From 1a98d05f59704d60be85b03f727964e15c77224c Mon Sep 17 00:00:00 2001 From: YOSHIFUJI Hideaki Date: Thu, 24 Apr 2008 21:30:38 -0700 Subject: ipv6 RAW: Disallow IPPROTO_IPV6-level IPV6_CHECKSUM socket option on ICMPv6 sockets. RFC3542 tells that IPV6_CHECKSUM socket option in the IPPROTO_IPV6 level is not allowed on ICMPv6 sockets. IPPROTO_RAW level IPV6_CHECKSUM socket option (a Linux extension) is still allowed. Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- net/ipv6/raw.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'net/ipv6') diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 6193b124cbc..396f0ea1109 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -971,6 +971,19 @@ static int do_rawv6_setsockopt(struct sock *sk, int level, int optname, switch (optname) { case IPV6_CHECKSUM: + if (inet_sk(sk)->num == IPPROTO_ICMPV6 && + level == IPPROTO_IPV6) { + /* + * RFC3542 tells that IPV6_CHECKSUM socket + * option in the IPPROTO_IPV6 level is not + * allowed on ICMPv6 sockets. + * If you want to set it, use IPPROTO_RAW + * level IPV6_CHECKSUM socket option + * (Linux extension). + */ + return -EINVAL; + } + /* You may get strange result with a positive odd offset; RFC2292bis agrees with me. */ if (val > 0 && (val&1)) @@ -1046,6 +1059,11 @@ static int do_rawv6_getsockopt(struct sock *sk, int level, int optname, switch (optname) { case IPV6_CHECKSUM: + /* + * We allow getsockopt() for IPPROTO_IPV6-level + * IPV6_CHECKSUM socket option on ICMPv6 sockets + * since RFC3542 is silent about it. + */ if (rp->checksum == 0) val = -1; else -- cgit v1.2.3-18-g5258 From 5b3f129c5592ca35b3fe8916767c58b98710478c Mon Sep 17 00:00:00 2001 From: Michael Beasley Date: Thu, 24 Apr 2008 23:50:30 -0700 Subject: ipv6: Fix typo in net/ipv6/Kconfig Two is used in the wrong context here, as you are connecting to an IPv6 network over IPv4; not connecting two IPv6 networks to an IPv4 one. Signed-off-by: Michael Beasley Signed-off-by: David S. Miller --- net/ipv6/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/ipv6') diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index 42814a2ec9d..b2c9becc02e 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig @@ -167,7 +167,7 @@ config IPV6_SIT Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This driver implements encapsulation of IPv6 - into IPv4 packets. This is useful if you want to connect two IPv6 + into IPv4 packets. This is useful if you want to connect to IPv6 networks over an IPv4-only path. Saying M here will produce a module called sit.ko. If unsure, say Y. -- cgit v1.2.3-18-g5258