~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/ip_sockglue.c

Version: ~ [ linux-5.4-rc3 ] ~ [ linux-5.3.6 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.79 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.149 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.196 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.196 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.75 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
  3  *              operating system.  INET is implemented using the  BSD Socket
  4  *              interface as the means of communication with the user level.
  5  *
  6  *              The IP to API glue.
  7  *
  8  * Authors:     see ip.c
  9  *
 10  * Fixes:
 11  *              Many            :       Split from ip.c , see ip.c for history.
 12  *              Martin Mares    :       TOS setting fixed.
 13  *              Alan Cox        :       Fixed a couple of oopses in Martin's
 14  *                                      TOS tweaks.
 15  *              Mike McLagan    :       Routing by source
 16  */
 17 
 18 #include <linux/module.h>
 19 #include <linux/types.h>
 20 #include <linux/mm.h>
 21 #include <linux/skbuff.h>
 22 #include <linux/ip.h>
 23 #include <linux/icmp.h>
 24 #include <linux/inetdevice.h>
 25 #include <linux/netdevice.h>
 26 #include <linux/slab.h>
 27 #include <net/sock.h>
 28 #include <net/ip.h>
 29 #include <net/icmp.h>
 30 #include <net/tcp_states.h>
 31 #include <linux/udp.h>
 32 #include <linux/igmp.h>
 33 #include <linux/netfilter.h>
 34 #include <linux/route.h>
 35 #include <linux/mroute.h>
 36 #include <net/inet_ecn.h>
 37 #include <net/route.h>
 38 #include <net/xfrm.h>
 39 #include <net/compat.h>
 40 #include <net/checksum.h>
 41 #if IS_ENABLED(CONFIG_IPV6)
 42 #include <net/transp_v6.h>
 43 #endif
 44 #include <net/ip_fib.h>
 45 
 46 #include <linux/errqueue.h>
 47 #include <linux/uaccess.h>
 48 
 49 /*
 50  *      SOL_IP control messages.
 51  */
 52 
 53 static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
 54 {
 55         struct in_pktinfo info = *PKTINFO_SKB_CB(skb);
 56 
 57         info.ipi_addr.s_addr = ip_hdr(skb)->daddr;
 58 
 59         put_cmsg(msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
 60 }
 61 
 62 static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb)
 63 {
 64         int ttl = ip_hdr(skb)->ttl;
 65         put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl);
 66 }
 67 
 68 static void ip_cmsg_recv_tos(struct msghdr *msg, struct sk_buff *skb)
 69 {
 70         put_cmsg(msg, SOL_IP, IP_TOS, 1, &ip_hdr(skb)->tos);
 71 }
 72 
 73 static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb)
 74 {
 75         if (IPCB(skb)->opt.optlen == 0)
 76                 return;
 77 
 78         put_cmsg(msg, SOL_IP, IP_RECVOPTS, IPCB(skb)->opt.optlen,
 79                  ip_hdr(skb) + 1);
 80 }
 81 
 82 
 83 static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb)
 84 {
 85         unsigned char optbuf[sizeof(struct ip_options) + 40];
 86         struct ip_options *opt = (struct ip_options *)optbuf;
 87 
 88         if (IPCB(skb)->opt.optlen == 0)
 89                 return;
 90 
 91         if (ip_options_echo(opt, skb)) {
 92                 msg->msg_flags |= MSG_CTRUNC;
 93                 return;
 94         }
 95         ip_options_undo(opt);
 96 
 97         put_cmsg(msg, SOL_IP, IP_RETOPTS, opt->optlen, opt->__data);
 98 }
 99 
100 static void ip_cmsg_recv_fragsize(struct msghdr *msg, struct sk_buff *skb)
101 {
102         int val;
103 
104         if (IPCB(skb)->frag_max_size == 0)
105                 return;
106 
107         val = IPCB(skb)->frag_max_size;
108         put_cmsg(msg, SOL_IP, IP_RECVFRAGSIZE, sizeof(val), &val);
109 }
110 
111 static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
112                                   int tlen, int offset)
113 {
114         __wsum csum = skb->csum;
115 
116         if (skb->ip_summed != CHECKSUM_COMPLETE)
117                 return;
118 
119         if (offset != 0) {
120                 int tend_off = skb_transport_offset(skb) + tlen;
121                 csum = csum_sub(csum, skb_checksum(skb, tend_off, offset, 0));
122         }
123 
124         put_cmsg(msg, SOL_IP, IP_CHECKSUM, sizeof(__wsum), &csum);
125 }
126 
127 static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
128 {
129         char *secdata;
130         u32 seclen, secid;
131         int err;
132 
133         err = security_socket_getpeersec_dgram(NULL, skb, &secid);
134         if (err)
135                 return;
136 
137         err = security_secid_to_secctx(secid, &secdata, &seclen);
138         if (err)
139                 return;
140 
141         put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
142         security_release_secctx(secdata, seclen);
143 }
144 
145 static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
146 {
147         struct sockaddr_in sin;
148         const struct iphdr *iph = ip_hdr(skb);
149         __be16 *ports = (__be16 *)skb_transport_header(skb);
150 
151         if (skb_transport_offset(skb) + 4 > (int)skb->len)
152                 return;
153 
154         /* All current transport protocols have the port numbers in the
155          * first four bytes of the transport header and this function is
156          * written with this assumption in mind.
157          */
158 
159         sin.sin_family = AF_INET;
160         sin.sin_addr.s_addr = iph->daddr;
161         sin.sin_port = ports[1];
162         memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
163 
164         put_cmsg(msg, SOL_IP, IP_ORIGDSTADDR, sizeof(sin), &sin);
165 }
166 
167 void ip_cmsg_recv_offset(struct msghdr *msg, struct sock *sk,
168                          struct sk_buff *skb, int tlen, int offset)
169 {
170         struct inet_sock *inet = inet_sk(sk);
171         unsigned int flags = inet->cmsg_flags;
172 
173         /* Ordered by supposed usage frequency */
174         if (flags & IP_CMSG_PKTINFO) {
175                 ip_cmsg_recv_pktinfo(msg, skb);
176 
177                 flags &= ~IP_CMSG_PKTINFO;
178                 if (!flags)
179                         return;
180         }
181 
182         if (flags & IP_CMSG_TTL) {
183                 ip_cmsg_recv_ttl(msg, skb);
184 
185                 flags &= ~IP_CMSG_TTL;
186                 if (!flags)
187                         return;
188         }
189 
190         if (flags & IP_CMSG_TOS) {
191                 ip_cmsg_recv_tos(msg, skb);
192 
193                 flags &= ~IP_CMSG_TOS;
194                 if (!flags)
195                         return;
196         }
197 
198         if (flags & IP_CMSG_RECVOPTS) {
199                 ip_cmsg_recv_opts(msg, skb);
200 
201                 flags &= ~IP_CMSG_RECVOPTS;
202                 if (!flags)
203                         return;
204         }
205 
206         if (flags & IP_CMSG_RETOPTS) {
207                 ip_cmsg_recv_retopts(msg, skb);
208 
209                 flags &= ~IP_CMSG_RETOPTS;
210                 if (!flags)
211                         return;
212         }
213 
214         if (flags & IP_CMSG_PASSSEC) {
215                 ip_cmsg_recv_security(msg, skb);
216 
217                 flags &= ~IP_CMSG_PASSSEC;
218                 if (!flags)
219                         return;
220         }
221 
222         if (flags & IP_CMSG_ORIGDSTADDR) {
223                 ip_cmsg_recv_dstaddr(msg, skb);
224 
225                 flags &= ~IP_CMSG_ORIGDSTADDR;
226                 if (!flags)
227                         return;
228         }
229 
230         if (flags & IP_CMSG_CHECKSUM)
231                 ip_cmsg_recv_checksum(msg, skb, tlen, offset);
232 
233         if (flags & IP_CMSG_RECVFRAGSIZE)
234                 ip_cmsg_recv_fragsize(msg, skb);
235 }
236 EXPORT_SYMBOL(ip_cmsg_recv_offset);
237 
238 int ip_cmsg_send(struct sock *sk, struct msghdr *msg, struct ipcm_cookie *ipc,
239                  bool allow_ipv6)
240 {
241         int err, val;
242         struct cmsghdr *cmsg;
243         struct net *net = sock_net(sk);
244 
245         for_each_cmsghdr(cmsg, msg) {
246                 if (!CMSG_OK(msg, cmsg))
247                         return -EINVAL;
248 #if IS_ENABLED(CONFIG_IPV6)
249                 if (allow_ipv6 &&
250                     cmsg->cmsg_level == SOL_IPV6 &&
251                     cmsg->cmsg_type == IPV6_PKTINFO) {
252                         struct in6_pktinfo *src_info;
253 
254                         if (cmsg->cmsg_len < CMSG_LEN(sizeof(*src_info)))
255                                 return -EINVAL;
256                         src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg);
257                         if (!ipv6_addr_v4mapped(&src_info->ipi6_addr))
258                                 return -EINVAL;
259                         ipc->oif = src_info->ipi6_ifindex;
260                         ipc->addr = src_info->ipi6_addr.s6_addr32[3];
261                         continue;
262                 }
263 #endif
264                 if (cmsg->cmsg_level == SOL_SOCKET) {
265                         err = __sock_cmsg_send(sk, msg, cmsg, &ipc->sockc);
266                         if (err)
267                                 return err;
268                         continue;
269                 }
270 
271                 if (cmsg->cmsg_level != SOL_IP)
272                         continue;
273                 switch (cmsg->cmsg_type) {
274                 case IP_RETOPTS:
275                         err = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr));
276 
277                         /* Our caller is responsible for freeing ipc->opt */
278                         err = ip_options_get(net, &ipc->opt, CMSG_DATA(cmsg),
279                                              err < 40 ? err : 40);
280                         if (err)
281                                 return err;
282                         break;
283                 case IP_PKTINFO:
284                 {
285                         struct in_pktinfo *info;
286                         if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo)))
287                                 return -EINVAL;
288                         info = (struct in_pktinfo *)CMSG_DATA(cmsg);
289                         ipc->oif = info->ipi_ifindex;
290                         ipc->addr = info->ipi_spec_dst.s_addr;
291                         break;
292                 }
293                 case IP_TTL:
294                         if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
295                                 return -EINVAL;
296                         val = *(int *)CMSG_DATA(cmsg);
297                         if (val < 1 || val > 255)
298                                 return -EINVAL;
299                         ipc->ttl = val;
300                         break;
301                 case IP_TOS:
302                         if (cmsg->cmsg_len == CMSG_LEN(sizeof(int)))
303                                 val = *(int *)CMSG_DATA(cmsg);
304                         else if (cmsg->cmsg_len == CMSG_LEN(sizeof(u8)))
305                                 val = *(u8 *)CMSG_DATA(cmsg);
306                         else
307                                 return -EINVAL;
308                         if (val < 0 || val > 255)
309                                 return -EINVAL;
310                         ipc->tos = val;
311                         ipc->priority = rt_tos2priority(ipc->tos);
312                         break;
313 
314                 default:
315                         return -EINVAL;
316                 }
317         }
318         return 0;
319 }
320 
321 
322 /* Special input handler for packets caught by router alert option.
323    They are selected only by protocol field, and then processed likely
324    local ones; but only if someone wants them! Otherwise, router
325    not running rsvpd will kill RSVP.
326 
327    It is user level problem, what it will make with them.
328    I have no idea, how it will masquearde or NAT them (it is joke, joke :-)),
329    but receiver should be enough clever f.e. to forward mtrace requests,
330    sent to multicast group to reach destination designated router.
331  */
332 struct ip_ra_chain __rcu *ip_ra_chain;
333 static DEFINE_SPINLOCK(ip_ra_lock);
334 
335 
336 static void ip_ra_destroy_rcu(struct rcu_head *head)
337 {
338         struct ip_ra_chain *ra = container_of(head, struct ip_ra_chain, rcu);
339 
340         sock_put(ra->saved_sk);
341         kfree(ra);
342 }
343 
344 int ip_ra_control(struct sock *sk, unsigned char on,
345                   void (*destructor)(struct sock *))
346 {
347         struct ip_ra_chain *ra, *new_ra;
348         struct ip_ra_chain __rcu **rap;
349 
350         if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num == IPPROTO_RAW)
351                 return -EINVAL;
352 
353         new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
354 
355         spin_lock_bh(&ip_ra_lock);
356         for (rap = &ip_ra_chain;
357              (ra = rcu_dereference_protected(*rap,
358                         lockdep_is_held(&ip_ra_lock))) != NULL;
359              rap = &ra->next) {
360                 if (ra->sk == sk) {
361                         if (on) {
362                                 spin_unlock_bh(&ip_ra_lock);
363                                 kfree(new_ra);
364                                 return -EADDRINUSE;
365                         }
366                         /* dont let ip_call_ra_chain() use sk again */
367                         ra->sk = NULL;
368                         RCU_INIT_POINTER(*rap, ra->next);
369                         spin_unlock_bh(&ip_ra_lock);
370 
371                         if (ra->destructor)
372                                 ra->destructor(sk);
373                         /*
374                          * Delay sock_put(sk) and kfree(ra) after one rcu grace
375                          * period. This guarantee ip_call_ra_chain() dont need
376                          * to mess with socket refcounts.
377                          */
378                         ra->saved_sk = sk;
379                         call_rcu(&ra->rcu, ip_ra_destroy_rcu);
380                         return 0;
381                 }
382         }
383         if (!new_ra) {
384                 spin_unlock_bh(&ip_ra_lock);
385                 return -ENOBUFS;
386         }
387         new_ra->sk = sk;
388         new_ra->destructor = destructor;
389 
390         RCU_INIT_POINTER(new_ra->next, ra);
391         rcu_assign_pointer(*rap, new_ra);
392         sock_hold(sk);
393         spin_unlock_bh(&ip_ra_lock);
394 
395         return 0;
396 }
397 
398 void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
399                    __be16 port, u32 info, u8 *payload)
400 {
401         struct sock_exterr_skb *serr;
402 
403         skb = skb_clone(skb, GFP_ATOMIC);
404         if (!skb)
405                 return;
406 
407         serr = SKB_EXT_ERR(skb);
408         serr->ee.ee_errno = err;
409         serr->ee.ee_origin = SO_EE_ORIGIN_ICMP;
410         serr->ee.ee_type = icmp_hdr(skb)->type;
411         serr->ee.ee_code = icmp_hdr(skb)->code;
412         serr->ee.ee_pad = 0;
413         serr->ee.ee_info = info;
414         serr->ee.ee_data = 0;
415         serr->addr_offset = (u8 *)&(((struct iphdr *)(icmp_hdr(skb) + 1))->daddr) -
416                                    skb_network_header(skb);
417         serr->port = port;
418 
419         if (skb_pull(skb, payload - skb->data)) {
420                 skb_reset_transport_header(skb);
421                 if (sock_queue_err_skb(sk, skb) == 0)
422                         return;
423         }
424         kfree_skb(skb);
425 }
426 
427 void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 info)
428 {
429         struct inet_sock *inet = inet_sk(sk);
430         struct sock_exterr_skb *serr;
431         struct iphdr *iph;
432         struct sk_buff *skb;
433 
434         if (!inet->recverr)
435                 return;
436 
437         skb = alloc_skb(sizeof(struct iphdr), GFP_ATOMIC);
438         if (!skb)
439                 return;
440 
441         skb_put(skb, sizeof(struct iphdr));
442         skb_reset_network_header(skb);
443         iph = ip_hdr(skb);
444         iph->daddr = daddr;
445 
446         serr = SKB_EXT_ERR(skb);
447         serr->ee.ee_errno = err;
448         serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
449         serr->ee.ee_type = 0;
450         serr->ee.ee_code = 0;
451         serr->ee.ee_pad = 0;
452         serr->ee.ee_info = info;
453         serr->ee.ee_data = 0;
454         serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb);
455         serr->port = port;
456 
457         __skb_pull(skb, skb_tail_pointer(skb) - skb->data);
458         skb_reset_transport_header(skb);
459 
460         if (sock_queue_err_skb(sk, skb))
461                 kfree_skb(skb);
462 }
463 
464 /* For some errors we have valid addr_offset even with zero payload and
465  * zero port. Also, addr_offset should be supported if port is set.
466  */
467 static inline bool ipv4_datagram_support_addr(struct sock_exterr_skb *serr)
468 {
469         return serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
470                serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL || serr->port;
471 }
472 
473 /* IPv4 supports cmsg on all imcp errors and some timestamps
474  *
475  * Timestamp code paths do not initialize the fields expected by cmsg:
476  * the PKTINFO fields in skb->cb[]. Fill those in here.
477  */
478 static bool ipv4_datagram_support_cmsg(const struct sock *sk,
479                                        struct sk_buff *skb,
480                                        int ee_origin)
481 {
482         struct in_pktinfo *info;
483 
484         if (ee_origin == SO_EE_ORIGIN_ICMP)
485                 return true;
486 
487         if (ee_origin == SO_EE_ORIGIN_LOCAL)
488                 return false;
489 
490         /* Support IP_PKTINFO on tstamp packets if requested, to correlate
491          * timestamp with egress dev. Not possible for packets without iif
492          * or without payload (SOF_TIMESTAMPING_OPT_TSONLY).
493          */
494         info = PKTINFO_SKB_CB(skb);
495         if (!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG) ||
496             !info->ipi_ifindex)
497                 return false;
498 
499         info->ipi_spec_dst.s_addr = ip_hdr(skb)->saddr;
500         return true;
501 }
502 
503 /*
504  *      Handle MSG_ERRQUEUE
505  */
506 int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
507 {
508         struct sock_exterr_skb *serr;
509         struct sk_buff *skb;
510         DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name);
511         struct {
512                 struct sock_extended_err ee;
513                 struct sockaddr_in       offender;
514         } errhdr;
515         int err;
516         int copied;
517 
518         WARN_ON_ONCE(sk->sk_family == AF_INET6);
519 
520         err = -EAGAIN;
521         skb = sock_dequeue_err_skb(sk);
522         if (!skb)
523                 goto out;
524 
525         copied = skb->len;
526         if (copied > len) {
527                 msg->msg_flags |= MSG_TRUNC;
528                 copied = len;
529         }
530         err = skb_copy_datagram_msg(skb, 0, msg, copied);
531         if (unlikely(err)) {
532                 kfree_skb(skb);
533                 return err;
534         }
535         sock_recv_timestamp(msg, sk, skb);
536 
537         serr = SKB_EXT_ERR(skb);
538 
539         if (sin && ipv4_datagram_support_addr(serr)) {
540                 sin->sin_family = AF_INET;
541                 sin->sin_addr.s_addr = *(__be32 *)(skb_network_header(skb) +
542                                                    serr->addr_offset);
543                 sin->sin_port = serr->port;
544                 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
545                 *addr_len = sizeof(*sin);
546         }
547 
548         memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
549         sin = &errhdr.offender;
550         memset(sin, 0, sizeof(*sin));
551 
552         if (ipv4_datagram_support_cmsg(sk, skb, serr->ee.ee_origin)) {
553                 sin->sin_family = AF_INET;
554                 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
555                 if (inet_sk(sk)->cmsg_flags)
556                         ip_cmsg_recv(msg, skb);
557         }
558 
559         put_cmsg(msg, SOL_IP, IP_RECVERR, sizeof(errhdr), &errhdr);
560 
561         /* Now we could try to dump offended packet options */
562 
563         msg->msg_flags |= MSG_ERRQUEUE;
564         err = copied;
565 
566         consume_skb(skb);
567 out:
568         return err;
569 }
570 
571 
572 /*
573  *      Socket option code for IP. This is the end of the line after any
574  *      TCP,UDP etc options on an IP socket.
575  */
576 static bool setsockopt_needs_rtnl(int optname)
577 {
578         switch (optname) {
579         case IP_ADD_MEMBERSHIP:
580         case IP_ADD_SOURCE_MEMBERSHIP:
581         case IP_BLOCK_SOURCE:
582         case IP_DROP_MEMBERSHIP:
583         case IP_DROP_SOURCE_MEMBERSHIP:
584         case IP_MSFILTER:
585         case IP_UNBLOCK_SOURCE:
586         case MCAST_BLOCK_SOURCE:
587         case MCAST_MSFILTER:
588         case MCAST_JOIN_GROUP:
589         case MCAST_JOIN_SOURCE_GROUP:
590         case MCAST_LEAVE_GROUP:
591         case MCAST_LEAVE_SOURCE_GROUP:
592         case MCAST_UNBLOCK_SOURCE:
593                 return true;
594         }
595         return false;
596 }
597 
598 static int do_ip_setsockopt(struct sock *sk, int level,
599                             int optname, char __user *optval, unsigned int optlen)
600 {
601         struct inet_sock *inet = inet_sk(sk);
602         struct net *net = sock_net(sk);
603         int val = 0, err;
604         bool needs_rtnl = setsockopt_needs_rtnl(optname);
605 
606         switch (optname) {
607         case IP_PKTINFO:
608         case IP_RECVTTL:
609         case IP_RECVOPTS:
610         case IP_RECVTOS:
611         case IP_RETOPTS:
612         case IP_TOS:
613         case IP_TTL:
614         case IP_HDRINCL:
615         case IP_MTU_DISCOVER:
616         case IP_RECVERR:
617         case IP_ROUTER_ALERT:
618         case IP_FREEBIND:
619         case IP_PASSSEC:
620         case IP_TRANSPARENT:
621         case IP_MINTTL:
622         case IP_NODEFRAG:
623         case IP_BIND_ADDRESS_NO_PORT:
624         case IP_UNICAST_IF:
625         case IP_MULTICAST_TTL:
626         case IP_MULTICAST_ALL:
627         case IP_MULTICAST_LOOP:
628         case IP_RECVORIGDSTADDR:
629         case IP_CHECKSUM:
630         case IP_RECVFRAGSIZE:
631                 if (optlen >= sizeof(int)) {
632                         if (get_user(val, (int __user *) optval))
633                                 return -EFAULT;
634                 } else if (optlen >= sizeof(char)) {
635                         unsigned char ucval;
636 
637                         if (get_user(ucval, (unsigned char __user *) optval))
638                                 return -EFAULT;
639                         val = (int) ucval;
640                 }
641         }
642 
643         /* If optlen==0, it is equivalent to val == 0 */
644 
645         if (ip_mroute_opt(optname))
646                 return ip_mroute_setsockopt(sk, optname, optval, optlen);
647 
648         err = 0;
649         if (needs_rtnl)
650                 rtnl_lock();
651         lock_sock(sk);
652 
653         switch (optname) {
654         case IP_OPTIONS:
655         {
656                 struct ip_options_rcu *old, *opt = NULL;
657 
658                 if (optlen > 40)
659                         goto e_inval;
660                 err = ip_options_get_from_user(sock_net(sk), &opt,
661                                                optval, optlen);
662                 if (err)
663                         break;
664                 old = rcu_dereference_protected(inet->inet_opt,
665                                                 lockdep_sock_is_held(sk));
666                 if (inet->is_icsk) {
667                         struct inet_connection_sock *icsk = inet_csk(sk);
668 #if IS_ENABLED(CONFIG_IPV6)
669                         if (sk->sk_family == PF_INET ||
670                             (!((1 << sk->sk_state) &
671                                (TCPF_LISTEN | TCPF_CLOSE)) &&
672                              inet->inet_daddr != LOOPBACK4_IPV6)) {
673 #endif
674                                 if (old)
675                                         icsk->icsk_ext_hdr_len -= old->opt.optlen;
676                                 if (opt)
677                                         icsk->icsk_ext_hdr_len += opt->opt.optlen;
678                                 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
679 #if IS_ENABLED(CONFIG_IPV6)
680                         }
681 #endif
682                 }
683                 rcu_assign_pointer(inet->inet_opt, opt);
684                 if (old)
685                         kfree_rcu(old, rcu);
686                 break;
687         }
688         case IP_PKTINFO:
689                 if (val)
690                         inet->cmsg_flags |= IP_CMSG_PKTINFO;
691                 else
692                         inet->cmsg_flags &= ~IP_CMSG_PKTINFO;
693                 break;
694         case IP_RECVTTL:
695                 if (val)
696                         inet->cmsg_flags |=  IP_CMSG_TTL;
697                 else
698                         inet->cmsg_flags &= ~IP_CMSG_TTL;
699                 break;
700         case IP_RECVTOS:
701                 if (val)
702                         inet->cmsg_flags |=  IP_CMSG_TOS;
703                 else
704                         inet->cmsg_flags &= ~IP_CMSG_TOS;
705                 break;
706         case IP_RECVOPTS:
707                 if (val)
708                         inet->cmsg_flags |=  IP_CMSG_RECVOPTS;
709                 else
710                         inet->cmsg_flags &= ~IP_CMSG_RECVOPTS;
711                 break;
712         case IP_RETOPTS:
713                 if (val)
714                         inet->cmsg_flags |= IP_CMSG_RETOPTS;
715                 else
716                         inet->cmsg_flags &= ~IP_CMSG_RETOPTS;
717                 break;
718         case IP_PASSSEC:
719                 if (val)
720                         inet->cmsg_flags |= IP_CMSG_PASSSEC;
721                 else
722                         inet->cmsg_flags &= ~IP_CMSG_PASSSEC;
723                 break;
724         case IP_RECVORIGDSTADDR:
725                 if (val)
726                         inet->cmsg_flags |= IP_CMSG_ORIGDSTADDR;
727                 else
728                         inet->cmsg_flags &= ~IP_CMSG_ORIGDSTADDR;
729                 break;
730         case IP_CHECKSUM:
731                 if (val) {
732                         if (!(inet->cmsg_flags & IP_CMSG_CHECKSUM)) {
733                                 inet_inc_convert_csum(sk);
734                                 inet->cmsg_flags |= IP_CMSG_CHECKSUM;
735                         }
736                 } else {
737                         if (inet->cmsg_flags & IP_CMSG_CHECKSUM) {
738                                 inet_dec_convert_csum(sk);
739                                 inet->cmsg_flags &= ~IP_CMSG_CHECKSUM;
740                         }
741                 }
742                 break;
743         case IP_RECVFRAGSIZE:
744                 if (sk->sk_type != SOCK_RAW && sk->sk_type != SOCK_DGRAM)
745                         goto e_inval;
746                 if (val)
747                         inet->cmsg_flags |= IP_CMSG_RECVFRAGSIZE;
748                 else
749                         inet->cmsg_flags &= ~IP_CMSG_RECVFRAGSIZE;
750                 break;
751         case IP_TOS:    /* This sets both TOS and Precedence */
752                 if (sk->sk_type == SOCK_STREAM) {
753                         val &= ~INET_ECN_MASK;
754                         val |= inet->tos & INET_ECN_MASK;
755                 }
756                 if (inet->tos != val) {
757                         inet->tos = val;
758                         sk->sk_priority = rt_tos2priority(val);
759                         sk_dst_reset(sk);
760                 }
761                 break;
762         case IP_TTL:
763                 if (optlen < 1)
764                         goto e_inval;
765                 if (val != -1 && (val < 1 || val > 255))
766                         goto e_inval;
767                 inet->uc_ttl = val;
768                 break;
769         case IP_HDRINCL:
770                 if (sk->sk_type != SOCK_RAW) {
771                         err = -ENOPROTOOPT;
772                         break;
773                 }
774                 inet->hdrincl = val ? 1 : 0;
775                 break;
776         case IP_NODEFRAG:
777                 if (sk->sk_type != SOCK_RAW) {
778                         err = -ENOPROTOOPT;
779                         break;
780                 }
781                 inet->nodefrag = val ? 1 : 0;
782                 break;
783         case IP_BIND_ADDRESS_NO_PORT:
784                 inet->bind_address_no_port = val ? 1 : 0;
785                 break;
786         case IP_MTU_DISCOVER:
787                 if (val < IP_PMTUDISC_DONT || val > IP_PMTUDISC_OMIT)
788                         goto e_inval;
789                 inet->pmtudisc = val;
790                 break;
791         case IP_RECVERR:
792                 inet->recverr = !!val;
793                 if (!val)
794                         skb_queue_purge(&sk->sk_error_queue);
795                 break;
796         case IP_MULTICAST_TTL:
797                 if (sk->sk_type == SOCK_STREAM)
798                         goto e_inval;
799                 if (optlen < 1)
800                         goto e_inval;
801                 if (val == -1)
802                         val = 1;
803                 if (val < 0 || val > 255)
804                         goto e_inval;
805                 inet->mc_ttl = val;
806                 break;
807         case IP_MULTICAST_LOOP:
808                 if (optlen < 1)
809                         goto e_inval;
810                 inet->mc_loop = !!val;
811                 break;
812         case IP_UNICAST_IF:
813         {
814                 struct net_device *dev = NULL;
815                 int ifindex;
816 
817                 if (optlen != sizeof(int))
818                         goto e_inval;
819 
820                 ifindex = (__force int)ntohl((__force __be32)val);
821                 if (ifindex == 0) {
822                         inet->uc_index = 0;
823                         err = 0;
824                         break;
825                 }
826 
827                 dev = dev_get_by_index(sock_net(sk), ifindex);
828                 err = -EADDRNOTAVAIL;
829                 if (!dev)
830                         break;
831                 dev_put(dev);
832 
833                 err = -EINVAL;
834                 if (sk->sk_bound_dev_if)
835                         break;
836 
837                 inet->uc_index = ifindex;
838                 err = 0;
839                 break;
840         }
841         case IP_MULTICAST_IF:
842         {
843                 struct ip_mreqn mreq;
844                 struct net_device *dev = NULL;
845 
846                 if (sk->sk_type == SOCK_STREAM)
847                         goto e_inval;
848                 /*
849                  *      Check the arguments are allowable
850                  */
851 
852                 if (optlen < sizeof(struct in_addr))
853                         goto e_inval;
854 
855                 err = -EFAULT;
856                 if (optlen >= sizeof(struct ip_mreqn)) {
857                         if (copy_from_user(&mreq, optval, sizeof(mreq)))
858                                 break;
859                 } else {
860                         memset(&mreq, 0, sizeof(mreq));
861                         if (optlen >= sizeof(struct ip_mreq)) {
862                                 if (copy_from_user(&mreq, optval,
863                                                    sizeof(struct ip_mreq)))
864                                         break;
865                         } else if (optlen >= sizeof(struct in_addr)) {
866                                 if (copy_from_user(&mreq.imr_address, optval,
867                                                    sizeof(struct in_addr)))
868                                         break;
869                         }
870                 }
871 
872                 if (!mreq.imr_ifindex) {
873                         if (mreq.imr_address.s_addr == htonl(INADDR_ANY)) {
874                                 inet->mc_index = 0;
875                                 inet->mc_addr  = 0;
876                                 err = 0;
877                                 break;
878                         }
879                         dev = ip_dev_find(sock_net(sk), mreq.imr_address.s_addr);
880                         if (dev)
881                                 mreq.imr_ifindex = dev->ifindex;
882                 } else
883                         dev = dev_get_by_index(sock_net(sk), mreq.imr_ifindex);
884 
885 
886                 err = -EADDRNOTAVAIL;
887                 if (!dev)
888                         break;
889                 dev_put(dev);
890 
891                 err = -EINVAL;
892                 if (sk->sk_bound_dev_if &&
893                     mreq.imr_ifindex != sk->sk_bound_dev_if)
894                         break;
895 
896                 inet->mc_index = mreq.imr_ifindex;
897                 inet->mc_addr  = mreq.imr_address.s_addr;
898                 err = 0;
899                 break;
900         }
901 
902         case IP_ADD_MEMBERSHIP:
903         case IP_DROP_MEMBERSHIP:
904         {
905                 struct ip_mreqn mreq;
906 
907                 err = -EPROTO;
908                 if (inet_sk(sk)->is_icsk)
909                         break;
910 
911                 if (optlen < sizeof(struct ip_mreq))
912                         goto e_inval;
913                 err = -EFAULT;
914                 if (optlen >= sizeof(struct ip_mreqn)) {
915                         if (copy_from_user(&mreq, optval, sizeof(mreq)))
916                                 break;
917                 } else {
918                         memset(&mreq, 0, sizeof(mreq));
919                         if (copy_from_user(&mreq, optval, sizeof(struct ip_mreq)))
920                                 break;
921                 }
922 
923                 if (optname == IP_ADD_MEMBERSHIP)
924                         err = ip_mc_join_group(sk, &mreq);
925                 else
926                         err = ip_mc_leave_group(sk, &mreq);
927                 break;
928         }
929         case IP_MSFILTER:
930         {
931                 struct ip_msfilter *msf;
932 
933                 if (optlen < IP_MSFILTER_SIZE(0))
934                         goto e_inval;
935                 if (optlen > sysctl_optmem_max) {
936                         err = -ENOBUFS;
937                         break;
938                 }
939                 msf = kmalloc(optlen, GFP_KERNEL);
940                 if (!msf) {
941                         err = -ENOBUFS;
942                         break;
943                 }
944                 err = -EFAULT;
945                 if (copy_from_user(msf, optval, optlen)) {
946                         kfree(msf);
947                         break;
948                 }
949                 /* numsrc >= (1G-4) overflow in 32 bits */
950                 if (msf->imsf_numsrc >= 0x3ffffffcU ||
951                     msf->imsf_numsrc > net->ipv4.sysctl_igmp_max_msf) {
952                         kfree(msf);
953                         err = -ENOBUFS;
954                         break;
955                 }
956                 if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
957                         kfree(msf);
958                         err = -EINVAL;
959                         break;
960                 }
961                 err = ip_mc_msfilter(sk, msf, 0);
962                 kfree(msf);
963                 break;
964         }
965         case IP_BLOCK_SOURCE:
966         case IP_UNBLOCK_SOURCE:
967         case IP_ADD_SOURCE_MEMBERSHIP:
968         case IP_DROP_SOURCE_MEMBERSHIP:
969         {
970                 struct ip_mreq_source mreqs;
971                 int omode, add;
972 
973                 if (optlen != sizeof(struct ip_mreq_source))
974                         goto e_inval;
975                 if (copy_from_user(&mreqs, optval, sizeof(mreqs))) {
976                         err = -EFAULT;
977                         break;
978                 }
979                 if (optname == IP_BLOCK_SOURCE) {
980                         omode = MCAST_EXCLUDE;
981                         add = 1;
982                 } else if (optname == IP_UNBLOCK_SOURCE) {
983                         omode = MCAST_EXCLUDE;
984                         add = 0;
985                 } else if (optname == IP_ADD_SOURCE_MEMBERSHIP) {
986                         struct ip_mreqn mreq;
987 
988                         mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr;
989                         mreq.imr_address.s_addr = mreqs.imr_interface;
990                         mreq.imr_ifindex = 0;
991                         err = ip_mc_join_group(sk, &mreq);
992                         if (err && err != -EADDRINUSE)
993                                 break;
994                         omode = MCAST_INCLUDE;
995                         add = 1;
996                 } else /* IP_DROP_SOURCE_MEMBERSHIP */ {
997                         omode = MCAST_INCLUDE;
998                         add = 0;
999                 }
1000                 err = ip_mc_source(add, omode, sk, &mreqs, 0);
1001                 break;
1002         }
1003         case MCAST_JOIN_GROUP:
1004         case MCAST_LEAVE_GROUP:
1005         {
1006                 struct group_req greq;
1007                 struct sockaddr_in *psin;
1008                 struct ip_mreqn mreq;
1009 
1010                 if (optlen < sizeof(struct group_req))
1011                         goto e_inval;
1012                 err = -EFAULT;
1013                 if (copy_from_user(&greq, optval, sizeof(greq)))
1014                         break;
1015                 psin = (struct sockaddr_in *)&greq.gr_group;
1016                 if (psin->sin_family != AF_INET)
1017                         goto e_inval;
1018                 memset(&mreq, 0, sizeof(mreq));
1019                 mreq.imr_multiaddr = psin->sin_addr;
1020                 mreq.imr_ifindex = greq.gr_interface;
1021 
1022                 if (optname == MCAST_JOIN_GROUP)
1023                         err = ip_mc_join_group(sk, &mreq);
1024                 else
1025                         err = ip_mc_leave_group(sk, &mreq);
1026                 break;
1027         }
1028         case MCAST_JOIN_SOURCE_GROUP:
1029         case MCAST_LEAVE_SOURCE_GROUP:
1030         case MCAST_BLOCK_SOURCE:
1031         case MCAST_UNBLOCK_SOURCE:
1032         {
1033                 struct group_source_req greqs;
1034                 struct ip_mreq_source mreqs;
1035                 struct sockaddr_in *psin;
1036                 int omode, add;
1037 
1038                 if (optlen != sizeof(struct group_source_req))
1039                         goto e_inval;
1040                 if (copy_from_user(&greqs, optval, sizeof(greqs))) {
1041                         err = -EFAULT;
1042                         break;
1043                 }
1044                 if (greqs.gsr_group.ss_family != AF_INET ||
1045                     greqs.gsr_source.ss_family != AF_INET) {
1046                         err = -EADDRNOTAVAIL;
1047                         break;
1048                 }
1049                 psin = (struct sockaddr_in *)&greqs.gsr_group;
1050                 mreqs.imr_multiaddr = psin->sin_addr.s_addr;
1051                 psin = (struct sockaddr_in *)&greqs.gsr_source;
1052                 mreqs.imr_sourceaddr = psin->sin_addr.s_addr;
1053                 mreqs.imr_interface = 0; /* use index for mc_source */
1054 
1055                 if (optname == MCAST_BLOCK_SOURCE) {
1056                         omode = MCAST_EXCLUDE;
1057                         add = 1;
1058                 } else if (optname == MCAST_UNBLOCK_SOURCE) {
1059                         omode = MCAST_EXCLUDE;
1060                         add = 0;
1061                 } else if (optname == MCAST_JOIN_SOURCE_GROUP) {
1062                         struct ip_mreqn mreq;
1063 
1064                         psin = (struct sockaddr_in *)&greqs.gsr_group;
1065                         mreq.imr_multiaddr = psin->sin_addr;
1066                         mreq.imr_address.s_addr = 0;
1067                         mreq.imr_ifindex = greqs.gsr_interface;
1068                         err = ip_mc_join_group(sk, &mreq);
1069                         if (err && err != -EADDRINUSE)
1070                                 break;
1071                         greqs.gsr_interface = mreq.imr_ifindex;
1072                         omode = MCAST_INCLUDE;
1073                         add = 1;
1074                 } else /* MCAST_LEAVE_SOURCE_GROUP */ {
1075                         omode = MCAST_INCLUDE;
1076                         add = 0;
1077                 }
1078                 err = ip_mc_source(add, omode, sk, &mreqs,
1079                                    greqs.gsr_interface);
1080                 break;
1081         }
1082         case MCAST_MSFILTER:
1083         {
1084                 struct sockaddr_in *psin;
1085                 struct ip_msfilter *msf = NULL;
1086                 struct group_filter *gsf = NULL;
1087                 int msize, i, ifindex;
1088 
1089                 if (optlen < GROUP_FILTER_SIZE(0))
1090                         goto e_inval;
1091                 if (optlen > sysctl_optmem_max) {
1092                         err = -ENOBUFS;
1093                         break;
1094                 }
1095                 gsf = kmalloc(optlen, GFP_KERNEL);
1096                 if (!gsf) {
1097                         err = -ENOBUFS;
1098                         break;
1099                 }
1100                 err = -EFAULT;
1101                 if (copy_from_user(gsf, optval, optlen))
1102                         goto mc_msf_out;
1103 
1104                 /* numsrc >= (4G-140)/128 overflow in 32 bits */
1105                 if (gsf->gf_numsrc >= 0x1ffffff ||
1106                     gsf->gf_numsrc > net->ipv4.sysctl_igmp_max_msf) {
1107                         err = -ENOBUFS;
1108                         goto mc_msf_out;
1109                 }
1110                 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
1111                         err = -EINVAL;
1112                         goto mc_msf_out;
1113                 }
1114                 msize = IP_MSFILTER_SIZE(gsf->gf_numsrc);
1115                 msf = kmalloc(msize, GFP_KERNEL);
1116                 if (!msf) {
1117                         err = -ENOBUFS;
1118                         goto mc_msf_out;
1119                 }
1120                 ifindex = gsf->gf_interface;
1121                 psin = (struct sockaddr_in *)&gsf->gf_group;
1122                 if (psin->sin_family != AF_INET) {
1123                         err = -EADDRNOTAVAIL;
1124                         goto mc_msf_out;
1125                 }
1126                 msf->imsf_multiaddr = psin->sin_addr.s_addr;
1127                 msf->imsf_interface = 0;
1128                 msf->imsf_fmode = gsf->gf_fmode;
1129                 msf->imsf_numsrc = gsf->gf_numsrc;
1130                 err = -EADDRNOTAVAIL;
1131                 for (i = 0; i < gsf->gf_numsrc; ++i) {
1132                         psin = (struct sockaddr_in *)&gsf->gf_slist[i];
1133 
1134                         if (psin->sin_family != AF_INET)
1135                                 goto mc_msf_out;
1136                         msf->imsf_slist[i] = psin->sin_addr.s_addr;
1137                 }
1138                 kfree(gsf);
1139                 gsf = NULL;
1140 
1141                 err = ip_mc_msfilter(sk, msf, ifindex);
1142 mc_msf_out:
1143                 kfree(msf);
1144                 kfree(gsf);
1145                 break;
1146         }
1147         case IP_MULTICAST_ALL:
1148                 if (optlen < 1)
1149                         goto e_inval;
1150                 if (val != 0 && val != 1)
1151                         goto e_inval;
1152                 inet->mc_all = val;
1153                 break;
1154         case IP_ROUTER_ALERT:
1155                 err = ip_ra_control(sk, val ? 1 : 0, NULL);
1156                 break;
1157 
1158         case IP_FREEBIND:
1159                 if (optlen < 1)
1160                         goto e_inval;
1161                 inet->freebind = !!val;
1162                 break;
1163 
1164         case IP_IPSEC_POLICY:
1165         case IP_XFRM_POLICY:
1166                 err = -EPERM;
1167                 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
1168                         break;
1169                 err = xfrm_user_policy(sk, optname, optval, optlen);
1170                 break;
1171 
1172         case IP_TRANSPARENT:
1173                 if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
1174                     !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1175                         err = -EPERM;
1176                         break;
1177                 }
1178                 if (optlen < 1)
1179                         goto e_inval;
1180                 inet->transparent = !!val;
1181                 break;
1182 
1183         case IP_MINTTL:
1184                 if (optlen < 1)
1185                         goto e_inval;
1186                 if (val < 0 || val > 255)
1187                         goto e_inval;
1188                 inet->min_ttl = val;
1189                 break;
1190 
1191         default:
1192                 err = -ENOPROTOOPT;
1193                 break;
1194         }
1195         release_sock(sk);
1196         if (needs_rtnl)
1197                 rtnl_unlock();
1198         return err;
1199 
1200 e_inval:
1201         release_sock(sk);
1202         if (needs_rtnl)
1203                 rtnl_unlock();
1204         return -EINVAL;
1205 }
1206 
1207 /**
1208  * ipv4_pktinfo_prepare - transfer some info from rtable to skb
1209  * @sk: socket
1210  * @skb: buffer
1211  *
1212  * To support IP_CMSG_PKTINFO option, we store rt_iif and specific
1213  * destination in skb->cb[] before dst drop.
1214  * This way, receiver doesn't make cache line misses to read rtable.
1215  */
1216 void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb)
1217 {
1218         struct in_pktinfo *pktinfo = PKTINFO_SKB_CB(skb);
1219         bool prepare = (inet_sk(sk)->cmsg_flags & IP_CMSG_PKTINFO) ||
1220                        ipv6_sk_rxinfo(sk);
1221 
1222         if (prepare && skb_rtable(skb)) {
1223                 /* skb->cb is overloaded: prior to this point it is IP{6}CB
1224                  * which has interface index (iif) as the first member of the
1225                  * underlying inet{6}_skb_parm struct. This code then overlays
1226                  * PKTINFO_SKB_CB and in_pktinfo also has iif as the first
1227                  * element so the iif is picked up from the prior IPCB. If iif
1228                  * is the loopback interface, then return the sending interface
1229                  * (e.g., process binds socket to eth0 for Tx which is
1230                  * redirected to loopback in the rtable/dst).
1231                  */
1232                 if (pktinfo->ipi_ifindex == LOOPBACK_IFINDEX)
1233                         pktinfo->ipi_ifindex = inet_iif(skb);
1234 
1235                 pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb);
1236         } else {
1237                 pktinfo->ipi_ifindex = 0;
1238                 pktinfo->ipi_spec_dst.s_addr = 0;
1239         }
1240         /* We need to keep the dst for __ip_options_echo()
1241          * We could restrict the test to opt.ts_needtime || opt.srr,
1242          * but the following is good enough as IP options are not often used.
1243          */
1244         if (unlikely(IPCB(skb)->opt.optlen))
1245                 skb_dst_force(skb);
1246         else
1247                 skb_dst_drop(skb);
1248 }
1249 
1250 int ip_setsockopt(struct sock *sk, int level,
1251                 int optname, char __user *optval, unsigned int optlen)
1252 {
1253         int err;
1254 
1255         if (level != SOL_IP)
1256                 return -ENOPROTOOPT;
1257 
1258         err = do_ip_setsockopt(sk, level, optname, optval, optlen);
1259 #ifdef CONFIG_NETFILTER
1260         /* we need to exclude all possible ENOPROTOOPTs except default case */
1261         if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
1262                         optname != IP_IPSEC_POLICY &&
1263                         optname != IP_XFRM_POLICY &&
1264                         !ip_mroute_opt(optname)) {
1265                 lock_sock(sk);
1266                 err = nf_setsockopt(sk, PF_INET, optname, optval, optlen);
1267                 release_sock(sk);
1268         }
1269 #endif
1270         return err;
1271 }
1272 EXPORT_SYMBOL(ip_setsockopt);
1273 
1274 #ifdef CONFIG_COMPAT
1275 int compat_ip_setsockopt(struct sock *sk, int level, int optname,
1276                          char __user *optval, unsigned int optlen)
1277 {
1278         int err;
1279 
1280         if (level != SOL_IP)
1281                 return -ENOPROTOOPT;
1282 
1283         if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
1284                 return compat_mc_setsockopt(sk, level, optname, optval, optlen,
1285                         ip_setsockopt);
1286 
1287         err = do_ip_setsockopt(sk, level, optname, optval, optlen);
1288 #ifdef CONFIG_NETFILTER
1289         /* we need to exclude all possible ENOPROTOOPTs except default case */
1290         if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
1291                         optname != IP_IPSEC_POLICY &&
1292                         optname != IP_XFRM_POLICY &&
1293                         !ip_mroute_opt(optname)) {
1294                 lock_sock(sk);
1295                 err = compat_nf_setsockopt(sk, PF_INET, optname,
1296                                            optval, optlen);
1297                 release_sock(sk);
1298         }
1299 #endif
1300         return err;
1301 }
1302 EXPORT_SYMBOL(compat_ip_setsockopt);
1303 #endif
1304 
1305 /*
1306  *      Get the options. Note for future reference. The GET of IP options gets
1307  *      the _received_ ones. The set sets the _sent_ ones.
1308  */
1309 
1310 static bool getsockopt_needs_rtnl(int optname)
1311 {
1312         switch (optname) {
1313         case IP_MSFILTER:
1314         case MCAST_MSFILTER:
1315                 return true;
1316         }
1317         return false;
1318 }
1319 
1320 static int do_ip_getsockopt(struct sock *sk, int level, int optname,
1321                             char __user *optval, int __user *optlen, unsigned int flags)
1322 {
1323         struct inet_sock *inet = inet_sk(sk);
1324         bool needs_rtnl = getsockopt_needs_rtnl(optname);
1325         int val, err = 0;
1326         int len;
1327 
1328         if (level != SOL_IP)
1329                 return -EOPNOTSUPP;
1330 
1331         if (ip_mroute_opt(optname))
1332                 return ip_mroute_getsockopt(sk, optname, optval, optlen);
1333 
1334         if (get_user(len, optlen))
1335                 return -EFAULT;
1336         if (len < 0)
1337                 return -EINVAL;
1338 
1339         if (needs_rtnl)
1340                 rtnl_lock();
1341         lock_sock(sk);
1342 
1343         switch (optname) {
1344         case IP_OPTIONS:
1345         {
1346                 unsigned char optbuf[sizeof(struct ip_options)+40];
1347                 struct ip_options *opt = (struct ip_options *)optbuf;
1348                 struct ip_options_rcu *inet_opt;
1349 
1350                 inet_opt = rcu_dereference_protected(inet->inet_opt,
1351                                                      lockdep_sock_is_held(sk));
1352                 opt->optlen = 0;
1353                 if (inet_opt)
1354                         memcpy(optbuf, &inet_opt->opt,
1355                                sizeof(struct ip_options) +
1356                                inet_opt->opt.optlen);
1357                 release_sock(sk);
1358 
1359                 if (opt->optlen == 0)
1360                         return put_user(0, optlen);
1361 
1362                 ip_options_undo(opt);
1363 
1364                 len = min_t(unsigned int, len, opt->optlen);
1365                 if (put_user(len, optlen))
1366                         return -EFAULT;
1367                 if (copy_to_user(optval, opt->__data, len))
1368                         return -EFAULT;
1369                 return 0;
1370         }
1371         case IP_PKTINFO:
1372                 val = (inet->cmsg_flags & IP_CMSG_PKTINFO) != 0;
1373                 break;
1374         case IP_RECVTTL:
1375                 val = (inet->cmsg_flags & IP_CMSG_TTL) != 0;
1376                 break;
1377         case IP_RECVTOS:
1378                 val = (inet->cmsg_flags & IP_CMSG_TOS) != 0;
1379                 break;
1380         case IP_RECVOPTS:
1381                 val = (inet->cmsg_flags & IP_CMSG_RECVOPTS) != 0;
1382                 break;
1383         case IP_RETOPTS:
1384                 val = (inet->cmsg_flags & IP_CMSG_RETOPTS) != 0;
1385                 break;
1386         case IP_PASSSEC:
1387                 val = (inet->cmsg_flags & IP_CMSG_PASSSEC) != 0;
1388                 break;
1389         case IP_RECVORIGDSTADDR:
1390                 val = (inet->cmsg_flags & IP_CMSG_ORIGDSTADDR) != 0;
1391                 break;
1392         case IP_CHECKSUM:
1393                 val = (inet->cmsg_flags & IP_CMSG_CHECKSUM) != 0;
1394                 break;
1395         case IP_RECVFRAGSIZE:
1396                 val = (inet->cmsg_flags & IP_CMSG_RECVFRAGSIZE) != 0;
1397                 break;
1398         case IP_TOS:
1399                 val = inet->tos;
1400                 break;
1401         case IP_TTL:
1402         {
1403                 struct net *net = sock_net(sk);
1404                 val = (inet->uc_ttl == -1 ?
1405                        net->ipv4.sysctl_ip_default_ttl :
1406                        inet->uc_ttl);
1407                 break;
1408         }
1409         case IP_HDRINCL:
1410                 val = inet->hdrincl;
1411                 break;
1412         case IP_NODEFRAG:
1413                 val = inet->nodefrag;
1414                 break;
1415         case IP_BIND_ADDRESS_NO_PORT:
1416                 val = inet->bind_address_no_port;
1417                 break;
1418         case IP_MTU_DISCOVER:
1419                 val = inet->pmtudisc;
1420                 break;
1421         case IP_MTU:
1422         {
1423                 struct dst_entry *dst;
1424                 val = 0;
1425                 dst = sk_dst_get(sk);
1426                 if (dst) {
1427                         val = dst_mtu(dst);
1428                         dst_release(dst);
1429                 }
1430                 if (!val) {
1431                         release_sock(sk);
1432                         return -ENOTCONN;
1433                 }
1434                 break;
1435         }
1436         case IP_RECVERR:
1437                 val = inet->recverr;
1438                 break;
1439         case IP_MULTICAST_TTL:
1440                 val = inet->mc_ttl;
1441                 break;
1442         case IP_MULTICAST_LOOP:
1443                 val = inet->mc_loop;
1444                 break;
1445         case IP_UNICAST_IF:
1446                 val = (__force int)htonl((__u32) inet->uc_index);
1447                 break;
1448         case IP_MULTICAST_IF:
1449         {
1450                 struct in_addr addr;
1451                 len = min_t(unsigned int, len, sizeof(struct in_addr));
1452                 addr.s_addr = inet->mc_addr;
1453                 release_sock(sk);
1454 
1455                 if (put_user(len, optlen))
1456                         return -EFAULT;
1457                 if (copy_to_user(optval, &addr, len))
1458                         return -EFAULT;
1459                 return 0;
1460         }
1461         case IP_MSFILTER:
1462         {
1463                 struct ip_msfilter msf;
1464 
1465                 if (len < IP_MSFILTER_SIZE(0)) {
1466                         err = -EINVAL;
1467                         goto out;
1468                 }
1469                 if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) {
1470                         err = -EFAULT;
1471                         goto out;
1472                 }
1473                 err = ip_mc_msfget(sk, &msf,
1474                                    (struct ip_msfilter __user *)optval, optlen);
1475                 goto out;
1476         }
1477         case MCAST_MSFILTER:
1478         {
1479                 struct group_filter gsf;
1480 
1481                 if (len < GROUP_FILTER_SIZE(0)) {
1482                         err = -EINVAL;
1483                         goto out;
1484                 }
1485                 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) {
1486                         err = -EFAULT;
1487                         goto out;
1488                 }
1489                 err = ip_mc_gsfget(sk, &gsf,
1490                                    (struct group_filter __user *)optval,
1491                                    optlen);
1492                 goto out;
1493         }
1494         case IP_MULTICAST_ALL:
1495                 val = inet->mc_all;
1496                 break;
1497         case IP_PKTOPTIONS:
1498         {
1499                 struct msghdr msg;
1500 
1501                 release_sock(sk);
1502 
1503                 if (sk->sk_type != SOCK_STREAM)
1504                         return -ENOPROTOOPT;
1505 
1506                 msg.msg_control = (__force void *) optval;
1507                 msg.msg_controllen = len;
1508                 msg.msg_flags = flags;
1509 
1510                 if (inet->cmsg_flags & IP_CMSG_PKTINFO) {
1511                         struct in_pktinfo info;
1512 
1513                         info.ipi_addr.s_addr = inet->inet_rcv_saddr;
1514                         info.ipi_spec_dst.s_addr = inet->inet_rcv_saddr;
1515                         info.ipi_ifindex = inet->mc_index;
1516                         put_cmsg(&msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
1517                 }
1518                 if (inet->cmsg_flags & IP_CMSG_TTL) {
1519                         int hlim = inet->mc_ttl;
1520                         put_cmsg(&msg, SOL_IP, IP_TTL, sizeof(hlim), &hlim);
1521                 }
1522                 if (inet->cmsg_flags & IP_CMSG_TOS) {
1523                         int tos = inet->rcv_tos;
1524                         put_cmsg(&msg, SOL_IP, IP_TOS, sizeof(tos), &tos);
1525                 }
1526                 len -= msg.msg_controllen;
1527                 return put_user(len, optlen);
1528         }
1529         case IP_FREEBIND:
1530                 val = inet->freebind;
1531                 break;
1532         case IP_TRANSPARENT:
1533                 val = inet->transparent;
1534                 break;
1535         case IP_MINTTL:
1536                 val = inet->min_ttl;
1537                 break;
1538         default:
1539                 release_sock(sk);
1540                 return -ENOPROTOOPT;
1541         }
1542         release_sock(sk);
1543 
1544         if (len < sizeof(int) && len > 0 && val >= 0 && val <= 255) {
1545                 unsigned char ucval = (unsigned char)val;
1546                 len = 1;
1547                 if (put_user(len, optlen))
1548                         return -EFAULT;
1549                 if (copy_to_user(optval, &ucval, 1))
1550                         return -EFAULT;
1551         } else {
1552                 len = min_t(unsigned int, sizeof(int), len);
1553                 if (put_user(len, optlen))
1554                         return -EFAULT;
1555                 if (copy_to_user(optval, &val, len))
1556                         return -EFAULT;
1557         }
1558         return 0;
1559 
1560 out:
1561         release_sock(sk);
1562         if (needs_rtnl)
1563                 rtnl_unlock();
1564         return err;
1565 }
1566 
1567 int ip_getsockopt(struct sock *sk, int level,
1568                   int optname, char __user *optval, int __user *optlen)
1569 {
1570         int err;
1571 
1572         err = do_ip_getsockopt(sk, level, optname, optval, optlen, 0);
1573 #ifdef CONFIG_NETFILTER
1574         /* we need to exclude all possible ENOPROTOOPTs except default case */
1575         if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
1576                         !ip_mroute_opt(optname)) {
1577                 int len;
1578 
1579                 if (get_user(len, optlen))
1580                         return -EFAULT;
1581 
1582                 lock_sock(sk);
1583                 err = nf_getsockopt(sk, PF_INET, optname, optval,
1584                                 &len);
1585                 release_sock(sk);
1586                 if (err >= 0)
1587                         err = put_user(len, optlen);
1588                 return err;
1589         }
1590 #endif
1591         return err;
1592 }
1593 EXPORT_SYMBOL(ip_getsockopt);
1594 
1595 #ifdef CONFIG_COMPAT
1596 int compat_ip_getsockopt(struct sock *sk, int level, int optname,
1597                          char __user *optval, int __user *optlen)
1598 {
1599         int err;
1600 
1601         if (optname == MCAST_MSFILTER)
1602                 return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1603                         ip_getsockopt);
1604 
1605         err = do_ip_getsockopt(sk, level, optname, optval, optlen,
1606                 MSG_CMSG_COMPAT);
1607 
1608 #ifdef CONFIG_NETFILTER
1609         /* we need to exclude all possible ENOPROTOOPTs except default case */
1610         if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
1611                         !ip_mroute_opt(optname)) {
1612                 int len;
1613 
1614                 if (get_user(len, optlen))
1615                         return -EFAULT;
1616 
1617                 lock_sock(sk);
1618                 err = compat_nf_getsockopt(sk, PF_INET, optname, optval, &len);
1619                 release_sock(sk);
1620                 if (err >= 0)
1621                         err = put_user(len, optlen);
1622                 return err;
1623         }
1624 #endif
1625         return err;
1626 }
1627 EXPORT_SYMBOL(compat_ip_getsockopt);
1628 #endif
1629 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp