aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/net/Kconfig13
-rw-r--r--drivers/net/Makefile1
-rw-r--r--drivers/net/pppol2tp.c2486
3 files changed, 2500 insertions, 0 deletions
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index b941c74a06c4..c251cca295c1 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -2784,6 +2784,19 @@ config PPPOATM
2784 which can lead to bad results if the ATM peer loses state and 2784 which can lead to bad results if the ATM peer loses state and
2785 changes its encapsulation unilaterally. 2785 changes its encapsulation unilaterally.
2786 2786
2787config PPPOL2TP
2788 tristate "PPP over L2TP (EXPERIMENTAL)"
2789 depends on EXPERIMENTAL && PPP
2790 help
2791 Support for PPP-over-L2TP socket family. L2TP is a protocol
2792 used by ISPs and enterprises to tunnel PPP traffic over UDP
2793 tunnels. L2TP is replacing PPTP for VPN uses.
2794
2795 This kernel component handles only L2TP data packets: a
2796 userland daemon handles L2TP the control protocol (tunnel
2797 and session setup). One such daemon is OpenL2TP
2798 (http://openl2tp.sourceforge.net/).
2799
2787config SLIP 2800config SLIP
2788 tristate "SLIP (serial line) support" 2801 tristate "SLIP (serial line) support"
2789 ---help--- 2802 ---help---
diff --git a/drivers/net/Makefile b/drivers/net/Makefile
index 1bbcbedad04a..a2241e6e1457 100644
--- a/drivers/net/Makefile
+++ b/drivers/net/Makefile
@@ -121,6 +121,7 @@ obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o
121obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o 121obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o
122obj-$(CONFIG_PPP_MPPE) += ppp_mppe.o 122obj-$(CONFIG_PPP_MPPE) += ppp_mppe.o
123obj-$(CONFIG_PPPOE) += pppox.o pppoe.o 123obj-$(CONFIG_PPPOE) += pppox.o pppoe.o
124obj-$(CONFIG_PPPOL2TP) += pppox.o pppol2tp.o
124 125
125obj-$(CONFIG_SLIP) += slip.o 126obj-$(CONFIG_SLIP) += slip.o
126obj-$(CONFIG_SLHC) += slhc.o 127obj-$(CONFIG_SLHC) += slhc.o
diff --git a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
new file mode 100644
index 000000000000..8a6bff5c3849
--- /dev/null
+++ b/drivers/net/pppol2tp.c
@@ -0,0 +1,2486 @@
1/*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6 *
7 * Version: 1.0.0
8 *
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
15 *
16 * License:
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version
20 * 2 of the License, or (at your option) any later version.
21 *
22 */
23
24/* This driver handles only L2TP data frames; control frames are handled by a
25 * userspace application.
26 *
27 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
28 * attaches it to a bound UDP socket with local tunnel_id / session_id and
29 * peer tunnel_id / session_id set. Data can then be sent or received using
30 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
31 * can be read or modified using ioctl() or [gs]etsockopt() calls.
32 *
33 * When a PPPoL2TP socket is connected with local and peer session_id values
34 * zero, the socket is treated as a special tunnel management socket.
35 *
36 * Here's example userspace code to create a socket for sending/receiving data
37 * over an L2TP session:-
38 *
39 * struct sockaddr_pppol2tp sax;
40 * int fd;
41 * int session_fd;
42 *
43 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
44 *
45 * sax.sa_family = AF_PPPOX;
46 * sax.sa_protocol = PX_PROTO_OL2TP;
47 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
48 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
49 * sax.pppol2tp.addr.sin_port = addr->sin_port;
50 * sax.pppol2tp.addr.sin_family = AF_INET;
51 * sax.pppol2tp.s_tunnel = tunnel_id;
52 * sax.pppol2tp.s_session = session_id;
53 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
54 * sax.pppol2tp.d_session = peer_session_id;
55 *
56 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
57 *
58 * A pppd plugin that allows PPP traffic to be carried over L2TP using
59 * this driver is available from the OpenL2TP project at
60 * http://openl2tp.sourceforge.net.
61 */
62
63#include <linux/module.h>
64#include <linux/version.h>
65#include <linux/string.h>
66#include <linux/list.h>
67#include <asm/uaccess.h>
68
69#include <linux/kernel.h>
70#include <linux/spinlock.h>
71#include <linux/kthread.h>
72#include <linux/sched.h>
73#include <linux/slab.h>
74#include <linux/errno.h>
75#include <linux/jiffies.h>
76
77#include <linux/netdevice.h>
78#include <linux/net.h>
79#include <linux/inetdevice.h>
80#include <linux/skbuff.h>
81#include <linux/init.h>
82#include <linux/ip.h>
83#include <linux/udp.h>
84#include <linux/if_pppox.h>
85#include <linux/if_pppol2tp.h>
86#include <net/sock.h>
87#include <linux/ppp_channel.h>
88#include <linux/ppp_defs.h>
89#include <linux/if_ppp.h>
90#include <linux/file.h>
91#include <linux/hash.h>
92#include <linux/sort.h>
93#include <linux/proc_fs.h>
94#include <net/dst.h>
95#include <net/ip.h>
96#include <net/udp.h>
97#include <net/xfrm.h>
98
99#include <asm/byteorder.h>
100#include <asm/atomic.h>
101
102
103#define PPPOL2TP_DRV_VERSION "V1.0"
104
105/* L2TP header constants */
106#define L2TP_HDRFLAG_T 0x8000
107#define L2TP_HDRFLAG_L 0x4000
108#define L2TP_HDRFLAG_S 0x0800
109#define L2TP_HDRFLAG_O 0x0200
110#define L2TP_HDRFLAG_P 0x0100
111
112#define L2TP_HDR_VER_MASK 0x000F
113#define L2TP_HDR_VER 0x0002
114
115/* Space for UDP, L2TP and PPP headers */
116#define PPPOL2TP_HEADER_OVERHEAD 40
117
118/* Just some random numbers */
119#define L2TP_TUNNEL_MAGIC 0x42114DDA
120#define L2TP_SESSION_MAGIC 0x0C04EB7D
121
122#define PPPOL2TP_HASH_BITS 4
123#define PPPOL2TP_HASH_SIZE (1 << PPPOL2TP_HASH_BITS)
124
125/* Default trace flags */
126#define PPPOL2TP_DEFAULT_DEBUG_FLAGS 0
127
128#define PRINTK(_mask, _type, _lvl, _fmt, args...) \
129 do { \
130 if ((_mask) & (_type)) \
131 printk(_lvl "PPPOL2TP: " _fmt, ##args); \
132 } while(0)
133
134/* Number of bytes to build transmit L2TP headers.
135 * Unfortunately the size is different depending on whether sequence numbers
136 * are enabled.
137 */
138#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
139#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
140
141struct pppol2tp_tunnel;
142
143/* Describes a session. It is the sk_user_data field in the PPPoL2TP
144 * socket. Contains information to determine incoming packets and transmit
145 * outgoing ones.
146 */
147struct pppol2tp_session
148{
149 int magic; /* should be
150 * L2TP_SESSION_MAGIC */
151 int owner; /* pid that opened the socket */
152
153 struct sock *sock; /* Pointer to the session
154 * PPPoX socket */
155 struct sock *tunnel_sock; /* Pointer to the tunnel UDP
156 * socket */
157
158 struct pppol2tp_addr tunnel_addr; /* Description of tunnel */
159
160 struct pppol2tp_tunnel *tunnel; /* back pointer to tunnel
161 * context */
162
163 char name[20]; /* "sess xxxxx/yyyyy", where
164 * x=tunnel_id, y=session_id */
165 int mtu;
166 int mru;
167 int flags; /* accessed by PPPIOCGFLAGS.
168 * Unused. */
169 unsigned recv_seq:1; /* expect receive packets with
170 * sequence numbers? */
171 unsigned send_seq:1; /* send packets with sequence
172 * numbers? */
173 unsigned lns_mode:1; /* behave as LNS? LAC enables
174 * sequence numbers under
175 * control of LNS. */
176 int debug; /* bitmask of debug message
177 * categories */
178 int reorder_timeout; /* configured reorder timeout
179 * (in jiffies) */
180 u16 nr; /* session NR state (receive) */
181 u16 ns; /* session NR state (send) */
182 struct sk_buff_head reorder_q; /* receive reorder queue */
183 struct pppol2tp_ioc_stats stats;
184 struct hlist_node hlist; /* Hash list node */
185};
186
187/* The sk_user_data field of the tunnel's UDP socket. It contains info to track
188 * all the associated sessions so incoming packets can be sorted out
189 */
190struct pppol2tp_tunnel
191{
192 int magic; /* Should be L2TP_TUNNEL_MAGIC */
193 rwlock_t hlist_lock; /* protect session_hlist */
194 struct hlist_head session_hlist[PPPOL2TP_HASH_SIZE];
195 /* hashed list of sessions,
196 * hashed by id */
197 int debug; /* bitmask of debug message
198 * categories */
199 char name[12]; /* "tunl xxxxx" */
200 struct pppol2tp_ioc_stats stats;
201
202 void (*old_sk_destruct)(struct sock *);
203
204 struct sock *sock; /* Parent socket */
205 struct list_head list; /* Keep a list of all open
206 * prepared sockets */
207
208 atomic_t ref_count;
209};
210
211/* Private data stored for received packets in the skb.
212 */
213struct pppol2tp_skb_cb {
214 u16 ns;
215 u16 nr;
216 u16 has_seq;
217 u16 length;
218 unsigned long expires;
219};
220
221#define PPPOL2TP_SKB_CB(skb) ((struct pppol2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
222
223static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
224static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel);
225
226static atomic_t pppol2tp_tunnel_count;
227static atomic_t pppol2tp_session_count;
228static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
229static struct proto_ops pppol2tp_ops;
230static LIST_HEAD(pppol2tp_tunnel_list);
231static DEFINE_RWLOCK(pppol2tp_tunnel_list_lock);
232
233/* Helpers to obtain tunnel/session contexts from sockets.
234 */
235static inline struct pppol2tp_session *pppol2tp_sock_to_session(struct sock *sk)
236{
237 struct pppol2tp_session *session;
238
239 if (sk == NULL)
240 return NULL;
241
242 session = (struct pppol2tp_session *)(sk->sk_user_data);
243 if (session == NULL)
244 return NULL;
245
246 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
247
248 return session;
249}
250
251static inline struct pppol2tp_tunnel *pppol2tp_sock_to_tunnel(struct sock *sk)
252{
253 struct pppol2tp_tunnel *tunnel;
254
255 if (sk == NULL)
256 return NULL;
257
258 tunnel = (struct pppol2tp_tunnel *)(sk->sk_user_data);
259 if (tunnel == NULL)
260 return NULL;
261
262 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
263
264 return tunnel;
265}
266
267/* Tunnel reference counts. Incremented per session that is added to
268 * the tunnel.
269 */
270static inline void pppol2tp_tunnel_inc_refcount(struct pppol2tp_tunnel *tunnel)
271{
272 atomic_inc(&tunnel->ref_count);
273}
274
275static inline void pppol2tp_tunnel_dec_refcount(struct pppol2tp_tunnel *tunnel)
276{
277 if (atomic_dec_and_test(&tunnel->ref_count))
278 pppol2tp_tunnel_free(tunnel);
279}
280
281/* Session hash list.
282 * The session_id SHOULD be random according to RFC2661, but several
283 * L2TP implementations (Cisco and Microsoft) use incrementing
284 * session_ids. So we do a real hash on the session_id, rather than a
285 * simple bitmask.
286 */
287static inline struct hlist_head *
288pppol2tp_session_id_hash(struct pppol2tp_tunnel *tunnel, u16 session_id)
289{
290 unsigned long hash_val = (unsigned long) session_id;
291 return &tunnel->session_hlist[hash_long(hash_val, PPPOL2TP_HASH_BITS)];
292}
293
294/* Lookup a session by id
295 */
296static struct pppol2tp_session *
297pppol2tp_session_find(struct pppol2tp_tunnel *tunnel, u16 session_id)
298{
299 struct hlist_head *session_list =
300 pppol2tp_session_id_hash(tunnel, session_id);
301 struct pppol2tp_session *session;
302 struct hlist_node *walk;
303
304 read_lock(&tunnel->hlist_lock);
305 hlist_for_each_entry(session, walk, session_list, hlist) {
306 if (session->tunnel_addr.s_session == session_id) {
307 read_unlock(&tunnel->hlist_lock);
308 return session;
309 }
310 }
311 read_unlock(&tunnel->hlist_lock);
312
313 return NULL;
314}
315
316/* Lookup a tunnel by id
317 */
318static struct pppol2tp_tunnel *pppol2tp_tunnel_find(u16 tunnel_id)
319{
320 struct pppol2tp_tunnel *tunnel = NULL;
321
322 read_lock(&pppol2tp_tunnel_list_lock);
323 list_for_each_entry(tunnel, &pppol2tp_tunnel_list, list) {
324 if (tunnel->stats.tunnel_id == tunnel_id) {
325 read_unlock(&pppol2tp_tunnel_list_lock);
326 return tunnel;
327 }
328 }
329 read_unlock(&pppol2tp_tunnel_list_lock);
330
331 return NULL;
332}
333
334/*****************************************************************************
335 * Receive data handling
336 *****************************************************************************/
337
338/* Queue a skb in order. We come here only if the skb has an L2TP sequence
339 * number.
340 */
341static void pppol2tp_recv_queue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
342{
343 struct sk_buff *skbp;
344 u16 ns = PPPOL2TP_SKB_CB(skb)->ns;
345
346 spin_lock(&session->reorder_q.lock);
347 skb_queue_walk(&session->reorder_q, skbp) {
348 if (PPPOL2TP_SKB_CB(skbp)->ns > ns) {
349 __skb_insert(skb, skbp->prev, skbp, &session->reorder_q);
350 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
351 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
352 session->name, ns, PPPOL2TP_SKB_CB(skbp)->ns,
353 skb_queue_len(&session->reorder_q));
354 session->stats.rx_oos_packets++;
355 goto out;
356 }
357 }
358
359 __skb_queue_tail(&session->reorder_q, skb);
360
361out:
362 spin_unlock(&session->reorder_q.lock);
363}
364
365/* Dequeue a single skb.
366 */
367static void pppol2tp_recv_dequeue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
368{
369 struct pppol2tp_tunnel *tunnel = session->tunnel;
370 int length = PPPOL2TP_SKB_CB(skb)->length;
371 struct sock *session_sock = NULL;
372
373 /* We're about to requeue the skb, so unlink it and return resources
374 * to its current owner (a socket receive buffer).
375 */
376 skb_unlink(skb, &session->reorder_q);
377 skb_orphan(skb);
378
379 tunnel->stats.rx_packets++;
380 tunnel->stats.rx_bytes += length;
381 session->stats.rx_packets++;
382 session->stats.rx_bytes += length;
383
384 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
385 /* Bump our Nr */
386 session->nr++;
387 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
388 "%s: updated nr to %hu\n", session->name, session->nr);
389 }
390
391 /* If the socket is bound, send it in to PPP's input queue. Otherwise
392 * queue it on the session socket.
393 */
394 session_sock = session->sock;
395 if (session_sock->sk_state & PPPOX_BOUND) {
396 struct pppox_sock *po;
397 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
398 "%s: recv %d byte data frame, passing to ppp\n",
399 session->name, length);
400
401 /* We need to forget all info related to the L2TP packet
402 * gathered in the skb as we are going to reuse the same
403 * skb for the inner packet.
404 * Namely we need to:
405 * - reset xfrm (IPSec) information as it applies to
406 * the outer L2TP packet and not to the inner one
407 * - release the dst to force a route lookup on the inner
408 * IP packet since skb->dst currently points to the dst
409 * of the UDP tunnel
410 * - reset netfilter information as it doesn't apply
411 * to the inner packet either
412 */
413 secpath_reset(skb);
414 dst_release(skb->dst);
415 skb->dst = NULL;
416 nf_reset(skb);
417
418 po = pppox_sk(session_sock);
419 ppp_input(&po->chan, skb);
420 } else {
421 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
422 "%s: socket not bound\n", session->name);
423
424 /* Not bound. Nothing we can do, so discard. */
425 session->stats.rx_errors++;
426 kfree_skb(skb);
427 }
428
429 sock_put(session->sock);
430}
431
432/* Dequeue skbs from the session's reorder_q, subject to packet order.
433 * Skbs that have been in the queue for too long are simply discarded.
434 */
435static void pppol2tp_recv_dequeue(struct pppol2tp_session *session)
436{
437 struct sk_buff *skb;
438 struct sk_buff *tmp;
439
440 /* If the pkt at the head of the queue has the nr that we
441 * expect to send up next, dequeue it and any other
442 * in-sequence packets behind it.
443 */
444 spin_lock(&session->reorder_q.lock);
445 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
446 if (time_after(jiffies, PPPOL2TP_SKB_CB(skb)->expires)) {
447 session->stats.rx_seq_discards++;
448 session->stats.rx_errors++;
449 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
450 "%s: oos pkt %hu len %d discarded (too old), "
451 "waiting for %hu, reorder_q_len=%d\n",
452 session->name, PPPOL2TP_SKB_CB(skb)->ns,
453 PPPOL2TP_SKB_CB(skb)->length, session->nr,
454 skb_queue_len(&session->reorder_q));
455 __skb_unlink(skb, &session->reorder_q);
456 kfree_skb(skb);
457 continue;
458 }
459
460 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
461 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
462 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
463 "%s: holding oos pkt %hu len %d, "
464 "waiting for %hu, reorder_q_len=%d\n",
465 session->name, PPPOL2TP_SKB_CB(skb)->ns,
466 PPPOL2TP_SKB_CB(skb)->length, session->nr,
467 skb_queue_len(&session->reorder_q));
468 goto out;
469 }
470 }
471 spin_unlock(&session->reorder_q.lock);
472 pppol2tp_recv_dequeue_skb(session, skb);
473 spin_lock(&session->reorder_q.lock);
474 }
475
476out:
477 spin_unlock(&session->reorder_q.lock);
478}
479
480/* Internal receive frame. Do the real work of receiving an L2TP data frame
481 * here. The skb is not on a list when we get here.
482 * Returns 0 if the packet was a data packet and was successfully passed on.
483 * Returns 1 if the packet was not a good data packet and could not be
484 * forwarded. All such packets are passed up to userspace to deal with.
485 */
486static int pppol2tp_recv_core(struct sock *sock, struct sk_buff *skb)
487{
488 struct pppol2tp_session *session = NULL;
489 struct pppol2tp_tunnel *tunnel;
490 unsigned char *ptr;
491 u16 hdrflags;
492 u16 tunnel_id, session_id;
493 int length;
494 struct udphdr *uh;
495
496 tunnel = pppol2tp_sock_to_tunnel(sock);
497 if (tunnel == NULL)
498 goto error;
499
500 /* Short packet? */
501 if (skb->len < sizeof(struct udphdr)) {
502 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
503 "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
504 goto error;
505 }
506
507 /* Point to L2TP header */
508 ptr = skb->data + sizeof(struct udphdr);
509
510 /* Get L2TP header flags */
511 hdrflags = ntohs(*(__be16*)ptr);
512
513 /* Trace packet contents, if enabled */
514 if (tunnel->debug & PPPOL2TP_MSG_DATA) {
515 printk(KERN_DEBUG "%s: recv: ", tunnel->name);
516
517 for (length = 0; length < 16; length++)
518 printk(" %02X", ptr[length]);
519 printk("\n");
520 }
521
522 /* Get length of L2TP packet */
523 uh = (struct udphdr *) skb_transport_header(skb);
524 length = ntohs(uh->len) - sizeof(struct udphdr);
525
526 /* Too short? */
527 if (length < 12) {
528 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
529 "%s: recv short L2TP packet (len=%d)\n", tunnel->name, length);
530 goto error;
531 }
532
533 /* If type is control packet, it is handled by userspace. */
534 if (hdrflags & L2TP_HDRFLAG_T) {
535 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
536 "%s: recv control packet, len=%d\n", tunnel->name, length);
537 goto error;
538 }
539
540 /* Skip flags */
541 ptr += 2;
542
543 /* If length is present, skip it */
544 if (hdrflags & L2TP_HDRFLAG_L)
545 ptr += 2;
546
547 /* Extract tunnel and session ID */
548 tunnel_id = ntohs(*(__be16 *) ptr);
549 ptr += 2;
550 session_id = ntohs(*(__be16 *) ptr);
551 ptr += 2;
552
553 /* Find the session context */
554 session = pppol2tp_session_find(tunnel, session_id);
555 if (!session) {
556 /* Not found? Pass to userspace to deal with */
557 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
558 "%s: no socket found (%hu/%hu). Passing up.\n",
559 tunnel->name, tunnel_id, session_id);
560 goto error;
561 }
562 sock_hold(session->sock);
563
564 /* The ref count on the socket was increased by the above call since
565 * we now hold a pointer to the session. Take care to do sock_put()
566 * when exiting this function from now on...
567 */
568
569 /* Handle the optional sequence numbers. If we are the LAC,
570 * enable/disable sequence numbers under the control of the LNS. If
571 * no sequence numbers present but we were expecting them, discard
572 * frame.
573 */
574 if (hdrflags & L2TP_HDRFLAG_S) {
575 u16 ns, nr;
576 ns = ntohs(*(__be16 *) ptr);
577 ptr += 2;
578 nr = ntohs(*(__be16 *) ptr);
579 ptr += 2;
580
581 /* Received a packet with sequence numbers. If we're the LNS,
582 * check if we sre sending sequence numbers and if not,
583 * configure it so.
584 */
585 if ((!session->lns_mode) && (!session->send_seq)) {
586 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
587 "%s: requested to enable seq numbers by LNS\n",
588 session->name);
589 session->send_seq = -1;
590 }
591
592 /* Store L2TP info in the skb */
593 PPPOL2TP_SKB_CB(skb)->ns = ns;
594 PPPOL2TP_SKB_CB(skb)->nr = nr;
595 PPPOL2TP_SKB_CB(skb)->has_seq = 1;
596
597 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
598 "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n",
599 session->name, ns, nr, session->nr);
600 } else {
601 /* No sequence numbers.
602 * If user has configured mandatory sequence numbers, discard.
603 */
604 if (session->recv_seq) {
605 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
606 "%s: recv data has no seq numbers when required. "
607 "Discarding\n", session->name);
608 session->stats.rx_seq_discards++;
609 session->stats.rx_errors++;
610 goto discard;
611 }
612
613 /* If we're the LAC and we're sending sequence numbers, the
614 * LNS has requested that we no longer send sequence numbers.
615 * If we're the LNS and we're sending sequence numbers, the
616 * LAC is broken. Discard the frame.
617 */
618 if ((!session->lns_mode) && (session->send_seq)) {
619 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
620 "%s: requested to disable seq numbers by LNS\n",
621 session->name);
622 session->send_seq = 0;
623 } else if (session->send_seq) {
624 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
625 "%s: recv data has no seq numbers when required. "
626 "Discarding\n", session->name);
627 session->stats.rx_seq_discards++;
628 session->stats.rx_errors++;
629 goto discard;
630 }
631
632 /* Store L2TP info in the skb */
633 PPPOL2TP_SKB_CB(skb)->has_seq = 0;
634 }
635
636 /* If offset bit set, skip it. */
637 if (hdrflags & L2TP_HDRFLAG_O)
638 ptr += 2 + ntohs(*(__be16 *) ptr);
639
640 skb_pull(skb, ptr - skb->data);
641
642 /* Skip PPP header, if present. In testing, Microsoft L2TP clients
643 * don't send the PPP header (PPP header compression enabled), but
644 * other clients can include the header. So we cope with both cases
645 * here. The PPP header is always FF03 when using L2TP.
646 *
647 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
648 * the field may be unaligned.
649 */
650 if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
651 skb_pull(skb, 2);
652
653 /* Prepare skb for adding to the session's reorder_q. Hold
654 * packets for max reorder_timeout or 1 second if not
655 * reordering.
656 */
657 PPPOL2TP_SKB_CB(skb)->length = length;
658 PPPOL2TP_SKB_CB(skb)->expires = jiffies +
659 (session->reorder_timeout ? session->reorder_timeout : HZ);
660
661 /* Add packet to the session's receive queue. Reordering is done here, if
662 * enabled. Saved L2TP protocol info is stored in skb->sb[].
663 */
664 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
665 if (session->reorder_timeout != 0) {
666 /* Packet reordering enabled. Add skb to session's
667 * reorder queue, in order of ns.
668 */
669 pppol2tp_recv_queue_skb(session, skb);
670 } else {
671 /* Packet reordering disabled. Discard out-of-sequence
672 * packets
673 */
674 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
675 session->stats.rx_seq_discards++;
676 session->stats.rx_errors++;
677 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
678 "%s: oos pkt %hu len %d discarded, "
679 "waiting for %hu, reorder_q_len=%d\n",
680 session->name, PPPOL2TP_SKB_CB(skb)->ns,
681 PPPOL2TP_SKB_CB(skb)->length, session->nr,
682 skb_queue_len(&session->reorder_q));
683 goto discard;
684 }
685 skb_queue_tail(&session->reorder_q, skb);
686 }
687 } else {
688 /* No sequence numbers. Add the skb to the tail of the
689 * reorder queue. This ensures that it will be
690 * delivered after all previous sequenced skbs.
691 */
692 skb_queue_tail(&session->reorder_q, skb);
693 }
694
695 /* Try to dequeue as many skbs from reorder_q as we can. */
696 pppol2tp_recv_dequeue(session);
697
698 return 0;
699
700discard:
701 kfree_skb(skb);
702 sock_put(session->sock);
703
704 return 0;
705
706error:
707 return 1;
708}
709
710/* UDP encapsulation receive handler. See net/ipv4/udp.c.
711 * Return codes:
712 * 0 : success.
713 * <0: error
714 * >0: skb should be passed up to userspace as UDP.
715 */
716static int pppol2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
717{
718 struct pppol2tp_tunnel *tunnel;
719
720 tunnel = pppol2tp_sock_to_tunnel(sk);
721 if (tunnel == NULL)
722 goto pass_up;
723
724 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
725 "%s: received %d bytes\n", tunnel->name, skb->len);
726
727 if (pppol2tp_recv_core(sk, skb))
728 goto pass_up;
729
730 return 0;
731
732pass_up:
733 return 1;
734}
735
736/* Receive message. This is the recvmsg for the PPPoL2TP socket.
737 */
738static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
739 struct msghdr *msg, size_t len,
740 int flags)
741{
742 int err;
743 struct sk_buff *skb;
744 struct sock *sk = sock->sk;
745
746 err = -EIO;
747 if (sk->sk_state & PPPOX_BOUND)
748 goto end;
749
750 msg->msg_namelen = 0;
751
752 err = 0;
753 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
754 flags & MSG_DONTWAIT, &err);
755 if (skb) {
756 err = memcpy_toiovec(msg->msg_iov, (unsigned char *) skb->data,
757 skb->len);
758 if (err < 0)
759 goto do_skb_free;
760 err = skb->len;
761 }
762do_skb_free:
763 kfree_skb(skb);
764end:
765 return err;
766}
767
768/************************************************************************
769 * Transmit handling
770 ***********************************************************************/
771
772/* Tell how big L2TP headers are for a particular session. This
773 * depends on whether sequence numbers are being used.
774 */
775static inline int pppol2tp_l2tp_header_len(struct pppol2tp_session *session)
776{
777 if (session->send_seq)
778 return PPPOL2TP_L2TP_HDR_SIZE_SEQ;
779
780 return PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
781}
782
783/* Build an L2TP header for the session into the buffer provided.
784 */
785static void pppol2tp_build_l2tp_header(struct pppol2tp_session *session,
786 void *buf)
787{
788 __be16 *bufp = buf;
789 u16 flags = L2TP_HDR_VER;
790
791 if (session->send_seq)
792 flags |= L2TP_HDRFLAG_S;
793
794 /* Setup L2TP header.
795 * FIXME: Can this ever be unaligned? Is direct dereferencing of
796 * 16-bit header fields safe here for all architectures?
797 */
798 *bufp++ = htons(flags);
799 *bufp++ = htons(session->tunnel_addr.d_tunnel);
800 *bufp++ = htons(session->tunnel_addr.d_session);
801 if (session->send_seq) {
802 *bufp++ = htons(session->ns);
803 *bufp++ = 0;
804 session->ns++;
805 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
806 "%s: updated ns to %hu\n", session->name, session->ns);
807 }
808}
809
810/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
811 * when a user application does a sendmsg() on the session socket. L2TP and
812 * PPP headers must be inserted into the user's data.
813 */
814static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
815 size_t total_len)
816{
817 static const unsigned char ppph[2] = { 0xff, 0x03 };
818 struct sock *sk = sock->sk;
819 struct inet_sock *inet;
820 __wsum csum = 0;
821 struct sk_buff *skb;
822 int error;
823 int hdr_len;
824 struct pppol2tp_session *session;
825 struct pppol2tp_tunnel *tunnel;
826 struct udphdr *uh;
827
828 error = -ENOTCONN;
829 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
830 goto error;
831
832 /* Get session and tunnel contexts */
833 error = -EBADF;
834 session = pppol2tp_sock_to_session(sk);
835 if (session == NULL)
836 goto error;
837
838 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
839 if (tunnel == NULL)
840 goto error;
841
842 /* What header length is configured for this session? */
843 hdr_len = pppol2tp_l2tp_header_len(session);
844
845 /* Allocate a socket buffer */
846 error = -ENOMEM;
847 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
848 sizeof(struct udphdr) + hdr_len +
849 sizeof(ppph) + total_len,
850 0, GFP_KERNEL);
851 if (!skb)
852 goto error;
853
854 /* Reserve space for headers. */
855 skb_reserve(skb, NET_SKB_PAD);
856 skb_reset_network_header(skb);
857 skb_reserve(skb, sizeof(struct iphdr));
858 skb_reset_transport_header(skb);
859
860 /* Build UDP header */
861 inet = inet_sk(session->tunnel_sock);
862 uh = (struct udphdr *) skb->data;
863 uh->source = inet->sport;
864 uh->dest = inet->dport;
865 uh->len = htons(hdr_len + sizeof(ppph) + total_len);
866 uh->check = 0;
867 skb_put(skb, sizeof(struct udphdr));
868
869 /* Build L2TP header */
870 pppol2tp_build_l2tp_header(session, skb->data);
871 skb_put(skb, hdr_len);
872
873 /* Add PPP header */
874 skb->data[0] = ppph[0];
875 skb->data[1] = ppph[1];
876 skb_put(skb, 2);
877
878 /* Copy user data into skb */
879 error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
880 if (error < 0) {
881 kfree_skb(skb);
882 goto error;
883 }
884 skb_put(skb, total_len);
885
886 /* Calculate UDP checksum if configured to do so */
887 if (session->tunnel_sock->sk_no_check != UDP_CSUM_NOXMIT)
888 csum = udp_csum_outgoing(sk, skb);
889
890 /* Debug */
891 if (session->send_seq)
892 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
893 "%s: send %d bytes, ns=%hu\n", session->name,
894 total_len, session->ns - 1);
895 else
896 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
897 "%s: send %d bytes\n", session->name, total_len);
898
899 if (session->debug & PPPOL2TP_MSG_DATA) {
900 int i;
901 unsigned char *datap = skb->data;
902
903 printk(KERN_DEBUG "%s: xmit:", session->name);
904 for (i = 0; i < total_len; i++) {
905 printk(" %02X", *datap++);
906 if (i == 15) {
907 printk(" ...");
908 break;
909 }
910 }
911 printk("\n");
912 }
913
914 /* Queue the packet to IP for output */
915 error = ip_queue_xmit(skb, 1);
916
917 /* Update stats */
918 if (error >= 0) {
919 tunnel->stats.tx_packets++;
920 tunnel->stats.tx_bytes += skb->len;
921 session->stats.tx_packets++;
922 session->stats.tx_bytes += skb->len;
923 } else {
924 tunnel->stats.tx_errors++;
925 session->stats.tx_errors++;
926 }
927
928error:
929 return error;
930}
931
932/* Transmit function called by generic PPP driver. Sends PPP frame
933 * over PPPoL2TP socket.
934 *
935 * This is almost the same as pppol2tp_sendmsg(), but rather than
936 * being called with a msghdr from userspace, it is called with a skb
937 * from the kernel.
938 *
939 * The supplied skb from ppp doesn't have enough headroom for the
940 * insertion of L2TP, UDP and IP headers so we need to allocate more
941 * headroom in the skb. This will create a cloned skb. But we must be
942 * careful in the error case because the caller will expect to free
943 * the skb it supplied, not our cloned skb. So we take care to always
944 * leave the original skb unfreed if we return an error.
945 */
946static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
947{
948 static const u8 ppph[2] = { 0xff, 0x03 };
949 struct sock *sk = (struct sock *) chan->private;
950 struct sock *sk_tun;
951 int hdr_len;
952 struct pppol2tp_session *session;
953 struct pppol2tp_tunnel *tunnel;
954 int rc;
955 int headroom;
956 int data_len = skb->len;
957 struct inet_sock *inet;
958 __wsum csum = 0;
959 struct sk_buff *skb2 = NULL;
960 struct udphdr *uh;
961
962 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
963 goto abort;
964
965 /* Get session and tunnel contexts from the socket */
966 session = pppol2tp_sock_to_session(sk);
967 if (session == NULL)
968 goto abort;
969
970 sk_tun = session->tunnel_sock;
971 if (sk_tun == NULL)
972 goto abort;
973 tunnel = pppol2tp_sock_to_tunnel(sk_tun);
974 if (tunnel == NULL)
975 goto abort;
976
977 /* What header length is configured for this session? */
978 hdr_len = pppol2tp_l2tp_header_len(session);
979
980 /* Check that there's enough headroom in the skb to insert IP,
981 * UDP and L2TP and PPP headers. If not enough, expand it to
982 * make room. Note that a new skb (or a clone) is
983 * allocated. If we return an error from this point on, make
984 * sure we free the new skb but do not free the original skb
985 * since that is done by the caller for the error case.
986 */
987 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
988 sizeof(struct udphdr) + hdr_len + sizeof(ppph);
989 if (skb_headroom(skb) < headroom) {
990 skb2 = skb_realloc_headroom(skb, headroom);
991 if (skb2 == NULL)
992 goto abort;
993 } else
994 skb2 = skb;
995
996 /* Check that the socket has room */
997 if (atomic_read(&sk_tun->sk_wmem_alloc) < sk_tun->sk_sndbuf)
998 skb_set_owner_w(skb2, sk_tun);
999 else
1000 goto discard;
1001
1002 /* Setup PPP header */
1003 skb_push(skb2, sizeof(ppph));
1004 skb2->data[0] = ppph[0];
1005 skb2->data[1] = ppph[1];
1006
1007 /* Setup L2TP header */
1008 skb_push(skb2, hdr_len);
1009 pppol2tp_build_l2tp_header(session, skb2->data);
1010
1011 /* Setup UDP header */
1012 inet = inet_sk(sk_tun);
1013 skb_push(skb2, sizeof(struct udphdr));
1014 skb_reset_transport_header(skb2);
1015 uh = (struct udphdr *) skb2->data;
1016 uh->source = inet->sport;
1017 uh->dest = inet->dport;
1018 uh->len = htons(sizeof(struct udphdr) + hdr_len + sizeof(ppph) + data_len);
1019 uh->check = 0;
1020
1021 /* Calculate UDP checksum if configured to do so */
1022 if (sk_tun->sk_no_check != UDP_CSUM_NOXMIT)
1023 csum = udp_csum_outgoing(sk_tun, skb2);
1024
1025 /* Debug */
1026 if (session->send_seq)
1027 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1028 "%s: send %d bytes, ns=%hu\n", session->name,
1029 data_len, session->ns - 1);
1030 else
1031 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1032 "%s: send %d bytes\n", session->name, data_len);
1033
1034 if (session->debug & PPPOL2TP_MSG_DATA) {
1035 int i;
1036 unsigned char *datap = skb2->data;
1037
1038 printk(KERN_DEBUG "%s: xmit:", session->name);
1039 for (i = 0; i < data_len; i++) {
1040 printk(" %02X", *datap++);
1041 if (i == 31) {
1042 printk(" ...");
1043 break;
1044 }
1045 }
1046 printk("\n");
1047 }
1048
1049 /* Get routing info from the tunnel socket */
1050 skb2->dst = sk_dst_get(sk_tun);
1051
1052 /* Queue the packet to IP for output */
1053 rc = ip_queue_xmit(skb2, 1);
1054
1055 /* Update stats */
1056 if (rc >= 0) {
1057 tunnel->stats.tx_packets++;
1058 tunnel->stats.tx_bytes += skb2->len;
1059 session->stats.tx_packets++;
1060 session->stats.tx_bytes += skb2->len;
1061 } else {
1062 tunnel->stats.tx_errors++;
1063 session->stats.tx_errors++;
1064 }
1065
1066 /* Free the original skb */
1067 kfree_skb(skb);
1068
1069 return 1;
1070
1071discard:
1072 /* Free the new skb. Caller will free original skb. */
1073 if (skb2 != skb)
1074 kfree_skb(skb2);
1075abort:
1076 return 0;
1077}
1078
1079/*****************************************************************************
1080 * Session (and tunnel control) socket create/destroy.
1081 *****************************************************************************/
1082
1083/* When the tunnel UDP socket is closed, all the attached sockets need to go
1084 * too.
1085 */
1086static void pppol2tp_tunnel_closeall(struct pppol2tp_tunnel *tunnel)
1087{
1088 int hash;
1089 struct hlist_node *walk;
1090 struct hlist_node *tmp;
1091 struct pppol2tp_session *session;
1092 struct sock *sk;
1093
1094 if (tunnel == NULL)
1095 BUG();
1096
1097 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1098 "%s: closing all sessions...\n", tunnel->name);
1099
1100 write_lock(&tunnel->hlist_lock);
1101 for (hash = 0; hash < PPPOL2TP_HASH_SIZE; hash++) {
1102again:
1103 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1104 session = hlist_entry(walk, struct pppol2tp_session, hlist);
1105
1106 sk = session->sock;
1107
1108 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1109 "%s: closing session\n", session->name);
1110
1111 hlist_del_init(&session->hlist);
1112
1113 /* Since we should hold the sock lock while
1114 * doing any unbinding, we need to release the
1115 * lock we're holding before taking that lock.
1116 * Hold a reference to the sock so it doesn't
1117 * disappear as we're jumping between locks.
1118 */
1119 sock_hold(sk);
1120 write_unlock(&tunnel->hlist_lock);
1121 lock_sock(sk);
1122
1123 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
1124 pppox_unbind_sock(sk);
1125 sk->sk_state = PPPOX_DEAD;
1126 sk->sk_state_change(sk);
1127 }
1128
1129 /* Purge any queued data */
1130 skb_queue_purge(&sk->sk_receive_queue);
1131 skb_queue_purge(&sk->sk_write_queue);
1132 skb_queue_purge(&session->reorder_q);
1133
1134 release_sock(sk);
1135 sock_put(sk);
1136
1137 /* Now restart from the beginning of this hash
1138 * chain. We always remove a session from the
1139 * list so we are guaranteed to make forward
1140 * progress.
1141 */
1142 write_lock(&tunnel->hlist_lock);
1143 goto again;
1144 }
1145 }
1146 write_unlock(&tunnel->hlist_lock);
1147}
1148
1149/* Really kill the tunnel.
1150 * Come here only when all sessions have been cleared from the tunnel.
1151 */
1152static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel)
1153{
1154 /* Remove from socket list */
1155 write_lock(&pppol2tp_tunnel_list_lock);
1156 list_del_init(&tunnel->list);
1157 write_unlock(&pppol2tp_tunnel_list_lock);
1158
1159 atomic_dec(&pppol2tp_tunnel_count);
1160 kfree(tunnel);
1161}
1162
1163/* Tunnel UDP socket destruct hook.
1164 * The tunnel context is deleted only when all session sockets have been
1165 * closed.
1166 */
1167static void pppol2tp_tunnel_destruct(struct sock *sk)
1168{
1169 struct pppol2tp_tunnel *tunnel;
1170
1171 tunnel = pppol2tp_sock_to_tunnel(sk);
1172 if (tunnel == NULL)
1173 goto end;
1174
1175 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1176 "%s: closing...\n", tunnel->name);
1177
1178 /* Close all sessions */
1179 pppol2tp_tunnel_closeall(tunnel);
1180
1181 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1182 (udp_sk(sk))->encap_type = 0;
1183 (udp_sk(sk))->encap_rcv = NULL;
1184
1185 /* Remove hooks into tunnel socket */
1186 tunnel->sock = NULL;
1187 sk->sk_destruct = tunnel->old_sk_destruct;
1188 sk->sk_user_data = NULL;
1189
1190 /* Call original (UDP) socket descructor */
1191 if (sk->sk_destruct != NULL)
1192 (*sk->sk_destruct)(sk);
1193
1194 pppol2tp_tunnel_dec_refcount(tunnel);
1195
1196end:
1197 return;
1198}
1199
1200/* Really kill the session socket. (Called from sock_put() if
1201 * refcnt == 0.)
1202 */
1203static void pppol2tp_session_destruct(struct sock *sk)
1204{
1205 struct pppol2tp_session *session = NULL;
1206
1207 if (sk->sk_user_data != NULL) {
1208 struct pppol2tp_tunnel *tunnel;
1209
1210 session = pppol2tp_sock_to_session(sk);
1211 if (session == NULL)
1212 goto out;
1213
1214 /* Don't use pppol2tp_sock_to_tunnel() here to
1215 * get the tunnel context because the tunnel
1216 * socket might have already been closed (its
1217 * sk->sk_user_data will be NULL) so use the
1218 * session's private tunnel ptr instead.
1219 */
1220 tunnel = session->tunnel;
1221 if (tunnel != NULL) {
1222 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1223
1224 /* If session_id is zero, this is a null
1225 * session context, which was created for a
1226 * socket that is being used only to manage
1227 * tunnels.
1228 */
1229 if (session->tunnel_addr.s_session != 0) {
1230 /* Delete the session socket from the
1231 * hash
1232 */
1233 write_lock(&tunnel->hlist_lock);
1234 hlist_del_init(&session->hlist);
1235 write_unlock(&tunnel->hlist_lock);
1236
1237 atomic_dec(&pppol2tp_session_count);
1238 }
1239
1240 /* This will delete the tunnel context if this
1241 * is the last session on the tunnel.
1242 */
1243 session->tunnel = NULL;
1244 session->tunnel_sock = NULL;
1245 pppol2tp_tunnel_dec_refcount(tunnel);
1246 }
1247 }
1248
1249 kfree(session);
1250out:
1251 return;
1252}
1253
1254/* Called when the PPPoX socket (session) is closed.
1255 */
1256static int pppol2tp_release(struct socket *sock)
1257{
1258 struct sock *sk = sock->sk;
1259 int error;
1260
1261 if (!sk)
1262 return 0;
1263
1264 error = -EBADF;
1265 lock_sock(sk);
1266 if (sock_flag(sk, SOCK_DEAD) != 0)
1267 goto error;
1268
1269 pppox_unbind_sock(sk);
1270
1271 /* Signal the death of the socket. */
1272 sk->sk_state = PPPOX_DEAD;
1273 sock_orphan(sk);
1274 sock->sk = NULL;
1275
1276 /* Purge any queued data */
1277 skb_queue_purge(&sk->sk_receive_queue);
1278 skb_queue_purge(&sk->sk_write_queue);
1279
1280 release_sock(sk);
1281
1282 /* This will delete the session context via
1283 * pppol2tp_session_destruct() if the socket's refcnt drops to
1284 * zero.
1285 */
1286 sock_put(sk);
1287
1288 return 0;
1289
1290error:
1291 release_sock(sk);
1292 return error;
1293}
1294
1295/* Internal function to prepare a tunnel (UDP) socket to have PPPoX
1296 * sockets attached to it.
1297 */
1298static struct sock *pppol2tp_prepare_tunnel_socket(int fd, u16 tunnel_id,
1299 int *error)
1300{
1301 int err;
1302 struct socket *sock = NULL;
1303 struct sock *sk;
1304 struct pppol2tp_tunnel *tunnel;
1305 struct sock *ret = NULL;
1306
1307 /* Get the tunnel UDP socket from the fd, which was opened by
1308 * the userspace L2TP daemon.
1309 */
1310 err = -EBADF;
1311 sock = sockfd_lookup(fd, &err);
1312 if (!sock) {
1313 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1314 "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1315 tunnel_id, fd, err);
1316 goto err;
1317 }
1318
1319 /* Quick sanity checks */
1320 err = -ESOCKTNOSUPPORT;
1321 if (sock->type != SOCK_DGRAM) {
1322 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1323 "tunl %hu: fd %d wrong type, got %d, expected %d\n",
1324 tunnel_id, fd, sock->type, SOCK_DGRAM);
1325 goto err;
1326 }
1327 err = -EAFNOSUPPORT;
1328 if (sock->ops->family != AF_INET) {
1329 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1330 "tunl %hu: fd %d wrong family, got %d, expected %d\n",
1331 tunnel_id, fd, sock->ops->family, AF_INET);
1332 goto err;
1333 }
1334
1335 err = -ENOTCONN;
1336 sk = sock->sk;
1337
1338 /* Check if this socket has already been prepped */
1339 tunnel = (struct pppol2tp_tunnel *)sk->sk_user_data;
1340 if (tunnel != NULL) {
1341 /* User-data field already set */
1342 err = -EBUSY;
1343 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1344
1345 /* This socket has already been prepped */
1346 ret = tunnel->sock;
1347 goto out;
1348 }
1349
1350 /* This socket is available and needs prepping. Create a new tunnel
1351 * context and init it.
1352 */
1353 sk->sk_user_data = tunnel = kzalloc(sizeof(struct pppol2tp_tunnel), GFP_KERNEL);
1354 if (sk->sk_user_data == NULL) {
1355 err = -ENOMEM;
1356 goto err;
1357 }
1358
1359 tunnel->magic = L2TP_TUNNEL_MAGIC;
1360 sprintf(&tunnel->name[0], "tunl %hu", tunnel_id);
1361
1362 tunnel->stats.tunnel_id = tunnel_id;
1363 tunnel->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS;
1364
1365 /* Hook on the tunnel socket destructor so that we can cleanup
1366 * if the tunnel socket goes away.
1367 */
1368 tunnel->old_sk_destruct = sk->sk_destruct;
1369 sk->sk_destruct = &pppol2tp_tunnel_destruct;
1370
1371 tunnel->sock = sk;
1372 sk->sk_allocation = GFP_ATOMIC;
1373
1374 /* Misc init */
1375 rwlock_init(&tunnel->hlist_lock);
1376
1377 /* Add tunnel to our list */
1378 INIT_LIST_HEAD(&tunnel->list);
1379 write_lock(&pppol2tp_tunnel_list_lock);
1380 list_add(&tunnel->list, &pppol2tp_tunnel_list);
1381 write_unlock(&pppol2tp_tunnel_list_lock);
1382 atomic_inc(&pppol2tp_tunnel_count);
1383
1384 /* Bump the reference count. The tunnel context is deleted
1385 * only when this drops to zero.
1386 */
1387 pppol2tp_tunnel_inc_refcount(tunnel);
1388
1389 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1390 (udp_sk(sk))->encap_type = UDP_ENCAP_L2TPINUDP;
1391 (udp_sk(sk))->encap_rcv = pppol2tp_udp_encap_recv;
1392
1393 ret = tunnel->sock;
1394
1395 *error = 0;
1396out:
1397 if (sock)
1398 sockfd_put(sock);
1399
1400 return ret;
1401
1402err:
1403 *error = err;
1404 goto out;
1405}
1406
1407static struct proto pppol2tp_sk_proto = {
1408 .name = "PPPOL2TP",
1409 .owner = THIS_MODULE,
1410 .obj_size = sizeof(struct pppox_sock),
1411};
1412
1413/* socket() handler. Initialize a new struct sock.
1414 */
1415static int pppol2tp_create(struct socket *sock)
1416{
1417 int error = -ENOMEM;
1418 struct sock *sk;
1419
1420 sk = sk_alloc(PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, 1);
1421 if (!sk)
1422 goto out;
1423
1424 sock_init_data(sock, sk);
1425
1426 sock->state = SS_UNCONNECTED;
1427 sock->ops = &pppol2tp_ops;
1428
1429 sk->sk_backlog_rcv = pppol2tp_recv_core;
1430 sk->sk_protocol = PX_PROTO_OL2TP;
1431 sk->sk_family = PF_PPPOX;
1432 sk->sk_state = PPPOX_NONE;
1433 sk->sk_type = SOCK_STREAM;
1434 sk->sk_destruct = pppol2tp_session_destruct;
1435
1436 error = 0;
1437
1438out:
1439 return error;
1440}
1441
1442/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
1443 */
1444static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
1445 int sockaddr_len, int flags)
1446{
1447 struct sock *sk = sock->sk;
1448 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
1449 struct pppox_sock *po = pppox_sk(sk);
1450 struct sock *tunnel_sock = NULL;
1451 struct pppol2tp_session *session = NULL;
1452 struct pppol2tp_tunnel *tunnel;
1453 struct dst_entry *dst;
1454 int error = 0;
1455
1456 lock_sock(sk);
1457
1458 error = -EINVAL;
1459 if (sp->sa_protocol != PX_PROTO_OL2TP)
1460 goto end;
1461
1462 /* Check for already bound sockets */
1463 error = -EBUSY;
1464 if (sk->sk_state & PPPOX_CONNECTED)
1465 goto end;
1466
1467 /* We don't supporting rebinding anyway */
1468 error = -EALREADY;
1469 if (sk->sk_user_data)
1470 goto end; /* socket is already attached */
1471
1472 /* Don't bind if s_tunnel is 0 */
1473 error = -EINVAL;
1474 if (sp->pppol2tp.s_tunnel == 0)
1475 goto end;
1476
1477 /* Special case: prepare tunnel socket if s_session and
1478 * d_session is 0. Otherwise look up tunnel using supplied
1479 * tunnel id.
1480 */
1481 if ((sp->pppol2tp.s_session == 0) && (sp->pppol2tp.d_session == 0)) {
1482 tunnel_sock = pppol2tp_prepare_tunnel_socket(sp->pppol2tp.fd,
1483 sp->pppol2tp.s_tunnel,
1484 &error);
1485 if (tunnel_sock == NULL)
1486 goto end;
1487
1488 tunnel = tunnel_sock->sk_user_data;
1489 } else {
1490 tunnel = pppol2tp_tunnel_find(sp->pppol2tp.s_tunnel);
1491
1492 /* Error if we can't find the tunnel */
1493 error = -ENOENT;
1494 if (tunnel == NULL)
1495 goto end;
1496
1497 tunnel_sock = tunnel->sock;
1498 }
1499
1500 /* Check that this session doesn't already exist */
1501 error = -EEXIST;
1502 session = pppol2tp_session_find(tunnel, sp->pppol2tp.s_session);
1503 if (session != NULL)
1504 goto end;
1505
1506 /* Allocate and initialize a new session context. */
1507 session = kzalloc(sizeof(struct pppol2tp_session), GFP_KERNEL);
1508 if (session == NULL) {
1509 error = -ENOMEM;
1510 goto end;
1511 }
1512
1513 skb_queue_head_init(&session->reorder_q);
1514
1515 session->magic = L2TP_SESSION_MAGIC;
1516 session->owner = current->pid;
1517 session->sock = sk;
1518 session->tunnel = tunnel;
1519 session->tunnel_sock = tunnel_sock;
1520 session->tunnel_addr = sp->pppol2tp;
1521 sprintf(&session->name[0], "sess %hu/%hu",
1522 session->tunnel_addr.s_tunnel,
1523 session->tunnel_addr.s_session);
1524
1525 session->stats.tunnel_id = session->tunnel_addr.s_tunnel;
1526 session->stats.session_id = session->tunnel_addr.s_session;
1527
1528 INIT_HLIST_NODE(&session->hlist);
1529
1530 /* Inherit debug options from tunnel */
1531 session->debug = tunnel->debug;
1532
1533 /* Default MTU must allow space for UDP/L2TP/PPP
1534 * headers.
1535 */
1536 session->mtu = session->mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
1537
1538 /* If PMTU discovery was enabled, use the MTU that was discovered */
1539 dst = sk_dst_get(sk);
1540 if (dst != NULL) {
1541 u32 pmtu = dst_mtu(__sk_dst_get(sk));
1542 if (pmtu != 0)
1543 session->mtu = session->mru = pmtu -
1544 PPPOL2TP_HEADER_OVERHEAD;
1545 dst_release(dst);
1546 }
1547
1548 /* Special case: if source & dest session_id == 0x0000, this socket is
1549 * being created to manage the tunnel. Don't add the session to the
1550 * session hash list, just set up the internal context for use by
1551 * ioctl() and sockopt() handlers.
1552 */
1553 if ((session->tunnel_addr.s_session == 0) &&
1554 (session->tunnel_addr.d_session == 0)) {
1555 error = 0;
1556 sk->sk_user_data = session;
1557 goto out_no_ppp;
1558 }
1559
1560 /* Get tunnel context from the tunnel socket */
1561 tunnel = pppol2tp_sock_to_tunnel(tunnel_sock);
1562 if (tunnel == NULL) {
1563 error = -EBADF;
1564 goto end;
1565 }
1566
1567 /* Right now, because we don't have a way to push the incoming skb's
1568 * straight through the UDP layer, the only header we need to worry
1569 * about is the L2TP header. This size is different depending on
1570 * whether sequence numbers are enabled for the data channel.
1571 */
1572 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1573
1574 po->chan.private = sk;
1575 po->chan.ops = &pppol2tp_chan_ops;
1576 po->chan.mtu = session->mtu;
1577
1578 error = ppp_register_channel(&po->chan);
1579 if (error)
1580 goto end;
1581
1582 /* This is how we get the session context from the socket. */
1583 sk->sk_user_data = session;
1584
1585 /* Add session to the tunnel's hash list */
1586 write_lock(&tunnel->hlist_lock);
1587 hlist_add_head(&session->hlist,
1588 pppol2tp_session_id_hash(tunnel,
1589 session->tunnel_addr.s_session));
1590 write_unlock(&tunnel->hlist_lock);
1591
1592 atomic_inc(&pppol2tp_session_count);
1593
1594out_no_ppp:
1595 pppol2tp_tunnel_inc_refcount(tunnel);
1596 sk->sk_state = PPPOX_CONNECTED;
1597 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1598 "%s: created\n", session->name);
1599
1600end:
1601 release_sock(sk);
1602
1603 if (error != 0)
1604 PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1605 "%s: connect failed: %d\n", session->name, error);
1606
1607 return error;
1608}
1609
1610/* getname() support.
1611 */
1612static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
1613 int *usockaddr_len, int peer)
1614{
1615 int len = sizeof(struct sockaddr_pppol2tp);
1616 struct sockaddr_pppol2tp sp;
1617 int error = 0;
1618 struct pppol2tp_session *session;
1619
1620 error = -ENOTCONN;
1621 if (sock->sk->sk_state != PPPOX_CONNECTED)
1622 goto end;
1623
1624 session = pppol2tp_sock_to_session(sock->sk);
1625 if (session == NULL) {
1626 error = -EBADF;
1627 goto end;
1628 }
1629
1630 sp.sa_family = AF_PPPOX;
1631 sp.sa_protocol = PX_PROTO_OL2TP;
1632 memcpy(&sp.pppol2tp, &session->tunnel_addr,
1633 sizeof(struct pppol2tp_addr));
1634
1635 memcpy(uaddr, &sp, len);
1636
1637 *usockaddr_len = len;
1638
1639 error = 0;
1640
1641end:
1642 return error;
1643}
1644
1645/****************************************************************************
1646 * ioctl() handlers.
1647 *
1648 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1649 * sockets. However, in order to control kernel tunnel features, we allow
1650 * userspace to create a special "tunnel" PPPoX socket which is used for
1651 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1652 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1653 * calls.
1654 ****************************************************************************/
1655
1656/* Session ioctl helper.
1657 */
1658static int pppol2tp_session_ioctl(struct pppol2tp_session *session,
1659 unsigned int cmd, unsigned long arg)
1660{
1661 struct ifreq ifr;
1662 int err = 0;
1663 struct sock *sk = session->sock;
1664 int val = (int) arg;
1665
1666 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1667 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1668 session->name, cmd, arg);
1669
1670 sock_hold(sk);
1671
1672 switch (cmd) {
1673 case SIOCGIFMTU:
1674 err = -ENXIO;
1675 if (!(sk->sk_state & PPPOX_CONNECTED))
1676 break;
1677
1678 err = -EFAULT;
1679 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1680 break;
1681 ifr.ifr_mtu = session->mtu;
1682 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1683 break;
1684
1685 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1686 "%s: get mtu=%d\n", session->name, session->mtu);
1687 err = 0;
1688 break;
1689
1690 case SIOCSIFMTU:
1691 err = -ENXIO;
1692 if (!(sk->sk_state & PPPOX_CONNECTED))
1693 break;
1694
1695 err = -EFAULT;
1696 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1697 break;
1698
1699 session->mtu = ifr.ifr_mtu;
1700
1701 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1702 "%s: set mtu=%d\n", session->name, session->mtu);
1703 err = 0;
1704 break;
1705
1706 case PPPIOCGMRU:
1707 err = -ENXIO;
1708 if (!(sk->sk_state & PPPOX_CONNECTED))
1709 break;
1710
1711 err = -EFAULT;
1712 if (put_user(session->mru, (int __user *) arg))
1713 break;
1714
1715 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1716 "%s: get mru=%d\n", session->name, session->mru);
1717 err = 0;
1718 break;
1719
1720 case PPPIOCSMRU:
1721 err = -ENXIO;
1722 if (!(sk->sk_state & PPPOX_CONNECTED))
1723 break;
1724
1725 err = -EFAULT;
1726 if (get_user(val,(int __user *) arg))
1727 break;
1728
1729 session->mru = val;
1730 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1731 "%s: set mru=%d\n", session->name, session->mru);
1732 err = 0;
1733 break;
1734
1735 case PPPIOCGFLAGS:
1736 err = -EFAULT;
1737 if (put_user(session->flags, (int __user *) arg))
1738 break;
1739
1740 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1741 "%s: get flags=%d\n", session->name, session->flags);
1742 err = 0;
1743 break;
1744
1745 case PPPIOCSFLAGS:
1746 err = -EFAULT;
1747 if (get_user(val, (int __user *) arg))
1748 break;
1749 session->flags = val;
1750 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1751 "%s: set flags=%d\n", session->name, session->flags);
1752 err = 0;
1753 break;
1754
1755 case PPPIOCGL2TPSTATS:
1756 err = -ENXIO;
1757 if (!(sk->sk_state & PPPOX_CONNECTED))
1758 break;
1759
1760 if (copy_to_user((void __user *) arg, &session->stats,
1761 sizeof(session->stats)))
1762 break;
1763 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1764 "%s: get L2TP stats\n", session->name);
1765 err = 0;
1766 break;
1767
1768 default:
1769 err = -ENOSYS;
1770 break;
1771 }
1772
1773 sock_put(sk);
1774
1775 return err;
1776}
1777
1778/* Tunnel ioctl helper.
1779 *
1780 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1781 * specifies a session_id, the session ioctl handler is called. This allows an
1782 * application to retrieve session stats via a tunnel socket.
1783 */
1784static int pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel *tunnel,
1785 unsigned int cmd, unsigned long arg)
1786{
1787 int err = 0;
1788 struct sock *sk = tunnel->sock;
1789 struct pppol2tp_ioc_stats stats_req;
1790
1791 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1792 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", tunnel->name,
1793 cmd, arg);
1794
1795 sock_hold(sk);
1796
1797 switch (cmd) {
1798 case PPPIOCGL2TPSTATS:
1799 err = -ENXIO;
1800 if (!(sk->sk_state & PPPOX_CONNECTED))
1801 break;
1802
1803 if (copy_from_user(&stats_req, (void __user *) arg,
1804 sizeof(stats_req))) {
1805 err = -EFAULT;
1806 break;
1807 }
1808 if (stats_req.session_id != 0) {
1809 /* resend to session ioctl handler */
1810 struct pppol2tp_session *session =
1811 pppol2tp_session_find(tunnel, stats_req.session_id);
1812 if (session != NULL)
1813 err = pppol2tp_session_ioctl(session, cmd, arg);
1814 else
1815 err = -EBADR;
1816 break;
1817 }
1818#ifdef CONFIG_XFRM
1819 tunnel->stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1820#endif
1821 if (copy_to_user((void __user *) arg, &tunnel->stats,
1822 sizeof(tunnel->stats))) {
1823 err = -EFAULT;
1824 break;
1825 }
1826 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1827 "%s: get L2TP stats\n", tunnel->name);
1828 err = 0;
1829 break;
1830
1831 default:
1832 err = -ENOSYS;
1833 break;
1834 }
1835
1836 sock_put(sk);
1837
1838 return err;
1839}
1840
1841/* Main ioctl() handler.
1842 * Dispatch to tunnel or session helpers depending on the socket.
1843 */
1844static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1845 unsigned long arg)
1846{
1847 struct sock *sk = sock->sk;
1848 struct pppol2tp_session *session;
1849 struct pppol2tp_tunnel *tunnel;
1850 int err;
1851
1852 if (!sk)
1853 return 0;
1854
1855 err = -EBADF;
1856 if (sock_flag(sk, SOCK_DEAD) != 0)
1857 goto end;
1858
1859 err = -ENOTCONN;
1860 if ((sk->sk_user_data == NULL) ||
1861 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1862 goto end;
1863
1864 /* Get session context from the socket */
1865 err = -EBADF;
1866 session = pppol2tp_sock_to_session(sk);
1867 if (session == NULL)
1868 goto end;
1869
1870 /* Special case: if session's session_id is zero, treat ioctl as a
1871 * tunnel ioctl
1872 */
1873 if ((session->tunnel_addr.s_session == 0) &&
1874 (session->tunnel_addr.d_session == 0)) {
1875 err = -EBADF;
1876 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
1877 if (tunnel == NULL)
1878 goto end;
1879
1880 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1881 goto end;
1882 }
1883
1884 err = pppol2tp_session_ioctl(session, cmd, arg);
1885
1886end:
1887 return err;
1888}
1889
1890/*****************************************************************************
1891 * setsockopt() / getsockopt() support.
1892 *
1893 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1894 * sockets. In order to control kernel tunnel features, we allow userspace to
1895 * create a special "tunnel" PPPoX socket which is used for control only.
1896 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1897 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1898 *****************************************************************************/
1899
1900/* Tunnel setsockopt() helper.
1901 */
1902static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1903 struct pppol2tp_tunnel *tunnel,
1904 int optname, int val)
1905{
1906 int err = 0;
1907
1908 switch (optname) {
1909 case PPPOL2TP_SO_DEBUG:
1910 tunnel->debug = val;
1911 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1912 "%s: set debug=%x\n", tunnel->name, tunnel->debug);
1913 break;
1914
1915 default:
1916 err = -ENOPROTOOPT;
1917 break;
1918 }
1919
1920 return err;
1921}
1922
1923/* Session setsockopt helper.
1924 */
1925static int pppol2tp_session_setsockopt(struct sock *sk,
1926 struct pppol2tp_session *session,
1927 int optname, int val)
1928{
1929 int err = 0;
1930
1931 switch (optname) {
1932 case PPPOL2TP_SO_RECVSEQ:
1933 if ((val != 0) && (val != 1)) {
1934 err = -EINVAL;
1935 break;
1936 }
1937 session->recv_seq = val ? -1 : 0;
1938 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1939 "%s: set recv_seq=%d\n", session->name,
1940 session->recv_seq);
1941 break;
1942
1943 case PPPOL2TP_SO_SENDSEQ:
1944 if ((val != 0) && (val != 1)) {
1945 err = -EINVAL;
1946 break;
1947 }
1948 session->send_seq = val ? -1 : 0;
1949 {
1950 struct sock *ssk = session->sock;
1951 struct pppox_sock *po = pppox_sk(ssk);
1952 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1953 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1954 }
1955 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1956 "%s: set send_seq=%d\n", session->name, session->send_seq);
1957 break;
1958
1959 case PPPOL2TP_SO_LNSMODE:
1960 if ((val != 0) && (val != 1)) {
1961 err = -EINVAL;
1962 break;
1963 }
1964 session->lns_mode = val ? -1 : 0;
1965 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1966 "%s: set lns_mode=%d\n", session->name,
1967 session->lns_mode);
1968 break;
1969
1970 case PPPOL2TP_SO_DEBUG:
1971 session->debug = val;
1972 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1973 "%s: set debug=%x\n", session->name, session->debug);
1974 break;
1975
1976 case PPPOL2TP_SO_REORDERTO:
1977 session->reorder_timeout = msecs_to_jiffies(val);
1978 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1979 "%s: set reorder_timeout=%d\n", session->name,
1980 session->reorder_timeout);
1981 break;
1982
1983 default:
1984 err = -ENOPROTOOPT;
1985 break;
1986 }
1987
1988 return err;
1989}
1990
1991/* Main setsockopt() entry point.
1992 * Does API checks, then calls either the tunnel or session setsockopt
1993 * handler, according to whether the PPPoL2TP socket is a for a regular
1994 * session or the special tunnel type.
1995 */
1996static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1997 char __user *optval, int optlen)
1998{
1999 struct sock *sk = sock->sk;
2000 struct pppol2tp_session *session = sk->sk_user_data;
2001 struct pppol2tp_tunnel *tunnel;
2002 int val;
2003 int err;
2004
2005 if (level != SOL_PPPOL2TP)
2006 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
2007
2008 if (optlen < sizeof(int))
2009 return -EINVAL;
2010
2011 if (get_user(val, (int __user *)optval))
2012 return -EFAULT;
2013
2014 err = -ENOTCONN;
2015 if (sk->sk_user_data == NULL)
2016 goto end;
2017
2018 /* Get session context from the socket */
2019 err = -EBADF;
2020 session = pppol2tp_sock_to_session(sk);
2021 if (session == NULL)
2022 goto end;
2023
2024 /* Special case: if session_id == 0x0000, treat as operation on tunnel
2025 */
2026 if ((session->tunnel_addr.s_session == 0) &&
2027 (session->tunnel_addr.d_session == 0)) {
2028 err = -EBADF;
2029 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2030 if (tunnel == NULL)
2031 goto end;
2032
2033 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
2034 } else
2035 err = pppol2tp_session_setsockopt(sk, session, optname, val);
2036
2037 err = 0;
2038
2039end:
2040 return err;
2041}
2042
2043/* Tunnel getsockopt helper. Called with sock locked.
2044 */
2045static int pppol2tp_tunnel_getsockopt(struct sock *sk,
2046 struct pppol2tp_tunnel *tunnel,
2047 int optname, int __user *val)
2048{
2049 int err = 0;
2050
2051 switch (optname) {
2052 case PPPOL2TP_SO_DEBUG:
2053 *val = tunnel->debug;
2054 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2055 "%s: get debug=%x\n", tunnel->name, tunnel->debug);
2056 break;
2057
2058 default:
2059 err = -ENOPROTOOPT;
2060 break;
2061 }
2062
2063 return err;
2064}
2065
2066/* Session getsockopt helper. Called with sock locked.
2067 */
2068static int pppol2tp_session_getsockopt(struct sock *sk,
2069 struct pppol2tp_session *session,
2070 int optname, int __user *val)
2071{
2072 int err = 0;
2073
2074 switch (optname) {
2075 case PPPOL2TP_SO_RECVSEQ:
2076 *val = session->recv_seq;
2077 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2078 "%s: get recv_seq=%d\n", session->name, *val);
2079 break;
2080
2081 case PPPOL2TP_SO_SENDSEQ:
2082 *val = session->send_seq;
2083 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2084 "%s: get send_seq=%d\n", session->name, *val);
2085 break;
2086
2087 case PPPOL2TP_SO_LNSMODE:
2088 *val = session->lns_mode;
2089 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2090 "%s: get lns_mode=%d\n", session->name, *val);
2091 break;
2092
2093 case PPPOL2TP_SO_DEBUG:
2094 *val = session->debug;
2095 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2096 "%s: get debug=%d\n", session->name, *val);
2097 break;
2098
2099 case PPPOL2TP_SO_REORDERTO:
2100 *val = (int) jiffies_to_msecs(session->reorder_timeout);
2101 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2102 "%s: get reorder_timeout=%d\n", session->name, *val);
2103 break;
2104
2105 default:
2106 err = -ENOPROTOOPT;
2107 }
2108
2109 return err;
2110}
2111
2112/* Main getsockopt() entry point.
2113 * Does API checks, then calls either the tunnel or session getsockopt
2114 * handler, according to whether the PPPoX socket is a for a regular session
2115 * or the special tunnel type.
2116 */
2117static int pppol2tp_getsockopt(struct socket *sock, int level,
2118 int optname, char __user *optval, int __user *optlen)
2119{
2120 struct sock *sk = sock->sk;
2121 struct pppol2tp_session *session = sk->sk_user_data;
2122 struct pppol2tp_tunnel *tunnel;
2123 int val, len;
2124 int err;
2125
2126 if (level != SOL_PPPOL2TP)
2127 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
2128
2129 if (get_user(len, (int __user *) optlen))
2130 return -EFAULT;
2131
2132 len = min_t(unsigned int, len, sizeof(int));
2133
2134 if (len < 0)
2135 return -EINVAL;
2136
2137 err = -ENOTCONN;
2138 if (sk->sk_user_data == NULL)
2139 goto end;
2140
2141 /* Get the session context */
2142 err = -EBADF;
2143 session = pppol2tp_sock_to_session(sk);
2144 if (session == NULL)
2145 goto end;
2146
2147 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
2148 if ((session->tunnel_addr.s_session == 0) &&
2149 (session->tunnel_addr.d_session == 0)) {
2150 err = -EBADF;
2151 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2152 if (tunnel == NULL)
2153 goto end;
2154
2155 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
2156 } else
2157 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
2158
2159 err = -EFAULT;
2160 if (put_user(len, (int __user *) optlen))
2161 goto end;
2162
2163 if (copy_to_user((void __user *) optval, &val, len))
2164 goto end;
2165
2166 err = 0;
2167end:
2168 return err;
2169}
2170
2171/*****************************************************************************
2172 * /proc filesystem for debug
2173 *****************************************************************************/
2174
2175#ifdef CONFIG_PROC_FS
2176
2177#include <linux/seq_file.h>
2178
2179struct pppol2tp_seq_data {
2180 struct pppol2tp_tunnel *tunnel; /* current tunnel */
2181 struct pppol2tp_session *session; /* NULL means get first session in tunnel */
2182};
2183
2184static struct pppol2tp_session *next_session(struct pppol2tp_tunnel *tunnel, struct pppol2tp_session *curr)
2185{
2186 struct pppol2tp_session *session = NULL;
2187 struct hlist_node *walk;
2188 int found = 0;
2189 int next = 0;
2190 int i;
2191
2192 read_lock(&tunnel->hlist_lock);
2193 for (i = 0; i < PPPOL2TP_HASH_SIZE; i++) {
2194 hlist_for_each_entry(session, walk, &tunnel->session_hlist[i], hlist) {
2195 if (curr == NULL) {
2196 found = 1;
2197 goto out;
2198 }
2199 if (session == curr) {
2200 next = 1;
2201 continue;
2202 }
2203 if (next) {
2204 found = 1;
2205 goto out;
2206 }
2207 }
2208 }
2209out:
2210 read_unlock(&tunnel->hlist_lock);
2211 if (!found)
2212 session = NULL;
2213
2214 return session;
2215}
2216
2217static struct pppol2tp_tunnel *next_tunnel(struct pppol2tp_tunnel *curr)
2218{
2219 struct pppol2tp_tunnel *tunnel = NULL;
2220
2221 read_lock(&pppol2tp_tunnel_list_lock);
2222 if (list_is_last(&curr->list, &pppol2tp_tunnel_list)) {
2223 goto out;
2224 }
2225 tunnel = list_entry(curr->list.next, struct pppol2tp_tunnel, list);
2226out:
2227 read_unlock(&pppol2tp_tunnel_list_lock);
2228
2229 return tunnel;
2230}
2231
2232static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
2233{
2234 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
2235 loff_t pos = *offs;
2236
2237 if (!pos)
2238 goto out;
2239
2240 BUG_ON(m->private == NULL);
2241 pd = m->private;
2242
2243 if (pd->tunnel == NULL) {
2244 if (!list_empty(&pppol2tp_tunnel_list))
2245 pd->tunnel = list_entry(pppol2tp_tunnel_list.next, struct pppol2tp_tunnel, list);
2246 } else {
2247 pd->session = next_session(pd->tunnel, pd->session);
2248 if (pd->session == NULL) {
2249 pd->tunnel = next_tunnel(pd->tunnel);
2250 }
2251 }
2252
2253 /* NULL tunnel and session indicates end of list */
2254 if ((pd->tunnel == NULL) && (pd->session == NULL))
2255 pd = NULL;
2256
2257out:
2258 return pd;
2259}
2260
2261static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
2262{
2263 (*pos)++;
2264 return NULL;
2265}
2266
2267static void pppol2tp_seq_stop(struct seq_file *p, void *v)
2268{
2269 /* nothing to do */
2270}
2271
2272static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
2273{
2274 struct pppol2tp_tunnel *tunnel = v;
2275
2276 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
2277 tunnel->name,
2278 (tunnel == tunnel->sock->sk_user_data) ? 'Y':'N',
2279 atomic_read(&tunnel->ref_count) - 1);
2280 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
2281 tunnel->debug,
2282 tunnel->stats.tx_packets, tunnel->stats.tx_bytes,
2283 tunnel->stats.tx_errors,
2284 tunnel->stats.rx_packets, tunnel->stats.rx_bytes,
2285 tunnel->stats.rx_errors);
2286}
2287
2288static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2289{
2290 struct pppol2tp_session *session = v;
2291
2292 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
2293 "%04X/%04X %d %c\n",
2294 session->name,
2295 ntohl(session->tunnel_addr.addr.sin_addr.s_addr),
2296 ntohs(session->tunnel_addr.addr.sin_port),
2297 session->tunnel_addr.s_tunnel,
2298 session->tunnel_addr.s_session,
2299 session->tunnel_addr.d_tunnel,
2300 session->tunnel_addr.d_session,
2301 session->sock->sk_state,
2302 (session == session->sock->sk_user_data) ?
2303 'Y' : 'N');
2304 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
2305 session->mtu, session->mru,
2306 session->recv_seq ? 'R' : '-',
2307 session->send_seq ? 'S' : '-',
2308 session->lns_mode ? "LNS" : "LAC",
2309 session->debug,
2310 jiffies_to_msecs(session->reorder_timeout));
2311 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
2312 session->nr, session->ns,
2313 session->stats.tx_packets,
2314 session->stats.tx_bytes,
2315 session->stats.tx_errors,
2316 session->stats.rx_packets,
2317 session->stats.rx_bytes,
2318 session->stats.rx_errors);
2319}
2320
2321static int pppol2tp_seq_show(struct seq_file *m, void *v)
2322{
2323 struct pppol2tp_seq_data *pd = v;
2324
2325 /* display header on line 1 */
2326 if (v == SEQ_START_TOKEN) {
2327 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
2328 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
2329 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2330 seq_puts(m, " SESSION name, addr/port src-tid/sid "
2331 "dest-tid/sid state user-data-ok\n");
2332 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
2333 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2334 goto out;
2335 }
2336
2337 /* Show the tunnel or session context.
2338 */
2339 if (pd->session == NULL)
2340 pppol2tp_seq_tunnel_show(m, pd->tunnel);
2341 else
2342 pppol2tp_seq_session_show(m, pd->session);
2343
2344out:
2345 return 0;
2346}
2347
2348static struct seq_operations pppol2tp_seq_ops = {
2349 .start = pppol2tp_seq_start,
2350 .next = pppol2tp_seq_next,
2351 .stop = pppol2tp_seq_stop,
2352 .show = pppol2tp_seq_show,
2353};
2354
2355/* Called when our /proc file is opened. We allocate data for use when
2356 * iterating our tunnel / session contexts and store it in the private
2357 * data of the seq_file.
2358 */
2359static int pppol2tp_proc_open(struct inode *inode, struct file *file)
2360{
2361 struct seq_file *m;
2362 struct pppol2tp_seq_data *pd;
2363 int ret = 0;
2364
2365 ret = seq_open(file, &pppol2tp_seq_ops);
2366 if (ret < 0)
2367 goto out;
2368
2369 m = file->private_data;
2370
2371 /* Allocate and fill our proc_data for access later */
2372 ret = -ENOMEM;
2373 m->private = kzalloc(sizeof(struct pppol2tp_seq_data), GFP_KERNEL);
2374 if (m->private == NULL)
2375 goto out;
2376
2377 pd = m->private;
2378 ret = 0;
2379
2380out:
2381 return ret;
2382}
2383
2384/* Called when /proc file access completes.
2385 */
2386static int pppol2tp_proc_release(struct inode *inode, struct file *file)
2387{
2388 struct seq_file *m = (struct seq_file *)file->private_data;
2389
2390 kfree(m->private);
2391 m->private = NULL;
2392
2393 return seq_release(inode, file);
2394}
2395
2396static struct file_operations pppol2tp_proc_fops = {
2397 .owner = THIS_MODULE,
2398 .open = pppol2tp_proc_open,
2399 .read = seq_read,
2400 .llseek = seq_lseek,
2401 .release = pppol2tp_proc_release,
2402};
2403
2404static struct proc_dir_entry *pppol2tp_proc;
2405
2406#endif /* CONFIG_PROC_FS */
2407
2408/*****************************************************************************
2409 * Init and cleanup
2410 *****************************************************************************/
2411
2412static struct proto_ops pppol2tp_ops = {
2413 .family = AF_PPPOX,
2414 .owner = THIS_MODULE,
2415 .release = pppol2tp_release,
2416 .bind = sock_no_bind,
2417 .connect = pppol2tp_connect,
2418 .socketpair = sock_no_socketpair,
2419 .accept = sock_no_accept,
2420 .getname = pppol2tp_getname,
2421 .poll = datagram_poll,
2422 .listen = sock_no_listen,
2423 .shutdown = sock_no_shutdown,
2424 .setsockopt = pppol2tp_setsockopt,
2425 .getsockopt = pppol2tp_getsockopt,
2426 .sendmsg = pppol2tp_sendmsg,
2427 .recvmsg = pppol2tp_recvmsg,
2428 .mmap = sock_no_mmap,
2429 .ioctl = pppox_ioctl,
2430};
2431
2432static struct pppox_proto pppol2tp_proto = {
2433 .create = pppol2tp_create,
2434 .ioctl = pppol2tp_ioctl
2435};
2436
2437static int __init pppol2tp_init(void)
2438{
2439 int err;
2440
2441 err = proto_register(&pppol2tp_sk_proto, 0);
2442 if (err)
2443 goto out;
2444 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
2445 if (err)
2446 goto out_unregister_pppol2tp_proto;
2447
2448#ifdef CONFIG_PROC_FS
2449 pppol2tp_proc = create_proc_entry("pppol2tp", 0, proc_net);
2450 if (!pppol2tp_proc) {
2451 err = -ENOMEM;
2452 goto out_unregister_pppox_proto;
2453 }
2454 pppol2tp_proc->proc_fops = &pppol2tp_proc_fops;
2455#endif /* CONFIG_PROC_FS */
2456 printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
2457 PPPOL2TP_DRV_VERSION);
2458
2459out:
2460 return err;
2461
2462out_unregister_pppox_proto:
2463 unregister_pppox_proto(PX_PROTO_OL2TP);
2464out_unregister_pppol2tp_proto:
2465 proto_unregister(&pppol2tp_sk_proto);
2466 goto out;
2467}
2468
2469static void __exit pppol2tp_exit(void)
2470{
2471 unregister_pppox_proto(PX_PROTO_OL2TP);
2472
2473#ifdef CONFIG_PROC_FS
2474 remove_proc_entry("pppol2tp", proc_net);
2475#endif
2476 proto_unregister(&pppol2tp_sk_proto);
2477}
2478
2479module_init(pppol2tp_init);
2480module_exit(pppol2tp_exit);
2481
2482MODULE_AUTHOR("Martijn van Oosterhout <kleptog@svana.org>,"
2483 "James Chapman <jchapman@katalix.com>");
2484MODULE_DESCRIPTION("PPP over L2TP over UDP");
2485MODULE_LICENSE("GPL");
2486MODULE_VERSION(PPPOL2TP_DRV_VERSION);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-14 08:17:11 -0500