1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * common UDP/RAW code 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 */ 9 10 #include <linux/capability.h> 11 #include <linux/errno.h> 12 #include <linux/types.h> 13 #include <linux/kernel.h> 14 #include <linux/interrupt.h> 15 #include <linux/socket.h> 16 #include <linux/sockios.h> 17 #include <linux/in6.h> 18 #include <linux/ipv6.h> 19 #include <linux/route.h> 20 #include <linux/slab.h> 21 #include <linux/export.h> 22 #include <linux/icmp.h> 23 24 #include <net/ipv6.h> 25 #include <net/ndisc.h> 26 #include <net/addrconf.h> 27 #include <net/transp_v6.h> 28 #include <net/ip6_route.h> 29 #include <net/tcp_states.h> 30 #include <net/dsfield.h> 31 #include <net/sock_reuseport.h> 32 33 #include <linux/errqueue.h> 34 #include <linux/uaccess.h> 35 36 static bool ipv6_mapped_addr_any(const struct in6_addr *a) 37 { 38 return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0); 39 } 40 41 static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk) 42 { 43 struct inet_sock *inet = inet_sk(sk); 44 struct ipv6_pinfo *np = inet6_sk(sk); 45 46 memset(fl6, 0, sizeof(*fl6)); 47 fl6->flowi6_proto = sk->sk_protocol; 48 fl6->daddr = sk->sk_v6_daddr; 49 fl6->saddr = np->saddr; 50 fl6->flowi6_oif = sk->sk_bound_dev_if; 51 fl6->flowi6_mark = sk->sk_mark; 52 fl6->fl6_dport = inet->inet_dport; 53 fl6->fl6_sport = inet->inet_sport; 54 fl6->flowlabel = np->flow_label; 55 fl6->flowi6_uid = sk->sk_uid; 56 57 if (!fl6->flowi6_oif) 58 fl6->flowi6_oif = np->sticky_pktinfo.ipi6_ifindex; 59 60 if (!fl6->flowi6_oif && ipv6_addr_is_multicast(&fl6->daddr)) 61 fl6->flowi6_oif = np->mcast_oif; 62 63 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6)); 64 } 65 66 int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr) 67 { 68 struct ip6_flowlabel *flowlabel = NULL; 69 struct in6_addr *final_p, final; 70 struct ipv6_txoptions *opt; 71 struct dst_entry *dst; 72 struct inet_sock *inet = inet_sk(sk); 73 struct ipv6_pinfo *np = inet6_sk(sk); 74 struct flowi6 fl6; 75 int err = 0; 76 77 if (np->sndflow && (np->flow_label & IPV6_FLOWLABEL_MASK)) { 78 flowlabel = fl6_sock_lookup(sk, np->flow_label); 79 if (IS_ERR(flowlabel)) 80 return -EINVAL; 81 } 82 ip6_datagram_flow_key_init(&fl6, sk); 83 84 rcu_read_lock(); 85 opt = flowlabel ? flowlabel->opt : rcu_dereference(np->opt); 86 final_p = fl6_update_dst(&fl6, opt, &final); 87 rcu_read_unlock(); 88 89 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); 90 if (IS_ERR(dst)) { 91 err = PTR_ERR(dst); 92 goto out; 93 } 94 95 if (fix_sk_saddr) { 96 if (ipv6_addr_any(&np->saddr)) 97 np->saddr = fl6.saddr; 98 99 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) { 100 sk->sk_v6_rcv_saddr = fl6.saddr; 101 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 102 if (sk->sk_prot->rehash) 103 sk->sk_prot->rehash(sk); 104 } 105 } 106 107 ip6_sk_dst_store_flow(sk, dst, &fl6); 108 109 out: 110 fl6_sock_release(flowlabel); 111 return err; 112 } 113 114 void ip6_datagram_release_cb(struct sock *sk) 115 { 116 struct dst_entry *dst; 117 118 if (ipv6_addr_v4mapped(&sk->sk_v6_daddr)) 119 return; 120 121 rcu_read_lock(); 122 dst = __sk_dst_get(sk); 123 if (!dst || !dst->obsolete || 124 dst->ops->check(dst, inet6_sk(sk)->dst_cookie)) { 125 rcu_read_unlock(); 126 return; 127 } 128 rcu_read_unlock(); 129 130 ip6_datagram_dst_update(sk, false); 131 } 132 EXPORT_SYMBOL_GPL(ip6_datagram_release_cb); 133 134 int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, 135 int addr_len) 136 { 137 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 138 struct inet_sock *inet = inet_sk(sk); 139 struct ipv6_pinfo *np = inet6_sk(sk); 140 struct in6_addr *daddr, old_daddr; 141 __be32 fl6_flowlabel = 0; 142 __be32 old_fl6_flowlabel; 143 __be16 old_dport; 144 int addr_type; 145 int err; 146 147 if (usin->sin6_family == AF_INET) { 148 if (ipv6_only_sock(sk)) 149 return -EAFNOSUPPORT; 150 err = __ip4_datagram_connect(sk, uaddr, addr_len); 151 goto ipv4_connected; 152 } 153 154 if (addr_len < SIN6_LEN_RFC2133) 155 return -EINVAL; 156 157 if (usin->sin6_family != AF_INET6) 158 return -EAFNOSUPPORT; 159 160 if (np->sndflow) 161 fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK; 162 163 if (ipv6_addr_any(&usin->sin6_addr)) { 164 /* 165 * connect to self 166 */ 167 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr)) 168 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK), 169 &usin->sin6_addr); 170 else 171 usin->sin6_addr = in6addr_loopback; 172 } 173 174 addr_type = ipv6_addr_type(&usin->sin6_addr); 175 176 daddr = &usin->sin6_addr; 177 178 if (addr_type & IPV6_ADDR_MAPPED) { 179 struct sockaddr_in sin; 180 181 if (ipv6_only_sock(sk)) { 182 err = -ENETUNREACH; 183 goto out; 184 } 185 sin.sin_family = AF_INET; 186 sin.sin_addr.s_addr = daddr->s6_addr32[3]; 187 sin.sin_port = usin->sin6_port; 188 189 err = __ip4_datagram_connect(sk, 190 (struct sockaddr *) &sin, 191 sizeof(sin)); 192 193 ipv4_connected: 194 if (err) 195 goto out; 196 197 ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr); 198 199 if (ipv6_addr_any(&np->saddr) || 200 ipv6_mapped_addr_any(&np->saddr)) 201 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 202 203 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) || 204 ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) { 205 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 206 &sk->sk_v6_rcv_saddr); 207 if (sk->sk_prot->rehash) 208 sk->sk_prot->rehash(sk); 209 } 210 211 goto out; 212 } 213 214 if (__ipv6_addr_needs_scope_id(addr_type)) { 215 if (addr_len >= sizeof(struct sockaddr_in6) && 216 usin->sin6_scope_id) { 217 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) { 218 err = -EINVAL; 219 goto out; 220 } 221 WRITE_ONCE(sk->sk_bound_dev_if, usin->sin6_scope_id); 222 } 223 224 if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST)) 225 WRITE_ONCE(sk->sk_bound_dev_if, np->mcast_oif); 226 227 /* Connect to link-local address requires an interface */ 228 if (!sk->sk_bound_dev_if) { 229 err = -EINVAL; 230 goto out; 231 } 232 } 233 234 /* save the current peer information before updating it */ 235 old_daddr = sk->sk_v6_daddr; 236 old_fl6_flowlabel = np->flow_label; 237 old_dport = inet->inet_dport; 238 239 sk->sk_v6_daddr = *daddr; 240 np->flow_label = fl6_flowlabel; 241 inet->inet_dport = usin->sin6_port; 242 243 /* 244 * Check for a route to destination an obtain the 245 * destination cache for it. 246 */ 247 248 err = ip6_datagram_dst_update(sk, true); 249 if (err) { 250 /* Restore the socket peer info, to keep it consistent with 251 * the old socket state 252 */ 253 sk->sk_v6_daddr = old_daddr; 254 np->flow_label = old_fl6_flowlabel; 255 inet->inet_dport = old_dport; 256 goto out; 257 } 258 259 reuseport_has_conns(sk, true); 260 sk->sk_state = TCP_ESTABLISHED; 261 sk_set_txhash(sk); 262 out: 263 return err; 264 } 265 EXPORT_SYMBOL_GPL(__ip6_datagram_connect); 266 267 int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) 268 { 269 int res; 270 271 lock_sock(sk); 272 res = __ip6_datagram_connect(sk, uaddr, addr_len); 273 release_sock(sk); 274 return res; 275 } 276 EXPORT_SYMBOL_GPL(ip6_datagram_connect); 277 278 int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr, 279 int addr_len) 280 { 281 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, uaddr); 282 if (sin6->sin6_family != AF_INET6) 283 return -EAFNOSUPPORT; 284 return ip6_datagram_connect(sk, uaddr, addr_len); 285 } 286 EXPORT_SYMBOL_GPL(ip6_datagram_connect_v6_only); 287 288 static void ipv6_icmp_error_rfc4884(const struct sk_buff *skb, 289 struct sock_ee_data_rfc4884 *out) 290 { 291 switch (icmp6_hdr(skb)->icmp6_type) { 292 case ICMPV6_TIME_EXCEED: 293 case ICMPV6_DEST_UNREACH: 294 ip_icmp_error_rfc4884(skb, out, sizeof(struct icmp6hdr), 295 icmp6_hdr(skb)->icmp6_datagram_len * 8); 296 } 297 } 298 299 void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err, 300 __be16 port, u32 info, u8 *payload) 301 { 302 struct ipv6_pinfo *np = inet6_sk(sk); 303 struct icmp6hdr *icmph = icmp6_hdr(skb); 304 struct sock_exterr_skb *serr; 305 306 if (!np->recverr) 307 return; 308 309 skb = skb_clone(skb, GFP_ATOMIC); 310 if (!skb) 311 return; 312 313 skb->protocol = htons(ETH_P_IPV6); 314 315 serr = SKB_EXT_ERR(skb); 316 serr->ee.ee_errno = err; 317 serr->ee.ee_origin = SO_EE_ORIGIN_ICMP6; 318 serr->ee.ee_type = icmph->icmp6_type; 319 serr->ee.ee_code = icmph->icmp6_code; 320 serr->ee.ee_pad = 0; 321 serr->ee.ee_info = info; 322 serr->ee.ee_data = 0; 323 serr->addr_offset = (u8 *)&(((struct ipv6hdr *)(icmph + 1))->daddr) - 324 skb_network_header(skb); 325 serr->port = port; 326 327 __skb_pull(skb, payload - skb->data); 328 329 if (inet6_sk(sk)->recverr_rfc4884) 330 ipv6_icmp_error_rfc4884(skb, &serr->ee.ee_rfc4884); 331 332 skb_reset_transport_header(skb); 333 334 if (sock_queue_err_skb(sk, skb)) 335 kfree_skb(skb); 336 } 337 338 void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info) 339 { 340 const struct ipv6_pinfo *np = inet6_sk(sk); 341 struct sock_exterr_skb *serr; 342 struct ipv6hdr *iph; 343 struct sk_buff *skb; 344 345 if (!np->recverr) 346 return; 347 348 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC); 349 if (!skb) 350 return; 351 352 skb->protocol = htons(ETH_P_IPV6); 353 354 skb_put(skb, sizeof(struct ipv6hdr)); 355 skb_reset_network_header(skb); 356 iph = ipv6_hdr(skb); 357 iph->daddr = fl6->daddr; 358 ip6_flow_hdr(iph, 0, 0); 359 360 serr = SKB_EXT_ERR(skb); 361 serr->ee.ee_errno = err; 362 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 363 serr->ee.ee_type = 0; 364 serr->ee.ee_code = 0; 365 serr->ee.ee_pad = 0; 366 serr->ee.ee_info = info; 367 serr->ee.ee_data = 0; 368 serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb); 369 serr->port = fl6->fl6_dport; 370 371 __skb_pull(skb, skb_tail_pointer(skb) - skb->data); 372 skb_reset_transport_header(skb); 373 374 if (sock_queue_err_skb(sk, skb)) 375 kfree_skb(skb); 376 } 377 378 void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu) 379 { 380 struct ipv6_pinfo *np = inet6_sk(sk); 381 struct ipv6hdr *iph; 382 struct sk_buff *skb; 383 struct ip6_mtuinfo *mtu_info; 384 385 if (!np->rxopt.bits.rxpmtu) 386 return; 387 388 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC); 389 if (!skb) 390 return; 391 392 skb_put(skb, sizeof(struct ipv6hdr)); 393 skb_reset_network_header(skb); 394 iph = ipv6_hdr(skb); 395 iph->daddr = fl6->daddr; 396 397 mtu_info = IP6CBMTU(skb); 398 399 mtu_info->ip6m_mtu = mtu; 400 mtu_info->ip6m_addr.sin6_family = AF_INET6; 401 mtu_info->ip6m_addr.sin6_port = 0; 402 mtu_info->ip6m_addr.sin6_flowinfo = 0; 403 mtu_info->ip6m_addr.sin6_scope_id = fl6->flowi6_oif; 404 mtu_info->ip6m_addr.sin6_addr = ipv6_hdr(skb)->daddr; 405 406 __skb_pull(skb, skb_tail_pointer(skb) - skb->data); 407 skb_reset_transport_header(skb); 408 409 skb = xchg(&np->rxpmtu, skb); 410 kfree_skb(skb); 411 } 412 413 /* For some errors we have valid addr_offset even with zero payload and 414 * zero port. Also, addr_offset should be supported if port is set. 415 */ 416 static inline bool ipv6_datagram_support_addr(struct sock_exterr_skb *serr) 417 { 418 return serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6 || 419 serr->ee.ee_origin == SO_EE_ORIGIN_ICMP || 420 serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL || serr->port; 421 } 422 423 /* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL. 424 * 425 * At one point, excluding local errors was a quick test to identify icmp/icmp6 426 * errors. This is no longer true, but the test remained, so the v6 stack, 427 * unlike v4, also honors cmsg requests on all wifi and timestamp errors. 428 */ 429 static bool ip6_datagram_support_cmsg(struct sk_buff *skb, 430 struct sock_exterr_skb *serr) 431 { 432 if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP || 433 serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6) 434 return true; 435 436 if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL) 437 return false; 438 439 if (!IP6CB(skb)->iif) 440 return false; 441 442 return true; 443 } 444 445 /* 446 * Handle MSG_ERRQUEUE 447 */ 448 int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) 449 { 450 struct ipv6_pinfo *np = inet6_sk(sk); 451 struct sock_exterr_skb *serr; 452 struct sk_buff *skb; 453 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name); 454 struct { 455 struct sock_extended_err ee; 456 struct sockaddr_in6 offender; 457 } errhdr; 458 int err; 459 int copied; 460 461 err = -EAGAIN; 462 skb = sock_dequeue_err_skb(sk); 463 if (!skb) 464 goto out; 465 466 copied = skb->len; 467 if (copied > len) { 468 msg->msg_flags |= MSG_TRUNC; 469 copied = len; 470 } 471 err = skb_copy_datagram_msg(skb, 0, msg, copied); 472 if (unlikely(err)) { 473 kfree_skb(skb); 474 return err; 475 } 476 sock_recv_timestamp(msg, sk, skb); 477 478 serr = SKB_EXT_ERR(skb); 479 480 if (sin && ipv6_datagram_support_addr(serr)) { 481 const unsigned char *nh = skb_network_header(skb); 482 sin->sin6_family = AF_INET6; 483 sin->sin6_flowinfo = 0; 484 sin->sin6_port = serr->port; 485 if (skb->protocol == htons(ETH_P_IPV6)) { 486 const struct ipv6hdr *ip6h = container_of((struct in6_addr *)(nh + serr->addr_offset), 487 struct ipv6hdr, daddr); 488 sin->sin6_addr = ip6h->daddr; 489 if (np->sndflow) 490 sin->sin6_flowinfo = ip6_flowinfo(ip6h); 491 sin->sin6_scope_id = 492 ipv6_iface_scope_id(&sin->sin6_addr, 493 IP6CB(skb)->iif); 494 } else { 495 ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset), 496 &sin->sin6_addr); 497 sin->sin6_scope_id = 0; 498 } 499 *addr_len = sizeof(*sin); 500 } 501 502 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); 503 sin = &errhdr.offender; 504 memset(sin, 0, sizeof(*sin)); 505 506 if (ip6_datagram_support_cmsg(skb, serr)) { 507 sin->sin6_family = AF_INET6; 508 if (np->rxopt.all) 509 ip6_datagram_recv_common_ctl(sk, msg, skb); 510 if (skb->protocol == htons(ETH_P_IPV6)) { 511 sin->sin6_addr = ipv6_hdr(skb)->saddr; 512 if (np->rxopt.all) 513 ip6_datagram_recv_specific_ctl(sk, msg, skb); 514 sin->sin6_scope_id = 515 ipv6_iface_scope_id(&sin->sin6_addr, 516 IP6CB(skb)->iif); 517 } else { 518 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, 519 &sin->sin6_addr); 520 if (inet_sk(sk)->cmsg_flags) 521 ip_cmsg_recv(msg, skb); 522 } 523 } 524 525 put_cmsg(msg, SOL_IPV6, IPV6_RECVERR, sizeof(errhdr), &errhdr); 526 527 /* Now we could try to dump offended packet options */ 528 529 msg->msg_flags |= MSG_ERRQUEUE; 530 err = copied; 531 532 consume_skb(skb); 533 out: 534 return err; 535 } 536 EXPORT_SYMBOL_GPL(ipv6_recv_error); 537 538 /* 539 * Handle IPV6_RECVPATHMTU 540 */ 541 int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len, 542 int *addr_len) 543 { 544 struct ipv6_pinfo *np = inet6_sk(sk); 545 struct sk_buff *skb; 546 struct ip6_mtuinfo mtu_info; 547 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name); 548 int err; 549 int copied; 550 551 err = -EAGAIN; 552 skb = xchg(&np->rxpmtu, NULL); 553 if (!skb) 554 goto out; 555 556 copied = skb->len; 557 if (copied > len) { 558 msg->msg_flags |= MSG_TRUNC; 559 copied = len; 560 } 561 err = skb_copy_datagram_msg(skb, 0, msg, copied); 562 if (err) 563 goto out_free_skb; 564 565 sock_recv_timestamp(msg, sk, skb); 566 567 memcpy(&mtu_info, IP6CBMTU(skb), sizeof(mtu_info)); 568 569 if (sin) { 570 sin->sin6_family = AF_INET6; 571 sin->sin6_flowinfo = 0; 572 sin->sin6_port = 0; 573 sin->sin6_scope_id = mtu_info.ip6m_addr.sin6_scope_id; 574 sin->sin6_addr = mtu_info.ip6m_addr.sin6_addr; 575 *addr_len = sizeof(*sin); 576 } 577 578 put_cmsg(msg, SOL_IPV6, IPV6_PATHMTU, sizeof(mtu_info), &mtu_info); 579 580 err = copied; 581 582 out_free_skb: 583 kfree_skb(skb); 584 out: 585 return err; 586 } 587 588 589 void ip6_datagram_recv_common_ctl(struct sock *sk, struct msghdr *msg, 590 struct sk_buff *skb) 591 { 592 struct ipv6_pinfo *np = inet6_sk(sk); 593 bool is_ipv6 = skb->protocol == htons(ETH_P_IPV6); 594 595 if (np->rxopt.bits.rxinfo) { 596 struct in6_pktinfo src_info; 597 598 if (is_ipv6) { 599 src_info.ipi6_ifindex = IP6CB(skb)->iif; 600 src_info.ipi6_addr = ipv6_hdr(skb)->daddr; 601 } else { 602 src_info.ipi6_ifindex = 603 PKTINFO_SKB_CB(skb)->ipi_ifindex; 604 ipv6_addr_set_v4mapped(ip_hdr(skb)->daddr, 605 &src_info.ipi6_addr); 606 } 607 608 if (src_info.ipi6_ifindex >= 0) 609 put_cmsg(msg, SOL_IPV6, IPV6_PKTINFO, 610 sizeof(src_info), &src_info); 611 } 612 } 613 614 void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg, 615 struct sk_buff *skb) 616 { 617 struct ipv6_pinfo *np = inet6_sk(sk); 618 struct inet6_skb_parm *opt = IP6CB(skb); 619 unsigned char *nh = skb_network_header(skb); 620 621 if (np->rxopt.bits.rxhlim) { 622 int hlim = ipv6_hdr(skb)->hop_limit; 623 put_cmsg(msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 624 } 625 626 if (np->rxopt.bits.rxtclass) { 627 int tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 628 put_cmsg(msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 629 } 630 631 if (np->rxopt.bits.rxflow) { 632 __be32 flowinfo = ip6_flowinfo((struct ipv6hdr *)nh); 633 if (flowinfo) 634 put_cmsg(msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 635 } 636 637 /* HbH is allowed only once */ 638 if (np->rxopt.bits.hopopts && (opt->flags & IP6SKB_HOPBYHOP)) { 639 u8 *ptr = nh + sizeof(struct ipv6hdr); 640 put_cmsg(msg, SOL_IPV6, IPV6_HOPOPTS, (ptr[1]+1)<<3, ptr); 641 } 642 643 if (opt->lastopt && 644 (np->rxopt.bits.dstopts || np->rxopt.bits.srcrt)) { 645 /* 646 * Silly enough, but we need to reparse in order to 647 * report extension headers (except for HbH) 648 * in order. 649 * 650 * Also note that IPV6_RECVRTHDRDSTOPTS is NOT 651 * (and WILL NOT be) defined because 652 * IPV6_RECVDSTOPTS is more generic. --yoshfuji 653 */ 654 unsigned int off = sizeof(struct ipv6hdr); 655 u8 nexthdr = ipv6_hdr(skb)->nexthdr; 656 657 while (off <= opt->lastopt) { 658 unsigned int len; 659 u8 *ptr = nh + off; 660 661 switch (nexthdr) { 662 case IPPROTO_DSTOPTS: 663 nexthdr = ptr[0]; 664 len = (ptr[1] + 1) << 3; 665 if (np->rxopt.bits.dstopts) 666 put_cmsg(msg, SOL_IPV6, IPV6_DSTOPTS, len, ptr); 667 break; 668 case IPPROTO_ROUTING: 669 nexthdr = ptr[0]; 670 len = (ptr[1] + 1) << 3; 671 if (np->rxopt.bits.srcrt) 672 put_cmsg(msg, SOL_IPV6, IPV6_RTHDR, len, ptr); 673 break; 674 case IPPROTO_AH: 675 nexthdr = ptr[0]; 676 len = (ptr[1] + 2) << 2; 677 break; 678 default: 679 nexthdr = ptr[0]; 680 len = (ptr[1] + 1) << 3; 681 break; 682 } 683 684 off += len; 685 } 686 } 687 688 /* socket options in old style */ 689 if (np->rxopt.bits.rxoinfo) { 690 struct in6_pktinfo src_info; 691 692 src_info.ipi6_ifindex = opt->iif; 693 src_info.ipi6_addr = ipv6_hdr(skb)->daddr; 694 put_cmsg(msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 695 } 696 if (np->rxopt.bits.rxohlim) { 697 int hlim = ipv6_hdr(skb)->hop_limit; 698 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 699 } 700 if (np->rxopt.bits.ohopopts && (opt->flags & IP6SKB_HOPBYHOP)) { 701 u8 *ptr = nh + sizeof(struct ipv6hdr); 702 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPOPTS, (ptr[1]+1)<<3, ptr); 703 } 704 if (np->rxopt.bits.odstopts && opt->dst0) { 705 u8 *ptr = nh + opt->dst0; 706 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr); 707 } 708 if (np->rxopt.bits.osrcrt && opt->srcrt) { 709 struct ipv6_rt_hdr *rthdr = (struct ipv6_rt_hdr *)(nh + opt->srcrt); 710 put_cmsg(msg, SOL_IPV6, IPV6_2292RTHDR, (rthdr->hdrlen+1) << 3, rthdr); 711 } 712 if (np->rxopt.bits.odstopts && opt->dst1) { 713 u8 *ptr = nh + opt->dst1; 714 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr); 715 } 716 if (np->rxopt.bits.rxorigdstaddr) { 717 struct sockaddr_in6 sin6; 718 __be16 _ports[2], *ports; 719 720 ports = skb_header_pointer(skb, skb_transport_offset(skb), 721 sizeof(_ports), &_ports); 722 if (ports) { 723 /* All current transport protocols have the port numbers in the 724 * first four bytes of the transport header and this function is 725 * written with this assumption in mind. 726 */ 727 sin6.sin6_family = AF_INET6; 728 sin6.sin6_addr = ipv6_hdr(skb)->daddr; 729 sin6.sin6_port = ports[1]; 730 sin6.sin6_flowinfo = 0; 731 sin6.sin6_scope_id = 732 ipv6_iface_scope_id(&ipv6_hdr(skb)->daddr, 733 opt->iif); 734 735 put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, sizeof(sin6), &sin6); 736 } 737 } 738 if (np->rxopt.bits.recvfragsize && opt->frag_max_size) { 739 int val = opt->frag_max_size; 740 741 put_cmsg(msg, SOL_IPV6, IPV6_RECVFRAGSIZE, sizeof(val), &val); 742 } 743 } 744 745 void ip6_datagram_recv_ctl(struct sock *sk, struct msghdr *msg, 746 struct sk_buff *skb) 747 { 748 ip6_datagram_recv_common_ctl(sk, msg, skb); 749 ip6_datagram_recv_specific_ctl(sk, msg, skb); 750 } 751 EXPORT_SYMBOL_GPL(ip6_datagram_recv_ctl); 752 753 int ip6_datagram_send_ctl(struct net *net, struct sock *sk, 754 struct msghdr *msg, struct flowi6 *fl6, 755 struct ipcm6_cookie *ipc6) 756 { 757 struct in6_pktinfo *src_info; 758 struct cmsghdr *cmsg; 759 struct ipv6_rt_hdr *rthdr; 760 struct ipv6_opt_hdr *hdr; 761 struct ipv6_txoptions *opt = ipc6->opt; 762 int len; 763 int err = 0; 764 765 for_each_cmsghdr(cmsg, msg) { 766 int addr_type; 767 768 if (!CMSG_OK(msg, cmsg)) { 769 err = -EINVAL; 770 goto exit_f; 771 } 772 773 if (cmsg->cmsg_level == SOL_SOCKET) { 774 err = __sock_cmsg_send(sk, msg, cmsg, &ipc6->sockc); 775 if (err) 776 return err; 777 continue; 778 } 779 780 if (cmsg->cmsg_level != SOL_IPV6) 781 continue; 782 783 switch (cmsg->cmsg_type) { 784 case IPV6_PKTINFO: 785 case IPV6_2292PKTINFO: 786 { 787 struct net_device *dev = NULL; 788 int src_idx; 789 790 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) { 791 err = -EINVAL; 792 goto exit_f; 793 } 794 795 src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg); 796 src_idx = src_info->ipi6_ifindex; 797 798 if (src_idx) { 799 if (fl6->flowi6_oif && 800 src_idx != fl6->flowi6_oif && 801 (READ_ONCE(sk->sk_bound_dev_if) != fl6->flowi6_oif || 802 !sk_dev_equal_l3scope(sk, src_idx))) 803 return -EINVAL; 804 fl6->flowi6_oif = src_idx; 805 } 806 807 addr_type = __ipv6_addr_type(&src_info->ipi6_addr); 808 809 rcu_read_lock(); 810 if (fl6->flowi6_oif) { 811 dev = dev_get_by_index_rcu(net, fl6->flowi6_oif); 812 if (!dev) { 813 rcu_read_unlock(); 814 return -ENODEV; 815 } 816 } else if (addr_type & IPV6_ADDR_LINKLOCAL) { 817 rcu_read_unlock(); 818 return -EINVAL; 819 } 820 821 if (addr_type != IPV6_ADDR_ANY) { 822 int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL; 823 if (!ipv6_can_nonlocal_bind(net, inet_sk(sk)) && 824 !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr, 825 dev, !strict, 0, 826 IFA_F_TENTATIVE) && 827 !ipv6_chk_acast_addr_src(net, dev, 828 &src_info->ipi6_addr)) 829 err = -EINVAL; 830 else 831 fl6->saddr = src_info->ipi6_addr; 832 } 833 834 rcu_read_unlock(); 835 836 if (err) 837 goto exit_f; 838 839 break; 840 } 841 842 case IPV6_FLOWINFO: 843 if (cmsg->cmsg_len < CMSG_LEN(4)) { 844 err = -EINVAL; 845 goto exit_f; 846 } 847 848 if (fl6->flowlabel&IPV6_FLOWINFO_MASK) { 849 if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) { 850 err = -EINVAL; 851 goto exit_f; 852 } 853 } 854 fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg); 855 break; 856 857 case IPV6_2292HOPOPTS: 858 case IPV6_HOPOPTS: 859 if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { 860 err = -EINVAL; 861 goto exit_f; 862 } 863 864 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); 865 len = ((hdr->hdrlen + 1) << 3); 866 if (cmsg->cmsg_len < CMSG_LEN(len)) { 867 err = -EINVAL; 868 goto exit_f; 869 } 870 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { 871 err = -EPERM; 872 goto exit_f; 873 } 874 opt->opt_nflen += len; 875 opt->hopopt = hdr; 876 break; 877 878 case IPV6_2292DSTOPTS: 879 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { 880 err = -EINVAL; 881 goto exit_f; 882 } 883 884 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); 885 len = ((hdr->hdrlen + 1) << 3); 886 if (cmsg->cmsg_len < CMSG_LEN(len)) { 887 err = -EINVAL; 888 goto exit_f; 889 } 890 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { 891 err = -EPERM; 892 goto exit_f; 893 } 894 if (opt->dst1opt) { 895 err = -EINVAL; 896 goto exit_f; 897 } 898 opt->opt_flen += len; 899 opt->dst1opt = hdr; 900 break; 901 902 case IPV6_DSTOPTS: 903 case IPV6_RTHDRDSTOPTS: 904 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { 905 err = -EINVAL; 906 goto exit_f; 907 } 908 909 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); 910 len = ((hdr->hdrlen + 1) << 3); 911 if (cmsg->cmsg_len < CMSG_LEN(len)) { 912 err = -EINVAL; 913 goto exit_f; 914 } 915 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { 916 err = -EPERM; 917 goto exit_f; 918 } 919 if (cmsg->cmsg_type == IPV6_DSTOPTS) { 920 opt->opt_flen += len; 921 opt->dst1opt = hdr; 922 } else { 923 opt->opt_nflen += len; 924 opt->dst0opt = hdr; 925 } 926 break; 927 928 case IPV6_2292RTHDR: 929 case IPV6_RTHDR: 930 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_rt_hdr))) { 931 err = -EINVAL; 932 goto exit_f; 933 } 934 935 rthdr = (struct ipv6_rt_hdr *)CMSG_DATA(cmsg); 936 937 switch (rthdr->type) { 938 #if IS_ENABLED(CONFIG_IPV6_MIP6) 939 case IPV6_SRCRT_TYPE_2: 940 if (rthdr->hdrlen != 2 || 941 rthdr->segments_left != 1) { 942 err = -EINVAL; 943 goto exit_f; 944 } 945 break; 946 #endif 947 default: 948 err = -EINVAL; 949 goto exit_f; 950 } 951 952 len = ((rthdr->hdrlen + 1) << 3); 953 954 if (cmsg->cmsg_len < CMSG_LEN(len)) { 955 err = -EINVAL; 956 goto exit_f; 957 } 958 959 /* segments left must also match */ 960 if ((rthdr->hdrlen >> 1) != rthdr->segments_left) { 961 err = -EINVAL; 962 goto exit_f; 963 } 964 965 opt->opt_nflen += len; 966 opt->srcrt = rthdr; 967 968 if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) { 969 int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3); 970 971 opt->opt_nflen += dsthdrlen; 972 opt->dst0opt = opt->dst1opt; 973 opt->dst1opt = NULL; 974 opt->opt_flen -= dsthdrlen; 975 } 976 977 break; 978 979 case IPV6_2292HOPLIMIT: 980 case IPV6_HOPLIMIT: 981 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) { 982 err = -EINVAL; 983 goto exit_f; 984 } 985 986 ipc6->hlimit = *(int *)CMSG_DATA(cmsg); 987 if (ipc6->hlimit < -1 || ipc6->hlimit > 0xff) { 988 err = -EINVAL; 989 goto exit_f; 990 } 991 992 break; 993 994 case IPV6_TCLASS: 995 { 996 int tc; 997 998 err = -EINVAL; 999 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) 1000 goto exit_f; 1001 1002 tc = *(int *)CMSG_DATA(cmsg); 1003 if (tc < -1 || tc > 0xff) 1004 goto exit_f; 1005 1006 err = 0; 1007 ipc6->tclass = tc; 1008 1009 break; 1010 } 1011 1012 case IPV6_DONTFRAG: 1013 { 1014 int df; 1015 1016 err = -EINVAL; 1017 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) 1018 goto exit_f; 1019 1020 df = *(int *)CMSG_DATA(cmsg); 1021 if (df < 0 || df > 1) 1022 goto exit_f; 1023 1024 err = 0; 1025 ipc6->dontfrag = df; 1026 1027 break; 1028 } 1029 default: 1030 net_dbg_ratelimited("invalid cmsg type: %d\n", 1031 cmsg->cmsg_type); 1032 err = -EINVAL; 1033 goto exit_f; 1034 } 1035 } 1036 1037 exit_f: 1038 return err; 1039 } 1040 EXPORT_SYMBOL_GPL(ip6_datagram_send_ctl); 1041 1042 void __ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, 1043 __u16 srcp, __u16 destp, int rqueue, int bucket) 1044 { 1045 const struct in6_addr *dest, *src; 1046 1047 dest = &sp->sk_v6_daddr; 1048 src = &sp->sk_v6_rcv_saddr; 1049 seq_printf(seq, 1050 "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1051 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n", 1052 bucket, 1053 src->s6_addr32[0], src->s6_addr32[1], 1054 src->s6_addr32[2], src->s6_addr32[3], srcp, 1055 dest->s6_addr32[0], dest->s6_addr32[1], 1056 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1057 sp->sk_state, 1058 sk_wmem_alloc_get(sp), 1059 rqueue, 1060 0, 0L, 0, 1061 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1062 0, 1063 sock_i_ino(sp), 1064 refcount_read(&sp->sk_refcnt), sp, 1065 atomic_read(&sp->sk_drops)); 1066 } 1067