linux/net/ipv4/ip_sockglue.c
<<
>>
Prefs
   1/*
   2 * INET         An implementation of the TCP/IP protocol suite for the LINUX
   3 *              operating system.  INET is implemented using the  BSD Socket
   4 *              interface as the means of communication with the user level.
   5 *
   6 *              The IP to API glue.
   7 *
   8 * Authors:     see ip.c
   9 *
  10 * Fixes:
  11 *              Many            :       Split from ip.c , see ip.c for history.
  12 *              Martin Mares    :       TOS setting fixed.
  13 *              Alan Cox        :       Fixed a couple of oopses in Martin's
  14 *                                      TOS tweaks.
  15 *              Mike McLagan    :       Routing by source
  16 */
  17
  18#include <linux/module.h>
  19#include <linux/types.h>
  20#include <linux/mm.h>
  21#include <linux/skbuff.h>
  22#include <linux/ip.h>
  23#include <linux/icmp.h>
  24#include <linux/inetdevice.h>
  25#include <linux/netdevice.h>
  26#include <net/sock.h>
  27#include <net/ip.h>
  28#include <net/icmp.h>
  29#include <net/tcp_states.h>
  30#include <linux/udp.h>
  31#include <linux/igmp.h>
  32#include <linux/netfilter.h>
  33#include <linux/route.h>
  34#include <linux/mroute.h>
  35#include <net/route.h>
  36#include <net/xfrm.h>
  37#include <net/compat.h>
  38#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
  39#include <net/transp_v6.h>
  40#endif
  41
  42#include <linux/errqueue.h>
  43#include <asm/uaccess.h>
  44
  45#define IP_CMSG_PKTINFO         1
  46#define IP_CMSG_TTL             2
  47#define IP_CMSG_TOS             4
  48#define IP_CMSG_RECVOPTS        8
  49#define IP_CMSG_RETOPTS         16
  50#define IP_CMSG_PASSSEC         32
  51#define IP_CMSG_ORIGDSTADDR     64
  52
  53/*
  54 *      SOL_IP control messages.
  55 */
  56
  57static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
  58{
  59        struct in_pktinfo info;
  60        struct rtable *rt = skb->rtable;
  61
  62        info.ipi_addr.s_addr = ip_hdr(skb)->daddr;
  63        if (rt) {
  64                info.ipi_ifindex = rt->rt_iif;
  65                info.ipi_spec_dst.s_addr = rt->rt_spec_dst;
  66        } else {
  67                info.ipi_ifindex = 0;
  68                info.ipi_spec_dst.s_addr = 0;
  69        }
  70
  71        put_cmsg(msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
  72}
  73
  74static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb)
  75{
  76        int ttl = ip_hdr(skb)->ttl;
  77        put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl);
  78}
  79
  80static void ip_cmsg_recv_tos(struct msghdr *msg, struct sk_buff *skb)
  81{
  82        put_cmsg(msg, SOL_IP, IP_TOS, 1, &ip_hdr(skb)->tos);
  83}
  84
  85static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb)
  86{
  87        if (IPCB(skb)->opt.optlen == 0)
  88                return;
  89
  90        put_cmsg(msg, SOL_IP, IP_RECVOPTS, IPCB(skb)->opt.optlen,
  91                 ip_hdr(skb) + 1);
  92}
  93
  94
  95static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb)
  96{
  97        unsigned char optbuf[sizeof(struct ip_options) + 40];
  98        struct ip_options * opt = (struct ip_options *)optbuf;
  99
 100        if (IPCB(skb)->opt.optlen == 0)
 101                return;
 102
 103        if (ip_options_echo(opt, skb)) {
 104                msg->msg_flags |= MSG_CTRUNC;
 105                return;
 106        }
 107        ip_options_undo(opt);
 108
 109        put_cmsg(msg, SOL_IP, IP_RETOPTS, opt->optlen, opt->__data);
 110}
 111
 112static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 113{
 114        char *secdata;
 115        u32 seclen, secid;
 116        int err;
 117
 118        err = security_socket_getpeersec_dgram(NULL, skb, &secid);
 119        if (err)
 120                return;
 121
 122        err = security_secid_to_secctx(secid, &secdata, &seclen);
 123        if (err)
 124                return;
 125
 126        put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
 127        security_release_secctx(secdata, seclen);
 128}
 129
 130static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
 131{
 132        struct sockaddr_in sin;
 133        struct iphdr *iph = ip_hdr(skb);
 134        __be16 *ports = (__be16 *)skb_transport_header(skb);
 135
 136        if (skb_transport_offset(skb) + 4 > skb->len)
 137                return;
 138
 139        /* All current transport protocols have the port numbers in the
 140         * first four bytes of the transport header and this function is
 141         * written with this assumption in mind.
 142         */
 143
 144        sin.sin_family = AF_INET;
 145        sin.sin_addr.s_addr = iph->daddr;
 146        sin.sin_port = ports[1];
 147        memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
 148
 149        put_cmsg(msg, SOL_IP, IP_ORIGDSTADDR, sizeof(sin), &sin);
 150}
 151
 152void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb)
 153{
 154        struct inet_sock *inet = inet_sk(skb->sk);
 155        unsigned flags = inet->cmsg_flags;
 156
 157        /* Ordered by supposed usage frequency */
 158        if (flags & 1)
 159                ip_cmsg_recv_pktinfo(msg, skb);
 160        if ((flags>>=1) == 0)
 161                return;
 162
 163        if (flags & 1)
 164                ip_cmsg_recv_ttl(msg, skb);
 165        if ((flags>>=1) == 0)
 166                return;
 167
 168        if (flags & 1)
 169                ip_cmsg_recv_tos(msg, skb);
 170        if ((flags>>=1) == 0)
 171                return;
 172
 173        if (flags & 1)
 174                ip_cmsg_recv_opts(msg, skb);
 175        if ((flags>>=1) == 0)
 176                return;
 177
 178        if (flags & 1)
 179                ip_cmsg_recv_retopts(msg, skb);
 180        if ((flags>>=1) == 0)
 181                return;
 182
 183        if (flags & 1)
 184                ip_cmsg_recv_security(msg, skb);
 185
 186        if ((flags>>=1) == 0)
 187                return;
 188        if (flags & 1)
 189                ip_cmsg_recv_dstaddr(msg, skb);
 190
 191}
 192
 193int ip_cmsg_send(struct net *net, struct msghdr *msg, struct ipcm_cookie *ipc)
 194{
 195        int err;
 196        struct cmsghdr *cmsg;
 197
 198        for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
 199                if (!CMSG_OK(msg, cmsg))
 200                        return -EINVAL;
 201                if (cmsg->cmsg_level != SOL_IP)
 202                        continue;
 203                switch (cmsg->cmsg_type) {
 204                case IP_RETOPTS:
 205                        err = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr));
 206                        err = ip_options_get(net, &ipc->opt, CMSG_DATA(cmsg), err < 40 ? err : 40);
 207                        if (err)
 208                                return err;
 209                        break;
 210                case IP_PKTINFO:
 211                {
 212                        struct in_pktinfo *info;
 213                        if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo)))
 214                                return -EINVAL;
 215                        info = (struct in_pktinfo *)CMSG_DATA(cmsg);
 216                        ipc->oif = info->ipi_ifindex;
 217                        ipc->addr = info->ipi_spec_dst.s_addr;
 218                        break;
 219                }
 220                default:
 221                        return -EINVAL;
 222                }
 223        }
 224        return 0;
 225}
 226
 227
 228/* Special input handler for packets caught by router alert option.
 229   They are selected only by protocol field, and then processed likely
 230   local ones; but only if someone wants them! Otherwise, router
 231   not running rsvpd will kill RSVP.
 232
 233   It is user level problem, what it will make with them.
 234   I have no idea, how it will masquearde or NAT them (it is joke, joke :-)),
 235   but receiver should be enough clever f.e. to forward mtrace requests,
 236   sent to multicast group to reach destination designated router.
 237 */
 238struct ip_ra_chain *ip_ra_chain;
 239DEFINE_RWLOCK(ip_ra_lock);
 240
 241int ip_ra_control(struct sock *sk, unsigned char on, void (*destructor)(struct sock *))
 242{
 243        struct ip_ra_chain *ra, *new_ra, **rap;
 244
 245        if (sk->sk_type != SOCK_RAW || inet_sk(sk)->num == IPPROTO_RAW)
 246                return -EINVAL;
 247
 248        new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
 249
 250        write_lock_bh(&ip_ra_lock);
 251        for (rap = &ip_ra_chain; (ra=*rap) != NULL; rap = &ra->next) {
 252                if (ra->sk == sk) {
 253                        if (on) {
 254                                write_unlock_bh(&ip_ra_lock);
 255                                kfree(new_ra);
 256                                return -EADDRINUSE;
 257                        }
 258                        *rap = ra->next;
 259                        write_unlock_bh(&ip_ra_lock);
 260
 261                        if (ra->destructor)
 262                                ra->destructor(sk);
 263                        sock_put(sk);
 264                        kfree(ra);
 265                        return 0;
 266                }
 267        }
 268        if (new_ra == NULL) {
 269                write_unlock_bh(&ip_ra_lock);
 270                return -ENOBUFS;
 271        }
 272        new_ra->sk = sk;
 273        new_ra->destructor = destructor;
 274
 275        new_ra->next = ra;
 276        *rap = new_ra;
 277        sock_hold(sk);
 278        write_unlock_bh(&ip_ra_lock);
 279
 280        return 0;
 281}
 282
 283void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
 284                   __be16 port, u32 info, u8 *payload)
 285{
 286        struct inet_sock *inet = inet_sk(sk);
 287        struct sock_exterr_skb *serr;
 288
 289        if (!inet->recverr)
 290                return;
 291
 292        skb = skb_clone(skb, GFP_ATOMIC);
 293        if (!skb)
 294                return;
 295
 296        serr = SKB_EXT_ERR(skb);
 297        serr->ee.ee_errno = err;
 298        serr->ee.ee_origin = SO_EE_ORIGIN_ICMP;
 299        serr->ee.ee_type = icmp_hdr(skb)->type;
 300        serr->ee.ee_code = icmp_hdr(skb)->code;
 301        serr->ee.ee_pad = 0;
 302        serr->ee.ee_info = info;
 303        serr->ee.ee_data = 0;
 304        serr->addr_offset = (u8 *)&(((struct iphdr *)(icmp_hdr(skb) + 1))->daddr) -
 305                                   skb_network_header(skb);
 306        serr->port = port;
 307
 308        if (skb_pull(skb, payload - skb->data) != NULL) {
 309                skb_reset_transport_header(skb);
 310                if (sock_queue_err_skb(sk, skb) == 0)
 311                        return;
 312        }
 313        kfree_skb(skb);
 314}
 315
 316void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 info)
 317{
 318        struct inet_sock *inet = inet_sk(sk);
 319        struct sock_exterr_skb *serr;
 320        struct iphdr *iph;
 321        struct sk_buff *skb;
 322
 323        if (!inet->recverr)
 324                return;
 325
 326        skb = alloc_skb(sizeof(struct iphdr), GFP_ATOMIC);
 327        if (!skb)
 328                return;
 329
 330        skb_put(skb, sizeof(struct iphdr));
 331        skb_reset_network_header(skb);
 332        iph = ip_hdr(skb);
 333        iph->daddr = daddr;
 334
 335        serr = SKB_EXT_ERR(skb);
 336        serr->ee.ee_errno = err;
 337        serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
 338        serr->ee.ee_type = 0;
 339        serr->ee.ee_code = 0;
 340        serr->ee.ee_pad = 0;
 341        serr->ee.ee_info = info;
 342        serr->ee.ee_data = 0;
 343        serr->addr_offset = (u8 *)&iph->daddr - skb_network_header(skb);
 344        serr->port = port;
 345
 346        __skb_pull(skb, skb_tail_pointer(skb) - skb->data);
 347        skb_reset_transport_header(skb);
 348
 349        if (sock_queue_err_skb(sk, skb))
 350                kfree_skb(skb);
 351}
 352
 353/*
 354 *      Handle MSG_ERRQUEUE
 355 */
 356int ip_recv_error(struct sock *sk, struct msghdr *msg, int len)
 357{
 358        struct sock_exterr_skb *serr;
 359        struct sk_buff *skb, *skb2;
 360        struct sockaddr_in *sin;
 361        struct {
 362                struct sock_extended_err ee;
 363                struct sockaddr_in       offender;
 364        } errhdr;
 365        int err;
 366        int copied;
 367
 368        err = -EAGAIN;
 369        skb = skb_dequeue(&sk->sk_error_queue);
 370        if (skb == NULL)
 371                goto out;
 372
 373        copied = skb->len;
 374        if (copied > len) {
 375                msg->msg_flags |= MSG_TRUNC;
 376                copied = len;
 377        }
 378        err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
 379        if (err)
 380                goto out_free_skb;
 381
 382        sock_recv_timestamp(msg, sk, skb);
 383
 384        serr = SKB_EXT_ERR(skb);
 385
 386        sin = (struct sockaddr_in *)msg->msg_name;
 387        if (sin) {
 388                sin->sin_family = AF_INET;
 389                sin->sin_addr.s_addr = *(__be32 *)(skb_network_header(skb) +
 390                                                   serr->addr_offset);
 391                sin->sin_port = serr->port;
 392                memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
 393        }
 394
 395        memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
 396        sin = &errhdr.offender;
 397        sin->sin_family = AF_UNSPEC;
 398        if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) {
 399                struct inet_sock *inet = inet_sk(sk);
 400
 401                sin->sin_family = AF_INET;
 402                sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
 403                sin->sin_port = 0;
 404                memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
 405                if (inet->cmsg_flags)
 406                        ip_cmsg_recv(msg, skb);
 407        }
 408
 409        put_cmsg(msg, SOL_IP, IP_RECVERR, sizeof(errhdr), &errhdr);
 410
 411        /* Now we could try to dump offended packet options */
 412
 413        msg->msg_flags |= MSG_ERRQUEUE;
 414        err = copied;
 415
 416        /* Reset and regenerate socket error */
 417        spin_lock_bh(&sk->sk_error_queue.lock);
 418        sk->sk_err = 0;
 419        if ((skb2 = skb_peek(&sk->sk_error_queue)) != NULL) {
 420                sk->sk_err = SKB_EXT_ERR(skb2)->ee.ee_errno;
 421                spin_unlock_bh(&sk->sk_error_queue.lock);
 422                sk->sk_error_report(sk);
 423        } else
 424                spin_unlock_bh(&sk->sk_error_queue.lock);
 425
 426out_free_skb:
 427        kfree_skb(skb);
 428out:
 429        return err;
 430}
 431
 432
 433/*
 434 *      Socket option code for IP. This is the end of the line after any TCP,UDP etc options on
 435 *      an IP socket.
 436 */
 437
 438static int do_ip_setsockopt(struct sock *sk, int level,
 439                            int optname, char __user *optval, int optlen)
 440{
 441        struct inet_sock *inet = inet_sk(sk);
 442        int val = 0, err;
 443
 444        if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) |
 445                             (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) |
 446                             (1<<IP_RETOPTS) | (1<<IP_TOS) |
 447                             (1<<IP_TTL) | (1<<IP_HDRINCL) |
 448                             (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) |
 449                             (1<<IP_ROUTER_ALERT) | (1<<IP_FREEBIND) |
 450                             (1<<IP_PASSSEC) | (1<<IP_TRANSPARENT))) ||
 451            optname == IP_MULTICAST_TTL ||
 452            optname == IP_MULTICAST_LOOP ||
 453            optname == IP_RECVORIGDSTADDR) {
 454                if (optlen >= sizeof(int)) {
 455                        if (get_user(val, (int __user *) optval))
 456                                return -EFAULT;
 457                } else if (optlen >= sizeof(char)) {
 458                        unsigned char ucval;
 459
 460                        if (get_user(ucval, (unsigned char __user *) optval))
 461                                return -EFAULT;
 462                        val = (int) ucval;
 463                }
 464        }
 465
 466        /* If optlen==0, it is equivalent to val == 0 */
 467
 468        if (ip_mroute_opt(optname))
 469                return ip_mroute_setsockopt(sk, optname, optval, optlen);
 470
 471        err = 0;
 472        lock_sock(sk);
 473
 474        switch (optname) {
 475        case IP_OPTIONS:
 476        {
 477                struct ip_options * opt = NULL;
 478                if (optlen > 40 || optlen < 0)
 479                        goto e_inval;
 480                err = ip_options_get_from_user(sock_net(sk), &opt,
 481                                               optval, optlen);
 482                if (err)
 483                        break;
 484                if (inet->is_icsk) {
 485                        struct inet_connection_sock *icsk = inet_csk(sk);
 486#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 487                        if (sk->sk_family == PF_INET ||
 488                            (!((1 << sk->sk_state) &
 489                               (TCPF_LISTEN | TCPF_CLOSE)) &&
 490                             inet->daddr != LOOPBACK4_IPV6)) {
 491#endif
 492                                if (inet->opt)
 493                                        icsk->icsk_ext_hdr_len -= inet->opt->optlen;
 494                                if (opt)
 495                                        icsk->icsk_ext_hdr_len += opt->optlen;
 496                                icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
 497#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 498                        }
 499#endif
 500                }
 501                opt = xchg(&inet->opt, opt);
 502                kfree(opt);
 503                break;
 504        }
 505        case IP_PKTINFO:
 506                if (val)
 507                        inet->cmsg_flags |= IP_CMSG_PKTINFO;
 508                else
 509                        inet->cmsg_flags &= ~IP_CMSG_PKTINFO;
 510                break;
 511        case IP_RECVTTL:
 512                if (val)
 513                        inet->cmsg_flags |=  IP_CMSG_TTL;
 514                else
 515                        inet->cmsg_flags &= ~IP_CMSG_TTL;
 516                break;
 517        case IP_RECVTOS:
 518                if (val)
 519                        inet->cmsg_flags |=  IP_CMSG_TOS;
 520                else
 521                        inet->cmsg_flags &= ~IP_CMSG_TOS;
 522                break;
 523        case IP_RECVOPTS:
 524                if (val)
 525                        inet->cmsg_flags |=  IP_CMSG_RECVOPTS;
 526                else
 527                        inet->cmsg_flags &= ~IP_CMSG_RECVOPTS;
 528                break;
 529        case IP_RETOPTS:
 530                if (val)
 531                        inet->cmsg_flags |= IP_CMSG_RETOPTS;
 532                else
 533                        inet->cmsg_flags &= ~IP_CMSG_RETOPTS;
 534                break;
 535        case IP_PASSSEC:
 536                if (val)
 537                        inet->cmsg_flags |= IP_CMSG_PASSSEC;
 538                else
 539                        inet->cmsg_flags &= ~IP_CMSG_PASSSEC;
 540                break;
 541        case IP_RECVORIGDSTADDR:
 542                if (val)
 543                        inet->cmsg_flags |= IP_CMSG_ORIGDSTADDR;
 544                else
 545                        inet->cmsg_flags &= ~IP_CMSG_ORIGDSTADDR;
 546                break;
 547        case IP_TOS:    /* This sets both TOS and Precedence */
 548                if (sk->sk_type == SOCK_STREAM) {
 549                        val &= ~3;
 550                        val |= inet->tos & 3;
 551                }
 552                if (inet->tos != val) {
 553                        inet->tos = val;
 554                        sk->sk_priority = rt_tos2priority(val);
 555                        sk_dst_reset(sk);
 556                }
 557                break;
 558        case IP_TTL:
 559                if (optlen<1)
 560                        goto e_inval;
 561                if (val != -1 && (val < 1 || val>255))
 562                        goto e_inval;
 563                inet->uc_ttl = val;
 564                break;
 565        case IP_HDRINCL:
 566                if (sk->sk_type != SOCK_RAW) {
 567                        err = -ENOPROTOOPT;
 568                        break;
 569                }
 570                inet->hdrincl = val ? 1 : 0;
 571                break;
 572        case IP_MTU_DISCOVER:
 573                if (val<0 || val>3)
 574                        goto e_inval;
 575                inet->pmtudisc = val;
 576                break;
 577        case IP_RECVERR:
 578                inet->recverr = !!val;
 579                if (!val)
 580                        skb_queue_purge(&sk->sk_error_queue);
 581                break;
 582        case IP_MULTICAST_TTL:
 583                if (sk->sk_type == SOCK_STREAM)
 584                        goto e_inval;
 585                if (optlen<1)
 586                        goto e_inval;
 587                if (val == -1)
 588                        val = 1;
 589                if (val < 0 || val > 255)
 590                        goto e_inval;
 591                inet->mc_ttl = val;
 592                break;
 593        case IP_MULTICAST_LOOP:
 594                if (optlen<1)
 595                        goto e_inval;
 596                inet->mc_loop = !!val;
 597                break;
 598        case IP_MULTICAST_IF:
 599        {
 600                struct ip_mreqn mreq;
 601                struct net_device *dev = NULL;
 602
 603                if (sk->sk_type == SOCK_STREAM)
 604                        goto e_inval;
 605                /*
 606                 *      Check the arguments are allowable
 607                 */
 608
 609                err = -EFAULT;
 610                if (optlen >= sizeof(struct ip_mreqn)) {
 611                        if (copy_from_user(&mreq, optval, sizeof(mreq)))
 612                                break;
 613                } else {
 614                        memset(&mreq, 0, sizeof(mreq));
 615                        if (optlen >= sizeof(struct in_addr) &&
 616                            copy_from_user(&mreq.imr_address, optval, sizeof(struct in_addr)))
 617                                break;
 618                }
 619
 620                if (!mreq.imr_ifindex) {
 621                        if (mreq.imr_address.s_addr == htonl(INADDR_ANY)) {
 622                                inet->mc_index = 0;
 623                                inet->mc_addr  = 0;
 624                                err = 0;
 625                                break;
 626                        }
 627                        dev = ip_dev_find(sock_net(sk), mreq.imr_address.s_addr);
 628                        if (dev) {
 629                                mreq.imr_ifindex = dev->ifindex;
 630                                dev_put(dev);
 631                        }
 632                } else
 633                        dev = __dev_get_by_index(sock_net(sk), mreq.imr_ifindex);
 634
 635
 636                err = -EADDRNOTAVAIL;
 637                if (!dev)
 638                        break;
 639
 640                err = -EINVAL;
 641                if (sk->sk_bound_dev_if &&
 642                    mreq.imr_ifindex != sk->sk_bound_dev_if)
 643                        break;
 644
 645                inet->mc_index = mreq.imr_ifindex;
 646                inet->mc_addr  = mreq.imr_address.s_addr;
 647                err = 0;
 648                break;
 649        }
 650
 651        case IP_ADD_MEMBERSHIP:
 652        case IP_DROP_MEMBERSHIP:
 653        {
 654                struct ip_mreqn mreq;
 655
 656                err = -EPROTO;
 657                if (inet_sk(sk)->is_icsk)
 658                        break;
 659
 660                if (optlen < sizeof(struct ip_mreq))
 661                        goto e_inval;
 662                err = -EFAULT;
 663                if (optlen >= sizeof(struct ip_mreqn)) {
 664                        if (copy_from_user(&mreq, optval, sizeof(mreq)))
 665                                break;
 666                } else {
 667                        memset(&mreq, 0, sizeof(mreq));
 668                        if (copy_from_user(&mreq, optval, sizeof(struct ip_mreq)))
 669                                break;
 670                }
 671
 672                if (optname == IP_ADD_MEMBERSHIP)
 673                        err = ip_mc_join_group(sk, &mreq);
 674                else
 675                        err = ip_mc_leave_group(sk, &mreq);
 676                break;
 677        }
 678        case IP_MSFILTER:
 679        {
 680                extern int sysctl_igmp_max_msf;
 681                struct ip_msfilter *msf;
 682
 683                if (optlen < IP_MSFILTER_SIZE(0))
 684                        goto e_inval;
 685                if (optlen > sysctl_optmem_max) {
 686                        err = -ENOBUFS;
 687                        break;
 688                }
 689                msf = kmalloc(optlen, GFP_KERNEL);
 690                if (!msf) {
 691                        err = -ENOBUFS;
 692                        break;
 693                }
 694                err = -EFAULT;
 695                if (copy_from_user(msf, optval, optlen)) {
 696                        kfree(msf);
 697                        break;
 698                }
 699                /* numsrc >= (1G-4) overflow in 32 bits */
 700                if (msf->imsf_numsrc >= 0x3ffffffcU ||
 701                    msf->imsf_numsrc > sysctl_igmp_max_msf) {
 702                        kfree(msf);
 703                        err = -ENOBUFS;
 704                        break;
 705                }
 706                if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
 707                        kfree(msf);
 708                        err = -EINVAL;
 709                        break;
 710                }
 711                err = ip_mc_msfilter(sk, msf, 0);
 712                kfree(msf);
 713                break;
 714        }
 715        case IP_BLOCK_SOURCE:
 716        case IP_UNBLOCK_SOURCE:
 717        case IP_ADD_SOURCE_MEMBERSHIP:
 718        case IP_DROP_SOURCE_MEMBERSHIP:
 719        {
 720                struct ip_mreq_source mreqs;
 721                int omode, add;
 722
 723                if (optlen != sizeof(struct ip_mreq_source))
 724                        goto e_inval;
 725                if (copy_from_user(&mreqs, optval, sizeof(mreqs))) {
 726                        err = -EFAULT;
 727                        break;
 728                }
 729                if (optname == IP_BLOCK_SOURCE) {
 730                        omode = MCAST_EXCLUDE;
 731                        add = 1;
 732                } else if (optname == IP_UNBLOCK_SOURCE) {
 733                        omode = MCAST_EXCLUDE;
 734                        add = 0;
 735                } else if (optname == IP_ADD_SOURCE_MEMBERSHIP) {
 736                        struct ip_mreqn mreq;
 737
 738                        mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr;
 739                        mreq.imr_address.s_addr = mreqs.imr_interface;
 740                        mreq.imr_ifindex = 0;
 741                        err = ip_mc_join_group(sk, &mreq);
 742                        if (err && err != -EADDRINUSE)
 743                                break;
 744                        omode = MCAST_INCLUDE;
 745                        add = 1;
 746                } else /* IP_DROP_SOURCE_MEMBERSHIP */ {
 747                        omode = MCAST_INCLUDE;
 748                        add = 0;
 749                }
 750                err = ip_mc_source(add, omode, sk, &mreqs, 0);
 751                break;
 752        }
 753        case MCAST_JOIN_GROUP:
 754        case MCAST_LEAVE_GROUP:
 755        {
 756                struct group_req greq;
 757                struct sockaddr_in *psin;
 758                struct ip_mreqn mreq;
 759
 760                if (optlen < sizeof(struct group_req))
 761                        goto e_inval;
 762                err = -EFAULT;
 763                if (copy_from_user(&greq, optval, sizeof(greq)))
 764                        break;
 765                psin = (struct sockaddr_in *)&greq.gr_group;
 766                if (psin->sin_family != AF_INET)
 767                        goto e_inval;
 768                memset(&mreq, 0, sizeof(mreq));
 769                mreq.imr_multiaddr = psin->sin_addr;
 770                mreq.imr_ifindex = greq.gr_interface;
 771
 772                if (optname == MCAST_JOIN_GROUP)
 773                        err = ip_mc_join_group(sk, &mreq);
 774                else
 775                        err = ip_mc_leave_group(sk, &mreq);
 776                break;
 777        }
 778        case MCAST_JOIN_SOURCE_GROUP:
 779        case MCAST_LEAVE_SOURCE_GROUP:
 780        case MCAST_BLOCK_SOURCE:
 781        case MCAST_UNBLOCK_SOURCE:
 782        {
 783                struct group_source_req greqs;
 784                struct ip_mreq_source mreqs;
 785                struct sockaddr_in *psin;
 786                int omode, add;
 787
 788                if (optlen != sizeof(struct group_source_req))
 789                        goto e_inval;
 790                if (copy_from_user(&greqs, optval, sizeof(greqs))) {
 791                        err = -EFAULT;
 792                        break;
 793                }
 794                if (greqs.gsr_group.ss_family != AF_INET ||
 795                    greqs.gsr_source.ss_family != AF_INET) {
 796                        err = -EADDRNOTAVAIL;
 797                        break;
 798                }
 799                psin = (struct sockaddr_in *)&greqs.gsr_group;
 800                mreqs.imr_multiaddr = psin->sin_addr.s_addr;
 801                psin = (struct sockaddr_in *)&greqs.gsr_source;
 802                mreqs.imr_sourceaddr = psin->sin_addr.s_addr;
 803                mreqs.imr_interface = 0; /* use index for mc_source */
 804
 805                if (optname == MCAST_BLOCK_SOURCE) {
 806                        omode = MCAST_EXCLUDE;
 807                        add = 1;
 808                } else if (optname == MCAST_UNBLOCK_SOURCE) {
 809                        omode = MCAST_EXCLUDE;
 810                        add = 0;
 811                } else if (optname == MCAST_JOIN_SOURCE_GROUP) {
 812                        struct ip_mreqn mreq;
 813
 814                        psin = (struct sockaddr_in *)&greqs.gsr_group;
 815                        mreq.imr_multiaddr = psin->sin_addr;
 816                        mreq.imr_address.s_addr = 0;
 817                        mreq.imr_ifindex = greqs.gsr_interface;
 818                        err = ip_mc_join_group(sk, &mreq);
 819                        if (err && err != -EADDRINUSE)
 820                                break;
 821                        greqs.gsr_interface = mreq.imr_ifindex;
 822                        omode = MCAST_INCLUDE;
 823                        add = 1;
 824                } else /* MCAST_LEAVE_SOURCE_GROUP */ {
 825                        omode = MCAST_INCLUDE;
 826                        add = 0;
 827                }
 828                err = ip_mc_source(add, omode, sk, &mreqs,
 829                                   greqs.gsr_interface);
 830                break;
 831        }
 832        case MCAST_MSFILTER:
 833        {
 834                extern int sysctl_igmp_max_msf;
 835                struct sockaddr_in *psin;
 836                struct ip_msfilter *msf = NULL;
 837                struct group_filter *gsf = NULL;
 838                int msize, i, ifindex;
 839
 840                if (optlen < GROUP_FILTER_SIZE(0))
 841                        goto e_inval;
 842                if (optlen > sysctl_optmem_max) {
 843                        err = -ENOBUFS;
 844                        break;
 845                }
 846                gsf = kmalloc(optlen, GFP_KERNEL);
 847                if (!gsf) {
 848                        err = -ENOBUFS;
 849                        break;
 850                }
 851                err = -EFAULT;
 852                if (copy_from_user(gsf, optval, optlen)) {
 853                        goto mc_msf_out;
 854                }
 855                /* numsrc >= (4G-140)/128 overflow in 32 bits */
 856                if (gsf->gf_numsrc >= 0x1ffffff ||
 857                    gsf->gf_numsrc > sysctl_igmp_max_msf) {
 858                        err = -ENOBUFS;
 859                        goto mc_msf_out;
 860                }
 861                if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
 862                        err = -EINVAL;
 863                        goto mc_msf_out;
 864                }
 865                msize = IP_MSFILTER_SIZE(gsf->gf_numsrc);
 866                msf = kmalloc(msize, GFP_KERNEL);
 867                if (!msf) {
 868                        err = -ENOBUFS;
 869                        goto mc_msf_out;
 870                }
 871                ifindex = gsf->gf_interface;
 872                psin = (struct sockaddr_in *)&gsf->gf_group;
 873                if (psin->sin_family != AF_INET) {
 874                        err = -EADDRNOTAVAIL;
 875                        goto mc_msf_out;
 876                }
 877                msf->imsf_multiaddr = psin->sin_addr.s_addr;
 878                msf->imsf_interface = 0;
 879                msf->imsf_fmode = gsf->gf_fmode;
 880                msf->imsf_numsrc = gsf->gf_numsrc;
 881                err = -EADDRNOTAVAIL;
 882                for (i=0; i<gsf->gf_numsrc; ++i) {
 883                        psin = (struct sockaddr_in *)&gsf->gf_slist[i];
 884
 885                        if (psin->sin_family != AF_INET)
 886                                goto mc_msf_out;
 887                        msf->imsf_slist[i] = psin->sin_addr.s_addr;
 888                }
 889                kfree(gsf);
 890                gsf = NULL;
 891
 892                err = ip_mc_msfilter(sk, msf, ifindex);
 893        mc_msf_out:
 894                kfree(msf);
 895                kfree(gsf);
 896                break;
 897        }
 898        case IP_ROUTER_ALERT:
 899                err = ip_ra_control(sk, val ? 1 : 0, NULL);
 900                break;
 901
 902        case IP_FREEBIND:
 903                if (optlen<1)
 904                        goto e_inval;
 905                inet->freebind = !!val;
 906                break;
 907
 908        case IP_IPSEC_POLICY:
 909        case IP_XFRM_POLICY:
 910                err = -EPERM;
 911                if (!capable(CAP_NET_ADMIN))
 912                        break;
 913                err = xfrm_user_policy(sk, optname, optval, optlen);
 914                break;
 915
 916        case IP_TRANSPARENT:
 917                if (!capable(CAP_NET_ADMIN)) {
 918                        err = -EPERM;
 919                        break;
 920                }
 921                if (optlen < 1)
 922                        goto e_inval;
 923                inet->transparent = !!val;
 924                break;
 925
 926        default:
 927                err = -ENOPROTOOPT;
 928                break;
 929        }
 930        release_sock(sk);
 931        return err;
 932
 933e_inval:
 934        release_sock(sk);
 935        return -EINVAL;
 936}
 937
 938int ip_setsockopt(struct sock *sk, int level,
 939                int optname, char __user *optval, int optlen)
 940{
 941        int err;
 942
 943        if (level != SOL_IP)
 944                return -ENOPROTOOPT;
 945
 946        err = do_ip_setsockopt(sk, level, optname, optval, optlen);
 947#ifdef CONFIG_NETFILTER
 948        /* we need to exclude all possible ENOPROTOOPTs except default case */
 949        if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
 950                        optname != IP_IPSEC_POLICY &&
 951                        optname != IP_XFRM_POLICY &&
 952                        !ip_mroute_opt(optname)) {
 953                lock_sock(sk);
 954                err = nf_setsockopt(sk, PF_INET, optname, optval, optlen);
 955                release_sock(sk);
 956        }
 957#endif
 958        return err;
 959}
 960
 961#ifdef CONFIG_COMPAT
 962int compat_ip_setsockopt(struct sock *sk, int level, int optname,
 963                         char __user *optval, int optlen)
 964{
 965        int err;
 966
 967        if (level != SOL_IP)
 968                return -ENOPROTOOPT;
 969
 970        if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
 971                return compat_mc_setsockopt(sk, level, optname, optval, optlen,
 972                        ip_setsockopt);
 973
 974        err = do_ip_setsockopt(sk, level, optname, optval, optlen);
 975#ifdef CONFIG_NETFILTER
 976        /* we need to exclude all possible ENOPROTOOPTs except default case */
 977        if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
 978                        optname != IP_IPSEC_POLICY &&
 979                        optname != IP_XFRM_POLICY &&
 980                        !ip_mroute_opt(optname)) {
 981                lock_sock(sk);
 982                err = compat_nf_setsockopt(sk, PF_INET, optname,
 983                                           optval, optlen);
 984                release_sock(sk);
 985        }
 986#endif
 987        return err;
 988}
 989
 990EXPORT_SYMBOL(compat_ip_setsockopt);
 991#endif
 992
 993/*
 994 *      Get the options. Note for future reference. The GET of IP options gets the
 995 *      _received_ ones. The set sets the _sent_ ones.
 996 */
 997
 998static int do_ip_getsockopt(struct sock *sk, int level, int optname,
 999                            char __user *optval, int __user *optlen)
1000{
1001        struct inet_sock *inet = inet_sk(sk);
1002        int val;
1003        int len;
1004
1005        if (level != SOL_IP)
1006                return -EOPNOTSUPP;
1007
1008        if (ip_mroute_opt(optname))
1009                return ip_mroute_getsockopt(sk, optname, optval, optlen);
1010
1011        if (get_user(len, optlen))
1012                return -EFAULT;
1013        if (len < 0)
1014                return -EINVAL;
1015
1016        lock_sock(sk);
1017
1018        switch (optname) {
1019        case IP_OPTIONS:
1020        {
1021                unsigned char optbuf[sizeof(struct ip_options)+40];
1022                struct ip_options * opt = (struct ip_options *)optbuf;
1023                opt->optlen = 0;
1024                if (inet->opt)
1025                        memcpy(optbuf, inet->opt,
1026                               sizeof(struct ip_options)+
1027                               inet->opt->optlen);
1028                release_sock(sk);
1029
1030                if (opt->optlen == 0)
1031                        return put_user(0, optlen);
1032
1033                ip_options_undo(opt);
1034
1035                len = min_t(unsigned int, len, opt->optlen);
1036                if (put_user(len, optlen))
1037                        return -EFAULT;
1038                if (copy_to_user(optval, opt->__data, len))
1039                        return -EFAULT;
1040                return 0;
1041        }
1042        case IP_PKTINFO:
1043                val = (inet->cmsg_flags & IP_CMSG_PKTINFO) != 0;
1044                break;
1045        case IP_RECVTTL:
1046                val = (inet->cmsg_flags & IP_CMSG_TTL) != 0;
1047                break;
1048        case IP_RECVTOS:
1049                val = (inet->cmsg_flags & IP_CMSG_TOS) != 0;
1050                break;
1051        case IP_RECVOPTS:
1052                val = (inet->cmsg_flags & IP_CMSG_RECVOPTS) != 0;
1053                break;
1054        case IP_RETOPTS:
1055                val = (inet->cmsg_flags & IP_CMSG_RETOPTS) != 0;
1056                break;
1057        case IP_PASSSEC:
1058                val = (inet->cmsg_flags & IP_CMSG_PASSSEC) != 0;
1059                break;
1060        case IP_RECVORIGDSTADDR:
1061                val = (inet->cmsg_flags & IP_CMSG_ORIGDSTADDR) != 0;
1062                break;
1063        case IP_TOS:
1064                val = inet->tos;
1065                break;
1066        case IP_TTL:
1067                val = (inet->uc_ttl == -1 ?
1068                       sysctl_ip_default_ttl :
1069                       inet->uc_ttl);
1070                break;
1071        case IP_HDRINCL:
1072                val = inet->hdrincl;
1073                break;
1074        case IP_MTU_DISCOVER:
1075                val = inet->pmtudisc;
1076                break;
1077        case IP_MTU:
1078        {
1079                struct dst_entry *dst;
1080                val = 0;
1081                dst = sk_dst_get(sk);
1082                if (dst) {
1083                        val = dst_mtu(dst);
1084                        dst_release(dst);
1085                }
1086                if (!val) {
1087                        release_sock(sk);
1088                        return -ENOTCONN;
1089                }
1090                break;
1091        }
1092        case IP_RECVERR:
1093                val = inet->recverr;
1094                break;
1095        case IP_MULTICAST_TTL:
1096                val = inet->mc_ttl;
1097                break;
1098        case IP_MULTICAST_LOOP:
1099                val = inet->mc_loop;
1100                break;
1101        case IP_MULTICAST_IF:
1102        {
1103                struct in_addr addr;
1104                len = min_t(unsigned int, len, sizeof(struct in_addr));
1105                addr.s_addr = inet->mc_addr;
1106                release_sock(sk);
1107
1108                if (put_user(len, optlen))
1109                        return -EFAULT;
1110                if (copy_to_user(optval, &addr, len))
1111                        return -EFAULT;
1112                return 0;
1113        }
1114        case IP_MSFILTER:
1115        {
1116                struct ip_msfilter msf;
1117                int err;
1118
1119                if (len < IP_MSFILTER_SIZE(0)) {
1120                        release_sock(sk);
1121                        return -EINVAL;
1122                }
1123                if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) {
1124                        release_sock(sk);
1125                        return -EFAULT;
1126                }
1127                err = ip_mc_msfget(sk, &msf,
1128                                   (struct ip_msfilter __user *)optval, optlen);
1129                release_sock(sk);
1130                return err;
1131        }
1132        case MCAST_MSFILTER:
1133        {
1134                struct group_filter gsf;
1135                int err;
1136
1137                if (len < GROUP_FILTER_SIZE(0)) {
1138                        release_sock(sk);
1139                        return -EINVAL;
1140                }
1141                if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) {
1142                        release_sock(sk);
1143                        return -EFAULT;
1144                }
1145                err = ip_mc_gsfget(sk, &gsf,
1146                                   (struct group_filter __user *)optval, optlen);
1147                release_sock(sk);
1148                return err;
1149        }
1150        case IP_PKTOPTIONS:
1151        {
1152                struct msghdr msg;
1153
1154                release_sock(sk);
1155
1156                if (sk->sk_type != SOCK_STREAM)
1157                        return -ENOPROTOOPT;
1158
1159                msg.msg_control = optval;
1160                msg.msg_controllen = len;
1161                msg.msg_flags = 0;
1162
1163                if (inet->cmsg_flags & IP_CMSG_PKTINFO) {
1164                        struct in_pktinfo info;
1165
1166                        info.ipi_addr.s_addr = inet->rcv_saddr;
1167                        info.ipi_spec_dst.s_addr = inet->rcv_saddr;
1168                        info.ipi_ifindex = inet->mc_index;
1169                        put_cmsg(&msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
1170                }
1171                if (inet->cmsg_flags & IP_CMSG_TTL) {
1172                        int hlim = inet->mc_ttl;
1173                        put_cmsg(&msg, SOL_IP, IP_TTL, sizeof(hlim), &hlim);
1174                }
1175                len -= msg.msg_controllen;
1176                return put_user(len, optlen);
1177        }
1178        case IP_FREEBIND:
1179                val = inet->freebind;
1180                break;
1181        case IP_TRANSPARENT:
1182                val = inet->transparent;
1183                break;
1184        default:
1185                release_sock(sk);
1186                return -ENOPROTOOPT;
1187        }
1188        release_sock(sk);
1189
1190        if (len < sizeof(int) && len > 0 && val>=0 && val<=255) {
1191                unsigned char ucval = (unsigned char)val;
1192                len = 1;
1193                if (put_user(len, optlen))
1194                        return -EFAULT;
1195                if (copy_to_user(optval, &ucval, 1))
1196                        return -EFAULT;
1197        } else {
1198                len = min_t(unsigned int, sizeof(int), len);
1199                if (put_user(len, optlen))
1200                        return -EFAULT;
1201                if (copy_to_user(optval, &val, len))
1202                        return -EFAULT;
1203        }
1204        return 0;
1205}
1206
1207int ip_getsockopt(struct sock *sk, int level,
1208                  int optname, char __user *optval, int __user *optlen)
1209{
1210        int err;
1211
1212        err = do_ip_getsockopt(sk, level, optname, optval, optlen);
1213#ifdef CONFIG_NETFILTER
1214        /* we need to exclude all possible ENOPROTOOPTs except default case */
1215        if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
1216                        !ip_mroute_opt(optname)) {
1217                int len;
1218
1219                if (get_user(len, optlen))
1220                        return -EFAULT;
1221
1222                lock_sock(sk);
1223                err = nf_getsockopt(sk, PF_INET, optname, optval,
1224                                &len);
1225                release_sock(sk);
1226                if (err >= 0)
1227                        err = put_user(len, optlen);
1228                return err;
1229        }
1230#endif
1231        return err;
1232}
1233
1234#ifdef CONFIG_COMPAT
1235int compat_ip_getsockopt(struct sock *sk, int level, int optname,
1236                         char __user *optval, int __user *optlen)
1237{
1238        int err;
1239
1240        if (optname == MCAST_MSFILTER)
1241                return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1242                        ip_getsockopt);
1243
1244        err = do_ip_getsockopt(sk, level, optname, optval, optlen);
1245
1246#ifdef CONFIG_NETFILTER
1247        /* we need to exclude all possible ENOPROTOOPTs except default case */
1248        if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
1249                        !ip_mroute_opt(optname)) {
1250                int len;
1251
1252                if (get_user(len, optlen))
1253                        return -EFAULT;
1254
1255                lock_sock(sk);
1256                err = compat_nf_getsockopt(sk, PF_INET, optname, optval, &len);
1257                release_sock(sk);
1258                if (err >= 0)
1259                        err = put_user(len, optlen);
1260                return err;
1261        }
1262#endif
1263        return err;
1264}
1265
1266EXPORT_SYMBOL(compat_ip_getsockopt);
1267#endif
1268
1269EXPORT_SYMBOL(ip_cmsg_recv);
1270
1271EXPORT_SYMBOL(ip_getsockopt);
1272EXPORT_SYMBOL(ip_setsockopt);
1273