projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipv6: fix leaking uninitialized port number of offender sockaddr
[deliverable/linux.git] / net / ipv6 / datagram.c
CommitLineData
1da177e4
LT		 1/*
2 * common UDP/RAW code
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1da177e4
LT		 8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 */
13
4fc268d2 14#include <linux/capability.h>
1da177e4
LT		 15#include <linux/errno.h>
16#include <linux/types.h>
17#include <linux/kernel.h>
1da177e4
LT		 18#include <linux/interrupt.h>
19#include <linux/socket.h>
20#include <linux/sockios.h>
21#include <linux/in6.h>
22#include <linux/ipv6.h>
23#include <linux/route.h>
5a0e3ad6 24#include <linux/slab.h>
a495f836 25#include <linux/export.h>
1da177e4
LT		 26
27#include <net/ipv6.h>
28#include <net/ndisc.h>
29#include <net/addrconf.h>
30#include <net/transp_v6.h>
31#include <net/ip6_route.h>
c752f073 32#include <net/tcp_states.h>
e7219858 33#include <net/dsfield.h>
1da177e4
LT		 34
35#include <linux/errqueue.h>
36#include <asm/uaccess.h>
37
a50feda5 38static bool ipv6_mapped_addr_any(const struct in6_addr *a)
c15fea2d 39{
a50feda5 40 return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0);
c15fea2d
MM		 41}
42
1da177e4
LT		 43int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
44{
45 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
46 struct inet_sock *inet = inet_sk(sk);
47 struct ipv6_pinfo *np = inet6_sk(sk);
20c59de2 48 struct in6_addr *daddr, *final_p, final;
1da177e4 49 struct dst_entry *dst;
4c9483b2 50 struct flowi6 fl6;
1da177e4 51 struct ip6_flowlabel *flowlabel = NULL;
20c59de2 52 struct ipv6_txoptions *opt;
1da177e4
LT		 53 int addr_type;
54 int err;
55
56 if (usin->sin6_family == AF_INET) {
57 if (__ipv6_only_sock(sk))
58 return -EAFNOSUPPORT;
59 err = ip4_datagram_connect(sk, uaddr, addr_len);
60 goto ipv4_connected;
61 }
62
63 if (addr_len < SIN6_LEN_RFC2133)
1ab1457c 64 return -EINVAL;
1da177e4 65
1ab1457c
YH		 66 if (usin->sin6_family != AF_INET6)
67 return -EAFNOSUPPORT;
1da177e4 68
4c9483b2 69 memset(&fl6, 0, sizeof(fl6));
1da177e4 70 if (np->sndflow) {
4c9483b2
DM		 71 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
72 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
73 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
1da177e4
LT		 74 if (flowlabel == NULL)
75 return -EINVAL;
4e3fd7a0 76 usin->sin6_addr = flowlabel->dst;
1da177e4
LT		 77 }
78 }
79
80 addr_type = ipv6_addr_type(&usin->sin6_addr);
81
82 if (addr_type == IPV6_ADDR_ANY) {
83 /*
84 * connect to self
85 */
86 usin->sin6_addr.s6_addr[15] = 0x01;
87 }
88
89 daddr = &usin->sin6_addr;
90
91 if (addr_type == IPV6_ADDR_MAPPED) {
92 struct sockaddr_in sin;
93
94 if (__ipv6_only_sock(sk)) {
95 err = -ENETUNREACH;
96 goto out;
97 }
98 sin.sin_family = AF_INET;
99 sin.sin_addr.s_addr = daddr->s6_addr32[3];
100 sin.sin_port = usin->sin6_port;
101
1ab1457c 102 err = ip4_datagram_connect(sk,
b5a4257c 103 (struct sockaddr *) &sin,
1da177e4
LT		 104 sizeof(sin));
105
106ipv4_connected:
107 if (err)
108 goto out;
1ab1457c 109
efe4208f 110 ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr);
1da177e4 111
c15fea2d
MM		 112 if (ipv6_addr_any(&np->saddr) ||
113 ipv6_mapped_addr_any(&np->saddr))
c720c7e8 114 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
b301e82c 115
efe4208f
ED		 116 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) ||
117 ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) {
c720c7e8 118 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
efe4208f 119 &sk->sk_v6_rcv_saddr);
719f8358
ED		 120 if (sk->sk_prot->rehash)
121 sk->sk_prot->rehash(sk);
122 }
1da177e4 123
1da177e4
LT		 124 goto out;
125 }
126
842df073 127 if (__ipv6_addr_needs_scope_id(addr_type)) {
1da177e4
LT		 128 if (addr_len >= sizeof(struct sockaddr_in6) &&
129 usin->sin6_scope_id) {
130 if (sk->sk_bound_dev_if &&
131 sk->sk_bound_dev_if != usin->sin6_scope_id) {
132 err = -EINVAL;
133 goto out;
134 }
135 sk->sk_bound_dev_if = usin->sin6_scope_id;
1da177e4
LT		 136 }
137
1ac4f008
BH		 138 if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST))
139 sk->sk_bound_dev_if = np->mcast_oif;
140
1da177e4
LT		 141 /* Connect to link-local address requires an interface */
142 if (!sk->sk_bound_dev_if) {
143 err = -EINVAL;
144 goto out;
145 }
146 }
147
efe4208f 148 sk->sk_v6_daddr = *daddr;
4c9483b2 149 np->flow_label = fl6.flowlabel;
1da177e4 150
c720c7e8 151 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 152
153 /*
154 * Check for a route to destination an obtain the
155 * destination cache for it.
156 */
157
4c9483b2 158 fl6.flowi6_proto = sk->sk_protocol;
efe4208f 159 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 160 fl6.saddr = np->saddr;
4c9483b2
DM		 161 fl6.flowi6_oif = sk->sk_bound_dev_if;
162 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 163 fl6.fl6_dport = inet->inet_dport;
164 fl6.fl6_sport = inet->inet_sport;
1da177e4 165
4c9483b2
DM		 166 if (!fl6.flowi6_oif && (addr_type&IPV6_ADDR_MULTICAST))
167 fl6.flowi6_oif = np->mcast_oif;
1da177e4 168
4c9483b2 169 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
beb8d13b 170
20c59de2 171 opt = flowlabel ? flowlabel->opt : np->opt;
4c9483b2 172 final_p = fl6_update_dst(&fl6, opt, &final);
1da177e4 173
4c9483b2 174 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true);
68d0c6d3
DM		 175 err = 0;
176 if (IS_ERR(dst)) {
177 err = PTR_ERR(dst);
1da177e4 178 goto out;
14e50e57 179 }
1da177e4
LT		 180
181 /* source address lookup done in ip6_dst_lookup */
182
183 if (ipv6_addr_any(&np->saddr))
4e3fd7a0 184 np->saddr = fl6.saddr;
1da177e4 185
efe4208f
ED		 186 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
187 sk->sk_v6_rcv_saddr = fl6.saddr;
c720c7e8 188 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
719f8358
ED		 189 if (sk->sk_prot->rehash)
190 sk->sk_prot->rehash(sk);
1da177e4
LT		 191 }
192
193 ip6_dst_store(sk, dst,
efe4208f
ED		 194 ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr) ?
195 &sk->sk_v6_daddr : NULL,
8e1ef0a9 196#ifdef CONFIG_IPV6_SUBTREES
4c9483b2 197 ipv6_addr_equal(&fl6.saddr, &np->saddr) ?
8e1ef0a9
YH		 198 &np->saddr :
199#endif
200 NULL);
1da177e4
LT		 201
202 sk->sk_state = TCP_ESTABLISHED;
203out:
204 fl6_sock_release(flowlabel);
205 return err;
206}
a495f836 207EXPORT_SYMBOL_GPL(ip6_datagram_connect);
1da177e4 208
1ab1457c 209void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
e69a4adc 210 __be16 port, u32 info, u8 *payload)
1da177e4
LT		 211{
212 struct ipv6_pinfo *np = inet6_sk(sk);
cc70ab26 213 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4
LT		 214 struct sock_exterr_skb *serr;
215
216 if (!np->recverr)
217 return;
218
219 skb = skb_clone(skb, GFP_ATOMIC);
220 if (!skb)
221 return;
222
d40a4de0
BH		 223 skb->protocol = htons(ETH_P_IPV6);
224
1da177e4
LT		 225 serr = SKB_EXT_ERR(skb);
226 serr->ee.ee_errno = err;
227 serr->ee.ee_origin = SO_EE_ORIGIN_ICMP6;
1ab1457c 228 serr->ee.ee_type = icmph->icmp6_type;
1da177e4
LT		 229 serr->ee.ee_code = icmph->icmp6_code;
230 serr->ee.ee_pad = 0;
231 serr->ee.ee_info = info;
232 serr->ee.ee_data = 0;
d56f90a7
ACM		 233 serr->addr_offset = (u8 *)&(((struct ipv6hdr *)(icmph + 1))->daddr) -
234 skb_network_header(skb);
1da177e4
LT		 235 serr->port = port;
236
1da177e4 237 __skb_pull(skb, payload - skb->data);
bd82393c 238 skb_reset_transport_header(skb);
1da177e4
LT		 239
240 if (sock_queue_err_skb(sk, skb))
241 kfree_skb(skb);
242}
243
4c9483b2 244void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info)
1da177e4
LT		 245{
246 struct ipv6_pinfo *np = inet6_sk(sk);
247 struct sock_exterr_skb *serr;
248 struct ipv6hdr *iph;
249 struct sk_buff *skb;
250
251 if (!np->recverr)
252 return;
253
254 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
255 if (!skb)
256 return;
257
d40a4de0
BH		 258 skb->protocol = htons(ETH_P_IPV6);
259
1ced98e8
ACM		 260 skb_put(skb, sizeof(struct ipv6hdr));
261 skb_reset_network_header(skb);
0660e03f 262 iph = ipv6_hdr(skb);
4e3fd7a0 263 iph->daddr = fl6->daddr;
1da177e4
LT		 264
265 serr = SKB_EXT_ERR(skb);
266 serr->ee.ee_errno = err;
267 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1ab1457c 268 serr->ee.ee_type = 0;
1da177e4
LT		 269 serr->ee.ee_code = 0;
270 serr->ee.ee_pad = 0;
271 serr->ee.ee_info = info;
272 serr->ee.ee_data = 0;
d56f90a7 273 serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb);
1958b856 274 serr->port = fl6->fl6_dport;
1da177e4 275
27a884dc 276 __skb_pull(skb, skb_tail_pointer(skb) - skb->data);
bd82393c 277 skb_reset_transport_header(skb);
1da177e4
LT		 278
279 if (sock_queue_err_skb(sk, skb))
280 kfree_skb(skb);
281}
282
4c9483b2 283void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu)
4b340ae2
BH		 284{
285 struct ipv6_pinfo *np = inet6_sk(sk);
286 struct ipv6hdr *iph;
287 struct sk_buff *skb;
288 struct ip6_mtuinfo *mtu_info;
289
290 if (!np->rxopt.bits.rxpmtu)
291 return;
292
293 skb = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
294 if (!skb)
295 return;
296
297 skb_put(skb, sizeof(struct ipv6hdr));
298 skb_reset_network_header(skb);
299 iph = ipv6_hdr(skb);
4e3fd7a0 300 iph->daddr = fl6->daddr;
4b340ae2
BH		 301
302 mtu_info = IP6CBMTU(skb);
4b340ae2
BH		 303
304 mtu_info->ip6m_mtu = mtu;
305 mtu_info->ip6m_addr.sin6_family = AF_INET6;
306 mtu_info->ip6m_addr.sin6_port = 0;
307 mtu_info->ip6m_addr.sin6_flowinfo = 0;
4c9483b2 308 mtu_info->ip6m_addr.sin6_scope_id = fl6->flowi6_oif;
4e3fd7a0 309 mtu_info->ip6m_addr.sin6_addr = ipv6_hdr(skb)->daddr;
4b340ae2
BH		 310
311 __skb_pull(skb, skb_tail_pointer(skb) - skb->data);
312 skb_reset_transport_header(skb);
313
314 skb = xchg(&np->rxpmtu, skb);
315 kfree_skb(skb);
316}
317
1ab1457c 318/*
1da177e4
LT		 319 * Handle MSG_ERRQUEUE
320 */
85fbaa75 321int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
1da177e4
LT		 322{
323 struct ipv6_pinfo *np = inet6_sk(sk);
324 struct sock_exterr_skb *serr;
325 struct sk_buff *skb, *skb2;
326 struct sockaddr_in6 *sin;
327 struct {
328 struct sock_extended_err ee;
329 struct sockaddr_in6 offender;
330 } errhdr;
331 int err;
332 int copied;
333
334 err = -EAGAIN;
335 skb = skb_dequeue(&sk->sk_error_queue);
336 if (skb == NULL)
337 goto out;
338
339 copied = skb->len;
340 if (copied > len) {
341 msg->msg_flags |= MSG_TRUNC;
342 copied = len;
343 }
344 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
345 if (err)
346 goto out_free_skb;
347
348 sock_recv_timestamp(msg, sk, skb);
349
350 serr = SKB_EXT_ERR(skb);
351
352 sin = (struct sockaddr_in6 *)msg->msg_name;
353 if (sin) {
d56f90a7 354 const unsigned char *nh = skb_network_header(skb);
1da177e4
LT		 355 sin->sin6_family = AF_INET6;
356 sin->sin6_flowinfo = 0;
1ab1457c 357 sin->sin6_port = serr->port;
d40a4de0 358 if (skb->protocol == htons(ETH_P_IPV6)) {
6c40d100
YH		 359 const struct ipv6hdr *ip6h = container_of((struct in6_addr *)(nh + serr->addr_offset),
360 struct ipv6hdr, daddr);
361 sin->sin6_addr = ip6h->daddr;
1da177e4 362 if (np->sndflow)
6502ca52 363 sin->sin6_flowinfo = ip6_flowinfo(ip6h);
842df073
HFS		 364 sin->sin6_scope_id =
365 ipv6_iface_scope_id(&sin->sin6_addr,
366 IP6CB(skb)->iif);
1da177e4 367 } else {
b301e82c
BH		 368 ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset),
369 &sin->sin6_addr);
842df073 370 sin->sin6_scope_id = 0;
1da177e4 371 }
85fbaa75 372 *addr_len = sizeof(*sin);
1da177e4
LT		 373 }
374
375 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
376 sin = &errhdr.offender;
377 sin->sin6_family = AF_UNSPEC;
378 if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) {
379 sin->sin6_family = AF_INET6;
380 sin->sin6_flowinfo = 0;
1fa4c710 381 sin->sin6_port = 0;
d40a4de0 382 if (skb->protocol == htons(ETH_P_IPV6)) {
4e3fd7a0 383 sin->sin6_addr = ipv6_hdr(skb)->saddr;
1da177e4 384 if (np->rxopt.all)
73df66f8 385 ip6_datagram_recv_ctl(sk, msg, skb);
842df073
HFS		 386 sin->sin6_scope_id =
387 ipv6_iface_scope_id(&sin->sin6_addr,
388 IP6CB(skb)->iif);
1da177e4
LT		 389 } else {
390 struct inet_sock *inet = inet_sk(sk);
391
b301e82c
BH		 392 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr,
393 &sin->sin6_addr);
842df073 394 sin->sin6_scope_id = 0;
1da177e4
LT		 395 if (inet->cmsg_flags)
396 ip_cmsg_recv(msg, skb);
397 }
398 }
399
400 put_cmsg(msg, SOL_IPV6, IPV6_RECVERR, sizeof(errhdr), &errhdr);
401
402 /* Now we could try to dump offended packet options */
403
404 msg->msg_flags |= MSG_ERRQUEUE;
405 err = copied;
406
407 /* Reset and regenerate socket error */
e0f9f858 408 spin_lock_bh(&sk->sk_error_queue.lock);
1da177e4
LT		 409 sk->sk_err = 0;
410 if ((skb2 = skb_peek(&sk->sk_error_queue)) != NULL) {
411 sk->sk_err = SKB_EXT_ERR(skb2)->ee.ee_errno;
e0f9f858 412 spin_unlock_bh(&sk->sk_error_queue.lock);
1da177e4
LT		 413 sk->sk_error_report(sk);
414 } else {
e0f9f858 415 spin_unlock_bh(&sk->sk_error_queue.lock);
1da177e4
LT		 416 }
417
1ab1457c 418out_free_skb:
1da177e4
LT		 419 kfree_skb(skb);
420out:
421 return err;
422}
a495f836 423EXPORT_SYMBOL_GPL(ipv6_recv_error);
1da177e4 424
4b340ae2
BH		 425/*
426 * Handle IPV6_RECVPATHMTU
427 */
85fbaa75
HFS		 428int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len,
429 int *addr_len)
4b340ae2
BH		 430{
431 struct ipv6_pinfo *np = inet6_sk(sk);
432 struct sk_buff *skb;
433 struct sockaddr_in6 *sin;
434 struct ip6_mtuinfo mtu_info;
435 int err;
436 int copied;
437
438 err = -EAGAIN;
439 skb = xchg(&np->rxpmtu, NULL);
440 if (skb == NULL)
441 goto out;
442
443 copied = skb->len;
444 if (copied > len) {
445 msg->msg_flags |= MSG_TRUNC;
446 copied = len;
447 }
448 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
449 if (err)
450 goto out_free_skb;
451
452 sock_recv_timestamp(msg, sk, skb);
453
454 memcpy(&mtu_info, IP6CBMTU(skb), sizeof(mtu_info));
455
456 sin = (struct sockaddr_in6 *)msg->msg_name;
457 if (sin) {
458 sin->sin6_family = AF_INET6;
459 sin->sin6_flowinfo = 0;
460 sin->sin6_port = 0;
461 sin->sin6_scope_id = mtu_info.ip6m_addr.sin6_scope_id;
4e3fd7a0 462 sin->sin6_addr = mtu_info.ip6m_addr.sin6_addr;
85fbaa75 463 *addr_len = sizeof(*sin);
4b340ae2
BH		 464 }
465
466 put_cmsg(msg, SOL_IPV6, IPV6_PATHMTU, sizeof(mtu_info), &mtu_info);
467
468 err = copied;
469
470out_free_skb:
471 kfree_skb(skb);
472out:
473 return err;
474}
1da177e4
LT		 475
476
73df66f8
TP		 477int ip6_datagram_recv_ctl(struct sock *sk, struct msghdr *msg,
478 struct sk_buff *skb)
1da177e4
LT		 479{
480 struct ipv6_pinfo *np = inet6_sk(sk);
481 struct inet6_skb_parm *opt = IP6CB(skb);
d56f90a7 482 unsigned char *nh = skb_network_header(skb);
1da177e4
LT		 483
484 if (np->rxopt.bits.rxinfo) {
485 struct in6_pktinfo src_info;
486
487 src_info.ipi6_ifindex = opt->iif;
4e3fd7a0 488 src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
1da177e4
LT		 489 put_cmsg(msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info);
490 }
491
492 if (np->rxopt.bits.rxhlim) {
0660e03f 493 int hlim = ipv6_hdr(skb)->hop_limit;
1da177e4
LT		 494 put_cmsg(msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
495 }
496
41a1f8ea 497 if (np->rxopt.bits.rxtclass) {
e7219858 498 int tclass = ipv6_get_dsfield(ipv6_hdr(skb));
41a1f8ea
YH		 499 put_cmsg(msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
500 }
501
6502ca52
YH		 502 if (np->rxopt.bits.rxflow) {
503 __be32 flowinfo = ip6_flowinfo((struct ipv6hdr *)nh);
504 if (flowinfo)
505 put_cmsg(msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
1da177e4 506 }
333fad53
YH		 507
508 /* HbH is allowed only once */
1da177e4 509 if (np->rxopt.bits.hopopts && opt->hop) {
d56f90a7 510 u8 *ptr = nh + opt->hop;
1da177e4
LT		 511 put_cmsg(msg, SOL_IPV6, IPV6_HOPOPTS, (ptr[1]+1)<<3, ptr);
512 }
333fad53
YH		 513
514 if (opt->lastopt &&
515 (np->rxopt.bits.dstopts || np->rxopt.bits.srcrt)) {
516 /*
517 * Silly enough, but we need to reparse in order to
518 * report extension headers (except for HbH)
519 * in order.
520 *
1ab1457c 521 * Also note that IPV6_RECVRTHDRDSTOPTS is NOT
333fad53
YH		 522 * (and WILL NOT be) defined because
523 * IPV6_RECVDSTOPTS is more generic. --yoshfuji
524 */
525 unsigned int off = sizeof(struct ipv6hdr);
0660e03f 526 u8 nexthdr = ipv6_hdr(skb)->nexthdr;
333fad53
YH		 527
528 while (off <= opt->lastopt) {
95c96174 529 unsigned int len;
d56f90a7 530 u8 *ptr = nh + off;
333fad53 531
b5a4257c 532 switch (nexthdr) {
333fad53
YH		 533 case IPPROTO_DSTOPTS:
534 nexthdr = ptr[0];
535 len = (ptr[1] + 1) << 3;
536 if (np->rxopt.bits.dstopts)
537 put_cmsg(msg, SOL_IPV6, IPV6_DSTOPTS, len, ptr);
538 break;
539 case IPPROTO_ROUTING:
540 nexthdr = ptr[0];
541 len = (ptr[1] + 1) << 3;
542 if (np->rxopt.bits.srcrt)
543 put_cmsg(msg, SOL_IPV6, IPV6_RTHDR, len, ptr);
544 break;
545 case IPPROTO_AH:
546 nexthdr = ptr[0];
a3059893 547 len = (ptr[1] + 2) << 2;
333fad53
YH		 548 break;
549 default:
550 nexthdr = ptr[0];
551 len = (ptr[1] + 1) << 3;
552 break;
553 }
554
555 off += len;
556 }
557 }
558
559 /* socket options in old style */
560 if (np->rxopt.bits.rxoinfo) {
561 struct in6_pktinfo src_info;
562
563 src_info.ipi6_ifindex = opt->iif;
4e3fd7a0 564 src_info.ipi6_addr = ipv6_hdr(skb)->daddr;
333fad53
YH		 565 put_cmsg(msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
566 }
567 if (np->rxopt.bits.rxohlim) {
0660e03f 568 int hlim = ipv6_hdr(skb)->hop_limit;
333fad53
YH		 569 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
570 }
571 if (np->rxopt.bits.ohopopts && opt->hop) {
d56f90a7 572 u8 *ptr = nh + opt->hop;
333fad53
YH		 573 put_cmsg(msg, SOL_IPV6, IPV6_2292HOPOPTS, (ptr[1]+1)<<3, ptr);
574 }
575 if (np->rxopt.bits.odstopts && opt->dst0) {
d56f90a7 576 u8 *ptr = nh + opt->dst0;
333fad53 577 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
1da177e4 578 }
333fad53 579 if (np->rxopt.bits.osrcrt && opt->srcrt) {
d56f90a7 580 struct ipv6_rt_hdr *rthdr = (struct ipv6_rt_hdr *)(nh + opt->srcrt);
333fad53 581 put_cmsg(msg, SOL_IPV6, IPV6_2292RTHDR, (rthdr->hdrlen+1) << 3, rthdr);
1da177e4 582 }
333fad53 583 if (np->rxopt.bits.odstopts && opt->dst1) {
d56f90a7 584 u8 *ptr = nh + opt->dst1;
333fad53 585 put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
1da177e4 586 }
6c468622
BS		 587 if (np->rxopt.bits.rxorigdstaddr) {
588 struct sockaddr_in6 sin6;
747465ef 589 __be16 *ports = (__be16 *) skb_transport_header(skb);
6c468622
BS		 590
591 if (skb_transport_offset(skb) + 4 <= skb->len) {
592 /* All current transport protocols have the port numbers in the
593 * first four bytes of the transport header and this function is
594 * written with this assumption in mind.
595 */
596
597 sin6.sin6_family = AF_INET6;
4e3fd7a0 598 sin6.sin6_addr = ipv6_hdr(skb)->daddr;
6c468622
BS		 599 sin6.sin6_port = ports[1];
600 sin6.sin6_flowinfo = 0;
3868b7aa
HFS		 601 sin6.sin6_scope_id =
602 ipv6_iface_scope_id(&ipv6_hdr(skb)->daddr,
603 opt->iif);
6c468622
BS		 604
605 put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, sizeof(sin6), &sin6);
606 }
607 }
1da177e4
LT		 608 return 0;
609}
8e72d37e 610EXPORT_SYMBOL_GPL(ip6_datagram_recv_ctl);
1da177e4 611
73df66f8
TP		 612int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
613 struct msghdr *msg, struct flowi6 *fl6,
614 struct ipv6_txoptions *opt,
615 int *hlimit, int *tclass, int *dontfrag)
1da177e4
LT		 616{
617 struct in6_pktinfo *src_info;
618 struct cmsghdr *cmsg;
619 struct ipv6_rt_hdr *rthdr;
620 struct ipv6_opt_hdr *hdr;
621 int len;
622 int err = 0;
623
624 for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
625 int addr_type;
1da177e4
LT		 626
627 if (!CMSG_OK(msg, cmsg)) {
628 err = -EINVAL;
629 goto exit_f;
630 }
631
632 if (cmsg->cmsg_level != SOL_IPV6)
633 continue;
634
635 switch (cmsg->cmsg_type) {
1ab1457c
YH		 636 case IPV6_PKTINFO:
637 case IPV6_2292PKTINFO:
187e3838
YH		 638 {
639 struct net_device *dev = NULL;
640
1ab1457c 641 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
1da177e4
LT		 642 err = -EINVAL;
643 goto exit_f;
644 }
645
646 src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg);
1ab1457c 647
1da177e4 648 if (src_info->ipi6_ifindex) {
4c9483b2
DM		 649 if (fl6->flowi6_oif &&
650 src_info->ipi6_ifindex != fl6->flowi6_oif)
1da177e4 651 return -EINVAL;
4c9483b2 652 fl6->flowi6_oif = src_info->ipi6_ifindex;
1da177e4
LT		 653 }
654
187e3838 655 addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
1da177e4 656
536b2e92 657 rcu_read_lock();
4c9483b2
DM		 658 if (fl6->flowi6_oif) {
659 dev = dev_get_by_index_rcu(net, fl6->flowi6_oif);
536b2e92
ED		 660 if (!dev) {
661 rcu_read_unlock();
187e3838 662 return -ENODEV;
536b2e92
ED		 663 }
664 } else if (addr_type & IPV6_ADDR_LINKLOCAL) {
665 rcu_read_unlock();
187e3838 666 return -EINVAL;
536b2e92 667 }
1ab1457c 668
187e3838
YH		 669 if (addr_type != IPV6_ADDR_ANY) {
670 int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
2563fa59 671 if (!(inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
ec0506db 672 !ipv6_chk_addr(net, &src_info->ipi6_addr,
187e3838
YH		 673 strict ? dev : NULL, 0))
674 err = -EINVAL;
675 else
4e3fd7a0 676 fl6->saddr = src_info->ipi6_addr;
1da177e4 677 }
187e3838 678
536b2e92 679 rcu_read_unlock();
1da177e4 680
187e3838
YH		 681 if (err)
682 goto exit_f;
683
1da177e4 684 break;
187e3838 685 }
1da177e4
LT		 686
687 case IPV6_FLOWINFO:
1ab1457c 688 if (cmsg->cmsg_len < CMSG_LEN(4)) {
1da177e4
LT		 689 err = -EINVAL;
690 goto exit_f;
691 }
692
4c9483b2
DM		 693 if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
694 if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) {
1da177e4
LT		 695 err = -EINVAL;
696 goto exit_f;
697 }
698 }
4c9483b2 699 fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg);
1da177e4
LT		 700 break;
701
333fad53 702 case IPV6_2292HOPOPTS:
1da177e4 703 case IPV6_HOPOPTS:
1ab1457c 704 if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
1da177e4
LT		 705 err = -EINVAL;
706 goto exit_f;
707 }
708
709 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
710 len = ((hdr->hdrlen + 1) << 3);
711 if (cmsg->cmsg_len < CMSG_LEN(len)) {
712 err = -EINVAL;
713 goto exit_f;
714 }
af31f412 715 if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
1da177e4
LT		 716 err = -EPERM;
717 goto exit_f;
718 }
719 opt->opt_nflen += len;
720 opt->hopopt = hdr;
721 break;
722
333fad53 723 case IPV6_2292DSTOPTS:
1ab1457c 724 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
1da177e4
LT		 725 err = -EINVAL;
726 goto exit_f;
727 }
728
729 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
730 len = ((hdr->hdrlen + 1) << 3);
731 if (cmsg->cmsg_len < CMSG_LEN(len)) {
732 err = -EINVAL;
733 goto exit_f;
734 }
af31f412 735 if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
1da177e4
LT		 736 err = -EPERM;
737 goto exit_f;
738 }
739 if (opt->dst1opt) {
740 err = -EINVAL;
741 goto exit_f;
742 }
743 opt->opt_flen += len;
744 opt->dst1opt = hdr;
745 break;
746
333fad53
YH		 747 case IPV6_DSTOPTS:
748 case IPV6_RTHDRDSTOPTS:
749 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
750 err = -EINVAL;
751 goto exit_f;
752 }
753
754 hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg);
755 len = ((hdr->hdrlen + 1) << 3);
756 if (cmsg->cmsg_len < CMSG_LEN(len)) {
757 err = -EINVAL;
758 goto exit_f;
759 }
af31f412 760 if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
333fad53
YH		 761 err = -EPERM;
762 goto exit_f;
763 }
764 if (cmsg->cmsg_type == IPV6_DSTOPTS) {
765 opt->opt_flen += len;
766 opt->dst1opt = hdr;
767 } else {
768 opt->opt_nflen += len;
769 opt->dst0opt = hdr;
770 }
771 break;
772
773 case IPV6_2292RTHDR:
1da177e4 774 case IPV6_RTHDR:
1ab1457c 775 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_rt_hdr))) {
1da177e4
LT		 776 err = -EINVAL;
777 goto exit_f;
778 }
779
780 rthdr = (struct ipv6_rt_hdr *)CMSG_DATA(cmsg);
781
280a9d34 782 switch (rthdr->type) {
07a93626 783#if IS_ENABLED(CONFIG_IPV6_MIP6)
280a9d34 784 case IPV6_SRCRT_TYPE_2:
6e093d9d
BH		 785 if (rthdr->hdrlen != 2 ||
786 rthdr->segments_left != 1) {
787 err = -EINVAL;
788 goto exit_f;
789 }
280a9d34 790 break;
bb4dbf9e 791#endif
280a9d34 792 default:
1da177e4
LT		 793 err = -EINVAL;
794 goto exit_f;
795 }
796
797 len = ((rthdr->hdrlen + 1) << 3);
798
1ab1457c 799 if (cmsg->cmsg_len < CMSG_LEN(len)) {
1da177e4
LT		 800 err = -EINVAL;
801 goto exit_f;
802 }
803
804 /* segments left must also match */
805 if ((rthdr->hdrlen >> 1) != rthdr->segments_left) {
806 err = -EINVAL;
807 goto exit_f;
808 }
809
810 opt->opt_nflen += len;
811 opt->srcrt = rthdr;
812
333fad53 813 if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) {
1da177e4
LT		 814 int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3);
815
816 opt->opt_nflen += dsthdrlen;
817 opt->dst0opt = opt->dst1opt;
818 opt->dst1opt = NULL;
819 opt->opt_flen -= dsthdrlen;
820 }
821
822 break;
823
333fad53 824 case IPV6_2292HOPLIMIT:
1da177e4
LT		 825 case IPV6_HOPLIMIT:
826 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
827 err = -EINVAL;
828 goto exit_f;
829 }
830
831 *hlimit = *(int *)CMSG_DATA(cmsg);
e8766fc8
SW		 832 if (*hlimit < -1 || *hlimit > 0xff) {
833 err = -EINVAL;
834 goto exit_f;
835 }
836
1da177e4
LT		 837 break;
838
41a1f8ea
YH		 839 case IPV6_TCLASS:
840 {
841 int tc;
842
843 err = -EINVAL;
b5a4257c 844 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
41a1f8ea 845 goto exit_f;
41a1f8ea
YH		 846
847 tc = *(int *)CMSG_DATA(cmsg);
d0ee011f 848 if (tc < -1 || tc > 0xff)
41a1f8ea
YH		 849 goto exit_f;
850
851 err = 0;
852 *tclass = tc;
853
13b52cd4
BH		 854 break;
855 }
856
857 case IPV6_DONTFRAG:
858 {
859 int df;
860
861 err = -EINVAL;
b5a4257c 862 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
13b52cd4 863 goto exit_f;
13b52cd4
BH		 864
865 df = *(int *)CMSG_DATA(cmsg);
866 if (df < 0 || df > 1)
867 goto exit_f;
868
869 err = 0;
870 *dontfrag = df;
871
41a1f8ea
YH		 872 break;
873 }
1da177e4 874 default:
64ce2073 875 LIMIT_NETDEBUG(KERN_DEBUG "invalid cmsg type: %d\n",
1ab1457c 876 cmsg->cmsg_type);
1da177e4 877 err = -EINVAL;
4a36702e 878 goto exit_f;
3ff50b79 879 }
1da177e4
LT		 880 }
881
882exit_f:
883 return err;
884}
73df66f8 885EXPORT_SYMBOL_GPL(ip6_datagram_send_ctl);
17ef66af
LC		 886
887void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
888 __u16 srcp, __u16 destp, int bucket)
889{
17ef66af
LC		 890 const struct in6_addr *dest, *src;
891
efe4208f
ED		 892 dest = &sp->sk_v6_daddr;
893 src = &sp->sk_v6_rcv_saddr;
17ef66af
LC		 894 seq_printf(seq,
895 "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 896 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %d\n",
17ef66af
LC		 897 bucket,
898 src->s6_addr32[0], src->s6_addr32[1],
899 src->s6_addr32[2], src->s6_addr32[3], srcp,
900 dest->s6_addr32[0], dest->s6_addr32[1],
901 dest->s6_addr32[2], dest->s6_addr32[3], destp,
902 sp->sk_state,
903 sk_wmem_alloc_get(sp),
904 sk_rmem_alloc_get(sp),
905 0, 0L, 0,
906 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
907 0,
908 sock_i_ino(sp),
909 atomic_read(&sp->sk_refcnt), sp,
910 atomic_read(&sp->sk_drops));
911}
Linux kernel - Deliverables
This page took 1.246978 seconds and 5 git commands to generate.