*len != sizeof(struct arpt_get_entries) + get.size) {
954 duprintf("get_entries: %u != %Zu\n", *len,
955 sizeof(struct arpt_get_entries) + get.size);
956 return -EINVAL;
957 }
958
959 t = xt_find_table_lock(net, NFPROTO_ARP, get.name);
960 if (t && !IS_ERR(t)) {
961 const struct xt_table_info *private = t->private;
962
963 duprintf("t->private->number = %u\n",
964 private->number);
965 if (get.size == private->size)
966 ret = copy_entries_to_user(private->size,
967 t, uptr->entrytable);
968 else {
969 duprintf("get_entries: I've got %u not %u!\n",
970 private->size, get.size);
971 ret = -EAGAIN;
972 }
973 module_put(t->me);
974 xt_table_unlock(t);
975 } else
976 ret = t ? PTR_ERR(t) : -ENOENT;
977
978 return ret;
979 }
980
981 static int __do_replace(struct net *net, const char *name,
982 unsigned int valid_hooks,
983 struct xt_table_info *newinfo,
984 unsigned int num_counters,
985 void __user *counters_ptr)
986 {
987 int ret;
988 struct xt_table *t;
989 struct xt_table_info *oldinfo;
990 struct xt_counters *counters;
991 void *loc_cpu_old_entry;
992
993 ret = 0;
994 counters = vmalloc_node(num_counters * sizeof(struct xt_counters),
995 numa_node_id());
996 if (!counters) {
997 ret = -ENOMEM;
998 goto out;
999 }
1000
1001 t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name),
1002 "arptable_%s", name);
1003 if (!t || IS_ERR(t)) {
1004 ret = t ? PTR_ERR(t) : -ENOENT;
1005 goto free_newinfo_counters_untrans;
1006 }
1007
1008 /* You lied! */
1009 if (valid_hooks != t->valid_hooks) {
1010 duprintf("Valid hook crap: %08X vs %08X\n",
1011 valid_hooks, t->valid_hooks);
1012 ret = -EINVAL;
1013 goto put_module;
1014 }
1015
1016 oldinfo = xt_replace_table(t, num_counters, newinfo, &ret);
1017 if (!oldinfo)
1018 goto put_module;
1019
1020 /* Update module usage count based on number of rules */
1021 duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n",
1022 oldinfo->number, oldinfo->initial_entries, newinfo->number);
1023 if ((oldinfo->number > oldinfo->initial_entries) ||
1024 (newinfo->number <= oldinfo->initial_entries))
1025 module_put(t->me);
1026 if ((oldinfo->number > oldinfo->initial_entries) &&
1027 (newinfo->number <= oldinfo->initial_entries))
1028 module_put(t->me);
1029
1030 /* Get the old counters, and synchronize with replace */
1031 get_counters(oldinfo, counters);
1032
1033 /* Decrease module usage counts and free resource */
1034 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];
1035 ARPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry,
1036 NULL);
1037
1038 xt_free_table_info(oldinfo);
1039 if (copy_to_user(counters_ptr, counters,
1040 sizeof(struct xt_counters) * num_counters) != 0)
1041 ret = -EFAULT;
1042 vfree(counters);
1043 xt_table_unlock(t);
1044 return ret;
1045
1046 put_module:
1047 module_put(t->me);
1048 xt_table_unlock(t);
1049 free_newinfo_counters_untrans:
1050 vfree(counters);
1051 out:
1052 return ret;
1053 }
1054
1055 static int do_replace(struct net *net, void __user *user, unsigned int len)
1056 {
1057 int ret;
1058 struct arpt_replace tmp;
1059 struct xt_table_info *newinfo;
1060 void *loc_cpu_entry;
1061
1062 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1063 return -EFAULT;
1064
1065 /* overflow check */
1066 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
1067 return -ENOMEM;
1068
1069 newinfo = xt_alloc_table_info(tmp.size);
1070 if (!newinfo)
1071 return -ENOMEM;
1072
1073 /* choose the copy that is on our node/cpu */
1074 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1075 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp),
1076 tmp.size) != 0) {
1077 ret = -EFAULT;
1078 goto free_newinfo;
1079 }
1080
1081 ret = translate_table(tmp.name, tmp.valid_hooks,
1082 newinfo, loc_cpu_entry, tmp.size, tmp.num_entries,
1083 tmp.hook_entry, tmp.underflow);
1084 if (ret != 0)
1085 goto free_newinfo;
1086
1087 duprintf("arp_tables: Translated table\n");
1088
1089 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
1090 tmp.num_counters, tmp.counters);
1091 if (ret)
1092 goto free_newinfo_untrans;
1093 return 0;
1094
1095 free_newinfo_untrans:
1096 ARPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
1097 free_newinfo:
1098 xt_free_table_info(newinfo);
1099 return ret;
1100 }
1101
1102 /* We're lazy, and add to the first CPU; overflow works its fey magic
1103 * and everything is OK. */
1104 static int
1105 add_counter_to_entry(struct arpt_entry *e,
1106 const struct xt_counters addme[],
1107 unsigned int *i)
1108 {
1109 ADD_COUNTER(e->counters, addme[*i].bcnt, addme[*i].pcnt);
1110
1111 (*i)++;
1112 return 0;
1113 }
1114
1115 static int do_add_counters(struct net *net, void __user *user, unsigned int len,
1116 int compat)
1117 {
1118 unsigned int i, curcpu;
1119 struct xt_counters_info tmp;
1120 struct xt_counters *paddc;
1121 unsigned int num_counters;
1122 const char *name;
1123 int size;
1124 void *ptmp;
1125 struct xt_table *t;
1126 const struct xt_table_info *private;
1127 int ret = 0;
1128 void *loc_cpu_entry;
1129 #ifdef CONFIG_COMPAT
1130 struct compat_xt_counters_info compat_tmp;
1131
1132 if (compat) {
1133 ptmp = &compat_tmp;
1134 size = sizeof(struct compat_xt_counters_info);
1135 } else
1136 #endif
1137 {
1138 ptmp = &tmp;
1139 size = sizeof(struct xt_counters_info);
1140 }
1141
1142 if (copy_from_user(ptmp, user, size) != 0)
1143 return -EFAULT;
1144
1145 #ifdef CONFIG_COMPAT
1146 if (compat) {
1147 num_counters = compat_tmp.num_counters;
1148 name = compat_tmp.name;
1149 } else
1150 #endif
1151 {
1152 num_counters = tmp.num_counters;
1153 name = tmp.name;
1154 }
1155
1156 if (len != size + num_counters * sizeof(struct xt_counters))
1157 return -EINVAL;
1158
1159 paddc = vmalloc_node(len - size, numa_node_id());
1160 if (!paddc)
1161 return -ENOMEM;
1162
1163 if (copy_from_user(paddc, user + size, len - size) != 0) {
1164 ret = -EFAULT;
1165 goto free;
1166 }
1167
1168 t = xt_find_table_lock(net, NFPROTO_ARP, name);
1169 if (!t || IS_ERR(t)) {
1170 ret = t ? PTR_ERR(t) : -ENOENT;
1171 goto free;
1172 }
1173
1174 local_bh_disable();
1175 private = t->private;
1176 if (private->number != num_counters) {
1177 ret = -EINVAL;
1178 goto unlock_up_free;
1179 }
1180
1181 i = 0;
1182 /* Choose the copy that is on our node */
1183 curcpu = smp_processor_id();
1184 loc_cpu_entry = private->entries[curcpu];
1185 xt_info_wrlock(curcpu);
1186 ARPT_ENTRY_ITERATE(loc_cpu_entry,
1187 private->size,
1188 add_counter_to_entry,
1189 paddc,
1190 &i);
1191 xt_info_wrunlock(curcpu);
1192 unlock_up_free:
1193 local_bh_enable();
1194 xt_table_unlock(t);
1195 module_put(t->me);
1196 free:
1197 vfree(paddc);
1198
1199 return ret;
1200 }
1201
1202 #ifdef CONFIG_COMPAT
1203 static inline int
1204 compat_release_entry(struct compat_arpt_entry *e, unsigned int *i)
1205 {
1206 struct arpt_entry_target *t;
1207
1208 if (i && (*i)-- == 0)
1209 return 1;
1210
1211 t = compat_arpt_get_target(e);
1212 module_put(t->u.kernel.target->me);
1213 return 0;
1214 }
1215
1216 static inline int
1217 check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
1218 struct xt_table_info *newinfo,
1219 unsigned int *size,
1220 unsigned char *base,
1221 unsigned char *limit,
1222 unsigned int *hook_entries,
1223 unsigned int *underflows,
1224 unsigned int *i,
1225 const char *name)
1226 {
1227 struct arpt_entry_target *t;
1228 struct xt_target *target;
1229 unsigned int entry_offset;
1230 int ret, off, h;
1231
1232 duprintf("check_compat_entry_size_and_hooks %p\n", e);
1233 if ((unsigned long)e % __alignof__(struct compat_arpt_entry) != 0
1234 || (unsigned char *)e + sizeof(struct compat_arpt_entry) >= limit) {
1235 duprintf("Bad offset %p, limit = %p\n", e, limit);
1236 return -EINVAL;
1237 }
1238
1239 if (e->next_offset < sizeof(struct compat_arpt_entry) +
1240 sizeof(struct compat_xt_entry_target)) {
1241 duprintf("checking: element %p size %u\n",
1242 e, e->next_offset);
1243 return -EINVAL;
1244 }
1245
1246 /* For purposes of check_entry casting the compat entry is fine */
1247 ret = check_entry((struct arpt_entry *)e, name);
1248 if (ret)
1249 return ret;
1250
1251 off = sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
1252 entry_offset = (void *)e - (void *)base;
1253
1254 t = compat_arpt_get_target(e);
1255 target = try_then_request_module(xt_find_target(NFPROTO_ARP,
1256 t->u.user.name,
1257 t->u.user.revision),
1258 "arpt_%s", t->u.user.name);
1259 if (IS_ERR(target) || !target) {
1260 duprintf("check_compat_entry_size_and_hooks: `%s' not found\n",
1261 t->u.user.name);
1262 ret = target ? PTR_ERR(target) : -ENOENT;
1263 goto out;
1264 }
1265 t->u.kernel.target = target;
1266
1267 off += xt_compat_target_offset(target);
1268 *size += off;
1269 ret = xt_compat_add_offset(NFPROTO_ARP, entry_offset, off);
1270 if (ret)
1271 goto release_target;
1272
1273 /* Check hooks & underflows */
1274 for (h = 0; h < NF_ARP_NUMHOOKS; h++) {
1275 if ((unsigned char *)e - base == hook_entries[h])
1276 newinfo->hook_entry[h] = hook_entries[h];
1277 if ((unsigned char *)e - base == underflows[h])
1278 newinfo->underflow[h] = underflows[h];
1279 }
1280
1281 /* Clear counters and comefrom */
1282 memset(&e->counters, 0, sizeof(e->counters));
1283 e->comefrom = 0;
1284
1285 (*i)++;
1286 return 0;
1287
1288 release_target:
1289 module_put(t->u.kernel.target->me);
1290 out:
1291 return ret;
1292 }
1293
1294 static int
1295 compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
1296 unsigned int *size, const char *name,
1297 struct xt_table_info *newinfo, unsigned char *base)
1298 {
1299 struct arpt_entry_target *t;
1300 struct xt_target *target;
1301 struct arpt_entry *de;
1302 unsigned int origsize;
1303 int ret, h;
1304
1305 ret = 0;
1306 origsize = *size;
1307 de = (struct arpt_entry *)*dstptr;
1308 memcpy(de, e, sizeof(struct arpt_entry));
1309 memcpy(&de->counters, &e->counters, sizeof(e->counters));
1310
1311 *dstptr += sizeof(struct arpt_entry);
1312 *size += sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
1313
1314 de->target_offset = e->target_offset - (origsize - *size);
1315 t = compat_arpt_get_target(e);
1316 target = t->u.kernel.target;
1317 xt_compat_target_from_user(t, dstptr, size);
1318
1319 de->next_offset = e->next_offset - (origsize - *size);
1320 for (h = 0; h < NF_ARP_NUMHOOKS; h++) {
1321 if ((unsigned char *)de - base < newinfo->hook_entry[h])
1322 newinfo->hook_entry[h] -= origsize - *size;
1323 if ((unsigned char *)de - base < newinfo->underflow[h])
1324 newinfo->underflow[h] -= origsize - *size;
1325 }
1326 return ret;
1327 }
1328
1329 static inline int compat_check_entry(struct arpt_entry *e, const char *name,
1330 unsigned int *i)
1331 {
1332 int ret;
1333
1334 ret = check_target(e, name);
1335 if (ret)
1336 return ret;
1337
1338 (*i)++;
1339 return 0;
1340 }
1341
1342 static int translate_compat_table(const char *name,
1343 unsigned int valid_hooks,
1344 struct xt_table_info **pinfo,
1345 void **pentry0,
1346 unsigned int total_size,
1347 unsigned int number,
1348 unsigned int *hook_entries,
1349 unsigned int *underflows)
1350 {
1351 unsigned int i, j;
1352 struct xt_table_info *newinfo, *info;
1353 void *pos, *entry0, *entry1;
1354 unsigned int size;
1355 int ret;
1356
1357 info = *pinfo;
1358 entry0 = *pentry0;
1359 size = total_size;
1360 info->number = number;
1361
1362 /* Init all hooks to impossible value. */
1363 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
1364 info->hook_entry[i] = 0xFFFFFFFF;
1365 info->underflow[i] = 0xFFFFFFFF;
1366 }
1367
1368 duprintf("translate_compat_table: size %u\n", info->size);
1369 j = 0;
1370 xt_compat_lock(NFPROTO_ARP);
1371 /* Walk through entries, checking offsets. */
1372 ret = COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size,
1373 check_compat_entry_size_and_hooks,
1374 info, &size, entry0,
1375 entry0 + total_size,
1376 hook_entries, underflows, &j, name);
1377 if (ret != 0)
1378 goto out_unlock;
1379
1380 ret = -EINVAL;
1381 if (j != number) {
1382 duprintf("translate_compat_table: %u not %u entries\n",
1383 j, number);
1384 goto out_unlock;
1385 }
1386
1387 /* Check hooks all assigned */
1388 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
1389 /* Only hooks which are valid */
1390 if (!(valid_hooks & (1 << i)))
1391 continue;
1392 if (info->hook_entry[i] == 0xFFFFFFFF) {
1393 duprintf("Invalid hook entry %u %u\n",
1394 i, hook_entries[i]);
1395 goto out_unlock;
1396 }
1397 if (info->underflow[i] == 0xFFFFFFFF) {
1398 duprintf("Invalid underflow %u %u\n",
1399 i, underflows[i]);
1400 goto out_unlock;
1401 }
1402 }
1403
1404 ret = -ENOMEM;
1405 newinfo = xt_alloc_table_info(size);
1406 if (!newinfo)
1407 goto out_unlock;
1408
1409 newinfo->number = number;
1410 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
1411 newinfo->hook_entry[i] = info->hook_entry[i];
1412 newinfo->underflow[i] = info->underflow[i];
1413 }
1414 entry1 = newinfo->entries[raw_smp_processor_id()];
1415 pos = entry1;
1416 size = total_size;
1417 ret = COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size,
1418 compat_copy_entry_from_user,
1419 &pos, &size, name, newinfo, entry1);
1420 xt_compat_flush_offsets(NFPROTO_ARP);
1421 xt_compat_unlock(NFPROTO_ARP);
1422 if (ret)
1423 goto free_newinfo;
1424
1425 ret = -ELOOP;
1426 if (!mark_source_chains(newinfo, valid_hooks, entry1))
1427 goto free_newinfo;
1428
1429 i = 0;
1430 ret = ARPT_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry,
1431 name, &i);
1432 if (ret) {
1433 j -= i;
1434 COMPAT_ARPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i,
1435 compat_release_entry, &j);
1436 ARPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i);
1437 xt_free_table_info(newinfo);
1438 return ret;
1439 }
1440
1441 /* And one copy for every other CPU */
1442 for_each_possible_cpu(i)
1443 if (newinfo->entries[i] && newinfo->entries[i] != entry1)
1444 memcpy(newinfo->entries[i], entry1, newinfo->size);
1445
1446 *pinfo = newinfo;
1447 *pentry0 = entry1;
1448 xt_free_table_info(info);
1449 return 0;
1450
1451 free_newinfo:
1452 xt_free_table_info(newinfo);
1453 out:
1454 COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size, compat_release_entry, &j);
1455 return ret;
1456 out_unlock:
1457 xt_compat_flush_offsets(NFPROTO_ARP);
1458 xt_compat_unlock(NFPROTO_ARP);
1459 goto out;
1460 }
1461
1462 struct compat_arpt_replace {
1463 char name[ARPT_TABLE_MAXNAMELEN];
1464 u32 valid_hooks;
1465 u32 num_entries;
1466 u32 size;
1467 u32 hook_entry[NF_ARP_NUMHOOKS];
1468 u32 underflow[NF_ARP_NUMHOOKS];
1469 u32 num_counters;
1470 compat_uptr_t counters;
1471 struct compat_arpt_entry entries[0];
1472 };
1473
1474 static int compat_do_replace(struct net *net, void __user *user,
1475 unsigned int len)
1476 {
1477 int ret;
1478 struct compat_arpt_replace tmp;
1479 struct xt_table_info *newinfo;
1480 void *loc_cpu_entry;
1481
1482 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1483 return -EFAULT;
1484
1485 /* overflow check */
1486 if (tmp.size >= INT_MAX / num_possible_cpus())
1487 return -ENOMEM;
1488 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
1489 return -ENOMEM;
1490
1491 newinfo = xt_alloc_table_info(tmp.size);
1492 if (!newinfo)
1493 return -ENOMEM;
1494
1495 /* choose the copy that is on our node/cpu */
1496 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1497 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp), tmp.size) != 0) {
1498 ret = -EFAULT;
1499 goto free_newinfo;
1500 }
1501
1502 ret = translate_compat_table(tmp.name, tmp.valid_hooks,
1503 &newinfo, &loc_cpu_entry, tmp.size,
1504 tmp.num_entries, tmp.hook_entry,
1505 tmp.underflow);
1506 if (ret != 0)
1507 goto free_newinfo;
1508
1509 duprintf("compat_do_replace: Translated table\n");
1510
1511 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
1512 tmp.num_counters, compat_ptr(tmp.counters));
1513 if (ret)
1514 goto free_newinfo_untrans;
1515 return 0;
1516
1517 free_newinfo_untrans:
1518 ARPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
1519 free_newinfo:
1520 xt_free_table_info(newinfo);
1521 return ret;
1522 }
1523
1524 static int compat_do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user,
1525 unsigned int len)
1526 {
1527 int ret;
1528
1529 if (!capable(CAP_NET_ADMIN))
1530 return -EPERM;
1531
1532 switch (cmd) {
1533 case ARPT_SO_SET_REPLACE:
1534 ret = compat_do_replace(sock_net(sk), user, len);
1535 break;
1536
1537 case ARPT_SO_SET_ADD_COUNTERS:
1538 ret = do_add_counters(sock_net(sk), user, len, 1);
1539 break;
1540
1541 default:
1542 duprintf("do_arpt_set_ctl: unknown request %i\n", cmd);
1543 ret = -EINVAL;
1544 }
1545
1546 return ret;
1547 }
1548
1549 static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr,
1550 compat_uint_t *size,
1551 struct xt_counters *counters,
1552 unsigned int *i)
1553 {
1554 struct arpt_entry_target *t;
1555 struct compat_arpt_entry __user *ce;
1556 u_int16_t target_offset, next_offset;
1557 compat_uint_t origsize;
1558 int ret;
1559
1560 ret = -EFAULT;
1561 origsize = *size;
1562 ce = (struct compat_arpt_entry __user *)*dstptr;
1563 if (copy_to_user(ce, e, sizeof(struct arpt_entry)))
1564 goto out;
1565
1566 if (copy_to_user(&ce->counters, &counters[*i], sizeof(counters[*i])))
1567 goto out;
1568
1569 *dstptr += sizeof(struct compat_arpt_entry);
1570 *size -= sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
1571
1572 target_offset = e->target_offset - (origsize - *size);
1573
1574 t = arpt_get_target(e);
1575 ret = xt_compat_target_to_user(t, dstptr, size);
1576 if (ret)
1577 goto out;
1578 ret = -EFAULT;
1579 next_offset = e->next_offset - (origsize - *size);
1580 if (put_user(target_offset, &ce->target_offset))
1581 goto out;
1582 if (put_user(next_offset, &ce->next_offset))
1583 goto out;
1584
1585 (*i)++;
1586 return 0;
1587 out:
1588 return ret;
1589 }
1590
1591 static int compat_copy_entries_to_user(unsigned int total_size,
1592 struct xt_table *table,
1593 void __user *userptr)
1594 {
1595 struct xt_counters *counters;
1596 const struct xt_table_info *private = table->private;
1597 void __user *pos;
1598 unsigned int size;
1599 int ret = 0;
1600 void *loc_cpu_entry;
1601 unsigned int i = 0;
1602
1603 counters = alloc_counters(table);
1604 if (IS_ERR(counters))
1605 return PTR_ERR(counters);
1606
1607 /* choose the copy on our node/cpu */
1608 loc_cpu_entry = private->entries[raw_smp_processor_id()];
1609 pos = userptr;
1610 size = total_size;
1611 ret = ARPT_ENTRY_ITERATE(loc_cpu_entry, total_size,
1612 compat_copy_entry_to_user,
1613 &pos, &size, counters, &i);
1614 vfree(counters);
1615 return ret;
1616 }
1617
1618 struct compat_arpt_get_entries {
1619 char name[ARPT_TABLE_MAXNAMELEN];
1620 compat_uint_t size;
1621 struct compat_arpt_entry entrytable[0];
1622 };
1623
1624 static int compat_get_entries(struct net *net,
1625 struct compat_arpt_get_entries __user *uptr,
1626 int *len)
1627 {
1628 int ret;
1629 struct compat_arpt_get_entries get;
1630 struct xt_table *t;
1631
1632 if (*len < sizeof(get)) {
1633 duprintf("compat_get_entries: %u < %zu\n", *len, sizeof(get));
1634 return -EINVAL;
1635 }
1636 if (copy_from_user(&get, uptr, sizeof(get)) != 0)
1637 return -EFAULT;
1638 if (*len != sizeof(struct compat_arpt_get_entries) + get.size) {
1639 duprintf("compat_get_entries: %u != %zu\n",
1640 *len, sizeof(get) + get.size);
1641 return -EINVAL;
1642 }
1643
1644 xt_compat_lock(NFPROTO_ARP);
1645 t = xt_find_table_lock(net, NFPROTO_ARP, get.name);
1646 if (t && !IS_ERR(t)) {
1647 const struct xt_table_info *private = t->private;
1648 struct xt_table_info info;
1649
1650 duprintf("t->private->number = %u\n", private->number);
1651 ret = compat_table_info(private, &info);
1652 if (!ret && get.size == info.size) {
1653 ret = compat_copy_entries_to_user(private->size,
1654 t, uptr->entrytable);
1655 } else if (!ret) {
1656 duprintf("compat_get_entries: I've got %u not %u!\n",
1657 private->size, get.size);
1658 ret = -EAGAIN;
1659 }
1660 xt_compat_flush_offsets(NFPROTO_ARP);
1661 module_put(t->me);
1662 xt_table_unlock(t);
1663 } else
1664 ret = t ? PTR_ERR(t) : -ENOENT;
1665
1666 xt_compat_unlock(NFPROTO_ARP);
1667 return ret;
1668 }
1669
1670 static int do_arpt_get_ctl(struct sock *, int, void __user *, int *);
1671
1672 static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
1673 int *len)
1674 {
1675 int ret;
1676
1677 if (!capable(CAP_NET_ADMIN))
1678 return -EPERM;
1679
1680 switch (cmd) {
1681 case ARPT_SO_GET_INFO:
1682 ret = get_info(sock_net(sk), user, len, 1);
1683 break;
1684 case ARPT_SO_GET_ENTRIES:
1685 ret = compat_get_entries(sock_net(sk), user, len);
1686 break;
1687 default:
1688 ret = do_arpt_get_ctl(sk, cmd, user, len);
1689 }
1690 return ret;
1691 }
1692 #endif
1693
1694 static int do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
1695 {
1696 int ret;
1697
1698 if (!capable(CAP_NET_ADMIN))
1699 return -EPERM;
1700
1701 switch (cmd) {
1702 case ARPT_SO_SET_REPLACE:
1703 ret = do_replace(sock_net(sk), user, len);
1704 break;
1705
1706 case ARPT_SO_SET_ADD_COUNTERS:
1707 ret = do_add_counters(sock_net(sk), user, len, 0);
1708 break;
1709
1710 default:
1711 duprintf("do_arpt_set_ctl: unknown request %i\n", cmd);
1712 ret = -EINVAL;
1713 }
1714
1715 return ret;
1716 }
1717
1718 static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1719 {
1720 int ret;
1721
1722 if (!capable(CAP_NET_ADMIN))
1723 return -EPERM;
1724
1725 switch (cmd) {
1726 case ARPT_SO_GET_INFO:
1727 ret = get_info(sock_net(sk), user, len, 0);
1728 break;
1729
1730 case ARPT_SO_GET_ENTRIES:
1731 ret = get_entries(sock_net(sk), user, len);
1732 break;
1733
1734 case ARPT_SO_GET_REVISION_TARGET: {
1735 struct xt_get_revision rev;
1736
1737 if (*len != sizeof(rev)) {
1738 ret = -EINVAL;
1739 break;
1740 }
1741 if (copy_from_user(&rev, user, sizeof(rev)) != 0) {
1742 ret = -EFAULT;
1743 break;
1744 }
1745
1746 try_then_request_module(xt_find_revision(NFPROTO_ARP, rev.name,
1747 rev.revision, 1, &ret),
1748 "arpt_%s", rev.name);
1749 break;
1750 }
1751
1752 default:
1753 duprintf("do_arpt_get_ctl: unknown request %i\n", cmd);
1754 ret = -EINVAL;
1755 }
1756
1757 return ret;
1758 }
1759
1760 struct xt_table *arpt_register_table(struct net *net, struct xt_table *table,
1761 const struct arpt_replace *repl)
1762 {
1763 int ret;
1764 struct xt_table_info *newinfo;
1765 struct xt_table_info bootstrap
1766 = { 0, 0, 0, { 0 }, { 0 }, { } };
1767 void *loc_cpu_entry;
1768 struct xt_table *new_table;
1769
1770 newinfo = xt_alloc_table_info(repl->size);
1771 if (!newinfo) {
1772 ret = -ENOMEM;
1773 goto out;
1774 }
1775
1776 /* choose the copy on our node/cpu */
1777 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1778 memcpy(loc_cpu_entry, repl->entries, repl->size);
1779
1780 ret = translate_table(table->name, table->valid_hooks,
1781 newinfo, loc_cpu_entry, repl->size,
1782 repl->num_entries,
1783 repl->hook_entry,
1784 repl->underflow);
1785
1786 duprintf("arpt_register_table: translate table gives %d\n", ret);
1787 if (ret != 0)
1788 goto out_free;
1789
1790 new_table = xt_register_table(net, table, &bootstrap, newinfo);
1791 if (IS_ERR(new_table)) {
1792 ret = PTR_ERR(new_table);
1793 goto out_free;
1794 }
1795 return new_table;
1796
1797 out_free:
1798 xt_free_table_info(newinfo);
1799 out:
1800 return ERR_PTR(ret);
1801 }
1802
1803 void arpt_unregister_table(struct xt_table *table)
1804 {
1805 struct xt_table_info *private;
1806 void *loc_cpu_entry;
1807 struct module *table_owner = table->me;
1808
1809 private = xt_unregister_table(table);
1810
1811 /* Decrease module usage counts and free resources */
1812 loc_cpu_entry = private->entries[raw_smp_processor_id()];
1813 ARPT_ENTRY_ITERATE(loc_cpu_entry, private->size,
1814 cleanup_entry, NULL);
1815 if (private->number > private->initial_entries)
1816 module_put(table_owner);
1817 xt_free_table_info(private);
1818 }
1819
1820 /* The built-in targets: standard (NULL) and error. */
1821 static struct xt_target arpt_standard_target __read_mostly = {
1822 .name = ARPT_STANDARD_TARGET,
1823 .targetsize = sizeof(int),
1824 .family = NFPROTO_ARP,
1825 #ifdef CONFIG_COMPAT
1826 .compatsize = sizeof(compat_int_t),
1827 .compat_from_user = compat_standard_from_user,
1828 .compat_to_user = compat_standard_to_user,
1829 #endif
1830 };
1831
1832 static struct xt_target arpt_error_target __read_mostly = {
1833 .name = ARPT_ERROR_TARGET,
1834 .target = arpt_error,
1835 .targetsize = ARPT_FUNCTION_MAXNAMELEN,
1836 .family = NFPROTO_ARP,
1837 };
1838
1839 static struct nf_sockopt_ops arpt_sockopts = {
1840 .pf = PF_INET,
1841 .set_optmin = ARPT_BASE_CTL,
1842 .set_optmax = ARPT_SO_SET_MAX+1,
1843 .set = do_arpt_set_ctl,
1844 #ifdef CONFIG_COMPAT
1845 .compat_set = compat_do_arpt_set_ctl,
1846 #endif
1847 .get_optmin = ARPT_BASE_CTL,
1848 .get_optmax = ARPT_SO_GET_MAX+1,
1849 .get = do_arpt_get_ctl,
1850 #ifdef CONFIG_COMPAT
1851 .compat_get = compat_do_arpt_get_ctl,
1852 #endif
1853 .owner = THIS_MODULE,
1854 };
1855
1856 static int __net_init arp_tables_net_init(struct net *net)
1857 {
1858 return xt_proto_init(net, NFPROTO_ARP);
1859 }
1860
1861 static void __net_exit arp_tables_net_exit(struct net *net)
1862 {
1863 xt_proto_fini(net, NFPROTO_ARP);
1864 }
1865
1866 static struct pernet_operations arp_tables_net_ops = {
1867 .init = arp_tables_net_init,
1868 .exit = arp_tables_net_exit,
1869 };
1870
1871 static int __init arp_tables_init(void)
1872 {
1873 int ret;
1874
1875 ret = register_pernet_subsys(&arp_tables_net_ops);
1876 if (ret < 0)
1877 goto err1;
1878
1879 /* Noone else will be downing sem now, so we won't sleep */
1880 ret = xt_register_target(&arpt_standard_target);
1881 if (ret < 0)
1882 goto err2;
1883 ret = xt_register_target(&arpt_error_target);
1884 if (ret < 0)
1885 goto err3;
1886
1887 /* Register setsockopt */
1888 ret = nf_register_sockopt(&arpt_sockopts);
1889 if (ret < 0)
1890 goto err4;
1891
1892 printk(KERN_INFO "arp_tables: (C) 2002 David S. Miller\n");
1893 return 0;
1894
1895 err4:
1896 xt_unregister_target(&arpt_error_target);
1897 err3:
1898 xt_unregister_target(&arpt_standard_target);
1899 err2:
1900 unregister_pernet_subsys(&arp_tables_net_ops);
1901 err1:
1902 return ret;
1903 }
1904
1905 static void __exit arp_tables_fini(void)
1906 {
1907 nf_unregister_sockopt(&arpt_sockopts);
1908 xt_unregister_target(&arpt_error_target);
1909 xt_unregister_target(&arpt_standard_target);
1910 unregister_pernet_subsys(&arp_tables_net_ops);
1911 }
1912
1913 EXPORT_SYMBOL(arpt_register_table);
1914 EXPORT_SYMBOL(arpt_unregister_table);
1915 EXPORT_SYMBOL(arpt_do_table);
1916
1917 module_init(arp_tables_init);
1918 module_exit(arp_tables_fini);
Linux for Ginger Game Console