1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <linux/module.h>
19#include <linux/types.h>
20#include <linux/mm.h>
21#include <linux/skbuff.h>
22#include <linux/ip.h>
23#include <linux/icmp.h>
24#include <linux/inetdevice.h>
25#include <linux/netdevice.h>
26#include <linux/slab.h>
27#include <net/sock.h>
28#include <net/ip.h>
29#include <net/icmp.h>
30#include <net/tcp_states.h>
31#include <linux/udp.h>
32#include <linux/igmp.h>
33#include <linux/netfilter.h>
34#include <linux/route.h>
35#include <linux/mroute.h>
36#include <net/inet_ecn.h>
37#include <net/route.h>
38#include <net/xfrm.h>
39#include <net/compat.h>
40#if IS_ENABLED(CONFIG_IPV6)
41#include <net/transp_v6.h>
42#endif
43#include <net/ip_fib.h>
44
45#include <linux/errqueue.h>
46#include <asm/uaccess.h>
47
48#define IP_CMSG_PKTINFO 1
49#define IP_CMSG_TTL 2
50#define IP_CMSG_TOS 4
51#define IP_CMSG_RECVOPTS 8
52#define IP_CMSG_RETOPTS 16
53#define IP_CMSG_PASSSEC 32
54#define IP_CMSG_ORIGDSTADDR 64
55
56
57
58
59#define PKTINFO_SKB_CB(__skb) ((struct in_pktinfo *)((__skb)->cb))
60
61static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
62{
63 struct in_pktinfo info = *PKTINFO_SKB_CB(skb);
64
65 info.ipi_addr.s_addr = ip_hdr(skb)->daddr;
66
67 put_cmsg(msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
68}
69
70static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb)
71{
72 int ttl = ip_hdr(skb)->ttl;
73 put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl);
74}
75
76static void ip_cmsg_recv_tos(struct msghdr *msg, struct sk_buff *skb)
77{
78 put_cmsg(msg, SOL_IP, IP_TOS, 1, &ip_hdr(skb)->tos);
79}
80
81static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb)
82{
83 if (IPCB(skb)->opt.optlen == 0)
84 return;
85
86 put_cmsg(msg, SOL_IP, IP_RECVOPTS, IPCB(skb)->opt.optlen,
87 ip_hdr(skb) + 1);
88}
89
90
91static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb)
92{
93 unsigned char optbuf[sizeof(struct ip_options) + 40];
94 struct ip_options *opt = (struct ip_options *)optbuf;
95
96 if (IPCB(skb)->opt.optlen == 0)
97 return;
98
99 if (ip_options_echo(opt, skb)) {
100 msg->msg_flags |= MSG_CTRUNC;
101 return;
102 }
103 ip_options_undo(opt);
104
105 put_cmsg(msg, SOL_IP, IP_RETOPTS, opt->optlen, opt->__data);
106}
107
108static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
109{
110 char *secdata;
111 u32 seclen, secid;
112 int err;
113
114 err = security_socket_getpeersec_dgram(NULL, skb, &secid);
115 if (err)
116 return;
117
118 err = security_secid_to_secctx(secid, &secdata, &seclen);
119 if (err)
120 return;
121
122 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
123 security_release_secctx(secdata, seclen);
124}
125
126static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
127{
128 struct sockaddr_in sin;
129 const struct iphdr *iph = ip_hdr(skb);
130 __be16 *ports = (__be16 *)skb_transport_header(skb);
131
132 if (skb_transport_offset(skb) + 4 > skb->len)
133 return;
134
135
136
137
138
139
140 sin.sin_family = AF_INET;
141 sin.sin_addr.s_addr = iph->daddr;
142 sin.sin_port = ports[1];
143 memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
144
145 put_cmsg(msg, SOL_IP, IP_ORIGDSTADDR, sizeof(sin), &sin);
146}
147
148void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb)
149{
150 struct inet_sock *inet = inet_sk(skb->sk);
151 unsigned int flags = inet->cmsg_flags;
152
153
154 if (flags & 1)
155 ip_cmsg_recv_pktinfo(msg, skb);
156 if ((flags >>= 1) == 0)
157 return;
158
159 if (flags & 1)
160 ip_cmsg_recv_ttl(msg, skb);
161 if ((flags >>= 1) == 0)
162 return;
163
164 if (flags & 1)
165 ip_cmsg_recv_tos(msg, skb);
166 if ((flags >>= 1) == 0)
167 return;
168
169 if (flags & 1)
170 ip_cmsg_recv_opts(msg, skb);
171 if ((flags >>= 1) == 0)
172 return;
173
174 if (flags & 1)
175 ip_cmsg_recv_retopts(msg, skb);
176 if ((flags >>= 1) == 0)
177 return;
178
179 if (flags & 1)
180 ip_cmsg_recv_security(msg, skb);
181
182 if ((flags >>= 1) == 0)
183 return;
184 if (flags & 1)
185 ip_cmsg_recv_dstaddr(msg, skb);
186
187}
188EXPORT_SYMBOL(ip_cmsg_recv);
189
190int ip_cmsg_send(struct net *net, struct msghdr *msg, struct ipcm_cookie *ipc)
191{
192 int err;
193 struct cmsghdr *cmsg;
194
195 for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
196 if (!CMSG_OK(msg, cmsg))
197 return -EINVAL;
198 if (cmsg->cmsg_level != SOL_IP)
199 continue;
200 switch (cmsg->cmsg_type) {
201 case IP_RETOPTS:
202 err = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr));
203 err = ip_options_get(net, &ipc->opt, CMSG_DATA(cmsg),
204 err < 40 ? err : 40);
205 if (err)
206 return err;
207 break;
208 case IP_PKTINFO:
209 {
210 struct in_pktinfo *info;
211 if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo)))
212 return -EINVAL;
213 info = (struct in_pktinfo *)CMSG_DATA(cmsg);
214 ipc->oif = info->ipi_ifindex;
215 ipc->addr = info->ipi_spec_dst.s_addr;
216 break;
217 }
218 default:
219 return -EINVAL;
220 }
221 }
222 return 0;
223}
224
225
226
227
228
229
230
231
232
233
234
235
236struct ip_ra_chain __rcu *ip_ra_chain;
237static DEFINE_SPINLOCK(ip_ra_lock);
238
239
240static void ip_ra_destroy_rcu(struct rcu_head *head)
241{
242 struct ip_ra_chain *ra = container_of(head, struct ip_ra_chain, rcu);
243
244 sock_put(ra->saved_sk);
245 kfree(ra);
246}
247
248int ip_ra_control(struct sock *sk, unsigned char on,
249 void (*destructor)(struct sock *))
250{
251 struct ip_ra_chain *ra, *new_ra;
252 struct ip_ra_chain __rcu **rap;
253
254 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num == IPPROTO_RAW)
255 return -EINVAL;
256
257 new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
258
259 spin_lock_bh(&ip_ra_lock);
260 for (rap = &ip_ra_chain;
261 (ra = rcu_dereference_protected(*rap,
262 lockdep_is_held(&ip_ra_lock))) != NULL;
263 rap = &ra->next) {
264 if (ra->sk == sk) {
265 if (on) {
266 spin_unlock_bh(&ip_ra_lock);
267 kfree(new_ra);
268 return -EADDRINUSE;
269 }
270
271 ra->sk = NULL;
272 rcu_assign_pointer(*rap, ra->next);
273 spin_unlock_bh(&ip_ra_lock);
274
275 if (ra->destructor)
276 ra->destructor(sk);
277
278
279
280
281
282 ra->saved_sk = sk;
283 call_rcu(&ra->rcu, ip_ra_destroy_rcu);
284 return 0;
285 }
286 }
287 if (new_ra == NULL) {
288 spin_unlock_bh(&ip_ra_lock);
289 return -ENOBUFS;
290 }
291 new_ra->sk = sk;
292 new_ra->destructor = destructor;
293
294 new_ra->next = ra;
295 rcu_assign_pointer(*rap, new_ra);
296 sock_hold(sk);
297 spin_unlock_bh(&ip_ra_lock);
298
299 return 0;
300}
301
302void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
303 __be16 port, u32 info, u8 *payload)
304{
305 struct sock_exterr_skb *serr;
306
307 skb = skb_clone(skb, GFP_ATOMIC);
308 if (!skb)
309 return;
310
311 serr = SKB_EXT_ERR(skb);
312 serr->ee.ee_errno = err;
313 serr->ee.ee_origin = SO_EE_ORIGIN_ICMP;
314 serr->ee.ee_type = icmp_hdr(skb)->type;
315 serr->ee.ee_code = icmp_hdr(skb)->code;
316 serr->ee.ee_pad = 0;
317 serr->ee.ee_info = info;
318 serr->ee.ee_data = 0;
319 serr->addr_offset = (u8 *)&(((struct iphdr *)(icmp_hdr(skb) + 1))->daddr) -
320 skb_network_header(skb);
321 serr->port = port;
322
323 if (skb_pull(skb, payload - skb->data) != NULL) {
324 skb_reset_transport_header(skb);
325 if (sock_queue_err_skb(sk, skb) == 0)
326 return;
327 }
328 kfree_skb(skb);
329}
330
331void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 info)
332{
333 struct inet_sock *inet = inet_sk(sk);
334 struct sock_exterr_skb *serr;
335 struct iphdr *iph;
336 struct sk_buff *skb;
337
338 if (!inet->recverr)
339 return;
340
341 skb = alloc_skb(sizeof(struct iphdr), GFP_ATOMIC);
342 if (!skb)
343 return;
344
345 skb_put(skb, sizeof(struct iphdr));
346 skb_reset_network_header(skb);
347 iph = ip_hdr(skb);
348 iph->daddr = daddr;
349
350 serr = SKB_EXT_ERR(skb);
351 serr->ee.ee_errno = err;
352 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
353 serr->ee.ee_type = 0;
354 serr->ee.ee_code = 0;
355 serr->ee.ee_pad = 0;
356 serr->ee.ee_info = info;
357 serr->ee.ee_data = 0;
358 serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb);
359 serr->port = port;
360
361 __skb_pull(skb, skb_tail_pointer(skb) - skb->data);
362 skb_reset_transport_header(skb);
363
364 if (sock_queue_err_skb(sk, skb))
365 kfree_skb(skb);
366}
367
368
369
370
371int ip_recv_error(struct sock *sk, struct msghdr *msg, int len)
372{
373 struct sock_exterr_skb *serr;
374 struct sk_buff *skb, *skb2;
375 struct sockaddr_in *sin;
376 struct {
377 struct sock_extended_err ee;
378 struct sockaddr_in offender;
379 } errhdr;
380 int err;
381 int copied;
382
383 err = -EAGAIN;
384 skb = skb_dequeue(&sk->sk_error_queue);
385 if (skb == NULL)
386 goto out;
387
388 copied = skb->len;
389 if (copied > len) {
390 msg->msg_flags |= MSG_TRUNC;
391 copied = len;
392 }
393 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
394 if (err)
395 goto out_free_skb;
396
397 sock_recv_timestamp(msg, sk, skb);
398
399 serr = SKB_EXT_ERR(skb);
400
401 sin = (struct sockaddr_in *)msg->msg_name;
402 if (sin) {
403 sin->sin_family = AF_INET;
404 sin->sin_addr.s_addr = *(__be32 *)(skb_network_header(skb) +
405 serr->addr_offset);
406 sin->sin_port = serr->port;
407 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
408 }
409
410 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
411 sin = &errhdr.offender;
412 sin->sin_family = AF_UNSPEC;
413 if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) {
414 struct inet_sock *inet = inet_sk(sk);
415
416 sin->sin_family = AF_INET;
417 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
418 sin->sin_port = 0;
419 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
420 if (inet->cmsg_flags)
421 ip_cmsg_recv(msg, skb);
422 }
423
424 put_cmsg(msg, SOL_IP, IP_RECVERR, sizeof(errhdr), &errhdr);
425
426
427
428 msg->msg_flags |= MSG_ERRQUEUE;
429 err = copied;
430
431
432 spin_lock_bh(&sk->sk_error_queue.lock);
433 sk->sk_err = 0;
434 skb2 = skb_peek(&sk->sk_error_queue);
435 if (skb2 != NULL) {
436 sk->sk_err = SKB_EXT_ERR(skb2)->ee.ee_errno;
437 spin_unlock_bh(&sk->sk_error_queue.lock);
438 sk->sk_error_report(sk);
439 } else
440 spin_unlock_bh(&sk->sk_error_queue.lock);
441
442out_free_skb:
443 kfree_skb(skb);
444out:
445 return err;
446}
447
448
449
450
451
452
453
454static int do_ip_setsockopt(struct sock *sk, int level,
455 int optname, char __user *optval, unsigned int optlen)
456{
457 struct inet_sock *inet = inet_sk(sk);
458 int val = 0, err;
459
460 switch (optname) {
461 case IP_PKTINFO:
462 case IP_RECVTTL:
463 case IP_RECVOPTS:
464 case IP_RECVTOS:
465 case IP_RETOPTS:
466 case IP_TOS:
467 case IP_TTL:
468 case IP_HDRINCL:
469 case IP_MTU_DISCOVER:
470 case IP_RECVERR:
471 case IP_ROUTER_ALERT:
472 case IP_FREEBIND:
473 case IP_PASSSEC:
474 case IP_TRANSPARENT:
475 case IP_MINTTL:
476 case IP_NODEFRAG:
477 case IP_UNICAST_IF:
478 case IP_MULTICAST_TTL:
479 case IP_MULTICAST_ALL:
480 case IP_MULTICAST_LOOP:
481 case IP_RECVORIGDSTADDR:
482 if (optlen >= sizeof(int)) {
483 if (get_user(val, (int __user *) optval))
484 return -EFAULT;
485 } else if (optlen >= sizeof(char)) {
486 unsigned char ucval;
487
488 if (get_user(ucval, (unsigned char __user *) optval))
489 return -EFAULT;
490 val = (int) ucval;
491 }
492 }
493
494
495
496 if (ip_mroute_opt(optname))
497 return ip_mroute_setsockopt(sk, optname, optval, optlen);
498
499 err = 0;
500 lock_sock(sk);
501
502 switch (optname) {
503 case IP_OPTIONS:
504 {
505 struct ip_options_rcu *old, *opt = NULL;
506
507 if (optlen > 40)
508 goto e_inval;
509 err = ip_options_get_from_user(sock_net(sk), &opt,
510 optval, optlen);
511 if (err)
512 break;
513 old = rcu_dereference_protected(inet->inet_opt,
514 sock_owned_by_user(sk));
515 if (inet->is_icsk) {
516 struct inet_connection_sock *icsk = inet_csk(sk);
517#if IS_ENABLED(CONFIG_IPV6)
518 if (sk->sk_family == PF_INET ||
519 (!((1 << sk->sk_state) &
520 (TCPF_LISTEN | TCPF_CLOSE)) &&
521 inet->inet_daddr != LOOPBACK4_IPV6)) {
522#endif
523 if (old)
524 icsk->icsk_ext_hdr_len -= old->opt.optlen;
525 if (opt)
526 icsk->icsk_ext_hdr_len += opt->opt.optlen;
527 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
528#if IS_ENABLED(CONFIG_IPV6)
529 }
530#endif
531 }
532 rcu_assign_pointer(inet->inet_opt, opt);
533 if (old)
534 kfree_rcu(old, rcu);
535 break;
536 }
537 case IP_PKTINFO:
538 if (val)
539 inet->cmsg_flags |= IP_CMSG_PKTINFO;
540 else
541 inet->cmsg_flags &= ~IP_CMSG_PKTINFO;
542 break;
543 case IP_RECVTTL:
544 if (val)
545 inet->cmsg_flags |= IP_CMSG_TTL;
546 else
547 inet->cmsg_flags &= ~IP_CMSG_TTL;
548 break;
549 case IP_RECVTOS:
550 if (val)
551 inet->cmsg_flags |= IP_CMSG_TOS;
552 else
553 inet->cmsg_flags &= ~IP_CMSG_TOS;
554 break;
555 case IP_RECVOPTS:
556 if (val)
557 inet->cmsg_flags |= IP_CMSG_RECVOPTS;
558 else
559 inet->cmsg_flags &= ~IP_CMSG_RECVOPTS;
560 break;
561 case IP_RETOPTS:
562 if (val)
563 inet->cmsg_flags |= IP_CMSG_RETOPTS;
564 else
565 inet->cmsg_flags &= ~IP_CMSG_RETOPTS;
566 break;
567 case IP_PASSSEC:
568 if (val)
569 inet->cmsg_flags |= IP_CMSG_PASSSEC;
570 else
571 inet->cmsg_flags &= ~IP_CMSG_PASSSEC;
572 break;
573 case IP_RECVORIGDSTADDR:
574 if (val)
575 inet->cmsg_flags |= IP_CMSG_ORIGDSTADDR;
576 else
577 inet->cmsg_flags &= ~IP_CMSG_ORIGDSTADDR;
578 break;
579 case IP_TOS:
580 if (sk->sk_type == SOCK_STREAM) {
581 val &= ~INET_ECN_MASK;
582 val |= inet->tos & INET_ECN_MASK;
583 }
584 if (inet->tos != val) {
585 inet->tos = val;
586 sk->sk_priority = rt_tos2priority(val);
587 sk_dst_reset(sk);
588 }
589 break;
590 case IP_TTL:
591 if (optlen < 1)
592 goto e_inval;
593 if (val != -1 && (val < 1 || val > 255))
594 goto e_inval;
595 inet->uc_ttl = val;
596 break;
597 case IP_HDRINCL:
598 if (sk->sk_type != SOCK_RAW) {
599 err = -ENOPROTOOPT;
600 break;
601 }
602 inet->hdrincl = val ? 1 : 0;
603 break;
604 case IP_NODEFRAG:
605 if (sk->sk_type != SOCK_RAW) {
606 err = -ENOPROTOOPT;
607 break;
608 }
609 inet->nodefrag = val ? 1 : 0;
610 break;
611 case IP_MTU_DISCOVER:
612 if (val < IP_PMTUDISC_DONT || val > IP_PMTUDISC_PROBE)
613 goto e_inval;
614 inet->pmtudisc = val;
615 break;
616 case IP_RECVERR:
617 inet->recverr = !!val;
618 if (!val)
619 skb_queue_purge(&sk->sk_error_queue);
620 break;
621 case IP_MULTICAST_TTL:
622 if (sk->sk_type == SOCK_STREAM)
623 goto e_inval;
624 if (optlen < 1)
625 goto e_inval;
626 if (val == -1)
627 val = 1;
628 if (val < 0 || val > 255)
629 goto e_inval;
630 inet->mc_ttl = val;
631 break;
632 case IP_MULTICAST_LOOP:
633 if (optlen < 1)
634 goto e_inval;
635 inet->mc_loop = !!val;
636 break;
637 case IP_UNICAST_IF:
638 {
639 struct net_device *dev = NULL;
640 int ifindex;
641
642 if (optlen != sizeof(int))
643 goto e_inval;
644
645 ifindex = (__force int)ntohl((__force __be32)val);
646 if (ifindex == 0) {
647 inet->uc_index = 0;
648 err = 0;
649 break;
650 }
651
652 dev = dev_get_by_index(sock_net(sk), ifindex);
653 err = -EADDRNOTAVAIL;
654 if (!dev)
655 break;
656 dev_put(dev);
657
658 err = -EINVAL;
659 if (sk->sk_bound_dev_if)
660 break;
661
662 inet->uc_index = ifindex;
663 err = 0;
664 break;
665 }
666 case IP_MULTICAST_IF:
667 {
668 struct ip_mreqn mreq;
669 struct net_device *dev = NULL;
670
671 if (sk->sk_type == SOCK_STREAM)
672 goto e_inval;
673
674
675
676
677 if (optlen < sizeof(struct in_addr))
678 goto e_inval;
679
680 err = -EFAULT;
681 if (optlen >= sizeof(struct ip_mreqn)) {
682 if (copy_from_user(&mreq, optval, sizeof(mreq)))
683 break;
684 } else {
685 memset(&mreq, 0, sizeof(mreq));
686 if (optlen >= sizeof(struct ip_mreq)) {
687 if (copy_from_user(&mreq, optval,
688 sizeof(struct ip_mreq)))
689 break;
690 } else if (optlen >= sizeof(struct in_addr)) {
691 if (copy_from_user(&mreq.imr_address, optval,
692 sizeof(struct in_addr)))
693 break;
694 }
695 }
696
697 if (!mreq.imr_ifindex) {
698 if (mreq.imr_address.s_addr == htonl(INADDR_ANY)) {
699 inet->mc_index = 0;
700 inet->mc_addr = 0;
701 err = 0;
702 break;
703 }
704 dev = ip_dev_find(sock_net(sk), mreq.imr_address.s_addr);
705 if (dev)
706 mreq.imr_ifindex = dev->ifindex;
707 } else
708 dev = dev_get_by_index(sock_net(sk), mreq.imr_ifindex);
709
710
711 err = -EADDRNOTAVAIL;
712 if (!dev)
713 break;
714 dev_put(dev);
715
716 err = -EINVAL;
717 if (sk->sk_bound_dev_if &&
718 mreq.imr_ifindex != sk->sk_bound_dev_if)
719 break;
720
721 inet->mc_index = mreq.imr_ifindex;
722 inet->mc_addr = mreq.imr_address.s_addr;
723 err = 0;
724 break;
725 }
726
727 case IP_ADD_MEMBERSHIP:
728 case IP_DROP_MEMBERSHIP:
729 {
730 struct ip_mreqn mreq;
731
732 err = -EPROTO;
733 if (inet_sk(sk)->is_icsk)
734 break;
735
736 if (optlen < sizeof(struct ip_mreq))
737 goto e_inval;
738 err = -EFAULT;
739 if (optlen >= sizeof(struct ip_mreqn)) {
740 if (copy_from_user(&mreq, optval, sizeof(mreq)))
741 break;
742 } else {
743 memset(&mreq, 0, sizeof(mreq));
744 if (copy_from_user(&mreq, optval, sizeof(struct ip_mreq)))
745 break;
746 }
747
748 if (optname == IP_ADD_MEMBERSHIP)
749 err = ip_mc_join_group(sk, &mreq);
750 else
751 err = ip_mc_leave_group(sk, &mreq);
752 break;
753 }
754 case IP_MSFILTER:
755 {
756 struct ip_msfilter *msf;
757
758 if (optlen < IP_MSFILTER_SIZE(0))
759 goto e_inval;
760 if (optlen > sysctl_optmem_max) {
761 err = -ENOBUFS;
762 break;
763 }
764 msf = kmalloc(optlen, GFP_KERNEL);
765 if (!msf) {
766 err = -ENOBUFS;
767 break;
768 }
769 err = -EFAULT;
770 if (copy_from_user(msf, optval, optlen)) {
771 kfree(msf);
772 break;
773 }
774
775 if (msf->imsf_numsrc >= 0x3ffffffcU ||
776 msf->imsf_numsrc > sysctl_igmp_max_msf) {
777 kfree(msf);
778 err = -ENOBUFS;
779 break;
780 }
781 if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
782 kfree(msf);
783 err = -EINVAL;
784 break;
785 }
786 err = ip_mc_msfilter(sk, msf, 0);
787 kfree(msf);
788 break;
789 }
790 case IP_BLOCK_SOURCE:
791 case IP_UNBLOCK_SOURCE:
792 case IP_ADD_SOURCE_MEMBERSHIP:
793 case IP_DROP_SOURCE_MEMBERSHIP:
794 {
795 struct ip_mreq_source mreqs;
796 int omode, add;
797
798 if (optlen != sizeof(struct ip_mreq_source))
799 goto e_inval;
800 if (copy_from_user(&mreqs, optval, sizeof(mreqs))) {
801 err = -EFAULT;
802 break;
803 }
804 if (optname == IP_BLOCK_SOURCE) {
805 omode = MCAST_EXCLUDE;
806 add = 1;
807 } else if (optname == IP_UNBLOCK_SOURCE) {
808 omode = MCAST_EXCLUDE;
809 add = 0;
810 } else if (optname == IP_ADD_SOURCE_MEMBERSHIP) {
811 struct ip_mreqn mreq;
812
813 mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr;
814 mreq.imr_address.s_addr = mreqs.imr_interface;
815 mreq.imr_ifindex = 0;
816 err = ip_mc_join_group(sk, &mreq);
817 if (err && err != -EADDRINUSE)
818 break;
819 omode = MCAST_INCLUDE;
820 add = 1;
821 } else {
822 omode = MCAST_INCLUDE;
823 add = 0;
824 }
825 err = ip_mc_source(add, omode, sk, &mreqs, 0);
826 break;
827 }
828 case MCAST_JOIN_GROUP:
829 case MCAST_LEAVE_GROUP:
830 {
831 struct group_req greq;
832 struct sockaddr_in *psin;
833 struct ip_mreqn mreq;
834
835 if (optlen < sizeof(struct group_req))
836 goto e_inval;
837 err = -EFAULT;
838 if (copy_from_user(&greq, optval, sizeof(greq)))
839 break;
840 psin = (struct sockaddr_in *)&greq.gr_group;
841 if (psin->sin_family != AF_INET)
842 goto e_inval;
843 memset(&mreq, 0, sizeof(mreq));
844 mreq.imr_multiaddr = psin->sin_addr;
845 mreq.imr_ifindex = greq.gr_interface;
846
847 if (optname == MCAST_JOIN_GROUP)
848 err = ip_mc_join_group(sk, &mreq);
849 else
850 err = ip_mc_leave_group(sk, &mreq);
851 break;
852 }
853 case MCAST_JOIN_SOURCE_GROUP:
854 case MCAST_LEAVE_SOURCE_GROUP:
855 case MCAST_BLOCK_SOURCE:
856 case MCAST_UNBLOCK_SOURCE:
857 {
858 struct group_source_req greqs;
859 struct ip_mreq_source mreqs;
860 struct sockaddr_in *psin;
861 int omode, add;
862
863 if (optlen != sizeof(struct group_source_req))
864 goto e_inval;
865 if (copy_from_user(&greqs, optval, sizeof(greqs))) {
866 err = -EFAULT;
867 break;
868 }
869 if (greqs.gsr_group.ss_family != AF_INET ||
870 greqs.gsr_source.ss_family != AF_INET) {
871 err = -EADDRNOTAVAIL;
872 break;
873 }
874 psin = (struct sockaddr_in *)&greqs.gsr_group;
875 mreqs.imr_multiaddr = psin->sin_addr.s_addr;
876 psin = (struct sockaddr_in *)&greqs.gsr_source;
877 mreqs.imr_sourceaddr = psin->sin_addr.s_addr;
878 mreqs.imr_interface = 0;
879
880 if (optname == MCAST_BLOCK_SOURCE) {
881 omode = MCAST_EXCLUDE;
882 add = 1;
883 } else if (optname == MCAST_UNBLOCK_SOURCE) {
884 omode = MCAST_EXCLUDE;
885 add = 0;
886 } else if (optname == MCAST_JOIN_SOURCE_GROUP) {
887 struct ip_mreqn mreq;
888
889 psin = (struct sockaddr_in *)&greqs.gsr_group;
890 mreq.imr_multiaddr = psin->sin_addr;
891 mreq.imr_address.s_addr = 0;
892 mreq.imr_ifindex = greqs.gsr_interface;
893 err = ip_mc_join_group(sk, &mreq);
894 if (err && err != -EADDRINUSE)
895 break;
896 greqs.gsr_interface = mreq.imr_ifindex;
897 omode = MCAST_INCLUDE;
898 add = 1;
899 } else {
900 omode = MCAST_INCLUDE;
901 add = 0;
902 }
903 err = ip_mc_source(add, omode, sk, &mreqs,
904 greqs.gsr_interface);
905 break;
906 }
907 case MCAST_MSFILTER:
908 {
909 struct sockaddr_in *psin;
910 struct ip_msfilter *msf = NULL;
911 struct group_filter *gsf = NULL;
912 int msize, i, ifindex;
913
914 if (optlen < GROUP_FILTER_SIZE(0))
915 goto e_inval;
916 if (optlen > sysctl_optmem_max) {
917 err = -ENOBUFS;
918 break;
919 }
920 gsf = kmalloc(optlen, GFP_KERNEL);
921 if (!gsf) {
922 err = -ENOBUFS;
923 break;
924 }
925 err = -EFAULT;
926 if (copy_from_user(gsf, optval, optlen))
927 goto mc_msf_out;
928
929
930 if (gsf->gf_numsrc >= 0x1ffffff ||
931 gsf->gf_numsrc > sysctl_igmp_max_msf) {
932 err = -ENOBUFS;
933 goto mc_msf_out;
934 }
935 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
936 err = -EINVAL;
937 goto mc_msf_out;
938 }
939 msize = IP_MSFILTER_SIZE(gsf->gf_numsrc);
940 msf = kmalloc(msize, GFP_KERNEL);
941 if (!msf) {
942 err = -ENOBUFS;
943 goto mc_msf_out;
944 }
945 ifindex = gsf->gf_interface;
946 psin = (struct sockaddr_in *)&gsf->gf_group;
947 if (psin->sin_family != AF_INET) {
948 err = -EADDRNOTAVAIL;
949 goto mc_msf_out;
950 }
951 msf->imsf_multiaddr = psin->sin_addr.s_addr;
952 msf->imsf_interface = 0;
953 msf->imsf_fmode = gsf->gf_fmode;
954 msf->imsf_numsrc = gsf->gf_numsrc;
955 err = -EADDRNOTAVAIL;
956 for (i = 0; i < gsf->gf_numsrc; ++i) {
957 psin = (struct sockaddr_in *)&gsf->gf_slist[i];
958
959 if (psin->sin_family != AF_INET)
960 goto mc_msf_out;
961 msf->imsf_slist[i] = psin->sin_addr.s_addr;
962 }
963 kfree(gsf);
964 gsf = NULL;
965
966 err = ip_mc_msfilter(sk, msf, ifindex);
967mc_msf_out:
968 kfree(msf);
969 kfree(gsf);
970 break;
971 }
972 case IP_MULTICAST_ALL:
973 if (optlen < 1)
974 goto e_inval;
975 if (val != 0 && val != 1)
976 goto e_inval;
977 inet->mc_all = val;
978 break;
979 case IP_ROUTER_ALERT:
980 err = ip_ra_control(sk, val ? 1 : 0, NULL);
981 break;
982
983 case IP_FREEBIND:
984 if (optlen < 1)
985 goto e_inval;
986 inet->freebind = !!val;
987 break;
988
989 case IP_IPSEC_POLICY:
990 case IP_XFRM_POLICY:
991 err = -EPERM;
992 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
993 break;
994 err = xfrm_user_policy(sk, optname, optval, optlen);
995 break;
996
997 case IP_TRANSPARENT:
998 if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
999 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1000 err = -EPERM;
1001 break;
1002 }
1003 if (optlen < 1)
1004 goto e_inval;
1005 inet->transparent = !!val;
1006 break;
1007
1008 case IP_MINTTL:
1009 if (optlen < 1)
1010 goto e_inval;
1011 if (val < 0 || val > 255)
1012 goto e_inval;
1013 inet->min_ttl = val;
1014 break;
1015
1016 default:
1017 err = -ENOPROTOOPT;
1018 break;
1019 }
1020 release_sock(sk);
1021 return err;
1022
1023e_inval:
1024 release_sock(sk);
1025 return -EINVAL;
1026}
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037void ipv4_pktinfo_prepare(struct sk_buff *skb)
1038{
1039 struct in_pktinfo *pktinfo = PKTINFO_SKB_CB(skb);
1040
1041 if (skb_rtable(skb)) {
1042 pktinfo->ipi_ifindex = inet_iif(skb);
1043 pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb);
1044 } else {
1045 pktinfo->ipi_ifindex = 0;
1046 pktinfo->ipi_spec_dst.s_addr = 0;
1047 }
1048 skb_dst_drop(skb);
1049}
1050
1051int ip_setsockopt(struct sock *sk, int level,
1052 int optname, char __user *optval, unsigned int optlen)
1053{
1054 int err;
1055
1056 if (level != SOL_IP)
1057 return -ENOPROTOOPT;
1058
1059 err = do_ip_setsockopt(sk, level, optname, optval, optlen);
1060#ifdef CONFIG_NETFILTER
1061
1062 if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
1063 optname != IP_IPSEC_POLICY &&
1064 optname != IP_XFRM_POLICY &&
1065 !ip_mroute_opt(optname)) {
1066 lock_sock(sk);
1067 err = nf_setsockopt(sk, PF_INET, optname, optval, optlen);
1068 release_sock(sk);
1069 }
1070#endif
1071 return err;
1072}
1073EXPORT_SYMBOL(ip_setsockopt);
1074
1075#ifdef CONFIG_COMPAT
1076int compat_ip_setsockopt(struct sock *sk, int level, int optname,
1077 char __user *optval, unsigned int optlen)
1078{
1079 int err;
1080
1081 if (level != SOL_IP)
1082 return -ENOPROTOOPT;
1083
1084 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
1085 return compat_mc_setsockopt(sk, level, optname, optval, optlen,
1086 ip_setsockopt);
1087
1088 err = do_ip_setsockopt(sk, level, optname, optval, optlen);
1089#ifdef CONFIG_NETFILTER
1090
1091 if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
1092 optname != IP_IPSEC_POLICY &&
1093 optname != IP_XFRM_POLICY &&
1094 !ip_mroute_opt(optname)) {
1095 lock_sock(sk);
1096 err = compat_nf_setsockopt(sk, PF_INET, optname,
1097 optval, optlen);
1098 release_sock(sk);
1099 }
1100#endif
1101 return err;
1102}
1103EXPORT_SYMBOL(compat_ip_setsockopt);
1104#endif
1105
1106
1107
1108
1109
1110
1111static int do_ip_getsockopt(struct sock *sk, int level, int optname,
1112 char __user *optval, int __user *optlen, unsigned int flags)
1113{
1114 struct inet_sock *inet = inet_sk(sk);
1115 int val;
1116 int len;
1117
1118 if (level != SOL_IP)
1119 return -EOPNOTSUPP;
1120
1121 if (ip_mroute_opt(optname))
1122 return ip_mroute_getsockopt(sk, optname, optval, optlen);
1123
1124 if (get_user(len, optlen))
1125 return -EFAULT;
1126 if (len < 0)
1127 return -EINVAL;
1128
1129 lock_sock(sk);
1130
1131 switch (optname) {
1132 case IP_OPTIONS:
1133 {
1134 unsigned char optbuf[sizeof(struct ip_options)+40];
1135 struct ip_options *opt = (struct ip_options *)optbuf;
1136 struct ip_options_rcu *inet_opt;
1137
1138 inet_opt = rcu_dereference_protected(inet->inet_opt,
1139 sock_owned_by_user(sk));
1140 opt->optlen = 0;
1141 if (inet_opt)
1142 memcpy(optbuf, &inet_opt->opt,
1143 sizeof(struct ip_options) +
1144 inet_opt->opt.optlen);
1145 release_sock(sk);
1146
1147 if (opt->optlen == 0)
1148 return put_user(0, optlen);
1149
1150 ip_options_undo(opt);
1151
1152 len = min_t(unsigned int, len, opt->optlen);
1153 if (put_user(len, optlen))
1154 return -EFAULT;
1155 if (copy_to_user(optval, opt->__data, len))
1156 return -EFAULT;
1157 return 0;
1158 }
1159 case IP_PKTINFO:
1160 val = (inet->cmsg_flags & IP_CMSG_PKTINFO) != 0;
1161 break;
1162 case IP_RECVTTL:
1163 val = (inet->cmsg_flags & IP_CMSG_TTL) != 0;
1164 break;
1165 case IP_RECVTOS:
1166 val = (inet->cmsg_flags & IP_CMSG_TOS) != 0;
1167 break;
1168 case IP_RECVOPTS:
1169 val = (inet->cmsg_flags & IP_CMSG_RECVOPTS) != 0;
1170 break;
1171 case IP_RETOPTS:
1172 val = (inet->cmsg_flags & IP_CMSG_RETOPTS) != 0;
1173 break;
1174 case IP_PASSSEC:
1175 val = (inet->cmsg_flags & IP_CMSG_PASSSEC) != 0;
1176 break;
1177 case IP_RECVORIGDSTADDR:
1178 val = (inet->cmsg_flags & IP_CMSG_ORIGDSTADDR) != 0;
1179 break;
1180 case IP_TOS:
1181 val = inet->tos;
1182 break;
1183 case IP_TTL:
1184 val = (inet->uc_ttl == -1 ?
1185 sysctl_ip_default_ttl :
1186 inet->uc_ttl);
1187 break;
1188 case IP_HDRINCL:
1189 val = inet->hdrincl;
1190 break;
1191 case IP_NODEFRAG:
1192 val = inet->nodefrag;
1193 break;
1194 case IP_MTU_DISCOVER:
1195 val = inet->pmtudisc;
1196 break;
1197 case IP_MTU:
1198 {
1199 struct dst_entry *dst;
1200 val = 0;
1201 dst = sk_dst_get(sk);
1202 if (dst) {
1203 val = dst_mtu(dst);
1204 dst_release(dst);
1205 }
1206 if (!val) {
1207 release_sock(sk);
1208 return -ENOTCONN;
1209 }
1210 break;
1211 }
1212 case IP_RECVERR:
1213 val = inet->recverr;
1214 break;
1215 case IP_MULTICAST_TTL:
1216 val = inet->mc_ttl;
1217 break;
1218 case IP_MULTICAST_LOOP:
1219 val = inet->mc_loop;
1220 break;
1221 case IP_UNICAST_IF:
1222 val = (__force int)htonl((__u32) inet->uc_index);
1223 break;
1224 case IP_MULTICAST_IF:
1225 {
1226 struct in_addr addr;
1227 len = min_t(unsigned int, len, sizeof(struct in_addr));
1228 addr.s_addr = inet->mc_addr;
1229 release_sock(sk);
1230
1231 if (put_user(len, optlen))
1232 return -EFAULT;
1233 if (copy_to_user(optval, &addr, len))
1234 return -EFAULT;
1235 return 0;
1236 }
1237 case IP_MSFILTER:
1238 {
1239 struct ip_msfilter msf;
1240 int err;
1241
1242 if (len < IP_MSFILTER_SIZE(0)) {
1243 release_sock(sk);
1244 return -EINVAL;
1245 }
1246 if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) {
1247 release_sock(sk);
1248 return -EFAULT;
1249 }
1250 err = ip_mc_msfget(sk, &msf,
1251 (struct ip_msfilter __user *)optval, optlen);
1252 release_sock(sk);
1253 return err;
1254 }
1255 case MCAST_MSFILTER:
1256 {
1257 struct group_filter gsf;
1258 int err;
1259
1260 if (len < GROUP_FILTER_SIZE(0)) {
1261 release_sock(sk);
1262 return -EINVAL;
1263 }
1264 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) {
1265 release_sock(sk);
1266 return -EFAULT;
1267 }
1268 err = ip_mc_gsfget(sk, &gsf,
1269 (struct group_filter __user *)optval,
1270 optlen);
1271 release_sock(sk);
1272 return err;
1273 }
1274 case IP_MULTICAST_ALL:
1275 val = inet->mc_all;
1276 break;
1277 case IP_PKTOPTIONS:
1278 {
1279 struct msghdr msg;
1280
1281 release_sock(sk);
1282
1283 if (sk->sk_type != SOCK_STREAM)
1284 return -ENOPROTOOPT;
1285
1286 msg.msg_control = optval;
1287 msg.msg_controllen = len;
1288 msg.msg_flags = flags;
1289
1290 if (inet->cmsg_flags & IP_CMSG_PKTINFO) {
1291 struct in_pktinfo info;
1292
1293 info.ipi_addr.s_addr = inet->inet_rcv_saddr;
1294 info.ipi_spec_dst.s_addr = inet->inet_rcv_saddr;
1295 info.ipi_ifindex = inet->mc_index;
1296 put_cmsg(&msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
1297 }
1298 if (inet->cmsg_flags & IP_CMSG_TTL) {
1299 int hlim = inet->mc_ttl;
1300 put_cmsg(&msg, SOL_IP, IP_TTL, sizeof(hlim), &hlim);
1301 }
1302 if (inet->cmsg_flags & IP_CMSG_TOS) {
1303 int tos = inet->rcv_tos;
1304 put_cmsg(&msg, SOL_IP, IP_TOS, sizeof(tos), &tos);
1305 }
1306 len -= msg.msg_controllen;
1307 return put_user(len, optlen);
1308 }
1309 case IP_FREEBIND:
1310 val = inet->freebind;
1311 break;
1312 case IP_TRANSPARENT:
1313 val = inet->transparent;
1314 break;
1315 case IP_MINTTL:
1316 val = inet->min_ttl;
1317 break;
1318 default:
1319 release_sock(sk);
1320 return -ENOPROTOOPT;
1321 }
1322 release_sock(sk);
1323
1324 if (len < sizeof(int) && len > 0 && val >= 0 && val <= 255) {
1325 unsigned char ucval = (unsigned char)val;
1326 len = 1;
1327 if (put_user(len, optlen))
1328 return -EFAULT;
1329 if (copy_to_user(optval, &ucval, 1))
1330 return -EFAULT;
1331 } else {
1332 len = min_t(unsigned int, sizeof(int), len);
1333 if (put_user(len, optlen))
1334 return -EFAULT;
1335 if (copy_to_user(optval, &val, len))
1336 return -EFAULT;
1337 }
1338 return 0;
1339}
1340
1341int ip_getsockopt(struct sock *sk, int level,
1342 int optname, char __user *optval, int __user *optlen)
1343{
1344 int err;
1345
1346 err = do_ip_getsockopt(sk, level, optname, optval, optlen, 0);
1347#ifdef CONFIG_NETFILTER
1348
1349 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
1350 !ip_mroute_opt(optname)) {
1351 int len;
1352
1353 if (get_user(len, optlen))
1354 return -EFAULT;
1355
1356 lock_sock(sk);
1357 err = nf_getsockopt(sk, PF_INET, optname, optval,
1358 &len);
1359 release_sock(sk);
1360 if (err >= 0)
1361 err = put_user(len, optlen);
1362 return err;
1363 }
1364#endif
1365 return err;
1366}
1367EXPORT_SYMBOL(ip_getsockopt);
1368
1369#ifdef CONFIG_COMPAT
1370int compat_ip_getsockopt(struct sock *sk, int level, int optname,
1371 char __user *optval, int __user *optlen)
1372{
1373 int err;
1374
1375 if (optname == MCAST_MSFILTER)
1376 return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1377 ip_getsockopt);
1378
1379 err = do_ip_getsockopt(sk, level, optname, optval, optlen,
1380 MSG_CMSG_COMPAT);
1381
1382#ifdef CONFIG_NETFILTER
1383
1384 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
1385 !ip_mroute_opt(optname)) {
1386 int len;
1387
1388 if (get_user(len, optlen))
1389 return -EFAULT;
1390
1391 lock_sock(sk);
1392 err = compat_nf_getsockopt(sk, PF_INET, optname, optval, &len);
1393 release_sock(sk);
1394 if (err >= 0)
1395 err = put_user(len, optlen);
1396 return err;
1397 }
1398#endif
1399 return err;
1400}
1401EXPORT_SYMBOL(compat_ip_getsockopt);
1402#endif
1403
