Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * RAW sockets for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 *
9 * Adapted from linux/net/ipv4/raw.c
10 *
11 * Fixes:
12 * Hideaki YOSHIFUJI : sin6_scope_id support
13 * YOSHIFUJI,H.@USAGI : raw checksum (RFC2292(bis) compliance)
14 * Kazunori MIYAZAWA @USAGI: change process style to use ip6_append_data
15 */
16
17#include <linux/errno.h>
18#include <linux/types.h>
19#include <linux/socket.h>
20#include <linux/slab.h>
21#include <linux/sockios.h>
22#include <linux/net.h>
23#include <linux/in6.h>
24#include <linux/netdevice.h>
25#include <linux/if_arp.h>
26#include <linux/icmpv6.h>
27#include <linux/netfilter.h>
28#include <linux/netfilter_ipv6.h>
29#include <linux/skbuff.h>
30#include <linux/compat.h>
31#include <linux/uaccess.h>
32#include <asm/ioctls.h>
33
34#include <net/net_namespace.h>
35#include <net/ip.h>
36#include <net/sock.h>
37#include <net/snmp.h>
38
39#include <net/ipv6.h>
40#include <net/ndisc.h>
41#include <net/protocol.h>
42#include <net/ip6_route.h>
43#include <net/ip6_checksum.h>
44#include <net/addrconf.h>
45#include <net/transp_v6.h>
46#include <net/udp.h>
47#include <net/inet_common.h>
48#include <net/tcp_states.h>
49#if IS_ENABLED(CONFIG_IPV6_MIP6)
50#include <net/mip6.h>
51#endif
52#include <linux/mroute6.h>
53
54#include <net/raw.h>
55#include <net/rawv6.h>
56#include <net/xfrm.h>
57
58#include <linux/proc_fs.h>
59#include <linux/seq_file.h>
60#include <linux/export.h>
61
62#define ICMPV6_HDRLEN 4 /* ICMPv6 header, RFC 4443 Section 2.1 */
63
64struct raw_hashinfo raw_v6_hashinfo = {
65 .lock = __RW_LOCK_UNLOCKED(raw_v6_hashinfo.lock),
66};
67EXPORT_SYMBOL_GPL(raw_v6_hashinfo);
68
69struct sock *__raw_v6_lookup(struct net *net, struct sock *sk,
70 unsigned short num, const struct in6_addr *loc_addr,
71 const struct in6_addr *rmt_addr, int dif, int sdif)
72{
73 bool is_multicast = ipv6_addr_is_multicast(loc_addr);
74
75 sk_for_each_from(sk)
76 if (inet_sk(sk)->inet_num == num) {
77
78 if (!net_eq(sock_net(sk), net))
79 continue;
80
81 if (!ipv6_addr_any(&sk->sk_v6_daddr) &&
82 !ipv6_addr_equal(&sk->sk_v6_daddr, rmt_addr))
83 continue;
84
85 if (!raw_sk_bound_dev_eq(net, sk->sk_bound_dev_if,
86 dif, sdif))
87 continue;
88
89 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
90 if (ipv6_addr_equal(&sk->sk_v6_rcv_saddr, loc_addr))
91 goto found;
92 if (is_multicast &&
93 inet6_mc_check(sk, loc_addr, rmt_addr))
94 goto found;
95 continue;
96 }
97 goto found;
98 }
99 sk = NULL;
100found:
101 return sk;
102}
103EXPORT_SYMBOL_GPL(__raw_v6_lookup);
104
105/*
106 * 0 - deliver
107 * 1 - block
108 */
109static int icmpv6_filter(const struct sock *sk, const struct sk_buff *skb)
110{
111 struct icmp6hdr _hdr;
112 const struct icmp6hdr *hdr;
113
114 /* We require only the four bytes of the ICMPv6 header, not any
115 * additional bytes of message body in "struct icmp6hdr".
116 */
117 hdr = skb_header_pointer(skb, skb_transport_offset(skb),
118 ICMPV6_HDRLEN, &_hdr);
119 if (hdr) {
120 const __u32 *data = &raw6_sk(sk)->filter.data[0];
121 unsigned int type = hdr->icmp6_type;
122
123 return (data[type >> 5] & (1U << (type & 31))) != 0;
124 }
125 return 1;
126}
127
128#if IS_ENABLED(CONFIG_IPV6_MIP6)
129typedef int mh_filter_t(struct sock *sock, struct sk_buff *skb);
130
131static mh_filter_t __rcu *mh_filter __read_mostly;
132
133int rawv6_mh_filter_register(mh_filter_t filter)
134{
135 rcu_assign_pointer(mh_filter, filter);
136 return 0;
137}
138EXPORT_SYMBOL(rawv6_mh_filter_register);
139
140int rawv6_mh_filter_unregister(mh_filter_t filter)
141{
142 RCU_INIT_POINTER(mh_filter, NULL);
143 synchronize_rcu();
144 return 0;
145}
146EXPORT_SYMBOL(rawv6_mh_filter_unregister);
147
148#endif
149
150/*
151 * demultiplex raw sockets.
152 * (should consider queueing the skb in the sock receive_queue
153 * without calling rawv6.c)
154 *
155 * Caller owns SKB so we must make clones.
156 */
157static bool ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
158{
159 const struct in6_addr *saddr;
160 const struct in6_addr *daddr;
161 struct sock *sk;
162 bool delivered = false;
163 __u8 hash;
164 struct net *net;
165
166 saddr = &ipv6_hdr(skb)->saddr;
167 daddr = saddr + 1;
168
169 hash = nexthdr & (RAW_HTABLE_SIZE - 1);
170
171 read_lock(&raw_v6_hashinfo.lock);
172 sk = sk_head(&raw_v6_hashinfo.ht[hash]);
173
174 if (!sk)
175 goto out;
176
177 net = dev_net(skb->dev);
178 sk = __raw_v6_lookup(net, sk, nexthdr, daddr, saddr,
179 inet6_iif(skb), inet6_sdif(skb));
180
181 while (sk) {
182 int filtered;
183
184 delivered = true;
185 switch (nexthdr) {
186 case IPPROTO_ICMPV6:
187 filtered = icmpv6_filter(sk, skb);
188 break;
189
190#if IS_ENABLED(CONFIG_IPV6_MIP6)
191 case IPPROTO_MH:
192 {
193 /* XXX: To validate MH only once for each packet,
194 * this is placed here. It should be after checking
195 * xfrm policy, however it doesn't. The checking xfrm
196 * policy is placed in rawv6_rcv() because it is
197 * required for each socket.
198 */
199 mh_filter_t *filter;
200
201 filter = rcu_dereference(mh_filter);
202 filtered = filter ? (*filter)(sk, skb) : 0;
203 break;
204 }
205#endif
206 default:
207 filtered = 0;
208 break;
209 }
210
211 if (filtered < 0)
212 break;
213 if (filtered == 0) {
214 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC);
215
216 /* Not releasing hash table! */
217 if (clone) {
218 nf_reset_ct(clone);
219 rawv6_rcv(sk, clone);
220 }
221 }
222 sk = __raw_v6_lookup(net, sk_next(sk), nexthdr, daddr, saddr,
223 inet6_iif(skb), inet6_sdif(skb));
224 }
225out:
226 read_unlock(&raw_v6_hashinfo.lock);
227 return delivered;
228}
229
230bool raw6_local_deliver(struct sk_buff *skb, int nexthdr)
231{
232 struct sock *raw_sk;
233
234 raw_sk = sk_head(&raw_v6_hashinfo.ht[nexthdr & (RAW_HTABLE_SIZE - 1)]);
235 if (raw_sk && !ipv6_raw_deliver(skb, nexthdr))
236 raw_sk = NULL;
237
238 return raw_sk != NULL;
239}
240
241/* This cleans up af_inet6 a bit. -DaveM */
242static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
243{
244 struct inet_sock *inet = inet_sk(sk);
245 struct ipv6_pinfo *np = inet6_sk(sk);
246 struct sockaddr_in6 *addr = (struct sockaddr_in6 *) uaddr;
247 __be32 v4addr = 0;
248 int addr_type;
249 int err;
250
251 if (addr_len < SIN6_LEN_RFC2133)
252 return -EINVAL;
253
254 if (addr->sin6_family != AF_INET6)
255 return -EINVAL;
256
257 addr_type = ipv6_addr_type(&addr->sin6_addr);
258
259 /* Raw sockets are IPv6 only */
260 if (addr_type == IPV6_ADDR_MAPPED)
261 return -EADDRNOTAVAIL;
262
263 lock_sock(sk);
264
265 err = -EINVAL;
266 if (sk->sk_state != TCP_CLOSE)
267 goto out;
268
269 rcu_read_lock();
270 /* Check if the address belongs to the host. */
271 if (addr_type != IPV6_ADDR_ANY) {
272 struct net_device *dev = NULL;
273
274 if (__ipv6_addr_needs_scope_id(addr_type)) {
275 if (addr_len >= sizeof(struct sockaddr_in6) &&
276 addr->sin6_scope_id) {
277 /* Override any existing binding, if another
278 * one is supplied by user.
279 */
280 sk->sk_bound_dev_if = addr->sin6_scope_id;
281 }
282
283 /* Binding to link-local address requires an interface */
284 if (!sk->sk_bound_dev_if)
285 goto out_unlock;
286 }
287
288 if (sk->sk_bound_dev_if) {
289 err = -ENODEV;
290 dev = dev_get_by_index_rcu(sock_net(sk),
291 sk->sk_bound_dev_if);
292 if (!dev)
293 goto out_unlock;
294 }
295
296 /* ipv4 addr of the socket is invalid. Only the
297 * unspecified and mapped address have a v4 equivalent.
298 */
299 v4addr = LOOPBACK4_IPV6;
300 if (!(addr_type & IPV6_ADDR_MULTICAST) &&
301 !sock_net(sk)->ipv6.sysctl.ip_nonlocal_bind) {
302 err = -EADDRNOTAVAIL;
303 if (!ipv6_chk_addr(sock_net(sk), &addr->sin6_addr,
304 dev, 0)) {
305 goto out_unlock;
306 }
307 }
308 }
309
310 inet->inet_rcv_saddr = inet->inet_saddr = v4addr;
311 sk->sk_v6_rcv_saddr = addr->sin6_addr;
312 if (!(addr_type & IPV6_ADDR_MULTICAST))
313 np->saddr = addr->sin6_addr;
314 err = 0;
315out_unlock:
316 rcu_read_unlock();
317out:
318 release_sock(sk);
319 return err;
320}
321
322static void rawv6_err(struct sock *sk, struct sk_buff *skb,
323 struct inet6_skb_parm *opt,
324 u8 type, u8 code, int offset, __be32 info)
325{
326 struct inet_sock *inet = inet_sk(sk);
327 struct ipv6_pinfo *np = inet6_sk(sk);
328 int err;
329 int harderr;
330
331 /* Report error on raw socket, if:
332 1. User requested recverr.
333 2. Socket is connected (otherwise the error indication
334 is useless without recverr and error is hard.
335 */
336 if (!np->recverr && sk->sk_state != TCP_ESTABLISHED)
337 return;
338
339 harderr = icmpv6_err_convert(type, code, &err);
340 if (type == ICMPV6_PKT_TOOBIG) {
341 ip6_sk_update_pmtu(skb, sk, info);
342 harderr = (np->pmtudisc == IPV6_PMTUDISC_DO);
343 }
344 if (type == NDISC_REDIRECT) {
345 ip6_sk_redirect(skb, sk);
346 return;
347 }
348 if (np->recverr) {
349 u8 *payload = skb->data;
350 if (!inet->hdrincl)
351 payload += offset;
352 ipv6_icmp_error(sk, skb, err, 0, ntohl(info), payload);
353 }
354
355 if (np->recverr || harderr) {
356 sk->sk_err = err;
357 sk->sk_error_report(sk);
358 }
359}
360
361void raw6_icmp_error(struct sk_buff *skb, int nexthdr,
362 u8 type, u8 code, int inner_offset, __be32 info)
363{
364 struct sock *sk;
365 int hash;
366 const struct in6_addr *saddr, *daddr;
367 struct net *net;
368
369 hash = nexthdr & (RAW_HTABLE_SIZE - 1);
370
371 read_lock(&raw_v6_hashinfo.lock);
372 sk = sk_head(&raw_v6_hashinfo.ht[hash]);
373 if (sk) {
374 /* Note: ipv6_hdr(skb) != skb->data */
375 const struct ipv6hdr *ip6h = (const struct ipv6hdr *)skb->data;
376 saddr = &ip6h->saddr;
377 daddr = &ip6h->daddr;
378 net = dev_net(skb->dev);
379
380 while ((sk = __raw_v6_lookup(net, sk, nexthdr, saddr, daddr,
381 inet6_iif(skb), inet6_iif(skb)))) {
382 rawv6_err(sk, skb, NULL, type, code,
383 inner_offset, info);
384 sk = sk_next(sk);
385 }
386 }
387 read_unlock(&raw_v6_hashinfo.lock);
388}
389
390static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
391{
392 if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) &&
393 skb_checksum_complete(skb)) {
394 atomic_inc(&sk->sk_drops);
395 kfree_skb(skb);
396 return NET_RX_DROP;
397 }
398
399 /* Charge it to the socket. */
400 skb_dst_drop(skb);
401 if (sock_queue_rcv_skb(sk, skb) < 0) {
402 kfree_skb(skb);
403 return NET_RX_DROP;
404 }
405
406 return 0;
407}
408
409/*
410 * This is next to useless...
411 * if we demultiplex in network layer we don't need the extra call
412 * just to queue the skb...
413 * maybe we could have the network decide upon a hint if it
414 * should call raw_rcv for demultiplexing
415 */
416int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
417{
418 struct inet_sock *inet = inet_sk(sk);
419 struct raw6_sock *rp = raw6_sk(sk);
420
421 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
422 atomic_inc(&sk->sk_drops);
423 kfree_skb(skb);
424 return NET_RX_DROP;
425 }
426
427 if (!rp->checksum)
428 skb->ip_summed = CHECKSUM_UNNECESSARY;
429
430 if (skb->ip_summed == CHECKSUM_COMPLETE) {
431 skb_postpull_rcsum(skb, skb_network_header(skb),
432 skb_network_header_len(skb));
433 if (!csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
434 &ipv6_hdr(skb)->daddr,
435 skb->len, inet->inet_num, skb->csum))
436 skb->ip_summed = CHECKSUM_UNNECESSARY;
437 }
438 if (!skb_csum_unnecessary(skb))
439 skb->csum = ~csum_unfold(csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
440 &ipv6_hdr(skb)->daddr,
441 skb->len,
442 inet->inet_num, 0));
443
444 if (inet->hdrincl) {
445 if (skb_checksum_complete(skb)) {
446 atomic_inc(&sk->sk_drops);
447 kfree_skb(skb);
448 return NET_RX_DROP;
449 }
450 }
451
452 rawv6_rcv_skb(sk, skb);
453 return 0;
454}
455
456
457/*
458 * This should be easy, if there is something there
459 * we return it, otherwise we block.
460 */
461
462static int rawv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
463 int noblock, int flags, int *addr_len)
464{
465 struct ipv6_pinfo *np = inet6_sk(sk);
466 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name);
467 struct sk_buff *skb;
468 size_t copied;
469 int err;
470
471 if (flags & MSG_OOB)
472 return -EOPNOTSUPP;
473
474 if (flags & MSG_ERRQUEUE)
475 return ipv6_recv_error(sk, msg, len, addr_len);
476
477 if (np->rxpmtu && np->rxopt.bits.rxpmtu)
478 return ipv6_recv_rxpmtu(sk, msg, len, addr_len);
479
480 skb = skb_recv_datagram(sk, flags, noblock, &err);
481 if (!skb)
482 goto out;
483
484 copied = skb->len;
485 if (copied > len) {
486 copied = len;
487 msg->msg_flags |= MSG_TRUNC;
488 }
489
490 if (skb_csum_unnecessary(skb)) {
491 err = skb_copy_datagram_msg(skb, 0, msg, copied);
492 } else if (msg->msg_flags&MSG_TRUNC) {
493 if (__skb_checksum_complete(skb))
494 goto csum_copy_err;
495 err = skb_copy_datagram_msg(skb, 0, msg, copied);
496 } else {
497 err = skb_copy_and_csum_datagram_msg(skb, 0, msg);
498 if (err == -EINVAL)
499 goto csum_copy_err;
500 }
501 if (err)
502 goto out_free;
503
504 /* Copy the address. */
505 if (sin6) {
506 sin6->sin6_family = AF_INET6;
507 sin6->sin6_port = 0;
508 sin6->sin6_addr = ipv6_hdr(skb)->saddr;
509 sin6->sin6_flowinfo = 0;
510 sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr,
511 inet6_iif(skb));
512 *addr_len = sizeof(*sin6);
513 }
514
515 sock_recv_ts_and_drops(msg, sk, skb);
516
517 if (np->rxopt.all)
518 ip6_datagram_recv_ctl(sk, msg, skb);
519
520 err = copied;
521 if (flags & MSG_TRUNC)
522 err = skb->len;
523
524out_free:
525 skb_free_datagram(sk, skb);
526out:
527 return err;
528
529csum_copy_err:
530 skb_kill_datagram(sk, skb, flags);
531
532 /* Error for blocking case is chosen to masquerade
533 as some normal condition.
534 */
535 err = (flags&MSG_DONTWAIT) ? -EAGAIN : -EHOSTUNREACH;
536 goto out;
537}
538
539static int rawv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
540 struct raw6_sock *rp)
541{
542 struct sk_buff *skb;
543 int err = 0;
544 int offset;
545 int len;
546 int total_len;
547 __wsum tmp_csum;
548 __sum16 csum;
549
550 if (!rp->checksum)
551 goto send;
552
553 skb = skb_peek(&sk->sk_write_queue);
554 if (!skb)
555 goto out;
556
557 offset = rp->offset;
558 total_len = inet_sk(sk)->cork.base.length;
559 if (offset >= total_len - 1) {
560 err = -EINVAL;
561 ip6_flush_pending_frames(sk);
562 goto out;
563 }
564
565 /* should be check HW csum miyazawa */
566 if (skb_queue_len(&sk->sk_write_queue) == 1) {
567 /*
568 * Only one fragment on the socket.
569 */
570 tmp_csum = skb->csum;
571 } else {
572 struct sk_buff *csum_skb = NULL;
573 tmp_csum = 0;
574
575 skb_queue_walk(&sk->sk_write_queue, skb) {
576 tmp_csum = csum_add(tmp_csum, skb->csum);
577
578 if (csum_skb)
579 continue;
580
581 len = skb->len - skb_transport_offset(skb);
582 if (offset >= len) {
583 offset -= len;
584 continue;
585 }
586
587 csum_skb = skb;
588 }
589
590 skb = csum_skb;
591 }
592
593 offset += skb_transport_offset(skb);
594 err = skb_copy_bits(skb, offset, &csum, 2);
595 if (err < 0) {
596 ip6_flush_pending_frames(sk);
597 goto out;
598 }
599
600 /* in case cksum was not initialized */
601 if (unlikely(csum))
602 tmp_csum = csum_sub(tmp_csum, csum_unfold(csum));
603
604 csum = csum_ipv6_magic(&fl6->saddr, &fl6->daddr,
605 total_len, fl6->flowi6_proto, tmp_csum);
606
607 if (csum == 0 && fl6->flowi6_proto == IPPROTO_UDP)
608 csum = CSUM_MANGLED_0;
609
610 BUG_ON(skb_store_bits(skb, offset, &csum, 2));
611
612send:
613 err = ip6_push_pending_frames(sk);
614out:
615 return err;
616}
617
618static int rawv6_send_hdrinc(struct sock *sk, struct msghdr *msg, int length,
619 struct flowi6 *fl6, struct dst_entry **dstp,
620 unsigned int flags, const struct sockcm_cookie *sockc)
621{
622 struct ipv6_pinfo *np = inet6_sk(sk);
623 struct net *net = sock_net(sk);
624 struct ipv6hdr *iph;
625 struct sk_buff *skb;
626 int err;
627 struct rt6_info *rt = (struct rt6_info *)*dstp;
628 int hlen = LL_RESERVED_SPACE(rt->dst.dev);
629 int tlen = rt->dst.dev->needed_tailroom;
630
631 if (length > rt->dst.dev->mtu) {
632 ipv6_local_error(sk, EMSGSIZE, fl6, rt->dst.dev->mtu);
633 return -EMSGSIZE;
634 }
635 if (length < sizeof(struct ipv6hdr))
636 return -EINVAL;
637 if (flags&MSG_PROBE)
638 goto out;
639
640 skb = sock_alloc_send_skb(sk,
641 length + hlen + tlen + 15,
642 flags & MSG_DONTWAIT, &err);
643 if (!skb)
644 goto error;
645 skb_reserve(skb, hlen);
646
647 skb->protocol = htons(ETH_P_IPV6);
648 skb->priority = sk->sk_priority;
649 skb->mark = sockc->mark;
650 skb->tstamp = sockc->transmit_time;
651
652 skb_put(skb, length);
653 skb_reset_network_header(skb);
654 iph = ipv6_hdr(skb);
655
656 skb->ip_summed = CHECKSUM_NONE;
657
658 skb_setup_tx_timestamp(skb, sockc->tsflags);
659
660 if (flags & MSG_CONFIRM)
661 skb_set_dst_pending_confirm(skb, 1);
662
663 skb->transport_header = skb->network_header;
664 err = memcpy_from_msg(iph, msg, length);
665 if (err) {
666 err = -EFAULT;
667 kfree_skb(skb);
668 goto error;
669 }
670
671 skb_dst_set(skb, &rt->dst);
672 *dstp = NULL;
673
674 /* if egress device is enslaved to an L3 master device pass the
675 * skb to its handler for processing
676 */
677 skb = l3mdev_ip6_out(sk, skb);
678 if (unlikely(!skb))
679 return 0;
680
681 /* Acquire rcu_read_lock() in case we need to use rt->rt6i_idev
682 * in the error path. Since skb has been freed, the dst could
683 * have been queued for deletion.
684 */
685 rcu_read_lock();
686 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
687 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, sk, skb,
688 NULL, rt->dst.dev, dst_output);
689 if (err > 0)
690 err = net_xmit_errno(err);
691 if (err) {
692 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
693 rcu_read_unlock();
694 goto error_check;
695 }
696 rcu_read_unlock();
697out:
698 return 0;
699
700error:
701 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
702error_check:
703 if (err == -ENOBUFS && !np->recverr)
704 err = 0;
705 return err;
706}
707
708struct raw6_frag_vec {
709 struct msghdr *msg;
710 int hlen;
711 char c[4];
712};
713
714static int rawv6_probe_proto_opt(struct raw6_frag_vec *rfv, struct flowi6 *fl6)
715{
716 int err = 0;
717 switch (fl6->flowi6_proto) {
718 case IPPROTO_ICMPV6:
719 rfv->hlen = 2;
720 err = memcpy_from_msg(rfv->c, rfv->msg, rfv->hlen);
721 if (!err) {
722 fl6->fl6_icmp_type = rfv->c[0];
723 fl6->fl6_icmp_code = rfv->c[1];
724 }
725 break;
726 case IPPROTO_MH:
727 rfv->hlen = 4;
728 err = memcpy_from_msg(rfv->c, rfv->msg, rfv->hlen);
729 if (!err)
730 fl6->fl6_mh_type = rfv->c[2];
731 }
732 return err;
733}
734
735static int raw6_getfrag(void *from, char *to, int offset, int len, int odd,
736 struct sk_buff *skb)
737{
738 struct raw6_frag_vec *rfv = from;
739
740 if (offset < rfv->hlen) {
741 int copy = min(rfv->hlen - offset, len);
742
743 if (skb->ip_summed == CHECKSUM_PARTIAL)
744 memcpy(to, rfv->c + offset, copy);
745 else
746 skb->csum = csum_block_add(
747 skb->csum,
748 csum_partial_copy_nocheck(rfv->c + offset,
749 to, copy, 0),
750 odd);
751
752 odd = 0;
753 offset += copy;
754 to += copy;
755 len -= copy;
756
757 if (!len)
758 return 0;
759 }
760
761 offset -= rfv->hlen;
762
763 return ip_generic_getfrag(rfv->msg, to, offset, len, odd, skb);
764}
765
766static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
767{
768 struct ipv6_txoptions *opt_to_free = NULL;
769 struct ipv6_txoptions opt_space;
770 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name);
771 struct in6_addr *daddr, *final_p, final;
772 struct inet_sock *inet = inet_sk(sk);
773 struct ipv6_pinfo *np = inet6_sk(sk);
774 struct raw6_sock *rp = raw6_sk(sk);
775 struct ipv6_txoptions *opt = NULL;
776 struct ip6_flowlabel *flowlabel = NULL;
777 struct dst_entry *dst = NULL;
778 struct raw6_frag_vec rfv;
779 struct flowi6 fl6;
780 struct ipcm6_cookie ipc6;
781 int addr_len = msg->msg_namelen;
782 int hdrincl;
783 u16 proto;
784 int err;
785
786 /* Rough check on arithmetic overflow,
787 better check is made in ip6_append_data().
788 */
789 if (len > INT_MAX)
790 return -EMSGSIZE;
791
792 /* Mirror BSD error message compatibility */
793 if (msg->msg_flags & MSG_OOB)
794 return -EOPNOTSUPP;
795
796 /* hdrincl should be READ_ONCE(inet->hdrincl)
797 * but READ_ONCE() doesn't work with bit fields.
798 * Doing this indirectly yields the same result.
799 */
800 hdrincl = inet->hdrincl;
801 hdrincl = READ_ONCE(hdrincl);
802
803 /*
804 * Get and verify the address.
805 */
806 memset(&fl6, 0, sizeof(fl6));
807
808 fl6.flowi6_mark = sk->sk_mark;
809 fl6.flowi6_uid = sk->sk_uid;
810
811 ipcm6_init(&ipc6);
812 ipc6.sockc.tsflags = sk->sk_tsflags;
813 ipc6.sockc.mark = sk->sk_mark;
814
815 if (sin6) {
816 if (addr_len < SIN6_LEN_RFC2133)
817 return -EINVAL;
818
819 if (sin6->sin6_family && sin6->sin6_family != AF_INET6)
820 return -EAFNOSUPPORT;
821
822 /* port is the proto value [0..255] carried in nexthdr */
823 proto = ntohs(sin6->sin6_port);
824
825 if (!proto)
826 proto = inet->inet_num;
827 else if (proto != inet->inet_num)
828 return -EINVAL;
829
830 if (proto > 255)
831 return -EINVAL;
832
833 daddr = &sin6->sin6_addr;
834 if (np->sndflow) {
835 fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK;
836 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
837 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
838 if (IS_ERR(flowlabel))
839 return -EINVAL;
840 }
841 }
842
843 /*
844 * Otherwise it will be difficult to maintain
845 * sk->sk_dst_cache.
846 */
847 if (sk->sk_state == TCP_ESTABLISHED &&
848 ipv6_addr_equal(daddr, &sk->sk_v6_daddr))
849 daddr = &sk->sk_v6_daddr;
850
851 if (addr_len >= sizeof(struct sockaddr_in6) &&
852 sin6->sin6_scope_id &&
853 __ipv6_addr_needs_scope_id(__ipv6_addr_type(daddr)))
854 fl6.flowi6_oif = sin6->sin6_scope_id;
855 } else {
856 if (sk->sk_state != TCP_ESTABLISHED)
857 return -EDESTADDRREQ;
858
859 proto = inet->inet_num;
860 daddr = &sk->sk_v6_daddr;
861 fl6.flowlabel = np->flow_label;
862 }
863
864 if (fl6.flowi6_oif == 0)
865 fl6.flowi6_oif = sk->sk_bound_dev_if;
866
867 if (msg->msg_controllen) {
868 opt = &opt_space;
869 memset(opt, 0, sizeof(struct ipv6_txoptions));
870 opt->tot_len = sizeof(struct ipv6_txoptions);
871 ipc6.opt = opt;
872
873 err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, &ipc6);
874 if (err < 0) {
875 fl6_sock_release(flowlabel);
876 return err;
877 }
878 if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) {
879 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
880 if (IS_ERR(flowlabel))
881 return -EINVAL;
882 }
883 if (!(opt->opt_nflen|opt->opt_flen))
884 opt = NULL;
885 }
886 if (!opt) {
887 opt = txopt_get(np);
888 opt_to_free = opt;
889 }
890 if (flowlabel)
891 opt = fl6_merge_options(&opt_space, flowlabel, opt);
892 opt = ipv6_fixup_options(&opt_space, opt);
893
894 fl6.flowi6_proto = proto;
895 fl6.flowi6_mark = ipc6.sockc.mark;
896
897 if (!hdrincl) {
898 rfv.msg = msg;
899 rfv.hlen = 0;
900 err = rawv6_probe_proto_opt(&rfv, &fl6);
901 if (err)
902 goto out;
903 }
904
905 if (!ipv6_addr_any(daddr))
906 fl6.daddr = *daddr;
907 else
908 fl6.daddr.s6_addr[15] = 0x1; /* :: means loopback (BSD'ism) */
909 if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr))
910 fl6.saddr = np->saddr;
911
912 final_p = fl6_update_dst(&fl6, opt, &final);
913
914 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
915 fl6.flowi6_oif = np->mcast_oif;
916 else if (!fl6.flowi6_oif)
917 fl6.flowi6_oif = np->ucast_oif;
918 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
919
920 if (hdrincl)
921 fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH;
922
923 if (ipc6.tclass < 0)
924 ipc6.tclass = np->tclass;
925
926 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
927
928 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
929 if (IS_ERR(dst)) {
930 err = PTR_ERR(dst);
931 goto out;
932 }
933 if (ipc6.hlimit < 0)
934 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
935
936 if (ipc6.dontfrag < 0)
937 ipc6.dontfrag = np->dontfrag;
938
939 if (msg->msg_flags&MSG_CONFIRM)
940 goto do_confirm;
941
942back_from_confirm:
943 if (hdrincl)
944 err = rawv6_send_hdrinc(sk, msg, len, &fl6, &dst,
945 msg->msg_flags, &ipc6.sockc);
946 else {
947 ipc6.opt = opt;
948 lock_sock(sk);
949 err = ip6_append_data(sk, raw6_getfrag, &rfv,
950 len, 0, &ipc6, &fl6, (struct rt6_info *)dst,
951 msg->msg_flags);
952
953 if (err)
954 ip6_flush_pending_frames(sk);
955 else if (!(msg->msg_flags & MSG_MORE))
956 err = rawv6_push_pending_frames(sk, &fl6, rp);
957 release_sock(sk);
958 }
959done:
960 dst_release(dst);
961out:
962 fl6_sock_release(flowlabel);
963 txopt_put(opt_to_free);
964 return err < 0 ? err : len;
965do_confirm:
966 if (msg->msg_flags & MSG_PROBE)
967 dst_confirm_neigh(dst, &fl6.daddr);
968 if (!(msg->msg_flags & MSG_PROBE) || len)
969 goto back_from_confirm;
970 err = 0;
971 goto done;
972}
973
974static int rawv6_seticmpfilter(struct sock *sk, int level, int optname,
975 sockptr_t optval, int optlen)
976{
977 switch (optname) {
978 case ICMPV6_FILTER:
979 if (optlen > sizeof(struct icmp6_filter))
980 optlen = sizeof(struct icmp6_filter);
981 if (copy_from_sockptr(&raw6_sk(sk)->filter, optval, optlen))
982 return -EFAULT;
983 return 0;
984 default:
985 return -ENOPROTOOPT;
986 }
987
988 return 0;
989}
990
991static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
992 char __user *optval, int __user *optlen)
993{
994 int len;
995
996 switch (optname) {
997 case ICMPV6_FILTER:
998 if (get_user(len, optlen))
999 return -EFAULT;
1000 if (len < 0)
1001 return -EINVAL;
1002 if (len > sizeof(struct icmp6_filter))
1003 len = sizeof(struct icmp6_filter);
1004 if (put_user(len, optlen))
1005 return -EFAULT;
1006 if (copy_to_user(optval, &raw6_sk(sk)->filter, len))
1007 return -EFAULT;
1008 return 0;
1009 default:
1010 return -ENOPROTOOPT;
1011 }
1012
1013 return 0;
1014}
1015
1016
1017static int do_rawv6_setsockopt(struct sock *sk, int level, int optname,
1018 sockptr_t optval, unsigned int optlen)
1019{
1020 struct raw6_sock *rp = raw6_sk(sk);
1021 int val;
1022
1023 if (copy_from_sockptr(&val, optval, sizeof(val)))
1024 return -EFAULT;
1025
1026 switch (optname) {
1027 case IPV6_HDRINCL:
1028 if (sk->sk_type != SOCK_RAW)
1029 return -EINVAL;
1030 inet_sk(sk)->hdrincl = !!val;
1031 return 0;
1032 case IPV6_CHECKSUM:
1033 if (inet_sk(sk)->inet_num == IPPROTO_ICMPV6 &&
1034 level == IPPROTO_IPV6) {
1035 /*
1036 * RFC3542 tells that IPV6_CHECKSUM socket
1037 * option in the IPPROTO_IPV6 level is not
1038 * allowed on ICMPv6 sockets.
1039 * If you want to set it, use IPPROTO_RAW
1040 * level IPV6_CHECKSUM socket option
1041 * (Linux extension).
1042 */
1043 return -EINVAL;
1044 }
1045
1046 /* You may get strange result with a positive odd offset;
1047 RFC2292bis agrees with me. */
1048 if (val > 0 && (val&1))
1049 return -EINVAL;
1050 if (val < 0) {
1051 rp->checksum = 0;
1052 } else {
1053 rp->checksum = 1;
1054 rp->offset = val;
1055 }
1056
1057 return 0;
1058
1059 default:
1060 return -ENOPROTOOPT;
1061 }
1062}
1063
1064static int rawv6_setsockopt(struct sock *sk, int level, int optname,
1065 sockptr_t optval, unsigned int optlen)
1066{
1067 switch (level) {
1068 case SOL_RAW:
1069 break;
1070
1071 case SOL_ICMPV6:
1072 if (inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1073 return -EOPNOTSUPP;
1074 return rawv6_seticmpfilter(sk, level, optname, optval, optlen);
1075 case SOL_IPV6:
1076 if (optname == IPV6_CHECKSUM ||
1077 optname == IPV6_HDRINCL)
1078 break;
1079 fallthrough;
1080 default:
1081 return ipv6_setsockopt(sk, level, optname, optval, optlen);
1082 }
1083
1084 return do_rawv6_setsockopt(sk, level, optname, optval, optlen);
1085}
1086
1087static int do_rawv6_getsockopt(struct sock *sk, int level, int optname,
1088 char __user *optval, int __user *optlen)
1089{
1090 struct raw6_sock *rp = raw6_sk(sk);
1091 int val, len;
1092
1093 if (get_user(len, optlen))
1094 return -EFAULT;
1095
1096 switch (optname) {
1097 case IPV6_HDRINCL:
1098 val = inet_sk(sk)->hdrincl;
1099 break;
1100 case IPV6_CHECKSUM:
1101 /*
1102 * We allow getsockopt() for IPPROTO_IPV6-level
1103 * IPV6_CHECKSUM socket option on ICMPv6 sockets
1104 * since RFC3542 is silent about it.
1105 */
1106 if (rp->checksum == 0)
1107 val = -1;
1108 else
1109 val = rp->offset;
1110 break;
1111
1112 default:
1113 return -ENOPROTOOPT;
1114 }
1115
1116 len = min_t(unsigned int, sizeof(int), len);
1117
1118 if (put_user(len, optlen))
1119 return -EFAULT;
1120 if (copy_to_user(optval, &val, len))
1121 return -EFAULT;
1122 return 0;
1123}
1124
1125static int rawv6_getsockopt(struct sock *sk, int level, int optname,
1126 char __user *optval, int __user *optlen)
1127{
1128 switch (level) {
1129 case SOL_RAW:
1130 break;
1131
1132 case SOL_ICMPV6:
1133 if (inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1134 return -EOPNOTSUPP;
1135 return rawv6_geticmpfilter(sk, level, optname, optval, optlen);
1136 case SOL_IPV6:
1137 if (optname == IPV6_CHECKSUM ||
1138 optname == IPV6_HDRINCL)
1139 break;
1140 fallthrough;
1141 default:
1142 return ipv6_getsockopt(sk, level, optname, optval, optlen);
1143 }
1144
1145 return do_rawv6_getsockopt(sk, level, optname, optval, optlen);
1146}
1147
1148static int rawv6_ioctl(struct sock *sk, int cmd, unsigned long arg)
1149{
1150 switch (cmd) {
1151 case SIOCOUTQ: {
1152 int amount = sk_wmem_alloc_get(sk);
1153
1154 return put_user(amount, (int __user *)arg);
1155 }
1156 case SIOCINQ: {
1157 struct sk_buff *skb;
1158 int amount = 0;
1159
1160 spin_lock_bh(&sk->sk_receive_queue.lock);
1161 skb = skb_peek(&sk->sk_receive_queue);
1162 if (skb)
1163 amount = skb->len;
1164 spin_unlock_bh(&sk->sk_receive_queue.lock);
1165 return put_user(amount, (int __user *)arg);
1166 }
1167
1168 default:
1169#ifdef CONFIG_IPV6_MROUTE
1170 return ip6mr_ioctl(sk, cmd, (void __user *)arg);
1171#else
1172 return -ENOIOCTLCMD;
1173#endif
1174 }
1175}
1176
1177#ifdef CONFIG_COMPAT
1178static int compat_rawv6_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
1179{
1180 switch (cmd) {
1181 case SIOCOUTQ:
1182 case SIOCINQ:
1183 return -ENOIOCTLCMD;
1184 default:
1185#ifdef CONFIG_IPV6_MROUTE
1186 return ip6mr_compat_ioctl(sk, cmd, compat_ptr(arg));
1187#else
1188 return -ENOIOCTLCMD;
1189#endif
1190 }
1191}
1192#endif
1193
1194static void rawv6_close(struct sock *sk, long timeout)
1195{
1196 if (inet_sk(sk)->inet_num == IPPROTO_RAW)
1197 ip6_ra_control(sk, -1);
1198 ip6mr_sk_done(sk);
1199 sk_common_release(sk);
1200}
1201
1202static void raw6_destroy(struct sock *sk)
1203{
1204 lock_sock(sk);
1205 ip6_flush_pending_frames(sk);
1206 release_sock(sk);
1207
1208 inet6_destroy_sock(sk);
1209}
1210
1211static int rawv6_init_sk(struct sock *sk)
1212{
1213 struct raw6_sock *rp = raw6_sk(sk);
1214
1215 switch (inet_sk(sk)->inet_num) {
1216 case IPPROTO_ICMPV6:
1217 rp->checksum = 1;
1218 rp->offset = 2;
1219 break;
1220 case IPPROTO_MH:
1221 rp->checksum = 1;
1222 rp->offset = 4;
1223 break;
1224 default:
1225 break;
1226 }
1227 return 0;
1228}
1229
1230struct proto rawv6_prot = {
1231 .name = "RAWv6",
1232 .owner = THIS_MODULE,
1233 .close = rawv6_close,
1234 .destroy = raw6_destroy,
1235 .connect = ip6_datagram_connect_v6_only,
1236 .disconnect = __udp_disconnect,
1237 .ioctl = rawv6_ioctl,
1238 .init = rawv6_init_sk,
1239 .setsockopt = rawv6_setsockopt,
1240 .getsockopt = rawv6_getsockopt,
1241 .sendmsg = rawv6_sendmsg,
1242 .recvmsg = rawv6_recvmsg,
1243 .bind = rawv6_bind,
1244 .backlog_rcv = rawv6_rcv_skb,
1245 .hash = raw_hash_sk,
1246 .unhash = raw_unhash_sk,
1247 .obj_size = sizeof(struct raw6_sock),
1248 .useroffset = offsetof(struct raw6_sock, filter),
1249 .usersize = sizeof_field(struct raw6_sock, filter),
1250 .h.raw_hash = &raw_v6_hashinfo,
1251#ifdef CONFIG_COMPAT
1252 .compat_ioctl = compat_rawv6_ioctl,
1253#endif
1254 .diag_destroy = raw_abort,
1255};
1256
1257#ifdef CONFIG_PROC_FS
1258static int raw6_seq_show(struct seq_file *seq, void *v)
1259{
1260 if (v == SEQ_START_TOKEN) {
1261 seq_puts(seq, IPV6_SEQ_DGRAM_HEADER);
1262 } else {
1263 struct sock *sp = v;
1264 __u16 srcp = inet_sk(sp)->inet_num;
1265 ip6_dgram_sock_seq_show(seq, v, srcp, 0,
1266 raw_seq_private(seq)->bucket);
1267 }
1268 return 0;
1269}
1270
1271static const struct seq_operations raw6_seq_ops = {
1272 .start = raw_seq_start,
1273 .next = raw_seq_next,
1274 .stop = raw_seq_stop,
1275 .show = raw6_seq_show,
1276};
1277
1278static int __net_init raw6_init_net(struct net *net)
1279{
1280 if (!proc_create_net_data("raw6", 0444, net->proc_net, &raw6_seq_ops,
1281 sizeof(struct raw_iter_state), &raw_v6_hashinfo))
1282 return -ENOMEM;
1283
1284 return 0;
1285}
1286
1287static void __net_exit raw6_exit_net(struct net *net)
1288{
1289 remove_proc_entry("raw6", net->proc_net);
1290}
1291
1292static struct pernet_operations raw6_net_ops = {
1293 .init = raw6_init_net,
1294 .exit = raw6_exit_net,
1295};
1296
1297int __init raw6_proc_init(void)
1298{
1299 return register_pernet_subsys(&raw6_net_ops);
1300}
1301
1302void raw6_proc_exit(void)
1303{
1304 unregister_pernet_subsys(&raw6_net_ops);
1305}
1306#endif /* CONFIG_PROC_FS */
1307
1308/* Same as inet6_dgram_ops, sans udp_poll. */
1309const struct proto_ops inet6_sockraw_ops = {
1310 .family = PF_INET6,
1311 .owner = THIS_MODULE,
1312 .release = inet6_release,
1313 .bind = inet6_bind,
1314 .connect = inet_dgram_connect, /* ok */
1315 .socketpair = sock_no_socketpair, /* a do nothing */
1316 .accept = sock_no_accept, /* a do nothing */
1317 .getname = inet6_getname,
1318 .poll = datagram_poll, /* ok */
1319 .ioctl = inet6_ioctl, /* must change */
1320 .gettstamp = sock_gettstamp,
1321 .listen = sock_no_listen, /* ok */
1322 .shutdown = inet_shutdown, /* ok */
1323 .setsockopt = sock_common_setsockopt, /* ok */
1324 .getsockopt = sock_common_getsockopt, /* ok */
1325 .sendmsg = inet_sendmsg, /* ok */
1326 .recvmsg = sock_common_recvmsg, /* ok */
1327 .mmap = sock_no_mmap,
1328 .sendpage = sock_no_sendpage,
1329#ifdef CONFIG_COMPAT
1330 .compat_ioctl = inet6_compat_ioctl,
1331#endif
1332};
1333
1334static struct inet_protosw rawv6_protosw = {
1335 .type = SOCK_RAW,
1336 .protocol = IPPROTO_IP, /* wild card */
1337 .prot = &rawv6_prot,
1338 .ops = &inet6_sockraw_ops,
1339 .flags = INET_PROTOSW_REUSE,
1340};
1341
1342int __init rawv6_init(void)
1343{
1344 return inet6_register_protosw(&rawv6_protosw);
1345}
1346
1347void rawv6_exit(void)
1348{
1349 inet6_unregister_protosw(&rawv6_protosw);
1350}
1/*
2 * RAW sockets for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Adapted from linux/net/ipv4/raw.c
9 *
10 * Fixes:
11 * Hideaki YOSHIFUJI : sin6_scope_id support
12 * YOSHIFUJI,H.@USAGI : raw checksum (RFC2292(bis) compliance)
13 * Kazunori MIYAZAWA @USAGI: change process style to use ip6_append_data
14 *
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version
18 * 2 of the License, or (at your option) any later version.
19 */
20
21#include <linux/errno.h>
22#include <linux/types.h>
23#include <linux/socket.h>
24#include <linux/slab.h>
25#include <linux/sockios.h>
26#include <linux/net.h>
27#include <linux/in6.h>
28#include <linux/netdevice.h>
29#include <linux/if_arp.h>
30#include <linux/icmpv6.h>
31#include <linux/netfilter.h>
32#include <linux/netfilter_ipv6.h>
33#include <linux/skbuff.h>
34#include <linux/compat.h>
35#include <linux/uaccess.h>
36#include <asm/ioctls.h>
37
38#include <net/net_namespace.h>
39#include <net/ip.h>
40#include <net/sock.h>
41#include <net/snmp.h>
42
43#include <net/ipv6.h>
44#include <net/ndisc.h>
45#include <net/protocol.h>
46#include <net/ip6_route.h>
47#include <net/ip6_checksum.h>
48#include <net/addrconf.h>
49#include <net/transp_v6.h>
50#include <net/udp.h>
51#include <net/inet_common.h>
52#include <net/tcp_states.h>
53#if IS_ENABLED(CONFIG_IPV6_MIP6)
54#include <net/mip6.h>
55#endif
56#include <linux/mroute6.h>
57
58#include <net/raw.h>
59#include <net/rawv6.h>
60#include <net/xfrm.h>
61
62#include <linux/proc_fs.h>
63#include <linux/seq_file.h>
64#include <linux/export.h>
65
66#define ICMPV6_HDRLEN 4 /* ICMPv6 header, RFC 4443 Section 2.1 */
67
68struct raw_hashinfo raw_v6_hashinfo = {
69 .lock = __RW_LOCK_UNLOCKED(raw_v6_hashinfo.lock),
70};
71EXPORT_SYMBOL_GPL(raw_v6_hashinfo);
72
73struct sock *__raw_v6_lookup(struct net *net, struct sock *sk,
74 unsigned short num, const struct in6_addr *loc_addr,
75 const struct in6_addr *rmt_addr, int dif)
76{
77 bool is_multicast = ipv6_addr_is_multicast(loc_addr);
78
79 sk_for_each_from(sk)
80 if (inet_sk(sk)->inet_num == num) {
81
82 if (!net_eq(sock_net(sk), net))
83 continue;
84
85 if (!ipv6_addr_any(&sk->sk_v6_daddr) &&
86 !ipv6_addr_equal(&sk->sk_v6_daddr, rmt_addr))
87 continue;
88
89 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
90 continue;
91
92 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
93 if (ipv6_addr_equal(&sk->sk_v6_rcv_saddr, loc_addr))
94 goto found;
95 if (is_multicast &&
96 inet6_mc_check(sk, loc_addr, rmt_addr))
97 goto found;
98 continue;
99 }
100 goto found;
101 }
102 sk = NULL;
103found:
104 return sk;
105}
106EXPORT_SYMBOL_GPL(__raw_v6_lookup);
107
108/*
109 * 0 - deliver
110 * 1 - block
111 */
112static int icmpv6_filter(const struct sock *sk, const struct sk_buff *skb)
113{
114 struct icmp6hdr _hdr;
115 const struct icmp6hdr *hdr;
116
117 /* We require only the four bytes of the ICMPv6 header, not any
118 * additional bytes of message body in "struct icmp6hdr".
119 */
120 hdr = skb_header_pointer(skb, skb_transport_offset(skb),
121 ICMPV6_HDRLEN, &_hdr);
122 if (hdr) {
123 const __u32 *data = &raw6_sk(sk)->filter.data[0];
124 unsigned int type = hdr->icmp6_type;
125
126 return (data[type >> 5] & (1U << (type & 31))) != 0;
127 }
128 return 1;
129}
130
131#if IS_ENABLED(CONFIG_IPV6_MIP6)
132typedef int mh_filter_t(struct sock *sock, struct sk_buff *skb);
133
134static mh_filter_t __rcu *mh_filter __read_mostly;
135
136int rawv6_mh_filter_register(mh_filter_t filter)
137{
138 rcu_assign_pointer(mh_filter, filter);
139 return 0;
140}
141EXPORT_SYMBOL(rawv6_mh_filter_register);
142
143int rawv6_mh_filter_unregister(mh_filter_t filter)
144{
145 RCU_INIT_POINTER(mh_filter, NULL);
146 synchronize_rcu();
147 return 0;
148}
149EXPORT_SYMBOL(rawv6_mh_filter_unregister);
150
151#endif
152
153/*
154 * demultiplex raw sockets.
155 * (should consider queueing the skb in the sock receive_queue
156 * without calling rawv6.c)
157 *
158 * Caller owns SKB so we must make clones.
159 */
160static bool ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
161{
162 const struct in6_addr *saddr;
163 const struct in6_addr *daddr;
164 struct sock *sk;
165 bool delivered = false;
166 __u8 hash;
167 struct net *net;
168
169 saddr = &ipv6_hdr(skb)->saddr;
170 daddr = saddr + 1;
171
172 hash = nexthdr & (RAW_HTABLE_SIZE - 1);
173
174 read_lock(&raw_v6_hashinfo.lock);
175 sk = sk_head(&raw_v6_hashinfo.ht[hash]);
176
177 if (!sk)
178 goto out;
179
180 net = dev_net(skb->dev);
181 sk = __raw_v6_lookup(net, sk, nexthdr, daddr, saddr, inet6_iif(skb));
182
183 while (sk) {
184 int filtered;
185
186 delivered = true;
187 switch (nexthdr) {
188 case IPPROTO_ICMPV6:
189 filtered = icmpv6_filter(sk, skb);
190 break;
191
192#if IS_ENABLED(CONFIG_IPV6_MIP6)
193 case IPPROTO_MH:
194 {
195 /* XXX: To validate MH only once for each packet,
196 * this is placed here. It should be after checking
197 * xfrm policy, however it doesn't. The checking xfrm
198 * policy is placed in rawv6_rcv() because it is
199 * required for each socket.
200 */
201 mh_filter_t *filter;
202
203 filter = rcu_dereference(mh_filter);
204 filtered = filter ? (*filter)(sk, skb) : 0;
205 break;
206 }
207#endif
208 default:
209 filtered = 0;
210 break;
211 }
212
213 if (filtered < 0)
214 break;
215 if (filtered == 0) {
216 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC);
217
218 /* Not releasing hash table! */
219 if (clone) {
220 nf_reset(clone);
221 rawv6_rcv(sk, clone);
222 }
223 }
224 sk = __raw_v6_lookup(net, sk_next(sk), nexthdr, daddr, saddr,
225 inet6_iif(skb));
226 }
227out:
228 read_unlock(&raw_v6_hashinfo.lock);
229 return delivered;
230}
231
232bool raw6_local_deliver(struct sk_buff *skb, int nexthdr)
233{
234 struct sock *raw_sk;
235
236 raw_sk = sk_head(&raw_v6_hashinfo.ht[nexthdr & (RAW_HTABLE_SIZE - 1)]);
237 if (raw_sk && !ipv6_raw_deliver(skb, nexthdr))
238 raw_sk = NULL;
239
240 return raw_sk != NULL;
241}
242
243/* This cleans up af_inet6 a bit. -DaveM */
244static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
245{
246 struct inet_sock *inet = inet_sk(sk);
247 struct ipv6_pinfo *np = inet6_sk(sk);
248 struct sockaddr_in6 *addr = (struct sockaddr_in6 *) uaddr;
249 __be32 v4addr = 0;
250 int addr_type;
251 int err;
252
253 if (addr_len < SIN6_LEN_RFC2133)
254 return -EINVAL;
255
256 if (addr->sin6_family != AF_INET6)
257 return -EINVAL;
258
259 addr_type = ipv6_addr_type(&addr->sin6_addr);
260
261 /* Raw sockets are IPv6 only */
262 if (addr_type == IPV6_ADDR_MAPPED)
263 return -EADDRNOTAVAIL;
264
265 lock_sock(sk);
266
267 err = -EINVAL;
268 if (sk->sk_state != TCP_CLOSE)
269 goto out;
270
271 rcu_read_lock();
272 /* Check if the address belongs to the host. */
273 if (addr_type != IPV6_ADDR_ANY) {
274 struct net_device *dev = NULL;
275
276 if (__ipv6_addr_needs_scope_id(addr_type)) {
277 if (addr_len >= sizeof(struct sockaddr_in6) &&
278 addr->sin6_scope_id) {
279 /* Override any existing binding, if another
280 * one is supplied by user.
281 */
282 sk->sk_bound_dev_if = addr->sin6_scope_id;
283 }
284
285 /* Binding to link-local address requires an interface */
286 if (!sk->sk_bound_dev_if)
287 goto out_unlock;
288
289 err = -ENODEV;
290 dev = dev_get_by_index_rcu(sock_net(sk),
291 sk->sk_bound_dev_if);
292 if (!dev)
293 goto out_unlock;
294 }
295
296 /* ipv4 addr of the socket is invalid. Only the
297 * unspecified and mapped address have a v4 equivalent.
298 */
299 v4addr = LOOPBACK4_IPV6;
300 if (!(addr_type & IPV6_ADDR_MULTICAST) &&
301 !sock_net(sk)->ipv6.sysctl.ip_nonlocal_bind) {
302 err = -EADDRNOTAVAIL;
303 if (!ipv6_chk_addr(sock_net(sk), &addr->sin6_addr,
304 dev, 0)) {
305 goto out_unlock;
306 }
307 }
308 }
309
310 inet->inet_rcv_saddr = inet->inet_saddr = v4addr;
311 sk->sk_v6_rcv_saddr = addr->sin6_addr;
312 if (!(addr_type & IPV6_ADDR_MULTICAST))
313 np->saddr = addr->sin6_addr;
314 err = 0;
315out_unlock:
316 rcu_read_unlock();
317out:
318 release_sock(sk);
319 return err;
320}
321
322static void rawv6_err(struct sock *sk, struct sk_buff *skb,
323 struct inet6_skb_parm *opt,
324 u8 type, u8 code, int offset, __be32 info)
325{
326 struct inet_sock *inet = inet_sk(sk);
327 struct ipv6_pinfo *np = inet6_sk(sk);
328 int err;
329 int harderr;
330
331 /* Report error on raw socket, if:
332 1. User requested recverr.
333 2. Socket is connected (otherwise the error indication
334 is useless without recverr and error is hard.
335 */
336 if (!np->recverr && sk->sk_state != TCP_ESTABLISHED)
337 return;
338
339 harderr = icmpv6_err_convert(type, code, &err);
340 if (type == ICMPV6_PKT_TOOBIG) {
341 ip6_sk_update_pmtu(skb, sk, info);
342 harderr = (np->pmtudisc == IPV6_PMTUDISC_DO);
343 }
344 if (type == NDISC_REDIRECT) {
345 ip6_sk_redirect(skb, sk);
346 return;
347 }
348 if (np->recverr) {
349 u8 *payload = skb->data;
350 if (!inet->hdrincl)
351 payload += offset;
352 ipv6_icmp_error(sk, skb, err, 0, ntohl(info), payload);
353 }
354
355 if (np->recverr || harderr) {
356 sk->sk_err = err;
357 sk->sk_error_report(sk);
358 }
359}
360
361void raw6_icmp_error(struct sk_buff *skb, int nexthdr,
362 u8 type, u8 code, int inner_offset, __be32 info)
363{
364 struct sock *sk;
365 int hash;
366 const struct in6_addr *saddr, *daddr;
367 struct net *net;
368
369 hash = nexthdr & (RAW_HTABLE_SIZE - 1);
370
371 read_lock(&raw_v6_hashinfo.lock);
372 sk = sk_head(&raw_v6_hashinfo.ht[hash]);
373 if (sk) {
374 /* Note: ipv6_hdr(skb) != skb->data */
375 const struct ipv6hdr *ip6h = (const struct ipv6hdr *)skb->data;
376 saddr = &ip6h->saddr;
377 daddr = &ip6h->daddr;
378 net = dev_net(skb->dev);
379
380 while ((sk = __raw_v6_lookup(net, sk, nexthdr, saddr, daddr,
381 inet6_iif(skb)))) {
382 rawv6_err(sk, skb, NULL, type, code,
383 inner_offset, info);
384 sk = sk_next(sk);
385 }
386 }
387 read_unlock(&raw_v6_hashinfo.lock);
388}
389
390static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
391{
392 if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) &&
393 skb_checksum_complete(skb)) {
394 atomic_inc(&sk->sk_drops);
395 kfree_skb(skb);
396 return NET_RX_DROP;
397 }
398
399 /* Charge it to the socket. */
400 skb_dst_drop(skb);
401 if (sock_queue_rcv_skb(sk, skb) < 0) {
402 kfree_skb(skb);
403 return NET_RX_DROP;
404 }
405
406 return 0;
407}
408
409/*
410 * This is next to useless...
411 * if we demultiplex in network layer we don't need the extra call
412 * just to queue the skb...
413 * maybe we could have the network decide upon a hint if it
414 * should call raw_rcv for demultiplexing
415 */
416int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
417{
418 struct inet_sock *inet = inet_sk(sk);
419 struct raw6_sock *rp = raw6_sk(sk);
420
421 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
422 atomic_inc(&sk->sk_drops);
423 kfree_skb(skb);
424 return NET_RX_DROP;
425 }
426
427 if (!rp->checksum)
428 skb->ip_summed = CHECKSUM_UNNECESSARY;
429
430 if (skb->ip_summed == CHECKSUM_COMPLETE) {
431 skb_postpull_rcsum(skb, skb_network_header(skb),
432 skb_network_header_len(skb));
433 if (!csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
434 &ipv6_hdr(skb)->daddr,
435 skb->len, inet->inet_num, skb->csum))
436 skb->ip_summed = CHECKSUM_UNNECESSARY;
437 }
438 if (!skb_csum_unnecessary(skb))
439 skb->csum = ~csum_unfold(csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
440 &ipv6_hdr(skb)->daddr,
441 skb->len,
442 inet->inet_num, 0));
443
444 if (inet->hdrincl) {
445 if (skb_checksum_complete(skb)) {
446 atomic_inc(&sk->sk_drops);
447 kfree_skb(skb);
448 return NET_RX_DROP;
449 }
450 }
451
452 rawv6_rcv_skb(sk, skb);
453 return 0;
454}
455
456
457/*
458 * This should be easy, if there is something there
459 * we return it, otherwise we block.
460 */
461
462static int rawv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
463 int noblock, int flags, int *addr_len)
464{
465 struct ipv6_pinfo *np = inet6_sk(sk);
466 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name);
467 struct sk_buff *skb;
468 size_t copied;
469 int err;
470
471 if (flags & MSG_OOB)
472 return -EOPNOTSUPP;
473
474 if (flags & MSG_ERRQUEUE)
475 return ipv6_recv_error(sk, msg, len, addr_len);
476
477 if (np->rxpmtu && np->rxopt.bits.rxpmtu)
478 return ipv6_recv_rxpmtu(sk, msg, len, addr_len);
479
480 skb = skb_recv_datagram(sk, flags, noblock, &err);
481 if (!skb)
482 goto out;
483
484 copied = skb->len;
485 if (copied > len) {
486 copied = len;
487 msg->msg_flags |= MSG_TRUNC;
488 }
489
490 if (skb_csum_unnecessary(skb)) {
491 err = skb_copy_datagram_msg(skb, 0, msg, copied);
492 } else if (msg->msg_flags&MSG_TRUNC) {
493 if (__skb_checksum_complete(skb))
494 goto csum_copy_err;
495 err = skb_copy_datagram_msg(skb, 0, msg, copied);
496 } else {
497 err = skb_copy_and_csum_datagram_msg(skb, 0, msg);
498 if (err == -EINVAL)
499 goto csum_copy_err;
500 }
501 if (err)
502 goto out_free;
503
504 /* Copy the address. */
505 if (sin6) {
506 sin6->sin6_family = AF_INET6;
507 sin6->sin6_port = 0;
508 sin6->sin6_addr = ipv6_hdr(skb)->saddr;
509 sin6->sin6_flowinfo = 0;
510 sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr,
511 inet6_iif(skb));
512 *addr_len = sizeof(*sin6);
513 }
514
515 sock_recv_ts_and_drops(msg, sk, skb);
516
517 if (np->rxopt.all)
518 ip6_datagram_recv_ctl(sk, msg, skb);
519
520 err = copied;
521 if (flags & MSG_TRUNC)
522 err = skb->len;
523
524out_free:
525 skb_free_datagram(sk, skb);
526out:
527 return err;
528
529csum_copy_err:
530 skb_kill_datagram(sk, skb, flags);
531
532 /* Error for blocking case is chosen to masquerade
533 as some normal condition.
534 */
535 err = (flags&MSG_DONTWAIT) ? -EAGAIN : -EHOSTUNREACH;
536 goto out;
537}
538
539static int rawv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
540 struct raw6_sock *rp)
541{
542 struct sk_buff *skb;
543 int err = 0;
544 int offset;
545 int len;
546 int total_len;
547 __wsum tmp_csum;
548 __sum16 csum;
549
550 if (!rp->checksum)
551 goto send;
552
553 skb = skb_peek(&sk->sk_write_queue);
554 if (!skb)
555 goto out;
556
557 offset = rp->offset;
558 total_len = inet_sk(sk)->cork.base.length;
559 if (offset >= total_len - 1) {
560 err = -EINVAL;
561 ip6_flush_pending_frames(sk);
562 goto out;
563 }
564
565 /* should be check HW csum miyazawa */
566 if (skb_queue_len(&sk->sk_write_queue) == 1) {
567 /*
568 * Only one fragment on the socket.
569 */
570 tmp_csum = skb->csum;
571 } else {
572 struct sk_buff *csum_skb = NULL;
573 tmp_csum = 0;
574
575 skb_queue_walk(&sk->sk_write_queue, skb) {
576 tmp_csum = csum_add(tmp_csum, skb->csum);
577
578 if (csum_skb)
579 continue;
580
581 len = skb->len - skb_transport_offset(skb);
582 if (offset >= len) {
583 offset -= len;
584 continue;
585 }
586
587 csum_skb = skb;
588 }
589
590 skb = csum_skb;
591 }
592
593 offset += skb_transport_offset(skb);
594 err = skb_copy_bits(skb, offset, &csum, 2);
595 if (err < 0) {
596 ip6_flush_pending_frames(sk);
597 goto out;
598 }
599
600 /* in case cksum was not initialized */
601 if (unlikely(csum))
602 tmp_csum = csum_sub(tmp_csum, csum_unfold(csum));
603
604 csum = csum_ipv6_magic(&fl6->saddr, &fl6->daddr,
605 total_len, fl6->flowi6_proto, tmp_csum);
606
607 if (csum == 0 && fl6->flowi6_proto == IPPROTO_UDP)
608 csum = CSUM_MANGLED_0;
609
610 BUG_ON(skb_store_bits(skb, offset, &csum, 2));
611
612send:
613 err = ip6_push_pending_frames(sk);
614out:
615 return err;
616}
617
618static int rawv6_send_hdrinc(struct sock *sk, struct msghdr *msg, int length,
619 struct flowi6 *fl6, struct dst_entry **dstp,
620 unsigned int flags)
621{
622 struct ipv6_pinfo *np = inet6_sk(sk);
623 struct net *net = sock_net(sk);
624 struct ipv6hdr *iph;
625 struct sk_buff *skb;
626 int err;
627 struct rt6_info *rt = (struct rt6_info *)*dstp;
628 int hlen = LL_RESERVED_SPACE(rt->dst.dev);
629 int tlen = rt->dst.dev->needed_tailroom;
630
631 if (length > rt->dst.dev->mtu) {
632 ipv6_local_error(sk, EMSGSIZE, fl6, rt->dst.dev->mtu);
633 return -EMSGSIZE;
634 }
635 if (flags&MSG_PROBE)
636 goto out;
637
638 skb = sock_alloc_send_skb(sk,
639 length + hlen + tlen + 15,
640 flags & MSG_DONTWAIT, &err);
641 if (!skb)
642 goto error;
643 skb_reserve(skb, hlen);
644
645 skb->protocol = htons(ETH_P_IPV6);
646 skb->priority = sk->sk_priority;
647 skb->mark = sk->sk_mark;
648 skb_dst_set(skb, &rt->dst);
649 *dstp = NULL;
650
651 skb_put(skb, length);
652 skb_reset_network_header(skb);
653 iph = ipv6_hdr(skb);
654
655 skb->ip_summed = CHECKSUM_NONE;
656
657 skb->transport_header = skb->network_header;
658 err = memcpy_from_msg(iph, msg, length);
659 if (err)
660 goto error_fault;
661
662 /* if egress device is enslaved to an L3 master device pass the
663 * skb to its handler for processing
664 */
665 skb = l3mdev_ip6_out(sk, skb);
666 if (unlikely(!skb))
667 return 0;
668
669 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
670 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, sk, skb,
671 NULL, rt->dst.dev, dst_output);
672 if (err > 0)
673 err = net_xmit_errno(err);
674 if (err)
675 goto error;
676out:
677 return 0;
678
679error_fault:
680 err = -EFAULT;
681 kfree_skb(skb);
682error:
683 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
684 if (err == -ENOBUFS && !np->recverr)
685 err = 0;
686 return err;
687}
688
689struct raw6_frag_vec {
690 struct msghdr *msg;
691 int hlen;
692 char c[4];
693};
694
695static int rawv6_probe_proto_opt(struct raw6_frag_vec *rfv, struct flowi6 *fl6)
696{
697 int err = 0;
698 switch (fl6->flowi6_proto) {
699 case IPPROTO_ICMPV6:
700 rfv->hlen = 2;
701 err = memcpy_from_msg(rfv->c, rfv->msg, rfv->hlen);
702 if (!err) {
703 fl6->fl6_icmp_type = rfv->c[0];
704 fl6->fl6_icmp_code = rfv->c[1];
705 }
706 break;
707 case IPPROTO_MH:
708 rfv->hlen = 4;
709 err = memcpy_from_msg(rfv->c, rfv->msg, rfv->hlen);
710 if (!err)
711 fl6->fl6_mh_type = rfv->c[2];
712 }
713 return err;
714}
715
716static int raw6_getfrag(void *from, char *to, int offset, int len, int odd,
717 struct sk_buff *skb)
718{
719 struct raw6_frag_vec *rfv = from;
720
721 if (offset < rfv->hlen) {
722 int copy = min(rfv->hlen - offset, len);
723
724 if (skb->ip_summed == CHECKSUM_PARTIAL)
725 memcpy(to, rfv->c + offset, copy);
726 else
727 skb->csum = csum_block_add(
728 skb->csum,
729 csum_partial_copy_nocheck(rfv->c + offset,
730 to, copy, 0),
731 odd);
732
733 odd = 0;
734 offset += copy;
735 to += copy;
736 len -= copy;
737
738 if (!len)
739 return 0;
740 }
741
742 offset -= rfv->hlen;
743
744 return ip_generic_getfrag(rfv->msg, to, offset, len, odd, skb);
745}
746
747static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
748{
749 struct ipv6_txoptions *opt_to_free = NULL;
750 struct ipv6_txoptions opt_space;
751 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name);
752 struct in6_addr *daddr, *final_p, final;
753 struct inet_sock *inet = inet_sk(sk);
754 struct ipv6_pinfo *np = inet6_sk(sk);
755 struct raw6_sock *rp = raw6_sk(sk);
756 struct ipv6_txoptions *opt = NULL;
757 struct ip6_flowlabel *flowlabel = NULL;
758 struct dst_entry *dst = NULL;
759 struct raw6_frag_vec rfv;
760 struct flowi6 fl6;
761 struct sockcm_cookie sockc;
762 struct ipcm6_cookie ipc6;
763 int addr_len = msg->msg_namelen;
764 u16 proto;
765 int err;
766
767 /* Rough check on arithmetic overflow,
768 better check is made in ip6_append_data().
769 */
770 if (len > INT_MAX)
771 return -EMSGSIZE;
772
773 /* Mirror BSD error message compatibility */
774 if (msg->msg_flags & MSG_OOB)
775 return -EOPNOTSUPP;
776
777 /*
778 * Get and verify the address.
779 */
780 memset(&fl6, 0, sizeof(fl6));
781
782 fl6.flowi6_mark = sk->sk_mark;
783 fl6.flowi6_uid = sk->sk_uid;
784
785 ipc6.hlimit = -1;
786 ipc6.tclass = -1;
787 ipc6.dontfrag = -1;
788 ipc6.opt = NULL;
789
790 if (sin6) {
791 if (addr_len < SIN6_LEN_RFC2133)
792 return -EINVAL;
793
794 if (sin6->sin6_family && sin6->sin6_family != AF_INET6)
795 return -EAFNOSUPPORT;
796
797 /* port is the proto value [0..255] carried in nexthdr */
798 proto = ntohs(sin6->sin6_port);
799
800 if (!proto)
801 proto = inet->inet_num;
802 else if (proto != inet->inet_num)
803 return -EINVAL;
804
805 if (proto > 255)
806 return -EINVAL;
807
808 daddr = &sin6->sin6_addr;
809 if (np->sndflow) {
810 fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK;
811 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
812 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
813 if (!flowlabel)
814 return -EINVAL;
815 }
816 }
817
818 /*
819 * Otherwise it will be difficult to maintain
820 * sk->sk_dst_cache.
821 */
822 if (sk->sk_state == TCP_ESTABLISHED &&
823 ipv6_addr_equal(daddr, &sk->sk_v6_daddr))
824 daddr = &sk->sk_v6_daddr;
825
826 if (addr_len >= sizeof(struct sockaddr_in6) &&
827 sin6->sin6_scope_id &&
828 __ipv6_addr_needs_scope_id(__ipv6_addr_type(daddr)))
829 fl6.flowi6_oif = sin6->sin6_scope_id;
830 } else {
831 if (sk->sk_state != TCP_ESTABLISHED)
832 return -EDESTADDRREQ;
833
834 proto = inet->inet_num;
835 daddr = &sk->sk_v6_daddr;
836 fl6.flowlabel = np->flow_label;
837 }
838
839 if (fl6.flowi6_oif == 0)
840 fl6.flowi6_oif = sk->sk_bound_dev_if;
841
842 sockc.tsflags = sk->sk_tsflags;
843 if (msg->msg_controllen) {
844 opt = &opt_space;
845 memset(opt, 0, sizeof(struct ipv6_txoptions));
846 opt->tot_len = sizeof(struct ipv6_txoptions);
847 ipc6.opt = opt;
848
849 err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, &ipc6, &sockc);
850 if (err < 0) {
851 fl6_sock_release(flowlabel);
852 return err;
853 }
854 if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) {
855 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
856 if (!flowlabel)
857 return -EINVAL;
858 }
859 if (!(opt->opt_nflen|opt->opt_flen))
860 opt = NULL;
861 }
862 if (!opt) {
863 opt = txopt_get(np);
864 opt_to_free = opt;
865 }
866 if (flowlabel)
867 opt = fl6_merge_options(&opt_space, flowlabel, opt);
868 opt = ipv6_fixup_options(&opt_space, opt);
869
870 fl6.flowi6_proto = proto;
871 rfv.msg = msg;
872 rfv.hlen = 0;
873 err = rawv6_probe_proto_opt(&rfv, &fl6);
874 if (err)
875 goto out;
876
877 if (!ipv6_addr_any(daddr))
878 fl6.daddr = *daddr;
879 else
880 fl6.daddr.s6_addr[15] = 0x1; /* :: means loopback (BSD'ism) */
881 if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr))
882 fl6.saddr = np->saddr;
883
884 final_p = fl6_update_dst(&fl6, opt, &final);
885
886 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
887 fl6.flowi6_oif = np->mcast_oif;
888 else if (!fl6.flowi6_oif)
889 fl6.flowi6_oif = np->ucast_oif;
890 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
891
892 if (inet->hdrincl)
893 fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH;
894
895 if (ipc6.tclass < 0)
896 ipc6.tclass = np->tclass;
897
898 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
899
900 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
901 if (IS_ERR(dst)) {
902 err = PTR_ERR(dst);
903 goto out;
904 }
905 if (ipc6.hlimit < 0)
906 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
907
908 if (ipc6.dontfrag < 0)
909 ipc6.dontfrag = np->dontfrag;
910
911 if (msg->msg_flags&MSG_CONFIRM)
912 goto do_confirm;
913
914back_from_confirm:
915 if (inet->hdrincl)
916 err = rawv6_send_hdrinc(sk, msg, len, &fl6, &dst, msg->msg_flags);
917 else {
918 ipc6.opt = opt;
919 lock_sock(sk);
920 err = ip6_append_data(sk, raw6_getfrag, &rfv,
921 len, 0, &ipc6, &fl6, (struct rt6_info *)dst,
922 msg->msg_flags, &sockc);
923
924 if (err)
925 ip6_flush_pending_frames(sk);
926 else if (!(msg->msg_flags & MSG_MORE))
927 err = rawv6_push_pending_frames(sk, &fl6, rp);
928 release_sock(sk);
929 }
930done:
931 dst_release(dst);
932out:
933 fl6_sock_release(flowlabel);
934 txopt_put(opt_to_free);
935 return err < 0 ? err : len;
936do_confirm:
937 dst_confirm(dst);
938 if (!(msg->msg_flags & MSG_PROBE) || len)
939 goto back_from_confirm;
940 err = 0;
941 goto done;
942}
943
944static int rawv6_seticmpfilter(struct sock *sk, int level, int optname,
945 char __user *optval, int optlen)
946{
947 switch (optname) {
948 case ICMPV6_FILTER:
949 if (optlen > sizeof(struct icmp6_filter))
950 optlen = sizeof(struct icmp6_filter);
951 if (copy_from_user(&raw6_sk(sk)->filter, optval, optlen))
952 return -EFAULT;
953 return 0;
954 default:
955 return -ENOPROTOOPT;
956 }
957
958 return 0;
959}
960
961static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
962 char __user *optval, int __user *optlen)
963{
964 int len;
965
966 switch (optname) {
967 case ICMPV6_FILTER:
968 if (get_user(len, optlen))
969 return -EFAULT;
970 if (len < 0)
971 return -EINVAL;
972 if (len > sizeof(struct icmp6_filter))
973 len = sizeof(struct icmp6_filter);
974 if (put_user(len, optlen))
975 return -EFAULT;
976 if (copy_to_user(optval, &raw6_sk(sk)->filter, len))
977 return -EFAULT;
978 return 0;
979 default:
980 return -ENOPROTOOPT;
981 }
982
983 return 0;
984}
985
986
987static int do_rawv6_setsockopt(struct sock *sk, int level, int optname,
988 char __user *optval, unsigned int optlen)
989{
990 struct raw6_sock *rp = raw6_sk(sk);
991 int val;
992
993 if (get_user(val, (int __user *)optval))
994 return -EFAULT;
995
996 switch (optname) {
997 case IPV6_HDRINCL:
998 if (sk->sk_type != SOCK_RAW)
999 return -EINVAL;
1000 inet_sk(sk)->hdrincl = !!val;
1001 return 0;
1002 case IPV6_CHECKSUM:
1003 if (inet_sk(sk)->inet_num == IPPROTO_ICMPV6 &&
1004 level == IPPROTO_IPV6) {
1005 /*
1006 * RFC3542 tells that IPV6_CHECKSUM socket
1007 * option in the IPPROTO_IPV6 level is not
1008 * allowed on ICMPv6 sockets.
1009 * If you want to set it, use IPPROTO_RAW
1010 * level IPV6_CHECKSUM socket option
1011 * (Linux extension).
1012 */
1013 return -EINVAL;
1014 }
1015
1016 /* You may get strange result with a positive odd offset;
1017 RFC2292bis agrees with me. */
1018 if (val > 0 && (val&1))
1019 return -EINVAL;
1020 if (val < 0) {
1021 rp->checksum = 0;
1022 } else {
1023 rp->checksum = 1;
1024 rp->offset = val;
1025 }
1026
1027 return 0;
1028
1029 default:
1030 return -ENOPROTOOPT;
1031 }
1032}
1033
1034static int rawv6_setsockopt(struct sock *sk, int level, int optname,
1035 char __user *optval, unsigned int optlen)
1036{
1037 switch (level) {
1038 case SOL_RAW:
1039 break;
1040
1041 case SOL_ICMPV6:
1042 if (inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1043 return -EOPNOTSUPP;
1044 return rawv6_seticmpfilter(sk, level, optname, optval, optlen);
1045 case SOL_IPV6:
1046 if (optname == IPV6_CHECKSUM ||
1047 optname == IPV6_HDRINCL)
1048 break;
1049 default:
1050 return ipv6_setsockopt(sk, level, optname, optval, optlen);
1051 }
1052
1053 return do_rawv6_setsockopt(sk, level, optname, optval, optlen);
1054}
1055
1056#ifdef CONFIG_COMPAT
1057static int compat_rawv6_setsockopt(struct sock *sk, int level, int optname,
1058 char __user *optval, unsigned int optlen)
1059{
1060 switch (level) {
1061 case SOL_RAW:
1062 break;
1063 case SOL_ICMPV6:
1064 if (inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1065 return -EOPNOTSUPP;
1066 return rawv6_seticmpfilter(sk, level, optname, optval, optlen);
1067 case SOL_IPV6:
1068 if (optname == IPV6_CHECKSUM ||
1069 optname == IPV6_HDRINCL)
1070 break;
1071 default:
1072 return compat_ipv6_setsockopt(sk, level, optname,
1073 optval, optlen);
1074 }
1075 return do_rawv6_setsockopt(sk, level, optname, optval, optlen);
1076}
1077#endif
1078
1079static int do_rawv6_getsockopt(struct sock *sk, int level, int optname,
1080 char __user *optval, int __user *optlen)
1081{
1082 struct raw6_sock *rp = raw6_sk(sk);
1083 int val, len;
1084
1085 if (get_user(len, optlen))
1086 return -EFAULT;
1087
1088 switch (optname) {
1089 case IPV6_HDRINCL:
1090 val = inet_sk(sk)->hdrincl;
1091 break;
1092 case IPV6_CHECKSUM:
1093 /*
1094 * We allow getsockopt() for IPPROTO_IPV6-level
1095 * IPV6_CHECKSUM socket option on ICMPv6 sockets
1096 * since RFC3542 is silent about it.
1097 */
1098 if (rp->checksum == 0)
1099 val = -1;
1100 else
1101 val = rp->offset;
1102 break;
1103
1104 default:
1105 return -ENOPROTOOPT;
1106 }
1107
1108 len = min_t(unsigned int, sizeof(int), len);
1109
1110 if (put_user(len, optlen))
1111 return -EFAULT;
1112 if (copy_to_user(optval, &val, len))
1113 return -EFAULT;
1114 return 0;
1115}
1116
1117static int rawv6_getsockopt(struct sock *sk, int level, int optname,
1118 char __user *optval, int __user *optlen)
1119{
1120 switch (level) {
1121 case SOL_RAW:
1122 break;
1123
1124 case SOL_ICMPV6:
1125 if (inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1126 return -EOPNOTSUPP;
1127 return rawv6_geticmpfilter(sk, level, optname, optval, optlen);
1128 case SOL_IPV6:
1129 if (optname == IPV6_CHECKSUM ||
1130 optname == IPV6_HDRINCL)
1131 break;
1132 default:
1133 return ipv6_getsockopt(sk, level, optname, optval, optlen);
1134 }
1135
1136 return do_rawv6_getsockopt(sk, level, optname, optval, optlen);
1137}
1138
1139#ifdef CONFIG_COMPAT
1140static int compat_rawv6_getsockopt(struct sock *sk, int level, int optname,
1141 char __user *optval, int __user *optlen)
1142{
1143 switch (level) {
1144 case SOL_RAW:
1145 break;
1146 case SOL_ICMPV6:
1147 if (inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1148 return -EOPNOTSUPP;
1149 return rawv6_geticmpfilter(sk, level, optname, optval, optlen);
1150 case SOL_IPV6:
1151 if (optname == IPV6_CHECKSUM ||
1152 optname == IPV6_HDRINCL)
1153 break;
1154 default:
1155 return compat_ipv6_getsockopt(sk, level, optname,
1156 optval, optlen);
1157 }
1158 return do_rawv6_getsockopt(sk, level, optname, optval, optlen);
1159}
1160#endif
1161
1162static int rawv6_ioctl(struct sock *sk, int cmd, unsigned long arg)
1163{
1164 switch (cmd) {
1165 case SIOCOUTQ: {
1166 int amount = sk_wmem_alloc_get(sk);
1167
1168 return put_user(amount, (int __user *)arg);
1169 }
1170 case SIOCINQ: {
1171 struct sk_buff *skb;
1172 int amount = 0;
1173
1174 spin_lock_bh(&sk->sk_receive_queue.lock);
1175 skb = skb_peek(&sk->sk_receive_queue);
1176 if (skb)
1177 amount = skb_tail_pointer(skb) -
1178 skb_transport_header(skb);
1179 spin_unlock_bh(&sk->sk_receive_queue.lock);
1180 return put_user(amount, (int __user *)arg);
1181 }
1182
1183 default:
1184#ifdef CONFIG_IPV6_MROUTE
1185 return ip6mr_ioctl(sk, cmd, (void __user *)arg);
1186#else
1187 return -ENOIOCTLCMD;
1188#endif
1189 }
1190}
1191
1192#ifdef CONFIG_COMPAT
1193static int compat_rawv6_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
1194{
1195 switch (cmd) {
1196 case SIOCOUTQ:
1197 case SIOCINQ:
1198 return -ENOIOCTLCMD;
1199 default:
1200#ifdef CONFIG_IPV6_MROUTE
1201 return ip6mr_compat_ioctl(sk, cmd, compat_ptr(arg));
1202#else
1203 return -ENOIOCTLCMD;
1204#endif
1205 }
1206}
1207#endif
1208
1209static void rawv6_close(struct sock *sk, long timeout)
1210{
1211 if (inet_sk(sk)->inet_num == IPPROTO_RAW)
1212 ip6_ra_control(sk, -1);
1213 ip6mr_sk_done(sk);
1214 sk_common_release(sk);
1215}
1216
1217static void raw6_destroy(struct sock *sk)
1218{
1219 lock_sock(sk);
1220 ip6_flush_pending_frames(sk);
1221 release_sock(sk);
1222
1223 inet6_destroy_sock(sk);
1224}
1225
1226static int rawv6_init_sk(struct sock *sk)
1227{
1228 struct raw6_sock *rp = raw6_sk(sk);
1229
1230 switch (inet_sk(sk)->inet_num) {
1231 case IPPROTO_ICMPV6:
1232 rp->checksum = 1;
1233 rp->offset = 2;
1234 break;
1235 case IPPROTO_MH:
1236 rp->checksum = 1;
1237 rp->offset = 4;
1238 break;
1239 default:
1240 break;
1241 }
1242 return 0;
1243}
1244
1245struct proto rawv6_prot = {
1246 .name = "RAWv6",
1247 .owner = THIS_MODULE,
1248 .close = rawv6_close,
1249 .destroy = raw6_destroy,
1250 .connect = ip6_datagram_connect_v6_only,
1251 .disconnect = __udp_disconnect,
1252 .ioctl = rawv6_ioctl,
1253 .init = rawv6_init_sk,
1254 .setsockopt = rawv6_setsockopt,
1255 .getsockopt = rawv6_getsockopt,
1256 .sendmsg = rawv6_sendmsg,
1257 .recvmsg = rawv6_recvmsg,
1258 .bind = rawv6_bind,
1259 .backlog_rcv = rawv6_rcv_skb,
1260 .hash = raw_hash_sk,
1261 .unhash = raw_unhash_sk,
1262 .obj_size = sizeof(struct raw6_sock),
1263 .h.raw_hash = &raw_v6_hashinfo,
1264#ifdef CONFIG_COMPAT
1265 .compat_setsockopt = compat_rawv6_setsockopt,
1266 .compat_getsockopt = compat_rawv6_getsockopt,
1267 .compat_ioctl = compat_rawv6_ioctl,
1268#endif
1269 .diag_destroy = raw_abort,
1270};
1271
1272#ifdef CONFIG_PROC_FS
1273static int raw6_seq_show(struct seq_file *seq, void *v)
1274{
1275 if (v == SEQ_START_TOKEN) {
1276 seq_puts(seq, IPV6_SEQ_DGRAM_HEADER);
1277 } else {
1278 struct sock *sp = v;
1279 __u16 srcp = inet_sk(sp)->inet_num;
1280 ip6_dgram_sock_seq_show(seq, v, srcp, 0,
1281 raw_seq_private(seq)->bucket);
1282 }
1283 return 0;
1284}
1285
1286static const struct seq_operations raw6_seq_ops = {
1287 .start = raw_seq_start,
1288 .next = raw_seq_next,
1289 .stop = raw_seq_stop,
1290 .show = raw6_seq_show,
1291};
1292
1293static int raw6_seq_open(struct inode *inode, struct file *file)
1294{
1295 return raw_seq_open(inode, file, &raw_v6_hashinfo, &raw6_seq_ops);
1296}
1297
1298static const struct file_operations raw6_seq_fops = {
1299 .owner = THIS_MODULE,
1300 .open = raw6_seq_open,
1301 .read = seq_read,
1302 .llseek = seq_lseek,
1303 .release = seq_release_net,
1304};
1305
1306static int __net_init raw6_init_net(struct net *net)
1307{
1308 if (!proc_create("raw6", S_IRUGO, net->proc_net, &raw6_seq_fops))
1309 return -ENOMEM;
1310
1311 return 0;
1312}
1313
1314static void __net_exit raw6_exit_net(struct net *net)
1315{
1316 remove_proc_entry("raw6", net->proc_net);
1317}
1318
1319static struct pernet_operations raw6_net_ops = {
1320 .init = raw6_init_net,
1321 .exit = raw6_exit_net,
1322};
1323
1324int __init raw6_proc_init(void)
1325{
1326 return register_pernet_subsys(&raw6_net_ops);
1327}
1328
1329void raw6_proc_exit(void)
1330{
1331 unregister_pernet_subsys(&raw6_net_ops);
1332}
1333#endif /* CONFIG_PROC_FS */
1334
1335/* Same as inet6_dgram_ops, sans udp_poll. */
1336static const struct proto_ops inet6_sockraw_ops = {
1337 .family = PF_INET6,
1338 .owner = THIS_MODULE,
1339 .release = inet6_release,
1340 .bind = inet6_bind,
1341 .connect = inet_dgram_connect, /* ok */
1342 .socketpair = sock_no_socketpair, /* a do nothing */
1343 .accept = sock_no_accept, /* a do nothing */
1344 .getname = inet6_getname,
1345 .poll = datagram_poll, /* ok */
1346 .ioctl = inet6_ioctl, /* must change */
1347 .listen = sock_no_listen, /* ok */
1348 .shutdown = inet_shutdown, /* ok */
1349 .setsockopt = sock_common_setsockopt, /* ok */
1350 .getsockopt = sock_common_getsockopt, /* ok */
1351 .sendmsg = inet_sendmsg, /* ok */
1352 .recvmsg = sock_common_recvmsg, /* ok */
1353 .mmap = sock_no_mmap,
1354 .sendpage = sock_no_sendpage,
1355#ifdef CONFIG_COMPAT
1356 .compat_setsockopt = compat_sock_common_setsockopt,
1357 .compat_getsockopt = compat_sock_common_getsockopt,
1358#endif
1359};
1360
1361static struct inet_protosw rawv6_protosw = {
1362 .type = SOCK_RAW,
1363 .protocol = IPPROTO_IP, /* wild card */
1364 .prot = &rawv6_prot,
1365 .ops = &inet6_sockraw_ops,
1366 .flags = INET_PROTOSW_REUSE,
1367};
1368
1369int __init rawv6_init(void)
1370{
1371 return inet6_register_protosw(&rawv6_protosw);
1372}
1373
1374void rawv6_exit(void)
1375{
1376 inet6_unregister_protosw(&rawv6_protosw);
1377}