1 /* 2 * IPv6 BSD socket options interface 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * FIXME: Make the setsockopt code POSIX compliant: That is 16 * 17 * o Truncate getsockopt returns 18 * o Return an optlen of the truncated length if need be 19 * 20 * Changes: 21 * David L Stevens <dlstevens@us.ibm.com>: 22 * - added multicast source filtering API for MLDv2 23 */ 24 25 #include <linux/module.h> 26 #include <linux/capability.h> 27 #include <linux/errno.h> 28 #include <linux/types.h> 29 #include <linux/socket.h> 30 #include <linux/sockios.h> 31 #include <linux/net.h> 32 #include <linux/in6.h> 33 #include <linux/mroute6.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/init.h> 37 #include <linux/sysctl.h> 38 #include <linux/netfilter.h> 39 #include <linux/slab.h> 40 41 #include <net/sock.h> 42 #include <net/snmp.h> 43 #include <net/ipv6.h> 44 #include <net/ndisc.h> 45 #include <net/protocol.h> 46 #include <net/transp_v6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/inet_common.h> 50 #include <net/tcp.h> 51 #include <net/udp.h> 52 #include <net/udplite.h> 53 #include <net/xfrm.h> 54 #include <net/compat.h> 55 #include <net/seg6.h> 56 57 #include <linux/uaccess.h> 58 59 struct ip6_ra_chain *ip6_ra_chain; 60 DEFINE_RWLOCK(ip6_ra_lock); 61 62 int ip6_ra_control(struct sock *sk, int sel) 63 { 64 struct ip6_ra_chain *ra, *new_ra, **rap; 65 66 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 67 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW) 68 return -ENOPROTOOPT; 69 70 new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 71 72 write_lock_bh(&ip6_ra_lock); 73 for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { 74 if (ra->sk == sk) { 75 if (sel >= 0) { 76 write_unlock_bh(&ip6_ra_lock); 77 kfree(new_ra); 78 return -EADDRINUSE; 79 } 80 81 *rap = ra->next; 82 write_unlock_bh(&ip6_ra_lock); 83 84 sock_put(sk); 85 kfree(ra); 86 return 0; 87 } 88 } 89 if (!new_ra) { 90 write_unlock_bh(&ip6_ra_lock); 91 return -ENOBUFS; 92 } 93 new_ra->sk = sk; 94 new_ra->sel = sel; 95 new_ra->next = ra; 96 *rap = new_ra; 97 sock_hold(sk); 98 write_unlock_bh(&ip6_ra_lock); 99 return 0; 100 } 101 102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk, 103 struct ipv6_txoptions *opt) 104 { 105 if (inet_sk(sk)->is_icsk) { 106 if (opt && 107 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && 108 inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) { 109 struct inet_connection_sock *icsk = inet_csk(sk); 110 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 111 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); 112 } 113 } 114 opt = xchg((__force struct ipv6_txoptions **)&inet6_sk(sk)->opt, 115 opt); 116 sk_dst_reset(sk); 117 118 return opt; 119 } 120 121 static bool setsockopt_needs_rtnl(int optname) 122 { 123 switch (optname) { 124 case IPV6_ADDRFORM: 125 case IPV6_ADD_MEMBERSHIP: 126 case IPV6_DROP_MEMBERSHIP: 127 case IPV6_JOIN_ANYCAST: 128 case IPV6_LEAVE_ANYCAST: 129 case MCAST_JOIN_GROUP: 130 case MCAST_LEAVE_GROUP: 131 case MCAST_JOIN_SOURCE_GROUP: 132 case MCAST_LEAVE_SOURCE_GROUP: 133 case MCAST_BLOCK_SOURCE: 134 case MCAST_UNBLOCK_SOURCE: 135 case MCAST_MSFILTER: 136 return true; 137 } 138 return false; 139 } 140 141 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 142 char __user *optval, unsigned int optlen) 143 { 144 struct ipv6_pinfo *np = inet6_sk(sk); 145 struct net *net = sock_net(sk); 146 int val, valbool; 147 int retv = -ENOPROTOOPT; 148 bool needs_rtnl = setsockopt_needs_rtnl(optname); 149 150 if (!optval) 151 val = 0; 152 else { 153 if (optlen >= sizeof(int)) { 154 if (get_user(val, (int __user *) optval)) 155 return -EFAULT; 156 } else 157 val = 0; 158 } 159 160 valbool = (val != 0); 161 162 if (ip6_mroute_opt(optname)) 163 return ip6_mroute_setsockopt(sk, optname, optval, optlen); 164 165 if (needs_rtnl) 166 rtnl_lock(); 167 lock_sock(sk); 168 169 switch (optname) { 170 171 case IPV6_ADDRFORM: 172 if (optlen < sizeof(int)) 173 goto e_inval; 174 if (val == PF_INET) { 175 struct ipv6_txoptions *opt; 176 struct sk_buff *pktopt; 177 178 if (sk->sk_type == SOCK_RAW) 179 break; 180 181 if (sk->sk_protocol == IPPROTO_UDP || 182 sk->sk_protocol == IPPROTO_UDPLITE) { 183 struct udp_sock *up = udp_sk(sk); 184 if (up->pending == AF_INET6) { 185 retv = -EBUSY; 186 break; 187 } 188 } else if (sk->sk_protocol != IPPROTO_TCP) 189 break; 190 191 if (sk->sk_state != TCP_ESTABLISHED) { 192 retv = -ENOTCONN; 193 break; 194 } 195 196 if (ipv6_only_sock(sk) || 197 !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { 198 retv = -EADDRNOTAVAIL; 199 break; 200 } 201 202 fl6_free_socklist(sk); 203 __ipv6_sock_mc_close(sk); 204 205 /* 206 * Sock is moving from IPv6 to IPv4 (sk_prot), so 207 * remove it from the refcnt debug socks count in the 208 * original family... 209 */ 210 sk_refcnt_debug_dec(sk); 211 212 if (sk->sk_protocol == IPPROTO_TCP) { 213 struct inet_connection_sock *icsk = inet_csk(sk); 214 local_bh_disable(); 215 sock_prot_inuse_add(net, sk->sk_prot, -1); 216 sock_prot_inuse_add(net, &tcp_prot, 1); 217 local_bh_enable(); 218 sk->sk_prot = &tcp_prot; 219 icsk->icsk_af_ops = &ipv4_specific; 220 sk->sk_socket->ops = &inet_stream_ops; 221 sk->sk_family = PF_INET; 222 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 223 } else { 224 struct proto *prot = &udp_prot; 225 226 if (sk->sk_protocol == IPPROTO_UDPLITE) 227 prot = &udplite_prot; 228 local_bh_disable(); 229 sock_prot_inuse_add(net, sk->sk_prot, -1); 230 sock_prot_inuse_add(net, prot, 1); 231 local_bh_enable(); 232 sk->sk_prot = prot; 233 sk->sk_socket->ops = &inet_dgram_ops; 234 sk->sk_family = PF_INET; 235 } 236 opt = xchg((__force struct ipv6_txoptions **)&np->opt, 237 NULL); 238 if (opt) { 239 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 240 txopt_put(opt); 241 } 242 pktopt = xchg(&np->pktoptions, NULL); 243 kfree_skb(pktopt); 244 245 /* 246 * ... and add it to the refcnt debug socks count 247 * in the new family. -acme 248 */ 249 sk_refcnt_debug_inc(sk); 250 module_put(THIS_MODULE); 251 retv = 0; 252 break; 253 } 254 goto e_inval; 255 256 case IPV6_V6ONLY: 257 if (optlen < sizeof(int) || 258 inet_sk(sk)->inet_num) 259 goto e_inval; 260 sk->sk_ipv6only = valbool; 261 retv = 0; 262 break; 263 264 case IPV6_RECVPKTINFO: 265 if (optlen < sizeof(int)) 266 goto e_inval; 267 np->rxopt.bits.rxinfo = valbool; 268 retv = 0; 269 break; 270 271 case IPV6_2292PKTINFO: 272 if (optlen < sizeof(int)) 273 goto e_inval; 274 np->rxopt.bits.rxoinfo = valbool; 275 retv = 0; 276 break; 277 278 case IPV6_RECVHOPLIMIT: 279 if (optlen < sizeof(int)) 280 goto e_inval; 281 np->rxopt.bits.rxhlim = valbool; 282 retv = 0; 283 break; 284 285 case IPV6_2292HOPLIMIT: 286 if (optlen < sizeof(int)) 287 goto e_inval; 288 np->rxopt.bits.rxohlim = valbool; 289 retv = 0; 290 break; 291 292 case IPV6_RECVRTHDR: 293 if (optlen < sizeof(int)) 294 goto e_inval; 295 np->rxopt.bits.srcrt = valbool; 296 retv = 0; 297 break; 298 299 case IPV6_2292RTHDR: 300 if (optlen < sizeof(int)) 301 goto e_inval; 302 np->rxopt.bits.osrcrt = valbool; 303 retv = 0; 304 break; 305 306 case IPV6_RECVHOPOPTS: 307 if (optlen < sizeof(int)) 308 goto e_inval; 309 np->rxopt.bits.hopopts = valbool; 310 retv = 0; 311 break; 312 313 case IPV6_2292HOPOPTS: 314 if (optlen < sizeof(int)) 315 goto e_inval; 316 np->rxopt.bits.ohopopts = valbool; 317 retv = 0; 318 break; 319 320 case IPV6_RECVDSTOPTS: 321 if (optlen < sizeof(int)) 322 goto e_inval; 323 np->rxopt.bits.dstopts = valbool; 324 retv = 0; 325 break; 326 327 case IPV6_2292DSTOPTS: 328 if (optlen < sizeof(int)) 329 goto e_inval; 330 np->rxopt.bits.odstopts = valbool; 331 retv = 0; 332 break; 333 334 case IPV6_TCLASS: 335 if (optlen < sizeof(int)) 336 goto e_inval; 337 if (val < -1 || val > 0xff) 338 goto e_inval; 339 /* RFC 3542, 6.5: default traffic class of 0x0 */ 340 if (val == -1) 341 val = 0; 342 np->tclass = val; 343 retv = 0; 344 break; 345 346 case IPV6_RECVTCLASS: 347 if (optlen < sizeof(int)) 348 goto e_inval; 349 np->rxopt.bits.rxtclass = valbool; 350 retv = 0; 351 break; 352 353 case IPV6_FLOWINFO: 354 if (optlen < sizeof(int)) 355 goto e_inval; 356 np->rxopt.bits.rxflow = valbool; 357 retv = 0; 358 break; 359 360 case IPV6_RECVPATHMTU: 361 if (optlen < sizeof(int)) 362 goto e_inval; 363 np->rxopt.bits.rxpmtu = valbool; 364 retv = 0; 365 break; 366 367 case IPV6_TRANSPARENT: 368 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && 369 !ns_capable(net->user_ns, CAP_NET_RAW)) { 370 retv = -EPERM; 371 break; 372 } 373 if (optlen < sizeof(int)) 374 goto e_inval; 375 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ 376 inet_sk(sk)->transparent = valbool; 377 retv = 0; 378 break; 379 380 case IPV6_FREEBIND: 381 if (optlen < sizeof(int)) 382 goto e_inval; 383 /* we also don't have a separate freebind bit for IPV6 */ 384 inet_sk(sk)->freebind = valbool; 385 retv = 0; 386 break; 387 388 case IPV6_RECVORIGDSTADDR: 389 if (optlen < sizeof(int)) 390 goto e_inval; 391 np->rxopt.bits.rxorigdstaddr = valbool; 392 retv = 0; 393 break; 394 395 case IPV6_HOPOPTS: 396 case IPV6_RTHDRDSTOPTS: 397 case IPV6_RTHDR: 398 case IPV6_DSTOPTS: 399 { 400 struct ipv6_txoptions *opt; 401 struct ipv6_opt_hdr *new = NULL; 402 403 /* hop-by-hop / destination options are privileged option */ 404 retv = -EPERM; 405 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) 406 break; 407 408 /* remove any sticky options header with a zero option 409 * length, per RFC3542. 410 */ 411 if (optlen == 0) 412 optval = NULL; 413 else if (!optval) 414 goto e_inval; 415 else if (optlen < sizeof(struct ipv6_opt_hdr) || 416 optlen & 0x7 || optlen > 8 * 255) 417 goto e_inval; 418 else { 419 new = memdup_user(optval, optlen); 420 if (IS_ERR(new)) { 421 retv = PTR_ERR(new); 422 break; 423 } 424 if (unlikely(ipv6_optlen(new) > optlen)) { 425 kfree(new); 426 goto e_inval; 427 } 428 } 429 430 opt = rcu_dereference_protected(np->opt, 431 lockdep_sock_is_held(sk)); 432 opt = ipv6_renew_options(sk, opt, optname, new); 433 kfree(new); 434 if (IS_ERR(opt)) { 435 retv = PTR_ERR(opt); 436 break; 437 } 438 439 /* routing header option needs extra check */ 440 retv = -EINVAL; 441 if (optname == IPV6_RTHDR && opt && opt->srcrt) { 442 struct ipv6_rt_hdr *rthdr = opt->srcrt; 443 switch (rthdr->type) { 444 #if IS_ENABLED(CONFIG_IPV6_MIP6) 445 case IPV6_SRCRT_TYPE_2: 446 if (rthdr->hdrlen != 2 || 447 rthdr->segments_left != 1) 448 goto sticky_done; 449 450 break; 451 #endif 452 case IPV6_SRCRT_TYPE_4: 453 { 454 struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *) 455 opt->srcrt; 456 457 if (!seg6_validate_srh(srh, optlen)) 458 goto sticky_done; 459 break; 460 } 461 default: 462 goto sticky_done; 463 } 464 } 465 466 retv = 0; 467 opt = ipv6_update_options(sk, opt); 468 sticky_done: 469 if (opt) { 470 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 471 txopt_put(opt); 472 } 473 break; 474 } 475 476 case IPV6_PKTINFO: 477 { 478 struct in6_pktinfo pkt; 479 480 if (optlen == 0) 481 goto e_inval; 482 else if (optlen < sizeof(struct in6_pktinfo) || !optval) 483 goto e_inval; 484 485 if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { 486 retv = -EFAULT; 487 break; 488 } 489 if (!sk_dev_equal_l3scope(sk, pkt.ipi6_ifindex)) 490 goto e_inval; 491 492 np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; 493 np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; 494 retv = 0; 495 break; 496 } 497 498 case IPV6_2292PKTOPTIONS: 499 { 500 struct ipv6_txoptions *opt = NULL; 501 struct msghdr msg; 502 struct flowi6 fl6; 503 struct ipcm6_cookie ipc6; 504 505 memset(&fl6, 0, sizeof(fl6)); 506 fl6.flowi6_oif = sk->sk_bound_dev_if; 507 fl6.flowi6_mark = sk->sk_mark; 508 509 if (optlen == 0) 510 goto update; 511 512 /* 1K is probably excessive 513 * 1K is surely not enough, 2K per standard header is 16K. 514 */ 515 retv = -EINVAL; 516 if (optlen > 64*1024) 517 break; 518 519 opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); 520 retv = -ENOBUFS; 521 if (!opt) 522 break; 523 524 memset(opt, 0, sizeof(*opt)); 525 refcount_set(&opt->refcnt, 1); 526 opt->tot_len = sizeof(*opt) + optlen; 527 retv = -EFAULT; 528 if (copy_from_user(opt+1, optval, optlen)) 529 goto done; 530 531 msg.msg_controllen = optlen; 532 msg.msg_control = (void *)(opt+1); 533 ipc6.opt = opt; 534 535 retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, &ipc6); 536 if (retv) 537 goto done; 538 update: 539 retv = 0; 540 opt = ipv6_update_options(sk, opt); 541 done: 542 if (opt) { 543 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 544 txopt_put(opt); 545 } 546 break; 547 } 548 case IPV6_UNICAST_HOPS: 549 if (optlen < sizeof(int)) 550 goto e_inval; 551 if (val > 255 || val < -1) 552 goto e_inval; 553 np->hop_limit = val; 554 retv = 0; 555 break; 556 557 case IPV6_MULTICAST_HOPS: 558 if (sk->sk_type == SOCK_STREAM) 559 break; 560 if (optlen < sizeof(int)) 561 goto e_inval; 562 if (val > 255 || val < -1) 563 goto e_inval; 564 np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); 565 retv = 0; 566 break; 567 568 case IPV6_MULTICAST_LOOP: 569 if (optlen < sizeof(int)) 570 goto e_inval; 571 if (val != valbool) 572 goto e_inval; 573 np->mc_loop = valbool; 574 retv = 0; 575 break; 576 577 case IPV6_UNICAST_IF: 578 { 579 struct net_device *dev = NULL; 580 int ifindex; 581 582 if (optlen != sizeof(int)) 583 goto e_inval; 584 585 ifindex = (__force int)ntohl((__force __be32)val); 586 if (ifindex == 0) { 587 np->ucast_oif = 0; 588 retv = 0; 589 break; 590 } 591 592 dev = dev_get_by_index(net, ifindex); 593 retv = -EADDRNOTAVAIL; 594 if (!dev) 595 break; 596 dev_put(dev); 597 598 retv = -EINVAL; 599 if (sk->sk_bound_dev_if) 600 break; 601 602 np->ucast_oif = ifindex; 603 retv = 0; 604 break; 605 } 606 607 case IPV6_MULTICAST_IF: 608 if (sk->sk_type == SOCK_STREAM) 609 break; 610 if (optlen < sizeof(int)) 611 goto e_inval; 612 613 if (val) { 614 struct net_device *dev; 615 int midx; 616 617 rcu_read_lock(); 618 619 dev = dev_get_by_index_rcu(net, val); 620 if (!dev) { 621 rcu_read_unlock(); 622 retv = -ENODEV; 623 break; 624 } 625 midx = l3mdev_master_ifindex_rcu(dev); 626 627 rcu_read_unlock(); 628 629 if (sk->sk_bound_dev_if && 630 sk->sk_bound_dev_if != val && 631 (!midx || midx != sk->sk_bound_dev_if)) 632 goto e_inval; 633 } 634 np->mcast_oif = val; 635 retv = 0; 636 break; 637 case IPV6_ADD_MEMBERSHIP: 638 case IPV6_DROP_MEMBERSHIP: 639 { 640 struct ipv6_mreq mreq; 641 642 if (optlen < sizeof(struct ipv6_mreq)) 643 goto e_inval; 644 645 retv = -EPROTO; 646 if (inet_sk(sk)->is_icsk) 647 break; 648 649 retv = -EFAULT; 650 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 651 break; 652 653 if (optname == IPV6_ADD_MEMBERSHIP) 654 retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 655 else 656 retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 657 break; 658 } 659 case IPV6_JOIN_ANYCAST: 660 case IPV6_LEAVE_ANYCAST: 661 { 662 struct ipv6_mreq mreq; 663 664 if (optlen < sizeof(struct ipv6_mreq)) 665 goto e_inval; 666 667 retv = -EFAULT; 668 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 669 break; 670 671 if (optname == IPV6_JOIN_ANYCAST) 672 retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 673 else 674 retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 675 break; 676 } 677 case IPV6_MULTICAST_ALL: 678 if (optlen < sizeof(int)) 679 goto e_inval; 680 np->mc_all = valbool; 681 retv = 0; 682 break; 683 684 case MCAST_JOIN_GROUP: 685 case MCAST_LEAVE_GROUP: 686 { 687 struct group_req greq; 688 struct sockaddr_in6 *psin6; 689 690 if (optlen < sizeof(struct group_req)) 691 goto e_inval; 692 693 retv = -EFAULT; 694 if (copy_from_user(&greq, optval, sizeof(struct group_req))) 695 break; 696 if (greq.gr_group.ss_family != AF_INET6) { 697 retv = -EADDRNOTAVAIL; 698 break; 699 } 700 psin6 = (struct sockaddr_in6 *)&greq.gr_group; 701 if (optname == MCAST_JOIN_GROUP) 702 retv = ipv6_sock_mc_join(sk, greq.gr_interface, 703 &psin6->sin6_addr); 704 else 705 retv = ipv6_sock_mc_drop(sk, greq.gr_interface, 706 &psin6->sin6_addr); 707 break; 708 } 709 case MCAST_JOIN_SOURCE_GROUP: 710 case MCAST_LEAVE_SOURCE_GROUP: 711 case MCAST_BLOCK_SOURCE: 712 case MCAST_UNBLOCK_SOURCE: 713 { 714 struct group_source_req greqs; 715 int omode, add; 716 717 if (optlen < sizeof(struct group_source_req)) 718 goto e_inval; 719 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 720 retv = -EFAULT; 721 break; 722 } 723 if (greqs.gsr_group.ss_family != AF_INET6 || 724 greqs.gsr_source.ss_family != AF_INET6) { 725 retv = -EADDRNOTAVAIL; 726 break; 727 } 728 if (optname == MCAST_BLOCK_SOURCE) { 729 omode = MCAST_EXCLUDE; 730 add = 1; 731 } else if (optname == MCAST_UNBLOCK_SOURCE) { 732 omode = MCAST_EXCLUDE; 733 add = 0; 734 } else if (optname == MCAST_JOIN_SOURCE_GROUP) { 735 struct sockaddr_in6 *psin6; 736 737 psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; 738 retv = ipv6_sock_mc_join_ssm(sk, greqs.gsr_interface, 739 &psin6->sin6_addr, 740 MCAST_INCLUDE); 741 /* prior join w/ different source is ok */ 742 if (retv && retv != -EADDRINUSE) 743 break; 744 omode = MCAST_INCLUDE; 745 add = 1; 746 } else /* MCAST_LEAVE_SOURCE_GROUP */ { 747 omode = MCAST_INCLUDE; 748 add = 0; 749 } 750 retv = ip6_mc_source(add, omode, sk, &greqs); 751 break; 752 } 753 case MCAST_MSFILTER: 754 { 755 struct group_filter *gsf; 756 757 if (optlen < GROUP_FILTER_SIZE(0)) 758 goto e_inval; 759 if (optlen > sysctl_optmem_max) { 760 retv = -ENOBUFS; 761 break; 762 } 763 gsf = memdup_user(optval, optlen); 764 if (IS_ERR(gsf)) { 765 retv = PTR_ERR(gsf); 766 break; 767 } 768 /* numsrc >= (4G-140)/128 overflow in 32 bits */ 769 if (gsf->gf_numsrc >= 0x1ffffffU || 770 gsf->gf_numsrc > sysctl_mld_max_msf) { 771 kfree(gsf); 772 retv = -ENOBUFS; 773 break; 774 } 775 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { 776 kfree(gsf); 777 retv = -EINVAL; 778 break; 779 } 780 retv = ip6_mc_msfilter(sk, gsf); 781 kfree(gsf); 782 783 break; 784 } 785 case IPV6_ROUTER_ALERT: 786 if (optlen < sizeof(int)) 787 goto e_inval; 788 retv = ip6_ra_control(sk, val); 789 break; 790 case IPV6_ROUTER_ALERT_ISOLATE: 791 if (optlen < sizeof(int)) 792 goto e_inval; 793 np->rtalert_isolate = valbool; 794 retv = 0; 795 break; 796 case IPV6_MTU_DISCOVER: 797 if (optlen < sizeof(int)) 798 goto e_inval; 799 if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) 800 goto e_inval; 801 np->pmtudisc = val; 802 retv = 0; 803 break; 804 case IPV6_MTU: 805 if (optlen < sizeof(int)) 806 goto e_inval; 807 if (val && val < IPV6_MIN_MTU) 808 goto e_inval; 809 np->frag_size = val; 810 retv = 0; 811 break; 812 case IPV6_RECVERR: 813 if (optlen < sizeof(int)) 814 goto e_inval; 815 np->recverr = valbool; 816 if (!val) 817 skb_queue_purge(&sk->sk_error_queue); 818 retv = 0; 819 break; 820 case IPV6_FLOWINFO_SEND: 821 if (optlen < sizeof(int)) 822 goto e_inval; 823 np->sndflow = valbool; 824 retv = 0; 825 break; 826 case IPV6_FLOWLABEL_MGR: 827 retv = ipv6_flowlabel_opt(sk, optval, optlen); 828 break; 829 case IPV6_IPSEC_POLICY: 830 case IPV6_XFRM_POLICY: 831 retv = -EPERM; 832 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 833 break; 834 retv = xfrm_user_policy(sk, optname, optval, optlen); 835 break; 836 837 case IPV6_ADDR_PREFERENCES: 838 { 839 unsigned int pref = 0; 840 unsigned int prefmask = ~0; 841 842 if (optlen < sizeof(int)) 843 goto e_inval; 844 845 retv = -EINVAL; 846 847 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */ 848 switch (val & (IPV6_PREFER_SRC_PUBLIC| 849 IPV6_PREFER_SRC_TMP| 850 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { 851 case IPV6_PREFER_SRC_PUBLIC: 852 pref |= IPV6_PREFER_SRC_PUBLIC; 853 break; 854 case IPV6_PREFER_SRC_TMP: 855 pref |= IPV6_PREFER_SRC_TMP; 856 break; 857 case IPV6_PREFER_SRC_PUBTMP_DEFAULT: 858 break; 859 case 0: 860 goto pref_skip_pubtmp; 861 default: 862 goto e_inval; 863 } 864 865 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| 866 IPV6_PREFER_SRC_TMP); 867 pref_skip_pubtmp: 868 869 /* check HOME/COA conflicts */ 870 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { 871 case IPV6_PREFER_SRC_HOME: 872 break; 873 case IPV6_PREFER_SRC_COA: 874 pref |= IPV6_PREFER_SRC_COA; 875 case 0: 876 goto pref_skip_coa; 877 default: 878 goto e_inval; 879 } 880 881 prefmask &= ~IPV6_PREFER_SRC_COA; 882 pref_skip_coa: 883 884 /* check CGA/NONCGA conflicts */ 885 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { 886 case IPV6_PREFER_SRC_CGA: 887 case IPV6_PREFER_SRC_NONCGA: 888 case 0: 889 break; 890 default: 891 goto e_inval; 892 } 893 894 np->srcprefs = (np->srcprefs & prefmask) | pref; 895 retv = 0; 896 897 break; 898 } 899 case IPV6_MINHOPCOUNT: 900 if (optlen < sizeof(int)) 901 goto e_inval; 902 if (val < 0 || val > 255) 903 goto e_inval; 904 np->min_hopcount = val; 905 retv = 0; 906 break; 907 case IPV6_DONTFRAG: 908 np->dontfrag = valbool; 909 retv = 0; 910 break; 911 case IPV6_AUTOFLOWLABEL: 912 np->autoflowlabel = valbool; 913 np->autoflowlabel_set = 1; 914 retv = 0; 915 break; 916 case IPV6_RECVFRAGSIZE: 917 np->rxopt.bits.recvfragsize = valbool; 918 retv = 0; 919 break; 920 } 921 922 release_sock(sk); 923 if (needs_rtnl) 924 rtnl_unlock(); 925 926 return retv; 927 928 e_inval: 929 release_sock(sk); 930 if (needs_rtnl) 931 rtnl_unlock(); 932 return -EINVAL; 933 } 934 935 int ipv6_setsockopt(struct sock *sk, int level, int optname, 936 char __user *optval, unsigned int optlen) 937 { 938 int err; 939 940 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 941 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 942 943 if (level != SOL_IPV6) 944 return -ENOPROTOOPT; 945 946 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 947 #ifdef CONFIG_NETFILTER 948 /* we need to exclude all possible ENOPROTOOPTs except default case */ 949 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 950 optname != IPV6_XFRM_POLICY) 951 err = nf_setsockopt(sk, PF_INET6, optname, optval, optlen); 952 #endif 953 return err; 954 } 955 EXPORT_SYMBOL(ipv6_setsockopt); 956 957 #ifdef CONFIG_COMPAT 958 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, 959 char __user *optval, unsigned int optlen) 960 { 961 int err; 962 963 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 964 if (udp_prot.compat_setsockopt != NULL) 965 return udp_prot.compat_setsockopt(sk, level, optname, 966 optval, optlen); 967 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 968 } 969 970 if (level != SOL_IPV6) 971 return -ENOPROTOOPT; 972 973 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER) 974 return compat_mc_setsockopt(sk, level, optname, optval, optlen, 975 ipv6_setsockopt); 976 977 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 978 #ifdef CONFIG_NETFILTER 979 /* we need to exclude all possible ENOPROTOOPTs except default case */ 980 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 981 optname != IPV6_XFRM_POLICY) 982 err = compat_nf_setsockopt(sk, PF_INET6, optname, optval, 983 optlen); 984 #endif 985 return err; 986 } 987 EXPORT_SYMBOL(compat_ipv6_setsockopt); 988 #endif 989 990 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 991 int optname, char __user *optval, int len) 992 { 993 struct ipv6_opt_hdr *hdr; 994 995 if (!opt) 996 return 0; 997 998 switch (optname) { 999 case IPV6_HOPOPTS: 1000 hdr = opt->hopopt; 1001 break; 1002 case IPV6_RTHDRDSTOPTS: 1003 hdr = opt->dst0opt; 1004 break; 1005 case IPV6_RTHDR: 1006 hdr = (struct ipv6_opt_hdr *)opt->srcrt; 1007 break; 1008 case IPV6_DSTOPTS: 1009 hdr = opt->dst1opt; 1010 break; 1011 default: 1012 return -EINVAL; /* should not happen */ 1013 } 1014 1015 if (!hdr) 1016 return 0; 1017 1018 len = min_t(unsigned int, len, ipv6_optlen(hdr)); 1019 if (copy_to_user(optval, hdr, len)) 1020 return -EFAULT; 1021 return len; 1022 } 1023 1024 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 1025 char __user *optval, int __user *optlen, unsigned int flags) 1026 { 1027 struct ipv6_pinfo *np = inet6_sk(sk); 1028 int len; 1029 int val; 1030 1031 if (ip6_mroute_opt(optname)) 1032 return ip6_mroute_getsockopt(sk, optname, optval, optlen); 1033 1034 if (get_user(len, optlen)) 1035 return -EFAULT; 1036 switch (optname) { 1037 case IPV6_ADDRFORM: 1038 if (sk->sk_protocol != IPPROTO_UDP && 1039 sk->sk_protocol != IPPROTO_UDPLITE && 1040 sk->sk_protocol != IPPROTO_TCP) 1041 return -ENOPROTOOPT; 1042 if (sk->sk_state != TCP_ESTABLISHED) 1043 return -ENOTCONN; 1044 val = sk->sk_family; 1045 break; 1046 case MCAST_MSFILTER: 1047 { 1048 struct group_filter gsf; 1049 int err; 1050 1051 if (len < GROUP_FILTER_SIZE(0)) 1052 return -EINVAL; 1053 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 1054 return -EFAULT; 1055 if (gsf.gf_group.ss_family != AF_INET6) 1056 return -EADDRNOTAVAIL; 1057 lock_sock(sk); 1058 err = ip6_mc_msfget(sk, &gsf, 1059 (struct group_filter __user *)optval, optlen); 1060 release_sock(sk); 1061 return err; 1062 } 1063 1064 case IPV6_2292PKTOPTIONS: 1065 { 1066 struct msghdr msg; 1067 struct sk_buff *skb; 1068 1069 if (sk->sk_type != SOCK_STREAM) 1070 return -ENOPROTOOPT; 1071 1072 msg.msg_control = optval; 1073 msg.msg_controllen = len; 1074 msg.msg_flags = flags; 1075 1076 lock_sock(sk); 1077 skb = np->pktoptions; 1078 if (skb) 1079 ip6_datagram_recv_ctl(sk, &msg, skb); 1080 release_sock(sk); 1081 if (!skb) { 1082 if (np->rxopt.bits.rxinfo) { 1083 struct in6_pktinfo src_info; 1084 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1085 np->sticky_pktinfo.ipi6_ifindex; 1086 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; 1087 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); 1088 } 1089 if (np->rxopt.bits.rxhlim) { 1090 int hlim = np->mcast_hops; 1091 put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 1092 } 1093 if (np->rxopt.bits.rxtclass) { 1094 int tclass = (int)ip6_tclass(np->rcv_flowinfo); 1095 1096 put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 1097 } 1098 if (np->rxopt.bits.rxoinfo) { 1099 struct in6_pktinfo src_info; 1100 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1101 np->sticky_pktinfo.ipi6_ifindex; 1102 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : 1103 np->sticky_pktinfo.ipi6_addr; 1104 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 1105 } 1106 if (np->rxopt.bits.rxohlim) { 1107 int hlim = np->mcast_hops; 1108 put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 1109 } 1110 if (np->rxopt.bits.rxflow) { 1111 __be32 flowinfo = np->rcv_flowinfo; 1112 1113 put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 1114 } 1115 } 1116 len -= msg.msg_controllen; 1117 return put_user(len, optlen); 1118 } 1119 case IPV6_MTU: 1120 { 1121 struct dst_entry *dst; 1122 1123 val = 0; 1124 rcu_read_lock(); 1125 dst = __sk_dst_get(sk); 1126 if (dst) 1127 val = dst_mtu(dst); 1128 rcu_read_unlock(); 1129 if (!val) 1130 return -ENOTCONN; 1131 break; 1132 } 1133 1134 case IPV6_V6ONLY: 1135 val = sk->sk_ipv6only; 1136 break; 1137 1138 case IPV6_RECVPKTINFO: 1139 val = np->rxopt.bits.rxinfo; 1140 break; 1141 1142 case IPV6_2292PKTINFO: 1143 val = np->rxopt.bits.rxoinfo; 1144 break; 1145 1146 case IPV6_RECVHOPLIMIT: 1147 val = np->rxopt.bits.rxhlim; 1148 break; 1149 1150 case IPV6_2292HOPLIMIT: 1151 val = np->rxopt.bits.rxohlim; 1152 break; 1153 1154 case IPV6_RECVRTHDR: 1155 val = np->rxopt.bits.srcrt; 1156 break; 1157 1158 case IPV6_2292RTHDR: 1159 val = np->rxopt.bits.osrcrt; 1160 break; 1161 1162 case IPV6_HOPOPTS: 1163 case IPV6_RTHDRDSTOPTS: 1164 case IPV6_RTHDR: 1165 case IPV6_DSTOPTS: 1166 { 1167 struct ipv6_txoptions *opt; 1168 1169 lock_sock(sk); 1170 opt = rcu_dereference_protected(np->opt, 1171 lockdep_sock_is_held(sk)); 1172 len = ipv6_getsockopt_sticky(sk, opt, optname, optval, len); 1173 release_sock(sk); 1174 /* check if ipv6_getsockopt_sticky() returns err code */ 1175 if (len < 0) 1176 return len; 1177 return put_user(len, optlen); 1178 } 1179 1180 case IPV6_RECVHOPOPTS: 1181 val = np->rxopt.bits.hopopts; 1182 break; 1183 1184 case IPV6_2292HOPOPTS: 1185 val = np->rxopt.bits.ohopopts; 1186 break; 1187 1188 case IPV6_RECVDSTOPTS: 1189 val = np->rxopt.bits.dstopts; 1190 break; 1191 1192 case IPV6_2292DSTOPTS: 1193 val = np->rxopt.bits.odstopts; 1194 break; 1195 1196 case IPV6_TCLASS: 1197 val = np->tclass; 1198 break; 1199 1200 case IPV6_RECVTCLASS: 1201 val = np->rxopt.bits.rxtclass; 1202 break; 1203 1204 case IPV6_FLOWINFO: 1205 val = np->rxopt.bits.rxflow; 1206 break; 1207 1208 case IPV6_RECVPATHMTU: 1209 val = np->rxopt.bits.rxpmtu; 1210 break; 1211 1212 case IPV6_PATHMTU: 1213 { 1214 struct dst_entry *dst; 1215 struct ip6_mtuinfo mtuinfo; 1216 1217 if (len < sizeof(mtuinfo)) 1218 return -EINVAL; 1219 1220 len = sizeof(mtuinfo); 1221 memset(&mtuinfo, 0, sizeof(mtuinfo)); 1222 1223 rcu_read_lock(); 1224 dst = __sk_dst_get(sk); 1225 if (dst) 1226 mtuinfo.ip6m_mtu = dst_mtu(dst); 1227 rcu_read_unlock(); 1228 if (!mtuinfo.ip6m_mtu) 1229 return -ENOTCONN; 1230 1231 if (put_user(len, optlen)) 1232 return -EFAULT; 1233 if (copy_to_user(optval, &mtuinfo, len)) 1234 return -EFAULT; 1235 1236 return 0; 1237 } 1238 1239 case IPV6_TRANSPARENT: 1240 val = inet_sk(sk)->transparent; 1241 break; 1242 1243 case IPV6_FREEBIND: 1244 val = inet_sk(sk)->freebind; 1245 break; 1246 1247 case IPV6_RECVORIGDSTADDR: 1248 val = np->rxopt.bits.rxorigdstaddr; 1249 break; 1250 1251 case IPV6_UNICAST_HOPS: 1252 case IPV6_MULTICAST_HOPS: 1253 { 1254 struct dst_entry *dst; 1255 1256 if (optname == IPV6_UNICAST_HOPS) 1257 val = np->hop_limit; 1258 else 1259 val = np->mcast_hops; 1260 1261 if (val < 0) { 1262 rcu_read_lock(); 1263 dst = __sk_dst_get(sk); 1264 if (dst) 1265 val = ip6_dst_hoplimit(dst); 1266 rcu_read_unlock(); 1267 } 1268 1269 if (val < 0) 1270 val = sock_net(sk)->ipv6.devconf_all->hop_limit; 1271 break; 1272 } 1273 1274 case IPV6_MULTICAST_LOOP: 1275 val = np->mc_loop; 1276 break; 1277 1278 case IPV6_MULTICAST_IF: 1279 val = np->mcast_oif; 1280 break; 1281 1282 case IPV6_MULTICAST_ALL: 1283 val = np->mc_all; 1284 break; 1285 1286 case IPV6_UNICAST_IF: 1287 val = (__force int)htonl((__u32) np->ucast_oif); 1288 break; 1289 1290 case IPV6_MTU_DISCOVER: 1291 val = np->pmtudisc; 1292 break; 1293 1294 case IPV6_RECVERR: 1295 val = np->recverr; 1296 break; 1297 1298 case IPV6_FLOWINFO_SEND: 1299 val = np->sndflow; 1300 break; 1301 1302 case IPV6_FLOWLABEL_MGR: 1303 { 1304 struct in6_flowlabel_req freq; 1305 int flags; 1306 1307 if (len < sizeof(freq)) 1308 return -EINVAL; 1309 1310 if (copy_from_user(&freq, optval, sizeof(freq))) 1311 return -EFAULT; 1312 1313 if (freq.flr_action != IPV6_FL_A_GET) 1314 return -EINVAL; 1315 1316 len = sizeof(freq); 1317 flags = freq.flr_flags; 1318 1319 memset(&freq, 0, sizeof(freq)); 1320 1321 val = ipv6_flowlabel_opt_get(sk, &freq, flags); 1322 if (val < 0) 1323 return val; 1324 1325 if (put_user(len, optlen)) 1326 return -EFAULT; 1327 if (copy_to_user(optval, &freq, len)) 1328 return -EFAULT; 1329 1330 return 0; 1331 } 1332 1333 case IPV6_ADDR_PREFERENCES: 1334 val = 0; 1335 1336 if (np->srcprefs & IPV6_PREFER_SRC_TMP) 1337 val |= IPV6_PREFER_SRC_TMP; 1338 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC) 1339 val |= IPV6_PREFER_SRC_PUBLIC; 1340 else { 1341 /* XXX: should we return system default? */ 1342 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT; 1343 } 1344 1345 if (np->srcprefs & IPV6_PREFER_SRC_COA) 1346 val |= IPV6_PREFER_SRC_COA; 1347 else 1348 val |= IPV6_PREFER_SRC_HOME; 1349 break; 1350 1351 case IPV6_MINHOPCOUNT: 1352 val = np->min_hopcount; 1353 break; 1354 1355 case IPV6_DONTFRAG: 1356 val = np->dontfrag; 1357 break; 1358 1359 case IPV6_AUTOFLOWLABEL: 1360 val = ip6_autoflowlabel(sock_net(sk), np); 1361 break; 1362 1363 case IPV6_RECVFRAGSIZE: 1364 val = np->rxopt.bits.recvfragsize; 1365 break; 1366 1367 case IPV6_ROUTER_ALERT_ISOLATE: 1368 val = np->rtalert_isolate; 1369 break; 1370 1371 default: 1372 return -ENOPROTOOPT; 1373 } 1374 len = min_t(unsigned int, sizeof(int), len); 1375 if (put_user(len, optlen)) 1376 return -EFAULT; 1377 if (copy_to_user(optval, &val, len)) 1378 return -EFAULT; 1379 return 0; 1380 } 1381 1382 int ipv6_getsockopt(struct sock *sk, int level, int optname, 1383 char __user *optval, int __user *optlen) 1384 { 1385 int err; 1386 1387 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 1388 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1389 1390 if (level != SOL_IPV6) 1391 return -ENOPROTOOPT; 1392 1393 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0); 1394 #ifdef CONFIG_NETFILTER 1395 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1396 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1397 int len; 1398 1399 if (get_user(len, optlen)) 1400 return -EFAULT; 1401 1402 err = nf_getsockopt(sk, PF_INET6, optname, optval, &len); 1403 if (err >= 0) 1404 err = put_user(len, optlen); 1405 } 1406 #endif 1407 return err; 1408 } 1409 EXPORT_SYMBOL(ipv6_getsockopt); 1410 1411 #ifdef CONFIG_COMPAT 1412 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, 1413 char __user *optval, int __user *optlen) 1414 { 1415 int err; 1416 1417 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 1418 if (udp_prot.compat_getsockopt != NULL) 1419 return udp_prot.compat_getsockopt(sk, level, optname, 1420 optval, optlen); 1421 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1422 } 1423 1424 if (level != SOL_IPV6) 1425 return -ENOPROTOOPT; 1426 1427 if (optname == MCAST_MSFILTER) 1428 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1429 ipv6_getsockopt); 1430 1431 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 1432 MSG_CMSG_COMPAT); 1433 #ifdef CONFIG_NETFILTER 1434 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1435 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1436 int len; 1437 1438 if (get_user(len, optlen)) 1439 return -EFAULT; 1440 1441 err = compat_nf_getsockopt(sk, PF_INET6, optname, optval, &len); 1442 if (err >= 0) 1443 err = put_user(len, optlen); 1444 } 1445 #endif 1446 return err; 1447 } 1448 EXPORT_SYMBOL(compat_ipv6_getsockopt); 1449 #endif 1450