1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * common UDP/RAW code |
4 | * Linux INET6 implementation |
5 | * |
6 | * Authors: |
7 | * Pedro Roque <roque@di.fc.ul.pt> |
8 | */ |
9 | |
10 | #include <linux/capability.h> |
11 | #include <linux/errno.h> |
12 | #include <linux/types.h> |
13 | #include <linux/kernel.h> |
14 | #include <linux/interrupt.h> |
15 | #include <linux/socket.h> |
16 | #include <linux/sockios.h> |
17 | #include <linux/in6.h> |
18 | #include <linux/ipv6.h> |
19 | #include <linux/route.h> |
20 | #include <linux/slab.h> |
21 | #include <linux/export.h> |
22 | #include <linux/icmp.h> |
23 | |
24 | #include <net/ipv6.h> |
25 | #include <net/ndisc.h> |
26 | #include <net/addrconf.h> |
27 | #include <net/transp_v6.h> |
28 | #include <net/ip6_route.h> |
29 | #include <net/tcp_states.h> |
30 | #include <net/dsfield.h> |
31 | #include <net/sock_reuseport.h> |
32 | |
33 | #include <linux/errqueue.h> |
34 | #include <linux/uaccess.h> |
35 | |
36 | static bool ipv6_mapped_addr_any(const struct in6_addr *a) |
37 | { |
38 | return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0); |
39 | } |
40 | |
41 | static void ip6_datagram_flow_key_init(struct flowi6 *fl6, |
42 | const struct sock *sk) |
43 | { |
44 | const struct inet_sock *inet = inet_sk(sk); |
45 | const struct ipv6_pinfo *np = inet6_sk(sk: sk); |
46 | int oif = sk->sk_bound_dev_if; |
47 | |
48 | memset(fl6, 0, sizeof(*fl6)); |
49 | fl6->flowi6_proto = sk->sk_protocol; |
50 | fl6->daddr = sk->sk_v6_daddr; |
51 | fl6->saddr = np->saddr; |
52 | fl6->flowi6_mark = sk->sk_mark; |
53 | fl6->fl6_dport = inet->inet_dport; |
54 | fl6->fl6_sport = inet->inet_sport; |
55 | fl6->flowlabel = ip6_make_flowinfo(tclass: np->tclass, flowlabel: np->flow_label); |
56 | fl6->flowi6_uid = sk->sk_uid; |
57 | |
58 | if (!oif) |
59 | oif = np->sticky_pktinfo.ipi6_ifindex; |
60 | |
61 | if (!oif) { |
62 | if (ipv6_addr_is_multicast(addr: &fl6->daddr)) |
63 | oif = np->mcast_oif; |
64 | else |
65 | oif = np->ucast_oif; |
66 | } |
67 | |
68 | fl6->flowi6_oif = oif; |
69 | security_sk_classify_flow(sk, flic: flowi6_to_flowi_common(fl6)); |
70 | } |
71 | |
72 | int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr) |
73 | { |
74 | struct ip6_flowlabel *flowlabel = NULL; |
75 | struct in6_addr *final_p, final; |
76 | struct ipv6_txoptions *opt; |
77 | struct dst_entry *dst; |
78 | struct inet_sock *inet = inet_sk(sk); |
79 | struct ipv6_pinfo *np = inet6_sk(sk: sk); |
80 | struct flowi6 fl6; |
81 | int err = 0; |
82 | |
83 | if (inet6_test_bit(SNDFLOW, sk) && |
84 | (np->flow_label & IPV6_FLOWLABEL_MASK)) { |
85 | flowlabel = fl6_sock_lookup(sk, label: np->flow_label); |
86 | if (IS_ERR(ptr: flowlabel)) |
87 | return -EINVAL; |
88 | } |
89 | ip6_datagram_flow_key_init(fl6: &fl6, sk); |
90 | |
91 | rcu_read_lock(); |
92 | opt = flowlabel ? flowlabel->opt : rcu_dereference(np->opt); |
93 | final_p = fl6_update_dst(fl6: &fl6, opt, orig: &final); |
94 | rcu_read_unlock(); |
95 | |
96 | dst = ip6_dst_lookup_flow(net: sock_net(sk), sk, fl6: &fl6, final_dst: final_p); |
97 | if (IS_ERR(ptr: dst)) { |
98 | err = PTR_ERR(ptr: dst); |
99 | goto out; |
100 | } |
101 | |
102 | if (fix_sk_saddr) { |
103 | if (ipv6_addr_any(a: &np->saddr)) |
104 | np->saddr = fl6.saddr; |
105 | |
106 | if (ipv6_addr_any(a: &sk->sk_v6_rcv_saddr)) { |
107 | sk->sk_v6_rcv_saddr = fl6.saddr; |
108 | inet->inet_rcv_saddr = LOOPBACK4_IPV6; |
109 | if (sk->sk_prot->rehash) |
110 | sk->sk_prot->rehash(sk); |
111 | } |
112 | } |
113 | |
114 | ip6_sk_dst_store_flow(sk, dst, fl6: &fl6); |
115 | |
116 | out: |
117 | fl6_sock_release(fl: flowlabel); |
118 | return err; |
119 | } |
120 | |
121 | void ip6_datagram_release_cb(struct sock *sk) |
122 | { |
123 | struct dst_entry *dst; |
124 | |
125 | if (ipv6_addr_v4mapped(a: &sk->sk_v6_daddr)) |
126 | return; |
127 | |
128 | rcu_read_lock(); |
129 | dst = __sk_dst_get(sk); |
130 | if (!dst || !dst->obsolete || |
131 | dst->ops->check(dst, inet6_sk(sk: sk)->dst_cookie)) { |
132 | rcu_read_unlock(); |
133 | return; |
134 | } |
135 | rcu_read_unlock(); |
136 | |
137 | ip6_datagram_dst_update(sk, fix_sk_saddr: false); |
138 | } |
139 | EXPORT_SYMBOL_GPL(ip6_datagram_release_cb); |
140 | |
141 | int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, |
142 | int addr_len) |
143 | { |
144 | struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; |
145 | struct inet_sock *inet = inet_sk(sk); |
146 | struct ipv6_pinfo *np = inet6_sk(sk: sk); |
147 | struct in6_addr *daddr, old_daddr; |
148 | __be32 fl6_flowlabel = 0; |
149 | __be32 old_fl6_flowlabel; |
150 | __be16 old_dport; |
151 | int addr_type; |
152 | int err; |
153 | |
154 | if (usin->sin6_family == AF_INET) { |
155 | if (ipv6_only_sock(sk)) |
156 | return -EAFNOSUPPORT; |
157 | err = __ip4_datagram_connect(sk, uaddr, addr_len); |
158 | goto ipv4_connected; |
159 | } |
160 | |
161 | if (addr_len < SIN6_LEN_RFC2133) |
162 | return -EINVAL; |
163 | |
164 | if (usin->sin6_family != AF_INET6) |
165 | return -EAFNOSUPPORT; |
166 | |
167 | if (inet6_test_bit(SNDFLOW, sk)) |
168 | fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK; |
169 | |
170 | if (ipv6_addr_any(a: &usin->sin6_addr)) { |
171 | /* |
172 | * connect to self |
173 | */ |
174 | if (ipv6_addr_v4mapped(a: &sk->sk_v6_rcv_saddr)) |
175 | ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK), |
176 | v4mapped: &usin->sin6_addr); |
177 | else |
178 | usin->sin6_addr = in6addr_loopback; |
179 | } |
180 | |
181 | addr_type = ipv6_addr_type(addr: &usin->sin6_addr); |
182 | |
183 | daddr = &usin->sin6_addr; |
184 | |
185 | if (addr_type & IPV6_ADDR_MAPPED) { |
186 | struct sockaddr_in sin; |
187 | |
188 | if (ipv6_only_sock(sk)) { |
189 | err = -ENETUNREACH; |
190 | goto out; |
191 | } |
192 | sin.sin_family = AF_INET; |
193 | sin.sin_addr.s_addr = daddr->s6_addr32[3]; |
194 | sin.sin_port = usin->sin6_port; |
195 | |
196 | err = __ip4_datagram_connect(sk, |
197 | uaddr: (struct sockaddr *) &sin, |
198 | addr_len: sizeof(sin)); |
199 | |
200 | ipv4_connected: |
201 | if (err) |
202 | goto out; |
203 | |
204 | ipv6_addr_set_v4mapped(addr: inet->inet_daddr, v4mapped: &sk->sk_v6_daddr); |
205 | |
206 | if (ipv6_addr_any(a: &np->saddr) || |
207 | ipv6_mapped_addr_any(a: &np->saddr)) |
208 | ipv6_addr_set_v4mapped(addr: inet->inet_saddr, v4mapped: &np->saddr); |
209 | |
210 | if (ipv6_addr_any(a: &sk->sk_v6_rcv_saddr) || |
211 | ipv6_mapped_addr_any(a: &sk->sk_v6_rcv_saddr)) { |
212 | ipv6_addr_set_v4mapped(addr: inet->inet_rcv_saddr, |
213 | v4mapped: &sk->sk_v6_rcv_saddr); |
214 | if (sk->sk_prot->rehash) |
215 | sk->sk_prot->rehash(sk); |
216 | } |
217 | |
218 | goto out; |
219 | } |
220 | |
221 | if (__ipv6_addr_needs_scope_id(type: addr_type)) { |
222 | if (addr_len >= sizeof(struct sockaddr_in6) && |
223 | usin->sin6_scope_id) { |
224 | if (!sk_dev_equal_l3scope(sk, dif: usin->sin6_scope_id)) { |
225 | err = -EINVAL; |
226 | goto out; |
227 | } |
228 | WRITE_ONCE(sk->sk_bound_dev_if, usin->sin6_scope_id); |
229 | } |
230 | |
231 | if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST)) |
232 | WRITE_ONCE(sk->sk_bound_dev_if, np->mcast_oif); |
233 | |
234 | /* Connect to link-local address requires an interface */ |
235 | if (!sk->sk_bound_dev_if) { |
236 | err = -EINVAL; |
237 | goto out; |
238 | } |
239 | } |
240 | |
241 | /* save the current peer information before updating it */ |
242 | old_daddr = sk->sk_v6_daddr; |
243 | old_fl6_flowlabel = np->flow_label; |
244 | old_dport = inet->inet_dport; |
245 | |
246 | sk->sk_v6_daddr = *daddr; |
247 | np->flow_label = fl6_flowlabel; |
248 | inet->inet_dport = usin->sin6_port; |
249 | |
250 | /* |
251 | * Check for a route to destination an obtain the |
252 | * destination cache for it. |
253 | */ |
254 | |
255 | err = ip6_datagram_dst_update(sk, fix_sk_saddr: true); |
256 | if (err) { |
257 | /* Restore the socket peer info, to keep it consistent with |
258 | * the old socket state |
259 | */ |
260 | sk->sk_v6_daddr = old_daddr; |
261 | np->flow_label = old_fl6_flowlabel; |
262 | inet->inet_dport = old_dport; |
263 | goto out; |
264 | } |
265 | |
266 | reuseport_has_conns_set(sk); |
267 | sk->sk_state = TCP_ESTABLISHED; |
268 | sk_set_txhash(sk); |
269 | out: |
270 | return err; |
271 | } |
272 | EXPORT_SYMBOL_GPL(__ip6_datagram_connect); |
273 | |
274 | int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
275 | { |
276 | int res; |
277 | |
278 | lock_sock(sk); |
279 | res = __ip6_datagram_connect(sk, uaddr, addr_len); |
280 | release_sock(sk); |
281 | return res; |
282 | } |
283 | EXPORT_SYMBOL_GPL(ip6_datagram_connect); |
284 | |
285 | int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr, |
286 | int addr_len) |
287 | { |
288 | DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, uaddr); |
289 | if (sin6->sin6_family != AF_INET6) |
290 | return -EAFNOSUPPORT; |
291 | return ip6_datagram_connect(sk, uaddr, addr_len); |
292 | } |
293 | EXPORT_SYMBOL_GPL(ip6_datagram_connect_v6_only); |
294 | |
295 | static void ipv6_icmp_error_rfc4884(const struct sk_buff *skb, |
296 | struct sock_ee_data_rfc4884 *out) |
297 | { |
298 | switch (icmp6_hdr(skb)->icmp6_type) { |
299 | case ICMPV6_TIME_EXCEED: |
300 | case ICMPV6_DEST_UNREACH: |
301 | ip_icmp_error_rfc4884(skb, out, thlen: sizeof(struct icmp6hdr), |
302 | off: icmp6_hdr(skb)->icmp6_datagram_len * 8); |
303 | } |
304 | } |
305 | |
306 | void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err, |
307 | __be16 port, u32 info, u8 *payload) |
308 | { |
309 | struct icmp6hdr *icmph = icmp6_hdr(skb); |
310 | struct sock_exterr_skb *serr; |
311 | |
312 | if (!inet6_test_bit(RECVERR6, sk)) |
313 | return; |
314 | |
315 | skb = skb_clone(skb, GFP_ATOMIC); |
316 | if (!skb) |
317 | return; |
318 | |
319 | skb->protocol = htons(ETH_P_IPV6); |
320 | |
321 | serr = SKB_EXT_ERR(skb); |
322 | serr->ee.ee_errno = err; |
323 | serr->ee.ee_origin = SO_EE_ORIGIN_ICMP6; |
324 | serr->ee.ee_type = icmph->icmp6_type; |
325 | serr->ee.ee_code = icmph->icmp6_code; |
326 | serr->ee.ee_pad = 0; |
327 | serr->ee.ee_info = info; |
328 | serr->ee.ee_data = 0; |
329 | serr->addr_offset = (u8 *)&(((struct ipv6hdr *)(icmph + 1))->daddr) - |
330 | skb_network_header(skb); |
331 | serr->port = port; |
332 | |
333 | __skb_pull(skb, len: payload - skb->data); |
334 | |
335 | if (inet6_test_bit(RECVERR6_RFC4884, sk)) |
336 | ipv6_icmp_error_rfc4884(skb, out: &serr->ee.ee_rfc4884); |
337 | |
338 | skb_reset_transport_header(skb); |
339 | |
340 | if (sock_queue_err_skb(sk, skb)) |
341 | kfree_skb(skb); |
342 | } |
343 | EXPORT_SYMBOL_GPL(ipv6_icmp_error); |
344 | |
345 | void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info) |
346 | { |
347 | struct sock_exterr_skb *serr; |
348 | struct ipv6hdr *iph; |
349 | struct sk_buff *skb; |
350 | |
351 | if (!inet6_test_bit(RECVERR6, sk)) |
352 | return; |
353 | |
354 | skb = alloc_skb(size: sizeof(struct ipv6hdr), GFP_ATOMIC); |
355 | if (!skb) |
356 | return; |
357 | |
358 | skb->protocol = htons(ETH_P_IPV6); |
359 | |
360 | skb_put(skb, len: sizeof(struct ipv6hdr)); |
361 | skb_reset_network_header(skb); |
362 | iph = ipv6_hdr(skb); |
363 | iph->daddr = fl6->daddr; |
364 | ip6_flow_hdr(hdr: iph, tclass: 0, flowlabel: 0); |
365 | |
366 | serr = SKB_EXT_ERR(skb); |
367 | serr->ee.ee_errno = err; |
368 | serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; |
369 | serr->ee.ee_type = 0; |
370 | serr->ee.ee_code = 0; |
371 | serr->ee.ee_pad = 0; |
372 | serr->ee.ee_info = info; |
373 | serr->ee.ee_data = 0; |
374 | serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb); |
375 | serr->port = fl6->fl6_dport; |
376 | |
377 | __skb_pull(skb, len: skb_tail_pointer(skb) - skb->data); |
378 | skb_reset_transport_header(skb); |
379 | |
380 | if (sock_queue_err_skb(sk, skb)) |
381 | kfree_skb(skb); |
382 | } |
383 | |
384 | void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu) |
385 | { |
386 | struct ipv6_pinfo *np = inet6_sk(sk: sk); |
387 | struct ipv6hdr *iph; |
388 | struct sk_buff *skb; |
389 | struct ip6_mtuinfo *mtu_info; |
390 | |
391 | if (!np->rxopt.bits.rxpmtu) |
392 | return; |
393 | |
394 | skb = alloc_skb(size: sizeof(struct ipv6hdr), GFP_ATOMIC); |
395 | if (!skb) |
396 | return; |
397 | |
398 | skb_put(skb, len: sizeof(struct ipv6hdr)); |
399 | skb_reset_network_header(skb); |
400 | iph = ipv6_hdr(skb); |
401 | iph->daddr = fl6->daddr; |
402 | |
403 | mtu_info = IP6CBMTU(skb); |
404 | |
405 | mtu_info->ip6m_mtu = mtu; |
406 | mtu_info->ip6m_addr.sin6_family = AF_INET6; |
407 | mtu_info->ip6m_addr.sin6_port = 0; |
408 | mtu_info->ip6m_addr.sin6_flowinfo = 0; |
409 | mtu_info->ip6m_addr.sin6_scope_id = fl6->flowi6_oif; |
410 | mtu_info->ip6m_addr.sin6_addr = ipv6_hdr(skb)->daddr; |
411 | |
412 | __skb_pull(skb, len: skb_tail_pointer(skb) - skb->data); |
413 | skb_reset_transport_header(skb); |
414 | |
415 | skb = xchg(&np->rxpmtu, skb); |
416 | kfree_skb(skb); |
417 | } |
418 | |
419 | /* For some errors we have valid addr_offset even with zero payload and |
420 | * zero port. Also, addr_offset should be supported if port is set. |
421 | */ |
422 | static inline bool ipv6_datagram_support_addr(struct sock_exterr_skb *serr) |
423 | { |
424 | return serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6 || |
425 | serr->ee.ee_origin == SO_EE_ORIGIN_ICMP || |
426 | serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL || serr->port; |
427 | } |
428 | |
429 | /* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL. |
430 | * |
431 | * At one point, excluding local errors was a quick test to identify icmp/icmp6 |
432 | * errors. This is no longer true, but the test remained, so the v6 stack, |
433 | * unlike v4, also honors cmsg requests on all wifi and timestamp errors. |
434 | */ |
435 | static bool ip6_datagram_support_cmsg(struct sk_buff *skb, |
436 | struct sock_exterr_skb *serr) |
437 | { |
438 | if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP || |
439 | serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6) |
440 | return true; |
441 | |
442 | if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL) |
443 | return false; |
444 | |
445 | if (!IP6CB(skb)->iif) |
446 | return false; |
447 | |
448 | return true; |
449 | } |
450 | |
451 | /* |
452 | * Handle MSG_ERRQUEUE |
453 | */ |
454 | int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) |
455 | { |
456 | struct ipv6_pinfo *np = inet6_sk(sk: sk); |
457 | struct sock_exterr_skb *serr; |
458 | struct sk_buff *skb; |
459 | DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name); |
460 | struct { |
461 | struct sock_extended_err ee; |
462 | struct sockaddr_in6 offender; |
463 | } errhdr; |
464 | int err; |
465 | int copied; |
466 | |
467 | err = -EAGAIN; |
468 | skb = sock_dequeue_err_skb(sk); |
469 | if (!skb) |
470 | goto out; |
471 | |
472 | copied = skb->len; |
473 | if (copied > len) { |
474 | msg->msg_flags |= MSG_TRUNC; |
475 | copied = len; |
476 | } |
477 | err = skb_copy_datagram_msg(from: skb, offset: 0, msg, size: copied); |
478 | if (unlikely(err)) { |
479 | kfree_skb(skb); |
480 | return err; |
481 | } |
482 | sock_recv_timestamp(msg, sk, skb); |
483 | |
484 | serr = SKB_EXT_ERR(skb); |
485 | |
486 | if (sin && ipv6_datagram_support_addr(serr)) { |
487 | const unsigned char *nh = skb_network_header(skb); |
488 | sin->sin6_family = AF_INET6; |
489 | sin->sin6_flowinfo = 0; |
490 | sin->sin6_port = serr->port; |
491 | if (skb->protocol == htons(ETH_P_IPV6)) { |
492 | const struct ipv6hdr *ip6h = container_of((struct in6_addr *)(nh + serr->addr_offset), |
493 | struct ipv6hdr, daddr); |
494 | sin->sin6_addr = ip6h->daddr; |
495 | if (inet6_test_bit(SNDFLOW, sk)) |
496 | sin->sin6_flowinfo = ip6_flowinfo(hdr: ip6h); |
497 | sin->sin6_scope_id = |
498 | ipv6_iface_scope_id(addr: &sin->sin6_addr, |
499 | IP6CB(skb)->iif); |
500 | } else { |
501 | ipv6_addr_set_v4mapped(addr: *(__be32 *)(nh + serr->addr_offset), |
502 | v4mapped: &sin->sin6_addr); |
503 | sin->sin6_scope_id = 0; |
504 | } |
505 | *addr_len = sizeof(*sin); |
506 | } |
507 | |
508 | memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); |
509 | sin = &errhdr.offender; |
510 | memset(sin, 0, sizeof(*sin)); |
511 | |
512 | if (ip6_datagram_support_cmsg(skb, serr)) { |
513 | sin->sin6_family = AF_INET6; |
514 | if (np->rxopt.all) |
515 | ip6_datagram_recv_common_ctl(sk, msg, skb); |
516 | if (skb->protocol == htons(ETH_P_IPV6)) { |
517 | sin->sin6_addr = ipv6_hdr(skb)->saddr; |
518 | if (np->rxopt.all) |
519 | ip6_datagram_recv_specific_ctl(sk, msg, skb); |
520 | sin->sin6_scope_id = |
521 | ipv6_iface_scope_id(addr: &sin->sin6_addr, |
522 | IP6CB(skb)->iif); |
523 | } else { |
524 | ipv6_addr_set_v4mapped(addr: ip_hdr(skb)->saddr, |
525 | v4mapped: &sin->sin6_addr); |
526 | if (inet_cmsg_flags(inet_sk(sk))) |
527 | ip_cmsg_recv(msg, skb); |
528 | } |
529 | } |
530 | |
531 | put_cmsg(msg, SOL_IPV6, IPV6_RECVERR, len: sizeof(errhdr), data: &errhdr); |
532 | |
533 | /* Now we could try to dump offended packet options */ |
534 | |
535 | msg->msg_flags |= MSG_ERRQUEUE; |
536 | err = copied; |
537 | |
538 | consume_skb(skb); |
539 | out: |
540 | return err; |
541 | } |
542 | EXPORT_SYMBOL_GPL(ipv6_recv_error); |
543 | |
544 | /* |
545 | * Handle IPV6_RECVPATHMTU |
546 | */ |
547 | int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len, |
548 | int *addr_len) |
549 | { |
550 | struct ipv6_pinfo *np = inet6_sk(sk: sk); |
551 | struct sk_buff *skb; |
552 | struct ip6_mtuinfo mtu_info; |
553 | DECLARE_SOCKADDR(struct sockaddr_in6 *, sin, msg->msg_name); |
554 | int err; |
555 | int copied; |
556 | |
557 | err = -EAGAIN; |
558 | skb = xchg(&np->rxpmtu, NULL); |
559 | if (!skb) |
560 | goto out; |
561 | |
562 | copied = skb->len; |
563 | if (copied > len) { |
564 | msg->msg_flags |= MSG_TRUNC; |
565 | copied = len; |
566 | } |
567 | err = skb_copy_datagram_msg(from: skb, offset: 0, msg, size: copied); |
568 | if (err) |
569 | goto out_free_skb; |
570 | |
571 | sock_recv_timestamp(msg, sk, skb); |
572 | |
573 | memcpy(&mtu_info, IP6CBMTU(skb), sizeof(mtu_info)); |
574 | |
575 | if (sin) { |
576 | sin->sin6_family = AF_INET6; |
577 | sin->sin6_flowinfo = 0; |
578 | sin->sin6_port = 0; |
579 | sin->sin6_scope_id = mtu_info.ip6m_addr.sin6_scope_id; |
580 | sin->sin6_addr = mtu_info.ip6m_addr.sin6_addr; |
581 | *addr_len = sizeof(*sin); |
582 | } |
583 | |
584 | put_cmsg(msg, SOL_IPV6, IPV6_PATHMTU, len: sizeof(mtu_info), data: &mtu_info); |
585 | |
586 | err = copied; |
587 | |
588 | out_free_skb: |
589 | kfree_skb(skb); |
590 | out: |
591 | return err; |
592 | } |
593 | |
594 | |
595 | void ip6_datagram_recv_common_ctl(struct sock *sk, struct msghdr *msg, |
596 | struct sk_buff *skb) |
597 | { |
598 | struct ipv6_pinfo *np = inet6_sk(sk: sk); |
599 | bool is_ipv6 = skb->protocol == htons(ETH_P_IPV6); |
600 | |
601 | if (np->rxopt.bits.rxinfo) { |
602 | struct in6_pktinfo src_info; |
603 | |
604 | if (is_ipv6) { |
605 | src_info.ipi6_ifindex = IP6CB(skb)->iif; |
606 | src_info.ipi6_addr = ipv6_hdr(skb)->daddr; |
607 | } else { |
608 | src_info.ipi6_ifindex = |
609 | PKTINFO_SKB_CB(skb)->ipi_ifindex; |
610 | ipv6_addr_set_v4mapped(addr: ip_hdr(skb)->daddr, |
611 | v4mapped: &src_info.ipi6_addr); |
612 | } |
613 | |
614 | if (src_info.ipi6_ifindex >= 0) |
615 | put_cmsg(msg, SOL_IPV6, IPV6_PKTINFO, |
616 | len: sizeof(src_info), data: &src_info); |
617 | } |
618 | } |
619 | |
620 | void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg, |
621 | struct sk_buff *skb) |
622 | { |
623 | struct ipv6_pinfo *np = inet6_sk(sk: sk); |
624 | struct inet6_skb_parm *opt = IP6CB(skb); |
625 | unsigned char *nh = skb_network_header(skb); |
626 | |
627 | if (np->rxopt.bits.rxhlim) { |
628 | int hlim = ipv6_hdr(skb)->hop_limit; |
629 | put_cmsg(msg, SOL_IPV6, IPV6_HOPLIMIT, len: sizeof(hlim), data: &hlim); |
630 | } |
631 | |
632 | if (np->rxopt.bits.rxtclass) { |
633 | int tclass = ipv6_get_dsfield(ipv6h: ipv6_hdr(skb)); |
634 | put_cmsg(msg, SOL_IPV6, IPV6_TCLASS, len: sizeof(tclass), data: &tclass); |
635 | } |
636 | |
637 | if (np->rxopt.bits.rxflow) { |
638 | __be32 flowinfo = ip6_flowinfo(hdr: (struct ipv6hdr *)nh); |
639 | if (flowinfo) |
640 | put_cmsg(msg, SOL_IPV6, IPV6_FLOWINFO, len: sizeof(flowinfo), data: &flowinfo); |
641 | } |
642 | |
643 | /* HbH is allowed only once */ |
644 | if (np->rxopt.bits.hopopts && (opt->flags & IP6SKB_HOPBYHOP)) { |
645 | u8 *ptr = nh + sizeof(struct ipv6hdr); |
646 | put_cmsg(msg, SOL_IPV6, IPV6_HOPOPTS, len: (ptr[1]+1)<<3, data: ptr); |
647 | } |
648 | |
649 | if (opt->lastopt && |
650 | (np->rxopt.bits.dstopts || np->rxopt.bits.srcrt)) { |
651 | /* |
652 | * Silly enough, but we need to reparse in order to |
653 | * report extension headers (except for HbH) |
654 | * in order. |
655 | * |
656 | * Also note that IPV6_RECVRTHDRDSTOPTS is NOT |
657 | * (and WILL NOT be) defined because |
658 | * IPV6_RECVDSTOPTS is more generic. --yoshfuji |
659 | */ |
660 | unsigned int off = sizeof(struct ipv6hdr); |
661 | u8 nexthdr = ipv6_hdr(skb)->nexthdr; |
662 | |
663 | while (off <= opt->lastopt) { |
664 | unsigned int len; |
665 | u8 *ptr = nh + off; |
666 | |
667 | switch (nexthdr) { |
668 | case IPPROTO_DSTOPTS: |
669 | nexthdr = ptr[0]; |
670 | len = (ptr[1] + 1) << 3; |
671 | if (np->rxopt.bits.dstopts) |
672 | put_cmsg(msg, SOL_IPV6, IPV6_DSTOPTS, len, data: ptr); |
673 | break; |
674 | case IPPROTO_ROUTING: |
675 | nexthdr = ptr[0]; |
676 | len = (ptr[1] + 1) << 3; |
677 | if (np->rxopt.bits.srcrt) |
678 | put_cmsg(msg, SOL_IPV6, IPV6_RTHDR, len, data: ptr); |
679 | break; |
680 | case IPPROTO_AH: |
681 | nexthdr = ptr[0]; |
682 | len = (ptr[1] + 2) << 2; |
683 | break; |
684 | default: |
685 | nexthdr = ptr[0]; |
686 | len = (ptr[1] + 1) << 3; |
687 | break; |
688 | } |
689 | |
690 | off += len; |
691 | } |
692 | } |
693 | |
694 | /* socket options in old style */ |
695 | if (np->rxopt.bits.rxoinfo) { |
696 | struct in6_pktinfo src_info; |
697 | |
698 | src_info.ipi6_ifindex = opt->iif; |
699 | src_info.ipi6_addr = ipv6_hdr(skb)->daddr; |
700 | put_cmsg(msg, SOL_IPV6, IPV6_2292PKTINFO, len: sizeof(src_info), data: &src_info); |
701 | } |
702 | if (np->rxopt.bits.rxohlim) { |
703 | int hlim = ipv6_hdr(skb)->hop_limit; |
704 | put_cmsg(msg, SOL_IPV6, IPV6_2292HOPLIMIT, len: sizeof(hlim), data: &hlim); |
705 | } |
706 | if (np->rxopt.bits.ohopopts && (opt->flags & IP6SKB_HOPBYHOP)) { |
707 | u8 *ptr = nh + sizeof(struct ipv6hdr); |
708 | put_cmsg(msg, SOL_IPV6, IPV6_2292HOPOPTS, len: (ptr[1]+1)<<3, data: ptr); |
709 | } |
710 | if (np->rxopt.bits.odstopts && opt->dst0) { |
711 | u8 *ptr = nh + opt->dst0; |
712 | put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, len: (ptr[1]+1)<<3, data: ptr); |
713 | } |
714 | if (np->rxopt.bits.osrcrt && opt->srcrt) { |
715 | struct ipv6_rt_hdr *rthdr = (struct ipv6_rt_hdr *)(nh + opt->srcrt); |
716 | put_cmsg(msg, SOL_IPV6, IPV6_2292RTHDR, len: (rthdr->hdrlen+1) << 3, data: rthdr); |
717 | } |
718 | if (np->rxopt.bits.odstopts && opt->dst1) { |
719 | u8 *ptr = nh + opt->dst1; |
720 | put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, len: (ptr[1]+1)<<3, data: ptr); |
721 | } |
722 | if (np->rxopt.bits.rxorigdstaddr) { |
723 | struct sockaddr_in6 sin6; |
724 | __be16 _ports[2], *ports; |
725 | |
726 | ports = skb_header_pointer(skb, offset: skb_transport_offset(skb), |
727 | len: sizeof(_ports), buffer: &_ports); |
728 | if (ports) { |
729 | /* All current transport protocols have the port numbers in the |
730 | * first four bytes of the transport header and this function is |
731 | * written with this assumption in mind. |
732 | */ |
733 | sin6.sin6_family = AF_INET6; |
734 | sin6.sin6_addr = ipv6_hdr(skb)->daddr; |
735 | sin6.sin6_port = ports[1]; |
736 | sin6.sin6_flowinfo = 0; |
737 | sin6.sin6_scope_id = |
738 | ipv6_iface_scope_id(addr: &ipv6_hdr(skb)->daddr, |
739 | iface: opt->iif); |
740 | |
741 | put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, len: sizeof(sin6), data: &sin6); |
742 | } |
743 | } |
744 | if (np->rxopt.bits.recvfragsize && opt->frag_max_size) { |
745 | int val = opt->frag_max_size; |
746 | |
747 | put_cmsg(msg, SOL_IPV6, IPV6_RECVFRAGSIZE, len: sizeof(val), data: &val); |
748 | } |
749 | } |
750 | |
751 | void ip6_datagram_recv_ctl(struct sock *sk, struct msghdr *msg, |
752 | struct sk_buff *skb) |
753 | { |
754 | ip6_datagram_recv_common_ctl(sk, msg, skb); |
755 | ip6_datagram_recv_specific_ctl(sk, msg, skb); |
756 | } |
757 | EXPORT_SYMBOL_GPL(ip6_datagram_recv_ctl); |
758 | |
759 | int ip6_datagram_send_ctl(struct net *net, struct sock *sk, |
760 | struct msghdr *msg, struct flowi6 *fl6, |
761 | struct ipcm6_cookie *ipc6) |
762 | { |
763 | struct in6_pktinfo *src_info; |
764 | struct cmsghdr *cmsg; |
765 | struct ipv6_rt_hdr *rthdr; |
766 | struct ipv6_opt_hdr *hdr; |
767 | struct ipv6_txoptions *opt = ipc6->opt; |
768 | int len; |
769 | int err = 0; |
770 | |
771 | for_each_cmsghdr(cmsg, msg) { |
772 | int addr_type; |
773 | |
774 | if (!CMSG_OK(msg, cmsg)) { |
775 | err = -EINVAL; |
776 | goto exit_f; |
777 | } |
778 | |
779 | if (cmsg->cmsg_level == SOL_SOCKET) { |
780 | err = __sock_cmsg_send(sk, cmsg, sockc: &ipc6->sockc); |
781 | if (err) |
782 | return err; |
783 | continue; |
784 | } |
785 | |
786 | if (cmsg->cmsg_level != SOL_IPV6) |
787 | continue; |
788 | |
789 | switch (cmsg->cmsg_type) { |
790 | case IPV6_PKTINFO: |
791 | case IPV6_2292PKTINFO: |
792 | { |
793 | struct net_device *dev = NULL; |
794 | int src_idx; |
795 | |
796 | if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) { |
797 | err = -EINVAL; |
798 | goto exit_f; |
799 | } |
800 | |
801 | src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg); |
802 | src_idx = src_info->ipi6_ifindex; |
803 | |
804 | if (src_idx) { |
805 | if (fl6->flowi6_oif && |
806 | src_idx != fl6->flowi6_oif && |
807 | (READ_ONCE(sk->sk_bound_dev_if) != fl6->flowi6_oif || |
808 | !sk_dev_equal_l3scope(sk, dif: src_idx))) |
809 | return -EINVAL; |
810 | fl6->flowi6_oif = src_idx; |
811 | } |
812 | |
813 | addr_type = __ipv6_addr_type(addr: &src_info->ipi6_addr); |
814 | |
815 | rcu_read_lock(); |
816 | if (fl6->flowi6_oif) { |
817 | dev = dev_get_by_index_rcu(net, ifindex: fl6->flowi6_oif); |
818 | if (!dev) { |
819 | rcu_read_unlock(); |
820 | return -ENODEV; |
821 | } |
822 | } else if (addr_type & IPV6_ADDR_LINKLOCAL) { |
823 | rcu_read_unlock(); |
824 | return -EINVAL; |
825 | } |
826 | |
827 | if (addr_type != IPV6_ADDR_ANY) { |
828 | int strict = __ipv6_addr_src_scope(type: addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL; |
829 | if (!ipv6_can_nonlocal_bind(net, inet_sk(sk)) && |
830 | !ipv6_chk_addr_and_flags(net, addr: &src_info->ipi6_addr, |
831 | dev, skip_dev_check: !strict, strict: 0, |
832 | IFA_F_TENTATIVE) && |
833 | !ipv6_chk_acast_addr_src(net, dev, |
834 | addr: &src_info->ipi6_addr)) |
835 | err = -EINVAL; |
836 | else |
837 | fl6->saddr = src_info->ipi6_addr; |
838 | } |
839 | |
840 | rcu_read_unlock(); |
841 | |
842 | if (err) |
843 | goto exit_f; |
844 | |
845 | break; |
846 | } |
847 | |
848 | case IPV6_FLOWINFO: |
849 | if (cmsg->cmsg_len < CMSG_LEN(4)) { |
850 | err = -EINVAL; |
851 | goto exit_f; |
852 | } |
853 | |
854 | if (fl6->flowlabel&IPV6_FLOWINFO_MASK) { |
855 | if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) { |
856 | err = -EINVAL; |
857 | goto exit_f; |
858 | } |
859 | } |
860 | fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg); |
861 | break; |
862 | |
863 | case IPV6_2292HOPOPTS: |
864 | case IPV6_HOPOPTS: |
865 | if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { |
866 | err = -EINVAL; |
867 | goto exit_f; |
868 | } |
869 | |
870 | hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); |
871 | len = ((hdr->hdrlen + 1) << 3); |
872 | if (cmsg->cmsg_len < CMSG_LEN(len)) { |
873 | err = -EINVAL; |
874 | goto exit_f; |
875 | } |
876 | if (!ns_capable(ns: net->user_ns, CAP_NET_RAW)) { |
877 | err = -EPERM; |
878 | goto exit_f; |
879 | } |
880 | opt->opt_nflen += len; |
881 | opt->hopopt = hdr; |
882 | break; |
883 | |
884 | case IPV6_2292DSTOPTS: |
885 | if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { |
886 | err = -EINVAL; |
887 | goto exit_f; |
888 | } |
889 | |
890 | hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); |
891 | len = ((hdr->hdrlen + 1) << 3); |
892 | if (cmsg->cmsg_len < CMSG_LEN(len)) { |
893 | err = -EINVAL; |
894 | goto exit_f; |
895 | } |
896 | if (!ns_capable(ns: net->user_ns, CAP_NET_RAW)) { |
897 | err = -EPERM; |
898 | goto exit_f; |
899 | } |
900 | if (opt->dst1opt) { |
901 | err = -EINVAL; |
902 | goto exit_f; |
903 | } |
904 | opt->opt_flen += len; |
905 | opt->dst1opt = hdr; |
906 | break; |
907 | |
908 | case IPV6_DSTOPTS: |
909 | case IPV6_RTHDRDSTOPTS: |
910 | if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { |
911 | err = -EINVAL; |
912 | goto exit_f; |
913 | } |
914 | |
915 | hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); |
916 | len = ((hdr->hdrlen + 1) << 3); |
917 | if (cmsg->cmsg_len < CMSG_LEN(len)) { |
918 | err = -EINVAL; |
919 | goto exit_f; |
920 | } |
921 | if (!ns_capable(ns: net->user_ns, CAP_NET_RAW)) { |
922 | err = -EPERM; |
923 | goto exit_f; |
924 | } |
925 | if (cmsg->cmsg_type == IPV6_DSTOPTS) { |
926 | opt->opt_flen += len; |
927 | opt->dst1opt = hdr; |
928 | } else { |
929 | opt->opt_nflen += len; |
930 | opt->dst0opt = hdr; |
931 | } |
932 | break; |
933 | |
934 | case IPV6_2292RTHDR: |
935 | case IPV6_RTHDR: |
936 | if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_rt_hdr))) { |
937 | err = -EINVAL; |
938 | goto exit_f; |
939 | } |
940 | |
941 | rthdr = (struct ipv6_rt_hdr *)CMSG_DATA(cmsg); |
942 | |
943 | switch (rthdr->type) { |
944 | #if IS_ENABLED(CONFIG_IPV6_MIP6) |
945 | case IPV6_SRCRT_TYPE_2: |
946 | if (rthdr->hdrlen != 2 || |
947 | rthdr->segments_left != 1) { |
948 | err = -EINVAL; |
949 | goto exit_f; |
950 | } |
951 | break; |
952 | #endif |
953 | default: |
954 | err = -EINVAL; |
955 | goto exit_f; |
956 | } |
957 | |
958 | len = ((rthdr->hdrlen + 1) << 3); |
959 | |
960 | if (cmsg->cmsg_len < CMSG_LEN(len)) { |
961 | err = -EINVAL; |
962 | goto exit_f; |
963 | } |
964 | |
965 | /* segments left must also match */ |
966 | if ((rthdr->hdrlen >> 1) != rthdr->segments_left) { |
967 | err = -EINVAL; |
968 | goto exit_f; |
969 | } |
970 | |
971 | opt->opt_nflen += len; |
972 | opt->srcrt = rthdr; |
973 | |
974 | if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) { |
975 | int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3); |
976 | |
977 | opt->opt_nflen += dsthdrlen; |
978 | opt->dst0opt = opt->dst1opt; |
979 | opt->dst1opt = NULL; |
980 | opt->opt_flen -= dsthdrlen; |
981 | } |
982 | |
983 | break; |
984 | |
985 | case IPV6_2292HOPLIMIT: |
986 | case IPV6_HOPLIMIT: |
987 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) { |
988 | err = -EINVAL; |
989 | goto exit_f; |
990 | } |
991 | |
992 | ipc6->hlimit = *(int *)CMSG_DATA(cmsg); |
993 | if (ipc6->hlimit < -1 || ipc6->hlimit > 0xff) { |
994 | err = -EINVAL; |
995 | goto exit_f; |
996 | } |
997 | |
998 | break; |
999 | |
1000 | case IPV6_TCLASS: |
1001 | { |
1002 | int tc; |
1003 | |
1004 | err = -EINVAL; |
1005 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) |
1006 | goto exit_f; |
1007 | |
1008 | tc = *(int *)CMSG_DATA(cmsg); |
1009 | if (tc < -1 || tc > 0xff) |
1010 | goto exit_f; |
1011 | |
1012 | err = 0; |
1013 | ipc6->tclass = tc; |
1014 | |
1015 | break; |
1016 | } |
1017 | |
1018 | case IPV6_DONTFRAG: |
1019 | { |
1020 | int df; |
1021 | |
1022 | err = -EINVAL; |
1023 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) |
1024 | goto exit_f; |
1025 | |
1026 | df = *(int *)CMSG_DATA(cmsg); |
1027 | if (df < 0 || df > 1) |
1028 | goto exit_f; |
1029 | |
1030 | err = 0; |
1031 | ipc6->dontfrag = df; |
1032 | |
1033 | break; |
1034 | } |
1035 | default: |
1036 | net_dbg_ratelimited("invalid cmsg type: %d\n" , |
1037 | cmsg->cmsg_type); |
1038 | err = -EINVAL; |
1039 | goto exit_f; |
1040 | } |
1041 | } |
1042 | |
1043 | exit_f: |
1044 | return err; |
1045 | } |
1046 | EXPORT_SYMBOL_GPL(ip6_datagram_send_ctl); |
1047 | |
1048 | void __ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, |
1049 | __u16 srcp, __u16 destp, int rqueue, int bucket) |
1050 | { |
1051 | const struct in6_addr *dest, *src; |
1052 | |
1053 | dest = &sp->sk_v6_daddr; |
1054 | src = &sp->sk_v6_rcv_saddr; |
1055 | seq_printf(m: seq, |
1056 | fmt: "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " |
1057 | "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n" , |
1058 | bucket, |
1059 | src->s6_addr32[0], src->s6_addr32[1], |
1060 | src->s6_addr32[2], src->s6_addr32[3], srcp, |
1061 | dest->s6_addr32[0], dest->s6_addr32[1], |
1062 | dest->s6_addr32[2], dest->s6_addr32[3], destp, |
1063 | sp->sk_state, |
1064 | sk_wmem_alloc_get(sk: sp), |
1065 | rqueue, |
1066 | 0, 0L, 0, |
1067 | from_kuid_munged(to: seq_user_ns(seq), uid: sock_i_uid(sk: sp)), |
1068 | 0, |
1069 | sock_i_ino(sk: sp), |
1070 | refcount_read(r: &sp->sk_refcnt), sp, |
1071 | atomic_read(v: &sp->sk_drops)); |
1072 | } |
1073 | |