xref: /linux/net/ipv6/ipv6_sockglue.c (revision 4949009eb8d40a441dcddcd96e101e77d31cf1b2)
1 /*
2  *	IPv6 BSD socket options interface
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	Based on linux/net/ipv4/ip_sockglue.c
9  *
10  *	This program is free software; you can redistribute it and/or
11  *      modify it under the terms of the GNU General Public License
12  *      as published by the Free Software Foundation; either version
13  *      2 of the License, or (at your option) any later version.
14  *
15  *	FIXME: Make the setsockopt code POSIX compliant: That is
16  *
17  *	o	Truncate getsockopt returns
18  *	o	Return an optlen of the truncated length if need be
19  *
20  *	Changes:
21  *	David L Stevens <dlstevens@us.ibm.com>:
22  *		- added multicast source filtering API for MLDv2
23  */
24 
25 #include <linux/module.h>
26 #include <linux/capability.h>
27 #include <linux/errno.h>
28 #include <linux/types.h>
29 #include <linux/socket.h>
30 #include <linux/sockios.h>
31 #include <linux/net.h>
32 #include <linux/in6.h>
33 #include <linux/mroute6.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/init.h>
37 #include <linux/sysctl.h>
38 #include <linux/netfilter.h>
39 #include <linux/slab.h>
40 
41 #include <net/sock.h>
42 #include <net/snmp.h>
43 #include <net/ipv6.h>
44 #include <net/ndisc.h>
45 #include <net/protocol.h>
46 #include <net/transp_v6.h>
47 #include <net/ip6_route.h>
48 #include <net/addrconf.h>
49 #include <net/inet_common.h>
50 #include <net/tcp.h>
51 #include <net/udp.h>
52 #include <net/udplite.h>
53 #include <net/xfrm.h>
54 #include <net/compat.h>
55 
56 #include <asm/uaccess.h>
57 
58 struct ip6_ra_chain *ip6_ra_chain;
59 DEFINE_RWLOCK(ip6_ra_lock);
60 
61 int ip6_ra_control(struct sock *sk, int sel)
62 {
63 	struct ip6_ra_chain *ra, *new_ra, **rap;
64 
65 	/* RA packet may be delivered ONLY to IPPROTO_RAW socket */
66 	if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW)
67 		return -ENOPROTOOPT;
68 
69 	new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
70 
71 	write_lock_bh(&ip6_ra_lock);
72 	for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {
73 		if (ra->sk == sk) {
74 			if (sel >= 0) {
75 				write_unlock_bh(&ip6_ra_lock);
76 				kfree(new_ra);
77 				return -EADDRINUSE;
78 			}
79 
80 			*rap = ra->next;
81 			write_unlock_bh(&ip6_ra_lock);
82 
83 			sock_put(sk);
84 			kfree(ra);
85 			return 0;
86 		}
87 	}
88 	if (new_ra == NULL) {
89 		write_unlock_bh(&ip6_ra_lock);
90 		return -ENOBUFS;
91 	}
92 	new_ra->sk = sk;
93 	new_ra->sel = sel;
94 	new_ra->next = ra;
95 	*rap = new_ra;
96 	sock_hold(sk);
97 	write_unlock_bh(&ip6_ra_lock);
98 	return 0;
99 }
100 
101 static
102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
103 					   struct ipv6_txoptions *opt)
104 {
105 	if (inet_sk(sk)->is_icsk) {
106 		if (opt &&
107 		    !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
108 		    inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) {
109 			struct inet_connection_sock *icsk = inet_csk(sk);
110 			icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
111 			icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
112 		}
113 	}
114 	opt = xchg(&inet6_sk(sk)->opt, opt);
115 	sk_dst_reset(sk);
116 
117 	return opt;
118 }
119 
120 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
121 		    char __user *optval, unsigned int optlen)
122 {
123 	struct ipv6_pinfo *np = inet6_sk(sk);
124 	struct net *net = sock_net(sk);
125 	int val, valbool;
126 	int retv = -ENOPROTOOPT;
127 
128 	if (optval == NULL)
129 		val = 0;
130 	else {
131 		if (optlen >= sizeof(int)) {
132 			if (get_user(val, (int __user *) optval))
133 				return -EFAULT;
134 		} else
135 			val = 0;
136 	}
137 
138 	valbool = (val != 0);
139 
140 	if (ip6_mroute_opt(optname))
141 		return ip6_mroute_setsockopt(sk, optname, optval, optlen);
142 
143 	lock_sock(sk);
144 
145 	switch (optname) {
146 
147 	case IPV6_ADDRFORM:
148 		if (optlen < sizeof(int))
149 			goto e_inval;
150 		if (val == PF_INET) {
151 			struct ipv6_txoptions *opt;
152 			struct sk_buff *pktopt;
153 
154 			if (sk->sk_type == SOCK_RAW)
155 				break;
156 
157 			if (sk->sk_protocol == IPPROTO_UDP ||
158 			    sk->sk_protocol == IPPROTO_UDPLITE) {
159 				struct udp_sock *up = udp_sk(sk);
160 				if (up->pending == AF_INET6) {
161 					retv = -EBUSY;
162 					break;
163 				}
164 			} else if (sk->sk_protocol != IPPROTO_TCP)
165 				break;
166 
167 			if (sk->sk_state != TCP_ESTABLISHED) {
168 				retv = -ENOTCONN;
169 				break;
170 			}
171 
172 			if (ipv6_only_sock(sk) ||
173 			    !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) {
174 				retv = -EADDRNOTAVAIL;
175 				break;
176 			}
177 
178 			fl6_free_socklist(sk);
179 			ipv6_sock_mc_close(sk);
180 
181 			/*
182 			 * Sock is moving from IPv6 to IPv4 (sk_prot), so
183 			 * remove it from the refcnt debug socks count in the
184 			 * original family...
185 			 */
186 			sk_refcnt_debug_dec(sk);
187 
188 			if (sk->sk_protocol == IPPROTO_TCP) {
189 				struct inet_connection_sock *icsk = inet_csk(sk);
190 				local_bh_disable();
191 				sock_prot_inuse_add(net, sk->sk_prot, -1);
192 				sock_prot_inuse_add(net, &tcp_prot, 1);
193 				local_bh_enable();
194 				sk->sk_prot = &tcp_prot;
195 				icsk->icsk_af_ops = &ipv4_specific;
196 				sk->sk_socket->ops = &inet_stream_ops;
197 				sk->sk_family = PF_INET;
198 				tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
199 			} else {
200 				struct proto *prot = &udp_prot;
201 
202 				if (sk->sk_protocol == IPPROTO_UDPLITE)
203 					prot = &udplite_prot;
204 				local_bh_disable();
205 				sock_prot_inuse_add(net, sk->sk_prot, -1);
206 				sock_prot_inuse_add(net, prot, 1);
207 				local_bh_enable();
208 				sk->sk_prot = prot;
209 				sk->sk_socket->ops = &inet_dgram_ops;
210 				sk->sk_family = PF_INET;
211 			}
212 			opt = xchg(&np->opt, NULL);
213 			if (opt)
214 				sock_kfree_s(sk, opt, opt->tot_len);
215 			pktopt = xchg(&np->pktoptions, NULL);
216 			kfree_skb(pktopt);
217 
218 			sk->sk_destruct = inet_sock_destruct;
219 			/*
220 			 * ... and add it to the refcnt debug socks count
221 			 * in the new family. -acme
222 			 */
223 			sk_refcnt_debug_inc(sk);
224 			module_put(THIS_MODULE);
225 			retv = 0;
226 			break;
227 		}
228 		goto e_inval;
229 
230 	case IPV6_V6ONLY:
231 		if (optlen < sizeof(int) ||
232 		    inet_sk(sk)->inet_num)
233 			goto e_inval;
234 		sk->sk_ipv6only = valbool;
235 		retv = 0;
236 		break;
237 
238 	case IPV6_RECVPKTINFO:
239 		if (optlen < sizeof(int))
240 			goto e_inval;
241 		np->rxopt.bits.rxinfo = valbool;
242 		retv = 0;
243 		break;
244 
245 	case IPV6_2292PKTINFO:
246 		if (optlen < sizeof(int))
247 			goto e_inval;
248 		np->rxopt.bits.rxoinfo = valbool;
249 		retv = 0;
250 		break;
251 
252 	case IPV6_RECVHOPLIMIT:
253 		if (optlen < sizeof(int))
254 			goto e_inval;
255 		np->rxopt.bits.rxhlim = valbool;
256 		retv = 0;
257 		break;
258 
259 	case IPV6_2292HOPLIMIT:
260 		if (optlen < sizeof(int))
261 			goto e_inval;
262 		np->rxopt.bits.rxohlim = valbool;
263 		retv = 0;
264 		break;
265 
266 	case IPV6_RECVRTHDR:
267 		if (optlen < sizeof(int))
268 			goto e_inval;
269 		np->rxopt.bits.srcrt = valbool;
270 		retv = 0;
271 		break;
272 
273 	case IPV6_2292RTHDR:
274 		if (optlen < sizeof(int))
275 			goto e_inval;
276 		np->rxopt.bits.osrcrt = valbool;
277 		retv = 0;
278 		break;
279 
280 	case IPV6_RECVHOPOPTS:
281 		if (optlen < sizeof(int))
282 			goto e_inval;
283 		np->rxopt.bits.hopopts = valbool;
284 		retv = 0;
285 		break;
286 
287 	case IPV6_2292HOPOPTS:
288 		if (optlen < sizeof(int))
289 			goto e_inval;
290 		np->rxopt.bits.ohopopts = valbool;
291 		retv = 0;
292 		break;
293 
294 	case IPV6_RECVDSTOPTS:
295 		if (optlen < sizeof(int))
296 			goto e_inval;
297 		np->rxopt.bits.dstopts = valbool;
298 		retv = 0;
299 		break;
300 
301 	case IPV6_2292DSTOPTS:
302 		if (optlen < sizeof(int))
303 			goto e_inval;
304 		np->rxopt.bits.odstopts = valbool;
305 		retv = 0;
306 		break;
307 
308 	case IPV6_TCLASS:
309 		if (optlen < sizeof(int))
310 			goto e_inval;
311 		if (val < -1 || val > 0xff)
312 			goto e_inval;
313 		/* RFC 3542, 6.5: default traffic class of 0x0 */
314 		if (val == -1)
315 			val = 0;
316 		np->tclass = val;
317 		retv = 0;
318 		break;
319 
320 	case IPV6_RECVTCLASS:
321 		if (optlen < sizeof(int))
322 			goto e_inval;
323 		np->rxopt.bits.rxtclass = valbool;
324 		retv = 0;
325 		break;
326 
327 	case IPV6_FLOWINFO:
328 		if (optlen < sizeof(int))
329 			goto e_inval;
330 		np->rxopt.bits.rxflow = valbool;
331 		retv = 0;
332 		break;
333 
334 	case IPV6_RECVPATHMTU:
335 		if (optlen < sizeof(int))
336 			goto e_inval;
337 		np->rxopt.bits.rxpmtu = valbool;
338 		retv = 0;
339 		break;
340 
341 	case IPV6_TRANSPARENT:
342 		if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) &&
343 		    !ns_capable(net->user_ns, CAP_NET_RAW)) {
344 			retv = -EPERM;
345 			break;
346 		}
347 		if (optlen < sizeof(int))
348 			goto e_inval;
349 		/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */
350 		inet_sk(sk)->transparent = valbool;
351 		retv = 0;
352 		break;
353 
354 	case IPV6_RECVORIGDSTADDR:
355 		if (optlen < sizeof(int))
356 			goto e_inval;
357 		np->rxopt.bits.rxorigdstaddr = valbool;
358 		retv = 0;
359 		break;
360 
361 	case IPV6_HOPOPTS:
362 	case IPV6_RTHDRDSTOPTS:
363 	case IPV6_RTHDR:
364 	case IPV6_DSTOPTS:
365 	{
366 		struct ipv6_txoptions *opt;
367 
368 		/* remove any sticky options header with a zero option
369 		 * length, per RFC3542.
370 		 */
371 		if (optlen == 0)
372 			optval = NULL;
373 		else if (optval == NULL)
374 			goto e_inval;
375 		else if (optlen < sizeof(struct ipv6_opt_hdr) ||
376 			 optlen & 0x7 || optlen > 8 * 255)
377 			goto e_inval;
378 
379 		/* hop-by-hop / destination options are privileged option */
380 		retv = -EPERM;
381 		if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW))
382 			break;
383 
384 		opt = ipv6_renew_options(sk, np->opt, optname,
385 					 (struct ipv6_opt_hdr __user *)optval,
386 					 optlen);
387 		if (IS_ERR(opt)) {
388 			retv = PTR_ERR(opt);
389 			break;
390 		}
391 
392 		/* routing header option needs extra check */
393 		retv = -EINVAL;
394 		if (optname == IPV6_RTHDR && opt && opt->srcrt) {
395 			struct ipv6_rt_hdr *rthdr = opt->srcrt;
396 			switch (rthdr->type) {
397 #if IS_ENABLED(CONFIG_IPV6_MIP6)
398 			case IPV6_SRCRT_TYPE_2:
399 				if (rthdr->hdrlen != 2 ||
400 				    rthdr->segments_left != 1)
401 					goto sticky_done;
402 
403 				break;
404 #endif
405 			default:
406 				goto sticky_done;
407 			}
408 		}
409 
410 		retv = 0;
411 		opt = ipv6_update_options(sk, opt);
412 sticky_done:
413 		if (opt)
414 			sock_kfree_s(sk, opt, opt->tot_len);
415 		break;
416 	}
417 
418 	case IPV6_PKTINFO:
419 	{
420 		struct in6_pktinfo pkt;
421 
422 		if (optlen == 0)
423 			goto e_inval;
424 		else if (optlen < sizeof(struct in6_pktinfo) || optval == NULL)
425 			goto e_inval;
426 
427 		if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) {
428 				retv = -EFAULT;
429 				break;
430 		}
431 		if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
432 			goto e_inval;
433 
434 		np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex;
435 		np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr;
436 		retv = 0;
437 		break;
438 	}
439 
440 	case IPV6_2292PKTOPTIONS:
441 	{
442 		struct ipv6_txoptions *opt = NULL;
443 		struct msghdr msg;
444 		struct flowi6 fl6;
445 		int junk;
446 
447 		memset(&fl6, 0, sizeof(fl6));
448 		fl6.flowi6_oif = sk->sk_bound_dev_if;
449 		fl6.flowi6_mark = sk->sk_mark;
450 
451 		if (optlen == 0)
452 			goto update;
453 
454 		/* 1K is probably excessive
455 		 * 1K is surely not enough, 2K per standard header is 16K.
456 		 */
457 		retv = -EINVAL;
458 		if (optlen > 64*1024)
459 			break;
460 
461 		opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL);
462 		retv = -ENOBUFS;
463 		if (opt == NULL)
464 			break;
465 
466 		memset(opt, 0, sizeof(*opt));
467 		opt->tot_len = sizeof(*opt) + optlen;
468 		retv = -EFAULT;
469 		if (copy_from_user(opt+1, optval, optlen))
470 			goto done;
471 
472 		msg.msg_controllen = optlen;
473 		msg.msg_control = (void *)(opt+1);
474 
475 		retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk,
476 					     &junk, &junk);
477 		if (retv)
478 			goto done;
479 update:
480 		retv = 0;
481 		opt = ipv6_update_options(sk, opt);
482 done:
483 		if (opt)
484 			sock_kfree_s(sk, opt, opt->tot_len);
485 		break;
486 	}
487 	case IPV6_UNICAST_HOPS:
488 		if (optlen < sizeof(int))
489 			goto e_inval;
490 		if (val > 255 || val < -1)
491 			goto e_inval;
492 		np->hop_limit = val;
493 		retv = 0;
494 		break;
495 
496 	case IPV6_MULTICAST_HOPS:
497 		if (sk->sk_type == SOCK_STREAM)
498 			break;
499 		if (optlen < sizeof(int))
500 			goto e_inval;
501 		if (val > 255 || val < -1)
502 			goto e_inval;
503 		np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val);
504 		retv = 0;
505 		break;
506 
507 	case IPV6_MULTICAST_LOOP:
508 		if (optlen < sizeof(int))
509 			goto e_inval;
510 		if (val != valbool)
511 			goto e_inval;
512 		np->mc_loop = valbool;
513 		retv = 0;
514 		break;
515 
516 	case IPV6_UNICAST_IF:
517 	{
518 		struct net_device *dev = NULL;
519 		int ifindex;
520 
521 		if (optlen != sizeof(int))
522 			goto e_inval;
523 
524 		ifindex = (__force int)ntohl((__force __be32)val);
525 		if (ifindex == 0) {
526 			np->ucast_oif = 0;
527 			retv = 0;
528 			break;
529 		}
530 
531 		dev = dev_get_by_index(net, ifindex);
532 		retv = -EADDRNOTAVAIL;
533 		if (!dev)
534 			break;
535 		dev_put(dev);
536 
537 		retv = -EINVAL;
538 		if (sk->sk_bound_dev_if)
539 			break;
540 
541 		np->ucast_oif = ifindex;
542 		retv = 0;
543 		break;
544 	}
545 
546 	case IPV6_MULTICAST_IF:
547 		if (sk->sk_type == SOCK_STREAM)
548 			break;
549 		if (optlen < sizeof(int))
550 			goto e_inval;
551 
552 		if (val) {
553 			struct net_device *dev;
554 
555 			if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val)
556 				goto e_inval;
557 
558 			dev = dev_get_by_index(net, val);
559 			if (!dev) {
560 				retv = -ENODEV;
561 				break;
562 			}
563 			dev_put(dev);
564 		}
565 		np->mcast_oif = val;
566 		retv = 0;
567 		break;
568 	case IPV6_ADD_MEMBERSHIP:
569 	case IPV6_DROP_MEMBERSHIP:
570 	{
571 		struct ipv6_mreq mreq;
572 
573 		if (optlen < sizeof(struct ipv6_mreq))
574 			goto e_inval;
575 
576 		retv = -EPROTO;
577 		if (inet_sk(sk)->is_icsk)
578 			break;
579 
580 		retv = -EFAULT;
581 		if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq)))
582 			break;
583 
584 		if (optname == IPV6_ADD_MEMBERSHIP)
585 			retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
586 		else
587 			retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
588 		break;
589 	}
590 	case IPV6_JOIN_ANYCAST:
591 	case IPV6_LEAVE_ANYCAST:
592 	{
593 		struct ipv6_mreq mreq;
594 
595 		if (optlen < sizeof(struct ipv6_mreq))
596 			goto e_inval;
597 
598 		retv = -EFAULT;
599 		if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq)))
600 			break;
601 
602 		if (optname == IPV6_JOIN_ANYCAST)
603 			retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
604 		else
605 			retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
606 		break;
607 	}
608 	case MCAST_JOIN_GROUP:
609 	case MCAST_LEAVE_GROUP:
610 	{
611 		struct group_req greq;
612 		struct sockaddr_in6 *psin6;
613 
614 		if (optlen < sizeof(struct group_req))
615 			goto e_inval;
616 
617 		retv = -EFAULT;
618 		if (copy_from_user(&greq, optval, sizeof(struct group_req)))
619 			break;
620 		if (greq.gr_group.ss_family != AF_INET6) {
621 			retv = -EADDRNOTAVAIL;
622 			break;
623 		}
624 		psin6 = (struct sockaddr_in6 *)&greq.gr_group;
625 		if (optname == MCAST_JOIN_GROUP)
626 			retv = ipv6_sock_mc_join(sk, greq.gr_interface,
627 				&psin6->sin6_addr);
628 		else
629 			retv = ipv6_sock_mc_drop(sk, greq.gr_interface,
630 				&psin6->sin6_addr);
631 		break;
632 	}
633 	case MCAST_JOIN_SOURCE_GROUP:
634 	case MCAST_LEAVE_SOURCE_GROUP:
635 	case MCAST_BLOCK_SOURCE:
636 	case MCAST_UNBLOCK_SOURCE:
637 	{
638 		struct group_source_req greqs;
639 		int omode, add;
640 
641 		if (optlen < sizeof(struct group_source_req))
642 			goto e_inval;
643 		if (copy_from_user(&greqs, optval, sizeof(greqs))) {
644 			retv = -EFAULT;
645 			break;
646 		}
647 		if (greqs.gsr_group.ss_family != AF_INET6 ||
648 		    greqs.gsr_source.ss_family != AF_INET6) {
649 			retv = -EADDRNOTAVAIL;
650 			break;
651 		}
652 		if (optname == MCAST_BLOCK_SOURCE) {
653 			omode = MCAST_EXCLUDE;
654 			add = 1;
655 		} else if (optname == MCAST_UNBLOCK_SOURCE) {
656 			omode = MCAST_EXCLUDE;
657 			add = 0;
658 		} else if (optname == MCAST_JOIN_SOURCE_GROUP) {
659 			struct sockaddr_in6 *psin6;
660 
661 			psin6 = (struct sockaddr_in6 *)&greqs.gsr_group;
662 			retv = ipv6_sock_mc_join(sk, greqs.gsr_interface,
663 				&psin6->sin6_addr);
664 			/* prior join w/ different source is ok */
665 			if (retv && retv != -EADDRINUSE)
666 				break;
667 			omode = MCAST_INCLUDE;
668 			add = 1;
669 		} else /* MCAST_LEAVE_SOURCE_GROUP */ {
670 			omode = MCAST_INCLUDE;
671 			add = 0;
672 		}
673 		retv = ip6_mc_source(add, omode, sk, &greqs);
674 		break;
675 	}
676 	case MCAST_MSFILTER:
677 	{
678 		struct group_filter *gsf;
679 
680 		if (optlen < GROUP_FILTER_SIZE(0))
681 			goto e_inval;
682 		if (optlen > sysctl_optmem_max) {
683 			retv = -ENOBUFS;
684 			break;
685 		}
686 		gsf = kmalloc(optlen, GFP_KERNEL);
687 		if (!gsf) {
688 			retv = -ENOBUFS;
689 			break;
690 		}
691 		retv = -EFAULT;
692 		if (copy_from_user(gsf, optval, optlen)) {
693 			kfree(gsf);
694 			break;
695 		}
696 		/* numsrc >= (4G-140)/128 overflow in 32 bits */
697 		if (gsf->gf_numsrc >= 0x1ffffffU ||
698 		    gsf->gf_numsrc > sysctl_mld_max_msf) {
699 			kfree(gsf);
700 			retv = -ENOBUFS;
701 			break;
702 		}
703 		if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
704 			kfree(gsf);
705 			retv = -EINVAL;
706 			break;
707 		}
708 		retv = ip6_mc_msfilter(sk, gsf);
709 		kfree(gsf);
710 
711 		break;
712 	}
713 	case IPV6_ROUTER_ALERT:
714 		if (optlen < sizeof(int))
715 			goto e_inval;
716 		retv = ip6_ra_control(sk, val);
717 		break;
718 	case IPV6_MTU_DISCOVER:
719 		if (optlen < sizeof(int))
720 			goto e_inval;
721 		if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT)
722 			goto e_inval;
723 		np->pmtudisc = val;
724 		retv = 0;
725 		break;
726 	case IPV6_MTU:
727 		if (optlen < sizeof(int))
728 			goto e_inval;
729 		if (val && val < IPV6_MIN_MTU)
730 			goto e_inval;
731 		np->frag_size = val;
732 		retv = 0;
733 		break;
734 	case IPV6_RECVERR:
735 		if (optlen < sizeof(int))
736 			goto e_inval;
737 		np->recverr = valbool;
738 		if (!val)
739 			skb_queue_purge(&sk->sk_error_queue);
740 		retv = 0;
741 		break;
742 	case IPV6_FLOWINFO_SEND:
743 		if (optlen < sizeof(int))
744 			goto e_inval;
745 		np->sndflow = valbool;
746 		retv = 0;
747 		break;
748 	case IPV6_FLOWLABEL_MGR:
749 		retv = ipv6_flowlabel_opt(sk, optval, optlen);
750 		break;
751 	case IPV6_IPSEC_POLICY:
752 	case IPV6_XFRM_POLICY:
753 		retv = -EPERM;
754 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
755 			break;
756 		retv = xfrm_user_policy(sk, optname, optval, optlen);
757 		break;
758 
759 	case IPV6_ADDR_PREFERENCES:
760 	    {
761 		unsigned int pref = 0;
762 		unsigned int prefmask = ~0;
763 
764 		if (optlen < sizeof(int))
765 			goto e_inval;
766 
767 		retv = -EINVAL;
768 
769 		/* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */
770 		switch (val & (IPV6_PREFER_SRC_PUBLIC|
771 			       IPV6_PREFER_SRC_TMP|
772 			       IPV6_PREFER_SRC_PUBTMP_DEFAULT)) {
773 		case IPV6_PREFER_SRC_PUBLIC:
774 			pref |= IPV6_PREFER_SRC_PUBLIC;
775 			break;
776 		case IPV6_PREFER_SRC_TMP:
777 			pref |= IPV6_PREFER_SRC_TMP;
778 			break;
779 		case IPV6_PREFER_SRC_PUBTMP_DEFAULT:
780 			break;
781 		case 0:
782 			goto pref_skip_pubtmp;
783 		default:
784 			goto e_inval;
785 		}
786 
787 		prefmask &= ~(IPV6_PREFER_SRC_PUBLIC|
788 			      IPV6_PREFER_SRC_TMP);
789 pref_skip_pubtmp:
790 
791 		/* check HOME/COA conflicts */
792 		switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) {
793 		case IPV6_PREFER_SRC_HOME:
794 			break;
795 		case IPV6_PREFER_SRC_COA:
796 			pref |= IPV6_PREFER_SRC_COA;
797 		case 0:
798 			goto pref_skip_coa;
799 		default:
800 			goto e_inval;
801 		}
802 
803 		prefmask &= ~IPV6_PREFER_SRC_COA;
804 pref_skip_coa:
805 
806 		/* check CGA/NONCGA conflicts */
807 		switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) {
808 		case IPV6_PREFER_SRC_CGA:
809 		case IPV6_PREFER_SRC_NONCGA:
810 		case 0:
811 			break;
812 		default:
813 			goto e_inval;
814 		}
815 
816 		np->srcprefs = (np->srcprefs & prefmask) | pref;
817 		retv = 0;
818 
819 		break;
820 	    }
821 	case IPV6_MINHOPCOUNT:
822 		if (optlen < sizeof(int))
823 			goto e_inval;
824 		if (val < 0 || val > 255)
825 			goto e_inval;
826 		np->min_hopcount = val;
827 		retv = 0;
828 		break;
829 	case IPV6_DONTFRAG:
830 		np->dontfrag = valbool;
831 		retv = 0;
832 		break;
833 	case IPV6_AUTOFLOWLABEL:
834 		np->autoflowlabel = valbool;
835 		retv = 0;
836 		break;
837 	}
838 
839 	release_sock(sk);
840 
841 	return retv;
842 
843 e_inval:
844 	release_sock(sk);
845 	return -EINVAL;
846 }
847 
848 int ipv6_setsockopt(struct sock *sk, int level, int optname,
849 		    char __user *optval, unsigned int optlen)
850 {
851 	int err;
852 
853 	if (level == SOL_IP && sk->sk_type != SOCK_RAW)
854 		return udp_prot.setsockopt(sk, level, optname, optval, optlen);
855 
856 	if (level != SOL_IPV6)
857 		return -ENOPROTOOPT;
858 
859 	err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
860 #ifdef CONFIG_NETFILTER
861 	/* we need to exclude all possible ENOPROTOOPTs except default case */
862 	if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
863 			optname != IPV6_XFRM_POLICY) {
864 		lock_sock(sk);
865 		err = nf_setsockopt(sk, PF_INET6, optname, optval,
866 				optlen);
867 		release_sock(sk);
868 	}
869 #endif
870 	return err;
871 }
872 EXPORT_SYMBOL(ipv6_setsockopt);
873 
874 #ifdef CONFIG_COMPAT
875 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
876 			   char __user *optval, unsigned int optlen)
877 {
878 	int err;
879 
880 	if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
881 		if (udp_prot.compat_setsockopt != NULL)
882 			return udp_prot.compat_setsockopt(sk, level, optname,
883 							  optval, optlen);
884 		return udp_prot.setsockopt(sk, level, optname, optval, optlen);
885 	}
886 
887 	if (level != SOL_IPV6)
888 		return -ENOPROTOOPT;
889 
890 	if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
891 		return compat_mc_setsockopt(sk, level, optname, optval, optlen,
892 			ipv6_setsockopt);
893 
894 	err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
895 #ifdef CONFIG_NETFILTER
896 	/* we need to exclude all possible ENOPROTOOPTs except default case */
897 	if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
898 	    optname != IPV6_XFRM_POLICY) {
899 		lock_sock(sk);
900 		err = compat_nf_setsockopt(sk, PF_INET6, optname,
901 					   optval, optlen);
902 		release_sock(sk);
903 	}
904 #endif
905 	return err;
906 }
907 EXPORT_SYMBOL(compat_ipv6_setsockopt);
908 #endif
909 
910 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
911 				  int optname, char __user *optval, int len)
912 {
913 	struct ipv6_opt_hdr *hdr;
914 
915 	if (!opt)
916 		return 0;
917 
918 	switch (optname) {
919 	case IPV6_HOPOPTS:
920 		hdr = opt->hopopt;
921 		break;
922 	case IPV6_RTHDRDSTOPTS:
923 		hdr = opt->dst0opt;
924 		break;
925 	case IPV6_RTHDR:
926 		hdr = (struct ipv6_opt_hdr *)opt->srcrt;
927 		break;
928 	case IPV6_DSTOPTS:
929 		hdr = opt->dst1opt;
930 		break;
931 	default:
932 		return -EINVAL;	/* should not happen */
933 	}
934 
935 	if (!hdr)
936 		return 0;
937 
938 	len = min_t(unsigned int, len, ipv6_optlen(hdr));
939 	if (copy_to_user(optval, hdr, len))
940 		return -EFAULT;
941 	return len;
942 }
943 
944 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
945 		    char __user *optval, int __user *optlen, unsigned int flags)
946 {
947 	struct ipv6_pinfo *np = inet6_sk(sk);
948 	int len;
949 	int val;
950 
951 	if (ip6_mroute_opt(optname))
952 		return ip6_mroute_getsockopt(sk, optname, optval, optlen);
953 
954 	if (get_user(len, optlen))
955 		return -EFAULT;
956 	switch (optname) {
957 	case IPV6_ADDRFORM:
958 		if (sk->sk_protocol != IPPROTO_UDP &&
959 		    sk->sk_protocol != IPPROTO_UDPLITE &&
960 		    sk->sk_protocol != IPPROTO_TCP)
961 			return -ENOPROTOOPT;
962 		if (sk->sk_state != TCP_ESTABLISHED)
963 			return -ENOTCONN;
964 		val = sk->sk_family;
965 		break;
966 	case MCAST_MSFILTER:
967 	{
968 		struct group_filter gsf;
969 		int err;
970 
971 		if (len < GROUP_FILTER_SIZE(0))
972 			return -EINVAL;
973 		if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0)))
974 			return -EFAULT;
975 		if (gsf.gf_group.ss_family != AF_INET6)
976 			return -EADDRNOTAVAIL;
977 		lock_sock(sk);
978 		err = ip6_mc_msfget(sk, &gsf,
979 			(struct group_filter __user *)optval, optlen);
980 		release_sock(sk);
981 		return err;
982 	}
983 
984 	case IPV6_2292PKTOPTIONS:
985 	{
986 		struct msghdr msg;
987 		struct sk_buff *skb;
988 
989 		if (sk->sk_type != SOCK_STREAM)
990 			return -ENOPROTOOPT;
991 
992 		msg.msg_control = optval;
993 		msg.msg_controllen = len;
994 		msg.msg_flags = flags;
995 
996 		lock_sock(sk);
997 		skb = np->pktoptions;
998 		if (skb)
999 			atomic_inc(&skb->users);
1000 		release_sock(sk);
1001 
1002 		if (skb) {
1003 			ip6_datagram_recv_ctl(sk, &msg, skb);
1004 			kfree_skb(skb);
1005 		} else {
1006 			if (np->rxopt.bits.rxinfo) {
1007 				struct in6_pktinfo src_info;
1008 				src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1009 					np->sticky_pktinfo.ipi6_ifindex;
1010 				src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr;
1011 				put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info);
1012 			}
1013 			if (np->rxopt.bits.rxhlim) {
1014 				int hlim = np->mcast_hops;
1015 				put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
1016 			}
1017 			if (np->rxopt.bits.rxtclass) {
1018 				int tclass = (int)ip6_tclass(np->rcv_flowinfo);
1019 
1020 				put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
1021 			}
1022 			if (np->rxopt.bits.rxoinfo) {
1023 				struct in6_pktinfo src_info;
1024 				src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1025 					np->sticky_pktinfo.ipi6_ifindex;
1026 				src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr :
1027 								     np->sticky_pktinfo.ipi6_addr;
1028 				put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
1029 			}
1030 			if (np->rxopt.bits.rxohlim) {
1031 				int hlim = np->mcast_hops;
1032 				put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
1033 			}
1034 			if (np->rxopt.bits.rxflow) {
1035 				__be32 flowinfo = np->rcv_flowinfo;
1036 
1037 				put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
1038 			}
1039 		}
1040 		len -= msg.msg_controllen;
1041 		return put_user(len, optlen);
1042 	}
1043 	case IPV6_MTU:
1044 	{
1045 		struct dst_entry *dst;
1046 
1047 		val = 0;
1048 		rcu_read_lock();
1049 		dst = __sk_dst_get(sk);
1050 		if (dst)
1051 			val = dst_mtu(dst);
1052 		rcu_read_unlock();
1053 		if (!val)
1054 			return -ENOTCONN;
1055 		break;
1056 	}
1057 
1058 	case IPV6_V6ONLY:
1059 		val = sk->sk_ipv6only;
1060 		break;
1061 
1062 	case IPV6_RECVPKTINFO:
1063 		val = np->rxopt.bits.rxinfo;
1064 		break;
1065 
1066 	case IPV6_2292PKTINFO:
1067 		val = np->rxopt.bits.rxoinfo;
1068 		break;
1069 
1070 	case IPV6_RECVHOPLIMIT:
1071 		val = np->rxopt.bits.rxhlim;
1072 		break;
1073 
1074 	case IPV6_2292HOPLIMIT:
1075 		val = np->rxopt.bits.rxohlim;
1076 		break;
1077 
1078 	case IPV6_RECVRTHDR:
1079 		val = np->rxopt.bits.srcrt;
1080 		break;
1081 
1082 	case IPV6_2292RTHDR:
1083 		val = np->rxopt.bits.osrcrt;
1084 		break;
1085 
1086 	case IPV6_HOPOPTS:
1087 	case IPV6_RTHDRDSTOPTS:
1088 	case IPV6_RTHDR:
1089 	case IPV6_DSTOPTS:
1090 	{
1091 
1092 		lock_sock(sk);
1093 		len = ipv6_getsockopt_sticky(sk, np->opt,
1094 					     optname, optval, len);
1095 		release_sock(sk);
1096 		/* check if ipv6_getsockopt_sticky() returns err code */
1097 		if (len < 0)
1098 			return len;
1099 		return put_user(len, optlen);
1100 	}
1101 
1102 	case IPV6_RECVHOPOPTS:
1103 		val = np->rxopt.bits.hopopts;
1104 		break;
1105 
1106 	case IPV6_2292HOPOPTS:
1107 		val = np->rxopt.bits.ohopopts;
1108 		break;
1109 
1110 	case IPV6_RECVDSTOPTS:
1111 		val = np->rxopt.bits.dstopts;
1112 		break;
1113 
1114 	case IPV6_2292DSTOPTS:
1115 		val = np->rxopt.bits.odstopts;
1116 		break;
1117 
1118 	case IPV6_TCLASS:
1119 		val = np->tclass;
1120 		break;
1121 
1122 	case IPV6_RECVTCLASS:
1123 		val = np->rxopt.bits.rxtclass;
1124 		break;
1125 
1126 	case IPV6_FLOWINFO:
1127 		val = np->rxopt.bits.rxflow;
1128 		break;
1129 
1130 	case IPV6_RECVPATHMTU:
1131 		val = np->rxopt.bits.rxpmtu;
1132 		break;
1133 
1134 	case IPV6_PATHMTU:
1135 	{
1136 		struct dst_entry *dst;
1137 		struct ip6_mtuinfo mtuinfo;
1138 
1139 		if (len < sizeof(mtuinfo))
1140 			return -EINVAL;
1141 
1142 		len = sizeof(mtuinfo);
1143 		memset(&mtuinfo, 0, sizeof(mtuinfo));
1144 
1145 		rcu_read_lock();
1146 		dst = __sk_dst_get(sk);
1147 		if (dst)
1148 			mtuinfo.ip6m_mtu = dst_mtu(dst);
1149 		rcu_read_unlock();
1150 		if (!mtuinfo.ip6m_mtu)
1151 			return -ENOTCONN;
1152 
1153 		if (put_user(len, optlen))
1154 			return -EFAULT;
1155 		if (copy_to_user(optval, &mtuinfo, len))
1156 			return -EFAULT;
1157 
1158 		return 0;
1159 	}
1160 
1161 	case IPV6_TRANSPARENT:
1162 		val = inet_sk(sk)->transparent;
1163 		break;
1164 
1165 	case IPV6_RECVORIGDSTADDR:
1166 		val = np->rxopt.bits.rxorigdstaddr;
1167 		break;
1168 
1169 	case IPV6_UNICAST_HOPS:
1170 	case IPV6_MULTICAST_HOPS:
1171 	{
1172 		struct dst_entry *dst;
1173 
1174 		if (optname == IPV6_UNICAST_HOPS)
1175 			val = np->hop_limit;
1176 		else
1177 			val = np->mcast_hops;
1178 
1179 		if (val < 0) {
1180 			rcu_read_lock();
1181 			dst = __sk_dst_get(sk);
1182 			if (dst)
1183 				val = ip6_dst_hoplimit(dst);
1184 			rcu_read_unlock();
1185 		}
1186 
1187 		if (val < 0)
1188 			val = sock_net(sk)->ipv6.devconf_all->hop_limit;
1189 		break;
1190 	}
1191 
1192 	case IPV6_MULTICAST_LOOP:
1193 		val = np->mc_loop;
1194 		break;
1195 
1196 	case IPV6_MULTICAST_IF:
1197 		val = np->mcast_oif;
1198 		break;
1199 
1200 	case IPV6_UNICAST_IF:
1201 		val = (__force int)htonl((__u32) np->ucast_oif);
1202 		break;
1203 
1204 	case IPV6_MTU_DISCOVER:
1205 		val = np->pmtudisc;
1206 		break;
1207 
1208 	case IPV6_RECVERR:
1209 		val = np->recverr;
1210 		break;
1211 
1212 	case IPV6_FLOWINFO_SEND:
1213 		val = np->sndflow;
1214 		break;
1215 
1216 	case IPV6_FLOWLABEL_MGR:
1217 	{
1218 		struct in6_flowlabel_req freq;
1219 		int flags;
1220 
1221 		if (len < sizeof(freq))
1222 			return -EINVAL;
1223 
1224 		if (copy_from_user(&freq, optval, sizeof(freq)))
1225 			return -EFAULT;
1226 
1227 		if (freq.flr_action != IPV6_FL_A_GET)
1228 			return -EINVAL;
1229 
1230 		len = sizeof(freq);
1231 		flags = freq.flr_flags;
1232 
1233 		memset(&freq, 0, sizeof(freq));
1234 
1235 		val = ipv6_flowlabel_opt_get(sk, &freq, flags);
1236 		if (val < 0)
1237 			return val;
1238 
1239 		if (put_user(len, optlen))
1240 			return -EFAULT;
1241 		if (copy_to_user(optval, &freq, len))
1242 			return -EFAULT;
1243 
1244 		return 0;
1245 	}
1246 
1247 	case IPV6_ADDR_PREFERENCES:
1248 		val = 0;
1249 
1250 		if (np->srcprefs & IPV6_PREFER_SRC_TMP)
1251 			val |= IPV6_PREFER_SRC_TMP;
1252 		else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC)
1253 			val |= IPV6_PREFER_SRC_PUBLIC;
1254 		else {
1255 			/* XXX: should we return system default? */
1256 			val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT;
1257 		}
1258 
1259 		if (np->srcprefs & IPV6_PREFER_SRC_COA)
1260 			val |= IPV6_PREFER_SRC_COA;
1261 		else
1262 			val |= IPV6_PREFER_SRC_HOME;
1263 		break;
1264 
1265 	case IPV6_MINHOPCOUNT:
1266 		val = np->min_hopcount;
1267 		break;
1268 
1269 	case IPV6_DONTFRAG:
1270 		val = np->dontfrag;
1271 		break;
1272 
1273 	case IPV6_AUTOFLOWLABEL:
1274 		val = np->autoflowlabel;
1275 		break;
1276 
1277 	default:
1278 		return -ENOPROTOOPT;
1279 	}
1280 	len = min_t(unsigned int, sizeof(int), len);
1281 	if (put_user(len, optlen))
1282 		return -EFAULT;
1283 	if (copy_to_user(optval, &val, len))
1284 		return -EFAULT;
1285 	return 0;
1286 }
1287 
1288 int ipv6_getsockopt(struct sock *sk, int level, int optname,
1289 		    char __user *optval, int __user *optlen)
1290 {
1291 	int err;
1292 
1293 	if (level == SOL_IP && sk->sk_type != SOCK_RAW)
1294 		return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1295 
1296 	if (level != SOL_IPV6)
1297 		return -ENOPROTOOPT;
1298 
1299 	err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0);
1300 #ifdef CONFIG_NETFILTER
1301 	/* we need to exclude all possible ENOPROTOOPTs except default case */
1302 	if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
1303 		int len;
1304 
1305 		if (get_user(len, optlen))
1306 			return -EFAULT;
1307 
1308 		lock_sock(sk);
1309 		err = nf_getsockopt(sk, PF_INET6, optname, optval,
1310 				&len);
1311 		release_sock(sk);
1312 		if (err >= 0)
1313 			err = put_user(len, optlen);
1314 	}
1315 #endif
1316 	return err;
1317 }
1318 EXPORT_SYMBOL(ipv6_getsockopt);
1319 
1320 #ifdef CONFIG_COMPAT
1321 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1322 			   char __user *optval, int __user *optlen)
1323 {
1324 	int err;
1325 
1326 	if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
1327 		if (udp_prot.compat_getsockopt != NULL)
1328 			return udp_prot.compat_getsockopt(sk, level, optname,
1329 							  optval, optlen);
1330 		return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1331 	}
1332 
1333 	if (level != SOL_IPV6)
1334 		return -ENOPROTOOPT;
1335 
1336 	if (optname == MCAST_MSFILTER)
1337 		return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1338 			ipv6_getsockopt);
1339 
1340 	err = do_ipv6_getsockopt(sk, level, optname, optval, optlen,
1341 				 MSG_CMSG_COMPAT);
1342 #ifdef CONFIG_NETFILTER
1343 	/* we need to exclude all possible ENOPROTOOPTs except default case */
1344 	if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
1345 		int len;
1346 
1347 		if (get_user(len, optlen))
1348 			return -EFAULT;
1349 
1350 		lock_sock(sk);
1351 		err = compat_nf_getsockopt(sk, PF_INET6,
1352 					   optname, optval, &len);
1353 		release_sock(sk);
1354 		if (err >= 0)
1355 			err = put_user(len, optlen);
1356 	}
1357 #endif
1358 	return err;
1359 }
1360 EXPORT_SYMBOL(compat_ipv6_getsockopt);
1361 #endif
1362 
1363