projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netfilter: xtables: add struct xt_mtchk_param::net
[linux-2.6-block.git] / net / bridge / netfilter / ebtables.c
CommitLineData
1da177e4
LT		 1/*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
1da177e4
LT		 18
19#include <linux/kmod.h>
20#include <linux/module.h>
21#include <linux/vmalloc.h>
18219d3f 22#include <linux/netfilter/x_tables.h>
1da177e4
LT		 23#include <linux/netfilter_bridge/ebtables.h>
24#include <linux/spinlock.h>
df0933dc 25#include <linux/mutex.h>
1da177e4
LT		 26#include <asm/uaccess.h>
27#include <linux/smp.h>
c8923c6b 28#include <linux/cpumask.h>
1da177e4
LT		 29#include <net/sock.h>
30/* needed for logical [in,out]-dev filtering */
31#include "../br_private.h"
32
1da177e4 33#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
9d6f229f 34 "report to author: "format, ## args)
1da177e4 35/* #define BUGPRINT(format, args...) */
1da177e4 36#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
9d6f229f 37 ": out of memory: "format, ## args)
1da177e4
LT		 38/* #define MEMPRINT(format, args...) */
39
40
41
42/*
43 * Each cpu has its own set of counters, so there is no need for write_lock in
44 * the softirq
45 * For reading or updating the counters, the user context needs to
46 * get a write_lock
47 */
48
49/* The size of each set of counters is altered to get cache alignment */
50#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
51#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
52#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
53 COUNTER_OFFSET(n) * cpu))
54
55
56
57b47a53 57static DEFINE_MUTEX(ebt_mutex);
1da177e4 58
043ef46c 59static struct xt_target ebt_standard_target = {
001a18d3
JE		 60 .name = "standard",
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
043ef46c 63 .targetsize = sizeof(int),
18219d3f 64};
1da177e4 65
7eb35586
JE		 66static inline int
67ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
68 struct xt_target_param *par)
1da177e4 69{
7eb35586
JE		 70 par->target = w->u.watcher;
71 par->targinfo = w->data;
72 w->u.watcher->target(skb, par);
1da177e4
LT		 73 /* watchers don't give a verdict */
74 return 0;
75}
76
77static inline int ebt_do_match (struct ebt_entry_match *m,
f7108a20 78 const struct sk_buff *skb, struct xt_match_param *par)
1da177e4 79{
f7108a20
JE		 80 par->match = m->u.match;
81 par->matchinfo = m->data;
d61ba9fd 82 return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
1da177e4
LT		 83}
84
85static inline int ebt_dev_check(char *entry, const struct net_device *device)
86{
87 int i = 0;
f3d8b2e4 88 const char *devname;
1da177e4
LT		 89
90 if (*entry == '\0')
91 return 0;
92 if (!device)
93 return 1;
f3d8b2e4 94 devname = device->name;
1da177e4
LT		 95 /* 1 is the wildcard token */
96 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
97 i++;
98 return (devname[i] != entry[i] && entry[i] != 1);
99}
100
101#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
102/* process standard matches */
103static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
104 const struct net_device *in, const struct net_device *out)
105{
106 int verdict, i;
107
108 if (e->bitmask & EBT_802_3) {
109 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
110 return 1;
111 } else if (!(e->bitmask & EBT_NOPROTO) &&
112 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
113 return 1;
114
115 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
116 return 1;
117 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
118 return 1;
119 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
120 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
121 return 1;
122 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
123 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
124 return 1;
125
126 if (e->bitmask & EBT_SOURCEMAC) {
127 verdict = 0;
128 for (i = 0; i < 6; i++)
129 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
130 e->sourcemsk[i];
131 if (FWINV2(verdict != 0, EBT_ISOURCE) )
132 return 1;
133 }
134 if (e->bitmask & EBT_DESTMAC) {
135 verdict = 0;
136 for (i = 0; i < 6; i++)
137 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
138 e->destmsk[i];
139 if (FWINV2(verdict != 0, EBT_IDEST) )
140 return 1;
141 }
142 return 0;
143}
144
98e86403
JE		 145static inline __pure
146struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
147{
148 return (void *)entry + entry->next_offset;
149}
150
1da177e4 151/* Do some firewalling */
3db05fea 152unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
1da177e4
LT		 153 const struct net_device *in, const struct net_device *out,
154 struct ebt_table *table)
155{
156 int i, nentries;
157 struct ebt_entry *point;
158 struct ebt_counter *counter_base, *cb_base;
159 struct ebt_entry_target *t;
160 int verdict, sp = 0;
161 struct ebt_chainstack *cs;
162 struct ebt_entries *chaininfo;
163 char *base;
164 struct ebt_table_info *private;
5365f802 165 bool hotdrop = false;
f7108a20 166 struct xt_match_param mtpar;
7eb35586 167 struct xt_target_param tgpar;
f7108a20 168
916a917d 169 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
7eb35586
JE		 170 mtpar.in = tgpar.in = in;
171 mtpar.out = tgpar.out = out;
f7108a20 172 mtpar.hotdrop = &hotdrop;
a5e78820 173 mtpar.hooknum = tgpar.hooknum = hook;
1da177e4
LT		 174
175 read_lock_bh(&table->lock);
176 private = table->private;
177 cb_base = COUNTER_BASE(private->counters, private->nentries,
178 smp_processor_id());
179 if (private->chainstack)
180 cs = private->chainstack[smp_processor_id()];
181 else
182 cs = NULL;
183 chaininfo = private->hook_entry[hook];
184 nentries = private->hook_entry[hook]->nentries;
185 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
186 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
187 /* base for chain jumps */
188 base = private->entries;
189 i = 0;
190 while (i < nentries) {
3db05fea 191 if (ebt_basic_match(point, eth_hdr(skb), in, out))
1da177e4
LT		 192 goto letscontinue;
193
f7108a20 194 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
1da177e4 195 goto letscontinue;
5365f802
JE		 196 if (hotdrop) {
197 read_unlock_bh(&table->lock);
198 return NF_DROP;
199 }
1da177e4
LT		 200
201 /* increase counter */
202 (*(counter_base + i)).pcnt++;
3db05fea 203 (*(counter_base + i)).bcnt += skb->len;
1da177e4
LT		 204
205 /* these should only watch: not modify, nor tell us
206 what to do with the packet */
7eb35586 207 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
1da177e4
LT		 208
209 t = (struct ebt_entry_target *)
210 (((char *)point) + point->target_offset);
211 /* standard target */
212 if (!t->u.target->target)
213 verdict = ((struct ebt_standard_target *)t)->verdict;
7eb35586
JE		 214 else {
215 tgpar.target = t->u.target;
216 tgpar.targinfo = t->data;
217 verdict = t->u.target->target(skb, &tgpar);
218 }
1da177e4
LT		 219 if (verdict == EBT_ACCEPT) {
220 read_unlock_bh(&table->lock);
221 return NF_ACCEPT;
222 }
223 if (verdict == EBT_DROP) {
224 read_unlock_bh(&table->lock);
225 return NF_DROP;
226 }
227 if (verdict == EBT_RETURN) {
228letsreturn:
229#ifdef CONFIG_NETFILTER_DEBUG
230 if (sp == 0) {
231 BUGPRINT("RETURN on base chain");
232 /* act like this is EBT_CONTINUE */
233 goto letscontinue;
234 }
235#endif
236 sp--;
237 /* put all the local variables right */
238 i = cs[sp].n;
239 chaininfo = cs[sp].chaininfo;
240 nentries = chaininfo->nentries;
241 point = cs[sp].e;
242 counter_base = cb_base +
243 chaininfo->counter_offset;
244 continue;
245 }
246 if (verdict == EBT_CONTINUE)
247 goto letscontinue;
248#ifdef CONFIG_NETFILTER_DEBUG
249 if (verdict < 0) {
250 BUGPRINT("bogus standard verdict\n");
251 read_unlock_bh(&table->lock);
252 return NF_DROP;
253 }
254#endif
255 /* jump to a udc */
256 cs[sp].n = i + 1;
257 cs[sp].chaininfo = chaininfo;
98e86403 258 cs[sp].e = ebt_next_entry(point);
1da177e4
LT		 259 i = 0;
260 chaininfo = (struct ebt_entries *) (base + verdict);
261#ifdef CONFIG_NETFILTER_DEBUG
262 if (chaininfo->distinguisher) {
263 BUGPRINT("jump to non-chain\n");
264 read_unlock_bh(&table->lock);
265 return NF_DROP;
266 }
267#endif
268 nentries = chaininfo->nentries;
269 point = (struct ebt_entry *)chaininfo->data;
270 counter_base = cb_base + chaininfo->counter_offset;
271 sp++;
272 continue;
273letscontinue:
98e86403 274 point = ebt_next_entry(point);
1da177e4
LT		 275 i++;
276 }
277
278 /* I actually like this :) */
279 if (chaininfo->policy == EBT_RETURN)
280 goto letsreturn;
281 if (chaininfo->policy == EBT_ACCEPT) {
282 read_unlock_bh(&table->lock);
283 return NF_ACCEPT;
284 }
285 read_unlock_bh(&table->lock);
286 return NF_DROP;
287}
288
289/* If it succeeds, returns element and locks mutex */
290static inline void *
291find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
57b47a53 292 struct mutex *mutex)
1da177e4 293{
df0933dc
PM		 294 struct {
295 struct list_head list;
296 char name[EBT_FUNCTION_MAXNAMELEN];
297 } *e;
1da177e4 298
57b47a53 299 *error = mutex_lock_interruptible(mutex);
1da177e4
LT		 300 if (*error != 0)
301 return NULL;
302
df0933dc
PM		 303 list_for_each_entry(e, head, list) {
304 if (strcmp(e->name, name) == 0)
305 return e;
1da177e4 306 }
df0933dc
PM		 307 *error = -ENOENT;
308 mutex_unlock(mutex);
309 return NULL;
1da177e4
LT		 310}
311
1da177e4
LT		 312static void *
313find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
57b47a53 314 int *error, struct mutex *mutex)
1da177e4 315{
95a5afca
JB		 316 return try_then_request_module(
317 find_inlist_lock_noload(head, name, error, mutex),
318 "%s%s", prefix, name);
1da177e4 319}
1da177e4
LT		 320
321static inline struct ebt_table *
511061e2
AD		 322find_table_lock(struct net *net, const char *name, int *error,
323 struct mutex *mutex)
1da177e4 324{
511061e2
AD		 325 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
326 "ebtable_", error, mutex);
1da177e4
LT		 327}
328
1da177e4 329static inline int
9b4fce7a
JE		 330ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
331 unsigned int *cnt)
1da177e4 332{
9b4fce7a 333 const struct ebt_entry *e = par->entryinfo;
043ef46c 334 struct xt_match *match;
14197d54 335 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
1da177e4
LT		 336 int ret;
337
14197d54
AV		 338 if (left < sizeof(struct ebt_entry_match) ||
339 left - sizeof(struct ebt_entry_match) < m->match_size)
1da177e4 340 return -EINVAL;
043ef46c
JE		 341
342 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
343 m->u.name, 0), "ebt_%s", m->u.name);
344 if (IS_ERR(match))
345 return PTR_ERR(match);
346 if (match == NULL)
1da177e4 347 return -ENOENT;
043ef46c
JE		 348 m->u.match = match;
349
9b4fce7a
JE		 350 par->match = match;
351 par->matchinfo = m->data;
916a917d 352 ret = xt_check_match(par, m->match_size,
9b4fce7a 353 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 354 if (ret < 0) {
355 module_put(match->me);
356 return ret;
1da177e4 357 }
043ef46c 358
1da177e4
LT		 359 (*cnt)++;
360 return 0;
361}
362
363static inline int
af5d6dc2
JE		 364ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
365 unsigned int *cnt)
1da177e4 366{
af5d6dc2 367 const struct ebt_entry *e = par->entryinfo;
043ef46c 368 struct xt_target *watcher;
14197d54 369 size_t left = ((char *)e + e->target_offset) - (char *)w;
1da177e4
LT		 370 int ret;
371
14197d54
AV		 372 if (left < sizeof(struct ebt_entry_watcher) ||
373 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
1da177e4 374 return -EINVAL;
043ef46c
JE		 375
376 watcher = try_then_request_module(
377 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
378 "ebt_%s", w->u.name);
379 if (IS_ERR(watcher))
380 return PTR_ERR(watcher);
381 if (watcher == NULL)
1da177e4 382 return -ENOENT;
043ef46c
JE		 383 w->u.watcher = watcher;
384
af5d6dc2
JE		 385 par->target = watcher;
386 par->targinfo = w->data;
916a917d 387 ret = xt_check_target(par, w->watcher_size,
af5d6dc2 388 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 389 if (ret < 0) {
390 module_put(watcher->me);
391 return ret;
1da177e4 392 }
043ef46c 393
1da177e4
LT		 394 (*cnt)++;
395 return 0;
396}
397
70fe9af4
AV		 398static int ebt_verify_pointers(struct ebt_replace *repl,
399 struct ebt_table_info *newinfo)
1da177e4 400{
70fe9af4
AV		 401 unsigned int limit = repl->entries_size;
402 unsigned int valid_hooks = repl->valid_hooks;
403 unsigned int offset = 0;
1da177e4
LT		 404 int i;
405
e4fd77de
AV		 406 for (i = 0; i < NF_BR_NUMHOOKS; i++)
407 newinfo->hook_entry[i] = NULL;
408
409 newinfo->entries_size = repl->entries_size;
410 newinfo->nentries = repl->nentries;
411
70fe9af4
AV		 412 while (offset < limit) {
413 size_t left = limit - offset;
414 struct ebt_entry *e = (void *)newinfo->entries + offset;
bb2ef25c 415
70fe9af4 416 if (left < sizeof(unsigned int))
1da177e4 417 break;
70fe9af4
AV		 418
419 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
420 if ((valid_hooks & (1 << i)) == 0)
421 continue;
1e419cd9
AV		 422 if ((char __user *)repl->hook_entry[i] ==
423 repl->entries + offset)
70fe9af4
AV		 424 break;
425 }
426
427 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
428 if (e->bitmask != 0) {
429 /* we make userspace set this right,
430 so there is no misunderstanding */
431 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
432 "in distinguisher\n");
433 return -EINVAL;
434 }
435 if (i != NF_BR_NUMHOOKS)
436 newinfo->hook_entry[i] = (struct ebt_entries *)e;
437 if (left < sizeof(struct ebt_entries))
438 break;
439 offset += sizeof(struct ebt_entries);
440 } else {
441 if (left < sizeof(struct ebt_entry))
442 break;
443 if (left < e->next_offset)
444 break;
445 offset += e->next_offset;
1da177e4 446 }
22b440bf 447 }
70fe9af4
AV		 448 if (offset != limit) {
449 BUGPRINT("entries_size too small\n");
450 return -EINVAL;
451 }
e4fd77de
AV		 452
453 /* check if all valid hooks have a chain */
454 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
455 if (!newinfo->hook_entry[i] &&
456 (valid_hooks & (1 << i))) {
457 BUGPRINT("Valid hook without chain\n");
458 return -EINVAL;
459 }
460 }
22b440bf 461 return 0;
22b440bf
AV		 462}
463
464/*
465 * this one is very careful, as it is the first function
466 * to parse the userspace data
467 */
468static inline int
469ebt_check_entry_size_and_hooks(struct ebt_entry *e,
0e795531
AV		 470 struct ebt_table_info *newinfo,
471 unsigned int *n, unsigned int *cnt,
472 unsigned int *totalcnt, unsigned int *udc_cnt)
22b440bf 473{
22b440bf
AV		 474 int i;
475
476 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
0e795531 477 if ((void *)e == (void *)newinfo->hook_entry[i])
22b440bf
AV		 478 break;
479 }
480 /* beginning of a new chain
481 if i == NF_BR_NUMHOOKS it must be a user defined chain */
482 if (i != NF_BR_NUMHOOKS || !e->bitmask) {
1da177e4
LT		 483 /* this checks if the previous chain has as many entries
484 as it said it has */
485 if (*n != *cnt) {
486 BUGPRINT("nentries does not equal the nr of entries "
9d6f229f 487 "in the chain\n");
1da177e4
LT		 488 return -EINVAL;
489 }
1da177e4
LT		 490 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
491 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
492 /* only RETURN from udc */
493 if (i != NF_BR_NUMHOOKS ||
494 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
495 BUGPRINT("bad policy\n");
496 return -EINVAL;
497 }
498 }
499 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
500 (*udc_cnt)++;
1da177e4
LT		 501 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
502 BUGPRINT("counter_offset != totalcnt");
503 return -EINVAL;
504 }
505 *n = ((struct ebt_entries *)e)->nentries;
506 *cnt = 0;
507 return 0;
508 }
509 /* a plain old entry, heh */
510 if (sizeof(struct ebt_entry) > e->watchers_offset ||
511 e->watchers_offset > e->target_offset ||
512 e->target_offset >= e->next_offset) {
513 BUGPRINT("entry offsets not in right order\n");
514 return -EINVAL;
515 }
516 /* this is not checked anywhere else */
517 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
518 BUGPRINT("target size too small\n");
519 return -EINVAL;
520 }
1da177e4
LT		 521 (*cnt)++;
522 (*totalcnt)++;
523 return 0;
524}
525
526struct ebt_cl_stack
527{
528 struct ebt_chainstack cs;
529 int from;
530 unsigned int hookmask;
531};
532
533/*
534 * we need these positions to check that the jumps to a different part of the
535 * entries is a jump to the beginning of a new chain.
536 */
537static inline int
538ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
177abc34 539 unsigned int *n, struct ebt_cl_stack *udc)
1da177e4
LT		 540{
541 int i;
542
543 /* we're only interested in chain starts */
40642f95 544 if (e->bitmask)
1da177e4
LT		 545 return 0;
546 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1da177e4
LT		 547 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
548 break;
549 }
550 /* only care about udc */
551 if (i != NF_BR_NUMHOOKS)
552 return 0;
553
554 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
555 /* these initialisations are depended on later in check_chainloops() */
556 udc[*n].cs.n = 0;
557 udc[*n].hookmask = 0;
558
559 (*n)++;
560 return 0;
561}
562
563static inline int
564ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
565{
6be3d859
JE		 566 struct xt_mtdtor_param par;
567
1da177e4
LT		 568 if (i && (*i)-- == 0)
569 return 1;
1da177e4 570
6be3d859
JE		 571 par.match = m->u.match;
572 par.matchinfo = m->data;
916a917d 573 par.family = NFPROTO_BRIDGE;
6be3d859
JE		 574 if (par.match->destroy != NULL)
575 par.match->destroy(&par);
576 module_put(par.match->me);
1da177e4
LT		 577 return 0;
578}
579
580static inline int
581ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
582{
a2df1648
JE		 583 struct xt_tgdtor_param par;
584
1da177e4
LT		 585 if (i && (*i)-- == 0)
586 return 1;
1da177e4 587
a2df1648
JE		 588 par.target = w->u.watcher;
589 par.targinfo = w->data;
916a917d 590 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 591 if (par.target->destroy != NULL)
592 par.target->destroy(&par);
593 module_put(par.target->me);
1da177e4
LT		 594 return 0;
595}
596
597static inline int
598ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
599{
a2df1648 600 struct xt_tgdtor_param par;
1da177e4
LT		 601 struct ebt_entry_target *t;
602
40642f95 603 if (e->bitmask == 0)
1da177e4
LT		 604 return 0;
605 /* we're done */
606 if (cnt && (*cnt)-- == 0)
607 return 1;
608 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
609 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
610 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1da177e4 611
a2df1648
JE		 612 par.target = t->u.target;
613 par.targinfo = t->data;
916a917d 614 par.family = NFPROTO_BRIDGE;
a2df1648
JE		 615 if (par.target->destroy != NULL)
616 par.target->destroy(&par);
617 module_put(par.target->me);
1da177e4
LT		 618 return 0;
619}
620
621static inline int
a83d8e8d
AD		 622ebt_check_entry(struct ebt_entry *e,
623 struct net *net,
624 struct ebt_table_info *newinfo,
f7da79d9 625 const char *name, unsigned int *cnt,
1da177e4
LT		 626 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
627{
628 struct ebt_entry_target *t;
043ef46c 629 struct xt_target *target;
1da177e4 630 unsigned int i, j, hook = 0, hookmask = 0;
44f9a2fd 631 size_t gap;
1da177e4 632 int ret;
6be3d859 633 struct xt_mtchk_param mtpar;
af5d6dc2 634 struct xt_tgchk_param tgpar;
1da177e4
LT		 635
636 /* don't mess with the struct ebt_entries */
40642f95 637 if (e->bitmask == 0)
1da177e4
LT		 638 return 0;
639
640 if (e->bitmask & ~EBT_F_MASK) {
641 BUGPRINT("Unknown flag for bitmask\n");
642 return -EINVAL;
643 }
644 if (e->invflags & ~EBT_INV_MASK) {
645 BUGPRINT("Unknown flag for inv bitmask\n");
646 return -EINVAL;
647 }
648 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
649 BUGPRINT("NOPROTO & 802_3 not allowed\n");
650 return -EINVAL;
651 }
652 /* what hook do we belong to? */
653 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
f7da79d9 654 if (!newinfo->hook_entry[i])
1da177e4
LT		 655 continue;
656 if ((char *)newinfo->hook_entry[i] < (char *)e)
657 hook = i;
658 else
659 break;
660 }
661 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
662 a base chain */
663 if (i < NF_BR_NUMHOOKS)
664 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
665 else {
666 for (i = 0; i < udc_cnt; i++)
667 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
668 break;
669 if (i == 0)
670 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
671 else
672 hookmask = cl_s[i - 1].hookmask;
673 }
674 i = 0;
9b4fce7a 675
a83d8e8d 676 mtpar.net = net;
af5d6dc2
JE		 677 mtpar.table = tgpar.table = name;
678 mtpar.entryinfo = tgpar.entryinfo = e;
679 mtpar.hook_mask = tgpar.hook_mask = hookmask;
916a917d 680 mtpar.family = tgpar.family = NFPROTO_BRIDGE;
6be3d859 681 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
1da177e4
LT		 682 if (ret != 0)
683 goto cleanup_matches;
684 j = 0;
af5d6dc2 685 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
1da177e4
LT		 686 if (ret != 0)
687 goto cleanup_watchers;
688 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
44f9a2fd 689 gap = e->next_offset - e->target_offset;
1da177e4 690
043ef46c
JE		 691 target = try_then_request_module(
692 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
693 "ebt_%s", t->u.name);
694 if (IS_ERR(target)) {
695 ret = PTR_ERR(target);
001a18d3 696 goto cleanup_watchers;
043ef46c
JE		 697 } else if (target == NULL) {
698 ret = -ENOENT;
001a18d3
JE		 699 goto cleanup_watchers;
700 }
701
1da177e4
LT		 702 t->u.target = target;
703 if (t->u.target == &ebt_standard_target) {
14197d54 704 if (gap < sizeof(struct ebt_standard_target)) {
1da177e4
LT		 705 BUGPRINT("Standard target size too big\n");
706 ret = -EFAULT;
707 goto cleanup_watchers;
708 }
709 if (((struct ebt_standard_target *)t)->verdict <
710 -NUM_STANDARD_TARGETS) {
711 BUGPRINT("Invalid standard target\n");
712 ret = -EFAULT;
713 goto cleanup_watchers;
714 }
18219d3f
JE		 715 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
716 module_put(t->u.target->me);
717 ret = -EFAULT;
718 goto cleanup_watchers;
043ef46c
JE		 719 }
720
af5d6dc2
JE		 721 tgpar.target = target;
722 tgpar.targinfo = t->data;
916a917d 723 ret = xt_check_target(&tgpar, t->target_size,
af5d6dc2 724 e->ethproto, e->invflags & EBT_IPROTO);
043ef46c
JE		 725 if (ret < 0) {
726 module_put(target->me);
18219d3f 727 goto cleanup_watchers;
1da177e4
LT		 728 }
729 (*cnt)++;
730 return 0;
731cleanup_watchers:
732 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
733cleanup_matches:
734 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
735 return ret;
736}
737
738/*
739 * checks for loops and sets the hook mask for udc
740 * the hook mask for udc tells us from which base chains the udc can be
741 * accessed. This mask is a parameter to the check() functions of the extensions
742 */
743static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
744 unsigned int udc_cnt, unsigned int hooknr, char *base)
745{
746 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
747 struct ebt_entry *e = (struct ebt_entry *)chain->data;
748 struct ebt_entry_target *t;
749
750 while (pos < nentries || chain_nr != -1) {
751 /* end of udc, go back one 'recursion' step */
752 if (pos == nentries) {
753 /* put back values of the time when this chain was called */
754 e = cl_s[chain_nr].cs.e;
755 if (cl_s[chain_nr].from != -1)
756 nentries =
757 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
758 else
759 nentries = chain->nentries;
760 pos = cl_s[chain_nr].cs.n;
761 /* make sure we won't see a loop that isn't one */
762 cl_s[chain_nr].cs.n = 0;
763 chain_nr = cl_s[chain_nr].from;
764 if (pos == nentries)
765 continue;
766 }
767 t = (struct ebt_entry_target *)
768 (((char *)e) + e->target_offset);
769 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
770 goto letscontinue;
771 if (e->target_offset + sizeof(struct ebt_standard_target) >
772 e->next_offset) {
773 BUGPRINT("Standard target size too big\n");
774 return -1;
775 }
776 verdict = ((struct ebt_standard_target *)t)->verdict;
777 if (verdict >= 0) { /* jump to another chain */
778 struct ebt_entries *hlp2 =
779 (struct ebt_entries *)(base + verdict);
780 for (i = 0; i < udc_cnt; i++)
781 if (hlp2 == cl_s[i].cs.chaininfo)
782 break;
783 /* bad destination or loop */
784 if (i == udc_cnt) {
785 BUGPRINT("bad destination\n");
786 return -1;
787 }
788 if (cl_s[i].cs.n) {
789 BUGPRINT("loop\n");
790 return -1;
791 }
98a0824a
AV		 792 if (cl_s[i].hookmask & (1 << hooknr))
793 goto letscontinue;
794 /* this can't be 0, so the loop test is correct */
1da177e4
LT		 795 cl_s[i].cs.n = pos + 1;
796 pos = 0;
98e86403 797 cl_s[i].cs.e = ebt_next_entry(e);
1da177e4
LT		 798 e = (struct ebt_entry *)(hlp2->data);
799 nentries = hlp2->nentries;
800 cl_s[i].from = chain_nr;
801 chain_nr = i;
802 /* this udc is accessible from the base chain for hooknr */
803 cl_s[i].hookmask |= (1 << hooknr);
804 continue;
805 }
806letscontinue:
98e86403 807 e = ebt_next_entry(e);
1da177e4
LT		 808 pos++;
809 }
810 return 0;
811}
812
813/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
a83d8e8d
AD		 814static int translate_table(struct net *net, char *name,
815 struct ebt_table_info *newinfo)
1da177e4
LT		 816{
817 unsigned int i, j, k, udc_cnt;
818 int ret;
819 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
820
821 i = 0;
1f072c96 822 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
1da177e4
LT		 823 i++;
824 if (i == NF_BR_NUMHOOKS) {
825 BUGPRINT("No valid hooks specified\n");
826 return -EINVAL;
827 }
1f072c96 828 if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
1da177e4
LT		 829 BUGPRINT("Chains don't start at beginning\n");
830 return -EINVAL;
831 }
832 /* make sure chains are ordered after each other in same order
833 as their corresponding hooks */
834 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
1f072c96 835 if (!newinfo->hook_entry[j])
1da177e4 836 continue;
1f072c96 837 if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
1da177e4
LT		 838 BUGPRINT("Hook order must be followed\n");
839 return -EINVAL;
840 }
841 i = j;
842 }
843
1da177e4
LT		 844 /* do some early checkings and initialize some things */
845 i = 0; /* holds the expected nr. of entries for the chain */
846 j = 0; /* holds the up to now counted entries for the chain */
847 k = 0; /* holds the total nr. of entries, should equal
9d6f229f 848 newinfo->nentries afterwards */
1da177e4
LT		 849 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
850 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
0e795531
AV		 851 ebt_check_entry_size_and_hooks, newinfo,
852 &i, &j, &k, &udc_cnt);
1da177e4
LT		 853
854 if (ret != 0)
855 return ret;
856
857 if (i != j) {
858 BUGPRINT("nentries does not equal the nr of entries in the "
9d6f229f 859 "(last) chain\n");
1da177e4
LT		 860 return -EINVAL;
861 }
862 if (k != newinfo->nentries) {
863 BUGPRINT("Total nentries is wrong\n");
864 return -EINVAL;
865 }
866
1da177e4
LT		 867 /* get the location of the udc, put them in an array
868 while we're at it, allocate the chainstack */
869 if (udc_cnt) {
870 /* this will get free'd in do_replace()/ebt_register_table()
871 if an error occurs */
7ad4d2f6 872 newinfo->chainstack =
53b8a315 873 vmalloc(nr_cpu_ids * sizeof(*(newinfo->chainstack)));
1da177e4
LT		 874 if (!newinfo->chainstack)
875 return -ENOMEM;
6f912042 876 for_each_possible_cpu(i) {
1da177e4 877 newinfo->chainstack[i] =
18bc89aa 878 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
1da177e4
LT		 879 if (!newinfo->chainstack[i]) {
880 while (i)
881 vfree(newinfo->chainstack[--i]);
882 vfree(newinfo->chainstack);
883 newinfo->chainstack = NULL;
884 return -ENOMEM;
885 }
886 }
887
18bc89aa 888 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
1da177e4
LT		 889 if (!cl_s)
890 return -ENOMEM;
891 i = 0; /* the i'th udc */
892 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
177abc34 893 ebt_get_udc_positions, newinfo, &i, cl_s);
1da177e4
LT		 894 /* sanity check */
895 if (i != udc_cnt) {
896 BUGPRINT("i != udc_cnt\n");
897 vfree(cl_s);
898 return -EFAULT;
899 }
900 }
901
902 /* Check for loops */
903 for (i = 0; i < NF_BR_NUMHOOKS; i++)
1f072c96 904 if (newinfo->hook_entry[i])
1da177e4
LT		 905 if (check_chainloops(newinfo->hook_entry[i],
906 cl_s, udc_cnt, i, newinfo->entries)) {
68d31872 907 vfree(cl_s);
1da177e4
LT		 908 return -EINVAL;
909 }
910
96de0e25 911 /* we now know the following (along with E=mc²):
1da177e4
LT		 912 - the nr of entries in each chain is right
913 - the size of the allocated space is right
914 - all valid hooks have a corresponding chain
915 - there are no loops
916 - wrong data can still be on the level of a single entry
917 - could be there are jumps to places that are not the
918 beginning of a chain. This can only occur in chains that
919 are not accessible from any base chains, so we don't care. */
920
921 /* used to know what we need to clean up if something goes wrong */
922 i = 0;
923 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
a83d8e8d 924 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
1da177e4
LT		 925 if (ret != 0) {
926 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
927 ebt_cleanup_entry, &i);
928 }
68d31872 929 vfree(cl_s);
1da177e4
LT		 930 return ret;
931}
932
933/* called under write_lock */
934static void get_counters(struct ebt_counter *oldcounters,
935 struct ebt_counter *counters, unsigned int nentries)
936{
937 int i, cpu;
938 struct ebt_counter *counter_base;
939
940 /* counters of cpu 0 */
941 memcpy(counters, oldcounters,
c8923c6b
DM		 942 sizeof(struct ebt_counter) * nentries);
943
1da177e4 944 /* add other counters to those of cpu 0 */
6f912042 945 for_each_possible_cpu(cpu) {
c8923c6b
DM		 946 if (cpu == 0)
947 continue;
1da177e4
LT		 948 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
949 for (i = 0; i < nentries; i++) {
950 counters[i].pcnt += counter_base[i].pcnt;
951 counters[i].bcnt += counter_base[i].bcnt;
952 }
953 }
954}
955
956/* replace the table */
511061e2 957static int do_replace(struct net *net, void __user *user, unsigned int len)
1da177e4
LT		 958{
959 int ret, i, countersize;
960 struct ebt_table_info *newinfo;
961 struct ebt_replace tmp;
962 struct ebt_table *t;
963 struct ebt_counter *counterstmp = NULL;
964 /* used to be able to unlock earlier */
965 struct ebt_table_info *table;
966
967 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
968 return -EFAULT;
969
970 if (len != sizeof(tmp) + tmp.entries_size) {
971 BUGPRINT("Wrong len argument\n");
972 return -EINVAL;
973 }
974
975 if (tmp.entries_size == 0) {
976 BUGPRINT("Entries_size never zero\n");
977 return -EINVAL;
978 }
ee4bb818
KK		 979 /* overflow check */
980 if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
981 SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
982 return -ENOMEM;
983 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
984 return -ENOMEM;
985
53b8a315 986 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
18bc89aa 987 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1da177e4
LT		 988 if (!newinfo)
989 return -ENOMEM;
990
991 if (countersize)
992 memset(newinfo->counters, 0, countersize);
993
8b3a7005 994 newinfo->entries = vmalloc(tmp.entries_size);
1da177e4
LT		 995 if (!newinfo->entries) {
996 ret = -ENOMEM;
997 goto free_newinfo;
998 }
999 if (copy_from_user(
1000 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
1001 BUGPRINT("Couldn't copy entries from userspace\n");
1002 ret = -EFAULT;
1003 goto free_entries;
1004 }
1005
1006 /* the user wants counters back
1007 the check on the size is done later, when we have the lock */
1008 if (tmp.num_counters) {
18bc89aa 1009 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
1da177e4
LT		 1010 if (!counterstmp) {
1011 ret = -ENOMEM;
1012 goto free_entries;
1013 }
1014 }
1015 else
1016 counterstmp = NULL;
1017
1018 /* this can get initialized by translate_table() */
1019 newinfo->chainstack = NULL;
1bc2326c
AV		 1020 ret = ebt_verify_pointers(&tmp, newinfo);
1021 if (ret != 0)
1022 goto free_counterstmp;
1023
a83d8e8d 1024 ret = translate_table(net, tmp.name, newinfo);
1da177e4
LT		 1025
1026 if (ret != 0)
1027 goto free_counterstmp;
1028
511061e2 1029 t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1da177e4
LT		 1030 if (!t) {
1031 ret = -ENOENT;
1032 goto free_iterate;
1033 }
1034
1035 /* the table doesn't like it */
1036 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
1037 goto free_unlock;
1038
1039 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
1040 BUGPRINT("Wrong nr. of counters requested\n");
1041 ret = -EINVAL;
1042 goto free_unlock;
1043 }
1044
1045 /* we have the mutex lock, so no danger in reading this pointer */
1046 table = t->private;
1047 /* make sure the table can only be rmmod'ed if it contains no rules */
1048 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
1049 ret = -ENOENT;
1050 goto free_unlock;
1051 } else if (table->nentries && !newinfo->nentries)
1052 module_put(t->me);
1053 /* we need an atomic snapshot of the counters */
1054 write_lock_bh(&t->lock);
1055 if (tmp.num_counters)
1056 get_counters(t->private->counters, counterstmp,
1057 t->private->nentries);
1058
1059 t->private = newinfo;
1060 write_unlock_bh(&t->lock);
57b47a53 1061 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1062 /* so, a user can change the chains while having messed up her counter
1063 allocation. Only reason why this is done is because this way the lock
1064 is held only once, while this doesn't bring the kernel into a
1065 dangerous state. */
1066 if (tmp.num_counters &&
1067 copy_to_user(tmp.counters, counterstmp,
1068 tmp.num_counters * sizeof(struct ebt_counter))) {
1069 BUGPRINT("Couldn't copy counters to userspace\n");
1070 ret = -EFAULT;
1071 }
1072 else
1073 ret = 0;
1074
1075 /* decrease module count and free resources */
1076 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1077 ebt_cleanup_entry, NULL);
1078
1079 vfree(table->entries);
1080 if (table->chainstack) {
6f912042 1081 for_each_possible_cpu(i)
1da177e4
LT		 1082 vfree(table->chainstack[i]);
1083 vfree(table->chainstack);
1084 }
1085 vfree(table);
1086
68d31872 1087 vfree(counterstmp);
1da177e4
LT		 1088 return ret;
1089
1090free_unlock:
57b47a53 1091 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1092free_iterate:
1093 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1094 ebt_cleanup_entry, NULL);
1095free_counterstmp:
68d31872 1096 vfree(counterstmp);
1da177e4
LT		 1097 /* can be initialized in translate_table() */
1098 if (newinfo->chainstack) {
6f912042 1099 for_each_possible_cpu(i)
1da177e4
LT		 1100 vfree(newinfo->chainstack[i]);
1101 vfree(newinfo->chainstack);
1102 }
1103free_entries:
68d31872 1104 vfree(newinfo->entries);
1da177e4 1105free_newinfo:
68d31872 1106 vfree(newinfo);
1da177e4
LT		 1107 return ret;
1108}
1109
35aad0ff
JE		 1110struct ebt_table *
1111ebt_register_table(struct net *net, const struct ebt_table *input_table)
1da177e4
LT		 1112{
1113 struct ebt_table_info *newinfo;
35aad0ff 1114 struct ebt_table *t, *table;
1e419cd9 1115 struct ebt_replace_kernel *repl;
1da177e4 1116 int ret, i, countersize;
df07a81e 1117 void *p;
1da177e4 1118
35aad0ff
JE		 1119 if (input_table == NULL || (repl = input_table->table) == NULL ||
1120 repl->entries == 0 || repl->entries_size == 0 ||
1121 repl->counters != NULL || input_table->private != NULL) {
1da177e4 1122 BUGPRINT("Bad table data for ebt_register_table!!!\n");
6beceee5
AD		 1123 return ERR_PTR(-EINVAL);
1124 }
1125
1126 /* Don't add one table to multiple lists. */
35aad0ff 1127 table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
6beceee5
AD		 1128 if (!table) {
1129 ret = -ENOMEM;
1130 goto out;
1da177e4
LT		 1131 }
1132
53b8a315 1133 countersize = COUNTER_OFFSET(repl->nentries) * nr_cpu_ids;
18bc89aa 1134 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1da177e4
LT		 1135 ret = -ENOMEM;
1136 if (!newinfo)
6beceee5 1137 goto free_table;
1da177e4 1138
df07a81e
AV		 1139 p = vmalloc(repl->entries_size);
1140 if (!p)
1da177e4
LT		 1141 goto free_newinfo;
1142
df07a81e
AV		 1143 memcpy(p, repl->entries, repl->entries_size);
1144 newinfo->entries = p;
1145
1146 newinfo->entries_size = repl->entries_size;
1147 newinfo->nentries = repl->nentries;
1da177e4
LT		 1148
1149 if (countersize)
1150 memset(newinfo->counters, 0, countersize);
1151
1152 /* fill in newinfo and parse the entries */
1153 newinfo->chainstack = NULL;
df07a81e
AV		 1154 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
1155 if ((repl->valid_hooks & (1 << i)) == 0)
1156 newinfo->hook_entry[i] = NULL;
1157 else
1158 newinfo->hook_entry[i] = p +
1159 ((char *)repl->hook_entry[i] - repl->entries);
1160 }
a83d8e8d 1161 ret = translate_table(net, repl->name, newinfo);
1da177e4
LT		 1162 if (ret != 0) {
1163 BUGPRINT("Translate_table failed\n");
1164 goto free_chainstack;
1165 }
1166
1167 if (table->check && table->check(newinfo, table->valid_hooks)) {
1168 BUGPRINT("The table doesn't like its own initial data, lol\n");
6beceee5 1169 return ERR_PTR(-EINVAL);
1da177e4
LT		 1170 }
1171
1172 table->private = newinfo;
1173 rwlock_init(&table->lock);
57b47a53 1174 ret = mutex_lock_interruptible(&ebt_mutex);
1da177e4
LT		 1175 if (ret != 0)
1176 goto free_chainstack;
1177
511061e2 1178 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
df0933dc
PM		 1179 if (strcmp(t->name, table->name) == 0) {
1180 ret = -EEXIST;
1181 BUGPRINT("Table name already exists\n");
1182 goto free_unlock;
1183 }
1da177e4
LT		 1184 }
1185
1186 /* Hold a reference count if the chains aren't empty */
1187 if (newinfo->nentries && !try_module_get(table->me)) {
1188 ret = -ENOENT;
1189 goto free_unlock;
1190 }
511061e2 1191 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
57b47a53 1192 mutex_unlock(&ebt_mutex);
6beceee5 1193 return table;
1da177e4 1194free_unlock:
57b47a53 1195 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1196free_chainstack:
1197 if (newinfo->chainstack) {
6f912042 1198 for_each_possible_cpu(i)
1da177e4
LT		 1199 vfree(newinfo->chainstack[i]);
1200 vfree(newinfo->chainstack);
1201 }
1202 vfree(newinfo->entries);
1203free_newinfo:
1204 vfree(newinfo);
6beceee5
AD		 1205free_table:
1206 kfree(table);
1207out:
1208 return ERR_PTR(ret);
1da177e4
LT		 1209}
1210
1211void ebt_unregister_table(struct ebt_table *table)
1212{
1213 int i;
1214
1215 if (!table) {
1216 BUGPRINT("Request to unregister NULL table!!!\n");
1217 return;
1218 }
57b47a53 1219 mutex_lock(&ebt_mutex);
df0933dc 1220 list_del(&table->list);
57b47a53 1221 mutex_unlock(&ebt_mutex);
dbcdf85a
AD		 1222 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1223 ebt_cleanup_entry, NULL);
1224 if (table->private->nentries)
1225 module_put(table->me);
68d31872 1226 vfree(table->private->entries);
1da177e4 1227 if (table->private->chainstack) {
6f912042 1228 for_each_possible_cpu(i)
1da177e4
LT		 1229 vfree(table->private->chainstack[i]);
1230 vfree(table->private->chainstack);
1231 }
1232 vfree(table->private);
6beceee5 1233 kfree(table);
1da177e4
LT		 1234}
1235
1236/* userspace just supplied us with counters */
511061e2 1237static int update_counters(struct net *net, void __user *user, unsigned int len)
1da177e4
LT		 1238{
1239 int i, ret;
1240 struct ebt_counter *tmp;
1241 struct ebt_replace hlp;
1242 struct ebt_table *t;
1243
1244 if (copy_from_user(&hlp, user, sizeof(hlp)))
1245 return -EFAULT;
1246
1247 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1248 return -EINVAL;
1249 if (hlp.num_counters == 0)
1250 return -EINVAL;
1251
18bc89aa 1252 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1da177e4
LT		 1253 MEMPRINT("Update_counters && nomemory\n");
1254 return -ENOMEM;
1255 }
1256
511061e2 1257 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1da177e4
LT		 1258 if (!t)
1259 goto free_tmp;
1260
1261 if (hlp.num_counters != t->private->nentries) {
1262 BUGPRINT("Wrong nr of counters\n");
1263 ret = -EINVAL;
1264 goto unlock_mutex;
1265 }
1266
1267 if ( copy_from_user(tmp, hlp.counters,
1268 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1269 BUGPRINT("Updata_counters && !cfu\n");
1270 ret = -EFAULT;
1271 goto unlock_mutex;
1272 }
1273
1274 /* we want an atomic add of the counters */
1275 write_lock_bh(&t->lock);
1276
1277 /* we add to the counters of the first cpu */
1278 for (i = 0; i < hlp.num_counters; i++) {
1279 t->private->counters[i].pcnt += tmp[i].pcnt;
1280 t->private->counters[i].bcnt += tmp[i].bcnt;
1281 }
1282
1283 write_unlock_bh(&t->lock);
1284 ret = 0;
1285unlock_mutex:
57b47a53 1286 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1287free_tmp:
1288 vfree(tmp);
1289 return ret;
1290}
1291
1292static inline int ebt_make_matchname(struct ebt_entry_match *m,
1e419cd9 1293 char *base, char __user *ubase)
1da177e4 1294{
1e419cd9 1295 char __user *hlp = ubase + ((char *)m - base);
1da177e4
LT		 1296 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1297 return -EFAULT;
1298 return 0;
1299}
1300
1301static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1e419cd9 1302 char *base, char __user *ubase)
1da177e4 1303{
1e419cd9 1304 char __user *hlp = ubase + ((char *)w - base);
1da177e4
LT		 1305 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1306 return -EFAULT;
1307 return 0;
1308}
1309
1e419cd9 1310static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)
1da177e4
LT		 1311{
1312 int ret;
1e419cd9 1313 char __user *hlp;
1da177e4
LT		 1314 struct ebt_entry_target *t;
1315
40642f95 1316 if (e->bitmask == 0)
1da177e4
LT		 1317 return 0;
1318
1e419cd9 1319 hlp = ubase + (((char *)e + e->target_offset) - base);
1da177e4 1320 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
9d6f229f 1321
1da177e4
LT		 1322 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1323 if (ret != 0)
1324 return ret;
1325 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1326 if (ret != 0)
1327 return ret;
1328 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1329 return -EFAULT;
1330 return 0;
1331}
1332
57b47a53 1333/* called with ebt_mutex locked */
1da177e4
LT		 1334static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1335 int *len, int cmd)
1336{
1337 struct ebt_replace tmp;
1338 struct ebt_counter *counterstmp, *oldcounters;
1339 unsigned int entries_size, nentries;
1340 char *entries;
1341
1342 if (cmd == EBT_SO_GET_ENTRIES) {
1343 entries_size = t->private->entries_size;
1344 nentries = t->private->nentries;
1345 entries = t->private->entries;
1346 oldcounters = t->private->counters;
1347 } else {
1348 entries_size = t->table->entries_size;
1349 nentries = t->table->nentries;
1350 entries = t->table->entries;
1351 oldcounters = t->table->counters;
1352 }
1353
1354 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1355 BUGPRINT("Cfu didn't work\n");
1356 return -EFAULT;
1357 }
1358
1359 if (*len != sizeof(struct ebt_replace) + entries_size +
1360 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1361 BUGPRINT("Wrong size\n");
1362 return -EINVAL;
1363 }
1364
1365 if (tmp.nentries != nentries) {
1366 BUGPRINT("Nentries wrong\n");
1367 return -EINVAL;
1368 }
1369
1370 if (tmp.entries_size != entries_size) {
1371 BUGPRINT("Wrong size\n");
1372 return -EINVAL;
1373 }
1374
1375 /* userspace might not need the counters */
1376 if (tmp.num_counters) {
1377 if (tmp.num_counters != nentries) {
1378 BUGPRINT("Num_counters wrong\n");
1379 return -EINVAL;
1380 }
18bc89aa 1381 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1da177e4
LT		 1382 if (!counterstmp) {
1383 MEMPRINT("Couldn't copy counters, out of memory\n");
1384 return -ENOMEM;
1385 }
1386 write_lock_bh(&t->lock);
1387 get_counters(oldcounters, counterstmp, nentries);
1388 write_unlock_bh(&t->lock);
1389
1390 if (copy_to_user(tmp.counters, counterstmp,
1391 nentries * sizeof(struct ebt_counter))) {
1392 BUGPRINT("Couldn't copy counters to userspace\n");
1393 vfree(counterstmp);
1394 return -EFAULT;
1395 }
1396 vfree(counterstmp);
1397 }
1398
1399 if (copy_to_user(tmp.entries, entries, entries_size)) {
1400 BUGPRINT("Couldn't copy entries to userspace\n");
1401 return -EFAULT;
1402 }
1403 /* set the match/watcher/target names right */
1404 return EBT_ENTRY_ITERATE(entries, entries_size,
1405 ebt_make_names, entries, tmp.entries);
1406}
1407
1408static int do_ebt_set_ctl(struct sock *sk,
1409 int cmd, void __user *user, unsigned int len)
1410{
1411 int ret;
1412
1413 switch(cmd) {
1414 case EBT_SO_SET_ENTRIES:
511061e2 1415 ret = do_replace(sock_net(sk), user, len);
1da177e4
LT		 1416 break;
1417 case EBT_SO_SET_COUNTERS:
511061e2 1418 ret = update_counters(sock_net(sk), user, len);
1da177e4
LT		 1419 break;
1420 default:
1421 ret = -EINVAL;
1422 }
1423 return ret;
1424}
1425
1426static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1427{
1428 int ret;
1429 struct ebt_replace tmp;
1430 struct ebt_table *t;
1431
1432 if (copy_from_user(&tmp, user, sizeof(tmp)))
1433 return -EFAULT;
1434
511061e2 1435 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1da177e4
LT		 1436 if (!t)
1437 return ret;
1438
1439 switch(cmd) {
1440 case EBT_SO_GET_INFO:
1441 case EBT_SO_GET_INIT_INFO:
1442 if (*len != sizeof(struct ebt_replace)){
1443 ret = -EINVAL;
57b47a53 1444 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1445 break;
1446 }
1447 if (cmd == EBT_SO_GET_INFO) {
1448 tmp.nentries = t->private->nentries;
1449 tmp.entries_size = t->private->entries_size;
1450 tmp.valid_hooks = t->valid_hooks;
1451 } else {
1452 tmp.nentries = t->table->nentries;
1453 tmp.entries_size = t->table->entries_size;
1454 tmp.valid_hooks = t->table->valid_hooks;
1455 }
57b47a53 1456 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1457 if (copy_to_user(user, &tmp, *len) != 0){
1458 BUGPRINT("c2u Didn't work\n");
1459 ret = -EFAULT;
1460 break;
1461 }
1462 ret = 0;
1463 break;
1464
1465 case EBT_SO_GET_ENTRIES:
1466 case EBT_SO_GET_INIT_ENTRIES:
1467 ret = copy_everything_to_user(t, user, len, cmd);
57b47a53 1468 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1469 break;
1470
1471 default:
57b47a53 1472 mutex_unlock(&ebt_mutex);
1da177e4
LT		 1473 ret = -EINVAL;
1474 }
1475
1476 return ret;
1477}
1478
1479static struct nf_sockopt_ops ebt_sockopts =
74ca4e5a
AM		 1480{
1481 .pf = PF_INET,
1482 .set_optmin = EBT_BASE_CTL,
1483 .set_optmax = EBT_SO_SET_MAX + 1,
1484 .set = do_ebt_set_ctl,
1485 .get_optmin = EBT_BASE_CTL,
1486 .get_optmax = EBT_SO_GET_MAX + 1,
1487 .get = do_ebt_get_ctl,
16fcec35 1488 .owner = THIS_MODULE,
1da177e4
LT		 1489};
1490
65b4b4e8 1491static int __init ebtables_init(void)
1da177e4
LT		 1492{
1493 int ret;
1494
043ef46c
JE		 1495 ret = xt_register_target(&ebt_standard_target);
1496 if (ret < 0)
1da177e4 1497 return ret;
043ef46c
JE		 1498 ret = nf_register_sockopt(&ebt_sockopts);
1499 if (ret < 0) {
1500 xt_unregister_target(&ebt_standard_target);
1501 return ret;
1502 }
1da177e4 1503
a887c1c1 1504 printk(KERN_INFO "Ebtables v2.0 registered\n");
1da177e4
LT		 1505 return 0;
1506}
1507
65b4b4e8 1508static void __exit ebtables_fini(void)
1da177e4
LT		 1509{
1510 nf_unregister_sockopt(&ebt_sockopts);
043ef46c 1511 xt_unregister_target(&ebt_standard_target);
a887c1c1 1512 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1da177e4
LT		 1513}
1514
1515EXPORT_SYMBOL(ebt_register_table);
1516EXPORT_SYMBOL(ebt_unregister_table);
1da177e4 1517EXPORT_SYMBOL(ebt_do_table);
65b4b4e8
AM		 1518module_init(ebtables_init);
1519module_exit(ebtables_fini);
1da177e4 1520MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)