]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - net/bridge/netfilter/ebtables.c
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netfilter: ebtables: split copy_everything_to_user into two functions
[mirror_ubuntu-hirsute-kernel.git] / net / bridge / netfilter / ebtables.c
CommitLineData
1da177e4
LT		 1/*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
1da177e4
LT		 18
19#include <linux/kmod.h>
20#include <linux/module.h>
21#include <linux/vmalloc.h>
18219d3f 22#include <linux/netfilter/x_tables.h>
1da177e4
LT		 23#include <linux/netfilter_bridge/ebtables.h>
24#include <linux/spinlock.h>
df0933dc 25#include <linux/mutex.h>
1da177e4
LT		 26#include <asm/uaccess.h>
27#include <linux/smp.h>
c8923c6b 28#include <linux/cpumask.h>
1da177e4
LT		 29#include <net/sock.h>
30/* needed for logical [in,out]-dev filtering */
31#include "../br_private.h"
32
1da177e4 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
9d6f229f 34 "report to author: "format, ## args)
1da177e4 35/* #define BUGPRINT(format, args...) */
1da177e4
LT		 36
37/*
38 * Each cpu has its own set of counters, so there is no need for write_lock in
39 * the softirq
40 * For reading or updating the counters, the user context needs to
41 * get a write_lock
42 */
43
44/* The size of each set of counters is altered to get cache alignment */
45#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
46#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
47#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
48 COUNTER_OFFSET(n) * cpu))
49
50
51
57b47a53 52static DEFINE_MUTEX(ebt_mutex);
1da177e4 53
043ef46c 54static struct xt_target ebt_standard_target = {
001a18d3
JE		 55 .name = "standard",
56 .revision = 0,
57 .family = NFPROTO_BRIDGE,
043ef46c 58 .targetsize = sizeof(int),
18219d3f 59};
1da177e4 60
7eb35586
JE		 61static inline int
62ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
63 struct xt_target_param *par)
1da177e4 64{
7eb35586
JE		 65 par->target = w->u.watcher;
66 par->targinfo = w->data;
67 w->u.watcher->target(skb, par);
1da177e4
LT		 68 /* watchers don't give a verdict */
69 return 0;
70}
71
72static inline int ebt_do_match (struct ebt_entry_match *m,
f7108a20 73 const struct sk_buff *skb, struct xt_match_param *par)
1da177e4 74{
f7108a20
JE		 75 par->match = m->u.match;
76 par->matchinfo = m->data;
d61ba9fd 77 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
1da177e4
LT		 78}
79
d5d1baa1
JE		 80static inline int
81ebt_dev_check(const char *entry, const struct net_device *device)
1da177e4
LT		 82{
83 int i = 0;
f3d8b2e4 84 const char *devname;
1da177e4
LT		 85
86 if (*entry == '\0')
87 return 0;
88 if (!device)
89 return 1;
f3d8b2e4 90 devname = device->name;
1da177e4
LT		 91 /* 1 is the wildcard token */
92 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
93 i++;
94 return (devname[i] != entry[i] && entry[i] != 1);
95}
96
97#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
98/* process standard matches */
d5d1baa1
JE		 99static inline int
100ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h,
101 const struct net_device *in, const struct net_device *out)
1da177e4
LT		 102{
103 int verdict, i;
104
105 if (e->bitmask & EBT_802_3) {
106 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
107 return 1;
108 } else if (!(e->bitmask & EBT_NOPROTO) &&
109 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
110 return 1;
111
112 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
113 return 1;
114 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
115 return 1;
116 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
117 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
118 return 1;
119 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
121 return 1;
122
123 if (e->bitmask & EBT_SOURCEMAC) {
124 verdict = 0;
125 for (i = 0; i < 6; i++)
126 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
127 e->sourcemsk[i];
128 if (FWINV2(verdict != 0, EBT_ISOURCE) )
129 return 1;
130 }
131 if (e->bitmask & EBT_DESTMAC) {
132 verdict = 0;
133 for (i = 0; i < 6; i++)
134 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
135 e->destmsk[i];
136 if (FWINV2(verdict != 0, EBT_IDEST) )
137 return 1;
138 }
139 return 0;
140}
141
98e86403
JE		 142static inline __pure
143struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
144{
145 return (void *)entry + entry->next_offset;
146}
147
1da177e4 148/* Do some firewalling */
3db05fea 149unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
1da177e4
LT		 150 const struct net_device *in, const struct net_device *out,
151 struct ebt_table *table)
152{
153 int i, nentries;
154 struct ebt_entry *point;
155 struct ebt_counter *counter_base, *cb_base;
d5d1baa1 156 const struct ebt_entry_target *t;
1da177e4
LT		 157 int verdict, sp = 0;
158 struct ebt_chainstack *cs;
159 struct ebt_entries *chaininfo;
d5d1baa1
JE		 160 const char *base;
161 const struct ebt_table_info *private;
5365f802 162 bool hotdrop = false;
f7108a20 163 struct xt_match_param mtpar;
7eb35586 164 struct xt_target_param tgpar;
f7108a20 165
916a917d 166 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
7eb35586
JE		 167 mtpar.in = tgpar.in = in;
168 mtpar.out = tgpar.out = out;
f7108a20 169 mtpar.hotdrop = &hotdrop;
a5e78820 170 mtpar.hooknum = tgpar.hooknum = hook;
1da177e4
LT		 171
172 read_lock_bh(&table->lock);
173 private = table->private;
174 cb_base = COUNTER_BASE(private->counters, private->nentries,
175 smp_processor_id());
176 if (private->chainstack)
177 cs = private->chainstack[smp_processor_id()];
178 else
179 cs = NULL;
180 chaininfo = private->hook_entry[hook];
181 nentries = private->hook_entry[hook]->nentries;
182 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
183 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
184 /* base for chain jumps */
185 base = private->entries;
186 i = 0;
187 while (i < nentries) {
3db05fea 188 if (ebt_basic_match(point, eth_hdr(skb), in, out))
1da177e4
LT		 189 goto letscontinue;
190
f7108a20 191 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
1da177e4 192 goto letscontinue;
5365f802
JE		 193 if (hotdrop) {
194 read_unlock_bh(&table->lock);
195 return NF_DROP;
196 }
1da177e4
LT		 197
198 /* increase counter */
199 (*(counter_base + i)).pcnt++;
3db05fea 200 (*(counter_base + i)).bcnt += skb->len;
1da177e4
LT		 201
202 /* these should only watch: not modify, nor tell us
203 what to do with the packet */
7eb35586 204 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
1da177e4
LT		 205
206 t = (struct ebt_entry_target *)
207 (((char *)point) + point->target_offset);
208 /* standard target */
209 if (!t->u.target->target)
210 verdict = ((struct ebt_standard_target *)t)->verdict;
7eb35586
JE		 211 else {
212 tgpar.target = t->u.target;
213 tgpar.targinfo = t->data;
214 verdict = t->u.target->target(skb, &tgpar);
215 }
1da177e4
LT		 216 if (verdict == EBT_ACCEPT) {
217 read_unlock_bh(&table->lock);
218 return NF_ACCEPT;
219 }
220 if (verdict == EBT_DROP) {
221 read_unlock_bh(&table->lock);
222 return NF_DROP;
223 }
224 if (verdict == EBT_RETURN) {
225letsreturn:
226#ifdef CONFIG_NETFILTER_DEBUG
227 if (sp == 0) {
228 BUGPRINT("RETURN on base chain");
229 /* act like this is EBT_CONTINUE */
230 goto letscontinue;
231 }
232#endif
233 sp--;
234 /* put all the local variables right */
235 i = cs[sp].n;
236 chaininfo = cs[sp].chaininfo;
237 nentries = chaininfo->nentries;
238 point = cs[sp].e;
239 counter_base = cb_base +
240 chaininfo->counter_offset;
241 continue;
242 }
243 if (verdict == EBT_CONTINUE)
244 goto letscontinue;
245#ifdef CONFIG_NETFILTER_DEBUG
246 if (verdict < 0) {
247 BUGPRINT("bogus standard verdict\n");
248 read_unlock_bh(&table->lock);
249 return NF_DROP;
250 }
251#endif
252 /* jump to a udc */
253 cs[sp].n = i + 1;
254 cs[sp].chaininfo = chaininfo;
98e86403 255 cs[sp].e = ebt_next_entry(point);
1da177e4
LT		 256 i = 0;
257 chaininfo = (struct ebt_entries *) (base + verdict);
258#ifdef CONFIG_NETFILTER_DEBUG
259 if (chaininfo->distinguisher) {
260 BUGPRINT("jump to non-chain\n");
261 read_unlock_bh(&table->lock);
262 return NF_DROP;
263 }
264#endif
265 nentries = chaininfo->nentries;
266 point = (struct ebt_entry *)chaininfo->data;
267 counter_base = cb_base + chaininfo->counter_offset;
268 sp++;
269 continue;
270letscontinue:
98e86403 271 point = ebt_next_entry(point);
1da177e4
LT		 272 i++;
273 }
274
275 /* I actually like this :) */
276 if (chaininfo->policy == EBT_RETURN)
277 goto letsreturn;
278 if (chaininfo->policy == EBT_ACCEPT) {
279 read_unlock_bh(&table->lock);
280 return NF_ACCEPT;
281 }
282 read_unlock_bh(&table->lock);
283 return NF_DROP;
284}
285
286/* If it succeeds, returns element and locks mutex */
287static inline void *
288find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
57b47a53 289 struct mutex *mutex)
1da177e4 290{
df0933dc
PM		 291 struct {
292 struct list_head list;
293 char name[EBT_FUNCTION_MAXNAMELEN];
294 } *e;
1da177e4 295
57b47a53 296 *error = mutex_lock_interruptible(mutex);
1da177e4
LT		 297 if (*error != 0)
298 return NULL;
299
df0933dc
PM		 300 list_for_each_entry(e, head, list) {
301 if (strcmp(e->name, name) == 0)
302 return e;
1da177e4 303 }
df0933dc
PM		 304 *error = -ENOENT;
305 mutex_unlock(mutex);
306 return NULL;
1da177e4
LT		 307}
308
1da177e4
LT		 309static void *
310find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
57b47a53 311 int *error, struct mutex *mutex)
1da177e4 312{
95a5afca
JB		 313 return try_then_request_module(
314 find_inlist_lock_noload(head, name, error, mutex),
315 "%s%s", prefix, name);
1da177e4 316}
1da177e4
LT		 317
318static inline struct ebt_table *
511061e2
AD		 319find_table_lock(struct net *net, const char *name, int *error,
320 struct mutex *mutex)
1da177e4 321{
511061e2
AD		 322 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
323 "ebtable_", error, mutex);
1da177e4
LT		 324}
325
1da177e4 326static inline int
9b4fce7a
JE		 327ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
328 unsigned int *cnt)
1da177e4 329{
9b4fce7a 330 const struct ebt_entry *e = par->entryinfo;
043ef46c 331 struct xt_match *match;
14197d54 332 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
1da177e4
LT		 333 int ret;
334
14197d54
AV		 335 if (left < sizeof(struct ebt_entry_match) ||
336 left - sizeof(struct ebt_entry_match) < m->match_size)
1da177e4 337 return -EINVAL;
043ef46c
JE		 338
339 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
340 m->u.name, 0), "ebt_%s", m->u.name);
341 if (IS_ERR(match))
342 return PTR_ERR(match);
343 if (match == NULL)
1da177e4 344 return -ENOENT;
043ef46c
JE		 345 m->u.match = match;
346
9b4fce7a
JE		 347 par->match = match;
348 par->matchinfo = m->data;
916a917d 349 ret = xt_check_match(par, m->match_size,
9b4fce7a 350 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 351 if (ret < 0) {
352 module_put(match->me);
353 return ret;
1da177e4 354 }
043ef46c 355
1da177e4
LT		 356 (*cnt)++;
357 return 0;
358}
359
360static inline int
af5d6dc2
JE		 361ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
362 unsigned int *cnt)
1da177e4 363{
af5d6dc2 364 const struct ebt_entry *e = par->entryinfo;
043ef46c 365 struct xt_target *watcher;
14197d54 366 size_t left = ((char *)e + e->target_offset) - (char *)w;
1da177e4
LT		 367 int ret;
368
14197d54
AV		 369 if (left < sizeof(struct ebt_entry_watcher) ||
370 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
1da177e4 371 return -EINVAL;
043ef46c
JE		 372
373 watcher = try_then_request_module(
374 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
375 "ebt_%s", w->u.name);
376 if (IS_ERR(watcher))
377 return PTR_ERR(watcher);
378 if (watcher == NULL)
1da177e4 379 return -ENOENT;
043ef46c
JE		 380 w->u.watcher = watcher;
381
af5d6dc2
JE		 382 par->target = watcher;
383 par->targinfo = w->data;
916a917d 384 ret = xt_check_target(par, w->watcher_size,
af5d6dc2 385 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 386 if (ret < 0) {
387 module_put(watcher->me);
388 return ret;
1da177e4 389 }
043ef46c 390
1da177e4
LT		 391 (*cnt)++;
392 return 0;
393}
394
d5d1baa1 395static int ebt_verify_pointers(const struct ebt_replace *repl,
70fe9af4 396 struct ebt_table_info *newinfo)
1da177e4 397{
70fe9af4
AV		 398 unsigned int limit = repl->entries_size;
399 unsigned int valid_hooks = repl->valid_hooks;
400 unsigned int offset = 0;
1da177e4
LT		 401 int i;
402
e4fd77de
AV		 403 for (i = 0; i < NF_BR_NUMHOOKS; i++)
404 newinfo->hook_entry[i] = NULL;
405
406 newinfo->entries_size = repl->entries_size;
407 newinfo->nentries = repl->nentries;
408
70fe9af4
AV		 409 while (offset < limit) {
410 size_t left = limit - offset;
411 struct ebt_entry *e = (void *)newinfo->entries + offset;
bb2ef25c 412
70fe9af4 413 if (left < sizeof(unsigned int))
1da177e4 414 break;
70fe9af4
AV		 415
416 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
417 if ((valid_hooks & (1 << i)) == 0)
418 continue;
1e419cd9
AV		 419 if ((char __user *)repl->hook_entry[i] ==
420 repl->entries + offset)
70fe9af4
AV		 421 break;
422 }
423
424 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
425 if (e->bitmask != 0) {
426 /* we make userspace set this right,
427 so there is no misunderstanding */
428 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
429 "in distinguisher\n");
430 return -EINVAL;
431 }
432 if (i != NF_BR_NUMHOOKS)
433 newinfo->hook_entry[i] = (struct ebt_entries *)e;
434 if (left < sizeof(struct ebt_entries))
435 break;
436 offset += sizeof(struct ebt_entries);
437 } else {
438 if (left < sizeof(struct ebt_entry))
439 break;
440 if (left < e->next_offset)
441 break;
1756de26
FW		 442 if (e->next_offset < sizeof(struct ebt_entry))
443 return -EINVAL;
70fe9af4 444 offset += e->next_offset;
1da177e4 445 }
22b440bf 446 }
70fe9af4
AV		 447 if (offset != limit) {
448 BUGPRINT("entries_size too small\n");
449 return -EINVAL;
450 }
e4fd77de
AV		 451
452 /* check if all valid hooks have a chain */
453 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
454 if (!newinfo->hook_entry[i] &&
455 (valid_hooks & (1 << i))) {
456 BUGPRINT("Valid hook without chain\n");
457 return -EINVAL;
458 }
459 }
22b440bf 460 return 0;
22b440bf
AV		 461}
462
463/*
464 * this one is very careful, as it is the first function
465 * to parse the userspace data
466 */
467static inline int
d5d1baa1
JE		 468ebt_check_entry_size_and_hooks(const struct ebt_entry *e,
469 const struct ebt_table_info *newinfo,
0e795531
AV		 470 unsigned int *n, unsigned int *cnt,
471 unsigned int *totalcnt, unsigned int *udc_cnt)
22b440bf 472{
22b440bf
AV		 473 int i;
474
475 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
0e795531 476 if ((void *)e == (void *)newinfo->hook_entry[i])
22b440bf
AV		 477 break;
478 }
479 /* beginning of a new chain
480 if i == NF_BR_NUMHOOKS it must be a user defined chain */
481 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
1da177e4
LT		 482 /* this checks if the previous chain has as many entries
483 as it said it has */
484 if (*n != *cnt) {
485 BUGPRINT("nentries does not equal the nr of entries "
9d6f229f 486 "in the chain\n");
1da177e4
LT		 487 return -EINVAL;
488 }
1da177e4
LT		 489 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
490 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
491 /* only RETURN from udc */
492 if (i != NF_BR_NUMHOOKS ||
493 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
494 BUGPRINT("bad policy\n");
495 return -EINVAL;
496 }
497 }
498 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
499 (*udc_cnt)++;
1da177e4
LT		 500 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
501 BUGPRINT("counter_offset != totalcnt");
502 return -EINVAL;
503 }
504 *n = ((struct ebt_entries *)e)->nentries;
505 *cnt = 0;
506 return 0;
507 }
508 /* a plain old entry, heh */
509 if (sizeof(struct ebt_entry) > e->watchers_offset ||
510 e->watchers_offset > e->target_offset ||
511 e->target_offset >= e->next_offset) {
512 BUGPRINT("entry offsets not in right order\n");
513 return -EINVAL;
514 }
515 /* this is not checked anywhere else */
516 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
517 BUGPRINT("target size too small\n");
518 return -EINVAL;
519 }
1da177e4
LT		 520 (*cnt)++;
521 (*totalcnt)++;
522 return 0;
523}
524
525struct ebt_cl_stack
526{
527 struct ebt_chainstack cs;
528 int from;
529 unsigned int hookmask;
530};
531
532/*
533 * we need these positions to check that the jumps to a different part of the
534 * entries is a jump to the beginning of a new chain.
535 */
536static inline int
537ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
177abc34 538 unsigned int *n, struct ebt_cl_stack *udc)
1da177e4
LT		 539{
540 int i;
541
542 /* we're only interested in chain starts */
40642f95 543 if (e->bitmask)
1da177e4
LT		 544 return 0;
545 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1da177e4
LT		 546 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
547 break;
548 }
549 /* only care about udc */
550 if (i != NF_BR_NUMHOOKS)
551 return 0;
552
553 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
554 /* these initialisations are depended on later in check_chainloops() */
555 udc[*n].cs.n = 0;
556 udc[*n].hookmask = 0;
557
558 (*n)++;
559 return 0;
560}
561
562static inline int
f54e9367 563ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
1da177e4 564{
6be3d859
JE		 565 struct xt_mtdtor_param par;
566
1da177e4
LT		 567 if (i && (*i)-- == 0)
568 return 1;
1da177e4 569
f54e9367 570 par.net = net;
6be3d859
JE		 571 par.match = m->u.match;
572 par.matchinfo = m->data;
916a917d 573 par.family = NFPROTO_BRIDGE;
6be3d859
JE		 574 if (par.match->destroy != NULL)
575 par.match->destroy(&par);
576 module_put(par.match->me);
1da177e4
LT		 577 return 0;
578}
579
580static inline int
add67461 581ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
1da177e4 582{
a2df1648
JE		 583 struct xt_tgdtor_param par;
584
1da177e4
LT		 585 if (i && (*i)-- == 0)
586 return 1;
1da177e4 587
add67461 588 par.net = net;
a2df1648
JE		 589 par.target = w->u.watcher;
590 par.targinfo = w->data;
916a917d 591 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 592 if (par.target->destroy != NULL)
593 par.target->destroy(&par);
594 module_put(par.target->me);
1da177e4
LT		 595 return 0;
596}
597
598static inline int
f54e9367 599ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
1da177e4 600{
a2df1648 601 struct xt_tgdtor_param par;
1da177e4
LT		 602 struct ebt_entry_target *t;
603
40642f95 604 if (e->bitmask == 0)
1da177e4
LT		 605 return 0;
606 /* we're done */
607 if (cnt && (*cnt)-- == 0)
608 return 1;
add67461 609 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
f54e9367 610 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
1da177e4 611 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1da177e4 612
add67461 613 par.net = net;
a2df1648
JE		 614 par.target = t->u.target;
615 par.targinfo = t->data;
916a917d 616 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 617 if (par.target->destroy != NULL)
618 par.target->destroy(&par);
619 module_put(par.target->me);
1da177e4
LT		 620 return 0;
621}
622
623static inline int
d5d1baa1
JE		 624ebt_check_entry(struct ebt_entry *e, struct net *net,
625 const struct ebt_table_info *newinfo,
f7da79d9 626 const char *name, unsigned int *cnt,
1da177e4
LT		 627 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
628{
629 struct ebt_entry_target *t;
043ef46c 630 struct xt_target *target;
1da177e4 631 unsigned int i, j, hook = 0, hookmask = 0;
44f9a2fd 632 size_t gap;
1da177e4 633 int ret;
6be3d859 634 struct xt_mtchk_param mtpar;
af5d6dc2 635 struct xt_tgchk_param tgpar;
1da177e4
LT		 636
637 /* don't mess with the struct ebt_entries */
40642f95 638 if (e->bitmask == 0)
1da177e4
LT		 639 return 0;
640
641 if (e->bitmask & ~EBT_F_MASK) {
642 BUGPRINT("Unknown flag for bitmask\n");
643 return -EINVAL;
644 }
645 if (e->invflags & ~EBT_INV_MASK) {
646 BUGPRINT("Unknown flag for inv bitmask\n");
647 return -EINVAL;
648 }
649 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
650 BUGPRINT("NOPROTO & 802_3 not allowed\n");
651 return -EINVAL;
652 }
653 /* what hook do we belong to? */
654 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
f7da79d9 655 if (!newinfo->hook_entry[i])
1da177e4
LT		 656 continue;
657 if ((char *)newinfo->hook_entry[i] < (char *)e)
658 hook = i;
659 else
660 break;
661 }
662 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
663 a base chain */
664 if (i < NF_BR_NUMHOOKS)
665 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
666 else {
667 for (i = 0; i < udc_cnt; i++)
668 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
669 break;
670 if (i == 0)
671 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
672 else
673 hookmask = cl_s[i - 1].hookmask;
674 }
675 i = 0;
9b4fce7a 676
add67461 677 mtpar.net = tgpar.net = net;
af5d6dc2
JE		 678 mtpar.table = tgpar.table = name;
679 mtpar.entryinfo = tgpar.entryinfo = e;
680 mtpar.hook_mask = tgpar.hook_mask = hookmask;
916a917d 681 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
6be3d859 682 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
1da177e4
LT		 683 if (ret != 0)
684 goto cleanup_matches;
685 j = 0;
af5d6dc2 686 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
1da177e4
LT		 687 if (ret != 0)
688 goto cleanup_watchers;
689 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
44f9a2fd 690 gap = e->next_offset - e->target_offset;
1da177e4 691
043ef46c
JE		 692 target = try_then_request_module(
693 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
694 "ebt_%s", t->u.name);
695 if (IS_ERR(target)) {
696 ret = PTR_ERR(target);
001a18d3 697 goto cleanup_watchers;
043ef46c
JE		 698 } else if (target == NULL) {
699 ret = -ENOENT;
001a18d3
JE		 700 goto cleanup_watchers;
701 }
702
1da177e4
LT		 703 t->u.target = target;
704 if (t->u.target == &ebt_standard_target) {
14197d54 705 if (gap < sizeof(struct ebt_standard_target)) {
1da177e4
LT		 706 BUGPRINT("Standard target size too big\n");
707 ret = -EFAULT;
708 goto cleanup_watchers;
709 }
710 if (((struct ebt_standard_target *)t)->verdict <
711 -NUM_STANDARD_TARGETS) {
712 BUGPRINT("Invalid standard target\n");
713 ret = -EFAULT;
714 goto cleanup_watchers;
715 }
18219d3f
JE		 716 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
717 module_put(t->u.target->me);
718 ret = -EFAULT;
719 goto cleanup_watchers;
043ef46c
JE		 720 }
721
af5d6dc2
JE		 722 tgpar.target = target;
723 tgpar.targinfo = t->data;
916a917d 724 ret = xt_check_target(&tgpar, t->target_size,
af5d6dc2 725 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 726 if (ret < 0) {
727 module_put(target->me);
18219d3f 728 goto cleanup_watchers;
1da177e4
LT		 729 }
730 (*cnt)++;
731 return 0;
732cleanup_watchers:
add67461 733 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
1da177e4 734cleanup_matches:
f54e9367 735 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
1da177e4
LT		 736 return ret;
737}
738
739/*
740 * checks for loops and sets the hook mask for udc
741 * the hook mask for udc tells us from which base chains the udc can be
742 * accessed. This mask is a parameter to the check() functions of the extensions
743 */
d5d1baa1 744static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
1da177e4
LT		 745 unsigned int udc_cnt, unsigned int hooknr, char *base)
746{
747 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
d5d1baa1
JE		 748 const struct ebt_entry *e = (struct ebt_entry *)chain->data;
749 const struct ebt_entry_target *t;
1da177e4
LT		 750
751 while (pos < nentries || chain_nr != -1) {
752 /* end of udc, go back one 'recursion' step */
753 if (pos == nentries) {
754 /* put back values of the time when this chain was called */
755 e = cl_s[chain_nr].cs.e;
756 if (cl_s[chain_nr].from != -1)
757 nentries =
758 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
759 else
760 nentries = chain->nentries;
761 pos = cl_s[chain_nr].cs.n;
762 /* make sure we won't see a loop that isn't one */
763 cl_s[chain_nr].cs.n = 0;
764 chain_nr = cl_s[chain_nr].from;
765 if (pos == nentries)
766 continue;
767 }
768 t = (struct ebt_entry_target *)
769 (((char *)e) + e->target_offset);
770 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
771 goto letscontinue;
772 if (e->target_offset + sizeof(struct ebt_standard_target) >
773 e->next_offset) {
774 BUGPRINT("Standard target size too big\n");
775 return -1;
776 }
777 verdict = ((struct ebt_standard_target *)t)->verdict;
778 if (verdict >= 0) { /* jump to another chain */
779 struct ebt_entries *hlp2 =
780 (struct ebt_entries *)(base + verdict);
781 for (i = 0; i < udc_cnt; i++)
782 if (hlp2 == cl_s[i].cs.chaininfo)
783 break;
784 /* bad destination or loop */
785 if (i == udc_cnt) {
786 BUGPRINT("bad destination\n");
787 return -1;
788 }
789 if (cl_s[i].cs.n) {
790 BUGPRINT("loop\n");
791 return -1;
792 }
98a0824a
AV		 793 if (cl_s[i].hookmask & (1 << hooknr))
794 goto letscontinue;
795 /* this can't be 0, so the loop test is correct */
1da177e4
LT		 796 cl_s[i].cs.n = pos + 1;
797 pos = 0;
98e86403 798 cl_s[i].cs.e = ebt_next_entry(e);
1da177e4
LT		 799 e = (struct ebt_entry *)(hlp2->data);
800 nentries = hlp2->nentries;
801 cl_s[i].from = chain_nr;
802 chain_nr = i;
803 /* this udc is accessible from the base chain for hooknr */
804 cl_s[i].hookmask |= (1 << hooknr);
805 continue;
806 }
807letscontinue:
98e86403 808 e = ebt_next_entry(e);
1da177e4
LT		 809 pos++;
810 }
811 return 0;
812}
813
814/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
d5d1baa1 815static int translate_table(struct net *net, const char *name,
a83d8e8d 816 struct ebt_table_info *newinfo)
1da177e4
LT		 817{
818 unsigned int i, j, k, udc_cnt;
819 int ret;
820 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
821
822 i = 0;
1f072c96 823 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
1da177e4
LT		 824 i++;
825 if (i == NF_BR_NUMHOOKS) {
826 BUGPRINT("No valid hooks specified\n");
827 return -EINVAL;
828 }
1f072c96 829 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
1da177e4
LT		 830 BUGPRINT("Chains don't start at beginning\n");
831 return -EINVAL;
832 }
833 /* make sure chains are ordered after each other in same order
834 as their corresponding hooks */
835 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
1f072c96 836 if (!newinfo->hook_entry[j])
1da177e4 837 continue;
1f072c96 838 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
1da177e4
LT		 839 BUGPRINT("Hook order must be followed\n");
840 return -EINVAL;
841 }
842 i = j;
843 }
844
1da177e4
LT		 845 /* do some early checkings and initialize some things */
846 i = 0; /* holds the expected nr. of entries for the chain */
847 j = 0; /* holds the up to now counted entries for the chain */
848 k = 0; /* holds the total nr. of entries, should equal
9d6f229f 849 newinfo->nentries afterwards */
1da177e4
LT		 850 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
851 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
0e795531
AV		 852 ebt_check_entry_size_and_hooks, newinfo,
853 &i, &j, &k, &udc_cnt);
1da177e4
LT		 854
855 if (ret != 0)
856 return ret;
857
858 if (i != j) {
859 BUGPRINT("nentries does not equal the nr of entries in the "
9d6f229f 860 "(last) chain\n");
1da177e4
LT		 861 return -EINVAL;
862 }
863 if (k != newinfo->nentries) {
864 BUGPRINT("Total nentries is wrong\n");
865 return -EINVAL;
866 }
867
1da177e4
LT		 868 /* get the location of the udc, put them in an array
869 while we're at it, allocate the chainstack */
870 if (udc_cnt) {
871 /* this will get free'd in do_replace()/ebt_register_table()
872 if an error occurs */
7ad4d2f6 873 newinfo->chainstack =
53b8a315 874 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
1da177e4
LT		 875 if (!newinfo->chainstack)
876 return -ENOMEM;
6f912042 877 for_each_possible_cpu(i) {
1da177e4 878 newinfo->chainstack[i] =
18bc89aa 879 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
1da177e4
LT		 880 if (!newinfo->chainstack[i]) {
881 while (i)
882 vfree(newinfo->chainstack[--i]);
883 vfree(newinfo->chainstack);
884 newinfo->chainstack = NULL;
885 return -ENOMEM;
886 }
887 }
888
18bc89aa 889 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
1da177e4
LT		 890 if (!cl_s)
891 return -ENOMEM;
892 i = 0; /* the i'th udc */
893 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
177abc34 894 ebt_get_udc_positions, newinfo, &i, cl_s);
1da177e4
LT		 895 /* sanity check */
896 if (i != udc_cnt) {
897 BUGPRINT("i != udc_cnt\n");
898 vfree(cl_s);
899 return -EFAULT;
900 }
901 }
902
903 /* Check for loops */
904 for (i = 0; i < NF_BR_NUMHOOKS; i++)
1f072c96 905 if (newinfo->hook_entry[i])
1da177e4
LT		 906 if (check_chainloops(newinfo->hook_entry[i],
907 cl_s, udc_cnt, i, newinfo->entries)) {
68d31872 908 vfree(cl_s);
1da177e4
LT		 909 return -EINVAL;
910 }
911
96de0e25 912 /* we now know the following (along with E=mc²):
1da177e4
LT		 913 - the nr of entries in each chain is right
914 - the size of the allocated space is right
915 - all valid hooks have a corresponding chain
916 - there are no loops
917 - wrong data can still be on the level of a single entry
918 - could be there are jumps to places that are not the
919 beginning of a chain. This can only occur in chains that
920 are not accessible from any base chains, so we don't care. */
921
922 /* used to know what we need to clean up if something goes wrong */
923 i = 0;
924 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
a83d8e8d 925 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
1da177e4
LT		 926 if (ret != 0) {
927 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
f54e9367 928 ebt_cleanup_entry, net, &i);
1da177e4 929 }
68d31872 930 vfree(cl_s);
1da177e4
LT		 931 return ret;
932}
933
934/* called under write_lock */
d5d1baa1 935static void get_counters(const struct ebt_counter *oldcounters,
1da177e4
LT		 936 struct ebt_counter *counters, unsigned int nentries)
937{
938 int i, cpu;
939 struct ebt_counter *counter_base;
940
941 /* counters of cpu 0 */
942 memcpy(counters, oldcounters,
c8923c6b
DM		 943 sizeof(struct ebt_counter) * nentries);
944
1da177e4 945 /* add other counters to those of cpu 0 */
6f912042 946 for_each_possible_cpu(cpu) {
c8923c6b
DM		 947 if (cpu == 0)
948 continue;
1da177e4
LT		 949 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
950 for (i = 0; i < nentries; i++) {
951 counters[i].pcnt += counter_base[i].pcnt;
952 counters[i].bcnt += counter_base[i].bcnt;
953 }
954 }
955}
956
e788759f
FW		 957static int do_replace_finish(struct net *net, struct ebt_replace *repl,
958 struct ebt_table_info *newinfo)
1da177e4 959{
e788759f 960 int ret, i;
1da177e4
LT		 961 struct ebt_counter *counterstmp = NULL;
962 /* used to be able to unlock earlier */
963 struct ebt_table_info *table;
e788759f 964 struct ebt_table *t;
1da177e4
LT		 965
966 /* the user wants counters back
967 the check on the size is done later, when we have the lock */
e788759f
FW		 968 if (repl->num_counters) {
969 unsigned long size = repl->num_counters * sizeof(*counterstmp);
970 counterstmp = vmalloc(size);
971 if (!counterstmp)
972 return -ENOMEM;
1da177e4 973 }
1da177e4 974
1da177e4 975 newinfo->chainstack = NULL;
e788759f 976 ret = ebt_verify_pointers(repl, newinfo);
1bc2326c
AV		 977 if (ret != 0)
978 goto free_counterstmp;
979
e788759f 980 ret = translate_table(net, repl->name, newinfo);
1da177e4
LT		 981
982 if (ret != 0)
983 goto free_counterstmp;
984
e788759f 985 t = find_table_lock(net, repl->name, &ret, &ebt_mutex);
1da177e4
LT		 986 if (!t) {
987 ret = -ENOENT;
988 goto free_iterate;
989 }
990
991 /* the table doesn't like it */
e788759f 992 if (t->check && (ret = t->check(newinfo, repl->valid_hooks)))
1da177e4
LT		 993 goto free_unlock;
994
e788759f 995 if (repl->num_counters && repl->num_counters != t->private->nentries) {
1da177e4
LT		 996 BUGPRINT("Wrong nr. of counters requested\n");
997 ret = -EINVAL;
998 goto free_unlock;
999 }
1000
1001 /* we have the mutex lock, so no danger in reading this pointer */
1002 table = t->private;
1003 /* make sure the table can only be rmmod'ed if it contains no rules */
1004 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1005 ret = -ENOENT;
1006 goto free_unlock;
1007 } else if (table->nentries && !newinfo->nentries)
1008 module_put(t->me);
1009 /* we need an atomic snapshot of the counters */
1010 write_lock_bh(&t->lock);
e788759f 1011 if (repl->num_counters)
1da177e4
LT		 1012 get_counters(t->private->counters, counterstmp,
1013 t->private->nentries);
1014
1015 t->private = newinfo;
1016 write_unlock_bh(&t->lock);
57b47a53 1017 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1018 /* so, a user can change the chains while having messed up her counter
1019 allocation. Only reason why this is done is because this way the lock
1020 is held only once, while this doesn't bring the kernel into a
1021 dangerous state. */
e788759f
FW		 1022 if (repl->num_counters &&
1023 copy_to_user(repl->counters, counterstmp,
1024 repl->num_counters * sizeof(struct ebt_counter))) {
1da177e4
LT		 1025 ret = -EFAULT;
1026 }
1027 else
1028 ret = 0;
1029
1030 /* decrease module count and free resources */
1031 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
f54e9367 1032 ebt_cleanup_entry, net, NULL);
1da177e4
LT		 1033
1034 vfree(table->entries);
1035 if (table->chainstack) {
6f912042 1036 for_each_possible_cpu(i)
1da177e4
LT		 1037 vfree(table->chainstack[i]);
1038 vfree(table->chainstack);
1039 }
1040 vfree(table);
1041
68d31872 1042 vfree(counterstmp);
1da177e4
LT		 1043 return ret;
1044
1045free_unlock:
57b47a53 1046 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1047free_iterate:
1048 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
f54e9367 1049 ebt_cleanup_entry, net, NULL);
1da177e4 1050free_counterstmp:
68d31872 1051 vfree(counterstmp);
1da177e4
LT		 1052 /* can be initialized in translate_table() */
1053 if (newinfo->chainstack) {
6f912042 1054 for_each_possible_cpu(i)
1da177e4
LT		 1055 vfree(newinfo->chainstack[i]);
1056 vfree(newinfo->chainstack);
1057 }
e788759f
FW		 1058 return ret;
1059}
1060
1061/* replace the table */
1062static int do_replace(struct net *net, const void __user *user,
1063 unsigned int len)
1064{
1065 int ret, countersize;
1066 struct ebt_table_info *newinfo;
1067 struct ebt_replace tmp;
1068
1069 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1070 return -EFAULT;
1071
1072 if (len != sizeof(tmp) + tmp.entries_size) {
1073 BUGPRINT("Wrong len argument\n");
1074 return -EINVAL;
1075 }
1076
1077 if (tmp.entries_size == 0) {
1078 BUGPRINT("Entries_size never zero\n");
1079 return -EINVAL;
1080 }
1081 /* overflow check */
1082 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
1083 NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
1084 return -ENOMEM;
1085 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
1086 return -ENOMEM;
1087
1088 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
1089 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1090 if (!newinfo)
1091 return -ENOMEM;
1092
1093 if (countersize)
1094 memset(newinfo->counters, 0, countersize);
1095
1096 newinfo->entries = vmalloc(tmp.entries_size);
1097 if (!newinfo->entries) {
1098 ret = -ENOMEM;
1099 goto free_newinfo;
1100 }
1101 if (copy_from_user(
1102 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1103 BUGPRINT("Couldn't copy entries from userspace\n");
1104 ret = -EFAULT;
1105 goto free_entries;
1106 }
1107
1108 ret = do_replace_finish(net, &tmp, newinfo);
1109 if (ret == 0)
1110 return ret;
1da177e4 1111free_entries:
68d31872 1112 vfree(newinfo->entries);
1da177e4 1113free_newinfo:
68d31872 1114 vfree(newinfo);
1da177e4
LT		 1115 return ret;
1116}
1117
35aad0ff
JE		 1118struct ebt_table *
1119ebt_register_table(struct net *net, const struct ebt_table *input_table)
1da177e4
LT		 1120{
1121 struct ebt_table_info *newinfo;
35aad0ff 1122 struct ebt_table *t, *table;
1e419cd9 1123 struct ebt_replace_kernel *repl;
1da177e4 1124 int ret, i, countersize;
df07a81e 1125 void *p;
1da177e4 1126
35aad0ff
JE		 1127 if (input_table == NULL || (repl = input_table->table) == NULL ||
1128 repl->entries == 0 || repl->entries_size == 0 ||
1129 repl->counters != NULL || input_table->private != NULL) {
1da177e4 1130 BUGPRINT("Bad table data for ebt_register_table!!!\n");
6beceee5
AD		 1131 return ERR_PTR(-EINVAL);
1132 }
1133
1134 /* Don't add one table to multiple lists. */
35aad0ff 1135 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
6beceee5
AD		 1136 if (!table) {
1137 ret = -ENOMEM;
1138 goto out;
1da177e4
LT		 1139 }
1140
53b8a315 1141 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
18bc89aa 1142 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1da177e4
LT		 1143 ret = -ENOMEM;
1144 if (!newinfo)
6beceee5 1145 goto free_table;
1da177e4 1146
df07a81e
AV		 1147 p = vmalloc(repl->entries_size);
1148 if (!p)
1da177e4
LT		 1149 goto free_newinfo;
1150
df07a81e
AV		 1151 memcpy(p, repl->entries, repl->entries_size);
1152 newinfo->entries = p;
1153
1154 newinfo->entries_size = repl->entries_size;
1155 newinfo->nentries = repl->nentries;
1da177e4
LT		 1156
1157 if (countersize)
1158 memset(newinfo->counters, 0, countersize);
1159
1160 /* fill in newinfo and parse the entries */
1161 newinfo->chainstack = NULL;
df07a81e
AV		 1162 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1163 if ((repl->valid_hooks & (1 << i)) == 0)
1164 newinfo->hook_entry[i] = NULL;
1165 else
1166 newinfo->hook_entry[i] = p +
1167 ((char *)repl->hook_entry[i] - repl->entries);
1168 }
a83d8e8d 1169 ret = translate_table(net, repl->name, newinfo);
1da177e4
LT		 1170 if (ret != 0) {
1171 BUGPRINT("Translate_table failed\n");
1172 goto free_chainstack;
1173 }
1174
1175 if (table->check && table->check(newinfo, table->valid_hooks)) {
1176 BUGPRINT("The table doesn't like its own initial data, lol\n");
6beceee5 1177 return ERR_PTR(-EINVAL);
1da177e4
LT		 1178 }
1179
1180 table->private = newinfo;
1181 rwlock_init(&table->lock);
57b47a53 1182 ret = mutex_lock_interruptible(&ebt_mutex);
1da177e4
LT		 1183 if (ret != 0)
1184 goto free_chainstack;
1185
511061e2 1186 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
df0933dc
PM		 1187 if (strcmp(t->name, table->name) == 0) {
1188 ret = -EEXIST;
1189 BUGPRINT("Table name already exists\n");
1190 goto free_unlock;
1191 }
1da177e4
LT		 1192 }
1193
1194 /* Hold a reference count if the chains aren't empty */
1195 if (newinfo->nentries && !try_module_get(table->me)) {
1196 ret = -ENOENT;
1197 goto free_unlock;
1198 }
511061e2 1199 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
57b47a53 1200 mutex_unlock(&ebt_mutex);
6beceee5 1201 return table;
1da177e4 1202free_unlock:
57b47a53 1203 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1204free_chainstack:
1205 if (newinfo->chainstack) {
6f912042 1206 for_each_possible_cpu(i)
1da177e4
LT		 1207 vfree(newinfo->chainstack[i]);
1208 vfree(newinfo->chainstack);
1209 }
1210 vfree(newinfo->entries);
1211free_newinfo:
1212 vfree(newinfo);
6beceee5
AD		 1213free_table:
1214 kfree(table);
1215out:
1216 return ERR_PTR(ret);
1da177e4
LT		 1217}
1218
f54e9367 1219void ebt_unregister_table(struct net *net, struct ebt_table *table)
1da177e4
LT		 1220{
1221 int i;
1222
1223 if (!table) {
1224 BUGPRINT("Request to unregister NULL table!!!\n");
1225 return;
1226 }
57b47a53 1227 mutex_lock(&ebt_mutex);
df0933dc 1228 list_del(&table->list);
57b47a53 1229 mutex_unlock(&ebt_mutex);
dbcdf85a 1230 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
f54e9367 1231 ebt_cleanup_entry, net, NULL);
dbcdf85a
AD		 1232 if (table->private->nentries)
1233 module_put(table->me);
68d31872 1234 vfree(table->private->entries);
1da177e4 1235 if (table->private->chainstack) {
6f912042 1236 for_each_possible_cpu(i)
1da177e4
LT		 1237 vfree(table->private->chainstack[i]);
1238 vfree(table->private->chainstack);
1239 }
1240 vfree(table->private);
6beceee5 1241 kfree(table);
1da177e4
LT		 1242}
1243
1244/* userspace just supplied us with counters */
d5d1baa1
JE		 1245static int update_counters(struct net *net, const void __user *user,
1246 unsigned int len)
1da177e4
LT		 1247{
1248 int i, ret;
1249 struct ebt_counter *tmp;
1250 struct ebt_replace hlp;
1251 struct ebt_table *t;
1252
1253 if (copy_from_user(&hlp, user, sizeof(hlp)))
1254 return -EFAULT;
1255
1256 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1257 return -EINVAL;
1258 if (hlp.num_counters == 0)
1259 return -EINVAL;
1260
837395aa 1261 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp))))
1da177e4 1262 return -ENOMEM;
1da177e4 1263
511061e2 1264 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1da177e4
LT		 1265 if (!t)
1266 goto free_tmp;
1267
1268 if (hlp.num_counters != t->private->nentries) {
1269 BUGPRINT("Wrong nr of counters\n");
1270 ret = -EINVAL;
1271 goto unlock_mutex;
1272 }
1273
1274 if ( copy_from_user(tmp, hlp.counters,
1275 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1276 BUGPRINT("Updata_counters && !cfu\n");
1277 ret = -EFAULT;
1278 goto unlock_mutex;
1279 }
1280
1281 /* we want an atomic add of the counters */
1282 write_lock_bh(&t->lock);
1283
1284 /* we add to the counters of the first cpu */
1285 for (i = 0; i < hlp.num_counters; i++) {
1286 t->private->counters[i].pcnt += tmp[i].pcnt;
1287 t->private->counters[i].bcnt += tmp[i].bcnt;
1288 }
1289
1290 write_unlock_bh(&t->lock);
1291 ret = 0;
1292unlock_mutex:
57b47a53 1293 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1294free_tmp:
1295 vfree(tmp);
1296 return ret;
1297}
1298
d5d1baa1
JE		 1299static inline int ebt_make_matchname(const struct ebt_entry_match *m,
1300 const char *base, char __user *ubase)
1da177e4 1301{
1e419cd9 1302 char __user *hlp = ubase + ((char *)m - base);
1da177e4
LT		 1303 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1304 return -EFAULT;
1305 return 0;
1306}
1307
d5d1baa1
JE		 1308static inline int ebt_make_watchername(const struct ebt_entry_watcher *w,
1309 const char *base, char __user *ubase)
1da177e4 1310{
1e419cd9 1311 char __user *hlp = ubase + ((char *)w - base);
1da177e4
LT		 1312 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1313 return -EFAULT;
1314 return 0;
1315}
1316
d5d1baa1
JE		 1317static inline int
1318ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
1da177e4
LT		 1319{
1320 int ret;
1e419cd9 1321 char __user *hlp;
d5d1baa1 1322 const struct ebt_entry_target *t;
1da177e4 1323
40642f95 1324 if (e->bitmask == 0)
1da177e4
LT		 1325 return 0;
1326
1e419cd9 1327 hlp = ubase + (((char *)e + e->target_offset) - base);
1da177e4 1328 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
9d6f229f 1329
1da177e4
LT		 1330 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1331 if (ret != 0)
1332 return ret;
1333 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1334 if (ret != 0)
1335 return ret;
1336 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1337 return -EFAULT;
1338 return 0;
1339}
1340
837395aa
FW		 1341static int copy_counters_to_user(struct ebt_table *t,
1342 const struct ebt_counter *oldcounters,
1343 void __user *user, unsigned int num_counters,
1344 unsigned int nentries)
1345{
1346 struct ebt_counter *counterstmp;
1347 int ret = 0;
1348
1349 /* userspace might not need the counters */
1350 if (num_counters == 0)
1351 return 0;
1352
1353 if (num_counters != nentries) {
1354 BUGPRINT("Num_counters wrong\n");
1355 return -EINVAL;
1356 }
1357
1358 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1359 if (!counterstmp)
1360 return -ENOMEM;
1361
1362 write_lock_bh(&t->lock);
1363 get_counters(oldcounters, counterstmp, nentries);
1364 write_unlock_bh(&t->lock);
1365
1366 if (copy_to_user(user, counterstmp,
1367 nentries * sizeof(struct ebt_counter)))
1368 ret = -EFAULT;
1369 vfree(counterstmp);
1370 return ret;
1371}
1372
57b47a53 1373/* called with ebt_mutex locked */
1da177e4 1374static int copy_everything_to_user(struct ebt_table *t, void __user *user,
d5d1baa1 1375 const int *len, int cmd)
1da177e4
LT		 1376{
1377 struct ebt_replace tmp;
d5d1baa1 1378 const struct ebt_counter *oldcounters;
1da177e4 1379 unsigned int entries_size, nentries;
837395aa 1380 int ret;
1da177e4
LT		 1381 char *entries;
1382
1383 if (cmd == EBT_SO_GET_ENTRIES) {
1384 entries_size = t->private->entries_size;
1385 nentries = t->private->nentries;
1386 entries = t->private->entries;
1387 oldcounters = t->private->counters;
1388 } else {
1389 entries_size = t->table->entries_size;
1390 nentries = t->table->nentries;
1391 entries = t->table->entries;
1392 oldcounters = t->table->counters;
1393 }
1394
1395 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1396 BUGPRINT("Cfu didn't work\n");
1397 return -EFAULT;
1398 }
1399
1400 if (*len != sizeof(struct ebt_replace) + entries_size +
1401 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1402 BUGPRINT("Wrong size\n");
1403 return -EINVAL;
1404 }
1405
1406 if (tmp.nentries != nentries) {
1407 BUGPRINT("Nentries wrong\n");
1408 return -EINVAL;
1409 }
1410
1411 if (tmp.entries_size != entries_size) {
1412 BUGPRINT("Wrong size\n");
1413 return -EINVAL;
1414 }
1415
837395aa
FW		 1416 ret = copy_counters_to_user(t, oldcounters, tmp.counters,
1417 tmp.num_counters, nentries);
1418 if (ret)
1419 return ret;
1da177e4
LT		 1420
1421 if (copy_to_user(tmp.entries, entries, entries_size)) {
1422 BUGPRINT("Couldn't copy entries to userspace\n");
1423 return -EFAULT;
1424 }
1425 /* set the match/watcher/target names right */
1426 return EBT_ENTRY_ITERATE(entries, entries_size,
1427 ebt_make_names, entries, tmp.entries);
1428}
1429
1430static int do_ebt_set_ctl(struct sock *sk,
1431 int cmd, void __user *user, unsigned int len)
1432{
1433 int ret;
1434
dce766af
FW		 1435 if (!capable(CAP_NET_ADMIN))
1436 return -EPERM;
1437
1da177e4
LT		 1438 switch(cmd) {
1439 case EBT_SO_SET_ENTRIES:
511061e2 1440 ret = do_replace(sock_net(sk), user, len);
1da177e4
LT		 1441 break;
1442 case EBT_SO_SET_COUNTERS:
511061e2 1443 ret = update_counters(sock_net(sk), user, len);
1da177e4
LT		 1444 break;
1445 default:
1446 ret = -EINVAL;
1447 }
1448 return ret;
1449}
1450
1451static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1452{
1453 int ret;
1454 struct ebt_replace tmp;
1455 struct ebt_table *t;
1456
dce766af
FW		 1457 if (!capable(CAP_NET_ADMIN))
1458 return -EPERM;
1459
1da177e4
LT		 1460 if (copy_from_user(&tmp, user, sizeof(tmp)))
1461 return -EFAULT;
1462
511061e2 1463 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1da177e4
LT		 1464 if (!t)
1465 return ret;
1466
1467 switch(cmd) {
1468 case EBT_SO_GET_INFO:
1469 case EBT_SO_GET_INIT_INFO:
1470 if (*len != sizeof(struct ebt_replace)){
1471 ret = -EINVAL;
57b47a53 1472 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1473 break;
1474 }
1475 if (cmd == EBT_SO_GET_INFO) {
1476 tmp.nentries = t->private->nentries;
1477 tmp.entries_size = t->private->entries_size;
1478 tmp.valid_hooks = t->valid_hooks;
1479 } else {
1480 tmp.nentries = t->table->nentries;
1481 tmp.entries_size = t->table->entries_size;
1482 tmp.valid_hooks = t->table->valid_hooks;
1483 }
57b47a53 1484 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1485 if (copy_to_user(user, &tmp, *len) != 0){
1486 BUGPRINT("c2u Didn't work\n");
1487 ret = -EFAULT;
1488 break;
1489 }
1490 ret = 0;
1491 break;
1492
1493 case EBT_SO_GET_ENTRIES:
1494 case EBT_SO_GET_INIT_ENTRIES:
1495 ret = copy_everything_to_user(t, user, len, cmd);
57b47a53 1496 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1497 break;
1498
1499 default:
57b47a53 1500 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1501 ret = -EINVAL;
1502 }
1503
1504 return ret;
1505}
1506
1507static struct nf_sockopt_ops ebt_sockopts =
74ca4e5a
AM		 1508{
1509 .pf = PF_INET,
1510 .set_optmin = EBT_BASE_CTL,
1511 .set_optmax = EBT_SO_SET_MAX + 1,
1512 .set = do_ebt_set_ctl,
1513 .get_optmin = EBT_BASE_CTL,
1514 .get_optmax = EBT_SO_GET_MAX + 1,
1515 .get = do_ebt_get_ctl,
16fcec35 1516 .owner = THIS_MODULE,
1da177e4
LT		 1517};
1518
65b4b4e8 1519static int __init ebtables_init(void)
1da177e4
LT		 1520{
1521 int ret;
1522
043ef46c
JE		 1523 ret = xt_register_target(&ebt_standard_target);
1524 if (ret < 0)
1da177e4 1525 return ret;
043ef46c
JE		 1526 ret = nf_register_sockopt(&ebt_sockopts);
1527 if (ret < 0) {
1528 xt_unregister_target(&ebt_standard_target);
1529 return ret;
1530 }
1da177e4 1531
a887c1c1 1532 printk(KERN_INFO "Ebtables v2.0 registered\n");
1da177e4
LT		 1533 return 0;
1534}
1535
65b4b4e8 1536static void __exit ebtables_fini(void)
1da177e4
LT		 1537{
1538 nf_unregister_sockopt(&ebt_sockopts);
043ef46c 1539 xt_unregister_target(&ebt_standard_target);
a887c1c1 1540 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1da177e4
LT		 1541}
1542
1543EXPORT_SYMBOL(ebt_register_table);
1544EXPORT_SYMBOL(ebt_unregister_table);
1da177e4 1545EXPORT_SYMBOL(ebt_do_table);
65b4b4e8
AM		 1546module_init(ebtables_init);
1547module_exit(ebtables_fini);
1da177e4 1548MODULE_LICENSE("GPL");
Ubuntu Hirsute Linux kernel mirror