1 /*
2 * IPv6 BSD socket options interface
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_sockglue.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * FIXME: Make the setsockopt code POSIX compliant: That is
16 *
17 * o Truncate getsockopt returns
18 * o Return an optlen of the truncated length if need be
19 *
20 * Changes:
21 * David L Stevens <dlstevens@us.ibm.com>:
22 * - added multicast source filtering API for MLDv2
23 */
24
25 #include <linux/module.h>
26 #include <linux/capability.h>
27 #include <linux/errno.h>
28 #include <linux/types.h>
29 #include <linux/socket.h>
30 #include <linux/sockios.h>
31 #include <linux/net.h>
32 #include <linux/in6.h>
33 #include <linux/mroute6.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/init.h>
37 #include <linux/sysctl.h>
38 #include <linux/netfilter.h>
39 #include <linux/slab.h>
40
41 #include <net/sock.h>
42 #include <net/snmp.h>
43 #include <net/ipv6.h>
44 #include <net/ndisc.h>
45 #include <net/protocol.h>
46 #include <net/transp_v6.h>
47 #include <net/ip6_route.h>
48 #include <net/addrconf.h>
49 #include <net/inet_common.h>
50 #include <net/tcp.h>
51 #include <net/udp.h>
52 #include <net/udplite.h>
53 #include <net/xfrm.h>
54 #include <net/compat.h>
55
56 #include <asm/uaccess.h>
57
58 struct ip6_ra_chain *ip6_ra_chain;
59 DEFINE_RWLOCK(ip6_ra_lock);
60
61 int ip6_ra_control(struct sock *sk, int sel)
62 {
63 struct ip6_ra_chain *ra, *new_ra, **rap;
64
65 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */
66 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW)
67 return -ENOPROTOOPT;
68
69 new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
70
71 write_lock_bh(&ip6_ra_lock);
72 for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {
73 if (ra->sk == sk) {
74 if (sel >= 0) {
75 write_unlock_bh(&ip6_ra_lock);
76 kfree(new_ra);
77 return -EADDRINUSE;
78 }
79
80 *rap = ra->next;
81 write_unlock_bh(&ip6_ra_lock);
82
83 sock_put(sk);
84 kfree(ra);
85 return 0;
86 }
87 }
88 if (!new_ra) {
89 write_unlock_bh(&ip6_ra_lock);
90 return -ENOBUFS;
91 }
92 new_ra->sk = sk;
93 new_ra->sel = sel;
94 new_ra->next = ra;
95 *rap = new_ra;
96 sock_hold(sk);
97 write_unlock_bh(&ip6_ra_lock);
98 return 0;
99 }
100
101 static
102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
103 struct ipv6_txoptions *opt)
104 {
105 if (inet_sk(sk)->is_icsk) {
106 if (opt &&
107 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
108 inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) {
109 struct inet_connection_sock *icsk = inet_csk(sk);
110 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
111 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
112 }
113 }
114 opt = xchg((__force struct ipv6_txoptions **)&inet6_sk(sk)->opt,
115 opt);
116 sk_dst_reset(sk);
117
118 return opt;
119 }
120
121 static bool setsockopt_needs_rtnl(int optname)
122 {
123 switch (optname) {
124 case IPV6_ADDRFORM:
125 case IPV6_ADD_MEMBERSHIP:
126 case IPV6_DROP_MEMBERSHIP:
127 case IPV6_JOIN_ANYCAST:
128 case IPV6_LEAVE_ANYCAST:
129 case MCAST_JOIN_GROUP:
130 case MCAST_LEAVE_GROUP:
131 case MCAST_JOIN_SOURCE_GROUP:
132 case MCAST_LEAVE_SOURCE_GROUP:
133 case MCAST_BLOCK_SOURCE:
134 case MCAST_UNBLOCK_SOURCE:
135 case MCAST_MSFILTER:
136 return true;
137 }
138 return false;
139 }
140
141 static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
142 char __user *optval, unsigned int optlen)
143 {
144 struct ipv6_pinfo *np = inet6_sk(sk);
145 struct net *net = sock_net(sk);
146 int val, valbool;
147 int retv = -ENOPROTOOPT;
148 bool needs_rtnl = setsockopt_needs_rtnl(optname);
149
150 if (!optval)
151 val = 0;
152 else {
153 if (optlen >= sizeof(int)) {
154 if (get_user(val, (int __user *) optval))
155 return -EFAULT;
156 } else
157 val = 0;
158 }
159
160 valbool = (val != 0);
161
162 if (ip6_mroute_opt(optname))
163 return ip6_mroute_setsockopt(sk, optname, optval, optlen);
164
165 if (needs_rtnl)
166 rtnl_lock();
167 lock_sock(sk);
168
169 switch (optname) {
170
171 case IPV6_ADDRFORM:
172 if (optlen < sizeof(int))
173 goto e_inval;
174 if (val == PF_INET) {
175 struct ipv6_txoptions *opt;
176 struct sk_buff *pktopt;
177
178 if (sk->sk_type == SOCK_RAW)
179 break;
180
181 if (sk->sk_protocol == IPPROTO_UDP ||
182 sk->sk_protocol == IPPROTO_UDPLITE) {
183 struct udp_sock *up = udp_sk(sk);
184 if (up->pending == AF_INET6) {
185 retv = -EBUSY;
186 break;
187 }
188 } else if (sk->sk_protocol == IPPROTO_TCP) {
189 if (sk->sk_prot != &tcpv6_prot) {
190 retv = -EBUSY;
191 break;
192 }
193 } else {
194 break;
195 }
196
197 if (sk->sk_state != TCP_ESTABLISHED) {
198 retv = -ENOTCONN;
199 break;
200 }
201
202 if (ipv6_only_sock(sk) ||
203 !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) {
204 retv = -EADDRNOTAVAIL;
205 break;
206 }
207
208 fl6_free_socklist(sk);
209 __ipv6_sock_mc_close(sk);
210 __ipv6_sock_ac_close(sk);
211
212 /*
213 * Sock is moving from IPv6 to IPv4 (sk_prot), so
214 * remove it from the refcnt debug socks count in the
215 * original family...
216 */
217 sk_refcnt_debug_dec(sk);
218
219 if (sk->sk_protocol == IPPROTO_TCP) {
220 struct inet_connection_sock *icsk = inet_csk(sk);
221 local_bh_disable();
222 sock_prot_inuse_add(net, sk->sk_prot, -1);
223 sock_prot_inuse_add(net, &tcp_prot, 1);
224 local_bh_enable();
225 sk->sk_prot = &tcp_prot;
226 icsk->icsk_af_ops = &ipv4_specific;
227 sk->sk_socket->ops = &inet_stream_ops;
228 sk->sk_family = PF_INET;
229 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
230 } else {
231 struct proto *prot = &udp_prot;
232
233 if (sk->sk_protocol == IPPROTO_UDPLITE)
234 prot = &udplite_prot;
235 local_bh_disable();
236 sock_prot_inuse_add(net, sk->sk_prot, -1);
237 sock_prot_inuse_add(net, prot, 1);
238 local_bh_enable();
239 sk->sk_prot = prot;
240 sk->sk_socket->ops = &inet_dgram_ops;
241 sk->sk_family = PF_INET;
242 }
243 opt = xchg((__force struct ipv6_txoptions **)&np->opt,
244 NULL);
245 if (opt) {
246 atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
247 txopt_put(opt);
248 }
249 pktopt = xchg(&np->pktoptions, NULL);
250 kfree_skb(pktopt);
251
252 sk->sk_destruct = inet_sock_destruct;
253 /*
254 * ... and add it to the refcnt debug socks count
255 * in the new family. -acme
256 */
257 sk_refcnt_debug_inc(sk);
258 module_put(THIS_MODULE);
259 retv = 0;
260 break;
261 }
262 goto e_inval;
263
264 case IPV6_V6ONLY:
265 if (optlen < sizeof(int) ||
266 inet_sk(sk)->inet_num)
267 goto e_inval;
268 sk->sk_ipv6only = valbool;
269 retv = 0;
270 break;
271
272 case IPV6_RECVPKTINFO:
273 if (optlen < sizeof(int))
274 goto e_inval;
275 np->rxopt.bits.rxinfo = valbool;
276 retv = 0;
277 break;
278
279 case IPV6_2292PKTINFO:
280 if (optlen < sizeof(int))
281 goto e_inval;
282 np->rxopt.bits.rxoinfo = valbool;
283 retv = 0;
284 break;
285
286 case IPV6_RECVHOPLIMIT:
287 if (optlen < sizeof(int))
288 goto e_inval;
289 np->rxopt.bits.rxhlim = valbool;
290 retv = 0;
291 break;
292
293 case IPV6_2292HOPLIMIT:
294 if (optlen < sizeof(int))
295 goto e_inval;
296 np->rxopt.bits.rxohlim = valbool;
297 retv = 0;
298 break;
299
300 case IPV6_RECVRTHDR:
301 if (optlen < sizeof(int))
302 goto e_inval;
303 np->rxopt.bits.srcrt = valbool;
304 retv = 0;
305 break;
306
307 case IPV6_2292RTHDR:
308 if (optlen < sizeof(int))
309 goto e_inval;
310 np->rxopt.bits.osrcrt = valbool;
311 retv = 0;
312 break;
313
314 case IPV6_RECVHOPOPTS:
315 if (optlen < sizeof(int))
316 goto e_inval;
317 np->rxopt.bits.hopopts = valbool;
318 retv = 0;
319 break;
320
321 case IPV6_2292HOPOPTS:
322 if (optlen < sizeof(int))
323 goto e_inval;
324 np->rxopt.bits.ohopopts = valbool;
325 retv = 0;
326 break;
327
328 case IPV6_RECVDSTOPTS:
329 if (optlen < sizeof(int))
330 goto e_inval;
331 np->rxopt.bits.dstopts = valbool;
332 retv = 0;
333 break;
334
335 case IPV6_2292DSTOPTS:
336 if (optlen < sizeof(int))
337 goto e_inval;
338 np->rxopt.bits.odstopts = valbool;
339 retv = 0;
340 break;
341
342 case IPV6_TCLASS:
343 if (optlen < sizeof(int))
344 goto e_inval;
345 if (val < -1 || val > 0xff)
346 goto e_inval;
347 /* RFC 3542, 6.5: default traffic class of 0x0 */
348 if (val == -1)
349 val = 0;
350 np->tclass = val;
351 retv = 0;
352 break;
353
354 case IPV6_RECVTCLASS:
355 if (optlen < sizeof(int))
356 goto e_inval;
357 np->rxopt.bits.rxtclass = valbool;
358 retv = 0;
359 break;
360
361 case IPV6_FLOWINFO:
362 if (optlen < sizeof(int))
363 goto e_inval;
364 np->rxopt.bits.rxflow = valbool;
365 retv = 0;
366 break;
367
368 case IPV6_RECVPATHMTU:
369 if (optlen < sizeof(int))
370 goto e_inval;
371 np->rxopt.bits.rxpmtu = valbool;
372 retv = 0;
373 break;
374
375 case IPV6_TRANSPARENT:
376 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) &&
377 !ns_capable(net->user_ns, CAP_NET_RAW)) {
378 retv = -EPERM;
379 break;
380 }
381 if (optlen < sizeof(int))
382 goto e_inval;
383 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */
384 inet_sk(sk)->transparent = valbool;
385 retv = 0;
386 break;
387
388 case IPV6_RECVORIGDSTADDR:
389 if (optlen < sizeof(int))
390 goto e_inval;
391 np->rxopt.bits.rxorigdstaddr = valbool;
392 retv = 0;
393 break;
394
395 case IPV6_HOPOPTS:
396 case IPV6_RTHDRDSTOPTS:
397 case IPV6_RTHDR:
398 case IPV6_DSTOPTS:
399 {
400 struct ipv6_txoptions *opt;
401
402 /* remove any sticky options header with a zero option
403 * length, per RFC3542.
404 */
405 if (optlen == 0)
406 optval = NULL;
407 else if (!optval)
408 goto e_inval;
409 else if (optlen < sizeof(struct ipv6_opt_hdr) ||
410 optlen & 0x7 || optlen > 8 * 255)
411 goto e_inval;
412
413 /* hop-by-hop / destination options are privileged option */
414 retv = -EPERM;
415 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW))
416 break;
417
418 opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk));
419 opt = ipv6_renew_options(sk, opt, optname,
420 (struct ipv6_opt_hdr __user *)optval,
421 optlen);
422 if (IS_ERR(opt)) {
423 retv = PTR_ERR(opt);
424 break;
425 }
426
427 /* routing header option needs extra check */
428 retv = -EINVAL;
429 if (optname == IPV6_RTHDR && opt && opt->srcrt) {
430 struct ipv6_rt_hdr *rthdr = opt->srcrt;
431 switch (rthdr->type) {
432 #if IS_ENABLED(CONFIG_IPV6_MIP6)
433 case IPV6_SRCRT_TYPE_2:
434 if (rthdr->hdrlen != 2 ||
435 rthdr->segments_left != 1)
436 goto sticky_done;
437
438 break;
439 #endif
440 default:
441 goto sticky_done;
442 }
443 }
444
445 retv = 0;
446 opt = ipv6_update_options(sk, opt);
447 sticky_done:
448 if (opt) {
449 atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
450 txopt_put(opt);
451 }
452 break;
453 }
454
455 case IPV6_PKTINFO:
456 {
457 struct in6_pktinfo pkt;
458
459 if (optlen == 0)
460 goto e_inval;
461 else if (optlen < sizeof(struct in6_pktinfo) || !optval)
462 goto e_inval;
463
464 if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) {
465 retv = -EFAULT;
466 break;
467 }
468 if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
469 goto e_inval;
470
471 np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex;
472 np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr;
473 retv = 0;
474 break;
475 }
476
477 case IPV6_2292PKTOPTIONS:
478 {
479 struct ipv6_txoptions *opt = NULL;
480 struct msghdr msg;
481 struct flowi6 fl6;
482 int junk;
483
484 memset(&fl6, 0, sizeof(fl6));
485 fl6.flowi6_oif = sk->sk_bound_dev_if;
486 fl6.flowi6_mark = sk->sk_mark;
487
488 if (optlen == 0)
489 goto update;
490
491 /* 1K is probably excessive
492 * 1K is surely not enough, 2K per standard header is 16K.
493 */
494 retv = -EINVAL;
495 if (optlen > 64*1024)
496 break;
497
498 opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL);
499 retv = -ENOBUFS;
500 if (!opt)
501 break;
502
503 memset(opt, 0, sizeof(*opt));
504 atomic_set(&opt->refcnt, 1);
505 opt->tot_len = sizeof(*opt) + optlen;
506 retv = -EFAULT;
507 if (copy_from_user(opt+1, optval, optlen))
508 goto done;
509
510 msg.msg_controllen = optlen;
511 msg.msg_control = (void *)(opt+1);
512
513 retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk,
514 &junk, &junk);
515 if (retv)
516 goto done;
517 update:
518 retv = 0;
519 opt = ipv6_update_options(sk, opt);
520 done:
521 if (opt) {
522 atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
523 txopt_put(opt);
524 }
525 break;
526 }
527 case IPV6_UNICAST_HOPS:
528 if (optlen < sizeof(int))
529 goto e_inval;
530 if (val > 255 || val < -1)
531 goto e_inval;
532 np->hop_limit = val;
533 retv = 0;
534 break;
535
536 case IPV6_MULTICAST_HOPS:
537 if (sk->sk_type == SOCK_STREAM)
538 break;
539 if (optlen < sizeof(int))
540 goto e_inval;
541 if (val > 255 || val < -1)
542 goto e_inval;
543 np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val);
544 retv = 0;
545 break;
546
547 case IPV6_MULTICAST_LOOP:
548 if (optlen < sizeof(int))
549 goto e_inval;
550 if (val != valbool)
551 goto e_inval;
552 np->mc_loop = valbool;
553 retv = 0;
554 break;
555
556 case IPV6_UNICAST_IF:
557 {
558 struct net_device *dev = NULL;
559 int ifindex;
560
561 if (optlen != sizeof(int))
562 goto e_inval;
563
564 ifindex = (__force int)ntohl((__force __be32)val);
565 if (ifindex == 0) {
566 np->ucast_oif = 0;
567 retv = 0;
568 break;
569 }
570
571 dev = dev_get_by_index(net, ifindex);
572 retv = -EADDRNOTAVAIL;
573 if (!dev)
574 break;
575 dev_put(dev);
576
577 retv = -EINVAL;
578 if (sk->sk_bound_dev_if)
579 break;
580
581 np->ucast_oif = ifindex;
582 retv = 0;
583 break;
584 }
585
586 case IPV6_MULTICAST_IF:
587 if (sk->sk_type == SOCK_STREAM)
588 break;
589 if (optlen < sizeof(int))
590 goto e_inval;
591
592 if (val) {
593 struct net_device *dev;
594 int midx;
595
596 rcu_read_lock();
597
598 dev = dev_get_by_index_rcu(net, val);
599 if (!dev) {
600 rcu_read_unlock();
601 retv = -ENODEV;
602 break;
603 }
604 midx = l3mdev_master_ifindex_rcu(dev);
605
606 rcu_read_unlock();
607
608 if (sk->sk_bound_dev_if &&
609 sk->sk_bound_dev_if != val &&
610 (!midx || midx != sk->sk_bound_dev_if))
611 goto e_inval;
612 }
613 np->mcast_oif = val;
614 retv = 0;
615 break;
616 case IPV6_ADD_MEMBERSHIP:
617 case IPV6_DROP_MEMBERSHIP:
618 {
619 struct ipv6_mreq mreq;
620
621 if (optlen < sizeof(struct ipv6_mreq))
622 goto e_inval;
623
624 retv = -EPROTO;
625 if (inet_sk(sk)->is_icsk)
626 break;
627
628 retv = -EFAULT;
629 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq)))
630 break;
631
632 if (optname == IPV6_ADD_MEMBERSHIP)
633 retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
634 else
635 retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
636 break;
637 }
638 case IPV6_JOIN_ANYCAST:
639 case IPV6_LEAVE_ANYCAST:
640 {
641 struct ipv6_mreq mreq;
642
643 if (optlen < sizeof(struct ipv6_mreq))
644 goto e_inval;
645
646 retv = -EFAULT;
647 if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq)))
648 break;
649
650 if (optname == IPV6_JOIN_ANYCAST)
651 retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
652 else
653 retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
654 break;
655 }
656 case MCAST_JOIN_GROUP:
657 case MCAST_LEAVE_GROUP:
658 {
659 struct group_req greq;
660 struct sockaddr_in6 *psin6;
661
662 if (optlen < sizeof(struct group_req))
663 goto e_inval;
664
665 retv = -EFAULT;
666 if (copy_from_user(&greq, optval, sizeof(struct group_req)))
667 break;
668 if (greq.gr_group.ss_family != AF_INET6) {
669 retv = -EADDRNOTAVAIL;
670 break;
671 }
672 psin6 = (struct sockaddr_in6 *)&greq.gr_group;
673 if (optname == MCAST_JOIN_GROUP)
674 retv = ipv6_sock_mc_join(sk, greq.gr_interface,
675 &psin6->sin6_addr);
676 else
677 retv = ipv6_sock_mc_drop(sk, greq.gr_interface,
678 &psin6->sin6_addr);
679 break;
680 }
681 case MCAST_JOIN_SOURCE_GROUP:
682 case MCAST_LEAVE_SOURCE_GROUP:
683 case MCAST_BLOCK_SOURCE:
684 case MCAST_UNBLOCK_SOURCE:
685 {
686 struct group_source_req greqs;
687 int omode, add;
688
689 if (optlen < sizeof(struct group_source_req))
690 goto e_inval;
691 if (copy_from_user(&greqs, optval, sizeof(greqs))) {
692 retv = -EFAULT;
693 break;
694 }
695 if (greqs.gsr_group.ss_family != AF_INET6 ||
696 greqs.gsr_source.ss_family != AF_INET6) {
697 retv = -EADDRNOTAVAIL;
698 break;
699 }
700 if (optname == MCAST_BLOCK_SOURCE) {
701 omode = MCAST_EXCLUDE;
702 add = 1;
703 } else if (optname == MCAST_UNBLOCK_SOURCE) {
704 omode = MCAST_EXCLUDE;
705 add = 0;
706 } else if (optname == MCAST_JOIN_SOURCE_GROUP) {
707 struct sockaddr_in6 *psin6;
708
709 psin6 = (struct sockaddr_in6 *)&greqs.gsr_group;
710 retv = ipv6_sock_mc_join(sk, greqs.gsr_interface,
711 &psin6->sin6_addr);
712 /* prior join w/ different source is ok */
713 if (retv && retv != -EADDRINUSE)
714 break;
715 omode = MCAST_INCLUDE;
716 add = 1;
717 } else /* MCAST_LEAVE_SOURCE_GROUP */ {
718 omode = MCAST_INCLUDE;
719 add = 0;
720 }
721 retv = ip6_mc_source(add, omode, sk, &greqs);
722 break;
723 }
724 case MCAST_MSFILTER:
725 {
726 struct group_filter *gsf;
727
728 if (optlen < GROUP_FILTER_SIZE(0))
729 goto e_inval;
730 if (optlen > sysctl_optmem_max) {
731 retv = -ENOBUFS;
732 break;
733 }
734 gsf = kmalloc(optlen, GFP_KERNEL);
735 if (!gsf) {
736 retv = -ENOBUFS;
737 break;
738 }
739 retv = -EFAULT;
740 if (copy_from_user(gsf, optval, optlen)) {
741 kfree(gsf);
742 break;
743 }
744 /* numsrc >= (4G-140)/128 overflow in 32 bits */
745 if (gsf->gf_numsrc >= 0x1ffffffU ||
746 gsf->gf_numsrc > sysctl_mld_max_msf) {
747 kfree(gsf);
748 retv = -ENOBUFS;
749 break;
750 }
751 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
752 kfree(gsf);
753 retv = -EINVAL;
754 break;
755 }
756 retv = ip6_mc_msfilter(sk, gsf);
757 kfree(gsf);
758
759 break;
760 }
761 case IPV6_ROUTER_ALERT:
762 if (optlen < sizeof(int))
763 goto e_inval;
764 retv = ip6_ra_control(sk, val);
765 break;
766 case IPV6_MTU_DISCOVER:
767 if (optlen < sizeof(int))
768 goto e_inval;
769 if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT)
770 goto e_inval;
771 np->pmtudisc = val;
772 retv = 0;
773 break;
774 case IPV6_MTU:
775 if (optlen < sizeof(int))
776 goto e_inval;
777 if (val && val < IPV6_MIN_MTU)
778 goto e_inval;
779 np->frag_size = val;
780 retv = 0;
781 break;
782 case IPV6_RECVERR:
783 if (optlen < sizeof(int))
784 goto e_inval;
785 np->recverr = valbool;
786 if (!val)
787 skb_queue_purge(&sk->sk_error_queue);
788 retv = 0;
789 break;
790 case IPV6_FLOWINFO_SEND:
791 if (optlen < sizeof(int))
792 goto e_inval;
793 np->sndflow = valbool;
794 retv = 0;
795 break;
796 case IPV6_FLOWLABEL_MGR:
797 retv = ipv6_flowlabel_opt(sk, optval, optlen);
798 break;
799 case IPV6_IPSEC_POLICY:
800 case IPV6_XFRM_POLICY:
801 retv = -EPERM;
802 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
803 break;
804 retv = xfrm_user_policy(sk, optname, optval, optlen);
805 break;
806
807 case IPV6_ADDR_PREFERENCES:
808 {
809 unsigned int pref = 0;
810 unsigned int prefmask = ~0;
811
812 if (optlen < sizeof(int))
813 goto e_inval;
814
815 retv = -EINVAL;
816
817 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */
818 switch (val & (IPV6_PREFER_SRC_PUBLIC|
819 IPV6_PREFER_SRC_TMP|
820 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) {
821 case IPV6_PREFER_SRC_PUBLIC:
822 pref |= IPV6_PREFER_SRC_PUBLIC;
823 break;
824 case IPV6_PREFER_SRC_TMP:
825 pref |= IPV6_PREFER_SRC_TMP;
826 break;
827 case IPV6_PREFER_SRC_PUBTMP_DEFAULT:
828 break;
829 case 0:
830 goto pref_skip_pubtmp;
831 default:
832 goto e_inval;
833 }
834
835 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC|
836 IPV6_PREFER_SRC_TMP);
837 pref_skip_pubtmp:
838
839 /* check HOME/COA conflicts */
840 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) {
841 case IPV6_PREFER_SRC_HOME:
842 break;
843 case IPV6_PREFER_SRC_COA:
844 pref |= IPV6_PREFER_SRC_COA;
845 case 0:
846 goto pref_skip_coa;
847 default:
848 goto e_inval;
849 }
850
851 prefmask &= ~IPV6_PREFER_SRC_COA;
852 pref_skip_coa:
853
854 /* check CGA/NONCGA conflicts */
855 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) {
856 case IPV6_PREFER_SRC_CGA:
857 case IPV6_PREFER_SRC_NONCGA:
858 case 0:
859 break;
860 default:
861 goto e_inval;
862 }
863
864 np->srcprefs = (np->srcprefs & prefmask) | pref;
865 retv = 0;
866
867 break;
868 }
869 case IPV6_MINHOPCOUNT:
870 if (optlen < sizeof(int))
871 goto e_inval;
872 if (val < 0 || val > 255)
873 goto e_inval;
874 np->min_hopcount = val;
875 retv = 0;
876 break;
877 case IPV6_DONTFRAG:
878 np->dontfrag = valbool;
879 retv = 0;
880 break;
881 case IPV6_AUTOFLOWLABEL:
882 np->autoflowlabel = valbool;
883 np->autoflowlabel_set = 1;
884 retv = 0;
885 break;
886 }
887
888 release_sock(sk);
889 if (needs_rtnl)
890 rtnl_unlock();
891
892 return retv;
893
894 e_inval:
895 release_sock(sk);
896 if (needs_rtnl)
897 rtnl_unlock();
898 return -EINVAL;
899 }
900
901 int ipv6_setsockopt(struct sock *sk, int level, int optname,
902 char __user *optval, unsigned int optlen)
903 {
904 int err;
905
906 if (level == SOL_IP && sk->sk_type != SOCK_RAW)
907 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
908
909 if (level != SOL_IPV6)
910 return -ENOPROTOOPT;
911
912 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
913 #ifdef CONFIG_NETFILTER
914 /* we need to exclude all possible ENOPROTOOPTs except default case */
915 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
916 optname != IPV6_XFRM_POLICY)
917 err = nf_setsockopt(sk, PF_INET6, optname, optval, optlen);
918 #endif
919 return err;
920 }
921 EXPORT_SYMBOL(ipv6_setsockopt);
922
923 #ifdef CONFIG_COMPAT
924 int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
925 char __user *optval, unsigned int optlen)
926 {
927 int err;
928
929 if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
930 if (udp_prot.compat_setsockopt != NULL)
931 return udp_prot.compat_setsockopt(sk, level, optname,
932 optval, optlen);
933 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
934 }
935
936 if (level != SOL_IPV6)
937 return -ENOPROTOOPT;
938
939 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
940 return compat_mc_setsockopt(sk, level, optname, optval, optlen,
941 ipv6_setsockopt);
942
943 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
944 #ifdef CONFIG_NETFILTER
945 /* we need to exclude all possible ENOPROTOOPTs except default case */
946 if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
947 optname != IPV6_XFRM_POLICY)
948 err = compat_nf_setsockopt(sk, PF_INET6, optname, optval,
949 optlen);
950 #endif
951 return err;
952 }
953 EXPORT_SYMBOL(compat_ipv6_setsockopt);
954 #endif
955
956 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
957 int optname, char __user *optval, int len)
958 {
959 struct ipv6_opt_hdr *hdr;
960
961 if (!opt)
962 return 0;
963
964 switch (optname) {
965 case IPV6_HOPOPTS:
966 hdr = opt->hopopt;
967 break;
968 case IPV6_RTHDRDSTOPTS:
969 hdr = opt->dst0opt;
970 break;
971 case IPV6_RTHDR:
972 hdr = (struct ipv6_opt_hdr *)opt->srcrt;
973 break;
974 case IPV6_DSTOPTS:
975 hdr = opt->dst1opt;
976 break;
977 default:
978 return -EINVAL; /* should not happen */
979 }
980
981 if (!hdr)
982 return 0;
983
984 len = min_t(unsigned int, len, ipv6_optlen(hdr));
985 if (copy_to_user(optval, hdr, len))
986 return -EFAULT;
987 return len;
988 }
989
990 static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
991 char __user *optval, int __user *optlen, unsigned int flags)
992 {
993 struct ipv6_pinfo *np = inet6_sk(sk);
994 int len;
995 int val;
996
997 if (ip6_mroute_opt(optname))
998 return ip6_mroute_getsockopt(sk, optname, optval, optlen);
999
1000 if (get_user(len, optlen))
1001 return -EFAULT;
1002 switch (optname) {
1003 case IPV6_ADDRFORM:
1004 if (sk->sk_protocol != IPPROTO_UDP &&
1005 sk->sk_protocol != IPPROTO_UDPLITE &&
1006 sk->sk_protocol != IPPROTO_TCP)
1007 return -ENOPROTOOPT;
1008 if (sk->sk_state != TCP_ESTABLISHED)
1009 return -ENOTCONN;
1010 val = sk->sk_family;
1011 break;
1012 case MCAST_MSFILTER:
1013 {
1014 struct group_filter gsf;
1015 int err;
1016
1017 if (len < GROUP_FILTER_SIZE(0))
1018 return -EINVAL;
1019 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0)))
1020 return -EFAULT;
1021 if (gsf.gf_group.ss_family != AF_INET6)
1022 return -EADDRNOTAVAIL;
1023 lock_sock(sk);
1024 err = ip6_mc_msfget(sk, &gsf,
1025 (struct group_filter __user *)optval, optlen);
1026 release_sock(sk);
1027 return err;
1028 }
1029
1030 case IPV6_2292PKTOPTIONS:
1031 {
1032 struct msghdr msg;
1033 struct sk_buff *skb;
1034
1035 if (sk->sk_type != SOCK_STREAM)
1036 return -ENOPROTOOPT;
1037
1038 msg.msg_control = optval;
1039 msg.msg_controllen = len;
1040 msg.msg_flags = flags;
1041
1042 lock_sock(sk);
1043 skb = np->pktoptions;
1044 if (skb)
1045 ip6_datagram_recv_ctl(sk, &msg, skb);
1046 release_sock(sk);
1047 if (!skb) {
1048 if (np->rxopt.bits.rxinfo) {
1049 struct in6_pktinfo src_info;
1050 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1051 np->sticky_pktinfo.ipi6_ifindex;
1052 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr;
1053 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info);
1054 }
1055 if (np->rxopt.bits.rxhlim) {
1056 int hlim = np->mcast_hops;
1057 put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
1058 }
1059 if (np->rxopt.bits.rxtclass) {
1060 int tclass = (int)ip6_tclass(np->rcv_flowinfo);
1061
1062 put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
1063 }
1064 if (np->rxopt.bits.rxoinfo) {
1065 struct in6_pktinfo src_info;
1066 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1067 np->sticky_pktinfo.ipi6_ifindex;
1068 src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr :
1069 np->sticky_pktinfo.ipi6_addr;
1070 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
1071 }
1072 if (np->rxopt.bits.rxohlim) {
1073 int hlim = np->mcast_hops;
1074 put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
1075 }
1076 if (np->rxopt.bits.rxflow) {
1077 __be32 flowinfo = np->rcv_flowinfo;
1078
1079 put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
1080 }
1081 }
1082 len -= msg.msg_controllen;
1083 return put_user(len, optlen);
1084 }
1085 case IPV6_MTU:
1086 {
1087 struct dst_entry *dst;
1088
1089 val = 0;
1090 rcu_read_lock();
1091 dst = __sk_dst_get(sk);
1092 if (dst)
1093 val = dst_mtu(dst);
1094 rcu_read_unlock();
1095 if (!val)
1096 return -ENOTCONN;
1097 break;
1098 }
1099
1100 case IPV6_V6ONLY:
1101 val = sk->sk_ipv6only;
1102 break;
1103
1104 case IPV6_RECVPKTINFO:
1105 val = np->rxopt.bits.rxinfo;
1106 break;
1107
1108 case IPV6_2292PKTINFO:
1109 val = np->rxopt.bits.rxoinfo;
1110 break;
1111
1112 case IPV6_RECVHOPLIMIT:
1113 val = np->rxopt.bits.rxhlim;
1114 break;
1115
1116 case IPV6_2292HOPLIMIT:
1117 val = np->rxopt.bits.rxohlim;
1118 break;
1119
1120 case IPV6_RECVRTHDR:
1121 val = np->rxopt.bits.srcrt;
1122 break;
1123
1124 case IPV6_2292RTHDR:
1125 val = np->rxopt.bits.osrcrt;
1126 break;
1127
1128 case IPV6_HOPOPTS:
1129 case IPV6_RTHDRDSTOPTS:
1130 case IPV6_RTHDR:
1131 case IPV6_DSTOPTS:
1132 {
1133 struct ipv6_txoptions *opt;
1134
1135 lock_sock(sk);
1136 opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk));
1137 len = ipv6_getsockopt_sticky(sk, opt, optname, optval, len);
1138 release_sock(sk);
1139 /* check if ipv6_getsockopt_sticky() returns err code */
1140 if (len < 0)
1141 return len;
1142 return put_user(len, optlen);
1143 }
1144
1145 case IPV6_RECVHOPOPTS:
1146 val = np->rxopt.bits.hopopts;
1147 break;
1148
1149 case IPV6_2292HOPOPTS:
1150 val = np->rxopt.bits.ohopopts;
1151 break;
1152
1153 case IPV6_RECVDSTOPTS:
1154 val = np->rxopt.bits.dstopts;
1155 break;
1156
1157 case IPV6_2292DSTOPTS:
1158 val = np->rxopt.bits.odstopts;
1159 break;
1160
1161 case IPV6_TCLASS:
1162 val = np->tclass;
1163 break;
1164
1165 case IPV6_RECVTCLASS:
1166 val = np->rxopt.bits.rxtclass;
1167 break;
1168
1169 case IPV6_FLOWINFO:
1170 val = np->rxopt.bits.rxflow;
1171 break;
1172
1173 case IPV6_RECVPATHMTU:
1174 val = np->rxopt.bits.rxpmtu;
1175 break;
1176
1177 case IPV6_PATHMTU:
1178 {
1179 struct dst_entry *dst;
1180 struct ip6_mtuinfo mtuinfo;
1181
1182 if (len < sizeof(mtuinfo))
1183 return -EINVAL;
1184
1185 len = sizeof(mtuinfo);
1186 memset(&mtuinfo, 0, sizeof(mtuinfo));
1187
1188 rcu_read_lock();
1189 dst = __sk_dst_get(sk);
1190 if (dst)
1191 mtuinfo.ip6m_mtu = dst_mtu(dst);
1192 rcu_read_unlock();
1193 if (!mtuinfo.ip6m_mtu)
1194 return -ENOTCONN;
1195
1196 if (put_user(len, optlen))
1197 return -EFAULT;
1198 if (copy_to_user(optval, &mtuinfo, len))
1199 return -EFAULT;
1200
1201 return 0;
1202 }
1203
1204 case IPV6_TRANSPARENT:
1205 val = inet_sk(sk)->transparent;
1206 break;
1207
1208 case IPV6_RECVORIGDSTADDR:
1209 val = np->rxopt.bits.rxorigdstaddr;
1210 break;
1211
1212 case IPV6_UNICAST_HOPS:
1213 case IPV6_MULTICAST_HOPS:
1214 {
1215 struct dst_entry *dst;
1216
1217 if (optname == IPV6_UNICAST_HOPS)
1218 val = np->hop_limit;
1219 else
1220 val = np->mcast_hops;
1221
1222 if (val < 0) {
1223 rcu_read_lock();
1224 dst = __sk_dst_get(sk);
1225 if (dst)
1226 val = ip6_dst_hoplimit(dst);
1227 rcu_read_unlock();
1228 }
1229
1230 if (val < 0)
1231 val = sock_net(sk)->ipv6.devconf_all->hop_limit;
1232 break;
1233 }
1234
1235 case IPV6_MULTICAST_LOOP:
1236 val = np->mc_loop;
1237 break;
1238
1239 case IPV6_MULTICAST_IF:
1240 val = np->mcast_oif;
1241 break;
1242
1243 case IPV6_UNICAST_IF:
1244 val = (__force int)htonl((__u32) np->ucast_oif);
1245 break;
1246
1247 case IPV6_MTU_DISCOVER:
1248 val = np->pmtudisc;
1249 break;
1250
1251 case IPV6_RECVERR:
1252 val = np->recverr;
1253 break;
1254
1255 case IPV6_FLOWINFO_SEND:
1256 val = np->sndflow;
1257 break;
1258
1259 case IPV6_FLOWLABEL_MGR:
1260 {
1261 struct in6_flowlabel_req freq;
1262 int flags;
1263
1264 if (len < sizeof(freq))
1265 return -EINVAL;
1266
1267 if (copy_from_user(&freq, optval, sizeof(freq)))
1268 return -EFAULT;
1269
1270 if (freq.flr_action != IPV6_FL_A_GET)
1271 return -EINVAL;
1272
1273 len = sizeof(freq);
1274 flags = freq.flr_flags;
1275
1276 memset(&freq, 0, sizeof(freq));
1277
1278 val = ipv6_flowlabel_opt_get(sk, &freq, flags);
1279 if (val < 0)
1280 return val;
1281
1282 if (put_user(len, optlen))
1283 return -EFAULT;
1284 if (copy_to_user(optval, &freq, len))
1285 return -EFAULT;
1286
1287 return 0;
1288 }
1289
1290 case IPV6_ADDR_PREFERENCES:
1291 val = 0;
1292
1293 if (np->srcprefs & IPV6_PREFER_SRC_TMP)
1294 val |= IPV6_PREFER_SRC_TMP;
1295 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC)
1296 val |= IPV6_PREFER_SRC_PUBLIC;
1297 else {
1298 /* XXX: should we return system default? */
1299 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT;
1300 }
1301
1302 if (np->srcprefs & IPV6_PREFER_SRC_COA)
1303 val |= IPV6_PREFER_SRC_COA;
1304 else
1305 val |= IPV6_PREFER_SRC_HOME;
1306 break;
1307
1308 case IPV6_MINHOPCOUNT:
1309 val = np->min_hopcount;
1310 break;
1311
1312 case IPV6_DONTFRAG:
1313 val = np->dontfrag;
1314 break;
1315
1316 case IPV6_AUTOFLOWLABEL:
1317 val = ip6_autoflowlabel(sock_net(sk), np);
1318 break;
1319
1320 default:
1321 return -ENOPROTOOPT;
1322 }
1323 len = min_t(unsigned int, sizeof(int), len);
1324 if (put_user(len, optlen))
1325 return -EFAULT;
1326 if (copy_to_user(optval, &val, len))
1327 return -EFAULT;
1328 return 0;
1329 }
1330
1331 int ipv6_getsockopt(struct sock *sk, int level, int optname,
1332 char __user *optval, int __user *optlen)
1333 {
1334 int err;
1335
1336 if (level == SOL_IP && sk->sk_type != SOCK_RAW)
1337 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1338
1339 if (level != SOL_IPV6)
1340 return -ENOPROTOOPT;
1341
1342 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0);
1343 #ifdef CONFIG_NETFILTER
1344 /* we need to exclude all possible ENOPROTOOPTs except default case */
1345 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
1346 int len;
1347
1348 if (get_user(len, optlen))
1349 return -EFAULT;
1350
1351 err = nf_getsockopt(sk, PF_INET6, optname, optval, &len);
1352 if (err >= 0)
1353 err = put_user(len, optlen);
1354 }
1355 #endif
1356 return err;
1357 }
1358 EXPORT_SYMBOL(ipv6_getsockopt);
1359
1360 #ifdef CONFIG_COMPAT
1361 int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1362 char __user *optval, int __user *optlen)
1363 {
1364 int err;
1365
1366 if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
1367 if (udp_prot.compat_getsockopt != NULL)
1368 return udp_prot.compat_getsockopt(sk, level, optname,
1369 optval, optlen);
1370 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1371 }
1372
1373 if (level != SOL_IPV6)
1374 return -ENOPROTOOPT;
1375
1376 if (optname == MCAST_MSFILTER)
1377 return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1378 ipv6_getsockopt);
1379
1380 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen,
1381 MSG_CMSG_COMPAT);
1382 #ifdef CONFIG_NETFILTER
1383 /* we need to exclude all possible ENOPROTOOPTs except default case */
1384 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
1385 int len;
1386
1387 if (get_user(len, optlen))
1388 return -EFAULT;
1389
1390 err = compat_nf_getsockopt(sk, PF_INET6, optname, optval, &len);
1391 if (err >= 0)
1392 err = put_user(len, optlen);
1393 }
1394 #endif
1395 return err;
1396 }
1397 EXPORT_SYMBOL(compat_ipv6_getsockopt);
1398 #endif
1399
1400
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.