1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * common UDP/RAW code 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 */ 9 10 #include <linux/capability.h> 11 #include <linux/errno.h> 12 #include <linux/types.h> 13 #include <linux/kernel.h> 14 #include <linux/interrupt.h> 15 #include <linux/socket.h> 16 #include <linux/sockios.h> 17 #include <linux/in6.h> 18 #include <linux/ipv6.h> 19 #include <linux/route.h> 20 #include <linux/slab.h> 21 #include <linux/export.h> 22 #include <linux/icmp.h> 23 24 #include <net/ipv6.h> 25 #include <net/ndisc.h> 26 #include <net/addrconf.h> 27 #include <net/transp_v6.h> 28 #include <net/ip6_route.h> 29 #include <net/tcp_states.h> 30 #include <net/dsfield.h> 31 #include <net/sock_reuseport.h> 32 33 #include <linux/errqueue.h> 34 #include <linux/uaccess.h> 35 36 static bool ipv6_mapped_addr_any(const struct in6_addr *a) 37 { 38 return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0); 39 } 40 41 static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk) 42 { 43 struct inet_sock *inet = inet_sk(sk); 44 struct ipv6_pinfo *np = inet6_sk(sk); 45 int oif = sk->sk_bound_dev_if; 46 47 memset(fl6, 0, sizeof(*fl6)); 48 fl6->flowi6_proto = sk->sk_protocol; 49 fl6->daddr = sk->sk_v6_daddr; 50 fl6->saddr = np->saddr; 51 fl6->flowi6_mark = sk->sk_mark; 52 fl6->fl6_dport = inet->inet_dport; 53 fl6->fl6_sport = inet->inet_sport; 54 fl6->flowlabel = np->flow_label; 55 fl6->flowi6_uid = sk->sk_uid; 56 57 if (!oif) 58 oif = np->sticky_pktinfo.ipi6_ifindex; 59 60 if (!oif) { 61 if (ipv6_addr_is_multicast(&fl6->daddr)) 62 oif = np->mcast_oif; 63 else 64 oif = np->ucast_oif; 65 } 66 67 fl6->flowi6_oif = oif; 68 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6)); 69 } 70 71 int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr) 72 { 73 struct ip6_flowlabel *flowlabel = NULL; 74 struct in6_addr *final_p, final; 75 struct ipv6_txoptions *opt; 76 struct dst_entry *dst; 77 struct inet_sock *inet = inet_sk(sk); 78 struct ipv6_pinfo *np = inet6_sk(sk); 79 struct flowi6 fl6; 80 int err = 0; 81 82 if (np->sndflow && (np->flow_label & IPV6_FLOWLABEL_MASK)) { 83 flowlabel = fl6_sock_lookup(sk, np->flow_label); 84 if (IS_ERR(flowlabel)) 85 return -EINVAL; 86 } 87 ip6_datagram_flow_key_init(&fl6, sk); 88 89 rcu_read_lock(); 90 opt = flowlabel ? flowlabel->opt : rcu_dereference(np->opt); 91 final_p = fl6_update_dst(&fl6, opt, &final); 92 rcu_read_unlock(); 93 94 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); 95 if (IS_ERR(dst)) { 96 err = PTR_ERR(dst); 97 goto out; 98 } 99 100 if (fix_sk_saddr) { 101 if (ipv6_addr_any(&np->saddr)) 102 np->saddr = fl6.saddr; 103 104 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) { 105 sk->sk_v6_rcv_saddr = fl6.saddr; 106 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 107 if (sk->sk_prot->rehash) 108 sk->sk_prot->rehash(sk); 109 } 110 } 111 112 ip6_sk_dst_store_flow(sk, dst, &fl6); 113 114 out: 115 fl6_sock_release(flowlabel); 116 return err; 117 } 118 119 void ip6_datagram_release_cb(struct sock *sk) 120 { 121 struct dst_entry *dst; 122 123 if (ipv6_addr_v4mapped(&sk->sk_v6_daddr)) 124 return; 125 126 rcu_read_lock(); 127 dst = __sk_dst_get(sk); 128 if (!dst || !dst->obsolete || 129 dst->ops->check(dst, inet6_sk(sk)->dst_cookie)) { 130 rcu_read_unlock(); 131 return; 132 } 133 rcu_read_unlock(); 134 135 ip6_datagram_dst_update(sk, false); 136 } 137 EXPORT_SYMBOL_GPL(ip6_datagram_release_cb); 138 139 int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, 140 int addr_len) 141 { 142 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 143 struct inet_sock *inet = inet_sk(sk); 144 struct ipv6_pinfo *np = inet6_sk(sk); 145 struct in6_addr *daddr, old_daddr; 146 __be32 fl6_flowlabel = 0; 147 __be32 old_fl6_flowlabel; 148 __be16 old_dport; 149 int addr_type; 150 int err; 151 152 if (usin->sin6_family == AF_INET) { 153 if (ipv6_only_sock(sk)) 154 return -EAFNOSUPPORT; 155 err = __ip4_datagram_connect(sk, uaddr, addr_len); 156 goto ipv4_connected; 157 } 158 159 if (addr_len < SIN6_LEN_RFC2133) 160 return -EINVAL; 161 162 if (usin->sin6_family != AF_INET6) 163 return -EAFNOSUPPORT; 164 165 if (np->sndflow) 166 fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK; 167 168 if (ipv6_addr_any(&usin->sin6_addr)) { 169 /* 170 * connect to self 171 */ 172 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr)) 173 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK), 174 &usin->sin6_addr); 175 else 176 usin->sin6_addr = in6addr_loopback; 177 } 178 179 addr_type = ipv6_addr_type(&usin->sin6_addr); 180 181 daddr = &usin->sin6_addr; 182 183 if (addr_type & IPV6_ADDR_MAPPED) { 184 struct sockaddr_in sin; 185 186 if (ipv6_only_sock(sk)) { 187 err = -ENETUNREACH; 188 goto out; 189 } 190 sin.sin_family = AF_INET; 191 sin.sin_addr.s_addr = daddr->s6_addr32[3]; 192 sin.sin_port = usin->sin6_port; 193 194 err = __ip4_datagram_connect(sk, 195 (struct sockaddr *) &sin, 196 sizeof(sin)); 197 198 ipv4_connected: 199 if (err) 200 goto out; 201 202 ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr); 203 204 if (ipv6_addr_any(&np->saddr) || 205 ipv6_mapped_addr_any(&np->saddr)) 206 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 207 208 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) || 209 ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) { 210 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 211 &sk->sk_v6_rcv_saddr); 212 if (sk->sk_prot->rehash) 213 sk->sk_prot->rehash(sk); 214 } 215 216 goto out; 217 } 218 219 if (__ipv6_addr_needs_scope_id(addr_type)) { 220 if (addr_len >= sizeof(struct sockaddr_in6) && 221 usin->sin6_scope_id) { 222 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) { 223 err = -EINVAL; 224 goto out; 225 } 226 WRITE_ONCE(sk->sk_bound_dev_if, usin->sin6_scope_id); 227 } 228 229 if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST)) 230 WRITE_ONCE(sk->sk_bound_dev_if, np->mcast_oif); 231 232 /* Connect to link-local address requires an interface */ 233 if (!sk->sk_bound_dev_if) { 234 err = -EINVAL; 235 goto out; 236 } 237 } 238 239 /* save the current peer information before updating it */ 240 old_daddr = sk->sk_v6_daddr; 241 old_fl6_flowlabel = np->flow_label; 242 old_dport = inet->inet_dport; 243 244 sk->sk_v6_daddr = *daddr; 245 np->flow_label = fl6_flowlabel; 246 inet->inet_dport = usin->sin6_port; 247 248 /* 249 * Check for a route to destination an obtain the 250 * destination cache for it. 251 */ 252 253 err = ip6_datagram_dst_update(sk, true); 254 if (err) { 255 /* Restore the socket peer info, to keep it consistent with 256 * the old socket state 257 */ 258 sk->sk_v6_daddr = old_daddr; 259 np->flow_label = old_fl6_flowlabel; 260 inet->inet_dport = old_dport; 261 goto out; 262 } 263 264 reuseport_has_conns_set(sk); 265 sk->sk_state = TCP_ESTABLISHED; 266 sk_set_txhash(sk); 267 out: 268 return err; 269 } 270 EXPORT_SYMBOL_GPL(__ip6_datagram_connect); 271 272 int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) 273 { 274 int res; 275 276 lock_sock(sk); 277 res = __ip6_datagram_connect(sk, uaddr, addr_len); 278 release_sock(sk); 279 return res; 280 } 281 EXPORT_SYMBOL_GPL(ip6_datagram_connect); 282 283 int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr, 284 int addr_len) 285 { 286 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, uaddr); 287 if (sin6->sin6_family != AF_INET6) 288 return -EAFNOSUPPORT; 289 return ip6_datagram_connect(sk, uaddr, addr_len); 290 } 291 EXPORT_SYMBOL_GPL(ip6_datagram_connect_v6_only); 292 293 static void ipv6_icmp_error_rfc4884(const struct sk_buff *skb, 294 struct sock_ee_data_rfc4884 *out) 295 { 296 switch (icmp6_hdr(skb)->icmp6_type) { 297 case ICMPV6_TIME_EXCEED: 298 case ICMPV6_DEST_UNREACH: 299 ip_icmp_error_rfc4884(skb, out, sizeof(struct icmp6hdr), 300 icmp6_hdr(skb)->icmp6_datagram_len * 8); 301 } 302 } 303 304 void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err, 305 __be16 port, u32 info, u8 *payload) 306 { 307 struct ipv6_pinfo *np = inet6_sk(sk); 308 struct icmp6hdr *icmph = icmp6_hdr(skb); 309 struct sock_exterr_skb *serr; 310 311 if (!np->recverr) 312 return; 313 314 skb = skb_clone(skb, GFP_ATOMIC); 315 if (!skb) 316 return; 317 318 skb->protocol = htons(ETH_P_IPV6); 319 320 serr = SKB_EXT_ERR(skb); 321 serr->ee.ee_errno = err; 322 serr->ee.ee_origin = SO_EE_ORIGIN_ICMP6; 323 serr->ee.ee_type = icmph->icmp6_type; 324 serr->ee.ee_code = icmph->icmp6_code; 325 serr->ee.ee_pad = 0; 326 serr->ee.ee_info = info; 327 serr->ee.ee_data = 0; 328 serr->addr_offset = (u8 *)&(((struct ipv6hdr *)(icmph + 1))->daddr) - 329 skb_network_header(skb); 330 serr->port = port; 331 332 __skb_pull(skb, payload - skb->data); 333 334 if (inet6_sk(sk)->recverr_rfc4884) 335 ipv6_icmp_error_rfc4884(skb, &serr->ee.ee_rfc4884); 336 337 skb_reset_transport_header(skb); 338 339 if (sock_queue_err_skb(sk, skb)) 340 kfree_skb(skb); 341 } 342 EXPORT_SYMBOL_GPL(ipv6_icmp_error); 343 344 void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info) 345 { 346 const struct ipv6_pinfo *np = inet6_sk(sk); 347 struct sock_exterr_skb *serr; 348 struct ipv6hdr *iph; 349 struct sk_buff *skb; 350 351 if (!np->recverr) 352 return; 353 354 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC); 355 if (!skb) 356 return; 357 358 skb->protocol = htons(ETH_P_IPV6); 359 360 skb_put(skb, sizeof(struct ipv6hdr)); 361 skb_reset_network_header(skb); 362 iph = ipv6_hdr(skb); 363 iph->daddr = fl6->daddr; 364 ip6_flow_hdr(iph, 0, 0); 365 366 serr = SKB_EXT_ERR(skb); 367 serr->ee.ee_errno = err; 368 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 369 serr->ee.ee_type = 0; 370 serr->ee.ee_code = 0; 371 serr->ee.ee_pad = 0; 372 serr->ee.ee_info = info; 373 serr->ee.ee_data = 0; 374 serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb); 375 serr->port = fl6->fl6_dport; 376 377 __skb_pull(skb, skb_tail_pointer(skb) - skb->data); 378 skb_reset_transport_header(skb); 379 380 if (sock_queue_err_skb(sk, skb)) 381 kfree_skb(skb); 382 } 383 384 void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu) 385 { 386 struct ipv6_pinfo *np = inet6_sk(sk); 387 struct ipv6hdr *iph; 388 struct sk_buff *skb; 389 struct ip6_mtuinfo *mtu_info; 390 391 if (!np->rxopt.bits.rxpmtu) 392 return; 393 394 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC); 395 if (!skb) 396 return; 397 398 skb_put(skb, sizeof(struct ipv6hdr)); 399 skb_reset_network_header(skb); 400 iph = ipv6_hdr(skb); 401 iph->daddr = fl6->daddr; 402 403 mtu_info = IP6CBMTU(skb); 404 405 mtu_info->ip6m_mtu = mtu; 406 mtu_info->ip6m_addr.sin6_family = AF_INET6; 407 mtu_info->ip6m_addr.sin6_port = 0; 408 mtu_info->ip6m_addr.sin6_flowinfo = 0; 409 mtu_info->ip6m_addr.sin6_scope_id = fl6->flowi6_oif; 410 mtu_info->ip6m_addr.sin6_addr = ipv6_hdr(skb)->daddr; 411 412 __skb_pull(skb, skb_tail_pointer(skb) - skb->data); 413 skb_reset_transport_header(skb); 414 415 skb = xchg(&np->rxpmtu, skb); 416 kfree_skb(skb); 417 } 418 419 /* For some errors we have valid addr_offset even with zero payload and 420 * zero port. Also, addr_offset should be supported if port is set. 421 */ 422 static inline bool ipv6_datagram_support_addr(struct sock_exterr_skb *serr) 423 { 424 return serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6 || 425 serr->ee.ee_origin == SO_EE_ORIGIN_ICMP || 426 serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL || serr->port; 427 } 428 429 /* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL. 430 * 431 * At one point, excluding local errors was a quick test to identify icmp/icmp6 432 * errors. This is no longer true, but the test remained, so the v6 stack, 433 * unlike v4, also honors cmsg requests on all wifi and timestamp errors. 434 */ 435 static bool ip6_datagram_support_cmsg(struct sk_buff *skb, 436 struct sock_exterr_skb *serr) 437 { 438 if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP || 439 serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6) 440 return true; 441 442 if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL) 443 return false; 444 445 if (!IP6CB(skb)->iif) 446 return false; 447 448 return true; 449 } 450 451 /* 452 * Handle MSG_ERRQUEUE 453 */ 454 int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) 455 { 456 struct ipv6_pinfo *np = inet6_sk(sk); 457 struct sock_exterr_skb *serr; 458 struct sk_buff *skb; 459 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name); 460 struct { 461 struct sock_extended_err ee; 462 struct sockaddr_in6 offender; 463 } errhdr; 464 int err; 465 int copied; 466 467 err = -EAGAIN; 468 skb = sock_dequeue_err_skb(sk); 469 if (!skb) 470 goto out; 471 472 copied = skb->len; 473 if (copied > len) { 474 msg->msg_flags |= MSG_TRUNC; 475 copied = len; 476 } 477 err = skb_copy_datagram_msg(skb, 0, msg, copied); 478 if (unlikely(err)) { 479 kfree_skb(skb); 480 return err; 481 } 482 sock_recv_timestamp(msg, sk, skb); 483 484 serr = SKB_EXT_ERR(skb); 485 486 if (sin && ipv6_datagram_support_addr(serr)) { 487 const unsigned char *nh = skb_network_header(skb); 488 sin->sin6_family = AF_INET6; 489 sin->sin6_flowinfo = 0; 490 sin->sin6_port = serr->port; 491 if (skb->protocol == htons(ETH_P_IPV6)) { 492 const struct ipv6hdr *ip6h = container_of((struct in6_addr *)(nh + serr->addr_offset), 493 struct ipv6hdr, daddr); 494 sin->sin6_addr = ip6h->daddr; 495 if (np->sndflow) 496 sin->sin6_flowinfo = ip6_flowinfo(ip6h); 497 sin->sin6_scope_id = 498 ipv6_iface_scope_id(&sin->sin6_addr, 499 IP6CB(skb)->iif); 500 } else { 501 ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset), 502 &sin->sin6_addr); 503 sin->sin6_scope_id = 0; 504 } 505 *addr_len = sizeof(*sin); 506 } 507 508 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); 509 sin = &errhdr.offender; 510 memset(sin, 0, sizeof(*sin)); 511 512 if (ip6_datagram_support_cmsg(skb, serr)) { 513 sin->sin6_family = AF_INET6; 514 if (np->rxopt.all) 515 ip6_datagram_recv_common_ctl(sk, msg, skb); 516 if (skb->protocol == htons(ETH_P_IPV6)) { 517 sin->sin6_addr = ipv6_hdr(skb)->saddr; 518 if (np->rxopt.all) 519 ip6_datagram_recv_specific_ctl(sk, msg, skb); 520 sin->sin6_scope_id = 521 ipv6_iface_scope_id(&sin->sin6_addr, 522 IP6CB(skb)->iif); 523 } else { 524 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, 525 &sin->sin6_addr); 526 if (inet_sk(sk)->cmsg_flags) 527 ip_cmsg_recv(msg, skb); 528 } 529 } 530 531 put_cmsg(msg, SOL_IPV6, IPV6_RECVERR, sizeof(errhdr), &errhdr); 532 533 /* Now we could try to dump offended packet options */ 534 535 msg->msg_flags |= MSG_ERRQUEUE; 536 err = copied; 537 538 consume_skb(skb); 539 out: 540 return err; 541 } 542 EXPORT_SYMBOL_GPL(ipv6_recv_error); 543 544 /* 545 * Handle IPV6_RECVPATHMTU 546 */ 547 int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len, 548 int *addr_len) 549 { 550 struct ipv6_pinfo *np = inet6_sk(sk); 551 struct sk_buff *skb; 552 struct ip6_mtuinfo mtu_info; 553 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name); 554 int err; 555 int copied; 556 557 err = -EAGAIN; 558 skb = xchg(&np->rxpmtu, NULL); 559 if (!skb) 560 goto out; 561 562 copied = skb->len; 563 if (copied > len) { 564 msg->msg_flags |= MSG_TRUNC; 565 copied = len; 566 } 567 err = skb_copy_datagram_msg(skb, 0, msg, copied); 568 if (err) 569 goto out_free_skb; 570 571 sock_recv_timestamp(msg, sk, skb); 572 573 memcpy(&mtu_info, IP6CBMTU(skb), sizeof(mtu_info)); 574 575 if (sin) { 576 sin->sin6_family = AF_INET6; 577 sin->sin6_flowinfo = 0; 578 sin->sin6_port = 0; 579 sin->sin6_scope_id = mtu_info.ip6m_addr.sin6_scope_id; 580 sin->sin6_addr = mtu_info.ip6m_addr.sin6_addr; 581 *addr_len = sizeof(*sin); 582 } 583 584 put_cmsg(msg, SOL_IPV6, IPV6_PATHMTU, sizeof(mtu_info), &mtu_info); 585 586 err = copied; 587 588 out_free_skb: 589 kfree_skb(skb); 590 out: 591 return err; 592 } 593 594 595 void ip6_datagram_recv_common_ctl(struct sock *sk, struct msghdr *msg, 596 struct sk_buff *skb) 597 { 598 struct ipv6_pinfo *np = inet6_sk(sk); 599 bool is_ipv6 = skb->protocol == htons(ETH_P_IPV6); 600 601 if (np->rxopt.bits.rxinfo) { 602 struct in6_pktinfo src_info; 603 604 if (is_ipv6) { 605 src_info.ipi6_ifindex = IP6CB(skb)->iif; 606 src_info.ipi6_addr = ipv6_hdr(skb)->daddr; 607 } else { 608 src_info.ipi6_ifindex = 609 PKTINFO_SKB_CB(skb)->ipi_ifindex; 610 ipv6_addr_set_v4mapped(ip_hdr(skb)->daddr, 611 &src_info.ipi6_addr); 612 } 613 614 if (src_info.ipi6_ifindex >= 0) 615 put_cmsg(msg, SOL_IPV6, IPV6_PKTINFO, 616 sizeof(src_info), &src_info); 617 } 618 } 619 620 void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg, 621 struct sk_buff *skb) 622 { 623 struct ipv6_pinfo *np = inet6_sk(sk); 624 struct inet6_skb_parm *opt = IP6CB(skb); 625 unsigned char *nh = skb_network_header(skb); 626 627 if (np->rxopt.bits.rxhlim) { 628 int hlim = ipv6_hdr(skb)->hop_limit; 629 put_cmsg(msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 630 } 631 632 if (np->rxopt.bits.rxtclass) { 633 int tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 634 put_cmsg(msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 635 } 636 637 if (np->rxopt.bits.rxflow) { 638 __be32 flowinfo = ip6_flowinfo((struct ipv6hdr *)nh); 639 if (flowinfo) 640 put_cmsg(msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 641 } 642 643 /* HbH is allowed only once */ 644 if (np->rxopt.bits.hopopts && (opt->flags & IP6SKB_HOPBYHOP)) { 645 u8 *ptr = nh + sizeof(struct ipv6hdr); 646 put_cmsg(msg, SOL_IPV6, IPV6_HOPOPTS, (ptr[1]+1)<<3, ptr); 647 } 648 649 if (opt->lastopt && 650 (np->rxopt.bits.dstopts || np->rxopt.bits.srcrt)) { 651 /* 652 * Silly enough, but we need to reparse in order to 653 * report extension headers (except for HbH) 654 * in order. 655 * 656 * Also note that IPV6_RECVRTHDRDSTOPTS is NOT 657 * (and WILL NOT be) defined because 658 * IPV6_RECVDSTOPTS is more generic. --yoshfuji 659 */ 660 unsigned int off = sizeof(struct ipv6hdr); 661 u8 nexthdr = ipv6_hdr(skb)->nexthdr; 662 663 while (off <= opt->lastopt) { 664 unsigned int len; 665 u8 *ptr = nh + off; 666 667 switch (nexthdr) { 668 case IPPROTO_DSTOPTS: 669 nexthdr = ptr[0]; 670 len = (ptr[1] + 1) << 3; 671 if (np->rxopt.bits.dstopts) 672 put_cmsg(msg, SOL_IPV6, IPV6_DSTOPTS, len, ptr); 673 break; 674 case IPPROTO_ROUTING: 675 nexthdr = ptr[0]; 676 len = (ptr[1] + 1) << 3; 677 if (np->rxopt.bits.srcrt) 678 put_cmsg(msg, SOL_IPV6, IPV6_RTHDR, len, ptr); 679 break; 680 case IPPROTO_AH: 681 nexthdr = ptr[0]; 682 len = (ptr[1] + 2) << 2; 683 break; 684 default: 685 nexthdr = ptr[0]; 686 len = (ptr[1] + 1) << 3; 687 break; 688 } 689 690 off += len; 691 } 692 } 693 694 /* socket options in old style */ 695 if (np->rxopt.bits.rxoinfo) { 696 struct in6_pktinfo src_info; 697 698 src_info.ipi6_ifindex = opt->iif; 699 src_info.ipi6_addr = ipv6_hdr(skb)->daddr; 700 put_cmsg(msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 701 } 702 if (np->rxopt.bits.rxohlim) { 703 int hlim = ipv6_hdr(skb)->hop_limit; 704 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 705 } 706 if (np->rxopt.bits.ohopopts && (opt->flags & IP6SKB_HOPBYHOP)) { 707 u8 *ptr = nh + sizeof(struct ipv6hdr); 708 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPOPTS, (ptr[1]+1)<<3, ptr); 709 } 710 if (np->rxopt.bits.odstopts && opt->dst0) { 711 u8 *ptr = nh + opt->dst0; 712 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr); 713 } 714 if (np->rxopt.bits.osrcrt && opt->srcrt) { 715 struct ipv6_rt_hdr *rthdr = (struct ipv6_rt_hdr *)(nh + opt->srcrt); 716 put_cmsg(msg, SOL_IPV6, IPV6_2292RTHDR, (rthdr->hdrlen+1) << 3, rthdr); 717 } 718 if (np->rxopt.bits.odstopts && opt->dst1) { 719 u8 *ptr = nh + opt->dst1; 720 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr); 721 } 722 if (np->rxopt.bits.rxorigdstaddr) { 723 struct sockaddr_in6 sin6; 724 __be16 _ports[2], *ports; 725 726 ports = skb_header_pointer(skb, skb_transport_offset(skb), 727 sizeof(_ports), &_ports); 728 if (ports) { 729 /* All current transport protocols have the port numbers in the 730 * first four bytes of the transport header and this function is 731 * written with this assumption in mind. 732 */ 733 sin6.sin6_family = AF_INET6; 734 sin6.sin6_addr = ipv6_hdr(skb)->daddr; 735 sin6.sin6_port = ports[1]; 736 sin6.sin6_flowinfo = 0; 737 sin6.sin6_scope_id = 738 ipv6_iface_scope_id(&ipv6_hdr(skb)->daddr, 739 opt->iif); 740 741 put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, sizeof(sin6), &sin6); 742 } 743 } 744 if (np->rxopt.bits.recvfragsize && opt->frag_max_size) { 745 int val = opt->frag_max_size; 746 747 put_cmsg(msg, SOL_IPV6, IPV6_RECVFRAGSIZE, sizeof(val), &val); 748 } 749 } 750 751 void ip6_datagram_recv_ctl(struct sock *sk, struct msghdr *msg, 752 struct sk_buff *skb) 753 { 754 ip6_datagram_recv_common_ctl(sk, msg, skb); 755 ip6_datagram_recv_specific_ctl(sk, msg, skb); 756 } 757 EXPORT_SYMBOL_GPL(ip6_datagram_recv_ctl); 758 759 int ip6_datagram_send_ctl(struct net *net, struct sock *sk, 760 struct msghdr *msg, struct flowi6 *fl6, 761 struct ipcm6_cookie *ipc6) 762 { 763 struct in6_pktinfo *src_info; 764 struct cmsghdr *cmsg; 765 struct ipv6_rt_hdr *rthdr; 766 struct ipv6_opt_hdr *hdr; 767 struct ipv6_txoptions *opt = ipc6->opt; 768 int len; 769 int err = 0; 770 771 for_each_cmsghdr(cmsg, msg) { 772 int addr_type; 773 774 if (!CMSG_OK(msg, cmsg)) { 775 err = -EINVAL; 776 goto exit_f; 777 } 778 779 if (cmsg->cmsg_level == SOL_SOCKET) { 780 err = __sock_cmsg_send(sk, cmsg, &ipc6->sockc); 781 if (err) 782 return err; 783 continue; 784 } 785 786 if (cmsg->cmsg_level != SOL_IPV6) 787 continue; 788 789 switch (cmsg->cmsg_type) { 790 case IPV6_PKTINFO: 791 case IPV6_2292PKTINFO: 792 { 793 struct net_device *dev = NULL; 794 int src_idx; 795 796 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) { 797 err = -EINVAL; 798 goto exit_f; 799 } 800 801 src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg); 802 src_idx = src_info->ipi6_ifindex; 803 804 if (src_idx) { 805 if (fl6->flowi6_oif && 806 src_idx != fl6->flowi6_oif && 807 (READ_ONCE(sk->sk_bound_dev_if) != fl6->flowi6_oif || 808 !sk_dev_equal_l3scope(sk, src_idx))) 809 return -EINVAL; 810 fl6->flowi6_oif = src_idx; 811 } 812 813 addr_type = __ipv6_addr_type(&src_info->ipi6_addr); 814 815 rcu_read_lock(); 816 if (fl6->flowi6_oif) { 817 dev = dev_get_by_index_rcu(net, fl6->flowi6_oif); 818 if (!dev) { 819 rcu_read_unlock(); 820 return -ENODEV; 821 } 822 } else if (addr_type & IPV6_ADDR_LINKLOCAL) { 823 rcu_read_unlock(); 824 return -EINVAL; 825 } 826 827 if (addr_type != IPV6_ADDR_ANY) { 828 int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL; 829 if (!ipv6_can_nonlocal_bind(net, inet_sk(sk)) && 830 !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr, 831 dev, !strict, 0, 832 IFA_F_TENTATIVE) && 833 !ipv6_chk_acast_addr_src(net, dev, 834 &src_info->ipi6_addr)) 835 err = -EINVAL; 836 else 837 fl6->saddr = src_info->ipi6_addr; 838 } 839 840 rcu_read_unlock(); 841 842 if (err) 843 goto exit_f; 844 845 break; 846 } 847 848 case IPV6_FLOWINFO: 849 if (cmsg->cmsg_len < CMSG_LEN(4)) { 850 err = -EINVAL; 851 goto exit_f; 852 } 853 854 if (fl6->flowlabel&IPV6_FLOWINFO_MASK) { 855 if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) { 856 err = -EINVAL; 857 goto exit_f; 858 } 859 } 860 fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg); 861 break; 862 863 case IPV6_2292HOPOPTS: 864 case IPV6_HOPOPTS: 865 if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { 866 err = -EINVAL; 867 goto exit_f; 868 } 869 870 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); 871 len = ((hdr->hdrlen + 1) << 3); 872 if (cmsg->cmsg_len < CMSG_LEN(len)) { 873 err = -EINVAL; 874 goto exit_f; 875 } 876 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { 877 err = -EPERM; 878 goto exit_f; 879 } 880 opt->opt_nflen += len; 881 opt->hopopt = hdr; 882 break; 883 884 case IPV6_2292DSTOPTS: 885 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { 886 err = -EINVAL; 887 goto exit_f; 888 } 889 890 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); 891 len = ((hdr->hdrlen + 1) << 3); 892 if (cmsg->cmsg_len < CMSG_LEN(len)) { 893 err = -EINVAL; 894 goto exit_f; 895 } 896 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { 897 err = -EPERM; 898 goto exit_f; 899 } 900 if (opt->dst1opt) { 901 err = -EINVAL; 902 goto exit_f; 903 } 904 opt->opt_flen += len; 905 opt->dst1opt = hdr; 906 break; 907 908 case IPV6_DSTOPTS: 909 case IPV6_RTHDRDSTOPTS: 910 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { 911 err = -EINVAL; 912 goto exit_f; 913 } 914 915 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); 916 len = ((hdr->hdrlen + 1) << 3); 917 if (cmsg->cmsg_len < CMSG_LEN(len)) { 918 err = -EINVAL; 919 goto exit_f; 920 } 921 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { 922 err = -EPERM; 923 goto exit_f; 924 } 925 if (cmsg->cmsg_type == IPV6_DSTOPTS) { 926 opt->opt_flen += len; 927 opt->dst1opt = hdr; 928 } else { 929 opt->opt_nflen += len; 930 opt->dst0opt = hdr; 931 } 932 break; 933 934 case IPV6_2292RTHDR: 935 case IPV6_RTHDR: 936 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_rt_hdr))) { 937 err = -EINVAL; 938 goto exit_f; 939 } 940 941 rthdr = (struct ipv6_rt_hdr *)CMSG_DATA(cmsg); 942 943 switch (rthdr->type) { 944 #if IS_ENABLED(CONFIG_IPV6_MIP6) 945 case IPV6_SRCRT_TYPE_2: 946 if (rthdr->hdrlen != 2 || 947 rthdr->segments_left != 1) { 948 err = -EINVAL; 949 goto exit_f; 950 } 951 break; 952 #endif 953 default: 954 err = -EINVAL; 955 goto exit_f; 956 } 957 958 len = ((rthdr->hdrlen + 1) << 3); 959 960 if (cmsg->cmsg_len < CMSG_LEN(len)) { 961 err = -EINVAL; 962 goto exit_f; 963 } 964 965 /* segments left must also match */ 966 if ((rthdr->hdrlen >> 1) != rthdr->segments_left) { 967 err = -EINVAL; 968 goto exit_f; 969 } 970 971 opt->opt_nflen += len; 972 opt->srcrt = rthdr; 973 974 if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) { 975 int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3); 976 977 opt->opt_nflen += dsthdrlen; 978 opt->dst0opt = opt->dst1opt; 979 opt->dst1opt = NULL; 980 opt->opt_flen -= dsthdrlen; 981 } 982 983 break; 984 985 case IPV6_2292HOPLIMIT: 986 case IPV6_HOPLIMIT: 987 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) { 988 err = -EINVAL; 989 goto exit_f; 990 } 991 992 ipc6->hlimit = *(int *)CMSG_DATA(cmsg); 993 if (ipc6->hlimit < -1 || ipc6->hlimit > 0xff) { 994 err = -EINVAL; 995 goto exit_f; 996 } 997 998 break; 999 1000 case IPV6_TCLASS: 1001 { 1002 int tc; 1003 1004 err = -EINVAL; 1005 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) 1006 goto exit_f; 1007 1008 tc = *(int *)CMSG_DATA(cmsg); 1009 if (tc < -1 || tc > 0xff) 1010 goto exit_f; 1011 1012 err = 0; 1013 ipc6->tclass = tc; 1014 1015 break; 1016 } 1017 1018 case IPV6_DONTFRAG: 1019 { 1020 int df; 1021 1022 err = -EINVAL; 1023 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) 1024 goto exit_f; 1025 1026 df = *(int *)CMSG_DATA(cmsg); 1027 if (df < 0 || df > 1) 1028 goto exit_f; 1029 1030 err = 0; 1031 ipc6->dontfrag = df; 1032 1033 break; 1034 } 1035 default: 1036 net_dbg_ratelimited("invalid cmsg type: %d\n", 1037 cmsg->cmsg_type); 1038 err = -EINVAL; 1039 goto exit_f; 1040 } 1041 } 1042 1043 exit_f: 1044 return err; 1045 } 1046 EXPORT_SYMBOL_GPL(ip6_datagram_send_ctl); 1047 1048 void __ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, 1049 __u16 srcp, __u16 destp, int rqueue, int bucket) 1050 { 1051 const struct in6_addr *dest, *src; 1052 1053 dest = &sp->sk_v6_daddr; 1054 src = &sp->sk_v6_rcv_saddr; 1055 seq_printf(seq, 1056 "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1057 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n", 1058 bucket, 1059 src->s6_addr32[0], src->s6_addr32[1], 1060 src->s6_addr32[2], src->s6_addr32[3], srcp, 1061 dest->s6_addr32[0], dest->s6_addr32[1], 1062 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1063 sp->sk_state, 1064 sk_wmem_alloc_get(sp), 1065 rqueue, 1066 0, 0L, 0, 1067 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1068 0, 1069 sock_i_ino(sp), 1070 refcount_read(&sp->sk_refcnt), sp, 1071 atomic_read(&sp->sk_drops)); 1072 } 1073