1 /* 2 * IPv6 BSD socket options interface 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * FIXME: Make the setsockopt code POSIX compliant: That is 16 * 17 * o Truncate getsockopt returns 18 * o Return an optlen of the truncated length if need be 19 * 20 * Changes: 21 * David L Stevens <dlstevens@us.ibm.com>: 22 * - added multicast source filtering API for MLDv2 23 */ 24 25 #include <linux/module.h> 26 #include <linux/capability.h> 27 #include <linux/errno.h> 28 #include <linux/types.h> 29 #include <linux/socket.h> 30 #include <linux/sockios.h> 31 #include <linux/net.h> 32 #include <linux/in6.h> 33 #include <linux/mroute6.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/init.h> 37 #include <linux/sysctl.h> 38 #include <linux/netfilter.h> 39 #include <linux/slab.h> 40 41 #include <net/sock.h> 42 #include <net/snmp.h> 43 #include <net/ipv6.h> 44 #include <net/ndisc.h> 45 #include <net/protocol.h> 46 #include <net/transp_v6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/inet_common.h> 50 #include <net/tcp.h> 51 #include <net/udp.h> 52 #include <net/udplite.h> 53 #include <net/xfrm.h> 54 #include <net/compat.h> 55 56 #include <asm/uaccess.h> 57 58 struct ip6_ra_chain *ip6_ra_chain; 59 DEFINE_RWLOCK(ip6_ra_lock); 60 61 int ip6_ra_control(struct sock *sk, int sel) 62 { 63 struct ip6_ra_chain *ra, *new_ra, **rap; 64 65 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 66 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW) 67 return -ENOPROTOOPT; 68 69 new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 70 71 write_lock_bh(&ip6_ra_lock); 72 for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { 73 if (ra->sk == sk) { 74 if (sel >= 0) { 75 write_unlock_bh(&ip6_ra_lock); 76 kfree(new_ra); 77 return -EADDRINUSE; 78 } 79 80 *rap = ra->next; 81 write_unlock_bh(&ip6_ra_lock); 82 83 sock_put(sk); 84 kfree(ra); 85 return 0; 86 } 87 } 88 if (!new_ra) { 89 write_unlock_bh(&ip6_ra_lock); 90 return -ENOBUFS; 91 } 92 new_ra->sk = sk; 93 new_ra->sel = sel; 94 new_ra->next = ra; 95 *rap = new_ra; 96 sock_hold(sk); 97 write_unlock_bh(&ip6_ra_lock); 98 return 0; 99 } 100 101 static 102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk, 103 struct ipv6_txoptions *opt) 104 { 105 if (inet_sk(sk)->is_icsk) { 106 if (opt && 107 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && 108 inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) { 109 struct inet_connection_sock *icsk = inet_csk(sk); 110 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 111 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); 112 } 113 } 114 opt = xchg((__force struct ipv6_txoptions **)&inet6_sk(sk)->opt, 115 opt); 116 sk_dst_reset(sk); 117 118 return opt; 119 } 120 121 static bool setsockopt_needs_rtnl(int optname) 122 { 123 switch (optname) { 124 case IPV6_ADD_MEMBERSHIP: 125 case IPV6_DROP_MEMBERSHIP: 126 case IPV6_JOIN_ANYCAST: 127 case IPV6_LEAVE_ANYCAST: 128 case MCAST_JOIN_GROUP: 129 case MCAST_LEAVE_GROUP: 130 case MCAST_JOIN_SOURCE_GROUP: 131 case MCAST_LEAVE_SOURCE_GROUP: 132 case MCAST_BLOCK_SOURCE: 133 case MCAST_UNBLOCK_SOURCE: 134 case MCAST_MSFILTER: 135 return true; 136 } 137 return false; 138 } 139 140 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 141 char __user *optval, unsigned int optlen) 142 { 143 struct ipv6_pinfo *np = inet6_sk(sk); 144 struct net *net = sock_net(sk); 145 int val, valbool; 146 int retv = -ENOPROTOOPT; 147 bool needs_rtnl = setsockopt_needs_rtnl(optname); 148 149 if (!optval) 150 val = 0; 151 else { 152 if (optlen >= sizeof(int)) { 153 if (get_user(val, (int __user *) optval)) 154 return -EFAULT; 155 } else 156 val = 0; 157 } 158 159 valbool = (val != 0); 160 161 if (ip6_mroute_opt(optname)) 162 return ip6_mroute_setsockopt(sk, optname, optval, optlen); 163 164 if (needs_rtnl) 165 rtnl_lock(); 166 lock_sock(sk); 167 168 switch (optname) { 169 170 case IPV6_ADDRFORM: 171 if (optlen < sizeof(int)) 172 goto e_inval; 173 if (val == PF_INET) { 174 struct ipv6_txoptions *opt; 175 struct sk_buff *pktopt; 176 177 if (sk->sk_type == SOCK_RAW) 178 break; 179 180 if (sk->sk_protocol == IPPROTO_UDP || 181 sk->sk_protocol == IPPROTO_UDPLITE) { 182 struct udp_sock *up = udp_sk(sk); 183 if (up->pending == AF_INET6) { 184 retv = -EBUSY; 185 break; 186 } 187 } else if (sk->sk_protocol != IPPROTO_TCP) 188 break; 189 190 if (sk->sk_state != TCP_ESTABLISHED) { 191 retv = -ENOTCONN; 192 break; 193 } 194 195 if (ipv6_only_sock(sk) || 196 !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { 197 retv = -EADDRNOTAVAIL; 198 break; 199 } 200 201 fl6_free_socklist(sk); 202 ipv6_sock_mc_close(sk); 203 204 /* 205 * Sock is moving from IPv6 to IPv4 (sk_prot), so 206 * remove it from the refcnt debug socks count in the 207 * original family... 208 */ 209 sk_refcnt_debug_dec(sk); 210 211 if (sk->sk_protocol == IPPROTO_TCP) { 212 struct inet_connection_sock *icsk = inet_csk(sk); 213 local_bh_disable(); 214 sock_prot_inuse_add(net, sk->sk_prot, -1); 215 sock_prot_inuse_add(net, &tcp_prot, 1); 216 local_bh_enable(); 217 sk->sk_prot = &tcp_prot; 218 icsk->icsk_af_ops = &ipv4_specific; 219 sk->sk_socket->ops = &inet_stream_ops; 220 sk->sk_family = PF_INET; 221 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 222 } else { 223 struct proto *prot = &udp_prot; 224 225 if (sk->sk_protocol == IPPROTO_UDPLITE) 226 prot = &udplite_prot; 227 local_bh_disable(); 228 sock_prot_inuse_add(net, sk->sk_prot, -1); 229 sock_prot_inuse_add(net, prot, 1); 230 local_bh_enable(); 231 sk->sk_prot = prot; 232 sk->sk_socket->ops = &inet_dgram_ops; 233 sk->sk_family = PF_INET; 234 } 235 opt = xchg((__force struct ipv6_txoptions **)&np->opt, 236 NULL); 237 if (opt) { 238 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 239 txopt_put(opt); 240 } 241 pktopt = xchg(&np->pktoptions, NULL); 242 kfree_skb(pktopt); 243 244 sk->sk_destruct = inet_sock_destruct; 245 /* 246 * ... and add it to the refcnt debug socks count 247 * in the new family. -acme 248 */ 249 sk_refcnt_debug_inc(sk); 250 module_put(THIS_MODULE); 251 retv = 0; 252 break; 253 } 254 goto e_inval; 255 256 case IPV6_V6ONLY: 257 if (optlen < sizeof(int) || 258 inet_sk(sk)->inet_num) 259 goto e_inval; 260 sk->sk_ipv6only = valbool; 261 retv = 0; 262 break; 263 264 case IPV6_RECVPKTINFO: 265 if (optlen < sizeof(int)) 266 goto e_inval; 267 np->rxopt.bits.rxinfo = valbool; 268 retv = 0; 269 break; 270 271 case IPV6_2292PKTINFO: 272 if (optlen < sizeof(int)) 273 goto e_inval; 274 np->rxopt.bits.rxoinfo = valbool; 275 retv = 0; 276 break; 277 278 case IPV6_RECVHOPLIMIT: 279 if (optlen < sizeof(int)) 280 goto e_inval; 281 np->rxopt.bits.rxhlim = valbool; 282 retv = 0; 283 break; 284 285 case IPV6_2292HOPLIMIT: 286 if (optlen < sizeof(int)) 287 goto e_inval; 288 np->rxopt.bits.rxohlim = valbool; 289 retv = 0; 290 break; 291 292 case IPV6_RECVRTHDR: 293 if (optlen < sizeof(int)) 294 goto e_inval; 295 np->rxopt.bits.srcrt = valbool; 296 retv = 0; 297 break; 298 299 case IPV6_2292RTHDR: 300 if (optlen < sizeof(int)) 301 goto e_inval; 302 np->rxopt.bits.osrcrt = valbool; 303 retv = 0; 304 break; 305 306 case IPV6_RECVHOPOPTS: 307 if (optlen < sizeof(int)) 308 goto e_inval; 309 np->rxopt.bits.hopopts = valbool; 310 retv = 0; 311 break; 312 313 case IPV6_2292HOPOPTS: 314 if (optlen < sizeof(int)) 315 goto e_inval; 316 np->rxopt.bits.ohopopts = valbool; 317 retv = 0; 318 break; 319 320 case IPV6_RECVDSTOPTS: 321 if (optlen < sizeof(int)) 322 goto e_inval; 323 np->rxopt.bits.dstopts = valbool; 324 retv = 0; 325 break; 326 327 case IPV6_2292DSTOPTS: 328 if (optlen < sizeof(int)) 329 goto e_inval; 330 np->rxopt.bits.odstopts = valbool; 331 retv = 0; 332 break; 333 334 case IPV6_TCLASS: 335 if (optlen < sizeof(int)) 336 goto e_inval; 337 if (val < -1 || val > 0xff) 338 goto e_inval; 339 /* RFC 3542, 6.5: default traffic class of 0x0 */ 340 if (val == -1) 341 val = 0; 342 np->tclass = val; 343 retv = 0; 344 break; 345 346 case IPV6_RECVTCLASS: 347 if (optlen < sizeof(int)) 348 goto e_inval; 349 np->rxopt.bits.rxtclass = valbool; 350 retv = 0; 351 break; 352 353 case IPV6_FLOWINFO: 354 if (optlen < sizeof(int)) 355 goto e_inval; 356 np->rxopt.bits.rxflow = valbool; 357 retv = 0; 358 break; 359 360 case IPV6_RECVPATHMTU: 361 if (optlen < sizeof(int)) 362 goto e_inval; 363 np->rxopt.bits.rxpmtu = valbool; 364 retv = 0; 365 break; 366 367 case IPV6_TRANSPARENT: 368 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && 369 !ns_capable(net->user_ns, CAP_NET_RAW)) { 370 retv = -EPERM; 371 break; 372 } 373 if (optlen < sizeof(int)) 374 goto e_inval; 375 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ 376 inet_sk(sk)->transparent = valbool; 377 retv = 0; 378 break; 379 380 case IPV6_RECVORIGDSTADDR: 381 if (optlen < sizeof(int)) 382 goto e_inval; 383 np->rxopt.bits.rxorigdstaddr = valbool; 384 retv = 0; 385 break; 386 387 case IPV6_HOPOPTS: 388 case IPV6_RTHDRDSTOPTS: 389 case IPV6_RTHDR: 390 case IPV6_DSTOPTS: 391 { 392 struct ipv6_txoptions *opt; 393 394 /* remove any sticky options header with a zero option 395 * length, per RFC3542. 396 */ 397 if (optlen == 0) 398 optval = NULL; 399 else if (!optval) 400 goto e_inval; 401 else if (optlen < sizeof(struct ipv6_opt_hdr) || 402 optlen & 0x7 || optlen > 8 * 255) 403 goto e_inval; 404 405 /* hop-by-hop / destination options are privileged option */ 406 retv = -EPERM; 407 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) 408 break; 409 410 opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk)); 411 opt = ipv6_renew_options(sk, opt, optname, 412 (struct ipv6_opt_hdr __user *)optval, 413 optlen); 414 if (IS_ERR(opt)) { 415 retv = PTR_ERR(opt); 416 break; 417 } 418 419 /* routing header option needs extra check */ 420 retv = -EINVAL; 421 if (optname == IPV6_RTHDR && opt && opt->srcrt) { 422 struct ipv6_rt_hdr *rthdr = opt->srcrt; 423 switch (rthdr->type) { 424 #if IS_ENABLED(CONFIG_IPV6_MIP6) 425 case IPV6_SRCRT_TYPE_2: 426 if (rthdr->hdrlen != 2 || 427 rthdr->segments_left != 1) 428 goto sticky_done; 429 430 break; 431 #endif 432 default: 433 goto sticky_done; 434 } 435 } 436 437 retv = 0; 438 opt = ipv6_update_options(sk, opt); 439 sticky_done: 440 if (opt) { 441 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 442 txopt_put(opt); 443 } 444 break; 445 } 446 447 case IPV6_PKTINFO: 448 { 449 struct in6_pktinfo pkt; 450 451 if (optlen == 0) 452 goto e_inval; 453 else if (optlen < sizeof(struct in6_pktinfo) || !optval) 454 goto e_inval; 455 456 if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { 457 retv = -EFAULT; 458 break; 459 } 460 if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) 461 goto e_inval; 462 463 np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; 464 np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; 465 retv = 0; 466 break; 467 } 468 469 case IPV6_2292PKTOPTIONS: 470 { 471 struct ipv6_txoptions *opt = NULL; 472 struct msghdr msg; 473 struct flowi6 fl6; 474 int junk; 475 476 memset(&fl6, 0, sizeof(fl6)); 477 fl6.flowi6_oif = sk->sk_bound_dev_if; 478 fl6.flowi6_mark = sk->sk_mark; 479 480 if (optlen == 0) 481 goto update; 482 483 /* 1K is probably excessive 484 * 1K is surely not enough, 2K per standard header is 16K. 485 */ 486 retv = -EINVAL; 487 if (optlen > 64*1024) 488 break; 489 490 opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); 491 retv = -ENOBUFS; 492 if (!opt) 493 break; 494 495 memset(opt, 0, sizeof(*opt)); 496 atomic_set(&opt->refcnt, 1); 497 opt->tot_len = sizeof(*opt) + optlen; 498 retv = -EFAULT; 499 if (copy_from_user(opt+1, optval, optlen)) 500 goto done; 501 502 msg.msg_controllen = optlen; 503 msg.msg_control = (void *)(opt+1); 504 505 retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, 506 &junk, &junk); 507 if (retv) 508 goto done; 509 update: 510 retv = 0; 511 opt = ipv6_update_options(sk, opt); 512 done: 513 if (opt) { 514 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 515 txopt_put(opt); 516 } 517 break; 518 } 519 case IPV6_UNICAST_HOPS: 520 if (optlen < sizeof(int)) 521 goto e_inval; 522 if (val > 255 || val < -1) 523 goto e_inval; 524 np->hop_limit = val; 525 retv = 0; 526 break; 527 528 case IPV6_MULTICAST_HOPS: 529 if (sk->sk_type == SOCK_STREAM) 530 break; 531 if (optlen < sizeof(int)) 532 goto e_inval; 533 if (val > 255 || val < -1) 534 goto e_inval; 535 np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); 536 retv = 0; 537 break; 538 539 case IPV6_MULTICAST_LOOP: 540 if (optlen < sizeof(int)) 541 goto e_inval; 542 if (val != valbool) 543 goto e_inval; 544 np->mc_loop = valbool; 545 retv = 0; 546 break; 547 548 case IPV6_UNICAST_IF: 549 { 550 struct net_device *dev = NULL; 551 int ifindex; 552 553 if (optlen != sizeof(int)) 554 goto e_inval; 555 556 ifindex = (__force int)ntohl((__force __be32)val); 557 if (ifindex == 0) { 558 np->ucast_oif = 0; 559 retv = 0; 560 break; 561 } 562 563 dev = dev_get_by_index(net, ifindex); 564 retv = -EADDRNOTAVAIL; 565 if (!dev) 566 break; 567 dev_put(dev); 568 569 retv = -EINVAL; 570 if (sk->sk_bound_dev_if) 571 break; 572 573 np->ucast_oif = ifindex; 574 retv = 0; 575 break; 576 } 577 578 case IPV6_MULTICAST_IF: 579 if (sk->sk_type == SOCK_STREAM) 580 break; 581 if (optlen < sizeof(int)) 582 goto e_inval; 583 584 if (val) { 585 struct net_device *dev; 586 587 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val) 588 goto e_inval; 589 590 dev = dev_get_by_index(net, val); 591 if (!dev) { 592 retv = -ENODEV; 593 break; 594 } 595 dev_put(dev); 596 } 597 np->mcast_oif = val; 598 retv = 0; 599 break; 600 case IPV6_ADD_MEMBERSHIP: 601 case IPV6_DROP_MEMBERSHIP: 602 { 603 struct ipv6_mreq mreq; 604 605 if (optlen < sizeof(struct ipv6_mreq)) 606 goto e_inval; 607 608 retv = -EPROTO; 609 if (inet_sk(sk)->is_icsk) 610 break; 611 612 retv = -EFAULT; 613 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 614 break; 615 616 if (optname == IPV6_ADD_MEMBERSHIP) 617 retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 618 else 619 retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 620 break; 621 } 622 case IPV6_JOIN_ANYCAST: 623 case IPV6_LEAVE_ANYCAST: 624 { 625 struct ipv6_mreq mreq; 626 627 if (optlen < sizeof(struct ipv6_mreq)) 628 goto e_inval; 629 630 retv = -EFAULT; 631 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 632 break; 633 634 if (optname == IPV6_JOIN_ANYCAST) 635 retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 636 else 637 retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 638 break; 639 } 640 case MCAST_JOIN_GROUP: 641 case MCAST_LEAVE_GROUP: 642 { 643 struct group_req greq; 644 struct sockaddr_in6 *psin6; 645 646 if (optlen < sizeof(struct group_req)) 647 goto e_inval; 648 649 retv = -EFAULT; 650 if (copy_from_user(&greq, optval, sizeof(struct group_req))) 651 break; 652 if (greq.gr_group.ss_family != AF_INET6) { 653 retv = -EADDRNOTAVAIL; 654 break; 655 } 656 psin6 = (struct sockaddr_in6 *)&greq.gr_group; 657 if (optname == MCAST_JOIN_GROUP) 658 retv = ipv6_sock_mc_join(sk, greq.gr_interface, 659 &psin6->sin6_addr); 660 else 661 retv = ipv6_sock_mc_drop(sk, greq.gr_interface, 662 &psin6->sin6_addr); 663 break; 664 } 665 case MCAST_JOIN_SOURCE_GROUP: 666 case MCAST_LEAVE_SOURCE_GROUP: 667 case MCAST_BLOCK_SOURCE: 668 case MCAST_UNBLOCK_SOURCE: 669 { 670 struct group_source_req greqs; 671 int omode, add; 672 673 if (optlen < sizeof(struct group_source_req)) 674 goto e_inval; 675 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 676 retv = -EFAULT; 677 break; 678 } 679 if (greqs.gsr_group.ss_family != AF_INET6 || 680 greqs.gsr_source.ss_family != AF_INET6) { 681 retv = -EADDRNOTAVAIL; 682 break; 683 } 684 if (optname == MCAST_BLOCK_SOURCE) { 685 omode = MCAST_EXCLUDE; 686 add = 1; 687 } else if (optname == MCAST_UNBLOCK_SOURCE) { 688 omode = MCAST_EXCLUDE; 689 add = 0; 690 } else if (optname == MCAST_JOIN_SOURCE_GROUP) { 691 struct sockaddr_in6 *psin6; 692 693 psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; 694 retv = ipv6_sock_mc_join(sk, greqs.gsr_interface, 695 &psin6->sin6_addr); 696 /* prior join w/ different source is ok */ 697 if (retv && retv != -EADDRINUSE) 698 break; 699 omode = MCAST_INCLUDE; 700 add = 1; 701 } else /* MCAST_LEAVE_SOURCE_GROUP */ { 702 omode = MCAST_INCLUDE; 703 add = 0; 704 } 705 retv = ip6_mc_source(add, omode, sk, &greqs); 706 break; 707 } 708 case MCAST_MSFILTER: 709 { 710 struct group_filter *gsf; 711 712 if (optlen < GROUP_FILTER_SIZE(0)) 713 goto e_inval; 714 if (optlen > sysctl_optmem_max) { 715 retv = -ENOBUFS; 716 break; 717 } 718 gsf = kmalloc(optlen, GFP_KERNEL); 719 if (!gsf) { 720 retv = -ENOBUFS; 721 break; 722 } 723 retv = -EFAULT; 724 if (copy_from_user(gsf, optval, optlen)) { 725 kfree(gsf); 726 break; 727 } 728 /* numsrc >= (4G-140)/128 overflow in 32 bits */ 729 if (gsf->gf_numsrc >= 0x1ffffffU || 730 gsf->gf_numsrc > sysctl_mld_max_msf) { 731 kfree(gsf); 732 retv = -ENOBUFS; 733 break; 734 } 735 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { 736 kfree(gsf); 737 retv = -EINVAL; 738 break; 739 } 740 retv = ip6_mc_msfilter(sk, gsf); 741 kfree(gsf); 742 743 break; 744 } 745 case IPV6_ROUTER_ALERT: 746 if (optlen < sizeof(int)) 747 goto e_inval; 748 retv = ip6_ra_control(sk, val); 749 break; 750 case IPV6_MTU_DISCOVER: 751 if (optlen < sizeof(int)) 752 goto e_inval; 753 if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) 754 goto e_inval; 755 np->pmtudisc = val; 756 retv = 0; 757 break; 758 case IPV6_MTU: 759 if (optlen < sizeof(int)) 760 goto e_inval; 761 if (val && val < IPV6_MIN_MTU) 762 goto e_inval; 763 np->frag_size = val; 764 retv = 0; 765 break; 766 case IPV6_RECVERR: 767 if (optlen < sizeof(int)) 768 goto e_inval; 769 np->recverr = valbool; 770 if (!val) 771 skb_queue_purge(&sk->sk_error_queue); 772 retv = 0; 773 break; 774 case IPV6_FLOWINFO_SEND: 775 if (optlen < sizeof(int)) 776 goto e_inval; 777 np->sndflow = valbool; 778 retv = 0; 779 break; 780 case IPV6_FLOWLABEL_MGR: 781 retv = ipv6_flowlabel_opt(sk, optval, optlen); 782 break; 783 case IPV6_IPSEC_POLICY: 784 case IPV6_XFRM_POLICY: 785 retv = -EPERM; 786 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 787 break; 788 retv = xfrm_user_policy(sk, optname, optval, optlen); 789 break; 790 791 case IPV6_ADDR_PREFERENCES: 792 { 793 unsigned int pref = 0; 794 unsigned int prefmask = ~0; 795 796 if (optlen < sizeof(int)) 797 goto e_inval; 798 799 retv = -EINVAL; 800 801 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */ 802 switch (val & (IPV6_PREFER_SRC_PUBLIC| 803 IPV6_PREFER_SRC_TMP| 804 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { 805 case IPV6_PREFER_SRC_PUBLIC: 806 pref |= IPV6_PREFER_SRC_PUBLIC; 807 break; 808 case IPV6_PREFER_SRC_TMP: 809 pref |= IPV6_PREFER_SRC_TMP; 810 break; 811 case IPV6_PREFER_SRC_PUBTMP_DEFAULT: 812 break; 813 case 0: 814 goto pref_skip_pubtmp; 815 default: 816 goto e_inval; 817 } 818 819 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| 820 IPV6_PREFER_SRC_TMP); 821 pref_skip_pubtmp: 822 823 /* check HOME/COA conflicts */ 824 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { 825 case IPV6_PREFER_SRC_HOME: 826 break; 827 case IPV6_PREFER_SRC_COA: 828 pref |= IPV6_PREFER_SRC_COA; 829 case 0: 830 goto pref_skip_coa; 831 default: 832 goto e_inval; 833 } 834 835 prefmask &= ~IPV6_PREFER_SRC_COA; 836 pref_skip_coa: 837 838 /* check CGA/NONCGA conflicts */ 839 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { 840 case IPV6_PREFER_SRC_CGA: 841 case IPV6_PREFER_SRC_NONCGA: 842 case 0: 843 break; 844 default: 845 goto e_inval; 846 } 847 848 np->srcprefs = (np->srcprefs & prefmask) | pref; 849 retv = 0; 850 851 break; 852 } 853 case IPV6_MINHOPCOUNT: 854 if (optlen < sizeof(int)) 855 goto e_inval; 856 if (val < 0 || val > 255) 857 goto e_inval; 858 np->min_hopcount = val; 859 retv = 0; 860 break; 861 case IPV6_DONTFRAG: 862 np->dontfrag = valbool; 863 retv = 0; 864 break; 865 case IPV6_AUTOFLOWLABEL: 866 np->autoflowlabel = valbool; 867 retv = 0; 868 break; 869 } 870 871 release_sock(sk); 872 if (needs_rtnl) 873 rtnl_unlock(); 874 875 return retv; 876 877 e_inval: 878 release_sock(sk); 879 if (needs_rtnl) 880 rtnl_unlock(); 881 return -EINVAL; 882 } 883 884 int ipv6_setsockopt(struct sock *sk, int level, int optname, 885 char __user *optval, unsigned int optlen) 886 { 887 int err; 888 889 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 890 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 891 892 if (level != SOL_IPV6) 893 return -ENOPROTOOPT; 894 895 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 896 #ifdef CONFIG_NETFILTER 897 /* we need to exclude all possible ENOPROTOOPTs except default case */ 898 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 899 optname != IPV6_XFRM_POLICY) { 900 lock_sock(sk); 901 err = nf_setsockopt(sk, PF_INET6, optname, optval, 902 optlen); 903 release_sock(sk); 904 } 905 #endif 906 return err; 907 } 908 EXPORT_SYMBOL(ipv6_setsockopt); 909 910 #ifdef CONFIG_COMPAT 911 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, 912 char __user *optval, unsigned int optlen) 913 { 914 int err; 915 916 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 917 if (udp_prot.compat_setsockopt != NULL) 918 return udp_prot.compat_setsockopt(sk, level, optname, 919 optval, optlen); 920 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 921 } 922 923 if (level != SOL_IPV6) 924 return -ENOPROTOOPT; 925 926 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER) 927 return compat_mc_setsockopt(sk, level, optname, optval, optlen, 928 ipv6_setsockopt); 929 930 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 931 #ifdef CONFIG_NETFILTER 932 /* we need to exclude all possible ENOPROTOOPTs except default case */ 933 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 934 optname != IPV6_XFRM_POLICY) { 935 lock_sock(sk); 936 err = compat_nf_setsockopt(sk, PF_INET6, optname, 937 optval, optlen); 938 release_sock(sk); 939 } 940 #endif 941 return err; 942 } 943 EXPORT_SYMBOL(compat_ipv6_setsockopt); 944 #endif 945 946 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 947 int optname, char __user *optval, int len) 948 { 949 struct ipv6_opt_hdr *hdr; 950 951 if (!opt) 952 return 0; 953 954 switch (optname) { 955 case IPV6_HOPOPTS: 956 hdr = opt->hopopt; 957 break; 958 case IPV6_RTHDRDSTOPTS: 959 hdr = opt->dst0opt; 960 break; 961 case IPV6_RTHDR: 962 hdr = (struct ipv6_opt_hdr *)opt->srcrt; 963 break; 964 case IPV6_DSTOPTS: 965 hdr = opt->dst1opt; 966 break; 967 default: 968 return -EINVAL; /* should not happen */ 969 } 970 971 if (!hdr) 972 return 0; 973 974 len = min_t(unsigned int, len, ipv6_optlen(hdr)); 975 if (copy_to_user(optval, hdr, len)) 976 return -EFAULT; 977 return len; 978 } 979 980 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 981 char __user *optval, int __user *optlen, unsigned int flags) 982 { 983 struct ipv6_pinfo *np = inet6_sk(sk); 984 int len; 985 int val; 986 987 if (ip6_mroute_opt(optname)) 988 return ip6_mroute_getsockopt(sk, optname, optval, optlen); 989 990 if (get_user(len, optlen)) 991 return -EFAULT; 992 switch (optname) { 993 case IPV6_ADDRFORM: 994 if (sk->sk_protocol != IPPROTO_UDP && 995 sk->sk_protocol != IPPROTO_UDPLITE && 996 sk->sk_protocol != IPPROTO_TCP) 997 return -ENOPROTOOPT; 998 if (sk->sk_state != TCP_ESTABLISHED) 999 return -ENOTCONN; 1000 val = sk->sk_family; 1001 break; 1002 case MCAST_MSFILTER: 1003 { 1004 struct group_filter gsf; 1005 int err; 1006 1007 if (len < GROUP_FILTER_SIZE(0)) 1008 return -EINVAL; 1009 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 1010 return -EFAULT; 1011 if (gsf.gf_group.ss_family != AF_INET6) 1012 return -EADDRNOTAVAIL; 1013 lock_sock(sk); 1014 err = ip6_mc_msfget(sk, &gsf, 1015 (struct group_filter __user *)optval, optlen); 1016 release_sock(sk); 1017 return err; 1018 } 1019 1020 case IPV6_2292PKTOPTIONS: 1021 { 1022 struct msghdr msg; 1023 struct sk_buff *skb; 1024 1025 if (sk->sk_type != SOCK_STREAM) 1026 return -ENOPROTOOPT; 1027 1028 msg.msg_control = optval; 1029 msg.msg_controllen = len; 1030 msg.msg_flags = flags; 1031 1032 lock_sock(sk); 1033 skb = np->pktoptions; 1034 if (skb) 1035 ip6_datagram_recv_ctl(sk, &msg, skb); 1036 release_sock(sk); 1037 if (!skb) { 1038 if (np->rxopt.bits.rxinfo) { 1039 struct in6_pktinfo src_info; 1040 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1041 np->sticky_pktinfo.ipi6_ifindex; 1042 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; 1043 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); 1044 } 1045 if (np->rxopt.bits.rxhlim) { 1046 int hlim = np->mcast_hops; 1047 put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 1048 } 1049 if (np->rxopt.bits.rxtclass) { 1050 int tclass = (int)ip6_tclass(np->rcv_flowinfo); 1051 1052 put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 1053 } 1054 if (np->rxopt.bits.rxoinfo) { 1055 struct in6_pktinfo src_info; 1056 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1057 np->sticky_pktinfo.ipi6_ifindex; 1058 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : 1059 np->sticky_pktinfo.ipi6_addr; 1060 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 1061 } 1062 if (np->rxopt.bits.rxohlim) { 1063 int hlim = np->mcast_hops; 1064 put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 1065 } 1066 if (np->rxopt.bits.rxflow) { 1067 __be32 flowinfo = np->rcv_flowinfo; 1068 1069 put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 1070 } 1071 } 1072 len -= msg.msg_controllen; 1073 return put_user(len, optlen); 1074 } 1075 case IPV6_MTU: 1076 { 1077 struct dst_entry *dst; 1078 1079 val = 0; 1080 rcu_read_lock(); 1081 dst = __sk_dst_get(sk); 1082 if (dst) 1083 val = dst_mtu(dst); 1084 rcu_read_unlock(); 1085 if (!val) 1086 return -ENOTCONN; 1087 break; 1088 } 1089 1090 case IPV6_V6ONLY: 1091 val = sk->sk_ipv6only; 1092 break; 1093 1094 case IPV6_RECVPKTINFO: 1095 val = np->rxopt.bits.rxinfo; 1096 break; 1097 1098 case IPV6_2292PKTINFO: 1099 val = np->rxopt.bits.rxoinfo; 1100 break; 1101 1102 case IPV6_RECVHOPLIMIT: 1103 val = np->rxopt.bits.rxhlim; 1104 break; 1105 1106 case IPV6_2292HOPLIMIT: 1107 val = np->rxopt.bits.rxohlim; 1108 break; 1109 1110 case IPV6_RECVRTHDR: 1111 val = np->rxopt.bits.srcrt; 1112 break; 1113 1114 case IPV6_2292RTHDR: 1115 val = np->rxopt.bits.osrcrt; 1116 break; 1117 1118 case IPV6_HOPOPTS: 1119 case IPV6_RTHDRDSTOPTS: 1120 case IPV6_RTHDR: 1121 case IPV6_DSTOPTS: 1122 { 1123 struct ipv6_txoptions *opt; 1124 1125 lock_sock(sk); 1126 opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk)); 1127 len = ipv6_getsockopt_sticky(sk, opt, optname, optval, len); 1128 release_sock(sk); 1129 /* check if ipv6_getsockopt_sticky() returns err code */ 1130 if (len < 0) 1131 return len; 1132 return put_user(len, optlen); 1133 } 1134 1135 case IPV6_RECVHOPOPTS: 1136 val = np->rxopt.bits.hopopts; 1137 break; 1138 1139 case IPV6_2292HOPOPTS: 1140 val = np->rxopt.bits.ohopopts; 1141 break; 1142 1143 case IPV6_RECVDSTOPTS: 1144 val = np->rxopt.bits.dstopts; 1145 break; 1146 1147 case IPV6_2292DSTOPTS: 1148 val = np->rxopt.bits.odstopts; 1149 break; 1150 1151 case IPV6_TCLASS: 1152 val = np->tclass; 1153 break; 1154 1155 case IPV6_RECVTCLASS: 1156 val = np->rxopt.bits.rxtclass; 1157 break; 1158 1159 case IPV6_FLOWINFO: 1160 val = np->rxopt.bits.rxflow; 1161 break; 1162 1163 case IPV6_RECVPATHMTU: 1164 val = np->rxopt.bits.rxpmtu; 1165 break; 1166 1167 case IPV6_PATHMTU: 1168 { 1169 struct dst_entry *dst; 1170 struct ip6_mtuinfo mtuinfo; 1171 1172 if (len < sizeof(mtuinfo)) 1173 return -EINVAL; 1174 1175 len = sizeof(mtuinfo); 1176 memset(&mtuinfo, 0, sizeof(mtuinfo)); 1177 1178 rcu_read_lock(); 1179 dst = __sk_dst_get(sk); 1180 if (dst) 1181 mtuinfo.ip6m_mtu = dst_mtu(dst); 1182 rcu_read_unlock(); 1183 if (!mtuinfo.ip6m_mtu) 1184 return -ENOTCONN; 1185 1186 if (put_user(len, optlen)) 1187 return -EFAULT; 1188 if (copy_to_user(optval, &mtuinfo, len)) 1189 return -EFAULT; 1190 1191 return 0; 1192 } 1193 1194 case IPV6_TRANSPARENT: 1195 val = inet_sk(sk)->transparent; 1196 break; 1197 1198 case IPV6_RECVORIGDSTADDR: 1199 val = np->rxopt.bits.rxorigdstaddr; 1200 break; 1201 1202 case IPV6_UNICAST_HOPS: 1203 case IPV6_MULTICAST_HOPS: 1204 { 1205 struct dst_entry *dst; 1206 1207 if (optname == IPV6_UNICAST_HOPS) 1208 val = np->hop_limit; 1209 else 1210 val = np->mcast_hops; 1211 1212 if (val < 0) { 1213 rcu_read_lock(); 1214 dst = __sk_dst_get(sk); 1215 if (dst) 1216 val = ip6_dst_hoplimit(dst); 1217 rcu_read_unlock(); 1218 } 1219 1220 if (val < 0) 1221 val = sock_net(sk)->ipv6.devconf_all->hop_limit; 1222 break; 1223 } 1224 1225 case IPV6_MULTICAST_LOOP: 1226 val = np->mc_loop; 1227 break; 1228 1229 case IPV6_MULTICAST_IF: 1230 val = np->mcast_oif; 1231 break; 1232 1233 case IPV6_UNICAST_IF: 1234 val = (__force int)htonl((__u32) np->ucast_oif); 1235 break; 1236 1237 case IPV6_MTU_DISCOVER: 1238 val = np->pmtudisc; 1239 break; 1240 1241 case IPV6_RECVERR: 1242 val = np->recverr; 1243 break; 1244 1245 case IPV6_FLOWINFO_SEND: 1246 val = np->sndflow; 1247 break; 1248 1249 case IPV6_FLOWLABEL_MGR: 1250 { 1251 struct in6_flowlabel_req freq; 1252 int flags; 1253 1254 if (len < sizeof(freq)) 1255 return -EINVAL; 1256 1257 if (copy_from_user(&freq, optval, sizeof(freq))) 1258 return -EFAULT; 1259 1260 if (freq.flr_action != IPV6_FL_A_GET) 1261 return -EINVAL; 1262 1263 len = sizeof(freq); 1264 flags = freq.flr_flags; 1265 1266 memset(&freq, 0, sizeof(freq)); 1267 1268 val = ipv6_flowlabel_opt_get(sk, &freq, flags); 1269 if (val < 0) 1270 return val; 1271 1272 if (put_user(len, optlen)) 1273 return -EFAULT; 1274 if (copy_to_user(optval, &freq, len)) 1275 return -EFAULT; 1276 1277 return 0; 1278 } 1279 1280 case IPV6_ADDR_PREFERENCES: 1281 val = 0; 1282 1283 if (np->srcprefs & IPV6_PREFER_SRC_TMP) 1284 val |= IPV6_PREFER_SRC_TMP; 1285 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC) 1286 val |= IPV6_PREFER_SRC_PUBLIC; 1287 else { 1288 /* XXX: should we return system default? */ 1289 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT; 1290 } 1291 1292 if (np->srcprefs & IPV6_PREFER_SRC_COA) 1293 val |= IPV6_PREFER_SRC_COA; 1294 else 1295 val |= IPV6_PREFER_SRC_HOME; 1296 break; 1297 1298 case IPV6_MINHOPCOUNT: 1299 val = np->min_hopcount; 1300 break; 1301 1302 case IPV6_DONTFRAG: 1303 val = np->dontfrag; 1304 break; 1305 1306 case IPV6_AUTOFLOWLABEL: 1307 val = np->autoflowlabel; 1308 break; 1309 1310 default: 1311 return -ENOPROTOOPT; 1312 } 1313 len = min_t(unsigned int, sizeof(int), len); 1314 if (put_user(len, optlen)) 1315 return -EFAULT; 1316 if (copy_to_user(optval, &val, len)) 1317 return -EFAULT; 1318 return 0; 1319 } 1320 1321 int ipv6_getsockopt(struct sock *sk, int level, int optname, 1322 char __user *optval, int __user *optlen) 1323 { 1324 int err; 1325 1326 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 1327 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1328 1329 if (level != SOL_IPV6) 1330 return -ENOPROTOOPT; 1331 1332 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0); 1333 #ifdef CONFIG_NETFILTER 1334 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1335 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1336 int len; 1337 1338 if (get_user(len, optlen)) 1339 return -EFAULT; 1340 1341 lock_sock(sk); 1342 err = nf_getsockopt(sk, PF_INET6, optname, optval, 1343 &len); 1344 release_sock(sk); 1345 if (err >= 0) 1346 err = put_user(len, optlen); 1347 } 1348 #endif 1349 return err; 1350 } 1351 EXPORT_SYMBOL(ipv6_getsockopt); 1352 1353 #ifdef CONFIG_COMPAT 1354 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, 1355 char __user *optval, int __user *optlen) 1356 { 1357 int err; 1358 1359 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 1360 if (udp_prot.compat_getsockopt != NULL) 1361 return udp_prot.compat_getsockopt(sk, level, optname, 1362 optval, optlen); 1363 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1364 } 1365 1366 if (level != SOL_IPV6) 1367 return -ENOPROTOOPT; 1368 1369 if (optname == MCAST_MSFILTER) 1370 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1371 ipv6_getsockopt); 1372 1373 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 1374 MSG_CMSG_COMPAT); 1375 #ifdef CONFIG_NETFILTER 1376 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1377 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1378 int len; 1379 1380 if (get_user(len, optlen)) 1381 return -EFAULT; 1382 1383 lock_sock(sk); 1384 err = compat_nf_getsockopt(sk, PF_INET6, 1385 optname, optval, &len); 1386 release_sock(sk); 1387 if (err >= 0) 1388 err = put_user(len, optlen); 1389 } 1390 #endif 1391 return err; 1392 } 1393 EXPORT_SYMBOL(compat_ipv6_getsockopt); 1394 #endif 1395 1396