projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netfilter 04/09: x_tables: fix match/target revision lookup
[linux-2.6-block.git] / net / bridge / netfilter / ebtables.c
CommitLineData
1da177e4
LT		 1/*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
1da177e4
LT		 18
19#include <linux/kmod.h>
20#include <linux/module.h>
21#include <linux/vmalloc.h>
18219d3f 22#include <linux/netfilter/x_tables.h>
1da177e4
LT		 23#include <linux/netfilter_bridge/ebtables.h>
24#include <linux/spinlock.h>
df0933dc 25#include <linux/mutex.h>
1da177e4
LT		 26#include <asm/uaccess.h>
27#include <linux/smp.h>
c8923c6b 28#include <linux/cpumask.h>
1da177e4
LT		 29#include <net/sock.h>
30/* needed for logical [in,out]-dev filtering */
31#include "../br_private.h"
32
1da177e4 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
9d6f229f 34 "report to author: "format, ## args)
1da177e4 35/* #define BUGPRINT(format, args...) */
1da177e4 36#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
9d6f229f 37 ": out of memory: "format, ## args)
1da177e4
LT		 38/* #define MEMPRINT(format, args...) */
39
40
41
42/*
43 * Each cpu has its own set of counters, so there is no need for write_lock in
44 * the softirq
45 * For reading or updating the counters, the user context needs to
46 * get a write_lock
47 */
48
49/* The size of each set of counters is altered to get cache alignment */
50#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53 COUNTER_OFFSET(n) * cpu))
54
55
56
57b47a53 57static DEFINE_MUTEX(ebt_mutex);
1da177e4 58
043ef46c 59static struct xt_target ebt_standard_target = {
001a18d3
JE		 60 .name = "standard",
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
043ef46c 63 .targetsize = sizeof(int),
18219d3f 64};
1da177e4 65
7eb35586
JE		 66static inline int
67ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68 struct xt_target_param *par)
1da177e4 69{
7eb35586
JE		 70 par->target = w->u.watcher;
71 par->targinfo = w->data;
72 w->u.watcher->target(skb, par);
1da177e4
LT		 73 /* watchers don't give a verdict */
74 return 0;
75}
76
77static inline int ebt_do_match (struct ebt_entry_match *m,
f7108a20 78 const struct sk_buff *skb, struct xt_match_param *par)
1da177e4 79{
f7108a20
JE		 80 par->match = m->u.match;
81 par->matchinfo = m->data;
82 return m->u.match->match(skb, par);
1da177e4
LT		 83}
84
85static inline int ebt_dev_check(char *entry, const struct net_device *device)
86{
87 int i = 0;
f3d8b2e4 88 const char *devname;
1da177e4
LT		 89
90 if (*entry == '\0')
91 return 0;
92 if (!device)
93 return 1;
f3d8b2e4 94 devname = device->name;
1da177e4
LT		 95 /* 1 is the wildcard token */
96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97 i++;
98 return (devname[i] != entry[i] && entry[i] != 1);
99}
100
101#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102/* process standard matches */
103static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104 const struct net_device *in, const struct net_device *out)
105{
106 int verdict, i;
107
108 if (e->bitmask & EBT_802_3) {
109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110 return 1;
111 } else if (!(e->bitmask & EBT_NOPROTO) &&
112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113 return 1;
114
115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116 return 1;
117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118 return 1;
119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121 return 1;
122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124 return 1;
125
126 if (e->bitmask & EBT_SOURCEMAC) {
127 verdict = 0;
128 for (i = 0; i < 6; i++)
129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130 e->sourcemsk[i];
131 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132 return 1;
133 }
134 if (e->bitmask & EBT_DESTMAC) {
135 verdict = 0;
136 for (i = 0; i < 6; i++)
137 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138 e->destmsk[i];
139 if (FWINV2(verdict != 0, EBT_IDEST) )
140 return 1;
141 }
142 return 0;
143}
144
145/* Do some firewalling */
3db05fea 146unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
1da177e4
LT		 147 const struct net_device *in, const struct net_device *out,
148 struct ebt_table *table)
149{
150 int i, nentries;
151 struct ebt_entry *point;
152 struct ebt_counter *counter_base, *cb_base;
153 struct ebt_entry_target *t;
154 int verdict, sp = 0;
155 struct ebt_chainstack *cs;
156 struct ebt_entries *chaininfo;
157 char *base;
158 struct ebt_table_info *private;
5365f802 159 bool hotdrop = false;
f7108a20 160 struct xt_match_param mtpar;
7eb35586 161 struct xt_target_param tgpar;
f7108a20 162
916a917d 163 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
7eb35586
JE		 164 mtpar.in = tgpar.in = in;
165 mtpar.out = tgpar.out = out;
f7108a20 166 mtpar.hotdrop = &hotdrop;
7eb35586 167 tgpar.hooknum = hook;
1da177e4
LT		 168
169 read_lock_bh(&table->lock);
170 private = table->private;
171 cb_base = COUNTER_BASE(private->counters, private->nentries,
172 smp_processor_id());
173 if (private->chainstack)
174 cs = private->chainstack[smp_processor_id()];
175 else
176 cs = NULL;
177 chaininfo = private->hook_entry[hook];
178 nentries = private->hook_entry[hook]->nentries;
179 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
180 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
181 /* base for chain jumps */
182 base = private->entries;
183 i = 0;
184 while (i < nentries) {
3db05fea 185 if (ebt_basic_match(point, eth_hdr(skb), in, out))
1da177e4
LT		 186 goto letscontinue;
187
f7108a20 188 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
1da177e4 189 goto letscontinue;
5365f802
JE		 190 if (hotdrop) {
191 read_unlock_bh(&table->lock);
192 return NF_DROP;
193 }
1da177e4
LT		 194
195 /* increase counter */
196 (*(counter_base + i)).pcnt++;
3db05fea 197 (*(counter_base + i)).bcnt += skb->len;
1da177e4
LT		 198
199 /* these should only watch: not modify, nor tell us
200 what to do with the packet */
7eb35586 201 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
1da177e4
LT		 202
203 t = (struct ebt_entry_target *)
204 (((char *)point) + point->target_offset);
205 /* standard target */
206 if (!t->u.target->target)
207 verdict = ((struct ebt_standard_target *)t)->verdict;
7eb35586
JE		 208 else {
209 tgpar.target = t->u.target;
210 tgpar.targinfo = t->data;
211 verdict = t->u.target->target(skb, &tgpar);
212 }
1da177e4
LT		 213 if (verdict == EBT_ACCEPT) {
214 read_unlock_bh(&table->lock);
215 return NF_ACCEPT;
216 }
217 if (verdict == EBT_DROP) {
218 read_unlock_bh(&table->lock);
219 return NF_DROP;
220 }
221 if (verdict == EBT_RETURN) {
222letsreturn:
223#ifdef CONFIG_NETFILTER_DEBUG
224 if (sp == 0) {
225 BUGPRINT("RETURN on base chain");
226 /* act like this is EBT_CONTINUE */
227 goto letscontinue;
228 }
229#endif
230 sp--;
231 /* put all the local variables right */
232 i = cs[sp].n;
233 chaininfo = cs[sp].chaininfo;
234 nentries = chaininfo->nentries;
235 point = cs[sp].e;
236 counter_base = cb_base +
237 chaininfo->counter_offset;
238 continue;
239 }
240 if (verdict == EBT_CONTINUE)
241 goto letscontinue;
242#ifdef CONFIG_NETFILTER_DEBUG
243 if (verdict < 0) {
244 BUGPRINT("bogus standard verdict\n");
245 read_unlock_bh(&table->lock);
246 return NF_DROP;
247 }
248#endif
249 /* jump to a udc */
250 cs[sp].n = i + 1;
251 cs[sp].chaininfo = chaininfo;
252 cs[sp].e = (struct ebt_entry *)
253 (((char *)point) + point->next_offset);
254 i = 0;
255 chaininfo = (struct ebt_entries *) (base + verdict);
256#ifdef CONFIG_NETFILTER_DEBUG
257 if (chaininfo->distinguisher) {
258 BUGPRINT("jump to non-chain\n");
259 read_unlock_bh(&table->lock);
260 return NF_DROP;
261 }
262#endif
263 nentries = chaininfo->nentries;
264 point = (struct ebt_entry *)chaininfo->data;
265 counter_base = cb_base + chaininfo->counter_offset;
266 sp++;
267 continue;
268letscontinue:
269 point = (struct ebt_entry *)
270 (((char *)point) + point->next_offset);
271 i++;
272 }
273
274 /* I actually like this :) */
275 if (chaininfo->policy == EBT_RETURN)
276 goto letsreturn;
277 if (chaininfo->policy == EBT_ACCEPT) {
278 read_unlock_bh(&table->lock);
279 return NF_ACCEPT;
280 }
281 read_unlock_bh(&table->lock);
282 return NF_DROP;
283}
284
285/* If it succeeds, returns element and locks mutex */
286static inline void *
287find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
57b47a53 288 struct mutex *mutex)
1da177e4 289{
df0933dc
PM		 290 struct {
291 struct list_head list;
292 char name[EBT_FUNCTION_MAXNAMELEN];
293 } *e;
1da177e4 294
57b47a53 295 *error = mutex_lock_interruptible(mutex);
1da177e4
LT		 296 if (*error != 0)
297 return NULL;
298
df0933dc
PM		 299 list_for_each_entry(e, head, list) {
300 if (strcmp(e->name, name) == 0)
301 return e;
1da177e4 302 }
df0933dc
PM		 303 *error = -ENOENT;
304 mutex_unlock(mutex);
305 return NULL;
1da177e4
LT		 306}
307
1da177e4
LT		 308static void *
309find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
57b47a53 310 int *error, struct mutex *mutex)
1da177e4 311{
95a5afca
JB		 312 return try_then_request_module(
313 find_inlist_lock_noload(head, name, error, mutex),
314 "%s%s", prefix, name);
1da177e4 315}
1da177e4
LT		 316
317static inline struct ebt_table *
511061e2
AD		 318find_table_lock(struct net *net, const char *name, int *error,
319 struct mutex *mutex)
1da177e4 320{
511061e2
AD		 321 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
322 "ebtable_", error, mutex);
1da177e4
LT		 323}
324
1da177e4 325static inline int
9b4fce7a
JE		 326ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
327 unsigned int *cnt)
1da177e4 328{
9b4fce7a 329 const struct ebt_entry *e = par->entryinfo;
043ef46c 330 struct xt_match *match;
14197d54 331 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
1da177e4
LT		 332 int ret;
333
14197d54
AV		 334 if (left < sizeof(struct ebt_entry_match) ||
335 left - sizeof(struct ebt_entry_match) < m->match_size)
1da177e4 336 return -EINVAL;
043ef46c
JE		 337
338 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
339 m->u.name, 0), "ebt_%s", m->u.name);
340 if (IS_ERR(match))
341 return PTR_ERR(match);
342 if (match == NULL)
1da177e4 343 return -ENOENT;
043ef46c
JE		 344 m->u.match = match;
345
9b4fce7a
JE		 346 par->match = match;
347 par->matchinfo = m->data;
916a917d 348 ret = xt_check_match(par, m->match_size,
9b4fce7a 349 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 350 if (ret < 0) {
351 module_put(match->me);
352 return ret;
1da177e4 353 }
043ef46c 354
1da177e4
LT		 355 (*cnt)++;
356 return 0;
357}
358
359static inline int
af5d6dc2
JE		 360ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
361 unsigned int *cnt)
1da177e4 362{
af5d6dc2 363 const struct ebt_entry *e = par->entryinfo;
043ef46c 364 struct xt_target *watcher;
14197d54 365 size_t left = ((char *)e + e->target_offset) - (char *)w;
1da177e4
LT		 366 int ret;
367
14197d54
AV		 368 if (left < sizeof(struct ebt_entry_watcher) ||
369 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
1da177e4 370 return -EINVAL;
043ef46c
JE		 371
372 watcher = try_then_request_module(
373 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
374 "ebt_%s", w->u.name);
375 if (IS_ERR(watcher))
376 return PTR_ERR(watcher);
377 if (watcher == NULL)
1da177e4 378 return -ENOENT;
043ef46c
JE		 379 w->u.watcher = watcher;
380
af5d6dc2
JE		 381 par->target = watcher;
382 par->targinfo = w->data;
916a917d 383 ret = xt_check_target(par, w->watcher_size,
af5d6dc2 384 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 385 if (ret < 0) {
386 module_put(watcher->me);
387 return ret;
1da177e4 388 }
043ef46c 389
1da177e4
LT		 390 (*cnt)++;
391 return 0;
392}
393
70fe9af4
AV		 394static int ebt_verify_pointers(struct ebt_replace *repl,
395 struct ebt_table_info *newinfo)
1da177e4 396{
70fe9af4
AV		 397 unsigned int limit = repl->entries_size;
398 unsigned int valid_hooks = repl->valid_hooks;
399 unsigned int offset = 0;
1da177e4
LT		 400 int i;
401
e4fd77de
AV		 402 for (i = 0; i < NF_BR_NUMHOOKS; i++)
403 newinfo->hook_entry[i] = NULL;
404
405 newinfo->entries_size = repl->entries_size;
406 newinfo->nentries = repl->nentries;
407
70fe9af4
AV		 408 while (offset < limit) {
409 size_t left = limit - offset;
410 struct ebt_entry *e = (void *)newinfo->entries + offset;
bb2ef25c 411
70fe9af4 412 if (left < sizeof(unsigned int))
1da177e4 413 break;
70fe9af4
AV		 414
415 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
416 if ((valid_hooks & (1 << i)) == 0)
417 continue;
1e419cd9
AV		 418 if ((char __user *)repl->hook_entry[i] ==
419 repl->entries + offset)
70fe9af4
AV		 420 break;
421 }
422
423 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
424 if (e->bitmask != 0) {
425 /* we make userspace set this right,
426 so there is no misunderstanding */
427 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
428 "in distinguisher\n");
429 return -EINVAL;
430 }
431 if (i != NF_BR_NUMHOOKS)
432 newinfo->hook_entry[i] = (struct ebt_entries *)e;
433 if (left < sizeof(struct ebt_entries))
434 break;
435 offset += sizeof(struct ebt_entries);
436 } else {
437 if (left < sizeof(struct ebt_entry))
438 break;
439 if (left < e->next_offset)
440 break;
441 offset += e->next_offset;
1da177e4 442 }
22b440bf 443 }
70fe9af4
AV		 444 if (offset != limit) {
445 BUGPRINT("entries_size too small\n");
446 return -EINVAL;
447 }
e4fd77de
AV		 448
449 /* check if all valid hooks have a chain */
450 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
451 if (!newinfo->hook_entry[i] &&
452 (valid_hooks & (1 << i))) {
453 BUGPRINT("Valid hook without chain\n");
454 return -EINVAL;
455 }
456 }
22b440bf 457 return 0;
22b440bf
AV		 458}
459
460/*
461 * this one is very careful, as it is the first function
462 * to parse the userspace data
463 */
464static inline int
465ebt_check_entry_size_and_hooks(struct ebt_entry *e,
0e795531
AV		 466 struct ebt_table_info *newinfo,
467 unsigned int *n, unsigned int *cnt,
468 unsigned int *totalcnt, unsigned int *udc_cnt)
22b440bf 469{
22b440bf
AV		 470 int i;
471
472 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
0e795531 473 if ((void *)e == (void *)newinfo->hook_entry[i])
22b440bf
AV		 474 break;
475 }
476 /* beginning of a new chain
477 if i == NF_BR_NUMHOOKS it must be a user defined chain */
478 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
1da177e4
LT		 479 /* this checks if the previous chain has as many entries
480 as it said it has */
481 if (*n != *cnt) {
482 BUGPRINT("nentries does not equal the nr of entries "
9d6f229f 483 "in the chain\n");
1da177e4
LT		 484 return -EINVAL;
485 }
1da177e4
LT		 486 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
487 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
488 /* only RETURN from udc */
489 if (i != NF_BR_NUMHOOKS ||
490 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
491 BUGPRINT("bad policy\n");
492 return -EINVAL;
493 }
494 }
495 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
496 (*udc_cnt)++;
1da177e4
LT		 497 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
498 BUGPRINT("counter_offset != totalcnt");
499 return -EINVAL;
500 }
501 *n = ((struct ebt_entries *)e)->nentries;
502 *cnt = 0;
503 return 0;
504 }
505 /* a plain old entry, heh */
506 if (sizeof(struct ebt_entry) > e->watchers_offset ||
507 e->watchers_offset > e->target_offset ||
508 e->target_offset >= e->next_offset) {
509 BUGPRINT("entry offsets not in right order\n");
510 return -EINVAL;
511 }
512 /* this is not checked anywhere else */
513 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
514 BUGPRINT("target size too small\n");
515 return -EINVAL;
516 }
1da177e4
LT		 517 (*cnt)++;
518 (*totalcnt)++;
519 return 0;
520}
521
522struct ebt_cl_stack
523{
524 struct ebt_chainstack cs;
525 int from;
526 unsigned int hookmask;
527};
528
529/*
530 * we need these positions to check that the jumps to a different part of the
531 * entries is a jump to the beginning of a new chain.
532 */
533static inline int
534ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
177abc34 535 unsigned int *n, struct ebt_cl_stack *udc)
1da177e4
LT		 536{
537 int i;
538
539 /* we're only interested in chain starts */
40642f95 540 if (e->bitmask)
1da177e4
LT		 541 return 0;
542 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1da177e4
LT		 543 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
544 break;
545 }
546 /* only care about udc */
547 if (i != NF_BR_NUMHOOKS)
548 return 0;
549
550 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
551 /* these initialisations are depended on later in check_chainloops() */
552 udc[*n].cs.n = 0;
553 udc[*n].hookmask = 0;
554
555 (*n)++;
556 return 0;
557}
558
559static inline int
560ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
561{
6be3d859
JE		 562 struct xt_mtdtor_param par;
563
1da177e4
LT		 564 if (i && (*i)-- == 0)
565 return 1;
1da177e4 566
6be3d859
JE		 567 par.match = m->u.match;
568 par.matchinfo = m->data;
916a917d 569 par.family = NFPROTO_BRIDGE;
6be3d859
JE		 570 if (par.match->destroy != NULL)
571 par.match->destroy(&par);
572 module_put(par.match->me);
1da177e4
LT		 573 return 0;
574}
575
576static inline int
577ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
578{
a2df1648
JE		 579 struct xt_tgdtor_param par;
580
1da177e4
LT		 581 if (i && (*i)-- == 0)
582 return 1;
1da177e4 583
a2df1648
JE		 584 par.target = w->u.watcher;
585 par.targinfo = w->data;
916a917d 586 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 587 if (par.target->destroy != NULL)
588 par.target->destroy(&par);
589 module_put(par.target->me);
1da177e4
LT		 590 return 0;
591}
592
593static inline int
594ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
595{
a2df1648 596 struct xt_tgdtor_param par;
1da177e4
LT		 597 struct ebt_entry_target *t;
598
40642f95 599 if (e->bitmask == 0)
1da177e4
LT		 600 return 0;
601 /* we're done */
602 if (cnt && (*cnt)-- == 0)
603 return 1;
604 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
605 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
606 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1da177e4 607
a2df1648
JE		 608 par.target = t->u.target;
609 par.targinfo = t->data;
916a917d 610 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 611 if (par.target->destroy != NULL)
612 par.target->destroy(&par);
613 module_put(par.target->me);
1da177e4
LT		 614 return 0;
615}
616
617static inline int
618ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
f7da79d9 619 const char *name, unsigned int *cnt,
1da177e4
LT		 620 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
621{
622 struct ebt_entry_target *t;
043ef46c 623 struct xt_target *target;
1da177e4 624 unsigned int i, j, hook = 0, hookmask = 0;
44f9a2fd 625 size_t gap;
1da177e4 626 int ret;
6be3d859 627 struct xt_mtchk_param mtpar;
af5d6dc2 628 struct xt_tgchk_param tgpar;
1da177e4
LT		 629
630 /* don't mess with the struct ebt_entries */
40642f95 631 if (e->bitmask == 0)
1da177e4
LT		 632 return 0;
633
634 if (e->bitmask & ~EBT_F_MASK) {
635 BUGPRINT("Unknown flag for bitmask\n");
636 return -EINVAL;
637 }
638 if (e->invflags & ~EBT_INV_MASK) {
639 BUGPRINT("Unknown flag for inv bitmask\n");
640 return -EINVAL;
641 }
642 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
643 BUGPRINT("NOPROTO & 802_3 not allowed\n");
644 return -EINVAL;
645 }
646 /* what hook do we belong to? */
647 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
f7da79d9 648 if (!newinfo->hook_entry[i])
1da177e4
LT		 649 continue;
650 if ((char *)newinfo->hook_entry[i] < (char *)e)
651 hook = i;
652 else
653 break;
654 }
655 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
656 a base chain */
657 if (i < NF_BR_NUMHOOKS)
658 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
659 else {
660 for (i = 0; i < udc_cnt; i++)
661 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
662 break;
663 if (i == 0)
664 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
665 else
666 hookmask = cl_s[i - 1].hookmask;
667 }
668 i = 0;
9b4fce7a 669
af5d6dc2
JE		 670 mtpar.table = tgpar.table = name;
671 mtpar.entryinfo = tgpar.entryinfo = e;
672 mtpar.hook_mask = tgpar.hook_mask = hookmask;
916a917d 673 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
6be3d859 674 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
1da177e4
LT		 675 if (ret != 0)
676 goto cleanup_matches;
677 j = 0;
af5d6dc2 678 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
1da177e4
LT		 679 if (ret != 0)
680 goto cleanup_watchers;
681 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
44f9a2fd 682 gap = e->next_offset - e->target_offset;
1da177e4 683
043ef46c
JE		 684 target = try_then_request_module(
685 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
686 "ebt_%s", t->u.name);
687 if (IS_ERR(target)) {
688 ret = PTR_ERR(target);
001a18d3 689 goto cleanup_watchers;
043ef46c
JE		 690 } else if (target == NULL) {
691 ret = -ENOENT;
001a18d3
JE		 692 goto cleanup_watchers;
693 }
694
1da177e4
LT		 695 t->u.target = target;
696 if (t->u.target == &ebt_standard_target) {
14197d54 697 if (gap < sizeof(struct ebt_standard_target)) {
1da177e4
LT		 698 BUGPRINT("Standard target size too big\n");
699 ret = -EFAULT;
700 goto cleanup_watchers;
701 }
702 if (((struct ebt_standard_target *)t)->verdict <
703 -NUM_STANDARD_TARGETS) {
704 BUGPRINT("Invalid standard target\n");
705 ret = -EFAULT;
706 goto cleanup_watchers;
707 }
18219d3f
JE		 708 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
709 module_put(t->u.target->me);
710 ret = -EFAULT;
711 goto cleanup_watchers;
043ef46c
JE		 712 }
713
af5d6dc2
JE		 714 tgpar.target = target;
715 tgpar.targinfo = t->data;
916a917d 716 ret = xt_check_target(&tgpar, t->target_size,
af5d6dc2 717 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 718 if (ret < 0) {
719 module_put(target->me);
18219d3f 720 goto cleanup_watchers;
1da177e4
LT		 721 }
722 (*cnt)++;
723 return 0;
724cleanup_watchers:
725 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
726cleanup_matches:
727 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
728 return ret;
729}
730
731/*
732 * checks for loops and sets the hook mask for udc
733 * the hook mask for udc tells us from which base chains the udc can be
734 * accessed. This mask is a parameter to the check() functions of the extensions
735 */
736static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
737 unsigned int udc_cnt, unsigned int hooknr, char *base)
738{
739 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
740 struct ebt_entry *e = (struct ebt_entry *)chain->data;
741 struct ebt_entry_target *t;
742
743 while (pos < nentries || chain_nr != -1) {
744 /* end of udc, go back one 'recursion' step */
745 if (pos == nentries) {
746 /* put back values of the time when this chain was called */
747 e = cl_s[chain_nr].cs.e;
748 if (cl_s[chain_nr].from != -1)
749 nentries =
750 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
751 else
752 nentries = chain->nentries;
753 pos = cl_s[chain_nr].cs.n;
754 /* make sure we won't see a loop that isn't one */
755 cl_s[chain_nr].cs.n = 0;
756 chain_nr = cl_s[chain_nr].from;
757 if (pos == nentries)
758 continue;
759 }
760 t = (struct ebt_entry_target *)
761 (((char *)e) + e->target_offset);
762 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
763 goto letscontinue;
764 if (e->target_offset + sizeof(struct ebt_standard_target) >
765 e->next_offset) {
766 BUGPRINT("Standard target size too big\n");
767 return -1;
768 }
769 verdict = ((struct ebt_standard_target *)t)->verdict;
770 if (verdict >= 0) { /* jump to another chain */
771 struct ebt_entries *hlp2 =
772 (struct ebt_entries *)(base + verdict);
773 for (i = 0; i < udc_cnt; i++)
774 if (hlp2 == cl_s[i].cs.chaininfo)
775 break;
776 /* bad destination or loop */
777 if (i == udc_cnt) {
778 BUGPRINT("bad destination\n");
779 return -1;
780 }
781 if (cl_s[i].cs.n) {
782 BUGPRINT("loop\n");
783 return -1;
784 }
98a0824a
AV		 785 if (cl_s[i].hookmask & (1 << hooknr))
786 goto letscontinue;
787 /* this can't be 0, so the loop test is correct */
1da177e4
LT		 788 cl_s[i].cs.n = pos + 1;
789 pos = 0;
790 cl_s[i].cs.e = ((void *)e + e->next_offset);
791 e = (struct ebt_entry *)(hlp2->data);
792 nentries = hlp2->nentries;
793 cl_s[i].from = chain_nr;
794 chain_nr = i;
795 /* this udc is accessible from the base chain for hooknr */
796 cl_s[i].hookmask |= (1 << hooknr);
797 continue;
798 }
799letscontinue:
800 e = (void *)e + e->next_offset;
801 pos++;
802 }
803 return 0;
804}
805
806/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
1bc2326c 807static int translate_table(char *name, struct ebt_table_info *newinfo)
1da177e4
LT		 808{
809 unsigned int i, j, k, udc_cnt;
810 int ret;
811 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
812
813 i = 0;
1f072c96 814 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
1da177e4
LT		 815 i++;
816 if (i == NF_BR_NUMHOOKS) {
817 BUGPRINT("No valid hooks specified\n");
818 return -EINVAL;
819 }
1f072c96 820 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
1da177e4
LT		 821 BUGPRINT("Chains don't start at beginning\n");
822 return -EINVAL;
823 }
824 /* make sure chains are ordered after each other in same order
825 as their corresponding hooks */
826 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
1f072c96 827 if (!newinfo->hook_entry[j])
1da177e4 828 continue;
1f072c96 829 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
1da177e4
LT		 830 BUGPRINT("Hook order must be followed\n");
831 return -EINVAL;
832 }
833 i = j;
834 }
835
1da177e4
LT		 836 /* do some early checkings and initialize some things */
837 i = 0; /* holds the expected nr. of entries for the chain */
838 j = 0; /* holds the up to now counted entries for the chain */
839 k = 0; /* holds the total nr. of entries, should equal
9d6f229f 840 newinfo->nentries afterwards */
1da177e4
LT		 841 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
842 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
0e795531
AV		 843 ebt_check_entry_size_and_hooks, newinfo,
844 &i, &j, &k, &udc_cnt);
1da177e4
LT		 845
846 if (ret != 0)
847 return ret;
848
849 if (i != j) {
850 BUGPRINT("nentries does not equal the nr of entries in the "
9d6f229f 851 "(last) chain\n");
1da177e4
LT		 852 return -EINVAL;
853 }
854 if (k != newinfo->nentries) {
855 BUGPRINT("Total nentries is wrong\n");
856 return -EINVAL;
857 }
858
1da177e4
LT		 859 /* get the location of the udc, put them in an array
860 while we're at it, allocate the chainstack */
861 if (udc_cnt) {
862 /* this will get free'd in do_replace()/ebt_register_table()
863 if an error occurs */
7ad4d2f6 864 newinfo->chainstack =
53b8a315 865 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
1da177e4
LT		 866 if (!newinfo->chainstack)
867 return -ENOMEM;
6f912042 868 for_each_possible_cpu(i) {
1da177e4 869 newinfo->chainstack[i] =
18bc89aa 870 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
1da177e4
LT		 871 if (!newinfo->chainstack[i]) {
872 while (i)
873 vfree(newinfo->chainstack[--i]);
874 vfree(newinfo->chainstack);
875 newinfo->chainstack = NULL;
876 return -ENOMEM;
877 }
878 }
879
18bc89aa 880 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
1da177e4
LT		 881 if (!cl_s)
882 return -ENOMEM;
883 i = 0; /* the i'th udc */
884 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
177abc34 885 ebt_get_udc_positions, newinfo, &i, cl_s);
1da177e4
LT		 886 /* sanity check */
887 if (i != udc_cnt) {
888 BUGPRINT("i != udc_cnt\n");
889 vfree(cl_s);
890 return -EFAULT;
891 }
892 }
893
894 /* Check for loops */
895 for (i = 0; i < NF_BR_NUMHOOKS; i++)
1f072c96 896 if (newinfo->hook_entry[i])
1da177e4
LT		 897 if (check_chainloops(newinfo->hook_entry[i],
898 cl_s, udc_cnt, i, newinfo->entries)) {
68d31872 899 vfree(cl_s);
1da177e4
LT		 900 return -EINVAL;
901 }
902
96de0e25 903 /* we now know the following (along with E=mc²):
1da177e4
LT		 904 - the nr of entries in each chain is right
905 - the size of the allocated space is right
906 - all valid hooks have a corresponding chain
907 - there are no loops
908 - wrong data can still be on the level of a single entry
909 - could be there are jumps to places that are not the
910 beginning of a chain. This can only occur in chains that
911 are not accessible from any base chains, so we don't care. */
912
913 /* used to know what we need to clean up if something goes wrong */
914 i = 0;
915 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1bc2326c 916 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
1da177e4
LT		 917 if (ret != 0) {
918 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
919 ebt_cleanup_entry, &i);
920 }
68d31872 921 vfree(cl_s);
1da177e4
LT		 922 return ret;
923}
924
925/* called under write_lock */
926static void get_counters(struct ebt_counter *oldcounters,
927 struct ebt_counter *counters, unsigned int nentries)
928{
929 int i, cpu;
930 struct ebt_counter *counter_base;
931
932 /* counters of cpu 0 */
933 memcpy(counters, oldcounters,
c8923c6b
DM		 934 sizeof(struct ebt_counter) * nentries);
935
1da177e4 936 /* add other counters to those of cpu 0 */
6f912042 937 for_each_possible_cpu(cpu) {
c8923c6b
DM		 938 if (cpu == 0)
939 continue;
1da177e4
LT		 940 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
941 for (i = 0; i < nentries; i++) {
942 counters[i].pcnt += counter_base[i].pcnt;
943 counters[i].bcnt += counter_base[i].bcnt;
944 }
945 }
946}
947
948/* replace the table */
511061e2 949static int do_replace(struct net *net, void __user *user, unsigned int len)
1da177e4
LT		 950{
951 int ret, i, countersize;
952 struct ebt_table_info *newinfo;
953 struct ebt_replace tmp;
954 struct ebt_table *t;
955 struct ebt_counter *counterstmp = NULL;
956 /* used to be able to unlock earlier */
957 struct ebt_table_info *table;
958
959 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
960 return -EFAULT;
961
962 if (len != sizeof(tmp) + tmp.entries_size) {
963 BUGPRINT("Wrong len argument\n");
964 return -EINVAL;
965 }
966
967 if (tmp.entries_size == 0) {
968 BUGPRINT("Entries_size never zero\n");
969 return -EINVAL;
970 }
ee4bb818
KK		 971 /* overflow check */
972 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
973 SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
974 return -ENOMEM;
975 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
976 return -ENOMEM;
977
53b8a315 978 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
18bc89aa 979 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1da177e4
LT		 980 if (!newinfo)
981 return -ENOMEM;
982
983 if (countersize)
984 memset(newinfo->counters, 0, countersize);
985
8b3a7005 986 newinfo->entries = vmalloc(tmp.entries_size);
1da177e4
LT		 987 if (!newinfo->entries) {
988 ret = -ENOMEM;
989 goto free_newinfo;
990 }
991 if (copy_from_user(
992 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
993 BUGPRINT("Couldn't copy entries from userspace\n");
994 ret = -EFAULT;
995 goto free_entries;
996 }
997
998 /* the user wants counters back
999 the check on the size is done later, when we have the lock */
1000 if (tmp.num_counters) {
18bc89aa 1001 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1da177e4
LT		 1002 if (!counterstmp) {
1003 ret = -ENOMEM;
1004 goto free_entries;
1005 }
1006 }
1007 else
1008 counterstmp = NULL;
1009
1010 /* this can get initialized by translate_table() */
1011 newinfo->chainstack = NULL;
1bc2326c
AV		 1012 ret = ebt_verify_pointers(&tmp, newinfo);
1013 if (ret != 0)
1014 goto free_counterstmp;
1015
1016 ret = translate_table(tmp.name, newinfo);
1da177e4
LT		 1017
1018 if (ret != 0)
1019 goto free_counterstmp;
1020
511061e2 1021 t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1da177e4
LT		 1022 if (!t) {
1023 ret = -ENOENT;
1024 goto free_iterate;
1025 }
1026
1027 /* the table doesn't like it */
1028 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1029 goto free_unlock;
1030
1031 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1032 BUGPRINT("Wrong nr. of counters requested\n");
1033 ret = -EINVAL;
1034 goto free_unlock;
1035 }
1036
1037 /* we have the mutex lock, so no danger in reading this pointer */
1038 table = t->private;
1039 /* make sure the table can only be rmmod'ed if it contains no rules */
1040 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1041 ret = -ENOENT;
1042 goto free_unlock;
1043 } else if (table->nentries && !newinfo->nentries)
1044 module_put(t->me);
1045 /* we need an atomic snapshot of the counters */
1046 write_lock_bh(&t->lock);
1047 if (tmp.num_counters)
1048 get_counters(t->private->counters, counterstmp,
1049 t->private->nentries);
1050
1051 t->private = newinfo;
1052 write_unlock_bh(&t->lock);
57b47a53 1053 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1054 /* so, a user can change the chains while having messed up her counter
1055 allocation. Only reason why this is done is because this way the lock
1056 is held only once, while this doesn't bring the kernel into a
1057 dangerous state. */
1058 if (tmp.num_counters &&
1059 copy_to_user(tmp.counters, counterstmp,
1060 tmp.num_counters * sizeof(struct ebt_counter))) {
1061 BUGPRINT("Couldn't copy counters to userspace\n");
1062 ret = -EFAULT;
1063 }
1064 else
1065 ret = 0;
1066
1067 /* decrease module count and free resources */
1068 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1069 ebt_cleanup_entry, NULL);
1070
1071 vfree(table->entries);
1072 if (table->chainstack) {
6f912042 1073 for_each_possible_cpu(i)
1da177e4
LT		 1074 vfree(table->chainstack[i]);
1075 vfree(table->chainstack);
1076 }
1077 vfree(table);
1078
68d31872 1079 vfree(counterstmp);
1da177e4
LT		 1080 return ret;
1081
1082free_unlock:
57b47a53 1083 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1084free_iterate:
1085 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1086 ebt_cleanup_entry, NULL);
1087free_counterstmp:
68d31872 1088 vfree(counterstmp);
1da177e4
LT		 1089 /* can be initialized in translate_table() */
1090 if (newinfo->chainstack) {
6f912042 1091 for_each_possible_cpu(i)
1da177e4
LT		 1092 vfree(newinfo->chainstack[i]);
1093 vfree(newinfo->chainstack);
1094 }
1095free_entries:
68d31872 1096 vfree(newinfo->entries);
1da177e4 1097free_newinfo:
68d31872 1098 vfree(newinfo);
1da177e4
LT		 1099 return ret;
1100}
1101
6beceee5 1102struct ebt_table *ebt_register_table(struct net *net, struct ebt_table *table)
1da177e4
LT		 1103{
1104 struct ebt_table_info *newinfo;
df0933dc 1105 struct ebt_table *t;
1e419cd9 1106 struct ebt_replace_kernel *repl;
1da177e4 1107 int ret, i, countersize;
df07a81e 1108 void *p;
1da177e4 1109
df07a81e
AV		 1110 if (!table || !(repl = table->table) || !repl->entries ||
1111 repl->entries_size == 0 ||
1112 repl->counters || table->private) {
1da177e4 1113 BUGPRINT("Bad table data for ebt_register_table!!!\n");
6beceee5
AD		 1114 return ERR_PTR(-EINVAL);
1115 }
1116
1117 /* Don't add one table to multiple lists. */
1118 table = kmemdup(table, sizeof(struct ebt_table), GFP_KERNEL);
1119 if (!table) {
1120 ret = -ENOMEM;
1121 goto out;
1da177e4
LT		 1122 }
1123
53b8a315 1124 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
18bc89aa 1125 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1da177e4
LT		 1126 ret = -ENOMEM;
1127 if (!newinfo)
6beceee5 1128 goto free_table;
1da177e4 1129
df07a81e
AV		 1130 p = vmalloc(repl->entries_size);
1131 if (!p)
1da177e4
LT		 1132 goto free_newinfo;
1133
df07a81e
AV		 1134 memcpy(p, repl->entries, repl->entries_size);
1135 newinfo->entries = p;
1136
1137 newinfo->entries_size = repl->entries_size;
1138 newinfo->nentries = repl->nentries;
1da177e4
LT		 1139
1140 if (countersize)
1141 memset(newinfo->counters, 0, countersize);
1142
1143 /* fill in newinfo and parse the entries */
1144 newinfo->chainstack = NULL;
df07a81e
AV		 1145 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1146 if ((repl->valid_hooks & (1 << i)) == 0)
1147 newinfo->hook_entry[i] = NULL;
1148 else
1149 newinfo->hook_entry[i] = p +
1150 ((char *)repl->hook_entry[i] - repl->entries);
1151 }
1152 ret = translate_table(repl->name, newinfo);
1da177e4
LT		 1153 if (ret != 0) {
1154 BUGPRINT("Translate_table failed\n");
1155 goto free_chainstack;
1156 }
1157
1158 if (table->check && table->check(newinfo, table->valid_hooks)) {
1159 BUGPRINT("The table doesn't like its own initial data, lol\n");
6beceee5 1160 return ERR_PTR(-EINVAL);
1da177e4
LT		 1161 }
1162
1163 table->private = newinfo;
1164 rwlock_init(&table->lock);
57b47a53 1165 ret = mutex_lock_interruptible(&ebt_mutex);
1da177e4
LT		 1166 if (ret != 0)
1167 goto free_chainstack;
1168
511061e2 1169 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
df0933dc
PM		 1170 if (strcmp(t->name, table->name) == 0) {
1171 ret = -EEXIST;
1172 BUGPRINT("Table name already exists\n");
1173 goto free_unlock;
1174 }
1da177e4
LT		 1175 }
1176
1177 /* Hold a reference count if the chains aren't empty */
1178 if (newinfo->nentries && !try_module_get(table->me)) {
1179 ret = -ENOENT;
1180 goto free_unlock;
1181 }
511061e2 1182 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
57b47a53 1183 mutex_unlock(&ebt_mutex);
6beceee5 1184 return table;
1da177e4 1185free_unlock:
57b47a53 1186 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1187free_chainstack:
1188 if (newinfo->chainstack) {
6f912042 1189 for_each_possible_cpu(i)
1da177e4
LT		 1190 vfree(newinfo->chainstack[i]);
1191 vfree(newinfo->chainstack);
1192 }
1193 vfree(newinfo->entries);
1194free_newinfo:
1195 vfree(newinfo);
6beceee5
AD		 1196free_table:
1197 kfree(table);
1198out:
1199 return ERR_PTR(ret);
1da177e4
LT		 1200}
1201
1202void ebt_unregister_table(struct ebt_table *table)
1203{
1204 int i;
1205
1206 if (!table) {
1207 BUGPRINT("Request to unregister NULL table!!!\n");
1208 return;
1209 }
57b47a53 1210 mutex_lock(&ebt_mutex);
df0933dc 1211 list_del(&table->list);
57b47a53 1212 mutex_unlock(&ebt_mutex);
dbcdf85a
AD		 1213 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1214 ebt_cleanup_entry, NULL);
1215 if (table->private->nentries)
1216 module_put(table->me);
68d31872 1217 vfree(table->private->entries);
1da177e4 1218 if (table->private->chainstack) {
6f912042 1219 for_each_possible_cpu(i)
1da177e4
LT		 1220 vfree(table->private->chainstack[i]);
1221 vfree(table->private->chainstack);
1222 }
1223 vfree(table->private);
6beceee5 1224 kfree(table);
1da177e4
LT		 1225}
1226
1227/* userspace just supplied us with counters */
511061e2 1228static int update_counters(struct net *net, void __user *user, unsigned int len)
1da177e4
LT		 1229{
1230 int i, ret;
1231 struct ebt_counter *tmp;
1232 struct ebt_replace hlp;
1233 struct ebt_table *t;
1234
1235 if (copy_from_user(&hlp, user, sizeof(hlp)))
1236 return -EFAULT;
1237
1238 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1239 return -EINVAL;
1240 if (hlp.num_counters == 0)
1241 return -EINVAL;
1242
18bc89aa 1243 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1da177e4
LT		 1244 MEMPRINT("Update_counters && nomemory\n");
1245 return -ENOMEM;
1246 }
1247
511061e2 1248 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1da177e4
LT		 1249 if (!t)
1250 goto free_tmp;
1251
1252 if (hlp.num_counters != t->private->nentries) {
1253 BUGPRINT("Wrong nr of counters\n");
1254 ret = -EINVAL;
1255 goto unlock_mutex;
1256 }
1257
1258 if ( copy_from_user(tmp, hlp.counters,
1259 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1260 BUGPRINT("Updata_counters && !cfu\n");
1261 ret = -EFAULT;
1262 goto unlock_mutex;
1263 }
1264
1265 /* we want an atomic add of the counters */
1266 write_lock_bh(&t->lock);
1267
1268 /* we add to the counters of the first cpu */
1269 for (i = 0; i < hlp.num_counters; i++) {
1270 t->private->counters[i].pcnt += tmp[i].pcnt;
1271 t->private->counters[i].bcnt += tmp[i].bcnt;
1272 }
1273
1274 write_unlock_bh(&t->lock);
1275 ret = 0;
1276unlock_mutex:
57b47a53 1277 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1278free_tmp:
1279 vfree(tmp);
1280 return ret;
1281}
1282
1283static inline int ebt_make_matchname(struct ebt_entry_match *m,
1e419cd9 1284 char *base, char __user *ubase)
1da177e4 1285{
1e419cd9 1286 char __user *hlp = ubase + ((char *)m - base);
1da177e4
LT		 1287 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1288 return -EFAULT;
1289 return 0;
1290}
1291
1292static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1e419cd9 1293 char *base, char __user *ubase)
1da177e4 1294{
1e419cd9 1295 char __user *hlp = ubase + ((char *)w - base);
1da177e4
LT		 1296 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1297 return -EFAULT;
1298 return 0;
1299}
1300
1e419cd9 1301static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1da177e4
LT		 1302{
1303 int ret;
1e419cd9 1304 char __user *hlp;
1da177e4
LT		 1305 struct ebt_entry_target *t;
1306
40642f95 1307 if (e->bitmask == 0)
1da177e4
LT		 1308 return 0;
1309
1e419cd9 1310 hlp = ubase + (((char *)e + e->target_offset) - base);
1da177e4 1311 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
9d6f229f 1312
1da177e4
LT		 1313 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1314 if (ret != 0)
1315 return ret;
1316 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1317 if (ret != 0)
1318 return ret;
1319 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1320 return -EFAULT;
1321 return 0;
1322}
1323
57b47a53 1324/* called with ebt_mutex locked */
1da177e4
LT		 1325static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1326 int *len, int cmd)
1327{
1328 struct ebt_replace tmp;
1329 struct ebt_counter *counterstmp, *oldcounters;
1330 unsigned int entries_size, nentries;
1331 char *entries;
1332
1333 if (cmd == EBT_SO_GET_ENTRIES) {
1334 entries_size = t->private->entries_size;
1335 nentries = t->private->nentries;
1336 entries = t->private->entries;
1337 oldcounters = t->private->counters;
1338 } else {
1339 entries_size = t->table->entries_size;
1340 nentries = t->table->nentries;
1341 entries = t->table->entries;
1342 oldcounters = t->table->counters;
1343 }
1344
1345 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1346 BUGPRINT("Cfu didn't work\n");
1347 return -EFAULT;
1348 }
1349
1350 if (*len != sizeof(struct ebt_replace) + entries_size +
1351 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1352 BUGPRINT("Wrong size\n");
1353 return -EINVAL;
1354 }
1355
1356 if (tmp.nentries != nentries) {
1357 BUGPRINT("Nentries wrong\n");
1358 return -EINVAL;
1359 }
1360
1361 if (tmp.entries_size != entries_size) {
1362 BUGPRINT("Wrong size\n");
1363 return -EINVAL;
1364 }
1365
1366 /* userspace might not need the counters */
1367 if (tmp.num_counters) {
1368 if (tmp.num_counters != nentries) {
1369 BUGPRINT("Num_counters wrong\n");
1370 return -EINVAL;
1371 }
18bc89aa 1372 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1da177e4
LT		 1373 if (!counterstmp) {
1374 MEMPRINT("Couldn't copy counters, out of memory\n");
1375 return -ENOMEM;
1376 }
1377 write_lock_bh(&t->lock);
1378 get_counters(oldcounters, counterstmp, nentries);
1379 write_unlock_bh(&t->lock);
1380
1381 if (copy_to_user(tmp.counters, counterstmp,
1382 nentries * sizeof(struct ebt_counter))) {
1383 BUGPRINT("Couldn't copy counters to userspace\n");
1384 vfree(counterstmp);
1385 return -EFAULT;
1386 }
1387 vfree(counterstmp);
1388 }
1389
1390 if (copy_to_user(tmp.entries, entries, entries_size)) {
1391 BUGPRINT("Couldn't copy entries to userspace\n");
1392 return -EFAULT;
1393 }
1394 /* set the match/watcher/target names right */
1395 return EBT_ENTRY_ITERATE(entries, entries_size,
1396 ebt_make_names, entries, tmp.entries);
1397}
1398
1399static int do_ebt_set_ctl(struct sock *sk,
1400 int cmd, void __user *user, unsigned int len)
1401{
1402 int ret;
1403
1404 switch(cmd) {
1405 case EBT_SO_SET_ENTRIES:
511061e2 1406 ret = do_replace(sock_net(sk), user, len);
1da177e4
LT		 1407 break;
1408 case EBT_SO_SET_COUNTERS:
511061e2 1409 ret = update_counters(sock_net(sk), user, len);
1da177e4
LT		 1410 break;
1411 default:
1412 ret = -EINVAL;
1413 }
1414 return ret;
1415}
1416
1417static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1418{
1419 int ret;
1420 struct ebt_replace tmp;
1421 struct ebt_table *t;
1422
1423 if (copy_from_user(&tmp, user, sizeof(tmp)))
1424 return -EFAULT;
1425
511061e2 1426 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1da177e4
LT		 1427 if (!t)
1428 return ret;
1429
1430 switch(cmd) {
1431 case EBT_SO_GET_INFO:
1432 case EBT_SO_GET_INIT_INFO:
1433 if (*len != sizeof(struct ebt_replace)){
1434 ret = -EINVAL;
57b47a53 1435 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1436 break;
1437 }
1438 if (cmd == EBT_SO_GET_INFO) {
1439 tmp.nentries = t->private->nentries;
1440 tmp.entries_size = t->private->entries_size;
1441 tmp.valid_hooks = t->valid_hooks;
1442 } else {
1443 tmp.nentries = t->table->nentries;
1444 tmp.entries_size = t->table->entries_size;
1445 tmp.valid_hooks = t->table->valid_hooks;
1446 }
57b47a53 1447 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1448 if (copy_to_user(user, &tmp, *len) != 0){
1449 BUGPRINT("c2u Didn't work\n");
1450 ret = -EFAULT;
1451 break;
1452 }
1453 ret = 0;
1454 break;
1455
1456 case EBT_SO_GET_ENTRIES:
1457 case EBT_SO_GET_INIT_ENTRIES:
1458 ret = copy_everything_to_user(t, user, len, cmd);
57b47a53 1459 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1460 break;
1461
1462 default:
57b47a53 1463 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1464 ret = -EINVAL;
1465 }
1466
1467 return ret;
1468}
1469
1470static struct nf_sockopt_ops ebt_sockopts =
74ca4e5a
AM		 1471{
1472 .pf = PF_INET,
1473 .set_optmin = EBT_BASE_CTL,
1474 .set_optmax = EBT_SO_SET_MAX + 1,
1475 .set = do_ebt_set_ctl,
1476 .get_optmin = EBT_BASE_CTL,
1477 .get_optmax = EBT_SO_GET_MAX + 1,
1478 .get = do_ebt_get_ctl,
16fcec35 1479 .owner = THIS_MODULE,
1da177e4
LT		 1480};
1481
65b4b4e8 1482static int __init ebtables_init(void)
1da177e4
LT		 1483{
1484 int ret;
1485
043ef46c
JE		 1486 ret = xt_register_target(&ebt_standard_target);
1487 if (ret < 0)
1da177e4 1488 return ret;
043ef46c
JE		 1489 ret = nf_register_sockopt(&ebt_sockopts);
1490 if (ret < 0) {
1491 xt_unregister_target(&ebt_standard_target);
1492 return ret;
1493 }
1da177e4 1494
a887c1c1 1495 printk(KERN_INFO "Ebtables v2.0 registered\n");
1da177e4
LT		 1496 return 0;
1497}
1498
65b4b4e8 1499static void __exit ebtables_fini(void)
1da177e4
LT		 1500{
1501 nf_unregister_sockopt(&ebt_sockopts);
043ef46c 1502 xt_unregister_target(&ebt_standard_target);
a887c1c1 1503 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1da177e4
LT		 1504}
1505
1506EXPORT_SYMBOL(ebt_register_table);
1507EXPORT_SYMBOL(ebt_unregister_table);
1da177e4 1508EXPORT_SYMBOL(ebt_do_table);
65b4b4e8
AM		 1509module_init(ebtables_init);
1510module_exit(ebtables_fini);
1da177e4 1511MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)