aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/net/Kconfig7
-rw-r--r--include/linux/if_pppol2tp.h2
-rw-r--r--net/Kconfig1
-rw-r--r--net/Makefile2
-rw-r--r--net/l2tp/Kconfig28
-rw-r--r--net/l2tp/Makefile5
-rw-r--r--net/l2tp/l2tp_core.c1227
-rw-r--r--net/l2tp/l2tp_core.h254
-rw-r--r--net/l2tp/l2tp_ppp.c1658
-rw-r--r--net/l2tp/pppol2tp.c2680
10 files changed, 3175 insertions, 2689 deletions
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index 2cffcb84a241..a55bff26a264 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -3158,17 +3158,12 @@ config PPPOATM
3158 3158
3159config PPPOL2TP 3159config PPPOL2TP
3160 tristate "PPP over L2TP (EXPERIMENTAL)" 3160 tristate "PPP over L2TP (EXPERIMENTAL)"
3161 depends on EXPERIMENTAL && PPP && INET 3161 depends on EXPERIMENTAL && L2TP && PPP
3162 help 3162 help
3163 Support for PPP-over-L2TP socket family. L2TP is a protocol 3163 Support for PPP-over-L2TP socket family. L2TP is a protocol
3164 used by ISPs and enterprises to tunnel PPP traffic over UDP 3164 used by ISPs and enterprises to tunnel PPP traffic over UDP
3165 tunnels. L2TP is replacing PPTP for VPN uses. 3165 tunnels. L2TP is replacing PPTP for VPN uses.
3166 3166
3167 This kernel component handles only L2TP data packets: a
3168 userland daemon handles L2TP the control protocol (tunnel
3169 and session setup). One such daemon is OpenL2TP
3170 (http://openl2tp.sourceforge.net/).
3171
3172config SLIP 3167config SLIP
3173 tristate "SLIP (serial line) support" 3168 tristate "SLIP (serial line) support"
3174 ---help--- 3169 ---help---
diff --git a/include/linux/if_pppol2tp.h b/include/linux/if_pppol2tp.h
index c58baea4a25b..1a1fb6e5d933 100644
--- a/include/linux/if_pppol2tp.h
+++ b/include/linux/if_pppol2tp.h
@@ -2,7 +2,7 @@
2 * Linux PPP over L2TP (PPPoL2TP) Socket Implementation (RFC 2661) 2 * Linux PPP over L2TP (PPPoL2TP) Socket Implementation (RFC 2661)
3 * 3 *
4 * This file supplies definitions required by the PPP over L2TP driver 4 * This file supplies definitions required by the PPP over L2TP driver
5 * (pppol2tp.c). All version information wrt this file is located in pppol2tp.c 5 * (l2tp_ppp.c). All version information wrt this file is located in l2tp_ppp.c
6 * 6 *
7 * License: 7 * License:
8 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
diff --git a/net/Kconfig b/net/Kconfig
index e10d55c8ee5c..0d68b40fc0e6 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -186,6 +186,7 @@ source "net/sctp/Kconfig"
186source "net/rds/Kconfig" 186source "net/rds/Kconfig"
187source "net/tipc/Kconfig" 187source "net/tipc/Kconfig"
188source "net/atm/Kconfig" 188source "net/atm/Kconfig"
189source "net/l2tp/Kconfig"
189source "net/802/Kconfig" 190source "net/802/Kconfig"
190source "net/bridge/Kconfig" 191source "net/bridge/Kconfig"
191source "net/dsa/Kconfig" 192source "net/dsa/Kconfig"
diff --git a/net/Makefile b/net/Makefile
index 13ca77e0eb08..cb7bdc1210cb 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -40,7 +40,7 @@ obj-$(CONFIG_BT) += bluetooth/
40obj-$(CONFIG_SUNRPC) += sunrpc/ 40obj-$(CONFIG_SUNRPC) += sunrpc/
41obj-$(CONFIG_AF_RXRPC) += rxrpc/ 41obj-$(CONFIG_AF_RXRPC) += rxrpc/
42obj-$(CONFIG_ATM) += atm/ 42obj-$(CONFIG_ATM) += atm/
43obj-$(CONFIG_PPPOL2TP) += l2tp/ 43obj-$(CONFIG_L2TP) += l2tp/
44obj-$(CONFIG_DECNET) += decnet/ 44obj-$(CONFIG_DECNET) += decnet/
45obj-$(CONFIG_ECONET) += econet/ 45obj-$(CONFIG_ECONET) += econet/
46obj-$(CONFIG_PHONET) += phonet/ 46obj-$(CONFIG_PHONET) += phonet/
diff --git a/net/l2tp/Kconfig b/net/l2tp/Kconfig
new file mode 100644
index 000000000000..ec88c5cdc397
--- /dev/null
+++ b/net/l2tp/Kconfig
@@ -0,0 +1,28 @@
1#
2# Layer Two Tunneling Protocol (L2TP)
3#
4
5menuconfig L2TP
6 tristate "Layer Two Tunneling Protocol (L2TP)"
7 depends on INET
8 ---help---
9 Layer Two Tunneling Protocol
10
11 From RFC 2661 <http://www.ietf.org/rfc/rfc2661.txt>.
12
13 L2TP facilitates the tunneling of packets across an
14 intervening network in a way that is as transparent as
15 possible to both end-users and applications.
16
17 L2TP is often used to tunnel PPP traffic over IP
18 tunnels. One IP tunnel may carry thousands of individual PPP
19 connections. L2TP is also used as a VPN protocol, popular
20 with home workers to connect to their offices.
21
22 The kernel component handles only L2TP data packets: a
23 userland daemon handles L2TP the control protocol (tunnel
24 and session setup). One such daemon is OpenL2TP
25 (http://openl2tp.org/).
26
27 If you don't need L2TP, say N. To compile all L2TP code as
28 modules, choose M here.
diff --git a/net/l2tp/Makefile b/net/l2tp/Makefile
index 9af41e898a04..c91f208b1693 100644
--- a/net/l2tp/Makefile
+++ b/net/l2tp/Makefile
@@ -2,4 +2,7 @@
2# Makefile for the L2TP. 2# Makefile for the L2TP.
3# 3#
4 4
5obj-$(CONFIG_PPPOL2TP) += pppol2tp.o 5obj-$(CONFIG_L2TP) += l2tp_core.o
6
7# Build l2tp as modules if L2TP is M
8obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_PPPOL2TP)) += l2tp_ppp.o
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
new file mode 100644
index 000000000000..4b6da3689893
--- /dev/null
+++ b/net/l2tp/l2tp_core.c
@@ -0,0 +1,1227 @@
1/*
2 * L2TP core.
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * This file contains some code of the original L2TPv2 pppol2tp
7 * driver, which has the following copyright:
8 *
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2 as
18 * published by the Free Software Foundation.
19 */
20
21#include <linux/module.h>
22#include <linux/string.h>
23#include <linux/list.h>
24#include <linux/uaccess.h>
25
26#include <linux/kernel.h>
27#include <linux/spinlock.h>
28#include <linux/kthread.h>
29#include <linux/sched.h>
30#include <linux/slab.h>
31#include <linux/errno.h>
32#include <linux/jiffies.h>
33
34#include <linux/netdevice.h>
35#include <linux/net.h>
36#include <linux/inetdevice.h>
37#include <linux/skbuff.h>
38#include <linux/init.h>
39#include <linux/ip.h>
40#include <linux/udp.h>
41#include <linux/hash.h>
42#include <linux/sort.h>
43#include <linux/file.h>
44#include <linux/nsproxy.h>
45#include <net/net_namespace.h>
46#include <net/netns/generic.h>
47#include <net/dst.h>
48#include <net/ip.h>
49#include <net/udp.h>
50#include <net/xfrm.h>
51
52#include <asm/byteorder.h>
53#include <asm/atomic.h>
54
55#include "l2tp_core.h"
56
57#define L2TP_DRV_VERSION "V2.0"
58
59/* L2TP header constants */
60#define L2TP_HDRFLAG_T 0x8000
61#define L2TP_HDRFLAG_L 0x4000
62#define L2TP_HDRFLAG_S 0x0800
63#define L2TP_HDRFLAG_O 0x0200
64#define L2TP_HDRFLAG_P 0x0100
65
66#define L2TP_HDR_VER_MASK 0x000F
67#define L2TP_HDR_VER_2 0x0002
68
69/* L2TPv3 default L2-specific sublayer */
70#define L2TP_SLFLAG_S 0x40000000
71#define L2TP_SL_SEQ_MASK 0x00ffffff
72
73#define L2TP_HDR_SIZE_SEQ 10
74#define L2TP_HDR_SIZE_NOSEQ 6
75
76/* Default trace flags */
77#define L2TP_DEFAULT_DEBUG_FLAGS 0
78
79#define PRINTK(_mask, _type, _lvl, _fmt, args...) \
80 do { \
81 if ((_mask) & (_type)) \
82 printk(_lvl "L2TP: " _fmt, ##args); \
83 } while (0)
84
85/* Private data stored for received packets in the skb.
86 */
87struct l2tp_skb_cb {
88 u16 ns;
89 u16 has_seq;
90 u16 length;
91 unsigned long expires;
92};
93
94#define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
95
96static atomic_t l2tp_tunnel_count;
97static atomic_t l2tp_session_count;
98
99/* per-net private data for this module */
100static unsigned int l2tp_net_id;
101struct l2tp_net {
102 struct list_head l2tp_tunnel_list;
103 rwlock_t l2tp_tunnel_list_lock;
104};
105
106static inline struct l2tp_net *l2tp_pernet(struct net *net)
107{
108 BUG_ON(!net);
109
110 return net_generic(net, l2tp_net_id);
111}
112
113/* Session hash list.
114 * The session_id SHOULD be random according to RFC2661, but several
115 * L2TP implementations (Cisco and Microsoft) use incrementing
116 * session_ids. So we do a real hash on the session_id, rather than a
117 * simple bitmask.
118 */
119static inline struct hlist_head *
120l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
121{
122 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
123}
124
125/* Lookup a session by id
126 */
127struct l2tp_session *l2tp_session_find(struct l2tp_tunnel *tunnel, u32 session_id)
128{
129 struct hlist_head *session_list =
130 l2tp_session_id_hash(tunnel, session_id);
131 struct l2tp_session *session;
132 struct hlist_node *walk;
133
134 read_lock_bh(&tunnel->hlist_lock);
135 hlist_for_each_entry(session, walk, session_list, hlist) {
136 if (session->session_id == session_id) {
137 read_unlock_bh(&tunnel->hlist_lock);
138 return session;
139 }
140 }
141 read_unlock_bh(&tunnel->hlist_lock);
142
143 return NULL;
144}
145EXPORT_SYMBOL_GPL(l2tp_session_find);
146
147struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth)
148{
149 int hash;
150 struct hlist_node *walk;
151 struct l2tp_session *session;
152 int count = 0;
153
154 read_lock_bh(&tunnel->hlist_lock);
155 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
156 hlist_for_each_entry(session, walk, &tunnel->session_hlist[hash], hlist) {
157 if (++count > nth) {
158 read_unlock_bh(&tunnel->hlist_lock);
159 return session;
160 }
161 }
162 }
163
164 read_unlock_bh(&tunnel->hlist_lock);
165
166 return NULL;
167}
168EXPORT_SYMBOL_GPL(l2tp_session_find_nth);
169
170/* Lookup a tunnel by id
171 */
172struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id)
173{
174 struct l2tp_tunnel *tunnel;
175 struct l2tp_net *pn = l2tp_pernet(net);
176
177 read_lock_bh(&pn->l2tp_tunnel_list_lock);
178 list_for_each_entry(tunnel, &pn->l2tp_tunnel_list, list) {
179 if (tunnel->tunnel_id == tunnel_id) {
180 read_unlock_bh(&pn->l2tp_tunnel_list_lock);
181 return tunnel;
182 }
183 }
184 read_unlock_bh(&pn->l2tp_tunnel_list_lock);
185
186 return NULL;
187}
188EXPORT_SYMBOL_GPL(l2tp_tunnel_find);
189
190struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth)
191{
192 struct l2tp_net *pn = l2tp_pernet(net);
193 struct l2tp_tunnel *tunnel;
194 int count = 0;
195
196 read_lock_bh(&pn->l2tp_tunnel_list_lock);
197 list_for_each_entry(tunnel, &pn->l2tp_tunnel_list, list) {
198 if (++count > nth) {
199 read_unlock_bh(&pn->l2tp_tunnel_list_lock);
200 return tunnel;
201 }
202 }
203
204 read_unlock_bh(&pn->l2tp_tunnel_list_lock);
205
206 return NULL;
207}
208EXPORT_SYMBOL_GPL(l2tp_tunnel_find_nth);
209
210/*****************************************************************************
211 * Receive data handling
212 *****************************************************************************/
213
214/* Queue a skb in order. We come here only if the skb has an L2TP sequence
215 * number.
216 */
217static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
218{
219 struct sk_buff *skbp;
220 struct sk_buff *tmp;
221 u16 ns = L2TP_SKB_CB(skb)->ns;
222
223 spin_lock_bh(&session->reorder_q.lock);
224 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
225 if (L2TP_SKB_CB(skbp)->ns > ns) {
226 __skb_queue_before(&session->reorder_q, skbp, skb);
227 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
228 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
229 session->name, ns, L2TP_SKB_CB(skbp)->ns,
230 skb_queue_len(&session->reorder_q));
231 session->stats.rx_oos_packets++;
232 goto out;
233 }
234 }
235
236 __skb_queue_tail(&session->reorder_q, skb);
237
238out:
239 spin_unlock_bh(&session->reorder_q.lock);
240}
241
242/* Dequeue a single skb.
243 */
244static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
245{
246 struct l2tp_tunnel *tunnel = session->tunnel;
247 int length = L2TP_SKB_CB(skb)->length;
248
249 /* We're about to requeue the skb, so return resources
250 * to its current owner (a socket receive buffer).
251 */
252 skb_orphan(skb);
253
254 tunnel->stats.rx_packets++;
255 tunnel->stats.rx_bytes += length;
256 session->stats.rx_packets++;
257 session->stats.rx_bytes += length;
258
259 if (L2TP_SKB_CB(skb)->has_seq) {
260 /* Bump our Nr */
261 session->nr++;
262 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
263 "%s: updated nr to %hu\n", session->name, session->nr);
264 }
265
266 /* call private receive handler */
267 if (session->recv_skb != NULL)
268 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
269 else
270 kfree_skb(skb);
271
272 if (session->deref)
273 (*session->deref)(session);
274}
275
276/* Dequeue skbs from the session's reorder_q, subject to packet order.
277 * Skbs that have been in the queue for too long are simply discarded.
278 */
279static void l2tp_recv_dequeue(struct l2tp_session *session)
280{
281 struct sk_buff *skb;
282 struct sk_buff *tmp;
283
284 /* If the pkt at the head of the queue has the nr that we
285 * expect to send up next, dequeue it and any other
286 * in-sequence packets behind it.
287 */
288 spin_lock_bh(&session->reorder_q.lock);
289 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
290 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
291 session->stats.rx_seq_discards++;
292 session->stats.rx_errors++;
293 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
294 "%s: oos pkt %hu len %d discarded (too old), "
295 "waiting for %hu, reorder_q_len=%d\n",
296 session->name, L2TP_SKB_CB(skb)->ns,
297 L2TP_SKB_CB(skb)->length, session->nr,
298 skb_queue_len(&session->reorder_q));
299 __skb_unlink(skb, &session->reorder_q);
300 kfree_skb(skb);
301 if (session->deref)
302 (*session->deref)(session);
303 continue;
304 }
305
306 if (L2TP_SKB_CB(skb)->has_seq) {
307 if (L2TP_SKB_CB(skb)->ns != session->nr) {
308 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
309 "%s: holding oos pkt %hu len %d, "
310 "waiting for %hu, reorder_q_len=%d\n",
311 session->name, L2TP_SKB_CB(skb)->ns,
312 L2TP_SKB_CB(skb)->length, session->nr,
313 skb_queue_len(&session->reorder_q));
314 goto out;
315 }
316 }
317 __skb_unlink(skb, &session->reorder_q);
318
319 /* Process the skb. We release the queue lock while we
320 * do so to let other contexts process the queue.
321 */
322 spin_unlock_bh(&session->reorder_q.lock);
323 l2tp_recv_dequeue_skb(session, skb);
324 spin_lock_bh(&session->reorder_q.lock);
325 }
326
327out:
328 spin_unlock_bh(&session->reorder_q.lock);
329}
330
331static inline int l2tp_verify_udp_checksum(struct sock *sk,
332 struct sk_buff *skb)
333{
334 struct udphdr *uh = udp_hdr(skb);
335 u16 ulen = ntohs(uh->len);
336 struct inet_sock *inet;
337 __wsum psum;
338
339 if (sk->sk_no_check || skb_csum_unnecessary(skb) || !uh->check)
340 return 0;
341
342 inet = inet_sk(sk);
343 psum = csum_tcpudp_nofold(inet->inet_saddr, inet->inet_daddr, ulen,
344 IPPROTO_UDP, 0);
345
346 if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
347 !csum_fold(csum_add(psum, skb->csum)))
348 return 0;
349
350 skb->csum = psum;
351
352 return __skb_checksum_complete(skb);
353}
354
355/* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
356 * here. The skb is not on a list when we get here.
357 * Returns 0 if the packet was a data packet and was successfully passed on.
358 * Returns 1 if the packet was not a good data packet and could not be
359 * forwarded. All such packets are passed up to userspace to deal with.
360 */
361int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
362 int (*payload_hook)(struct sk_buff *skb))
363{
364 struct l2tp_session *session = NULL;
365 unsigned char *ptr, *optr;
366 u16 hdrflags;
367 u32 tunnel_id, session_id;
368 int length;
369 int offset;
370 u16 version;
371 u16 ns, nr;
372
373 if (tunnel->sock && l2tp_verify_udp_checksum(tunnel->sock, skb))
374 goto discard_bad_csum;
375
376 /* UDP always verifies the packet length. */
377 __skb_pull(skb, sizeof(struct udphdr));
378
379 /* Short packet? */
380 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) {
381 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_INFO,
382 "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
383 goto error;
384 }
385
386 /* Point to L2TP header */
387 optr = ptr = skb->data;
388
389 /* Trace packet contents, if enabled */
390 if (tunnel->debug & L2TP_MSG_DATA) {
391 length = min(32u, skb->len);
392 if (!pskb_may_pull(skb, length))
393 goto error;
394
395 printk(KERN_DEBUG "%s: recv: ", tunnel->name);
396
397 offset = 0;
398 do {
399 printk(" %02X", ptr[offset]);
400 } while (++offset < length);
401
402 printk("\n");
403 }
404
405 /* Get L2TP header flags */
406 hdrflags = ntohs(*(__be16 *)ptr);
407
408 /* Check protocol version */
409 version = hdrflags & L2TP_HDR_VER_MASK;
410 if (version != tunnel->version) {
411 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_INFO,
412 "%s: recv protocol version mismatch: got %d expected %d\n",
413 tunnel->name, version, tunnel->version);
414 goto error;
415 }
416
417 /* Get length of L2TP packet */
418 length = skb->len;
419
420 /* If type is control packet, it is handled by userspace. */
421 if (hdrflags & L2TP_HDRFLAG_T) {
422 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_DEBUG,
423 "%s: recv control packet, len=%d\n", tunnel->name, length);
424 goto error;
425 }
426
427 /* Skip flags */
428 ptr += 2;
429
430 /* If length is present, skip it */
431 if (hdrflags & L2TP_HDRFLAG_L)
432 ptr += 2;
433
434 /* Extract tunnel and session ID */
435 tunnel_id = ntohs(*(__be16 *) ptr);
436 ptr += 2;
437 session_id = ntohs(*(__be16 *) ptr);
438 ptr += 2;
439
440 /* Find the session context */
441 session = l2tp_session_find(tunnel, session_id);
442 if (!session) {
443 /* Not found? Pass to userspace to deal with */
444 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_INFO,
445 "%s: no session found (%hu/%hu). Passing up.\n",
446 tunnel->name, tunnel_id, session_id);
447 goto error;
448 }
449
450 /* The ref count is increased since we now hold a pointer to
451 * the session. Take care to decrement the refcnt when exiting
452 * this function from now on...
453 */
454 l2tp_session_inc_refcount(session);
455 if (session->ref)
456 (*session->ref)(session);
457
458 /* Handle the optional sequence numbers. Sequence numbers are
459 * in different places for L2TPv2 and L2TPv3.
460 *
461 * If we are the LAC, enable/disable sequence numbers under
462 * the control of the LNS. If no sequence numbers present but
463 * we were expecting them, discard frame.
464 */
465 ns = nr = 0;
466 L2TP_SKB_CB(skb)->has_seq = 0;
467 if (hdrflags & L2TP_HDRFLAG_S) {
468 ns = (u16) ntohs(*(__be16 *) ptr);
469 ptr += 2;
470 nr = ntohs(*(__be16 *) ptr);
471 ptr += 2;
472
473 /* Store L2TP info in the skb */
474 L2TP_SKB_CB(skb)->ns = ns;
475 L2TP_SKB_CB(skb)->has_seq = 1;
476
477 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
478 "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n",
479 session->name, ns, nr, session->nr);
480 }
481
482 if (L2TP_SKB_CB(skb)->has_seq) {
483 /* Received a packet with sequence numbers. If we're the LNS,
484 * check if we sre sending sequence numbers and if not,
485 * configure it so.
486 */
487 if ((!session->lns_mode) && (!session->send_seq)) {
488 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_INFO,
489 "%s: requested to enable seq numbers by LNS\n",
490 session->name);
491 session->send_seq = -1;
492 }
493 } else {
494 /* No sequence numbers.
495 * If user has configured mandatory sequence numbers, discard.
496 */
497 if (session->recv_seq) {
498 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_WARNING,
499 "%s: recv data has no seq numbers when required. "
500 "Discarding\n", session->name);
501 session->stats.rx_seq_discards++;
502 goto discard;
503 }
504
505 /* If we're the LAC and we're sending sequence numbers, the
506 * LNS has requested that we no longer send sequence numbers.
507 * If we're the LNS and we're sending sequence numbers, the
508 * LAC is broken. Discard the frame.
509 */
510 if ((!session->lns_mode) && (session->send_seq)) {
511 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_INFO,
512 "%s: requested to disable seq numbers by LNS\n",
513 session->name);
514 session->send_seq = 0;
515 } else if (session->send_seq) {
516 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_WARNING,
517 "%s: recv data has no seq numbers when required. "
518 "Discarding\n", session->name);
519 session->stats.rx_seq_discards++;
520 goto discard;
521 }
522 }
523
524 /* If offset bit set, skip it. */
525 if (hdrflags & L2TP_HDRFLAG_O) {
526 offset = ntohs(*(__be16 *)ptr);
527 ptr += 2 + offset;
528 }
529
530 offset = ptr - optr;
531 if (!pskb_may_pull(skb, offset))
532 goto discard;
533
534 __skb_pull(skb, offset);
535
536 /* If caller wants to process the payload before we queue the
537 * packet, do so now.
538 */
539 if (payload_hook)
540 if ((*payload_hook)(skb))
541 goto discard;
542
543 /* Prepare skb for adding to the session's reorder_q. Hold
544 * packets for max reorder_timeout or 1 second if not
545 * reordering.
546 */
547 L2TP_SKB_CB(skb)->length = length;
548 L2TP_SKB_CB(skb)->expires = jiffies +
549 (session->reorder_timeout ? session->reorder_timeout : HZ);
550
551 /* Add packet to the session's receive queue. Reordering is done here, if
552 * enabled. Saved L2TP protocol info is stored in skb->sb[].
553 */
554 if (L2TP_SKB_CB(skb)->has_seq) {
555 if (session->reorder_timeout != 0) {
556 /* Packet reordering enabled. Add skb to session's
557 * reorder queue, in order of ns.
558 */
559 l2tp_recv_queue_skb(session, skb);
560 } else {
561 /* Packet reordering disabled. Discard out-of-sequence
562 * packets
563 */
564 if (L2TP_SKB_CB(skb)->ns != session->nr) {
565 session->stats.rx_seq_discards++;
566 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
567 "%s: oos pkt %hu len %d discarded, "
568 "waiting for %hu, reorder_q_len=%d\n",
569 session->name, L2TP_SKB_CB(skb)->ns,
570 L2TP_SKB_CB(skb)->length, session->nr,
571 skb_queue_len(&session->reorder_q));
572 goto discard;
573 }
574 skb_queue_tail(&session->reorder_q, skb);
575 }
576 } else {
577 /* No sequence numbers. Add the skb to the tail of the
578 * reorder queue. This ensures that it will be
579 * delivered after all previous sequenced skbs.
580 */
581 skb_queue_tail(&session->reorder_q, skb);
582 }
583
584 /* Try to dequeue as many skbs from reorder_q as we can. */
585 l2tp_recv_dequeue(session);
586
587 l2tp_session_dec_refcount(session);
588
589 return 0;
590
591discard:
592 session->stats.rx_errors++;
593 kfree_skb(skb);
594
595 if (session->deref)
596 (*session->deref)(session);
597
598 l2tp_session_dec_refcount(session);
599
600 return 0;
601
602discard_bad_csum:
603 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
604 UDP_INC_STATS_USER(tunnel->l2tp_net, UDP_MIB_INERRORS, 0);
605 tunnel->stats.rx_errors++;
606 kfree_skb(skb);
607
608 return 0;
609
610error:
611 /* Put UDP header back */
612 __skb_push(skb, sizeof(struct udphdr));
613
614 return 1;
615}
616EXPORT_SYMBOL_GPL(l2tp_udp_recv_core);
617
618/* UDP encapsulation receive handler. See net/ipv4/udp.c.
619 * Return codes:
620 * 0 : success.
621 * <0: error
622 * >0: skb should be passed up to userspace as UDP.
623 */
624int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
625{
626 struct l2tp_tunnel *tunnel;
627
628 tunnel = l2tp_sock_to_tunnel(sk);
629 if (tunnel == NULL)
630 goto pass_up;
631
632 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_DEBUG,
633 "%s: received %d bytes\n", tunnel->name, skb->len);
634
635 if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook))
636 goto pass_up_put;
637
638 sock_put(sk);
639 return 0;
640
641pass_up_put:
642 sock_put(sk);
643pass_up:
644 return 1;
645}
646EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
647
648/************************************************************************
649 * Transmit handling
650 ***********************************************************************/
651
652/* Build an L2TP header for the session into the buffer provided.
653 */
654static void l2tp_build_l2tpv2_header(struct l2tp_tunnel *tunnel,
655 struct l2tp_session *session,
656 void *buf)
657{
658 __be16 *bufp = buf;
659 u16 flags = L2TP_HDR_VER_2;
660 u32 tunnel_id = tunnel->peer_tunnel_id;
661 u32 session_id = session->peer_session_id;
662
663 if (session->send_seq)
664 flags |= L2TP_HDRFLAG_S;
665
666 /* Setup L2TP header. */
667 *bufp++ = htons(flags);
668 *bufp++ = htons(tunnel_id);
669 *bufp++ = htons(session_id);
670 if (session->send_seq) {
671 *bufp++ = htons(session->ns);
672 *bufp++ = 0;
673 session->ns++;
674 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
675 "%s: updated ns to %hu\n", session->name, session->ns);
676 }
677}
678
679void l2tp_build_l2tp_header(struct l2tp_session *session, void *buf)
680{
681 struct l2tp_tunnel *tunnel = session->tunnel;
682
683 BUG_ON(tunnel->version != L2TP_HDR_VER_2);
684 l2tp_build_l2tpv2_header(tunnel, session, buf);
685}
686EXPORT_SYMBOL_GPL(l2tp_build_l2tp_header);
687
688int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb, size_t data_len)
689{
690 struct l2tp_tunnel *tunnel = session->tunnel;
691 unsigned int len = skb->len;
692 int error;
693
694 /* Debug */
695 if (session->send_seq)
696 PRINTK(session->debug, L2TP_MSG_DATA, KERN_DEBUG,
697 "%s: send %Zd bytes, ns=%hu\n", session->name,
698 data_len, session->ns - 1);
699 else
700 PRINTK(session->debug, L2TP_MSG_DATA, KERN_DEBUG,
701 "%s: send %Zd bytes\n", session->name, data_len);
702
703 if (session->debug & L2TP_MSG_DATA) {
704 int i;
705 unsigned char *datap = skb->data + sizeof(struct udphdr);
706
707 printk(KERN_DEBUG "%s: xmit:", session->name);
708 for (i = 0; i < (len - sizeof(struct udphdr)); i++) {
709 printk(" %02X", *datap++);
710 if (i == 31) {
711 printk(" ...");
712 break;
713 }
714 }
715 printk("\n");
716 }
717
718 /* Queue the packet to IP for output */
719 error = ip_queue_xmit(skb, 1);
720
721 /* Update stats */
722 if (error >= 0) {
723 tunnel->stats.tx_packets++;
724 tunnel->stats.tx_bytes += len;
725 session->stats.tx_packets++;
726 session->stats.tx_bytes += len;
727 } else {
728 tunnel->stats.tx_errors++;
729 session->stats.tx_errors++;
730 }
731
732 return 0;
733}
734EXPORT_SYMBOL_GPL(l2tp_xmit_core);
735
736/* Automatically called when the skb is freed.
737 */
738static void l2tp_sock_wfree(struct sk_buff *skb)
739{
740 sock_put(skb->sk);
741}
742
743/* For data skbs that we transmit, we associate with the tunnel socket
744 * but don't do accounting.
745 */
746static inline void l2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
747{
748 sock_hold(sk);
749 skb->sk = sk;
750 skb->destructor = l2tp_sock_wfree;
751}
752
753/* If caller requires the skb to have a ppp header, the header must be
754 * inserted in the skb data before calling this function.
755 */
756int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
757{
758 int data_len = skb->len;
759 struct sock *sk = session->tunnel->sock;
760 struct udphdr *uh;
761 unsigned int udp_len;
762 struct inet_sock *inet;
763 __wsum csum;
764 int old_headroom;
765 int new_headroom;
766 int headroom;
767
768 /* Check that there's enough headroom in the skb to insert IP,
769 * UDP and L2TP headers. If not enough, expand it to
770 * make room. Adjust truesize.
771 */
772 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
773 sizeof(struct udphdr) + hdr_len;
774 old_headroom = skb_headroom(skb);
775 if (skb_cow_head(skb, headroom))
776 goto abort;
777
778 new_headroom = skb_headroom(skb);
779 skb_orphan(skb);
780 skb->truesize += new_headroom - old_headroom;
781
782 /* Setup L2TP header */
783 l2tp_build_l2tp_header(session, __skb_push(skb, hdr_len));
784 udp_len = sizeof(struct udphdr) + hdr_len + data_len;
785
786 /* Setup UDP header */
787 inet = inet_sk(sk);
788 __skb_push(skb, sizeof(*uh));
789 skb_reset_transport_header(skb);
790 uh = udp_hdr(skb);
791 uh->source = inet->inet_sport;
792 uh->dest = inet->inet_dport;
793 uh->len = htons(udp_len);
794
795 uh->check = 0;
796
797 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
798 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
799 IPSKB_REROUTED);
800 nf_reset(skb);
801
802 /* Get routing info from the tunnel socket */
803 skb_dst_drop(skb);
804 skb_dst_set(skb, dst_clone(__sk_dst_get(sk)));
805 l2tp_skb_set_owner_w(skb, sk);
806
807 /* Calculate UDP checksum if configured to do so */
808 if (sk->sk_no_check == UDP_CSUM_NOXMIT)
809 skb->ip_summed = CHECKSUM_NONE;
810 else if ((skb_dst(skb) && skb_dst(skb)->dev) &&
811 (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM))) {
812 skb->ip_summed = CHECKSUM_COMPLETE;
813 csum = skb_checksum(skb, 0, udp_len, 0);
814 uh->check = csum_tcpudp_magic(inet->inet_saddr,
815 inet->inet_daddr,
816 udp_len, IPPROTO_UDP, csum);
817 if (uh->check == 0)
818 uh->check = CSUM_MANGLED_0;
819 } else {
820 skb->ip_summed = CHECKSUM_PARTIAL;
821 skb->csum_start = skb_transport_header(skb) - skb->head;
822 skb->csum_offset = offsetof(struct udphdr, check);
823 uh->check = ~csum_tcpudp_magic(inet->inet_saddr,
824 inet->inet_daddr,
825 udp_len, IPPROTO_UDP, 0);
826 }
827
828 l2tp_xmit_core(session, skb, data_len);
829
830abort:
831 return 0;
832}
833EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
834
835/*****************************************************************************
836 * Tinnel and session create/destroy.
837 *****************************************************************************/
838
839/* Tunnel socket destruct hook.
840 * The tunnel context is deleted only when all session sockets have been
841 * closed.
842 */
843void l2tp_tunnel_destruct(struct sock *sk)
844{
845 struct l2tp_tunnel *tunnel;
846
847 tunnel = sk->sk_user_data;
848 if (tunnel == NULL)
849 goto end;
850
851 PRINTK(tunnel->debug, L2TP_MSG_CONTROL, KERN_INFO,
852 "%s: closing...\n", tunnel->name);
853
854 /* Close all sessions */
855 l2tp_tunnel_closeall(tunnel);
856
857 /* No longer an encapsulation socket. See net/ipv4/udp.c */
858 (udp_sk(sk))->encap_type = 0;
859 (udp_sk(sk))->encap_rcv = NULL;
860
861 /* Remove hooks into tunnel socket */
862 tunnel->sock = NULL;
863 sk->sk_destruct = tunnel->old_sk_destruct;
864 sk->sk_user_data = NULL;
865
866 /* Call the original destructor */
867 if (sk->sk_destruct)
868 (*sk->sk_destruct)(sk);
869
870 /* We're finished with the socket */
871 l2tp_tunnel_dec_refcount(tunnel);
872
873end:
874 return;
875}
876EXPORT_SYMBOL(l2tp_tunnel_destruct);
877
878/* When the tunnel is closed, all the attached sessions need to go too.
879 */
880void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
881{
882 int hash;
883 struct hlist_node *walk;
884 struct hlist_node *tmp;
885 struct l2tp_session *session;
886
887 BUG_ON(tunnel == NULL);
888
889 PRINTK(tunnel->debug, L2TP_MSG_CONTROL, KERN_INFO,
890 "%s: closing all sessions...\n", tunnel->name);
891
892 write_lock_bh(&tunnel->hlist_lock);
893 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
894again:
895 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
896 session = hlist_entry(walk, struct l2tp_session, hlist);
897
898 PRINTK(session->debug, L2TP_MSG_CONTROL, KERN_INFO,
899 "%s: closing session\n", session->name);
900
901 hlist_del_init(&session->hlist);
902
903 /* Since we should hold the sock lock while
904 * doing any unbinding, we need to release the
905 * lock we're holding before taking that lock.
906 * Hold a reference to the sock so it doesn't
907 * disappear as we're jumping between locks.
908 */
909 if (session->ref != NULL)
910 (*session->ref)(session);
911
912 write_unlock_bh(&tunnel->hlist_lock);
913
914 if (session->session_close != NULL)
915 (*session->session_close)(session);
916
917 if (session->deref != NULL)
918 (*session->deref)(session);
919
920 write_lock_bh(&tunnel->hlist_lock);
921
922 /* Now restart from the beginning of this hash
923 * chain. We always remove a session from the
924 * list so we are guaranteed to make forward
925 * progress.
926 */
927 goto again;
928 }
929 }
930 write_unlock_bh(&tunnel->hlist_lock);
931}
932EXPORT_SYMBOL_GPL(l2tp_tunnel_closeall);
933
934/* Really kill the tunnel.
935 * Come here only when all sessions have been cleared from the tunnel.
936 */
937void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
938{
939 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
940
941 BUG_ON(atomic_read(&tunnel->ref_count) != 0);
942 BUG_ON(tunnel->sock != NULL);
943
944 PRINTK(tunnel->debug, L2TP_MSG_CONTROL, KERN_INFO,
945 "%s: free...\n", tunnel->name);
946
947 /* Remove from tunnel list */
948 write_lock_bh(&pn->l2tp_tunnel_list_lock);
949 list_del_init(&tunnel->list);
950 write_unlock_bh(&pn->l2tp_tunnel_list_lock);
951
952 atomic_dec(&l2tp_tunnel_count);
953 kfree(tunnel);
954}
955EXPORT_SYMBOL_GPL(l2tp_tunnel_free);
956
957int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
958{
959 struct l2tp_tunnel *tunnel = NULL;
960 int err;
961 struct socket *sock = NULL;
962 struct sock *sk = NULL;
963 struct l2tp_net *pn;
964
965 /* Get the tunnel socket from the fd, which was opened by
966 * the userspace L2TP daemon.
967 */
968 err = -EBADF;
969 sock = sockfd_lookup(fd, &err);
970 if (!sock) {
971 printk(KERN_ERR "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
972 tunnel_id, fd, err);
973 goto err;
974 }
975
976 sk = sock->sk;
977
978 /* Quick sanity checks */
979 err = -EPROTONOSUPPORT;
980 if (sk->sk_protocol != IPPROTO_UDP) {
981 printk(KERN_ERR "tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
982 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
983 goto err;
984 }
985 err = -EAFNOSUPPORT;
986 if (sock->ops->family != AF_INET) {
987 printk(KERN_ERR "tunl %hu: fd %d wrong family, got %d, expected %d\n",
988 tunnel_id, fd, sock->ops->family, AF_INET);
989 goto err;
990 }
991
992 /* Check if this socket has already been prepped */
993 tunnel = (struct l2tp_tunnel *)sk->sk_user_data;
994 if (tunnel != NULL) {
995 /* This socket has already been prepped */
996 err = -EBUSY;
997 goto err;
998 }
999
1000 if (version != L2TP_HDR_VER_2)
1001 goto err;
1002
1003 tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1004 if (tunnel == NULL) {
1005 err = -ENOMEM;
1006 goto err;
1007 }
1008
1009 tunnel->version = version;
1010 tunnel->tunnel_id = tunnel_id;
1011 tunnel->peer_tunnel_id = peer_tunnel_id;
1012 tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1013
1014 tunnel->magic = L2TP_TUNNEL_MAGIC;
1015 sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1016 rwlock_init(&tunnel->hlist_lock);
1017
1018 /* The net we belong to */
1019 tunnel->l2tp_net = net;
1020 pn = l2tp_pernet(net);
1021
1022 if (cfg)
1023 tunnel->debug = cfg->debug;
1024
1025 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1026 udp_sk(sk)->encap_type = UDP_ENCAP_L2TPINUDP;
1027 udp_sk(sk)->encap_rcv = l2tp_udp_encap_recv;
1028
1029 sk->sk_user_data = tunnel;
1030
1031 /* Hook on the tunnel socket destructor so that we can cleanup
1032 * if the tunnel socket goes away.
1033 */
1034 tunnel->old_sk_destruct = sk->sk_destruct;
1035 sk->sk_destruct = &l2tp_tunnel_destruct;
1036 tunnel->sock = sk;
1037 sk->sk_allocation = GFP_ATOMIC;
1038
1039 /* Add tunnel to our list */
1040 INIT_LIST_HEAD(&tunnel->list);
1041 write_lock_bh(&pn->l2tp_tunnel_list_lock);
1042 list_add(&tunnel->list, &pn->l2tp_tunnel_list);
1043 write_unlock_bh(&pn->l2tp_tunnel_list_lock);
1044 atomic_inc(&l2tp_tunnel_count);
1045
1046 /* Bump the reference count. The tunnel context is deleted
1047 * only when this drops to zero.
1048 */
1049 l2tp_tunnel_inc_refcount(tunnel);
1050
1051 err = 0;
1052err:
1053 if (tunnelp)
1054 *tunnelp = tunnel;
1055
1056 if (sock)
1057 sockfd_put(sock);
1058
1059 return err;
1060}
1061EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1062
1063/* Really kill the session.
1064 */
1065void l2tp_session_free(struct l2tp_session *session)
1066{
1067 struct l2tp_tunnel *tunnel;
1068
1069 BUG_ON(atomic_read(&session->ref_count) != 0);
1070
1071 tunnel = session->tunnel;
1072 if (tunnel != NULL) {
1073 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1074
1075 /* Delete the session from the hash */
1076 write_lock_bh(&tunnel->hlist_lock);
1077 hlist_del_init(&session->hlist);
1078 write_unlock_bh(&tunnel->hlist_lock);
1079
1080 if (session->session_id != 0)
1081 atomic_dec(&l2tp_session_count);
1082
1083 sock_put(tunnel->sock);
1084
1085 /* This will delete the tunnel context if this
1086 * is the last session on the tunnel.
1087 */
1088 session->tunnel = NULL;
1089 l2tp_tunnel_dec_refcount(tunnel);
1090 }
1091
1092 kfree(session);
1093
1094 return;
1095}
1096EXPORT_SYMBOL_GPL(l2tp_session_free);
1097
1098struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1099{
1100 struct l2tp_session *session;
1101
1102 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1103 if (session != NULL) {
1104 session->magic = L2TP_SESSION_MAGIC;
1105 session->tunnel = tunnel;
1106
1107 session->session_id = session_id;
1108 session->peer_session_id = peer_session_id;
1109
1110 sprintf(&session->name[0], "sess %u/%u",
1111 tunnel->tunnel_id, session->session_id);
1112
1113 skb_queue_head_init(&session->reorder_q);
1114
1115 INIT_HLIST_NODE(&session->hlist);
1116
1117 /* Inherit debug options from tunnel */
1118 session->debug = tunnel->debug;
1119
1120 if (cfg) {
1121 session->debug = cfg->debug;
1122 session->hdr_len = cfg->hdr_len;
1123 session->mtu = cfg->mtu;
1124 session->mru = cfg->mru;
1125 session->send_seq = cfg->send_seq;
1126 session->recv_seq = cfg->recv_seq;
1127 session->lns_mode = cfg->lns_mode;
1128 }
1129
1130 /* Bump the reference count. The session context is deleted
1131 * only when this drops to zero.
1132 */
1133 l2tp_session_inc_refcount(session);
1134 l2tp_tunnel_inc_refcount(tunnel);
1135
1136 /* Ensure tunnel socket isn't deleted */
1137 sock_hold(tunnel->sock);
1138
1139 /* Add session to the tunnel's hash list */
1140 write_lock_bh(&tunnel->hlist_lock);
1141 hlist_add_head(&session->hlist,
1142 l2tp_session_id_hash(tunnel, session_id));
1143 write_unlock_bh(&tunnel->hlist_lock);
1144
1145 /* Ignore management session in session count value */
1146 if (session->session_id != 0)
1147 atomic_inc(&l2tp_session_count);
1148 }
1149
1150 return session;
1151}
1152EXPORT_SYMBOL_GPL(l2tp_session_create);
1153
1154/*****************************************************************************
1155 * Init and cleanup
1156 *****************************************************************************/
1157
1158static __net_init int l2tp_init_net(struct net *net)
1159{
1160 struct l2tp_net *pn;
1161 int err;
1162
1163 pn = kzalloc(sizeof(*pn), GFP_KERNEL);
1164 if (!pn)
1165 return -ENOMEM;
1166
1167 INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1168 rwlock_init(&pn->l2tp_tunnel_list_lock);
1169
1170 err = net_assign_generic(net, l2tp_net_id, pn);
1171 if (err)
1172 goto out;
1173
1174 return 0;
1175
1176out:
1177 kfree(pn);
1178 return err;
1179}
1180
1181static __net_exit void l2tp_exit_net(struct net *net)
1182{
1183 struct l2tp_net *pn;
1184
1185 pn = net_generic(net, l2tp_net_id);
1186 /*
1187 * if someone has cached our net then
1188 * further net_generic call will return NULL
1189 */
1190 net_assign_generic(net, l2tp_net_id, NULL);
1191 kfree(pn);
1192}
1193
1194static struct pernet_operations l2tp_net_ops = {
1195 .init = l2tp_init_net,
1196 .exit = l2tp_exit_net,
1197 .id = &l2tp_net_id,
1198 .size = sizeof(struct l2tp_net),
1199};
1200
1201static int __init l2tp_init(void)
1202{
1203 int rc = 0;
1204
1205 rc = register_pernet_device(&l2tp_net_ops);
1206 if (rc)
1207 goto out;
1208
1209 printk(KERN_INFO "L2TP core driver, %s\n", L2TP_DRV_VERSION);
1210
1211out:
1212 return rc;
1213}
1214
1215static void __exit l2tp_exit(void)
1216{
1217 unregister_pernet_device(&l2tp_net_ops);
1218}
1219
1220module_init(l2tp_init);
1221module_exit(l2tp_exit);
1222
1223MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1224MODULE_DESCRIPTION("L2TP core");
1225MODULE_LICENSE("GPL");
1226MODULE_VERSION(L2TP_DRV_VERSION);
1227
diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
new file mode 100644
index 000000000000..2efe1a3ada98
--- /dev/null
+++ b/net/l2tp/l2tp_core.h
@@ -0,0 +1,254 @@
1/*
2 * L2TP internal definitions.
3 *
4 * Copyright (c) 2008,2009 Katalix Systems Ltd
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#ifndef _L2TP_CORE_H_
12#define _L2TP_CORE_H_
13
14/* Just some random numbers */
15#define L2TP_TUNNEL_MAGIC 0x42114DDA
16#define L2TP_SESSION_MAGIC 0x0C04EB7D
17
18#define L2TP_HASH_BITS 4
19#define L2TP_HASH_SIZE (1 << L2TP_HASH_BITS)
20
21/* Debug message categories for the DEBUG socket option */
22enum {
23 L2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if
24 * compiled in) */
25 L2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel
26 * interface */
27 L2TP_MSG_SEQ = (1 << 2), /* sequence numbers */
28 L2TP_MSG_DATA = (1 << 3), /* data packets */
29};
30
31struct sk_buff;
32
33struct l2tp_stats {
34 u64 tx_packets;
35 u64 tx_bytes;
36 u64 tx_errors;
37 u64 rx_packets;
38 u64 rx_bytes;
39 u64 rx_seq_discards;
40 u64 rx_oos_packets;
41 u64 rx_errors;
42};
43
44struct l2tp_tunnel;
45
46/* Describes a session. Contains information to determine incoming
47 * packets and transmit outgoing ones.
48 */
49struct l2tp_session_cfg {
50 unsigned data_seq:2; /* data sequencing level
51 * 0 => none, 1 => IP only,
52 * 2 => all
53 */
54 unsigned recv_seq:1; /* expect receive packets with
55 * sequence numbers? */
56 unsigned send_seq:1; /* send packets with sequence
57 * numbers? */
58 unsigned lns_mode:1; /* behave as LNS? LAC enables
59 * sequence numbers under
60 * control of LNS. */
61 int debug; /* bitmask of debug message
62 * categories */
63 int offset; /* offset to payload */
64 int reorder_timeout; /* configured reorder timeout
65 * (in jiffies) */
66 int mtu;
67 int mru;
68 int hdr_len;
69};
70
71struct l2tp_session {
72 int magic; /* should be
73 * L2TP_SESSION_MAGIC */
74
75 struct l2tp_tunnel *tunnel; /* back pointer to tunnel
76 * context */
77 u32 session_id;
78 u32 peer_session_id;
79 u16 nr; /* session NR state (receive) */
80 u16 ns; /* session NR state (send) */
81 struct sk_buff_head reorder_q; /* receive reorder queue */
82 struct hlist_node hlist; /* Hash list node */
83 atomic_t ref_count;
84
85 char name[32]; /* for logging */
86 unsigned data_seq:2; /* data sequencing level
87 * 0 => none, 1 => IP only,
88 * 2 => all
89 */
90 unsigned recv_seq:1; /* expect receive packets with
91 * sequence numbers? */
92 unsigned send_seq:1; /* send packets with sequence
93 * numbers? */
94 unsigned lns_mode:1; /* behave as LNS? LAC enables
95 * sequence numbers under
96 * control of LNS. */
97 int debug; /* bitmask of debug message
98 * categories */
99 int reorder_timeout; /* configured reorder timeout
100 * (in jiffies) */
101 int mtu;
102 int mru;
103 int hdr_len;
104 struct l2tp_stats stats;
105
106 void (*recv_skb)(struct l2tp_session *session, struct sk_buff *skb, int data_len);
107 void (*session_close)(struct l2tp_session *session);
108 void (*ref)(struct l2tp_session *session);
109 void (*deref)(struct l2tp_session *session);
110
111 uint8_t priv[0]; /* private data */
112};
113
114/* Describes the tunnel. It contains info to track all the associated
115 * sessions so incoming packets can be sorted out
116 */
117struct l2tp_tunnel_cfg {
118 int debug; /* bitmask of debug message
119 * categories */
120};
121
122struct l2tp_tunnel {
123 int magic; /* Should be L2TP_TUNNEL_MAGIC */
124 rwlock_t hlist_lock; /* protect session_hlist */
125 struct hlist_head session_hlist[L2TP_HASH_SIZE];
126 /* hashed list of sessions,
127 * hashed by id */
128 u32 tunnel_id;
129 u32 peer_tunnel_id;
130 int version; /* 2=>L2TPv2, 3=>L2TPv3 */
131
132 char name[20]; /* for logging */
133 int debug; /* bitmask of debug message
134 * categories */
135 int hdr_len;
136 struct l2tp_stats stats;
137
138 struct list_head list; /* Keep a list of all tunnels */
139 struct net *l2tp_net; /* the net we belong to */
140
141 atomic_t ref_count;
142
143 int (*recv_payload_hook)(struct sk_buff *skb);
144 void (*old_sk_destruct)(struct sock *);
145 struct sock *sock; /* Parent socket */
146 int fd;
147
148 uint8_t priv[0]; /* private data */
149};
150
151static inline void *l2tp_tunnel_priv(struct l2tp_tunnel *tunnel)
152{
153 return &tunnel->priv[0];
154}
155
156static inline void *l2tp_session_priv(struct l2tp_session *session)
157{
158 return &session->priv[0];
159}
160
161static inline struct l2tp_tunnel *l2tp_sock_to_tunnel(struct sock *sk)
162{
163 struct l2tp_tunnel *tunnel;
164
165 if (sk == NULL)
166 return NULL;
167
168 sock_hold(sk);
169 tunnel = (struct l2tp_tunnel *)(sk->sk_user_data);
170 if (tunnel == NULL) {
171 sock_put(sk);
172 goto out;
173 }
174
175 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
176
177out:
178 return tunnel;
179}
180
181extern struct l2tp_session *l2tp_session_find(struct l2tp_tunnel *tunnel, u32 session_id);
182extern struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth);
183extern struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id);
184extern struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth);
185
186extern int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp);
187extern struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg);
188extern void l2tp_tunnel_free(struct l2tp_tunnel *tunnel);
189extern void l2tp_session_free(struct l2tp_session *session);
190extern int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb, int (*payload_hook)(struct sk_buff *skb));
191extern int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb);
192
193extern void l2tp_build_l2tp_header(struct l2tp_session *session, void *buf);
194extern int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb, size_t data_len);
195extern int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len);
196extern void l2tp_tunnel_destruct(struct sock *sk);
197extern void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel);
198
199/* Tunnel reference counts. Incremented per session that is added to
200 * the tunnel.
201 */
202static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel)
203{
204 atomic_inc(&tunnel->ref_count);
205}
206
207static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel)
208{
209 if (atomic_dec_and_test(&tunnel->ref_count))
210 l2tp_tunnel_free(tunnel);
211}
212#ifdef L2TP_REFCNT_DEBUG
213#define l2tp_tunnel_inc_refcount(_t) do { \
214 printk(KERN_DEBUG "l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_t)->name, atomic_read(&_t->ref_count)); \
215 l2tp_tunnel_inc_refcount_1(_t); \
216 } while (0)
217#define l2tp_tunnel_dec_refcount(_t) do { \
218 printk(KERN_DEBUG "l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_t)->name, atomic_read(&_t->ref_count)); \
219 l2tp_tunnel_dec_refcount_1(_t); \
220 } while (0)
221#else
222#define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t)
223#define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t)
224#endif
225
226/* Session reference counts. Incremented when code obtains a reference
227 * to a session.
228 */
229static inline void l2tp_session_inc_refcount_1(struct l2tp_session *session)
230{
231 atomic_inc(&session->ref_count);
232}
233
234static inline void l2tp_session_dec_refcount_1(struct l2tp_session *session)
235{
236 if (atomic_dec_and_test(&session->ref_count))
237 l2tp_session_free(session);
238}
239
240#ifdef L2TP_REFCNT_DEBUG
241#define l2tp_session_inc_refcount(_s) do { \
242 printk(KERN_DEBUG "l2tp_session_inc_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_s)->name, atomic_read(&_s->ref_count)); \
243 l2tp_session_inc_refcount_1(_s); \
244 } while (0)
245#define l2tp_session_dec_refcount(_s) do { \
246 printk(KERN_DEBUG "l2tp_session_dec_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_s)->name, atomic_read(&_s->ref_count)); \
247 l2tp_session_dec_refcount_1(_s); \
248 } while (0)
249#else
250#define l2tp_session_inc_refcount(s) l2tp_session_inc_refcount_1(s)
251#define l2tp_session_dec_refcount(s) l2tp_session_dec_refcount_1(s)
252#endif
253
254#endif /* _L2TP_CORE_H_ */
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
new file mode 100644
index 000000000000..baac072761aa
--- /dev/null
+++ b/net/l2tp/l2tp_ppp.c
@@ -0,0 +1,1658 @@
1/*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6 *
7 * Version: 2.0.0
8 *
9 * Authors: James Chapman (jchapman@katalix.com)
10 *
11 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
12 *
13 * License:
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version
17 * 2 of the License, or (at your option) any later version.
18 *
19 */
20
21/* This driver handles only L2TP data frames; control frames are handled by a
22 * userspace application.
23 *
24 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
25 * attaches it to a bound UDP socket with local tunnel_id / session_id and
26 * peer tunnel_id / session_id set. Data can then be sent or received using
27 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
28 * can be read or modified using ioctl() or [gs]etsockopt() calls.
29 *
30 * When a PPPoL2TP socket is connected with local and peer session_id values
31 * zero, the socket is treated as a special tunnel management socket.
32 *
33 * Here's example userspace code to create a socket for sending/receiving data
34 * over an L2TP session:-
35 *
36 * struct sockaddr_pppol2tp sax;
37 * int fd;
38 * int session_fd;
39 *
40 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
41 *
42 * sax.sa_family = AF_PPPOX;
43 * sax.sa_protocol = PX_PROTO_OL2TP;
44 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
45 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
46 * sax.pppol2tp.addr.sin_port = addr->sin_port;
47 * sax.pppol2tp.addr.sin_family = AF_INET;
48 * sax.pppol2tp.s_tunnel = tunnel_id;
49 * sax.pppol2tp.s_session = session_id;
50 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
51 * sax.pppol2tp.d_session = peer_session_id;
52 *
53 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
54 *
55 * A pppd plugin that allows PPP traffic to be carried over L2TP using
56 * this driver is available from the OpenL2TP project at
57 * http://openl2tp.sourceforge.net.
58 */
59
60#include <linux/module.h>
61#include <linux/string.h>
62#include <linux/list.h>
63#include <linux/uaccess.h>
64
65#include <linux/kernel.h>
66#include <linux/spinlock.h>
67#include <linux/kthread.h>
68#include <linux/sched.h>
69#include <linux/slab.h>
70#include <linux/errno.h>
71#include <linux/jiffies.h>
72
73#include <linux/netdevice.h>
74#include <linux/net.h>
75#include <linux/inetdevice.h>
76#include <linux/skbuff.h>
77#include <linux/init.h>
78#include <linux/ip.h>
79#include <linux/udp.h>
80#include <linux/if_pppox.h>
81#include <linux/if_pppol2tp.h>
82#include <net/sock.h>
83#include <linux/ppp_channel.h>
84#include <linux/ppp_defs.h>
85#include <linux/if_ppp.h>
86#include <linux/file.h>
87#include <linux/hash.h>
88#include <linux/sort.h>
89#include <linux/proc_fs.h>
90#include <linux/nsproxy.h>
91#include <net/net_namespace.h>
92#include <net/netns/generic.h>
93#include <net/dst.h>
94#include <net/ip.h>
95#include <net/udp.h>
96#include <net/xfrm.h>
97
98#include <asm/byteorder.h>
99#include <asm/atomic.h>
100
101#include "l2tp_core.h"
102
103#define PPPOL2TP_DRV_VERSION "V2.0"
104
105/* Space for UDP, L2TP and PPP headers */
106#define PPPOL2TP_HEADER_OVERHEAD 40
107
108#define PRINTK(_mask, _type, _lvl, _fmt, args...) \
109 do { \
110 if ((_mask) & (_type)) \
111 printk(_lvl "PPPOL2TP: " _fmt, ##args); \
112 } while (0)
113
114/* Number of bytes to build transmit L2TP headers.
115 * Unfortunately the size is different depending on whether sequence numbers
116 * are enabled.
117 */
118#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
119#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
120
121/* Private data of each session. This data lives at the end of struct
122 * l2tp_session, referenced via session->priv[].
123 */
124struct pppol2tp_session {
125 int owner; /* pid that opened the socket */
126
127 struct sock *sock; /* Pointer to the session
128 * PPPoX socket */
129 struct sock *tunnel_sock; /* Pointer to the tunnel UDP
130 * socket */
131 int flags; /* accessed by PPPIOCGFLAGS.
132 * Unused. */
133};
134
135static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
136
137static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
138static const struct proto_ops pppol2tp_ops;
139
140/* Helpers to obtain tunnel/session contexts from sockets.
141 */
142static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
143{
144 struct l2tp_session *session;
145
146 if (sk == NULL)
147 return NULL;
148
149 sock_hold(sk);
150 session = (struct l2tp_session *)(sk->sk_user_data);
151 if (session == NULL) {
152 sock_put(sk);
153 goto out;
154 }
155
156 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
157
158out:
159 return session;
160}
161
162/*****************************************************************************
163 * Receive data handling
164 *****************************************************************************/
165
166static int pppol2tp_recv_payload_hook(struct sk_buff *skb)
167{
168 /* Skip PPP header, if present. In testing, Microsoft L2TP clients
169 * don't send the PPP header (PPP header compression enabled), but
170 * other clients can include the header. So we cope with both cases
171 * here. The PPP header is always FF03 when using L2TP.
172 *
173 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
174 * the field may be unaligned.
175 */
176 if (!pskb_may_pull(skb, 2))
177 return 1;
178
179 if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
180 skb_pull(skb, 2);
181
182 return 0;
183}
184
185/* Receive message. This is the recvmsg for the PPPoL2TP socket.
186 */
187static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
188 struct msghdr *msg, size_t len,
189 int flags)
190{
191 int err;
192 struct sk_buff *skb;
193 struct sock *sk = sock->sk;
194
195 err = -EIO;
196 if (sk->sk_state & PPPOX_BOUND)
197 goto end;
198
199 msg->msg_namelen = 0;
200
201 err = 0;
202 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
203 flags & MSG_DONTWAIT, &err);
204 if (!skb)
205 goto end;
206
207 if (len > skb->len)
208 len = skb->len;
209 else if (len < skb->len)
210 msg->msg_flags |= MSG_TRUNC;
211
212 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
213 if (likely(err == 0))
214 err = len;
215
216 kfree_skb(skb);
217end:
218 return err;
219}
220
221static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
222{
223 struct pppol2tp_session *ps = l2tp_session_priv(session);
224 struct sock *sk = NULL;
225
226 /* If the socket is bound, send it in to PPP's input queue. Otherwise
227 * queue it on the session socket.
228 */
229 sk = ps->sock;
230 if (sk == NULL)
231 goto no_sock;
232
233 if (sk->sk_state & PPPOX_BOUND) {
234 struct pppox_sock *po;
235 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
236 "%s: recv %d byte data frame, passing to ppp\n",
237 session->name, data_len);
238
239 /* We need to forget all info related to the L2TP packet
240 * gathered in the skb as we are going to reuse the same
241 * skb for the inner packet.
242 * Namely we need to:
243 * - reset xfrm (IPSec) information as it applies to
244 * the outer L2TP packet and not to the inner one
245 * - release the dst to force a route lookup on the inner
246 * IP packet since skb->dst currently points to the dst
247 * of the UDP tunnel
248 * - reset netfilter information as it doesn't apply
249 * to the inner packet either
250 */
251 secpath_reset(skb);
252 skb_dst_drop(skb);
253 nf_reset(skb);
254
255 po = pppox_sk(sk);
256 ppp_input(&po->chan, skb);
257 } else {
258 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
259 "%s: socket not bound\n", session->name);
260
261 /* Not bound. Nothing we can do, so discard. */
262 session->stats.rx_errors++;
263 kfree_skb(skb);
264 }
265
266 return;
267
268no_sock:
269 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
270 "%s: no socket\n", session->name);
271 kfree_skb(skb);
272}
273
274static void pppol2tp_session_sock_hold(struct l2tp_session *session)
275{
276 struct pppol2tp_session *ps = l2tp_session_priv(session);
277
278 if (ps->sock)
279 sock_hold(ps->sock);
280}
281
282static void pppol2tp_session_sock_put(struct l2tp_session *session)
283{
284 struct pppol2tp_session *ps = l2tp_session_priv(session);
285
286 if (ps->sock)
287 sock_put(ps->sock);
288}
289
290/************************************************************************
291 * Transmit handling
292 ***********************************************************************/
293
294/* Tell how big L2TP headers are for a particular session. This
295 * depends on whether sequence numbers are being used.
296 */
297static inline int pppol2tp_l2tp_header_len(struct l2tp_session *session)
298{
299 if (session->send_seq)
300 return PPPOL2TP_L2TP_HDR_SIZE_SEQ;
301
302 return PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
303}
304
305/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
306 * when a user application does a sendmsg() on the session socket. L2TP and
307 * PPP headers must be inserted into the user's data.
308 */
309static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
310 size_t total_len)
311{
312 static const unsigned char ppph[2] = { 0xff, 0x03 };
313 struct sock *sk = sock->sk;
314 struct sk_buff *skb;
315 int error;
316 struct l2tp_session *session;
317 struct l2tp_tunnel *tunnel;
318 struct pppol2tp_session *ps;
319
320 error = -ENOTCONN;
321 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
322 goto error;
323
324 /* Get session and tunnel contexts */
325 error = -EBADF;
326 session = pppol2tp_sock_to_session(sk);
327 if (session == NULL)
328 goto error;
329
330 ps = l2tp_session_priv(session);
331 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
332 if (tunnel == NULL)
333 goto error_put_sess;
334
335 /* Allocate a socket buffer */
336 error = -ENOMEM;
337 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
338 sizeof(struct udphdr) + session->hdr_len +
339 sizeof(ppph) + total_len,
340 0, GFP_KERNEL);
341 if (!skb)
342 goto error_put_sess_tun;
343
344 /* Reserve space for headers. */
345 skb_reserve(skb, NET_SKB_PAD);
346 skb_reset_network_header(skb);
347 skb_reserve(skb, sizeof(struct iphdr));
348 skb_reset_transport_header(skb);
349 skb_reserve(skb, sizeof(struct udphdr));
350
351 /* Add PPP header */
352 skb->data[0] = ppph[0];
353 skb->data[1] = ppph[1];
354 skb_put(skb, 2);
355
356 /* Copy user data into skb */
357 error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
358 if (error < 0) {
359 kfree_skb(skb);
360 goto error_put_sess_tun;
361 }
362 skb_put(skb, total_len);
363
364 l2tp_xmit_skb(session, skb, session->hdr_len);
365
366 sock_put(ps->tunnel_sock);
367
368 return error;
369
370error_put_sess_tun:
371 sock_put(ps->tunnel_sock);
372error_put_sess:
373 sock_put(sk);
374error:
375 return error;
376}
377
378/* Transmit function called by generic PPP driver. Sends PPP frame
379 * over PPPoL2TP socket.
380 *
381 * This is almost the same as pppol2tp_sendmsg(), but rather than
382 * being called with a msghdr from userspace, it is called with a skb
383 * from the kernel.
384 *
385 * The supplied skb from ppp doesn't have enough headroom for the
386 * insertion of L2TP, UDP and IP headers so we need to allocate more
387 * headroom in the skb. This will create a cloned skb. But we must be
388 * careful in the error case because the caller will expect to free
389 * the skb it supplied, not our cloned skb. So we take care to always
390 * leave the original skb unfreed if we return an error.
391 */
392static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
393{
394 static const u8 ppph[2] = { 0xff, 0x03 };
395 struct sock *sk = (struct sock *) chan->private;
396 struct sock *sk_tun;
397 int hdr_len;
398 struct l2tp_session *session;
399 struct l2tp_tunnel *tunnel;
400 struct pppol2tp_session *ps;
401 int old_headroom;
402 int new_headroom;
403
404 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
405 goto abort;
406
407 /* Get session and tunnel contexts from the socket */
408 session = pppol2tp_sock_to_session(sk);
409 if (session == NULL)
410 goto abort;
411
412 ps = l2tp_session_priv(session);
413 sk_tun = ps->tunnel_sock;
414 if (sk_tun == NULL)
415 goto abort_put_sess;
416 tunnel = l2tp_sock_to_tunnel(sk_tun);
417 if (tunnel == NULL)
418 goto abort_put_sess;
419
420 /* What header length is configured for this session? */
421 hdr_len = pppol2tp_l2tp_header_len(session);
422
423 old_headroom = skb_headroom(skb);
424 if (skb_cow_head(skb, sizeof(ppph)))
425 goto abort_put_sess_tun;
426
427 new_headroom = skb_headroom(skb);
428 skb->truesize += new_headroom - old_headroom;
429
430 /* Setup PPP header */
431 __skb_push(skb, sizeof(ppph));
432 skb->data[0] = ppph[0];
433 skb->data[1] = ppph[1];
434
435 l2tp_xmit_skb(session, skb, hdr_len);
436
437 sock_put(sk_tun);
438 sock_put(sk);
439 return 1;
440
441abort_put_sess_tun:
442 sock_put(sk_tun);
443abort_put_sess:
444 sock_put(sk);
445abort:
446 /* Free the original skb */
447 kfree_skb(skb);
448 return 1;
449}
450
451/*****************************************************************************
452 * Session (and tunnel control) socket create/destroy.
453 *****************************************************************************/
454
455/* Called by l2tp_core when a session socket is being closed.
456 */
457static void pppol2tp_session_close(struct l2tp_session *session)
458{
459 struct pppol2tp_session *ps = l2tp_session_priv(session);
460 struct sock *sk = ps->sock;
461 struct sk_buff *skb;
462
463 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
464
465 if (session->session_id == 0)
466 goto out;
467
468 if (sk != NULL) {
469 lock_sock(sk);
470
471 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
472 pppox_unbind_sock(sk);
473 sk->sk_state = PPPOX_DEAD;
474 sk->sk_state_change(sk);
475 }
476
477 /* Purge any queued data */
478 skb_queue_purge(&sk->sk_receive_queue);
479 skb_queue_purge(&sk->sk_write_queue);
480 while ((skb = skb_dequeue(&session->reorder_q))) {
481 kfree_skb(skb);
482 sock_put(sk);
483 }
484
485 release_sock(sk);
486 }
487
488out:
489 return;
490}
491
492/* Really kill the session socket. (Called from sock_put() if
493 * refcnt == 0.)
494 */
495static void pppol2tp_session_destruct(struct sock *sk)
496{
497 struct l2tp_session *session;
498
499 if (sk->sk_user_data != NULL) {
500 session = sk->sk_user_data;
501 if (session == NULL)
502 goto out;
503
504 sk->sk_user_data = NULL;
505 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
506 l2tp_session_dec_refcount(session);
507 }
508
509out:
510 return;
511}
512
513/* Called when the PPPoX socket (session) is closed.
514 */
515static int pppol2tp_release(struct socket *sock)
516{
517 struct sock *sk = sock->sk;
518 struct l2tp_session *session;
519 int error;
520
521 if (!sk)
522 return 0;
523
524 error = -EBADF;
525 lock_sock(sk);
526 if (sock_flag(sk, SOCK_DEAD) != 0)
527 goto error;
528
529 pppox_unbind_sock(sk);
530
531 /* Signal the death of the socket. */
532 sk->sk_state = PPPOX_DEAD;
533 sock_orphan(sk);
534 sock->sk = NULL;
535
536 session = pppol2tp_sock_to_session(sk);
537
538 /* Purge any queued data */
539 skb_queue_purge(&sk->sk_receive_queue);
540 skb_queue_purge(&sk->sk_write_queue);
541 if (session != NULL) {
542 struct sk_buff *skb;
543 while ((skb = skb_dequeue(&session->reorder_q))) {
544 kfree_skb(skb);
545 sock_put(sk);
546 }
547 sock_put(sk);
548 }
549
550 release_sock(sk);
551
552 /* This will delete the session context via
553 * pppol2tp_session_destruct() if the socket's refcnt drops to
554 * zero.
555 */
556 sock_put(sk);
557
558 return 0;
559
560error:
561 release_sock(sk);
562 return error;
563}
564
565static struct proto pppol2tp_sk_proto = {
566 .name = "PPPOL2TP",
567 .owner = THIS_MODULE,
568 .obj_size = sizeof(struct pppox_sock),
569};
570
571static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
572{
573 int rc;
574
575 rc = l2tp_udp_encap_recv(sk, skb);
576 if (rc)
577 kfree_skb(skb);
578
579 return NET_RX_SUCCESS;
580}
581
582/* socket() handler. Initialize a new struct sock.
583 */
584static int pppol2tp_create(struct net *net, struct socket *sock)
585{
586 int error = -ENOMEM;
587 struct sock *sk;
588
589 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
590 if (!sk)
591 goto out;
592
593 sock_init_data(sock, sk);
594
595 sock->state = SS_UNCONNECTED;
596 sock->ops = &pppol2tp_ops;
597
598 sk->sk_backlog_rcv = pppol2tp_backlog_recv;
599 sk->sk_protocol = PX_PROTO_OL2TP;
600 sk->sk_family = PF_PPPOX;
601 sk->sk_state = PPPOX_NONE;
602 sk->sk_type = SOCK_STREAM;
603 sk->sk_destruct = pppol2tp_session_destruct;
604
605 error = 0;
606
607out:
608 return error;
609}
610
611/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
612 */
613static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
614 int sockaddr_len, int flags)
615{
616 struct sock *sk = sock->sk;
617 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
618 struct pppox_sock *po = pppox_sk(sk);
619 struct l2tp_session *session = NULL;
620 struct l2tp_tunnel *tunnel;
621 struct pppol2tp_session *ps;
622 struct dst_entry *dst;
623 struct l2tp_session_cfg cfg = { 0, };
624 int error = 0;
625
626 lock_sock(sk);
627
628 error = -EINVAL;
629 if (sp->sa_protocol != PX_PROTO_OL2TP)
630 goto end;
631
632 /* Check for already bound sockets */
633 error = -EBUSY;
634 if (sk->sk_state & PPPOX_CONNECTED)
635 goto end;
636
637 /* We don't supporting rebinding anyway */
638 error = -EALREADY;
639 if (sk->sk_user_data)
640 goto end; /* socket is already attached */
641
642 /* Don't bind if s_tunnel is 0 */
643 error = -EINVAL;
644 if (sp->pppol2tp.s_tunnel == 0)
645 goto end;
646
647 /* Special case: create tunnel context if s_session and
648 * d_session is 0. Otherwise look up tunnel using supplied
649 * tunnel id.
650 */
651 if ((sp->pppol2tp.s_session == 0) && (sp->pppol2tp.d_session == 0)) {
652 error = l2tp_tunnel_create(sock_net(sk), sp->pppol2tp.fd, 2, sp->pppol2tp.s_tunnel, sp->pppol2tp.d_tunnel, NULL, &tunnel);
653 if (error < 0)
654 goto end;
655 } else {
656 tunnel = l2tp_tunnel_find(sock_net(sk), sp->pppol2tp.s_tunnel);
657
658 /* Error if we can't find the tunnel */
659 error = -ENOENT;
660 if (tunnel == NULL)
661 goto end;
662
663 /* Error if socket is not prepped */
664 if (tunnel->sock == NULL)
665 goto end;
666 }
667
668 if (tunnel->recv_payload_hook == NULL)
669 tunnel->recv_payload_hook = pppol2tp_recv_payload_hook;
670
671 /* Check that this session doesn't already exist */
672 error = -EEXIST;
673 session = l2tp_session_find(tunnel, sp->pppol2tp.s_session);
674 if (session != NULL)
675 goto end;
676
677 /* Default MTU must allow space for UDP/L2TP/PPP
678 * headers.
679 */
680 cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
681 cfg.hdr_len = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
682 cfg.debug = tunnel->debug;
683
684 /* Allocate and initialize a new session context. */
685 session = l2tp_session_create(sizeof(struct pppol2tp_session),
686 tunnel, sp->pppol2tp.s_session,
687 sp->pppol2tp.d_session, &cfg);
688 if (session == NULL) {
689 error = -ENOMEM;
690 goto end;
691 }
692
693 ps = l2tp_session_priv(session);
694 ps->owner = current->pid;
695 ps->sock = sk;
696 ps->tunnel_sock = tunnel->sock;
697
698 session->recv_skb = pppol2tp_recv;
699 session->session_close = pppol2tp_session_close;
700
701 /* We need to know each time a skb is dropped from the reorder
702 * queue.
703 */
704 session->ref = pppol2tp_session_sock_hold;
705 session->deref = pppol2tp_session_sock_put;
706
707 /* If PMTU discovery was enabled, use the MTU that was discovered */
708 dst = sk_dst_get(sk);
709 if (dst != NULL) {
710 u32 pmtu = dst_mtu(__sk_dst_get(sk));
711 if (pmtu != 0)
712 session->mtu = session->mru = pmtu -
713 PPPOL2TP_HEADER_OVERHEAD;
714 dst_release(dst);
715 }
716
717 /* Special case: if source & dest session_id == 0x0000, this
718 * socket is being created to manage the tunnel. Just set up
719 * the internal context for use by ioctl() and sockopt()
720 * handlers.
721 */
722 if ((session->session_id == 0) &&
723 (session->peer_session_id == 0)) {
724 error = 0;
725 goto out_no_ppp;
726 }
727
728 /* The only header we need to worry about is the L2TP
729 * header. This size is different depending on whether
730 * sequence numbers are enabled for the data channel.
731 */
732 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
733
734 po->chan.private = sk;
735 po->chan.ops = &pppol2tp_chan_ops;
736 po->chan.mtu = session->mtu;
737
738 error = ppp_register_net_channel(sock_net(sk), &po->chan);
739 if (error)
740 goto end;
741
742out_no_ppp:
743 /* This is how we get the session context from the socket. */
744 sk->sk_user_data = session;
745 sk->sk_state = PPPOX_CONNECTED;
746 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
747 "%s: created\n", session->name);
748
749end:
750 release_sock(sk);
751
752 return error;
753}
754
755/* getname() support.
756 */
757static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
758 int *usockaddr_len, int peer)
759{
760 int len = sizeof(struct sockaddr_pppol2tp);
761 struct sockaddr_pppol2tp sp;
762 int error = 0;
763 struct l2tp_session *session;
764 struct l2tp_tunnel *tunnel;
765 struct sock *sk = sock->sk;
766 struct inet_sock *inet;
767 struct pppol2tp_session *pls;
768
769 error = -ENOTCONN;
770 if (sk == NULL)
771 goto end;
772 if (sk->sk_state != PPPOX_CONNECTED)
773 goto end;
774
775 error = -EBADF;
776 session = pppol2tp_sock_to_session(sk);
777 if (session == NULL)
778 goto end;
779
780 pls = l2tp_session_priv(session);
781 tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock);
782 if (tunnel == NULL) {
783 error = -EBADF;
784 goto end_put_sess;
785 }
786
787 memset(&sp, 0, len);
788 sp.sa_family = AF_PPPOX;
789 sp.sa_protocol = PX_PROTO_OL2TP;
790 sp.pppol2tp.fd = tunnel->fd;
791 sp.pppol2tp.pid = pls->owner;
792 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
793 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
794 sp.pppol2tp.s_session = session->session_id;
795 sp.pppol2tp.d_session = session->peer_session_id;
796 inet = inet_sk(sk);
797 sp.pppol2tp.addr.sin_family = AF_INET;
798 sp.pppol2tp.addr.sin_port = inet->inet_dport;
799 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
800
801 memcpy(uaddr, &sp, len);
802
803 *usockaddr_len = len;
804
805 sock_put(pls->tunnel_sock);
806end_put_sess:
807 sock_put(sk);
808 error = 0;
809
810end:
811 return error;
812}
813
814/****************************************************************************
815 * ioctl() handlers.
816 *
817 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
818 * sockets. However, in order to control kernel tunnel features, we allow
819 * userspace to create a special "tunnel" PPPoX socket which is used for
820 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
821 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
822 * calls.
823 ****************************************************************************/
824
825static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
826 struct l2tp_stats *stats)
827{
828 dest->tx_packets = stats->tx_packets;
829 dest->tx_bytes = stats->tx_bytes;
830 dest->tx_errors = stats->tx_errors;
831 dest->rx_packets = stats->rx_packets;
832 dest->rx_bytes = stats->rx_bytes;
833 dest->rx_seq_discards = stats->rx_seq_discards;
834 dest->rx_oos_packets = stats->rx_oos_packets;
835 dest->rx_errors = stats->rx_errors;
836}
837
838/* Session ioctl helper.
839 */
840static int pppol2tp_session_ioctl(struct l2tp_session *session,
841 unsigned int cmd, unsigned long arg)
842{
843 struct ifreq ifr;
844 int err = 0;
845 struct sock *sk;
846 int val = (int) arg;
847 struct pppol2tp_session *ps = l2tp_session_priv(session);
848 struct l2tp_tunnel *tunnel = session->tunnel;
849 struct pppol2tp_ioc_stats stats;
850
851 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
852 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
853 session->name, cmd, arg);
854
855 sk = ps->sock;
856 sock_hold(sk);
857
858 switch (cmd) {
859 case SIOCGIFMTU:
860 err = -ENXIO;
861 if (!(sk->sk_state & PPPOX_CONNECTED))
862 break;
863
864 err = -EFAULT;
865 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
866 break;
867 ifr.ifr_mtu = session->mtu;
868 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
869 break;
870
871 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
872 "%s: get mtu=%d\n", session->name, session->mtu);
873 err = 0;
874 break;
875
876 case SIOCSIFMTU:
877 err = -ENXIO;
878 if (!(sk->sk_state & PPPOX_CONNECTED))
879 break;
880
881 err = -EFAULT;
882 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
883 break;
884
885 session->mtu = ifr.ifr_mtu;
886
887 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
888 "%s: set mtu=%d\n", session->name, session->mtu);
889 err = 0;
890 break;
891
892 case PPPIOCGMRU:
893 err = -ENXIO;
894 if (!(sk->sk_state & PPPOX_CONNECTED))
895 break;
896
897 err = -EFAULT;
898 if (put_user(session->mru, (int __user *) arg))
899 break;
900
901 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
902 "%s: get mru=%d\n", session->name, session->mru);
903 err = 0;
904 break;
905
906 case PPPIOCSMRU:
907 err = -ENXIO;
908 if (!(sk->sk_state & PPPOX_CONNECTED))
909 break;
910
911 err = -EFAULT;
912 if (get_user(val, (int __user *) arg))
913 break;
914
915 session->mru = val;
916 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
917 "%s: set mru=%d\n", session->name, session->mru);
918 err = 0;
919 break;
920
921 case PPPIOCGFLAGS:
922 err = -EFAULT;
923 if (put_user(ps->flags, (int __user *) arg))
924 break;
925
926 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
927 "%s: get flags=%d\n", session->name, ps->flags);
928 err = 0;
929 break;
930
931 case PPPIOCSFLAGS:
932 err = -EFAULT;
933 if (get_user(val, (int __user *) arg))
934 break;
935 ps->flags = val;
936 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
937 "%s: set flags=%d\n", session->name, ps->flags);
938 err = 0;
939 break;
940
941 case PPPIOCGL2TPSTATS:
942 err = -ENXIO;
943 if (!(sk->sk_state & PPPOX_CONNECTED))
944 break;
945
946 memset(&stats, 0, sizeof(stats));
947 stats.tunnel_id = tunnel->tunnel_id;
948 stats.session_id = session->session_id;
949 pppol2tp_copy_stats(&stats, &session->stats);
950 if (copy_to_user((void __user *) arg, &stats,
951 sizeof(stats)))
952 break;
953 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
954 "%s: get L2TP stats\n", session->name);
955 err = 0;
956 break;
957
958 default:
959 err = -ENOSYS;
960 break;
961 }
962
963 sock_put(sk);
964
965 return err;
966}
967
968/* Tunnel ioctl helper.
969 *
970 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
971 * specifies a session_id, the session ioctl handler is called. This allows an
972 * application to retrieve session stats via a tunnel socket.
973 */
974static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
975 unsigned int cmd, unsigned long arg)
976{
977 int err = 0;
978 struct sock *sk;
979 struct pppol2tp_ioc_stats stats;
980
981 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
982 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
983 tunnel->name, cmd, arg);
984
985 sk = tunnel->sock;
986 sock_hold(sk);
987
988 switch (cmd) {
989 case PPPIOCGL2TPSTATS:
990 err = -ENXIO;
991 if (!(sk->sk_state & PPPOX_CONNECTED))
992 break;
993
994 if (copy_from_user(&stats, (void __user *) arg,
995 sizeof(stats))) {
996 err = -EFAULT;
997 break;
998 }
999 if (stats.session_id != 0) {
1000 /* resend to session ioctl handler */
1001 struct l2tp_session *session =
1002 l2tp_session_find(tunnel, stats.session_id);
1003 if (session != NULL)
1004 err = pppol2tp_session_ioctl(session, cmd, arg);
1005 else
1006 err = -EBADR;
1007 break;
1008 }
1009#ifdef CONFIG_XFRM
1010 stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1011#endif
1012 pppol2tp_copy_stats(&stats, &tunnel->stats);
1013 if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) {
1014 err = -EFAULT;
1015 break;
1016 }
1017 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1018 "%s: get L2TP stats\n", tunnel->name);
1019 err = 0;
1020 break;
1021
1022 default:
1023 err = -ENOSYS;
1024 break;
1025 }
1026
1027 sock_put(sk);
1028
1029 return err;
1030}
1031
1032/* Main ioctl() handler.
1033 * Dispatch to tunnel or session helpers depending on the socket.
1034 */
1035static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1036 unsigned long arg)
1037{
1038 struct sock *sk = sock->sk;
1039 struct l2tp_session *session;
1040 struct l2tp_tunnel *tunnel;
1041 struct pppol2tp_session *ps;
1042 int err;
1043
1044 if (!sk)
1045 return 0;
1046
1047 err = -EBADF;
1048 if (sock_flag(sk, SOCK_DEAD) != 0)
1049 goto end;
1050
1051 err = -ENOTCONN;
1052 if ((sk->sk_user_data == NULL) ||
1053 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1054 goto end;
1055
1056 /* Get session context from the socket */
1057 err = -EBADF;
1058 session = pppol2tp_sock_to_session(sk);
1059 if (session == NULL)
1060 goto end;
1061
1062 /* Special case: if session's session_id is zero, treat ioctl as a
1063 * tunnel ioctl
1064 */
1065 ps = l2tp_session_priv(session);
1066 if ((session->session_id == 0) &&
1067 (session->peer_session_id == 0)) {
1068 err = -EBADF;
1069 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1070 if (tunnel == NULL)
1071 goto end_put_sess;
1072
1073 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1074 sock_put(ps->tunnel_sock);
1075 goto end_put_sess;
1076 }
1077
1078 err = pppol2tp_session_ioctl(session, cmd, arg);
1079
1080end_put_sess:
1081 sock_put(sk);
1082end:
1083 return err;
1084}
1085
1086/*****************************************************************************
1087 * setsockopt() / getsockopt() support.
1088 *
1089 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1090 * sockets. In order to control kernel tunnel features, we allow userspace to
1091 * create a special "tunnel" PPPoX socket which is used for control only.
1092 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1093 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1094 *****************************************************************************/
1095
1096/* Tunnel setsockopt() helper.
1097 */
1098static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1099 struct l2tp_tunnel *tunnel,
1100 int optname, int val)
1101{
1102 int err = 0;
1103
1104 switch (optname) {
1105 case PPPOL2TP_SO_DEBUG:
1106 tunnel->debug = val;
1107 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1108 "%s: set debug=%x\n", tunnel->name, tunnel->debug);
1109 break;
1110
1111 default:
1112 err = -ENOPROTOOPT;
1113 break;
1114 }
1115
1116 return err;
1117}
1118
1119/* Session setsockopt helper.
1120 */
1121static int pppol2tp_session_setsockopt(struct sock *sk,
1122 struct l2tp_session *session,
1123 int optname, int val)
1124{
1125 int err = 0;
1126 struct pppol2tp_session *ps = l2tp_session_priv(session);
1127
1128 switch (optname) {
1129 case PPPOL2TP_SO_RECVSEQ:
1130 if ((val != 0) && (val != 1)) {
1131 err = -EINVAL;
1132 break;
1133 }
1134 session->recv_seq = val ? -1 : 0;
1135 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1136 "%s: set recv_seq=%d\n", session->name, session->recv_seq);
1137 break;
1138
1139 case PPPOL2TP_SO_SENDSEQ:
1140 if ((val != 0) && (val != 1)) {
1141 err = -EINVAL;
1142 break;
1143 }
1144 session->send_seq = val ? -1 : 0;
1145 {
1146 struct sock *ssk = ps->sock;
1147 struct pppox_sock *po = pppox_sk(ssk);
1148 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1149 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1150 }
1151 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1152 "%s: set send_seq=%d\n", session->name, session->send_seq);
1153 break;
1154
1155 case PPPOL2TP_SO_LNSMODE:
1156 if ((val != 0) && (val != 1)) {
1157 err = -EINVAL;
1158 break;
1159 }
1160 session->lns_mode = val ? -1 : 0;
1161 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1162 "%s: set lns_mode=%d\n", session->name, session->lns_mode);
1163 break;
1164
1165 case PPPOL2TP_SO_DEBUG:
1166 session->debug = val;
1167 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1168 "%s: set debug=%x\n", session->name, session->debug);
1169 break;
1170
1171 case PPPOL2TP_SO_REORDERTO:
1172 session->reorder_timeout = msecs_to_jiffies(val);
1173 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1174 "%s: set reorder_timeout=%d\n", session->name, session->reorder_timeout);
1175 break;
1176
1177 default:
1178 err = -ENOPROTOOPT;
1179 break;
1180 }
1181
1182 return err;
1183}
1184
1185/* Main setsockopt() entry point.
1186 * Does API checks, then calls either the tunnel or session setsockopt
1187 * handler, according to whether the PPPoL2TP socket is a for a regular
1188 * session or the special tunnel type.
1189 */
1190static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1191 char __user *optval, unsigned int optlen)
1192{
1193 struct sock *sk = sock->sk;
1194 struct l2tp_session *session;
1195 struct l2tp_tunnel *tunnel;
1196 struct pppol2tp_session *ps;
1197 int val;
1198 int err;
1199
1200 if (level != SOL_PPPOL2TP)
1201 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
1202
1203 if (optlen < sizeof(int))
1204 return -EINVAL;
1205
1206 if (get_user(val, (int __user *)optval))
1207 return -EFAULT;
1208
1209 err = -ENOTCONN;
1210 if (sk->sk_user_data == NULL)
1211 goto end;
1212
1213 /* Get session context from the socket */
1214 err = -EBADF;
1215 session = pppol2tp_sock_to_session(sk);
1216 if (session == NULL)
1217 goto end;
1218
1219 /* Special case: if session_id == 0x0000, treat as operation on tunnel
1220 */
1221 ps = l2tp_session_priv(session);
1222 if ((session->session_id == 0) &&
1223 (session->peer_session_id == 0)) {
1224 err = -EBADF;
1225 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1226 if (tunnel == NULL)
1227 goto end_put_sess;
1228
1229 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1230 sock_put(ps->tunnel_sock);
1231 } else
1232 err = pppol2tp_session_setsockopt(sk, session, optname, val);
1233
1234 err = 0;
1235
1236end_put_sess:
1237 sock_put(sk);
1238end:
1239 return err;
1240}
1241
1242/* Tunnel getsockopt helper. Called with sock locked.
1243 */
1244static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1245 struct l2tp_tunnel *tunnel,
1246 int optname, int *val)
1247{
1248 int err = 0;
1249
1250 switch (optname) {
1251 case PPPOL2TP_SO_DEBUG:
1252 *val = tunnel->debug;
1253 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1254 "%s: get debug=%x\n", tunnel->name, tunnel->debug);
1255 break;
1256
1257 default:
1258 err = -ENOPROTOOPT;
1259 break;
1260 }
1261
1262 return err;
1263}
1264
1265/* Session getsockopt helper. Called with sock locked.
1266 */
1267static int pppol2tp_session_getsockopt(struct sock *sk,
1268 struct l2tp_session *session,
1269 int optname, int *val)
1270{
1271 int err = 0;
1272
1273 switch (optname) {
1274 case PPPOL2TP_SO_RECVSEQ:
1275 *val = session->recv_seq;
1276 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1277 "%s: get recv_seq=%d\n", session->name, *val);
1278 break;
1279
1280 case PPPOL2TP_SO_SENDSEQ:
1281 *val = session->send_seq;
1282 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1283 "%s: get send_seq=%d\n", session->name, *val);
1284 break;
1285
1286 case PPPOL2TP_SO_LNSMODE:
1287 *val = session->lns_mode;
1288 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1289 "%s: get lns_mode=%d\n", session->name, *val);
1290 break;
1291
1292 case PPPOL2TP_SO_DEBUG:
1293 *val = session->debug;
1294 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1295 "%s: get debug=%d\n", session->name, *val);
1296 break;
1297
1298 case PPPOL2TP_SO_REORDERTO:
1299 *val = (int) jiffies_to_msecs(session->reorder_timeout);
1300 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1301 "%s: get reorder_timeout=%d\n", session->name, *val);
1302 break;
1303
1304 default:
1305 err = -ENOPROTOOPT;
1306 }
1307
1308 return err;
1309}
1310
1311/* Main getsockopt() entry point.
1312 * Does API checks, then calls either the tunnel or session getsockopt
1313 * handler, according to whether the PPPoX socket is a for a regular session
1314 * or the special tunnel type.
1315 */
1316static int pppol2tp_getsockopt(struct socket *sock, int level,
1317 int optname, char __user *optval, int __user *optlen)
1318{
1319 struct sock *sk = sock->sk;
1320 struct l2tp_session *session;
1321 struct l2tp_tunnel *tunnel;
1322 int val, len;
1323 int err;
1324 struct pppol2tp_session *ps;
1325
1326 if (level != SOL_PPPOL2TP)
1327 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1328
1329 if (get_user(len, (int __user *) optlen))
1330 return -EFAULT;
1331
1332 len = min_t(unsigned int, len, sizeof(int));
1333
1334 if (len < 0)
1335 return -EINVAL;
1336
1337 err = -ENOTCONN;
1338 if (sk->sk_user_data == NULL)
1339 goto end;
1340
1341 /* Get the session context */
1342 err = -EBADF;
1343 session = pppol2tp_sock_to_session(sk);
1344 if (session == NULL)
1345 goto end;
1346
1347 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1348 ps = l2tp_session_priv(session);
1349 if ((session->session_id == 0) &&
1350 (session->peer_session_id == 0)) {
1351 err = -EBADF;
1352 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1353 if (tunnel == NULL)
1354 goto end_put_sess;
1355
1356 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1357 sock_put(ps->tunnel_sock);
1358 } else
1359 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1360
1361 err = -EFAULT;
1362 if (put_user(len, (int __user *) optlen))
1363 goto end_put_sess;
1364
1365 if (copy_to_user((void __user *) optval, &val, len))
1366 goto end_put_sess;
1367
1368 err = 0;
1369
1370end_put_sess:
1371 sock_put(sk);
1372end:
1373 return err;
1374}
1375
1376/*****************************************************************************
1377 * /proc filesystem for debug
1378 *****************************************************************************/
1379
1380static unsigned int pppol2tp_net_id;
1381
1382#ifdef CONFIG_PROC_FS
1383
1384struct pppol2tp_seq_data {
1385 struct seq_net_private p;
1386 int tunnel_idx; /* current tunnel */
1387 int session_idx; /* index of session within current tunnel */
1388 struct l2tp_tunnel *tunnel;
1389 struct l2tp_session *session; /* NULL means get next tunnel */
1390};
1391
1392static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1393{
1394 pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx);
1395 pd->tunnel_idx++;
1396}
1397
1398static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1399{
1400 pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
1401 pd->session_idx++;
1402 if (pd->session == NULL) {
1403 pd->session_idx = 0;
1404 pppol2tp_next_tunnel(net, pd);
1405 }
1406}
1407
1408static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1409{
1410 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1411 loff_t pos = *offs;
1412 struct net *net;
1413
1414 if (!pos)
1415 goto out;
1416
1417 BUG_ON(m->private == NULL);
1418 pd = m->private;
1419 net = seq_file_net(m);
1420
1421 if (pd->tunnel == NULL)
1422 pppol2tp_next_tunnel(net, pd);
1423 else
1424 pppol2tp_next_session(net, pd);
1425
1426 /* NULL tunnel and session indicates end of list */
1427 if ((pd->tunnel == NULL) && (pd->session == NULL))
1428 pd = NULL;
1429
1430out:
1431 return pd;
1432}
1433
1434static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1435{
1436 (*pos)++;
1437 return NULL;
1438}
1439
1440static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1441{
1442 /* nothing to do */
1443}
1444
1445static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1446{
1447 struct l2tp_tunnel *tunnel = v;
1448
1449 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1450 tunnel->name,
1451 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1452 atomic_read(&tunnel->ref_count) - 1);
1453 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
1454 tunnel->debug,
1455 (unsigned long long)tunnel->stats.tx_packets,
1456 (unsigned long long)tunnel->stats.tx_bytes,
1457 (unsigned long long)tunnel->stats.tx_errors,
1458 (unsigned long long)tunnel->stats.rx_packets,
1459 (unsigned long long)tunnel->stats.rx_bytes,
1460 (unsigned long long)tunnel->stats.rx_errors);
1461}
1462
1463static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1464{
1465 struct l2tp_session *session = v;
1466 struct l2tp_tunnel *tunnel = session->tunnel;
1467 struct pppol2tp_session *ps = l2tp_session_priv(session);
1468 u32 ip = 0;
1469 u16 port = 0;
1470
1471 if (tunnel->sock) {
1472 struct inet_sock *inet = inet_sk(tunnel->sock);
1473 ip = ntohl(inet->inet_saddr);
1474 port = ntohs(inet->inet_sport);
1475 }
1476
1477 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
1478 "%04X/%04X %d %c\n",
1479 session->name, ip, port,
1480 tunnel->tunnel_id,
1481 session->session_id,
1482 tunnel->peer_tunnel_id,
1483 session->peer_session_id,
1484 ps->sock->sk_state,
1485 (session == ps->sock->sk_user_data) ?
1486 'Y' : 'N');
1487 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
1488 session->mtu, session->mru,
1489 session->recv_seq ? 'R' : '-',
1490 session->send_seq ? 'S' : '-',
1491 session->lns_mode ? "LNS" : "LAC",
1492 session->debug,
1493 jiffies_to_msecs(session->reorder_timeout));
1494 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
1495 session->nr, session->ns,
1496 (unsigned long long)session->stats.tx_packets,
1497 (unsigned long long)session->stats.tx_bytes,
1498 (unsigned long long)session->stats.tx_errors,
1499 (unsigned long long)session->stats.rx_packets,
1500 (unsigned long long)session->stats.rx_bytes,
1501 (unsigned long long)session->stats.rx_errors);
1502}
1503
1504static int pppol2tp_seq_show(struct seq_file *m, void *v)
1505{
1506 struct pppol2tp_seq_data *pd = v;
1507
1508 /* display header on line 1 */
1509 if (v == SEQ_START_TOKEN) {
1510 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1511 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1512 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1513 seq_puts(m, " SESSION name, addr/port src-tid/sid "
1514 "dest-tid/sid state user-data-ok\n");
1515 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1516 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1517 goto out;
1518 }
1519
1520 /* Show the tunnel or session context.
1521 */
1522 if (pd->session == NULL)
1523 pppol2tp_seq_tunnel_show(m, pd->tunnel);
1524 else
1525 pppol2tp_seq_session_show(m, pd->session);
1526
1527out:
1528 return 0;
1529}
1530
1531static const struct seq_operations pppol2tp_seq_ops = {
1532 .start = pppol2tp_seq_start,
1533 .next = pppol2tp_seq_next,
1534 .stop = pppol2tp_seq_stop,
1535 .show = pppol2tp_seq_show,
1536};
1537
1538/* Called when our /proc file is opened. We allocate data for use when
1539 * iterating our tunnel / session contexts and store it in the private
1540 * data of the seq_file.
1541 */
1542static int pppol2tp_proc_open(struct inode *inode, struct file *file)
1543{
1544 return seq_open_net(inode, file, &pppol2tp_seq_ops,
1545 sizeof(struct pppol2tp_seq_data));
1546}
1547
1548static const struct file_operations pppol2tp_proc_fops = {
1549 .owner = THIS_MODULE,
1550 .open = pppol2tp_proc_open,
1551 .read = seq_read,
1552 .llseek = seq_lseek,
1553 .release = seq_release_net,
1554};
1555
1556#endif /* CONFIG_PROC_FS */
1557
1558/*****************************************************************************
1559 * Network namespace
1560 *****************************************************************************/
1561
1562static __net_init int pppol2tp_init_net(struct net *net)
1563{
1564 struct proc_dir_entry *pde;
1565 int err = 0;
1566
1567 pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
1568 if (!pde) {
1569 err = -ENOMEM;
1570 goto out;
1571 }
1572
1573out:
1574 return err;
1575}
1576
1577static __net_exit void pppol2tp_exit_net(struct net *net)
1578{
1579 proc_net_remove(net, "pppol2tp");
1580}
1581
1582static struct pernet_operations pppol2tp_net_ops = {
1583 .init = pppol2tp_init_net,
1584 .exit = pppol2tp_exit_net,
1585 .id = &pppol2tp_net_id,
1586};
1587
1588/*****************************************************************************
1589 * Init and cleanup
1590 *****************************************************************************/
1591
1592static const struct proto_ops pppol2tp_ops = {
1593 .family = AF_PPPOX,
1594 .owner = THIS_MODULE,
1595 .release = pppol2tp_release,
1596 .bind = sock_no_bind,
1597 .connect = pppol2tp_connect,
1598 .socketpair = sock_no_socketpair,
1599 .accept = sock_no_accept,
1600 .getname = pppol2tp_getname,
1601 .poll = datagram_poll,
1602 .listen = sock_no_listen,
1603 .shutdown = sock_no_shutdown,
1604 .setsockopt = pppol2tp_setsockopt,
1605 .getsockopt = pppol2tp_getsockopt,
1606 .sendmsg = pppol2tp_sendmsg,
1607 .recvmsg = pppol2tp_recvmsg,
1608 .mmap = sock_no_mmap,
1609 .ioctl = pppox_ioctl,
1610};
1611
1612static struct pppox_proto pppol2tp_proto = {
1613 .create = pppol2tp_create,
1614 .ioctl = pppol2tp_ioctl
1615};
1616
1617static int __init pppol2tp_init(void)
1618{
1619 int err;
1620
1621 err = register_pernet_device(&pppol2tp_net_ops);
1622 if (err)
1623 goto out;
1624
1625 err = proto_register(&pppol2tp_sk_proto, 0);
1626 if (err)
1627 goto out_unregister_pppol2tp_pernet;
1628
1629 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1630 if (err)
1631 goto out_unregister_pppol2tp_proto;
1632
1633 printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
1634 PPPOL2TP_DRV_VERSION);
1635
1636out:
1637 return err;
1638out_unregister_pppol2tp_proto:
1639 proto_unregister(&pppol2tp_sk_proto);
1640out_unregister_pppol2tp_pernet:
1641 unregister_pernet_device(&pppol2tp_net_ops);
1642 goto out;
1643}
1644
1645static void __exit pppol2tp_exit(void)
1646{
1647 unregister_pppox_proto(PX_PROTO_OL2TP);
1648 proto_unregister(&pppol2tp_sk_proto);
1649 unregister_pernet_device(&pppol2tp_net_ops);
1650}
1651
1652module_init(pppol2tp_init);
1653module_exit(pppol2tp_exit);
1654
1655MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1656MODULE_DESCRIPTION("PPP over L2TP over UDP");
1657MODULE_LICENSE("GPL");
1658MODULE_VERSION(PPPOL2TP_DRV_VERSION);
diff --git a/net/l2tp/pppol2tp.c b/net/l2tp/pppol2tp.c
deleted file mode 100644
index 449a9825200d..000000000000
--- a/net/l2tp/pppol2tp.c
+++ /dev/null
@@ -1,2680 +0,0 @@
1/*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6 *
7 * Version: 1.0.0
8 *
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
15 *
16 * License:
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version
20 * 2 of the License, or (at your option) any later version.
21 *
22 */
23
24/* This driver handles only L2TP data frames; control frames are handled by a
25 * userspace application.
26 *
27 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
28 * attaches it to a bound UDP socket with local tunnel_id / session_id and
29 * peer tunnel_id / session_id set. Data can then be sent or received using
30 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
31 * can be read or modified using ioctl() or [gs]etsockopt() calls.
32 *
33 * When a PPPoL2TP socket is connected with local and peer session_id values
34 * zero, the socket is treated as a special tunnel management socket.
35 *
36 * Here's example userspace code to create a socket for sending/receiving data
37 * over an L2TP session:-
38 *
39 * struct sockaddr_pppol2tp sax;
40 * int fd;
41 * int session_fd;
42 *
43 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
44 *
45 * sax.sa_family = AF_PPPOX;
46 * sax.sa_protocol = PX_PROTO_OL2TP;
47 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
48 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
49 * sax.pppol2tp.addr.sin_port = addr->sin_port;
50 * sax.pppol2tp.addr.sin_family = AF_INET;
51 * sax.pppol2tp.s_tunnel = tunnel_id;
52 * sax.pppol2tp.s_session = session_id;
53 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
54 * sax.pppol2tp.d_session = peer_session_id;
55 *
56 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
57 *
58 * A pppd plugin that allows PPP traffic to be carried over L2TP using
59 * this driver is available from the OpenL2TP project at
60 * http://openl2tp.sourceforge.net.
61 */
62
63#include <linux/module.h>
64#include <linux/string.h>
65#include <linux/list.h>
66#include <asm/uaccess.h>
67
68#include <linux/kernel.h>
69#include <linux/spinlock.h>
70#include <linux/kthread.h>
71#include <linux/sched.h>
72#include <linux/slab.h>
73#include <linux/errno.h>
74#include <linux/jiffies.h>
75
76#include <linux/netdevice.h>
77#include <linux/net.h>
78#include <linux/inetdevice.h>
79#include <linux/skbuff.h>
80#include <linux/init.h>
81#include <linux/ip.h>
82#include <linux/udp.h>
83#include <linux/if_pppox.h>
84#include <linux/if_pppol2tp.h>
85#include <net/sock.h>
86#include <linux/ppp_channel.h>
87#include <linux/ppp_defs.h>
88#include <linux/if_ppp.h>
89#include <linux/file.h>
90#include <linux/hash.h>
91#include <linux/sort.h>
92#include <linux/proc_fs.h>
93#include <linux/nsproxy.h>
94#include <net/net_namespace.h>
95#include <net/netns/generic.h>
96#include <net/dst.h>
97#include <net/ip.h>
98#include <net/udp.h>
99#include <net/xfrm.h>
100
101#include <asm/byteorder.h>
102#include <asm/atomic.h>
103
104
105#define PPPOL2TP_DRV_VERSION "V1.0"
106
107/* L2TP header constants */
108#define L2TP_HDRFLAG_T 0x8000
109#define L2TP_HDRFLAG_L 0x4000
110#define L2TP_HDRFLAG_S 0x0800
111#define L2TP_HDRFLAG_O 0x0200
112#define L2TP_HDRFLAG_P 0x0100
113
114#define L2TP_HDR_VER_MASK 0x000F
115#define L2TP_HDR_VER 0x0002
116
117/* Space for UDP, L2TP and PPP headers */
118#define PPPOL2TP_HEADER_OVERHEAD 40
119
120/* Just some random numbers */
121#define L2TP_TUNNEL_MAGIC 0x42114DDA
122#define L2TP_SESSION_MAGIC 0x0C04EB7D
123
124#define PPPOL2TP_HASH_BITS 4
125#define PPPOL2TP_HASH_SIZE (1 << PPPOL2TP_HASH_BITS)
126
127/* Default trace flags */
128#define PPPOL2TP_DEFAULT_DEBUG_FLAGS 0
129
130#define PRINTK(_mask, _type, _lvl, _fmt, args...) \
131 do { \
132 if ((_mask) & (_type)) \
133 printk(_lvl "PPPOL2TP: " _fmt, ##args); \
134 } while(0)
135
136/* Number of bytes to build transmit L2TP headers.
137 * Unfortunately the size is different depending on whether sequence numbers
138 * are enabled.
139 */
140#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
141#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
142
143struct pppol2tp_tunnel;
144
145/* Describes a session. It is the sk_user_data field in the PPPoL2TP
146 * socket. Contains information to determine incoming packets and transmit
147 * outgoing ones.
148 */
149struct pppol2tp_session
150{
151 int magic; /* should be
152 * L2TP_SESSION_MAGIC */
153 int owner; /* pid that opened the socket */
154
155 struct sock *sock; /* Pointer to the session
156 * PPPoX socket */
157 struct sock *tunnel_sock; /* Pointer to the tunnel UDP
158 * socket */
159
160 struct pppol2tp_addr tunnel_addr; /* Description of tunnel */
161
162 struct pppol2tp_tunnel *tunnel; /* back pointer to tunnel
163 * context */
164
165 char name[20]; /* "sess xxxxx/yyyyy", where
166 * x=tunnel_id, y=session_id */
167 int mtu;
168 int mru;
169 int flags; /* accessed by PPPIOCGFLAGS.
170 * Unused. */
171 unsigned recv_seq:1; /* expect receive packets with
172 * sequence numbers? */
173 unsigned send_seq:1; /* send packets with sequence
174 * numbers? */
175 unsigned lns_mode:1; /* behave as LNS? LAC enables
176 * sequence numbers under
177 * control of LNS. */
178 int debug; /* bitmask of debug message
179 * categories */
180 int reorder_timeout; /* configured reorder timeout
181 * (in jiffies) */
182 u16 nr; /* session NR state (receive) */
183 u16 ns; /* session NR state (send) */
184 struct sk_buff_head reorder_q; /* receive reorder queue */
185 struct pppol2tp_ioc_stats stats;
186 struct hlist_node hlist; /* Hash list node */
187};
188
189/* The sk_user_data field of the tunnel's UDP socket. It contains info to track
190 * all the associated sessions so incoming packets can be sorted out
191 */
192struct pppol2tp_tunnel
193{
194 int magic; /* Should be L2TP_TUNNEL_MAGIC */
195 rwlock_t hlist_lock; /* protect session_hlist */
196 struct hlist_head session_hlist[PPPOL2TP_HASH_SIZE];
197 /* hashed list of sessions,
198 * hashed by id */
199 int debug; /* bitmask of debug message
200 * categories */
201 char name[12]; /* "tunl xxxxx" */
202 struct pppol2tp_ioc_stats stats;
203
204 void (*old_sk_destruct)(struct sock *);
205
206 struct sock *sock; /* Parent socket */
207 struct list_head list; /* Keep a list of all open
208 * prepared sockets */
209 struct net *pppol2tp_net; /* the net we belong to */
210
211 atomic_t ref_count;
212};
213
214/* Private data stored for received packets in the skb.
215 */
216struct pppol2tp_skb_cb {
217 u16 ns;
218 u16 nr;
219 u16 has_seq;
220 u16 length;
221 unsigned long expires;
222};
223
224#define PPPOL2TP_SKB_CB(skb) ((struct pppol2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
225
226static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
227static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel);
228
229static atomic_t pppol2tp_tunnel_count;
230static atomic_t pppol2tp_session_count;
231static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
232static const struct proto_ops pppol2tp_ops;
233
234/* per-net private data for this module */
235static int pppol2tp_net_id __read_mostly;
236struct pppol2tp_net {
237 struct list_head pppol2tp_tunnel_list;
238 rwlock_t pppol2tp_tunnel_list_lock;
239};
240
241static inline struct pppol2tp_net *pppol2tp_pernet(struct net *net)
242{
243 BUG_ON(!net);
244
245 return net_generic(net, pppol2tp_net_id);
246}
247
248/* Helpers to obtain tunnel/session contexts from sockets.
249 */
250static inline struct pppol2tp_session *pppol2tp_sock_to_session(struct sock *sk)
251{
252 struct pppol2tp_session *session;
253
254 if (sk == NULL)
255 return NULL;
256
257 sock_hold(sk);
258 session = (struct pppol2tp_session *)(sk->sk_user_data);
259 if (session == NULL) {
260 sock_put(sk);
261 goto out;
262 }
263
264 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
265out:
266 return session;
267}
268
269static inline struct pppol2tp_tunnel *pppol2tp_sock_to_tunnel(struct sock *sk)
270{
271 struct pppol2tp_tunnel *tunnel;
272
273 if (sk == NULL)
274 return NULL;
275
276 sock_hold(sk);
277 tunnel = (struct pppol2tp_tunnel *)(sk->sk_user_data);
278 if (tunnel == NULL) {
279 sock_put(sk);
280 goto out;
281 }
282
283 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
284out:
285 return tunnel;
286}
287
288/* Tunnel reference counts. Incremented per session that is added to
289 * the tunnel.
290 */
291static inline void pppol2tp_tunnel_inc_refcount(struct pppol2tp_tunnel *tunnel)
292{
293 atomic_inc(&tunnel->ref_count);
294}
295
296static inline void pppol2tp_tunnel_dec_refcount(struct pppol2tp_tunnel *tunnel)
297{
298 if (atomic_dec_and_test(&tunnel->ref_count))
299 pppol2tp_tunnel_free(tunnel);
300}
301
302/* Session hash list.
303 * The session_id SHOULD be random according to RFC2661, but several
304 * L2TP implementations (Cisco and Microsoft) use incrementing
305 * session_ids. So we do a real hash on the session_id, rather than a
306 * simple bitmask.
307 */
308static inline struct hlist_head *
309pppol2tp_session_id_hash(struct pppol2tp_tunnel *tunnel, u16 session_id)
310{
311 unsigned long hash_val = (unsigned long) session_id;
312 return &tunnel->session_hlist[hash_long(hash_val, PPPOL2TP_HASH_BITS)];
313}
314
315/* Lookup a session by id
316 */
317static struct pppol2tp_session *
318pppol2tp_session_find(struct pppol2tp_tunnel *tunnel, u16 session_id)
319{
320 struct hlist_head *session_list =
321 pppol2tp_session_id_hash(tunnel, session_id);
322 struct pppol2tp_session *session;
323 struct hlist_node *walk;
324
325 read_lock_bh(&tunnel->hlist_lock);
326 hlist_for_each_entry(session, walk, session_list, hlist) {
327 if (session->tunnel_addr.s_session == session_id) {
328 read_unlock_bh(&tunnel->hlist_lock);
329 return session;
330 }
331 }
332 read_unlock_bh(&tunnel->hlist_lock);
333
334 return NULL;
335}
336
337/* Lookup a tunnel by id
338 */
339static struct pppol2tp_tunnel *pppol2tp_tunnel_find(struct net *net, u16 tunnel_id)
340{
341 struct pppol2tp_tunnel *tunnel;
342 struct pppol2tp_net *pn = pppol2tp_pernet(net);
343
344 read_lock_bh(&pn->pppol2tp_tunnel_list_lock);
345 list_for_each_entry(tunnel, &pn->pppol2tp_tunnel_list, list) {
346 if (tunnel->stats.tunnel_id == tunnel_id) {
347 read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
348 return tunnel;
349 }
350 }
351 read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
352
353 return NULL;
354}
355
356/*****************************************************************************
357 * Receive data handling
358 *****************************************************************************/
359
360/* Queue a skb in order. We come here only if the skb has an L2TP sequence
361 * number.
362 */
363static void pppol2tp_recv_queue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
364{
365 struct sk_buff *skbp;
366 struct sk_buff *tmp;
367 u16 ns = PPPOL2TP_SKB_CB(skb)->ns;
368
369 spin_lock_bh(&session->reorder_q.lock);
370 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
371 if (PPPOL2TP_SKB_CB(skbp)->ns > ns) {
372 __skb_queue_before(&session->reorder_q, skbp, skb);
373 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
374 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
375 session->name, ns, PPPOL2TP_SKB_CB(skbp)->ns,
376 skb_queue_len(&session->reorder_q));
377 session->stats.rx_oos_packets++;
378 goto out;
379 }
380 }
381
382 __skb_queue_tail(&session->reorder_q, skb);
383
384out:
385 spin_unlock_bh(&session->reorder_q.lock);
386}
387
388/* Dequeue a single skb.
389 */
390static void pppol2tp_recv_dequeue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
391{
392 struct pppol2tp_tunnel *tunnel = session->tunnel;
393 int length = PPPOL2TP_SKB_CB(skb)->length;
394 struct sock *session_sock = NULL;
395
396 /* We're about to requeue the skb, so return resources
397 * to its current owner (a socket receive buffer).
398 */
399 skb_orphan(skb);
400
401 tunnel->stats.rx_packets++;
402 tunnel->stats.rx_bytes += length;
403 session->stats.rx_packets++;
404 session->stats.rx_bytes += length;
405
406 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
407 /* Bump our Nr */
408 session->nr++;
409 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
410 "%s: updated nr to %hu\n", session->name, session->nr);
411 }
412
413 /* If the socket is bound, send it in to PPP's input queue. Otherwise
414 * queue it on the session socket.
415 */
416 session_sock = session->sock;
417 if (session_sock->sk_state & PPPOX_BOUND) {
418 struct pppox_sock *po;
419 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
420 "%s: recv %d byte data frame, passing to ppp\n",
421 session->name, length);
422
423 /* We need to forget all info related to the L2TP packet
424 * gathered in the skb as we are going to reuse the same
425 * skb for the inner packet.
426 * Namely we need to:
427 * - reset xfrm (IPSec) information as it applies to
428 * the outer L2TP packet and not to the inner one
429 * - release the dst to force a route lookup on the inner
430 * IP packet since skb->dst currently points to the dst
431 * of the UDP tunnel
432 * - reset netfilter information as it doesn't apply
433 * to the inner packet either
434 */
435 secpath_reset(skb);
436 skb_dst_drop(skb);
437 nf_reset(skb);
438
439 po = pppox_sk(session_sock);
440 ppp_input(&po->chan, skb);
441 } else {
442 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
443 "%s: socket not bound\n", session->name);
444
445 /* Not bound. Nothing we can do, so discard. */
446 session->stats.rx_errors++;
447 kfree_skb(skb);
448 }
449
450 sock_put(session->sock);
451}
452
453/* Dequeue skbs from the session's reorder_q, subject to packet order.
454 * Skbs that have been in the queue for too long are simply discarded.
455 */
456static void pppol2tp_recv_dequeue(struct pppol2tp_session *session)
457{
458 struct sk_buff *skb;
459 struct sk_buff *tmp;
460
461 /* If the pkt at the head of the queue has the nr that we
462 * expect to send up next, dequeue it and any other
463 * in-sequence packets behind it.
464 */
465 spin_lock_bh(&session->reorder_q.lock);
466 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
467 if (time_after(jiffies, PPPOL2TP_SKB_CB(skb)->expires)) {
468 session->stats.rx_seq_discards++;
469 session->stats.rx_errors++;
470 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
471 "%s: oos pkt %hu len %d discarded (too old), "
472 "waiting for %hu, reorder_q_len=%d\n",
473 session->name, PPPOL2TP_SKB_CB(skb)->ns,
474 PPPOL2TP_SKB_CB(skb)->length, session->nr,
475 skb_queue_len(&session->reorder_q));
476 __skb_unlink(skb, &session->reorder_q);
477 kfree_skb(skb);
478 sock_put(session->sock);
479 continue;
480 }
481
482 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
483 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
484 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
485 "%s: holding oos pkt %hu len %d, "
486 "waiting for %hu, reorder_q_len=%d\n",
487 session->name, PPPOL2TP_SKB_CB(skb)->ns,
488 PPPOL2TP_SKB_CB(skb)->length, session->nr,
489 skb_queue_len(&session->reorder_q));
490 goto out;
491 }
492 }
493 __skb_unlink(skb, &session->reorder_q);
494
495 /* Process the skb. We release the queue lock while we
496 * do so to let other contexts process the queue.
497 */
498 spin_unlock_bh(&session->reorder_q.lock);
499 pppol2tp_recv_dequeue_skb(session, skb);
500 spin_lock_bh(&session->reorder_q.lock);
501 }
502
503out:
504 spin_unlock_bh(&session->reorder_q.lock);
505}
506
507static inline int pppol2tp_verify_udp_checksum(struct sock *sk,
508 struct sk_buff *skb)
509{
510 struct udphdr *uh = udp_hdr(skb);
511 u16 ulen = ntohs(uh->len);
512 struct inet_sock *inet;
513 __wsum psum;
514
515 if (sk->sk_no_check || skb_csum_unnecessary(skb) || !uh->check)
516 return 0;
517
518 inet = inet_sk(sk);
519 psum = csum_tcpudp_nofold(inet->inet_saddr, inet->inet_daddr, ulen,
520 IPPROTO_UDP, 0);
521
522 if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
523 !csum_fold(csum_add(psum, skb->csum)))
524 return 0;
525
526 skb->csum = psum;
527
528 return __skb_checksum_complete(skb);
529}
530
531/* Internal receive frame. Do the real work of receiving an L2TP data frame
532 * here. The skb is not on a list when we get here.
533 * Returns 0 if the packet was a data packet and was successfully passed on.
534 * Returns 1 if the packet was not a good data packet and could not be
535 * forwarded. All such packets are passed up to userspace to deal with.
536 */
537static int pppol2tp_recv_core(struct sock *sock, struct sk_buff *skb)
538{
539 struct pppol2tp_session *session = NULL;
540 struct pppol2tp_tunnel *tunnel;
541 unsigned char *ptr, *optr;
542 u16 hdrflags;
543 u16 tunnel_id, session_id;
544 int length;
545 int offset;
546
547 tunnel = pppol2tp_sock_to_tunnel(sock);
548 if (tunnel == NULL)
549 goto no_tunnel;
550
551 if (tunnel->sock && pppol2tp_verify_udp_checksum(tunnel->sock, skb))
552 goto discard_bad_csum;
553
554 /* UDP always verifies the packet length. */
555 __skb_pull(skb, sizeof(struct udphdr));
556
557 /* Short packet? */
558 if (!pskb_may_pull(skb, 12)) {
559 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
560 "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
561 goto error;
562 }
563
564 /* Point to L2TP header */
565 optr = ptr = skb->data;
566
567 /* Get L2TP header flags */
568 hdrflags = ntohs(*(__be16*)ptr);
569
570 /* Trace packet contents, if enabled */
571 if (tunnel->debug & PPPOL2TP_MSG_DATA) {
572 length = min(16u, skb->len);
573 if (!pskb_may_pull(skb, length))
574 goto error;
575
576 printk(KERN_DEBUG "%s: recv: ", tunnel->name);
577
578 offset = 0;
579 do {
580 printk(" %02X", ptr[offset]);
581 } while (++offset < length);
582
583 printk("\n");
584 }
585
586 /* Get length of L2TP packet */
587 length = skb->len;
588
589 /* If type is control packet, it is handled by userspace. */
590 if (hdrflags & L2TP_HDRFLAG_T) {
591 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
592 "%s: recv control packet, len=%d\n", tunnel->name, length);
593 goto error;
594 }
595
596 /* Skip flags */
597 ptr += 2;
598
599 /* If length is present, skip it */
600 if (hdrflags & L2TP_HDRFLAG_L)
601 ptr += 2;
602
603 /* Extract tunnel and session ID */
604 tunnel_id = ntohs(*(__be16 *) ptr);
605 ptr += 2;
606 session_id = ntohs(*(__be16 *) ptr);
607 ptr += 2;
608
609 /* Find the session context */
610 session = pppol2tp_session_find(tunnel, session_id);
611 if (!session) {
612 /* Not found? Pass to userspace to deal with */
613 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
614 "%s: no socket found (%hu/%hu). Passing up.\n",
615 tunnel->name, tunnel_id, session_id);
616 goto error;
617 }
618 sock_hold(session->sock);
619
620 /* The ref count on the socket was increased by the above call since
621 * we now hold a pointer to the session. Take care to do sock_put()
622 * when exiting this function from now on...
623 */
624
625 /* Handle the optional sequence numbers. If we are the LAC,
626 * enable/disable sequence numbers under the control of the LNS. If
627 * no sequence numbers present but we were expecting them, discard
628 * frame.
629 */
630 if (hdrflags & L2TP_HDRFLAG_S) {
631 u16 ns, nr;
632 ns = ntohs(*(__be16 *) ptr);
633 ptr += 2;
634 nr = ntohs(*(__be16 *) ptr);
635 ptr += 2;
636
637 /* Received a packet with sequence numbers. If we're the LNS,
638 * check if we sre sending sequence numbers and if not,
639 * configure it so.
640 */
641 if ((!session->lns_mode) && (!session->send_seq)) {
642 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
643 "%s: requested to enable seq numbers by LNS\n",
644 session->name);
645 session->send_seq = -1;
646 }
647
648 /* Store L2TP info in the skb */
649 PPPOL2TP_SKB_CB(skb)->ns = ns;
650 PPPOL2TP_SKB_CB(skb)->nr = nr;
651 PPPOL2TP_SKB_CB(skb)->has_seq = 1;
652
653 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
654 "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n",
655 session->name, ns, nr, session->nr);
656 } else {
657 /* No sequence numbers.
658 * If user has configured mandatory sequence numbers, discard.
659 */
660 if (session->recv_seq) {
661 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
662 "%s: recv data has no seq numbers when required. "
663 "Discarding\n", session->name);
664 session->stats.rx_seq_discards++;
665 goto discard;
666 }
667
668 /* If we're the LAC and we're sending sequence numbers, the
669 * LNS has requested that we no longer send sequence numbers.
670 * If we're the LNS and we're sending sequence numbers, the
671 * LAC is broken. Discard the frame.
672 */
673 if ((!session->lns_mode) && (session->send_seq)) {
674 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
675 "%s: requested to disable seq numbers by LNS\n",
676 session->name);
677 session->send_seq = 0;
678 } else if (session->send_seq) {
679 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
680 "%s: recv data has no seq numbers when required. "
681 "Discarding\n", session->name);
682 session->stats.rx_seq_discards++;
683 goto discard;
684 }
685
686 /* Store L2TP info in the skb */
687 PPPOL2TP_SKB_CB(skb)->has_seq = 0;
688 }
689
690 /* If offset bit set, skip it. */
691 if (hdrflags & L2TP_HDRFLAG_O) {
692 offset = ntohs(*(__be16 *)ptr);
693 ptr += 2 + offset;
694 }
695
696 offset = ptr - optr;
697 if (!pskb_may_pull(skb, offset))
698 goto discard;
699
700 __skb_pull(skb, offset);
701
702 /* Skip PPP header, if present. In testing, Microsoft L2TP clients
703 * don't send the PPP header (PPP header compression enabled), but
704 * other clients can include the header. So we cope with both cases
705 * here. The PPP header is always FF03 when using L2TP.
706 *
707 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
708 * the field may be unaligned.
709 */
710 if (!pskb_may_pull(skb, 2))
711 goto discard;
712
713 if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
714 skb_pull(skb, 2);
715
716 /* Prepare skb for adding to the session's reorder_q. Hold
717 * packets for max reorder_timeout or 1 second if not
718 * reordering.
719 */
720 PPPOL2TP_SKB_CB(skb)->length = length;
721 PPPOL2TP_SKB_CB(skb)->expires = jiffies +
722 (session->reorder_timeout ? session->reorder_timeout : HZ);
723
724 /* Add packet to the session's receive queue. Reordering is done here, if
725 * enabled. Saved L2TP protocol info is stored in skb->sb[].
726 */
727 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
728 if (session->reorder_timeout != 0) {
729 /* Packet reordering enabled. Add skb to session's
730 * reorder queue, in order of ns.
731 */
732 pppol2tp_recv_queue_skb(session, skb);
733 } else {
734 /* Packet reordering disabled. Discard out-of-sequence
735 * packets
736 */
737 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
738 session->stats.rx_seq_discards++;
739 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
740 "%s: oos pkt %hu len %d discarded, "
741 "waiting for %hu, reorder_q_len=%d\n",
742 session->name, PPPOL2TP_SKB_CB(skb)->ns,
743 PPPOL2TP_SKB_CB(skb)->length, session->nr,
744 skb_queue_len(&session->reorder_q));
745 goto discard;
746 }
747 skb_queue_tail(&session->reorder_q, skb);
748 }
749 } else {
750 /* No sequence numbers. Add the skb to the tail of the
751 * reorder queue. This ensures that it will be
752 * delivered after all previous sequenced skbs.
753 */
754 skb_queue_tail(&session->reorder_q, skb);
755 }
756
757 /* Try to dequeue as many skbs from reorder_q as we can. */
758 pppol2tp_recv_dequeue(session);
759 sock_put(sock);
760
761 return 0;
762
763discard:
764 session->stats.rx_errors++;
765 kfree_skb(skb);
766 sock_put(session->sock);
767 sock_put(sock);
768
769 return 0;
770
771discard_bad_csum:
772 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
773 UDP_INC_STATS_USER(&init_net, UDP_MIB_INERRORS, 0);
774 tunnel->stats.rx_errors++;
775 kfree_skb(skb);
776 sock_put(sock);
777
778 return 0;
779
780error:
781 /* Put UDP header back */
782 __skb_push(skb, sizeof(struct udphdr));
783 sock_put(sock);
784
785no_tunnel:
786 return 1;
787}
788
789/* UDP encapsulation receive handler. See net/ipv4/udp.c.
790 * Return codes:
791 * 0 : success.
792 * <0: error
793 * >0: skb should be passed up to userspace as UDP.
794 */
795static int pppol2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
796{
797 struct pppol2tp_tunnel *tunnel;
798
799 tunnel = pppol2tp_sock_to_tunnel(sk);
800 if (tunnel == NULL)
801 goto pass_up;
802
803 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
804 "%s: received %d bytes\n", tunnel->name, skb->len);
805
806 if (pppol2tp_recv_core(sk, skb))
807 goto pass_up_put;
808
809 sock_put(sk);
810 return 0;
811
812pass_up_put:
813 sock_put(sk);
814pass_up:
815 return 1;
816}
817
818/* Receive message. This is the recvmsg for the PPPoL2TP socket.
819 */
820static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
821 struct msghdr *msg, size_t len,
822 int flags)
823{
824 int err;
825 struct sk_buff *skb;
826 struct sock *sk = sock->sk;
827
828 err = -EIO;
829 if (sk->sk_state & PPPOX_BOUND)
830 goto end;
831
832 msg->msg_namelen = 0;
833
834 err = 0;
835 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
836 flags & MSG_DONTWAIT, &err);
837 if (!skb)
838 goto end;
839
840 if (len > skb->len)
841 len = skb->len;
842 else if (len < skb->len)
843 msg->msg_flags |= MSG_TRUNC;
844
845 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
846 if (likely(err == 0))
847 err = len;
848
849 kfree_skb(skb);
850end:
851 return err;
852}
853
854/************************************************************************
855 * Transmit handling
856 ***********************************************************************/
857
858/* Tell how big L2TP headers are for a particular session. This
859 * depends on whether sequence numbers are being used.
860 */
861static inline int pppol2tp_l2tp_header_len(struct pppol2tp_session *session)
862{
863 if (session->send_seq)
864 return PPPOL2TP_L2TP_HDR_SIZE_SEQ;
865
866 return PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
867}
868
869/* Build an L2TP header for the session into the buffer provided.
870 */
871static void pppol2tp_build_l2tp_header(struct pppol2tp_session *session,
872 void *buf)
873{
874 __be16 *bufp = buf;
875 u16 flags = L2TP_HDR_VER;
876
877 if (session->send_seq)
878 flags |= L2TP_HDRFLAG_S;
879
880 /* Setup L2TP header.
881 * FIXME: Can this ever be unaligned? Is direct dereferencing of
882 * 16-bit header fields safe here for all architectures?
883 */
884 *bufp++ = htons(flags);
885 *bufp++ = htons(session->tunnel_addr.d_tunnel);
886 *bufp++ = htons(session->tunnel_addr.d_session);
887 if (session->send_seq) {
888 *bufp++ = htons(session->ns);
889 *bufp++ = 0;
890 session->ns++;
891 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
892 "%s: updated ns to %hu\n", session->name, session->ns);
893 }
894}
895
896/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
897 * when a user application does a sendmsg() on the session socket. L2TP and
898 * PPP headers must be inserted into the user's data.
899 */
900static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
901 size_t total_len)
902{
903 static const unsigned char ppph[2] = { 0xff, 0x03 };
904 struct sock *sk = sock->sk;
905 struct inet_sock *inet;
906 __wsum csum;
907 struct sk_buff *skb;
908 int error;
909 int hdr_len;
910 struct pppol2tp_session *session;
911 struct pppol2tp_tunnel *tunnel;
912 struct udphdr *uh;
913 unsigned int len;
914 struct sock *sk_tun;
915 u16 udp_len;
916
917 error = -ENOTCONN;
918 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
919 goto error;
920
921 /* Get session and tunnel contexts */
922 error = -EBADF;
923 session = pppol2tp_sock_to_session(sk);
924 if (session == NULL)
925 goto error;
926
927 sk_tun = session->tunnel_sock;
928 tunnel = pppol2tp_sock_to_tunnel(sk_tun);
929 if (tunnel == NULL)
930 goto error_put_sess;
931
932 /* What header length is configured for this session? */
933 hdr_len = pppol2tp_l2tp_header_len(session);
934
935 /* Allocate a socket buffer */
936 error = -ENOMEM;
937 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
938 sizeof(struct udphdr) + hdr_len +
939 sizeof(ppph) + total_len,
940 0, GFP_KERNEL);
941 if (!skb)
942 goto error_put_sess_tun;
943
944 /* Reserve space for headers. */
945 skb_reserve(skb, NET_SKB_PAD);
946 skb_reset_network_header(skb);
947 skb_reserve(skb, sizeof(struct iphdr));
948 skb_reset_transport_header(skb);
949
950 /* Build UDP header */
951 inet = inet_sk(sk_tun);
952 udp_len = hdr_len + sizeof(ppph) + total_len;
953 uh = (struct udphdr *) skb->data;
954 uh->source = inet->inet_sport;
955 uh->dest = inet->inet_dport;
956 uh->len = htons(udp_len);
957 uh->check = 0;
958 skb_put(skb, sizeof(struct udphdr));
959
960 /* Build L2TP header */
961 pppol2tp_build_l2tp_header(session, skb->data);
962 skb_put(skb, hdr_len);
963
964 /* Add PPP header */
965 skb->data[0] = ppph[0];
966 skb->data[1] = ppph[1];
967 skb_put(skb, 2);
968
969 /* Copy user data into skb */
970 error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
971 if (error < 0) {
972 kfree_skb(skb);
973 goto error_put_sess_tun;
974 }
975 skb_put(skb, total_len);
976
977 /* Calculate UDP checksum if configured to do so */
978 if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
979 skb->ip_summed = CHECKSUM_NONE;
980 else if (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM)) {
981 skb->ip_summed = CHECKSUM_COMPLETE;
982 csum = skb_checksum(skb, 0, udp_len, 0);
983 uh->check = csum_tcpudp_magic(inet->inet_saddr,
984 inet->inet_daddr,
985 udp_len, IPPROTO_UDP, csum);
986 if (uh->check == 0)
987 uh->check = CSUM_MANGLED_0;
988 } else {
989 skb->ip_summed = CHECKSUM_PARTIAL;
990 skb->csum_start = skb_transport_header(skb) - skb->head;
991 skb->csum_offset = offsetof(struct udphdr, check);
992 uh->check = ~csum_tcpudp_magic(inet->inet_saddr,
993 inet->inet_daddr,
994 udp_len, IPPROTO_UDP, 0);
995 }
996
997 /* Debug */
998 if (session->send_seq)
999 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1000 "%s: send %Zd bytes, ns=%hu\n", session->name,
1001 total_len, session->ns - 1);
1002 else
1003 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1004 "%s: send %Zd bytes\n", session->name, total_len);
1005
1006 if (session->debug & PPPOL2TP_MSG_DATA) {
1007 int i;
1008 unsigned char *datap = skb->data;
1009
1010 printk(KERN_DEBUG "%s: xmit:", session->name);
1011 for (i = 0; i < total_len; i++) {
1012 printk(" %02X", *datap++);
1013 if (i == 15) {
1014 printk(" ...");
1015 break;
1016 }
1017 }
1018 printk("\n");
1019 }
1020
1021 /* Queue the packet to IP for output */
1022 len = skb->len;
1023 error = ip_queue_xmit(skb, 1);
1024
1025 /* Update stats */
1026 if (error >= 0) {
1027 tunnel->stats.tx_packets++;
1028 tunnel->stats.tx_bytes += len;
1029 session->stats.tx_packets++;
1030 session->stats.tx_bytes += len;
1031 } else {
1032 tunnel->stats.tx_errors++;
1033 session->stats.tx_errors++;
1034 }
1035
1036 return error;
1037
1038error_put_sess_tun:
1039 sock_put(session->tunnel_sock);
1040error_put_sess:
1041 sock_put(sk);
1042error:
1043 return error;
1044}
1045
1046/* Automatically called when the skb is freed.
1047 */
1048static void pppol2tp_sock_wfree(struct sk_buff *skb)
1049{
1050 sock_put(skb->sk);
1051}
1052
1053/* For data skbs that we transmit, we associate with the tunnel socket
1054 * but don't do accounting.
1055 */
1056static inline void pppol2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
1057{
1058 sock_hold(sk);
1059 skb->sk = sk;
1060 skb->destructor = pppol2tp_sock_wfree;
1061}
1062
1063/* Transmit function called by generic PPP driver. Sends PPP frame
1064 * over PPPoL2TP socket.
1065 *
1066 * This is almost the same as pppol2tp_sendmsg(), but rather than
1067 * being called with a msghdr from userspace, it is called with a skb
1068 * from the kernel.
1069 *
1070 * The supplied skb from ppp doesn't have enough headroom for the
1071 * insertion of L2TP, UDP and IP headers so we need to allocate more
1072 * headroom in the skb. This will create a cloned skb. But we must be
1073 * careful in the error case because the caller will expect to free
1074 * the skb it supplied, not our cloned skb. So we take care to always
1075 * leave the original skb unfreed if we return an error.
1076 */
1077static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
1078{
1079 static const u8 ppph[2] = { 0xff, 0x03 };
1080 struct sock *sk = (struct sock *) chan->private;
1081 struct sock *sk_tun;
1082 int hdr_len;
1083 u16 udp_len;
1084 struct pppol2tp_session *session;
1085 struct pppol2tp_tunnel *tunnel;
1086 int rc;
1087 int headroom;
1088 int data_len = skb->len;
1089 struct inet_sock *inet;
1090 __wsum csum;
1091 struct udphdr *uh;
1092 unsigned int len;
1093 int old_headroom;
1094 int new_headroom;
1095
1096 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
1097 goto abort;
1098
1099 /* Get session and tunnel contexts from the socket */
1100 session = pppol2tp_sock_to_session(sk);
1101 if (session == NULL)
1102 goto abort;
1103
1104 sk_tun = session->tunnel_sock;
1105 if (sk_tun == NULL)
1106 goto abort_put_sess;
1107 tunnel = pppol2tp_sock_to_tunnel(sk_tun);
1108 if (tunnel == NULL)
1109 goto abort_put_sess;
1110
1111 /* What header length is configured for this session? */
1112 hdr_len = pppol2tp_l2tp_header_len(session);
1113
1114 /* Check that there's enough headroom in the skb to insert IP,
1115 * UDP and L2TP and PPP headers. If not enough, expand it to
1116 * make room. Adjust truesize.
1117 */
1118 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1119 sizeof(struct udphdr) + hdr_len + sizeof(ppph);
1120 old_headroom = skb_headroom(skb);
1121 if (skb_cow_head(skb, headroom))
1122 goto abort_put_sess_tun;
1123
1124 new_headroom = skb_headroom(skb);
1125 skb_orphan(skb);
1126 skb->truesize += new_headroom - old_headroom;
1127
1128 /* Setup PPP header */
1129 __skb_push(skb, sizeof(ppph));
1130 skb->data[0] = ppph[0];
1131 skb->data[1] = ppph[1];
1132
1133 /* Setup L2TP header */
1134 pppol2tp_build_l2tp_header(session, __skb_push(skb, hdr_len));
1135
1136 udp_len = sizeof(struct udphdr) + hdr_len + sizeof(ppph) + data_len;
1137
1138 /* Setup UDP header */
1139 inet = inet_sk(sk_tun);
1140 __skb_push(skb, sizeof(*uh));
1141 skb_reset_transport_header(skb);
1142 uh = udp_hdr(skb);
1143 uh->source = inet->inet_sport;
1144 uh->dest = inet->inet_dport;
1145 uh->len = htons(udp_len);
1146 uh->check = 0;
1147
1148 /* Debug */
1149 if (session->send_seq)
1150 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1151 "%s: send %d bytes, ns=%hu\n", session->name,
1152 data_len, session->ns - 1);
1153 else
1154 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1155 "%s: send %d bytes\n", session->name, data_len);
1156
1157 if (session->debug & PPPOL2TP_MSG_DATA) {
1158 int i;
1159 unsigned char *datap = skb->data;
1160
1161 printk(KERN_DEBUG "%s: xmit:", session->name);
1162 for (i = 0; i < data_len; i++) {
1163 printk(" %02X", *datap++);
1164 if (i == 31) {
1165 printk(" ...");
1166 break;
1167 }
1168 }
1169 printk("\n");
1170 }
1171
1172 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1173 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1174 IPSKB_REROUTED);
1175 nf_reset(skb);
1176
1177 /* Get routing info from the tunnel socket */
1178 skb_dst_drop(skb);
1179 skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun)));
1180 pppol2tp_skb_set_owner_w(skb, sk_tun);
1181
1182 /* Calculate UDP checksum if configured to do so */
1183 if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
1184 skb->ip_summed = CHECKSUM_NONE;
1185 else if ((skb_dst(skb) && skb_dst(skb)->dev) &&
1186 (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM))) {
1187 skb->ip_summed = CHECKSUM_COMPLETE;
1188 csum = skb_checksum(skb, 0, udp_len, 0);
1189 uh->check = csum_tcpudp_magic(inet->inet_saddr,
1190 inet->inet_daddr,
1191 udp_len, IPPROTO_UDP, csum);
1192 if (uh->check == 0)
1193 uh->check = CSUM_MANGLED_0;
1194 } else {
1195 skb->ip_summed = CHECKSUM_PARTIAL;
1196 skb->csum_start = skb_transport_header(skb) - skb->head;
1197 skb->csum_offset = offsetof(struct udphdr, check);
1198 uh->check = ~csum_tcpudp_magic(inet->inet_saddr,
1199 inet->inet_daddr,
1200 udp_len, IPPROTO_UDP, 0);
1201 }
1202
1203 /* Queue the packet to IP for output */
1204 len = skb->len;
1205 rc = ip_queue_xmit(skb, 1);
1206
1207 /* Update stats */
1208 if (rc >= 0) {
1209 tunnel->stats.tx_packets++;
1210 tunnel->stats.tx_bytes += len;
1211 session->stats.tx_packets++;
1212 session->stats.tx_bytes += len;
1213 } else {
1214 tunnel->stats.tx_errors++;
1215 session->stats.tx_errors++;
1216 }
1217
1218 sock_put(sk_tun);
1219 sock_put(sk);
1220 return 1;
1221
1222abort_put_sess_tun:
1223 sock_put(sk_tun);
1224abort_put_sess:
1225 sock_put(sk);
1226abort:
1227 /* Free the original skb */
1228 kfree_skb(skb);
1229 return 1;
1230}
1231
1232/*****************************************************************************
1233 * Session (and tunnel control) socket create/destroy.
1234 *****************************************************************************/
1235
1236/* When the tunnel UDP socket is closed, all the attached sockets need to go
1237 * too.
1238 */
1239static void pppol2tp_tunnel_closeall(struct pppol2tp_tunnel *tunnel)
1240{
1241 int hash;
1242 struct hlist_node *walk;
1243 struct hlist_node *tmp;
1244 struct pppol2tp_session *session;
1245 struct sock *sk;
1246
1247 BUG_ON(tunnel == NULL);
1248
1249 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1250 "%s: closing all sessions...\n", tunnel->name);
1251
1252 write_lock_bh(&tunnel->hlist_lock);
1253 for (hash = 0; hash < PPPOL2TP_HASH_SIZE; hash++) {
1254again:
1255 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1256 struct sk_buff *skb;
1257
1258 session = hlist_entry(walk, struct pppol2tp_session, hlist);
1259
1260 sk = session->sock;
1261
1262 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1263 "%s: closing session\n", session->name);
1264
1265 hlist_del_init(&session->hlist);
1266
1267 /* Since we should hold the sock lock while
1268 * doing any unbinding, we need to release the
1269 * lock we're holding before taking that lock.
1270 * Hold a reference to the sock so it doesn't
1271 * disappear as we're jumping between locks.
1272 */
1273 sock_hold(sk);
1274 write_unlock_bh(&tunnel->hlist_lock);
1275 lock_sock(sk);
1276
1277 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
1278 pppox_unbind_sock(sk);
1279 sk->sk_state = PPPOX_DEAD;
1280 sk->sk_state_change(sk);
1281 }
1282
1283 /* Purge any queued data */
1284 skb_queue_purge(&sk->sk_receive_queue);
1285 skb_queue_purge(&sk->sk_write_queue);
1286 while ((skb = skb_dequeue(&session->reorder_q))) {
1287 kfree_skb(skb);
1288 sock_put(sk);
1289 }
1290
1291 release_sock(sk);
1292 sock_put(sk);
1293
1294 /* Now restart from the beginning of this hash
1295 * chain. We always remove a session from the
1296 * list so we are guaranteed to make forward
1297 * progress.
1298 */
1299 write_lock_bh(&tunnel->hlist_lock);
1300 goto again;
1301 }
1302 }
1303 write_unlock_bh(&tunnel->hlist_lock);
1304}
1305
1306/* Really kill the tunnel.
1307 * Come here only when all sessions have been cleared from the tunnel.
1308 */
1309static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel)
1310{
1311 struct pppol2tp_net *pn = pppol2tp_pernet(tunnel->pppol2tp_net);
1312
1313 /* Remove from socket list */
1314 write_lock_bh(&pn->pppol2tp_tunnel_list_lock);
1315 list_del_init(&tunnel->list);
1316 write_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
1317
1318 atomic_dec(&pppol2tp_tunnel_count);
1319 kfree(tunnel);
1320}
1321
1322/* Tunnel UDP socket destruct hook.
1323 * The tunnel context is deleted only when all session sockets have been
1324 * closed.
1325 */
1326static void pppol2tp_tunnel_destruct(struct sock *sk)
1327{
1328 struct pppol2tp_tunnel *tunnel;
1329
1330 tunnel = sk->sk_user_data;
1331 if (tunnel == NULL)
1332 goto end;
1333
1334 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1335 "%s: closing...\n", tunnel->name);
1336
1337 /* Close all sessions */
1338 pppol2tp_tunnel_closeall(tunnel);
1339
1340 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1341 (udp_sk(sk))->encap_type = 0;
1342 (udp_sk(sk))->encap_rcv = NULL;
1343
1344 /* Remove hooks into tunnel socket */
1345 tunnel->sock = NULL;
1346 sk->sk_destruct = tunnel->old_sk_destruct;
1347 sk->sk_user_data = NULL;
1348
1349 /* Call original (UDP) socket descructor */
1350 if (sk->sk_destruct != NULL)
1351 (*sk->sk_destruct)(sk);
1352
1353 pppol2tp_tunnel_dec_refcount(tunnel);
1354
1355end:
1356 return;
1357}
1358
1359/* Really kill the session socket. (Called from sock_put() if
1360 * refcnt == 0.)
1361 */
1362static void pppol2tp_session_destruct(struct sock *sk)
1363{
1364 struct pppol2tp_session *session = NULL;
1365
1366 if (sk->sk_user_data != NULL) {
1367 struct pppol2tp_tunnel *tunnel;
1368
1369 session = sk->sk_user_data;
1370 if (session == NULL)
1371 goto out;
1372
1373 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
1374
1375 /* Don't use pppol2tp_sock_to_tunnel() here to
1376 * get the tunnel context because the tunnel
1377 * socket might have already been closed (its
1378 * sk->sk_user_data will be NULL) so use the
1379 * session's private tunnel ptr instead.
1380 */
1381 tunnel = session->tunnel;
1382 if (tunnel != NULL) {
1383 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1384
1385 /* If session_id is zero, this is a null
1386 * session context, which was created for a
1387 * socket that is being used only to manage
1388 * tunnels.
1389 */
1390 if (session->tunnel_addr.s_session != 0) {
1391 /* Delete the session socket from the
1392 * hash
1393 */
1394 write_lock_bh(&tunnel->hlist_lock);
1395 hlist_del_init(&session->hlist);
1396 write_unlock_bh(&tunnel->hlist_lock);
1397
1398 atomic_dec(&pppol2tp_session_count);
1399 }
1400
1401 /* This will delete the tunnel context if this
1402 * is the last session on the tunnel.
1403 */
1404 session->tunnel = NULL;
1405 session->tunnel_sock = NULL;
1406 pppol2tp_tunnel_dec_refcount(tunnel);
1407 }
1408 }
1409
1410 kfree(session);
1411out:
1412 return;
1413}
1414
1415/* Called when the PPPoX socket (session) is closed.
1416 */
1417static int pppol2tp_release(struct socket *sock)
1418{
1419 struct sock *sk = sock->sk;
1420 struct pppol2tp_session *session;
1421 int error;
1422
1423 if (!sk)
1424 return 0;
1425
1426 error = -EBADF;
1427 lock_sock(sk);
1428 if (sock_flag(sk, SOCK_DEAD) != 0)
1429 goto error;
1430
1431 pppox_unbind_sock(sk);
1432
1433 /* Signal the death of the socket. */
1434 sk->sk_state = PPPOX_DEAD;
1435 sock_orphan(sk);
1436 sock->sk = NULL;
1437
1438 session = pppol2tp_sock_to_session(sk);
1439
1440 /* Purge any queued data */
1441 skb_queue_purge(&sk->sk_receive_queue);
1442 skb_queue_purge(&sk->sk_write_queue);
1443 if (session != NULL) {
1444 struct sk_buff *skb;
1445 while ((skb = skb_dequeue(&session->reorder_q))) {
1446 kfree_skb(skb);
1447 sock_put(sk);
1448 }
1449 sock_put(sk);
1450 }
1451
1452 release_sock(sk);
1453
1454 /* This will delete the session context via
1455 * pppol2tp_session_destruct() if the socket's refcnt drops to
1456 * zero.
1457 */
1458 sock_put(sk);
1459
1460 return 0;
1461
1462error:
1463 release_sock(sk);
1464 return error;
1465}
1466
1467/* Internal function to prepare a tunnel (UDP) socket to have PPPoX
1468 * sockets attached to it.
1469 */
1470static struct sock *pppol2tp_prepare_tunnel_socket(struct net *net,
1471 int fd, u16 tunnel_id, int *error)
1472{
1473 int err;
1474 struct socket *sock = NULL;
1475 struct sock *sk;
1476 struct pppol2tp_tunnel *tunnel;
1477 struct pppol2tp_net *pn;
1478 struct sock *ret = NULL;
1479
1480 /* Get the tunnel UDP socket from the fd, which was opened by
1481 * the userspace L2TP daemon.
1482 */
1483 err = -EBADF;
1484 sock = sockfd_lookup(fd, &err);
1485 if (!sock) {
1486 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1487 "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1488 tunnel_id, fd, err);
1489 goto err;
1490 }
1491
1492 sk = sock->sk;
1493
1494 /* Quick sanity checks */
1495 err = -EPROTONOSUPPORT;
1496 if (sk->sk_protocol != IPPROTO_UDP) {
1497 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1498 "tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1499 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1500 goto err;
1501 }
1502 err = -EAFNOSUPPORT;
1503 if (sock->ops->family != AF_INET) {
1504 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1505 "tunl %hu: fd %d wrong family, got %d, expected %d\n",
1506 tunnel_id, fd, sock->ops->family, AF_INET);
1507 goto err;
1508 }
1509
1510 err = -ENOTCONN;
1511
1512 /* Check if this socket has already been prepped */
1513 tunnel = (struct pppol2tp_tunnel *)sk->sk_user_data;
1514 if (tunnel != NULL) {
1515 /* User-data field already set */
1516 err = -EBUSY;
1517 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1518
1519 /* This socket has already been prepped */
1520 ret = tunnel->sock;
1521 goto out;
1522 }
1523
1524 /* This socket is available and needs prepping. Create a new tunnel
1525 * context and init it.
1526 */
1527 sk->sk_user_data = tunnel = kzalloc(sizeof(struct pppol2tp_tunnel), GFP_KERNEL);
1528 if (sk->sk_user_data == NULL) {
1529 err = -ENOMEM;
1530 goto err;
1531 }
1532
1533 tunnel->magic = L2TP_TUNNEL_MAGIC;
1534 sprintf(&tunnel->name[0], "tunl %hu", tunnel_id);
1535
1536 tunnel->stats.tunnel_id = tunnel_id;
1537 tunnel->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS;
1538
1539 /* Hook on the tunnel socket destructor so that we can cleanup
1540 * if the tunnel socket goes away.
1541 */
1542 tunnel->old_sk_destruct = sk->sk_destruct;
1543 sk->sk_destruct = pppol2tp_tunnel_destruct;
1544
1545 tunnel->sock = sk;
1546 sk->sk_allocation = GFP_ATOMIC;
1547
1548 /* Misc init */
1549 rwlock_init(&tunnel->hlist_lock);
1550
1551 /* The net we belong to */
1552 tunnel->pppol2tp_net = net;
1553 pn = pppol2tp_pernet(net);
1554
1555 /* Add tunnel to our list */
1556 INIT_LIST_HEAD(&tunnel->list);
1557 write_lock_bh(&pn->pppol2tp_tunnel_list_lock);
1558 list_add(&tunnel->list, &pn->pppol2tp_tunnel_list);
1559 write_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
1560 atomic_inc(&pppol2tp_tunnel_count);
1561
1562 /* Bump the reference count. The tunnel context is deleted
1563 * only when this drops to zero.
1564 */
1565 pppol2tp_tunnel_inc_refcount(tunnel);
1566
1567 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1568 (udp_sk(sk))->encap_type = UDP_ENCAP_L2TPINUDP;
1569 (udp_sk(sk))->encap_rcv = pppol2tp_udp_encap_recv;
1570
1571 ret = tunnel->sock;
1572
1573 *error = 0;
1574out:
1575 if (sock)
1576 sockfd_put(sock);
1577
1578 return ret;
1579
1580err:
1581 *error = err;
1582 goto out;
1583}
1584
1585static struct proto pppol2tp_sk_proto = {
1586 .name = "PPPOL2TP",
1587 .owner = THIS_MODULE,
1588 .obj_size = sizeof(struct pppox_sock),
1589};
1590
1591/* socket() handler. Initialize a new struct sock.
1592 */
1593static int pppol2tp_create(struct net *net, struct socket *sock)
1594{
1595 int error = -ENOMEM;
1596 struct sock *sk;
1597
1598 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
1599 if (!sk)
1600 goto out;
1601
1602 sock_init_data(sock, sk);
1603
1604 sock->state = SS_UNCONNECTED;
1605 sock->ops = &pppol2tp_ops;
1606
1607 sk->sk_backlog_rcv = pppol2tp_recv_core;
1608 sk->sk_protocol = PX_PROTO_OL2TP;
1609 sk->sk_family = PF_PPPOX;
1610 sk->sk_state = PPPOX_NONE;
1611 sk->sk_type = SOCK_STREAM;
1612 sk->sk_destruct = pppol2tp_session_destruct;
1613
1614 error = 0;
1615
1616out:
1617 return error;
1618}
1619
1620/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
1621 */
1622static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
1623 int sockaddr_len, int flags)
1624{
1625 struct sock *sk = sock->sk;
1626 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
1627 struct pppox_sock *po = pppox_sk(sk);
1628 struct sock *tunnel_sock = NULL;
1629 struct pppol2tp_session *session = NULL;
1630 struct pppol2tp_tunnel *tunnel;
1631 struct dst_entry *dst;
1632 int error = 0;
1633
1634 lock_sock(sk);
1635
1636 error = -EINVAL;
1637 if (sp->sa_protocol != PX_PROTO_OL2TP)
1638 goto end;
1639
1640 /* Check for already bound sockets */
1641 error = -EBUSY;
1642 if (sk->sk_state & PPPOX_CONNECTED)
1643 goto end;
1644
1645 /* We don't supporting rebinding anyway */
1646 error = -EALREADY;
1647 if (sk->sk_user_data)
1648 goto end; /* socket is already attached */
1649
1650 /* Don't bind if s_tunnel is 0 */
1651 error = -EINVAL;
1652 if (sp->pppol2tp.s_tunnel == 0)
1653 goto end;
1654
1655 /* Special case: prepare tunnel socket if s_session and
1656 * d_session is 0. Otherwise look up tunnel using supplied
1657 * tunnel id.
1658 */
1659 if ((sp->pppol2tp.s_session == 0) && (sp->pppol2tp.d_session == 0)) {
1660 tunnel_sock = pppol2tp_prepare_tunnel_socket(sock_net(sk),
1661 sp->pppol2tp.fd,
1662 sp->pppol2tp.s_tunnel,
1663 &error);
1664 if (tunnel_sock == NULL)
1665 goto end;
1666
1667 sock_hold(tunnel_sock);
1668 tunnel = tunnel_sock->sk_user_data;
1669 } else {
1670 tunnel = pppol2tp_tunnel_find(sock_net(sk), sp->pppol2tp.s_tunnel);
1671
1672 /* Error if we can't find the tunnel */
1673 error = -ENOENT;
1674 if (tunnel == NULL)
1675 goto end;
1676
1677 tunnel_sock = tunnel->sock;
1678 }
1679
1680 /* Check that this session doesn't already exist */
1681 error = -EEXIST;
1682 session = pppol2tp_session_find(tunnel, sp->pppol2tp.s_session);
1683 if (session != NULL)
1684 goto end;
1685
1686 /* Allocate and initialize a new session context. */
1687 session = kzalloc(sizeof(struct pppol2tp_session), GFP_KERNEL);
1688 if (session == NULL) {
1689 error = -ENOMEM;
1690 goto end;
1691 }
1692
1693 skb_queue_head_init(&session->reorder_q);
1694
1695 session->magic = L2TP_SESSION_MAGIC;
1696 session->owner = current->pid;
1697 session->sock = sk;
1698 session->tunnel = tunnel;
1699 session->tunnel_sock = tunnel_sock;
1700 session->tunnel_addr = sp->pppol2tp;
1701 sprintf(&session->name[0], "sess %hu/%hu",
1702 session->tunnel_addr.s_tunnel,
1703 session->tunnel_addr.s_session);
1704
1705 session->stats.tunnel_id = session->tunnel_addr.s_tunnel;
1706 session->stats.session_id = session->tunnel_addr.s_session;
1707
1708 INIT_HLIST_NODE(&session->hlist);
1709
1710 /* Inherit debug options from tunnel */
1711 session->debug = tunnel->debug;
1712
1713 /* Default MTU must allow space for UDP/L2TP/PPP
1714 * headers.
1715 */
1716 session->mtu = session->mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
1717
1718 /* If PMTU discovery was enabled, use the MTU that was discovered */
1719 dst = sk_dst_get(sk);
1720 if (dst != NULL) {
1721 u32 pmtu = dst_mtu(__sk_dst_get(sk));
1722 if (pmtu != 0)
1723 session->mtu = session->mru = pmtu -
1724 PPPOL2TP_HEADER_OVERHEAD;
1725 dst_release(dst);
1726 }
1727
1728 /* Special case: if source & dest session_id == 0x0000, this socket is
1729 * being created to manage the tunnel. Don't add the session to the
1730 * session hash list, just set up the internal context for use by
1731 * ioctl() and sockopt() handlers.
1732 */
1733 if ((session->tunnel_addr.s_session == 0) &&
1734 (session->tunnel_addr.d_session == 0)) {
1735 error = 0;
1736 sk->sk_user_data = session;
1737 goto out_no_ppp;
1738 }
1739
1740 /* Get tunnel context from the tunnel socket */
1741 tunnel = pppol2tp_sock_to_tunnel(tunnel_sock);
1742 if (tunnel == NULL) {
1743 error = -EBADF;
1744 goto end;
1745 }
1746
1747 /* Right now, because we don't have a way to push the incoming skb's
1748 * straight through the UDP layer, the only header we need to worry
1749 * about is the L2TP header. This size is different depending on
1750 * whether sequence numbers are enabled for the data channel.
1751 */
1752 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1753
1754 po->chan.private = sk;
1755 po->chan.ops = &pppol2tp_chan_ops;
1756 po->chan.mtu = session->mtu;
1757
1758 error = ppp_register_net_channel(sock_net(sk), &po->chan);
1759 if (error)
1760 goto end_put_tun;
1761
1762 /* This is how we get the session context from the socket. */
1763 sk->sk_user_data = session;
1764
1765 /* Add session to the tunnel's hash list */
1766 write_lock_bh(&tunnel->hlist_lock);
1767 hlist_add_head(&session->hlist,
1768 pppol2tp_session_id_hash(tunnel,
1769 session->tunnel_addr.s_session));
1770 write_unlock_bh(&tunnel->hlist_lock);
1771
1772 atomic_inc(&pppol2tp_session_count);
1773
1774out_no_ppp:
1775 pppol2tp_tunnel_inc_refcount(tunnel);
1776 sk->sk_state = PPPOX_CONNECTED;
1777 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1778 "%s: created\n", session->name);
1779
1780end_put_tun:
1781 sock_put(tunnel_sock);
1782end:
1783 release_sock(sk);
1784
1785 if (error != 0) {
1786 if (session)
1787 PRINTK(session->debug,
1788 PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1789 "%s: connect failed: %d\n",
1790 session->name, error);
1791 else
1792 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1793 "connect failed: %d\n", error);
1794 }
1795
1796 return error;
1797}
1798
1799/* getname() support.
1800 */
1801static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
1802 int *usockaddr_len, int peer)
1803{
1804 int len = sizeof(struct sockaddr_pppol2tp);
1805 struct sockaddr_pppol2tp sp;
1806 int error = 0;
1807 struct pppol2tp_session *session;
1808
1809 error = -ENOTCONN;
1810 if (sock->sk->sk_state != PPPOX_CONNECTED)
1811 goto end;
1812
1813 session = pppol2tp_sock_to_session(sock->sk);
1814 if (session == NULL) {
1815 error = -EBADF;
1816 goto end;
1817 }
1818
1819 sp.sa_family = AF_PPPOX;
1820 sp.sa_protocol = PX_PROTO_OL2TP;
1821 memcpy(&sp.pppol2tp, &session->tunnel_addr,
1822 sizeof(struct pppol2tp_addr));
1823
1824 memcpy(uaddr, &sp, len);
1825
1826 *usockaddr_len = len;
1827
1828 error = 0;
1829 sock_put(sock->sk);
1830
1831end:
1832 return error;
1833}
1834
1835/****************************************************************************
1836 * ioctl() handlers.
1837 *
1838 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1839 * sockets. However, in order to control kernel tunnel features, we allow
1840 * userspace to create a special "tunnel" PPPoX socket which is used for
1841 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1842 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1843 * calls.
1844 ****************************************************************************/
1845
1846/* Session ioctl helper.
1847 */
1848static int pppol2tp_session_ioctl(struct pppol2tp_session *session,
1849 unsigned int cmd, unsigned long arg)
1850{
1851 struct ifreq ifr;
1852 int err = 0;
1853 struct sock *sk = session->sock;
1854 int val = (int) arg;
1855
1856 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1857 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1858 session->name, cmd, arg);
1859
1860 sock_hold(sk);
1861
1862 switch (cmd) {
1863 case SIOCGIFMTU:
1864 err = -ENXIO;
1865 if (!(sk->sk_state & PPPOX_CONNECTED))
1866 break;
1867
1868 err = -EFAULT;
1869 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1870 break;
1871 ifr.ifr_mtu = session->mtu;
1872 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1873 break;
1874
1875 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1876 "%s: get mtu=%d\n", session->name, session->mtu);
1877 err = 0;
1878 break;
1879
1880 case SIOCSIFMTU:
1881 err = -ENXIO;
1882 if (!(sk->sk_state & PPPOX_CONNECTED))
1883 break;
1884
1885 err = -EFAULT;
1886 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1887 break;
1888
1889 session->mtu = ifr.ifr_mtu;
1890
1891 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1892 "%s: set mtu=%d\n", session->name, session->mtu);
1893 err = 0;
1894 break;
1895
1896 case PPPIOCGMRU:
1897 err = -ENXIO;
1898 if (!(sk->sk_state & PPPOX_CONNECTED))
1899 break;
1900
1901 err = -EFAULT;
1902 if (put_user(session->mru, (int __user *) arg))
1903 break;
1904
1905 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1906 "%s: get mru=%d\n", session->name, session->mru);
1907 err = 0;
1908 break;
1909
1910 case PPPIOCSMRU:
1911 err = -ENXIO;
1912 if (!(sk->sk_state & PPPOX_CONNECTED))
1913 break;
1914
1915 err = -EFAULT;
1916 if (get_user(val,(int __user *) arg))
1917 break;
1918
1919 session->mru = val;
1920 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1921 "%s: set mru=%d\n", session->name, session->mru);
1922 err = 0;
1923 break;
1924
1925 case PPPIOCGFLAGS:
1926 err = -EFAULT;
1927 if (put_user(session->flags, (int __user *) arg))
1928 break;
1929
1930 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1931 "%s: get flags=%d\n", session->name, session->flags);
1932 err = 0;
1933 break;
1934
1935 case PPPIOCSFLAGS:
1936 err = -EFAULT;
1937 if (get_user(val, (int __user *) arg))
1938 break;
1939 session->flags = val;
1940 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1941 "%s: set flags=%d\n", session->name, session->flags);
1942 err = 0;
1943 break;
1944
1945 case PPPIOCGL2TPSTATS:
1946 err = -ENXIO;
1947 if (!(sk->sk_state & PPPOX_CONNECTED))
1948 break;
1949
1950 if (copy_to_user((void __user *) arg, &session->stats,
1951 sizeof(session->stats)))
1952 break;
1953 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1954 "%s: get L2TP stats\n", session->name);
1955 err = 0;
1956 break;
1957
1958 default:
1959 err = -ENOSYS;
1960 break;
1961 }
1962
1963 sock_put(sk);
1964
1965 return err;
1966}
1967
1968/* Tunnel ioctl helper.
1969 *
1970 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1971 * specifies a session_id, the session ioctl handler is called. This allows an
1972 * application to retrieve session stats via a tunnel socket.
1973 */
1974static int pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel *tunnel,
1975 unsigned int cmd, unsigned long arg)
1976{
1977 int err = 0;
1978 struct sock *sk = tunnel->sock;
1979 struct pppol2tp_ioc_stats stats_req;
1980
1981 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1982 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", tunnel->name,
1983 cmd, arg);
1984
1985 sock_hold(sk);
1986
1987 switch (cmd) {
1988 case PPPIOCGL2TPSTATS:
1989 err = -ENXIO;
1990 if (!(sk->sk_state & PPPOX_CONNECTED))
1991 break;
1992
1993 if (copy_from_user(&stats_req, (void __user *) arg,
1994 sizeof(stats_req))) {
1995 err = -EFAULT;
1996 break;
1997 }
1998 if (stats_req.session_id != 0) {
1999 /* resend to session ioctl handler */
2000 struct pppol2tp_session *session =
2001 pppol2tp_session_find(tunnel, stats_req.session_id);
2002 if (session != NULL)
2003 err = pppol2tp_session_ioctl(session, cmd, arg);
2004 else
2005 err = -EBADR;
2006 break;
2007 }
2008#ifdef CONFIG_XFRM
2009 tunnel->stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
2010#endif
2011 if (copy_to_user((void __user *) arg, &tunnel->stats,
2012 sizeof(tunnel->stats))) {
2013 err = -EFAULT;
2014 break;
2015 }
2016 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2017 "%s: get L2TP stats\n", tunnel->name);
2018 err = 0;
2019 break;
2020
2021 default:
2022 err = -ENOSYS;
2023 break;
2024 }
2025
2026 sock_put(sk);
2027
2028 return err;
2029}
2030
2031/* Main ioctl() handler.
2032 * Dispatch to tunnel or session helpers depending on the socket.
2033 */
2034static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
2035 unsigned long arg)
2036{
2037 struct sock *sk = sock->sk;
2038 struct pppol2tp_session *session;
2039 struct pppol2tp_tunnel *tunnel;
2040 int err;
2041
2042 if (!sk)
2043 return 0;
2044
2045 err = -EBADF;
2046 if (sock_flag(sk, SOCK_DEAD) != 0)
2047 goto end;
2048
2049 err = -ENOTCONN;
2050 if ((sk->sk_user_data == NULL) ||
2051 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
2052 goto end;
2053
2054 /* Get session context from the socket */
2055 err = -EBADF;
2056 session = pppol2tp_sock_to_session(sk);
2057 if (session == NULL)
2058 goto end;
2059
2060 /* Special case: if session's session_id is zero, treat ioctl as a
2061 * tunnel ioctl
2062 */
2063 if ((session->tunnel_addr.s_session == 0) &&
2064 (session->tunnel_addr.d_session == 0)) {
2065 err = -EBADF;
2066 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2067 if (tunnel == NULL)
2068 goto end_put_sess;
2069
2070 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
2071 sock_put(session->tunnel_sock);
2072 goto end_put_sess;
2073 }
2074
2075 err = pppol2tp_session_ioctl(session, cmd, arg);
2076
2077end_put_sess:
2078 sock_put(sk);
2079end:
2080 return err;
2081}
2082
2083/*****************************************************************************
2084 * setsockopt() / getsockopt() support.
2085 *
2086 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
2087 * sockets. In order to control kernel tunnel features, we allow userspace to
2088 * create a special "tunnel" PPPoX socket which is used for control only.
2089 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
2090 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
2091 *****************************************************************************/
2092
2093/* Tunnel setsockopt() helper.
2094 */
2095static int pppol2tp_tunnel_setsockopt(struct sock *sk,
2096 struct pppol2tp_tunnel *tunnel,
2097 int optname, int val)
2098{
2099 int err = 0;
2100
2101 switch (optname) {
2102 case PPPOL2TP_SO_DEBUG:
2103 tunnel->debug = val;
2104 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2105 "%s: set debug=%x\n", tunnel->name, tunnel->debug);
2106 break;
2107
2108 default:
2109 err = -ENOPROTOOPT;
2110 break;
2111 }
2112
2113 return err;
2114}
2115
2116/* Session setsockopt helper.
2117 */
2118static int pppol2tp_session_setsockopt(struct sock *sk,
2119 struct pppol2tp_session *session,
2120 int optname, int val)
2121{
2122 int err = 0;
2123
2124 switch (optname) {
2125 case PPPOL2TP_SO_RECVSEQ:
2126 if ((val != 0) && (val != 1)) {
2127 err = -EINVAL;
2128 break;
2129 }
2130 session->recv_seq = val ? -1 : 0;
2131 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2132 "%s: set recv_seq=%d\n", session->name,
2133 session->recv_seq);
2134 break;
2135
2136 case PPPOL2TP_SO_SENDSEQ:
2137 if ((val != 0) && (val != 1)) {
2138 err = -EINVAL;
2139 break;
2140 }
2141 session->send_seq = val ? -1 : 0;
2142 {
2143 struct sock *ssk = session->sock;
2144 struct pppox_sock *po = pppox_sk(ssk);
2145 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
2146 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
2147 }
2148 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2149 "%s: set send_seq=%d\n", session->name, session->send_seq);
2150 break;
2151
2152 case PPPOL2TP_SO_LNSMODE:
2153 if ((val != 0) && (val != 1)) {
2154 err = -EINVAL;
2155 break;
2156 }
2157 session->lns_mode = val ? -1 : 0;
2158 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2159 "%s: set lns_mode=%d\n", session->name,
2160 session->lns_mode);
2161 break;
2162
2163 case PPPOL2TP_SO_DEBUG:
2164 session->debug = val;
2165 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2166 "%s: set debug=%x\n", session->name, session->debug);
2167 break;
2168
2169 case PPPOL2TP_SO_REORDERTO:
2170 session->reorder_timeout = msecs_to_jiffies(val);
2171 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2172 "%s: set reorder_timeout=%d\n", session->name,
2173 session->reorder_timeout);
2174 break;
2175
2176 default:
2177 err = -ENOPROTOOPT;
2178 break;
2179 }
2180
2181 return err;
2182}
2183
2184/* Main setsockopt() entry point.
2185 * Does API checks, then calls either the tunnel or session setsockopt
2186 * handler, according to whether the PPPoL2TP socket is a for a regular
2187 * session or the special tunnel type.
2188 */
2189static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
2190 char __user *optval, unsigned int optlen)
2191{
2192 struct sock *sk = sock->sk;
2193 struct pppol2tp_session *session = sk->sk_user_data;
2194 struct pppol2tp_tunnel *tunnel;
2195 int val;
2196 int err;
2197
2198 if (level != SOL_PPPOL2TP)
2199 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
2200
2201 if (optlen < sizeof(int))
2202 return -EINVAL;
2203
2204 if (get_user(val, (int __user *)optval))
2205 return -EFAULT;
2206
2207 err = -ENOTCONN;
2208 if (sk->sk_user_data == NULL)
2209 goto end;
2210
2211 /* Get session context from the socket */
2212 err = -EBADF;
2213 session = pppol2tp_sock_to_session(sk);
2214 if (session == NULL)
2215 goto end;
2216
2217 /* Special case: if session_id == 0x0000, treat as operation on tunnel
2218 */
2219 if ((session->tunnel_addr.s_session == 0) &&
2220 (session->tunnel_addr.d_session == 0)) {
2221 err = -EBADF;
2222 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2223 if (tunnel == NULL)
2224 goto end_put_sess;
2225
2226 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
2227 sock_put(session->tunnel_sock);
2228 } else
2229 err = pppol2tp_session_setsockopt(sk, session, optname, val);
2230
2231 err = 0;
2232
2233end_put_sess:
2234 sock_put(sk);
2235end:
2236 return err;
2237}
2238
2239/* Tunnel getsockopt helper. Called with sock locked.
2240 */
2241static int pppol2tp_tunnel_getsockopt(struct sock *sk,
2242 struct pppol2tp_tunnel *tunnel,
2243 int optname, int *val)
2244{
2245 int err = 0;
2246
2247 switch (optname) {
2248 case PPPOL2TP_SO_DEBUG:
2249 *val = tunnel->debug;
2250 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2251 "%s: get debug=%x\n", tunnel->name, tunnel->debug);
2252 break;
2253
2254 default:
2255 err = -ENOPROTOOPT;
2256 break;
2257 }
2258
2259 return err;
2260}
2261
2262/* Session getsockopt helper. Called with sock locked.
2263 */
2264static int pppol2tp_session_getsockopt(struct sock *sk,
2265 struct pppol2tp_session *session,
2266 int optname, int *val)
2267{
2268 int err = 0;
2269
2270 switch (optname) {
2271 case PPPOL2TP_SO_RECVSEQ:
2272 *val = session->recv_seq;
2273 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2274 "%s: get recv_seq=%d\n", session->name, *val);
2275 break;
2276
2277 case PPPOL2TP_SO_SENDSEQ:
2278 *val = session->send_seq;
2279 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2280 "%s: get send_seq=%d\n", session->name, *val);
2281 break;
2282
2283 case PPPOL2TP_SO_LNSMODE:
2284 *val = session->lns_mode;
2285 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2286 "%s: get lns_mode=%d\n", session->name, *val);
2287 break;
2288
2289 case PPPOL2TP_SO_DEBUG:
2290 *val = session->debug;
2291 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2292 "%s: get debug=%d\n", session->name, *val);
2293 break;
2294
2295 case PPPOL2TP_SO_REORDERTO:
2296 *val = (int) jiffies_to_msecs(session->reorder_timeout);
2297 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2298 "%s: get reorder_timeout=%d\n", session->name, *val);
2299 break;
2300
2301 default:
2302 err = -ENOPROTOOPT;
2303 }
2304
2305 return err;
2306}
2307
2308/* Main getsockopt() entry point.
2309 * Does API checks, then calls either the tunnel or session getsockopt
2310 * handler, according to whether the PPPoX socket is a for a regular session
2311 * or the special tunnel type.
2312 */
2313static int pppol2tp_getsockopt(struct socket *sock, int level,
2314 int optname, char __user *optval, int __user *optlen)
2315{
2316 struct sock *sk = sock->sk;
2317 struct pppol2tp_session *session = sk->sk_user_data;
2318 struct pppol2tp_tunnel *tunnel;
2319 int val, len;
2320 int err;
2321
2322 if (level != SOL_PPPOL2TP)
2323 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
2324
2325 if (get_user(len, (int __user *) optlen))
2326 return -EFAULT;
2327
2328 len = min_t(unsigned int, len, sizeof(int));
2329
2330 if (len < 0)
2331 return -EINVAL;
2332
2333 err = -ENOTCONN;
2334 if (sk->sk_user_data == NULL)
2335 goto end;
2336
2337 /* Get the session context */
2338 err = -EBADF;
2339 session = pppol2tp_sock_to_session(sk);
2340 if (session == NULL)
2341 goto end;
2342
2343 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
2344 if ((session->tunnel_addr.s_session == 0) &&
2345 (session->tunnel_addr.d_session == 0)) {
2346 err = -EBADF;
2347 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2348 if (tunnel == NULL)
2349 goto end_put_sess;
2350
2351 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
2352 sock_put(session->tunnel_sock);
2353 } else
2354 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
2355
2356 err = -EFAULT;
2357 if (put_user(len, (int __user *) optlen))
2358 goto end_put_sess;
2359
2360 if (copy_to_user((void __user *) optval, &val, len))
2361 goto end_put_sess;
2362
2363 err = 0;
2364
2365end_put_sess:
2366 sock_put(sk);
2367end:
2368 return err;
2369}
2370
2371/*****************************************************************************
2372 * /proc filesystem for debug
2373 *****************************************************************************/
2374
2375#ifdef CONFIG_PROC_FS
2376
2377#include <linux/seq_file.h>
2378
2379struct pppol2tp_seq_data {
2380 struct seq_net_private p;
2381 struct pppol2tp_tunnel *tunnel; /* current tunnel */
2382 struct pppol2tp_session *session; /* NULL means get first session in tunnel */
2383};
2384
2385static struct pppol2tp_session *next_session(struct pppol2tp_tunnel *tunnel, struct pppol2tp_session *curr)
2386{
2387 struct pppol2tp_session *session = NULL;
2388 struct hlist_node *walk;
2389 int found = 0;
2390 int next = 0;
2391 int i;
2392
2393 read_lock_bh(&tunnel->hlist_lock);
2394 for (i = 0; i < PPPOL2TP_HASH_SIZE; i++) {
2395 hlist_for_each_entry(session, walk, &tunnel->session_hlist[i], hlist) {
2396 if (curr == NULL) {
2397 found = 1;
2398 goto out;
2399 }
2400 if (session == curr) {
2401 next = 1;
2402 continue;
2403 }
2404 if (next) {
2405 found = 1;
2406 goto out;
2407 }
2408 }
2409 }
2410out:
2411 read_unlock_bh(&tunnel->hlist_lock);
2412 if (!found)
2413 session = NULL;
2414
2415 return session;
2416}
2417
2418static struct pppol2tp_tunnel *next_tunnel(struct pppol2tp_net *pn,
2419 struct pppol2tp_tunnel *curr)
2420{
2421 struct pppol2tp_tunnel *tunnel = NULL;
2422
2423 read_lock_bh(&pn->pppol2tp_tunnel_list_lock);
2424 if (list_is_last(&curr->list, &pn->pppol2tp_tunnel_list)) {
2425 goto out;
2426 }
2427 tunnel = list_entry(curr->list.next, struct pppol2tp_tunnel, list);
2428out:
2429 read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
2430
2431 return tunnel;
2432}
2433
2434static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
2435{
2436 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
2437 struct pppol2tp_net *pn;
2438 loff_t pos = *offs;
2439
2440 if (!pos)
2441 goto out;
2442
2443 BUG_ON(m->private == NULL);
2444 pd = m->private;
2445 pn = pppol2tp_pernet(seq_file_net(m));
2446
2447 if (pd->tunnel == NULL) {
2448 if (!list_empty(&pn->pppol2tp_tunnel_list))
2449 pd->tunnel = list_entry(pn->pppol2tp_tunnel_list.next, struct pppol2tp_tunnel, list);
2450 } else {
2451 pd->session = next_session(pd->tunnel, pd->session);
2452 if (pd->session == NULL) {
2453 pd->tunnel = next_tunnel(pn, pd->tunnel);
2454 }
2455 }
2456
2457 /* NULL tunnel and session indicates end of list */
2458 if ((pd->tunnel == NULL) && (pd->session == NULL))
2459 pd = NULL;
2460
2461out:
2462 return pd;
2463}
2464
2465static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
2466{
2467 (*pos)++;
2468 return NULL;
2469}
2470
2471static void pppol2tp_seq_stop(struct seq_file *p, void *v)
2472{
2473 /* nothing to do */
2474}
2475
2476static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
2477{
2478 struct pppol2tp_tunnel *tunnel = v;
2479
2480 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
2481 tunnel->name,
2482 (tunnel == tunnel->sock->sk_user_data) ? 'Y':'N',
2483 atomic_read(&tunnel->ref_count) - 1);
2484 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
2485 tunnel->debug,
2486 (unsigned long long)tunnel->stats.tx_packets,
2487 (unsigned long long)tunnel->stats.tx_bytes,
2488 (unsigned long long)tunnel->stats.tx_errors,
2489 (unsigned long long)tunnel->stats.rx_packets,
2490 (unsigned long long)tunnel->stats.rx_bytes,
2491 (unsigned long long)tunnel->stats.rx_errors);
2492}
2493
2494static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2495{
2496 struct pppol2tp_session *session = v;
2497
2498 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
2499 "%04X/%04X %d %c\n",
2500 session->name,
2501 ntohl(session->tunnel_addr.addr.sin_addr.s_addr),
2502 ntohs(session->tunnel_addr.addr.sin_port),
2503 session->tunnel_addr.s_tunnel,
2504 session->tunnel_addr.s_session,
2505 session->tunnel_addr.d_tunnel,
2506 session->tunnel_addr.d_session,
2507 session->sock->sk_state,
2508 (session == session->sock->sk_user_data) ?
2509 'Y' : 'N');
2510 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
2511 session->mtu, session->mru,
2512 session->recv_seq ? 'R' : '-',
2513 session->send_seq ? 'S' : '-',
2514 session->lns_mode ? "LNS" : "LAC",
2515 session->debug,
2516 jiffies_to_msecs(session->reorder_timeout));
2517 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
2518 session->nr, session->ns,
2519 (unsigned long long)session->stats.tx_packets,
2520 (unsigned long long)session->stats.tx_bytes,
2521 (unsigned long long)session->stats.tx_errors,
2522 (unsigned long long)session->stats.rx_packets,
2523 (unsigned long long)session->stats.rx_bytes,
2524 (unsigned long long)session->stats.rx_errors);
2525}
2526
2527static int pppol2tp_seq_show(struct seq_file *m, void *v)
2528{
2529 struct pppol2tp_seq_data *pd = v;
2530
2531 /* display header on line 1 */
2532 if (v == SEQ_START_TOKEN) {
2533 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
2534 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
2535 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2536 seq_puts(m, " SESSION name, addr/port src-tid/sid "
2537 "dest-tid/sid state user-data-ok\n");
2538 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
2539 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2540 goto out;
2541 }
2542
2543 /* Show the tunnel or session context.
2544 */
2545 if (pd->session == NULL)
2546 pppol2tp_seq_tunnel_show(m, pd->tunnel);
2547 else
2548 pppol2tp_seq_session_show(m, pd->session);
2549
2550out:
2551 return 0;
2552}
2553
2554static const struct seq_operations pppol2tp_seq_ops = {
2555 .start = pppol2tp_seq_start,
2556 .next = pppol2tp_seq_next,
2557 .stop = pppol2tp_seq_stop,
2558 .show = pppol2tp_seq_show,
2559};
2560
2561/* Called when our /proc file is opened. We allocate data for use when
2562 * iterating our tunnel / session contexts and store it in the private
2563 * data of the seq_file.
2564 */
2565static int pppol2tp_proc_open(struct inode *inode, struct file *file)
2566{
2567 return seq_open_net(inode, file, &pppol2tp_seq_ops,
2568 sizeof(struct pppol2tp_seq_data));
2569}
2570
2571static const struct file_operations pppol2tp_proc_fops = {
2572 .owner = THIS_MODULE,
2573 .open = pppol2tp_proc_open,
2574 .read = seq_read,
2575 .llseek = seq_lseek,
2576 .release = seq_release_net,
2577};
2578
2579#endif /* CONFIG_PROC_FS */
2580
2581/*****************************************************************************
2582 * Init and cleanup
2583 *****************************************************************************/
2584
2585static const struct proto_ops pppol2tp_ops = {
2586 .family = AF_PPPOX,
2587 .owner = THIS_MODULE,
2588 .release = pppol2tp_release,
2589 .bind = sock_no_bind,
2590 .connect = pppol2tp_connect,
2591 .socketpair = sock_no_socketpair,
2592 .accept = sock_no_accept,
2593 .getname = pppol2tp_getname,
2594 .poll = datagram_poll,
2595 .listen = sock_no_listen,
2596 .shutdown = sock_no_shutdown,
2597 .setsockopt = pppol2tp_setsockopt,
2598 .getsockopt = pppol2tp_getsockopt,
2599 .sendmsg = pppol2tp_sendmsg,
2600 .recvmsg = pppol2tp_recvmsg,
2601 .mmap = sock_no_mmap,
2602 .ioctl = pppox_ioctl,
2603};
2604
2605static struct pppox_proto pppol2tp_proto = {
2606 .create = pppol2tp_create,
2607 .ioctl = pppol2tp_ioctl
2608};
2609
2610static __net_init int pppol2tp_init_net(struct net *net)
2611{
2612 struct pppol2tp_net *pn = pppol2tp_pernet(net);
2613 struct proc_dir_entry *pde;
2614
2615 INIT_LIST_HEAD(&pn->pppol2tp_tunnel_list);
2616 rwlock_init(&pn->pppol2tp_tunnel_list_lock);
2617
2618 pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
2619#ifdef CONFIG_PROC_FS
2620 if (!pde)
2621 return -ENOMEM;
2622#endif
2623
2624 return 0;
2625}
2626
2627static __net_exit void pppol2tp_exit_net(struct net *net)
2628{
2629 proc_net_remove(net, "pppol2tp");
2630}
2631
2632static struct pernet_operations pppol2tp_net_ops = {
2633 .init = pppol2tp_init_net,
2634 .exit = pppol2tp_exit_net,
2635 .id = &pppol2tp_net_id,
2636 .size = sizeof(struct pppol2tp_net),
2637};
2638
2639static int __init pppol2tp_init(void)
2640{
2641 int err;
2642
2643 err = proto_register(&pppol2tp_sk_proto, 0);
2644 if (err)
2645 goto out;
2646 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
2647 if (err)
2648 goto out_unregister_pppol2tp_proto;
2649
2650 err = register_pernet_device(&pppol2tp_net_ops);
2651 if (err)
2652 goto out_unregister_pppox_proto;
2653
2654 printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
2655 PPPOL2TP_DRV_VERSION);
2656
2657out:
2658 return err;
2659out_unregister_pppox_proto:
2660 unregister_pppox_proto(PX_PROTO_OL2TP);
2661out_unregister_pppol2tp_proto:
2662 proto_unregister(&pppol2tp_sk_proto);
2663 goto out;
2664}
2665
2666static void __exit pppol2tp_exit(void)
2667{
2668 unregister_pppox_proto(PX_PROTO_OL2TP);
2669 unregister_pernet_device(&pppol2tp_net_ops);
2670 proto_unregister(&pppol2tp_sk_proto);
2671}
2672
2673module_init(pppol2tp_init);
2674module_exit(pppol2tp_exit);
2675
2676MODULE_AUTHOR("Martijn van Oosterhout <kleptog@svana.org>, "
2677 "James Chapman <jchapman@katalix.com>");
2678MODULE_DESCRIPTION("PPP over L2TP over UDP");
2679MODULE_LICENSE("GPL");
2680MODULE_VERSION(PPPOL2TP_DRV_VERSION);
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-20 08:21:28 -0400