1 /* 2 * IPv6 BSD socket options interface 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * FIXME: Make the setsockopt code POSIX compliant: That is 16 * 17 * o Truncate getsockopt returns 18 * o Return an optlen of the truncated length if need be 19 * 20 * Changes: 21 * David L Stevens <dlstevens@us.ibm.com>: 22 * - added multicast source filtering API for MLDv2 23 */ 24 25 #include <linux/module.h> 26 #include <linux/capability.h> 27 #include <linux/errno.h> 28 #include <linux/types.h> 29 #include <linux/socket.h> 30 #include <linux/sockios.h> 31 #include <linux/net.h> 32 #include <linux/in6.h> 33 #include <linux/mroute6.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/init.h> 37 #include <linux/sysctl.h> 38 #include <linux/netfilter.h> 39 #include <linux/slab.h> 40 41 #include <net/sock.h> 42 #include <net/snmp.h> 43 #include <net/ipv6.h> 44 #include <net/ndisc.h> 45 #include <net/protocol.h> 46 #include <net/transp_v6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/inet_common.h> 50 #include <net/tcp.h> 51 #include <net/udp.h> 52 #include <net/udplite.h> 53 #include <net/xfrm.h> 54 #include <net/compat.h> 55 56 #include <asm/uaccess.h> 57 58 struct ip6_ra_chain *ip6_ra_chain; 59 DEFINE_RWLOCK(ip6_ra_lock); 60 61 int ip6_ra_control(struct sock *sk, int sel) 62 { 63 struct ip6_ra_chain *ra, *new_ra, **rap; 64 65 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 66 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW) 67 return -ENOPROTOOPT; 68 69 new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 70 71 write_lock_bh(&ip6_ra_lock); 72 for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { 73 if (ra->sk == sk) { 74 if (sel >= 0) { 75 write_unlock_bh(&ip6_ra_lock); 76 kfree(new_ra); 77 return -EADDRINUSE; 78 } 79 80 *rap = ra->next; 81 write_unlock_bh(&ip6_ra_lock); 82 83 sock_put(sk); 84 kfree(ra); 85 return 0; 86 } 87 } 88 if (!new_ra) { 89 write_unlock_bh(&ip6_ra_lock); 90 return -ENOBUFS; 91 } 92 new_ra->sk = sk; 93 new_ra->sel = sel; 94 new_ra->next = ra; 95 *rap = new_ra; 96 sock_hold(sk); 97 write_unlock_bh(&ip6_ra_lock); 98 return 0; 99 } 100 101 static 102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk, 103 struct ipv6_txoptions *opt) 104 { 105 if (inet_sk(sk)->is_icsk) { 106 if (opt && 107 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && 108 inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) { 109 struct inet_connection_sock *icsk = inet_csk(sk); 110 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 111 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); 112 } 113 } 114 opt = xchg(&inet6_sk(sk)->opt, opt); 115 sk_dst_reset(sk); 116 117 return opt; 118 } 119 120 static bool setsockopt_needs_rtnl(int optname) 121 { 122 switch (optname) { 123 case IPV6_ADD_MEMBERSHIP: 124 case IPV6_DROP_MEMBERSHIP: 125 case IPV6_JOIN_ANYCAST: 126 case IPV6_LEAVE_ANYCAST: 127 case MCAST_JOIN_GROUP: 128 case MCAST_LEAVE_GROUP: 129 case MCAST_JOIN_SOURCE_GROUP: 130 case MCAST_LEAVE_SOURCE_GROUP: 131 case MCAST_BLOCK_SOURCE: 132 case MCAST_UNBLOCK_SOURCE: 133 case MCAST_MSFILTER: 134 return true; 135 } 136 return false; 137 } 138 139 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 140 char __user *optval, unsigned int optlen) 141 { 142 struct ipv6_pinfo *np = inet6_sk(sk); 143 struct net *net = sock_net(sk); 144 int val, valbool; 145 int retv = -ENOPROTOOPT; 146 bool needs_rtnl = setsockopt_needs_rtnl(optname); 147 148 if (!optval) 149 val = 0; 150 else { 151 if (optlen >= sizeof(int)) { 152 if (get_user(val, (int __user *) optval)) 153 return -EFAULT; 154 } else 155 val = 0; 156 } 157 158 valbool = (val != 0); 159 160 if (ip6_mroute_opt(optname)) 161 return ip6_mroute_setsockopt(sk, optname, optval, optlen); 162 163 if (needs_rtnl) 164 rtnl_lock(); 165 lock_sock(sk); 166 167 switch (optname) { 168 169 case IPV6_ADDRFORM: 170 if (optlen < sizeof(int)) 171 goto e_inval; 172 if (val == PF_INET) { 173 struct ipv6_txoptions *opt; 174 struct sk_buff *pktopt; 175 176 if (sk->sk_type == SOCK_RAW) 177 break; 178 179 if (sk->sk_protocol == IPPROTO_UDP || 180 sk->sk_protocol == IPPROTO_UDPLITE) { 181 struct udp_sock *up = udp_sk(sk); 182 if (up->pending == AF_INET6) { 183 retv = -EBUSY; 184 break; 185 } 186 } else if (sk->sk_protocol != IPPROTO_TCP) 187 break; 188 189 if (sk->sk_state != TCP_ESTABLISHED) { 190 retv = -ENOTCONN; 191 break; 192 } 193 194 if (ipv6_only_sock(sk) || 195 !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { 196 retv = -EADDRNOTAVAIL; 197 break; 198 } 199 200 fl6_free_socklist(sk); 201 ipv6_sock_mc_close(sk); 202 203 /* 204 * Sock is moving from IPv6 to IPv4 (sk_prot), so 205 * remove it from the refcnt debug socks count in the 206 * original family... 207 */ 208 sk_refcnt_debug_dec(sk); 209 210 if (sk->sk_protocol == IPPROTO_TCP) { 211 struct inet_connection_sock *icsk = inet_csk(sk); 212 local_bh_disable(); 213 sock_prot_inuse_add(net, sk->sk_prot, -1); 214 sock_prot_inuse_add(net, &tcp_prot, 1); 215 local_bh_enable(); 216 sk->sk_prot = &tcp_prot; 217 icsk->icsk_af_ops = &ipv4_specific; 218 sk->sk_socket->ops = &inet_stream_ops; 219 sk->sk_family = PF_INET; 220 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 221 } else { 222 struct proto *prot = &udp_prot; 223 224 if (sk->sk_protocol == IPPROTO_UDPLITE) 225 prot = &udplite_prot; 226 local_bh_disable(); 227 sock_prot_inuse_add(net, sk->sk_prot, -1); 228 sock_prot_inuse_add(net, prot, 1); 229 local_bh_enable(); 230 sk->sk_prot = prot; 231 sk->sk_socket->ops = &inet_dgram_ops; 232 sk->sk_family = PF_INET; 233 } 234 opt = xchg(&np->opt, NULL); 235 if (opt) 236 sock_kfree_s(sk, opt, opt->tot_len); 237 pktopt = xchg(&np->pktoptions, NULL); 238 kfree_skb(pktopt); 239 240 sk->sk_destruct = inet_sock_destruct; 241 /* 242 * ... and add it to the refcnt debug socks count 243 * in the new family. -acme 244 */ 245 sk_refcnt_debug_inc(sk); 246 module_put(THIS_MODULE); 247 retv = 0; 248 break; 249 } 250 goto e_inval; 251 252 case IPV6_V6ONLY: 253 if (optlen < sizeof(int) || 254 inet_sk(sk)->inet_num) 255 goto e_inval; 256 sk->sk_ipv6only = valbool; 257 retv = 0; 258 break; 259 260 case IPV6_RECVPKTINFO: 261 if (optlen < sizeof(int)) 262 goto e_inval; 263 np->rxopt.bits.rxinfo = valbool; 264 retv = 0; 265 break; 266 267 case IPV6_2292PKTINFO: 268 if (optlen < sizeof(int)) 269 goto e_inval; 270 np->rxopt.bits.rxoinfo = valbool; 271 retv = 0; 272 break; 273 274 case IPV6_RECVHOPLIMIT: 275 if (optlen < sizeof(int)) 276 goto e_inval; 277 np->rxopt.bits.rxhlim = valbool; 278 retv = 0; 279 break; 280 281 case IPV6_2292HOPLIMIT: 282 if (optlen < sizeof(int)) 283 goto e_inval; 284 np->rxopt.bits.rxohlim = valbool; 285 retv = 0; 286 break; 287 288 case IPV6_RECVRTHDR: 289 if (optlen < sizeof(int)) 290 goto e_inval; 291 np->rxopt.bits.srcrt = valbool; 292 retv = 0; 293 break; 294 295 case IPV6_2292RTHDR: 296 if (optlen < sizeof(int)) 297 goto e_inval; 298 np->rxopt.bits.osrcrt = valbool; 299 retv = 0; 300 break; 301 302 case IPV6_RECVHOPOPTS: 303 if (optlen < sizeof(int)) 304 goto e_inval; 305 np->rxopt.bits.hopopts = valbool; 306 retv = 0; 307 break; 308 309 case IPV6_2292HOPOPTS: 310 if (optlen < sizeof(int)) 311 goto e_inval; 312 np->rxopt.bits.ohopopts = valbool; 313 retv = 0; 314 break; 315 316 case IPV6_RECVDSTOPTS: 317 if (optlen < sizeof(int)) 318 goto e_inval; 319 np->rxopt.bits.dstopts = valbool; 320 retv = 0; 321 break; 322 323 case IPV6_2292DSTOPTS: 324 if (optlen < sizeof(int)) 325 goto e_inval; 326 np->rxopt.bits.odstopts = valbool; 327 retv = 0; 328 break; 329 330 case IPV6_TCLASS: 331 if (optlen < sizeof(int)) 332 goto e_inval; 333 if (val < -1 || val > 0xff) 334 goto e_inval; 335 /* RFC 3542, 6.5: default traffic class of 0x0 */ 336 if (val == -1) 337 val = 0; 338 np->tclass = val; 339 retv = 0; 340 break; 341 342 case IPV6_RECVTCLASS: 343 if (optlen < sizeof(int)) 344 goto e_inval; 345 np->rxopt.bits.rxtclass = valbool; 346 retv = 0; 347 break; 348 349 case IPV6_FLOWINFO: 350 if (optlen < sizeof(int)) 351 goto e_inval; 352 np->rxopt.bits.rxflow = valbool; 353 retv = 0; 354 break; 355 356 case IPV6_RECVPATHMTU: 357 if (optlen < sizeof(int)) 358 goto e_inval; 359 np->rxopt.bits.rxpmtu = valbool; 360 retv = 0; 361 break; 362 363 case IPV6_TRANSPARENT: 364 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && 365 !ns_capable(net->user_ns, CAP_NET_RAW)) { 366 retv = -EPERM; 367 break; 368 } 369 if (optlen < sizeof(int)) 370 goto e_inval; 371 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ 372 inet_sk(sk)->transparent = valbool; 373 retv = 0; 374 break; 375 376 case IPV6_RECVORIGDSTADDR: 377 if (optlen < sizeof(int)) 378 goto e_inval; 379 np->rxopt.bits.rxorigdstaddr = valbool; 380 retv = 0; 381 break; 382 383 case IPV6_HOPOPTS: 384 case IPV6_RTHDRDSTOPTS: 385 case IPV6_RTHDR: 386 case IPV6_DSTOPTS: 387 { 388 struct ipv6_txoptions *opt; 389 390 /* remove any sticky options header with a zero option 391 * length, per RFC3542. 392 */ 393 if (optlen == 0) 394 optval = NULL; 395 else if (!optval) 396 goto e_inval; 397 else if (optlen < sizeof(struct ipv6_opt_hdr) || 398 optlen & 0x7 || optlen > 8 * 255) 399 goto e_inval; 400 401 /* hop-by-hop / destination options are privileged option */ 402 retv = -EPERM; 403 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) 404 break; 405 406 opt = ipv6_renew_options(sk, np->opt, optname, 407 (struct ipv6_opt_hdr __user *)optval, 408 optlen); 409 if (IS_ERR(opt)) { 410 retv = PTR_ERR(opt); 411 break; 412 } 413 414 /* routing header option needs extra check */ 415 retv = -EINVAL; 416 if (optname == IPV6_RTHDR && opt && opt->srcrt) { 417 struct ipv6_rt_hdr *rthdr = opt->srcrt; 418 switch (rthdr->type) { 419 #if IS_ENABLED(CONFIG_IPV6_MIP6) 420 case IPV6_SRCRT_TYPE_2: 421 if (rthdr->hdrlen != 2 || 422 rthdr->segments_left != 1) 423 goto sticky_done; 424 425 break; 426 #endif 427 default: 428 goto sticky_done; 429 } 430 } 431 432 retv = 0; 433 opt = ipv6_update_options(sk, opt); 434 sticky_done: 435 if (opt) 436 sock_kfree_s(sk, opt, opt->tot_len); 437 break; 438 } 439 440 case IPV6_PKTINFO: 441 { 442 struct in6_pktinfo pkt; 443 444 if (optlen == 0) 445 goto e_inval; 446 else if (optlen < sizeof(struct in6_pktinfo) || !optval) 447 goto e_inval; 448 449 if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { 450 retv = -EFAULT; 451 break; 452 } 453 if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) 454 goto e_inval; 455 456 np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; 457 np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; 458 retv = 0; 459 break; 460 } 461 462 case IPV6_2292PKTOPTIONS: 463 { 464 struct ipv6_txoptions *opt = NULL; 465 struct msghdr msg; 466 struct flowi6 fl6; 467 int junk; 468 469 memset(&fl6, 0, sizeof(fl6)); 470 fl6.flowi6_oif = sk->sk_bound_dev_if; 471 fl6.flowi6_mark = sk->sk_mark; 472 473 if (optlen == 0) 474 goto update; 475 476 /* 1K is probably excessive 477 * 1K is surely not enough, 2K per standard header is 16K. 478 */ 479 retv = -EINVAL; 480 if (optlen > 64*1024) 481 break; 482 483 opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); 484 retv = -ENOBUFS; 485 if (!opt) 486 break; 487 488 memset(opt, 0, sizeof(*opt)); 489 opt->tot_len = sizeof(*opt) + optlen; 490 retv = -EFAULT; 491 if (copy_from_user(opt+1, optval, optlen)) 492 goto done; 493 494 msg.msg_controllen = optlen; 495 msg.msg_control = (void *)(opt+1); 496 497 retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, 498 &junk, &junk); 499 if (retv) 500 goto done; 501 update: 502 retv = 0; 503 opt = ipv6_update_options(sk, opt); 504 done: 505 if (opt) 506 sock_kfree_s(sk, opt, opt->tot_len); 507 break; 508 } 509 case IPV6_UNICAST_HOPS: 510 if (optlen < sizeof(int)) 511 goto e_inval; 512 if (val > 255 || val < -1) 513 goto e_inval; 514 np->hop_limit = val; 515 retv = 0; 516 break; 517 518 case IPV6_MULTICAST_HOPS: 519 if (sk->sk_type == SOCK_STREAM) 520 break; 521 if (optlen < sizeof(int)) 522 goto e_inval; 523 if (val > 255 || val < -1) 524 goto e_inval; 525 np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); 526 retv = 0; 527 break; 528 529 case IPV6_MULTICAST_LOOP: 530 if (optlen < sizeof(int)) 531 goto e_inval; 532 if (val != valbool) 533 goto e_inval; 534 np->mc_loop = valbool; 535 retv = 0; 536 break; 537 538 case IPV6_UNICAST_IF: 539 { 540 struct net_device *dev = NULL; 541 int ifindex; 542 543 if (optlen != sizeof(int)) 544 goto e_inval; 545 546 ifindex = (__force int)ntohl((__force __be32)val); 547 if (ifindex == 0) { 548 np->ucast_oif = 0; 549 retv = 0; 550 break; 551 } 552 553 dev = dev_get_by_index(net, ifindex); 554 retv = -EADDRNOTAVAIL; 555 if (!dev) 556 break; 557 dev_put(dev); 558 559 retv = -EINVAL; 560 if (sk->sk_bound_dev_if) 561 break; 562 563 np->ucast_oif = ifindex; 564 retv = 0; 565 break; 566 } 567 568 case IPV6_MULTICAST_IF: 569 if (sk->sk_type == SOCK_STREAM) 570 break; 571 if (optlen < sizeof(int)) 572 goto e_inval; 573 574 if (val) { 575 struct net_device *dev; 576 577 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val) 578 goto e_inval; 579 580 dev = dev_get_by_index(net, val); 581 if (!dev) { 582 retv = -ENODEV; 583 break; 584 } 585 dev_put(dev); 586 } 587 np->mcast_oif = val; 588 retv = 0; 589 break; 590 case IPV6_ADD_MEMBERSHIP: 591 case IPV6_DROP_MEMBERSHIP: 592 { 593 struct ipv6_mreq mreq; 594 595 if (optlen < sizeof(struct ipv6_mreq)) 596 goto e_inval; 597 598 retv = -EPROTO; 599 if (inet_sk(sk)->is_icsk) 600 break; 601 602 retv = -EFAULT; 603 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 604 break; 605 606 if (optname == IPV6_ADD_MEMBERSHIP) 607 retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 608 else 609 retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 610 break; 611 } 612 case IPV6_JOIN_ANYCAST: 613 case IPV6_LEAVE_ANYCAST: 614 { 615 struct ipv6_mreq mreq; 616 617 if (optlen < sizeof(struct ipv6_mreq)) 618 goto e_inval; 619 620 retv = -EFAULT; 621 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 622 break; 623 624 if (optname == IPV6_JOIN_ANYCAST) 625 retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 626 else 627 retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 628 break; 629 } 630 case MCAST_JOIN_GROUP: 631 case MCAST_LEAVE_GROUP: 632 { 633 struct group_req greq; 634 struct sockaddr_in6 *psin6; 635 636 if (optlen < sizeof(struct group_req)) 637 goto e_inval; 638 639 retv = -EFAULT; 640 if (copy_from_user(&greq, optval, sizeof(struct group_req))) 641 break; 642 if (greq.gr_group.ss_family != AF_INET6) { 643 retv = -EADDRNOTAVAIL; 644 break; 645 } 646 psin6 = (struct sockaddr_in6 *)&greq.gr_group; 647 if (optname == MCAST_JOIN_GROUP) 648 retv = ipv6_sock_mc_join(sk, greq.gr_interface, 649 &psin6->sin6_addr); 650 else 651 retv = ipv6_sock_mc_drop(sk, greq.gr_interface, 652 &psin6->sin6_addr); 653 break; 654 } 655 case MCAST_JOIN_SOURCE_GROUP: 656 case MCAST_LEAVE_SOURCE_GROUP: 657 case MCAST_BLOCK_SOURCE: 658 case MCAST_UNBLOCK_SOURCE: 659 { 660 struct group_source_req greqs; 661 int omode, add; 662 663 if (optlen < sizeof(struct group_source_req)) 664 goto e_inval; 665 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 666 retv = -EFAULT; 667 break; 668 } 669 if (greqs.gsr_group.ss_family != AF_INET6 || 670 greqs.gsr_source.ss_family != AF_INET6) { 671 retv = -EADDRNOTAVAIL; 672 break; 673 } 674 if (optname == MCAST_BLOCK_SOURCE) { 675 omode = MCAST_EXCLUDE; 676 add = 1; 677 } else if (optname == MCAST_UNBLOCK_SOURCE) { 678 omode = MCAST_EXCLUDE; 679 add = 0; 680 } else if (optname == MCAST_JOIN_SOURCE_GROUP) { 681 struct sockaddr_in6 *psin6; 682 683 psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; 684 retv = ipv6_sock_mc_join(sk, greqs.gsr_interface, 685 &psin6->sin6_addr); 686 /* prior join w/ different source is ok */ 687 if (retv && retv != -EADDRINUSE) 688 break; 689 omode = MCAST_INCLUDE; 690 add = 1; 691 } else /* MCAST_LEAVE_SOURCE_GROUP */ { 692 omode = MCAST_INCLUDE; 693 add = 0; 694 } 695 retv = ip6_mc_source(add, omode, sk, &greqs); 696 break; 697 } 698 case MCAST_MSFILTER: 699 { 700 struct group_filter *gsf; 701 702 if (optlen < GROUP_FILTER_SIZE(0)) 703 goto e_inval; 704 if (optlen > sysctl_optmem_max) { 705 retv = -ENOBUFS; 706 break; 707 } 708 gsf = kmalloc(optlen, GFP_KERNEL); 709 if (!gsf) { 710 retv = -ENOBUFS; 711 break; 712 } 713 retv = -EFAULT; 714 if (copy_from_user(gsf, optval, optlen)) { 715 kfree(gsf); 716 break; 717 } 718 /* numsrc >= (4G-140)/128 overflow in 32 bits */ 719 if (gsf->gf_numsrc >= 0x1ffffffU || 720 gsf->gf_numsrc > sysctl_mld_max_msf) { 721 kfree(gsf); 722 retv = -ENOBUFS; 723 break; 724 } 725 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { 726 kfree(gsf); 727 retv = -EINVAL; 728 break; 729 } 730 retv = ip6_mc_msfilter(sk, gsf); 731 kfree(gsf); 732 733 break; 734 } 735 case IPV6_ROUTER_ALERT: 736 if (optlen < sizeof(int)) 737 goto e_inval; 738 retv = ip6_ra_control(sk, val); 739 break; 740 case IPV6_MTU_DISCOVER: 741 if (optlen < sizeof(int)) 742 goto e_inval; 743 if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) 744 goto e_inval; 745 np->pmtudisc = val; 746 retv = 0; 747 break; 748 case IPV6_MTU: 749 if (optlen < sizeof(int)) 750 goto e_inval; 751 if (val && val < IPV6_MIN_MTU) 752 goto e_inval; 753 np->frag_size = val; 754 retv = 0; 755 break; 756 case IPV6_RECVERR: 757 if (optlen < sizeof(int)) 758 goto e_inval; 759 np->recverr = valbool; 760 if (!val) 761 skb_queue_purge(&sk->sk_error_queue); 762 retv = 0; 763 break; 764 case IPV6_FLOWINFO_SEND: 765 if (optlen < sizeof(int)) 766 goto e_inval; 767 np->sndflow = valbool; 768 retv = 0; 769 break; 770 case IPV6_FLOWLABEL_MGR: 771 retv = ipv6_flowlabel_opt(sk, optval, optlen); 772 break; 773 case IPV6_IPSEC_POLICY: 774 case IPV6_XFRM_POLICY: 775 retv = -EPERM; 776 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 777 break; 778 retv = xfrm_user_policy(sk, optname, optval, optlen); 779 break; 780 781 case IPV6_ADDR_PREFERENCES: 782 { 783 unsigned int pref = 0; 784 unsigned int prefmask = ~0; 785 786 if (optlen < sizeof(int)) 787 goto e_inval; 788 789 retv = -EINVAL; 790 791 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */ 792 switch (val & (IPV6_PREFER_SRC_PUBLIC| 793 IPV6_PREFER_SRC_TMP| 794 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { 795 case IPV6_PREFER_SRC_PUBLIC: 796 pref |= IPV6_PREFER_SRC_PUBLIC; 797 break; 798 case IPV6_PREFER_SRC_TMP: 799 pref |= IPV6_PREFER_SRC_TMP; 800 break; 801 case IPV6_PREFER_SRC_PUBTMP_DEFAULT: 802 break; 803 case 0: 804 goto pref_skip_pubtmp; 805 default: 806 goto e_inval; 807 } 808 809 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| 810 IPV6_PREFER_SRC_TMP); 811 pref_skip_pubtmp: 812 813 /* check HOME/COA conflicts */ 814 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { 815 case IPV6_PREFER_SRC_HOME: 816 break; 817 case IPV6_PREFER_SRC_COA: 818 pref |= IPV6_PREFER_SRC_COA; 819 case 0: 820 goto pref_skip_coa; 821 default: 822 goto e_inval; 823 } 824 825 prefmask &= ~IPV6_PREFER_SRC_COA; 826 pref_skip_coa: 827 828 /* check CGA/NONCGA conflicts */ 829 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { 830 case IPV6_PREFER_SRC_CGA: 831 case IPV6_PREFER_SRC_NONCGA: 832 case 0: 833 break; 834 default: 835 goto e_inval; 836 } 837 838 np->srcprefs = (np->srcprefs & prefmask) | pref; 839 retv = 0; 840 841 break; 842 } 843 case IPV6_MINHOPCOUNT: 844 if (optlen < sizeof(int)) 845 goto e_inval; 846 if (val < 0 || val > 255) 847 goto e_inval; 848 np->min_hopcount = val; 849 retv = 0; 850 break; 851 case IPV6_DONTFRAG: 852 np->dontfrag = valbool; 853 retv = 0; 854 break; 855 case IPV6_AUTOFLOWLABEL: 856 np->autoflowlabel = valbool; 857 retv = 0; 858 break; 859 } 860 861 release_sock(sk); 862 if (needs_rtnl) 863 rtnl_unlock(); 864 865 return retv; 866 867 e_inval: 868 release_sock(sk); 869 if (needs_rtnl) 870 rtnl_unlock(); 871 return -EINVAL; 872 } 873 874 int ipv6_setsockopt(struct sock *sk, int level, int optname, 875 char __user *optval, unsigned int optlen) 876 { 877 int err; 878 879 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 880 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 881 882 if (level != SOL_IPV6) 883 return -ENOPROTOOPT; 884 885 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 886 #ifdef CONFIG_NETFILTER 887 /* we need to exclude all possible ENOPROTOOPTs except default case */ 888 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 889 optname != IPV6_XFRM_POLICY) { 890 lock_sock(sk); 891 err = nf_setsockopt(sk, PF_INET6, optname, optval, 892 optlen); 893 release_sock(sk); 894 } 895 #endif 896 return err; 897 } 898 EXPORT_SYMBOL(ipv6_setsockopt); 899 900 #ifdef CONFIG_COMPAT 901 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, 902 char __user *optval, unsigned int optlen) 903 { 904 int err; 905 906 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 907 if (udp_prot.compat_setsockopt != NULL) 908 return udp_prot.compat_setsockopt(sk, level, optname, 909 optval, optlen); 910 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 911 } 912 913 if (level != SOL_IPV6) 914 return -ENOPROTOOPT; 915 916 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER) 917 return compat_mc_setsockopt(sk, level, optname, optval, optlen, 918 ipv6_setsockopt); 919 920 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 921 #ifdef CONFIG_NETFILTER 922 /* we need to exclude all possible ENOPROTOOPTs except default case */ 923 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 924 optname != IPV6_XFRM_POLICY) { 925 lock_sock(sk); 926 err = compat_nf_setsockopt(sk, PF_INET6, optname, 927 optval, optlen); 928 release_sock(sk); 929 } 930 #endif 931 return err; 932 } 933 EXPORT_SYMBOL(compat_ipv6_setsockopt); 934 #endif 935 936 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 937 int optname, char __user *optval, int len) 938 { 939 struct ipv6_opt_hdr *hdr; 940 941 if (!opt) 942 return 0; 943 944 switch (optname) { 945 case IPV6_HOPOPTS: 946 hdr = opt->hopopt; 947 break; 948 case IPV6_RTHDRDSTOPTS: 949 hdr = opt->dst0opt; 950 break; 951 case IPV6_RTHDR: 952 hdr = (struct ipv6_opt_hdr *)opt->srcrt; 953 break; 954 case IPV6_DSTOPTS: 955 hdr = opt->dst1opt; 956 break; 957 default: 958 return -EINVAL; /* should not happen */ 959 } 960 961 if (!hdr) 962 return 0; 963 964 len = min_t(unsigned int, len, ipv6_optlen(hdr)); 965 if (copy_to_user(optval, hdr, len)) 966 return -EFAULT; 967 return len; 968 } 969 970 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 971 char __user *optval, int __user *optlen, unsigned int flags) 972 { 973 struct ipv6_pinfo *np = inet6_sk(sk); 974 int len; 975 int val; 976 977 if (ip6_mroute_opt(optname)) 978 return ip6_mroute_getsockopt(sk, optname, optval, optlen); 979 980 if (get_user(len, optlen)) 981 return -EFAULT; 982 switch (optname) { 983 case IPV6_ADDRFORM: 984 if (sk->sk_protocol != IPPROTO_UDP && 985 sk->sk_protocol != IPPROTO_UDPLITE && 986 sk->sk_protocol != IPPROTO_TCP) 987 return -ENOPROTOOPT; 988 if (sk->sk_state != TCP_ESTABLISHED) 989 return -ENOTCONN; 990 val = sk->sk_family; 991 break; 992 case MCAST_MSFILTER: 993 { 994 struct group_filter gsf; 995 int err; 996 997 if (len < GROUP_FILTER_SIZE(0)) 998 return -EINVAL; 999 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 1000 return -EFAULT; 1001 if (gsf.gf_group.ss_family != AF_INET6) 1002 return -EADDRNOTAVAIL; 1003 lock_sock(sk); 1004 err = ip6_mc_msfget(sk, &gsf, 1005 (struct group_filter __user *)optval, optlen); 1006 release_sock(sk); 1007 return err; 1008 } 1009 1010 case IPV6_2292PKTOPTIONS: 1011 { 1012 struct msghdr msg; 1013 struct sk_buff *skb; 1014 1015 if (sk->sk_type != SOCK_STREAM) 1016 return -ENOPROTOOPT; 1017 1018 msg.msg_control = optval; 1019 msg.msg_controllen = len; 1020 msg.msg_flags = flags; 1021 1022 lock_sock(sk); 1023 skb = np->pktoptions; 1024 if (skb) 1025 ip6_datagram_recv_ctl(sk, &msg, skb); 1026 release_sock(sk); 1027 if (!skb) { 1028 if (np->rxopt.bits.rxinfo) { 1029 struct in6_pktinfo src_info; 1030 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1031 np->sticky_pktinfo.ipi6_ifindex; 1032 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; 1033 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); 1034 } 1035 if (np->rxopt.bits.rxhlim) { 1036 int hlim = np->mcast_hops; 1037 put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 1038 } 1039 if (np->rxopt.bits.rxtclass) { 1040 int tclass = (int)ip6_tclass(np->rcv_flowinfo); 1041 1042 put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 1043 } 1044 if (np->rxopt.bits.rxoinfo) { 1045 struct in6_pktinfo src_info; 1046 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1047 np->sticky_pktinfo.ipi6_ifindex; 1048 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : 1049 np->sticky_pktinfo.ipi6_addr; 1050 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 1051 } 1052 if (np->rxopt.bits.rxohlim) { 1053 int hlim = np->mcast_hops; 1054 put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 1055 } 1056 if (np->rxopt.bits.rxflow) { 1057 __be32 flowinfo = np->rcv_flowinfo; 1058 1059 put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 1060 } 1061 } 1062 len -= msg.msg_controllen; 1063 return put_user(len, optlen); 1064 } 1065 case IPV6_MTU: 1066 { 1067 struct dst_entry *dst; 1068 1069 val = 0; 1070 rcu_read_lock(); 1071 dst = __sk_dst_get(sk); 1072 if (dst) 1073 val = dst_mtu(dst); 1074 rcu_read_unlock(); 1075 if (!val) 1076 return -ENOTCONN; 1077 break; 1078 } 1079 1080 case IPV6_V6ONLY: 1081 val = sk->sk_ipv6only; 1082 break; 1083 1084 case IPV6_RECVPKTINFO: 1085 val = np->rxopt.bits.rxinfo; 1086 break; 1087 1088 case IPV6_2292PKTINFO: 1089 val = np->rxopt.bits.rxoinfo; 1090 break; 1091 1092 case IPV6_RECVHOPLIMIT: 1093 val = np->rxopt.bits.rxhlim; 1094 break; 1095 1096 case IPV6_2292HOPLIMIT: 1097 val = np->rxopt.bits.rxohlim; 1098 break; 1099 1100 case IPV6_RECVRTHDR: 1101 val = np->rxopt.bits.srcrt; 1102 break; 1103 1104 case IPV6_2292RTHDR: 1105 val = np->rxopt.bits.osrcrt; 1106 break; 1107 1108 case IPV6_HOPOPTS: 1109 case IPV6_RTHDRDSTOPTS: 1110 case IPV6_RTHDR: 1111 case IPV6_DSTOPTS: 1112 { 1113 1114 lock_sock(sk); 1115 len = ipv6_getsockopt_sticky(sk, np->opt, 1116 optname, optval, len); 1117 release_sock(sk); 1118 /* check if ipv6_getsockopt_sticky() returns err code */ 1119 if (len < 0) 1120 return len; 1121 return put_user(len, optlen); 1122 } 1123 1124 case IPV6_RECVHOPOPTS: 1125 val = np->rxopt.bits.hopopts; 1126 break; 1127 1128 case IPV6_2292HOPOPTS: 1129 val = np->rxopt.bits.ohopopts; 1130 break; 1131 1132 case IPV6_RECVDSTOPTS: 1133 val = np->rxopt.bits.dstopts; 1134 break; 1135 1136 case IPV6_2292DSTOPTS: 1137 val = np->rxopt.bits.odstopts; 1138 break; 1139 1140 case IPV6_TCLASS: 1141 val = np->tclass; 1142 break; 1143 1144 case IPV6_RECVTCLASS: 1145 val = np->rxopt.bits.rxtclass; 1146 break; 1147 1148 case IPV6_FLOWINFO: 1149 val = np->rxopt.bits.rxflow; 1150 break; 1151 1152 case IPV6_RECVPATHMTU: 1153 val = np->rxopt.bits.rxpmtu; 1154 break; 1155 1156 case IPV6_PATHMTU: 1157 { 1158 struct dst_entry *dst; 1159 struct ip6_mtuinfo mtuinfo; 1160 1161 if (len < sizeof(mtuinfo)) 1162 return -EINVAL; 1163 1164 len = sizeof(mtuinfo); 1165 memset(&mtuinfo, 0, sizeof(mtuinfo)); 1166 1167 rcu_read_lock(); 1168 dst = __sk_dst_get(sk); 1169 if (dst) 1170 mtuinfo.ip6m_mtu = dst_mtu(dst); 1171 rcu_read_unlock(); 1172 if (!mtuinfo.ip6m_mtu) 1173 return -ENOTCONN; 1174 1175 if (put_user(len, optlen)) 1176 return -EFAULT; 1177 if (copy_to_user(optval, &mtuinfo, len)) 1178 return -EFAULT; 1179 1180 return 0; 1181 } 1182 1183 case IPV6_TRANSPARENT: 1184 val = inet_sk(sk)->transparent; 1185 break; 1186 1187 case IPV6_RECVORIGDSTADDR: 1188 val = np->rxopt.bits.rxorigdstaddr; 1189 break; 1190 1191 case IPV6_UNICAST_HOPS: 1192 case IPV6_MULTICAST_HOPS: 1193 { 1194 struct dst_entry *dst; 1195 1196 if (optname == IPV6_UNICAST_HOPS) 1197 val = np->hop_limit; 1198 else 1199 val = np->mcast_hops; 1200 1201 if (val < 0) { 1202 rcu_read_lock(); 1203 dst = __sk_dst_get(sk); 1204 if (dst) 1205 val = ip6_dst_hoplimit(dst); 1206 rcu_read_unlock(); 1207 } 1208 1209 if (val < 0) 1210 val = sock_net(sk)->ipv6.devconf_all->hop_limit; 1211 break; 1212 } 1213 1214 case IPV6_MULTICAST_LOOP: 1215 val = np->mc_loop; 1216 break; 1217 1218 case IPV6_MULTICAST_IF: 1219 val = np->mcast_oif; 1220 break; 1221 1222 case IPV6_UNICAST_IF: 1223 val = (__force int)htonl((__u32) np->ucast_oif); 1224 break; 1225 1226 case IPV6_MTU_DISCOVER: 1227 val = np->pmtudisc; 1228 break; 1229 1230 case IPV6_RECVERR: 1231 val = np->recverr; 1232 break; 1233 1234 case IPV6_FLOWINFO_SEND: 1235 val = np->sndflow; 1236 break; 1237 1238 case IPV6_FLOWLABEL_MGR: 1239 { 1240 struct in6_flowlabel_req freq; 1241 int flags; 1242 1243 if (len < sizeof(freq)) 1244 return -EINVAL; 1245 1246 if (copy_from_user(&freq, optval, sizeof(freq))) 1247 return -EFAULT; 1248 1249 if (freq.flr_action != IPV6_FL_A_GET) 1250 return -EINVAL; 1251 1252 len = sizeof(freq); 1253 flags = freq.flr_flags; 1254 1255 memset(&freq, 0, sizeof(freq)); 1256 1257 val = ipv6_flowlabel_opt_get(sk, &freq, flags); 1258 if (val < 0) 1259 return val; 1260 1261 if (put_user(len, optlen)) 1262 return -EFAULT; 1263 if (copy_to_user(optval, &freq, len)) 1264 return -EFAULT; 1265 1266 return 0; 1267 } 1268 1269 case IPV6_ADDR_PREFERENCES: 1270 val = 0; 1271 1272 if (np->srcprefs & IPV6_PREFER_SRC_TMP) 1273 val |= IPV6_PREFER_SRC_TMP; 1274 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC) 1275 val |= IPV6_PREFER_SRC_PUBLIC; 1276 else { 1277 /* XXX: should we return system default? */ 1278 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT; 1279 } 1280 1281 if (np->srcprefs & IPV6_PREFER_SRC_COA) 1282 val |= IPV6_PREFER_SRC_COA; 1283 else 1284 val |= IPV6_PREFER_SRC_HOME; 1285 break; 1286 1287 case IPV6_MINHOPCOUNT: 1288 val = np->min_hopcount; 1289 break; 1290 1291 case IPV6_DONTFRAG: 1292 val = np->dontfrag; 1293 break; 1294 1295 case IPV6_AUTOFLOWLABEL: 1296 val = np->autoflowlabel; 1297 break; 1298 1299 default: 1300 return -ENOPROTOOPT; 1301 } 1302 len = min_t(unsigned int, sizeof(int), len); 1303 if (put_user(len, optlen)) 1304 return -EFAULT; 1305 if (copy_to_user(optval, &val, len)) 1306 return -EFAULT; 1307 return 0; 1308 } 1309 1310 int ipv6_getsockopt(struct sock *sk, int level, int optname, 1311 char __user *optval, int __user *optlen) 1312 { 1313 int err; 1314 1315 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 1316 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1317 1318 if (level != SOL_IPV6) 1319 return -ENOPROTOOPT; 1320 1321 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0); 1322 #ifdef CONFIG_NETFILTER 1323 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1324 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1325 int len; 1326 1327 if (get_user(len, optlen)) 1328 return -EFAULT; 1329 1330 lock_sock(sk); 1331 err = nf_getsockopt(sk, PF_INET6, optname, optval, 1332 &len); 1333 release_sock(sk); 1334 if (err >= 0) 1335 err = put_user(len, optlen); 1336 } 1337 #endif 1338 return err; 1339 } 1340 EXPORT_SYMBOL(ipv6_getsockopt); 1341 1342 #ifdef CONFIG_COMPAT 1343 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, 1344 char __user *optval, int __user *optlen) 1345 { 1346 int err; 1347 1348 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 1349 if (udp_prot.compat_getsockopt != NULL) 1350 return udp_prot.compat_getsockopt(sk, level, optname, 1351 optval, optlen); 1352 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1353 } 1354 1355 if (level != SOL_IPV6) 1356 return -ENOPROTOOPT; 1357 1358 if (optname == MCAST_MSFILTER) 1359 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1360 ipv6_getsockopt); 1361 1362 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 1363 MSG_CMSG_COMPAT); 1364 #ifdef CONFIG_NETFILTER 1365 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1366 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1367 int len; 1368 1369 if (get_user(len, optlen)) 1370 return -EFAULT; 1371 1372 lock_sock(sk); 1373 err = compat_nf_getsockopt(sk, PF_INET6, 1374 optname, optval, &len); 1375 release_sock(sk); 1376 if (err >= 0) 1377 err = put_user(len, optlen); 1378 } 1379 #endif 1380 return err; 1381 } 1382 EXPORT_SYMBOL(compat_ipv6_getsockopt); 1383 #endif 1384 1385