1 /* 2 * IPv6 BSD socket options interface 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * FIXME: Make the setsockopt code POSIX compliant: That is 16 * 17 * o Truncate getsockopt returns 18 * o Return an optlen of the truncated length if need be 19 * 20 * Changes: 21 * David L Stevens <dlstevens@us.ibm.com>: 22 * - added multicast source filtering API for MLDv2 23 */ 24 25 #include <linux/module.h> 26 #include <linux/capability.h> 27 #include <linux/errno.h> 28 #include <linux/types.h> 29 #include <linux/socket.h> 30 #include <linux/sockios.h> 31 #include <linux/net.h> 32 #include <linux/in6.h> 33 #include <linux/mroute6.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/init.h> 37 #include <linux/sysctl.h> 38 #include <linux/netfilter.h> 39 #include <linux/slab.h> 40 41 #include <net/sock.h> 42 #include <net/snmp.h> 43 #include <net/ipv6.h> 44 #include <net/ndisc.h> 45 #include <net/protocol.h> 46 #include <net/transp_v6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/inet_common.h> 50 #include <net/tcp.h> 51 #include <net/udp.h> 52 #include <net/udplite.h> 53 #include <net/xfrm.h> 54 #include <net/compat.h> 55 56 #include <asm/uaccess.h> 57 58 struct ip6_ra_chain *ip6_ra_chain; 59 DEFINE_RWLOCK(ip6_ra_lock); 60 61 int ip6_ra_control(struct sock *sk, int sel) 62 { 63 struct ip6_ra_chain *ra, *new_ra, **rap; 64 65 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 66 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW) 67 return -ENOPROTOOPT; 68 69 new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 70 71 write_lock_bh(&ip6_ra_lock); 72 for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { 73 if (ra->sk == sk) { 74 if (sel >= 0) { 75 write_unlock_bh(&ip6_ra_lock); 76 kfree(new_ra); 77 return -EADDRINUSE; 78 } 79 80 *rap = ra->next; 81 write_unlock_bh(&ip6_ra_lock); 82 83 sock_put(sk); 84 kfree(ra); 85 return 0; 86 } 87 } 88 if (new_ra == NULL) { 89 write_unlock_bh(&ip6_ra_lock); 90 return -ENOBUFS; 91 } 92 new_ra->sk = sk; 93 new_ra->sel = sel; 94 new_ra->next = ra; 95 *rap = new_ra; 96 sock_hold(sk); 97 write_unlock_bh(&ip6_ra_lock); 98 return 0; 99 } 100 101 static 102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk, 103 struct ipv6_txoptions *opt) 104 { 105 if (inet_sk(sk)->is_icsk) { 106 if (opt && 107 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && 108 inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) { 109 struct inet_connection_sock *icsk = inet_csk(sk); 110 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 111 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); 112 } 113 } 114 opt = xchg(&inet6_sk(sk)->opt, opt); 115 sk_dst_reset(sk); 116 117 return opt; 118 } 119 120 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 121 char __user *optval, unsigned int optlen) 122 { 123 struct ipv6_pinfo *np = inet6_sk(sk); 124 struct net *net = sock_net(sk); 125 int val, valbool; 126 int retv = -ENOPROTOOPT; 127 128 if (optval == NULL) 129 val = 0; 130 else { 131 if (optlen >= sizeof(int)) { 132 if (get_user(val, (int __user *) optval)) 133 return -EFAULT; 134 } else 135 val = 0; 136 } 137 138 valbool = (val != 0); 139 140 if (ip6_mroute_opt(optname)) 141 return ip6_mroute_setsockopt(sk, optname, optval, optlen); 142 143 lock_sock(sk); 144 145 switch (optname) { 146 147 case IPV6_ADDRFORM: 148 if (optlen < sizeof(int)) 149 goto e_inval; 150 if (val == PF_INET) { 151 struct ipv6_txoptions *opt; 152 struct sk_buff *pktopt; 153 154 if (sk->sk_type == SOCK_RAW) 155 break; 156 157 if (sk->sk_protocol == IPPROTO_UDP || 158 sk->sk_protocol == IPPROTO_UDPLITE) { 159 struct udp_sock *up = udp_sk(sk); 160 if (up->pending == AF_INET6) { 161 retv = -EBUSY; 162 break; 163 } 164 } else if (sk->sk_protocol != IPPROTO_TCP) 165 break; 166 167 if (sk->sk_state != TCP_ESTABLISHED) { 168 retv = -ENOTCONN; 169 break; 170 } 171 172 if (ipv6_only_sock(sk) || 173 !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { 174 retv = -EADDRNOTAVAIL; 175 break; 176 } 177 178 fl6_free_socklist(sk); 179 ipv6_sock_mc_close(sk); 180 181 /* 182 * Sock is moving from IPv6 to IPv4 (sk_prot), so 183 * remove it from the refcnt debug socks count in the 184 * original family... 185 */ 186 sk_refcnt_debug_dec(sk); 187 188 if (sk->sk_protocol == IPPROTO_TCP) { 189 struct inet_connection_sock *icsk = inet_csk(sk); 190 local_bh_disable(); 191 sock_prot_inuse_add(net, sk->sk_prot, -1); 192 sock_prot_inuse_add(net, &tcp_prot, 1); 193 local_bh_enable(); 194 sk->sk_prot = &tcp_prot; 195 icsk->icsk_af_ops = &ipv4_specific; 196 sk->sk_socket->ops = &inet_stream_ops; 197 sk->sk_family = PF_INET; 198 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 199 } else { 200 struct proto *prot = &udp_prot; 201 202 if (sk->sk_protocol == IPPROTO_UDPLITE) 203 prot = &udplite_prot; 204 local_bh_disable(); 205 sock_prot_inuse_add(net, sk->sk_prot, -1); 206 sock_prot_inuse_add(net, prot, 1); 207 local_bh_enable(); 208 sk->sk_prot = prot; 209 sk->sk_socket->ops = &inet_dgram_ops; 210 sk->sk_family = PF_INET; 211 } 212 opt = xchg(&np->opt, NULL); 213 if (opt) 214 sock_kfree_s(sk, opt, opt->tot_len); 215 pktopt = xchg(&np->pktoptions, NULL); 216 kfree_skb(pktopt); 217 218 sk->sk_destruct = inet_sock_destruct; 219 /* 220 * ... and add it to the refcnt debug socks count 221 * in the new family. -acme 222 */ 223 sk_refcnt_debug_inc(sk); 224 module_put(THIS_MODULE); 225 retv = 0; 226 break; 227 } 228 goto e_inval; 229 230 case IPV6_V6ONLY: 231 if (optlen < sizeof(int) || 232 inet_sk(sk)->inet_num) 233 goto e_inval; 234 sk->sk_ipv6only = valbool; 235 retv = 0; 236 break; 237 238 case IPV6_RECVPKTINFO: 239 if (optlen < sizeof(int)) 240 goto e_inval; 241 np->rxopt.bits.rxinfo = valbool; 242 retv = 0; 243 break; 244 245 case IPV6_2292PKTINFO: 246 if (optlen < sizeof(int)) 247 goto e_inval; 248 np->rxopt.bits.rxoinfo = valbool; 249 retv = 0; 250 break; 251 252 case IPV6_RECVHOPLIMIT: 253 if (optlen < sizeof(int)) 254 goto e_inval; 255 np->rxopt.bits.rxhlim = valbool; 256 retv = 0; 257 break; 258 259 case IPV6_2292HOPLIMIT: 260 if (optlen < sizeof(int)) 261 goto e_inval; 262 np->rxopt.bits.rxohlim = valbool; 263 retv = 0; 264 break; 265 266 case IPV6_RECVRTHDR: 267 if (optlen < sizeof(int)) 268 goto e_inval; 269 np->rxopt.bits.srcrt = valbool; 270 retv = 0; 271 break; 272 273 case IPV6_2292RTHDR: 274 if (optlen < sizeof(int)) 275 goto e_inval; 276 np->rxopt.bits.osrcrt = valbool; 277 retv = 0; 278 break; 279 280 case IPV6_RECVHOPOPTS: 281 if (optlen < sizeof(int)) 282 goto e_inval; 283 np->rxopt.bits.hopopts = valbool; 284 retv = 0; 285 break; 286 287 case IPV6_2292HOPOPTS: 288 if (optlen < sizeof(int)) 289 goto e_inval; 290 np->rxopt.bits.ohopopts = valbool; 291 retv = 0; 292 break; 293 294 case IPV6_RECVDSTOPTS: 295 if (optlen < sizeof(int)) 296 goto e_inval; 297 np->rxopt.bits.dstopts = valbool; 298 retv = 0; 299 break; 300 301 case IPV6_2292DSTOPTS: 302 if (optlen < sizeof(int)) 303 goto e_inval; 304 np->rxopt.bits.odstopts = valbool; 305 retv = 0; 306 break; 307 308 case IPV6_TCLASS: 309 if (optlen < sizeof(int)) 310 goto e_inval; 311 if (val < -1 || val > 0xff) 312 goto e_inval; 313 /* RFC 3542, 6.5: default traffic class of 0x0 */ 314 if (val == -1) 315 val = 0; 316 np->tclass = val; 317 retv = 0; 318 break; 319 320 case IPV6_RECVTCLASS: 321 if (optlen < sizeof(int)) 322 goto e_inval; 323 np->rxopt.bits.rxtclass = valbool; 324 retv = 0; 325 break; 326 327 case IPV6_FLOWINFO: 328 if (optlen < sizeof(int)) 329 goto e_inval; 330 np->rxopt.bits.rxflow = valbool; 331 retv = 0; 332 break; 333 334 case IPV6_RECVPATHMTU: 335 if (optlen < sizeof(int)) 336 goto e_inval; 337 np->rxopt.bits.rxpmtu = valbool; 338 retv = 0; 339 break; 340 341 case IPV6_TRANSPARENT: 342 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && 343 !ns_capable(net->user_ns, CAP_NET_RAW)) { 344 retv = -EPERM; 345 break; 346 } 347 if (optlen < sizeof(int)) 348 goto e_inval; 349 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ 350 inet_sk(sk)->transparent = valbool; 351 retv = 0; 352 break; 353 354 case IPV6_RECVORIGDSTADDR: 355 if (optlen < sizeof(int)) 356 goto e_inval; 357 np->rxopt.bits.rxorigdstaddr = valbool; 358 retv = 0; 359 break; 360 361 case IPV6_HOPOPTS: 362 case IPV6_RTHDRDSTOPTS: 363 case IPV6_RTHDR: 364 case IPV6_DSTOPTS: 365 { 366 struct ipv6_txoptions *opt; 367 368 /* remove any sticky options header with a zero option 369 * length, per RFC3542. 370 */ 371 if (optlen == 0) 372 optval = NULL; 373 else if (optval == NULL) 374 goto e_inval; 375 else if (optlen < sizeof(struct ipv6_opt_hdr) || 376 optlen & 0x7 || optlen > 8 * 255) 377 goto e_inval; 378 379 /* hop-by-hop / destination options are privileged option */ 380 retv = -EPERM; 381 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) 382 break; 383 384 opt = ipv6_renew_options(sk, np->opt, optname, 385 (struct ipv6_opt_hdr __user *)optval, 386 optlen); 387 if (IS_ERR(opt)) { 388 retv = PTR_ERR(opt); 389 break; 390 } 391 392 /* routing header option needs extra check */ 393 retv = -EINVAL; 394 if (optname == IPV6_RTHDR && opt && opt->srcrt) { 395 struct ipv6_rt_hdr *rthdr = opt->srcrt; 396 switch (rthdr->type) { 397 #if IS_ENABLED(CONFIG_IPV6_MIP6) 398 case IPV6_SRCRT_TYPE_2: 399 if (rthdr->hdrlen != 2 || 400 rthdr->segments_left != 1) 401 goto sticky_done; 402 403 break; 404 #endif 405 default: 406 goto sticky_done; 407 } 408 } 409 410 retv = 0; 411 opt = ipv6_update_options(sk, opt); 412 sticky_done: 413 if (opt) 414 sock_kfree_s(sk, opt, opt->tot_len); 415 break; 416 } 417 418 case IPV6_PKTINFO: 419 { 420 struct in6_pktinfo pkt; 421 422 if (optlen == 0) 423 goto e_inval; 424 else if (optlen < sizeof(struct in6_pktinfo) || optval == NULL) 425 goto e_inval; 426 427 if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { 428 retv = -EFAULT; 429 break; 430 } 431 if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) 432 goto e_inval; 433 434 np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; 435 np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; 436 retv = 0; 437 break; 438 } 439 440 case IPV6_2292PKTOPTIONS: 441 { 442 struct ipv6_txoptions *opt = NULL; 443 struct msghdr msg; 444 struct flowi6 fl6; 445 int junk; 446 447 memset(&fl6, 0, sizeof(fl6)); 448 fl6.flowi6_oif = sk->sk_bound_dev_if; 449 fl6.flowi6_mark = sk->sk_mark; 450 451 if (optlen == 0) 452 goto update; 453 454 /* 1K is probably excessive 455 * 1K is surely not enough, 2K per standard header is 16K. 456 */ 457 retv = -EINVAL; 458 if (optlen > 64*1024) 459 break; 460 461 opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); 462 retv = -ENOBUFS; 463 if (opt == NULL) 464 break; 465 466 memset(opt, 0, sizeof(*opt)); 467 opt->tot_len = sizeof(*opt) + optlen; 468 retv = -EFAULT; 469 if (copy_from_user(opt+1, optval, optlen)) 470 goto done; 471 472 msg.msg_controllen = optlen; 473 msg.msg_control = (void *)(opt+1); 474 475 retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, 476 &junk, &junk); 477 if (retv) 478 goto done; 479 update: 480 retv = 0; 481 opt = ipv6_update_options(sk, opt); 482 done: 483 if (opt) 484 sock_kfree_s(sk, opt, opt->tot_len); 485 break; 486 } 487 case IPV6_UNICAST_HOPS: 488 if (optlen < sizeof(int)) 489 goto e_inval; 490 if (val > 255 || val < -1) 491 goto e_inval; 492 np->hop_limit = val; 493 retv = 0; 494 break; 495 496 case IPV6_MULTICAST_HOPS: 497 if (sk->sk_type == SOCK_STREAM) 498 break; 499 if (optlen < sizeof(int)) 500 goto e_inval; 501 if (val > 255 || val < -1) 502 goto e_inval; 503 np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); 504 retv = 0; 505 break; 506 507 case IPV6_MULTICAST_LOOP: 508 if (optlen < sizeof(int)) 509 goto e_inval; 510 if (val != valbool) 511 goto e_inval; 512 np->mc_loop = valbool; 513 retv = 0; 514 break; 515 516 case IPV6_UNICAST_IF: 517 { 518 struct net_device *dev = NULL; 519 int ifindex; 520 521 if (optlen != sizeof(int)) 522 goto e_inval; 523 524 ifindex = (__force int)ntohl((__force __be32)val); 525 if (ifindex == 0) { 526 np->ucast_oif = 0; 527 retv = 0; 528 break; 529 } 530 531 dev = dev_get_by_index(net, ifindex); 532 retv = -EADDRNOTAVAIL; 533 if (!dev) 534 break; 535 dev_put(dev); 536 537 retv = -EINVAL; 538 if (sk->sk_bound_dev_if) 539 break; 540 541 np->ucast_oif = ifindex; 542 retv = 0; 543 break; 544 } 545 546 case IPV6_MULTICAST_IF: 547 if (sk->sk_type == SOCK_STREAM) 548 break; 549 if (optlen < sizeof(int)) 550 goto e_inval; 551 552 if (val) { 553 struct net_device *dev; 554 555 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val) 556 goto e_inval; 557 558 dev = dev_get_by_index(net, val); 559 if (!dev) { 560 retv = -ENODEV; 561 break; 562 } 563 dev_put(dev); 564 } 565 np->mcast_oif = val; 566 retv = 0; 567 break; 568 case IPV6_ADD_MEMBERSHIP: 569 case IPV6_DROP_MEMBERSHIP: 570 { 571 struct ipv6_mreq mreq; 572 573 if (optlen < sizeof(struct ipv6_mreq)) 574 goto e_inval; 575 576 retv = -EPROTO; 577 if (inet_sk(sk)->is_icsk) 578 break; 579 580 retv = -EFAULT; 581 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 582 break; 583 584 if (optname == IPV6_ADD_MEMBERSHIP) 585 retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 586 else 587 retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); 588 break; 589 } 590 case IPV6_JOIN_ANYCAST: 591 case IPV6_LEAVE_ANYCAST: 592 { 593 struct ipv6_mreq mreq; 594 595 if (optlen < sizeof(struct ipv6_mreq)) 596 goto e_inval; 597 598 retv = -EFAULT; 599 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) 600 break; 601 602 if (optname == IPV6_JOIN_ANYCAST) 603 retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 604 else 605 retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); 606 break; 607 } 608 case MCAST_JOIN_GROUP: 609 case MCAST_LEAVE_GROUP: 610 { 611 struct group_req greq; 612 struct sockaddr_in6 *psin6; 613 614 if (optlen < sizeof(struct group_req)) 615 goto e_inval; 616 617 retv = -EFAULT; 618 if (copy_from_user(&greq, optval, sizeof(struct group_req))) 619 break; 620 if (greq.gr_group.ss_family != AF_INET6) { 621 retv = -EADDRNOTAVAIL; 622 break; 623 } 624 psin6 = (struct sockaddr_in6 *)&greq.gr_group; 625 if (optname == MCAST_JOIN_GROUP) 626 retv = ipv6_sock_mc_join(sk, greq.gr_interface, 627 &psin6->sin6_addr); 628 else 629 retv = ipv6_sock_mc_drop(sk, greq.gr_interface, 630 &psin6->sin6_addr); 631 break; 632 } 633 case MCAST_JOIN_SOURCE_GROUP: 634 case MCAST_LEAVE_SOURCE_GROUP: 635 case MCAST_BLOCK_SOURCE: 636 case MCAST_UNBLOCK_SOURCE: 637 { 638 struct group_source_req greqs; 639 int omode, add; 640 641 if (optlen < sizeof(struct group_source_req)) 642 goto e_inval; 643 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 644 retv = -EFAULT; 645 break; 646 } 647 if (greqs.gsr_group.ss_family != AF_INET6 || 648 greqs.gsr_source.ss_family != AF_INET6) { 649 retv = -EADDRNOTAVAIL; 650 break; 651 } 652 if (optname == MCAST_BLOCK_SOURCE) { 653 omode = MCAST_EXCLUDE; 654 add = 1; 655 } else if (optname == MCAST_UNBLOCK_SOURCE) { 656 omode = MCAST_EXCLUDE; 657 add = 0; 658 } else if (optname == MCAST_JOIN_SOURCE_GROUP) { 659 struct sockaddr_in6 *psin6; 660 661 psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; 662 retv = ipv6_sock_mc_join(sk, greqs.gsr_interface, 663 &psin6->sin6_addr); 664 /* prior join w/ different source is ok */ 665 if (retv && retv != -EADDRINUSE) 666 break; 667 omode = MCAST_INCLUDE; 668 add = 1; 669 } else /* MCAST_LEAVE_SOURCE_GROUP */ { 670 omode = MCAST_INCLUDE; 671 add = 0; 672 } 673 retv = ip6_mc_source(add, omode, sk, &greqs); 674 break; 675 } 676 case MCAST_MSFILTER: 677 { 678 struct group_filter *gsf; 679 680 if (optlen < GROUP_FILTER_SIZE(0)) 681 goto e_inval; 682 if (optlen > sysctl_optmem_max) { 683 retv = -ENOBUFS; 684 break; 685 } 686 gsf = kmalloc(optlen, GFP_KERNEL); 687 if (!gsf) { 688 retv = -ENOBUFS; 689 break; 690 } 691 retv = -EFAULT; 692 if (copy_from_user(gsf, optval, optlen)) { 693 kfree(gsf); 694 break; 695 } 696 /* numsrc >= (4G-140)/128 overflow in 32 bits */ 697 if (gsf->gf_numsrc >= 0x1ffffffU || 698 gsf->gf_numsrc > sysctl_mld_max_msf) { 699 kfree(gsf); 700 retv = -ENOBUFS; 701 break; 702 } 703 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { 704 kfree(gsf); 705 retv = -EINVAL; 706 break; 707 } 708 retv = ip6_mc_msfilter(sk, gsf); 709 kfree(gsf); 710 711 break; 712 } 713 case IPV6_ROUTER_ALERT: 714 if (optlen < sizeof(int)) 715 goto e_inval; 716 retv = ip6_ra_control(sk, val); 717 break; 718 case IPV6_MTU_DISCOVER: 719 if (optlen < sizeof(int)) 720 goto e_inval; 721 if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) 722 goto e_inval; 723 np->pmtudisc = val; 724 retv = 0; 725 break; 726 case IPV6_MTU: 727 if (optlen < sizeof(int)) 728 goto e_inval; 729 if (val && val < IPV6_MIN_MTU) 730 goto e_inval; 731 np->frag_size = val; 732 retv = 0; 733 break; 734 case IPV6_RECVERR: 735 if (optlen < sizeof(int)) 736 goto e_inval; 737 np->recverr = valbool; 738 if (!val) 739 skb_queue_purge(&sk->sk_error_queue); 740 retv = 0; 741 break; 742 case IPV6_FLOWINFO_SEND: 743 if (optlen < sizeof(int)) 744 goto e_inval; 745 np->sndflow = valbool; 746 retv = 0; 747 break; 748 case IPV6_FLOWLABEL_MGR: 749 retv = ipv6_flowlabel_opt(sk, optval, optlen); 750 break; 751 case IPV6_IPSEC_POLICY: 752 case IPV6_XFRM_POLICY: 753 retv = -EPERM; 754 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 755 break; 756 retv = xfrm_user_policy(sk, optname, optval, optlen); 757 break; 758 759 case IPV6_ADDR_PREFERENCES: 760 { 761 unsigned int pref = 0; 762 unsigned int prefmask = ~0; 763 764 if (optlen < sizeof(int)) 765 goto e_inval; 766 767 retv = -EINVAL; 768 769 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */ 770 switch (val & (IPV6_PREFER_SRC_PUBLIC| 771 IPV6_PREFER_SRC_TMP| 772 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { 773 case IPV6_PREFER_SRC_PUBLIC: 774 pref |= IPV6_PREFER_SRC_PUBLIC; 775 break; 776 case IPV6_PREFER_SRC_TMP: 777 pref |= IPV6_PREFER_SRC_TMP; 778 break; 779 case IPV6_PREFER_SRC_PUBTMP_DEFAULT: 780 break; 781 case 0: 782 goto pref_skip_pubtmp; 783 default: 784 goto e_inval; 785 } 786 787 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| 788 IPV6_PREFER_SRC_TMP); 789 pref_skip_pubtmp: 790 791 /* check HOME/COA conflicts */ 792 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { 793 case IPV6_PREFER_SRC_HOME: 794 break; 795 case IPV6_PREFER_SRC_COA: 796 pref |= IPV6_PREFER_SRC_COA; 797 case 0: 798 goto pref_skip_coa; 799 default: 800 goto e_inval; 801 } 802 803 prefmask &= ~IPV6_PREFER_SRC_COA; 804 pref_skip_coa: 805 806 /* check CGA/NONCGA conflicts */ 807 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { 808 case IPV6_PREFER_SRC_CGA: 809 case IPV6_PREFER_SRC_NONCGA: 810 case 0: 811 break; 812 default: 813 goto e_inval; 814 } 815 816 np->srcprefs = (np->srcprefs & prefmask) | pref; 817 retv = 0; 818 819 break; 820 } 821 case IPV6_MINHOPCOUNT: 822 if (optlen < sizeof(int)) 823 goto e_inval; 824 if (val < 0 || val > 255) 825 goto e_inval; 826 np->min_hopcount = val; 827 retv = 0; 828 break; 829 case IPV6_DONTFRAG: 830 np->dontfrag = valbool; 831 retv = 0; 832 break; 833 case IPV6_AUTOFLOWLABEL: 834 np->autoflowlabel = valbool; 835 retv = 0; 836 break; 837 } 838 839 release_sock(sk); 840 841 return retv; 842 843 e_inval: 844 release_sock(sk); 845 return -EINVAL; 846 } 847 848 int ipv6_setsockopt(struct sock *sk, int level, int optname, 849 char __user *optval, unsigned int optlen) 850 { 851 int err; 852 853 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 854 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 855 856 if (level != SOL_IPV6) 857 return -ENOPROTOOPT; 858 859 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 860 #ifdef CONFIG_NETFILTER 861 /* we need to exclude all possible ENOPROTOOPTs except default case */ 862 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 863 optname != IPV6_XFRM_POLICY) { 864 lock_sock(sk); 865 err = nf_setsockopt(sk, PF_INET6, optname, optval, 866 optlen); 867 release_sock(sk); 868 } 869 #endif 870 return err; 871 } 872 EXPORT_SYMBOL(ipv6_setsockopt); 873 874 #ifdef CONFIG_COMPAT 875 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, 876 char __user *optval, unsigned int optlen) 877 { 878 int err; 879 880 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 881 if (udp_prot.compat_setsockopt != NULL) 882 return udp_prot.compat_setsockopt(sk, level, optname, 883 optval, optlen); 884 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 885 } 886 887 if (level != SOL_IPV6) 888 return -ENOPROTOOPT; 889 890 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER) 891 return compat_mc_setsockopt(sk, level, optname, optval, optlen, 892 ipv6_setsockopt); 893 894 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 895 #ifdef CONFIG_NETFILTER 896 /* we need to exclude all possible ENOPROTOOPTs except default case */ 897 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY && 898 optname != IPV6_XFRM_POLICY) { 899 lock_sock(sk); 900 err = compat_nf_setsockopt(sk, PF_INET6, optname, 901 optval, optlen); 902 release_sock(sk); 903 } 904 #endif 905 return err; 906 } 907 EXPORT_SYMBOL(compat_ipv6_setsockopt); 908 #endif 909 910 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 911 int optname, char __user *optval, int len) 912 { 913 struct ipv6_opt_hdr *hdr; 914 915 if (!opt) 916 return 0; 917 918 switch (optname) { 919 case IPV6_HOPOPTS: 920 hdr = opt->hopopt; 921 break; 922 case IPV6_RTHDRDSTOPTS: 923 hdr = opt->dst0opt; 924 break; 925 case IPV6_RTHDR: 926 hdr = (struct ipv6_opt_hdr *)opt->srcrt; 927 break; 928 case IPV6_DSTOPTS: 929 hdr = opt->dst1opt; 930 break; 931 default: 932 return -EINVAL; /* should not happen */ 933 } 934 935 if (!hdr) 936 return 0; 937 938 len = min_t(unsigned int, len, ipv6_optlen(hdr)); 939 if (copy_to_user(optval, hdr, len)) 940 return -EFAULT; 941 return len; 942 } 943 944 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 945 char __user *optval, int __user *optlen, unsigned int flags) 946 { 947 struct ipv6_pinfo *np = inet6_sk(sk); 948 int len; 949 int val; 950 951 if (ip6_mroute_opt(optname)) 952 return ip6_mroute_getsockopt(sk, optname, optval, optlen); 953 954 if (get_user(len, optlen)) 955 return -EFAULT; 956 switch (optname) { 957 case IPV6_ADDRFORM: 958 if (sk->sk_protocol != IPPROTO_UDP && 959 sk->sk_protocol != IPPROTO_UDPLITE && 960 sk->sk_protocol != IPPROTO_TCP) 961 return -ENOPROTOOPT; 962 if (sk->sk_state != TCP_ESTABLISHED) 963 return -ENOTCONN; 964 val = sk->sk_family; 965 break; 966 case MCAST_MSFILTER: 967 { 968 struct group_filter gsf; 969 int err; 970 971 if (len < GROUP_FILTER_SIZE(0)) 972 return -EINVAL; 973 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 974 return -EFAULT; 975 if (gsf.gf_group.ss_family != AF_INET6) 976 return -EADDRNOTAVAIL; 977 lock_sock(sk); 978 err = ip6_mc_msfget(sk, &gsf, 979 (struct group_filter __user *)optval, optlen); 980 release_sock(sk); 981 return err; 982 } 983 984 case IPV6_2292PKTOPTIONS: 985 { 986 struct msghdr msg; 987 struct sk_buff *skb; 988 989 if (sk->sk_type != SOCK_STREAM) 990 return -ENOPROTOOPT; 991 992 msg.msg_control = optval; 993 msg.msg_controllen = len; 994 msg.msg_flags = flags; 995 996 lock_sock(sk); 997 skb = np->pktoptions; 998 if (skb) 999 atomic_inc(&skb->users); 1000 release_sock(sk); 1001 1002 if (skb) { 1003 ip6_datagram_recv_ctl(sk, &msg, skb); 1004 kfree_skb(skb); 1005 } else { 1006 if (np->rxopt.bits.rxinfo) { 1007 struct in6_pktinfo src_info; 1008 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1009 np->sticky_pktinfo.ipi6_ifindex; 1010 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; 1011 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); 1012 } 1013 if (np->rxopt.bits.rxhlim) { 1014 int hlim = np->mcast_hops; 1015 put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); 1016 } 1017 if (np->rxopt.bits.rxtclass) { 1018 int tclass = (int)ip6_tclass(np->rcv_flowinfo); 1019 1020 put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); 1021 } 1022 if (np->rxopt.bits.rxoinfo) { 1023 struct in6_pktinfo src_info; 1024 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : 1025 np->sticky_pktinfo.ipi6_ifindex; 1026 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : 1027 np->sticky_pktinfo.ipi6_addr; 1028 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 1029 } 1030 if (np->rxopt.bits.rxohlim) { 1031 int hlim = np->mcast_hops; 1032 put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); 1033 } 1034 if (np->rxopt.bits.rxflow) { 1035 __be32 flowinfo = np->rcv_flowinfo; 1036 1037 put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); 1038 } 1039 } 1040 len -= msg.msg_controllen; 1041 return put_user(len, optlen); 1042 } 1043 case IPV6_MTU: 1044 { 1045 struct dst_entry *dst; 1046 1047 val = 0; 1048 rcu_read_lock(); 1049 dst = __sk_dst_get(sk); 1050 if (dst) 1051 val = dst_mtu(dst); 1052 rcu_read_unlock(); 1053 if (!val) 1054 return -ENOTCONN; 1055 break; 1056 } 1057 1058 case IPV6_V6ONLY: 1059 val = sk->sk_ipv6only; 1060 break; 1061 1062 case IPV6_RECVPKTINFO: 1063 val = np->rxopt.bits.rxinfo; 1064 break; 1065 1066 case IPV6_2292PKTINFO: 1067 val = np->rxopt.bits.rxoinfo; 1068 break; 1069 1070 case IPV6_RECVHOPLIMIT: 1071 val = np->rxopt.bits.rxhlim; 1072 break; 1073 1074 case IPV6_2292HOPLIMIT: 1075 val = np->rxopt.bits.rxohlim; 1076 break; 1077 1078 case IPV6_RECVRTHDR: 1079 val = np->rxopt.bits.srcrt; 1080 break; 1081 1082 case IPV6_2292RTHDR: 1083 val = np->rxopt.bits.osrcrt; 1084 break; 1085 1086 case IPV6_HOPOPTS: 1087 case IPV6_RTHDRDSTOPTS: 1088 case IPV6_RTHDR: 1089 case IPV6_DSTOPTS: 1090 { 1091 1092 lock_sock(sk); 1093 len = ipv6_getsockopt_sticky(sk, np->opt, 1094 optname, optval, len); 1095 release_sock(sk); 1096 /* check if ipv6_getsockopt_sticky() returns err code */ 1097 if (len < 0) 1098 return len; 1099 return put_user(len, optlen); 1100 } 1101 1102 case IPV6_RECVHOPOPTS: 1103 val = np->rxopt.bits.hopopts; 1104 break; 1105 1106 case IPV6_2292HOPOPTS: 1107 val = np->rxopt.bits.ohopopts; 1108 break; 1109 1110 case IPV6_RECVDSTOPTS: 1111 val = np->rxopt.bits.dstopts; 1112 break; 1113 1114 case IPV6_2292DSTOPTS: 1115 val = np->rxopt.bits.odstopts; 1116 break; 1117 1118 case IPV6_TCLASS: 1119 val = np->tclass; 1120 break; 1121 1122 case IPV6_RECVTCLASS: 1123 val = np->rxopt.bits.rxtclass; 1124 break; 1125 1126 case IPV6_FLOWINFO: 1127 val = np->rxopt.bits.rxflow; 1128 break; 1129 1130 case IPV6_RECVPATHMTU: 1131 val = np->rxopt.bits.rxpmtu; 1132 break; 1133 1134 case IPV6_PATHMTU: 1135 { 1136 struct dst_entry *dst; 1137 struct ip6_mtuinfo mtuinfo; 1138 1139 if (len < sizeof(mtuinfo)) 1140 return -EINVAL; 1141 1142 len = sizeof(mtuinfo); 1143 memset(&mtuinfo, 0, sizeof(mtuinfo)); 1144 1145 rcu_read_lock(); 1146 dst = __sk_dst_get(sk); 1147 if (dst) 1148 mtuinfo.ip6m_mtu = dst_mtu(dst); 1149 rcu_read_unlock(); 1150 if (!mtuinfo.ip6m_mtu) 1151 return -ENOTCONN; 1152 1153 if (put_user(len, optlen)) 1154 return -EFAULT; 1155 if (copy_to_user(optval, &mtuinfo, len)) 1156 return -EFAULT; 1157 1158 return 0; 1159 } 1160 1161 case IPV6_TRANSPARENT: 1162 val = inet_sk(sk)->transparent; 1163 break; 1164 1165 case IPV6_RECVORIGDSTADDR: 1166 val = np->rxopt.bits.rxorigdstaddr; 1167 break; 1168 1169 case IPV6_UNICAST_HOPS: 1170 case IPV6_MULTICAST_HOPS: 1171 { 1172 struct dst_entry *dst; 1173 1174 if (optname == IPV6_UNICAST_HOPS) 1175 val = np->hop_limit; 1176 else 1177 val = np->mcast_hops; 1178 1179 if (val < 0) { 1180 rcu_read_lock(); 1181 dst = __sk_dst_get(sk); 1182 if (dst) 1183 val = ip6_dst_hoplimit(dst); 1184 rcu_read_unlock(); 1185 } 1186 1187 if (val < 0) 1188 val = sock_net(sk)->ipv6.devconf_all->hop_limit; 1189 break; 1190 } 1191 1192 case IPV6_MULTICAST_LOOP: 1193 val = np->mc_loop; 1194 break; 1195 1196 case IPV6_MULTICAST_IF: 1197 val = np->mcast_oif; 1198 break; 1199 1200 case IPV6_UNICAST_IF: 1201 val = (__force int)htonl((__u32) np->ucast_oif); 1202 break; 1203 1204 case IPV6_MTU_DISCOVER: 1205 val = np->pmtudisc; 1206 break; 1207 1208 case IPV6_RECVERR: 1209 val = np->recverr; 1210 break; 1211 1212 case IPV6_FLOWINFO_SEND: 1213 val = np->sndflow; 1214 break; 1215 1216 case IPV6_FLOWLABEL_MGR: 1217 { 1218 struct in6_flowlabel_req freq; 1219 int flags; 1220 1221 if (len < sizeof(freq)) 1222 return -EINVAL; 1223 1224 if (copy_from_user(&freq, optval, sizeof(freq))) 1225 return -EFAULT; 1226 1227 if (freq.flr_action != IPV6_FL_A_GET) 1228 return -EINVAL; 1229 1230 len = sizeof(freq); 1231 flags = freq.flr_flags; 1232 1233 memset(&freq, 0, sizeof(freq)); 1234 1235 val = ipv6_flowlabel_opt_get(sk, &freq, flags); 1236 if (val < 0) 1237 return val; 1238 1239 if (put_user(len, optlen)) 1240 return -EFAULT; 1241 if (copy_to_user(optval, &freq, len)) 1242 return -EFAULT; 1243 1244 return 0; 1245 } 1246 1247 case IPV6_ADDR_PREFERENCES: 1248 val = 0; 1249 1250 if (np->srcprefs & IPV6_PREFER_SRC_TMP) 1251 val |= IPV6_PREFER_SRC_TMP; 1252 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC) 1253 val |= IPV6_PREFER_SRC_PUBLIC; 1254 else { 1255 /* XXX: should we return system default? */ 1256 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT; 1257 } 1258 1259 if (np->srcprefs & IPV6_PREFER_SRC_COA) 1260 val |= IPV6_PREFER_SRC_COA; 1261 else 1262 val |= IPV6_PREFER_SRC_HOME; 1263 break; 1264 1265 case IPV6_MINHOPCOUNT: 1266 val = np->min_hopcount; 1267 break; 1268 1269 case IPV6_DONTFRAG: 1270 val = np->dontfrag; 1271 break; 1272 1273 case IPV6_AUTOFLOWLABEL: 1274 val = np->autoflowlabel; 1275 break; 1276 1277 default: 1278 return -ENOPROTOOPT; 1279 } 1280 len = min_t(unsigned int, sizeof(int), len); 1281 if (put_user(len, optlen)) 1282 return -EFAULT; 1283 if (copy_to_user(optval, &val, len)) 1284 return -EFAULT; 1285 return 0; 1286 } 1287 1288 int ipv6_getsockopt(struct sock *sk, int level, int optname, 1289 char __user *optval, int __user *optlen) 1290 { 1291 int err; 1292 1293 if (level == SOL_IP && sk->sk_type != SOCK_RAW) 1294 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1295 1296 if (level != SOL_IPV6) 1297 return -ENOPROTOOPT; 1298 1299 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0); 1300 #ifdef CONFIG_NETFILTER 1301 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1302 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1303 int len; 1304 1305 if (get_user(len, optlen)) 1306 return -EFAULT; 1307 1308 lock_sock(sk); 1309 err = nf_getsockopt(sk, PF_INET6, optname, optval, 1310 &len); 1311 release_sock(sk); 1312 if (err >= 0) 1313 err = put_user(len, optlen); 1314 } 1315 #endif 1316 return err; 1317 } 1318 EXPORT_SYMBOL(ipv6_getsockopt); 1319 1320 #ifdef CONFIG_COMPAT 1321 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, 1322 char __user *optval, int __user *optlen) 1323 { 1324 int err; 1325 1326 if (level == SOL_IP && sk->sk_type != SOCK_RAW) { 1327 if (udp_prot.compat_getsockopt != NULL) 1328 return udp_prot.compat_getsockopt(sk, level, optname, 1329 optval, optlen); 1330 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1331 } 1332 1333 if (level != SOL_IPV6) 1334 return -ENOPROTOOPT; 1335 1336 if (optname == MCAST_MSFILTER) 1337 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1338 ipv6_getsockopt); 1339 1340 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 1341 MSG_CMSG_COMPAT); 1342 #ifdef CONFIG_NETFILTER 1343 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1344 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1345 int len; 1346 1347 if (get_user(len, optlen)) 1348 return -EFAULT; 1349 1350 lock_sock(sk); 1351 err = compat_nf_getsockopt(sk, PF_INET6, 1352 optname, optval, &len); 1353 release_sock(sk); 1354 if (err >= 0) 1355 err = put_user(len, optlen); 1356 } 1357 #endif 1358 return err; 1359 } 1360 EXPORT_SYMBOL(compat_ipv6_getsockopt); 1361 #endif 1362 1363