xref: /linux/net/ipv6/datagram.c (revision 57f273adbcd44172cbe0bd10b8b7408dd255699f) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	common UDP/RAW code
4  *	Linux INET6 implementation
5  *
6  *	Authors:
7  *	Pedro Roque		<roque@di.fc.ul.pt>
8  */
9 
10 #include <linux/capability.h>
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 #include <linux/kernel.h>
14 #include <linux/interrupt.h>
15 #include <linux/socket.h>
16 #include <linux/sockios.h>
17 #include <linux/in6.h>
18 #include <linux/ipv6.h>
19 #include <linux/route.h>
20 #include <linux/slab.h>
21 #include <linux/export.h>
22 #include <linux/icmp.h>
23 
24 #include <net/ipv6.h>
25 #include <net/ndisc.h>
26 #include <net/addrconf.h>
27 #include <net/transp_v6.h>
28 #include <net/ip6_route.h>
29 #include <net/tcp_states.h>
30 #include <net/dsfield.h>
31 #include <net/sock_reuseport.h>
32 
33 #include <linux/errqueue.h>
34 #include <linux/uaccess.h>
35 
36 static bool ipv6_mapped_addr_any(const struct in6_addr *a)
37 {
38 	return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0);
39 }
40 
41 static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk)
42 {
43 	struct inet_sock *inet = inet_sk(sk);
44 	struct ipv6_pinfo *np = inet6_sk(sk);
45 
46 	memset(fl6, 0, sizeof(*fl6));
47 	fl6->flowi6_proto = sk->sk_protocol;
48 	fl6->daddr = sk->sk_v6_daddr;
49 	fl6->saddr = np->saddr;
50 	fl6->flowi6_oif = sk->sk_bound_dev_if;
51 	fl6->flowi6_mark = sk->sk_mark;
52 	fl6->fl6_dport = inet->inet_dport;
53 	fl6->fl6_sport = inet->inet_sport;
54 	fl6->flowlabel = np->flow_label;
55 	fl6->flowi6_uid = sk->sk_uid;
56 
57 	if (!fl6->flowi6_oif)
58 		fl6->flowi6_oif = np->sticky_pktinfo.ipi6_ifindex;
59 
60 	if (!fl6->flowi6_oif && ipv6_addr_is_multicast(&fl6->daddr))
61 		fl6->flowi6_oif = np->mcast_oif;
62 
63 	security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
64 }
65 
66 int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr)
67 {
68 	struct ip6_flowlabel *flowlabel = NULL;
69 	struct in6_addr *final_p, final;
70 	struct ipv6_txoptions *opt;
71 	struct dst_entry *dst;
72 	struct inet_sock *inet = inet_sk(sk);
73 	struct ipv6_pinfo *np = inet6_sk(sk);
74 	struct flowi6 fl6;
75 	int err = 0;
76 
77 	if (np->sndflow && (np->flow_label & IPV6_FLOWLABEL_MASK)) {
78 		flowlabel = fl6_sock_lookup(sk, np->flow_label);
79 		if (IS_ERR(flowlabel))
80 			return -EINVAL;
81 	}
82 	ip6_datagram_flow_key_init(&fl6, sk);
83 
84 	rcu_read_lock();
85 	opt = flowlabel ? flowlabel->opt : rcu_dereference(np->opt);
86 	final_p = fl6_update_dst(&fl6, opt, &final);
87 	rcu_read_unlock();
88 
89 	dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
90 	if (IS_ERR(dst)) {
91 		err = PTR_ERR(dst);
92 		goto out;
93 	}
94 
95 	if (fix_sk_saddr) {
96 		if (ipv6_addr_any(&np->saddr))
97 			np->saddr = fl6.saddr;
98 
99 		if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
100 			sk->sk_v6_rcv_saddr = fl6.saddr;
101 			inet->inet_rcv_saddr = LOOPBACK4_IPV6;
102 			if (sk->sk_prot->rehash)
103 				sk->sk_prot->rehash(sk);
104 		}
105 	}
106 
107 	ip6_sk_dst_store_flow(sk, dst, &fl6);
108 
109 out:
110 	fl6_sock_release(flowlabel);
111 	return err;
112 }
113 
114 void ip6_datagram_release_cb(struct sock *sk)
115 {
116 	struct dst_entry *dst;
117 
118 	if (ipv6_addr_v4mapped(&sk->sk_v6_daddr))
119 		return;
120 
121 	rcu_read_lock();
122 	dst = __sk_dst_get(sk);
123 	if (!dst || !dst->obsolete ||
124 	    dst->ops->check(dst, inet6_sk(sk)->dst_cookie)) {
125 		rcu_read_unlock();
126 		return;
127 	}
128 	rcu_read_unlock();
129 
130 	ip6_datagram_dst_update(sk, false);
131 }
132 EXPORT_SYMBOL_GPL(ip6_datagram_release_cb);
133 
134 int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr,
135 			   int addr_len)
136 {
137 	struct sockaddr_in6	*usin = (struct sockaddr_in6 *) uaddr;
138 	struct inet_sock	*inet = inet_sk(sk);
139 	struct ipv6_pinfo	*np = inet6_sk(sk);
140 	struct in6_addr		*daddr, old_daddr;
141 	__be32			fl6_flowlabel = 0;
142 	__be32			old_fl6_flowlabel;
143 	__be16			old_dport;
144 	int			addr_type;
145 	int			err;
146 
147 	if (usin->sin6_family == AF_INET) {
148 		if (ipv6_only_sock(sk))
149 			return -EAFNOSUPPORT;
150 		err = __ip4_datagram_connect(sk, uaddr, addr_len);
151 		goto ipv4_connected;
152 	}
153 
154 	if (addr_len < SIN6_LEN_RFC2133)
155 		return -EINVAL;
156 
157 	if (usin->sin6_family != AF_INET6)
158 		return -EAFNOSUPPORT;
159 
160 	if (np->sndflow)
161 		fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
162 
163 	if (ipv6_addr_any(&usin->sin6_addr)) {
164 		/*
165 		 *	connect to self
166 		 */
167 		if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
168 			ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
169 					       &usin->sin6_addr);
170 		else
171 			usin->sin6_addr = in6addr_loopback;
172 	}
173 
174 	addr_type = ipv6_addr_type(&usin->sin6_addr);
175 
176 	daddr = &usin->sin6_addr;
177 
178 	if (addr_type & IPV6_ADDR_MAPPED) {
179 		struct sockaddr_in sin;
180 
181 		if (ipv6_only_sock(sk)) {
182 			err = -ENETUNREACH;
183 			goto out;
184 		}
185 		sin.sin_family = AF_INET;
186 		sin.sin_addr.s_addr = daddr->s6_addr32[3];
187 		sin.sin_port = usin->sin6_port;
188 
189 		err = __ip4_datagram_connect(sk,
190 					     (struct sockaddr *) &sin,
191 					     sizeof(sin));
192 
193 ipv4_connected:
194 		if (err)
195 			goto out;
196 
197 		ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr);
198 
199 		if (ipv6_addr_any(&np->saddr) ||
200 		    ipv6_mapped_addr_any(&np->saddr))
201 			ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
202 
203 		if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) ||
204 		    ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) {
205 			ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
206 					       &sk->sk_v6_rcv_saddr);
207 			if (sk->sk_prot->rehash)
208 				sk->sk_prot->rehash(sk);
209 		}
210 
211 		goto out;
212 	}
213 
214 	if (__ipv6_addr_needs_scope_id(addr_type)) {
215 		if (addr_len >= sizeof(struct sockaddr_in6) &&
216 		    usin->sin6_scope_id) {
217 			if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) {
218 				err = -EINVAL;
219 				goto out;
220 			}
221 			WRITE_ONCE(sk->sk_bound_dev_if, usin->sin6_scope_id);
222 		}
223 
224 		if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST))
225 			WRITE_ONCE(sk->sk_bound_dev_if, np->mcast_oif);
226 
227 		/* Connect to link-local address requires an interface */
228 		if (!sk->sk_bound_dev_if) {
229 			err = -EINVAL;
230 			goto out;
231 		}
232 	}
233 
234 	/* save the current peer information before updating it */
235 	old_daddr = sk->sk_v6_daddr;
236 	old_fl6_flowlabel = np->flow_label;
237 	old_dport = inet->inet_dport;
238 
239 	sk->sk_v6_daddr = *daddr;
240 	np->flow_label = fl6_flowlabel;
241 	inet->inet_dport = usin->sin6_port;
242 
243 	/*
244 	 *	Check for a route to destination an obtain the
245 	 *	destination cache for it.
246 	 */
247 
248 	err = ip6_datagram_dst_update(sk, true);
249 	if (err) {
250 		/* Restore the socket peer info, to keep it consistent with
251 		 * the old socket state
252 		 */
253 		sk->sk_v6_daddr = old_daddr;
254 		np->flow_label = old_fl6_flowlabel;
255 		inet->inet_dport = old_dport;
256 		goto out;
257 	}
258 
259 	reuseport_has_conns_set(sk);
260 	sk->sk_state = TCP_ESTABLISHED;
261 	sk_set_txhash(sk);
262 out:
263 	return err;
264 }
265 EXPORT_SYMBOL_GPL(__ip6_datagram_connect);
266 
267 int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
268 {
269 	int res;
270 
271 	lock_sock(sk);
272 	res = __ip6_datagram_connect(sk, uaddr, addr_len);
273 	release_sock(sk);
274 	return res;
275 }
276 EXPORT_SYMBOL_GPL(ip6_datagram_connect);
277 
278 int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr,
279 				 int addr_len)
280 {
281 	DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, uaddr);
282 	if (sin6->sin6_family != AF_INET6)
283 		return -EAFNOSUPPORT;
284 	return ip6_datagram_connect(sk, uaddr, addr_len);
285 }
286 EXPORT_SYMBOL_GPL(ip6_datagram_connect_v6_only);
287 
288 static void ipv6_icmp_error_rfc4884(const struct sk_buff *skb,
289 				    struct sock_ee_data_rfc4884 *out)
290 {
291 	switch (icmp6_hdr(skb)->icmp6_type) {
292 	case ICMPV6_TIME_EXCEED:
293 	case ICMPV6_DEST_UNREACH:
294 		ip_icmp_error_rfc4884(skb, out, sizeof(struct icmp6hdr),
295 				      icmp6_hdr(skb)->icmp6_datagram_len * 8);
296 	}
297 }
298 
299 void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
300 		     __be16 port, u32 info, u8 *payload)
301 {
302 	struct ipv6_pinfo *np  = inet6_sk(sk);
303 	struct icmp6hdr *icmph = icmp6_hdr(skb);
304 	struct sock_exterr_skb *serr;
305 
306 	if (!np->recverr)
307 		return;
308 
309 	skb = skb_clone(skb, GFP_ATOMIC);
310 	if (!skb)
311 		return;
312 
313 	skb->protocol = htons(ETH_P_IPV6);
314 
315 	serr = SKB_EXT_ERR(skb);
316 	serr->ee.ee_errno = err;
317 	serr->ee.ee_origin = SO_EE_ORIGIN_ICMP6;
318 	serr->ee.ee_type = icmph->icmp6_type;
319 	serr->ee.ee_code = icmph->icmp6_code;
320 	serr->ee.ee_pad = 0;
321 	serr->ee.ee_info = info;
322 	serr->ee.ee_data = 0;
323 	serr->addr_offset = (u8 *)&(((struct ipv6hdr *)(icmph + 1))->daddr) -
324 				  skb_network_header(skb);
325 	serr->port = port;
326 
327 	__skb_pull(skb, payload - skb->data);
328 
329 	if (inet6_sk(sk)->recverr_rfc4884)
330 		ipv6_icmp_error_rfc4884(skb, &serr->ee.ee_rfc4884);
331 
332 	skb_reset_transport_header(skb);
333 
334 	if (sock_queue_err_skb(sk, skb))
335 		kfree_skb(skb);
336 }
337 EXPORT_SYMBOL_GPL(ipv6_icmp_error);
338 
339 void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info)
340 {
341 	const struct ipv6_pinfo *np = inet6_sk(sk);
342 	struct sock_exterr_skb *serr;
343 	struct ipv6hdr *iph;
344 	struct sk_buff *skb;
345 
346 	if (!np->recverr)
347 		return;
348 
349 	skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
350 	if (!skb)
351 		return;
352 
353 	skb->protocol = htons(ETH_P_IPV6);
354 
355 	skb_put(skb, sizeof(struct ipv6hdr));
356 	skb_reset_network_header(skb);
357 	iph = ipv6_hdr(skb);
358 	iph->daddr = fl6->daddr;
359 	ip6_flow_hdr(iph, 0, 0);
360 
361 	serr = SKB_EXT_ERR(skb);
362 	serr->ee.ee_errno = err;
363 	serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
364 	serr->ee.ee_type = 0;
365 	serr->ee.ee_code = 0;
366 	serr->ee.ee_pad = 0;
367 	serr->ee.ee_info = info;
368 	serr->ee.ee_data = 0;
369 	serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb);
370 	serr->port = fl6->fl6_dport;
371 
372 	__skb_pull(skb, skb_tail_pointer(skb) - skb->data);
373 	skb_reset_transport_header(skb);
374 
375 	if (sock_queue_err_skb(sk, skb))
376 		kfree_skb(skb);
377 }
378 
379 void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu)
380 {
381 	struct ipv6_pinfo *np = inet6_sk(sk);
382 	struct ipv6hdr *iph;
383 	struct sk_buff *skb;
384 	struct ip6_mtuinfo *mtu_info;
385 
386 	if (!np->rxopt.bits.rxpmtu)
387 		return;
388 
389 	skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
390 	if (!skb)
391 		return;
392 
393 	skb_put(skb, sizeof(struct ipv6hdr));
394 	skb_reset_network_header(skb);
395 	iph = ipv6_hdr(skb);
396 	iph->daddr = fl6->daddr;
397 
398 	mtu_info = IP6CBMTU(skb);
399 
400 	mtu_info->ip6m_mtu = mtu;
401 	mtu_info->ip6m_addr.sin6_family = AF_INET6;
402 	mtu_info->ip6m_addr.sin6_port = 0;
403 	mtu_info->ip6m_addr.sin6_flowinfo = 0;
404 	mtu_info->ip6m_addr.sin6_scope_id = fl6->flowi6_oif;
405 	mtu_info->ip6m_addr.sin6_addr = ipv6_hdr(skb)->daddr;
406 
407 	__skb_pull(skb, skb_tail_pointer(skb) - skb->data);
408 	skb_reset_transport_header(skb);
409 
410 	skb = xchg(&np->rxpmtu, skb);
411 	kfree_skb(skb);
412 }
413 
414 /* For some errors we have valid addr_offset even with zero payload and
415  * zero port. Also, addr_offset should be supported if port is set.
416  */
417 static inline bool ipv6_datagram_support_addr(struct sock_exterr_skb *serr)
418 {
419 	return serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6 ||
420 	       serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
421 	       serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL || serr->port;
422 }
423 
424 /* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL.
425  *
426  * At one point, excluding local errors was a quick test to identify icmp/icmp6
427  * errors. This is no longer true, but the test remained, so the v6 stack,
428  * unlike v4, also honors cmsg requests on all wifi and timestamp errors.
429  */
430 static bool ip6_datagram_support_cmsg(struct sk_buff *skb,
431 				      struct sock_exterr_skb *serr)
432 {
433 	if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
434 	    serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6)
435 		return true;
436 
437 	if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL)
438 		return false;
439 
440 	if (!IP6CB(skb)->iif)
441 		return false;
442 
443 	return true;
444 }
445 
446 /*
447  *	Handle MSG_ERRQUEUE
448  */
449 int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
450 {
451 	struct ipv6_pinfo *np = inet6_sk(sk);
452 	struct sock_exterr_skb *serr;
453 	struct sk_buff *skb;
454 	DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name);
455 	struct {
456 		struct sock_extended_err ee;
457 		struct sockaddr_in6	 offender;
458 	} errhdr;
459 	int err;
460 	int copied;
461 
462 	err = -EAGAIN;
463 	skb = sock_dequeue_err_skb(sk);
464 	if (!skb)
465 		goto out;
466 
467 	copied = skb->len;
468 	if (copied > len) {
469 		msg->msg_flags |= MSG_TRUNC;
470 		copied = len;
471 	}
472 	err = skb_copy_datagram_msg(skb, 0, msg, copied);
473 	if (unlikely(err)) {
474 		kfree_skb(skb);
475 		return err;
476 	}
477 	sock_recv_timestamp(msg, sk, skb);
478 
479 	serr = SKB_EXT_ERR(skb);
480 
481 	if (sin && ipv6_datagram_support_addr(serr)) {
482 		const unsigned char *nh = skb_network_header(skb);
483 		sin->sin6_family = AF_INET6;
484 		sin->sin6_flowinfo = 0;
485 		sin->sin6_port = serr->port;
486 		if (skb->protocol == htons(ETH_P_IPV6)) {
487 			const struct ipv6hdr *ip6h = container_of((struct in6_addr *)(nh + serr->addr_offset),
488 								  struct ipv6hdr, daddr);
489 			sin->sin6_addr = ip6h->daddr;
490 			if (np->sndflow)
491 				sin->sin6_flowinfo = ip6_flowinfo(ip6h);
492 			sin->sin6_scope_id =
493 				ipv6_iface_scope_id(&sin->sin6_addr,
494 						    IP6CB(skb)->iif);
495 		} else {
496 			ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset),
497 					       &sin->sin6_addr);
498 			sin->sin6_scope_id = 0;
499 		}
500 		*addr_len = sizeof(*sin);
501 	}
502 
503 	memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
504 	sin = &errhdr.offender;
505 	memset(sin, 0, sizeof(*sin));
506 
507 	if (ip6_datagram_support_cmsg(skb, serr)) {
508 		sin->sin6_family = AF_INET6;
509 		if (np->rxopt.all)
510 			ip6_datagram_recv_common_ctl(sk, msg, skb);
511 		if (skb->protocol == htons(ETH_P_IPV6)) {
512 			sin->sin6_addr = ipv6_hdr(skb)->saddr;
513 			if (np->rxopt.all)
514 				ip6_datagram_recv_specific_ctl(sk, msg, skb);
515 			sin->sin6_scope_id =
516 				ipv6_iface_scope_id(&sin->sin6_addr,
517 						    IP6CB(skb)->iif);
518 		} else {
519 			ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr,
520 					       &sin->sin6_addr);
521 			if (inet_sk(sk)->cmsg_flags)
522 				ip_cmsg_recv(msg, skb);
523 		}
524 	}
525 
526 	put_cmsg(msg, SOL_IPV6, IPV6_RECVERR, sizeof(errhdr), &errhdr);
527 
528 	/* Now we could try to dump offended packet options */
529 
530 	msg->msg_flags |= MSG_ERRQUEUE;
531 	err = copied;
532 
533 	consume_skb(skb);
534 out:
535 	return err;
536 }
537 EXPORT_SYMBOL_GPL(ipv6_recv_error);
538 
539 /*
540  *	Handle IPV6_RECVPATHMTU
541  */
542 int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len,
543 		     int *addr_len)
544 {
545 	struct ipv6_pinfo *np = inet6_sk(sk);
546 	struct sk_buff *skb;
547 	struct ip6_mtuinfo mtu_info;
548 	DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name);
549 	int err;
550 	int copied;
551 
552 	err = -EAGAIN;
553 	skb = xchg(&np->rxpmtu, NULL);
554 	if (!skb)
555 		goto out;
556 
557 	copied = skb->len;
558 	if (copied > len) {
559 		msg->msg_flags |= MSG_TRUNC;
560 		copied = len;
561 	}
562 	err = skb_copy_datagram_msg(skb, 0, msg, copied);
563 	if (err)
564 		goto out_free_skb;
565 
566 	sock_recv_timestamp(msg, sk, skb);
567 
568 	memcpy(&mtu_info, IP6CBMTU(skb), sizeof(mtu_info));
569 
570 	if (sin) {
571 		sin->sin6_family = AF_INET6;
572 		sin->sin6_flowinfo = 0;
573 		sin->sin6_port = 0;
574 		sin->sin6_scope_id = mtu_info.ip6m_addr.sin6_scope_id;
575 		sin->sin6_addr = mtu_info.ip6m_addr.sin6_addr;
576 		*addr_len = sizeof(*sin);
577 	}
578 
579 	put_cmsg(msg, SOL_IPV6, IPV6_PATHMTU, sizeof(mtu_info), &mtu_info);
580 
581 	err = copied;
582 
583 out_free_skb:
584 	kfree_skb(skb);
585 out:
586 	return err;
587 }
588 
589 
590 void ip6_datagram_recv_common_ctl(struct sock *sk, struct msghdr *msg,
591 				 struct sk_buff *skb)
592 {
593 	struct ipv6_pinfo *np = inet6_sk(sk);
594 	bool is_ipv6 = skb->protocol == htons(ETH_P_IPV6);
595 
596 	if (np->rxopt.bits.rxinfo) {
597 		struct in6_pktinfo src_info;
598 
599 		if (is_ipv6) {
600 			src_info.ipi6_ifindex = IP6CB(skb)->iif;
601 			src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
602 		} else {
603 			src_info.ipi6_ifindex =
604 				PKTINFO_SKB_CB(skb)->ipi_ifindex;
605 			ipv6_addr_set_v4mapped(ip_hdr(skb)->daddr,
606 					       &src_info.ipi6_addr);
607 		}
608 
609 		if (src_info.ipi6_ifindex >= 0)
610 			put_cmsg(msg, SOL_IPV6, IPV6_PKTINFO,
611 				 sizeof(src_info), &src_info);
612 	}
613 }
614 
615 void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg,
616 				    struct sk_buff *skb)
617 {
618 	struct ipv6_pinfo *np = inet6_sk(sk);
619 	struct inet6_skb_parm *opt = IP6CB(skb);
620 	unsigned char *nh = skb_network_header(skb);
621 
622 	if (np->rxopt.bits.rxhlim) {
623 		int hlim = ipv6_hdr(skb)->hop_limit;
624 		put_cmsg(msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
625 	}
626 
627 	if (np->rxopt.bits.rxtclass) {
628 		int tclass = ipv6_get_dsfield(ipv6_hdr(skb));
629 		put_cmsg(msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
630 	}
631 
632 	if (np->rxopt.bits.rxflow) {
633 		__be32 flowinfo = ip6_flowinfo((struct ipv6hdr *)nh);
634 		if (flowinfo)
635 			put_cmsg(msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
636 	}
637 
638 	/* HbH is allowed only once */
639 	if (np->rxopt.bits.hopopts && (opt->flags & IP6SKB_HOPBYHOP)) {
640 		u8 *ptr = nh + sizeof(struct ipv6hdr);
641 		put_cmsg(msg, SOL_IPV6, IPV6_HOPOPTS, (ptr[1]+1)<<3, ptr);
642 	}
643 
644 	if (opt->lastopt &&
645 	    (np->rxopt.bits.dstopts || np->rxopt.bits.srcrt)) {
646 		/*
647 		 * Silly enough, but we need to reparse in order to
648 		 * report extension headers (except for HbH)
649 		 * in order.
650 		 *
651 		 * Also note that IPV6_RECVRTHDRDSTOPTS is NOT
652 		 * (and WILL NOT be) defined because
653 		 * IPV6_RECVDSTOPTS is more generic. --yoshfuji
654 		 */
655 		unsigned int off = sizeof(struct ipv6hdr);
656 		u8 nexthdr = ipv6_hdr(skb)->nexthdr;
657 
658 		while (off <= opt->lastopt) {
659 			unsigned int len;
660 			u8 *ptr = nh + off;
661 
662 			switch (nexthdr) {
663 			case IPPROTO_DSTOPTS:
664 				nexthdr = ptr[0];
665 				len = (ptr[1] + 1) << 3;
666 				if (np->rxopt.bits.dstopts)
667 					put_cmsg(msg, SOL_IPV6, IPV6_DSTOPTS, len, ptr);
668 				break;
669 			case IPPROTO_ROUTING:
670 				nexthdr = ptr[0];
671 				len = (ptr[1] + 1) << 3;
672 				if (np->rxopt.bits.srcrt)
673 					put_cmsg(msg, SOL_IPV6, IPV6_RTHDR, len, ptr);
674 				break;
675 			case IPPROTO_AH:
676 				nexthdr = ptr[0];
677 				len = (ptr[1] + 2) << 2;
678 				break;
679 			default:
680 				nexthdr = ptr[0];
681 				len = (ptr[1] + 1) << 3;
682 				break;
683 			}
684 
685 			off += len;
686 		}
687 	}
688 
689 	/* socket options in old style */
690 	if (np->rxopt.bits.rxoinfo) {
691 		struct in6_pktinfo src_info;
692 
693 		src_info.ipi6_ifindex = opt->iif;
694 		src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
695 		put_cmsg(msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
696 	}
697 	if (np->rxopt.bits.rxohlim) {
698 		int hlim = ipv6_hdr(skb)->hop_limit;
699 		put_cmsg(msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
700 	}
701 	if (np->rxopt.bits.ohopopts && (opt->flags & IP6SKB_HOPBYHOP)) {
702 		u8 *ptr = nh + sizeof(struct ipv6hdr);
703 		put_cmsg(msg, SOL_IPV6, IPV6_2292HOPOPTS, (ptr[1]+1)<<3, ptr);
704 	}
705 	if (np->rxopt.bits.odstopts && opt->dst0) {
706 		u8 *ptr = nh + opt->dst0;
707 		put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
708 	}
709 	if (np->rxopt.bits.osrcrt && opt->srcrt) {
710 		struct ipv6_rt_hdr *rthdr = (struct ipv6_rt_hdr *)(nh + opt->srcrt);
711 		put_cmsg(msg, SOL_IPV6, IPV6_2292RTHDR, (rthdr->hdrlen+1) << 3, rthdr);
712 	}
713 	if (np->rxopt.bits.odstopts && opt->dst1) {
714 		u8 *ptr = nh + opt->dst1;
715 		put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
716 	}
717 	if (np->rxopt.bits.rxorigdstaddr) {
718 		struct sockaddr_in6 sin6;
719 		__be16 _ports[2], *ports;
720 
721 		ports = skb_header_pointer(skb, skb_transport_offset(skb),
722 					   sizeof(_ports), &_ports);
723 		if (ports) {
724 			/* All current transport protocols have the port numbers in the
725 			 * first four bytes of the transport header and this function is
726 			 * written with this assumption in mind.
727 			 */
728 			sin6.sin6_family = AF_INET6;
729 			sin6.sin6_addr = ipv6_hdr(skb)->daddr;
730 			sin6.sin6_port = ports[1];
731 			sin6.sin6_flowinfo = 0;
732 			sin6.sin6_scope_id =
733 				ipv6_iface_scope_id(&ipv6_hdr(skb)->daddr,
734 						    opt->iif);
735 
736 			put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, sizeof(sin6), &sin6);
737 		}
738 	}
739 	if (np->rxopt.bits.recvfragsize && opt->frag_max_size) {
740 		int val = opt->frag_max_size;
741 
742 		put_cmsg(msg, SOL_IPV6, IPV6_RECVFRAGSIZE, sizeof(val), &val);
743 	}
744 }
745 
746 void ip6_datagram_recv_ctl(struct sock *sk, struct msghdr *msg,
747 			  struct sk_buff *skb)
748 {
749 	ip6_datagram_recv_common_ctl(sk, msg, skb);
750 	ip6_datagram_recv_specific_ctl(sk, msg, skb);
751 }
752 EXPORT_SYMBOL_GPL(ip6_datagram_recv_ctl);
753 
754 int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
755 			  struct msghdr *msg, struct flowi6 *fl6,
756 			  struct ipcm6_cookie *ipc6)
757 {
758 	struct in6_pktinfo *src_info;
759 	struct cmsghdr *cmsg;
760 	struct ipv6_rt_hdr *rthdr;
761 	struct ipv6_opt_hdr *hdr;
762 	struct ipv6_txoptions *opt = ipc6->opt;
763 	int len;
764 	int err = 0;
765 
766 	for_each_cmsghdr(cmsg, msg) {
767 		int addr_type;
768 
769 		if (!CMSG_OK(msg, cmsg)) {
770 			err = -EINVAL;
771 			goto exit_f;
772 		}
773 
774 		if (cmsg->cmsg_level == SOL_SOCKET) {
775 			err = __sock_cmsg_send(sk, cmsg, &ipc6->sockc);
776 			if (err)
777 				return err;
778 			continue;
779 		}
780 
781 		if (cmsg->cmsg_level != SOL_IPV6)
782 			continue;
783 
784 		switch (cmsg->cmsg_type) {
785 		case IPV6_PKTINFO:
786 		case IPV6_2292PKTINFO:
787 		    {
788 			struct net_device *dev = NULL;
789 			int src_idx;
790 
791 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
792 				err = -EINVAL;
793 				goto exit_f;
794 			}
795 
796 			src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg);
797 			src_idx = src_info->ipi6_ifindex;
798 
799 			if (src_idx) {
800 				if (fl6->flowi6_oif &&
801 				    src_idx != fl6->flowi6_oif &&
802 				    (READ_ONCE(sk->sk_bound_dev_if) != fl6->flowi6_oif ||
803 				     !sk_dev_equal_l3scope(sk, src_idx)))
804 					return -EINVAL;
805 				fl6->flowi6_oif = src_idx;
806 			}
807 
808 			addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
809 
810 			rcu_read_lock();
811 			if (fl6->flowi6_oif) {
812 				dev = dev_get_by_index_rcu(net, fl6->flowi6_oif);
813 				if (!dev) {
814 					rcu_read_unlock();
815 					return -ENODEV;
816 				}
817 			} else if (addr_type & IPV6_ADDR_LINKLOCAL) {
818 				rcu_read_unlock();
819 				return -EINVAL;
820 			}
821 
822 			if (addr_type != IPV6_ADDR_ANY) {
823 				int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
824 				if (!ipv6_can_nonlocal_bind(net, inet_sk(sk)) &&
825 				    !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr,
826 							     dev, !strict, 0,
827 							     IFA_F_TENTATIVE) &&
828 				    !ipv6_chk_acast_addr_src(net, dev,
829 							     &src_info->ipi6_addr))
830 					err = -EINVAL;
831 				else
832 					fl6->saddr = src_info->ipi6_addr;
833 			}
834 
835 			rcu_read_unlock();
836 
837 			if (err)
838 				goto exit_f;
839 
840 			break;
841 		    }
842 
843 		case IPV6_FLOWINFO:
844 			if (cmsg->cmsg_len < CMSG_LEN(4)) {
845 				err = -EINVAL;
846 				goto exit_f;
847 			}
848 
849 			if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
850 				if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) {
851 					err = -EINVAL;
852 					goto exit_f;
853 				}
854 			}
855 			fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg);
856 			break;
857 
858 		case IPV6_2292HOPOPTS:
859 		case IPV6_HOPOPTS:
860 			if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
861 				err = -EINVAL;
862 				goto exit_f;
863 			}
864 
865 			hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
866 			len = ((hdr->hdrlen + 1) << 3);
867 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
868 				err = -EINVAL;
869 				goto exit_f;
870 			}
871 			if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
872 				err = -EPERM;
873 				goto exit_f;
874 			}
875 			opt->opt_nflen += len;
876 			opt->hopopt = hdr;
877 			break;
878 
879 		case IPV6_2292DSTOPTS:
880 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
881 				err = -EINVAL;
882 				goto exit_f;
883 			}
884 
885 			hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
886 			len = ((hdr->hdrlen + 1) << 3);
887 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
888 				err = -EINVAL;
889 				goto exit_f;
890 			}
891 			if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
892 				err = -EPERM;
893 				goto exit_f;
894 			}
895 			if (opt->dst1opt) {
896 				err = -EINVAL;
897 				goto exit_f;
898 			}
899 			opt->opt_flen += len;
900 			opt->dst1opt = hdr;
901 			break;
902 
903 		case IPV6_DSTOPTS:
904 		case IPV6_RTHDRDSTOPTS:
905 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
906 				err = -EINVAL;
907 				goto exit_f;
908 			}
909 
910 			hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
911 			len = ((hdr->hdrlen + 1) << 3);
912 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
913 				err = -EINVAL;
914 				goto exit_f;
915 			}
916 			if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
917 				err = -EPERM;
918 				goto exit_f;
919 			}
920 			if (cmsg->cmsg_type == IPV6_DSTOPTS) {
921 				opt->opt_flen += len;
922 				opt->dst1opt = hdr;
923 			} else {
924 				opt->opt_nflen += len;
925 				opt->dst0opt = hdr;
926 			}
927 			break;
928 
929 		case IPV6_2292RTHDR:
930 		case IPV6_RTHDR:
931 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_rt_hdr))) {
932 				err = -EINVAL;
933 				goto exit_f;
934 			}
935 
936 			rthdr = (struct ipv6_rt_hdr *)CMSG_DATA(cmsg);
937 
938 			switch (rthdr->type) {
939 #if IS_ENABLED(CONFIG_IPV6_MIP6)
940 			case IPV6_SRCRT_TYPE_2:
941 				if (rthdr->hdrlen != 2 ||
942 				    rthdr->segments_left != 1) {
943 					err = -EINVAL;
944 					goto exit_f;
945 				}
946 				break;
947 #endif
948 			default:
949 				err = -EINVAL;
950 				goto exit_f;
951 			}
952 
953 			len = ((rthdr->hdrlen + 1) << 3);
954 
955 			if (cmsg->cmsg_len < CMSG_LEN(len)) {
956 				err = -EINVAL;
957 				goto exit_f;
958 			}
959 
960 			/* segments left must also match */
961 			if ((rthdr->hdrlen >> 1) != rthdr->segments_left) {
962 				err = -EINVAL;
963 				goto exit_f;
964 			}
965 
966 			opt->opt_nflen += len;
967 			opt->srcrt = rthdr;
968 
969 			if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) {
970 				int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3);
971 
972 				opt->opt_nflen += dsthdrlen;
973 				opt->dst0opt = opt->dst1opt;
974 				opt->dst1opt = NULL;
975 				opt->opt_flen -= dsthdrlen;
976 			}
977 
978 			break;
979 
980 		case IPV6_2292HOPLIMIT:
981 		case IPV6_HOPLIMIT:
982 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
983 				err = -EINVAL;
984 				goto exit_f;
985 			}
986 
987 			ipc6->hlimit = *(int *)CMSG_DATA(cmsg);
988 			if (ipc6->hlimit < -1 || ipc6->hlimit > 0xff) {
989 				err = -EINVAL;
990 				goto exit_f;
991 			}
992 
993 			break;
994 
995 		case IPV6_TCLASS:
996 		    {
997 			int tc;
998 
999 			err = -EINVAL;
1000 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
1001 				goto exit_f;
1002 
1003 			tc = *(int *)CMSG_DATA(cmsg);
1004 			if (tc < -1 || tc > 0xff)
1005 				goto exit_f;
1006 
1007 			err = 0;
1008 			ipc6->tclass = tc;
1009 
1010 			break;
1011 		    }
1012 
1013 		case IPV6_DONTFRAG:
1014 		    {
1015 			int df;
1016 
1017 			err = -EINVAL;
1018 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
1019 				goto exit_f;
1020 
1021 			df = *(int *)CMSG_DATA(cmsg);
1022 			if (df < 0 || df > 1)
1023 				goto exit_f;
1024 
1025 			err = 0;
1026 			ipc6->dontfrag = df;
1027 
1028 			break;
1029 		    }
1030 		default:
1031 			net_dbg_ratelimited("invalid cmsg type: %d\n",
1032 					    cmsg->cmsg_type);
1033 			err = -EINVAL;
1034 			goto exit_f;
1035 		}
1036 	}
1037 
1038 exit_f:
1039 	return err;
1040 }
1041 EXPORT_SYMBOL_GPL(ip6_datagram_send_ctl);
1042 
1043 void __ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
1044 			       __u16 srcp, __u16 destp, int rqueue, int bucket)
1045 {
1046 	const struct in6_addr *dest, *src;
1047 
1048 	dest  = &sp->sk_v6_daddr;
1049 	src   = &sp->sk_v6_rcv_saddr;
1050 	seq_printf(seq,
1051 		   "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1052 		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n",
1053 		   bucket,
1054 		   src->s6_addr32[0], src->s6_addr32[1],
1055 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1056 		   dest->s6_addr32[0], dest->s6_addr32[1],
1057 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1058 		   sp->sk_state,
1059 		   sk_wmem_alloc_get(sp),
1060 		   rqueue,
1061 		   0, 0L, 0,
1062 		   from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1063 		   0,
1064 		   sock_i_ino(sp),
1065 		   refcount_read(&sp->sk_refcnt), sp,
1066 		   atomic_read(&sp->sk_drops));
1067 }
1068