xref: /openbmc/linux/net/ipv6/ipv6_sockglue.c (revision bb3982b4)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	IPv6 BSD socket options interface
4  *	Linux INET6 implementation
5  *
6  *	Authors:
7  *	Pedro Roque		<roque@di.fc.ul.pt>
8  *
9  *	Based on linux/net/ipv4/ip_sockglue.c
10  *
11  *	FIXME: Make the setsockopt code POSIX compliant: That is
12  *
13  *	o	Truncate getsockopt returns
14  *	o	Return an optlen of the truncated length if need be
15  *
16  *	Changes:
17  *	David L Stevens <dlstevens@us.ibm.com>:
18  *		- added multicast source filtering API for MLDv2
19  */
20 
21 #include <linux/module.h>
22 #include <linux/capability.h>
23 #include <linux/errno.h>
24 #include <linux/types.h>
25 #include <linux/socket.h>
26 #include <linux/sockios.h>
27 #include <linux/net.h>
28 #include <linux/in6.h>
29 #include <linux/mroute6.h>
30 #include <linux/netdevice.h>
31 #include <linux/if_arp.h>
32 #include <linux/init.h>
33 #include <linux/sysctl.h>
34 #include <linux/netfilter.h>
35 #include <linux/slab.h>
36 
37 #include <net/sock.h>
38 #include <net/snmp.h>
39 #include <net/ipv6.h>
40 #include <net/ndisc.h>
41 #include <net/protocol.h>
42 #include <net/transp_v6.h>
43 #include <net/ip6_route.h>
44 #include <net/addrconf.h>
45 #include <net/inet_common.h>
46 #include <net/tcp.h>
47 #include <net/udp.h>
48 #include <net/udplite.h>
49 #include <net/xfrm.h>
50 #include <net/compat.h>
51 #include <net/seg6.h>
52 
53 #include <linux/uaccess.h>
54 
55 struct ip6_ra_chain *ip6_ra_chain;
56 DEFINE_RWLOCK(ip6_ra_lock);
57 
58 int ip6_ra_control(struct sock *sk, int sel)
59 {
60 	struct ip6_ra_chain *ra, *new_ra, **rap;
61 
62 	/* RA packet may be delivered ONLY to IPPROTO_RAW socket */
63 	if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW)
64 		return -ENOPROTOOPT;
65 
66 	new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
67 	if (sel >= 0 && !new_ra)
68 		return -ENOMEM;
69 
70 	write_lock_bh(&ip6_ra_lock);
71 	for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {
72 		if (ra->sk == sk) {
73 			if (sel >= 0) {
74 				write_unlock_bh(&ip6_ra_lock);
75 				kfree(new_ra);
76 				return -EADDRINUSE;
77 			}
78 
79 			*rap = ra->next;
80 			write_unlock_bh(&ip6_ra_lock);
81 
82 			sock_put(sk);
83 			kfree(ra);
84 			return 0;
85 		}
86 	}
87 	if (!new_ra) {
88 		write_unlock_bh(&ip6_ra_lock);
89 		return -ENOBUFS;
90 	}
91 	new_ra->sk = sk;
92 	new_ra->sel = sel;
93 	new_ra->next = ra;
94 	*rap = new_ra;
95 	sock_hold(sk);
96 	write_unlock_bh(&ip6_ra_lock);
97 	return 0;
98 }
99 
100 struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
101 					   struct ipv6_txoptions *opt)
102 {
103 	if (inet_sk(sk)->is_icsk) {
104 		if (opt &&
105 		    !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
106 		    inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) {
107 			struct inet_connection_sock *icsk = inet_csk(sk);
108 			icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
109 			icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
110 		}
111 	}
112 	opt = xchg((__force struct ipv6_txoptions **)&inet6_sk(sk)->opt,
113 		   opt);
114 	sk_dst_reset(sk);
115 
116 	return opt;
117 }
118 
119 static bool setsockopt_needs_rtnl(int optname)
120 {
121 	switch (optname) {
122 	case IPV6_ADDRFORM:
123 	case IPV6_ADD_MEMBERSHIP:
124 	case IPV6_DROP_MEMBERSHIP:
125 	case IPV6_JOIN_ANYCAST:
126 	case IPV6_LEAVE_ANYCAST:
127 	case MCAST_JOIN_GROUP:
128 	case MCAST_LEAVE_GROUP:
129 	case MCAST_JOIN_SOURCE_GROUP:
130 	case MCAST_LEAVE_SOURCE_GROUP:
131 	case MCAST_BLOCK_SOURCE:
132 	case MCAST_UNBLOCK_SOURCE:
133 	case MCAST_MSFILTER:
134 		return true;
135 	}
136 	return false;
137 }
138 
139 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
140 		    char __user *optval, unsigned int optlen)
141 {
142 	struct ipv6_pinfo *np = inet6_sk(sk);
143 	struct net *net = sock_net(sk);
144 	int val, valbool;
145 	int retv = -ENOPROTOOPT;
146 	bool needs_rtnl = setsockopt_needs_rtnl(optname);
147 
148 	if (!optval)
149 		val = 0;
150 	else {
151 		if (optlen >= sizeof(int)) {
152 			if (get_user(val, (int __user *) optval))
153 				return -EFAULT;
154 		} else
155 			val = 0;
156 	}
157 
158 	valbool = (val != 0);
159 
160 	if (ip6_mroute_opt(optname))
161 		return ip6_mroute_setsockopt(sk, optname, optval, optlen);
162 
163 	if (needs_rtnl)
164 		rtnl_lock();
165 	lock_sock(sk);
166 
167 	switch (optname) {
168 
169 	case IPV6_ADDRFORM:
170 		if (optlen < sizeof(int))
171 			goto e_inval;
172 		if (val == PF_INET) {
173 			struct ipv6_txoptions *opt;
174 			struct sk_buff *pktopt;
175 
176 			if (sk->sk_type == SOCK_RAW)
177 				break;
178 
179 			if (sk->sk_protocol == IPPROTO_UDP ||
180 			    sk->sk_protocol == IPPROTO_UDPLITE) {
181 				struct udp_sock *up = udp_sk(sk);
182 				if (up->pending == AF_INET6) {
183 					retv = -EBUSY;
184 					break;
185 				}
186 			} else if (sk->sk_protocol != IPPROTO_TCP)
187 				break;
188 
189 			if (sk->sk_state != TCP_ESTABLISHED) {
190 				retv = -ENOTCONN;
191 				break;
192 			}
193 
194 			if (ipv6_only_sock(sk) ||
195 			    !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) {
196 				retv = -EADDRNOTAVAIL;
197 				break;
198 			}
199 
200 			fl6_free_socklist(sk);
201 			__ipv6_sock_mc_close(sk);
202 
203 			/*
204 			 * Sock is moving from IPv6 to IPv4 (sk_prot), so
205 			 * remove it from the refcnt debug socks count in the
206 			 * original family...
207 			 */
208 			sk_refcnt_debug_dec(sk);
209 
210 			if (sk->sk_protocol == IPPROTO_TCP) {
211 				struct inet_connection_sock *icsk = inet_csk(sk);
212 				local_bh_disable();
213 				sock_prot_inuse_add(net, sk->sk_prot, -1);
214 				sock_prot_inuse_add(net, &tcp_prot, 1);
215 				local_bh_enable();
216 				sk->sk_prot = &tcp_prot;
217 				icsk->icsk_af_ops = &ipv4_specific;
218 				sk->sk_socket->ops = &inet_stream_ops;
219 				sk->sk_family = PF_INET;
220 				tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
221 			} else {
222 				struct proto *prot = &udp_prot;
223 
224 				if (sk->sk_protocol == IPPROTO_UDPLITE)
225 					prot = &udplite_prot;
226 				local_bh_disable();
227 				sock_prot_inuse_add(net, sk->sk_prot, -1);
228 				sock_prot_inuse_add(net, prot, 1);
229 				local_bh_enable();
230 				sk->sk_prot = prot;
231 				sk->sk_socket->ops = &inet_dgram_ops;
232 				sk->sk_family = PF_INET;
233 			}
234 			opt = xchg((__force struct ipv6_txoptions **)&np->opt,
235 				   NULL);
236 			if (opt) {
237 				atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
238 				txopt_put(opt);
239 			}
240 			pktopt = xchg(&np->pktoptions, NULL);
241 			kfree_skb(pktopt);
242 
243 			/*
244 			 * ... and add it to the refcnt debug socks count
245 			 * in the new family. -acme
246 			 */
247 			sk_refcnt_debug_inc(sk);
248 			module_put(THIS_MODULE);
249 			retv = 0;
250 			break;
251 		}
252 		goto e_inval;
253 
254 	case IPV6_V6ONLY:
255 		if (optlen < sizeof(int) ||
256 		    inet_sk(sk)->inet_num)
257 			goto e_inval;
258 		sk->sk_ipv6only = valbool;
259 		retv = 0;
260 		break;
261 
262 	case IPV6_RECVPKTINFO:
263 		if (optlen < sizeof(int))
264 			goto e_inval;
265 		np->rxopt.bits.rxinfo = valbool;
266 		retv = 0;
267 		break;
268 
269 	case IPV6_2292PKTINFO:
270 		if (optlen < sizeof(int))
271 			goto e_inval;
272 		np->rxopt.bits.rxoinfo = valbool;
273 		retv = 0;
274 		break;
275 
276 	case IPV6_RECVHOPLIMIT:
277 		if (optlen < sizeof(int))
278 			goto e_inval;
279 		np->rxopt.bits.rxhlim = valbool;
280 		retv = 0;
281 		break;
282 
283 	case IPV6_2292HOPLIMIT:
284 		if (optlen < sizeof(int))
285 			goto e_inval;
286 		np->rxopt.bits.rxohlim = valbool;
287 		retv = 0;
288 		break;
289 
290 	case IPV6_RECVRTHDR:
291 		if (optlen < sizeof(int))
292 			goto e_inval;
293 		np->rxopt.bits.srcrt = valbool;
294 		retv = 0;
295 		break;
296 
297 	case IPV6_2292RTHDR:
298 		if (optlen < sizeof(int))
299 			goto e_inval;
300 		np->rxopt.bits.osrcrt = valbool;
301 		retv = 0;
302 		break;
303 
304 	case IPV6_RECVHOPOPTS:
305 		if (optlen < sizeof(int))
306 			goto e_inval;
307 		np->rxopt.bits.hopopts = valbool;
308 		retv = 0;
309 		break;
310 
311 	case IPV6_2292HOPOPTS:
312 		if (optlen < sizeof(int))
313 			goto e_inval;
314 		np->rxopt.bits.ohopopts = valbool;
315 		retv = 0;
316 		break;
317 
318 	case IPV6_RECVDSTOPTS:
319 		if (optlen < sizeof(int))
320 			goto e_inval;
321 		np->rxopt.bits.dstopts = valbool;
322 		retv = 0;
323 		break;
324 
325 	case IPV6_2292DSTOPTS:
326 		if (optlen < sizeof(int))
327 			goto e_inval;
328 		np->rxopt.bits.odstopts = valbool;
329 		retv = 0;
330 		break;
331 
332 	case IPV6_TCLASS:
333 		if (optlen < sizeof(int))
334 			goto e_inval;
335 		if (val < -1 || val > 0xff)
336 			goto e_inval;
337 		/* RFC 3542, 6.5: default traffic class of 0x0 */
338 		if (val == -1)
339 			val = 0;
340 		np->tclass = val;
341 		retv = 0;
342 		break;
343 
344 	case IPV6_RECVTCLASS:
345 		if (optlen < sizeof(int))
346 			goto e_inval;
347 		np->rxopt.bits.rxtclass = valbool;
348 		retv = 0;
349 		break;
350 
351 	case IPV6_FLOWINFO:
352 		if (optlen < sizeof(int))
353 			goto e_inval;
354 		np->rxopt.bits.rxflow = valbool;
355 		retv = 0;
356 		break;
357 
358 	case IPV6_RECVPATHMTU:
359 		if (optlen < sizeof(int))
360 			goto e_inval;
361 		np->rxopt.bits.rxpmtu = valbool;
362 		retv = 0;
363 		break;
364 
365 	case IPV6_TRANSPARENT:
366 		if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) &&
367 		    !ns_capable(net->user_ns, CAP_NET_RAW)) {
368 			retv = -EPERM;
369 			break;
370 		}
371 		if (optlen < sizeof(int))
372 			goto e_inval;
373 		/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */
374 		inet_sk(sk)->transparent = valbool;
375 		retv = 0;
376 		break;
377 
378 	case IPV6_FREEBIND:
379 		if (optlen < sizeof(int))
380 			goto e_inval;
381 		/* we also don't have a separate freebind bit for IPV6 */
382 		inet_sk(sk)->freebind = valbool;
383 		retv = 0;
384 		break;
385 
386 	case IPV6_RECVORIGDSTADDR:
387 		if (optlen < sizeof(int))
388 			goto e_inval;
389 		np->rxopt.bits.rxorigdstaddr = valbool;
390 		retv = 0;
391 		break;
392 
393 	case IPV6_HOPOPTS:
394 	case IPV6_RTHDRDSTOPTS:
395 	case IPV6_RTHDR:
396 	case IPV6_DSTOPTS:
397 	{
398 		struct ipv6_txoptions *opt;
399 		struct ipv6_opt_hdr *new = NULL;
400 
401 		/* hop-by-hop / destination options are privileged option */
402 		retv = -EPERM;
403 		if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW))
404 			break;
405 
406 		/* remove any sticky options header with a zero option
407 		 * length, per RFC3542.
408 		 */
409 		if (optlen == 0)
410 			optval = NULL;
411 		else if (!optval)
412 			goto e_inval;
413 		else if (optlen < sizeof(struct ipv6_opt_hdr) ||
414 			 optlen & 0x7 || optlen > 8 * 255)
415 			goto e_inval;
416 		else {
417 			new = memdup_user(optval, optlen);
418 			if (IS_ERR(new)) {
419 				retv = PTR_ERR(new);
420 				break;
421 			}
422 			if (unlikely(ipv6_optlen(new) > optlen)) {
423 				kfree(new);
424 				goto e_inval;
425 			}
426 		}
427 
428 		opt = rcu_dereference_protected(np->opt,
429 						lockdep_sock_is_held(sk));
430 		opt = ipv6_renew_options(sk, opt, optname, new);
431 		kfree(new);
432 		if (IS_ERR(opt)) {
433 			retv = PTR_ERR(opt);
434 			break;
435 		}
436 
437 		/* routing header option needs extra check */
438 		retv = -EINVAL;
439 		if (optname == IPV6_RTHDR && opt && opt->srcrt) {
440 			struct ipv6_rt_hdr *rthdr = opt->srcrt;
441 			switch (rthdr->type) {
442 #if IS_ENABLED(CONFIG_IPV6_MIP6)
443 			case IPV6_SRCRT_TYPE_2:
444 				if (rthdr->hdrlen != 2 ||
445 				    rthdr->segments_left != 1)
446 					goto sticky_done;
447 
448 				break;
449 #endif
450 			case IPV6_SRCRT_TYPE_4:
451 			{
452 				struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *)
453 							  opt->srcrt;
454 
455 				if (!seg6_validate_srh(srh, optlen))
456 					goto sticky_done;
457 				break;
458 			}
459 			default:
460 				goto sticky_done;
461 			}
462 		}
463 
464 		retv = 0;
465 		opt = ipv6_update_options(sk, opt);
466 sticky_done:
467 		if (opt) {
468 			atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
469 			txopt_put(opt);
470 		}
471 		break;
472 	}
473 
474 	case IPV6_PKTINFO:
475 	{
476 		struct in6_pktinfo pkt;
477 
478 		if (optlen == 0)
479 			goto e_inval;
480 		else if (optlen < sizeof(struct in6_pktinfo) || !optval)
481 			goto e_inval;
482 
483 		if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) {
484 				retv = -EFAULT;
485 				break;
486 		}
487 		if (!sk_dev_equal_l3scope(sk, pkt.ipi6_ifindex))
488 			goto e_inval;
489 
490 		np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex;
491 		np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr;
492 		retv = 0;
493 		break;
494 	}
495 
496 	case IPV6_2292PKTOPTIONS:
497 	{
498 		struct ipv6_txoptions *opt = NULL;
499 		struct msghdr msg;
500 		struct flowi6 fl6;
501 		struct ipcm6_cookie ipc6;
502 
503 		memset(&fl6, 0, sizeof(fl6));
504 		fl6.flowi6_oif = sk->sk_bound_dev_if;
505 		fl6.flowi6_mark = sk->sk_mark;
506 
507 		if (optlen == 0)
508 			goto update;
509 
510 		/* 1K is probably excessive
511 		 * 1K is surely not enough, 2K per standard header is 16K.
512 		 */
513 		retv = -EINVAL;
514 		if (optlen > 64*1024)
515 			break;
516 
517 		opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL);
518 		retv = -ENOBUFS;
519 		if (!opt)
520 			break;
521 
522 		memset(opt, 0, sizeof(*opt));
523 		refcount_set(&opt->refcnt, 1);
524 		opt->tot_len = sizeof(*opt) + optlen;
525 		retv = -EFAULT;
526 		if (copy_from_user(opt+1, optval, optlen))
527 			goto done;
528 
529 		msg.msg_controllen = optlen;
530 		msg.msg_control = (void *)(opt+1);
531 		ipc6.opt = opt;
532 
533 		retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, &ipc6);
534 		if (retv)
535 			goto done;
536 update:
537 		retv = 0;
538 		opt = ipv6_update_options(sk, opt);
539 done:
540 		if (opt) {
541 			atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
542 			txopt_put(opt);
543 		}
544 		break;
545 	}
546 	case IPV6_UNICAST_HOPS:
547 		if (optlen < sizeof(int))
548 			goto e_inval;
549 		if (val > 255 || val < -1)
550 			goto e_inval;
551 		np->hop_limit = val;
552 		retv = 0;
553 		break;
554 
555 	case IPV6_MULTICAST_HOPS:
556 		if (sk->sk_type == SOCK_STREAM)
557 			break;
558 		if (optlen < sizeof(int))
559 			goto e_inval;
560 		if (val > 255 || val < -1)
561 			goto e_inval;
562 		np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val);
563 		retv = 0;
564 		break;
565 
566 	case IPV6_MULTICAST_LOOP:
567 		if (optlen < sizeof(int))
568 			goto e_inval;
569 		if (val != valbool)
570 			goto e_inval;
571 		np->mc_loop = valbool;
572 		retv = 0;
573 		break;
574 
575 	case IPV6_UNICAST_IF:
576 	{
577 		struct net_device *dev = NULL;
578 		int ifindex;
579 
580 		if (optlen != sizeof(int))
581 			goto e_inval;
582 
583 		ifindex = (__force int)ntohl((__force __be32)val);
584 		if (ifindex == 0) {
585 			np->ucast_oif = 0;
586 			retv = 0;
587 			break;
588 		}
589 
590 		dev = dev_get_by_index(net, ifindex);
591 		retv = -EADDRNOTAVAIL;
592 		if (!dev)
593 			break;
594 		dev_put(dev);
595 
596 		retv = -EINVAL;
597 		if (sk->sk_bound_dev_if)
598 			break;
599 
600 		np->ucast_oif = ifindex;
601 		retv = 0;
602 		break;
603 	}
604 
605 	case IPV6_MULTICAST_IF:
606 		if (sk->sk_type == SOCK_STREAM)
607 			break;
608 		if (optlen < sizeof(int))
609 			goto e_inval;
610 
611 		if (val) {
612 			struct net_device *dev;
613 			int midx;
614 
615 			rcu_read_lock();
616 
617 			dev = dev_get_by_index_rcu(net, val);
618 			if (!dev) {
619 				rcu_read_unlock();
620 				retv = -ENODEV;
621 				break;
622 			}
623 			midx = l3mdev_master_ifindex_rcu(dev);
624 
625 			rcu_read_unlock();
626 
627 			if (sk->sk_bound_dev_if &&
628 			    sk->sk_bound_dev_if != val &&
629 			    (!midx || midx != sk->sk_bound_dev_if))
630 				goto e_inval;
631 		}
632 		np->mcast_oif = val;
633 		retv = 0;
634 		break;
635 	case IPV6_ADD_MEMBERSHIP:
636 	case IPV6_DROP_MEMBERSHIP:
637 	{
638 		struct ipv6_mreq mreq;
639 
640 		if (optlen < sizeof(struct ipv6_mreq))
641 			goto e_inval;
642 
643 		retv = -EPROTO;
644 		if (inet_sk(sk)->is_icsk)
645 			break;
646 
647 		retv = -EFAULT;
648 		if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq)))
649 			break;
650 
651 		if (optname == IPV6_ADD_MEMBERSHIP)
652 			retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
653 		else
654 			retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
655 		break;
656 	}
657 	case IPV6_JOIN_ANYCAST:
658 	case IPV6_LEAVE_ANYCAST:
659 	{
660 		struct ipv6_mreq mreq;
661 
662 		if (optlen < sizeof(struct ipv6_mreq))
663 			goto e_inval;
664 
665 		retv = -EFAULT;
666 		if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq)))
667 			break;
668 
669 		if (optname == IPV6_JOIN_ANYCAST)
670 			retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
671 		else
672 			retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
673 		break;
674 	}
675 	case IPV6_MULTICAST_ALL:
676 		if (optlen < sizeof(int))
677 			goto e_inval;
678 		np->mc_all = valbool;
679 		retv = 0;
680 		break;
681 
682 	case MCAST_JOIN_GROUP:
683 	case MCAST_LEAVE_GROUP:
684 	{
685 		struct group_req greq;
686 		struct sockaddr_in6 *psin6;
687 
688 		if (optlen < sizeof(struct group_req))
689 			goto e_inval;
690 
691 		retv = -EFAULT;
692 		if (copy_from_user(&greq, optval, sizeof(struct group_req)))
693 			break;
694 		if (greq.gr_group.ss_family != AF_INET6) {
695 			retv = -EADDRNOTAVAIL;
696 			break;
697 		}
698 		psin6 = (struct sockaddr_in6 *)&greq.gr_group;
699 		if (optname == MCAST_JOIN_GROUP)
700 			retv = ipv6_sock_mc_join(sk, greq.gr_interface,
701 						 &psin6->sin6_addr);
702 		else
703 			retv = ipv6_sock_mc_drop(sk, greq.gr_interface,
704 						 &psin6->sin6_addr);
705 		break;
706 	}
707 	case MCAST_JOIN_SOURCE_GROUP:
708 	case MCAST_LEAVE_SOURCE_GROUP:
709 	case MCAST_BLOCK_SOURCE:
710 	case MCAST_UNBLOCK_SOURCE:
711 	{
712 		struct group_source_req greqs;
713 		int omode, add;
714 
715 		if (optlen < sizeof(struct group_source_req))
716 			goto e_inval;
717 		if (copy_from_user(&greqs, optval, sizeof(greqs))) {
718 			retv = -EFAULT;
719 			break;
720 		}
721 		if (greqs.gsr_group.ss_family != AF_INET6 ||
722 		    greqs.gsr_source.ss_family != AF_INET6) {
723 			retv = -EADDRNOTAVAIL;
724 			break;
725 		}
726 		if (optname == MCAST_BLOCK_SOURCE) {
727 			omode = MCAST_EXCLUDE;
728 			add = 1;
729 		} else if (optname == MCAST_UNBLOCK_SOURCE) {
730 			omode = MCAST_EXCLUDE;
731 			add = 0;
732 		} else if (optname == MCAST_JOIN_SOURCE_GROUP) {
733 			struct sockaddr_in6 *psin6;
734 
735 			psin6 = (struct sockaddr_in6 *)&greqs.gsr_group;
736 			retv = ipv6_sock_mc_join_ssm(sk, greqs.gsr_interface,
737 						     &psin6->sin6_addr,
738 						     MCAST_INCLUDE);
739 			/* prior join w/ different source is ok */
740 			if (retv && retv != -EADDRINUSE)
741 				break;
742 			omode = MCAST_INCLUDE;
743 			add = 1;
744 		} else /* MCAST_LEAVE_SOURCE_GROUP */ {
745 			omode = MCAST_INCLUDE;
746 			add = 0;
747 		}
748 		retv = ip6_mc_source(add, omode, sk, &greqs);
749 		break;
750 	}
751 	case MCAST_MSFILTER:
752 	{
753 		struct group_filter *gsf;
754 
755 		if (optlen < GROUP_FILTER_SIZE(0))
756 			goto e_inval;
757 		if (optlen > sysctl_optmem_max) {
758 			retv = -ENOBUFS;
759 			break;
760 		}
761 		gsf = memdup_user(optval, optlen);
762 		if (IS_ERR(gsf)) {
763 			retv = PTR_ERR(gsf);
764 			break;
765 		}
766 		/* numsrc >= (4G-140)/128 overflow in 32 bits */
767 		if (gsf->gf_numsrc >= 0x1ffffffU ||
768 		    gsf->gf_numsrc > sysctl_mld_max_msf) {
769 			kfree(gsf);
770 			retv = -ENOBUFS;
771 			break;
772 		}
773 		if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
774 			kfree(gsf);
775 			retv = -EINVAL;
776 			break;
777 		}
778 		retv = ip6_mc_msfilter(sk, gsf);
779 		kfree(gsf);
780 
781 		break;
782 	}
783 	case IPV6_ROUTER_ALERT:
784 		if (optlen < sizeof(int))
785 			goto e_inval;
786 		retv = ip6_ra_control(sk, val);
787 		break;
788 	case IPV6_ROUTER_ALERT_ISOLATE:
789 		if (optlen < sizeof(int))
790 			goto e_inval;
791 		np->rtalert_isolate = valbool;
792 		retv = 0;
793 		break;
794 	case IPV6_MTU_DISCOVER:
795 		if (optlen < sizeof(int))
796 			goto e_inval;
797 		if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT)
798 			goto e_inval;
799 		np->pmtudisc = val;
800 		retv = 0;
801 		break;
802 	case IPV6_MTU:
803 		if (optlen < sizeof(int))
804 			goto e_inval;
805 		if (val && val < IPV6_MIN_MTU)
806 			goto e_inval;
807 		np->frag_size = val;
808 		retv = 0;
809 		break;
810 	case IPV6_RECVERR:
811 		if (optlen < sizeof(int))
812 			goto e_inval;
813 		np->recverr = valbool;
814 		if (!val)
815 			skb_queue_purge(&sk->sk_error_queue);
816 		retv = 0;
817 		break;
818 	case IPV6_FLOWINFO_SEND:
819 		if (optlen < sizeof(int))
820 			goto e_inval;
821 		np->sndflow = valbool;
822 		retv = 0;
823 		break;
824 	case IPV6_FLOWLABEL_MGR:
825 		retv = ipv6_flowlabel_opt(sk, optval, optlen);
826 		break;
827 	case IPV6_IPSEC_POLICY:
828 	case IPV6_XFRM_POLICY:
829 		retv = -EPERM;
830 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
831 			break;
832 		retv = xfrm_user_policy(sk, optname, optval, optlen);
833 		break;
834 
835 	case IPV6_ADDR_PREFERENCES:
836 	    {
837 		unsigned int pref = 0;
838 		unsigned int prefmask = ~0;
839 
840 		if (optlen < sizeof(int))
841 			goto e_inval;
842 
843 		retv = -EINVAL;
844 
845 		/* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */
846 		switch (val & (IPV6_PREFER_SRC_PUBLIC|
847 			       IPV6_PREFER_SRC_TMP|
848 			       IPV6_PREFER_SRC_PUBTMP_DEFAULT)) {
849 		case IPV6_PREFER_SRC_PUBLIC:
850 			pref |= IPV6_PREFER_SRC_PUBLIC;
851 			break;
852 		case IPV6_PREFER_SRC_TMP:
853 			pref |= IPV6_PREFER_SRC_TMP;
854 			break;
855 		case IPV6_PREFER_SRC_PUBTMP_DEFAULT:
856 			break;
857 		case 0:
858 			goto pref_skip_pubtmp;
859 		default:
860 			goto e_inval;
861 		}
862 
863 		prefmask &= ~(IPV6_PREFER_SRC_PUBLIC|
864 			      IPV6_PREFER_SRC_TMP);
865 pref_skip_pubtmp:
866 
867 		/* check HOME/COA conflicts */
868 		switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) {
869 		case IPV6_PREFER_SRC_HOME:
870 			break;
871 		case IPV6_PREFER_SRC_COA:
872 			pref |= IPV6_PREFER_SRC_COA;
873 		case 0:
874 			goto pref_skip_coa;
875 		default:
876 			goto e_inval;
877 		}
878 
879 		prefmask &= ~IPV6_PREFER_SRC_COA;
880 pref_skip_coa:
881 
882 		/* check CGA/NONCGA conflicts */
883 		switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) {
884 		case IPV6_PREFER_SRC_CGA:
885 		case IPV6_PREFER_SRC_NONCGA:
886 		case 0:
887 			break;
888 		default:
889 			goto e_inval;
890 		}
891 
892 		np->srcprefs = (np->srcprefs & prefmask) | pref;
893 		retv = 0;
894 
895 		break;
896 	    }
897 	case IPV6_MINHOPCOUNT:
898 		if (optlen < sizeof(int))
899 			goto e_inval;
900 		if (val < 0 || val > 255)
901 			goto e_inval;
902 		np->min_hopcount = val;
903 		retv = 0;
904 		break;
905 	case IPV6_DONTFRAG:
906 		np->dontfrag = valbool;
907 		retv = 0;
908 		break;
909 	case IPV6_AUTOFLOWLABEL:
910 		np->autoflowlabel = valbool;
911 		np->autoflowlabel_set = 1;
912 		retv = 0;
913 		break;
914 	case IPV6_RECVFRAGSIZE:
915 		np->rxopt.bits.recvfragsize = valbool;
916 		retv = 0;
917 		break;
918 	}
919 
920 	release_sock(sk);
921 	if (needs_rtnl)
922 		rtnl_unlock();
923 
924 	return retv;
925 
926 e_inval:
927 	release_sock(sk);
928 	if (needs_rtnl)
929 		rtnl_unlock();
930 	return -EINVAL;
931 }
932 
933 int ipv6_setsockopt(struct sock *sk, int level, int optname,
934 		    char __user *optval, unsigned int optlen)
935 {
936 	int err;
937 
938 	if (level == SOL_IP && sk->sk_type != SOCK_RAW)
939 		return udp_prot.setsockopt(sk, level, optname, optval, optlen);
940 
941 	if (level != SOL_IPV6)
942 		return -ENOPROTOOPT;
943 
944 	err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
945 #ifdef CONFIG_NETFILTER
946 	/* we need to exclude all possible ENOPROTOOPTs except default case */
947 	if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
948 			optname != IPV6_XFRM_POLICY)
949 		err = nf_setsockopt(sk, PF_INET6, optname, optval, optlen);
950 #endif
951 	return err;
952 }
953 EXPORT_SYMBOL(ipv6_setsockopt);
954 
955 #ifdef CONFIG_COMPAT
956 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
957 			   char __user *optval, unsigned int optlen)
958 {
959 	int err;
960 
961 	if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
962 		if (udp_prot.compat_setsockopt != NULL)
963 			return udp_prot.compat_setsockopt(sk, level, optname,
964 							  optval, optlen);
965 		return udp_prot.setsockopt(sk, level, optname, optval, optlen);
966 	}
967 
968 	if (level != SOL_IPV6)
969 		return -ENOPROTOOPT;
970 
971 	if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
972 		return compat_mc_setsockopt(sk, level, optname, optval, optlen,
973 			ipv6_setsockopt);
974 
975 	err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
976 #ifdef CONFIG_NETFILTER
977 	/* we need to exclude all possible ENOPROTOOPTs except default case */
978 	if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
979 	    optname != IPV6_XFRM_POLICY)
980 		err = compat_nf_setsockopt(sk, PF_INET6, optname, optval,
981 					   optlen);
982 #endif
983 	return err;
984 }
985 EXPORT_SYMBOL(compat_ipv6_setsockopt);
986 #endif
987 
988 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
989 				  int optname, char __user *optval, int len)
990 {
991 	struct ipv6_opt_hdr *hdr;
992 
993 	if (!opt)
994 		return 0;
995 
996 	switch (optname) {
997 	case IPV6_HOPOPTS:
998 		hdr = opt->hopopt;
999 		break;
1000 	case IPV6_RTHDRDSTOPTS:
1001 		hdr = opt->dst0opt;
1002 		break;
1003 	case IPV6_RTHDR:
1004 		hdr = (struct ipv6_opt_hdr *)opt->srcrt;
1005 		break;
1006 	case IPV6_DSTOPTS:
1007 		hdr = opt->dst1opt;
1008 		break;
1009 	default:
1010 		return -EINVAL;	/* should not happen */
1011 	}
1012 
1013 	if (!hdr)
1014 		return 0;
1015 
1016 	len = min_t(unsigned int, len, ipv6_optlen(hdr));
1017 	if (copy_to_user(optval, hdr, len))
1018 		return -EFAULT;
1019 	return len;
1020 }
1021 
1022 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
1023 		    char __user *optval, int __user *optlen, unsigned int flags)
1024 {
1025 	struct ipv6_pinfo *np = inet6_sk(sk);
1026 	int len;
1027 	int val;
1028 
1029 	if (ip6_mroute_opt(optname))
1030 		return ip6_mroute_getsockopt(sk, optname, optval, optlen);
1031 
1032 	if (get_user(len, optlen))
1033 		return -EFAULT;
1034 	switch (optname) {
1035 	case IPV6_ADDRFORM:
1036 		if (sk->sk_protocol != IPPROTO_UDP &&
1037 		    sk->sk_protocol != IPPROTO_UDPLITE &&
1038 		    sk->sk_protocol != IPPROTO_TCP)
1039 			return -ENOPROTOOPT;
1040 		if (sk->sk_state != TCP_ESTABLISHED)
1041 			return -ENOTCONN;
1042 		val = sk->sk_family;
1043 		break;
1044 	case MCAST_MSFILTER:
1045 	{
1046 		struct group_filter gsf;
1047 		int err;
1048 
1049 		if (len < GROUP_FILTER_SIZE(0))
1050 			return -EINVAL;
1051 		if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0)))
1052 			return -EFAULT;
1053 		if (gsf.gf_group.ss_family != AF_INET6)
1054 			return -EADDRNOTAVAIL;
1055 		lock_sock(sk);
1056 		err = ip6_mc_msfget(sk, &gsf,
1057 			(struct group_filter __user *)optval, optlen);
1058 		release_sock(sk);
1059 		return err;
1060 	}
1061 
1062 	case IPV6_2292PKTOPTIONS:
1063 	{
1064 		struct msghdr msg;
1065 		struct sk_buff *skb;
1066 
1067 		if (sk->sk_type != SOCK_STREAM)
1068 			return -ENOPROTOOPT;
1069 
1070 		msg.msg_control = optval;
1071 		msg.msg_controllen = len;
1072 		msg.msg_flags = flags;
1073 
1074 		lock_sock(sk);
1075 		skb = np->pktoptions;
1076 		if (skb)
1077 			ip6_datagram_recv_ctl(sk, &msg, skb);
1078 		release_sock(sk);
1079 		if (!skb) {
1080 			if (np->rxopt.bits.rxinfo) {
1081 				struct in6_pktinfo src_info;
1082 				src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1083 					np->sticky_pktinfo.ipi6_ifindex;
1084 				src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr;
1085 				put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info);
1086 			}
1087 			if (np->rxopt.bits.rxhlim) {
1088 				int hlim = np->mcast_hops;
1089 				put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
1090 			}
1091 			if (np->rxopt.bits.rxtclass) {
1092 				int tclass = (int)ip6_tclass(np->rcv_flowinfo);
1093 
1094 				put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
1095 			}
1096 			if (np->rxopt.bits.rxoinfo) {
1097 				struct in6_pktinfo src_info;
1098 				src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1099 					np->sticky_pktinfo.ipi6_ifindex;
1100 				src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr :
1101 								     np->sticky_pktinfo.ipi6_addr;
1102 				put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
1103 			}
1104 			if (np->rxopt.bits.rxohlim) {
1105 				int hlim = np->mcast_hops;
1106 				put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
1107 			}
1108 			if (np->rxopt.bits.rxflow) {
1109 				__be32 flowinfo = np->rcv_flowinfo;
1110 
1111 				put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
1112 			}
1113 		}
1114 		len -= msg.msg_controllen;
1115 		return put_user(len, optlen);
1116 	}
1117 	case IPV6_MTU:
1118 	{
1119 		struct dst_entry *dst;
1120 
1121 		val = 0;
1122 		rcu_read_lock();
1123 		dst = __sk_dst_get(sk);
1124 		if (dst)
1125 			val = dst_mtu(dst);
1126 		rcu_read_unlock();
1127 		if (!val)
1128 			return -ENOTCONN;
1129 		break;
1130 	}
1131 
1132 	case IPV6_V6ONLY:
1133 		val = sk->sk_ipv6only;
1134 		break;
1135 
1136 	case IPV6_RECVPKTINFO:
1137 		val = np->rxopt.bits.rxinfo;
1138 		break;
1139 
1140 	case IPV6_2292PKTINFO:
1141 		val = np->rxopt.bits.rxoinfo;
1142 		break;
1143 
1144 	case IPV6_RECVHOPLIMIT:
1145 		val = np->rxopt.bits.rxhlim;
1146 		break;
1147 
1148 	case IPV6_2292HOPLIMIT:
1149 		val = np->rxopt.bits.rxohlim;
1150 		break;
1151 
1152 	case IPV6_RECVRTHDR:
1153 		val = np->rxopt.bits.srcrt;
1154 		break;
1155 
1156 	case IPV6_2292RTHDR:
1157 		val = np->rxopt.bits.osrcrt;
1158 		break;
1159 
1160 	case IPV6_HOPOPTS:
1161 	case IPV6_RTHDRDSTOPTS:
1162 	case IPV6_RTHDR:
1163 	case IPV6_DSTOPTS:
1164 	{
1165 		struct ipv6_txoptions *opt;
1166 
1167 		lock_sock(sk);
1168 		opt = rcu_dereference_protected(np->opt,
1169 						lockdep_sock_is_held(sk));
1170 		len = ipv6_getsockopt_sticky(sk, opt, optname, optval, len);
1171 		release_sock(sk);
1172 		/* check if ipv6_getsockopt_sticky() returns err code */
1173 		if (len < 0)
1174 			return len;
1175 		return put_user(len, optlen);
1176 	}
1177 
1178 	case IPV6_RECVHOPOPTS:
1179 		val = np->rxopt.bits.hopopts;
1180 		break;
1181 
1182 	case IPV6_2292HOPOPTS:
1183 		val = np->rxopt.bits.ohopopts;
1184 		break;
1185 
1186 	case IPV6_RECVDSTOPTS:
1187 		val = np->rxopt.bits.dstopts;
1188 		break;
1189 
1190 	case IPV6_2292DSTOPTS:
1191 		val = np->rxopt.bits.odstopts;
1192 		break;
1193 
1194 	case IPV6_TCLASS:
1195 		val = np->tclass;
1196 		break;
1197 
1198 	case IPV6_RECVTCLASS:
1199 		val = np->rxopt.bits.rxtclass;
1200 		break;
1201 
1202 	case IPV6_FLOWINFO:
1203 		val = np->rxopt.bits.rxflow;
1204 		break;
1205 
1206 	case IPV6_RECVPATHMTU:
1207 		val = np->rxopt.bits.rxpmtu;
1208 		break;
1209 
1210 	case IPV6_PATHMTU:
1211 	{
1212 		struct dst_entry *dst;
1213 		struct ip6_mtuinfo mtuinfo;
1214 
1215 		if (len < sizeof(mtuinfo))
1216 			return -EINVAL;
1217 
1218 		len = sizeof(mtuinfo);
1219 		memset(&mtuinfo, 0, sizeof(mtuinfo));
1220 
1221 		rcu_read_lock();
1222 		dst = __sk_dst_get(sk);
1223 		if (dst)
1224 			mtuinfo.ip6m_mtu = dst_mtu(dst);
1225 		rcu_read_unlock();
1226 		if (!mtuinfo.ip6m_mtu)
1227 			return -ENOTCONN;
1228 
1229 		if (put_user(len, optlen))
1230 			return -EFAULT;
1231 		if (copy_to_user(optval, &mtuinfo, len))
1232 			return -EFAULT;
1233 
1234 		return 0;
1235 	}
1236 
1237 	case IPV6_TRANSPARENT:
1238 		val = inet_sk(sk)->transparent;
1239 		break;
1240 
1241 	case IPV6_FREEBIND:
1242 		val = inet_sk(sk)->freebind;
1243 		break;
1244 
1245 	case IPV6_RECVORIGDSTADDR:
1246 		val = np->rxopt.bits.rxorigdstaddr;
1247 		break;
1248 
1249 	case IPV6_UNICAST_HOPS:
1250 	case IPV6_MULTICAST_HOPS:
1251 	{
1252 		struct dst_entry *dst;
1253 
1254 		if (optname == IPV6_UNICAST_HOPS)
1255 			val = np->hop_limit;
1256 		else
1257 			val = np->mcast_hops;
1258 
1259 		if (val < 0) {
1260 			rcu_read_lock();
1261 			dst = __sk_dst_get(sk);
1262 			if (dst)
1263 				val = ip6_dst_hoplimit(dst);
1264 			rcu_read_unlock();
1265 		}
1266 
1267 		if (val < 0)
1268 			val = sock_net(sk)->ipv6.devconf_all->hop_limit;
1269 		break;
1270 	}
1271 
1272 	case IPV6_MULTICAST_LOOP:
1273 		val = np->mc_loop;
1274 		break;
1275 
1276 	case IPV6_MULTICAST_IF:
1277 		val = np->mcast_oif;
1278 		break;
1279 
1280 	case IPV6_MULTICAST_ALL:
1281 		val = np->mc_all;
1282 		break;
1283 
1284 	case IPV6_UNICAST_IF:
1285 		val = (__force int)htonl((__u32) np->ucast_oif);
1286 		break;
1287 
1288 	case IPV6_MTU_DISCOVER:
1289 		val = np->pmtudisc;
1290 		break;
1291 
1292 	case IPV6_RECVERR:
1293 		val = np->recverr;
1294 		break;
1295 
1296 	case IPV6_FLOWINFO_SEND:
1297 		val = np->sndflow;
1298 		break;
1299 
1300 	case IPV6_FLOWLABEL_MGR:
1301 	{
1302 		struct in6_flowlabel_req freq;
1303 		int flags;
1304 
1305 		if (len < sizeof(freq))
1306 			return -EINVAL;
1307 
1308 		if (copy_from_user(&freq, optval, sizeof(freq)))
1309 			return -EFAULT;
1310 
1311 		if (freq.flr_action != IPV6_FL_A_GET)
1312 			return -EINVAL;
1313 
1314 		len = sizeof(freq);
1315 		flags = freq.flr_flags;
1316 
1317 		memset(&freq, 0, sizeof(freq));
1318 
1319 		val = ipv6_flowlabel_opt_get(sk, &freq, flags);
1320 		if (val < 0)
1321 			return val;
1322 
1323 		if (put_user(len, optlen))
1324 			return -EFAULT;
1325 		if (copy_to_user(optval, &freq, len))
1326 			return -EFAULT;
1327 
1328 		return 0;
1329 	}
1330 
1331 	case IPV6_ADDR_PREFERENCES:
1332 		val = 0;
1333 
1334 		if (np->srcprefs & IPV6_PREFER_SRC_TMP)
1335 			val |= IPV6_PREFER_SRC_TMP;
1336 		else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC)
1337 			val |= IPV6_PREFER_SRC_PUBLIC;
1338 		else {
1339 			/* XXX: should we return system default? */
1340 			val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT;
1341 		}
1342 
1343 		if (np->srcprefs & IPV6_PREFER_SRC_COA)
1344 			val |= IPV6_PREFER_SRC_COA;
1345 		else
1346 			val |= IPV6_PREFER_SRC_HOME;
1347 		break;
1348 
1349 	case IPV6_MINHOPCOUNT:
1350 		val = np->min_hopcount;
1351 		break;
1352 
1353 	case IPV6_DONTFRAG:
1354 		val = np->dontfrag;
1355 		break;
1356 
1357 	case IPV6_AUTOFLOWLABEL:
1358 		val = ip6_autoflowlabel(sock_net(sk), np);
1359 		break;
1360 
1361 	case IPV6_RECVFRAGSIZE:
1362 		val = np->rxopt.bits.recvfragsize;
1363 		break;
1364 
1365 	case IPV6_ROUTER_ALERT_ISOLATE:
1366 		val = np->rtalert_isolate;
1367 		break;
1368 
1369 	default:
1370 		return -ENOPROTOOPT;
1371 	}
1372 	len = min_t(unsigned int, sizeof(int), len);
1373 	if (put_user(len, optlen))
1374 		return -EFAULT;
1375 	if (copy_to_user(optval, &val, len))
1376 		return -EFAULT;
1377 	return 0;
1378 }
1379 
1380 int ipv6_getsockopt(struct sock *sk, int level, int optname,
1381 		    char __user *optval, int __user *optlen)
1382 {
1383 	int err;
1384 
1385 	if (level == SOL_IP && sk->sk_type != SOCK_RAW)
1386 		return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1387 
1388 	if (level != SOL_IPV6)
1389 		return -ENOPROTOOPT;
1390 
1391 	err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0);
1392 #ifdef CONFIG_NETFILTER
1393 	/* we need to exclude all possible ENOPROTOOPTs except default case */
1394 	if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
1395 		int len;
1396 
1397 		if (get_user(len, optlen))
1398 			return -EFAULT;
1399 
1400 		err = nf_getsockopt(sk, PF_INET6, optname, optval, &len);
1401 		if (err >= 0)
1402 			err = put_user(len, optlen);
1403 	}
1404 #endif
1405 	return err;
1406 }
1407 EXPORT_SYMBOL(ipv6_getsockopt);
1408 
1409 #ifdef CONFIG_COMPAT
1410 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1411 			   char __user *optval, int __user *optlen)
1412 {
1413 	int err;
1414 
1415 	if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
1416 		if (udp_prot.compat_getsockopt != NULL)
1417 			return udp_prot.compat_getsockopt(sk, level, optname,
1418 							  optval, optlen);
1419 		return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1420 	}
1421 
1422 	if (level != SOL_IPV6)
1423 		return -ENOPROTOOPT;
1424 
1425 	if (optname == MCAST_MSFILTER)
1426 		return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1427 			ipv6_getsockopt);
1428 
1429 	err = do_ipv6_getsockopt(sk, level, optname, optval, optlen,
1430 				 MSG_CMSG_COMPAT);
1431 #ifdef CONFIG_NETFILTER
1432 	/* we need to exclude all possible ENOPROTOOPTs except default case */
1433 	if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
1434 		int len;
1435 
1436 		if (get_user(len, optlen))
1437 			return -EFAULT;
1438 
1439 		err = compat_nf_getsockopt(sk, PF_INET6, optname, optval, &len);
1440 		if (err >= 0)
1441 			err = put_user(len, optlen);
1442 	}
1443 #endif
1444 	return err;
1445 }
1446 EXPORT_SYMBOL(compat_ipv6_getsockopt);
1447 #endif
1448