search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
powerpc/fsl-booke: Fix problem with _tlbil_va being interrupted
[linux-ginger.git] / net / ipv4 / netfilter / arp_tables.c
blob8d70d29f1ccf8b7664829f3c83a1e5cd4c579062
1 /*
2 * Packet matching code for ARP packets.
3 *
4 * Based heavily, if not almost entirely, upon ip_tables.c framework.
5 *
6 * Some ARP specific bits are:
7 *
8 * Copyright (C) 2002 David S. Miller (davem@redhat.com)
9 *
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/skbuff.h>
14 #include <linux/netdevice.h>
15 #include <linux/capability.h>
16 #include <linux/if_arp.h>
17 #include <linux/kmod.h>
18 #include <linux/vmalloc.h>
19 #include <linux/proc_fs.h>
20 #include <linux/module.h>
21 #include <linux/init.h>
22 #include <linux/mutex.h>
23 #include <linux/err.h>
24 #include <net/compat.h>
25 #include <net/sock.h>
26 #include <asm/uaccess.h>
27
28 #include <linux/netfilter/x_tables.h>
29 #include <linux/netfilter_arp/arp_tables.h>
30
31 MODULE_LICENSE("GPL");
32 MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
33 MODULE_DESCRIPTION("arptables core");
34
35 /*#define DEBUG_ARP_TABLES*/
36 /*#define DEBUG_ARP_TABLES_USER*/
37
38 #ifdef DEBUG_ARP_TABLES
39 #define dprintf(format, args...) printk(format , ## args)
40 #else
41 #define dprintf(format, args...)
42 #endif
43
44 #ifdef DEBUG_ARP_TABLES_USER
45 #define duprintf(format, args...) printk(format , ## args)
46 #else
47 #define duprintf(format, args...)
48 #endif
49
50 #ifdef CONFIG_NETFILTER_DEBUG
51 #define ARP_NF_ASSERT(x) \
52 do { \
53 if (!(x)) \
54 printk("ARP_NF_ASSERT: %s:%s:%u\n", \
55 __func__, __FILE__, __LINE__); \
56 } while(0)
57 #else
58 #define ARP_NF_ASSERT(x)
59 #endif
60
61 static inline int arp_devaddr_compare(const struct arpt_devaddr_info *ap,
62 const char *hdr_addr, int len)
63 {
64 int i, ret;
65
66 if (len > ARPT_DEV_ADDR_LEN_MAX)
67 len = ARPT_DEV_ADDR_LEN_MAX;
68
69 ret = 0;
70 for (i = 0; i < len; i++)
71 ret |= (hdr_addr[i] ^ ap->addr[i]) & ap->mask[i];
72
73 return (ret != 0);
74 }
75
76 /* Returns whether packet matches rule or not. */
77 static inline int arp_packet_match(const struct arphdr *arphdr,
78 struct net_device *dev,
79 const char *indev,
80 const char *outdev,
81 const struct arpt_arp *arpinfo)
82 {
83 const char *arpptr = (char *)(arphdr + 1);
84 const char *src_devaddr, *tgt_devaddr;
85 __be32 src_ipaddr, tgt_ipaddr;
86 int i, ret;
87
88 #define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg)))
89
90 if (FWINV((arphdr->ar_op & arpinfo->arpop_mask) != arpinfo->arpop,
91 ARPT_INV_ARPOP)) {
92 dprintf("ARP operation field mismatch.\n");
93 dprintf("ar_op: %04x info->arpop: %04x info->arpop_mask: %04x\n",
94 arphdr->ar_op, arpinfo->arpop, arpinfo->arpop_mask);
95 return 0;
96 }
97
98 if (FWINV((arphdr->ar_hrd & arpinfo->arhrd_mask) != arpinfo->arhrd,
99 ARPT_INV_ARPHRD)) {
100 dprintf("ARP hardware address format mismatch.\n");
101 dprintf("ar_hrd: %04x info->arhrd: %04x info->arhrd_mask: %04x\n",
102 arphdr->ar_hrd, arpinfo->arhrd, arpinfo->arhrd_mask);
103 return 0;
104 }
105
106 if (FWINV((arphdr->ar_pro & arpinfo->arpro_mask) != arpinfo->arpro,
107 ARPT_INV_ARPPRO)) {
108 dprintf("ARP protocol address format mismatch.\n");
109 dprintf("ar_pro: %04x info->arpro: %04x info->arpro_mask: %04x\n",
110 arphdr->ar_pro, arpinfo->arpro, arpinfo->arpro_mask);
111 return 0;
112 }
113
114 if (FWINV((arphdr->ar_hln & arpinfo->arhln_mask) != arpinfo->arhln,
115 ARPT_INV_ARPHLN)) {
116 dprintf("ARP hardware address length mismatch.\n");
117 dprintf("ar_hln: %02x info->arhln: %02x info->arhln_mask: %02x\n",
118 arphdr->ar_hln, arpinfo->arhln, arpinfo->arhln_mask);
119 return 0;
120 }
121
122 src_devaddr = arpptr;
123 arpptr += dev->addr_len;
124 memcpy(&src_ipaddr, arpptr, sizeof(u32));
125 arpptr += sizeof(u32);
126 tgt_devaddr = arpptr;
127 arpptr += dev->addr_len;
128 memcpy(&tgt_ipaddr, arpptr, sizeof(u32));
129
130 if (FWINV(arp_devaddr_compare(&arpinfo->src_devaddr, src_devaddr, dev->addr_len),
131 ARPT_INV_SRCDEVADDR) ||
132 FWINV(arp_devaddr_compare(&arpinfo->tgt_devaddr, tgt_devaddr, dev->addr_len),
133 ARPT_INV_TGTDEVADDR)) {
134 dprintf("Source or target device address mismatch.\n");
135
136 return 0;
137 }
138
139 if (FWINV((src_ipaddr & arpinfo->smsk.s_addr) != arpinfo->src.s_addr,
140 ARPT_INV_SRCIP) ||
141 FWINV(((tgt_ipaddr & arpinfo->tmsk.s_addr) != arpinfo->tgt.s_addr),
142 ARPT_INV_TGTIP)) {
143 dprintf("Source or target IP address mismatch.\n");
144
145 dprintf("SRC: %u.%u.%u.%u. Mask: %u.%u.%u.%u. Target: %u.%u.%u.%u.%s\n",
146 NIPQUAD(src_ipaddr),
147 NIPQUAD(arpinfo->smsk.s_addr),
148 NIPQUAD(arpinfo->src.s_addr),
149 arpinfo->invflags & ARPT_INV_SRCIP ? " (INV)" : "");
150 dprintf("TGT: %u.%u.%u.%u Mask: %u.%u.%u.%u Target: %u.%u.%u.%u.%s\n",
151 NIPQUAD(tgt_ipaddr),
152 NIPQUAD(arpinfo->tmsk.s_addr),
153 NIPQUAD(arpinfo->tgt.s_addr),
154 arpinfo->invflags & ARPT_INV_TGTIP ? " (INV)" : "");
155 return 0;
156 }
157
158 /* Look for ifname matches. */
159 for (i = 0, ret = 0; i < IFNAMSIZ; i++) {
160 ret |= (indev[i] ^ arpinfo->iniface[i])
161 & arpinfo->iniface_mask[i];
162 }
163
164 if (FWINV(ret != 0, ARPT_INV_VIA_IN)) {
165 dprintf("VIA in mismatch (%s vs %s).%s\n",
166 indev, arpinfo->iniface,
167 arpinfo->invflags&ARPT_INV_VIA_IN ?" (INV)":"");
168 return 0;
169 }
170
171 for (i = 0, ret = 0; i < IFNAMSIZ; i++) {
172 ret |= (outdev[i] ^ arpinfo->outiface[i])
173 & arpinfo->outiface_mask[i];
174 }
175
176 if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) {
177 dprintf("VIA out mismatch (%s vs %s).%s\n",
178 outdev, arpinfo->outiface,
179 arpinfo->invflags&ARPT_INV_VIA_OUT ?" (INV)":"");
180 return 0;
181 }
182
183 return 1;
184 #undef FWINV
185 }
186
187 static inline int arp_checkentry(const struct arpt_arp *arp)
188 {
189 if (arp->flags & ~ARPT_F_MASK) {
190 duprintf("Unknown flag bits set: %08X\n",
191 arp->flags & ~ARPT_F_MASK);
192 return 0;
193 }
194 if (arp->invflags & ~ARPT_INV_MASK) {
195 duprintf("Unknown invflag bits set: %08X\n",
196 arp->invflags & ~ARPT_INV_MASK);
197 return 0;
198 }
199
200 return 1;
201 }
202
203 static unsigned int
204 arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
205 {
206 if (net_ratelimit())
207 printk("arp_tables: error: '%s'\n",
208 (const char *)par->targinfo);
209
210 return NF_DROP;
211 }
212
213 static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
214 {
215 return (struct arpt_entry *)(base + offset);
216 }
217
218 unsigned int arpt_do_table(struct sk_buff *skb,
219 unsigned int hook,
220 const struct net_device *in,
221 const struct net_device *out,
222 struct xt_table *table)
223 {
224 static const char nulldevname[IFNAMSIZ];
225 unsigned int verdict = NF_DROP;
226 const struct arphdr *arp;
227 bool hotdrop = false;
228 struct arpt_entry *e, *back;
229 const char *indev, *outdev;
230 void *table_base;
231 const struct xt_table_info *private;
232 struct xt_target_param tgpar;
233
234 if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
235 return NF_DROP;
236
237 indev = in ? in->name : nulldevname;
238 outdev = out ? out->name : nulldevname;
239
240 read_lock_bh(&table->lock);
241 private = table->private;
242 table_base = (void *)private->entries[smp_processor_id()];
243 e = get_entry(table_base, private->hook_entry[hook]);
244 back = get_entry(table_base, private->underflow[hook]);
245
246 tgpar.in = in;
247 tgpar.out = out;
248 tgpar.hooknum = hook;
249 tgpar.family = NFPROTO_ARP;
250
251 arp = arp_hdr(skb);
252 do {
253 if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
254 struct arpt_entry_target *t;
255 int hdr_len;
256
257 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
258 (2 * skb->dev->addr_len);
259 ADD_COUNTER(e->counters, hdr_len, 1);
260
261 t = arpt_get_target(e);
262
263 /* Standard target? */
264 if (!t->u.kernel.target->target) {
265 int v;
266
267 v = ((struct arpt_standard_target *)t)->verdict;
268 if (v < 0) {
269 /* Pop from stack? */
270 if (v != ARPT_RETURN) {
271 verdict = (unsigned)(-v) - 1;
272 break;
273 }
274 e = back;
275 back = get_entry(table_base,
276 back->comefrom);
277 continue;
278 }
279 if (table_base + v
280 != (void *)e + e->next_offset) {
281 /* Save old back ptr in next entry */
282 struct arpt_entry *next
283 = (void *)e + e->next_offset;
284 next->comefrom =
285 (void *)back - table_base;
286
287 /* set back pointer to next entry */
288 back = next;
289 }
290
291 e = get_entry(table_base, v);
292 } else {
293 /* Targets which reenter must return
294 * abs. verdicts
295 */
296 tgpar.target = t->u.kernel.target;
297 tgpar.targinfo = t->data;
298 verdict = t->u.kernel.target->target(skb,
299 &tgpar);
300
301 /* Target might have changed stuff. */
302 arp = arp_hdr(skb);
303
304 if (verdict == ARPT_CONTINUE)
305 e = (void *)e + e->next_offset;
306 else
307 /* Verdict */
308 break;
309 }
310 } else {
311 e = (void *)e + e->next_offset;
312 }
313 } while (!hotdrop);
314 read_unlock_bh(&table->lock);
315
316 if (hotdrop)
317 return NF_DROP;
318 else
319 return verdict;
320 }
321
322 /* All zeroes == unconditional rule. */
323 static inline int unconditional(const struct arpt_arp *arp)
324 {
325 unsigned int i;
326
327 for (i = 0; i < sizeof(*arp)/sizeof(__u32); i++)
328 if (((__u32 *)arp)[i])
329 return 0;
330
331 return 1;
332 }
333
334 /* Figures out from what hook each rule can be called: returns 0 if
335 * there are loops. Puts hook bitmask in comefrom.
336 */
337 static int mark_source_chains(struct xt_table_info *newinfo,
338 unsigned int valid_hooks, void *entry0)
339 {
340 unsigned int hook;
341
342 /* No recursion; use packet counter to save back ptrs (reset
343 * to 0 as we leave), and comefrom to save source hook bitmask.
344 */
345 for (hook = 0; hook < NF_ARP_NUMHOOKS; hook++) {
346 unsigned int pos = newinfo->hook_entry[hook];
347 struct arpt_entry *e
348 = (struct arpt_entry *)(entry0 + pos);
349
350 if (!(valid_hooks & (1 << hook)))
351 continue;
352
353 /* Set initial back pointer. */
354 e->counters.pcnt = pos;
355
356 for (;;) {
357 const struct arpt_standard_target *t
358 = (void *)arpt_get_target(e);
359 int visited = e->comefrom & (1 << hook);
360
361 if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) {
362 printk("arptables: loop hook %u pos %u %08X.\n",
363 hook, pos, e->comefrom);
364 return 0;
365 }
366 e->comefrom
367 |= ((1 << hook) | (1 << NF_ARP_NUMHOOKS));
368
369 /* Unconditional return/END. */
370 if ((e->target_offset == sizeof(struct arpt_entry)
371 && (strcmp(t->target.u.user.name,
372 ARPT_STANDARD_TARGET) == 0)
373 && t->verdict < 0
374 && unconditional(&e->arp)) || visited) {
375 unsigned int oldpos, size;
376
377 if (t->verdict < -NF_MAX_VERDICT - 1) {
378 duprintf("mark_source_chains: bad "
379 "negative verdict (%i)\n",
380 t->verdict);
381 return 0;
382 }
383
384 /* Return: backtrack through the last
385 * big jump.
386 */
387 do {
388 e->comefrom ^= (1<<NF_ARP_NUMHOOKS);
389 oldpos = pos;
390 pos = e->counters.pcnt;
391 e->counters.pcnt = 0;
392
393 /* We're at the start. */
394 if (pos == oldpos)
395 goto next;
396
397 e = (struct arpt_entry *)
398 (entry0 + pos);
399 } while (oldpos == pos + e->next_offset);
400
401 /* Move along one */
402 size = e->next_offset;
403 e = (struct arpt_entry *)
404 (entry0 + pos + size);
405 e->counters.pcnt = pos;
406 pos += size;
407 } else {
408 int newpos = t->verdict;
409
410 if (strcmp(t->target.u.user.name,
411 ARPT_STANDARD_TARGET) == 0
412 && newpos >= 0) {
413 if (newpos > newinfo->size -
414 sizeof(struct arpt_entry)) {
415 duprintf("mark_source_chains: "
416 "bad verdict (%i)\n",
417 newpos);
418 return 0;
419 }
420
421 /* This a jump; chase it. */
422 duprintf("Jump rule %u -> %u\n",
423 pos, newpos);
424 } else {
425 /* ... this is a fallthru */
426 newpos = pos + e->next_offset;
427 }
428 e = (struct arpt_entry *)
429 (entry0 + newpos);
430 e->counters.pcnt = pos;
431 pos = newpos;
432 }
433 }
434 next:
435 duprintf("Finished chain %u\n", hook);
436 }
437 return 1;
438 }
439
440 static inline int check_entry(struct arpt_entry *e, const char *name)
441 {
442 const struct arpt_entry_target *t;
443
444 if (!arp_checkentry(&e->arp)) {
445 duprintf("arp_tables: arp check failed %p %s.\n", e, name);
446 return -EINVAL;
447 }
448
449 if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset)
450 return -EINVAL;
451
452 t = arpt_get_target(e);
453 if (e->target_offset + t->u.target_size > e->next_offset)
454 return -EINVAL;
455
456 return 0;
457 }
458
459 static inline int check_target(struct arpt_entry *e, const char *name)
460 {
461 struct arpt_entry_target *t = arpt_get_target(e);
462 int ret;
463 struct xt_tgchk_param par = {
464 .table = name,
465 .entryinfo = e,
466 .target = t->u.kernel.target,
467 .targinfo = t->data,
468 .hook_mask = e->comefrom,
469 .family = NFPROTO_ARP,
470 };
471
472 ret = xt_check_target(&par, t->u.target_size - sizeof(*t), 0, false);
473 if (ret < 0) {
474 duprintf("arp_tables: check failed for `%s'.\n",
475 t->u.kernel.target->name);
476 return ret;
477 }
478 return 0;
479 }
480
481 static inline int
482 find_check_entry(struct arpt_entry *e, const char *name, unsigned int size,
483 unsigned int *i)
484 {
485 struct arpt_entry_target *t;
486 struct xt_target *target;
487 int ret;
488
489 ret = check_entry(e, name);
490 if (ret)
491 return ret;
492
493 t = arpt_get_target(e);
494 target = try_then_request_module(xt_find_target(NFPROTO_ARP,
495 t->u.user.name,
496 t->u.user.revision),
497 "arpt_%s", t->u.user.name);
498 if (IS_ERR(target) || !target) {
499 duprintf("find_check_entry: `%s' not found\n", t->u.user.name);
500 ret = target ? PTR_ERR(target) : -ENOENT;
501 goto out;
502 }
503 t->u.kernel.target = target;
504
505 ret = check_target(e, name);
506 if (ret)
507 goto err;
508
509 (*i)++;
510 return 0;
511 err:
512 module_put(t->u.kernel.target->me);
513 out:
514 return ret;
515 }
516
517 static inline int check_entry_size_and_hooks(struct arpt_entry *e,
518 struct xt_table_info *newinfo,
519 unsigned char *base,
520 unsigned char *limit,
521 const unsigned int *hook_entries,
522 const unsigned int *underflows,
523 unsigned int *i)
524 {
525 unsigned int h;
526
527 if ((unsigned long)e % __alignof__(struct arpt_entry) != 0
528 || (unsigned char *)e + sizeof(struct arpt_entry) >= limit) {
529 duprintf("Bad offset %p\n", e);
530 return -EINVAL;
531 }
532
533 if (e->next_offset
534 < sizeof(struct arpt_entry) + sizeof(struct arpt_entry_target)) {
535 duprintf("checking: element %p size %u\n",
536 e, e->next_offset);
537 return -EINVAL;
538 }
539
540 /* Check hooks & underflows */
541 for (h = 0; h < NF_ARP_NUMHOOKS; h++) {
542 if ((unsigned char *)e - base == hook_entries[h])
543 newinfo->hook_entry[h] = hook_entries[h];
544 if ((unsigned char *)e - base == underflows[h])
545 newinfo->underflow[h] = underflows[h];
546 }
547
548 /* FIXME: underflows must be unconditional, standard verdicts
549 < 0 (not ARPT_RETURN). --RR */
550
551 /* Clear counters and comefrom */
552 e->counters = ((struct xt_counters) { 0, 0 });
553 e->comefrom = 0;
554
555 (*i)++;
556 return 0;
557 }
558
559 static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i)
560 {
561 struct xt_tgdtor_param par;
562 struct arpt_entry_target *t;
563
564 if (i && (*i)-- == 0)
565 return 1;
566
567 t = arpt_get_target(e);
568 par.target = t->u.kernel.target;
569 par.targinfo = t->data;
570 par.family = NFPROTO_ARP;
571 if (par.target->destroy != NULL)
572 par.target->destroy(&par);
573 module_put(par.target->me);
574 return 0;
575 }
576
577 /* Checks and translates the user-supplied table segment (held in
578 * newinfo).
579 */
580 static int translate_table(const char *name,
581 unsigned int valid_hooks,
582 struct xt_table_info *newinfo,
583 void *entry0,
584 unsigned int size,
585 unsigned int number,
586 const unsigned int *hook_entries,
587 const unsigned int *underflows)
588 {
589 unsigned int i;
590 int ret;
591
592 newinfo->size = size;
593 newinfo->number = number;
594
595 /* Init all hooks to impossible value. */
596 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
597 newinfo->hook_entry[i] = 0xFFFFFFFF;
598 newinfo->underflow[i] = 0xFFFFFFFF;
599 }
600
601 duprintf("translate_table: size %u\n", newinfo->size);
602 i = 0;
603
604 /* Walk through entries, checking offsets. */
605 ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
606 check_entry_size_and_hooks,
607 newinfo,
608 entry0,
609 entry0 + size,
610 hook_entries, underflows, &i);
611 duprintf("translate_table: ARPT_ENTRY_ITERATE gives %d\n", ret);
612 if (ret != 0)
613 return ret;
614
615 if (i != number) {
616 duprintf("translate_table: %u not %u entries\n",
617 i, number);
618 return -EINVAL;
619 }
620
621 /* Check hooks all assigned */
622 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
623 /* Only hooks which are valid */
624 if (!(valid_hooks & (1 << i)))
625 continue;
626 if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
627 duprintf("Invalid hook entry %u %u\n",
628 i, hook_entries[i]);
629 return -EINVAL;
630 }
631 if (newinfo->underflow[i] == 0xFFFFFFFF) {
632 duprintf("Invalid underflow %u %u\n",
633 i, underflows[i]);
634 return -EINVAL;
635 }
636 }
637
638 if (!mark_source_chains(newinfo, valid_hooks, entry0)) {
639 duprintf("Looping hook\n");
640 return -ELOOP;
641 }
642
643 /* Finally, each sanity check must pass */
644 i = 0;
645 ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
646 find_check_entry, name, size, &i);
647
648 if (ret != 0) {
649 ARPT_ENTRY_ITERATE(entry0, newinfo->size,
650 cleanup_entry, &i);
651 return ret;
652 }
653
654 /* And one copy for every other CPU */
655 for_each_possible_cpu(i) {
656 if (newinfo->entries[i] && newinfo->entries[i] != entry0)
657 memcpy(newinfo->entries[i], entry0, newinfo->size);
658 }
659
660 return ret;
661 }
662
663 /* Gets counters. */
664 static inline int add_entry_to_counter(const struct arpt_entry *e,
665 struct xt_counters total[],
666 unsigned int *i)
667 {
668 ADD_COUNTER(total[*i], e->counters.bcnt, e->counters.pcnt);
669
670 (*i)++;
671 return 0;
672 }
673
674 static inline int set_entry_to_counter(const struct arpt_entry *e,
675 struct xt_counters total[],
676 unsigned int *i)
677 {
678 SET_COUNTER(total[*i], e->counters.bcnt, e->counters.pcnt);
679
680 (*i)++;
681 return 0;
682 }
683
684 static void get_counters(const struct xt_table_info *t,
685 struct xt_counters counters[])
686 {
687 unsigned int cpu;
688 unsigned int i;
689 unsigned int curcpu;
690
691 /* Instead of clearing (by a previous call to memset())
692 * the counters and using adds, we set the counters
693 * with data used by 'current' CPU
694 * We dont care about preemption here.
695 */
696 curcpu = raw_smp_processor_id();
697
698 i = 0;
699 ARPT_ENTRY_ITERATE(t->entries[curcpu],
700 t->size,
701 set_entry_to_counter,
702 counters,
703 &i);
704
705 for_each_possible_cpu(cpu) {
706 if (cpu == curcpu)
707 continue;
708 i = 0;
709 ARPT_ENTRY_ITERATE(t->entries[cpu],
710 t->size,
711 add_entry_to_counter,
712 counters,
713 &i);
714 }
715 }
716
717 static inline struct xt_counters *alloc_counters(struct xt_table *table)
718 {
719 unsigned int countersize;
720 struct xt_counters *counters;
721 const struct xt_table_info *private = table->private;
722
723 /* We need atomic snapshot of counters: rest doesn't change
724 * (other than comefrom, which userspace doesn't care
725 * about).
726 */
727 countersize = sizeof(struct xt_counters) * private->number;
728 counters = vmalloc_node(countersize, numa_node_id());
729
730 if (counters == NULL)
731 return ERR_PTR(-ENOMEM);
732
733 /* First, sum counters... */
734 write_lock_bh(&table->lock);
735 get_counters(private, counters);
736 write_unlock_bh(&table->lock);
737
738 return counters;
739 }
740
741 static int copy_entries_to_user(unsigned int total_size,
742 struct xt_table *table,
743 void __user *userptr)
744 {
745 unsigned int off, num;
746 struct arpt_entry *e;
747 struct xt_counters *counters;
748 struct xt_table_info *private = table->private;
749 int ret = 0;
750 void *loc_cpu_entry;
751
752 counters = alloc_counters(table);
753 if (IS_ERR(counters))
754 return PTR_ERR(counters);
755
756 loc_cpu_entry = private->entries[raw_smp_processor_id()];
757 /* ... then copy entire thing ... */
758 if (copy_to_user(userptr, loc_cpu_entry, total_size) != 0) {
759 ret = -EFAULT;
760 goto free_counters;
761 }
762
763 /* FIXME: use iterator macros --RR */
764 /* ... then go back and fix counters and names */
765 for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
766 struct arpt_entry_target *t;
767
768 e = (struct arpt_entry *)(loc_cpu_entry + off);
769 if (copy_to_user(userptr + off
770 + offsetof(struct arpt_entry, counters),
771 &counters[num],
772 sizeof(counters[num])) != 0) {
773 ret = -EFAULT;
774 goto free_counters;
775 }
776
777 t = arpt_get_target(e);
778 if (copy_to_user(userptr + off + e->target_offset
779 + offsetof(struct arpt_entry_target,
780 u.user.name),
781 t->u.kernel.target->name,
782 strlen(t->u.kernel.target->name)+1) != 0) {
783 ret = -EFAULT;
784 goto free_counters;
785 }
786 }
787
788 free_counters:
789 vfree(counters);
790 return ret;
791 }
792
793 #ifdef CONFIG_COMPAT
794 static void compat_standard_from_user(void *dst, void *src)
795 {
796 int v = *(compat_int_t *)src;
797
798 if (v > 0)
799 v += xt_compat_calc_jump(NFPROTO_ARP, v);
800 memcpy(dst, &v, sizeof(v));
801 }
802
803 static int compat_standard_to_user(void __user *dst, void *src)
804 {
805 compat_int_t cv = *(int *)src;
806
807 if (cv > 0)
808 cv -= xt_compat_calc_jump(NFPROTO_ARP, cv);
809 return copy_to_user(dst, &cv, sizeof(cv)) ? -EFAULT : 0;
810 }
811
812 static int compat_calc_entry(struct arpt_entry *e,
813 const struct xt_table_info *info,
814 void *base, struct xt_table_info *newinfo)
815 {
816 struct arpt_entry_target *t;
817 unsigned int entry_offset;
818 int off, i, ret;
819
820 off = sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
821 entry_offset = (void *)e - base;
822
823 t = arpt_get_target(e);
824 off += xt_compat_target_offset(t->u.kernel.target);
825 newinfo->size -= off;
826 ret = xt_compat_add_offset(NFPROTO_ARP, entry_offset, off);
827 if (ret)
828 return ret;
829
830 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
831 if (info->hook_entry[i] &&
832 (e < (struct arpt_entry *)(base + info->hook_entry[i])))
833 newinfo->hook_entry[i] -= off;
834 if (info->underflow[i] &&
835 (e < (struct arpt_entry *)(base + info->underflow[i])))
836 newinfo->underflow[i] -= off;
837 }
838 return 0;
839 }
840
841 static int compat_table_info(const struct xt_table_info *info,
842 struct xt_table_info *newinfo)
843 {
844 void *loc_cpu_entry;
845
846 if (!newinfo || !info)
847 return -EINVAL;
848
849 /* we dont care about newinfo->entries[] */
850 memcpy(newinfo, info, offsetof(struct xt_table_info, entries));
851 newinfo->initial_entries = 0;
852 loc_cpu_entry = info->entries[raw_smp_processor_id()];
853 return ARPT_ENTRY_ITERATE(loc_cpu_entry, info->size,
854 compat_calc_entry, info, loc_cpu_entry,
855 newinfo);
856 }
857 #endif
858
859 static int get_info(struct net *net, void __user *user, int *len, int compat)
860 {
861 char name[ARPT_TABLE_MAXNAMELEN];
862 struct xt_table *t;
863 int ret;
864
865 if (*len != sizeof(struct arpt_getinfo)) {
866 duprintf("length %u != %Zu\n", *len,
867 sizeof(struct arpt_getinfo));
868 return -EINVAL;
869 }
870
871 if (copy_from_user(name, user, sizeof(name)) != 0)
872 return -EFAULT;
873
874 name[ARPT_TABLE_MAXNAMELEN-1] = '\0';
875 #ifdef CONFIG_COMPAT
876 if (compat)
877 xt_compat_lock(NFPROTO_ARP);
878 #endif
879 t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name),
880 "arptable_%s", name);
881 if (t && !IS_ERR(t)) {
882 struct arpt_getinfo info;
883 const struct xt_table_info *private = t->private;
884
885 #ifdef CONFIG_COMPAT
886 if (compat) {
887 struct xt_table_info tmp;
888 ret = compat_table_info(private, &tmp);
889 xt_compat_flush_offsets(NFPROTO_ARP);
890 private = &tmp;
891 }
892 #endif
893 info.valid_hooks = t->valid_hooks;
894 memcpy(info.hook_entry, private->hook_entry,
895 sizeof(info.hook_entry));
896 memcpy(info.underflow, private->underflow,
897 sizeof(info.underflow));
898 info.num_entries = private->number;
899 info.size = private->size;
900 strcpy(info.name, name);
901
902 if (copy_to_user(user, &info, *len) != 0)
903 ret = -EFAULT;
904 else
905 ret = 0;
906 xt_table_unlock(t);
907 module_put(t->me);
908 } else
909 ret = t ? PTR_ERR(t) : -ENOENT;
910 #ifdef CONFIG_COMPAT
911 if (compat)
912 xt_compat_unlock(NFPROTO_ARP);
913 #endif
914 return ret;
915 }
916
917 static int get_entries(struct net *net, struct arpt_get_entries __user *uptr,
918 int *len)
919 {
920 int ret;
921 struct arpt_get_entries get;
922 struct xt_table *t;
923
924 if (*len < sizeof(get)) {
925 duprintf("get_entries: %u < %Zu\n", *len, sizeof(get));
926 return -EINVAL;
927 }
928 if (copy_from_user(&get, uptr, sizeof(get)) != 0)
929 return -EFAULT;
930 if (*len != sizeof(struct arpt_get_entries) + get.size) {
931 duprintf("get_entries: %u != %Zu\n", *len,
932 sizeof(struct arpt_get_entries) + get.size);
933 return -EINVAL;
934 }
935
936 t = xt_find_table_lock(net, NFPROTO_ARP, get.name);
937 if (t && !IS_ERR(t)) {
938 const struct xt_table_info *private = t->private;
939
940 duprintf("t->private->number = %u\n",
941 private->number);
942 if (get.size == private->size)
943 ret = copy_entries_to_user(private->size,
944 t, uptr->entrytable);
945 else {
946 duprintf("get_entries: I've got %u not %u!\n",
947 private->size, get.size);
948 ret = -EAGAIN;
949 }
950 module_put(t->me);
951 xt_table_unlock(t);
952 } else
953 ret = t ? PTR_ERR(t) : -ENOENT;
954
955 return ret;
956 }
957
958 static int __do_replace(struct net *net, const char *name,
959 unsigned int valid_hooks,
960 struct xt_table_info *newinfo,
961 unsigned int num_counters,
962 void __user *counters_ptr)
963 {
964 int ret;
965 struct xt_table *t;
966 struct xt_table_info *oldinfo;
967 struct xt_counters *counters;
968 void *loc_cpu_old_entry;
969
970 ret = 0;
971 counters = vmalloc_node(num_counters * sizeof(struct xt_counters),
972 numa_node_id());
973 if (!counters) {
974 ret = -ENOMEM;
975 goto out;
976 }
977
978 t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name),
979 "arptable_%s", name);
980 if (!t || IS_ERR(t)) {
981 ret = t ? PTR_ERR(t) : -ENOENT;
982 goto free_newinfo_counters_untrans;
983 }
984
985 /* You lied! */
986 if (valid_hooks != t->valid_hooks) {
987 duprintf("Valid hook crap: %08X vs %08X\n",
988 valid_hooks, t->valid_hooks);
989 ret = -EINVAL;
990 goto put_module;
991 }
992
993 oldinfo = xt_replace_table(t, num_counters, newinfo, &ret);
994 if (!oldinfo)
995 goto put_module;
996
997 /* Update module usage count based on number of rules */
998 duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n",
999 oldinfo->number, oldinfo->initial_entries, newinfo->number);
1000 if ((oldinfo->number > oldinfo->initial_entries) ||
1001 (newinfo->number <= oldinfo->initial_entries))
1002 module_put(t->me);
1003 if ((oldinfo->number > oldinfo->initial_entries) &&
1004 (newinfo->number <= oldinfo->initial_entries))
1005 module_put(t->me);
1006
1007 /* Get the old counters. */
1008 get_counters(oldinfo, counters);
1009 /* Decrease module usage counts and free resource */
1010 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];
1011 ARPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry,
1012 NULL);
1013
1014 xt_free_table_info(oldinfo);
1015 if (copy_to_user(counters_ptr, counters,
1016 sizeof(struct xt_counters) * num_counters) != 0)
1017 ret = -EFAULT;
1018 vfree(counters);
1019 xt_table_unlock(t);
1020 return ret;
1021
1022 put_module:
1023 module_put(t->me);
1024 xt_table_unlock(t);
1025 free_newinfo_counters_untrans:
1026 vfree(counters);
1027 out:
1028 return ret;
1029 }
1030
1031 static int do_replace(struct net *net, void __user *user, unsigned int len)
1032 {
1033 int ret;
1034 struct arpt_replace tmp;
1035 struct xt_table_info *newinfo;
1036 void *loc_cpu_entry;
1037
1038 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1039 return -EFAULT;
1040
1041 /* overflow check */
1042 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
1043 return -ENOMEM;
1044
1045 newinfo = xt_alloc_table_info(tmp.size);
1046 if (!newinfo)
1047 return -ENOMEM;
1048
1049 /* choose the copy that is on our node/cpu */
1050 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1051 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp),
1052 tmp.size) != 0) {
1053 ret = -EFAULT;
1054 goto free_newinfo;
1055 }
1056
1057 ret = translate_table(tmp.name, tmp.valid_hooks,
1058 newinfo, loc_cpu_entry, tmp.size, tmp.num_entries,
1059 tmp.hook_entry, tmp.underflow);
1060 if (ret != 0)
1061 goto free_newinfo;
1062
1063 duprintf("arp_tables: Translated table\n");
1064
1065 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
1066 tmp.num_counters, tmp.counters);
1067 if (ret)
1068 goto free_newinfo_untrans;
1069 return 0;
1070
1071 free_newinfo_untrans:
1072 ARPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
1073 free_newinfo:
1074 xt_free_table_info(newinfo);
1075 return ret;
1076 }
1077
1078 /* We're lazy, and add to the first CPU; overflow works its fey magic
1079 * and everything is OK.
1080 */
1081 static inline int add_counter_to_entry(struct arpt_entry *e,
1082 const struct xt_counters addme[],
1083 unsigned int *i)
1084 {
1085
1086 ADD_COUNTER(e->counters, addme[*i].bcnt, addme[*i].pcnt);
1087
1088 (*i)++;
1089 return 0;
1090 }
1091
1092 static int do_add_counters(struct net *net, void __user *user, unsigned int len,
1093 int compat)
1094 {
1095 unsigned int i;
1096 struct xt_counters_info tmp;
1097 struct xt_counters *paddc;
1098 unsigned int num_counters;
1099 const char *name;
1100 int size;
1101 void *ptmp;
1102 struct xt_table *t;
1103 const struct xt_table_info *private;
1104 int ret = 0;
1105 void *loc_cpu_entry;
1106 #ifdef CONFIG_COMPAT
1107 struct compat_xt_counters_info compat_tmp;
1108
1109 if (compat) {
1110 ptmp = &compat_tmp;
1111 size = sizeof(struct compat_xt_counters_info);
1112 } else
1113 #endif
1114 {
1115 ptmp = &tmp;
1116 size = sizeof(struct xt_counters_info);
1117 }
1118
1119 if (copy_from_user(ptmp, user, size) != 0)
1120 return -EFAULT;
1121
1122 #ifdef CONFIG_COMPAT
1123 if (compat) {
1124 num_counters = compat_tmp.num_counters;
1125 name = compat_tmp.name;
1126 } else
1127 #endif
1128 {
1129 num_counters = tmp.num_counters;
1130 name = tmp.name;
1131 }
1132
1133 if (len != size + num_counters * sizeof(struct xt_counters))
1134 return -EINVAL;
1135
1136 paddc = vmalloc_node(len - size, numa_node_id());
1137 if (!paddc)
1138 return -ENOMEM;
1139
1140 if (copy_from_user(paddc, user + size, len - size) != 0) {
1141 ret = -EFAULT;
1142 goto free;
1143 }
1144
1145 t = xt_find_table_lock(net, NFPROTO_ARP, name);
1146 if (!t || IS_ERR(t)) {
1147 ret = t ? PTR_ERR(t) : -ENOENT;
1148 goto free;
1149 }
1150
1151 write_lock_bh(&t->lock);
1152 private = t->private;
1153 if (private->number != num_counters) {
1154 ret = -EINVAL;
1155 goto unlock_up_free;
1156 }
1157
1158 i = 0;
1159 /* Choose the copy that is on our node */
1160 loc_cpu_entry = private->entries[smp_processor_id()];
1161 ARPT_ENTRY_ITERATE(loc_cpu_entry,
1162 private->size,
1163 add_counter_to_entry,
1164 paddc,
1165 &i);
1166 unlock_up_free:
1167 write_unlock_bh(&t->lock);
1168 xt_table_unlock(t);
1169 module_put(t->me);
1170 free:
1171 vfree(paddc);
1172
1173 return ret;
1174 }
1175
1176 #ifdef CONFIG_COMPAT
1177 static inline int
1178 compat_release_entry(struct compat_arpt_entry *e, unsigned int *i)
1179 {
1180 struct arpt_entry_target *t;
1181
1182 if (i && (*i)-- == 0)
1183 return 1;
1184
1185 t = compat_arpt_get_target(e);
1186 module_put(t->u.kernel.target->me);
1187 return 0;
1188 }
1189
1190 static inline int
1191 check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
1192 struct xt_table_info *newinfo,
1193 unsigned int *size,
1194 unsigned char *base,
1195 unsigned char *limit,
1196 unsigned int *hook_entries,
1197 unsigned int *underflows,
1198 unsigned int *i,
1199 const char *name)
1200 {
1201 struct arpt_entry_target *t;
1202 struct xt_target *target;
1203 unsigned int entry_offset;
1204 int ret, off, h;
1205
1206 duprintf("check_compat_entry_size_and_hooks %p\n", e);
1207 if ((unsigned long)e % __alignof__(struct compat_arpt_entry) != 0
1208 || (unsigned char *)e + sizeof(struct compat_arpt_entry) >= limit) {
1209 duprintf("Bad offset %p, limit = %p\n", e, limit);
1210 return -EINVAL;
1211 }
1212
1213 if (e->next_offset < sizeof(struct compat_arpt_entry) +
1214 sizeof(struct compat_xt_entry_target)) {
1215 duprintf("checking: element %p size %u\n",
1216 e, e->next_offset);
1217 return -EINVAL;
1218 }
1219
1220 /* For purposes of check_entry casting the compat entry is fine */
1221 ret = check_entry((struct arpt_entry *)e, name);
1222 if (ret)
1223 return ret;
1224
1225 off = sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
1226 entry_offset = (void *)e - (void *)base;
1227
1228 t = compat_arpt_get_target(e);
1229 target = try_then_request_module(xt_find_target(NFPROTO_ARP,
1230 t->u.user.name,
1231 t->u.user.revision),
1232 "arpt_%s", t->u.user.name);
1233 if (IS_ERR(target) || !target) {
1234 duprintf("check_compat_entry_size_and_hooks: `%s' not found\n",
1235 t->u.user.name);
1236 ret = target ? PTR_ERR(target) : -ENOENT;
1237 goto out;
1238 }
1239 t->u.kernel.target = target;
1240
1241 off += xt_compat_target_offset(target);
1242 *size += off;
1243 ret = xt_compat_add_offset(NFPROTO_ARP, entry_offset, off);
1244 if (ret)
1245 goto release_target;
1246
1247 /* Check hooks & underflows */
1248 for (h = 0; h < NF_ARP_NUMHOOKS; h++) {
1249 if ((unsigned char *)e - base == hook_entries[h])
1250 newinfo->hook_entry[h] = hook_entries[h];
1251 if ((unsigned char *)e - base == underflows[h])
1252 newinfo->underflow[h] = underflows[h];
1253 }
1254
1255 /* Clear counters and comefrom */
1256 memset(&e->counters, 0, sizeof(e->counters));
1257 e->comefrom = 0;
1258
1259 (*i)++;
1260 return 0;
1261
1262 release_target:
1263 module_put(t->u.kernel.target->me);
1264 out:
1265 return ret;
1266 }
1267
1268 static int
1269 compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
1270 unsigned int *size, const char *name,
1271 struct xt_table_info *newinfo, unsigned char *base)
1272 {
1273 struct arpt_entry_target *t;
1274 struct xt_target *target;
1275 struct arpt_entry *de;
1276 unsigned int origsize;
1277 int ret, h;
1278
1279 ret = 0;
1280 origsize = *size;
1281 de = (struct arpt_entry *)*dstptr;
1282 memcpy(de, e, sizeof(struct arpt_entry));
1283 memcpy(&de->counters, &e->counters, sizeof(e->counters));
1284
1285 *dstptr += sizeof(struct arpt_entry);
1286 *size += sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
1287
1288 de->target_offset = e->target_offset - (origsize - *size);
1289 t = compat_arpt_get_target(e);
1290 target = t->u.kernel.target;
1291 xt_compat_target_from_user(t, dstptr, size);
1292
1293 de->next_offset = e->next_offset - (origsize - *size);
1294 for (h = 0; h < NF_ARP_NUMHOOKS; h++) {
1295 if ((unsigned char *)de - base < newinfo->hook_entry[h])
1296 newinfo->hook_entry[h] -= origsize - *size;
1297 if ((unsigned char *)de - base < newinfo->underflow[h])
1298 newinfo->underflow[h] -= origsize - *size;
1299 }
1300 return ret;
1301 }
1302
1303 static inline int compat_check_entry(struct arpt_entry *e, const char *name,
1304 unsigned int *i)
1305 {
1306 int ret;
1307
1308 ret = check_target(e, name);
1309 if (ret)
1310 return ret;
1311
1312 (*i)++;
1313 return 0;
1314 }
1315
1316 static int translate_compat_table(const char *name,
1317 unsigned int valid_hooks,
1318 struct xt_table_info **pinfo,
1319 void **pentry0,
1320 unsigned int total_size,
1321 unsigned int number,
1322 unsigned int *hook_entries,
1323 unsigned int *underflows)
1324 {
1325 unsigned int i, j;
1326 struct xt_table_info *newinfo, *info;
1327 void *pos, *entry0, *entry1;
1328 unsigned int size;
1329 int ret;
1330
1331 info = *pinfo;
1332 entry0 = *pentry0;
1333 size = total_size;
1334 info->number = number;
1335
1336 /* Init all hooks to impossible value. */
1337 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
1338 info->hook_entry[i] = 0xFFFFFFFF;
1339 info->underflow[i] = 0xFFFFFFFF;
1340 }
1341
1342 duprintf("translate_compat_table: size %u\n", info->size);
1343 j = 0;
1344 xt_compat_lock(NFPROTO_ARP);
1345 /* Walk through entries, checking offsets. */
1346 ret = COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size,
1347 check_compat_entry_size_and_hooks,
1348 info, &size, entry0,
1349 entry0 + total_size,
1350 hook_entries, underflows, &j, name);
1351 if (ret != 0)
1352 goto out_unlock;
1353
1354 ret = -EINVAL;
1355 if (j != number) {
1356 duprintf("translate_compat_table: %u not %u entries\n",
1357 j, number);
1358 goto out_unlock;
1359 }
1360
1361 /* Check hooks all assigned */
1362 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
1363 /* Only hooks which are valid */
1364 if (!(valid_hooks & (1 << i)))
1365 continue;
1366 if (info->hook_entry[i] == 0xFFFFFFFF) {
1367 duprintf("Invalid hook entry %u %u\n",
1368 i, hook_entries[i]);
1369 goto out_unlock;
1370 }
1371 if (info->underflow[i] == 0xFFFFFFFF) {
1372 duprintf("Invalid underflow %u %u\n",
1373 i, underflows[i]);
1374 goto out_unlock;
1375 }
1376 }
1377
1378 ret = -ENOMEM;
1379 newinfo = xt_alloc_table_info(size);
1380 if (!newinfo)
1381 goto out_unlock;
1382
1383 newinfo->number = number;
1384 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
1385 newinfo->hook_entry[i] = info->hook_entry[i];
1386 newinfo->underflow[i] = info->underflow[i];
1387 }
1388 entry1 = newinfo->entries[raw_smp_processor_id()];
1389 pos = entry1;
1390 size = total_size;
1391 ret = COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size,
1392 compat_copy_entry_from_user,
1393 &pos, &size, name, newinfo, entry1);
1394 xt_compat_flush_offsets(NFPROTO_ARP);
1395 xt_compat_unlock(NFPROTO_ARP);
1396 if (ret)
1397 goto free_newinfo;
1398
1399 ret = -ELOOP;
1400 if (!mark_source_chains(newinfo, valid_hooks, entry1))
1401 goto free_newinfo;
1402
1403 i = 0;
1404 ret = ARPT_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry,
1405 name, &i);
1406 if (ret) {
1407 j -= i;
1408 COMPAT_ARPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i,
1409 compat_release_entry, &j);
1410 ARPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i);
1411 xt_free_table_info(newinfo);
1412 return ret;
1413 }
1414
1415 /* And one copy for every other CPU */
1416 for_each_possible_cpu(i)
1417 if (newinfo->entries[i] && newinfo->entries[i] != entry1)
1418 memcpy(newinfo->entries[i], entry1, newinfo->size);
1419
1420 *pinfo = newinfo;
1421 *pentry0 = entry1;
1422 xt_free_table_info(info);
1423 return 0;
1424
1425 free_newinfo:
1426 xt_free_table_info(newinfo);
1427 out:
1428 COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size, compat_release_entry, &j);
1429 return ret;
1430 out_unlock:
1431 xt_compat_flush_offsets(NFPROTO_ARP);
1432 xt_compat_unlock(NFPROTO_ARP);
1433 goto out;
1434 }
1435
1436 struct compat_arpt_replace {
1437 char name[ARPT_TABLE_MAXNAMELEN];
1438 u32 valid_hooks;
1439 u32 num_entries;
1440 u32 size;
1441 u32 hook_entry[NF_ARP_NUMHOOKS];
1442 u32 underflow[NF_ARP_NUMHOOKS];
1443 u32 num_counters;
1444 compat_uptr_t counters;
1445 struct compat_arpt_entry entries[0];
1446 };
1447
1448 static int compat_do_replace(struct net *net, void __user *user,
1449 unsigned int len)
1450 {
1451 int ret;
1452 struct compat_arpt_replace tmp;
1453 struct xt_table_info *newinfo;
1454 void *loc_cpu_entry;
1455
1456 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1457 return -EFAULT;
1458
1459 /* overflow check */
1460 if (tmp.size >= INT_MAX / num_possible_cpus())
1461 return -ENOMEM;
1462 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
1463 return -ENOMEM;
1464
1465 newinfo = xt_alloc_table_info(tmp.size);
1466 if (!newinfo)
1467 return -ENOMEM;
1468
1469 /* choose the copy that is on our node/cpu */
1470 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1471 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp), tmp.size) != 0) {
1472 ret = -EFAULT;
1473 goto free_newinfo;
1474 }
1475
1476 ret = translate_compat_table(tmp.name, tmp.valid_hooks,
1477 &newinfo, &loc_cpu_entry, tmp.size,
1478 tmp.num_entries, tmp.hook_entry,
1479 tmp.underflow);
1480 if (ret != 0)
1481 goto free_newinfo;
1482
1483 duprintf("compat_do_replace: Translated table\n");
1484
1485 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
1486 tmp.num_counters, compat_ptr(tmp.counters));
1487 if (ret)
1488 goto free_newinfo_untrans;
1489 return 0;
1490
1491 free_newinfo_untrans:
1492 ARPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
1493 free_newinfo:
1494 xt_free_table_info(newinfo);
1495 return ret;
1496 }
1497
1498 static int compat_do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user,
1499 unsigned int len)
1500 {
1501 int ret;
1502
1503 if (!capable(CAP_NET_ADMIN))
1504 return -EPERM;
1505
1506 switch (cmd) {
1507 case ARPT_SO_SET_REPLACE:
1508 ret = compat_do_replace(sock_net(sk), user, len);
1509 break;
1510
1511 case ARPT_SO_SET_ADD_COUNTERS:
1512 ret = do_add_counters(sock_net(sk), user, len, 1);
1513 break;
1514
1515 default:
1516 duprintf("do_arpt_set_ctl: unknown request %i\n", cmd);
1517 ret = -EINVAL;
1518 }
1519
1520 return ret;
1521 }
1522
1523 static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr,
1524 compat_uint_t *size,
1525 struct xt_counters *counters,
1526 unsigned int *i)
1527 {
1528 struct arpt_entry_target *t;
1529 struct compat_arpt_entry __user *ce;
1530 u_int16_t target_offset, next_offset;
1531 compat_uint_t origsize;
1532 int ret;
1533
1534 ret = -EFAULT;
1535 origsize = *size;
1536 ce = (struct compat_arpt_entry __user *)*dstptr;
1537 if (copy_to_user(ce, e, sizeof(struct arpt_entry)))
1538 goto out;
1539
1540 if (copy_to_user(&ce->counters, &counters[*i], sizeof(counters[*i])))
1541 goto out;
1542
1543 *dstptr += sizeof(struct compat_arpt_entry);
1544 *size -= sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);
1545
1546 target_offset = e->target_offset - (origsize - *size);
1547
1548 t = arpt_get_target(e);
1549 ret = xt_compat_target_to_user(t, dstptr, size);
1550 if (ret)
1551 goto out;
1552 ret = -EFAULT;
1553 next_offset = e->next_offset - (origsize - *size);
1554 if (put_user(target_offset, &ce->target_offset))
1555 goto out;
1556 if (put_user(next_offset, &ce->next_offset))
1557 goto out;
1558
1559 (*i)++;
1560 return 0;
1561 out:
1562 return ret;
1563 }
1564
1565 static int compat_copy_entries_to_user(unsigned int total_size,
1566 struct xt_table *table,
1567 void __user *userptr)
1568 {
1569 struct xt_counters *counters;
1570 const struct xt_table_info *private = table->private;
1571 void __user *pos;
1572 unsigned int size;
1573 int ret = 0;
1574 void *loc_cpu_entry;
1575 unsigned int i = 0;
1576
1577 counters = alloc_counters(table);
1578 if (IS_ERR(counters))
1579 return PTR_ERR(counters);
1580
1581 /* choose the copy on our node/cpu */
1582 loc_cpu_entry = private->entries[raw_smp_processor_id()];
1583 pos = userptr;
1584 size = total_size;
1585 ret = ARPT_ENTRY_ITERATE(loc_cpu_entry, total_size,
1586 compat_copy_entry_to_user,
1587 &pos, &size, counters, &i);
1588 vfree(counters);
1589 return ret;
1590 }
1591
1592 struct compat_arpt_get_entries {
1593 char name[ARPT_TABLE_MAXNAMELEN];
1594 compat_uint_t size;
1595 struct compat_arpt_entry entrytable[0];
1596 };
1597
1598 static int compat_get_entries(struct net *net,
1599 struct compat_arpt_get_entries __user *uptr,
1600 int *len)
1601 {
1602 int ret;
1603 struct compat_arpt_get_entries get;
1604 struct xt_table *t;
1605
1606 if (*len < sizeof(get)) {
1607 duprintf("compat_get_entries: %u < %zu\n", *len, sizeof(get));
1608 return -EINVAL;
1609 }
1610 if (copy_from_user(&get, uptr, sizeof(get)) != 0)
1611 return -EFAULT;
1612 if (*len != sizeof(struct compat_arpt_get_entries) + get.size) {
1613 duprintf("compat_get_entries: %u != %zu\n",
1614 *len, sizeof(get) + get.size);
1615 return -EINVAL;
1616 }
1617
1618 xt_compat_lock(NFPROTO_ARP);
1619 t = xt_find_table_lock(net, NFPROTO_ARP, get.name);
1620 if (t && !IS_ERR(t)) {
1621 const struct xt_table_info *private = t->private;
1622 struct xt_table_info info;
1623
1624 duprintf("t->private->number = %u\n", private->number);
1625 ret = compat_table_info(private, &info);
1626 if (!ret && get.size == info.size) {
1627 ret = compat_copy_entries_to_user(private->size,
1628 t, uptr->entrytable);
1629 } else if (!ret) {
1630 duprintf("compat_get_entries: I've got %u not %u!\n",
1631 private->size, get.size);
1632 ret = -EAGAIN;
1633 }
1634 xt_compat_flush_offsets(NFPROTO_ARP);
1635 module_put(t->me);
1636 xt_table_unlock(t);
1637 } else
1638 ret = t ? PTR_ERR(t) : -ENOENT;
1639
1640 xt_compat_unlock(NFPROTO_ARP);
1641 return ret;
1642 }
1643
1644 static int do_arpt_get_ctl(struct sock *, int, void __user *, int *);
1645
1646 static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
1647 int *len)
1648 {
1649 int ret;
1650
1651 if (!capable(CAP_NET_ADMIN))
1652 return -EPERM;
1653
1654 switch (cmd) {
1655 case ARPT_SO_GET_INFO:
1656 ret = get_info(sock_net(sk), user, len, 1);
1657 break;
1658 case ARPT_SO_GET_ENTRIES:
1659 ret = compat_get_entries(sock_net(sk), user, len);
1660 break;
1661 default:
1662 ret = do_arpt_get_ctl(sk, cmd, user, len);
1663 }
1664 return ret;
1665 }
1666 #endif
1667
1668 static int do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
1669 {
1670 int ret;
1671
1672 if (!capable(CAP_NET_ADMIN))
1673 return -EPERM;
1674
1675 switch (cmd) {
1676 case ARPT_SO_SET_REPLACE:
1677 ret = do_replace(sock_net(sk), user, len);
1678 break;
1679
1680 case ARPT_SO_SET_ADD_COUNTERS:
1681 ret = do_add_counters(sock_net(sk), user, len, 0);
1682 break;
1683
1684 default:
1685 duprintf("do_arpt_set_ctl: unknown request %i\n", cmd);
1686 ret = -EINVAL;
1687 }
1688
1689 return ret;
1690 }
1691
1692 static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1693 {
1694 int ret;
1695
1696 if (!capable(CAP_NET_ADMIN))
1697 return -EPERM;
1698
1699 switch (cmd) {
1700 case ARPT_SO_GET_INFO:
1701 ret = get_info(sock_net(sk), user, len, 0);
1702 break;
1703
1704 case ARPT_SO_GET_ENTRIES:
1705 ret = get_entries(sock_net(sk), user, len);
1706 break;
1707
1708 case ARPT_SO_GET_REVISION_TARGET: {
1709 struct xt_get_revision rev;
1710
1711 if (*len != sizeof(rev)) {
1712 ret = -EINVAL;
1713 break;
1714 }
1715 if (copy_from_user(&rev, user, sizeof(rev)) != 0) {
1716 ret = -EFAULT;
1717 break;
1718 }
1719
1720 try_then_request_module(xt_find_revision(NFPROTO_ARP, rev.name,
1721 rev.revision, 1, &ret),
1722 "arpt_%s", rev.name);
1723 break;
1724 }
1725
1726 default:
1727 duprintf("do_arpt_get_ctl: unknown request %i\n", cmd);
1728 ret = -EINVAL;
1729 }
1730
1731 return ret;
1732 }
1733
1734 struct xt_table *arpt_register_table(struct net *net, struct xt_table *table,
1735 const struct arpt_replace *repl)
1736 {
1737 int ret;
1738 struct xt_table_info *newinfo;
1739 struct xt_table_info bootstrap
1740 = { 0, 0, 0, { 0 }, { 0 }, { } };
1741 void *loc_cpu_entry;
1742 struct xt_table *new_table;
1743
1744 newinfo = xt_alloc_table_info(repl->size);
1745 if (!newinfo) {
1746 ret = -ENOMEM;
1747 goto out;
1748 }
1749
1750 /* choose the copy on our node/cpu */
1751 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1752 memcpy(loc_cpu_entry, repl->entries, repl->size);
1753
1754 ret = translate_table(table->name, table->valid_hooks,
1755 newinfo, loc_cpu_entry, repl->size,
1756 repl->num_entries,
1757 repl->hook_entry,
1758 repl->underflow);
1759
1760 duprintf("arpt_register_table: translate table gives %d\n", ret);
1761 if (ret != 0)
1762 goto out_free;
1763
1764 new_table = xt_register_table(net, table, &bootstrap, newinfo);
1765 if (IS_ERR(new_table)) {
1766 ret = PTR_ERR(new_table);
1767 goto out_free;
1768 }
1769 return new_table;
1770
1771 out_free:
1772 xt_free_table_info(newinfo);
1773 out:
1774 return ERR_PTR(ret);
1775 }
1776
1777 void arpt_unregister_table(struct xt_table *table)
1778 {
1779 struct xt_table_info *private;
1780 void *loc_cpu_entry;
1781 struct module *table_owner = table->me;
1782
1783 private = xt_unregister_table(table);
1784
1785 /* Decrease module usage counts and free resources */
1786 loc_cpu_entry = private->entries[raw_smp_processor_id()];
1787 ARPT_ENTRY_ITERATE(loc_cpu_entry, private->size,
1788 cleanup_entry, NULL);
1789 if (private->number > private->initial_entries)
1790 module_put(table_owner);
1791 xt_free_table_info(private);
1792 }
1793
1794 /* The built-in targets: standard (NULL) and error. */
1795 static struct xt_target arpt_standard_target __read_mostly = {
1796 .name = ARPT_STANDARD_TARGET,
1797 .targetsize = sizeof(int),
1798 .family = NFPROTO_ARP,
1799 #ifdef CONFIG_COMPAT
1800 .compatsize = sizeof(compat_int_t),
1801 .compat_from_user = compat_standard_from_user,
1802 .compat_to_user = compat_standard_to_user,
1803 #endif
1804 };
1805
1806 static struct xt_target arpt_error_target __read_mostly = {
1807 .name = ARPT_ERROR_TARGET,
1808 .target = arpt_error,
1809 .targetsize = ARPT_FUNCTION_MAXNAMELEN,
1810 .family = NFPROTO_ARP,
1811 };
1812
1813 static struct nf_sockopt_ops arpt_sockopts = {
1814 .pf = PF_INET,
1815 .set_optmin = ARPT_BASE_CTL,
1816 .set_optmax = ARPT_SO_SET_MAX+1,
1817 .set = do_arpt_set_ctl,
1818 #ifdef CONFIG_COMPAT
1819 .compat_set = compat_do_arpt_set_ctl,
1820 #endif
1821 .get_optmin = ARPT_BASE_CTL,
1822 .get_optmax = ARPT_SO_GET_MAX+1,
1823 .get = do_arpt_get_ctl,
1824 #ifdef CONFIG_COMPAT
1825 .compat_get = compat_do_arpt_get_ctl,
1826 #endif
1827 .owner = THIS_MODULE,
1828 };
1829
1830 static int __net_init arp_tables_net_init(struct net *net)
1831 {
1832 return xt_proto_init(net, NFPROTO_ARP);
1833 }
1834
1835 static void __net_exit arp_tables_net_exit(struct net *net)
1836 {
1837 xt_proto_fini(net, NFPROTO_ARP);
1838 }
1839
1840 static struct pernet_operations arp_tables_net_ops = {
1841 .init = arp_tables_net_init,
1842 .exit = arp_tables_net_exit,
1843 };
1844
1845 static int __init arp_tables_init(void)
1846 {
1847 int ret;
1848
1849 ret = register_pernet_subsys(&arp_tables_net_ops);
1850 if (ret < 0)
1851 goto err1;
1852
1853 /* Noone else will be downing sem now, so we won't sleep */
1854 ret = xt_register_target(&arpt_standard_target);
1855 if (ret < 0)
1856 goto err2;
1857 ret = xt_register_target(&arpt_error_target);
1858 if (ret < 0)
1859 goto err3;
1860
1861 /* Register setsockopt */
1862 ret = nf_register_sockopt(&arpt_sockopts);
1863 if (ret < 0)
1864 goto err4;
1865
1866 printk(KERN_INFO "arp_tables: (C) 2002 David S. Miller\n");
1867 return 0;
1868
1869 err4:
1870 xt_unregister_target(&arpt_error_target);
1871 err3:
1872 xt_unregister_target(&arpt_standard_target);
1873 err2:
1874 unregister_pernet_subsys(&arp_tables_net_ops);
1875 err1:
1876 return ret;
1877 }
1878
1879 static void __exit arp_tables_fini(void)
1880 {
1881 nf_unregister_sockopt(&arpt_sockopts);
1882 xt_unregister_target(&arpt_error_target);
1883 xt_unregister_target(&arpt_standard_target);
1884 unregister_pernet_subsys(&arp_tables_net_ops);
1885 }
1886
1887 EXPORT_SYMBOL(arpt_register_table);
1888 EXPORT_SYMBOL(arpt_unregister_table);
1889 EXPORT_SYMBOL(arpt_do_table);
1890
1891 module_init(arp_tables_init);
1892 module_exit(arp_tables_fini);
Linux for Ginger Game Console