Merge master.kernel.org:/home/rmk/linux-2.6-serial
[linux-2.6] / net / ipv4 / ip_sockglue.c
1 /*
2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
3  *              operating system.  INET is implemented using the  BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              The IP to API glue.
7  *              
8  * Version:     $Id: ip_sockglue.c,v 1.62 2002/02/01 22:01:04 davem Exp $
9  *
10  * Authors:     see ip.c
11  *
12  * Fixes:
13  *              Many            :       Split from ip.c , see ip.c for history.
14  *              Martin Mares    :       TOS setting fixed.
15  *              Alan Cox        :       Fixed a couple of oopses in Martin's 
16  *                                      TOS tweaks.
17  *              Mike McLagan    :       Routing by source
18  */
19
20 #include <linux/config.h>
21 #include <linux/module.h>
22 #include <linux/types.h>
23 #include <linux/mm.h>
24 #include <linux/sched.h>
25 #include <linux/skbuff.h>
26 #include <linux/ip.h>
27 #include <linux/icmp.h>
28 #include <linux/inetdevice.h>
29 #include <linux/netdevice.h>
30 #include <net/sock.h>
31 #include <net/ip.h>
32 #include <net/icmp.h>
33 #include <net/tcp_states.h>
34 #include <linux/udp.h>
35 #include <linux/igmp.h>
36 #include <linux/netfilter.h>
37 #include <linux/route.h>
38 #include <linux/mroute.h>
39 #include <net/route.h>
40 #include <net/xfrm.h>
41 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
42 #include <net/transp_v6.h>
43 #endif
44
45 #include <linux/errqueue.h>
46 #include <asm/uaccess.h>
47
48 #define IP_CMSG_PKTINFO         1
49 #define IP_CMSG_TTL             2
50 #define IP_CMSG_TOS             4
51 #define IP_CMSG_RECVOPTS        8
52 #define IP_CMSG_RETOPTS         16
53 #define IP_CMSG_PASSSEC         32
54
55 /*
56  *      SOL_IP control messages.
57  */
58
59 static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
60 {
61         struct in_pktinfo info;
62         struct rtable *rt = (struct rtable *)skb->dst;
63
64         info.ipi_addr.s_addr = skb->nh.iph->daddr;
65         if (rt) {
66                 info.ipi_ifindex = rt->rt_iif;
67                 info.ipi_spec_dst.s_addr = rt->rt_spec_dst;
68         } else {
69                 info.ipi_ifindex = 0;
70                 info.ipi_spec_dst.s_addr = 0;
71         }
72
73         put_cmsg(msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
74 }
75
76 static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb)
77 {
78         int ttl = skb->nh.iph->ttl;
79         put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl);
80 }
81
82 static void ip_cmsg_recv_tos(struct msghdr *msg, struct sk_buff *skb)
83 {
84         put_cmsg(msg, SOL_IP, IP_TOS, 1, &skb->nh.iph->tos);
85 }
86
87 static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb)
88 {
89         if (IPCB(skb)->opt.optlen == 0)
90                 return;
91
92         put_cmsg(msg, SOL_IP, IP_RECVOPTS, IPCB(skb)->opt.optlen, skb->nh.iph+1);
93 }
94
95
96 static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb)
97 {
98         unsigned char optbuf[sizeof(struct ip_options) + 40];
99         struct ip_options * opt = (struct ip_options*)optbuf;
100
101         if (IPCB(skb)->opt.optlen == 0)
102                 return;
103
104         if (ip_options_echo(opt, skb)) {
105                 msg->msg_flags |= MSG_CTRUNC;
106                 return;
107         }
108         ip_options_undo(opt);
109
110         put_cmsg(msg, SOL_IP, IP_RETOPTS, opt->optlen, opt->__data);
111 }
112
113 static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
114 {
115         char *secdata;
116         u32 seclen;
117         int err;
118
119         err = security_socket_getpeersec_dgram(skb, &secdata, &seclen);
120         if (err)
121                 return;
122
123         put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
124 }
125
126
127 void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb)
128 {
129         struct inet_sock *inet = inet_sk(skb->sk);
130         unsigned flags = inet->cmsg_flags;
131
132         /* Ordered by supposed usage frequency */
133         if (flags & 1)
134                 ip_cmsg_recv_pktinfo(msg, skb);
135         if ((flags>>=1) == 0)
136                 return;
137
138         if (flags & 1)
139                 ip_cmsg_recv_ttl(msg, skb);
140         if ((flags>>=1) == 0)
141                 return;
142
143         if (flags & 1)
144                 ip_cmsg_recv_tos(msg, skb);
145         if ((flags>>=1) == 0)
146                 return;
147
148         if (flags & 1)
149                 ip_cmsg_recv_opts(msg, skb);
150         if ((flags>>=1) == 0)
151                 return;
152
153         if (flags & 1)
154                 ip_cmsg_recv_retopts(msg, skb);
155         if ((flags>>=1) == 0)
156                 return;
157
158         if (flags & 1)
159                 ip_cmsg_recv_security(msg, skb);
160 }
161
162 int ip_cmsg_send(struct msghdr *msg, struct ipcm_cookie *ipc)
163 {
164         int err;
165         struct cmsghdr *cmsg;
166
167         for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
168                 if (!CMSG_OK(msg, cmsg))
169                         return -EINVAL;
170                 if (cmsg->cmsg_level != SOL_IP)
171                         continue;
172                 switch (cmsg->cmsg_type) {
173                 case IP_RETOPTS:
174                         err = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr));
175                         err = ip_options_get(&ipc->opt, CMSG_DATA(cmsg), err < 40 ? err : 40);
176                         if (err)
177                                 return err;
178                         break;
179                 case IP_PKTINFO:
180                 {
181                         struct in_pktinfo *info;
182                         if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo)))
183                                 return -EINVAL;
184                         info = (struct in_pktinfo *)CMSG_DATA(cmsg);
185                         ipc->oif = info->ipi_ifindex;
186                         ipc->addr = info->ipi_spec_dst.s_addr;
187                         break;
188                 }
189                 default:
190                         return -EINVAL;
191                 }
192         }
193         return 0;
194 }
195
196
197 /* Special input handler for packets caught by router alert option.
198    They are selected only by protocol field, and then processed likely
199    local ones; but only if someone wants them! Otherwise, router
200    not running rsvpd will kill RSVP.
201
202    It is user level problem, what it will make with them.
203    I have no idea, how it will masquearde or NAT them (it is joke, joke :-)),
204    but receiver should be enough clever f.e. to forward mtrace requests,
205    sent to multicast group to reach destination designated router.
206  */
207 struct ip_ra_chain *ip_ra_chain;
208 DEFINE_RWLOCK(ip_ra_lock);
209
210 int ip_ra_control(struct sock *sk, unsigned char on, void (*destructor)(struct sock *))
211 {
212         struct ip_ra_chain *ra, *new_ra, **rap;
213
214         if (sk->sk_type != SOCK_RAW || inet_sk(sk)->num == IPPROTO_RAW)
215                 return -EINVAL;
216
217         new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
218
219         write_lock_bh(&ip_ra_lock);
220         for (rap = &ip_ra_chain; (ra=*rap) != NULL; rap = &ra->next) {
221                 if (ra->sk == sk) {
222                         if (on) {
223                                 write_unlock_bh(&ip_ra_lock);
224                                 kfree(new_ra);
225                                 return -EADDRINUSE;
226                         }
227                         *rap = ra->next;
228                         write_unlock_bh(&ip_ra_lock);
229
230                         if (ra->destructor)
231                                 ra->destructor(sk);
232                         sock_put(sk);
233                         kfree(ra);
234                         return 0;
235                 }
236         }
237         if (new_ra == NULL) {
238                 write_unlock_bh(&ip_ra_lock);
239                 return -ENOBUFS;
240         }
241         new_ra->sk = sk;
242         new_ra->destructor = destructor;
243
244         new_ra->next = ra;
245         *rap = new_ra;
246         sock_hold(sk);
247         write_unlock_bh(&ip_ra_lock);
248
249         return 0;
250 }
251
252 void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err, 
253                    u16 port, u32 info, u8 *payload)
254 {
255         struct inet_sock *inet = inet_sk(sk);
256         struct sock_exterr_skb *serr;
257
258         if (!inet->recverr)
259                 return;
260
261         skb = skb_clone(skb, GFP_ATOMIC);
262         if (!skb)
263                 return;
264
265         serr = SKB_EXT_ERR(skb);  
266         serr->ee.ee_errno = err;
267         serr->ee.ee_origin = SO_EE_ORIGIN_ICMP;
268         serr->ee.ee_type = skb->h.icmph->type; 
269         serr->ee.ee_code = skb->h.icmph->code;
270         serr->ee.ee_pad = 0;
271         serr->ee.ee_info = info;
272         serr->ee.ee_data = 0;
273         serr->addr_offset = (u8*)&(((struct iphdr*)(skb->h.icmph+1))->daddr) - skb->nh.raw;
274         serr->port = port;
275
276         skb->h.raw = payload;
277         if (!skb_pull(skb, payload - skb->data) ||
278             sock_queue_err_skb(sk, skb))
279                 kfree_skb(skb);
280 }
281
282 void ip_local_error(struct sock *sk, int err, u32 daddr, u16 port, u32 info)
283 {
284         struct inet_sock *inet = inet_sk(sk);
285         struct sock_exterr_skb *serr;
286         struct iphdr *iph;
287         struct sk_buff *skb;
288
289         if (!inet->recverr)
290                 return;
291
292         skb = alloc_skb(sizeof(struct iphdr), GFP_ATOMIC);
293         if (!skb)
294                 return;
295
296         iph = (struct iphdr*)skb_put(skb, sizeof(struct iphdr));
297         skb->nh.iph = iph;
298         iph->daddr = daddr;
299
300         serr = SKB_EXT_ERR(skb);  
301         serr->ee.ee_errno = err;
302         serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
303         serr->ee.ee_type = 0; 
304         serr->ee.ee_code = 0;
305         serr->ee.ee_pad = 0;
306         serr->ee.ee_info = info;
307         serr->ee.ee_data = 0;
308         serr->addr_offset = (u8*)&iph->daddr - skb->nh.raw;
309         serr->port = port;
310
311         skb->h.raw = skb->tail;
312         __skb_pull(skb, skb->tail - skb->data);
313
314         if (sock_queue_err_skb(sk, skb))
315                 kfree_skb(skb);
316 }
317
318 /* 
319  *      Handle MSG_ERRQUEUE
320  */
321 int ip_recv_error(struct sock *sk, struct msghdr *msg, int len)
322 {
323         struct sock_exterr_skb *serr;
324         struct sk_buff *skb, *skb2;
325         struct sockaddr_in *sin;
326         struct {
327                 struct sock_extended_err ee;
328                 struct sockaddr_in       offender;
329         } errhdr;
330         int err;
331         int copied;
332
333         err = -EAGAIN;
334         skb = skb_dequeue(&sk->sk_error_queue);
335         if (skb == NULL)
336                 goto out;
337
338         copied = skb->len;
339         if (copied > len) {
340                 msg->msg_flags |= MSG_TRUNC;
341                 copied = len;
342         }
343         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
344         if (err)
345                 goto out_free_skb;
346
347         sock_recv_timestamp(msg, sk, skb);
348
349         serr = SKB_EXT_ERR(skb);
350
351         sin = (struct sockaddr_in *)msg->msg_name;
352         if (sin) {
353                 sin->sin_family = AF_INET;
354                 sin->sin_addr.s_addr = *(u32*)(skb->nh.raw + serr->addr_offset);
355                 sin->sin_port = serr->port;
356                 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
357         }
358
359         memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
360         sin = &errhdr.offender;
361         sin->sin_family = AF_UNSPEC;
362         if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) {
363                 struct inet_sock *inet = inet_sk(sk);
364
365                 sin->sin_family = AF_INET;
366                 sin->sin_addr.s_addr = skb->nh.iph->saddr;
367                 sin->sin_port = 0;
368                 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
369                 if (inet->cmsg_flags)
370                         ip_cmsg_recv(msg, skb);
371         }
372
373         put_cmsg(msg, SOL_IP, IP_RECVERR, sizeof(errhdr), &errhdr);
374
375         /* Now we could try to dump offended packet options */
376
377         msg->msg_flags |= MSG_ERRQUEUE;
378         err = copied;
379
380         /* Reset and regenerate socket error */
381         spin_lock_bh(&sk->sk_error_queue.lock);
382         sk->sk_err = 0;
383         if ((skb2 = skb_peek(&sk->sk_error_queue)) != NULL) {
384                 sk->sk_err = SKB_EXT_ERR(skb2)->ee.ee_errno;
385                 spin_unlock_bh(&sk->sk_error_queue.lock);
386                 sk->sk_error_report(sk);
387         } else
388                 spin_unlock_bh(&sk->sk_error_queue.lock);
389
390 out_free_skb:   
391         kfree_skb(skb);
392 out:
393         return err;
394 }
395
396
397 /*
398  *      Socket option code for IP. This is the end of the line after any TCP,UDP etc options on
399  *      an IP socket.
400  */
401
402 static int do_ip_setsockopt(struct sock *sk, int level,
403                 int optname, char __user *optval, int optlen)
404 {
405         struct inet_sock *inet = inet_sk(sk);
406         int val=0,err;
407
408         if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) | 
409                             (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) | 
410                             (1<<IP_RETOPTS) | (1<<IP_TOS) | 
411                             (1<<IP_TTL) | (1<<IP_HDRINCL) | 
412                             (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) | 
413                             (1<<IP_ROUTER_ALERT) | (1<<IP_FREEBIND) |
414                             (1<<IP_PASSSEC))) ||
415                                 optname == IP_MULTICAST_TTL || 
416                                 optname == IP_MULTICAST_LOOP) { 
417                 if (optlen >= sizeof(int)) {
418                         if (get_user(val, (int __user *) optval))
419                                 return -EFAULT;
420                 } else if (optlen >= sizeof(char)) {
421                         unsigned char ucval;
422
423                         if (get_user(ucval, (unsigned char __user *) optval))
424                                 return -EFAULT;
425                         val = (int) ucval;
426                 }
427         }
428
429         /* If optlen==0, it is equivalent to val == 0 */
430
431 #ifdef CONFIG_IP_MROUTE
432         if (optname >= MRT_BASE && optname <= (MRT_BASE + 10))
433                 return ip_mroute_setsockopt(sk,optname,optval,optlen);
434 #endif
435
436         err = 0;
437         lock_sock(sk);
438
439         switch (optname) {
440                 case IP_OPTIONS:
441                 {
442                         struct ip_options * opt = NULL;
443                         if (optlen > 40 || optlen < 0)
444                                 goto e_inval;
445                         err = ip_options_get_from_user(&opt, optval, optlen);
446                         if (err)
447                                 break;
448                         if (inet->is_icsk) {
449                                 struct inet_connection_sock *icsk = inet_csk(sk);
450 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
451                                 if (sk->sk_family == PF_INET ||
452                                     (!((1 << sk->sk_state) &
453                                        (TCPF_LISTEN | TCPF_CLOSE)) &&
454                                      inet->daddr != LOOPBACK4_IPV6)) {
455 #endif
456                                         if (inet->opt)
457                                                 icsk->icsk_ext_hdr_len -= inet->opt->optlen;
458                                         if (opt)
459                                                 icsk->icsk_ext_hdr_len += opt->optlen;
460                                         icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
461 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
462                                 }
463 #endif
464                         }
465                         opt = xchg(&inet->opt, opt);
466                         kfree(opt);
467                         break;
468                 }
469                 case IP_PKTINFO:
470                         if (val)
471                                 inet->cmsg_flags |= IP_CMSG_PKTINFO;
472                         else
473                                 inet->cmsg_flags &= ~IP_CMSG_PKTINFO;
474                         break;
475                 case IP_RECVTTL:
476                         if (val)
477                                 inet->cmsg_flags |=  IP_CMSG_TTL;
478                         else
479                                 inet->cmsg_flags &= ~IP_CMSG_TTL;
480                         break;
481                 case IP_RECVTOS:
482                         if (val)
483                                 inet->cmsg_flags |=  IP_CMSG_TOS;
484                         else
485                                 inet->cmsg_flags &= ~IP_CMSG_TOS;
486                         break;
487                 case IP_RECVOPTS:
488                         if (val)
489                                 inet->cmsg_flags |=  IP_CMSG_RECVOPTS;
490                         else
491                                 inet->cmsg_flags &= ~IP_CMSG_RECVOPTS;
492                         break;
493                 case IP_RETOPTS:
494                         if (val)
495                                 inet->cmsg_flags |= IP_CMSG_RETOPTS;
496                         else
497                                 inet->cmsg_flags &= ~IP_CMSG_RETOPTS;
498                         break;
499                 case IP_PASSSEC:
500                         if (val)
501                                 inet->cmsg_flags |= IP_CMSG_PASSSEC;
502                         else
503                                 inet->cmsg_flags &= ~IP_CMSG_PASSSEC;
504                         break;
505                 case IP_TOS:    /* This sets both TOS and Precedence */
506                         if (sk->sk_type == SOCK_STREAM) {
507                                 val &= ~3;
508                                 val |= inet->tos & 3;
509                         }
510                         if (IPTOS_PREC(val) >= IPTOS_PREC_CRITIC_ECP && 
511                             !capable(CAP_NET_ADMIN)) {
512                                 err = -EPERM;
513                                 break;
514                         }
515                         if (inet->tos != val) {
516                                 inet->tos = val;
517                                 sk->sk_priority = rt_tos2priority(val);
518                                 sk_dst_reset(sk); 
519                         }
520                         break;
521                 case IP_TTL:
522                         if (optlen<1)
523                                 goto e_inval;
524                         if (val != -1 && (val < 1 || val>255))
525                                 goto e_inval;
526                         inet->uc_ttl = val;
527                         break;
528                 case IP_HDRINCL:
529                         if (sk->sk_type != SOCK_RAW) {
530                                 err = -ENOPROTOOPT;
531                                 break;
532                         }
533                         inet->hdrincl = val ? 1 : 0;
534                         break;
535                 case IP_MTU_DISCOVER:
536                         if (val<0 || val>2)
537                                 goto e_inval;
538                         inet->pmtudisc = val;
539                         break;
540                 case IP_RECVERR:
541                         inet->recverr = !!val;
542                         if (!val)
543                                 skb_queue_purge(&sk->sk_error_queue);
544                         break;
545                 case IP_MULTICAST_TTL:
546                         if (sk->sk_type == SOCK_STREAM)
547                                 goto e_inval;
548                         if (optlen<1)
549                                 goto e_inval;
550                         if (val==-1)
551                                 val = 1;
552                         if (val < 0 || val > 255)
553                                 goto e_inval;
554                         inet->mc_ttl = val;
555                         break;
556                 case IP_MULTICAST_LOOP: 
557                         if (optlen<1)
558                                 goto e_inval;
559                         inet->mc_loop = !!val;
560                         break;
561                 case IP_MULTICAST_IF: 
562                 {
563                         struct ip_mreqn mreq;
564                         struct net_device *dev = NULL;
565
566                         if (sk->sk_type == SOCK_STREAM)
567                                 goto e_inval;
568                         /*
569                          *      Check the arguments are allowable
570                          */
571
572                         err = -EFAULT;
573                         if (optlen >= sizeof(struct ip_mreqn)) {
574                                 if (copy_from_user(&mreq,optval,sizeof(mreq)))
575                                         break;
576                         } else {
577                                 memset(&mreq, 0, sizeof(mreq));
578                                 if (optlen >= sizeof(struct in_addr) &&
579                                     copy_from_user(&mreq.imr_address,optval,sizeof(struct in_addr)))
580                                         break;
581                         }
582
583                         if (!mreq.imr_ifindex) {
584                                 if (mreq.imr_address.s_addr == INADDR_ANY) {
585                                         inet->mc_index = 0;
586                                         inet->mc_addr  = 0;
587                                         err = 0;
588                                         break;
589                                 }
590                                 dev = ip_dev_find(mreq.imr_address.s_addr);
591                                 if (dev) {
592                                         mreq.imr_ifindex = dev->ifindex;
593                                         dev_put(dev);
594                                 }
595                         } else
596                                 dev = __dev_get_by_index(mreq.imr_ifindex);
597
598
599                         err = -EADDRNOTAVAIL;
600                         if (!dev)
601                                 break;
602
603                         err = -EINVAL;
604                         if (sk->sk_bound_dev_if &&
605                             mreq.imr_ifindex != sk->sk_bound_dev_if)
606                                 break;
607
608                         inet->mc_index = mreq.imr_ifindex;
609                         inet->mc_addr  = mreq.imr_address.s_addr;
610                         err = 0;
611                         break;
612                 }
613
614                 case IP_ADD_MEMBERSHIP:
615                 case IP_DROP_MEMBERSHIP: 
616                 {
617                         struct ip_mreqn mreq;
618
619                         if (optlen < sizeof(struct ip_mreq))
620                                 goto e_inval;
621                         err = -EFAULT;
622                         if (optlen >= sizeof(struct ip_mreqn)) {
623                                 if(copy_from_user(&mreq,optval,sizeof(mreq)))
624                                         break;
625                         } else {
626                                 memset(&mreq, 0, sizeof(mreq));
627                                 if (copy_from_user(&mreq,optval,sizeof(struct ip_mreq)))
628                                         break; 
629                         }
630
631                         if (optname == IP_ADD_MEMBERSHIP)
632                                 err = ip_mc_join_group(sk, &mreq);
633                         else
634                                 err = ip_mc_leave_group(sk, &mreq);
635                         break;
636                 }
637                 case IP_MSFILTER:
638                 {
639                         extern int sysctl_igmp_max_msf;
640                         struct ip_msfilter *msf;
641
642                         if (optlen < IP_MSFILTER_SIZE(0))
643                                 goto e_inval;
644                         if (optlen > sysctl_optmem_max) {
645                                 err = -ENOBUFS;
646                                 break;
647                         }
648                         msf = kmalloc(optlen, GFP_KERNEL);
649                         if (msf == 0) {
650                                 err = -ENOBUFS;
651                                 break;
652                         }
653                         err = -EFAULT;
654                         if (copy_from_user(msf, optval, optlen)) {
655                                 kfree(msf);
656                                 break;
657                         }
658                         /* numsrc >= (1G-4) overflow in 32 bits */
659                         if (msf->imsf_numsrc >= 0x3ffffffcU ||
660                             msf->imsf_numsrc > sysctl_igmp_max_msf) {
661                                 kfree(msf);
662                                 err = -ENOBUFS;
663                                 break;
664                         }
665                         if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
666                                 kfree(msf);
667                                 err = -EINVAL;
668                                 break;
669                         }
670                         err = ip_mc_msfilter(sk, msf, 0);
671                         kfree(msf);
672                         break;
673                 }
674                 case IP_BLOCK_SOURCE:
675                 case IP_UNBLOCK_SOURCE:
676                 case IP_ADD_SOURCE_MEMBERSHIP:
677                 case IP_DROP_SOURCE_MEMBERSHIP:
678                 {
679                         struct ip_mreq_source mreqs;
680                         int omode, add;
681
682                         if (optlen != sizeof(struct ip_mreq_source))
683                                 goto e_inval;
684                         if (copy_from_user(&mreqs, optval, sizeof(mreqs))) {
685                                 err = -EFAULT;
686                                 break;
687                         }
688                         if (optname == IP_BLOCK_SOURCE) {
689                                 omode = MCAST_EXCLUDE;
690                                 add = 1;
691                         } else if (optname == IP_UNBLOCK_SOURCE) {
692                                 omode = MCAST_EXCLUDE;
693                                 add = 0;
694                         } else if (optname == IP_ADD_SOURCE_MEMBERSHIP) {
695                                 struct ip_mreqn mreq;
696
697                                 mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr;
698                                 mreq.imr_address.s_addr = mreqs.imr_interface;
699                                 mreq.imr_ifindex = 0;
700                                 err = ip_mc_join_group(sk, &mreq);
701                                 if (err && err != -EADDRINUSE)
702                                         break;
703                                 omode = MCAST_INCLUDE;
704                                 add = 1;
705                         } else /* IP_DROP_SOURCE_MEMBERSHIP */ {
706                                 omode = MCAST_INCLUDE;
707                                 add = 0;
708                         }
709                         err = ip_mc_source(add, omode, sk, &mreqs, 0);
710                         break;
711                 }
712                 case MCAST_JOIN_GROUP:
713                 case MCAST_LEAVE_GROUP: 
714                 {
715                         struct group_req greq;
716                         struct sockaddr_in *psin;
717                         struct ip_mreqn mreq;
718
719                         if (optlen < sizeof(struct group_req))
720                                 goto e_inval;
721                         err = -EFAULT;
722                         if(copy_from_user(&greq, optval, sizeof(greq)))
723                                 break;
724                         psin = (struct sockaddr_in *)&greq.gr_group;
725                         if (psin->sin_family != AF_INET)
726                                 goto e_inval;
727                         memset(&mreq, 0, sizeof(mreq));
728                         mreq.imr_multiaddr = psin->sin_addr;
729                         mreq.imr_ifindex = greq.gr_interface;
730
731                         if (optname == MCAST_JOIN_GROUP)
732                                 err = ip_mc_join_group(sk, &mreq);
733                         else
734                                 err = ip_mc_leave_group(sk, &mreq);
735                         break;
736                 }
737                 case MCAST_JOIN_SOURCE_GROUP:
738                 case MCAST_LEAVE_SOURCE_GROUP:
739                 case MCAST_BLOCK_SOURCE:
740                 case MCAST_UNBLOCK_SOURCE:
741                 {
742                         struct group_source_req greqs;
743                         struct ip_mreq_source mreqs;
744                         struct sockaddr_in *psin;
745                         int omode, add;
746
747                         if (optlen != sizeof(struct group_source_req))
748                                 goto e_inval;
749                         if (copy_from_user(&greqs, optval, sizeof(greqs))) {
750                                 err = -EFAULT;
751                                 break;
752                         }
753                         if (greqs.gsr_group.ss_family != AF_INET ||
754                             greqs.gsr_source.ss_family != AF_INET) {
755                                 err = -EADDRNOTAVAIL;
756                                 break;
757                         }
758                         psin = (struct sockaddr_in *)&greqs.gsr_group;
759                         mreqs.imr_multiaddr = psin->sin_addr.s_addr;
760                         psin = (struct sockaddr_in *)&greqs.gsr_source;
761                         mreqs.imr_sourceaddr = psin->sin_addr.s_addr;
762                         mreqs.imr_interface = 0; /* use index for mc_source */
763
764                         if (optname == MCAST_BLOCK_SOURCE) {
765                                 omode = MCAST_EXCLUDE;
766                                 add = 1;
767                         } else if (optname == MCAST_UNBLOCK_SOURCE) {
768                                 omode = MCAST_EXCLUDE;
769                                 add = 0;
770                         } else if (optname == MCAST_JOIN_SOURCE_GROUP) {
771                                 struct ip_mreqn mreq;
772
773                                 psin = (struct sockaddr_in *)&greqs.gsr_group;
774                                 mreq.imr_multiaddr = psin->sin_addr;
775                                 mreq.imr_address.s_addr = 0;
776                                 mreq.imr_ifindex = greqs.gsr_interface;
777                                 err = ip_mc_join_group(sk, &mreq);
778                                 if (err && err != -EADDRINUSE)
779                                         break;
780                                 greqs.gsr_interface = mreq.imr_ifindex;
781                                 omode = MCAST_INCLUDE;
782                                 add = 1;
783                         } else /* MCAST_LEAVE_SOURCE_GROUP */ {
784                                 omode = MCAST_INCLUDE;
785                                 add = 0;
786                         }
787                         err = ip_mc_source(add, omode, sk, &mreqs,
788                                 greqs.gsr_interface);
789                         break;
790                 }
791                 case MCAST_MSFILTER:
792                 {
793                         extern int sysctl_igmp_max_msf;
794                         struct sockaddr_in *psin;
795                         struct ip_msfilter *msf = NULL;
796                         struct group_filter *gsf = NULL;
797                         int msize, i, ifindex;
798
799                         if (optlen < GROUP_FILTER_SIZE(0))
800                                 goto e_inval;
801                         if (optlen > sysctl_optmem_max) {
802                                 err = -ENOBUFS;
803                                 break;
804                         }
805                         gsf = kmalloc(optlen,GFP_KERNEL);
806                         if (gsf == 0) {
807                                 err = -ENOBUFS;
808                                 break;
809                         }
810                         err = -EFAULT;
811                         if (copy_from_user(gsf, optval, optlen)) {
812                                 goto mc_msf_out;
813                         }
814                         /* numsrc >= (4G-140)/128 overflow in 32 bits */
815                         if (gsf->gf_numsrc >= 0x1ffffff ||
816                             gsf->gf_numsrc > sysctl_igmp_max_msf) {
817                                 err = -ENOBUFS;
818                                 goto mc_msf_out;
819                         }
820                         if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
821                                 err = -EINVAL;
822                                 goto mc_msf_out;
823                         }
824                         msize = IP_MSFILTER_SIZE(gsf->gf_numsrc);
825                         msf = kmalloc(msize,GFP_KERNEL);
826                         if (msf == 0) {
827                                 err = -ENOBUFS;
828                                 goto mc_msf_out;
829                         }
830                         ifindex = gsf->gf_interface;
831                         psin = (struct sockaddr_in *)&gsf->gf_group;
832                         if (psin->sin_family != AF_INET) {
833                                 err = -EADDRNOTAVAIL;
834                                 goto mc_msf_out;
835                         }
836                         msf->imsf_multiaddr = psin->sin_addr.s_addr;
837                         msf->imsf_interface = 0;
838                         msf->imsf_fmode = gsf->gf_fmode;
839                         msf->imsf_numsrc = gsf->gf_numsrc;
840                         err = -EADDRNOTAVAIL;
841                         for (i=0; i<gsf->gf_numsrc; ++i) {
842                                 psin = (struct sockaddr_in *)&gsf->gf_slist[i];
843
844                                 if (psin->sin_family != AF_INET)
845                                         goto mc_msf_out;
846                                 msf->imsf_slist[i] = psin->sin_addr.s_addr;
847                         }
848                         kfree(gsf);
849                         gsf = NULL;
850
851                         err = ip_mc_msfilter(sk, msf, ifindex);
852 mc_msf_out:
853                         kfree(msf);
854                         kfree(gsf);
855                         break;
856                 }
857                 case IP_ROUTER_ALERT:   
858                         err = ip_ra_control(sk, val ? 1 : 0, NULL);
859                         break;
860
861                 case IP_FREEBIND:
862                         if (optlen<1)
863                                 goto e_inval;
864                         inet->freebind = !!val; 
865                         break;                  
866  
867                 case IP_IPSEC_POLICY:
868                 case IP_XFRM_POLICY:
869                         err = -EPERM;
870                         if (!capable(CAP_NET_ADMIN))
871                                 break;
872                         err = xfrm_user_policy(sk, optname, optval, optlen);
873                         break;
874
875                 default:
876                         err = -ENOPROTOOPT;
877                         break;
878         }
879         release_sock(sk);
880         return err;
881
882 e_inval:
883         release_sock(sk);
884         return -EINVAL;
885 }
886
887 int ip_setsockopt(struct sock *sk, int level,
888                 int optname, char __user *optval, int optlen)
889 {
890         int err;
891
892         if (level != SOL_IP)
893                 return -ENOPROTOOPT;
894
895         err = do_ip_setsockopt(sk, level, optname, optval, optlen);
896 #ifdef CONFIG_NETFILTER
897         /* we need to exclude all possible ENOPROTOOPTs except default case */
898         if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
899                 optname != IP_IPSEC_POLICY && optname != IP_XFRM_POLICY
900 #ifdef CONFIG_IP_MROUTE
901                 && (optname < MRT_BASE || optname > (MRT_BASE + 10))
902 #endif
903            ) {
904                 lock_sock(sk);
905                 err = nf_setsockopt(sk, PF_INET, optname, optval, optlen);
906                 release_sock(sk);
907         }
908 #endif
909         return err;
910 }
911
912 #ifdef CONFIG_COMPAT
913 int compat_ip_setsockopt(struct sock *sk, int level, int optname,
914                          char __user *optval, int optlen)
915 {
916         int err;
917
918         if (level != SOL_IP)
919                 return -ENOPROTOOPT;
920
921         err = do_ip_setsockopt(sk, level, optname, optval, optlen);
922 #ifdef CONFIG_NETFILTER
923         /* we need to exclude all possible ENOPROTOOPTs except default case */
924         if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
925             optname != IP_IPSEC_POLICY && optname != IP_XFRM_POLICY
926 #ifdef CONFIG_IP_MROUTE
927             && (optname < MRT_BASE || optname > (MRT_BASE + 10))
928 #endif
929            ) {
930                 lock_sock(sk);
931                 err = compat_nf_setsockopt(sk, PF_INET, optname,
932                                            optval, optlen);
933                 release_sock(sk);
934         }
935 #endif
936         return err;
937 }
938
939 EXPORT_SYMBOL(compat_ip_setsockopt);
940 #endif
941
942 /*
943  *      Get the options. Note for future reference. The GET of IP options gets the
944  *      _received_ ones. The set sets the _sent_ ones.
945  */
946
947 static int do_ip_getsockopt(struct sock *sk, int level, int optname,
948                 char __user *optval, int __user *optlen)
949 {
950         struct inet_sock *inet = inet_sk(sk);
951         int val;
952         int len;
953         
954         if(level!=SOL_IP)
955                 return -EOPNOTSUPP;
956
957 #ifdef CONFIG_IP_MROUTE
958         if(optname>=MRT_BASE && optname <=MRT_BASE+10)
959         {
960                 return ip_mroute_getsockopt(sk,optname,optval,optlen);
961         }
962 #endif
963
964         if(get_user(len,optlen))
965                 return -EFAULT;
966         if(len < 0)
967                 return -EINVAL;
968                 
969         lock_sock(sk);
970
971         switch(optname) {
972                 case IP_OPTIONS:
973                         {
974                                 unsigned char optbuf[sizeof(struct ip_options)+40];
975                                 struct ip_options * opt = (struct ip_options*)optbuf;
976                                 opt->optlen = 0;
977                                 if (inet->opt)
978                                         memcpy(optbuf, inet->opt,
979                                                sizeof(struct ip_options)+
980                                                inet->opt->optlen);
981                                 release_sock(sk);
982
983                                 if (opt->optlen == 0) 
984                                         return put_user(0, optlen);
985
986                                 ip_options_undo(opt);
987
988                                 len = min_t(unsigned int, len, opt->optlen);
989                                 if(put_user(len, optlen))
990                                         return -EFAULT;
991                                 if(copy_to_user(optval, opt->__data, len))
992                                         return -EFAULT;
993                                 return 0;
994                         }
995                 case IP_PKTINFO:
996                         val = (inet->cmsg_flags & IP_CMSG_PKTINFO) != 0;
997                         break;
998                 case IP_RECVTTL:
999                         val = (inet->cmsg_flags & IP_CMSG_TTL) != 0;
1000                         break;
1001                 case IP_RECVTOS:
1002                         val = (inet->cmsg_flags & IP_CMSG_TOS) != 0;
1003                         break;
1004                 case IP_RECVOPTS:
1005                         val = (inet->cmsg_flags & IP_CMSG_RECVOPTS) != 0;
1006                         break;
1007                 case IP_RETOPTS:
1008                         val = (inet->cmsg_flags & IP_CMSG_RETOPTS) != 0;
1009                         break;
1010                 case IP_PASSSEC:
1011                         val = (inet->cmsg_flags & IP_CMSG_PASSSEC) != 0;
1012                         break;
1013                 case IP_TOS:
1014                         val = inet->tos;
1015                         break;
1016                 case IP_TTL:
1017                         val = (inet->uc_ttl == -1 ?
1018                                sysctl_ip_default_ttl :
1019                                inet->uc_ttl);
1020                         break;
1021                 case IP_HDRINCL:
1022                         val = inet->hdrincl;
1023                         break;
1024                 case IP_MTU_DISCOVER:
1025                         val = inet->pmtudisc;
1026                         break;
1027                 case IP_MTU:
1028                 {
1029                         struct dst_entry *dst;
1030                         val = 0;
1031                         dst = sk_dst_get(sk);
1032                         if (dst) {
1033                                 val = dst_mtu(dst);
1034                                 dst_release(dst);
1035                         }
1036                         if (!val) {
1037                                 release_sock(sk);
1038                                 return -ENOTCONN;
1039                         }
1040                         break;
1041                 }
1042                 case IP_RECVERR:
1043                         val = inet->recverr;
1044                         break;
1045                 case IP_MULTICAST_TTL:
1046                         val = inet->mc_ttl;
1047                         break;
1048                 case IP_MULTICAST_LOOP:
1049                         val = inet->mc_loop;
1050                         break;
1051                 case IP_MULTICAST_IF:
1052                 {
1053                         struct in_addr addr;
1054                         len = min_t(unsigned int, len, sizeof(struct in_addr));
1055                         addr.s_addr = inet->mc_addr;
1056                         release_sock(sk);
1057
1058                         if(put_user(len, optlen))
1059                                 return -EFAULT;
1060                         if(copy_to_user(optval, &addr, len))
1061                                 return -EFAULT;
1062                         return 0;
1063                 }
1064                 case IP_MSFILTER:
1065                 {
1066                         struct ip_msfilter msf;
1067                         int err;
1068
1069                         if (len < IP_MSFILTER_SIZE(0)) {
1070                                 release_sock(sk);
1071                                 return -EINVAL;
1072                         }
1073                         if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) {
1074                                 release_sock(sk);
1075                                 return -EFAULT;
1076                         }
1077                         err = ip_mc_msfget(sk, &msf,
1078                                 (struct ip_msfilter __user *)optval, optlen);
1079                         release_sock(sk);
1080                         return err;
1081                 }
1082                 case MCAST_MSFILTER:
1083                 {
1084                         struct group_filter gsf;
1085                         int err;
1086
1087                         if (len < GROUP_FILTER_SIZE(0)) {
1088                                 release_sock(sk);
1089                                 return -EINVAL;
1090                         }
1091                         if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) {
1092                                 release_sock(sk);
1093                                 return -EFAULT;
1094                         }
1095                         err = ip_mc_gsfget(sk, &gsf,
1096                                 (struct group_filter __user *)optval, optlen);
1097                         release_sock(sk);
1098                         return err;
1099                 }
1100                 case IP_PKTOPTIONS:             
1101                 {
1102                         struct msghdr msg;
1103
1104                         release_sock(sk);
1105
1106                         if (sk->sk_type != SOCK_STREAM)
1107                                 return -ENOPROTOOPT;
1108
1109                         msg.msg_control = optval;
1110                         msg.msg_controllen = len;
1111                         msg.msg_flags = 0;
1112
1113                         if (inet->cmsg_flags & IP_CMSG_PKTINFO) {
1114                                 struct in_pktinfo info;
1115
1116                                 info.ipi_addr.s_addr = inet->rcv_saddr;
1117                                 info.ipi_spec_dst.s_addr = inet->rcv_saddr;
1118                                 info.ipi_ifindex = inet->mc_index;
1119                                 put_cmsg(&msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
1120                         }
1121                         if (inet->cmsg_flags & IP_CMSG_TTL) {
1122                                 int hlim = inet->mc_ttl;
1123                                 put_cmsg(&msg, SOL_IP, IP_TTL, sizeof(hlim), &hlim);
1124                         }
1125                         len -= msg.msg_controllen;
1126                         return put_user(len, optlen);
1127                 }
1128                 case IP_FREEBIND: 
1129                         val = inet->freebind; 
1130                         break; 
1131                 default:
1132                         release_sock(sk);
1133                         return -ENOPROTOOPT;
1134         }
1135         release_sock(sk);
1136         
1137         if (len < sizeof(int) && len > 0 && val>=0 && val<255) {
1138                 unsigned char ucval = (unsigned char)val;
1139                 len = 1;
1140                 if(put_user(len, optlen))
1141                         return -EFAULT;
1142                 if(copy_to_user(optval,&ucval,1))
1143                         return -EFAULT;
1144         } else {
1145                 len = min_t(unsigned int, sizeof(int), len);
1146                 if(put_user(len, optlen))
1147                         return -EFAULT;
1148                 if(copy_to_user(optval,&val,len))
1149                         return -EFAULT;
1150         }
1151         return 0;
1152 }
1153
1154 int ip_getsockopt(struct sock *sk, int level,
1155                 int optname, char __user *optval, int __user *optlen)
1156 {
1157         int err;
1158
1159         err = do_ip_getsockopt(sk, level, optname, optval, optlen);
1160 #ifdef CONFIG_NETFILTER
1161         /* we need to exclude all possible ENOPROTOOPTs except default case */
1162         if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS
1163 #ifdef CONFIG_IP_MROUTE
1164                 && (optname < MRT_BASE || optname > MRT_BASE+10)
1165 #endif
1166            ) {
1167                 int len;
1168
1169                 if(get_user(len,optlen))
1170                         return -EFAULT;
1171
1172                 lock_sock(sk);
1173                 err = nf_getsockopt(sk, PF_INET, optname, optval,
1174                                 &len);
1175                 release_sock(sk);
1176                 if (err >= 0)
1177                         err = put_user(len, optlen);
1178                 return err;
1179         }
1180 #endif
1181         return err;
1182 }
1183
1184 #ifdef CONFIG_COMPAT
1185 int compat_ip_getsockopt(struct sock *sk, int level, int optname,
1186                          char __user *optval, int __user *optlen)
1187 {
1188         int err = do_ip_getsockopt(sk, level, optname, optval, optlen);
1189 #ifdef CONFIG_NETFILTER
1190         /* we need to exclude all possible ENOPROTOOPTs except default case */
1191         if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS
1192 #ifdef CONFIG_IP_MROUTE
1193             && (optname < MRT_BASE || optname > MRT_BASE+10)
1194 #endif
1195            ) {
1196                 int len;
1197
1198                 if (get_user(len, optlen))
1199                         return -EFAULT;
1200
1201                 lock_sock(sk);
1202                 err = compat_nf_getsockopt(sk, PF_INET, optname, optval, &len);
1203                 release_sock(sk);
1204                 if (err >= 0)
1205                         err = put_user(len, optlen);
1206                 return err;
1207         }
1208 #endif
1209         return err;
1210 }
1211
1212 EXPORT_SYMBOL(compat_ip_getsockopt);
1213 #endif
1214
1215 EXPORT_SYMBOL(ip_cmsg_recv);
1216
1217 EXPORT_SYMBOL(ip_getsockopt);
1218 EXPORT_SYMBOL(ip_setsockopt);