search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[EBTABLES]: Verify that ebt_entries have zero ->distinguisher.
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bridge / netfilter / ebtables.c
blob609d52065f48ad82a95c4d417755d999214f8659
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <linux/cpumask.h>
30 #include <net/sock.h>
31 /* needed for logical [in,out]-dev filtering */
32 #include "../br_private.h"
33
34 /* list_named_find */
35 #define ASSERT_READ_LOCK(x)
36 #define ASSERT_WRITE_LOCK(x)
37 #include <linux/netfilter_ipv4/listhelp.h>
38
39 #if 0
40 /* use this for remote debugging
41 * Copyright (C) 1998 by Ori Pomerantz
42 * Print the string to the appropriate tty, the one
43 * the current task uses
44 */
45 static void print_string(char *str)
46 {
47 struct tty_struct *my_tty;
48
49 /* The tty for the current task */
50 my_tty = current->signal->tty;
51 if (my_tty != NULL) {
52 my_tty->driver->write(my_tty, 0, str, strlen(str));
53 my_tty->driver->write(my_tty, 0, "\015\012", 2);
54 }
55 }
56
57 #define BUGPRINT(args) print_string(args);
58 #else
59 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
60 "report to author: "format, ## args)
61 /* #define BUGPRINT(format, args...) */
62 #endif
63 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
64 ": out of memory: "format, ## args)
65 /* #define MEMPRINT(format, args...) */
66
67
68
69 /*
70 * Each cpu has its own set of counters, so there is no need for write_lock in
71 * the softirq
72 * For reading or updating the counters, the user context needs to
73 * get a write_lock
74 */
75
76 /* The size of each set of counters is altered to get cache alignment */
77 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
78 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
79 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
80 COUNTER_OFFSET(n) * cpu))
81
82
83
84 static DECLARE_MUTEX(ebt_mutex);
85 static LIST_HEAD(ebt_tables);
86 static LIST_HEAD(ebt_targets);
87 static LIST_HEAD(ebt_matches);
88 static LIST_HEAD(ebt_watchers);
89
90 static struct ebt_target ebt_standard_target =
91 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
92
93 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
94 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
95 const struct net_device *out)
96 {
97 w->u.watcher->watcher(skb, hooknr, in, out, w->data,
98 w->watcher_size);
99 /* watchers don't give a verdict */
100 return 0;
101 }
102
103 static inline int ebt_do_match (struct ebt_entry_match *m,
104 const struct sk_buff *skb, const struct net_device *in,
105 const struct net_device *out)
106 {
107 return m->u.match->match(skb, in, out, m->data,
108 m->match_size);
109 }
110
111 static inline int ebt_dev_check(char *entry, const struct net_device *device)
112 {
113 int i = 0;
114 char *devname = device->name;
115
116 if (*entry == '\0')
117 return 0;
118 if (!device)
119 return 1;
120 /* 1 is the wildcard token */
121 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
122 i++;
123 return (devname[i] != entry[i] && entry[i] != 1);
124 }
125
126 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
127 /* process standard matches */
128 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
129 const struct net_device *in, const struct net_device *out)
130 {
131 int verdict, i;
132
133 if (e->bitmask & EBT_802_3) {
134 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
135 return 1;
136 } else if (!(e->bitmask & EBT_NOPROTO) &&
137 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
138 return 1;
139
140 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
141 return 1;
142 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
143 return 1;
144 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
145 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
146 return 1;
147 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
148 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
149 return 1;
150
151 if (e->bitmask & EBT_SOURCEMAC) {
152 verdict = 0;
153 for (i = 0; i < 6; i++)
154 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
155 e->sourcemsk[i];
156 if (FWINV2(verdict != 0, EBT_ISOURCE) )
157 return 1;
158 }
159 if (e->bitmask & EBT_DESTMAC) {
160 verdict = 0;
161 for (i = 0; i < 6; i++)
162 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
163 e->destmsk[i];
164 if (FWINV2(verdict != 0, EBT_IDEST) )
165 return 1;
166 }
167 return 0;
168 }
169
170 /* Do some firewalling */
171 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
172 const struct net_device *in, const struct net_device *out,
173 struct ebt_table *table)
174 {
175 int i, nentries;
176 struct ebt_entry *point;
177 struct ebt_counter *counter_base, *cb_base;
178 struct ebt_entry_target *t;
179 int verdict, sp = 0;
180 struct ebt_chainstack *cs;
181 struct ebt_entries *chaininfo;
182 char *base;
183 struct ebt_table_info *private;
184
185 read_lock_bh(&table->lock);
186 private = table->private;
187 cb_base = COUNTER_BASE(private->counters, private->nentries,
188 smp_processor_id());
189 if (private->chainstack)
190 cs = private->chainstack[smp_processor_id()];
191 else
192 cs = NULL;
193 chaininfo = private->hook_entry[hook];
194 nentries = private->hook_entry[hook]->nentries;
195 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
196 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
197 /* base for chain jumps */
198 base = private->entries;
199 i = 0;
200 while (i < nentries) {
201 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
202 goto letscontinue;
203
204 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
205 goto letscontinue;
206
207 /* increase counter */
208 (*(counter_base + i)).pcnt++;
209 (*(counter_base + i)).bcnt+=(**pskb).len;
210
211 /* these should only watch: not modify, nor tell us
212 what to do with the packet */
213 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
214 out);
215
216 t = (struct ebt_entry_target *)
217 (((char *)point) + point->target_offset);
218 /* standard target */
219 if (!t->u.target->target)
220 verdict = ((struct ebt_standard_target *)t)->verdict;
221 else
222 verdict = t->u.target->target(pskb, hook,
223 in, out, t->data, t->target_size);
224 if (verdict == EBT_ACCEPT) {
225 read_unlock_bh(&table->lock);
226 return NF_ACCEPT;
227 }
228 if (verdict == EBT_DROP) {
229 read_unlock_bh(&table->lock);
230 return NF_DROP;
231 }
232 if (verdict == EBT_RETURN) {
233 letsreturn:
234 #ifdef CONFIG_NETFILTER_DEBUG
235 if (sp == 0) {
236 BUGPRINT("RETURN on base chain");
237 /* act like this is EBT_CONTINUE */
238 goto letscontinue;
239 }
240 #endif
241 sp--;
242 /* put all the local variables right */
243 i = cs[sp].n;
244 chaininfo = cs[sp].chaininfo;
245 nentries = chaininfo->nentries;
246 point = cs[sp].e;
247 counter_base = cb_base +
248 chaininfo->counter_offset;
249 continue;
250 }
251 if (verdict == EBT_CONTINUE)
252 goto letscontinue;
253 #ifdef CONFIG_NETFILTER_DEBUG
254 if (verdict < 0) {
255 BUGPRINT("bogus standard verdict\n");
256 read_unlock_bh(&table->lock);
257 return NF_DROP;
258 }
259 #endif
260 /* jump to a udc */
261 cs[sp].n = i + 1;
262 cs[sp].chaininfo = chaininfo;
263 cs[sp].e = (struct ebt_entry *)
264 (((char *)point) + point->next_offset);
265 i = 0;
266 chaininfo = (struct ebt_entries *) (base + verdict);
267 #ifdef CONFIG_NETFILTER_DEBUG
268 if (chaininfo->distinguisher) {
269 BUGPRINT("jump to non-chain\n");
270 read_unlock_bh(&table->lock);
271 return NF_DROP;
272 }
273 #endif
274 nentries = chaininfo->nentries;
275 point = (struct ebt_entry *)chaininfo->data;
276 counter_base = cb_base + chaininfo->counter_offset;
277 sp++;
278 continue;
279 letscontinue:
280 point = (struct ebt_entry *)
281 (((char *)point) + point->next_offset);
282 i++;
283 }
284
285 /* I actually like this :) */
286 if (chaininfo->policy == EBT_RETURN)
287 goto letsreturn;
288 if (chaininfo->policy == EBT_ACCEPT) {
289 read_unlock_bh(&table->lock);
290 return NF_ACCEPT;
291 }
292 read_unlock_bh(&table->lock);
293 return NF_DROP;
294 }
295
296 /* If it succeeds, returns element and locks mutex */
297 static inline void *
298 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
299 struct semaphore *mutex)
300 {
301 void *ret;
302
303 *error = down_interruptible(mutex);
304 if (*error != 0)
305 return NULL;
306
307 ret = list_named_find(head, name);
308 if (!ret) {
309 *error = -ENOENT;
310 up(mutex);
311 }
312 return ret;
313 }
314
315 #ifndef CONFIG_KMOD
316 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
317 #else
318 static void *
319 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
320 int *error, struct semaphore *mutex)
321 {
322 void *ret;
323
324 ret = find_inlist_lock_noload(head, name, error, mutex);
325 if (!ret) {
326 request_module("%s%s", prefix, name);
327 ret = find_inlist_lock_noload(head, name, error, mutex);
328 }
329 return ret;
330 }
331 #endif
332
333 static inline struct ebt_table *
334 find_table_lock(const char *name, int *error, struct semaphore *mutex)
335 {
336 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
337 }
338
339 static inline struct ebt_match *
340 find_match_lock(const char *name, int *error, struct semaphore *mutex)
341 {
342 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
343 }
344
345 static inline struct ebt_watcher *
346 find_watcher_lock(const char *name, int *error, struct semaphore *mutex)
347 {
348 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
349 }
350
351 static inline struct ebt_target *
352 find_target_lock(const char *name, int *error, struct semaphore *mutex)
353 {
354 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
355 }
356
357 static inline int
358 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
359 const char *name, unsigned int hookmask, unsigned int *cnt)
360 {
361 struct ebt_match *match;
362 int ret;
363
364 if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
365 ((char *)e) + e->watchers_offset)
366 return -EINVAL;
367 match = find_match_lock(m->u.name, &ret, &ebt_mutex);
368 if (!match)
369 return ret;
370 m->u.match = match;
371 if (!try_module_get(match->me)) {
372 up(&ebt_mutex);
373 return -ENOENT;
374 }
375 up(&ebt_mutex);
376 if (match->check &&
377 match->check(name, hookmask, e, m->data, m->match_size) != 0) {
378 BUGPRINT("match->check failed\n");
379 module_put(match->me);
380 return -EINVAL;
381 }
382 (*cnt)++;
383 return 0;
384 }
385
386 static inline int
387 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
388 const char *name, unsigned int hookmask, unsigned int *cnt)
389 {
390 struct ebt_watcher *watcher;
391 int ret;
392
393 if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
394 ((char *)e) + e->target_offset)
395 return -EINVAL;
396 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
397 if (!watcher)
398 return ret;
399 w->u.watcher = watcher;
400 if (!try_module_get(watcher->me)) {
401 up(&ebt_mutex);
402 return -ENOENT;
403 }
404 up(&ebt_mutex);
405 if (watcher->check &&
406 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
407 BUGPRINT("watcher->check failed\n");
408 module_put(watcher->me);
409 return -EINVAL;
410 }
411 (*cnt)++;
412 return 0;
413 }
414
415 /*
416 * this one is very careful, as it is the first function
417 * to parse the userspace data
418 */
419 static inline int
420 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
421 struct ebt_table_info *newinfo, char *base, char *limit,
422 struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
423 unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
424 {
425 unsigned int offset = (char *)e - newinfo->entries;
426 size_t left = (limit - base) - offset;
427 int i;
428
429 if (left < sizeof(unsigned int))
430 goto Esmall;
431
432 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
433 if ((valid_hooks & (1 << i)) == 0)
434 continue;
435 if ((char *)hook_entries[i] == base + offset)
436 break;
437 }
438 /* beginning of a new chain
439 if i == NF_BR_NUMHOOKS it must be a user defined chain */
440 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
441 if (e->bitmask != 0) {
442 /* we make userspace set this right,
443 so there is no misunderstanding */
444 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
445 "in distinguisher\n");
446 return -EINVAL;
447 }
448 /* this checks if the previous chain has as many entries
449 as it said it has */
450 if (*n != *cnt) {
451 BUGPRINT("nentries does not equal the nr of entries "
452 "in the chain\n");
453 return -EINVAL;
454 }
455 /* before we look at the struct, be sure it is not too big */
456 if (left < sizeof(struct ebt_entries))
457 goto Esmall;
458 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
459 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
460 /* only RETURN from udc */
461 if (i != NF_BR_NUMHOOKS ||
462 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
463 BUGPRINT("bad policy\n");
464 return -EINVAL;
465 }
466 }
467 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
468 (*udc_cnt)++;
469 else
470 newinfo->hook_entry[i] = (struct ebt_entries *)e;
471 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
472 BUGPRINT("counter_offset != totalcnt");
473 return -EINVAL;
474 }
475 *n = ((struct ebt_entries *)e)->nentries;
476 *cnt = 0;
477 return 0;
478 }
479 /* a plain old entry, heh */
480 if (left < sizeof(struct ebt_entry))
481 goto Esmall;
482 if (sizeof(struct ebt_entry) > e->watchers_offset ||
483 e->watchers_offset > e->target_offset ||
484 e->target_offset >= e->next_offset) {
485 BUGPRINT("entry offsets not in right order\n");
486 return -EINVAL;
487 }
488 /* this is not checked anywhere else */
489 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
490 BUGPRINT("target size too small\n");
491 return -EINVAL;
492 }
493 if (left < e->next_offset)
494 goto Esmall;
495
496 (*cnt)++;
497 (*totalcnt)++;
498 return 0;
499
500 Esmall:
501 BUGPRINT("entries_size too small\n");
502 return -EINVAL;
503 }
504
505 struct ebt_cl_stack
506 {
507 struct ebt_chainstack cs;
508 int from;
509 unsigned int hookmask;
510 };
511
512 /*
513 * we need these positions to check that the jumps to a different part of the
514 * entries is a jump to the beginning of a new chain.
515 */
516 static inline int
517 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
518 struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
519 struct ebt_cl_stack *udc)
520 {
521 int i;
522
523 /* we're only interested in chain starts */
524 if (e->bitmask)
525 return 0;
526 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
527 if ((valid_hooks & (1 << i)) == 0)
528 continue;
529 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
530 break;
531 }
532 /* only care about udc */
533 if (i != NF_BR_NUMHOOKS)
534 return 0;
535
536 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
537 /* these initialisations are depended on later in check_chainloops() */
538 udc[*n].cs.n = 0;
539 udc[*n].hookmask = 0;
540
541 (*n)++;
542 return 0;
543 }
544
545 static inline int
546 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
547 {
548 if (i && (*i)-- == 0)
549 return 1;
550 if (m->u.match->destroy)
551 m->u.match->destroy(m->data, m->match_size);
552 module_put(m->u.match->me);
553
554 return 0;
555 }
556
557 static inline int
558 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
559 {
560 if (i && (*i)-- == 0)
561 return 1;
562 if (w->u.watcher->destroy)
563 w->u.watcher->destroy(w->data, w->watcher_size);
564 module_put(w->u.watcher->me);
565
566 return 0;
567 }
568
569 static inline int
570 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
571 {
572 struct ebt_entry_target *t;
573
574 if (e->bitmask == 0)
575 return 0;
576 /* we're done */
577 if (cnt && (*cnt)-- == 0)
578 return 1;
579 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
580 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
581 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
582 if (t->u.target->destroy)
583 t->u.target->destroy(t->data, t->target_size);
584 module_put(t->u.target->me);
585
586 return 0;
587 }
588
589 static inline int
590 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
591 const char *name, unsigned int *cnt, unsigned int valid_hooks,
592 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
593 {
594 struct ebt_entry_target *t;
595 struct ebt_target *target;
596 unsigned int i, j, hook = 0, hookmask = 0;
597 int ret;
598
599 /* don't mess with the struct ebt_entries */
600 if (e->bitmask == 0)
601 return 0;
602
603 if (e->bitmask & ~EBT_F_MASK) {
604 BUGPRINT("Unknown flag for bitmask\n");
605 return -EINVAL;
606 }
607 if (e->invflags & ~EBT_INV_MASK) {
608 BUGPRINT("Unknown flag for inv bitmask\n");
609 return -EINVAL;
610 }
611 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
612 BUGPRINT("NOPROTO & 802_3 not allowed\n");
613 return -EINVAL;
614 }
615 /* what hook do we belong to? */
616 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
617 if ((valid_hooks & (1 << i)) == 0)
618 continue;
619 if ((char *)newinfo->hook_entry[i] < (char *)e)
620 hook = i;
621 else
622 break;
623 }
624 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
625 a base chain */
626 if (i < NF_BR_NUMHOOKS)
627 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
628 else {
629 for (i = 0; i < udc_cnt; i++)
630 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
631 break;
632 if (i == 0)
633 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
634 else
635 hookmask = cl_s[i - 1].hookmask;
636 }
637 i = 0;
638 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
639 if (ret != 0)
640 goto cleanup_matches;
641 j = 0;
642 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
643 if (ret != 0)
644 goto cleanup_watchers;
645 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
646 target = find_target_lock(t->u.name, &ret, &ebt_mutex);
647 if (!target)
648 goto cleanup_watchers;
649 if (!try_module_get(target->me)) {
650 up(&ebt_mutex);
651 ret = -ENOENT;
652 goto cleanup_watchers;
653 }
654 up(&ebt_mutex);
655
656 t->u.target = target;
657 if (t->u.target == &ebt_standard_target) {
658 if (e->target_offset + sizeof(struct ebt_standard_target) >
659 e->next_offset) {
660 BUGPRINT("Standard target size too big\n");
661 ret = -EFAULT;
662 goto cleanup_watchers;
663 }
664 if (((struct ebt_standard_target *)t)->verdict <
665 -NUM_STANDARD_TARGETS) {
666 BUGPRINT("Invalid standard target\n");
667 ret = -EFAULT;
668 goto cleanup_watchers;
669 }
670 } else if ((e->target_offset + t->target_size +
671 sizeof(struct ebt_entry_target) > e->next_offset) ||
672 (t->u.target->check &&
673 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
674 module_put(t->u.target->me);
675 ret = -EFAULT;
676 goto cleanup_watchers;
677 }
678 (*cnt)++;
679 return 0;
680 cleanup_watchers:
681 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
682 cleanup_matches:
683 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
684 return ret;
685 }
686
687 /*
688 * checks for loops and sets the hook mask for udc
689 * the hook mask for udc tells us from which base chains the udc can be
690 * accessed. This mask is a parameter to the check() functions of the extensions
691 */
692 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
693 unsigned int udc_cnt, unsigned int hooknr, char *base)
694 {
695 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
696 struct ebt_entry *e = (struct ebt_entry *)chain->data;
697 struct ebt_entry_target *t;
698
699 while (pos < nentries || chain_nr != -1) {
700 /* end of udc, go back one 'recursion' step */
701 if (pos == nentries) {
702 /* put back values of the time when this chain was called */
703 e = cl_s[chain_nr].cs.e;
704 if (cl_s[chain_nr].from != -1)
705 nentries =
706 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
707 else
708 nentries = chain->nentries;
709 pos = cl_s[chain_nr].cs.n;
710 /* make sure we won't see a loop that isn't one */
711 cl_s[chain_nr].cs.n = 0;
712 chain_nr = cl_s[chain_nr].from;
713 if (pos == nentries)
714 continue;
715 }
716 t = (struct ebt_entry_target *)
717 (((char *)e) + e->target_offset);
718 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
719 goto letscontinue;
720 if (e->target_offset + sizeof(struct ebt_standard_target) >
721 e->next_offset) {
722 BUGPRINT("Standard target size too big\n");
723 return -1;
724 }
725 verdict = ((struct ebt_standard_target *)t)->verdict;
726 if (verdict >= 0) { /* jump to another chain */
727 struct ebt_entries *hlp2 =
728 (struct ebt_entries *)(base + verdict);
729 for (i = 0; i < udc_cnt; i++)
730 if (hlp2 == cl_s[i].cs.chaininfo)
731 break;
732 /* bad destination or loop */
733 if (i == udc_cnt) {
734 BUGPRINT("bad destination\n");
735 return -1;
736 }
737 if (cl_s[i].cs.n) {
738 BUGPRINT("loop\n");
739 return -1;
740 }
741 /* this can't be 0, so the above test is correct */
742 cl_s[i].cs.n = pos + 1;
743 pos = 0;
744 cl_s[i].cs.e = ((void *)e + e->next_offset);
745 e = (struct ebt_entry *)(hlp2->data);
746 nentries = hlp2->nentries;
747 cl_s[i].from = chain_nr;
748 chain_nr = i;
749 /* this udc is accessible from the base chain for hooknr */
750 cl_s[i].hookmask |= (1 << hooknr);
751 continue;
752 }
753 letscontinue:
754 e = (void *)e + e->next_offset;
755 pos++;
756 }
757 return 0;
758 }
759
760 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
761 static int translate_table(struct ebt_replace *repl,
762 struct ebt_table_info *newinfo)
763 {
764 unsigned int i, j, k, udc_cnt;
765 int ret;
766 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
767
768 i = 0;
769 while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
770 i++;
771 if (i == NF_BR_NUMHOOKS) {
772 BUGPRINT("No valid hooks specified\n");
773 return -EINVAL;
774 }
775 if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
776 BUGPRINT("Chains don't start at beginning\n");
777 return -EINVAL;
778 }
779 /* make sure chains are ordered after each other in same order
780 as their corresponding hooks */
781 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
782 if (!(repl->valid_hooks & (1 << j)))
783 continue;
784 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
785 BUGPRINT("Hook order must be followed\n");
786 return -EINVAL;
787 }
788 i = j;
789 }
790
791 for (i = 0; i < NF_BR_NUMHOOKS; i++)
792 newinfo->hook_entry[i] = NULL;
793
794 newinfo->entries_size = repl->entries_size;
795 newinfo->nentries = repl->nentries;
796
797 /* do some early checkings and initialize some things */
798 i = 0; /* holds the expected nr. of entries for the chain */
799 j = 0; /* holds the up to now counted entries for the chain */
800 k = 0; /* holds the total nr. of entries, should equal
801 newinfo->nentries afterwards */
802 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
803 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
804 ebt_check_entry_size_and_hooks, newinfo, repl->entries,
805 repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
806 &udc_cnt, repl->valid_hooks);
807
808 if (ret != 0)
809 return ret;
810
811 if (i != j) {
812 BUGPRINT("nentries does not equal the nr of entries in the "
813 "(last) chain\n");
814 return -EINVAL;
815 }
816 if (k != newinfo->nentries) {
817 BUGPRINT("Total nentries is wrong\n");
818 return -EINVAL;
819 }
820
821 /* check if all valid hooks have a chain */
822 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
823 if (newinfo->hook_entry[i] == NULL &&
824 (repl->valid_hooks & (1 << i))) {
825 BUGPRINT("Valid hook without chain\n");
826 return -EINVAL;
827 }
828 }
829
830 /* get the location of the udc, put them in an array
831 while we're at it, allocate the chainstack */
832 if (udc_cnt) {
833 /* this will get free'd in do_replace()/ebt_register_table()
834 if an error occurs */
835 newinfo->chainstack = (struct ebt_chainstack **)
836 vmalloc((highest_possible_processor_id()+1)
837 * sizeof(struct ebt_chainstack));
838 if (!newinfo->chainstack)
839 return -ENOMEM;
840 for_each_cpu(i) {
841 newinfo->chainstack[i] =
842 vmalloc(udc_cnt * sizeof(struct ebt_chainstack));
843 if (!newinfo->chainstack[i]) {
844 while (i)
845 vfree(newinfo->chainstack[--i]);
846 vfree(newinfo->chainstack);
847 newinfo->chainstack = NULL;
848 return -ENOMEM;
849 }
850 }
851
852 cl_s = (struct ebt_cl_stack *)
853 vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
854 if (!cl_s)
855 return -ENOMEM;
856 i = 0; /* the i'th udc */
857 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
858 ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
859 repl->valid_hooks, cl_s);
860 /* sanity check */
861 if (i != udc_cnt) {
862 BUGPRINT("i != udc_cnt\n");
863 vfree(cl_s);
864 return -EFAULT;
865 }
866 }
867
868 /* Check for loops */
869 for (i = 0; i < NF_BR_NUMHOOKS; i++)
870 if (repl->valid_hooks & (1 << i))
871 if (check_chainloops(newinfo->hook_entry[i],
872 cl_s, udc_cnt, i, newinfo->entries)) {
873 vfree(cl_s);
874 return -EINVAL;
875 }
876
877 /* we now know the following (along with E=mc²):
878 - the nr of entries in each chain is right
879 - the size of the allocated space is right
880 - all valid hooks have a corresponding chain
881 - there are no loops
882 - wrong data can still be on the level of a single entry
883 - could be there are jumps to places that are not the
884 beginning of a chain. This can only occur in chains that
885 are not accessible from any base chains, so we don't care. */
886
887 /* used to know what we need to clean up if something goes wrong */
888 i = 0;
889 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
890 ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
891 cl_s, udc_cnt);
892 if (ret != 0) {
893 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
894 ebt_cleanup_entry, &i);
895 }
896 vfree(cl_s);
897 return ret;
898 }
899
900 /* called under write_lock */
901 static void get_counters(struct ebt_counter *oldcounters,
902 struct ebt_counter *counters, unsigned int nentries)
903 {
904 int i, cpu;
905 struct ebt_counter *counter_base;
906
907 /* counters of cpu 0 */
908 memcpy(counters, oldcounters,
909 sizeof(struct ebt_counter) * nentries);
910
911 /* add other counters to those of cpu 0 */
912 for_each_cpu(cpu) {
913 if (cpu == 0)
914 continue;
915 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
916 for (i = 0; i < nentries; i++) {
917 counters[i].pcnt += counter_base[i].pcnt;
918 counters[i].bcnt += counter_base[i].bcnt;
919 }
920 }
921 }
922
923 /* replace the table */
924 static int do_replace(void __user *user, unsigned int len)
925 {
926 int ret, i, countersize;
927 struct ebt_table_info *newinfo;
928 struct ebt_replace tmp;
929 struct ebt_table *t;
930 struct ebt_counter *counterstmp = NULL;
931 /* used to be able to unlock earlier */
932 struct ebt_table_info *table;
933
934 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
935 return -EFAULT;
936
937 if (len != sizeof(tmp) + tmp.entries_size) {
938 BUGPRINT("Wrong len argument\n");
939 return -EINVAL;
940 }
941
942 if (tmp.entries_size == 0) {
943 BUGPRINT("Entries_size never zero\n");
944 return -EINVAL;
945 }
946 /* overflow check */
947 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
948 SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
949 return -ENOMEM;
950 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
951 return -ENOMEM;
952
953 countersize = COUNTER_OFFSET(tmp.nentries) *
954 (highest_possible_processor_id()+1);
955 newinfo = (struct ebt_table_info *)
956 vmalloc(sizeof(struct ebt_table_info) + countersize);
957 if (!newinfo)
958 return -ENOMEM;
959
960 if (countersize)
961 memset(newinfo->counters, 0, countersize);
962
963 newinfo->entries = vmalloc(tmp.entries_size);
964 if (!newinfo->entries) {
965 ret = -ENOMEM;
966 goto free_newinfo;
967 }
968 if (copy_from_user(
969 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
970 BUGPRINT("Couldn't copy entries from userspace\n");
971 ret = -EFAULT;
972 goto free_entries;
973 }
974
975 /* the user wants counters back
976 the check on the size is done later, when we have the lock */
977 if (tmp.num_counters) {
978 counterstmp = (struct ebt_counter *)
979 vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
980 if (!counterstmp) {
981 ret = -ENOMEM;
982 goto free_entries;
983 }
984 }
985 else
986 counterstmp = NULL;
987
988 /* this can get initialized by translate_table() */
989 newinfo->chainstack = NULL;
990 ret = translate_table(&tmp, newinfo);
991
992 if (ret != 0)
993 goto free_counterstmp;
994
995 t = find_table_lock(tmp.name, &ret, &ebt_mutex);
996 if (!t) {
997 ret = -ENOENT;
998 goto free_iterate;
999 }
1000
1001 /* the table doesn't like it */
1002 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1003 goto free_unlock;
1004
1005 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1006 BUGPRINT("Wrong nr. of counters requested\n");
1007 ret = -EINVAL;
1008 goto free_unlock;
1009 }
1010
1011 /* we have the mutex lock, so no danger in reading this pointer */
1012 table = t->private;
1013 /* make sure the table can only be rmmod'ed if it contains no rules */
1014 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1015 ret = -ENOENT;
1016 goto free_unlock;
1017 } else if (table->nentries && !newinfo->nentries)
1018 module_put(t->me);
1019 /* we need an atomic snapshot of the counters */
1020 write_lock_bh(&t->lock);
1021 if (tmp.num_counters)
1022 get_counters(t->private->counters, counterstmp,
1023 t->private->nentries);
1024
1025 t->private = newinfo;
1026 write_unlock_bh(&t->lock);
1027 up(&ebt_mutex);
1028 /* so, a user can change the chains while having messed up her counter
1029 allocation. Only reason why this is done is because this way the lock
1030 is held only once, while this doesn't bring the kernel into a
1031 dangerous state. */
1032 if (tmp.num_counters &&
1033 copy_to_user(tmp.counters, counterstmp,
1034 tmp.num_counters * sizeof(struct ebt_counter))) {
1035 BUGPRINT("Couldn't copy counters to userspace\n");
1036 ret = -EFAULT;
1037 }
1038 else
1039 ret = 0;
1040
1041 /* decrease module count and free resources */
1042 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1043 ebt_cleanup_entry, NULL);
1044
1045 vfree(table->entries);
1046 if (table->chainstack) {
1047 for_each_cpu(i)
1048 vfree(table->chainstack[i]);
1049 vfree(table->chainstack);
1050 }
1051 vfree(table);
1052
1053 vfree(counterstmp);
1054 return ret;
1055
1056 free_unlock:
1057 up(&ebt_mutex);
1058 free_iterate:
1059 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1060 ebt_cleanup_entry, NULL);
1061 free_counterstmp:
1062 vfree(counterstmp);
1063 /* can be initialized in translate_table() */
1064 if (newinfo->chainstack) {
1065 for_each_cpu(i)
1066 vfree(newinfo->chainstack[i]);
1067 vfree(newinfo->chainstack);
1068 }
1069 free_entries:
1070 vfree(newinfo->entries);
1071 free_newinfo:
1072 vfree(newinfo);
1073 return ret;
1074 }
1075
1076 int ebt_register_target(struct ebt_target *target)
1077 {
1078 int ret;
1079
1080 ret = down_interruptible(&ebt_mutex);
1081 if (ret != 0)
1082 return ret;
1083 if (!list_named_insert(&ebt_targets, target)) {
1084 up(&ebt_mutex);
1085 return -EEXIST;
1086 }
1087 up(&ebt_mutex);
1088
1089 return 0;
1090 }
1091
1092 void ebt_unregister_target(struct ebt_target *target)
1093 {
1094 down(&ebt_mutex);
1095 LIST_DELETE(&ebt_targets, target);
1096 up(&ebt_mutex);
1097 }
1098
1099 int ebt_register_match(struct ebt_match *match)
1100 {
1101 int ret;
1102
1103 ret = down_interruptible(&ebt_mutex);
1104 if (ret != 0)
1105 return ret;
1106 if (!list_named_insert(&ebt_matches, match)) {
1107 up(&ebt_mutex);
1108 return -EEXIST;
1109 }
1110 up(&ebt_mutex);
1111
1112 return 0;
1113 }
1114
1115 void ebt_unregister_match(struct ebt_match *match)
1116 {
1117 down(&ebt_mutex);
1118 LIST_DELETE(&ebt_matches, match);
1119 up(&ebt_mutex);
1120 }
1121
1122 int ebt_register_watcher(struct ebt_watcher *watcher)
1123 {
1124 int ret;
1125
1126 ret = down_interruptible(&ebt_mutex);
1127 if (ret != 0)
1128 return ret;
1129 if (!list_named_insert(&ebt_watchers, watcher)) {
1130 up(&ebt_mutex);
1131 return -EEXIST;
1132 }
1133 up(&ebt_mutex);
1134
1135 return 0;
1136 }
1137
1138 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1139 {
1140 down(&ebt_mutex);
1141 LIST_DELETE(&ebt_watchers, watcher);
1142 up(&ebt_mutex);
1143 }
1144
1145 int ebt_register_table(struct ebt_table *table)
1146 {
1147 struct ebt_table_info *newinfo;
1148 int ret, i, countersize;
1149
1150 if (!table || !table->table ||!table->table->entries ||
1151 table->table->entries_size == 0 ||
1152 table->table->counters || table->private) {
1153 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1154 return -EINVAL;
1155 }
1156
1157 countersize = COUNTER_OFFSET(table->table->nentries) *
1158 (highest_possible_processor_id()+1);
1159 newinfo = (struct ebt_table_info *)
1160 vmalloc(sizeof(struct ebt_table_info) + countersize);
1161 ret = -ENOMEM;
1162 if (!newinfo)
1163 return -ENOMEM;
1164
1165 newinfo->entries = vmalloc(table->table->entries_size);
1166 if (!(newinfo->entries))
1167 goto free_newinfo;
1168
1169 memcpy(newinfo->entries, table->table->entries,
1170 table->table->entries_size);
1171
1172 if (countersize)
1173 memset(newinfo->counters, 0, countersize);
1174
1175 /* fill in newinfo and parse the entries */
1176 newinfo->chainstack = NULL;
1177 ret = translate_table(table->table, newinfo);
1178 if (ret != 0) {
1179 BUGPRINT("Translate_table failed\n");
1180 goto free_chainstack;
1181 }
1182
1183 if (table->check && table->check(newinfo, table->valid_hooks)) {
1184 BUGPRINT("The table doesn't like its own initial data, lol\n");
1185 return -EINVAL;
1186 }
1187
1188 table->private = newinfo;
1189 rwlock_init(&table->lock);
1190 ret = down_interruptible(&ebt_mutex);
1191 if (ret != 0)
1192 goto free_chainstack;
1193
1194 if (list_named_find(&ebt_tables, table->name)) {
1195 ret = -EEXIST;
1196 BUGPRINT("Table name already exists\n");
1197 goto free_unlock;
1198 }
1199
1200 /* Hold a reference count if the chains aren't empty */
1201 if (newinfo->nentries && !try_module_get(table->me)) {
1202 ret = -ENOENT;
1203 goto free_unlock;
1204 }
1205 list_prepend(&ebt_tables, table);
1206 up(&ebt_mutex);
1207 return 0;
1208 free_unlock:
1209 up(&ebt_mutex);
1210 free_chainstack:
1211 if (newinfo->chainstack) {
1212 for_each_cpu(i)
1213 vfree(newinfo->chainstack[i]);
1214 vfree(newinfo->chainstack);
1215 }
1216 vfree(newinfo->entries);
1217 free_newinfo:
1218 vfree(newinfo);
1219 return ret;
1220 }
1221
1222 void ebt_unregister_table(struct ebt_table *table)
1223 {
1224 int i;
1225
1226 if (!table) {
1227 BUGPRINT("Request to unregister NULL table!!!\n");
1228 return;
1229 }
1230 down(&ebt_mutex);
1231 LIST_DELETE(&ebt_tables, table);
1232 up(&ebt_mutex);
1233 vfree(table->private->entries);
1234 if (table->private->chainstack) {
1235 for_each_cpu(i)
1236 vfree(table->private->chainstack[i]);
1237 vfree(table->private->chainstack);
1238 }
1239 vfree(table->private);
1240 }
1241
1242 /* userspace just supplied us with counters */
1243 static int update_counters(void __user *user, unsigned int len)
1244 {
1245 int i, ret;
1246 struct ebt_counter *tmp;
1247 struct ebt_replace hlp;
1248 struct ebt_table *t;
1249
1250 if (copy_from_user(&hlp, user, sizeof(hlp)))
1251 return -EFAULT;
1252
1253 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1254 return -EINVAL;
1255 if (hlp.num_counters == 0)
1256 return -EINVAL;
1257
1258 if ( !(tmp = (struct ebt_counter *)
1259 vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1260 MEMPRINT("Update_counters && nomemory\n");
1261 return -ENOMEM;
1262 }
1263
1264 t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1265 if (!t)
1266 goto free_tmp;
1267
1268 if (hlp.num_counters != t->private->nentries) {
1269 BUGPRINT("Wrong nr of counters\n");
1270 ret = -EINVAL;
1271 goto unlock_mutex;
1272 }
1273
1274 if ( copy_from_user(tmp, hlp.counters,
1275 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1276 BUGPRINT("Updata_counters && !cfu\n");
1277 ret = -EFAULT;
1278 goto unlock_mutex;
1279 }
1280
1281 /* we want an atomic add of the counters */
1282 write_lock_bh(&t->lock);
1283
1284 /* we add to the counters of the first cpu */
1285 for (i = 0; i < hlp.num_counters; i++) {
1286 t->private->counters[i].pcnt += tmp[i].pcnt;
1287 t->private->counters[i].bcnt += tmp[i].bcnt;
1288 }
1289
1290 write_unlock_bh(&t->lock);
1291 ret = 0;
1292 unlock_mutex:
1293 up(&ebt_mutex);
1294 free_tmp:
1295 vfree(tmp);
1296 return ret;
1297 }
1298
1299 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1300 char *base, char *ubase)
1301 {
1302 char *hlp = ubase - base + (char *)m;
1303 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1304 return -EFAULT;
1305 return 0;
1306 }
1307
1308 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1309 char *base, char *ubase)
1310 {
1311 char *hlp = ubase - base + (char *)w;
1312 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1313 return -EFAULT;
1314 return 0;
1315 }
1316
1317 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1318 {
1319 int ret;
1320 char *hlp;
1321 struct ebt_entry_target *t;
1322
1323 if (e->bitmask == 0)
1324 return 0;
1325
1326 hlp = ubase - base + (char *)e + e->target_offset;
1327 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1328
1329 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1330 if (ret != 0)
1331 return ret;
1332 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1333 if (ret != 0)
1334 return ret;
1335 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1336 return -EFAULT;
1337 return 0;
1338 }
1339
1340 /* called with ebt_mutex down */
1341 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1342 int *len, int cmd)
1343 {
1344 struct ebt_replace tmp;
1345 struct ebt_counter *counterstmp, *oldcounters;
1346 unsigned int entries_size, nentries;
1347 char *entries;
1348
1349 if (cmd == EBT_SO_GET_ENTRIES) {
1350 entries_size = t->private->entries_size;
1351 nentries = t->private->nentries;
1352 entries = t->private->entries;
1353 oldcounters = t->private->counters;
1354 } else {
1355 entries_size = t->table->entries_size;
1356 nentries = t->table->nentries;
1357 entries = t->table->entries;
1358 oldcounters = t->table->counters;
1359 }
1360
1361 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1362 BUGPRINT("Cfu didn't work\n");
1363 return -EFAULT;
1364 }
1365
1366 if (*len != sizeof(struct ebt_replace) + entries_size +
1367 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1368 BUGPRINT("Wrong size\n");
1369 return -EINVAL;
1370 }
1371
1372 if (tmp.nentries != nentries) {
1373 BUGPRINT("Nentries wrong\n");
1374 return -EINVAL;
1375 }
1376
1377 if (tmp.entries_size != entries_size) {
1378 BUGPRINT("Wrong size\n");
1379 return -EINVAL;
1380 }
1381
1382 /* userspace might not need the counters */
1383 if (tmp.num_counters) {
1384 if (tmp.num_counters != nentries) {
1385 BUGPRINT("Num_counters wrong\n");
1386 return -EINVAL;
1387 }
1388 counterstmp = (struct ebt_counter *)
1389 vmalloc(nentries * sizeof(struct ebt_counter));
1390 if (!counterstmp) {
1391 MEMPRINT("Couldn't copy counters, out of memory\n");
1392 return -ENOMEM;
1393 }
1394 write_lock_bh(&t->lock);
1395 get_counters(oldcounters, counterstmp, nentries);
1396 write_unlock_bh(&t->lock);
1397
1398 if (copy_to_user(tmp.counters, counterstmp,
1399 nentries * sizeof(struct ebt_counter))) {
1400 BUGPRINT("Couldn't copy counters to userspace\n");
1401 vfree(counterstmp);
1402 return -EFAULT;
1403 }
1404 vfree(counterstmp);
1405 }
1406
1407 if (copy_to_user(tmp.entries, entries, entries_size)) {
1408 BUGPRINT("Couldn't copy entries to userspace\n");
1409 return -EFAULT;
1410 }
1411 /* set the match/watcher/target names right */
1412 return EBT_ENTRY_ITERATE(entries, entries_size,
1413 ebt_make_names, entries, tmp.entries);
1414 }
1415
1416 static int do_ebt_set_ctl(struct sock *sk,
1417 int cmd, void __user *user, unsigned int len)
1418 {
1419 int ret;
1420
1421 switch(cmd) {
1422 case EBT_SO_SET_ENTRIES:
1423 ret = do_replace(user, len);
1424 break;
1425 case EBT_SO_SET_COUNTERS:
1426 ret = update_counters(user, len);
1427 break;
1428 default:
1429 ret = -EINVAL;
1430 }
1431 return ret;
1432 }
1433
1434 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1435 {
1436 int ret;
1437 struct ebt_replace tmp;
1438 struct ebt_table *t;
1439
1440 if (copy_from_user(&tmp, user, sizeof(tmp)))
1441 return -EFAULT;
1442
1443 t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1444 if (!t)
1445 return ret;
1446
1447 switch(cmd) {
1448 case EBT_SO_GET_INFO:
1449 case EBT_SO_GET_INIT_INFO:
1450 if (*len != sizeof(struct ebt_replace)){
1451 ret = -EINVAL;
1452 up(&ebt_mutex);
1453 break;
1454 }
1455 if (cmd == EBT_SO_GET_INFO) {
1456 tmp.nentries = t->private->nentries;
1457 tmp.entries_size = t->private->entries_size;
1458 tmp.valid_hooks = t->valid_hooks;
1459 } else {
1460 tmp.nentries = t->table->nentries;
1461 tmp.entries_size = t->table->entries_size;
1462 tmp.valid_hooks = t->table->valid_hooks;
1463 }
1464 up(&ebt_mutex);
1465 if (copy_to_user(user, &tmp, *len) != 0){
1466 BUGPRINT("c2u Didn't work\n");
1467 ret = -EFAULT;
1468 break;
1469 }
1470 ret = 0;
1471 break;
1472
1473 case EBT_SO_GET_ENTRIES:
1474 case EBT_SO_GET_INIT_ENTRIES:
1475 ret = copy_everything_to_user(t, user, len, cmd);
1476 up(&ebt_mutex);
1477 break;
1478
1479 default:
1480 up(&ebt_mutex);
1481 ret = -EINVAL;
1482 }
1483
1484 return ret;
1485 }
1486
1487 static struct nf_sockopt_ops ebt_sockopts =
1488 { { NULL, NULL }, PF_INET, EBT_BASE_CTL, EBT_SO_SET_MAX + 1, do_ebt_set_ctl,
1489 EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL
1490 };
1491
1492 static int __init init(void)
1493 {
1494 int ret;
1495
1496 down(&ebt_mutex);
1497 list_named_insert(&ebt_targets, &ebt_standard_target);
1498 up(&ebt_mutex);
1499 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1500 return ret;
1501
1502 printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1503 return 0;
1504 }
1505
1506 static void __exit fini(void)
1507 {
1508 nf_unregister_sockopt(&ebt_sockopts);
1509 printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1510 }
1511
1512 EXPORT_SYMBOL(ebt_register_table);
1513 EXPORT_SYMBOL(ebt_unregister_table);
1514 EXPORT_SYMBOL(ebt_register_match);
1515 EXPORT_SYMBOL(ebt_unregister_match);
1516 EXPORT_SYMBOL(ebt_register_watcher);
1517 EXPORT_SYMBOL(ebt_unregister_watcher);
1518 EXPORT_SYMBOL(ebt_register_target);
1519 EXPORT_SYMBOL(ebt_unregister_target);
1520 EXPORT_SYMBOL(ebt_do_table);
1521 module_init(init);
1522 module_exit(fini);
1523 MODULE_LICENSE("GPL");
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree