1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * common UDP/RAW code
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 */
9
10 #include <linux/capability.h>
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 #include <linux/kernel.h>
14 #include <linux/interrupt.h>
15 #include <linux/socket.h>
16 #include <linux/sockios.h>
17 #include <linux/in6.h>
18 #include <linux/ipv6.h>
19 #include <linux/route.h>
20 #include <linux/slab.h>
21 #include <linux/export.h>
22 #include <linux/icmp.h>
23
24 #include <net/ipv6.h>
25 #include <net/ndisc.h>
26 #include <net/addrconf.h>
27 #include <net/transp_v6.h>
28 #include <net/ip6_route.h>
29 #include <net/tcp_states.h>
30 #include <net/dsfield.h>
31 #include <net/sock_reuseport.h>
32
33 #include <linux/errqueue.h>
34 #include <linux/uaccess.h>
35
ipv6_mapped_addr_any(const struct in6_addr * a)36 static bool ipv6_mapped_addr_any(const struct in6_addr *a)
37 {
38 return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0);
39 }
40
ip6_datagram_flow_key_init(struct flowi6 * fl6,struct sock * sk)41 static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk)
42 {
43 struct inet_sock *inet = inet_sk(sk);
44 struct ipv6_pinfo *np = inet6_sk(sk);
45
46 memset(fl6, 0, sizeof(*fl6));
47 fl6->flowi6_proto = sk->sk_protocol;
48 fl6->daddr = sk->sk_v6_daddr;
49 fl6->saddr = np->saddr;
50 fl6->flowi6_oif = sk->sk_bound_dev_if;
51 fl6->flowi6_mark = sk->sk_mark;
52 fl6->fl6_dport = inet->inet_dport;
53 fl6->fl6_sport = inet->inet_sport;
54 fl6->flowlabel = np->flow_label;
55 fl6->flowi6_uid = sk->sk_uid;
56
57 if (!fl6->flowi6_oif)
58 fl6->flowi6_oif = np->sticky_pktinfo.ipi6_ifindex;
59
60 if (!fl6->flowi6_oif && ipv6_addr_is_multicast(&fl6->daddr))
61 fl6->flowi6_oif = np->mcast_oif;
62
63 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
64 }
65
ip6_datagram_dst_update(struct sock * sk,bool fix_sk_saddr)66 int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr)
67 {
68 struct ip6_flowlabel *flowlabel = NULL;
69 struct in6_addr *final_p, final;
70 struct ipv6_txoptions *opt;
71 struct dst_entry *dst;
72 struct inet_sock *inet = inet_sk(sk);
73 struct ipv6_pinfo *np = inet6_sk(sk);
74 struct flowi6 fl6;
75 int err = 0;
76
77 if (np->sndflow && (np->flow_label & IPV6_FLOWLABEL_MASK)) {
78 flowlabel = fl6_sock_lookup(sk, np->flow_label);
79 if (IS_ERR(flowlabel))
80 return -EINVAL;
81 }
82 ip6_datagram_flow_key_init(&fl6, sk);
83
84 rcu_read_lock();
85 opt = flowlabel ? flowlabel->opt : rcu_dereference(np->opt);
86 final_p = fl6_update_dst(&fl6, opt, &final);
87 rcu_read_unlock();
88
89 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
90 if (IS_ERR(dst)) {
91 err = PTR_ERR(dst);
92 goto out;
93 }
94
95 if (fix_sk_saddr) {
96 if (ipv6_addr_any(&np->saddr))
97 np->saddr = fl6.saddr;
98
99 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
100 sk->sk_v6_rcv_saddr = fl6.saddr;
101 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
102 if (sk->sk_prot->rehash)
103 sk->sk_prot->rehash(sk);
104 }
105 }
106
107 ip6_sk_dst_store_flow(sk, dst, &fl6);
108
109 out:
110 fl6_sock_release(flowlabel);
111 return err;
112 }
113
ip6_datagram_release_cb(struct sock * sk)114 void ip6_datagram_release_cb(struct sock *sk)
115 {
116 struct dst_entry *dst;
117
118 if (ipv6_addr_v4mapped(&sk->sk_v6_daddr))
119 return;
120
121 rcu_read_lock();
122 dst = __sk_dst_get(sk);
123 if (!dst || !dst->obsolete ||
124 dst->ops->check(dst, inet6_sk(sk)->dst_cookie)) {
125 rcu_read_unlock();
126 return;
127 }
128 rcu_read_unlock();
129
130 ip6_datagram_dst_update(sk, false);
131 }
132 EXPORT_SYMBOL_GPL(ip6_datagram_release_cb);
133
__ip6_datagram_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)134 int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr,
135 int addr_len)
136 {
137 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
138 struct inet_sock *inet = inet_sk(sk);
139 struct ipv6_pinfo *np = inet6_sk(sk);
140 struct in6_addr *daddr, old_daddr;
141 __be32 fl6_flowlabel = 0;
142 __be32 old_fl6_flowlabel;
143 __be16 old_dport;
144 int addr_type;
145 int err;
146
147 if (usin->sin6_family == AF_INET) {
148 if (__ipv6_only_sock(sk))
149 return -EAFNOSUPPORT;
150 err = __ip4_datagram_connect(sk, uaddr, addr_len);
151 goto ipv4_connected;
152 }
153
154 if (addr_len < SIN6_LEN_RFC2133)
155 return -EINVAL;
156
157 if (usin->sin6_family != AF_INET6)
158 return -EAFNOSUPPORT;
159
160 if (np->sndflow)
161 fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
162
163 if (ipv6_addr_any(&usin->sin6_addr)) {
164 /*
165 * connect to self
166 */
167 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
168 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
169 &usin->sin6_addr);
170 else
171 usin->sin6_addr = in6addr_loopback;
172 }
173
174 addr_type = ipv6_addr_type(&usin->sin6_addr);
175
176 daddr = &usin->sin6_addr;
177
178 if (addr_type & IPV6_ADDR_MAPPED) {
179 struct sockaddr_in sin;
180
181 if (__ipv6_only_sock(sk)) {
182 err = -ENETUNREACH;
183 goto out;
184 }
185 sin.sin_family = AF_INET;
186 sin.sin_addr.s_addr = daddr->s6_addr32[3];
187 sin.sin_port = usin->sin6_port;
188
189 err = __ip4_datagram_connect(sk,
190 (struct sockaddr *) &sin,
191 sizeof(sin));
192
193 ipv4_connected:
194 if (err)
195 goto out;
196
197 ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr);
198
199 if (ipv6_addr_any(&np->saddr) ||
200 ipv6_mapped_addr_any(&np->saddr))
201 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
202
203 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) ||
204 ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) {
205 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
206 &sk->sk_v6_rcv_saddr);
207 if (sk->sk_prot->rehash)
208 sk->sk_prot->rehash(sk);
209 }
210
211 goto out;
212 }
213
214 if (__ipv6_addr_needs_scope_id(addr_type)) {
215 if (addr_len >= sizeof(struct sockaddr_in6) &&
216 usin->sin6_scope_id) {
217 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) {
218 err = -EINVAL;
219 goto out;
220 }
221 sk->sk_bound_dev_if = usin->sin6_scope_id;
222 }
223
224 if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST))
225 sk->sk_bound_dev_if = np->mcast_oif;
226
227 /* Connect to link-local address requires an interface */
228 if (!sk->sk_bound_dev_if) {
229 err = -EINVAL;
230 goto out;
231 }
232 }
233
234 /* save the current peer information before updating it */
235 old_daddr = sk->sk_v6_daddr;
236 old_fl6_flowlabel = np->flow_label;
237 old_dport = inet->inet_dport;
238
239 sk->sk_v6_daddr = *daddr;
240 np->flow_label = fl6_flowlabel;
241 inet->inet_dport = usin->sin6_port;
242
243 /*
244 * Check for a route to destination an obtain the
245 * destination cache for it.
246 */
247
248 err = ip6_datagram_dst_update(sk, true);
249 if (err) {
250 /* Restore the socket peer info, to keep it consistent with
251 * the old socket state
252 */
253 sk->sk_v6_daddr = old_daddr;
254 np->flow_label = old_fl6_flowlabel;
255 inet->inet_dport = old_dport;
256 goto out;
257 }
258
259 reuseport_has_conns(sk, true);
260 sk->sk_state = TCP_ESTABLISHED;
261 sk_set_txhash(sk);
262 out:
263 return err;
264 }
265 EXPORT_SYMBOL_GPL(__ip6_datagram_connect);
266
ip6_datagram_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)267 int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
268 {
269 int res;
270
271 lock_sock(sk);
272 res = __ip6_datagram_connect(sk, uaddr, addr_len);
273 release_sock(sk);
274 return res;
275 }
276 EXPORT_SYMBOL_GPL(ip6_datagram_connect);
277
ip6_datagram_connect_v6_only(struct sock * sk,struct sockaddr * uaddr,int addr_len)278 int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr,
279 int addr_len)
280 {
281 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, uaddr);
282 if (sin6->sin6_family != AF_INET6)
283 return -EAFNOSUPPORT;
284 return ip6_datagram_connect(sk, uaddr, addr_len);
285 }
286 EXPORT_SYMBOL_GPL(ip6_datagram_connect_v6_only);
287
ipv6_icmp_error_rfc4884(const struct sk_buff * skb,struct sock_ee_data_rfc4884 * out)288 static void ipv6_icmp_error_rfc4884(const struct sk_buff *skb,
289 struct sock_ee_data_rfc4884 *out)
290 {
291 switch (icmp6_hdr(skb)->icmp6_type) {
292 case ICMPV6_TIME_EXCEED:
293 case ICMPV6_DEST_UNREACH:
294 ip_icmp_error_rfc4884(skb, out, sizeof(struct icmp6hdr),
295 icmp6_hdr(skb)->icmp6_datagram_len * 8);
296 }
297 }
298
ipv6_icmp_error(struct sock * sk,struct sk_buff * skb,int err,__be16 port,u32 info,u8 * payload)299 void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
300 __be16 port, u32 info, u8 *payload)
301 {
302 struct ipv6_pinfo *np = inet6_sk(sk);
303 struct icmp6hdr *icmph = icmp6_hdr(skb);
304 struct sock_exterr_skb *serr;
305
306 if (!np->recverr)
307 return;
308
309 skb = skb_clone(skb, GFP_ATOMIC);
310 if (!skb)
311 return;
312
313 skb->protocol = htons(ETH_P_IPV6);
314
315 serr = SKB_EXT_ERR(skb);
316 serr->ee.ee_errno = err;
317 serr->ee.ee_origin = SO_EE_ORIGIN_ICMP6;
318 serr->ee.ee_type = icmph->icmp6_type;
319 serr->ee.ee_code = icmph->icmp6_code;
320 serr->ee.ee_pad = 0;
321 serr->ee.ee_info = info;
322 serr->ee.ee_data = 0;
323 serr->addr_offset = (u8 *)&(((struct ipv6hdr *)(icmph + 1))->daddr) -
324 skb_network_header(skb);
325 serr->port = port;
326
327 __skb_pull(skb, payload - skb->data);
328
329 if (inet6_sk(sk)->recverr_rfc4884)
330 ipv6_icmp_error_rfc4884(skb, &serr->ee.ee_rfc4884);
331
332 skb_reset_transport_header(skb);
333
334 if (sock_queue_err_skb(sk, skb))
335 kfree_skb(skb);
336 }
337
ipv6_local_error(struct sock * sk,int err,struct flowi6 * fl6,u32 info)338 void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info)
339 {
340 const struct ipv6_pinfo *np = inet6_sk(sk);
341 struct sock_exterr_skb *serr;
342 struct ipv6hdr *iph;
343 struct sk_buff *skb;
344
345 if (!np->recverr)
346 return;
347
348 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
349 if (!skb)
350 return;
351
352 skb->protocol = htons(ETH_P_IPV6);
353
354 skb_put(skb, sizeof(struct ipv6hdr));
355 skb_reset_network_header(skb);
356 iph = ipv6_hdr(skb);
357 iph->daddr = fl6->daddr;
358 ip6_flow_hdr(iph, 0, 0);
359
360 serr = SKB_EXT_ERR(skb);
361 serr->ee.ee_errno = err;
362 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
363 serr->ee.ee_type = 0;
364 serr->ee.ee_code = 0;
365 serr->ee.ee_pad = 0;
366 serr->ee.ee_info = info;
367 serr->ee.ee_data = 0;
368 serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb);
369 serr->port = fl6->fl6_dport;
370
371 __skb_pull(skb, skb_tail_pointer(skb) - skb->data);
372 skb_reset_transport_header(skb);
373
374 if (sock_queue_err_skb(sk, skb))
375 kfree_skb(skb);
376 }
377
ipv6_local_rxpmtu(struct sock * sk,struct flowi6 * fl6,u32 mtu)378 void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu)
379 {
380 struct ipv6_pinfo *np = inet6_sk(sk);
381 struct ipv6hdr *iph;
382 struct sk_buff *skb;
383 struct ip6_mtuinfo *mtu_info;
384
385 if (!np->rxopt.bits.rxpmtu)
386 return;
387
388 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
389 if (!skb)
390 return;
391
392 skb_put(skb, sizeof(struct ipv6hdr));
393 skb_reset_network_header(skb);
394 iph = ipv6_hdr(skb);
395 iph->daddr = fl6->daddr;
396
397 mtu_info = IP6CBMTU(skb);
398
399 mtu_info->ip6m_mtu = mtu;
400 mtu_info->ip6m_addr.sin6_family = AF_INET6;
401 mtu_info->ip6m_addr.sin6_port = 0;
402 mtu_info->ip6m_addr.sin6_flowinfo = 0;
403 mtu_info->ip6m_addr.sin6_scope_id = fl6->flowi6_oif;
404 mtu_info->ip6m_addr.sin6_addr = ipv6_hdr(skb)->daddr;
405
406 __skb_pull(skb, skb_tail_pointer(skb) - skb->data);
407 skb_reset_transport_header(skb);
408
409 skb = xchg(&np->rxpmtu, skb);
410 kfree_skb(skb);
411 }
412
413 /* For some errors we have valid addr_offset even with zero payload and
414 * zero port. Also, addr_offset should be supported if port is set.
415 */
ipv6_datagram_support_addr(struct sock_exterr_skb * serr)416 static inline bool ipv6_datagram_support_addr(struct sock_exterr_skb *serr)
417 {
418 return serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6 ||
419 serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
420 serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL || serr->port;
421 }
422
423 /* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL.
424 *
425 * At one point, excluding local errors was a quick test to identify icmp/icmp6
426 * errors. This is no longer true, but the test remained, so the v6 stack,
427 * unlike v4, also honors cmsg requests on all wifi and timestamp errors.
428 */
ip6_datagram_support_cmsg(struct sk_buff * skb,struct sock_exterr_skb * serr)429 static bool ip6_datagram_support_cmsg(struct sk_buff *skb,
430 struct sock_exterr_skb *serr)
431 {
432 if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
433 serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6)
434 return true;
435
436 if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL)
437 return false;
438
439 if (!IP6CB(skb)->iif)
440 return false;
441
442 return true;
443 }
444
445 /*
446 * Handle MSG_ERRQUEUE
447 */
ipv6_recv_error(struct sock * sk,struct msghdr * msg,int len,int * addr_len)448 int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
449 {
450 struct ipv6_pinfo *np = inet6_sk(sk);
451 struct sock_exterr_skb *serr;
452 struct sk_buff *skb;
453 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name);
454 struct {
455 struct sock_extended_err ee;
456 struct sockaddr_in6 offender;
457 } errhdr;
458 int err;
459 int copied;
460
461 err = -EAGAIN;
462 skb = sock_dequeue_err_skb(sk);
463 if (!skb)
464 goto out;
465
466 copied = skb->len;
467 if (copied > len) {
468 msg->msg_flags |= MSG_TRUNC;
469 copied = len;
470 }
471 err = skb_copy_datagram_msg(skb, 0, msg, copied);
472 if (unlikely(err)) {
473 kfree_skb(skb);
474 return err;
475 }
476 sock_recv_timestamp(msg, sk, skb);
477
478 serr = SKB_EXT_ERR(skb);
479
480 if (sin && ipv6_datagram_support_addr(serr)) {
481 const unsigned char *nh = skb_network_header(skb);
482 sin->sin6_family = AF_INET6;
483 sin->sin6_flowinfo = 0;
484 sin->sin6_port = serr->port;
485 if (skb->protocol == htons(ETH_P_IPV6)) {
486 const struct ipv6hdr *ip6h = container_of((struct in6_addr *)(nh + serr->addr_offset),
487 struct ipv6hdr, daddr);
488 sin->sin6_addr = ip6h->daddr;
489 if (np->sndflow)
490 sin->sin6_flowinfo = ip6_flowinfo(ip6h);
491 sin->sin6_scope_id =
492 ipv6_iface_scope_id(&sin->sin6_addr,
493 IP6CB(skb)->iif);
494 } else {
495 ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset),
496 &sin->sin6_addr);
497 sin->sin6_scope_id = 0;
498 }
499 *addr_len = sizeof(*sin);
500 }
501
502 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
503 sin = &errhdr.offender;
504 memset(sin, 0, sizeof(*sin));
505
506 if (ip6_datagram_support_cmsg(skb, serr)) {
507 sin->sin6_family = AF_INET6;
508 if (np->rxopt.all)
509 ip6_datagram_recv_common_ctl(sk, msg, skb);
510 if (skb->protocol == htons(ETH_P_IPV6)) {
511 sin->sin6_addr = ipv6_hdr(skb)->saddr;
512 if (np->rxopt.all)
513 ip6_datagram_recv_specific_ctl(sk, msg, skb);
514 sin->sin6_scope_id =
515 ipv6_iface_scope_id(&sin->sin6_addr,
516 IP6CB(skb)->iif);
517 } else {
518 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr,
519 &sin->sin6_addr);
520 if (inet_sk(sk)->cmsg_flags)
521 ip_cmsg_recv(msg, skb);
522 }
523 }
524
525 put_cmsg(msg, SOL_IPV6, IPV6_RECVERR, sizeof(errhdr), &errhdr);
526
527 /* Now we could try to dump offended packet options */
528
529 msg->msg_flags |= MSG_ERRQUEUE;
530 err = copied;
531
532 consume_skb(skb);
533 out:
534 return err;
535 }
536 EXPORT_SYMBOL_GPL(ipv6_recv_error);
537
538 /*
539 * Handle IPV6_RECVPATHMTU
540 */
ipv6_recv_rxpmtu(struct sock * sk,struct msghdr * msg,int len,int * addr_len)541 int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len,
542 int *addr_len)
543 {
544 struct ipv6_pinfo *np = inet6_sk(sk);
545 struct sk_buff *skb;
546 struct ip6_mtuinfo mtu_info;
547 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name);
548 int err;
549 int copied;
550
551 err = -EAGAIN;
552 skb = xchg(&np->rxpmtu, NULL);
553 if (!skb)
554 goto out;
555
556 copied = skb->len;
557 if (copied > len) {
558 msg->msg_flags |= MSG_TRUNC;
559 copied = len;
560 }
561 err = skb_copy_datagram_msg(skb, 0, msg, copied);
562 if (err)
563 goto out_free_skb;
564
565 sock_recv_timestamp(msg, sk, skb);
566
567 memcpy(&mtu_info, IP6CBMTU(skb), sizeof(mtu_info));
568
569 if (sin) {
570 sin->sin6_family = AF_INET6;
571 sin->sin6_flowinfo = 0;
572 sin->sin6_port = 0;
573 sin->sin6_scope_id = mtu_info.ip6m_addr.sin6_scope_id;
574 sin->sin6_addr = mtu_info.ip6m_addr.sin6_addr;
575 *addr_len = sizeof(*sin);
576 }
577
578 put_cmsg(msg, SOL_IPV6, IPV6_PATHMTU, sizeof(mtu_info), &mtu_info);
579
580 err = copied;
581
582 out_free_skb:
583 kfree_skb(skb);
584 out:
585 return err;
586 }
587
588
ip6_datagram_recv_common_ctl(struct sock * sk,struct msghdr * msg,struct sk_buff * skb)589 void ip6_datagram_recv_common_ctl(struct sock *sk, struct msghdr *msg,
590 struct sk_buff *skb)
591 {
592 struct ipv6_pinfo *np = inet6_sk(sk);
593 bool is_ipv6 = skb->protocol == htons(ETH_P_IPV6);
594
595 if (np->rxopt.bits.rxinfo) {
596 struct in6_pktinfo src_info;
597
598 if (is_ipv6) {
599 src_info.ipi6_ifindex = IP6CB(skb)->iif;
600 src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
601 } else {
602 src_info.ipi6_ifindex =
603 PKTINFO_SKB_CB(skb)->ipi_ifindex;
604 ipv6_addr_set_v4mapped(ip_hdr(skb)->daddr,
605 &src_info.ipi6_addr);
606 }
607
608 if (src_info.ipi6_ifindex >= 0)
609 put_cmsg(msg, SOL_IPV6, IPV6_PKTINFO,
610 sizeof(src_info), &src_info);
611 }
612 }
613
ip6_datagram_recv_specific_ctl(struct sock * sk,struct msghdr * msg,struct sk_buff * skb)614 void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg,
615 struct sk_buff *skb)
616 {
617 struct ipv6_pinfo *np = inet6_sk(sk);
618 struct inet6_skb_parm *opt = IP6CB(skb);
619 unsigned char *nh = skb_network_header(skb);
620
621 if (np->rxopt.bits.rxhlim) {
622 int hlim = ipv6_hdr(skb)->hop_limit;
623 put_cmsg(msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
624 }
625
626 if (np->rxopt.bits.rxtclass) {
627 int tclass = ipv6_get_dsfield(ipv6_hdr(skb));
628 put_cmsg(msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
629 }
630
631 if (np->rxopt.bits.rxflow) {
632 __be32 flowinfo = ip6_flowinfo((struct ipv6hdr *)nh);
633 if (flowinfo)
634 put_cmsg(msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
635 }
636
637 /* HbH is allowed only once */
638 if (np->rxopt.bits.hopopts && (opt->flags & IP6SKB_HOPBYHOP)) {
639 u8 *ptr = nh + sizeof(struct ipv6hdr);
640 put_cmsg(msg, SOL_IPV6, IPV6_HOPOPTS, (ptr[1]+1)<<3, ptr);
641 }
642
643 if (opt->lastopt &&
644 (np->rxopt.bits.dstopts || np->rxopt.bits.srcrt)) {
645 /*
646 * Silly enough, but we need to reparse in order to
647 * report extension headers (except for HbH)
648 * in order.
649 *
650 * Also note that IPV6_RECVRTHDRDSTOPTS is NOT
651 * (and WILL NOT be) defined because
652 * IPV6_RECVDSTOPTS is more generic. --yoshfuji
653 */
654 unsigned int off = sizeof(struct ipv6hdr);
655 u8 nexthdr = ipv6_hdr(skb)->nexthdr;
656
657 while (off <= opt->lastopt) {
658 unsigned int len;
659 u8 *ptr = nh + off;
660
661 switch (nexthdr) {
662 case IPPROTO_DSTOPTS:
663 nexthdr = ptr[0];
664 len = (ptr[1] + 1) << 3;
665 if (np->rxopt.bits.dstopts)
666 put_cmsg(msg, SOL_IPV6, IPV6_DSTOPTS, len, ptr);
667 break;
668 case IPPROTO_ROUTING:
669 nexthdr = ptr[0];
670 len = (ptr[1] + 1) << 3;
671 if (np->rxopt.bits.srcrt)
672 put_cmsg(msg, SOL_IPV6, IPV6_RTHDR, len, ptr);
673 break;
674 case IPPROTO_AH:
675 nexthdr = ptr[0];
676 len = (ptr[1] + 2) << 2;
677 break;
678 default:
679 nexthdr = ptr[0];
680 len = (ptr[1] + 1) << 3;
681 break;
682 }
683
684 off += len;
685 }
686 }
687
688 /* socket options in old style */
689 if (np->rxopt.bits.rxoinfo) {
690 struct in6_pktinfo src_info;
691
692 src_info.ipi6_ifindex = opt->iif;
693 src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
694 put_cmsg(msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
695 }
696 if (np->rxopt.bits.rxohlim) {
697 int hlim = ipv6_hdr(skb)->hop_limit;
698 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
699 }
700 if (np->rxopt.bits.ohopopts && (opt->flags & IP6SKB_HOPBYHOP)) {
701 u8 *ptr = nh + sizeof(struct ipv6hdr);
702 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPOPTS, (ptr[1]+1)<<3, ptr);
703 }
704 if (np->rxopt.bits.odstopts && opt->dst0) {
705 u8 *ptr = nh + opt->dst0;
706 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
707 }
708 if (np->rxopt.bits.osrcrt && opt->srcrt) {
709 struct ipv6_rt_hdr *rthdr = (struct ipv6_rt_hdr *)(nh + opt->srcrt);
710 put_cmsg(msg, SOL_IPV6, IPV6_2292RTHDR, (rthdr->hdrlen+1) << 3, rthdr);
711 }
712 if (np->rxopt.bits.odstopts && opt->dst1) {
713 u8 *ptr = nh + opt->dst1;
714 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
715 }
716 if (np->rxopt.bits.rxorigdstaddr) {
717 struct sockaddr_in6 sin6;
718 __be16 _ports[2], *ports;
719
720 ports = skb_header_pointer(skb, skb_transport_offset(skb),
721 sizeof(_ports), &_ports);
722 if (ports) {
723 /* All current transport protocols have the port numbers in the
724 * first four bytes of the transport header and this function is
725 * written with this assumption in mind.
726 */
727 sin6.sin6_family = AF_INET6;
728 sin6.sin6_addr = ipv6_hdr(skb)->daddr;
729 sin6.sin6_port = ports[1];
730 sin6.sin6_flowinfo = 0;
731 sin6.sin6_scope_id =
732 ipv6_iface_scope_id(&ipv6_hdr(skb)->daddr,
733 opt->iif);
734
735 put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, sizeof(sin6), &sin6);
736 }
737 }
738 if (np->rxopt.bits.recvfragsize && opt->frag_max_size) {
739 int val = opt->frag_max_size;
740
741 put_cmsg(msg, SOL_IPV6, IPV6_RECVFRAGSIZE, sizeof(val), &val);
742 }
743 }
744
ip6_datagram_recv_ctl(struct sock * sk,struct msghdr * msg,struct sk_buff * skb)745 void ip6_datagram_recv_ctl(struct sock *sk, struct msghdr *msg,
746 struct sk_buff *skb)
747 {
748 ip6_datagram_recv_common_ctl(sk, msg, skb);
749 ip6_datagram_recv_specific_ctl(sk, msg, skb);
750 }
751 EXPORT_SYMBOL_GPL(ip6_datagram_recv_ctl);
752
ip6_datagram_send_ctl(struct net * net,struct sock * sk,struct msghdr * msg,struct flowi6 * fl6,struct ipcm6_cookie * ipc6)753 int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
754 struct msghdr *msg, struct flowi6 *fl6,
755 struct ipcm6_cookie *ipc6)
756 {
757 struct in6_pktinfo *src_info;
758 struct cmsghdr *cmsg;
759 struct ipv6_rt_hdr *rthdr;
760 struct ipv6_opt_hdr *hdr;
761 struct ipv6_txoptions *opt = ipc6->opt;
762 int len;
763 int err = 0;
764
765 for_each_cmsghdr(cmsg, msg) {
766 int addr_type;
767
768 if (!CMSG_OK(msg, cmsg)) {
769 err = -EINVAL;
770 goto exit_f;
771 }
772
773 if (cmsg->cmsg_level == SOL_SOCKET) {
774 err = __sock_cmsg_send(sk, msg, cmsg, &ipc6->sockc);
775 if (err)
776 return err;
777 continue;
778 }
779
780 if (cmsg->cmsg_level != SOL_IPV6)
781 continue;
782
783 switch (cmsg->cmsg_type) {
784 case IPV6_PKTINFO:
785 case IPV6_2292PKTINFO:
786 {
787 struct net_device *dev = NULL;
788 int src_idx;
789
790 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
791 err = -EINVAL;
792 goto exit_f;
793 }
794
795 src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg);
796 src_idx = src_info->ipi6_ifindex;
797
798 if (src_idx) {
799 if (fl6->flowi6_oif &&
800 src_idx != fl6->flowi6_oif &&
801 (sk->sk_bound_dev_if != fl6->flowi6_oif ||
802 !sk_dev_equal_l3scope(sk, src_idx)))
803 return -EINVAL;
804 fl6->flowi6_oif = src_idx;
805 }
806
807 addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
808
809 rcu_read_lock();
810 if (fl6->flowi6_oif) {
811 dev = dev_get_by_index_rcu(net, fl6->flowi6_oif);
812 if (!dev) {
813 rcu_read_unlock();
814 return -ENODEV;
815 }
816 } else if (addr_type & IPV6_ADDR_LINKLOCAL) {
817 rcu_read_unlock();
818 return -EINVAL;
819 }
820
821 if (addr_type != IPV6_ADDR_ANY) {
822 int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
823 if (!ipv6_can_nonlocal_bind(net, inet_sk(sk)) &&
824 !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr,
825 dev, !strict, 0,
826 IFA_F_TENTATIVE) &&
827 !ipv6_chk_acast_addr_src(net, dev,
828 &src_info->ipi6_addr))
829 err = -EINVAL;
830 else
831 fl6->saddr = src_info->ipi6_addr;
832 }
833
834 rcu_read_unlock();
835
836 if (err)
837 goto exit_f;
838
839 break;
840 }
841
842 case IPV6_FLOWINFO:
843 if (cmsg->cmsg_len < CMSG_LEN(4)) {
844 err = -EINVAL;
845 goto exit_f;
846 }
847
848 if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
849 if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) {
850 err = -EINVAL;
851 goto exit_f;
852 }
853 }
854 fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg);
855 break;
856
857 case IPV6_2292HOPOPTS:
858 case IPV6_HOPOPTS:
859 if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
860 err = -EINVAL;
861 goto exit_f;
862 }
863
864 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
865 len = ((hdr->hdrlen + 1) << 3);
866 if (cmsg->cmsg_len < CMSG_LEN(len)) {
867 err = -EINVAL;
868 goto exit_f;
869 }
870 if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
871 err = -EPERM;
872 goto exit_f;
873 }
874 opt->opt_nflen += len;
875 opt->hopopt = hdr;
876 break;
877
878 case IPV6_2292DSTOPTS:
879 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
880 err = -EINVAL;
881 goto exit_f;
882 }
883
884 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
885 len = ((hdr->hdrlen + 1) << 3);
886 if (cmsg->cmsg_len < CMSG_LEN(len)) {
887 err = -EINVAL;
888 goto exit_f;
889 }
890 if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
891 err = -EPERM;
892 goto exit_f;
893 }
894 if (opt->dst1opt) {
895 err = -EINVAL;
896 goto exit_f;
897 }
898 opt->opt_flen += len;
899 opt->dst1opt = hdr;
900 break;
901
902 case IPV6_DSTOPTS:
903 case IPV6_RTHDRDSTOPTS:
904 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
905 err = -EINVAL;
906 goto exit_f;
907 }
908
909 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
910 len = ((hdr->hdrlen + 1) << 3);
911 if (cmsg->cmsg_len < CMSG_LEN(len)) {
912 err = -EINVAL;
913 goto exit_f;
914 }
915 if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
916 err = -EPERM;
917 goto exit_f;
918 }
919 if (cmsg->cmsg_type == IPV6_DSTOPTS) {
920 opt->opt_flen += len;
921 opt->dst1opt = hdr;
922 } else {
923 opt->opt_nflen += len;
924 opt->dst0opt = hdr;
925 }
926 break;
927
928 case IPV6_2292RTHDR:
929 case IPV6_RTHDR:
930 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_rt_hdr))) {
931 err = -EINVAL;
932 goto exit_f;
933 }
934
935 rthdr = (struct ipv6_rt_hdr *)CMSG_DATA(cmsg);
936
937 switch (rthdr->type) {
938 #if IS_ENABLED(CONFIG_IPV6_MIP6)
939 case IPV6_SRCRT_TYPE_2:
940 if (rthdr->hdrlen != 2 ||
941 rthdr->segments_left != 1) {
942 err = -EINVAL;
943 goto exit_f;
944 }
945 break;
946 #endif
947 default:
948 err = -EINVAL;
949 goto exit_f;
950 }
951
952 len = ((rthdr->hdrlen + 1) << 3);
953
954 if (cmsg->cmsg_len < CMSG_LEN(len)) {
955 err = -EINVAL;
956 goto exit_f;
957 }
958
959 /* segments left must also match */
960 if ((rthdr->hdrlen >> 1) != rthdr->segments_left) {
961 err = -EINVAL;
962 goto exit_f;
963 }
964
965 opt->opt_nflen += len;
966 opt->srcrt = rthdr;
967
968 if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) {
969 int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3);
970
971 opt->opt_nflen += dsthdrlen;
972 opt->dst0opt = opt->dst1opt;
973 opt->dst1opt = NULL;
974 opt->opt_flen -= dsthdrlen;
975 }
976
977 break;
978
979 case IPV6_2292HOPLIMIT:
980 case IPV6_HOPLIMIT:
981 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
982 err = -EINVAL;
983 goto exit_f;
984 }
985
986 ipc6->hlimit = *(int *)CMSG_DATA(cmsg);
987 if (ipc6->hlimit < -1 || ipc6->hlimit > 0xff) {
988 err = -EINVAL;
989 goto exit_f;
990 }
991
992 break;
993
994 case IPV6_TCLASS:
995 {
996 int tc;
997
998 err = -EINVAL;
999 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
1000 goto exit_f;
1001
1002 tc = *(int *)CMSG_DATA(cmsg);
1003 if (tc < -1 || tc > 0xff)
1004 goto exit_f;
1005
1006 err = 0;
1007 ipc6->tclass = tc;
1008
1009 break;
1010 }
1011
1012 case IPV6_DONTFRAG:
1013 {
1014 int df;
1015
1016 err = -EINVAL;
1017 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
1018 goto exit_f;
1019
1020 df = *(int *)CMSG_DATA(cmsg);
1021 if (df < 0 || df > 1)
1022 goto exit_f;
1023
1024 err = 0;
1025 ipc6->dontfrag = df;
1026
1027 break;
1028 }
1029 default:
1030 net_dbg_ratelimited("invalid cmsg type: %d\n",
1031 cmsg->cmsg_type);
1032 err = -EINVAL;
1033 goto exit_f;
1034 }
1035 }
1036
1037 exit_f:
1038 return err;
1039 }
1040 EXPORT_SYMBOL_GPL(ip6_datagram_send_ctl);
1041
__ip6_dgram_sock_seq_show(struct seq_file * seq,struct sock * sp,__u16 srcp,__u16 destp,int rqueue,int bucket)1042 void __ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
1043 __u16 srcp, __u16 destp, int rqueue, int bucket)
1044 {
1045 const struct in6_addr *dest, *src;
1046
1047 dest = &sp->sk_v6_daddr;
1048 src = &sp->sk_v6_rcv_saddr;
1049 seq_printf(seq,
1050 "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1051 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n",
1052 bucket,
1053 src->s6_addr32[0], src->s6_addr32[1],
1054 src->s6_addr32[2], src->s6_addr32[3], srcp,
1055 dest->s6_addr32[0], dest->s6_addr32[1],
1056 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1057 sp->sk_state,
1058 sk_wmem_alloc_get(sp),
1059 rqueue,
1060 0, 0L, 0,
1061 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1062 0,
1063 sock_i_ino(sp),
1064 refcount_read(&sp->sk_refcnt), sp,
1065 atomic_read(&sp->sk_drops));
1066 }
1067