ip_sockglue.c revision 7b2ff18ee7b0ec4bc3162f821e221781aaca48bd
1/* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * The IP to API glue. 7 * 8 * Authors: see ip.c 9 * 10 * Fixes: 11 * Many : Split from ip.c , see ip.c for history. 12 * Martin Mares : TOS setting fixed. 13 * Alan Cox : Fixed a couple of oopses in Martin's 14 * TOS tweaks. 15 * Mike McLagan : Routing by source 16 */ 17 18#include <linux/module.h> 19#include <linux/types.h> 20#include <linux/mm.h> 21#include <linux/skbuff.h> 22#include <linux/ip.h> 23#include <linux/icmp.h> 24#include <linux/inetdevice.h> 25#include <linux/netdevice.h> 26#include <linux/slab.h> 27#include <net/sock.h> 28#include <net/ip.h> 29#include <net/icmp.h> 30#include <net/tcp_states.h> 31#include <linux/udp.h> 32#include <linux/igmp.h> 33#include <linux/netfilter.h> 34#include <linux/route.h> 35#include <linux/mroute.h> 36#include <net/route.h> 37#include <net/xfrm.h> 38#include <net/compat.h> 39#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 40#include <net/transp_v6.h> 41#endif 42 43#include <linux/errqueue.h> 44#include <asm/uaccess.h> 45 46#define IP_CMSG_PKTINFO 1 47#define IP_CMSG_TTL 2 48#define IP_CMSG_TOS 4 49#define IP_CMSG_RECVOPTS 8 50#define IP_CMSG_RETOPTS 16 51#define IP_CMSG_PASSSEC 32 52#define IP_CMSG_ORIGDSTADDR 64 53 54/* 55 * SOL_IP control messages. 56 */ 57 58static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb) 59{ 60 struct in_pktinfo info; 61 struct rtable *rt = skb_rtable(skb); 62 63 info.ipi_addr.s_addr = ip_hdr(skb)->daddr; 64 if (rt) { 65 info.ipi_ifindex = rt->rt_iif; 66 info.ipi_spec_dst.s_addr = rt->rt_spec_dst; 67 } else { 68 info.ipi_ifindex = 0; 69 info.ipi_spec_dst.s_addr = 0; 70 } 71 72 put_cmsg(msg, SOL_IP, IP_PKTINFO, sizeof(info), &info); 73} 74 75static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb) 76{ 77 int ttl = ip_hdr(skb)->ttl; 78 put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl); 79} 80 81static void ip_cmsg_recv_tos(struct msghdr *msg, struct sk_buff *skb) 82{ 83 put_cmsg(msg, SOL_IP, IP_TOS, 1, &ip_hdr(skb)->tos); 84} 85 86static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb) 87{ 88 if (IPCB(skb)->opt.optlen == 0) 89 return; 90 91 put_cmsg(msg, SOL_IP, IP_RECVOPTS, IPCB(skb)->opt.optlen, 92 ip_hdr(skb) + 1); 93} 94 95 96static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb) 97{ 98 unsigned char optbuf[sizeof(struct ip_options) + 40]; 99 struct ip_options * opt = (struct ip_options *)optbuf; 100 101 if (IPCB(skb)->opt.optlen == 0) 102 return; 103 104 if (ip_options_echo(opt, skb)) { 105 msg->msg_flags |= MSG_CTRUNC; 106 return; 107 } 108 ip_options_undo(opt); 109 110 put_cmsg(msg, SOL_IP, IP_RETOPTS, opt->optlen, opt->__data); 111} 112 113static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) 114{ 115 char *secdata; 116 u32 seclen, secid; 117 int err; 118 119 err = security_socket_getpeersec_dgram(NULL, skb, &secid); 120 if (err) 121 return; 122 123 err = security_secid_to_secctx(secid, &secdata, &seclen); 124 if (err) 125 return; 126 127 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); 128 security_release_secctx(secdata, seclen); 129} 130 131static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) 132{ 133 struct sockaddr_in sin; 134 struct iphdr *iph = ip_hdr(skb); 135 __be16 *ports = (__be16 *)skb_transport_header(skb); 136 137 if (skb_transport_offset(skb) + 4 > skb->len) 138 return; 139 140 /* All current transport protocols have the port numbers in the 141 * first four bytes of the transport header and this function is 142 * written with this assumption in mind. 143 */ 144 145 sin.sin_family = AF_INET; 146 sin.sin_addr.s_addr = iph->daddr; 147 sin.sin_port = ports[1]; 148 memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); 149 150 put_cmsg(msg, SOL_IP, IP_ORIGDSTADDR, sizeof(sin), &sin); 151} 152 153void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb) 154{ 155 struct inet_sock *inet = inet_sk(skb->sk); 156 unsigned flags = inet->cmsg_flags; 157 158 /* Ordered by supposed usage frequency */ 159 if (flags & 1) 160 ip_cmsg_recv_pktinfo(msg, skb); 161 if ((flags >>= 1) == 0) 162 return; 163 164 if (flags & 1) 165 ip_cmsg_recv_ttl(msg, skb); 166 if ((flags >>= 1) == 0) 167 return; 168 169 if (flags & 1) 170 ip_cmsg_recv_tos(msg, skb); 171 if ((flags >>= 1) == 0) 172 return; 173 174 if (flags & 1) 175 ip_cmsg_recv_opts(msg, skb); 176 if ((flags >>= 1) == 0) 177 return; 178 179 if (flags & 1) 180 ip_cmsg_recv_retopts(msg, skb); 181 if ((flags >>= 1) == 0) 182 return; 183 184 if (flags & 1) 185 ip_cmsg_recv_security(msg, skb); 186 187 if ((flags >>= 1) == 0) 188 return; 189 if (flags & 1) 190 ip_cmsg_recv_dstaddr(msg, skb); 191 192} 193EXPORT_SYMBOL(ip_cmsg_recv); 194 195int ip_cmsg_send(struct net *net, struct msghdr *msg, struct ipcm_cookie *ipc) 196{ 197 int err; 198 struct cmsghdr *cmsg; 199 200 for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { 201 if (!CMSG_OK(msg, cmsg)) 202 return -EINVAL; 203 if (cmsg->cmsg_level != SOL_IP) 204 continue; 205 switch (cmsg->cmsg_type) { 206 case IP_RETOPTS: 207 err = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)); 208 err = ip_options_get(net, &ipc->opt, CMSG_DATA(cmsg), 209 err < 40 ? err : 40); 210 if (err) 211 return err; 212 break; 213 case IP_PKTINFO: 214 { 215 struct in_pktinfo *info; 216 if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo))) 217 return -EINVAL; 218 info = (struct in_pktinfo *)CMSG_DATA(cmsg); 219 ipc->oif = info->ipi_ifindex; 220 ipc->addr = info->ipi_spec_dst.s_addr; 221 break; 222 } 223 default: 224 return -EINVAL; 225 } 226 } 227 return 0; 228} 229 230 231/* Special input handler for packets caught by router alert option. 232 They are selected only by protocol field, and then processed likely 233 local ones; but only if someone wants them! Otherwise, router 234 not running rsvpd will kill RSVP. 235 236 It is user level problem, what it will make with them. 237 I have no idea, how it will masquearde or NAT them (it is joke, joke :-)), 238 but receiver should be enough clever f.e. to forward mtrace requests, 239 sent to multicast group to reach destination designated router. 240 */ 241struct ip_ra_chain *ip_ra_chain; 242static DEFINE_SPINLOCK(ip_ra_lock); 243 244 245static void ip_ra_destroy_rcu(struct rcu_head *head) 246{ 247 struct ip_ra_chain *ra = container_of(head, struct ip_ra_chain, rcu); 248 249 sock_put(ra->saved_sk); 250 kfree(ra); 251} 252 253int ip_ra_control(struct sock *sk, unsigned char on, 254 void (*destructor)(struct sock *)) 255{ 256 struct ip_ra_chain *ra, *new_ra, **rap; 257 258 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num == IPPROTO_RAW) 259 return -EINVAL; 260 261 new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 262 263 spin_lock_bh(&ip_ra_lock); 264 for (rap = &ip_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { 265 if (ra->sk == sk) { 266 if (on) { 267 spin_unlock_bh(&ip_ra_lock); 268 kfree(new_ra); 269 return -EADDRINUSE; 270 } 271 /* dont let ip_call_ra_chain() use sk again */ 272 ra->sk = NULL; 273 rcu_assign_pointer(*rap, ra->next); 274 spin_unlock_bh(&ip_ra_lock); 275 276 if (ra->destructor) 277 ra->destructor(sk); 278 /* 279 * Delay sock_put(sk) and kfree(ra) after one rcu grace 280 * period. This guarantee ip_call_ra_chain() dont need 281 * to mess with socket refcounts. 282 */ 283 ra->saved_sk = sk; 284 call_rcu(&ra->rcu, ip_ra_destroy_rcu); 285 return 0; 286 } 287 } 288 if (new_ra == NULL) { 289 spin_unlock_bh(&ip_ra_lock); 290 return -ENOBUFS; 291 } 292 new_ra->sk = sk; 293 new_ra->destructor = destructor; 294 295 new_ra->next = ra; 296 rcu_assign_pointer(*rap, new_ra); 297 sock_hold(sk); 298 spin_unlock_bh(&ip_ra_lock); 299 300 return 0; 301} 302 303void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err, 304 __be16 port, u32 info, u8 *payload) 305{ 306 struct sock_exterr_skb *serr; 307 308 skb = skb_clone(skb, GFP_ATOMIC); 309 if (!skb) 310 return; 311 312 serr = SKB_EXT_ERR(skb); 313 serr->ee.ee_errno = err; 314 serr->ee.ee_origin = SO_EE_ORIGIN_ICMP; 315 serr->ee.ee_type = icmp_hdr(skb)->type; 316 serr->ee.ee_code = icmp_hdr(skb)->code; 317 serr->ee.ee_pad = 0; 318 serr->ee.ee_info = info; 319 serr->ee.ee_data = 0; 320 serr->addr_offset = (u8 *)&(((struct iphdr *)(icmp_hdr(skb) + 1))->daddr) - 321 skb_network_header(skb); 322 serr->port = port; 323 324 if (skb_pull(skb, payload - skb->data) != NULL) { 325 skb_reset_transport_header(skb); 326 if (sock_queue_err_skb(sk, skb) == 0) 327 return; 328 } 329 kfree_skb(skb); 330} 331 332void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 info) 333{ 334 struct inet_sock *inet = inet_sk(sk); 335 struct sock_exterr_skb *serr; 336 struct iphdr *iph; 337 struct sk_buff *skb; 338 339 if (!inet->recverr) 340 return; 341 342 skb = alloc_skb(sizeof(struct iphdr), GFP_ATOMIC); 343 if (!skb) 344 return; 345 346 skb_put(skb, sizeof(struct iphdr)); 347 skb_reset_network_header(skb); 348 iph = ip_hdr(skb); 349 iph->daddr = daddr; 350 351 serr = SKB_EXT_ERR(skb); 352 serr->ee.ee_errno = err; 353 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 354 serr->ee.ee_type = 0; 355 serr->ee.ee_code = 0; 356 serr->ee.ee_pad = 0; 357 serr->ee.ee_info = info; 358 serr->ee.ee_data = 0; 359 serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb); 360 serr->port = port; 361 362 __skb_pull(skb, skb_tail_pointer(skb) - skb->data); 363 skb_reset_transport_header(skb); 364 365 if (sock_queue_err_skb(sk, skb)) 366 kfree_skb(skb); 367} 368 369/* 370 * Handle MSG_ERRQUEUE 371 */ 372int ip_recv_error(struct sock *sk, struct msghdr *msg, int len) 373{ 374 struct sock_exterr_skb *serr; 375 struct sk_buff *skb, *skb2; 376 struct sockaddr_in *sin; 377 struct { 378 struct sock_extended_err ee; 379 struct sockaddr_in offender; 380 } errhdr; 381 int err; 382 int copied; 383 384 err = -EAGAIN; 385 skb = skb_dequeue(&sk->sk_error_queue); 386 if (skb == NULL) 387 goto out; 388 389 copied = skb->len; 390 if (copied > len) { 391 msg->msg_flags |= MSG_TRUNC; 392 copied = len; 393 } 394 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 395 if (err) 396 goto out_free_skb; 397 398 sock_recv_timestamp(msg, sk, skb); 399 400 serr = SKB_EXT_ERR(skb); 401 402 sin = (struct sockaddr_in *)msg->msg_name; 403 if (sin) { 404 sin->sin_family = AF_INET; 405 sin->sin_addr.s_addr = *(__be32 *)(skb_network_header(skb) + 406 serr->addr_offset); 407 sin->sin_port = serr->port; 408 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 409 } 410 411 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); 412 sin = &errhdr.offender; 413 sin->sin_family = AF_UNSPEC; 414 if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) { 415 struct inet_sock *inet = inet_sk(sk); 416 417 sin->sin_family = AF_INET; 418 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 419 sin->sin_port = 0; 420 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 421 if (inet->cmsg_flags) 422 ip_cmsg_recv(msg, skb); 423 } 424 425 put_cmsg(msg, SOL_IP, IP_RECVERR, sizeof(errhdr), &errhdr); 426 427 /* Now we could try to dump offended packet options */ 428 429 msg->msg_flags |= MSG_ERRQUEUE; 430 err = copied; 431 432 /* Reset and regenerate socket error */ 433 spin_lock_bh(&sk->sk_error_queue.lock); 434 sk->sk_err = 0; 435 skb2 = skb_peek(&sk->sk_error_queue); 436 if (skb2 != NULL) { 437 sk->sk_err = SKB_EXT_ERR(skb2)->ee.ee_errno; 438 spin_unlock_bh(&sk->sk_error_queue.lock); 439 sk->sk_error_report(sk); 440 } else 441 spin_unlock_bh(&sk->sk_error_queue.lock); 442 443out_free_skb: 444 kfree_skb(skb); 445out: 446 return err; 447} 448 449 450/* 451 * Socket option code for IP. This is the end of the line after any 452 * TCP,UDP etc options on an IP socket. 453 */ 454 455static int do_ip_setsockopt(struct sock *sk, int level, 456 int optname, char __user *optval, unsigned int optlen) 457{ 458 struct inet_sock *inet = inet_sk(sk); 459 int val = 0, err; 460 461 if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) | 462 (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) | 463 (1<<IP_RETOPTS) | (1<<IP_TOS) | 464 (1<<IP_TTL) | (1<<IP_HDRINCL) | 465 (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) | 466 (1<<IP_ROUTER_ALERT) | (1<<IP_FREEBIND) | 467 (1<<IP_PASSSEC) | (1<<IP_TRANSPARENT) | 468 (1<<IP_MINTTL) | (1<<IP_NODEFRAG))) || 469 optname == IP_MULTICAST_TTL || 470 optname == IP_MULTICAST_ALL || 471 optname == IP_MULTICAST_LOOP || 472 optname == IP_RECVORIGDSTADDR) { 473 if (optlen >= sizeof(int)) { 474 if (get_user(val, (int __user *) optval)) 475 return -EFAULT; 476 } else if (optlen >= sizeof(char)) { 477 unsigned char ucval; 478 479 if (get_user(ucval, (unsigned char __user *) optval)) 480 return -EFAULT; 481 val = (int) ucval; 482 } 483 } 484 485 /* If optlen==0, it is equivalent to val == 0 */ 486 487 if (ip_mroute_opt(optname)) 488 return ip_mroute_setsockopt(sk, optname, optval, optlen); 489 490 err = 0; 491 lock_sock(sk); 492 493 switch (optname) { 494 case IP_OPTIONS: 495 { 496 struct ip_options *opt = NULL; 497 if (optlen > 40) 498 goto e_inval; 499 err = ip_options_get_from_user(sock_net(sk), &opt, 500 optval, optlen); 501 if (err) 502 break; 503 if (inet->is_icsk) { 504 struct inet_connection_sock *icsk = inet_csk(sk); 505#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 506 if (sk->sk_family == PF_INET || 507 (!((1 << sk->sk_state) & 508 (TCPF_LISTEN | TCPF_CLOSE)) && 509 inet->inet_daddr != LOOPBACK4_IPV6)) { 510#endif 511 if (inet->opt) 512 icsk->icsk_ext_hdr_len -= inet->opt->optlen; 513 if (opt) 514 icsk->icsk_ext_hdr_len += opt->optlen; 515 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); 516#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 517 } 518#endif 519 } 520 opt = xchg(&inet->opt, opt); 521 kfree(opt); 522 break; 523 } 524 case IP_PKTINFO: 525 if (val) 526 inet->cmsg_flags |= IP_CMSG_PKTINFO; 527 else 528 inet->cmsg_flags &= ~IP_CMSG_PKTINFO; 529 break; 530 case IP_RECVTTL: 531 if (val) 532 inet->cmsg_flags |= IP_CMSG_TTL; 533 else 534 inet->cmsg_flags &= ~IP_CMSG_TTL; 535 break; 536 case IP_RECVTOS: 537 if (val) 538 inet->cmsg_flags |= IP_CMSG_TOS; 539 else 540 inet->cmsg_flags &= ~IP_CMSG_TOS; 541 break; 542 case IP_RECVOPTS: 543 if (val) 544 inet->cmsg_flags |= IP_CMSG_RECVOPTS; 545 else 546 inet->cmsg_flags &= ~IP_CMSG_RECVOPTS; 547 break; 548 case IP_RETOPTS: 549 if (val) 550 inet->cmsg_flags |= IP_CMSG_RETOPTS; 551 else 552 inet->cmsg_flags &= ~IP_CMSG_RETOPTS; 553 break; 554 case IP_PASSSEC: 555 if (val) 556 inet->cmsg_flags |= IP_CMSG_PASSSEC; 557 else 558 inet->cmsg_flags &= ~IP_CMSG_PASSSEC; 559 break; 560 case IP_RECVORIGDSTADDR: 561 if (val) 562 inet->cmsg_flags |= IP_CMSG_ORIGDSTADDR; 563 else 564 inet->cmsg_flags &= ~IP_CMSG_ORIGDSTADDR; 565 break; 566 case IP_TOS: /* This sets both TOS and Precedence */ 567 if (sk->sk_type == SOCK_STREAM) { 568 val &= ~3; 569 val |= inet->tos & 3; 570 } 571 if (inet->tos != val) { 572 inet->tos = val; 573 sk->sk_priority = rt_tos2priority(val); 574 sk_dst_reset(sk); 575 } 576 break; 577 case IP_TTL: 578 if (optlen < 1) 579 goto e_inval; 580 if (val != -1 && (val < 0 || val > 255)) 581 goto e_inval; 582 inet->uc_ttl = val; 583 break; 584 case IP_HDRINCL: 585 if (sk->sk_type != SOCK_RAW) { 586 err = -ENOPROTOOPT; 587 break; 588 } 589 inet->hdrincl = val ? 1 : 0; 590 break; 591 case IP_NODEFRAG: 592 if (sk->sk_type != SOCK_RAW) { 593 err = -ENOPROTOOPT; 594 break; 595 } 596 inet->nodefrag = val ? 1 : 0; 597 break; 598 case IP_MTU_DISCOVER: 599 if (val < IP_PMTUDISC_DONT || val > IP_PMTUDISC_PROBE) 600 goto e_inval; 601 inet->pmtudisc = val; 602 break; 603 case IP_RECVERR: 604 inet->recverr = !!val; 605 if (!val) 606 skb_queue_purge(&sk->sk_error_queue); 607 break; 608 case IP_MULTICAST_TTL: 609 if (sk->sk_type == SOCK_STREAM) 610 goto e_inval; 611 if (optlen < 1) 612 goto e_inval; 613 if (val == -1) 614 val = 1; 615 if (val < 0 || val > 255) 616 goto e_inval; 617 inet->mc_ttl = val; 618 break; 619 case IP_MULTICAST_LOOP: 620 if (optlen < 1) 621 goto e_inval; 622 inet->mc_loop = !!val; 623 break; 624 case IP_MULTICAST_IF: 625 { 626 struct ip_mreqn mreq; 627 struct net_device *dev = NULL; 628 629 if (sk->sk_type == SOCK_STREAM) 630 goto e_inval; 631 /* 632 * Check the arguments are allowable 633 */ 634 635 if (optlen < sizeof(struct in_addr)) 636 goto e_inval; 637 638 err = -EFAULT; 639 if (optlen >= sizeof(struct ip_mreqn)) { 640 if (copy_from_user(&mreq, optval, sizeof(mreq))) 641 break; 642 } else { 643 memset(&mreq, 0, sizeof(mreq)); 644 if (optlen >= sizeof(struct in_addr) && 645 copy_from_user(&mreq.imr_address, optval, 646 sizeof(struct in_addr))) 647 break; 648 } 649 650 if (!mreq.imr_ifindex) { 651 if (mreq.imr_address.s_addr == htonl(INADDR_ANY)) { 652 inet->mc_index = 0; 653 inet->mc_addr = 0; 654 err = 0; 655 break; 656 } 657 dev = ip_dev_find(sock_net(sk), mreq.imr_address.s_addr); 658 if (dev) 659 mreq.imr_ifindex = dev->ifindex; 660 } else 661 dev = dev_get_by_index(sock_net(sk), mreq.imr_ifindex); 662 663 664 err = -EADDRNOTAVAIL; 665 if (!dev) 666 break; 667 dev_put(dev); 668 669 err = -EINVAL; 670 if (sk->sk_bound_dev_if && 671 mreq.imr_ifindex != sk->sk_bound_dev_if) 672 break; 673 674 inet->mc_index = mreq.imr_ifindex; 675 inet->mc_addr = mreq.imr_address.s_addr; 676 err = 0; 677 break; 678 } 679 680 case IP_ADD_MEMBERSHIP: 681 case IP_DROP_MEMBERSHIP: 682 { 683 struct ip_mreqn mreq; 684 685 err = -EPROTO; 686 if (inet_sk(sk)->is_icsk) 687 break; 688 689 if (optlen < sizeof(struct ip_mreq)) 690 goto e_inval; 691 err = -EFAULT; 692 if (optlen >= sizeof(struct ip_mreqn)) { 693 if (copy_from_user(&mreq, optval, sizeof(mreq))) 694 break; 695 } else { 696 memset(&mreq, 0, sizeof(mreq)); 697 if (copy_from_user(&mreq, optval, sizeof(struct ip_mreq))) 698 break; 699 } 700 701 if (optname == IP_ADD_MEMBERSHIP) 702 err = ip_mc_join_group(sk, &mreq); 703 else 704 err = ip_mc_leave_group(sk, &mreq); 705 break; 706 } 707 case IP_MSFILTER: 708 { 709 struct ip_msfilter *msf; 710 711 if (optlen < IP_MSFILTER_SIZE(0)) 712 goto e_inval; 713 if (optlen > sysctl_optmem_max) { 714 err = -ENOBUFS; 715 break; 716 } 717 msf = kmalloc(optlen, GFP_KERNEL); 718 if (!msf) { 719 err = -ENOBUFS; 720 break; 721 } 722 err = -EFAULT; 723 if (copy_from_user(msf, optval, optlen)) { 724 kfree(msf); 725 break; 726 } 727 /* numsrc >= (1G-4) overflow in 32 bits */ 728 if (msf->imsf_numsrc >= 0x3ffffffcU || 729 msf->imsf_numsrc > sysctl_igmp_max_msf) { 730 kfree(msf); 731 err = -ENOBUFS; 732 break; 733 } 734 if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) { 735 kfree(msf); 736 err = -EINVAL; 737 break; 738 } 739 err = ip_mc_msfilter(sk, msf, 0); 740 kfree(msf); 741 break; 742 } 743 case IP_BLOCK_SOURCE: 744 case IP_UNBLOCK_SOURCE: 745 case IP_ADD_SOURCE_MEMBERSHIP: 746 case IP_DROP_SOURCE_MEMBERSHIP: 747 { 748 struct ip_mreq_source mreqs; 749 int omode, add; 750 751 if (optlen != sizeof(struct ip_mreq_source)) 752 goto e_inval; 753 if (copy_from_user(&mreqs, optval, sizeof(mreqs))) { 754 err = -EFAULT; 755 break; 756 } 757 if (optname == IP_BLOCK_SOURCE) { 758 omode = MCAST_EXCLUDE; 759 add = 1; 760 } else if (optname == IP_UNBLOCK_SOURCE) { 761 omode = MCAST_EXCLUDE; 762 add = 0; 763 } else if (optname == IP_ADD_SOURCE_MEMBERSHIP) { 764 struct ip_mreqn mreq; 765 766 mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr; 767 mreq.imr_address.s_addr = mreqs.imr_interface; 768 mreq.imr_ifindex = 0; 769 err = ip_mc_join_group(sk, &mreq); 770 if (err && err != -EADDRINUSE) 771 break; 772 omode = MCAST_INCLUDE; 773 add = 1; 774 } else /* IP_DROP_SOURCE_MEMBERSHIP */ { 775 omode = MCAST_INCLUDE; 776 add = 0; 777 } 778 err = ip_mc_source(add, omode, sk, &mreqs, 0); 779 break; 780 } 781 case MCAST_JOIN_GROUP: 782 case MCAST_LEAVE_GROUP: 783 { 784 struct group_req greq; 785 struct sockaddr_in *psin; 786 struct ip_mreqn mreq; 787 788 if (optlen < sizeof(struct group_req)) 789 goto e_inval; 790 err = -EFAULT; 791 if (copy_from_user(&greq, optval, sizeof(greq))) 792 break; 793 psin = (struct sockaddr_in *)&greq.gr_group; 794 if (psin->sin_family != AF_INET) 795 goto e_inval; 796 memset(&mreq, 0, sizeof(mreq)); 797 mreq.imr_multiaddr = psin->sin_addr; 798 mreq.imr_ifindex = greq.gr_interface; 799 800 if (optname == MCAST_JOIN_GROUP) 801 err = ip_mc_join_group(sk, &mreq); 802 else 803 err = ip_mc_leave_group(sk, &mreq); 804 break; 805 } 806 case MCAST_JOIN_SOURCE_GROUP: 807 case MCAST_LEAVE_SOURCE_GROUP: 808 case MCAST_BLOCK_SOURCE: 809 case MCAST_UNBLOCK_SOURCE: 810 { 811 struct group_source_req greqs; 812 struct ip_mreq_source mreqs; 813 struct sockaddr_in *psin; 814 int omode, add; 815 816 if (optlen != sizeof(struct group_source_req)) 817 goto e_inval; 818 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 819 err = -EFAULT; 820 break; 821 } 822 if (greqs.gsr_group.ss_family != AF_INET || 823 greqs.gsr_source.ss_family != AF_INET) { 824 err = -EADDRNOTAVAIL; 825 break; 826 } 827 psin = (struct sockaddr_in *)&greqs.gsr_group; 828 mreqs.imr_multiaddr = psin->sin_addr.s_addr; 829 psin = (struct sockaddr_in *)&greqs.gsr_source; 830 mreqs.imr_sourceaddr = psin->sin_addr.s_addr; 831 mreqs.imr_interface = 0; /* use index for mc_source */ 832 833 if (optname == MCAST_BLOCK_SOURCE) { 834 omode = MCAST_EXCLUDE; 835 add = 1; 836 } else if (optname == MCAST_UNBLOCK_SOURCE) { 837 omode = MCAST_EXCLUDE; 838 add = 0; 839 } else if (optname == MCAST_JOIN_SOURCE_GROUP) { 840 struct ip_mreqn mreq; 841 842 psin = (struct sockaddr_in *)&greqs.gsr_group; 843 mreq.imr_multiaddr = psin->sin_addr; 844 mreq.imr_address.s_addr = 0; 845 mreq.imr_ifindex = greqs.gsr_interface; 846 err = ip_mc_join_group(sk, &mreq); 847 if (err && err != -EADDRINUSE) 848 break; 849 greqs.gsr_interface = mreq.imr_ifindex; 850 omode = MCAST_INCLUDE; 851 add = 1; 852 } else /* MCAST_LEAVE_SOURCE_GROUP */ { 853 omode = MCAST_INCLUDE; 854 add = 0; 855 } 856 err = ip_mc_source(add, omode, sk, &mreqs, 857 greqs.gsr_interface); 858 break; 859 } 860 case MCAST_MSFILTER: 861 { 862 struct sockaddr_in *psin; 863 struct ip_msfilter *msf = NULL; 864 struct group_filter *gsf = NULL; 865 int msize, i, ifindex; 866 867 if (optlen < GROUP_FILTER_SIZE(0)) 868 goto e_inval; 869 if (optlen > sysctl_optmem_max) { 870 err = -ENOBUFS; 871 break; 872 } 873 gsf = kmalloc(optlen, GFP_KERNEL); 874 if (!gsf) { 875 err = -ENOBUFS; 876 break; 877 } 878 err = -EFAULT; 879 if (copy_from_user(gsf, optval, optlen)) 880 goto mc_msf_out; 881 882 /* numsrc >= (4G-140)/128 overflow in 32 bits */ 883 if (gsf->gf_numsrc >= 0x1ffffff || 884 gsf->gf_numsrc > sysctl_igmp_max_msf) { 885 err = -ENOBUFS; 886 goto mc_msf_out; 887 } 888 if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { 889 err = -EINVAL; 890 goto mc_msf_out; 891 } 892 msize = IP_MSFILTER_SIZE(gsf->gf_numsrc); 893 msf = kmalloc(msize, GFP_KERNEL); 894 if (!msf) { 895 err = -ENOBUFS; 896 goto mc_msf_out; 897 } 898 ifindex = gsf->gf_interface; 899 psin = (struct sockaddr_in *)&gsf->gf_group; 900 if (psin->sin_family != AF_INET) { 901 err = -EADDRNOTAVAIL; 902 goto mc_msf_out; 903 } 904 msf->imsf_multiaddr = psin->sin_addr.s_addr; 905 msf->imsf_interface = 0; 906 msf->imsf_fmode = gsf->gf_fmode; 907 msf->imsf_numsrc = gsf->gf_numsrc; 908 err = -EADDRNOTAVAIL; 909 for (i = 0; i < gsf->gf_numsrc; ++i) { 910 psin = (struct sockaddr_in *)&gsf->gf_slist[i]; 911 912 if (psin->sin_family != AF_INET) 913 goto mc_msf_out; 914 msf->imsf_slist[i] = psin->sin_addr.s_addr; 915 } 916 kfree(gsf); 917 gsf = NULL; 918 919 err = ip_mc_msfilter(sk, msf, ifindex); 920mc_msf_out: 921 kfree(msf); 922 kfree(gsf); 923 break; 924 } 925 case IP_MULTICAST_ALL: 926 if (optlen < 1) 927 goto e_inval; 928 if (val != 0 && val != 1) 929 goto e_inval; 930 inet->mc_all = val; 931 break; 932 case IP_ROUTER_ALERT: 933 err = ip_ra_control(sk, val ? 1 : 0, NULL); 934 break; 935 936 case IP_FREEBIND: 937 if (optlen < 1) 938 goto e_inval; 939 inet->freebind = !!val; 940 break; 941 942 case IP_IPSEC_POLICY: 943 case IP_XFRM_POLICY: 944 err = -EPERM; 945 if (!capable(CAP_NET_ADMIN)) 946 break; 947 err = xfrm_user_policy(sk, optname, optval, optlen); 948 break; 949 950 case IP_TRANSPARENT: 951 if (!capable(CAP_NET_ADMIN)) { 952 err = -EPERM; 953 break; 954 } 955 if (optlen < 1) 956 goto e_inval; 957 inet->transparent = !!val; 958 break; 959 960 case IP_MINTTL: 961 if (optlen < 1) 962 goto e_inval; 963 if (val < 0 || val > 255) 964 goto e_inval; 965 inet->min_ttl = val; 966 break; 967 968 default: 969 err = -ENOPROTOOPT; 970 break; 971 } 972 release_sock(sk); 973 return err; 974 975e_inval: 976 release_sock(sk); 977 return -EINVAL; 978} 979 980/** 981 * ip_queue_rcv_skb - Queue an skb into sock receive queue 982 * @sk: socket 983 * @skb: buffer 984 * 985 * Queues an skb into socket receive queue. If IP_CMSG_PKTINFO option 986 * is not set, we drop skb dst entry now, while dst cache line is hot. 987 */ 988int ip_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 989{ 990 if (!(inet_sk(sk)->cmsg_flags & IP_CMSG_PKTINFO)) 991 skb_dst_drop(skb); 992 return sock_queue_rcv_skb(sk, skb); 993} 994EXPORT_SYMBOL(ip_queue_rcv_skb); 995 996int ip_setsockopt(struct sock *sk, int level, 997 int optname, char __user *optval, unsigned int optlen) 998{ 999 int err; 1000 1001 if (level != SOL_IP) 1002 return -ENOPROTOOPT; 1003 1004 err = do_ip_setsockopt(sk, level, optname, optval, optlen); 1005#ifdef CONFIG_NETFILTER 1006 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1007 if (err == -ENOPROTOOPT && optname != IP_HDRINCL && 1008 optname != IP_IPSEC_POLICY && 1009 optname != IP_XFRM_POLICY && 1010 !ip_mroute_opt(optname)) { 1011 lock_sock(sk); 1012 err = nf_setsockopt(sk, PF_INET, optname, optval, optlen); 1013 release_sock(sk); 1014 } 1015#endif 1016 return err; 1017} 1018EXPORT_SYMBOL(ip_setsockopt); 1019 1020#ifdef CONFIG_COMPAT 1021int compat_ip_setsockopt(struct sock *sk, int level, int optname, 1022 char __user *optval, unsigned int optlen) 1023{ 1024 int err; 1025 1026 if (level != SOL_IP) 1027 return -ENOPROTOOPT; 1028 1029 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER) 1030 return compat_mc_setsockopt(sk, level, optname, optval, optlen, 1031 ip_setsockopt); 1032 1033 err = do_ip_setsockopt(sk, level, optname, optval, optlen); 1034#ifdef CONFIG_NETFILTER 1035 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1036 if (err == -ENOPROTOOPT && optname != IP_HDRINCL && 1037 optname != IP_IPSEC_POLICY && 1038 optname != IP_XFRM_POLICY && 1039 !ip_mroute_opt(optname)) { 1040 lock_sock(sk); 1041 err = compat_nf_setsockopt(sk, PF_INET, optname, 1042 optval, optlen); 1043 release_sock(sk); 1044 } 1045#endif 1046 return err; 1047} 1048EXPORT_SYMBOL(compat_ip_setsockopt); 1049#endif 1050 1051/* 1052 * Get the options. Note for future reference. The GET of IP options gets 1053 * the _received_ ones. The set sets the _sent_ ones. 1054 */ 1055 1056static int do_ip_getsockopt(struct sock *sk, int level, int optname, 1057 char __user *optval, int __user *optlen) 1058{ 1059 struct inet_sock *inet = inet_sk(sk); 1060 int val; 1061 int len; 1062 1063 if (level != SOL_IP) 1064 return -EOPNOTSUPP; 1065 1066 if (ip_mroute_opt(optname)) 1067 return ip_mroute_getsockopt(sk, optname, optval, optlen); 1068 1069 if (get_user(len, optlen)) 1070 return -EFAULT; 1071 if (len < 0) 1072 return -EINVAL; 1073 1074 lock_sock(sk); 1075 1076 switch (optname) { 1077 case IP_OPTIONS: 1078 { 1079 unsigned char optbuf[sizeof(struct ip_options)+40]; 1080 struct ip_options * opt = (struct ip_options *)optbuf; 1081 opt->optlen = 0; 1082 if (inet->opt) 1083 memcpy(optbuf, inet->opt, 1084 sizeof(struct ip_options)+ 1085 inet->opt->optlen); 1086 release_sock(sk); 1087 1088 if (opt->optlen == 0) 1089 return put_user(0, optlen); 1090 1091 ip_options_undo(opt); 1092 1093 len = min_t(unsigned int, len, opt->optlen); 1094 if (put_user(len, optlen)) 1095 return -EFAULT; 1096 if (copy_to_user(optval, opt->__data, len)) 1097 return -EFAULT; 1098 return 0; 1099 } 1100 case IP_PKTINFO: 1101 val = (inet->cmsg_flags & IP_CMSG_PKTINFO) != 0; 1102 break; 1103 case IP_RECVTTL: 1104 val = (inet->cmsg_flags & IP_CMSG_TTL) != 0; 1105 break; 1106 case IP_RECVTOS: 1107 val = (inet->cmsg_flags & IP_CMSG_TOS) != 0; 1108 break; 1109 case IP_RECVOPTS: 1110 val = (inet->cmsg_flags & IP_CMSG_RECVOPTS) != 0; 1111 break; 1112 case IP_RETOPTS: 1113 val = (inet->cmsg_flags & IP_CMSG_RETOPTS) != 0; 1114 break; 1115 case IP_PASSSEC: 1116 val = (inet->cmsg_flags & IP_CMSG_PASSSEC) != 0; 1117 break; 1118 case IP_RECVORIGDSTADDR: 1119 val = (inet->cmsg_flags & IP_CMSG_ORIGDSTADDR) != 0; 1120 break; 1121 case IP_TOS: 1122 val = inet->tos; 1123 break; 1124 case IP_TTL: 1125 val = (inet->uc_ttl == -1 ? 1126 sysctl_ip_default_ttl : 1127 inet->uc_ttl); 1128 break; 1129 case IP_HDRINCL: 1130 val = inet->hdrincl; 1131 break; 1132 case IP_MTU_DISCOVER: 1133 val = inet->pmtudisc; 1134 break; 1135 case IP_MTU: 1136 { 1137 struct dst_entry *dst; 1138 val = 0; 1139 dst = sk_dst_get(sk); 1140 if (dst) { 1141 val = dst_mtu(dst); 1142 dst_release(dst); 1143 } 1144 if (!val) { 1145 release_sock(sk); 1146 return -ENOTCONN; 1147 } 1148 break; 1149 } 1150 case IP_RECVERR: 1151 val = inet->recverr; 1152 break; 1153 case IP_MULTICAST_TTL: 1154 val = inet->mc_ttl; 1155 break; 1156 case IP_MULTICAST_LOOP: 1157 val = inet->mc_loop; 1158 break; 1159 case IP_MULTICAST_IF: 1160 { 1161 struct in_addr addr; 1162 len = min_t(unsigned int, len, sizeof(struct in_addr)); 1163 addr.s_addr = inet->mc_addr; 1164 release_sock(sk); 1165 1166 if (put_user(len, optlen)) 1167 return -EFAULT; 1168 if (copy_to_user(optval, &addr, len)) 1169 return -EFAULT; 1170 return 0; 1171 } 1172 case IP_MSFILTER: 1173 { 1174 struct ip_msfilter msf; 1175 int err; 1176 1177 if (len < IP_MSFILTER_SIZE(0)) { 1178 release_sock(sk); 1179 return -EINVAL; 1180 } 1181 if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) { 1182 release_sock(sk); 1183 return -EFAULT; 1184 } 1185 err = ip_mc_msfget(sk, &msf, 1186 (struct ip_msfilter __user *)optval, optlen); 1187 release_sock(sk); 1188 return err; 1189 } 1190 case MCAST_MSFILTER: 1191 { 1192 struct group_filter gsf; 1193 int err; 1194 1195 if (len < GROUP_FILTER_SIZE(0)) { 1196 release_sock(sk); 1197 return -EINVAL; 1198 } 1199 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) { 1200 release_sock(sk); 1201 return -EFAULT; 1202 } 1203 err = ip_mc_gsfget(sk, &gsf, 1204 (struct group_filter __user *)optval, 1205 optlen); 1206 release_sock(sk); 1207 return err; 1208 } 1209 case IP_MULTICAST_ALL: 1210 val = inet->mc_all; 1211 break; 1212 case IP_PKTOPTIONS: 1213 { 1214 struct msghdr msg; 1215 1216 release_sock(sk); 1217 1218 if (sk->sk_type != SOCK_STREAM) 1219 return -ENOPROTOOPT; 1220 1221 msg.msg_control = optval; 1222 msg.msg_controllen = len; 1223 msg.msg_flags = 0; 1224 1225 if (inet->cmsg_flags & IP_CMSG_PKTINFO) { 1226 struct in_pktinfo info; 1227 1228 info.ipi_addr.s_addr = inet->inet_rcv_saddr; 1229 info.ipi_spec_dst.s_addr = inet->inet_rcv_saddr; 1230 info.ipi_ifindex = inet->mc_index; 1231 put_cmsg(&msg, SOL_IP, IP_PKTINFO, sizeof(info), &info); 1232 } 1233 if (inet->cmsg_flags & IP_CMSG_TTL) { 1234 int hlim = inet->mc_ttl; 1235 put_cmsg(&msg, SOL_IP, IP_TTL, sizeof(hlim), &hlim); 1236 } 1237 len -= msg.msg_controllen; 1238 return put_user(len, optlen); 1239 } 1240 case IP_FREEBIND: 1241 val = inet->freebind; 1242 break; 1243 case IP_TRANSPARENT: 1244 val = inet->transparent; 1245 break; 1246 case IP_MINTTL: 1247 val = inet->min_ttl; 1248 break; 1249 default: 1250 release_sock(sk); 1251 return -ENOPROTOOPT; 1252 } 1253 release_sock(sk); 1254 1255 if (len < sizeof(int) && len > 0 && val >= 0 && val <= 255) { 1256 unsigned char ucval = (unsigned char)val; 1257 len = 1; 1258 if (put_user(len, optlen)) 1259 return -EFAULT; 1260 if (copy_to_user(optval, &ucval, 1)) 1261 return -EFAULT; 1262 } else { 1263 len = min_t(unsigned int, sizeof(int), len); 1264 if (put_user(len, optlen)) 1265 return -EFAULT; 1266 if (copy_to_user(optval, &val, len)) 1267 return -EFAULT; 1268 } 1269 return 0; 1270} 1271 1272int ip_getsockopt(struct sock *sk, int level, 1273 int optname, char __user *optval, int __user *optlen) 1274{ 1275 int err; 1276 1277 err = do_ip_getsockopt(sk, level, optname, optval, optlen); 1278#ifdef CONFIG_NETFILTER 1279 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1280 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS && 1281 !ip_mroute_opt(optname)) { 1282 int len; 1283 1284 if (get_user(len, optlen)) 1285 return -EFAULT; 1286 1287 lock_sock(sk); 1288 err = nf_getsockopt(sk, PF_INET, optname, optval, 1289 &len); 1290 release_sock(sk); 1291 if (err >= 0) 1292 err = put_user(len, optlen); 1293 return err; 1294 } 1295#endif 1296 return err; 1297} 1298EXPORT_SYMBOL(ip_getsockopt); 1299 1300#ifdef CONFIG_COMPAT 1301int compat_ip_getsockopt(struct sock *sk, int level, int optname, 1302 char __user *optval, int __user *optlen) 1303{ 1304 int err; 1305 1306 if (optname == MCAST_MSFILTER) 1307 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1308 ip_getsockopt); 1309 1310 err = do_ip_getsockopt(sk, level, optname, optval, optlen); 1311 1312#ifdef CONFIG_NETFILTER 1313 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1314 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS && 1315 !ip_mroute_opt(optname)) { 1316 int len; 1317 1318 if (get_user(len, optlen)) 1319 return -EFAULT; 1320 1321 lock_sock(sk); 1322 err = compat_nf_getsockopt(sk, PF_INET, optname, optval, &len); 1323 release_sock(sk); 1324 if (err >= 0) 1325 err = put_user(len, optlen); 1326 return err; 1327 } 1328#endif 1329 return err; 1330} 1331EXPORT_SYMBOL(compat_ip_getsockopt); 1332#endif 1333