xref: /openbmc/linux/net/ipv6/raw.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2  *	RAW sockets for IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	Adapted from linux/net/ipv4/raw.c
9  *
10  *	$Id: raw.c,v 1.51 2002/02/01 22:01:04 davem Exp $
11  *
12  *	Fixes:
13  *	Hideaki YOSHIFUJI	:	sin6_scope_id support
14  *	YOSHIFUJI,H.@USAGI	:	raw checksum (RFC2292(bis) compliance)
15  *	Kazunori MIYAZAWA @USAGI:	change process style to use ip6_append_data
16  *
17  *	This program is free software; you can redistribute it and/or
18  *      modify it under the terms of the GNU General Public License
19  *      as published by the Free Software Foundation; either version
20  *      2 of the License, or (at your option) any later version.
21  */
22 
23 #include <linux/errno.h>
24 #include <linux/types.h>
25 #include <linux/socket.h>
26 #include <linux/sockios.h>
27 #include <linux/net.h>
28 #include <linux/in6.h>
29 #include <linux/netdevice.h>
30 #include <linux/if_arp.h>
31 #include <linux/icmpv6.h>
32 #include <linux/netfilter.h>
33 #include <linux/netfilter_ipv6.h>
34 #include <linux/skbuff.h>
35 #include <asm/uaccess.h>
36 #include <asm/ioctls.h>
37 
38 #include <net/ip.h>
39 #include <net/sock.h>
40 #include <net/snmp.h>
41 
42 #include <net/ipv6.h>
43 #include <net/ndisc.h>
44 #include <net/protocol.h>
45 #include <net/ip6_route.h>
46 #include <net/ip6_checksum.h>
47 #include <net/addrconf.h>
48 #include <net/transp_v6.h>
49 #include <net/udp.h>
50 #include <net/inet_common.h>
51 #include <net/tcp_states.h>
52 #ifdef CONFIG_IPV6_MIP6
53 #include <net/mip6.h>
54 #endif
55 
56 #include <net/rawv6.h>
57 #include <net/xfrm.h>
58 
59 #include <linux/proc_fs.h>
60 #include <linux/seq_file.h>
61 
62 struct hlist_head raw_v6_htable[RAWV6_HTABLE_SIZE];
63 DEFINE_RWLOCK(raw_v6_lock);
64 
65 static void raw_v6_hash(struct sock *sk)
66 {
67 	struct hlist_head *list = &raw_v6_htable[inet_sk(sk)->num &
68 						 (RAWV6_HTABLE_SIZE - 1)];
69 
70 	write_lock_bh(&raw_v6_lock);
71 	sk_add_node(sk, list);
72 	sock_prot_inc_use(sk->sk_prot);
73 	write_unlock_bh(&raw_v6_lock);
74 }
75 
76 static void raw_v6_unhash(struct sock *sk)
77 {
78 	write_lock_bh(&raw_v6_lock);
79 	if (sk_del_node_init(sk))
80 		sock_prot_dec_use(sk->sk_prot);
81 	write_unlock_bh(&raw_v6_lock);
82 }
83 
84 
85 /* Grumble... icmp and ip_input want to get at this... */
86 struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
87 			     struct in6_addr *loc_addr, struct in6_addr *rmt_addr,
88 			     int dif)
89 {
90 	struct hlist_node *node;
91 	int is_multicast = ipv6_addr_is_multicast(loc_addr);
92 
93 	sk_for_each_from(sk, node)
94 		if (inet_sk(sk)->num == num) {
95 			struct ipv6_pinfo *np = inet6_sk(sk);
96 
97 			if (!ipv6_addr_any(&np->daddr) &&
98 			    !ipv6_addr_equal(&np->daddr, rmt_addr))
99 				continue;
100 
101 			if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
102 				continue;
103 
104 			if (!ipv6_addr_any(&np->rcv_saddr)) {
105 				if (ipv6_addr_equal(&np->rcv_saddr, loc_addr))
106 					goto found;
107 				if (is_multicast &&
108 				    inet6_mc_check(sk, loc_addr, rmt_addr))
109 					goto found;
110 				continue;
111 			}
112 			goto found;
113 		}
114 	sk = NULL;
115 found:
116 	return sk;
117 }
118 
119 /*
120  *	0 - deliver
121  *	1 - block
122  */
123 static __inline__ int icmpv6_filter(struct sock *sk, struct sk_buff *skb)
124 {
125 	struct icmp6hdr *icmph;
126 	struct raw6_sock *rp = raw6_sk(sk);
127 
128 	if (pskb_may_pull(skb, sizeof(struct icmp6hdr))) {
129 		__u32 *data = &rp->filter.data[0];
130 		int bit_nr;
131 
132 		icmph = (struct icmp6hdr *) skb->data;
133 		bit_nr = icmph->icmp6_type;
134 
135 		return (data[bit_nr >> 5] & (1 << (bit_nr & 31))) != 0;
136 	}
137 	return 0;
138 }
139 
140 /*
141  *	demultiplex raw sockets.
142  *	(should consider queueing the skb in the sock receive_queue
143  *	without calling rawv6.c)
144  *
145  *	Caller owns SKB so we must make clones.
146  */
147 int ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
148 {
149 	struct in6_addr *saddr;
150 	struct in6_addr *daddr;
151 	struct sock *sk;
152 	int delivered = 0;
153 	__u8 hash;
154 
155 	saddr = &ipv6_hdr(skb)->saddr;
156 	daddr = saddr + 1;
157 
158 	hash = nexthdr & (MAX_INET_PROTOS - 1);
159 
160 	read_lock(&raw_v6_lock);
161 	sk = sk_head(&raw_v6_htable[hash]);
162 
163 	/*
164 	 *	The first socket found will be delivered after
165 	 *	delivery to transport protocols.
166 	 */
167 
168 	if (sk == NULL)
169 		goto out;
170 
171 	sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr, IP6CB(skb)->iif);
172 
173 	while (sk) {
174 		int filtered;
175 
176 		delivered = 1;
177 		switch (nexthdr) {
178 		case IPPROTO_ICMPV6:
179 			filtered = icmpv6_filter(sk, skb);
180 			break;
181 #ifdef CONFIG_IPV6_MIP6
182 		case IPPROTO_MH:
183 			/* XXX: To validate MH only once for each packet,
184 			 * this is placed here. It should be after checking
185 			 * xfrm policy, however it doesn't. The checking xfrm
186 			 * policy is placed in rawv6_rcv() because it is
187 			 * required for each socket.
188 			 */
189 			filtered = mip6_mh_filter(sk, skb);
190 			break;
191 #endif
192 		default:
193 			filtered = 0;
194 			break;
195 		}
196 
197 		if (filtered < 0)
198 			break;
199 		if (filtered == 0) {
200 			struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC);
201 
202 			/* Not releasing hash table! */
203 			if (clone) {
204 				nf_reset(clone);
205 				rawv6_rcv(sk, clone);
206 			}
207 		}
208 		sk = __raw_v6_lookup(sk_next(sk), nexthdr, daddr, saddr,
209 				     IP6CB(skb)->iif);
210 	}
211 out:
212 	read_unlock(&raw_v6_lock);
213 	return delivered;
214 }
215 
216 /* This cleans up af_inet6 a bit. -DaveM */
217 static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
218 {
219 	struct inet_sock *inet = inet_sk(sk);
220 	struct ipv6_pinfo *np = inet6_sk(sk);
221 	struct sockaddr_in6 *addr = (struct sockaddr_in6 *) uaddr;
222 	__be32 v4addr = 0;
223 	int addr_type;
224 	int err;
225 
226 	if (addr_len < SIN6_LEN_RFC2133)
227 		return -EINVAL;
228 	addr_type = ipv6_addr_type(&addr->sin6_addr);
229 
230 	/* Raw sockets are IPv6 only */
231 	if (addr_type == IPV6_ADDR_MAPPED)
232 		return(-EADDRNOTAVAIL);
233 
234 	lock_sock(sk);
235 
236 	err = -EINVAL;
237 	if (sk->sk_state != TCP_CLOSE)
238 		goto out;
239 
240 	/* Check if the address belongs to the host. */
241 	if (addr_type != IPV6_ADDR_ANY) {
242 		struct net_device *dev = NULL;
243 
244 		if (addr_type & IPV6_ADDR_LINKLOCAL) {
245 			if (addr_len >= sizeof(struct sockaddr_in6) &&
246 			    addr->sin6_scope_id) {
247 				/* Override any existing binding, if another
248 				 * one is supplied by user.
249 				 */
250 				sk->sk_bound_dev_if = addr->sin6_scope_id;
251 			}
252 
253 			/* Binding to link-local address requires an interface */
254 			if (!sk->sk_bound_dev_if)
255 				goto out;
256 
257 			dev = dev_get_by_index(sk->sk_bound_dev_if);
258 			if (!dev) {
259 				err = -ENODEV;
260 				goto out;
261 			}
262 		}
263 
264 		/* ipv4 addr of the socket is invalid.  Only the
265 		 * unspecified and mapped address have a v4 equivalent.
266 		 */
267 		v4addr = LOOPBACK4_IPV6;
268 		if (!(addr_type & IPV6_ADDR_MULTICAST))	{
269 			err = -EADDRNOTAVAIL;
270 			if (!ipv6_chk_addr(&addr->sin6_addr, dev, 0)) {
271 				if (dev)
272 					dev_put(dev);
273 				goto out;
274 			}
275 		}
276 		if (dev)
277 			dev_put(dev);
278 	}
279 
280 	inet->rcv_saddr = inet->saddr = v4addr;
281 	ipv6_addr_copy(&np->rcv_saddr, &addr->sin6_addr);
282 	if (!(addr_type & IPV6_ADDR_MULTICAST))
283 		ipv6_addr_copy(&np->saddr, &addr->sin6_addr);
284 	err = 0;
285 out:
286 	release_sock(sk);
287 	return err;
288 }
289 
290 void rawv6_err(struct sock *sk, struct sk_buff *skb,
291 	       struct inet6_skb_parm *opt,
292 	       int type, int code, int offset, __be32 info)
293 {
294 	struct inet_sock *inet = inet_sk(sk);
295 	struct ipv6_pinfo *np = inet6_sk(sk);
296 	int err;
297 	int harderr;
298 
299 	/* Report error on raw socket, if:
300 	   1. User requested recverr.
301 	   2. Socket is connected (otherwise the error indication
302 	      is useless without recverr and error is hard.
303 	 */
304 	if (!np->recverr && sk->sk_state != TCP_ESTABLISHED)
305 		return;
306 
307 	harderr = icmpv6_err_convert(type, code, &err);
308 	if (type == ICMPV6_PKT_TOOBIG)
309 		harderr = (np->pmtudisc == IPV6_PMTUDISC_DO);
310 
311 	if (np->recverr) {
312 		u8 *payload = skb->data;
313 		if (!inet->hdrincl)
314 			payload += offset;
315 		ipv6_icmp_error(sk, skb, err, 0, ntohl(info), payload);
316 	}
317 
318 	if (np->recverr || harderr) {
319 		sk->sk_err = err;
320 		sk->sk_error_report(sk);
321 	}
322 }
323 
324 static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb)
325 {
326 	if ((raw6_sk(sk)->checksum || sk->sk_filter) &&
327 	    skb_checksum_complete(skb)) {
328 		/* FIXME: increment a raw6 drops counter here */
329 		kfree_skb(skb);
330 		return 0;
331 	}
332 
333 	/* Charge it to the socket. */
334 	if (sock_queue_rcv_skb(sk,skb)<0) {
335 		/* FIXME: increment a raw6 drops counter here */
336 		kfree_skb(skb);
337 		return 0;
338 	}
339 
340 	return 0;
341 }
342 
343 /*
344  *	This is next to useless...
345  *	if we demultiplex in network layer we don't need the extra call
346  *	just to queue the skb...
347  *	maybe we could have the network decide upon a hint if it
348  *	should call raw_rcv for demultiplexing
349  */
350 int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
351 {
352 	struct inet_sock *inet = inet_sk(sk);
353 	struct raw6_sock *rp = raw6_sk(sk);
354 
355 	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
356 		kfree_skb(skb);
357 		return NET_RX_DROP;
358 	}
359 
360 	if (!rp->checksum)
361 		skb->ip_summed = CHECKSUM_UNNECESSARY;
362 
363 	if (skb->ip_summed == CHECKSUM_COMPLETE) {
364 		skb_postpull_rcsum(skb, skb_network_header(skb),
365 				   skb_network_header_len(skb));
366 		if (!csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
367 				     &ipv6_hdr(skb)->daddr,
368 				     skb->len, inet->num, skb->csum))
369 			skb->ip_summed = CHECKSUM_UNNECESSARY;
370 	}
371 	if (!skb_csum_unnecessary(skb))
372 		skb->csum = ~csum_unfold(csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
373 							 &ipv6_hdr(skb)->daddr,
374 							 skb->len,
375 							 inet->num, 0));
376 
377 	if (inet->hdrincl) {
378 		if (skb_checksum_complete(skb)) {
379 			/* FIXME: increment a raw6 drops counter here */
380 			kfree_skb(skb);
381 			return 0;
382 		}
383 	}
384 
385 	rawv6_rcv_skb(sk, skb);
386 	return 0;
387 }
388 
389 
390 /*
391  *	This should be easy, if there is something there
392  *	we return it, otherwise we block.
393  */
394 
395 static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk,
396 		  struct msghdr *msg, size_t len,
397 		  int noblock, int flags, int *addr_len)
398 {
399 	struct ipv6_pinfo *np = inet6_sk(sk);
400 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)msg->msg_name;
401 	struct sk_buff *skb;
402 	size_t copied;
403 	int err;
404 
405 	if (flags & MSG_OOB)
406 		return -EOPNOTSUPP;
407 
408 	if (addr_len)
409 		*addr_len=sizeof(*sin6);
410 
411 	if (flags & MSG_ERRQUEUE)
412 		return ipv6_recv_error(sk, msg, len);
413 
414 	skb = skb_recv_datagram(sk, flags, noblock, &err);
415 	if (!skb)
416 		goto out;
417 
418 	copied = skb->len;
419 	if (copied > len) {
420 		copied = len;
421 		msg->msg_flags |= MSG_TRUNC;
422 	}
423 
424 	if (skb_csum_unnecessary(skb)) {
425 		err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
426 	} else if (msg->msg_flags&MSG_TRUNC) {
427 		if (__skb_checksum_complete(skb))
428 			goto csum_copy_err;
429 		err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
430 	} else {
431 		err = skb_copy_and_csum_datagram_iovec(skb, 0, msg->msg_iov);
432 		if (err == -EINVAL)
433 			goto csum_copy_err;
434 	}
435 	if (err)
436 		goto out_free;
437 
438 	/* Copy the address. */
439 	if (sin6) {
440 		sin6->sin6_family = AF_INET6;
441 		sin6->sin6_port = 0;
442 		ipv6_addr_copy(&sin6->sin6_addr, &ipv6_hdr(skb)->saddr);
443 		sin6->sin6_flowinfo = 0;
444 		sin6->sin6_scope_id = 0;
445 		if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LINKLOCAL)
446 			sin6->sin6_scope_id = IP6CB(skb)->iif;
447 	}
448 
449 	sock_recv_timestamp(msg, sk, skb);
450 
451 	if (np->rxopt.all)
452 		datagram_recv_ctl(sk, msg, skb);
453 
454 	err = copied;
455 	if (flags & MSG_TRUNC)
456 		err = skb->len;
457 
458 out_free:
459 	skb_free_datagram(sk, skb);
460 out:
461 	return err;
462 
463 csum_copy_err:
464 	skb_kill_datagram(sk, skb, flags);
465 
466 	/* Error for blocking case is chosen to masquerade
467 	   as some normal condition.
468 	 */
469 	err = (flags&MSG_DONTWAIT) ? -EAGAIN : -EHOSTUNREACH;
470 	/* FIXME: increment a raw6 drops counter here */
471 	goto out;
472 }
473 
474 static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl,
475 				     struct raw6_sock *rp)
476 {
477 	struct sk_buff *skb;
478 	int err = 0;
479 	int offset;
480 	int len;
481 	int total_len;
482 	__wsum tmp_csum;
483 	__sum16 csum;
484 
485 	if (!rp->checksum)
486 		goto send;
487 
488 	if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
489 		goto out;
490 
491 	offset = rp->offset;
492 	total_len = inet_sk(sk)->cork.length - (skb_network_header(skb) -
493 						skb->data);
494 	if (offset >= total_len - 1) {
495 		err = -EINVAL;
496 		ip6_flush_pending_frames(sk);
497 		goto out;
498 	}
499 
500 	/* should be check HW csum miyazawa */
501 	if (skb_queue_len(&sk->sk_write_queue) == 1) {
502 		/*
503 		 * Only one fragment on the socket.
504 		 */
505 		tmp_csum = skb->csum;
506 	} else {
507 		struct sk_buff *csum_skb = NULL;
508 		tmp_csum = 0;
509 
510 		skb_queue_walk(&sk->sk_write_queue, skb) {
511 			tmp_csum = csum_add(tmp_csum, skb->csum);
512 
513 			if (csum_skb)
514 				continue;
515 
516 			len = skb->len - skb_transport_offset(skb);
517 			if (offset >= len) {
518 				offset -= len;
519 				continue;
520 			}
521 
522 			csum_skb = skb;
523 		}
524 
525 		skb = csum_skb;
526 	}
527 
528 	offset += skb_transport_offset(skb);
529 	if (skb_copy_bits(skb, offset, &csum, 2))
530 		BUG();
531 
532 	/* in case cksum was not initialized */
533 	if (unlikely(csum))
534 		tmp_csum = csum_sub(tmp_csum, csum_unfold(csum));
535 
536 	csum = csum_ipv6_magic(&fl->fl6_src,
537 				   &fl->fl6_dst,
538 				   total_len, fl->proto, tmp_csum);
539 
540 	if (csum == 0 && fl->proto == IPPROTO_UDP)
541 		csum = CSUM_MANGLED_0;
542 
543 	if (skb_store_bits(skb, offset, &csum, 2))
544 		BUG();
545 
546 send:
547 	err = ip6_push_pending_frames(sk);
548 out:
549 	return err;
550 }
551 
552 static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
553 			struct flowi *fl, struct rt6_info *rt,
554 			unsigned int flags)
555 {
556 	struct ipv6_pinfo *np = inet6_sk(sk);
557 	struct ipv6hdr *iph;
558 	struct sk_buff *skb;
559 	unsigned int hh_len;
560 	int err;
561 
562 	if (length > rt->u.dst.dev->mtu) {
563 		ipv6_local_error(sk, EMSGSIZE, fl, rt->u.dst.dev->mtu);
564 		return -EMSGSIZE;
565 	}
566 	if (flags&MSG_PROBE)
567 		goto out;
568 
569 	hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
570 
571 	skb = sock_alloc_send_skb(sk, length+hh_len+15,
572 				  flags&MSG_DONTWAIT, &err);
573 	if (skb == NULL)
574 		goto error;
575 	skb_reserve(skb, hh_len);
576 
577 	skb->priority = sk->sk_priority;
578 	skb->dst = dst_clone(&rt->u.dst);
579 
580 	skb_put(skb, length);
581 	skb_reset_network_header(skb);
582 	iph = ipv6_hdr(skb);
583 
584 	skb->ip_summed = CHECKSUM_NONE;
585 
586 	skb->transport_header = skb->network_header;
587 	err = memcpy_fromiovecend((void *)iph, from, 0, length);
588 	if (err)
589 		goto error_fault;
590 
591 	IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS);
592 	err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
593 		      dst_output);
594 	if (err > 0)
595 		err = np->recverr ? net_xmit_errno(err) : 0;
596 	if (err)
597 		goto error;
598 out:
599 	return 0;
600 
601 error_fault:
602 	err = -EFAULT;
603 	kfree_skb(skb);
604 error:
605 	IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
606 	return err;
607 }
608 
609 static int rawv6_probe_proto_opt(struct flowi *fl, struct msghdr *msg)
610 {
611 	struct iovec *iov;
612 	u8 __user *type = NULL;
613 	u8 __user *code = NULL;
614 #ifdef CONFIG_IPV6_MIP6
615 	u8 len = 0;
616 #endif
617 	int probed = 0;
618 	int i;
619 
620 	if (!msg->msg_iov)
621 		return 0;
622 
623 	for (i = 0; i < msg->msg_iovlen; i++) {
624 		iov = &msg->msg_iov[i];
625 		if (!iov)
626 			continue;
627 
628 		switch (fl->proto) {
629 		case IPPROTO_ICMPV6:
630 			/* check if one-byte field is readable or not. */
631 			if (iov->iov_base && iov->iov_len < 1)
632 				break;
633 
634 			if (!type) {
635 				type = iov->iov_base;
636 				/* check if code field is readable or not. */
637 				if (iov->iov_len > 1)
638 					code = type + 1;
639 			} else if (!code)
640 				code = iov->iov_base;
641 
642 			if (type && code) {
643 				if (get_user(fl->fl_icmp_type, type) ||
644 				    get_user(fl->fl_icmp_code, code))
645 					return -EFAULT;
646 				probed = 1;
647 			}
648 			break;
649 #ifdef CONFIG_IPV6_MIP6
650 		case IPPROTO_MH:
651 			if (iov->iov_base && iov->iov_len < 1)
652 				break;
653 			/* check if type field is readable or not. */
654 			if (iov->iov_len > 2 - len) {
655 				u8 __user *p = iov->iov_base;
656 				if (get_user(fl->fl_mh_type, &p[2 - len]))
657 					return -EFAULT;
658 				probed = 1;
659 			} else
660 				len += iov->iov_len;
661 
662 			break;
663 #endif
664 		default:
665 			probed = 1;
666 			break;
667 		}
668 		if (probed)
669 			break;
670 	}
671 	return 0;
672 }
673 
674 static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
675 		   struct msghdr *msg, size_t len)
676 {
677 	struct ipv6_txoptions opt_space;
678 	struct sockaddr_in6 * sin6 = (struct sockaddr_in6 *) msg->msg_name;
679 	struct in6_addr *daddr, *final_p = NULL, final;
680 	struct inet_sock *inet = inet_sk(sk);
681 	struct ipv6_pinfo *np = inet6_sk(sk);
682 	struct raw6_sock *rp = raw6_sk(sk);
683 	struct ipv6_txoptions *opt = NULL;
684 	struct ip6_flowlabel *flowlabel = NULL;
685 	struct dst_entry *dst = NULL;
686 	struct flowi fl;
687 	int addr_len = msg->msg_namelen;
688 	int hlimit = -1;
689 	int tclass = -1;
690 	u16 proto;
691 	int err;
692 
693 	/* Rough check on arithmetic overflow,
694 	   better check is made in ip6_append_data().
695 	 */
696 	if (len > INT_MAX)
697 		return -EMSGSIZE;
698 
699 	/* Mirror BSD error message compatibility */
700 	if (msg->msg_flags & MSG_OOB)
701 		return -EOPNOTSUPP;
702 
703 	/*
704 	 *	Get and verify the address.
705 	 */
706 	memset(&fl, 0, sizeof(fl));
707 
708 	if (sin6) {
709 		if (addr_len < SIN6_LEN_RFC2133)
710 			return -EINVAL;
711 
712 		if (sin6->sin6_family && sin6->sin6_family != AF_INET6)
713 			return(-EAFNOSUPPORT);
714 
715 		/* port is the proto value [0..255] carried in nexthdr */
716 		proto = ntohs(sin6->sin6_port);
717 
718 		if (!proto)
719 			proto = inet->num;
720 		else if (proto != inet->num)
721 			return(-EINVAL);
722 
723 		if (proto > 255)
724 			return(-EINVAL);
725 
726 		daddr = &sin6->sin6_addr;
727 		if (np->sndflow) {
728 			fl.fl6_flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK;
729 			if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
730 				flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
731 				if (flowlabel == NULL)
732 					return -EINVAL;
733 				daddr = &flowlabel->dst;
734 			}
735 		}
736 
737 		/*
738 		 * Otherwise it will be difficult to maintain
739 		 * sk->sk_dst_cache.
740 		 */
741 		if (sk->sk_state == TCP_ESTABLISHED &&
742 		    ipv6_addr_equal(daddr, &np->daddr))
743 			daddr = &np->daddr;
744 
745 		if (addr_len >= sizeof(struct sockaddr_in6) &&
746 		    sin6->sin6_scope_id &&
747 		    ipv6_addr_type(daddr)&IPV6_ADDR_LINKLOCAL)
748 			fl.oif = sin6->sin6_scope_id;
749 	} else {
750 		if (sk->sk_state != TCP_ESTABLISHED)
751 			return -EDESTADDRREQ;
752 
753 		proto = inet->num;
754 		daddr = &np->daddr;
755 		fl.fl6_flowlabel = np->flow_label;
756 	}
757 
758 	if (ipv6_addr_any(daddr)) {
759 		/*
760 		 * unspecified destination address
761 		 * treated as error... is this correct ?
762 		 */
763 		fl6_sock_release(flowlabel);
764 		return(-EINVAL);
765 	}
766 
767 	if (fl.oif == 0)
768 		fl.oif = sk->sk_bound_dev_if;
769 
770 	if (msg->msg_controllen) {
771 		opt = &opt_space;
772 		memset(opt, 0, sizeof(struct ipv6_txoptions));
773 		opt->tot_len = sizeof(struct ipv6_txoptions);
774 
775 		err = datagram_send_ctl(msg, &fl, opt, &hlimit, &tclass);
776 		if (err < 0) {
777 			fl6_sock_release(flowlabel);
778 			return err;
779 		}
780 		if ((fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) {
781 			flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
782 			if (flowlabel == NULL)
783 				return -EINVAL;
784 		}
785 		if (!(opt->opt_nflen|opt->opt_flen))
786 			opt = NULL;
787 	}
788 	if (opt == NULL)
789 		opt = np->opt;
790 	if (flowlabel)
791 		opt = fl6_merge_options(&opt_space, flowlabel, opt);
792 	opt = ipv6_fixup_options(&opt_space, opt);
793 
794 	fl.proto = proto;
795 	err = rawv6_probe_proto_opt(&fl, msg);
796 	if (err)
797 		goto out;
798 
799 	ipv6_addr_copy(&fl.fl6_dst, daddr);
800 	if (ipv6_addr_any(&fl.fl6_src) && !ipv6_addr_any(&np->saddr))
801 		ipv6_addr_copy(&fl.fl6_src, &np->saddr);
802 
803 	/* merge ip6_build_xmit from ip6_output */
804 	if (opt && opt->srcrt) {
805 		struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
806 		ipv6_addr_copy(&final, &fl.fl6_dst);
807 		ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
808 		final_p = &final;
809 	}
810 
811 	if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
812 		fl.oif = np->mcast_oif;
813 	security_sk_classify_flow(sk, &fl);
814 
815 	err = ip6_dst_lookup(sk, &dst, &fl);
816 	if (err)
817 		goto out;
818 	if (final_p)
819 		ipv6_addr_copy(&fl.fl6_dst, final_p);
820 
821 	if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0)
822 		goto out;
823 
824 	if (hlimit < 0) {
825 		if (ipv6_addr_is_multicast(&fl.fl6_dst))
826 			hlimit = np->mcast_hops;
827 		else
828 			hlimit = np->hop_limit;
829 		if (hlimit < 0)
830 			hlimit = dst_metric(dst, RTAX_HOPLIMIT);
831 		if (hlimit < 0)
832 			hlimit = ipv6_get_hoplimit(dst->dev);
833 	}
834 
835 	if (tclass < 0) {
836 		tclass = np->tclass;
837 		if (tclass < 0)
838 			tclass = 0;
839 	}
840 
841 	if (msg->msg_flags&MSG_CONFIRM)
842 		goto do_confirm;
843 
844 back_from_confirm:
845 	if (inet->hdrincl) {
846 		err = rawv6_send_hdrinc(sk, msg->msg_iov, len, &fl, (struct rt6_info*)dst, msg->msg_flags);
847 	} else {
848 		lock_sock(sk);
849 		err = ip6_append_data(sk, ip_generic_getfrag, msg->msg_iov,
850 			len, 0, hlimit, tclass, opt, &fl, (struct rt6_info*)dst,
851 			msg->msg_flags);
852 
853 		if (err)
854 			ip6_flush_pending_frames(sk);
855 		else if (!(msg->msg_flags & MSG_MORE))
856 			err = rawv6_push_pending_frames(sk, &fl, rp);
857 	}
858 done:
859 	dst_release(dst);
860 	if (!inet->hdrincl)
861 		release_sock(sk);
862 out:
863 	fl6_sock_release(flowlabel);
864 	return err<0?err:len;
865 do_confirm:
866 	dst_confirm(dst);
867 	if (!(msg->msg_flags & MSG_PROBE) || len)
868 		goto back_from_confirm;
869 	err = 0;
870 	goto done;
871 }
872 
873 static int rawv6_seticmpfilter(struct sock *sk, int level, int optname,
874 			       char __user *optval, int optlen)
875 {
876 	switch (optname) {
877 	case ICMPV6_FILTER:
878 		if (optlen > sizeof(struct icmp6_filter))
879 			optlen = sizeof(struct icmp6_filter);
880 		if (copy_from_user(&raw6_sk(sk)->filter, optval, optlen))
881 			return -EFAULT;
882 		return 0;
883 	default:
884 		return -ENOPROTOOPT;
885 	}
886 
887 	return 0;
888 }
889 
890 static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
891 			       char __user *optval, int __user *optlen)
892 {
893 	int len;
894 
895 	switch (optname) {
896 	case ICMPV6_FILTER:
897 		if (get_user(len, optlen))
898 			return -EFAULT;
899 		if (len < 0)
900 			return -EINVAL;
901 		if (len > sizeof(struct icmp6_filter))
902 			len = sizeof(struct icmp6_filter);
903 		if (put_user(len, optlen))
904 			return -EFAULT;
905 		if (copy_to_user(optval, &raw6_sk(sk)->filter, len))
906 			return -EFAULT;
907 		return 0;
908 	default:
909 		return -ENOPROTOOPT;
910 	}
911 
912 	return 0;
913 }
914 
915 
916 static int do_rawv6_setsockopt(struct sock *sk, int level, int optname,
917 			    char __user *optval, int optlen)
918 {
919 	struct raw6_sock *rp = raw6_sk(sk);
920 	int val;
921 
922 	if (get_user(val, (int __user *)optval))
923 		return -EFAULT;
924 
925 	switch (optname) {
926 		case IPV6_CHECKSUM:
927 			/* You may get strange result with a positive odd offset;
928 			   RFC2292bis agrees with me. */
929 			if (val > 0 && (val&1))
930 				return(-EINVAL);
931 			if (val < 0) {
932 				rp->checksum = 0;
933 			} else {
934 				rp->checksum = 1;
935 				rp->offset = val;
936 			}
937 
938 			return 0;
939 			break;
940 
941 		default:
942 			return(-ENOPROTOOPT);
943 	}
944 }
945 
946 static int rawv6_setsockopt(struct sock *sk, int level, int optname,
947 			  char __user *optval, int optlen)
948 {
949 	switch(level) {
950 		case SOL_RAW:
951 			break;
952 
953 		case SOL_ICMPV6:
954 			if (inet_sk(sk)->num != IPPROTO_ICMPV6)
955 				return -EOPNOTSUPP;
956 			return rawv6_seticmpfilter(sk, level, optname, optval,
957 						   optlen);
958 		case SOL_IPV6:
959 			if (optname == IPV6_CHECKSUM)
960 				break;
961 		default:
962 			return ipv6_setsockopt(sk, level, optname, optval,
963 					       optlen);
964 	}
965 
966 	return do_rawv6_setsockopt(sk, level, optname, optval, optlen);
967 }
968 
969 #ifdef CONFIG_COMPAT
970 static int compat_rawv6_setsockopt(struct sock *sk, int level, int optname,
971 				   char __user *optval, int optlen)
972 {
973 	switch (level) {
974 	case SOL_RAW:
975 		break;
976 	case SOL_ICMPV6:
977 		if (inet_sk(sk)->num != IPPROTO_ICMPV6)
978 			return -EOPNOTSUPP;
979 		return rawv6_seticmpfilter(sk, level, optname, optval, optlen);
980 	case SOL_IPV6:
981 		if (optname == IPV6_CHECKSUM)
982 			break;
983 	default:
984 		return compat_ipv6_setsockopt(sk, level, optname,
985 					      optval, optlen);
986 	}
987 	return do_rawv6_setsockopt(sk, level, optname, optval, optlen);
988 }
989 #endif
990 
991 static int do_rawv6_getsockopt(struct sock *sk, int level, int optname,
992 			    char __user *optval, int __user *optlen)
993 {
994 	struct raw6_sock *rp = raw6_sk(sk);
995 	int val, len;
996 
997 	if (get_user(len,optlen))
998 		return -EFAULT;
999 
1000 	switch (optname) {
1001 	case IPV6_CHECKSUM:
1002 		if (rp->checksum == 0)
1003 			val = -1;
1004 		else
1005 			val = rp->offset;
1006 		break;
1007 
1008 	default:
1009 		return -ENOPROTOOPT;
1010 	}
1011 
1012 	len = min_t(unsigned int, sizeof(int), len);
1013 
1014 	if (put_user(len, optlen))
1015 		return -EFAULT;
1016 	if (copy_to_user(optval,&val,len))
1017 		return -EFAULT;
1018 	return 0;
1019 }
1020 
1021 static int rawv6_getsockopt(struct sock *sk, int level, int optname,
1022 			  char __user *optval, int __user *optlen)
1023 {
1024 	switch(level) {
1025 		case SOL_RAW:
1026 			break;
1027 
1028 		case SOL_ICMPV6:
1029 			if (inet_sk(sk)->num != IPPROTO_ICMPV6)
1030 				return -EOPNOTSUPP;
1031 			return rawv6_geticmpfilter(sk, level, optname, optval,
1032 						   optlen);
1033 		case SOL_IPV6:
1034 			if (optname == IPV6_CHECKSUM)
1035 				break;
1036 		default:
1037 			return ipv6_getsockopt(sk, level, optname, optval,
1038 					       optlen);
1039 	}
1040 
1041 	return do_rawv6_getsockopt(sk, level, optname, optval, optlen);
1042 }
1043 
1044 #ifdef CONFIG_COMPAT
1045 static int compat_rawv6_getsockopt(struct sock *sk, int level, int optname,
1046 				   char __user *optval, int __user *optlen)
1047 {
1048 	switch (level) {
1049 	case SOL_RAW:
1050 		break;
1051 	case SOL_ICMPV6:
1052 		if (inet_sk(sk)->num != IPPROTO_ICMPV6)
1053 			return -EOPNOTSUPP;
1054 		return rawv6_geticmpfilter(sk, level, optname, optval, optlen);
1055 	case SOL_IPV6:
1056 		if (optname == IPV6_CHECKSUM)
1057 			break;
1058 	default:
1059 		return compat_ipv6_getsockopt(sk, level, optname,
1060 					      optval, optlen);
1061 	}
1062 	return do_rawv6_getsockopt(sk, level, optname, optval, optlen);
1063 }
1064 #endif
1065 
1066 static int rawv6_ioctl(struct sock *sk, int cmd, unsigned long arg)
1067 {
1068 	switch(cmd) {
1069 		case SIOCOUTQ:
1070 		{
1071 			int amount = atomic_read(&sk->sk_wmem_alloc);
1072 			return put_user(amount, (int __user *)arg);
1073 		}
1074 		case SIOCINQ:
1075 		{
1076 			struct sk_buff *skb;
1077 			int amount = 0;
1078 
1079 			spin_lock_bh(&sk->sk_receive_queue.lock);
1080 			skb = skb_peek(&sk->sk_receive_queue);
1081 			if (skb != NULL)
1082 				amount = skb->tail - skb->transport_header;
1083 			spin_unlock_bh(&sk->sk_receive_queue.lock);
1084 			return put_user(amount, (int __user *)arg);
1085 		}
1086 
1087 		default:
1088 			return -ENOIOCTLCMD;
1089 	}
1090 }
1091 
1092 static void rawv6_close(struct sock *sk, long timeout)
1093 {
1094 	if (inet_sk(sk)->num == IPPROTO_RAW)
1095 		ip6_ra_control(sk, -1, NULL);
1096 
1097 	sk_common_release(sk);
1098 }
1099 
1100 static int rawv6_init_sk(struct sock *sk)
1101 {
1102 	struct raw6_sock *rp = raw6_sk(sk);
1103 
1104 	switch (inet_sk(sk)->num) {
1105 	case IPPROTO_ICMPV6:
1106 		rp->checksum = 1;
1107 		rp->offset   = 2;
1108 		break;
1109 	case IPPROTO_MH:
1110 		rp->checksum = 1;
1111 		rp->offset   = 4;
1112 		break;
1113 	default:
1114 		break;
1115 	}
1116 	return(0);
1117 }
1118 
1119 struct proto rawv6_prot = {
1120 	.name		   = "RAWv6",
1121 	.owner		   = THIS_MODULE,
1122 	.close		   = rawv6_close,
1123 	.connect	   = ip6_datagram_connect,
1124 	.disconnect	   = udp_disconnect,
1125 	.ioctl		   = rawv6_ioctl,
1126 	.init		   = rawv6_init_sk,
1127 	.destroy	   = inet6_destroy_sock,
1128 	.setsockopt	   = rawv6_setsockopt,
1129 	.getsockopt	   = rawv6_getsockopt,
1130 	.sendmsg	   = rawv6_sendmsg,
1131 	.recvmsg	   = rawv6_recvmsg,
1132 	.bind		   = rawv6_bind,
1133 	.backlog_rcv	   = rawv6_rcv_skb,
1134 	.hash		   = raw_v6_hash,
1135 	.unhash		   = raw_v6_unhash,
1136 	.obj_size	   = sizeof(struct raw6_sock),
1137 #ifdef CONFIG_COMPAT
1138 	.compat_setsockopt = compat_rawv6_setsockopt,
1139 	.compat_getsockopt = compat_rawv6_getsockopt,
1140 #endif
1141 };
1142 
1143 #ifdef CONFIG_PROC_FS
1144 struct raw6_iter_state {
1145 	int bucket;
1146 };
1147 
1148 #define raw6_seq_private(seq) ((struct raw6_iter_state *)(seq)->private)
1149 
1150 static struct sock *raw6_get_first(struct seq_file *seq)
1151 {
1152 	struct sock *sk;
1153 	struct hlist_node *node;
1154 	struct raw6_iter_state* state = raw6_seq_private(seq);
1155 
1156 	for (state->bucket = 0; state->bucket < RAWV6_HTABLE_SIZE; ++state->bucket)
1157 		sk_for_each(sk, node, &raw_v6_htable[state->bucket])
1158 			if (sk->sk_family == PF_INET6)
1159 				goto out;
1160 	sk = NULL;
1161 out:
1162 	return sk;
1163 }
1164 
1165 static struct sock *raw6_get_next(struct seq_file *seq, struct sock *sk)
1166 {
1167 	struct raw6_iter_state* state = raw6_seq_private(seq);
1168 
1169 	do {
1170 		sk = sk_next(sk);
1171 try_again:
1172 		;
1173 	} while (sk && sk->sk_family != PF_INET6);
1174 
1175 	if (!sk && ++state->bucket < RAWV6_HTABLE_SIZE) {
1176 		sk = sk_head(&raw_v6_htable[state->bucket]);
1177 		goto try_again;
1178 	}
1179 	return sk;
1180 }
1181 
1182 static struct sock *raw6_get_idx(struct seq_file *seq, loff_t pos)
1183 {
1184 	struct sock *sk = raw6_get_first(seq);
1185 	if (sk)
1186 		while (pos && (sk = raw6_get_next(seq, sk)) != NULL)
1187 			--pos;
1188 	return pos ? NULL : sk;
1189 }
1190 
1191 static void *raw6_seq_start(struct seq_file *seq, loff_t *pos)
1192 {
1193 	read_lock(&raw_v6_lock);
1194 	return *pos ? raw6_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
1195 }
1196 
1197 static void *raw6_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1198 {
1199 	struct sock *sk;
1200 
1201 	if (v == SEQ_START_TOKEN)
1202 		sk = raw6_get_first(seq);
1203 	else
1204 		sk = raw6_get_next(seq, v);
1205 	++*pos;
1206 	return sk;
1207 }
1208 
1209 static void raw6_seq_stop(struct seq_file *seq, void *v)
1210 {
1211 	read_unlock(&raw_v6_lock);
1212 }
1213 
1214 static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
1215 {
1216 	struct ipv6_pinfo *np = inet6_sk(sp);
1217 	struct in6_addr *dest, *src;
1218 	__u16 destp, srcp;
1219 
1220 	dest  = &np->daddr;
1221 	src   = &np->rcv_saddr;
1222 	destp = 0;
1223 	srcp  = inet_sk(sp)->num;
1224 	seq_printf(seq,
1225 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1226 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p\n",
1227 		   i,
1228 		   src->s6_addr32[0], src->s6_addr32[1],
1229 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1230 		   dest->s6_addr32[0], dest->s6_addr32[1],
1231 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1232 		   sp->sk_state,
1233 		   atomic_read(&sp->sk_wmem_alloc),
1234 		   atomic_read(&sp->sk_rmem_alloc),
1235 		   0, 0L, 0,
1236 		   sock_i_uid(sp), 0,
1237 		   sock_i_ino(sp),
1238 		   atomic_read(&sp->sk_refcnt), sp);
1239 }
1240 
1241 static int raw6_seq_show(struct seq_file *seq, void *v)
1242 {
1243 	if (v == SEQ_START_TOKEN)
1244 		seq_printf(seq,
1245 			   "  sl  "
1246 			   "local_address                         "
1247 			   "remote_address                        "
1248 			   "st tx_queue rx_queue tr tm->when retrnsmt"
1249 			   "   uid  timeout inode\n");
1250 	else
1251 		raw6_sock_seq_show(seq, v, raw6_seq_private(seq)->bucket);
1252 	return 0;
1253 }
1254 
1255 static struct seq_operations raw6_seq_ops = {
1256 	.start =	raw6_seq_start,
1257 	.next =		raw6_seq_next,
1258 	.stop =		raw6_seq_stop,
1259 	.show =		raw6_seq_show,
1260 };
1261 
1262 static int raw6_seq_open(struct inode *inode, struct file *file)
1263 {
1264 	struct seq_file *seq;
1265 	int rc = -ENOMEM;
1266 	struct raw6_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
1267 	if (!s)
1268 		goto out;
1269 	rc = seq_open(file, &raw6_seq_ops);
1270 	if (rc)
1271 		goto out_kfree;
1272 	seq = file->private_data;
1273 	seq->private = s;
1274 out:
1275 	return rc;
1276 out_kfree:
1277 	kfree(s);
1278 	goto out;
1279 }
1280 
1281 static const struct file_operations raw6_seq_fops = {
1282 	.owner =	THIS_MODULE,
1283 	.open =		raw6_seq_open,
1284 	.read =		seq_read,
1285 	.llseek =	seq_lseek,
1286 	.release =	seq_release_private,
1287 };
1288 
1289 int __init raw6_proc_init(void)
1290 {
1291 	if (!proc_net_fops_create("raw6", S_IRUGO, &raw6_seq_fops))
1292 		return -ENOMEM;
1293 	return 0;
1294 }
1295 
1296 void raw6_proc_exit(void)
1297 {
1298 	proc_net_remove("raw6");
1299 }
1300 #endif	/* CONFIG_PROC_FS */
1301