xref: /openbmc/linux/net/ipv6/datagram.c (revision da1d9caf)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	common UDP/RAW code
4  *	Linux INET6 implementation
5  *
6  *	Authors:
7  *	Pedro Roque		<roque@di.fc.ul.pt>
8  */
9 
10 #include <linux/capability.h>
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 #include <linux/kernel.h>
14 #include <linux/interrupt.h>
15 #include <linux/socket.h>
16 #include <linux/sockios.h>
17 #include <linux/in6.h>
18 #include <linux/ipv6.h>
19 #include <linux/route.h>
20 #include <linux/slab.h>
21 #include <linux/export.h>
22 #include <linux/icmp.h>
23 
24 #include <net/ipv6.h>
25 #include <net/ndisc.h>
26 #include <net/addrconf.h>
27 #include <net/transp_v6.h>
28 #include <net/ip6_route.h>
29 #include <net/tcp_states.h>
30 #include <net/dsfield.h>
31 #include <net/sock_reuseport.h>
32 
33 #include <linux/errqueue.h>
34 #include <linux/uaccess.h>
35 
36 static bool ipv6_mapped_addr_any(const struct in6_addr *a)
37 {
38 	return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0);
39 }
40 
41 static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk)
42 {
43 	struct inet_sock *inet = inet_sk(sk);
44 	struct ipv6_pinfo *np = inet6_sk(sk);
45 
46 	memset(fl6, 0, sizeof(*fl6));
47 	fl6->flowi6_proto = sk->sk_protocol;
48 	fl6->daddr = sk->sk_v6_daddr;
49 	fl6->saddr = np->saddr;
50 	fl6->flowi6_oif = sk->sk_bound_dev_if;
51 	fl6->flowi6_mark = sk->sk_mark;
52 	fl6->fl6_dport = inet->inet_dport;
53 	fl6->fl6_sport = inet->inet_sport;
54 	fl6->flowlabel = np->flow_label;
55 	fl6->flowi6_uid = sk->sk_uid;
56 
57 	if (!fl6->flowi6_oif)
58 		fl6->flowi6_oif = np->sticky_pktinfo.ipi6_ifindex;
59 
60 	if (!fl6->flowi6_oif && ipv6_addr_is_multicast(&fl6->daddr))
61 		fl6->flowi6_oif = np->mcast_oif;
62 
63 	security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
64 }
65 
66 int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr)
67 {
68 	struct ip6_flowlabel *flowlabel = NULL;
69 	struct in6_addr *final_p, final;
70 	struct ipv6_txoptions *opt;
71 	struct dst_entry *dst;
72 	struct inet_sock *inet = inet_sk(sk);
73 	struct ipv6_pinfo *np = inet6_sk(sk);
74 	struct flowi6 fl6;
75 	int err = 0;
76 
77 	if (np->sndflow && (np->flow_label & IPV6_FLOWLABEL_MASK)) {
78 		flowlabel = fl6_sock_lookup(sk, np->flow_label);
79 		if (IS_ERR(flowlabel))
80 			return -EINVAL;
81 	}
82 	ip6_datagram_flow_key_init(&fl6, sk);
83 
84 	rcu_read_lock();
85 	opt = flowlabel ? flowlabel->opt : rcu_dereference(np->opt);
86 	final_p = fl6_update_dst(&fl6, opt, &final);
87 	rcu_read_unlock();
88 
89 	dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
90 	if (IS_ERR(dst)) {
91 		err = PTR_ERR(dst);
92 		goto out;
93 	}
94 
95 	if (fix_sk_saddr) {
96 		if (ipv6_addr_any(&np->saddr))
97 			np->saddr = fl6.saddr;
98 
99 		if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
100 			sk->sk_v6_rcv_saddr = fl6.saddr;
101 			inet->inet_rcv_saddr = LOOPBACK4_IPV6;
102 			if (sk->sk_prot->rehash)
103 				sk->sk_prot->rehash(sk);
104 		}
105 	}
106 
107 	ip6_sk_dst_store_flow(sk, dst, &fl6);
108 
109 out:
110 	fl6_sock_release(flowlabel);
111 	return err;
112 }
113 
114 void ip6_datagram_release_cb(struct sock *sk)
115 {
116 	struct dst_entry *dst;
117 
118 	if (ipv6_addr_v4mapped(&sk->sk_v6_daddr))
119 		return;
120 
121 	rcu_read_lock();
122 	dst = __sk_dst_get(sk);
123 	if (!dst || !dst->obsolete ||
124 	    dst->ops->check(dst, inet6_sk(sk)->dst_cookie)) {
125 		rcu_read_unlock();
126 		return;
127 	}
128 	rcu_read_unlock();
129 
130 	ip6_datagram_dst_update(sk, false);
131 }
132 EXPORT_SYMBOL_GPL(ip6_datagram_release_cb);
133 
134 int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr,
135 			   int addr_len)
136 {
137 	struct sockaddr_in6	*usin = (struct sockaddr_in6 *) uaddr;
138 	struct inet_sock	*inet = inet_sk(sk);
139 	struct ipv6_pinfo	*np = inet6_sk(sk);
140 	struct in6_addr		*daddr, old_daddr;
141 	__be32			fl6_flowlabel = 0;
142 	__be32			old_fl6_flowlabel;
143 	__be16			old_dport;
144 	int			addr_type;
145 	int			err;
146 
147 	if (usin->sin6_family == AF_INET) {
148 		if (ipv6_only_sock(sk))
149 			return -EAFNOSUPPORT;
150 		err = __ip4_datagram_connect(sk, uaddr, addr_len);
151 		goto ipv4_connected;
152 	}
153 
154 	if (addr_len < SIN6_LEN_RFC2133)
155 		return -EINVAL;
156 
157 	if (usin->sin6_family != AF_INET6)
158 		return -EAFNOSUPPORT;
159 
160 	if (np->sndflow)
161 		fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
162 
163 	if (ipv6_addr_any(&usin->sin6_addr)) {
164 		/*
165 		 *	connect to self
166 		 */
167 		if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
168 			ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
169 					       &usin->sin6_addr);
170 		else
171 			usin->sin6_addr = in6addr_loopback;
172 	}
173 
174 	addr_type = ipv6_addr_type(&usin->sin6_addr);
175 
176 	daddr = &usin->sin6_addr;
177 
178 	if (addr_type & IPV6_ADDR_MAPPED) {
179 		struct sockaddr_in sin;
180 
181 		if (ipv6_only_sock(sk)) {
182 			err = -ENETUNREACH;
183 			goto out;
184 		}
185 		sin.sin_family = AF_INET;
186 		sin.sin_addr.s_addr = daddr->s6_addr32[3];
187 		sin.sin_port = usin->sin6_port;
188 
189 		err = __ip4_datagram_connect(sk,
190 					     (struct sockaddr *) &sin,
191 					     sizeof(sin));
192 
193 ipv4_connected:
194 		if (err)
195 			goto out;
196 
197 		ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr);
198 
199 		if (ipv6_addr_any(&np->saddr) ||
200 		    ipv6_mapped_addr_any(&np->saddr))
201 			ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
202 
203 		if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) ||
204 		    ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) {
205 			ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
206 					       &sk->sk_v6_rcv_saddr);
207 			if (sk->sk_prot->rehash)
208 				sk->sk_prot->rehash(sk);
209 		}
210 
211 		goto out;
212 	}
213 
214 	if (__ipv6_addr_needs_scope_id(addr_type)) {
215 		if (addr_len >= sizeof(struct sockaddr_in6) &&
216 		    usin->sin6_scope_id) {
217 			if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) {
218 				err = -EINVAL;
219 				goto out;
220 			}
221 			WRITE_ONCE(sk->sk_bound_dev_if, usin->sin6_scope_id);
222 		}
223 
224 		if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST))
225 			WRITE_ONCE(sk->sk_bound_dev_if, np->mcast_oif);
226 
227 		/* Connect to link-local address requires an interface */
228 		if (!sk->sk_bound_dev_if) {
229 			err = -EINVAL;
230 			goto out;
231 		}
232 	}
233 
234 	/* save the current peer information before updating it */
235 	old_daddr = sk->sk_v6_daddr;
236 	old_fl6_flowlabel = np->flow_label;
237 	old_dport = inet->inet_dport;
238 
239 	sk->sk_v6_daddr = *daddr;
240 	np->flow_label = fl6_flowlabel;
241 	inet->inet_dport = usin->sin6_port;
242 
243 	/*
244 	 *	Check for a route to destination an obtain the
245 	 *	destination cache for it.
246 	 */
247 
248 	err = ip6_datagram_dst_update(sk, true);
249 	if (err) {
250 		/* Restore the socket peer info, to keep it consistent with
251 		 * the old socket state
252 		 */
253 		sk->sk_v6_daddr = old_daddr;
254 		np->flow_label = old_fl6_flowlabel;
255 		inet->inet_dport = old_dport;
256 		goto out;
257 	}
258 
259 	reuseport_has_conns(sk, true);
260 	sk->sk_state = TCP_ESTABLISHED;
261 	sk_set_txhash(sk);
262 out:
263 	return err;
264 }
265 EXPORT_SYMBOL_GPL(__ip6_datagram_connect);
266 
267 int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
268 {
269 	int res;
270 
271 	lock_sock(sk);
272 	res = __ip6_datagram_connect(sk, uaddr, addr_len);
273 	release_sock(sk);
274 	return res;
275 }
276 EXPORT_SYMBOL_GPL(ip6_datagram_connect);
277 
278 int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr,
279 				 int addr_len)
280 {
281 	DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, uaddr);
282 	if (sin6->sin6_family != AF_INET6)
283 		return -EAFNOSUPPORT;
284 	return ip6_datagram_connect(sk, uaddr, addr_len);
285 }
286 EXPORT_SYMBOL_GPL(ip6_datagram_connect_v6_only);
287 
288 static void ipv6_icmp_error_rfc4884(const struct sk_buff *skb,
289 				    struct sock_ee_data_rfc4884 *out)
290 {
291 	switch (icmp6_hdr(skb)->icmp6_type) {
292 	case ICMPV6_TIME_EXCEED:
293 	case ICMPV6_DEST_UNREACH:
294 		ip_icmp_error_rfc4884(skb, out, sizeof(struct icmp6hdr),
295 				      icmp6_hdr(skb)->icmp6_datagram_len * 8);
296 	}
297 }
298 
299 void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
300 		     __be16 port, u32 info, u8 *payload)
301 {
302 	struct ipv6_pinfo *np  = inet6_sk(sk);
303 	struct icmp6hdr *icmph = icmp6_hdr(skb);
304 	struct sock_exterr_skb *serr;
305 
306 	if (!np->recverr)
307 		return;
308 
309 	skb = skb_clone(skb, GFP_ATOMIC);
310 	if (!skb)
311 		return;
312 
313 	skb->protocol = htons(ETH_P_IPV6);
314 
315 	serr = SKB_EXT_ERR(skb);
316 	serr->ee.ee_errno = err;
317 	serr->ee.ee_origin = SO_EE_ORIGIN_ICMP6;
318 	serr->ee.ee_type = icmph->icmp6_type;
319 	serr->ee.ee_code = icmph->icmp6_code;
320 	serr->ee.ee_pad = 0;
321 	serr->ee.ee_info = info;
322 	serr->ee.ee_data = 0;
323 	serr->addr_offset = (u8 *)&(((struct ipv6hdr *)(icmph + 1))->daddr) -
324 				  skb_network_header(skb);
325 	serr->port = port;
326 
327 	__skb_pull(skb, payload - skb->data);
328 
329 	if (inet6_sk(sk)->recverr_rfc4884)
330 		ipv6_icmp_error_rfc4884(skb, &serr->ee.ee_rfc4884);
331 
332 	skb_reset_transport_header(skb);
333 
334 	if (sock_queue_err_skb(sk, skb))
335 		kfree_skb(skb);
336 }
337 
338 void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info)
339 {
340 	const struct ipv6_pinfo *np = inet6_sk(sk);
341 	struct sock_exterr_skb *serr;
342 	struct ipv6hdr *iph;
343 	struct sk_buff *skb;
344 
345 	if (!np->recverr)
346 		return;
347 
348 	skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
349 	if (!skb)
350 		return;
351 
352 	skb->protocol = htons(ETH_P_IPV6);
353 
354 	skb_put(skb, sizeof(struct ipv6hdr));
355 	skb_reset_network_header(skb);
356 	iph = ipv6_hdr(skb);
357 	iph->daddr = fl6->daddr;
358 	ip6_flow_hdr(iph, 0, 0);
359 
360 	serr = SKB_EXT_ERR(skb);
361 	serr->ee.ee_errno = err;
362 	serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
363 	serr->ee.ee_type = 0;
364 	serr->ee.ee_code = 0;
365 	serr->ee.ee_pad = 0;
366 	serr->ee.ee_info = info;
367 	serr->ee.ee_data = 0;
368 	serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb);
369 	serr->port = fl6->fl6_dport;
370 
371 	__skb_pull(skb, skb_tail_pointer(skb) - skb->data);
372 	skb_reset_transport_header(skb);
373 
374 	if (sock_queue_err_skb(sk, skb))
375 		kfree_skb(skb);
376 }
377 
378 void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu)
379 {
380 	struct ipv6_pinfo *np = inet6_sk(sk);
381 	struct ipv6hdr *iph;
382 	struct sk_buff *skb;
383 	struct ip6_mtuinfo *mtu_info;
384 
385 	if (!np->rxopt.bits.rxpmtu)
386 		return;
387 
388 	skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
389 	if (!skb)
390 		return;
391 
392 	skb_put(skb, sizeof(struct ipv6hdr));
393 	skb_reset_network_header(skb);
394 	iph = ipv6_hdr(skb);
395 	iph->daddr = fl6->daddr;
396 
397 	mtu_info = IP6CBMTU(skb);
398 
399 	mtu_info->ip6m_mtu = mtu;
400 	mtu_info->ip6m_addr.sin6_family = AF_INET6;
401 	mtu_info->ip6m_addr.sin6_port = 0;
402 	mtu_info->ip6m_addr.sin6_flowinfo = 0;
403 	mtu_info->ip6m_addr.sin6_scope_id = fl6->flowi6_oif;
404 	mtu_info->ip6m_addr.sin6_addr = ipv6_hdr(skb)->daddr;
405 
406 	__skb_pull(skb, skb_tail_pointer(skb) - skb->data);
407 	skb_reset_transport_header(skb);
408 
409 	skb = xchg(&np->rxpmtu, skb);
410 	kfree_skb(skb);
411 }
412 
413 /* For some errors we have valid addr_offset even with zero payload and
414  * zero port. Also, addr_offset should be supported if port is set.
415  */
416 static inline bool ipv6_datagram_support_addr(struct sock_exterr_skb *serr)
417 {
418 	return serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6 ||
419 	       serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
420 	       serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL || serr->port;
421 }
422 
423 /* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL.
424  *
425  * At one point, excluding local errors was a quick test to identify icmp/icmp6
426  * errors. This is no longer true, but the test remained, so the v6 stack,
427  * unlike v4, also honors cmsg requests on all wifi and timestamp errors.
428  */
429 static bool ip6_datagram_support_cmsg(struct sk_buff *skb,
430 				      struct sock_exterr_skb *serr)
431 {
432 	if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
433 	    serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6)
434 		return true;
435 
436 	if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL)
437 		return false;
438 
439 	if (!IP6CB(skb)->iif)
440 		return false;
441 
442 	return true;
443 }
444 
445 /*
446  *	Handle MSG_ERRQUEUE
447  */
448 int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
449 {
450 	struct ipv6_pinfo *np = inet6_sk(sk);
451 	struct sock_exterr_skb *serr;
452 	struct sk_buff *skb;
453 	DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name);
454 	struct {
455 		struct sock_extended_err ee;
456 		struct sockaddr_in6	 offender;
457 	} errhdr;
458 	int err;
459 	int copied;
460 
461 	err = -EAGAIN;
462 	skb = sock_dequeue_err_skb(sk);
463 	if (!skb)
464 		goto out;
465 
466 	copied = skb->len;
467 	if (copied > len) {
468 		msg->msg_flags |= MSG_TRUNC;
469 		copied = len;
470 	}
471 	err = skb_copy_datagram_msg(skb, 0, msg, copied);
472 	if (unlikely(err)) {
473 		kfree_skb(skb);
474 		return err;
475 	}
476 	sock_recv_timestamp(msg, sk, skb);
477 
478 	serr = SKB_EXT_ERR(skb);
479 
480 	if (sin && ipv6_datagram_support_addr(serr)) {
481 		const unsigned char *nh = skb_network_header(skb);
482 		sin->sin6_family = AF_INET6;
483 		sin->sin6_flowinfo = 0;
484 		sin->sin6_port = serr->port;
485 		if (skb->protocol == htons(ETH_P_IPV6)) {
486 			const struct ipv6hdr *ip6h = container_of((struct in6_addr *)(nh + serr->addr_offset),
487 								  struct ipv6hdr, daddr);
488 			sin->sin6_addr = ip6h->daddr;
489 			if (np->sndflow)
490 				sin->sin6_flowinfo = ip6_flowinfo(ip6h);
491 			sin->sin6_scope_id =
492 				ipv6_iface_scope_id(&sin->sin6_addr,
493 						    IP6CB(skb)->iif);
494 		} else {
495 			ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset),
496 					       &sin->sin6_addr);
497 			sin->sin6_scope_id = 0;
498 		}
499 		*addr_len = sizeof(*sin);
500 	}
501 
502 	memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
503 	sin = &errhdr.offender;
504 	memset(sin, 0, sizeof(*sin));
505 
506 	if (ip6_datagram_support_cmsg(skb, serr)) {
507 		sin->sin6_family = AF_INET6;
508 		if (np->rxopt.all)
509 			ip6_datagram_recv_common_ctl(sk, msg, skb);
510 		if (skb->protocol == htons(ETH_P_IPV6)) {
511 			sin->sin6_addr = ipv6_hdr(skb)->saddr;
512 			if (np->rxopt.all)
513 				ip6_datagram_recv_specific_ctl(sk, msg, skb);
514 			sin->sin6_scope_id =
515 				ipv6_iface_scope_id(&sin->sin6_addr,
516 						    IP6CB(skb)->iif);
517 		} else {
518 			ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr,
519 					       &sin->sin6_addr);
520 			if (inet_sk(sk)->cmsg_flags)
521 				ip_cmsg_recv(msg, skb);
522 		}
523 	}
524 
525 	put_cmsg(msg, SOL_IPV6, IPV6_RECVERR, sizeof(errhdr), &errhdr);
526 
527 	/* Now we could try to dump offended packet options */
528 
529 	msg->msg_flags |= MSG_ERRQUEUE;
530 	err = copied;
531 
532 	consume_skb(skb);
533 out:
534 	return err;
535 }
536 EXPORT_SYMBOL_GPL(ipv6_recv_error);
537 
538 /*
539  *	Handle IPV6_RECVPATHMTU
540  */
541 int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len,
542 		     int *addr_len)
543 {
544 	struct ipv6_pinfo *np = inet6_sk(sk);
545 	struct sk_buff *skb;
546 	struct ip6_mtuinfo mtu_info;
547 	DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name);
548 	int err;
549 	int copied;
550 
551 	err = -EAGAIN;
552 	skb = xchg(&np->rxpmtu, NULL);
553 	if (!skb)
554 		goto out;
555 
556 	copied = skb->len;
557 	if (copied > len) {
558 		msg->msg_flags |= MSG_TRUNC;
559 		copied = len;
560 	}
561 	err = skb_copy_datagram_msg(skb, 0, msg, copied);
562 	if (err)
563 		goto out_free_skb;
564 
565 	sock_recv_timestamp(msg, sk, skb);
566 
567 	memcpy(&mtu_info, IP6CBMTU(skb), sizeof(mtu_info));
568 
569 	if (sin) {
570 		sin->sin6_family = AF_INET6;
571 		sin->sin6_flowinfo = 0;
572 		sin->sin6_port = 0;
573 		sin->sin6_scope_id = mtu_info.ip6m_addr.sin6_scope_id;
574 		sin->sin6_addr = mtu_info.ip6m_addr.sin6_addr;
575 		*addr_len = sizeof(*sin);
576 	}
577 
578 	put_cmsg(msg, SOL_IPV6, IPV6_PATHMTU, sizeof(mtu_info), &mtu_info);
579 
580 	err = copied;
581 
582 out_free_skb:
583 	kfree_skb(skb);
584 out:
585 	return err;
586 }
587 
588 
589 void ip6_datagram_recv_common_ctl(struct sock *sk, struct msghdr *msg,
590 				 struct sk_buff *skb)
591 {
592 	struct ipv6_pinfo *np = inet6_sk(sk);
593 	bool is_ipv6 = skb->protocol == htons(ETH_P_IPV6);
594 
595 	if (np->rxopt.bits.rxinfo) {
596 		struct in6_pktinfo src_info;
597 
598 		if (is_ipv6) {
599 			src_info.ipi6_ifindex = IP6CB(skb)->iif;
600 			src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
601 		} else {
602 			src_info.ipi6_ifindex =
603 				PKTINFO_SKB_CB(skb)->ipi_ifindex;
604 			ipv6_addr_set_v4mapped(ip_hdr(skb)->daddr,
605 					       &src_info.ipi6_addr);
606 		}
607 
608 		if (src_info.ipi6_ifindex >= 0)
609 			put_cmsg(msg, SOL_IPV6, IPV6_PKTINFO,
610 				 sizeof(src_info), &src_info);
611 	}
612 }
613 
614 void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg,
615 				    struct sk_buff *skb)
616 {
617 	struct ipv6_pinfo *np = inet6_sk(sk);
618 	struct inet6_skb_parm *opt = IP6CB(skb);
619 	unsigned char *nh = skb_network_header(skb);
620 
621 	if (np->rxopt.bits.rxhlim) {
622 		int hlim = ipv6_hdr(skb)->hop_limit;
623 		put_cmsg(msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
624 	}
625 
626 	if (np->rxopt.bits.rxtclass) {
627 		int tclass = ipv6_get_dsfield(ipv6_hdr(skb));
628 		put_cmsg(msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
629 	}
630 
631 	if (np->rxopt.bits.rxflow) {
632 		__be32 flowinfo = ip6_flowinfo((struct ipv6hdr *)nh);
633 		if (flowinfo)
634 			put_cmsg(msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
635 	}
636 
637 	/* HbH is allowed only once */
638 	if (np->rxopt.bits.hopopts && (opt->flags & IP6SKB_HOPBYHOP)) {
639 		u8 *ptr = nh + sizeof(struct ipv6hdr);
640 		put_cmsg(msg, SOL_IPV6, IPV6_HOPOPTS, (ptr[1]+1)<<3, ptr);
641 	}
642 
643 	if (opt->lastopt &&
644 	    (np->rxopt.bits.dstopts || np->rxopt.bits.srcrt)) {
645 		/*
646 		 * Silly enough, but we need to reparse in order to
647 		 * report extension headers (except for HbH)
648 		 * in order.
649 		 *
650 		 * Also note that IPV6_RECVRTHDRDSTOPTS is NOT
651 		 * (and WILL NOT be) defined because
652 		 * IPV6_RECVDSTOPTS is more generic. --yoshfuji
653 		 */
654 		unsigned int off = sizeof(struct ipv6hdr);
655 		u8 nexthdr = ipv6_hdr(skb)->nexthdr;
656 
657 		while (off <= opt->lastopt) {
658 			unsigned int len;
659 			u8 *ptr = nh + off;
660 
661 			switch (nexthdr) {
662 			case IPPROTO_DSTOPTS:
663 				nexthdr = ptr[0];
664 				len = (ptr[1] + 1) << 3;
665 				if (np->rxopt.bits.dstopts)
666 					put_cmsg(msg, SOL_IPV6, IPV6_DSTOPTS, len, ptr);
667 				break;
668 			case IPPROTO_ROUTING:
669 				nexthdr = ptr[0];
670 				len = (ptr[1] + 1) << 3;
671 				if (np->rxopt.bits.srcrt)
672 					put_cmsg(msg, SOL_IPV6, IPV6_RTHDR, len, ptr);
673 				break;
674 			case IPPROTO_AH:
675 				nexthdr = ptr[0];
676 				len = (ptr[1] + 2) << 2;
677 				break;
678 			default:
679 				nexthdr = ptr[0];
680 				len = (ptr[1] + 1) << 3;
681 				break;
682 			}
683 
684 			off += len;
685 		}
686 	}
687 
688 	/* socket options in old style */
689 	if (np->rxopt.bits.rxoinfo) {
690 		struct in6_pktinfo src_info;
691 
692 		src_info.ipi6_ifindex = opt->iif;
693 		src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
694 		put_cmsg(msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
695 	}
696 	if (np->rxopt.bits.rxohlim) {
697 		int hlim = ipv6_hdr(skb)->hop_limit;
698 		put_cmsg(msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
699 	}
700 	if (np->rxopt.bits.ohopopts && (opt->flags & IP6SKB_HOPBYHOP)) {
701 		u8 *ptr = nh + sizeof(struct ipv6hdr);
702 		put_cmsg(msg, SOL_IPV6, IPV6_2292HOPOPTS, (ptr[1]+1)<<3, ptr);
703 	}
704 	if (np->rxopt.bits.odstopts && opt->dst0) {
705 		u8 *ptr = nh + opt->dst0;
706 		put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
707 	}
708 	if (np->rxopt.bits.osrcrt && opt->srcrt) {
709 		struct ipv6_rt_hdr *rthdr = (struct ipv6_rt_hdr *)(nh + opt->srcrt);
710 		put_cmsg(msg, SOL_IPV6, IPV6_2292RTHDR, (rthdr->hdrlen+1) << 3, rthdr);
711 	}
712 	if (np->rxopt.bits.odstopts && opt->dst1) {
713 		u8 *ptr = nh + opt->dst1;
714 		put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
715 	}
716 	if (np->rxopt.bits.rxorigdstaddr) {
717 		struct sockaddr_in6 sin6;
718 		__be16 _ports[2], *ports;
719 
720 		ports = skb_header_pointer(skb, skb_transport_offset(skb),
721 					   sizeof(_ports), &_ports);
722 		if (ports) {
723 			/* All current transport protocols have the port numbers in the
724 			 * first four bytes of the transport header and this function is
725 			 * written with this assumption in mind.
726 			 */
727 			sin6.sin6_family = AF_INET6;
728 			sin6.sin6_addr = ipv6_hdr(skb)->daddr;
729 			sin6.sin6_port = ports[1];
730 			sin6.sin6_flowinfo = 0;
731 			sin6.sin6_scope_id =
732 				ipv6_iface_scope_id(&ipv6_hdr(skb)->daddr,
733 						    opt->iif);
734 
735 			put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, sizeof(sin6), &sin6);
736 		}
737 	}
738 	if (np->rxopt.bits.recvfragsize && opt->frag_max_size) {
739 		int val = opt->frag_max_size;
740 
741 		put_cmsg(msg, SOL_IPV6, IPV6_RECVFRAGSIZE, sizeof(val), &val);
742 	}
743 }
744 
745 void ip6_datagram_recv_ctl(struct sock *sk, struct msghdr *msg,
746 			  struct sk_buff *skb)
747 {
748 	ip6_datagram_recv_common_ctl(sk, msg, skb);
749 	ip6_datagram_recv_specific_ctl(sk, msg, skb);
750 }
751 EXPORT_SYMBOL_GPL(ip6_datagram_recv_ctl);
752 
753 int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
754 			  struct msghdr *msg, struct flowi6 *fl6,
755 			  struct ipcm6_cookie *ipc6)
756 {
757 	struct in6_pktinfo *src_info;
758 	struct cmsghdr *cmsg;
759 	struct ipv6_rt_hdr *rthdr;
760 	struct ipv6_opt_hdr *hdr;
761 	struct ipv6_txoptions *opt = ipc6->opt;
762 	int len;
763 	int err = 0;
764 
765 	for_each_cmsghdr(cmsg, msg) {
766 		int addr_type;
767 
768 		if (!CMSG_OK(msg, cmsg)) {
769 			err = -EINVAL;
770 			goto exit_f;
771 		}
772 
773 		if (cmsg->cmsg_level == SOL_SOCKET) {
774 			err = __sock_cmsg_send(sk, msg, cmsg, &ipc6->sockc);
775 			if (err)
776 				return err;
777 			continue;
778 		}
779 
780 		if (cmsg->cmsg_level != SOL_IPV6)
781 			continue;
782 
783 		switch (cmsg->cmsg_type) {
784 		case IPV6_PKTINFO:
785 		case IPV6_2292PKTINFO:
786 		    {
787 			struct net_device *dev = NULL;
788 			int src_idx;
789 
790 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
791 				err = -EINVAL;
792 				goto exit_f;
793 			}
794 
795 			src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg);
796 			src_idx = src_info->ipi6_ifindex;
797 
798 			if (src_idx) {
799 				if (fl6->flowi6_oif &&
800 				    src_idx != fl6->flowi6_oif &&
801 				    (READ_ONCE(sk->sk_bound_dev_if) != fl6->flowi6_oif ||
802 				     !sk_dev_equal_l3scope(sk, src_idx)))
803 					return -EINVAL;
804 				fl6->flowi6_oif = src_idx;
805 			}
806 
807 			addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
808 
809 			rcu_read_lock();
810 			if (fl6->flowi6_oif) {
811 				dev = dev_get_by_index_rcu(net, fl6->flowi6_oif);
812 				if (!dev) {
813 					rcu_read_unlock();
814 					return -ENODEV;
815 				}
816 			} else if (addr_type & IPV6_ADDR_LINKLOCAL) {
817 				rcu_read_unlock();
818 				return -EINVAL;
819 			}
820 
821 			if (addr_type != IPV6_ADDR_ANY) {
822 				int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
823 				if (!ipv6_can_nonlocal_bind(net, inet_sk(sk)) &&
824 				    !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr,
825 							     dev, !strict, 0,
826 							     IFA_F_TENTATIVE) &&
827 				    !ipv6_chk_acast_addr_src(net, dev,
828 							     &src_info->ipi6_addr))
829 					err = -EINVAL;
830 				else
831 					fl6->saddr = src_info->ipi6_addr;
832 			}
833 
834 			rcu_read_unlock();
835 
836 			if (err)
837 				goto exit_f;
838 
839 			break;
840 		    }
841 
842 		case IPV6_FLOWINFO:
843 			if (cmsg->cmsg_len < CMSG_LEN(4)) {
844 				err = -EINVAL;
845 				goto exit_f;
846 			}
847 
848 			if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
849 				if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) {
850 					err = -EINVAL;
851 					goto exit_f;
852 				}
853 			}
854 			fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg);
855 			break;
856 
857 		case IPV6_2292HOPOPTS:
858 		case IPV6_HOPOPTS:
859 			if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
860 				err = -EINVAL;
861 				goto exit_f;
862 			}
863 
864 			hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
865 			len = ((hdr->hdrlen + 1) << 3);
866 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
867 				err = -EINVAL;
868 				goto exit_f;
869 			}
870 			if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
871 				err = -EPERM;
872 				goto exit_f;
873 			}
874 			opt->opt_nflen += len;
875 			opt->hopopt = hdr;
876 			break;
877 
878 		case IPV6_2292DSTOPTS:
879 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
880 				err = -EINVAL;
881 				goto exit_f;
882 			}
883 
884 			hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
885 			len = ((hdr->hdrlen + 1) << 3);
886 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
887 				err = -EINVAL;
888 				goto exit_f;
889 			}
890 			if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
891 				err = -EPERM;
892 				goto exit_f;
893 			}
894 			if (opt->dst1opt) {
895 				err = -EINVAL;
896 				goto exit_f;
897 			}
898 			opt->opt_flen += len;
899 			opt->dst1opt = hdr;
900 			break;
901 
902 		case IPV6_DSTOPTS:
903 		case IPV6_RTHDRDSTOPTS:
904 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
905 				err = -EINVAL;
906 				goto exit_f;
907 			}
908 
909 			hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
910 			len = ((hdr->hdrlen + 1) << 3);
911 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
912 				err = -EINVAL;
913 				goto exit_f;
914 			}
915 			if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
916 				err = -EPERM;
917 				goto exit_f;
918 			}
919 			if (cmsg->cmsg_type == IPV6_DSTOPTS) {
920 				opt->opt_flen += len;
921 				opt->dst1opt = hdr;
922 			} else {
923 				opt->opt_nflen += len;
924 				opt->dst0opt = hdr;
925 			}
926 			break;
927 
928 		case IPV6_2292RTHDR:
929 		case IPV6_RTHDR:
930 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_rt_hdr))) {
931 				err = -EINVAL;
932 				goto exit_f;
933 			}
934 
935 			rthdr = (struct ipv6_rt_hdr *)CMSG_DATA(cmsg);
936 
937 			switch (rthdr->type) {
938 #if IS_ENABLED(CONFIG_IPV6_MIP6)
939 			case IPV6_SRCRT_TYPE_2:
940 				if (rthdr->hdrlen != 2 ||
941 				    rthdr->segments_left != 1) {
942 					err = -EINVAL;
943 					goto exit_f;
944 				}
945 				break;
946 #endif
947 			default:
948 				err = -EINVAL;
949 				goto exit_f;
950 			}
951 
952 			len = ((rthdr->hdrlen + 1) << 3);
953 
954 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
955 				err = -EINVAL;
956 				goto exit_f;
957 			}
958 
959 			/* segments left must also match */
960 			if ((rthdr->hdrlen >> 1) != rthdr->segments_left) {
961 				err = -EINVAL;
962 				goto exit_f;
963 			}
964 
965 			opt->opt_nflen += len;
966 			opt->srcrt = rthdr;
967 
968 			if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) {
969 				int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3);
970 
971 				opt->opt_nflen += dsthdrlen;
972 				opt->dst0opt = opt->dst1opt;
973 				opt->dst1opt = NULL;
974 				opt->opt_flen -= dsthdrlen;
975 			}
976 
977 			break;
978 
979 		case IPV6_2292HOPLIMIT:
980 		case IPV6_HOPLIMIT:
981 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
982 				err = -EINVAL;
983 				goto exit_f;
984 			}
985 
986 			ipc6->hlimit = *(int *)CMSG_DATA(cmsg);
987 			if (ipc6->hlimit < -1 || ipc6->hlimit > 0xff) {
988 				err = -EINVAL;
989 				goto exit_f;
990 			}
991 
992 			break;
993 
994 		case IPV6_TCLASS:
995 		    {
996 			int tc;
997 
998 			err = -EINVAL;
999 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
1000 				goto exit_f;
1001 
1002 			tc = *(int *)CMSG_DATA(cmsg);
1003 			if (tc < -1 || tc > 0xff)
1004 				goto exit_f;
1005 
1006 			err = 0;
1007 			ipc6->tclass = tc;
1008 
1009 			break;
1010 		    }
1011 
1012 		case IPV6_DONTFRAG:
1013 		    {
1014 			int df;
1015 
1016 			err = -EINVAL;
1017 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
1018 				goto exit_f;
1019 
1020 			df = *(int *)CMSG_DATA(cmsg);
1021 			if (df < 0 || df > 1)
1022 				goto exit_f;
1023 
1024 			err = 0;
1025 			ipc6->dontfrag = df;
1026 
1027 			break;
1028 		    }
1029 		default:
1030 			net_dbg_ratelimited("invalid cmsg type: %d\n",
1031 					    cmsg->cmsg_type);
1032 			err = -EINVAL;
1033 			goto exit_f;
1034 		}
1035 	}
1036 
1037 exit_f:
1038 	return err;
1039 }
1040 EXPORT_SYMBOL_GPL(ip6_datagram_send_ctl);
1041 
1042 void __ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
1043 			       __u16 srcp, __u16 destp, int rqueue, int bucket)
1044 {
1045 	const struct in6_addr *dest, *src;
1046 
1047 	dest  = &sp->sk_v6_daddr;
1048 	src   = &sp->sk_v6_rcv_saddr;
1049 	seq_printf(seq,
1050 		   "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1051 		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n",
1052 		   bucket,
1053 		   src->s6_addr32[0], src->s6_addr32[1],
1054 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1055 		   dest->s6_addr32[0], dest->s6_addr32[1],
1056 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1057 		   sp->sk_state,
1058 		   sk_wmem_alloc_get(sp),
1059 		   rqueue,
1060 		   0, 0L, 0,
1061 		   from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1062 		   0,
1063 		   sock_i_ino(sp),
1064 		   refcount_read(&sp->sk_refcnt), sp,
1065 		   atomic_read(&sp->sk_drops));
1066 }
1067