1 /* 2 * IPv6 BSD socket options interface 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * FIXME: Make the setsockopt code POSIX compliant: That is 16 * 17 * o Truncate getsockopt returns 18 * o Return an optlen of the truncated length if need be 19 * 20 * Changes: 21 * David L Stevens <dlstevens@us.ibm.com>: 22 * - added multicast source filtering API for MLDv2 23 */ 24 25 #include <linux/module.h> 26 #include <linux/capability.h> 27 #include <linux/errno.h> 28 #include <linux/types.h> 29 #include <linux/socket.h> 30 #include <linux/sockios.h> 31 #include <linux/net.h> 32 #include <linux/in6.h> 33 #include <linux/mroute6.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/init.h> 37 #include <linux/sysctl.h> 38 #include <linux/netfilter.h> 39 #include <linux/slab.h> 40 41 #include <net/sock.h> 42 #include <net/snmp.h> 43 #include <net/ipv6.h> 44 #include <net/ndisc.h> 45 #include <net/protocol.h> 46 #include <net/transp_v6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/inet_common.h> 50 #include <net/tcp.h> 51 #include <net/udp.h> 52 #include <net/udplite.h> 53 #include <net/xfrm.h> 54 #include <net/compat.h> 55 56 #include <asm/uaccess.h> 57 58 struct ip6_ra_chain *ip6_ra_chain; 59 DEFINE_RWLOCK(ip6_ra_lock); 60 61 int ip6_ra_control(struct sock *sk, int sel) 62 { 63 struct ip6_ra_chain *ra, *new_ra, **rap; 64 65 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 66 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW) 67 return -ENOPROTOOPT; 68 69 new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 70 71 write_lock_bh(&ip6_ra_lock); 72 for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { 73 if (ra->sk == sk) { 74 if (sel >= 0) { 75 write_unlock_bh(&ip6_ra_lock); 76 kfree(new_ra); 77 return -EADDRINUSE; 78 } 79 80 *rap = ra->next; 81 write_unlock_bh(&ip6_ra_lock); 82 83 sock_put(sk); 84 kfree(ra); 85 return 0; 86 } 87 } 88 if (new_ra == NULL) { 89 write_unlock_bh(&ip6_ra_lock); 90 return -ENOBUFS; 91 } 92 new_ra->sk = sk; 93 new_ra->sel = sel; 94 new_ra->next = ra; 95 *rap = new_ra; 96 sock_hold(sk); 97 write_unlock_bh(&ip6_ra_lock); 98 return 0; 99 } 100 101 static 102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk, 103 struct ipv6_txoptions *opt) 104 { 105 if (inet_sk(sk)->is_icsk) { 106 if (opt && 107 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && 108 inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) { 109 struct inet_connection_sock *icsk = inet_csk(sk); 110 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 111 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); 112 } 113 opt = xchg(&inet6_sk(sk)->opt, opt); 114 } else { 115 spin_lock(&sk->sk_dst_lock); 116 opt = xchg(&inet6_sk(sk)->opt, opt); 117 spin_unlock(&sk->sk_dst_lock); 118 } 119 sk_dst_reset(sk); 120 121 return opt; 122 } 123 124 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 125 char __user *optval, unsigned int optlen) 126 { 127 struct ipv6_pinfo *np = inet6_sk(sk); 128 struct net *net = sock_net(sk); 129 int val, valbool; 130 int retv = -ENOPROTOOPT; 131 132 if (optval == NULL) 133 val = 0; 134 else { 135 if (optlen >= sizeof(int)) { 136 if (get_user(val, (int __user *) optval)) 137 return -EFAULT; 138 } else 139 val = 0; 140 } 141 142 valbool = (val != 0); 143 144 if (ip6_mroute_opt(optname)) 145 return ip6_mroute_setsockopt(sk, optname, optval, optlen); 146 147 lock_sock(sk); 148 149 switch (optname) { 150 151 case IPV6_ADDRFORM: 152 if (optlen < sizeof(int)) 153 goto e_inval; 154 if (val == PF_INET) { 155 struct ipv6_txoptions *opt; 156 struct sk_buff *pktopt; 157 158 if (sk->sk_type == SOCK_RAW) 159 break; 160 161 if (sk->sk_protocol == IPPROTO_UDP || 162 sk->sk_protocol == IPPROTO_UDPLITE) { 163 struct udp_sock *up = udp_sk(sk); 164 if (up->pending == AF_INET6) { 165 retv = -EBUSY; 166 break; 167 } 168 } else if (sk->sk_protocol != IPPROTO_TCP) 169 break; 170 171 if (sk->sk_state != TCP_ESTABLISHED) { 172 retv = -ENOTCONN; 173 break; 174 } 175 176 if (ipv6_only_sock(sk) || 177 !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { 178 retv = -EADDRNOTAVAIL; 179 break; 180 } 181 182 fl6_free_socklist(sk); 183 ipv6_sock_mc_close(sk); 184 185 /* 186 * Sock is moving from IPv6 to IPv4 (sk_prot), so 187 * remove it from the refcnt debug socks count in the 188 * original family... 189 */ 190 sk_refcnt_debug_dec(sk); 191 192 if (sk->sk_protocol == IPPROTO_TCP) { 193 struct inet_connection_sock *icsk = inet_csk(sk); 194 local_bh_disable(); 195 sock_prot_inuse_add(net, sk->sk_prot, -1); 196 sock_prot_inuse_add(net, &tcp_prot, 1); 197 local_bh_enable(); 198 sk->sk_prot = &tcp_prot; 199 icsk->icsk_af_ops = &ipv4_specific; 200 sk->sk_socket->ops = &inet_stream_ops; 201 sk->sk_family = PF_INET; 202 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 203 } else { 204 struct proto *prot = &udp_prot; 205 206 if (sk->sk_protocol == IPPROTO_UDPLITE) 207 prot = &udplite_prot; 208 local_bh_disable(); 209 sock_prot_inuse_add(net, sk->sk_prot, -1); 210 sock_prot_inuse_add(net, prot, 1); 211 local_bh_enable(); 212 sk->sk_prot = prot; 213 sk->sk_socket->ops = &inet_dgram_ops; 214 sk->sk_family = PF_INET; 215 } 216 opt = xchg(&np->opt, NULL); 217 if (opt) 218 sock_kfree_s(sk, opt, opt->tot_len); 219 pktopt = xchg(&np->pktoptions, NULL); 220 kfree_skb(pktopt); 221 222 sk->sk_destruct = inet_sock_destruct; 223 /* 224 * ... and add it to the refcnt debug socks count 225 * in the new family. -acme 226 */ 227 sk_refcnt_debug_inc(sk); 228 module_put(THIS_MODULE); 229 retv = 0; 230 break; 231 } 232 goto e_inval; 233 234 case IPV6_V6ONLY: 235 if (optlen < sizeof(int) || 236 inet_sk(sk)->inet_num) 237 goto e_inval; 238 sk->sk_ipv6only = valbool; 239 retv = 0; 240 break; 241 242 case IPV6_RECVPKTINFO: 243 if (optlen < sizeof(int)) 244 goto e_inval; 245 np->rxopt.bits.rxinfo = valbool; 246 retv = 0; 247 break; 248 249 case IPV6_2292PKTINFO: 250 if (optlen < sizeof(int)) 251 goto e_inval; 252 np->rxopt.bits.rxoinfo = valbool; 253 retv = 0; 254 break; 255 256 case IPV6_RECVHOPLIMIT: 257 if (optlen < sizeof(int)) 258 goto e_inval; 259 np->rxopt.bits.rxhlim = valbool; 260 retv = 0; 261 break; 262 263 case IPV6_2292HOPLIMIT: 264 if (optlen < sizeof(int)) 265 goto e_inval; 266 np->rxopt.bits.rxohlim = valbool; 267 retv = 0; 268 break; 269 270 case IPV6_RECVRTHDR: 271 if (optlen < sizeof(int)) 272 goto e_inval; 273 np->rxopt.bits.srcrt = valbool; 274 retv = 0; 275 break; 276 277 case IPV6_2292RTHDR: 278 if (optlen < sizeof(int)) 279 goto e_inval; 280 np->rxopt.bits.osrcrt = valbool; 281 retv = 0; 282 break; 283 284 case IPV6_RECVHOPOPTS: 285 if (optlen < sizeof(int)) 286 goto e_inval; 287 np->rxopt.bits.hopopts = valbool; 288 retv = 0; 289 break; 290 291 case IPV6_2292HOPOPTS: 292 if (optlen < sizeof(int)) 293 goto e_inval; 294 np->rxopt.bits.ohopopts = valbool; 295 retv = 0; 296 break; 297 298 case IPV6_RECVDSTOPTS: 299 if (optlen < sizeof(int)) 300 goto e_inval; 301 np->rxopt.bits.dstopts = valbool; 302 retv = 0; 303 break; 304 305 case IPV6_2292DSTOPTS: 306 if (optlen < sizeof(int)) 307 goto e_inval; 308 np->rxopt.bits.odstopts = valbool; 309 retv = 0; 310 break; 311 312 case IPV6_TCLASS: 313 if (optlen < sizeof(int)) 314 goto e_inval; 315 if (val < -1 || val > 0xff) 316 goto e_inval; 317 /* RFC 3542, 6.5: default traffic class of 0x0 */ 318 if (val == -1) 319 val = 0; 320 np->tclass = val; 321 retv = 0; 322 break; 323 324 case IPV6_RECVTCLASS: 325 if (optlen < sizeof(int)) 326 goto e_inval; 327 np->rxopt.bits.rxtclass = valbool; 328 retv = 0; 329 break; 330 331 case IPV6_FLOWINFO: 332 if (optlen < sizeof(int)) 333 goto e_inval; 334 np->rxopt.bits.rxflow = valbool; 335 retv = 0; 336 break; 337 338 case IPV6_RECVPATHMTU: 339 if (optlen < sizeof(int)) 340 goto e_inval; 341 np->rxopt.bits.rxpmtu = valbool; 342 retv = 0; 343 break; 344 345 case IPV6_TRANSPARENT: 346 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && 347 !ns_capable(net->user_ns, CAP_NET_RAW)) { 348 retv = -EPERM; 349 break; 350 } 351 if (optlen < sizeof(int)) 352 goto e_inval; 353 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ 354 inet_sk(sk)->transparent = valbool; 355 retv = 0; 356 break; 357 358 case IPV6_RECVORIGDSTADDR: 359 if (optlen < sizeof(int)) 360 goto e_inval; 361 np->rxopt.bits.rxorigdstaddr = valbool; 362 retv = 0; 363 break; 364 365 case IPV6_HOPOPTS: 366 case IPV6_RTHDRDSTOPTS: 367 case IPV6_RTHDR: 368 case IPV6_DSTOPTS: 369 { 370 struct ipv6_txoptions *opt; 371 372 /* remove any sticky options header with a zero option 373 * length, per RFC3542. 374 */ 375 if (optlen == 0) 376 optval = NULL; 377 else if (optval == NULL) 378 goto e_inval; 379 else if (optlen < sizeof(struct ipv6_opt_hdr) || 380 optlen & 0x7 || optlen > 8 * 255) 381 goto e_inval; 382 383 /* hop-by-hop / destination options are privileged option */ 384 retv = -EPERM; 385 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) 386 break; 387 388 opt = ipv6_renew_options(sk, np->opt, optname, 389 (struct ipv6_opt_hdr __user *)optval, 390 optlen); 391 if (IS_ERR(opt)) { 392 retv = PTR_ERR(opt); 393 break; 394 } 395 396 /* routing header option needs extra check */ 397 retv = -EINVAL; 398 if (optname == IPV6_RTHDR && opt && opt->srcrt) { 399 struct ipv6_rt_hdr *rthdr = opt->srcrt; 400 switch (rthdr->type) { 401 #if IS_ENABLED(CONFIG_IPV6_MIP6) 402 case IPV6_SRCRT_TYPE_2: 403 if (rthdr->hdrlen != 2 || 404 rthdr->segments_left != 1) 405 goto sticky_done; 406 407 break; 408 #endif 409 default: 410 goto sticky_done; 411 } 412 } 413 414 retv = 0; 415 opt = ipv6_update_options(sk, opt); 416 sticky_done: 417 if (opt) 418 sock_kfree_s(sk, opt, opt->tot_len); 419 break; 420 } 421 422 case IPV6_PKTINFO: 423 { 424 struct in6_pktinfo pkt; 425 426 if (optlen == 0) 427 goto e_inval; 428 else if (optlen < sizeof(struct in6_pktinfo) || optval == NULL) 429 goto e_inval; 430 431 if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { 432 retv = -EFAULT; 433 break; 434 } 435 if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) 436 goto e_inval; 437 438 np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; 439 np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; 440 retv = 0; 441 break; 442 } 443 444 case IPV6_2292PKTOPTIONS: 445 { 446 struct ipv6_txoptions *opt = NULL; 447 struct msghdr msg; 448 struct flowi6 fl6; 449 int junk; 450 451 memset(&fl6, 0, sizeof(fl6)); 452 fl6.flowi6_oif = sk->sk_bound_dev_if; 453 fl6.flowi6_mark = sk->sk_mark; 454 455 if (optlen == 0) 456 goto update; 457 458 /* 1K is probably excessive 459 * 1K is surely not enough, 2K per standard header is 16K. 460 */ 461 retv = -EINVAL; 462 if (optlen > 64*1024) 463 break; 464 465 opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); 466 retv = -ENOBUFS; 467 if (opt == NULL) 468 break; 469 470 memset(opt, 0, sizeof(*opt)); 471 opt->tot_len = sizeof(*opt) + optlen; 472 retv = -EFAULT; 473 if (copy_from_user(opt+1, optval, optlen)) 474 goto done; 475 476 msg.msg_controllen = optlen; 477 msg.msg_control = (void *)(opt+1); 478 479 retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, 480 &junk, &junk); 481 if (retv) 482 goto done; 483 update: 484 retv = 0; 485 opt = ipv6_update_options(sk, opt); 486 done: 487 if (opt) 488 sock_kfree_s(sk, opt, opt->tot_len); 489 break; 490 } 491 case IPV6_UNICAST_HOPS: 492 if (optlen < sizeof(int)) 493 goto e_inval; 494 if (val > 255 || val < -1) 495 goto e_inval; 496 np->hop_limit = val; 497 retv = 0; 498 break; 499 500 case IPV6_MULTICAST_HOPS: 501 if (sk->sk_type == SOCK_STREAM) 502 break; 503 if (optlen < sizeof(int)) 504 goto e_inval; 505 if (val > 255 || val < -1) 506 goto e_inval; 507 np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); 508 retv = 0; 509 break; 510 511 case IPV6_MULTICAST_LOOP: 512 if (optlen < sizeof(int)) 513 goto e_inval; 514 if (val != valbool) 515 goto e_inval; 516 np->mc_loop = valbool; 517 retv = 0; 518 break; 519 520 case IPV6_UNICAST_IF: 521 { 522 struct net_device *dev = NULL; 523 int ifindex; 524 525 if (optlen != sizeof(int)) 526 goto e_inval; 527 528 ifindex = (__force int)ntohl((__force __be32)val); 529 if (ifindex == 0) { 530 np->ucast_oif = 0; 531 retv = 0; 532 break; 533 } 534 535 dev = dev_get_by_index(net, ifindex); 536 retv = -EADDRNOTAVAIL; 537 if (!dev) 538 break; 539 dev_put(dev); 540 541 retv = -EINVAL; 542 if (sk->sk_bound_dev_if) 543 break; 544 545 np->ucast_oif = ifindex; 546 retv = 0; 547 break; 548 } 549 550 case IPV6_MULTICAST_IF: 551 if (sk->sk_type == SOCK_STREAM) 552 break; 553 if (optlen < sizeof(int)) 554 goto e_inval; 555 556 if (val) { 557 struct net_device *dev; 558 559 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val) 560 goto e_inval; 561 562 dev = dev_get_by_index(net, val); 563 if (!dev) { 564 retv = -ENODEV; 565 break; 566 } 567 dev_put(dev); 568 } 569 np->mcast_oif = val; 570 retv = 0; 571 break; 572 case IPV6_ADD_MEMBERSHIP: 573 case IPV6_DROP_MEMBERSHIP: 574 { 575 struct ipv6_mreq mreq; 576 577 if (optlen < sizeof(struct ipv6_mreq)) 578 goto e_inval; 579 580 retv = -EPROTO; 581 if (inet_sk(sk)->is_icsk) 582 break; 583 584 retv = -EFAULT; 585 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 586 break; 587 588 if (optname == IPV6_ADD_MEMBERSHIP) 589 retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 590 else 591 retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 592 break; 593 } 594 case IPV6_JOIN_ANYCAST: 595 case IPV6_LEAVE_ANYCAST: 596 { 597 struct ipv6_mreq mreq; 598 599 if (optlen < sizeof(struct ipv6_mreq)) 600 goto e_inval; 601 602 retv = -EFAULT; 603 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 604 break; 605 606 if (optname == IPV6_JOIN_ANYCAST) 607 retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 608 else 609 retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 610 break; 611 } 612 case MCAST_JOIN_GROUP: 613 case MCAST_LEAVE_GROUP: 614 { 615 struct group_req greq; 616 struct sockaddr_in6 *psin6; 617 618 if (optlen < sizeof(struct group_req)) 619 goto e_inval; 620 621 retv = -EFAULT; 622 if (copy_from_user(&greq, optval, sizeof(struct group_req))) 623 break; 624 if (greq.gr_group.ss_family != AF_INET6) { 625 retv = -EADDRNOTAVAIL; 626 break; 627 } 628 psin6 = (struct sockaddr_in6 *)&greq.gr_group; 629 if (optname == MCAST_JOIN_GROUP) 630 retv = ipv6_sock_mc_join(sk, greq.gr_interface, 631 &psin6->sin6_addr); 632 else 633 retv = ipv6_sock_mc_drop(sk, greq.gr_interface, 634 &psin6->sin6_addr); 635 break; 636 } 637 case MCAST_JOIN_SOURCE_GROUP: 638 case MCAST_LEAVE_SOURCE_GROUP: 639 case MCAST_BLOCK_SOURCE: 640 case MCAST_UNBLOCK_SOURCE: 641 { 642 struct group_source_req greqs; 643 int omode, add; 644 645 if (optlen < sizeof(struct group_source_req)) 646 goto e_inval; 647 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 648 retv = -EFAULT; 649 break; 650 } 651 if (greqs.gsr_group.ss_family != AF_INET6 || 652 greqs.gsr_source.ss_family != AF_INET6) { 653 retv = -EADDRNOTAVAIL; 654 break; 655 } 656 if (optname == MCAST_BLOCK_SOURCE) { 657 omode = MCAST_EXCLUDE; 658 add = 1; 659 } else if (optname == MCAST_UNBLOCK_SOURCE) { 660 omode = MCAST_EXCLUDE; 661 add = 0; 662 } else if (optname == MCAST_JOIN_SOURCE_GROUP) { 663 struct sockaddr_in6 *psin6; 664 665 psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; 666 retv = ipv6_sock_mc_join(sk, greqs.gsr_interface, 667 &psin6->sin6_addr); 668 /* prior join w/ different source is ok */ 669 if (retv && retv != -EADDRINUSE) 670 break; 671 omode = MCAST_INCLUDE; 672 add = 1; 673 } else /* MCAST_LEAVE_SOURCE_GROUP */ { 674 omode = MCAST_INCLUDE; 675 add = 0; 676 } 677 retv = ip6_mc_source(add, omode, sk, &greqs); 678 break; 679 } 680 case MCAST_MSFILTER: 681 { 682 struct group_filter *gsf; 683 684 if (optlen < GROUP_FILTER_SIZE(0)) 685 goto e_inval; 686 if (optlen > sysctl_optmem_max) { 687 retv = -ENOBUFS; 688 break; 689 } 690 gsf = kmalloc(optlen, GFP_KERNEL); 691 if (!gsf) { 692 retv = -ENOBUFS; 693 break; 694 } 695 retv = -EFAULT; 696 if (copy_from_user(gsf, optval, optlen)) { 697 kfree(gsf); 698 break; 699 } 700 /* numsrc >= (4G-140)/128 overflow in 32 bits */ 701 if (gsf->gf_numsrc >= 0x1ffffffU || 702 gsf->gf_numsrc > sysctl_mld_max_msf) { 703 kfree(gsf); 704 retv = -ENOBUFS; 705 break; 706 } 707 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { 708 kfree(gsf); 709 retv = -EINVAL; 710 break; 711 } 712 retv = ip6_mc_msfilter(sk, gsf); 713 kfree(gsf); 714 715 break; 716 } 717 case IPV6_ROUTER_ALERT: 718 if (optlen < sizeof(int)) 719 goto e_inval; 720 retv = ip6_ra_control(sk, val); 721 break; 722 case IPV6_MTU_DISCOVER: 723 if (optlen < sizeof(int)) 724 goto e_inval; 725 if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) 726 goto e_inval; 727 np->pmtudisc = val; 728 retv = 0; 729 break; 730 case IPV6_MTU: 731 if (optlen < sizeof(int)) 732 goto e_inval; 733 if (val && val < IPV6_MIN_MTU) 734 goto e_inval; 735 np->frag_size = val; 736 retv = 0; 737 break; 738 case IPV6_RECVERR: 739 if (optlen < sizeof(int)) 740 goto e_inval; 741 np->recverr = valbool; 742 if (!val) 743 skb_queue_purge(&sk->sk_error_queue); 744 retv = 0; 745 break; 746 case IPV6_FLOWINFO_SEND: 747 if (optlen < sizeof(int)) 748 goto e_inval; 749 np->sndflow = valbool; 750 retv = 0; 751 break; 752 case IPV6_FLOWLABEL_MGR: 753 retv = ipv6_flowlabel_opt(sk, optval, optlen); 754 break; 755 case IPV6_IPSEC_POLICY: 756 case IPV6_XFRM_POLICY: 757 retv = -EPERM; 758 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 759 break; 760 retv = xfrm_user_policy(sk, optname, optval, optlen); 761 break; 762 763 case IPV6_ADDR_PREFERENCES: 764 { 765 unsigned int pref = 0; 766 unsigned int prefmask = ~0; 767 768 if (optlen < sizeof(int)) 769 goto e_inval; 770 771 retv = -EINVAL; 772 773 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */ 774 switch (val & (IPV6_PREFER_SRC_PUBLIC| 775 IPV6_PREFER_SRC_TMP| 776 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { 777 case IPV6_PREFER_SRC_PUBLIC: 778 pref |= IPV6_PREFER_SRC_PUBLIC; 779 break; 780 case IPV6_PREFER_SRC_TMP: 781 pref |= IPV6_PREFER_SRC_TMP; 782 break; 783 case IPV6_PREFER_SRC_PUBTMP_DEFAULT: 784 break; 785 case 0: 786 goto pref_skip_pubtmp; 787 default: 788 goto e_inval; 789 } 790 791 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| 792 IPV6_PREFER_SRC_TMP); 793 pref_skip_pubtmp: 794 795 /* check HOME/COA conflicts */ 796 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { 797 case IPV6_PREFER_SRC_HOME: 798 break; 799 case IPV6_PREFER_SRC_COA: 800 pref |= IPV6_PREFER_SRC_COA; 801 case 0: 802 goto pref_skip_coa; 803 default: 804 goto e_inval; 805 } 806 807 prefmask &= ~IPV6_PREFER_SRC_COA; 808 pref_skip_coa: 809 810 /* check CGA/NONCGA conflicts */ 811 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { 812 case IPV6_PREFER_SRC_CGA: 813 case IPV6_PREFER_SRC_NONCGA: 814 case 0: 815 break; 816 default: 817 goto e_inval; 818 } 819 820 np->srcprefs = (np->srcprefs & prefmask) | pref; 821 retv = 0; 822 823 break; 824 } 825 case IPV6_MINHOPCOUNT: 826 if (optlen < sizeof(int)) 827 goto e_inval; 828 if (val < 0 || val > 255) 829 goto e_inval; 830 np->min_hopcount = val; 831 retv = 0; 832 break; 833 case IPV6_DONTFRAG: 834 np->dontfrag = valbool; 835 retv = 0; 836 break; 837 case IPV6_AUTOFLOWLABEL: 838 np->autoflowlabel = valbool; 839 retv = 0; 840 break; 841 } 842 843 release_sock(sk); 844 845 return retv; 846 847 e_inval: 848 release_sock(sk); 849 return -EINVAL; 850 } 851 852 int ipv6_setsockopt(struct sock *sk, int level, int optname, 853 char __user *optval, unsigned int optlen) 854 { 855 int err; 856 857 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 858 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 859 860 if (level != SOL_IPV6) 861 return -ENOPROTOOPT; 862 863 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 864 #ifdef CONFIG_NETFILTER 865 /* we need to exclude all possible ENOPROTOOPTs except default case */ 866 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 867 optname != IPV6_XFRM_POLICY) { 868 lock_sock(sk); 869 err = nf_setsockopt(sk, PF_INET6, optname, optval, 870 optlen); 871 release_sock(sk); 872 } 873 #endif 874 return err; 875 } 876 EXPORT_SYMBOL(ipv6_setsockopt); 877 878 #ifdef CONFIG_COMPAT 879 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, 880 char __user *optval, unsigned int optlen) 881 { 882 int err; 883 884 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 885 if (udp_prot.compat_setsockopt != NULL) 886 return udp_prot.compat_setsockopt(sk, level, optname, 887 optval, optlen); 888 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 889 } 890 891 if (level != SOL_IPV6) 892 return -ENOPROTOOPT; 893 894 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER) 895 return compat_mc_setsockopt(sk, level, optname, optval, optlen, 896 ipv6_setsockopt); 897 898 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 899 #ifdef CONFIG_NETFILTER 900 /* we need to exclude all possible ENOPROTOOPTs except default case */ 901 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 902 optname != IPV6_XFRM_POLICY) { 903 lock_sock(sk); 904 err = compat_nf_setsockopt(sk, PF_INET6, optname, 905 optval, optlen); 906 release_sock(sk); 907 } 908 #endif 909 return err; 910 } 911 EXPORT_SYMBOL(compat_ipv6_setsockopt); 912 #endif 913 914 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 915 int optname, char __user *optval, int len) 916 { 917 struct ipv6_opt_hdr *hdr; 918 919 if (!opt) 920 return 0; 921 922 switch (optname) { 923 case IPV6_HOPOPTS: 924 hdr = opt->hopopt; 925 break; 926 case IPV6_RTHDRDSTOPTS: 927 hdr = opt->dst0opt; 928 break; 929 case IPV6_RTHDR: 930 hdr = (struct ipv6_opt_hdr *)opt->srcrt; 931 break; 932 case IPV6_DSTOPTS: 933 hdr = opt->dst1opt; 934 break; 935 default: 936 return -EINVAL; /* should not happen */ 937 } 938 939 if (!hdr) 940 return 0; 941 942 len = min_t(unsigned int, len, ipv6_optlen(hdr)); 943 if (copy_to_user(optval, hdr, len)) 944 return -EFAULT; 945 return len; 946 } 947 948 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 949 char __user *optval, int __user *optlen, unsigned int flags) 950 { 951 struct ipv6_pinfo *np = inet6_sk(sk); 952 int len; 953 int val; 954 955 if (ip6_mroute_opt(optname)) 956 return ip6_mroute_getsockopt(sk, optname, optval, optlen); 957 958 if (get_user(len, optlen)) 959 return -EFAULT; 960 switch (optname) { 961 case IPV6_ADDRFORM: 962 if (sk->sk_protocol != IPPROTO_UDP && 963 sk->sk_protocol != IPPROTO_UDPLITE && 964 sk->sk_protocol != IPPROTO_TCP) 965 return -ENOPROTOOPT; 966 if (sk->sk_state != TCP_ESTABLISHED) 967 return -ENOTCONN; 968 val = sk->sk_family; 969 break; 970 case MCAST_MSFILTER: 971 { 972 struct group_filter gsf; 973 int err; 974 975 if (len < GROUP_FILTER_SIZE(0)) 976 return -EINVAL; 977 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 978 return -EFAULT; 979 if (gsf.gf_group.ss_family != AF_INET6) 980 return -EADDRNOTAVAIL; 981 lock_sock(sk); 982 err = ip6_mc_msfget(sk, &gsf, 983 (struct group_filter __user *)optval, optlen); 984 release_sock(sk); 985 return err; 986 } 987 988 case IPV6_2292PKTOPTIONS: 989 { 990 struct msghdr msg; 991 struct sk_buff *skb; 992 993 if (sk->sk_type != SOCK_STREAM) 994 return -ENOPROTOOPT; 995 996 msg.msg_control = optval; 997 msg.msg_controllen = len; 998 msg.msg_flags = flags; 999 1000 lock_sock(sk); 1001 skb = np->pktoptions; 1002 if (skb) 1003 atomic_inc(&skb->users); 1004 release_sock(sk); 1005 1006 if (skb) { 1007 ip6_datagram_recv_ctl(sk, &msg, skb); 1008 kfree_skb(skb); 1009 } else { 1010 if (np->rxopt.bits.rxinfo) { 1011 struct in6_pktinfo src_info; 1012 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1013 np->sticky_pktinfo.ipi6_ifindex; 1014 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; 1015 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); 1016 } 1017 if (np->rxopt.bits.rxhlim) { 1018 int hlim = np->mcast_hops; 1019 put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 1020 } 1021 if (np->rxopt.bits.rxtclass) { 1022 int tclass = (int)ip6_tclass(np->rcv_flowinfo); 1023 1024 put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 1025 } 1026 if (np->rxopt.bits.rxoinfo) { 1027 struct in6_pktinfo src_info; 1028 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1029 np->sticky_pktinfo.ipi6_ifindex; 1030 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : 1031 np->sticky_pktinfo.ipi6_addr; 1032 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 1033 } 1034 if (np->rxopt.bits.rxohlim) { 1035 int hlim = np->mcast_hops; 1036 put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 1037 } 1038 if (np->rxopt.bits.rxflow) { 1039 __be32 flowinfo = np->rcv_flowinfo; 1040 1041 put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 1042 } 1043 } 1044 len -= msg.msg_controllen; 1045 return put_user(len, optlen); 1046 } 1047 case IPV6_MTU: 1048 { 1049 struct dst_entry *dst; 1050 1051 val = 0; 1052 rcu_read_lock(); 1053 dst = __sk_dst_get(sk); 1054 if (dst) 1055 val = dst_mtu(dst); 1056 rcu_read_unlock(); 1057 if (!val) 1058 return -ENOTCONN; 1059 break; 1060 } 1061 1062 case IPV6_V6ONLY: 1063 val = sk->sk_ipv6only; 1064 break; 1065 1066 case IPV6_RECVPKTINFO: 1067 val = np->rxopt.bits.rxinfo; 1068 break; 1069 1070 case IPV6_2292PKTINFO: 1071 val = np->rxopt.bits.rxoinfo; 1072 break; 1073 1074 case IPV6_RECVHOPLIMIT: 1075 val = np->rxopt.bits.rxhlim; 1076 break; 1077 1078 case IPV6_2292HOPLIMIT: 1079 val = np->rxopt.bits.rxohlim; 1080 break; 1081 1082 case IPV6_RECVRTHDR: 1083 val = np->rxopt.bits.srcrt; 1084 break; 1085 1086 case IPV6_2292RTHDR: 1087 val = np->rxopt.bits.osrcrt; 1088 break; 1089 1090 case IPV6_HOPOPTS: 1091 case IPV6_RTHDRDSTOPTS: 1092 case IPV6_RTHDR: 1093 case IPV6_DSTOPTS: 1094 { 1095 1096 lock_sock(sk); 1097 len = ipv6_getsockopt_sticky(sk, np->opt, 1098 optname, optval, len); 1099 release_sock(sk); 1100 /* check if ipv6_getsockopt_sticky() returns err code */ 1101 if (len < 0) 1102 return len; 1103 return put_user(len, optlen); 1104 } 1105 1106 case IPV6_RECVHOPOPTS: 1107 val = np->rxopt.bits.hopopts; 1108 break; 1109 1110 case IPV6_2292HOPOPTS: 1111 val = np->rxopt.bits.ohopopts; 1112 break; 1113 1114 case IPV6_RECVDSTOPTS: 1115 val = np->rxopt.bits.dstopts; 1116 break; 1117 1118 case IPV6_2292DSTOPTS: 1119 val = np->rxopt.bits.odstopts; 1120 break; 1121 1122 case IPV6_TCLASS: 1123 val = np->tclass; 1124 break; 1125 1126 case IPV6_RECVTCLASS: 1127 val = np->rxopt.bits.rxtclass; 1128 break; 1129 1130 case IPV6_FLOWINFO: 1131 val = np->rxopt.bits.rxflow; 1132 break; 1133 1134 case IPV6_RECVPATHMTU: 1135 val = np->rxopt.bits.rxpmtu; 1136 break; 1137 1138 case IPV6_PATHMTU: 1139 { 1140 struct dst_entry *dst; 1141 struct ip6_mtuinfo mtuinfo; 1142 1143 if (len < sizeof(mtuinfo)) 1144 return -EINVAL; 1145 1146 len = sizeof(mtuinfo); 1147 memset(&mtuinfo, 0, sizeof(mtuinfo)); 1148 1149 rcu_read_lock(); 1150 dst = __sk_dst_get(sk); 1151 if (dst) 1152 mtuinfo.ip6m_mtu = dst_mtu(dst); 1153 rcu_read_unlock(); 1154 if (!mtuinfo.ip6m_mtu) 1155 return -ENOTCONN; 1156 1157 if (put_user(len, optlen)) 1158 return -EFAULT; 1159 if (copy_to_user(optval, &mtuinfo, len)) 1160 return -EFAULT; 1161 1162 return 0; 1163 } 1164 1165 case IPV6_TRANSPARENT: 1166 val = inet_sk(sk)->transparent; 1167 break; 1168 1169 case IPV6_RECVORIGDSTADDR: 1170 val = np->rxopt.bits.rxorigdstaddr; 1171 break; 1172 1173 case IPV6_UNICAST_HOPS: 1174 case IPV6_MULTICAST_HOPS: 1175 { 1176 struct dst_entry *dst; 1177 1178 if (optname == IPV6_UNICAST_HOPS) 1179 val = np->hop_limit; 1180 else 1181 val = np->mcast_hops; 1182 1183 if (val < 0) { 1184 rcu_read_lock(); 1185 dst = __sk_dst_get(sk); 1186 if (dst) 1187 val = ip6_dst_hoplimit(dst); 1188 rcu_read_unlock(); 1189 } 1190 1191 if (val < 0) 1192 val = sock_net(sk)->ipv6.devconf_all->hop_limit; 1193 break; 1194 } 1195 1196 case IPV6_MULTICAST_LOOP: 1197 val = np->mc_loop; 1198 break; 1199 1200 case IPV6_MULTICAST_IF: 1201 val = np->mcast_oif; 1202 break; 1203 1204 case IPV6_UNICAST_IF: 1205 val = (__force int)htonl((__u32) np->ucast_oif); 1206 break; 1207 1208 case IPV6_MTU_DISCOVER: 1209 val = np->pmtudisc; 1210 break; 1211 1212 case IPV6_RECVERR: 1213 val = np->recverr; 1214 break; 1215 1216 case IPV6_FLOWINFO_SEND: 1217 val = np->sndflow; 1218 break; 1219 1220 case IPV6_FLOWLABEL_MGR: 1221 { 1222 struct in6_flowlabel_req freq; 1223 int flags; 1224 1225 if (len < sizeof(freq)) 1226 return -EINVAL; 1227 1228 if (copy_from_user(&freq, optval, sizeof(freq))) 1229 return -EFAULT; 1230 1231 if (freq.flr_action != IPV6_FL_A_GET) 1232 return -EINVAL; 1233 1234 len = sizeof(freq); 1235 flags = freq.flr_flags; 1236 1237 memset(&freq, 0, sizeof(freq)); 1238 1239 val = ipv6_flowlabel_opt_get(sk, &freq, flags); 1240 if (val < 0) 1241 return val; 1242 1243 if (put_user(len, optlen)) 1244 return -EFAULT; 1245 if (copy_to_user(optval, &freq, len)) 1246 return -EFAULT; 1247 1248 return 0; 1249 } 1250 1251 case IPV6_ADDR_PREFERENCES: 1252 val = 0; 1253 1254 if (np->srcprefs & IPV6_PREFER_SRC_TMP) 1255 val |= IPV6_PREFER_SRC_TMP; 1256 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC) 1257 val |= IPV6_PREFER_SRC_PUBLIC; 1258 else { 1259 /* XXX: should we return system default? */ 1260 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT; 1261 } 1262 1263 if (np->srcprefs & IPV6_PREFER_SRC_COA) 1264 val |= IPV6_PREFER_SRC_COA; 1265 else 1266 val |= IPV6_PREFER_SRC_HOME; 1267 break; 1268 1269 case IPV6_MINHOPCOUNT: 1270 val = np->min_hopcount; 1271 break; 1272 1273 case IPV6_DONTFRAG: 1274 val = np->dontfrag; 1275 break; 1276 1277 case IPV6_AUTOFLOWLABEL: 1278 val = np->autoflowlabel; 1279 break; 1280 1281 default: 1282 return -ENOPROTOOPT; 1283 } 1284 len = min_t(unsigned int, sizeof(int), len); 1285 if (put_user(len, optlen)) 1286 return -EFAULT; 1287 if (copy_to_user(optval, &val, len)) 1288 return -EFAULT; 1289 return 0; 1290 } 1291 1292 int ipv6_getsockopt(struct sock *sk, int level, int optname, 1293 char __user *optval, int __user *optlen) 1294 { 1295 int err; 1296 1297 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 1298 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1299 1300 if (level != SOL_IPV6) 1301 return -ENOPROTOOPT; 1302 1303 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0); 1304 #ifdef CONFIG_NETFILTER 1305 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1306 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1307 int len; 1308 1309 if (get_user(len, optlen)) 1310 return -EFAULT; 1311 1312 lock_sock(sk); 1313 err = nf_getsockopt(sk, PF_INET6, optname, optval, 1314 &len); 1315 release_sock(sk); 1316 if (err >= 0) 1317 err = put_user(len, optlen); 1318 } 1319 #endif 1320 return err; 1321 } 1322 EXPORT_SYMBOL(ipv6_getsockopt); 1323 1324 #ifdef CONFIG_COMPAT 1325 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, 1326 char __user *optval, int __user *optlen) 1327 { 1328 int err; 1329 1330 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 1331 if (udp_prot.compat_getsockopt != NULL) 1332 return udp_prot.compat_getsockopt(sk, level, optname, 1333 optval, optlen); 1334 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1335 } 1336 1337 if (level != SOL_IPV6) 1338 return -ENOPROTOOPT; 1339 1340 if (optname == MCAST_MSFILTER) 1341 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1342 ipv6_getsockopt); 1343 1344 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 1345 MSG_CMSG_COMPAT); 1346 #ifdef CONFIG_NETFILTER 1347 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1348 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1349 int len; 1350 1351 if (get_user(len, optlen)) 1352 return -EFAULT; 1353 1354 lock_sock(sk); 1355 err = compat_nf_getsockopt(sk, PF_INET6, 1356 optname, optval, &len); 1357 release_sock(sk); 1358 if (err >= 0) 1359 err = put_user(len, optlen); 1360 } 1361 #endif 1362 return err; 1363 } 1364 EXPORT_SYMBOL(compat_ipv6_getsockopt); 1365 #endif 1366 1367