1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * IPv6 BSD socket options interface 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 * 9 * Based on linux/net/ipv4/ip_sockglue.c 10 * 11 * FIXME: Make the setsockopt code POSIX compliant: That is 12 * 13 * o Truncate getsockopt returns 14 * o Return an optlen of the truncated length if need be 15 * 16 * Changes: 17 * David L Stevens <dlstevens@us.ibm.com>: 18 * - added multicast source filtering API for MLDv2 19 */ 20 21 #include <linux/module.h> 22 #include <linux/capability.h> 23 #include <linux/errno.h> 24 #include <linux/types.h> 25 #include <linux/socket.h> 26 #include <linux/sockios.h> 27 #include <linux/net.h> 28 #include <linux/in6.h> 29 #include <linux/mroute6.h> 30 #include <linux/netdevice.h> 31 #include <linux/if_arp.h> 32 #include <linux/init.h> 33 #include <linux/sysctl.h> 34 #include <linux/netfilter.h> 35 #include <linux/slab.h> 36 37 #include <net/sock.h> 38 #include <net/snmp.h> 39 #include <net/ipv6.h> 40 #include <net/ndisc.h> 41 #include <net/protocol.h> 42 #include <net/transp_v6.h> 43 #include <net/ip6_route.h> 44 #include <net/addrconf.h> 45 #include <net/inet_common.h> 46 #include <net/tcp.h> 47 #include <net/udp.h> 48 #include <net/udplite.h> 49 #include <net/xfrm.h> 50 #include <net/compat.h> 51 #include <net/seg6.h> 52 53 #include <linux/uaccess.h> 54 55 struct ip6_ra_chain *ip6_ra_chain; 56 DEFINE_RWLOCK(ip6_ra_lock); 57 58 int ip6_ra_control(struct sock *sk, int sel) 59 { 60 struct ip6_ra_chain *ra, *new_ra, **rap; 61 62 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 63 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW) 64 return -ENOPROTOOPT; 65 66 new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 67 if (sel >= 0 && !new_ra) 68 return -ENOMEM; 69 70 write_lock_bh(&ip6_ra_lock); 71 for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { 72 if (ra->sk == sk) { 73 if (sel >= 0) { 74 write_unlock_bh(&ip6_ra_lock); 75 kfree(new_ra); 76 return -EADDRINUSE; 77 } 78 79 *rap = ra->next; 80 write_unlock_bh(&ip6_ra_lock); 81 82 sock_put(sk); 83 kfree(ra); 84 return 0; 85 } 86 } 87 if (!new_ra) { 88 write_unlock_bh(&ip6_ra_lock); 89 return -ENOBUFS; 90 } 91 new_ra->sk = sk; 92 new_ra->sel = sel; 93 new_ra->next = ra; 94 *rap = new_ra; 95 sock_hold(sk); 96 write_unlock_bh(&ip6_ra_lock); 97 return 0; 98 } 99 100 struct ipv6_txoptions *ipv6_update_options(struct sock *sk, 101 struct ipv6_txoptions *opt) 102 { 103 if (inet_sk(sk)->is_icsk) { 104 if (opt && 105 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && 106 inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) { 107 struct inet_connection_sock *icsk = inet_csk(sk); 108 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 109 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); 110 } 111 } 112 opt = xchg((__force struct ipv6_txoptions **)&inet6_sk(sk)->opt, 113 opt); 114 sk_dst_reset(sk); 115 116 return opt; 117 } 118 119 static bool setsockopt_needs_rtnl(int optname) 120 { 121 switch (optname) { 122 case IPV6_ADDRFORM: 123 case IPV6_ADD_MEMBERSHIP: 124 case IPV6_DROP_MEMBERSHIP: 125 case IPV6_JOIN_ANYCAST: 126 case IPV6_LEAVE_ANYCAST: 127 case MCAST_JOIN_GROUP: 128 case MCAST_LEAVE_GROUP: 129 case MCAST_JOIN_SOURCE_GROUP: 130 case MCAST_LEAVE_SOURCE_GROUP: 131 case MCAST_BLOCK_SOURCE: 132 case MCAST_UNBLOCK_SOURCE: 133 case MCAST_MSFILTER: 134 return true; 135 } 136 return false; 137 } 138 139 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 140 char __user *optval, unsigned int optlen) 141 { 142 struct ipv6_pinfo *np = inet6_sk(sk); 143 struct net *net = sock_net(sk); 144 int val, valbool; 145 int retv = -ENOPROTOOPT; 146 bool needs_rtnl = setsockopt_needs_rtnl(optname); 147 148 if (!optval) 149 val = 0; 150 else { 151 if (optlen >= sizeof(int)) { 152 if (get_user(val, (int __user *) optval)) 153 return -EFAULT; 154 } else 155 val = 0; 156 } 157 158 valbool = (val != 0); 159 160 if (ip6_mroute_opt(optname)) 161 return ip6_mroute_setsockopt(sk, optname, optval, optlen); 162 163 if (needs_rtnl) 164 rtnl_lock(); 165 lock_sock(sk); 166 167 switch (optname) { 168 169 case IPV6_ADDRFORM: 170 if (optlen < sizeof(int)) 171 goto e_inval; 172 if (val == PF_INET) { 173 struct ipv6_txoptions *opt; 174 struct sk_buff *pktopt; 175 176 if (sk->sk_type == SOCK_RAW) 177 break; 178 179 if (sk->sk_protocol == IPPROTO_UDP || 180 sk->sk_protocol == IPPROTO_UDPLITE) { 181 struct udp_sock *up = udp_sk(sk); 182 if (up->pending == AF_INET6) { 183 retv = -EBUSY; 184 break; 185 } 186 } 187 if (sk->sk_protocol == IPPROTO_TCP && 188 sk->sk_prot != &tcpv6_prot) { 189 retv = -EBUSY; 190 break; 191 } 192 if (sk->sk_protocol != IPPROTO_TCP) 193 break; 194 if (sk->sk_state != TCP_ESTABLISHED) { 195 retv = -ENOTCONN; 196 break; 197 } 198 199 if (ipv6_only_sock(sk) || 200 !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { 201 retv = -EADDRNOTAVAIL; 202 break; 203 } 204 205 fl6_free_socklist(sk); 206 __ipv6_sock_mc_close(sk); 207 208 /* 209 * Sock is moving from IPv6 to IPv4 (sk_prot), so 210 * remove it from the refcnt debug socks count in the 211 * original family... 212 */ 213 sk_refcnt_debug_dec(sk); 214 215 if (sk->sk_protocol == IPPROTO_TCP) { 216 struct inet_connection_sock *icsk = inet_csk(sk); 217 local_bh_disable(); 218 sock_prot_inuse_add(net, sk->sk_prot, -1); 219 sock_prot_inuse_add(net, &tcp_prot, 1); 220 local_bh_enable(); 221 sk->sk_prot = &tcp_prot; 222 icsk->icsk_af_ops = &ipv4_specific; 223 sk->sk_socket->ops = &inet_stream_ops; 224 sk->sk_family = PF_INET; 225 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 226 } else { 227 struct proto *prot = &udp_prot; 228 229 if (sk->sk_protocol == IPPROTO_UDPLITE) 230 prot = &udplite_prot; 231 local_bh_disable(); 232 sock_prot_inuse_add(net, sk->sk_prot, -1); 233 sock_prot_inuse_add(net, prot, 1); 234 local_bh_enable(); 235 sk->sk_prot = prot; 236 sk->sk_socket->ops = &inet_dgram_ops; 237 sk->sk_family = PF_INET; 238 } 239 opt = xchg((__force struct ipv6_txoptions **)&np->opt, 240 NULL); 241 if (opt) { 242 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 243 txopt_put(opt); 244 } 245 pktopt = xchg(&np->pktoptions, NULL); 246 kfree_skb(pktopt); 247 248 /* 249 * ... and add it to the refcnt debug socks count 250 * in the new family. -acme 251 */ 252 sk_refcnt_debug_inc(sk); 253 module_put(THIS_MODULE); 254 retv = 0; 255 break; 256 } 257 goto e_inval; 258 259 case IPV6_V6ONLY: 260 if (optlen < sizeof(int) || 261 inet_sk(sk)->inet_num) 262 goto e_inval; 263 sk->sk_ipv6only = valbool; 264 retv = 0; 265 break; 266 267 case IPV6_RECVPKTINFO: 268 if (optlen < sizeof(int)) 269 goto e_inval; 270 np->rxopt.bits.rxinfo = valbool; 271 retv = 0; 272 break; 273 274 case IPV6_2292PKTINFO: 275 if (optlen < sizeof(int)) 276 goto e_inval; 277 np->rxopt.bits.rxoinfo = valbool; 278 retv = 0; 279 break; 280 281 case IPV6_RECVHOPLIMIT: 282 if (optlen < sizeof(int)) 283 goto e_inval; 284 np->rxopt.bits.rxhlim = valbool; 285 retv = 0; 286 break; 287 288 case IPV6_2292HOPLIMIT: 289 if (optlen < sizeof(int)) 290 goto e_inval; 291 np->rxopt.bits.rxohlim = valbool; 292 retv = 0; 293 break; 294 295 case IPV6_RECVRTHDR: 296 if (optlen < sizeof(int)) 297 goto e_inval; 298 np->rxopt.bits.srcrt = valbool; 299 retv = 0; 300 break; 301 302 case IPV6_2292RTHDR: 303 if (optlen < sizeof(int)) 304 goto e_inval; 305 np->rxopt.bits.osrcrt = valbool; 306 retv = 0; 307 break; 308 309 case IPV6_RECVHOPOPTS: 310 if (optlen < sizeof(int)) 311 goto e_inval; 312 np->rxopt.bits.hopopts = valbool; 313 retv = 0; 314 break; 315 316 case IPV6_2292HOPOPTS: 317 if (optlen < sizeof(int)) 318 goto e_inval; 319 np->rxopt.bits.ohopopts = valbool; 320 retv = 0; 321 break; 322 323 case IPV6_RECVDSTOPTS: 324 if (optlen < sizeof(int)) 325 goto e_inval; 326 np->rxopt.bits.dstopts = valbool; 327 retv = 0; 328 break; 329 330 case IPV6_2292DSTOPTS: 331 if (optlen < sizeof(int)) 332 goto e_inval; 333 np->rxopt.bits.odstopts = valbool; 334 retv = 0; 335 break; 336 337 case IPV6_TCLASS: 338 if (optlen < sizeof(int)) 339 goto e_inval; 340 if (val < -1 || val > 0xff) 341 goto e_inval; 342 /* RFC 3542, 6.5: default traffic class of 0x0 */ 343 if (val == -1) 344 val = 0; 345 np->tclass = val; 346 retv = 0; 347 break; 348 349 case IPV6_RECVTCLASS: 350 if (optlen < sizeof(int)) 351 goto e_inval; 352 np->rxopt.bits.rxtclass = valbool; 353 retv = 0; 354 break; 355 356 case IPV6_FLOWINFO: 357 if (optlen < sizeof(int)) 358 goto e_inval; 359 np->rxopt.bits.rxflow = valbool; 360 retv = 0; 361 break; 362 363 case IPV6_RECVPATHMTU: 364 if (optlen < sizeof(int)) 365 goto e_inval; 366 np->rxopt.bits.rxpmtu = valbool; 367 retv = 0; 368 break; 369 370 case IPV6_TRANSPARENT: 371 if (valbool && !ns_capable(net->user_ns, CAP_NET_RAW) && 372 !ns_capable(net->user_ns, CAP_NET_ADMIN)) { 373 retv = -EPERM; 374 break; 375 } 376 if (optlen < sizeof(int)) 377 goto e_inval; 378 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ 379 inet_sk(sk)->transparent = valbool; 380 retv = 0; 381 break; 382 383 case IPV6_FREEBIND: 384 if (optlen < sizeof(int)) 385 goto e_inval; 386 /* we also don't have a separate freebind bit for IPV6 */ 387 inet_sk(sk)->freebind = valbool; 388 retv = 0; 389 break; 390 391 case IPV6_RECVORIGDSTADDR: 392 if (optlen < sizeof(int)) 393 goto e_inval; 394 np->rxopt.bits.rxorigdstaddr = valbool; 395 retv = 0; 396 break; 397 398 case IPV6_HOPOPTS: 399 case IPV6_RTHDRDSTOPTS: 400 case IPV6_RTHDR: 401 case IPV6_DSTOPTS: 402 { 403 struct ipv6_txoptions *opt; 404 struct ipv6_opt_hdr *new = NULL; 405 406 /* hop-by-hop / destination options are privileged option */ 407 retv = -EPERM; 408 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) 409 break; 410 411 /* remove any sticky options header with a zero option 412 * length, per RFC3542. 413 */ 414 if (optlen == 0) 415 optval = NULL; 416 else if (!optval) 417 goto e_inval; 418 else if (optlen < sizeof(struct ipv6_opt_hdr) || 419 optlen & 0x7 || optlen > 8 * 255) 420 goto e_inval; 421 else { 422 new = memdup_user(optval, optlen); 423 if (IS_ERR(new)) { 424 retv = PTR_ERR(new); 425 break; 426 } 427 if (unlikely(ipv6_optlen(new) > optlen)) { 428 kfree(new); 429 goto e_inval; 430 } 431 } 432 433 opt = rcu_dereference_protected(np->opt, 434 lockdep_sock_is_held(sk)); 435 opt = ipv6_renew_options(sk, opt, optname, new); 436 kfree(new); 437 if (IS_ERR(opt)) { 438 retv = PTR_ERR(opt); 439 break; 440 } 441 442 /* routing header option needs extra check */ 443 retv = -EINVAL; 444 if (optname == IPV6_RTHDR && opt && opt->srcrt) { 445 struct ipv6_rt_hdr *rthdr = opt->srcrt; 446 switch (rthdr->type) { 447 #if IS_ENABLED(CONFIG_IPV6_MIP6) 448 case IPV6_SRCRT_TYPE_2: 449 if (rthdr->hdrlen != 2 || 450 rthdr->segments_left != 1) 451 goto sticky_done; 452 453 break; 454 #endif 455 case IPV6_SRCRT_TYPE_4: 456 { 457 struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *) 458 opt->srcrt; 459 460 if (!seg6_validate_srh(srh, optlen)) 461 goto sticky_done; 462 break; 463 } 464 default: 465 goto sticky_done; 466 } 467 } 468 469 retv = 0; 470 opt = ipv6_update_options(sk, opt); 471 sticky_done: 472 if (opt) { 473 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 474 txopt_put(opt); 475 } 476 break; 477 } 478 479 case IPV6_PKTINFO: 480 { 481 struct in6_pktinfo pkt; 482 483 if (optlen == 0) 484 goto e_inval; 485 else if (optlen < sizeof(struct in6_pktinfo) || !optval) 486 goto e_inval; 487 488 if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { 489 retv = -EFAULT; 490 break; 491 } 492 if (!sk_dev_equal_l3scope(sk, pkt.ipi6_ifindex)) 493 goto e_inval; 494 495 np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; 496 np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; 497 retv = 0; 498 break; 499 } 500 501 case IPV6_2292PKTOPTIONS: 502 { 503 struct ipv6_txoptions *opt = NULL; 504 struct msghdr msg; 505 struct flowi6 fl6; 506 struct ipcm6_cookie ipc6; 507 508 memset(&fl6, 0, sizeof(fl6)); 509 fl6.flowi6_oif = sk->sk_bound_dev_if; 510 fl6.flowi6_mark = sk->sk_mark; 511 512 if (optlen == 0) 513 goto update; 514 515 /* 1K is probably excessive 516 * 1K is surely not enough, 2K per standard header is 16K. 517 */ 518 retv = -EINVAL; 519 if (optlen > 64*1024) 520 break; 521 522 opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); 523 retv = -ENOBUFS; 524 if (!opt) 525 break; 526 527 memset(opt, 0, sizeof(*opt)); 528 refcount_set(&opt->refcnt, 1); 529 opt->tot_len = sizeof(*opt) + optlen; 530 retv = -EFAULT; 531 if (copy_from_user(opt+1, optval, optlen)) 532 goto done; 533 534 msg.msg_controllen = optlen; 535 msg.msg_control = (void *)(opt+1); 536 ipc6.opt = opt; 537 538 retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, &ipc6); 539 if (retv) 540 goto done; 541 update: 542 retv = 0; 543 opt = ipv6_update_options(sk, opt); 544 done: 545 if (opt) { 546 atomic_sub(opt->tot_len, &sk->sk_omem_alloc); 547 txopt_put(opt); 548 } 549 break; 550 } 551 case IPV6_UNICAST_HOPS: 552 if (optlen < sizeof(int)) 553 goto e_inval; 554 if (val > 255 || val < -1) 555 goto e_inval; 556 np->hop_limit = val; 557 retv = 0; 558 break; 559 560 case IPV6_MULTICAST_HOPS: 561 if (sk->sk_type == SOCK_STREAM) 562 break; 563 if (optlen < sizeof(int)) 564 goto e_inval; 565 if (val > 255 || val < -1) 566 goto e_inval; 567 np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); 568 retv = 0; 569 break; 570 571 case IPV6_MULTICAST_LOOP: 572 if (optlen < sizeof(int)) 573 goto e_inval; 574 if (val != valbool) 575 goto e_inval; 576 np->mc_loop = valbool; 577 retv = 0; 578 break; 579 580 case IPV6_UNICAST_IF: 581 { 582 struct net_device *dev = NULL; 583 int ifindex; 584 585 if (optlen != sizeof(int)) 586 goto e_inval; 587 588 ifindex = (__force int)ntohl((__force __be32)val); 589 if (ifindex == 0) { 590 np->ucast_oif = 0; 591 retv = 0; 592 break; 593 } 594 595 dev = dev_get_by_index(net, ifindex); 596 retv = -EADDRNOTAVAIL; 597 if (!dev) 598 break; 599 dev_put(dev); 600 601 retv = -EINVAL; 602 if (sk->sk_bound_dev_if) 603 break; 604 605 np->ucast_oif = ifindex; 606 retv = 0; 607 break; 608 } 609 610 case IPV6_MULTICAST_IF: 611 if (sk->sk_type == SOCK_STREAM) 612 break; 613 if (optlen < sizeof(int)) 614 goto e_inval; 615 616 if (val) { 617 struct net_device *dev; 618 int midx; 619 620 rcu_read_lock(); 621 622 dev = dev_get_by_index_rcu(net, val); 623 if (!dev) { 624 rcu_read_unlock(); 625 retv = -ENODEV; 626 break; 627 } 628 midx = l3mdev_master_ifindex_rcu(dev); 629 630 rcu_read_unlock(); 631 632 if (sk->sk_bound_dev_if && 633 sk->sk_bound_dev_if != val && 634 (!midx || midx != sk->sk_bound_dev_if)) 635 goto e_inval; 636 } 637 np->mcast_oif = val; 638 retv = 0; 639 break; 640 case IPV6_ADD_MEMBERSHIP: 641 case IPV6_DROP_MEMBERSHIP: 642 { 643 struct ipv6_mreq mreq; 644 645 if (optlen < sizeof(struct ipv6_mreq)) 646 goto e_inval; 647 648 retv = -EPROTO; 649 if (inet_sk(sk)->is_icsk) 650 break; 651 652 retv = -EFAULT; 653 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 654 break; 655 656 if (optname == IPV6_ADD_MEMBERSHIP) 657 retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 658 else 659 retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 660 break; 661 } 662 case IPV6_JOIN_ANYCAST: 663 case IPV6_LEAVE_ANYCAST: 664 { 665 struct ipv6_mreq mreq; 666 667 if (optlen < sizeof(struct ipv6_mreq)) 668 goto e_inval; 669 670 retv = -EFAULT; 671 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 672 break; 673 674 if (optname == IPV6_JOIN_ANYCAST) 675 retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 676 else 677 retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 678 break; 679 } 680 case IPV6_MULTICAST_ALL: 681 if (optlen < sizeof(int)) 682 goto e_inval; 683 np->mc_all = valbool; 684 retv = 0; 685 break; 686 687 case MCAST_JOIN_GROUP: 688 case MCAST_LEAVE_GROUP: 689 { 690 struct group_req greq; 691 struct sockaddr_in6 *psin6; 692 693 if (optlen < sizeof(struct group_req)) 694 goto e_inval; 695 696 retv = -EFAULT; 697 if (copy_from_user(&greq, optval, sizeof(struct group_req))) 698 break; 699 if (greq.gr_group.ss_family != AF_INET6) { 700 retv = -EADDRNOTAVAIL; 701 break; 702 } 703 psin6 = (struct sockaddr_in6 *)&greq.gr_group; 704 if (optname == MCAST_JOIN_GROUP) 705 retv = ipv6_sock_mc_join(sk, greq.gr_interface, 706 &psin6->sin6_addr); 707 else 708 retv = ipv6_sock_mc_drop(sk, greq.gr_interface, 709 &psin6->sin6_addr); 710 break; 711 } 712 case MCAST_JOIN_SOURCE_GROUP: 713 case MCAST_LEAVE_SOURCE_GROUP: 714 case MCAST_BLOCK_SOURCE: 715 case MCAST_UNBLOCK_SOURCE: 716 { 717 struct group_source_req greqs; 718 int omode, add; 719 720 if (optlen < sizeof(struct group_source_req)) 721 goto e_inval; 722 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 723 retv = -EFAULT; 724 break; 725 } 726 if (greqs.gsr_group.ss_family != AF_INET6 || 727 greqs.gsr_source.ss_family != AF_INET6) { 728 retv = -EADDRNOTAVAIL; 729 break; 730 } 731 if (optname == MCAST_BLOCK_SOURCE) { 732 omode = MCAST_EXCLUDE; 733 add = 1; 734 } else if (optname == MCAST_UNBLOCK_SOURCE) { 735 omode = MCAST_EXCLUDE; 736 add = 0; 737 } else if (optname == MCAST_JOIN_SOURCE_GROUP) { 738 struct sockaddr_in6 *psin6; 739 740 psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; 741 retv = ipv6_sock_mc_join_ssm(sk, greqs.gsr_interface, 742 &psin6->sin6_addr, 743 MCAST_INCLUDE); 744 /* prior join w/ different source is ok */ 745 if (retv && retv != -EADDRINUSE) 746 break; 747 omode = MCAST_INCLUDE; 748 add = 1; 749 } else /* MCAST_LEAVE_SOURCE_GROUP */ { 750 omode = MCAST_INCLUDE; 751 add = 0; 752 } 753 retv = ip6_mc_source(add, omode, sk, &greqs); 754 break; 755 } 756 case MCAST_MSFILTER: 757 { 758 struct group_filter *gsf; 759 760 if (optlen < GROUP_FILTER_SIZE(0)) 761 goto e_inval; 762 if (optlen > sysctl_optmem_max) { 763 retv = -ENOBUFS; 764 break; 765 } 766 gsf = memdup_user(optval, optlen); 767 if (IS_ERR(gsf)) { 768 retv = PTR_ERR(gsf); 769 break; 770 } 771 /* numsrc >= (4G-140)/128 overflow in 32 bits */ 772 if (gsf->gf_numsrc >= 0x1ffffffU || 773 gsf->gf_numsrc > sysctl_mld_max_msf) { 774 kfree(gsf); 775 retv = -ENOBUFS; 776 break; 777 } 778 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { 779 kfree(gsf); 780 retv = -EINVAL; 781 break; 782 } 783 retv = ip6_mc_msfilter(sk, gsf); 784 kfree(gsf); 785 786 break; 787 } 788 case IPV6_ROUTER_ALERT: 789 if (optlen < sizeof(int)) 790 goto e_inval; 791 retv = ip6_ra_control(sk, val); 792 break; 793 case IPV6_ROUTER_ALERT_ISOLATE: 794 if (optlen < sizeof(int)) 795 goto e_inval; 796 np->rtalert_isolate = valbool; 797 retv = 0; 798 break; 799 case IPV6_MTU_DISCOVER: 800 if (optlen < sizeof(int)) 801 goto e_inval; 802 if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) 803 goto e_inval; 804 np->pmtudisc = val; 805 retv = 0; 806 break; 807 case IPV6_MTU: 808 if (optlen < sizeof(int)) 809 goto e_inval; 810 if (val && val < IPV6_MIN_MTU) 811 goto e_inval; 812 np->frag_size = val; 813 retv = 0; 814 break; 815 case IPV6_RECVERR: 816 if (optlen < sizeof(int)) 817 goto e_inval; 818 np->recverr = valbool; 819 if (!val) 820 skb_queue_purge(&sk->sk_error_queue); 821 retv = 0; 822 break; 823 case IPV6_FLOWINFO_SEND: 824 if (optlen < sizeof(int)) 825 goto e_inval; 826 np->sndflow = valbool; 827 retv = 0; 828 break; 829 case IPV6_FLOWLABEL_MGR: 830 retv = ipv6_flowlabel_opt(sk, optval, optlen); 831 break; 832 case IPV6_IPSEC_POLICY: 833 case IPV6_XFRM_POLICY: 834 retv = -EPERM; 835 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 836 break; 837 retv = xfrm_user_policy(sk, optname, optval, optlen); 838 break; 839 840 case IPV6_ADDR_PREFERENCES: 841 { 842 unsigned int pref = 0; 843 unsigned int prefmask = ~0; 844 845 if (optlen < sizeof(int)) 846 goto e_inval; 847 848 retv = -EINVAL; 849 850 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */ 851 switch (val & (IPV6_PREFER_SRC_PUBLIC| 852 IPV6_PREFER_SRC_TMP| 853 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { 854 case IPV6_PREFER_SRC_PUBLIC: 855 pref |= IPV6_PREFER_SRC_PUBLIC; 856 break; 857 case IPV6_PREFER_SRC_TMP: 858 pref |= IPV6_PREFER_SRC_TMP; 859 break; 860 case IPV6_PREFER_SRC_PUBTMP_DEFAULT: 861 break; 862 case 0: 863 goto pref_skip_pubtmp; 864 default: 865 goto e_inval; 866 } 867 868 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| 869 IPV6_PREFER_SRC_TMP); 870 pref_skip_pubtmp: 871 872 /* check HOME/COA conflicts */ 873 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { 874 case IPV6_PREFER_SRC_HOME: 875 break; 876 case IPV6_PREFER_SRC_COA: 877 pref |= IPV6_PREFER_SRC_COA; 878 case 0: 879 goto pref_skip_coa; 880 default: 881 goto e_inval; 882 } 883 884 prefmask &= ~IPV6_PREFER_SRC_COA; 885 pref_skip_coa: 886 887 /* check CGA/NONCGA conflicts */ 888 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { 889 case IPV6_PREFER_SRC_CGA: 890 case IPV6_PREFER_SRC_NONCGA: 891 case 0: 892 break; 893 default: 894 goto e_inval; 895 } 896 897 np->srcprefs = (np->srcprefs & prefmask) | pref; 898 retv = 0; 899 900 break; 901 } 902 case IPV6_MINHOPCOUNT: 903 if (optlen < sizeof(int)) 904 goto e_inval; 905 if (val < 0 || val > 255) 906 goto e_inval; 907 np->min_hopcount = val; 908 retv = 0; 909 break; 910 case IPV6_DONTFRAG: 911 np->dontfrag = valbool; 912 retv = 0; 913 break; 914 case IPV6_AUTOFLOWLABEL: 915 np->autoflowlabel = valbool; 916 np->autoflowlabel_set = 1; 917 retv = 0; 918 break; 919 case IPV6_RECVFRAGSIZE: 920 np->rxopt.bits.recvfragsize = valbool; 921 retv = 0; 922 break; 923 } 924 925 release_sock(sk); 926 if (needs_rtnl) 927 rtnl_unlock(); 928 929 return retv; 930 931 e_inval: 932 release_sock(sk); 933 if (needs_rtnl) 934 rtnl_unlock(); 935 return -EINVAL; 936 } 937 938 int ipv6_setsockopt(struct sock *sk, int level, int optname, 939 char __user *optval, unsigned int optlen) 940 { 941 int err; 942 943 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 944 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 945 946 if (level != SOL_IPV6) 947 return -ENOPROTOOPT; 948 949 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 950 #ifdef CONFIG_NETFILTER 951 /* we need to exclude all possible ENOPROTOOPTs except default case */ 952 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 953 optname != IPV6_XFRM_POLICY) 954 err = nf_setsockopt(sk, PF_INET6, optname, optval, optlen); 955 #endif 956 return err; 957 } 958 EXPORT_SYMBOL(ipv6_setsockopt); 959 960 #ifdef CONFIG_COMPAT 961 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, 962 char __user *optval, unsigned int optlen) 963 { 964 int err; 965 966 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 967 if (udp_prot.compat_setsockopt != NULL) 968 return udp_prot.compat_setsockopt(sk, level, optname, 969 optval, optlen); 970 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 971 } 972 973 if (level != SOL_IPV6) 974 return -ENOPROTOOPT; 975 976 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER) 977 return compat_mc_setsockopt(sk, level, optname, optval, optlen, 978 ipv6_setsockopt); 979 980 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 981 #ifdef CONFIG_NETFILTER 982 /* we need to exclude all possible ENOPROTOOPTs except default case */ 983 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 984 optname != IPV6_XFRM_POLICY) 985 err = compat_nf_setsockopt(sk, PF_INET6, optname, optval, 986 optlen); 987 #endif 988 return err; 989 } 990 EXPORT_SYMBOL(compat_ipv6_setsockopt); 991 #endif 992 993 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 994 int optname, char __user *optval, int len) 995 { 996 struct ipv6_opt_hdr *hdr; 997 998 if (!opt) 999 return 0; 1000 1001 switch (optname) { 1002 case IPV6_HOPOPTS: 1003 hdr = opt->hopopt; 1004 break; 1005 case IPV6_RTHDRDSTOPTS: 1006 hdr = opt->dst0opt; 1007 break; 1008 case IPV6_RTHDR: 1009 hdr = (struct ipv6_opt_hdr *)opt->srcrt; 1010 break; 1011 case IPV6_DSTOPTS: 1012 hdr = opt->dst1opt; 1013 break; 1014 default: 1015 return -EINVAL; /* should not happen */ 1016 } 1017 1018 if (!hdr) 1019 return 0; 1020 1021 len = min_t(unsigned int, len, ipv6_optlen(hdr)); 1022 if (copy_to_user(optval, hdr, len)) 1023 return -EFAULT; 1024 return len; 1025 } 1026 1027 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 1028 char __user *optval, int __user *optlen, unsigned int flags) 1029 { 1030 struct ipv6_pinfo *np = inet6_sk(sk); 1031 int len; 1032 int val; 1033 1034 if (ip6_mroute_opt(optname)) 1035 return ip6_mroute_getsockopt(sk, optname, optval, optlen); 1036 1037 if (get_user(len, optlen)) 1038 return -EFAULT; 1039 switch (optname) { 1040 case IPV6_ADDRFORM: 1041 if (sk->sk_protocol != IPPROTO_UDP && 1042 sk->sk_protocol != IPPROTO_UDPLITE && 1043 sk->sk_protocol != IPPROTO_TCP) 1044 return -ENOPROTOOPT; 1045 if (sk->sk_state != TCP_ESTABLISHED) 1046 return -ENOTCONN; 1047 val = sk->sk_family; 1048 break; 1049 case MCAST_MSFILTER: 1050 { 1051 struct group_filter gsf; 1052 int err; 1053 1054 if (len < GROUP_FILTER_SIZE(0)) 1055 return -EINVAL; 1056 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 1057 return -EFAULT; 1058 if (gsf.gf_group.ss_family != AF_INET6) 1059 return -EADDRNOTAVAIL; 1060 lock_sock(sk); 1061 err = ip6_mc_msfget(sk, &gsf, 1062 (struct group_filter __user *)optval, optlen); 1063 release_sock(sk); 1064 return err; 1065 } 1066 1067 case IPV6_2292PKTOPTIONS: 1068 { 1069 struct msghdr msg; 1070 struct sk_buff *skb; 1071 1072 if (sk->sk_type != SOCK_STREAM) 1073 return -ENOPROTOOPT; 1074 1075 msg.msg_control = optval; 1076 msg.msg_controllen = len; 1077 msg.msg_flags = flags; 1078 1079 lock_sock(sk); 1080 skb = np->pktoptions; 1081 if (skb) 1082 ip6_datagram_recv_ctl(sk, &msg, skb); 1083 release_sock(sk); 1084 if (!skb) { 1085 if (np->rxopt.bits.rxinfo) { 1086 struct in6_pktinfo src_info; 1087 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1088 np->sticky_pktinfo.ipi6_ifindex; 1089 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; 1090 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); 1091 } 1092 if (np->rxopt.bits.rxhlim) { 1093 int hlim = np->mcast_hops; 1094 put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 1095 } 1096 if (np->rxopt.bits.rxtclass) { 1097 int tclass = (int)ip6_tclass(np->rcv_flowinfo); 1098 1099 put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 1100 } 1101 if (np->rxopt.bits.rxoinfo) { 1102 struct in6_pktinfo src_info; 1103 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1104 np->sticky_pktinfo.ipi6_ifindex; 1105 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : 1106 np->sticky_pktinfo.ipi6_addr; 1107 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 1108 } 1109 if (np->rxopt.bits.rxohlim) { 1110 int hlim = np->mcast_hops; 1111 put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 1112 } 1113 if (np->rxopt.bits.rxflow) { 1114 __be32 flowinfo = np->rcv_flowinfo; 1115 1116 put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 1117 } 1118 } 1119 len -= msg.msg_controllen; 1120 return put_user(len, optlen); 1121 } 1122 case IPV6_MTU: 1123 { 1124 struct dst_entry *dst; 1125 1126 val = 0; 1127 rcu_read_lock(); 1128 dst = __sk_dst_get(sk); 1129 if (dst) 1130 val = dst_mtu(dst); 1131 rcu_read_unlock(); 1132 if (!val) 1133 return -ENOTCONN; 1134 break; 1135 } 1136 1137 case IPV6_V6ONLY: 1138 val = sk->sk_ipv6only; 1139 break; 1140 1141 case IPV6_RECVPKTINFO: 1142 val = np->rxopt.bits.rxinfo; 1143 break; 1144 1145 case IPV6_2292PKTINFO: 1146 val = np->rxopt.bits.rxoinfo; 1147 break; 1148 1149 case IPV6_RECVHOPLIMIT: 1150 val = np->rxopt.bits.rxhlim; 1151 break; 1152 1153 case IPV6_2292HOPLIMIT: 1154 val = np->rxopt.bits.rxohlim; 1155 break; 1156 1157 case IPV6_RECVRTHDR: 1158 val = np->rxopt.bits.srcrt; 1159 break; 1160 1161 case IPV6_2292RTHDR: 1162 val = np->rxopt.bits.osrcrt; 1163 break; 1164 1165 case IPV6_HOPOPTS: 1166 case IPV6_RTHDRDSTOPTS: 1167 case IPV6_RTHDR: 1168 case IPV6_DSTOPTS: 1169 { 1170 struct ipv6_txoptions *opt; 1171 1172 lock_sock(sk); 1173 opt = rcu_dereference_protected(np->opt, 1174 lockdep_sock_is_held(sk)); 1175 len = ipv6_getsockopt_sticky(sk, opt, optname, optval, len); 1176 release_sock(sk); 1177 /* check if ipv6_getsockopt_sticky() returns err code */ 1178 if (len < 0) 1179 return len; 1180 return put_user(len, optlen); 1181 } 1182 1183 case IPV6_RECVHOPOPTS: 1184 val = np->rxopt.bits.hopopts; 1185 break; 1186 1187 case IPV6_2292HOPOPTS: 1188 val = np->rxopt.bits.ohopopts; 1189 break; 1190 1191 case IPV6_RECVDSTOPTS: 1192 val = np->rxopt.bits.dstopts; 1193 break; 1194 1195 case IPV6_2292DSTOPTS: 1196 val = np->rxopt.bits.odstopts; 1197 break; 1198 1199 case IPV6_TCLASS: 1200 val = np->tclass; 1201 break; 1202 1203 case IPV6_RECVTCLASS: 1204 val = np->rxopt.bits.rxtclass; 1205 break; 1206 1207 case IPV6_FLOWINFO: 1208 val = np->rxopt.bits.rxflow; 1209 break; 1210 1211 case IPV6_RECVPATHMTU: 1212 val = np->rxopt.bits.rxpmtu; 1213 break; 1214 1215 case IPV6_PATHMTU: 1216 { 1217 struct dst_entry *dst; 1218 struct ip6_mtuinfo mtuinfo; 1219 1220 if (len < sizeof(mtuinfo)) 1221 return -EINVAL; 1222 1223 len = sizeof(mtuinfo); 1224 memset(&mtuinfo, 0, sizeof(mtuinfo)); 1225 1226 rcu_read_lock(); 1227 dst = __sk_dst_get(sk); 1228 if (dst) 1229 mtuinfo.ip6m_mtu = dst_mtu(dst); 1230 rcu_read_unlock(); 1231 if (!mtuinfo.ip6m_mtu) 1232 return -ENOTCONN; 1233 1234 if (put_user(len, optlen)) 1235 return -EFAULT; 1236 if (copy_to_user(optval, &mtuinfo, len)) 1237 return -EFAULT; 1238 1239 return 0; 1240 } 1241 1242 case IPV6_TRANSPARENT: 1243 val = inet_sk(sk)->transparent; 1244 break; 1245 1246 case IPV6_FREEBIND: 1247 val = inet_sk(sk)->freebind; 1248 break; 1249 1250 case IPV6_RECVORIGDSTADDR: 1251 val = np->rxopt.bits.rxorigdstaddr; 1252 break; 1253 1254 case IPV6_UNICAST_HOPS: 1255 case IPV6_MULTICAST_HOPS: 1256 { 1257 struct dst_entry *dst; 1258 1259 if (optname == IPV6_UNICAST_HOPS) 1260 val = np->hop_limit; 1261 else 1262 val = np->mcast_hops; 1263 1264 if (val < 0) { 1265 rcu_read_lock(); 1266 dst = __sk_dst_get(sk); 1267 if (dst) 1268 val = ip6_dst_hoplimit(dst); 1269 rcu_read_unlock(); 1270 } 1271 1272 if (val < 0) 1273 val = sock_net(sk)->ipv6.devconf_all->hop_limit; 1274 break; 1275 } 1276 1277 case IPV6_MULTICAST_LOOP: 1278 val = np->mc_loop; 1279 break; 1280 1281 case IPV6_MULTICAST_IF: 1282 val = np->mcast_oif; 1283 break; 1284 1285 case IPV6_MULTICAST_ALL: 1286 val = np->mc_all; 1287 break; 1288 1289 case IPV6_UNICAST_IF: 1290 val = (__force int)htonl((__u32) np->ucast_oif); 1291 break; 1292 1293 case IPV6_MTU_DISCOVER: 1294 val = np->pmtudisc; 1295 break; 1296 1297 case IPV6_RECVERR: 1298 val = np->recverr; 1299 break; 1300 1301 case IPV6_FLOWINFO_SEND: 1302 val = np->sndflow; 1303 break; 1304 1305 case IPV6_FLOWLABEL_MGR: 1306 { 1307 struct in6_flowlabel_req freq; 1308 int flags; 1309 1310 if (len < sizeof(freq)) 1311 return -EINVAL; 1312 1313 if (copy_from_user(&freq, optval, sizeof(freq))) 1314 return -EFAULT; 1315 1316 if (freq.flr_action != IPV6_FL_A_GET) 1317 return -EINVAL; 1318 1319 len = sizeof(freq); 1320 flags = freq.flr_flags; 1321 1322 memset(&freq, 0, sizeof(freq)); 1323 1324 val = ipv6_flowlabel_opt_get(sk, &freq, flags); 1325 if (val < 0) 1326 return val; 1327 1328 if (put_user(len, optlen)) 1329 return -EFAULT; 1330 if (copy_to_user(optval, &freq, len)) 1331 return -EFAULT; 1332 1333 return 0; 1334 } 1335 1336 case IPV6_ADDR_PREFERENCES: 1337 val = 0; 1338 1339 if (np->srcprefs & IPV6_PREFER_SRC_TMP) 1340 val |= IPV6_PREFER_SRC_TMP; 1341 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC) 1342 val |= IPV6_PREFER_SRC_PUBLIC; 1343 else { 1344 /* XXX: should we return system default? */ 1345 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT; 1346 } 1347 1348 if (np->srcprefs & IPV6_PREFER_SRC_COA) 1349 val |= IPV6_PREFER_SRC_COA; 1350 else 1351 val |= IPV6_PREFER_SRC_HOME; 1352 break; 1353 1354 case IPV6_MINHOPCOUNT: 1355 val = np->min_hopcount; 1356 break; 1357 1358 case IPV6_DONTFRAG: 1359 val = np->dontfrag; 1360 break; 1361 1362 case IPV6_AUTOFLOWLABEL: 1363 val = ip6_autoflowlabel(sock_net(sk), np); 1364 break; 1365 1366 case IPV6_RECVFRAGSIZE: 1367 val = np->rxopt.bits.recvfragsize; 1368 break; 1369 1370 case IPV6_ROUTER_ALERT_ISOLATE: 1371 val = np->rtalert_isolate; 1372 break; 1373 1374 default: 1375 return -ENOPROTOOPT; 1376 } 1377 len = min_t(unsigned int, sizeof(int), len); 1378 if (put_user(len, optlen)) 1379 return -EFAULT; 1380 if (copy_to_user(optval, &val, len)) 1381 return -EFAULT; 1382 return 0; 1383 } 1384 1385 int ipv6_getsockopt(struct sock *sk, int level, int optname, 1386 char __user *optval, int __user *optlen) 1387 { 1388 int err; 1389 1390 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 1391 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1392 1393 if (level != SOL_IPV6) 1394 return -ENOPROTOOPT; 1395 1396 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0); 1397 #ifdef CONFIG_NETFILTER 1398 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1399 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1400 int len; 1401 1402 if (get_user(len, optlen)) 1403 return -EFAULT; 1404 1405 err = nf_getsockopt(sk, PF_INET6, optname, optval, &len); 1406 if (err >= 0) 1407 err = put_user(len, optlen); 1408 } 1409 #endif 1410 return err; 1411 } 1412 EXPORT_SYMBOL(ipv6_getsockopt); 1413 1414 #ifdef CONFIG_COMPAT 1415 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, 1416 char __user *optval, int __user *optlen) 1417 { 1418 int err; 1419 1420 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 1421 if (udp_prot.compat_getsockopt != NULL) 1422 return udp_prot.compat_getsockopt(sk, level, optname, 1423 optval, optlen); 1424 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1425 } 1426 1427 if (level != SOL_IPV6) 1428 return -ENOPROTOOPT; 1429 1430 if (optname == MCAST_MSFILTER) 1431 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1432 ipv6_getsockopt); 1433 1434 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 1435 MSG_CMSG_COMPAT); 1436 #ifdef CONFIG_NETFILTER 1437 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1438 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1439 int len; 1440 1441 if (get_user(len, optlen)) 1442 return -EFAULT; 1443 1444 err = compat_nf_getsockopt(sk, PF_INET6, optname, optval, &len); 1445 if (err >= 0) 1446 err = put_user(len, optlen); 1447 } 1448 #endif 1449 return err; 1450 } 1451 EXPORT_SYMBOL(compat_ipv6_getsockopt); 1452 #endif 1453