aboutsummaryrefslogtreecommitdiffstats
path: root/net/l2tp
diff options
context:
space:
mode:
Diffstat (limited to 'net/l2tp')
-rw-r--r--net/l2tp/Kconfig107
-rw-r--r--net/l2tp/Makefile12
-rw-r--r--net/l2tp/l2tp_core.c1693
-rw-r--r--net/l2tp/l2tp_core.h304
-rw-r--r--net/l2tp/l2tp_debugfs.c341
-rw-r--r--net/l2tp/l2tp_eth.c361
-rw-r--r--net/l2tp/l2tp_ip.c679
-rw-r--r--net/l2tp/l2tp_netlink.c840
-rw-r--r--net/l2tp/l2tp_ppp.c1837
9 files changed, 6174 insertions, 0 deletions
diff --git a/net/l2tp/Kconfig b/net/l2tp/Kconfig
new file mode 100644
index 000000000000..4b1e71751e10
--- /dev/null
+++ b/net/l2tp/Kconfig
@@ -0,0 +1,107 @@
1#
2# Layer Two Tunneling Protocol (L2TP)
3#
4
5menuconfig L2TP
6 tristate "Layer Two Tunneling Protocol (L2TP)"
7 depends on INET
8 ---help---
9 Layer Two Tunneling Protocol
10
11 From RFC 2661 <http://www.ietf.org/rfc/rfc2661.txt>.
12
13 L2TP facilitates the tunneling of packets across an
14 intervening network in a way that is as transparent as
15 possible to both end-users and applications.
16
17 L2TP is often used to tunnel PPP traffic over IP
18 tunnels. One IP tunnel may carry thousands of individual PPP
19 connections. L2TP is also used as a VPN protocol, popular
20 with home workers to connect to their offices.
21
22 L2TPv3 allows other protocols as well as PPP to be carried
23 over L2TP tunnels. L2TPv3 is defined in RFC 3931
24 <http://www.ietf.org/rfc/rfc3931.txt>.
25
26 The kernel component handles only L2TP data packets: a
27 userland daemon handles L2TP the control protocol (tunnel
28 and session setup). One such daemon is OpenL2TP
29 (http://openl2tp.org/).
30
31 If you don't need L2TP, say N. To compile all L2TP code as
32 modules, choose M here.
33
34config L2TP_DEBUGFS
35 tristate "L2TP debugfs support"
36 depends on L2TP && DEBUG_FS
37 help
38 Support for l2tp directory in debugfs filesystem. This may be
39 used to dump internal state of the l2tp drivers for problem
40 analysis.
41
42 If unsure, say 'Y'.
43
44 To compile this driver as a module, choose M here. The module
45 will be called l2tp_debugfs.
46
47config L2TP_V3
48 bool "L2TPv3 support (EXPERIMENTAL)"
49 depends on EXPERIMENTAL && L2TP
50 help
51 Layer Two Tunneling Protocol Version 3
52
53 From RFC 3931 <http://www.ietf.org/rfc/rfc3931.txt>.
54
55 The Layer Two Tunneling Protocol (L2TP) provides a dynamic
56 mechanism for tunneling Layer 2 (L2) "circuits" across a
57 packet-oriented data network (e.g., over IP). L2TP, as
58 originally defined in RFC 2661, is a standard method for
59 tunneling Point-to-Point Protocol (PPP) [RFC1661] sessions.
60 L2TP has since been adopted for tunneling a number of other
61 L2 protocols, including ATM, Frame Relay, HDLC and even raw
62 ethernet frames.
63
64 If you are connecting to L2TPv3 equipment, or you want to
65 tunnel raw ethernet frames using L2TP, say Y here. If
66 unsure, say N.
67
68config L2TP_IP
69 tristate "L2TP IP encapsulation for L2TPv3"
70 depends on L2TP_V3
71 help
72 Support for L2TP-over-IP socket family.
73
74 The L2TPv3 protocol defines two possible encapsulations for
75 L2TP frames, namely UDP and plain IP (without UDP). This
76 driver provides a new L2TPIP socket family with which
77 userspace L2TPv3 daemons may create L2TP/IP tunnel sockets
78 when UDP encapsulation is not required. When L2TP is carried
79 in IP packets, it used IP protocol number 115, so this port
80 must be enabled in firewalls.
81
82 To compile this driver as a module, choose M here. The module
83 will be called l2tp_ip.
84
85config L2TP_ETH
86 tristate "L2TP ethernet pseudowire support for L2TPv3"
87 depends on L2TP_V3
88 help
89 Support for carrying raw ethernet frames over L2TPv3.
90
91 From RFC 4719 <http://www.ietf.org/rfc/rfc4719.txt>.
92
93 The Layer 2 Tunneling Protocol, Version 3 (L2TPv3) can be
94 used as a control protocol and for data encapsulation to set
95 up Pseudowires for transporting layer 2 Packet Data Units
96 across an IP network [RFC3931].
97
98 This driver provides an ethernet virtual interface for each
99 L2TP ethernet pseudowire instance. Standard Linux tools may
100 be used to assign an IP address to the local virtual
101 interface, or add the interface to a bridge.
102
103 If you are using L2TPv3, you will almost certainly want to
104 enable this option.
105
106 To compile this driver as a module, choose M here. The module
107 will be called l2tp_eth.
diff --git a/net/l2tp/Makefile b/net/l2tp/Makefile
new file mode 100644
index 000000000000..110e7bc2de5e
--- /dev/null
+++ b/net/l2tp/Makefile
@@ -0,0 +1,12 @@
1#
2# Makefile for the L2TP.
3#
4
5obj-$(CONFIG_L2TP) += l2tp_core.o
6
7# Build l2tp as modules if L2TP is M
8obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_PPPOL2TP)) += l2tp_ppp.o
9obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_IP)) += l2tp_ip.o
10obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_V3)) += l2tp_netlink.o
11obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_ETH)) += l2tp_eth.o
12obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_DEBUGFS)) += l2tp_debugfs.o
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
new file mode 100644
index 000000000000..ecc7aea9efe4
--- /dev/null
+++ b/net/l2tp/l2tp_core.c
@@ -0,0 +1,1693 @@
1/*
2 * L2TP core.
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * This file contains some code of the original L2TPv2 pppol2tp
7 * driver, which has the following copyright:
8 *
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2 as
18 * published by the Free Software Foundation.
19 */
20
21#include <linux/module.h>
22#include <linux/string.h>
23#include <linux/list.h>
24#include <linux/rculist.h>
25#include <linux/uaccess.h>
26
27#include <linux/kernel.h>
28#include <linux/spinlock.h>
29#include <linux/kthread.h>
30#include <linux/sched.h>
31#include <linux/slab.h>
32#include <linux/errno.h>
33#include <linux/jiffies.h>
34
35#include <linux/netdevice.h>
36#include <linux/net.h>
37#include <linux/inetdevice.h>
38#include <linux/skbuff.h>
39#include <linux/init.h>
40#include <linux/in.h>
41#include <linux/ip.h>
42#include <linux/udp.h>
43#include <linux/l2tp.h>
44#include <linux/hash.h>
45#include <linux/sort.h>
46#include <linux/file.h>
47#include <linux/nsproxy.h>
48#include <net/net_namespace.h>
49#include <net/netns/generic.h>
50#include <net/dst.h>
51#include <net/ip.h>
52#include <net/udp.h>
53#include <net/inet_common.h>
54#include <net/xfrm.h>
55#include <net/protocol.h>
56
57#include <asm/byteorder.h>
58#include <asm/atomic.h>
59
60#include "l2tp_core.h"
61
62#define L2TP_DRV_VERSION "V2.0"
63
64/* L2TP header constants */
65#define L2TP_HDRFLAG_T 0x8000
66#define L2TP_HDRFLAG_L 0x4000
67#define L2TP_HDRFLAG_S 0x0800
68#define L2TP_HDRFLAG_O 0x0200
69#define L2TP_HDRFLAG_P 0x0100
70
71#define L2TP_HDR_VER_MASK 0x000F
72#define L2TP_HDR_VER_2 0x0002
73#define L2TP_HDR_VER_3 0x0003
74
75/* L2TPv3 default L2-specific sublayer */
76#define L2TP_SLFLAG_S 0x40000000
77#define L2TP_SL_SEQ_MASK 0x00ffffff
78
79#define L2TP_HDR_SIZE_SEQ 10
80#define L2TP_HDR_SIZE_NOSEQ 6
81
82/* Default trace flags */
83#define L2TP_DEFAULT_DEBUG_FLAGS 0
84
85#define PRINTK(_mask, _type, _lvl, _fmt, args...) \
86 do { \
87 if ((_mask) & (_type)) \
88 printk(_lvl "L2TP: " _fmt, ##args); \
89 } while (0)
90
91/* Private data stored for received packets in the skb.
92 */
93struct l2tp_skb_cb {
94 u32 ns;
95 u16 has_seq;
96 u16 length;
97 unsigned long expires;
98};
99
100#define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
101
102static atomic_t l2tp_tunnel_count;
103static atomic_t l2tp_session_count;
104
105/* per-net private data for this module */
106static unsigned int l2tp_net_id;
107struct l2tp_net {
108 struct list_head l2tp_tunnel_list;
109 spinlock_t l2tp_tunnel_list_lock;
110 struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
111 spinlock_t l2tp_session_hlist_lock;
112};
113
114static inline struct l2tp_net *l2tp_pernet(struct net *net)
115{
116 BUG_ON(!net);
117
118 return net_generic(net, l2tp_net_id);
119}
120
121/* Session hash global list for L2TPv3.
122 * The session_id SHOULD be random according to RFC3931, but several
123 * L2TP implementations use incrementing session_ids. So we do a real
124 * hash on the session_id, rather than a simple bitmask.
125 */
126static inline struct hlist_head *
127l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
128{
129 return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
130
131}
132
133/* Lookup a session by id in the global session list
134 */
135static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
136{
137 struct l2tp_net *pn = l2tp_pernet(net);
138 struct hlist_head *session_list =
139 l2tp_session_id_hash_2(pn, session_id);
140 struct l2tp_session *session;
141 struct hlist_node *walk;
142
143 rcu_read_lock_bh();
144 hlist_for_each_entry_rcu(session, walk, session_list, global_hlist) {
145 if (session->session_id == session_id) {
146 rcu_read_unlock_bh();
147 return session;
148 }
149 }
150 rcu_read_unlock_bh();
151
152 return NULL;
153}
154
155/* Session hash list.
156 * The session_id SHOULD be random according to RFC2661, but several
157 * L2TP implementations (Cisco and Microsoft) use incrementing
158 * session_ids. So we do a real hash on the session_id, rather than a
159 * simple bitmask.
160 */
161static inline struct hlist_head *
162l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
163{
164 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
165}
166
167/* Lookup a session by id
168 */
169struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id)
170{
171 struct hlist_head *session_list;
172 struct l2tp_session *session;
173 struct hlist_node *walk;
174
175 /* In L2TPv3, session_ids are unique over all tunnels and we
176 * sometimes need to look them up before we know the
177 * tunnel.
178 */
179 if (tunnel == NULL)
180 return l2tp_session_find_2(net, session_id);
181
182 session_list = l2tp_session_id_hash(tunnel, session_id);
183 read_lock_bh(&tunnel->hlist_lock);
184 hlist_for_each_entry(session, walk, session_list, hlist) {
185 if (session->session_id == session_id) {
186 read_unlock_bh(&tunnel->hlist_lock);
187 return session;
188 }
189 }
190 read_unlock_bh(&tunnel->hlist_lock);
191
192 return NULL;
193}
194EXPORT_SYMBOL_GPL(l2tp_session_find);
195
196struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth)
197{
198 int hash;
199 struct hlist_node *walk;
200 struct l2tp_session *session;
201 int count = 0;
202
203 read_lock_bh(&tunnel->hlist_lock);
204 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
205 hlist_for_each_entry(session, walk, &tunnel->session_hlist[hash], hlist) {
206 if (++count > nth) {
207 read_unlock_bh(&tunnel->hlist_lock);
208 return session;
209 }
210 }
211 }
212
213 read_unlock_bh(&tunnel->hlist_lock);
214
215 return NULL;
216}
217EXPORT_SYMBOL_GPL(l2tp_session_find_nth);
218
219/* Lookup a session by interface name.
220 * This is very inefficient but is only used by management interfaces.
221 */
222struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname)
223{
224 struct l2tp_net *pn = l2tp_pernet(net);
225 int hash;
226 struct hlist_node *walk;
227 struct l2tp_session *session;
228
229 rcu_read_lock_bh();
230 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
231 hlist_for_each_entry_rcu(session, walk, &pn->l2tp_session_hlist[hash], global_hlist) {
232 if (!strcmp(session->ifname, ifname)) {
233 rcu_read_unlock_bh();
234 return session;
235 }
236 }
237 }
238
239 rcu_read_unlock_bh();
240
241 return NULL;
242}
243EXPORT_SYMBOL_GPL(l2tp_session_find_by_ifname);
244
245/* Lookup a tunnel by id
246 */
247struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id)
248{
249 struct l2tp_tunnel *tunnel;
250 struct l2tp_net *pn = l2tp_pernet(net);
251
252 rcu_read_lock_bh();
253 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
254 if (tunnel->tunnel_id == tunnel_id) {
255 rcu_read_unlock_bh();
256 return tunnel;
257 }
258 }
259 rcu_read_unlock_bh();
260
261 return NULL;
262}
263EXPORT_SYMBOL_GPL(l2tp_tunnel_find);
264
265struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth)
266{
267 struct l2tp_net *pn = l2tp_pernet(net);
268 struct l2tp_tunnel *tunnel;
269 int count = 0;
270
271 rcu_read_lock_bh();
272 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
273 if (++count > nth) {
274 rcu_read_unlock_bh();
275 return tunnel;
276 }
277 }
278
279 rcu_read_unlock_bh();
280
281 return NULL;
282}
283EXPORT_SYMBOL_GPL(l2tp_tunnel_find_nth);
284
285/*****************************************************************************
286 * Receive data handling
287 *****************************************************************************/
288
289/* Queue a skb in order. We come here only if the skb has an L2TP sequence
290 * number.
291 */
292static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
293{
294 struct sk_buff *skbp;
295 struct sk_buff *tmp;
296 u32 ns = L2TP_SKB_CB(skb)->ns;
297
298 spin_lock_bh(&session->reorder_q.lock);
299 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
300 if (L2TP_SKB_CB(skbp)->ns > ns) {
301 __skb_queue_before(&session->reorder_q, skbp, skb);
302 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
303 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
304 session->name, ns, L2TP_SKB_CB(skbp)->ns,
305 skb_queue_len(&session->reorder_q));
306 session->stats.rx_oos_packets++;
307 goto out;
308 }
309 }
310
311 __skb_queue_tail(&session->reorder_q, skb);
312
313out:
314 spin_unlock_bh(&session->reorder_q.lock);
315}
316
317/* Dequeue a single skb.
318 */
319static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
320{
321 struct l2tp_tunnel *tunnel = session->tunnel;
322 int length = L2TP_SKB_CB(skb)->length;
323
324 /* We're about to requeue the skb, so return resources
325 * to its current owner (a socket receive buffer).
326 */
327 skb_orphan(skb);
328
329 tunnel->stats.rx_packets++;
330 tunnel->stats.rx_bytes += length;
331 session->stats.rx_packets++;
332 session->stats.rx_bytes += length;
333
334 if (L2TP_SKB_CB(skb)->has_seq) {
335 /* Bump our Nr */
336 session->nr++;
337 if (tunnel->version == L2TP_HDR_VER_2)
338 session->nr &= 0xffff;
339 else
340 session->nr &= 0xffffff;
341
342 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
343 "%s: updated nr to %hu\n", session->name, session->nr);
344 }
345
346 /* call private receive handler */
347 if (session->recv_skb != NULL)
348 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
349 else
350 kfree_skb(skb);
351
352 if (session->deref)
353 (*session->deref)(session);
354}
355
356/* Dequeue skbs from the session's reorder_q, subject to packet order.
357 * Skbs that have been in the queue for too long are simply discarded.
358 */
359static void l2tp_recv_dequeue(struct l2tp_session *session)
360{
361 struct sk_buff *skb;
362 struct sk_buff *tmp;
363
364 /* If the pkt at the head of the queue has the nr that we
365 * expect to send up next, dequeue it and any other
366 * in-sequence packets behind it.
367 */
368 spin_lock_bh(&session->reorder_q.lock);
369 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
370 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
371 session->stats.rx_seq_discards++;
372 session->stats.rx_errors++;
373 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
374 "%s: oos pkt %u len %d discarded (too old), "
375 "waiting for %u, reorder_q_len=%d\n",
376 session->name, L2TP_SKB_CB(skb)->ns,
377 L2TP_SKB_CB(skb)->length, session->nr,
378 skb_queue_len(&session->reorder_q));
379 __skb_unlink(skb, &session->reorder_q);
380 kfree_skb(skb);
381 if (session->deref)
382 (*session->deref)(session);
383 continue;
384 }
385
386 if (L2TP_SKB_CB(skb)->has_seq) {
387 if (L2TP_SKB_CB(skb)->ns != session->nr) {
388 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
389 "%s: holding oos pkt %u len %d, "
390 "waiting for %u, reorder_q_len=%d\n",
391 session->name, L2TP_SKB_CB(skb)->ns,
392 L2TP_SKB_CB(skb)->length, session->nr,
393 skb_queue_len(&session->reorder_q));
394 goto out;
395 }
396 }
397 __skb_unlink(skb, &session->reorder_q);
398
399 /* Process the skb. We release the queue lock while we
400 * do so to let other contexts process the queue.
401 */
402 spin_unlock_bh(&session->reorder_q.lock);
403 l2tp_recv_dequeue_skb(session, skb);
404 spin_lock_bh(&session->reorder_q.lock);
405 }
406
407out:
408 spin_unlock_bh(&session->reorder_q.lock);
409}
410
411static inline int l2tp_verify_udp_checksum(struct sock *sk,
412 struct sk_buff *skb)
413{
414 struct udphdr *uh = udp_hdr(skb);
415 u16 ulen = ntohs(uh->len);
416 struct inet_sock *inet;
417 __wsum psum;
418
419 if (sk->sk_no_check || skb_csum_unnecessary(skb) || !uh->check)
420 return 0;
421
422 inet = inet_sk(sk);
423 psum = csum_tcpudp_nofold(inet->inet_saddr, inet->inet_daddr, ulen,
424 IPPROTO_UDP, 0);
425
426 if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
427 !csum_fold(csum_add(psum, skb->csum)))
428 return 0;
429
430 skb->csum = psum;
431
432 return __skb_checksum_complete(skb);
433}
434
435/* Do receive processing of L2TP data frames. We handle both L2TPv2
436 * and L2TPv3 data frames here.
437 *
438 * L2TPv2 Data Message Header
439 *
440 * 0 1 2 3
441 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
442 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
443 * |T|L|x|x|S|x|O|P|x|x|x|x| Ver | Length (opt) |
444 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
445 * | Tunnel ID | Session ID |
446 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
447 * | Ns (opt) | Nr (opt) |
448 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
449 * | Offset Size (opt) | Offset pad... (opt)
450 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
451 *
452 * Data frames are marked by T=0. All other fields are the same as
453 * those in L2TP control frames.
454 *
455 * L2TPv3 Data Message Header
456 *
457 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
458 * | L2TP Session Header |
459 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
460 * | L2-Specific Sublayer |
461 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
462 * | Tunnel Payload ...
463 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
464 *
465 * L2TPv3 Session Header Over IP
466 *
467 * 0 1 2 3
468 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
469 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
470 * | Session ID |
471 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
472 * | Cookie (optional, maximum 64 bits)...
473 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
474 * |
475 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
476 *
477 * L2TPv3 L2-Specific Sublayer Format
478 *
479 * 0 1 2 3
480 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
481 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
482 * |x|S|x|x|x|x|x|x| Sequence Number |
483 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
484 *
485 * Cookie value, sublayer format and offset (pad) are negotiated with
486 * the peer when the session is set up. Unlike L2TPv2, we do not need
487 * to parse the packet header to determine if optional fields are
488 * present.
489 *
490 * Caller must already have parsed the frame and determined that it is
491 * a data (not control) frame before coming here. Fields up to the
492 * session-id have already been parsed and ptr points to the data
493 * after the session-id.
494 */
495void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
496 unsigned char *ptr, unsigned char *optr, u16 hdrflags,
497 int length, int (*payload_hook)(struct sk_buff *skb))
498{
499 struct l2tp_tunnel *tunnel = session->tunnel;
500 int offset;
501 u32 ns, nr;
502
503 /* The ref count is increased since we now hold a pointer to
504 * the session. Take care to decrement the refcnt when exiting
505 * this function from now on...
506 */
507 l2tp_session_inc_refcount(session);
508 if (session->ref)
509 (*session->ref)(session);
510
511 /* Parse and check optional cookie */
512 if (session->peer_cookie_len > 0) {
513 if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
514 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_INFO,
515 "%s: cookie mismatch (%u/%u). Discarding.\n",
516 tunnel->name, tunnel->tunnel_id, session->session_id);
517 session->stats.rx_cookie_discards++;
518 goto discard;
519 }
520 ptr += session->peer_cookie_len;
521 }
522
523 /* Handle the optional sequence numbers. Sequence numbers are
524 * in different places for L2TPv2 and L2TPv3.
525 *
526 * If we are the LAC, enable/disable sequence numbers under
527 * the control of the LNS. If no sequence numbers present but
528 * we were expecting them, discard frame.
529 */
530 ns = nr = 0;
531 L2TP_SKB_CB(skb)->has_seq = 0;
532 if (tunnel->version == L2TP_HDR_VER_2) {
533 if (hdrflags & L2TP_HDRFLAG_S) {
534 ns = ntohs(*(__be16 *) ptr);
535 ptr += 2;
536 nr = ntohs(*(__be16 *) ptr);
537 ptr += 2;
538
539 /* Store L2TP info in the skb */
540 L2TP_SKB_CB(skb)->ns = ns;
541 L2TP_SKB_CB(skb)->has_seq = 1;
542
543 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
544 "%s: recv data ns=%u, nr=%u, session nr=%u\n",
545 session->name, ns, nr, session->nr);
546 }
547 } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
548 u32 l2h = ntohl(*(__be32 *) ptr);
549
550 if (l2h & 0x40000000) {
551 ns = l2h & 0x00ffffff;
552
553 /* Store L2TP info in the skb */
554 L2TP_SKB_CB(skb)->ns = ns;
555 L2TP_SKB_CB(skb)->has_seq = 1;
556
557 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
558 "%s: recv data ns=%u, session nr=%u\n",
559 session->name, ns, session->nr);
560 }
561 }
562
563 /* Advance past L2-specific header, if present */
564 ptr += session->l2specific_len;
565
566 if (L2TP_SKB_CB(skb)->has_seq) {
567 /* Received a packet with sequence numbers. If we're the LNS,
568 * check if we sre sending sequence numbers and if not,
569 * configure it so.
570 */
571 if ((!session->lns_mode) && (!session->send_seq)) {
572 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_INFO,
573 "%s: requested to enable seq numbers by LNS\n",
574 session->name);
575 session->send_seq = -1;
576 l2tp_session_set_header_len(session, tunnel->version);
577 }
578 } else {
579 /* No sequence numbers.
580 * If user has configured mandatory sequence numbers, discard.
581 */
582 if (session->recv_seq) {
583 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_WARNING,
584 "%s: recv data has no seq numbers when required. "
585 "Discarding\n", session->name);
586 session->stats.rx_seq_discards++;
587 goto discard;
588 }
589
590 /* If we're the LAC and we're sending sequence numbers, the
591 * LNS has requested that we no longer send sequence numbers.
592 * If we're the LNS and we're sending sequence numbers, the
593 * LAC is broken. Discard the frame.
594 */
595 if ((!session->lns_mode) && (session->send_seq)) {
596 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_INFO,
597 "%s: requested to disable seq numbers by LNS\n",
598 session->name);
599 session->send_seq = 0;
600 l2tp_session_set_header_len(session, tunnel->version);
601 } else if (session->send_seq) {
602 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_WARNING,
603 "%s: recv data has no seq numbers when required. "
604 "Discarding\n", session->name);
605 session->stats.rx_seq_discards++;
606 goto discard;
607 }
608 }
609
610 /* Session data offset is handled differently for L2TPv2 and
611 * L2TPv3. For L2TPv2, there is an optional 16-bit value in
612 * the header. For L2TPv3, the offset is negotiated using AVPs
613 * in the session setup control protocol.
614 */
615 if (tunnel->version == L2TP_HDR_VER_2) {
616 /* If offset bit set, skip it. */
617 if (hdrflags & L2TP_HDRFLAG_O) {
618 offset = ntohs(*(__be16 *)ptr);
619 ptr += 2 + offset;
620 }
621 } else
622 ptr += session->offset;
623
624 offset = ptr - optr;
625 if (!pskb_may_pull(skb, offset))
626 goto discard;
627
628 __skb_pull(skb, offset);
629
630 /* If caller wants to process the payload before we queue the
631 * packet, do so now.
632 */
633 if (payload_hook)
634 if ((*payload_hook)(skb))
635 goto discard;
636
637 /* Prepare skb for adding to the session's reorder_q. Hold
638 * packets for max reorder_timeout or 1 second if not
639 * reordering.
640 */
641 L2TP_SKB_CB(skb)->length = length;
642 L2TP_SKB_CB(skb)->expires = jiffies +
643 (session->reorder_timeout ? session->reorder_timeout : HZ);
644
645 /* Add packet to the session's receive queue. Reordering is done here, if
646 * enabled. Saved L2TP protocol info is stored in skb->sb[].
647 */
648 if (L2TP_SKB_CB(skb)->has_seq) {
649 if (session->reorder_timeout != 0) {
650 /* Packet reordering enabled. Add skb to session's
651 * reorder queue, in order of ns.
652 */
653 l2tp_recv_queue_skb(session, skb);
654 } else {
655 /* Packet reordering disabled. Discard out-of-sequence
656 * packets
657 */
658 if (L2TP_SKB_CB(skb)->ns != session->nr) {
659 session->stats.rx_seq_discards++;
660 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
661 "%s: oos pkt %u len %d discarded, "
662 "waiting for %u, reorder_q_len=%d\n",
663 session->name, L2TP_SKB_CB(skb)->ns,
664 L2TP_SKB_CB(skb)->length, session->nr,
665 skb_queue_len(&session->reorder_q));
666 goto discard;
667 }
668 skb_queue_tail(&session->reorder_q, skb);
669 }
670 } else {
671 /* No sequence numbers. Add the skb to the tail of the
672 * reorder queue. This ensures that it will be
673 * delivered after all previous sequenced skbs.
674 */
675 skb_queue_tail(&session->reorder_q, skb);
676 }
677
678 /* Try to dequeue as many skbs from reorder_q as we can. */
679 l2tp_recv_dequeue(session);
680
681 l2tp_session_dec_refcount(session);
682
683 return;
684
685discard:
686 session->stats.rx_errors++;
687 kfree_skb(skb);
688
689 if (session->deref)
690 (*session->deref)(session);
691
692 l2tp_session_dec_refcount(session);
693}
694EXPORT_SYMBOL(l2tp_recv_common);
695
696/* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
697 * here. The skb is not on a list when we get here.
698 * Returns 0 if the packet was a data packet and was successfully passed on.
699 * Returns 1 if the packet was not a good data packet and could not be
700 * forwarded. All such packets are passed up to userspace to deal with.
701 */
702int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
703 int (*payload_hook)(struct sk_buff *skb))
704{
705 struct l2tp_session *session = NULL;
706 unsigned char *ptr, *optr;
707 u16 hdrflags;
708 u32 tunnel_id, session_id;
709 int offset;
710 u16 version;
711 int length;
712
713 if (tunnel->sock && l2tp_verify_udp_checksum(tunnel->sock, skb))
714 goto discard_bad_csum;
715
716 /* UDP always verifies the packet length. */
717 __skb_pull(skb, sizeof(struct udphdr));
718
719 /* Short packet? */
720 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) {
721 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_INFO,
722 "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
723 goto error;
724 }
725
726 /* Point to L2TP header */
727 optr = ptr = skb->data;
728
729 /* Trace packet contents, if enabled */
730 if (tunnel->debug & L2TP_MSG_DATA) {
731 length = min(32u, skb->len);
732 if (!pskb_may_pull(skb, length))
733 goto error;
734
735 printk(KERN_DEBUG "%s: recv: ", tunnel->name);
736
737 offset = 0;
738 do {
739 printk(" %02X", ptr[offset]);
740 } while (++offset < length);
741
742 printk("\n");
743 }
744
745 /* Get L2TP header flags */
746 hdrflags = ntohs(*(__be16 *) ptr);
747
748 /* Check protocol version */
749 version = hdrflags & L2TP_HDR_VER_MASK;
750 if (version != tunnel->version) {
751 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_INFO,
752 "%s: recv protocol version mismatch: got %d expected %d\n",
753 tunnel->name, version, tunnel->version);
754 goto error;
755 }
756
757 /* Get length of L2TP packet */
758 length = skb->len;
759
760 /* If type is control packet, it is handled by userspace. */
761 if (hdrflags & L2TP_HDRFLAG_T) {
762 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_DEBUG,
763 "%s: recv control packet, len=%d\n", tunnel->name, length);
764 goto error;
765 }
766
767 /* Skip flags */
768 ptr += 2;
769
770 if (tunnel->version == L2TP_HDR_VER_2) {
771 /* If length is present, skip it */
772 if (hdrflags & L2TP_HDRFLAG_L)
773 ptr += 2;
774
775 /* Extract tunnel and session ID */
776 tunnel_id = ntohs(*(__be16 *) ptr);
777 ptr += 2;
778 session_id = ntohs(*(__be16 *) ptr);
779 ptr += 2;
780 } else {
781 ptr += 2; /* skip reserved bits */
782 tunnel_id = tunnel->tunnel_id;
783 session_id = ntohl(*(__be32 *) ptr);
784 ptr += 4;
785 }
786
787 /* Find the session context */
788 session = l2tp_session_find(tunnel->l2tp_net, tunnel, session_id);
789 if (!session || !session->recv_skb) {
790 /* Not found? Pass to userspace to deal with */
791 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_INFO,
792 "%s: no session found (%u/%u). Passing up.\n",
793 tunnel->name, tunnel_id, session_id);
794 goto error;
795 }
796
797 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook);
798
799 return 0;
800
801discard_bad_csum:
802 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
803 UDP_INC_STATS_USER(tunnel->l2tp_net, UDP_MIB_INERRORS, 0);
804 tunnel->stats.rx_errors++;
805 kfree_skb(skb);
806
807 return 0;
808
809error:
810 /* Put UDP header back */
811 __skb_push(skb, sizeof(struct udphdr));
812
813 return 1;
814}
815EXPORT_SYMBOL_GPL(l2tp_udp_recv_core);
816
817/* UDP encapsulation receive handler. See net/ipv4/udp.c.
818 * Return codes:
819 * 0 : success.
820 * <0: error
821 * >0: skb should be passed up to userspace as UDP.
822 */
823int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
824{
825 struct l2tp_tunnel *tunnel;
826
827 tunnel = l2tp_sock_to_tunnel(sk);
828 if (tunnel == NULL)
829 goto pass_up;
830
831 PRINTK(tunnel->debug, L2TP_MSG_DATA, KERN_DEBUG,
832 "%s: received %d bytes\n", tunnel->name, skb->len);
833
834 if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook))
835 goto pass_up_put;
836
837 sock_put(sk);
838 return 0;
839
840pass_up_put:
841 sock_put(sk);
842pass_up:
843 return 1;
844}
845EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
846
847/************************************************************************
848 * Transmit handling
849 ***********************************************************************/
850
851/* Build an L2TP header for the session into the buffer provided.
852 */
853static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf)
854{
855 struct l2tp_tunnel *tunnel = session->tunnel;
856 __be16 *bufp = buf;
857 __be16 *optr = buf;
858 u16 flags = L2TP_HDR_VER_2;
859 u32 tunnel_id = tunnel->peer_tunnel_id;
860 u32 session_id = session->peer_session_id;
861
862 if (session->send_seq)
863 flags |= L2TP_HDRFLAG_S;
864
865 /* Setup L2TP header. */
866 *bufp++ = htons(flags);
867 *bufp++ = htons(tunnel_id);
868 *bufp++ = htons(session_id);
869 if (session->send_seq) {
870 *bufp++ = htons(session->ns);
871 *bufp++ = 0;
872 session->ns++;
873 session->ns &= 0xffff;
874 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
875 "%s: updated ns to %u\n", session->name, session->ns);
876 }
877
878 return bufp - optr;
879}
880
881static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf)
882{
883 struct l2tp_tunnel *tunnel = session->tunnel;
884 char *bufp = buf;
885 char *optr = bufp;
886
887 /* Setup L2TP header. The header differs slightly for UDP and
888 * IP encapsulations. For UDP, there is 4 bytes of flags.
889 */
890 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
891 u16 flags = L2TP_HDR_VER_3;
892 *((__be16 *) bufp) = htons(flags);
893 bufp += 2;
894 *((__be16 *) bufp) = 0;
895 bufp += 2;
896 }
897
898 *((__be32 *) bufp) = htonl(session->peer_session_id);
899 bufp += 4;
900 if (session->cookie_len) {
901 memcpy(bufp, &session->cookie[0], session->cookie_len);
902 bufp += session->cookie_len;
903 }
904 if (session->l2specific_len) {
905 if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
906 u32 l2h = 0;
907 if (session->send_seq) {
908 l2h = 0x40000000 | session->ns;
909 session->ns++;
910 session->ns &= 0xffffff;
911 PRINTK(session->debug, L2TP_MSG_SEQ, KERN_DEBUG,
912 "%s: updated ns to %u\n", session->name, session->ns);
913 }
914
915 *((__be32 *) bufp) = htonl(l2h);
916 }
917 bufp += session->l2specific_len;
918 }
919 if (session->offset)
920 bufp += session->offset;
921
922 return bufp - optr;
923}
924
925int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb, size_t data_len)
926{
927 struct l2tp_tunnel *tunnel = session->tunnel;
928 unsigned int len = skb->len;
929 int error;
930
931 /* Debug */
932 if (session->send_seq)
933 PRINTK(session->debug, L2TP_MSG_DATA, KERN_DEBUG,
934 "%s: send %Zd bytes, ns=%u\n", session->name,
935 data_len, session->ns - 1);
936 else
937 PRINTK(session->debug, L2TP_MSG_DATA, KERN_DEBUG,
938 "%s: send %Zd bytes\n", session->name, data_len);
939
940 if (session->debug & L2TP_MSG_DATA) {
941 int i;
942 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
943 unsigned char *datap = skb->data + uhlen;
944
945 printk(KERN_DEBUG "%s: xmit:", session->name);
946 for (i = 0; i < (len - uhlen); i++) {
947 printk(" %02X", *datap++);
948 if (i == 31) {
949 printk(" ...");
950 break;
951 }
952 }
953 printk("\n");
954 }
955
956 /* Queue the packet to IP for output */
957 skb->local_df = 1;
958 error = ip_queue_xmit(skb);
959
960 /* Update stats */
961 if (error >= 0) {
962 tunnel->stats.tx_packets++;
963 tunnel->stats.tx_bytes += len;
964 session->stats.tx_packets++;
965 session->stats.tx_bytes += len;
966 } else {
967 tunnel->stats.tx_errors++;
968 session->stats.tx_errors++;
969 }
970
971 return 0;
972}
973EXPORT_SYMBOL_GPL(l2tp_xmit_core);
974
975/* Automatically called when the skb is freed.
976 */
977static void l2tp_sock_wfree(struct sk_buff *skb)
978{
979 sock_put(skb->sk);
980}
981
982/* For data skbs that we transmit, we associate with the tunnel socket
983 * but don't do accounting.
984 */
985static inline void l2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
986{
987 sock_hold(sk);
988 skb->sk = sk;
989 skb->destructor = l2tp_sock_wfree;
990}
991
992/* If caller requires the skb to have a ppp header, the header must be
993 * inserted in the skb data before calling this function.
994 */
995int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
996{
997 int data_len = skb->len;
998 struct l2tp_tunnel *tunnel = session->tunnel;
999 struct sock *sk = tunnel->sock;
1000 struct udphdr *uh;
1001 struct inet_sock *inet;
1002 __wsum csum;
1003 int old_headroom;
1004 int new_headroom;
1005 int headroom;
1006 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1007 int udp_len;
1008
1009 /* Check that there's enough headroom in the skb to insert IP,
1010 * UDP and L2TP headers. If not enough, expand it to
1011 * make room. Adjust truesize.
1012 */
1013 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1014 uhlen + hdr_len;
1015 old_headroom = skb_headroom(skb);
1016 if (skb_cow_head(skb, headroom))
1017 goto abort;
1018
1019 new_headroom = skb_headroom(skb);
1020 skb_orphan(skb);
1021 skb->truesize += new_headroom - old_headroom;
1022
1023 /* Setup L2TP header */
1024 session->build_header(session, __skb_push(skb, hdr_len));
1025
1026 /* Reset skb netfilter state */
1027 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1028 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1029 IPSKB_REROUTED);
1030 nf_reset(skb);
1031
1032 /* Get routing info from the tunnel socket */
1033 skb_dst_drop(skb);
1034 skb_dst_set(skb, dst_clone(__sk_dst_get(sk)));
1035
1036 switch (tunnel->encap) {
1037 case L2TP_ENCAPTYPE_UDP:
1038 /* Setup UDP header */
1039 inet = inet_sk(sk);
1040 __skb_push(skb, sizeof(*uh));
1041 skb_reset_transport_header(skb);
1042 uh = udp_hdr(skb);
1043 uh->source = inet->inet_sport;
1044 uh->dest = inet->inet_dport;
1045 udp_len = uhlen + hdr_len + data_len;
1046 uh->len = htons(udp_len);
1047 uh->check = 0;
1048
1049 /* Calculate UDP checksum if configured to do so */
1050 if (sk->sk_no_check == UDP_CSUM_NOXMIT)
1051 skb->ip_summed = CHECKSUM_NONE;
1052 else if ((skb_dst(skb) && skb_dst(skb)->dev) &&
1053 (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM))) {
1054 skb->ip_summed = CHECKSUM_COMPLETE;
1055 csum = skb_checksum(skb, 0, udp_len, 0);
1056 uh->check = csum_tcpudp_magic(inet->inet_saddr,
1057 inet->inet_daddr,
1058 udp_len, IPPROTO_UDP, csum);
1059 if (uh->check == 0)
1060 uh->check = CSUM_MANGLED_0;
1061 } else {
1062 skb->ip_summed = CHECKSUM_PARTIAL;
1063 skb->csum_start = skb_transport_header(skb) - skb->head;
1064 skb->csum_offset = offsetof(struct udphdr, check);
1065 uh->check = ~csum_tcpudp_magic(inet->inet_saddr,
1066 inet->inet_daddr,
1067 udp_len, IPPROTO_UDP, 0);
1068 }
1069 break;
1070
1071 case L2TP_ENCAPTYPE_IP:
1072 break;
1073 }
1074
1075 l2tp_skb_set_owner_w(skb, sk);
1076
1077 l2tp_xmit_core(session, skb, data_len);
1078
1079abort:
1080 return 0;
1081}
1082EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1083
1084/*****************************************************************************
1085 * Tinnel and session create/destroy.
1086 *****************************************************************************/
1087
1088/* Tunnel socket destruct hook.
1089 * The tunnel context is deleted only when all session sockets have been
1090 * closed.
1091 */
1092void l2tp_tunnel_destruct(struct sock *sk)
1093{
1094 struct l2tp_tunnel *tunnel;
1095
1096 tunnel = sk->sk_user_data;
1097 if (tunnel == NULL)
1098 goto end;
1099
1100 PRINTK(tunnel->debug, L2TP_MSG_CONTROL, KERN_INFO,
1101 "%s: closing...\n", tunnel->name);
1102
1103 /* Close all sessions */
1104 l2tp_tunnel_closeall(tunnel);
1105
1106 switch (tunnel->encap) {
1107 case L2TP_ENCAPTYPE_UDP:
1108 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1109 (udp_sk(sk))->encap_type = 0;
1110 (udp_sk(sk))->encap_rcv = NULL;
1111 break;
1112 case L2TP_ENCAPTYPE_IP:
1113 break;
1114 }
1115
1116 /* Remove hooks into tunnel socket */
1117 tunnel->sock = NULL;
1118 sk->sk_destruct = tunnel->old_sk_destruct;
1119 sk->sk_user_data = NULL;
1120
1121 /* Call the original destructor */
1122 if (sk->sk_destruct)
1123 (*sk->sk_destruct)(sk);
1124
1125 /* We're finished with the socket */
1126 l2tp_tunnel_dec_refcount(tunnel);
1127
1128end:
1129 return;
1130}
1131EXPORT_SYMBOL(l2tp_tunnel_destruct);
1132
1133/* When the tunnel is closed, all the attached sessions need to go too.
1134 */
1135void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1136{
1137 int hash;
1138 struct hlist_node *walk;
1139 struct hlist_node *tmp;
1140 struct l2tp_session *session;
1141
1142 BUG_ON(tunnel == NULL);
1143
1144 PRINTK(tunnel->debug, L2TP_MSG_CONTROL, KERN_INFO,
1145 "%s: closing all sessions...\n", tunnel->name);
1146
1147 write_lock_bh(&tunnel->hlist_lock);
1148 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1149again:
1150 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1151 session = hlist_entry(walk, struct l2tp_session, hlist);
1152
1153 PRINTK(session->debug, L2TP_MSG_CONTROL, KERN_INFO,
1154 "%s: closing session\n", session->name);
1155
1156 hlist_del_init(&session->hlist);
1157
1158 /* Since we should hold the sock lock while
1159 * doing any unbinding, we need to release the
1160 * lock we're holding before taking that lock.
1161 * Hold a reference to the sock so it doesn't
1162 * disappear as we're jumping between locks.
1163 */
1164 if (session->ref != NULL)
1165 (*session->ref)(session);
1166
1167 write_unlock_bh(&tunnel->hlist_lock);
1168
1169 if (tunnel->version != L2TP_HDR_VER_2) {
1170 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1171
1172 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1173 hlist_del_init_rcu(&session->global_hlist);
1174 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1175 synchronize_rcu();
1176 }
1177
1178 if (session->session_close != NULL)
1179 (*session->session_close)(session);
1180
1181 if (session->deref != NULL)
1182 (*session->deref)(session);
1183
1184 write_lock_bh(&tunnel->hlist_lock);
1185
1186 /* Now restart from the beginning of this hash
1187 * chain. We always remove a session from the
1188 * list so we are guaranteed to make forward
1189 * progress.
1190 */
1191 goto again;
1192 }
1193 }
1194 write_unlock_bh(&tunnel->hlist_lock);
1195}
1196EXPORT_SYMBOL_GPL(l2tp_tunnel_closeall);
1197
1198/* Really kill the tunnel.
1199 * Come here only when all sessions have been cleared from the tunnel.
1200 */
1201void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
1202{
1203 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1204
1205 BUG_ON(atomic_read(&tunnel->ref_count) != 0);
1206 BUG_ON(tunnel->sock != NULL);
1207
1208 PRINTK(tunnel->debug, L2TP_MSG_CONTROL, KERN_INFO,
1209 "%s: free...\n", tunnel->name);
1210
1211 /* Remove from tunnel list */
1212 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1213 list_del_rcu(&tunnel->list);
1214 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1215 synchronize_rcu();
1216
1217 atomic_dec(&l2tp_tunnel_count);
1218 kfree(tunnel);
1219}
1220EXPORT_SYMBOL_GPL(l2tp_tunnel_free);
1221
1222/* Create a socket for the tunnel, if one isn't set up by
1223 * userspace. This is used for static tunnels where there is no
1224 * managing L2TP daemon.
1225 */
1226static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct socket **sockp)
1227{
1228 int err = -EINVAL;
1229 struct sockaddr_in udp_addr;
1230 struct sockaddr_l2tpip ip_addr;
1231 struct socket *sock = NULL;
1232
1233 switch (cfg->encap) {
1234 case L2TP_ENCAPTYPE_UDP:
1235 err = sock_create(AF_INET, SOCK_DGRAM, 0, sockp);
1236 if (err < 0)
1237 goto out;
1238
1239 sock = *sockp;
1240
1241 memset(&udp_addr, 0, sizeof(udp_addr));
1242 udp_addr.sin_family = AF_INET;
1243 udp_addr.sin_addr = cfg->local_ip;
1244 udp_addr.sin_port = htons(cfg->local_udp_port);
1245 err = kernel_bind(sock, (struct sockaddr *) &udp_addr, sizeof(udp_addr));
1246 if (err < 0)
1247 goto out;
1248
1249 udp_addr.sin_family = AF_INET;
1250 udp_addr.sin_addr = cfg->peer_ip;
1251 udp_addr.sin_port = htons(cfg->peer_udp_port);
1252 err = kernel_connect(sock, (struct sockaddr *) &udp_addr, sizeof(udp_addr), 0);
1253 if (err < 0)
1254 goto out;
1255
1256 if (!cfg->use_udp_checksums)
1257 sock->sk->sk_no_check = UDP_CSUM_NOXMIT;
1258
1259 break;
1260
1261 case L2TP_ENCAPTYPE_IP:
1262 err = sock_create(AF_INET, SOCK_DGRAM, IPPROTO_L2TP, sockp);
1263 if (err < 0)
1264 goto out;
1265
1266 sock = *sockp;
1267
1268 memset(&ip_addr, 0, sizeof(ip_addr));
1269 ip_addr.l2tp_family = AF_INET;
1270 ip_addr.l2tp_addr = cfg->local_ip;
1271 ip_addr.l2tp_conn_id = tunnel_id;
1272 err = kernel_bind(sock, (struct sockaddr *) &ip_addr, sizeof(ip_addr));
1273 if (err < 0)
1274 goto out;
1275
1276 ip_addr.l2tp_family = AF_INET;
1277 ip_addr.l2tp_addr = cfg->peer_ip;
1278 ip_addr.l2tp_conn_id = peer_tunnel_id;
1279 err = kernel_connect(sock, (struct sockaddr *) &ip_addr, sizeof(ip_addr), 0);
1280 if (err < 0)
1281 goto out;
1282
1283 break;
1284
1285 default:
1286 goto out;
1287 }
1288
1289out:
1290 if ((err < 0) && sock) {
1291 sock_release(sock);
1292 *sockp = NULL;
1293 }
1294
1295 return err;
1296}
1297
1298int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1299{
1300 struct l2tp_tunnel *tunnel = NULL;
1301 int err;
1302 struct socket *sock = NULL;
1303 struct sock *sk = NULL;
1304 struct l2tp_net *pn;
1305 enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1306
1307 /* Get the tunnel socket from the fd, which was opened by
1308 * the userspace L2TP daemon. If not specified, create a
1309 * kernel socket.
1310 */
1311 if (fd < 0) {
1312 err = l2tp_tunnel_sock_create(tunnel_id, peer_tunnel_id, cfg, &sock);
1313 if (err < 0)
1314 goto err;
1315 } else {
1316 err = -EBADF;
1317 sock = sockfd_lookup(fd, &err);
1318 if (!sock) {
1319 printk(KERN_ERR "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1320 tunnel_id, fd, err);
1321 goto err;
1322 }
1323 }
1324
1325 sk = sock->sk;
1326
1327 if (cfg != NULL)
1328 encap = cfg->encap;
1329
1330 /* Quick sanity checks */
1331 switch (encap) {
1332 case L2TP_ENCAPTYPE_UDP:
1333 err = -EPROTONOSUPPORT;
1334 if (sk->sk_protocol != IPPROTO_UDP) {
1335 printk(KERN_ERR "tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1336 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1337 goto err;
1338 }
1339 break;
1340 case L2TP_ENCAPTYPE_IP:
1341 err = -EPROTONOSUPPORT;
1342 if (sk->sk_protocol != IPPROTO_L2TP) {
1343 printk(KERN_ERR "tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1344 tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP);
1345 goto err;
1346 }
1347 break;
1348 }
1349
1350 /* Check if this socket has already been prepped */
1351 tunnel = (struct l2tp_tunnel *)sk->sk_user_data;
1352 if (tunnel != NULL) {
1353 /* This socket has already been prepped */
1354 err = -EBUSY;
1355 goto err;
1356 }
1357
1358 tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1359 if (tunnel == NULL) {
1360 err = -ENOMEM;
1361 goto err;
1362 }
1363
1364 tunnel->version = version;
1365 tunnel->tunnel_id = tunnel_id;
1366 tunnel->peer_tunnel_id = peer_tunnel_id;
1367 tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1368
1369 tunnel->magic = L2TP_TUNNEL_MAGIC;
1370 sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1371 rwlock_init(&tunnel->hlist_lock);
1372
1373 /* The net we belong to */
1374 tunnel->l2tp_net = net;
1375 pn = l2tp_pernet(net);
1376
1377 if (cfg != NULL)
1378 tunnel->debug = cfg->debug;
1379
1380 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1381 tunnel->encap = encap;
1382 if (encap == L2TP_ENCAPTYPE_UDP) {
1383 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1384 udp_sk(sk)->encap_type = UDP_ENCAP_L2TPINUDP;
1385 udp_sk(sk)->encap_rcv = l2tp_udp_encap_recv;
1386 }
1387
1388 sk->sk_user_data = tunnel;
1389
1390 /* Hook on the tunnel socket destructor so that we can cleanup
1391 * if the tunnel socket goes away.
1392 */
1393 tunnel->old_sk_destruct = sk->sk_destruct;
1394 sk->sk_destruct = &l2tp_tunnel_destruct;
1395 tunnel->sock = sk;
1396 sk->sk_allocation = GFP_ATOMIC;
1397
1398 /* Add tunnel to our list */
1399 INIT_LIST_HEAD(&tunnel->list);
1400 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1401 list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list);
1402 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1403 synchronize_rcu();
1404 atomic_inc(&l2tp_tunnel_count);
1405
1406 /* Bump the reference count. The tunnel context is deleted
1407 * only when this drops to zero.
1408 */
1409 l2tp_tunnel_inc_refcount(tunnel);
1410
1411 err = 0;
1412err:
1413 if (tunnelp)
1414 *tunnelp = tunnel;
1415
1416 /* If tunnel's socket was created by the kernel, it doesn't
1417 * have a file.
1418 */
1419 if (sock && sock->file)
1420 sockfd_put(sock);
1421
1422 return err;
1423}
1424EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1425
1426/* This function is used by the netlink TUNNEL_DELETE command.
1427 */
1428int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1429{
1430 int err = 0;
1431 struct socket *sock = tunnel->sock ? tunnel->sock->sk_socket : NULL;
1432
1433 /* Force the tunnel socket to close. This will eventually
1434 * cause the tunnel to be deleted via the normal socket close
1435 * mechanisms when userspace closes the tunnel socket.
1436 */
1437 if (sock != NULL) {
1438 err = inet_shutdown(sock, 2);
1439
1440 /* If the tunnel's socket was created by the kernel,
1441 * close the socket here since the socket was not
1442 * created by userspace.
1443 */
1444 if (sock->file == NULL)
1445 err = inet_release(sock);
1446 }
1447
1448 return err;
1449}
1450EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1451
1452/* Really kill the session.
1453 */
1454void l2tp_session_free(struct l2tp_session *session)
1455{
1456 struct l2tp_tunnel *tunnel;
1457
1458 BUG_ON(atomic_read(&session->ref_count) != 0);
1459
1460 tunnel = session->tunnel;
1461 if (tunnel != NULL) {
1462 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1463
1464 /* Delete the session from the hash */
1465 write_lock_bh(&tunnel->hlist_lock);
1466 hlist_del_init(&session->hlist);
1467 write_unlock_bh(&tunnel->hlist_lock);
1468
1469 /* Unlink from the global hash if not L2TPv2 */
1470 if (tunnel->version != L2TP_HDR_VER_2) {
1471 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1472
1473 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1474 hlist_del_init_rcu(&session->global_hlist);
1475 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1476 synchronize_rcu();
1477 }
1478
1479 if (session->session_id != 0)
1480 atomic_dec(&l2tp_session_count);
1481
1482 sock_put(tunnel->sock);
1483
1484 /* This will delete the tunnel context if this
1485 * is the last session on the tunnel.
1486 */
1487 session->tunnel = NULL;
1488 l2tp_tunnel_dec_refcount(tunnel);
1489 }
1490
1491 kfree(session);
1492
1493 return;
1494}
1495EXPORT_SYMBOL_GPL(l2tp_session_free);
1496
1497/* This function is used by the netlink SESSION_DELETE command and by
1498 pseudowire modules.
1499 */
1500int l2tp_session_delete(struct l2tp_session *session)
1501{
1502 if (session->session_close != NULL)
1503 (*session->session_close)(session);
1504
1505 l2tp_session_dec_refcount(session);
1506
1507 return 0;
1508}
1509EXPORT_SYMBOL_GPL(l2tp_session_delete);
1510
1511
1512/* We come here whenever a session's send_seq, cookie_len or
1513 * l2specific_len parameters are set.
1514 */
1515void l2tp_session_set_header_len(struct l2tp_session *session, int version)
1516{
1517 if (version == L2TP_HDR_VER_2) {
1518 session->hdr_len = 6;
1519 if (session->send_seq)
1520 session->hdr_len += 4;
1521 } else {
1522 session->hdr_len = 4 + session->cookie_len + session->l2specific_len + session->offset;
1523 if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1524 session->hdr_len += 4;
1525 }
1526
1527}
1528EXPORT_SYMBOL_GPL(l2tp_session_set_header_len);
1529
1530struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1531{
1532 struct l2tp_session *session;
1533
1534 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1535 if (session != NULL) {
1536 session->magic = L2TP_SESSION_MAGIC;
1537 session->tunnel = tunnel;
1538
1539 session->session_id = session_id;
1540 session->peer_session_id = peer_session_id;
1541 session->nr = 1;
1542
1543 sprintf(&session->name[0], "sess %u/%u",
1544 tunnel->tunnel_id, session->session_id);
1545
1546 skb_queue_head_init(&session->reorder_q);
1547
1548 INIT_HLIST_NODE(&session->hlist);
1549 INIT_HLIST_NODE(&session->global_hlist);
1550
1551 /* Inherit debug options from tunnel */
1552 session->debug = tunnel->debug;
1553
1554 if (cfg) {
1555 session->pwtype = cfg->pw_type;
1556 session->debug = cfg->debug;
1557 session->mtu = cfg->mtu;
1558 session->mru = cfg->mru;
1559 session->send_seq = cfg->send_seq;
1560 session->recv_seq = cfg->recv_seq;
1561 session->lns_mode = cfg->lns_mode;
1562 session->reorder_timeout = cfg->reorder_timeout;
1563 session->offset = cfg->offset;
1564 session->l2specific_type = cfg->l2specific_type;
1565 session->l2specific_len = cfg->l2specific_len;
1566 session->cookie_len = cfg->cookie_len;
1567 memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len);
1568 session->peer_cookie_len = cfg->peer_cookie_len;
1569 memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1570 }
1571
1572 if (tunnel->version == L2TP_HDR_VER_2)
1573 session->build_header = l2tp_build_l2tpv2_header;
1574 else
1575 session->build_header = l2tp_build_l2tpv3_header;
1576
1577 l2tp_session_set_header_len(session, tunnel->version);
1578
1579 /* Bump the reference count. The session context is deleted
1580 * only when this drops to zero.
1581 */
1582 l2tp_session_inc_refcount(session);
1583 l2tp_tunnel_inc_refcount(tunnel);
1584
1585 /* Ensure tunnel socket isn't deleted */
1586 sock_hold(tunnel->sock);
1587
1588 /* Add session to the tunnel's hash list */
1589 write_lock_bh(&tunnel->hlist_lock);
1590 hlist_add_head(&session->hlist,
1591 l2tp_session_id_hash(tunnel, session_id));
1592 write_unlock_bh(&tunnel->hlist_lock);
1593
1594 /* And to the global session list if L2TPv3 */
1595 if (tunnel->version != L2TP_HDR_VER_2) {
1596 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1597
1598 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1599 hlist_add_head_rcu(&session->global_hlist,
1600 l2tp_session_id_hash_2(pn, session_id));
1601 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1602 synchronize_rcu();
1603 }
1604
1605 /* Ignore management session in session count value */
1606 if (session->session_id != 0)
1607 atomic_inc(&l2tp_session_count);
1608 }
1609
1610 return session;
1611}
1612EXPORT_SYMBOL_GPL(l2tp_session_create);
1613
1614/*****************************************************************************
1615 * Init and cleanup
1616 *****************************************************************************/
1617
1618static __net_init int l2tp_init_net(struct net *net)
1619{
1620 struct l2tp_net *pn;
1621 int err;
1622 int hash;
1623
1624 pn = kzalloc(sizeof(*pn), GFP_KERNEL);
1625 if (!pn)
1626 return -ENOMEM;
1627
1628 INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1629 spin_lock_init(&pn->l2tp_tunnel_list_lock);
1630
1631 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1632 INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
1633
1634 spin_lock_init(&pn->l2tp_session_hlist_lock);
1635
1636 err = net_assign_generic(net, l2tp_net_id, pn);
1637 if (err)
1638 goto out;
1639
1640 return 0;
1641
1642out:
1643 kfree(pn);
1644 return err;
1645}
1646
1647static __net_exit void l2tp_exit_net(struct net *net)
1648{
1649 struct l2tp_net *pn;
1650
1651 pn = net_generic(net, l2tp_net_id);
1652 /*
1653 * if someone has cached our net then
1654 * further net_generic call will return NULL
1655 */
1656 net_assign_generic(net, l2tp_net_id, NULL);
1657 kfree(pn);
1658}
1659
1660static struct pernet_operations l2tp_net_ops = {
1661 .init = l2tp_init_net,
1662 .exit = l2tp_exit_net,
1663 .id = &l2tp_net_id,
1664 .size = sizeof(struct l2tp_net),
1665};
1666
1667static int __init l2tp_init(void)
1668{
1669 int rc = 0;
1670
1671 rc = register_pernet_device(&l2tp_net_ops);
1672 if (rc)
1673 goto out;
1674
1675 printk(KERN_INFO "L2TP core driver, %s\n", L2TP_DRV_VERSION);
1676
1677out:
1678 return rc;
1679}
1680
1681static void __exit l2tp_exit(void)
1682{
1683 unregister_pernet_device(&l2tp_net_ops);
1684}
1685
1686module_init(l2tp_init);
1687module_exit(l2tp_exit);
1688
1689MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1690MODULE_DESCRIPTION("L2TP core");
1691MODULE_LICENSE("GPL");
1692MODULE_VERSION(L2TP_DRV_VERSION);
1693
diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
new file mode 100644
index 000000000000..f0f318edd3f1
--- /dev/null
+++ b/net/l2tp/l2tp_core.h
@@ -0,0 +1,304 @@
1/*
2 * L2TP internal definitions.
3 *
4 * Copyright (c) 2008,2009 Katalix Systems Ltd
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#ifndef _L2TP_CORE_H_
12#define _L2TP_CORE_H_
13
14/* Just some random numbers */
15#define L2TP_TUNNEL_MAGIC 0x42114DDA
16#define L2TP_SESSION_MAGIC 0x0C04EB7D
17
18/* Per tunnel, session hash table size */
19#define L2TP_HASH_BITS 4
20#define L2TP_HASH_SIZE (1 << L2TP_HASH_BITS)
21
22/* System-wide, session hash table size */
23#define L2TP_HASH_BITS_2 8
24#define L2TP_HASH_SIZE_2 (1 << L2TP_HASH_BITS_2)
25
26/* Debug message categories for the DEBUG socket option */
27enum {
28 L2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if
29 * compiled in) */
30 L2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel
31 * interface */
32 L2TP_MSG_SEQ = (1 << 2), /* sequence numbers */
33 L2TP_MSG_DATA = (1 << 3), /* data packets */
34};
35
36struct sk_buff;
37
38struct l2tp_stats {
39 u64 tx_packets;
40 u64 tx_bytes;
41 u64 tx_errors;
42 u64 rx_packets;
43 u64 rx_bytes;
44 u64 rx_seq_discards;
45 u64 rx_oos_packets;
46 u64 rx_errors;
47 u64 rx_cookie_discards;
48};
49
50struct l2tp_tunnel;
51
52/* Describes a session. Contains information to determine incoming
53 * packets and transmit outgoing ones.
54 */
55struct l2tp_session_cfg {
56 enum l2tp_pwtype pw_type;
57 unsigned data_seq:2; /* data sequencing level
58 * 0 => none, 1 => IP only,
59 * 2 => all
60 */
61 unsigned recv_seq:1; /* expect receive packets with
62 * sequence numbers? */
63 unsigned send_seq:1; /* send packets with sequence
64 * numbers? */
65 unsigned lns_mode:1; /* behave as LNS? LAC enables
66 * sequence numbers under
67 * control of LNS. */
68 int debug; /* bitmask of debug message
69 * categories */
70 u16 vlan_id; /* VLAN pseudowire only */
71 u16 offset; /* offset to payload */
72 u16 l2specific_len; /* Layer 2 specific length */
73 u16 l2specific_type; /* Layer 2 specific type */
74 u8 cookie[8]; /* optional cookie */
75 int cookie_len; /* 0, 4 or 8 bytes */
76 u8 peer_cookie[8]; /* peer's cookie */
77 int peer_cookie_len; /* 0, 4 or 8 bytes */
78 int reorder_timeout; /* configured reorder timeout
79 * (in jiffies) */
80 int mtu;
81 int mru;
82 char *ifname;
83};
84
85struct l2tp_session {
86 int magic; /* should be
87 * L2TP_SESSION_MAGIC */
88
89 struct l2tp_tunnel *tunnel; /* back pointer to tunnel
90 * context */
91 u32 session_id;
92 u32 peer_session_id;
93 u8 cookie[8];
94 int cookie_len;
95 u8 peer_cookie[8];
96 int peer_cookie_len;
97 u16 offset; /* offset from end of L2TP header
98 to beginning of data */
99 u16 l2specific_len;
100 u16 l2specific_type;
101 u16 hdr_len;
102 u32 nr; /* session NR state (receive) */
103 u32 ns; /* session NR state (send) */
104 struct sk_buff_head reorder_q; /* receive reorder queue */
105 struct hlist_node hlist; /* Hash list node */
106 atomic_t ref_count;
107
108 char name[32]; /* for logging */
109 char ifname[IFNAMSIZ];
110 unsigned data_seq:2; /* data sequencing level
111 * 0 => none, 1 => IP only,
112 * 2 => all
113 */
114 unsigned recv_seq:1; /* expect receive packets with
115 * sequence numbers? */
116 unsigned send_seq:1; /* send packets with sequence
117 * numbers? */
118 unsigned lns_mode:1; /* behave as LNS? LAC enables
119 * sequence numbers under
120 * control of LNS. */
121 int debug; /* bitmask of debug message
122 * categories */
123 int reorder_timeout; /* configured reorder timeout
124 * (in jiffies) */
125 int mtu;
126 int mru;
127 enum l2tp_pwtype pwtype;
128 struct l2tp_stats stats;
129 struct hlist_node global_hlist; /* Global hash list node */
130
131 int (*build_header)(struct l2tp_session *session, void *buf);
132 void (*recv_skb)(struct l2tp_session *session, struct sk_buff *skb, int data_len);
133 void (*session_close)(struct l2tp_session *session);
134 void (*ref)(struct l2tp_session *session);
135 void (*deref)(struct l2tp_session *session);
136#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
137 void (*show)(struct seq_file *m, void *priv);
138#endif
139 uint8_t priv[0]; /* private data */
140};
141
142/* Describes the tunnel. It contains info to track all the associated
143 * sessions so incoming packets can be sorted out
144 */
145struct l2tp_tunnel_cfg {
146 int debug; /* bitmask of debug message
147 * categories */
148 enum l2tp_encap_type encap;
149
150 /* Used only for kernel-created sockets */
151 struct in_addr local_ip;
152 struct in_addr peer_ip;
153 u16 local_udp_port;
154 u16 peer_udp_port;
155 unsigned int use_udp_checksums:1;
156};
157
158struct l2tp_tunnel {
159 int magic; /* Should be L2TP_TUNNEL_MAGIC */
160 rwlock_t hlist_lock; /* protect session_hlist */
161 struct hlist_head session_hlist[L2TP_HASH_SIZE];
162 /* hashed list of sessions,
163 * hashed by id */
164 u32 tunnel_id;
165 u32 peer_tunnel_id;
166 int version; /* 2=>L2TPv2, 3=>L2TPv3 */
167
168 char name[20]; /* for logging */
169 int debug; /* bitmask of debug message
170 * categories */
171 enum l2tp_encap_type encap;
172 struct l2tp_stats stats;
173
174 struct list_head list; /* Keep a list of all tunnels */
175 struct net *l2tp_net; /* the net we belong to */
176
177 atomic_t ref_count;
178#ifdef CONFIG_DEBUG_FS
179 void (*show)(struct seq_file *m, void *arg);
180#endif
181 int (*recv_payload_hook)(struct sk_buff *skb);
182 void (*old_sk_destruct)(struct sock *);
183 struct sock *sock; /* Parent socket */
184 int fd;
185
186 uint8_t priv[0]; /* private data */
187};
188
189struct l2tp_nl_cmd_ops {
190 int (*session_create)(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg);
191 int (*session_delete)(struct l2tp_session *session);
192};
193
194static inline void *l2tp_tunnel_priv(struct l2tp_tunnel *tunnel)
195{
196 return &tunnel->priv[0];
197}
198
199static inline void *l2tp_session_priv(struct l2tp_session *session)
200{
201 return &session->priv[0];
202}
203
204static inline struct l2tp_tunnel *l2tp_sock_to_tunnel(struct sock *sk)
205{
206 struct l2tp_tunnel *tunnel;
207
208 if (sk == NULL)
209 return NULL;
210
211 sock_hold(sk);
212 tunnel = (struct l2tp_tunnel *)(sk->sk_user_data);
213 if (tunnel == NULL) {
214 sock_put(sk);
215 goto out;
216 }
217
218 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
219
220out:
221 return tunnel;
222}
223
224extern struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id);
225extern struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth);
226extern struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname);
227extern struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id);
228extern struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth);
229
230extern int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp);
231extern int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel);
232extern struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg);
233extern int l2tp_session_delete(struct l2tp_session *session);
234extern void l2tp_tunnel_free(struct l2tp_tunnel *tunnel);
235extern void l2tp_session_free(struct l2tp_session *session);
236extern void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, unsigned char *ptr, unsigned char *optr, u16 hdrflags, int length, int (*payload_hook)(struct sk_buff *skb));
237extern int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb, int (*payload_hook)(struct sk_buff *skb));
238extern int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb);
239
240extern int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb, size_t data_len);
241extern int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len);
242extern void l2tp_tunnel_destruct(struct sock *sk);
243extern void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel);
244extern void l2tp_session_set_header_len(struct l2tp_session *session, int version);
245
246extern int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, const struct l2tp_nl_cmd_ops *ops);
247extern void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type);
248
249/* Tunnel reference counts. Incremented per session that is added to
250 * the tunnel.
251 */
252static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel)
253{
254 atomic_inc(&tunnel->ref_count);
255}
256
257static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel)
258{
259 if (atomic_dec_and_test(&tunnel->ref_count))
260 l2tp_tunnel_free(tunnel);
261}
262#ifdef L2TP_REFCNT_DEBUG
263#define l2tp_tunnel_inc_refcount(_t) do { \
264 printk(KERN_DEBUG "l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_t)->name, atomic_read(&_t->ref_count)); \
265 l2tp_tunnel_inc_refcount_1(_t); \
266 } while (0)
267#define l2tp_tunnel_dec_refcount(_t) do { \
268 printk(KERN_DEBUG "l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_t)->name, atomic_read(&_t->ref_count)); \
269 l2tp_tunnel_dec_refcount_1(_t); \
270 } while (0)
271#else
272#define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t)
273#define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t)
274#endif
275
276/* Session reference counts. Incremented when code obtains a reference
277 * to a session.
278 */
279static inline void l2tp_session_inc_refcount_1(struct l2tp_session *session)
280{
281 atomic_inc(&session->ref_count);
282}
283
284static inline void l2tp_session_dec_refcount_1(struct l2tp_session *session)
285{
286 if (atomic_dec_and_test(&session->ref_count))
287 l2tp_session_free(session);
288}
289
290#ifdef L2TP_REFCNT_DEBUG
291#define l2tp_session_inc_refcount(_s) do { \
292 printk(KERN_DEBUG "l2tp_session_inc_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_s)->name, atomic_read(&_s->ref_count)); \
293 l2tp_session_inc_refcount_1(_s); \
294 } while (0)
295#define l2tp_session_dec_refcount(_s) do { \
296 printk(KERN_DEBUG "l2tp_session_dec_refcount: %s:%d %s: cnt=%d\n", __func__, __LINE__, (_s)->name, atomic_read(&_s->ref_count)); \
297 l2tp_session_dec_refcount_1(_s); \
298 } while (0)
299#else
300#define l2tp_session_inc_refcount(s) l2tp_session_inc_refcount_1(s)
301#define l2tp_session_dec_refcount(s) l2tp_session_dec_refcount_1(s)
302#endif
303
304#endif /* _L2TP_CORE_H_ */
diff --git a/net/l2tp/l2tp_debugfs.c b/net/l2tp/l2tp_debugfs.c
new file mode 100644
index 000000000000..104ec3b283d4
--- /dev/null
+++ b/net/l2tp/l2tp_debugfs.c
@@ -0,0 +1,341 @@
1/*
2 * L2TP subsystem debugfs
3 *
4 * Copyright (c) 2010 Katalix Systems Ltd
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/skbuff.h>
14#include <linux/socket.h>
15#include <linux/hash.h>
16#include <linux/l2tp.h>
17#include <linux/in.h>
18#include <linux/etherdevice.h>
19#include <linux/spinlock.h>
20#include <linux/debugfs.h>
21#include <net/sock.h>
22#include <net/ip.h>
23#include <net/icmp.h>
24#include <net/udp.h>
25#include <net/inet_common.h>
26#include <net/inet_hashtables.h>
27#include <net/tcp_states.h>
28#include <net/protocol.h>
29#include <net/xfrm.h>
30#include <net/net_namespace.h>
31#include <net/netns/generic.h>
32
33#include "l2tp_core.h"
34
35static struct dentry *rootdir;
36static struct dentry *tunnels;
37
38struct l2tp_dfs_seq_data {
39 struct net *net;
40 int tunnel_idx; /* current tunnel */
41 int session_idx; /* index of session within current tunnel */
42 struct l2tp_tunnel *tunnel;
43 struct l2tp_session *session; /* NULL means get next tunnel */
44};
45
46static void l2tp_dfs_next_tunnel(struct l2tp_dfs_seq_data *pd)
47{
48 pd->tunnel = l2tp_tunnel_find_nth(pd->net, pd->tunnel_idx);
49 pd->tunnel_idx++;
50}
51
52static void l2tp_dfs_next_session(struct l2tp_dfs_seq_data *pd)
53{
54 pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
55 pd->session_idx++;
56
57 if (pd->session == NULL) {
58 pd->session_idx = 0;
59 l2tp_dfs_next_tunnel(pd);
60 }
61
62}
63
64static void *l2tp_dfs_seq_start(struct seq_file *m, loff_t *offs)
65{
66 struct l2tp_dfs_seq_data *pd = SEQ_START_TOKEN;
67 loff_t pos = *offs;
68
69 if (!pos)
70 goto out;
71
72 BUG_ON(m->private == NULL);
73 pd = m->private;
74
75 if (pd->tunnel == NULL)
76 l2tp_dfs_next_tunnel(pd);
77 else
78 l2tp_dfs_next_session(pd);
79
80 /* NULL tunnel and session indicates end of list */
81 if ((pd->tunnel == NULL) && (pd->session == NULL))
82 pd = NULL;
83
84out:
85 return pd;
86}
87
88
89static void *l2tp_dfs_seq_next(struct seq_file *m, void *v, loff_t *pos)
90{
91 (*pos)++;
92 return NULL;
93}
94
95static void l2tp_dfs_seq_stop(struct seq_file *p, void *v)
96{
97 /* nothing to do */
98}
99
100static void l2tp_dfs_seq_tunnel_show(struct seq_file *m, void *v)
101{
102 struct l2tp_tunnel *tunnel = v;
103 int session_count = 0;
104 int hash;
105 struct hlist_node *walk;
106 struct hlist_node *tmp;
107
108 read_lock_bh(&tunnel->hlist_lock);
109 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
110 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
111 struct l2tp_session *session;
112
113 session = hlist_entry(walk, struct l2tp_session, hlist);
114 if (session->session_id == 0)
115 continue;
116
117 session_count++;
118 }
119 }
120 read_unlock_bh(&tunnel->hlist_lock);
121
122 seq_printf(m, "\nTUNNEL %u peer %u", tunnel->tunnel_id, tunnel->peer_tunnel_id);
123 if (tunnel->sock) {
124 struct inet_sock *inet = inet_sk(tunnel->sock);
125 seq_printf(m, " from %pI4 to %pI4\n",
126 &inet->inet_saddr, &inet->inet_daddr);
127 if (tunnel->encap == L2TP_ENCAPTYPE_UDP)
128 seq_printf(m, " source port %hu, dest port %hu\n",
129 ntohs(inet->inet_sport), ntohs(inet->inet_dport));
130 }
131 seq_printf(m, " L2TPv%d, %s\n", tunnel->version,
132 tunnel->encap == L2TP_ENCAPTYPE_UDP ? "UDP" :
133 tunnel->encap == L2TP_ENCAPTYPE_IP ? "IP" :
134 "");
135 seq_printf(m, " %d sessions, refcnt %d/%d\n", session_count,
136 tunnel->sock ? atomic_read(&tunnel->sock->sk_refcnt) : 0,
137 atomic_read(&tunnel->ref_count));
138
139 seq_printf(m, " %08x rx %llu/%llu/%llu rx %llu/%llu/%llu\n",
140 tunnel->debug,
141 (unsigned long long)tunnel->stats.tx_packets,
142 (unsigned long long)tunnel->stats.tx_bytes,
143 (unsigned long long)tunnel->stats.tx_errors,
144 (unsigned long long)tunnel->stats.rx_packets,
145 (unsigned long long)tunnel->stats.rx_bytes,
146 (unsigned long long)tunnel->stats.rx_errors);
147
148 if (tunnel->show != NULL)
149 tunnel->show(m, tunnel);
150}
151
152static void l2tp_dfs_seq_session_show(struct seq_file *m, void *v)
153{
154 struct l2tp_session *session = v;
155
156 seq_printf(m, " SESSION %u, peer %u, %s\n", session->session_id,
157 session->peer_session_id,
158 session->pwtype == L2TP_PWTYPE_ETH ? "ETH" :
159 session->pwtype == L2TP_PWTYPE_PPP ? "PPP" :
160 "");
161 if (session->send_seq || session->recv_seq)
162 seq_printf(m, " nr %hu, ns %hu\n", session->nr, session->ns);
163 seq_printf(m, " refcnt %d\n", atomic_read(&session->ref_count));
164 seq_printf(m, " config %d/%d/%c/%c/%s/%s %08x %u\n",
165 session->mtu, session->mru,
166 session->recv_seq ? 'R' : '-',
167 session->send_seq ? 'S' : '-',
168 session->data_seq == 1 ? "IPSEQ" :
169 session->data_seq == 2 ? "DATASEQ" : "-",
170 session->lns_mode ? "LNS" : "LAC",
171 session->debug,
172 jiffies_to_msecs(session->reorder_timeout));
173 seq_printf(m, " offset %hu l2specific %hu/%hu\n",
174 session->offset, session->l2specific_type, session->l2specific_len);
175 if (session->cookie_len) {
176 seq_printf(m, " cookie %02x%02x%02x%02x",
177 session->cookie[0], session->cookie[1],
178 session->cookie[2], session->cookie[3]);
179 if (session->cookie_len == 8)
180 seq_printf(m, "%02x%02x%02x%02x",
181 session->cookie[4], session->cookie[5],
182 session->cookie[6], session->cookie[7]);
183 seq_printf(m, "\n");
184 }
185 if (session->peer_cookie_len) {
186 seq_printf(m, " peer cookie %02x%02x%02x%02x",
187 session->peer_cookie[0], session->peer_cookie[1],
188 session->peer_cookie[2], session->peer_cookie[3]);
189 if (session->peer_cookie_len == 8)
190 seq_printf(m, "%02x%02x%02x%02x",
191 session->peer_cookie[4], session->peer_cookie[5],
192 session->peer_cookie[6], session->peer_cookie[7]);
193 seq_printf(m, "\n");
194 }
195
196 seq_printf(m, " %hu/%hu tx %llu/%llu/%llu rx %llu/%llu/%llu\n",
197 session->nr, session->ns,
198 (unsigned long long)session->stats.tx_packets,
199 (unsigned long long)session->stats.tx_bytes,
200 (unsigned long long)session->stats.tx_errors,
201 (unsigned long long)session->stats.rx_packets,
202 (unsigned long long)session->stats.rx_bytes,
203 (unsigned long long)session->stats.rx_errors);
204
205 if (session->show != NULL)
206 session->show(m, session);
207}
208
209static int l2tp_dfs_seq_show(struct seq_file *m, void *v)
210{
211 struct l2tp_dfs_seq_data *pd = v;
212
213 /* display header on line 1 */
214 if (v == SEQ_START_TOKEN) {
215 seq_puts(m, "TUNNEL ID, peer ID from IP to IP\n");
216 seq_puts(m, " L2TPv2/L2TPv3, UDP/IP\n");
217 seq_puts(m, " sessions session-count, refcnt refcnt/sk->refcnt\n");
218 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
219 seq_puts(m, " SESSION ID, peer ID, PWTYPE\n");
220 seq_puts(m, " refcnt cnt\n");
221 seq_puts(m, " offset OFFSET l2specific TYPE/LEN\n");
222 seq_puts(m, " [ cookie ]\n");
223 seq_puts(m, " [ peer cookie ]\n");
224 seq_puts(m, " config mtu/mru/rcvseq/sendseq/dataseq/lns debug reorderto\n");
225 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
226 goto out;
227 }
228
229 /* Show the tunnel or session context */
230 if (pd->session == NULL)
231 l2tp_dfs_seq_tunnel_show(m, pd->tunnel);
232 else
233 l2tp_dfs_seq_session_show(m, pd->session);
234
235out:
236 return 0;
237}
238
239static const struct seq_operations l2tp_dfs_seq_ops = {
240 .start = l2tp_dfs_seq_start,
241 .next = l2tp_dfs_seq_next,
242 .stop = l2tp_dfs_seq_stop,
243 .show = l2tp_dfs_seq_show,
244};
245
246static int l2tp_dfs_seq_open(struct inode *inode, struct file *file)
247{
248 struct l2tp_dfs_seq_data *pd;
249 struct seq_file *seq;
250 int rc = -ENOMEM;
251
252 pd = kzalloc(GFP_KERNEL, sizeof(*pd));
253 if (pd == NULL)
254 goto out;
255
256 /* Derive the network namespace from the pid opening the
257 * file.
258 */
259 pd->net = get_net_ns_by_pid(current->pid);
260 if (IS_ERR(pd->net)) {
261 rc = -PTR_ERR(pd->net);
262 goto err_free_pd;
263 }
264
265 rc = seq_open(file, &l2tp_dfs_seq_ops);
266 if (rc)
267 goto err_free_net;
268
269 seq = file->private_data;
270 seq->private = pd;
271
272out:
273 return rc;
274
275err_free_net:
276 put_net(pd->net);
277err_free_pd:
278 kfree(pd);
279 goto out;
280}
281
282static int l2tp_dfs_seq_release(struct inode *inode, struct file *file)
283{
284 struct l2tp_dfs_seq_data *pd;
285 struct seq_file *seq;
286
287 seq = file->private_data;
288 pd = seq->private;
289 if (pd->net)
290 put_net(pd->net);
291 kfree(pd);
292 seq_release(inode, file);
293
294 return 0;
295}
296
297static const struct file_operations l2tp_dfs_fops = {
298 .owner = THIS_MODULE,
299 .open = l2tp_dfs_seq_open,
300 .read = seq_read,
301 .llseek = seq_lseek,
302 .release = l2tp_dfs_seq_release,
303};
304
305static int __init l2tp_debugfs_init(void)
306{
307 int rc = 0;
308
309 rootdir = debugfs_create_dir("l2tp", NULL);
310 if (IS_ERR(rootdir)) {
311 rc = PTR_ERR(rootdir);
312 rootdir = NULL;
313 goto out;
314 }
315
316 tunnels = debugfs_create_file("tunnels", 0600, rootdir, NULL, &l2tp_dfs_fops);
317 if (tunnels == NULL)
318 rc = -EIO;
319
320 printk(KERN_INFO "L2TP debugfs support\n");
321
322out:
323 if (rc)
324 printk(KERN_WARNING "l2tp debugfs: unable to init\n");
325
326 return rc;
327}
328
329static void __exit l2tp_debugfs_exit(void)
330{
331 debugfs_remove(tunnels);
332 debugfs_remove(rootdir);
333}
334
335module_init(l2tp_debugfs_init);
336module_exit(l2tp_debugfs_exit);
337
338MODULE_LICENSE("GPL");
339MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
340MODULE_DESCRIPTION("L2TP debugfs driver");
341MODULE_VERSION("1.0");
diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
new file mode 100644
index 000000000000..ca1164afeb74
--- /dev/null
+++ b/net/l2tp/l2tp_eth.c
@@ -0,0 +1,361 @@
1/*
2 * L2TPv3 ethernet pseudowire driver
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/skbuff.h>
14#include <linux/socket.h>
15#include <linux/hash.h>
16#include <linux/l2tp.h>
17#include <linux/in.h>
18#include <linux/etherdevice.h>
19#include <linux/spinlock.h>
20#include <net/sock.h>
21#include <net/ip.h>
22#include <net/icmp.h>
23#include <net/udp.h>
24#include <net/inet_common.h>
25#include <net/inet_hashtables.h>
26#include <net/tcp_states.h>
27#include <net/protocol.h>
28#include <net/xfrm.h>
29#include <net/net_namespace.h>
30#include <net/netns/generic.h>
31
32#include "l2tp_core.h"
33
34/* Default device name. May be overridden by name specified by user */
35#define L2TP_ETH_DEV_NAME "l2tpeth%d"
36
37/* via netdev_priv() */
38struct l2tp_eth {
39 struct net_device *dev;
40 struct sock *tunnel_sock;
41 struct l2tp_session *session;
42 struct list_head list;
43};
44
45/* via l2tp_session_priv() */
46struct l2tp_eth_sess {
47 struct net_device *dev;
48};
49
50/* per-net private data for this module */
51static unsigned int l2tp_eth_net_id;
52struct l2tp_eth_net {
53 struct list_head l2tp_eth_dev_list;
54 spinlock_t l2tp_eth_lock;
55};
56
57static inline struct l2tp_eth_net *l2tp_eth_pernet(struct net *net)
58{
59 return net_generic(net, l2tp_eth_net_id);
60}
61
62static int l2tp_eth_dev_init(struct net_device *dev)
63{
64 struct l2tp_eth *priv = netdev_priv(dev);
65
66 priv->dev = dev;
67 random_ether_addr(dev->dev_addr);
68 memset(&dev->broadcast[0], 0xff, 6);
69
70 return 0;
71}
72
73static void l2tp_eth_dev_uninit(struct net_device *dev)
74{
75 struct l2tp_eth *priv = netdev_priv(dev);
76 struct l2tp_eth_net *pn = l2tp_eth_pernet(dev_net(dev));
77
78 spin_lock(&pn->l2tp_eth_lock);
79 list_del_init(&priv->list);
80 spin_unlock(&pn->l2tp_eth_lock);
81 dev_put(dev);
82}
83
84static int l2tp_eth_dev_xmit(struct sk_buff *skb, struct net_device *dev)
85{
86 struct l2tp_eth *priv = netdev_priv(dev);
87 struct l2tp_session *session = priv->session;
88
89 l2tp_xmit_skb(session, skb, session->hdr_len);
90
91 dev->stats.tx_bytes += skb->len;
92 dev->stats.tx_packets++;
93
94 return 0;
95}
96
97static struct net_device_ops l2tp_eth_netdev_ops = {
98 .ndo_init = l2tp_eth_dev_init,
99 .ndo_uninit = l2tp_eth_dev_uninit,
100 .ndo_start_xmit = l2tp_eth_dev_xmit,
101};
102
103static void l2tp_eth_dev_setup(struct net_device *dev)
104{
105 ether_setup(dev);
106
107 dev->netdev_ops = &l2tp_eth_netdev_ops;
108 dev->destructor = free_netdev;
109}
110
111static void l2tp_eth_dev_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
112{
113 struct l2tp_eth_sess *spriv = l2tp_session_priv(session);
114 struct net_device *dev = spriv->dev;
115
116 if (session->debug & L2TP_MSG_DATA) {
117 unsigned int length;
118 int offset;
119 u8 *ptr = skb->data;
120
121 length = min(32u, skb->len);
122 if (!pskb_may_pull(skb, length))
123 goto error;
124
125 printk(KERN_DEBUG "%s: eth recv: ", session->name);
126
127 offset = 0;
128 do {
129 printk(" %02X", ptr[offset]);
130 } while (++offset < length);
131
132 printk("\n");
133 }
134
135 if (data_len < ETH_HLEN)
136 goto error;
137
138 secpath_reset(skb);
139
140 /* checksums verified by L2TP */
141 skb->ip_summed = CHECKSUM_NONE;
142
143 skb_dst_drop(skb);
144 nf_reset(skb);
145
146 if (dev_forward_skb(dev, skb) == NET_RX_SUCCESS) {
147 dev->last_rx = jiffies;
148 dev->stats.rx_packets++;
149 dev->stats.rx_bytes += data_len;
150 } else
151 dev->stats.rx_errors++;
152
153 return;
154
155error:
156 dev->stats.rx_errors++;
157 kfree_skb(skb);
158}
159
160static void l2tp_eth_delete(struct l2tp_session *session)
161{
162 struct l2tp_eth_sess *spriv;
163 struct net_device *dev;
164
165 if (session) {
166 spriv = l2tp_session_priv(session);
167 dev = spriv->dev;
168 if (dev) {
169 unregister_netdev(dev);
170 spriv->dev = NULL;
171 }
172 }
173}
174
175#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
176static void l2tp_eth_show(struct seq_file *m, void *arg)
177{
178 struct l2tp_session *session = arg;
179 struct l2tp_eth_sess *spriv = l2tp_session_priv(session);
180 struct net_device *dev = spriv->dev;
181
182 seq_printf(m, " interface %s\n", dev->name);
183}
184#endif
185
186static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
187{
188 struct net_device *dev;
189 char name[IFNAMSIZ];
190 struct l2tp_tunnel *tunnel;
191 struct l2tp_session *session;
192 struct l2tp_eth *priv;
193 struct l2tp_eth_sess *spriv;
194 int rc;
195 struct l2tp_eth_net *pn;
196
197 tunnel = l2tp_tunnel_find(net, tunnel_id);
198 if (!tunnel) {
199 rc = -ENODEV;
200 goto out;
201 }
202
203 session = l2tp_session_find(net, tunnel, session_id);
204 if (session) {
205 rc = -EEXIST;
206 goto out;
207 }
208
209 if (cfg->ifname) {
210 dev = dev_get_by_name(net, cfg->ifname);
211 if (dev) {
212 dev_put(dev);
213 rc = -EEXIST;
214 goto out;
215 }
216 strlcpy(name, cfg->ifname, IFNAMSIZ);
217 } else
218 strcpy(name, L2TP_ETH_DEV_NAME);
219
220 session = l2tp_session_create(sizeof(*spriv), tunnel, session_id,
221 peer_session_id, cfg);
222 if (!session) {
223 rc = -ENOMEM;
224 goto out;
225 }
226
227 dev = alloc_netdev(sizeof(*priv), name, l2tp_eth_dev_setup);
228 if (!dev) {
229 rc = -ENOMEM;
230 goto out_del_session;
231 }
232
233 dev_net_set(dev, net);
234 if (session->mtu == 0)
235 session->mtu = dev->mtu - session->hdr_len;
236 dev->mtu = session->mtu;
237 dev->needed_headroom += session->hdr_len;
238
239 priv = netdev_priv(dev);
240 priv->dev = dev;
241 priv->session = session;
242 INIT_LIST_HEAD(&priv->list);
243
244 priv->tunnel_sock = tunnel->sock;
245 session->recv_skb = l2tp_eth_dev_recv;
246 session->session_close = l2tp_eth_delete;
247#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
248 session->show = l2tp_eth_show;
249#endif
250
251 spriv = l2tp_session_priv(session);
252 spriv->dev = dev;
253
254 rc = register_netdev(dev);
255 if (rc < 0)
256 goto out_del_dev;
257
258 /* Must be done after register_netdev() */
259 strlcpy(session->ifname, dev->name, IFNAMSIZ);
260
261 dev_hold(dev);
262 pn = l2tp_eth_pernet(dev_net(dev));
263 spin_lock(&pn->l2tp_eth_lock);
264 list_add(&priv->list, &pn->l2tp_eth_dev_list);
265 spin_unlock(&pn->l2tp_eth_lock);
266
267 return 0;
268
269out_del_dev:
270 free_netdev(dev);
271out_del_session:
272 l2tp_session_delete(session);
273out:
274 return rc;
275}
276
277static __net_init int l2tp_eth_init_net(struct net *net)
278{
279 struct l2tp_eth_net *pn;
280 int err;
281
282 pn = kzalloc(sizeof(*pn), GFP_KERNEL);
283 if (!pn)
284 return -ENOMEM;
285
286 INIT_LIST_HEAD(&pn->l2tp_eth_dev_list);
287 spin_lock_init(&pn->l2tp_eth_lock);
288
289 err = net_assign_generic(net, l2tp_eth_net_id, pn);
290 if (err)
291 goto out;
292
293 return 0;
294
295out:
296 kfree(pn);
297 return err;
298}
299
300static __net_exit void l2tp_eth_exit_net(struct net *net)
301{
302 struct l2tp_eth_net *pn;
303
304 pn = net_generic(net, l2tp_eth_net_id);
305 /*
306 * if someone has cached our net then
307 * further net_generic call will return NULL
308 */
309 net_assign_generic(net, l2tp_eth_net_id, NULL);
310 kfree(pn);
311}
312
313static __net_initdata struct pernet_operations l2tp_eth_net_ops = {
314 .init = l2tp_eth_init_net,
315 .exit = l2tp_eth_exit_net,
316 .id = &l2tp_eth_net_id,
317 .size = sizeof(struct l2tp_eth_net),
318};
319
320
321static const struct l2tp_nl_cmd_ops l2tp_eth_nl_cmd_ops = {
322 .session_create = l2tp_eth_create,
323 .session_delete = l2tp_session_delete,
324};
325
326
327static int __init l2tp_eth_init(void)
328{
329 int err = 0;
330
331 err = l2tp_nl_register_ops(L2TP_PWTYPE_ETH, &l2tp_eth_nl_cmd_ops);
332 if (err)
333 goto out;
334
335 err = register_pernet_device(&l2tp_eth_net_ops);
336 if (err)
337 goto out_unreg;
338
339 printk(KERN_INFO "L2TP ethernet pseudowire support (L2TPv3)\n");
340
341 return 0;
342
343out_unreg:
344 l2tp_nl_unregister_ops(L2TP_PWTYPE_ETH);
345out:
346 return err;
347}
348
349static void __exit l2tp_eth_exit(void)
350{
351 unregister_pernet_device(&l2tp_eth_net_ops);
352 l2tp_nl_unregister_ops(L2TP_PWTYPE_ETH);
353}
354
355module_init(l2tp_eth_init);
356module_exit(l2tp_eth_exit);
357
358MODULE_LICENSE("GPL");
359MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
360MODULE_DESCRIPTION("L2TP ethernet pseudowire driver");
361MODULE_VERSION("1.0");
diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c
new file mode 100644
index 000000000000..0852512d392c
--- /dev/null
+++ b/net/l2tp/l2tp_ip.c
@@ -0,0 +1,679 @@
1/*
2 * L2TPv3 IP encapsulation support
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/icmp.h>
13#include <linux/module.h>
14#include <linux/skbuff.h>
15#include <linux/random.h>
16#include <linux/socket.h>
17#include <linux/l2tp.h>
18#include <linux/in.h>
19#include <net/sock.h>
20#include <net/ip.h>
21#include <net/icmp.h>
22#include <net/udp.h>
23#include <net/inet_common.h>
24#include <net/inet_hashtables.h>
25#include <net/tcp_states.h>
26#include <net/protocol.h>
27#include <net/xfrm.h>
28
29#include "l2tp_core.h"
30
31struct l2tp_ip_sock {
32 /* inet_sock has to be the first member of l2tp_ip_sock */
33 struct inet_sock inet;
34
35 __u32 conn_id;
36 __u32 peer_conn_id;
37
38 __u64 tx_packets;
39 __u64 tx_bytes;
40 __u64 tx_errors;
41 __u64 rx_packets;
42 __u64 rx_bytes;
43 __u64 rx_errors;
44};
45
46static DEFINE_RWLOCK(l2tp_ip_lock);
47static struct hlist_head l2tp_ip_table;
48static struct hlist_head l2tp_ip_bind_table;
49
50static inline struct l2tp_ip_sock *l2tp_ip_sk(const struct sock *sk)
51{
52 return (struct l2tp_ip_sock *)sk;
53}
54
55static struct sock *__l2tp_ip_bind_lookup(struct net *net, __be32 laddr, int dif, u32 tunnel_id)
56{
57 struct hlist_node *node;
58 struct sock *sk;
59
60 sk_for_each_bound(sk, node, &l2tp_ip_bind_table) {
61 struct inet_sock *inet = inet_sk(sk);
62 struct l2tp_ip_sock *l2tp = l2tp_ip_sk(sk);
63
64 if (l2tp == NULL)
65 continue;
66
67 if ((l2tp->conn_id == tunnel_id) &&
68#ifdef CONFIG_NET_NS
69 (sk->sk_net == net) &&
70#endif
71 !(inet->inet_rcv_saddr && inet->inet_rcv_saddr != laddr) &&
72 !(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
73 goto found;
74 }
75
76 sk = NULL;
77found:
78 return sk;
79}
80
81static inline struct sock *l2tp_ip_bind_lookup(struct net *net, __be32 laddr, int dif, u32 tunnel_id)
82{
83 struct sock *sk = __l2tp_ip_bind_lookup(net, laddr, dif, tunnel_id);
84 if (sk)
85 sock_hold(sk);
86
87 return sk;
88}
89
90/* When processing receive frames, there are two cases to
91 * consider. Data frames consist of a non-zero session-id and an
92 * optional cookie. Control frames consist of a regular L2TP header
93 * preceded by 32-bits of zeros.
94 *
95 * L2TPv3 Session Header Over IP
96 *
97 * 0 1 2 3
98 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
99 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
100 * | Session ID |
101 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
102 * | Cookie (optional, maximum 64 bits)...
103 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
104 * |
105 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
106 *
107 * L2TPv3 Control Message Header Over IP
108 *
109 * 0 1 2 3
110 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
111 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
112 * | (32 bits of zeros) |
113 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
114 * |T|L|x|x|S|x|x|x|x|x|x|x| Ver | Length |
115 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
116 * | Control Connection ID |
117 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
118 * | Ns | Nr |
119 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
120 *
121 * All control frames are passed to userspace.
122 */
123static int l2tp_ip_recv(struct sk_buff *skb)
124{
125 struct sock *sk;
126 u32 session_id;
127 u32 tunnel_id;
128 unsigned char *ptr, *optr;
129 struct l2tp_session *session;
130 struct l2tp_tunnel *tunnel = NULL;
131 int length;
132 int offset;
133
134 /* Point to L2TP header */
135 optr = ptr = skb->data;
136
137 if (!pskb_may_pull(skb, 4))
138 goto discard;
139
140 session_id = ntohl(*((__be32 *) ptr));
141 ptr += 4;
142
143 /* RFC3931: L2TP/IP packets have the first 4 bytes containing
144 * the session_id. If it is 0, the packet is a L2TP control
145 * frame and the session_id value can be discarded.
146 */
147 if (session_id == 0) {
148 __skb_pull(skb, 4);
149 goto pass_up;
150 }
151
152 /* Ok, this is a data packet. Lookup the session. */
153 session = l2tp_session_find(&init_net, NULL, session_id);
154 if (session == NULL)
155 goto discard;
156
157 tunnel = session->tunnel;
158 if (tunnel == NULL)
159 goto discard;
160
161 /* Trace packet contents, if enabled */
162 if (tunnel->debug & L2TP_MSG_DATA) {
163 length = min(32u, skb->len);
164 if (!pskb_may_pull(skb, length))
165 goto discard;
166
167 printk(KERN_DEBUG "%s: ip recv: ", tunnel->name);
168
169 offset = 0;
170 do {
171 printk(" %02X", ptr[offset]);
172 } while (++offset < length);
173
174 printk("\n");
175 }
176
177 l2tp_recv_common(session, skb, ptr, optr, 0, skb->len, tunnel->recv_payload_hook);
178
179 return 0;
180
181pass_up:
182 /* Get the tunnel_id from the L2TP header */
183 if (!pskb_may_pull(skb, 12))
184 goto discard;
185
186 if ((skb->data[0] & 0xc0) != 0xc0)
187 goto discard;
188
189 tunnel_id = ntohl(*(__be32 *) &skb->data[4]);
190 tunnel = l2tp_tunnel_find(&init_net, tunnel_id);
191 if (tunnel != NULL)
192 sk = tunnel->sock;
193 else {
194 struct iphdr *iph = (struct iphdr *) skb_network_header(skb);
195
196 read_lock_bh(&l2tp_ip_lock);
197 sk = __l2tp_ip_bind_lookup(&init_net, iph->daddr, 0, tunnel_id);
198 read_unlock_bh(&l2tp_ip_lock);
199 }
200
201 if (sk == NULL)
202 goto discard;
203
204 sock_hold(sk);
205
206 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
207 goto discard_put;
208
209 nf_reset(skb);
210
211 return sk_receive_skb(sk, skb, 1);
212
213discard_put:
214 sock_put(sk);
215
216discard:
217 kfree_skb(skb);
218 return 0;
219}
220
221static int l2tp_ip_open(struct sock *sk)
222{
223 /* Prevent autobind. We don't have ports. */
224 inet_sk(sk)->inet_num = IPPROTO_L2TP;
225
226 write_lock_bh(&l2tp_ip_lock);
227 sk_add_node(sk, &l2tp_ip_table);
228 write_unlock_bh(&l2tp_ip_lock);
229
230 return 0;
231}
232
233static void l2tp_ip_close(struct sock *sk, long timeout)
234{
235 write_lock_bh(&l2tp_ip_lock);
236 hlist_del_init(&sk->sk_bind_node);
237 hlist_del_init(&sk->sk_node);
238 write_unlock_bh(&l2tp_ip_lock);
239 sk_common_release(sk);
240}
241
242static void l2tp_ip_destroy_sock(struct sock *sk)
243{
244 struct sk_buff *skb;
245
246 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL)
247 kfree_skb(skb);
248
249 sk_refcnt_debug_dec(sk);
250}
251
252static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
253{
254 struct inet_sock *inet = inet_sk(sk);
255 struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *) uaddr;
256 int ret = -EINVAL;
257 int chk_addr_ret;
258
259 ret = -EADDRINUSE;
260 read_lock_bh(&l2tp_ip_lock);
261 if (__l2tp_ip_bind_lookup(&init_net, addr->l2tp_addr.s_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id))
262 goto out_in_use;
263
264 read_unlock_bh(&l2tp_ip_lock);
265
266 lock_sock(sk);
267 if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_l2tpip))
268 goto out;
269
270 chk_addr_ret = inet_addr_type(&init_net, addr->l2tp_addr.s_addr);
271 ret = -EADDRNOTAVAIL;
272 if (addr->l2tp_addr.s_addr && chk_addr_ret != RTN_LOCAL &&
273 chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST)
274 goto out;
275
276 inet->inet_rcv_saddr = inet->inet_saddr = addr->l2tp_addr.s_addr;
277 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
278 inet->inet_saddr = 0; /* Use device */
279 sk_dst_reset(sk);
280
281 l2tp_ip_sk(sk)->conn_id = addr->l2tp_conn_id;
282
283 write_lock_bh(&l2tp_ip_lock);
284 sk_add_bind_node(sk, &l2tp_ip_bind_table);
285 sk_del_node_init(sk);
286 write_unlock_bh(&l2tp_ip_lock);
287 ret = 0;
288out:
289 release_sock(sk);
290
291 return ret;
292
293out_in_use:
294 read_unlock_bh(&l2tp_ip_lock);
295
296 return ret;
297}
298
299static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
300{
301 int rc;
302 struct inet_sock *inet = inet_sk(sk);
303 struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *) uaddr;
304 struct rtable *rt;
305 __be32 saddr;
306 int oif;
307
308 rc = -EINVAL;
309 if (addr_len < sizeof(*lsa))
310 goto out;
311
312 rc = -EAFNOSUPPORT;
313 if (lsa->l2tp_family != AF_INET)
314 goto out;
315
316 sk_dst_reset(sk);
317
318 oif = sk->sk_bound_dev_if;
319 saddr = inet->inet_saddr;
320
321 rc = -EINVAL;
322 if (ipv4_is_multicast(lsa->l2tp_addr.s_addr))
323 goto out;
324
325 rc = ip_route_connect(&rt, lsa->l2tp_addr.s_addr, saddr,
326 RT_CONN_FLAGS(sk), oif,
327 IPPROTO_L2TP,
328 0, 0, sk, 1);
329 if (rc) {
330 if (rc == -ENETUNREACH)
331 IP_INC_STATS_BH(&init_net, IPSTATS_MIB_OUTNOROUTES);
332 goto out;
333 }
334
335 rc = -ENETUNREACH;
336 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
337 ip_rt_put(rt);
338 goto out;
339 }
340
341 l2tp_ip_sk(sk)->peer_conn_id = lsa->l2tp_conn_id;
342
343 if (!inet->inet_saddr)
344 inet->inet_saddr = rt->rt_src;
345 if (!inet->inet_rcv_saddr)
346 inet->inet_rcv_saddr = rt->rt_src;
347 inet->inet_daddr = rt->rt_dst;
348 sk->sk_state = TCP_ESTABLISHED;
349 inet->inet_id = jiffies;
350
351 sk_dst_set(sk, &rt->u.dst);
352
353 write_lock_bh(&l2tp_ip_lock);
354 hlist_del_init(&sk->sk_bind_node);
355 sk_add_bind_node(sk, &l2tp_ip_bind_table);
356 write_unlock_bh(&l2tp_ip_lock);
357
358 rc = 0;
359out:
360 return rc;
361}
362
363static int l2tp_ip_getname(struct socket *sock, struct sockaddr *uaddr,
364 int *uaddr_len, int peer)
365{
366 struct sock *sk = sock->sk;
367 struct inet_sock *inet = inet_sk(sk);
368 struct l2tp_ip_sock *lsk = l2tp_ip_sk(sk);
369 struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *)uaddr;
370
371 memset(lsa, 0, sizeof(*lsa));
372 lsa->l2tp_family = AF_INET;
373 if (peer) {
374 if (!inet->inet_dport)
375 return -ENOTCONN;
376 lsa->l2tp_conn_id = lsk->peer_conn_id;
377 lsa->l2tp_addr.s_addr = inet->inet_daddr;
378 } else {
379 __be32 addr = inet->inet_rcv_saddr;
380 if (!addr)
381 addr = inet->inet_saddr;
382 lsa->l2tp_conn_id = lsk->conn_id;
383 lsa->l2tp_addr.s_addr = addr;
384 }
385 *uaddr_len = sizeof(*lsa);
386 return 0;
387}
388
389static int l2tp_ip_backlog_recv(struct sock *sk, struct sk_buff *skb)
390{
391 int rc;
392
393 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
394 goto drop;
395
396 nf_reset(skb);
397
398 /* Charge it to the socket, dropping if the queue is full. */
399 rc = sock_queue_rcv_skb(sk, skb);
400 if (rc < 0)
401 goto drop;
402
403 return 0;
404
405drop:
406 IP_INC_STATS(&init_net, IPSTATS_MIB_INDISCARDS);
407 kfree_skb(skb);
408 return -1;
409}
410
411/* Userspace will call sendmsg() on the tunnel socket to send L2TP
412 * control frames.
413 */
414static int l2tp_ip_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len)
415{
416 struct sk_buff *skb;
417 int rc;
418 struct l2tp_ip_sock *lsa = l2tp_ip_sk(sk);
419 struct inet_sock *inet = inet_sk(sk);
420 struct ip_options *opt = inet->opt;
421 struct rtable *rt = NULL;
422 int connected = 0;
423 __be32 daddr;
424
425 if (sock_flag(sk, SOCK_DEAD))
426 return -ENOTCONN;
427
428 /* Get and verify the address. */
429 if (msg->msg_name) {
430 struct sockaddr_l2tpip *lip = (struct sockaddr_l2tpip *) msg->msg_name;
431 if (msg->msg_namelen < sizeof(*lip))
432 return -EINVAL;
433
434 if (lip->l2tp_family != AF_INET) {
435 if (lip->l2tp_family != AF_UNSPEC)
436 return -EAFNOSUPPORT;
437 }
438
439 daddr = lip->l2tp_addr.s_addr;
440 } else {
441 if (sk->sk_state != TCP_ESTABLISHED)
442 return -EDESTADDRREQ;
443
444 daddr = inet->inet_daddr;
445 connected = 1;
446 }
447
448 /* Allocate a socket buffer */
449 rc = -ENOMEM;
450 skb = sock_wmalloc(sk, 2 + NET_SKB_PAD + sizeof(struct iphdr) +
451 4 + len, 0, GFP_KERNEL);
452 if (!skb)
453 goto error;
454
455 /* Reserve space for headers, putting IP header on 4-byte boundary. */
456 skb_reserve(skb, 2 + NET_SKB_PAD);
457 skb_reset_network_header(skb);
458 skb_reserve(skb, sizeof(struct iphdr));
459 skb_reset_transport_header(skb);
460
461 /* Insert 0 session_id */
462 *((__be32 *) skb_put(skb, 4)) = 0;
463
464 /* Copy user data into skb */
465 rc = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
466 if (rc < 0) {
467 kfree_skb(skb);
468 goto error;
469 }
470
471 if (connected)
472 rt = (struct rtable *) __sk_dst_check(sk, 0);
473
474 if (rt == NULL) {
475 /* Use correct destination address if we have options. */
476 if (opt && opt->srr)
477 daddr = opt->faddr;
478
479 {
480 struct flowi fl = { .oif = sk->sk_bound_dev_if,
481 .nl_u = { .ip4_u = {
482 .daddr = daddr,
483 .saddr = inet->inet_saddr,
484 .tos = RT_CONN_FLAGS(sk) } },
485 .proto = sk->sk_protocol,
486 .flags = inet_sk_flowi_flags(sk),
487 .uli_u = { .ports = {
488 .sport = inet->inet_sport,
489 .dport = inet->inet_dport } } };
490
491 /* If this fails, retransmit mechanism of transport layer will
492 * keep trying until route appears or the connection times
493 * itself out.
494 */
495 security_sk_classify_flow(sk, &fl);
496 if (ip_route_output_flow(sock_net(sk), &rt, &fl, sk, 0))
497 goto no_route;
498 }
499 sk_setup_caps(sk, &rt->u.dst);
500 }
501 skb_dst_set(skb, dst_clone(&rt->u.dst));
502
503 /* Queue the packet to IP for output */
504 rc = ip_queue_xmit(skb);
505
506error:
507 /* Update stats */
508 if (rc >= 0) {
509 lsa->tx_packets++;
510 lsa->tx_bytes += len;
511 rc = len;
512 } else {
513 lsa->tx_errors++;
514 }
515
516 return rc;
517
518no_route:
519 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
520 kfree_skb(skb);
521 return -EHOSTUNREACH;
522}
523
524static int l2tp_ip_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
525 size_t len, int noblock, int flags, int *addr_len)
526{
527 struct inet_sock *inet = inet_sk(sk);
528 struct l2tp_ip_sock *lsk = l2tp_ip_sk(sk);
529 size_t copied = 0;
530 int err = -EOPNOTSUPP;
531 struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name;
532 struct sk_buff *skb;
533
534 if (flags & MSG_OOB)
535 goto out;
536
537 if (addr_len)
538 *addr_len = sizeof(*sin);
539
540 skb = skb_recv_datagram(sk, flags, noblock, &err);
541 if (!skb)
542 goto out;
543
544 copied = skb->len;
545 if (len < copied) {
546 msg->msg_flags |= MSG_TRUNC;
547 copied = len;
548 }
549
550 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
551 if (err)
552 goto done;
553
554 sock_recv_timestamp(msg, sk, skb);
555
556 /* Copy the address. */
557 if (sin) {
558 sin->sin_family = AF_INET;
559 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
560 sin->sin_port = 0;
561 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
562 }
563 if (inet->cmsg_flags)
564 ip_cmsg_recv(msg, skb);
565 if (flags & MSG_TRUNC)
566 copied = skb->len;
567done:
568 skb_free_datagram(sk, skb);
569out:
570 if (err) {
571 lsk->rx_errors++;
572 return err;
573 }
574
575 lsk->rx_packets++;
576 lsk->rx_bytes += copied;
577
578 return copied;
579}
580
581struct proto l2tp_ip_prot = {
582 .name = "L2TP/IP",
583 .owner = THIS_MODULE,
584 .init = l2tp_ip_open,
585 .close = l2tp_ip_close,
586 .bind = l2tp_ip_bind,
587 .connect = l2tp_ip_connect,
588 .disconnect = udp_disconnect,
589 .ioctl = udp_ioctl,
590 .destroy = l2tp_ip_destroy_sock,
591 .setsockopt = ip_setsockopt,
592 .getsockopt = ip_getsockopt,
593 .sendmsg = l2tp_ip_sendmsg,
594 .recvmsg = l2tp_ip_recvmsg,
595 .backlog_rcv = l2tp_ip_backlog_recv,
596 .hash = inet_hash,
597 .unhash = inet_unhash,
598 .obj_size = sizeof(struct l2tp_ip_sock),
599#ifdef CONFIG_COMPAT
600 .compat_setsockopt = compat_ip_setsockopt,
601 .compat_getsockopt = compat_ip_getsockopt,
602#endif
603};
604
605static const struct proto_ops l2tp_ip_ops = {
606 .family = PF_INET,
607 .owner = THIS_MODULE,
608 .release = inet_release,
609 .bind = inet_bind,
610 .connect = inet_dgram_connect,
611 .socketpair = sock_no_socketpair,
612 .accept = sock_no_accept,
613 .getname = l2tp_ip_getname,
614 .poll = datagram_poll,
615 .ioctl = inet_ioctl,
616 .listen = sock_no_listen,
617 .shutdown = inet_shutdown,
618 .setsockopt = sock_common_setsockopt,
619 .getsockopt = sock_common_getsockopt,
620 .sendmsg = inet_sendmsg,
621 .recvmsg = sock_common_recvmsg,
622 .mmap = sock_no_mmap,
623 .sendpage = sock_no_sendpage,
624#ifdef CONFIG_COMPAT
625 .compat_setsockopt = compat_sock_common_setsockopt,
626 .compat_getsockopt = compat_sock_common_getsockopt,
627#endif
628};
629
630static struct inet_protosw l2tp_ip_protosw = {
631 .type = SOCK_DGRAM,
632 .protocol = IPPROTO_L2TP,
633 .prot = &l2tp_ip_prot,
634 .ops = &l2tp_ip_ops,
635 .no_check = 0,
636};
637
638static struct net_protocol l2tp_ip_protocol __read_mostly = {
639 .handler = l2tp_ip_recv,
640};
641
642static int __init l2tp_ip_init(void)
643{
644 int err;
645
646 printk(KERN_INFO "L2TP IP encapsulation support (L2TPv3)\n");
647
648 err = proto_register(&l2tp_ip_prot, 1);
649 if (err != 0)
650 goto out;
651
652 err = inet_add_protocol(&l2tp_ip_protocol, IPPROTO_L2TP);
653 if (err)
654 goto out1;
655
656 inet_register_protosw(&l2tp_ip_protosw);
657 return 0;
658
659out1:
660 proto_unregister(&l2tp_ip_prot);
661out:
662 return err;
663}
664
665static void __exit l2tp_ip_exit(void)
666{
667 inet_unregister_protosw(&l2tp_ip_protosw);
668 inet_del_protocol(&l2tp_ip_protocol, IPPROTO_L2TP);
669 proto_unregister(&l2tp_ip_prot);
670}
671
672module_init(l2tp_ip_init);
673module_exit(l2tp_ip_exit);
674
675MODULE_LICENSE("GPL");
676MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
677MODULE_DESCRIPTION("L2TP over IP");
678MODULE_VERSION("1.0");
679MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, SOCK_DGRAM, IPPROTO_L2TP);
diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
new file mode 100644
index 000000000000..4c1e540732d7
--- /dev/null
+++ b/net/l2tp/l2tp_netlink.c
@@ -0,0 +1,840 @@
1/*
2 * L2TP netlink layer, for management
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * Partly based on the IrDA nelink implementation
7 * (see net/irda/irnetlink.c) which is:
8 * Copyright (c) 2007 Samuel Ortiz <samuel@sortiz.org>
9 * which is in turn partly based on the wireless netlink code:
10 * Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License version 2 as
14 * published by the Free Software Foundation.
15 */
16
17#include <net/sock.h>
18#include <net/genetlink.h>
19#include <net/udp.h>
20#include <linux/in.h>
21#include <linux/udp.h>
22#include <linux/socket.h>
23#include <linux/module.h>
24#include <linux/list.h>
25#include <net/net_namespace.h>
26
27#include <linux/l2tp.h>
28
29#include "l2tp_core.h"
30
31
32static struct genl_family l2tp_nl_family = {
33 .id = GENL_ID_GENERATE,
34 .name = L2TP_GENL_NAME,
35 .version = L2TP_GENL_VERSION,
36 .hdrsize = 0,
37 .maxattr = L2TP_ATTR_MAX,
38};
39
40/* Accessed under genl lock */
41static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX];
42
43static struct l2tp_session *l2tp_nl_session_find(struct genl_info *info)
44{
45 u32 tunnel_id;
46 u32 session_id;
47 char *ifname;
48 struct l2tp_tunnel *tunnel;
49 struct l2tp_session *session = NULL;
50 struct net *net = genl_info_net(info);
51
52 if (info->attrs[L2TP_ATTR_IFNAME]) {
53 ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
54 session = l2tp_session_find_by_ifname(net, ifname);
55 } else if ((info->attrs[L2TP_ATTR_SESSION_ID]) &&
56 (info->attrs[L2TP_ATTR_CONN_ID])) {
57 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
58 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
59 tunnel = l2tp_tunnel_find(net, tunnel_id);
60 if (tunnel)
61 session = l2tp_session_find(net, tunnel, session_id);
62 }
63
64 return session;
65}
66
67static int l2tp_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info)
68{
69 struct sk_buff *msg;
70 void *hdr;
71 int ret = -ENOBUFS;
72
73 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
74 if (!msg) {
75 ret = -ENOMEM;
76 goto out;
77 }
78
79 hdr = genlmsg_put(msg, info->snd_pid, info->snd_seq,
80 &l2tp_nl_family, 0, L2TP_CMD_NOOP);
81 if (IS_ERR(hdr)) {
82 ret = PTR_ERR(hdr);
83 goto err_out;
84 }
85
86 genlmsg_end(msg, hdr);
87
88 return genlmsg_unicast(genl_info_net(info), msg, info->snd_pid);
89
90err_out:
91 nlmsg_free(msg);
92
93out:
94 return ret;
95}
96
97static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info)
98{
99 u32 tunnel_id;
100 u32 peer_tunnel_id;
101 int proto_version;
102 int fd;
103 int ret = 0;
104 struct l2tp_tunnel_cfg cfg = { 0, };
105 struct l2tp_tunnel *tunnel;
106 struct net *net = genl_info_net(info);
107
108 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
109 ret = -EINVAL;
110 goto out;
111 }
112 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
113
114 if (!info->attrs[L2TP_ATTR_PEER_CONN_ID]) {
115 ret = -EINVAL;
116 goto out;
117 }
118 peer_tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_CONN_ID]);
119
120 if (!info->attrs[L2TP_ATTR_PROTO_VERSION]) {
121 ret = -EINVAL;
122 goto out;
123 }
124 proto_version = nla_get_u8(info->attrs[L2TP_ATTR_PROTO_VERSION]);
125
126 if (!info->attrs[L2TP_ATTR_ENCAP_TYPE]) {
127 ret = -EINVAL;
128 goto out;
129 }
130 cfg.encap = nla_get_u16(info->attrs[L2TP_ATTR_ENCAP_TYPE]);
131
132 fd = -1;
133 if (info->attrs[L2TP_ATTR_FD]) {
134 fd = nla_get_u32(info->attrs[L2TP_ATTR_FD]);
135 } else {
136 if (info->attrs[L2TP_ATTR_IP_SADDR])
137 cfg.local_ip.s_addr = nla_get_be32(info->attrs[L2TP_ATTR_IP_SADDR]);
138 if (info->attrs[L2TP_ATTR_IP_DADDR])
139 cfg.peer_ip.s_addr = nla_get_be32(info->attrs[L2TP_ATTR_IP_DADDR]);
140 if (info->attrs[L2TP_ATTR_UDP_SPORT])
141 cfg.local_udp_port = nla_get_u16(info->attrs[L2TP_ATTR_UDP_SPORT]);
142 if (info->attrs[L2TP_ATTR_UDP_DPORT])
143 cfg.peer_udp_port = nla_get_u16(info->attrs[L2TP_ATTR_UDP_DPORT]);
144 if (info->attrs[L2TP_ATTR_UDP_CSUM])
145 cfg.use_udp_checksums = nla_get_flag(info->attrs[L2TP_ATTR_UDP_CSUM]);
146 }
147
148 if (info->attrs[L2TP_ATTR_DEBUG])
149 cfg.debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]);
150
151 tunnel = l2tp_tunnel_find(net, tunnel_id);
152 if (tunnel != NULL) {
153 ret = -EEXIST;
154 goto out;
155 }
156
157 ret = -EINVAL;
158 switch (cfg.encap) {
159 case L2TP_ENCAPTYPE_UDP:
160 case L2TP_ENCAPTYPE_IP:
161 ret = l2tp_tunnel_create(net, fd, proto_version, tunnel_id,
162 peer_tunnel_id, &cfg, &tunnel);
163 break;
164 }
165
166out:
167 return ret;
168}
169
170static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info)
171{
172 struct l2tp_tunnel *tunnel;
173 u32 tunnel_id;
174 int ret = 0;
175 struct net *net = genl_info_net(info);
176
177 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
178 ret = -EINVAL;
179 goto out;
180 }
181 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
182
183 tunnel = l2tp_tunnel_find(net, tunnel_id);
184 if (tunnel == NULL) {
185 ret = -ENODEV;
186 goto out;
187 }
188
189 (void) l2tp_tunnel_delete(tunnel);
190
191out:
192 return ret;
193}
194
195static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info)
196{
197 struct l2tp_tunnel *tunnel;
198 u32 tunnel_id;
199 int ret = 0;
200 struct net *net = genl_info_net(info);
201
202 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
203 ret = -EINVAL;
204 goto out;
205 }
206 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
207
208 tunnel = l2tp_tunnel_find(net, tunnel_id);
209 if (tunnel == NULL) {
210 ret = -ENODEV;
211 goto out;
212 }
213
214 if (info->attrs[L2TP_ATTR_DEBUG])
215 tunnel->debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]);
216
217out:
218 return ret;
219}
220
221static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 pid, u32 seq, int flags,
222 struct l2tp_tunnel *tunnel)
223{
224 void *hdr;
225 struct nlattr *nest;
226 struct sock *sk = NULL;
227 struct inet_sock *inet;
228
229 hdr = genlmsg_put(skb, pid, seq, &l2tp_nl_family, flags,
230 L2TP_CMD_TUNNEL_GET);
231 if (IS_ERR(hdr))
232 return PTR_ERR(hdr);
233
234 NLA_PUT_U8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version);
235 NLA_PUT_U32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id);
236 NLA_PUT_U32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id);
237 NLA_PUT_U32(skb, L2TP_ATTR_DEBUG, tunnel->debug);
238 NLA_PUT_U16(skb, L2TP_ATTR_ENCAP_TYPE, tunnel->encap);
239
240 nest = nla_nest_start(skb, L2TP_ATTR_STATS);
241 if (nest == NULL)
242 goto nla_put_failure;
243
244 NLA_PUT_U64(skb, L2TP_ATTR_TX_PACKETS, tunnel->stats.tx_packets);
245 NLA_PUT_U64(skb, L2TP_ATTR_TX_BYTES, tunnel->stats.tx_bytes);
246 NLA_PUT_U64(skb, L2TP_ATTR_TX_ERRORS, tunnel->stats.tx_errors);
247 NLA_PUT_U64(skb, L2TP_ATTR_RX_PACKETS, tunnel->stats.rx_packets);
248 NLA_PUT_U64(skb, L2TP_ATTR_RX_BYTES, tunnel->stats.rx_bytes);
249 NLA_PUT_U64(skb, L2TP_ATTR_RX_SEQ_DISCARDS, tunnel->stats.rx_seq_discards);
250 NLA_PUT_U64(skb, L2TP_ATTR_RX_OOS_PACKETS, tunnel->stats.rx_oos_packets);
251 NLA_PUT_U64(skb, L2TP_ATTR_RX_ERRORS, tunnel->stats.rx_errors);
252 nla_nest_end(skb, nest);
253
254 sk = tunnel->sock;
255 if (!sk)
256 goto out;
257
258 inet = inet_sk(sk);
259
260 switch (tunnel->encap) {
261 case L2TP_ENCAPTYPE_UDP:
262 NLA_PUT_U16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport));
263 NLA_PUT_U16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport));
264 NLA_PUT_U8(skb, L2TP_ATTR_UDP_CSUM, (sk->sk_no_check != UDP_CSUM_NOXMIT));
265 /* NOBREAK */
266 case L2TP_ENCAPTYPE_IP:
267 NLA_PUT_BE32(skb, L2TP_ATTR_IP_SADDR, inet->inet_saddr);
268 NLA_PUT_BE32(skb, L2TP_ATTR_IP_DADDR, inet->inet_daddr);
269 break;
270 }
271
272out:
273 return genlmsg_end(skb, hdr);
274
275nla_put_failure:
276 genlmsg_cancel(skb, hdr);
277 return -1;
278}
279
280static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info)
281{
282 struct l2tp_tunnel *tunnel;
283 struct sk_buff *msg;
284 u32 tunnel_id;
285 int ret = -ENOBUFS;
286 struct net *net = genl_info_net(info);
287
288 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
289 ret = -EINVAL;
290 goto out;
291 }
292
293 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
294
295 tunnel = l2tp_tunnel_find(net, tunnel_id);
296 if (tunnel == NULL) {
297 ret = -ENODEV;
298 goto out;
299 }
300
301 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
302 if (!msg) {
303 ret = -ENOMEM;
304 goto out;
305 }
306
307 ret = l2tp_nl_tunnel_send(msg, info->snd_pid, info->snd_seq,
308 NLM_F_ACK, tunnel);
309 if (ret < 0)
310 goto err_out;
311
312 return genlmsg_unicast(net, msg, info->snd_pid);
313
314err_out:
315 nlmsg_free(msg);
316
317out:
318 return ret;
319}
320
321static int l2tp_nl_cmd_tunnel_dump(struct sk_buff *skb, struct netlink_callback *cb)
322{
323 int ti = cb->args[0];
324 struct l2tp_tunnel *tunnel;
325 struct net *net = sock_net(skb->sk);
326
327 for (;;) {
328 tunnel = l2tp_tunnel_find_nth(net, ti);
329 if (tunnel == NULL)
330 goto out;
331
332 if (l2tp_nl_tunnel_send(skb, NETLINK_CB(cb->skb).pid,
333 cb->nlh->nlmsg_seq, NLM_F_MULTI,
334 tunnel) <= 0)
335 goto out;
336
337 ti++;
338 }
339
340out:
341 cb->args[0] = ti;
342
343 return skb->len;
344}
345
346static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *info)
347{
348 u32 tunnel_id = 0;
349 u32 session_id;
350 u32 peer_session_id;
351 int ret = 0;
352 struct l2tp_tunnel *tunnel;
353 struct l2tp_session *session;
354 struct l2tp_session_cfg cfg = { 0, };
355 struct net *net = genl_info_net(info);
356
357 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
358 ret = -EINVAL;
359 goto out;
360 }
361 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
362 tunnel = l2tp_tunnel_find(net, tunnel_id);
363 if (!tunnel) {
364 ret = -ENODEV;
365 goto out;
366 }
367
368 if (!info->attrs[L2TP_ATTR_SESSION_ID]) {
369 ret = -EINVAL;
370 goto out;
371 }
372 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
373 session = l2tp_session_find(net, tunnel, session_id);
374 if (session) {
375 ret = -EEXIST;
376 goto out;
377 }
378
379 if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) {
380 ret = -EINVAL;
381 goto out;
382 }
383 peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]);
384
385 if (!info->attrs[L2TP_ATTR_PW_TYPE]) {
386 ret = -EINVAL;
387 goto out;
388 }
389 cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]);
390 if (cfg.pw_type >= __L2TP_PWTYPE_MAX) {
391 ret = -EINVAL;
392 goto out;
393 }
394
395 if (tunnel->version > 2) {
396 if (info->attrs[L2TP_ATTR_OFFSET])
397 cfg.offset = nla_get_u16(info->attrs[L2TP_ATTR_OFFSET]);
398
399 if (info->attrs[L2TP_ATTR_DATA_SEQ])
400 cfg.data_seq = nla_get_u8(info->attrs[L2TP_ATTR_DATA_SEQ]);
401
402 cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
403 if (info->attrs[L2TP_ATTR_L2SPEC_TYPE])
404 cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
405
406 cfg.l2specific_len = 4;
407 if (info->attrs[L2TP_ATTR_L2SPEC_LEN])
408 cfg.l2specific_len = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_LEN]);
409
410 if (info->attrs[L2TP_ATTR_COOKIE]) {
411 u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]);
412 if (len > 8) {
413 ret = -EINVAL;
414 goto out;
415 }
416 cfg.cookie_len = len;
417 memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len);
418 }
419 if (info->attrs[L2TP_ATTR_PEER_COOKIE]) {
420 u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]);
421 if (len > 8) {
422 ret = -EINVAL;
423 goto out;
424 }
425 cfg.peer_cookie_len = len;
426 memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len);
427 }
428 if (info->attrs[L2TP_ATTR_IFNAME])
429 cfg.ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
430
431 if (info->attrs[L2TP_ATTR_VLAN_ID])
432 cfg.vlan_id = nla_get_u16(info->attrs[L2TP_ATTR_VLAN_ID]);
433 }
434
435 if (info->attrs[L2TP_ATTR_DEBUG])
436 cfg.debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]);
437
438 if (info->attrs[L2TP_ATTR_RECV_SEQ])
439 cfg.recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
440
441 if (info->attrs[L2TP_ATTR_SEND_SEQ])
442 cfg.send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
443
444 if (info->attrs[L2TP_ATTR_LNS_MODE])
445 cfg.lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
446
447 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
448 cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
449
450 if (info->attrs[L2TP_ATTR_MTU])
451 cfg.mtu = nla_get_u16(info->attrs[L2TP_ATTR_MTU]);
452
453 if (info->attrs[L2TP_ATTR_MRU])
454 cfg.mru = nla_get_u16(info->attrs[L2TP_ATTR_MRU]);
455
456 if ((l2tp_nl_cmd_ops[cfg.pw_type] == NULL) ||
457 (l2tp_nl_cmd_ops[cfg.pw_type]->session_create == NULL)) {
458 ret = -EPROTONOSUPPORT;
459 goto out;
460 }
461
462 /* Check that pseudowire-specific params are present */
463 switch (cfg.pw_type) {
464 case L2TP_PWTYPE_NONE:
465 break;
466 case L2TP_PWTYPE_ETH_VLAN:
467 if (!info->attrs[L2TP_ATTR_VLAN_ID]) {
468 ret = -EINVAL;
469 goto out;
470 }
471 break;
472 case L2TP_PWTYPE_ETH:
473 break;
474 case L2TP_PWTYPE_PPP:
475 case L2TP_PWTYPE_PPP_AC:
476 break;
477 case L2TP_PWTYPE_IP:
478 default:
479 ret = -EPROTONOSUPPORT;
480 break;
481 }
482
483 ret = -EPROTONOSUPPORT;
484 if (l2tp_nl_cmd_ops[cfg.pw_type]->session_create)
485 ret = (*l2tp_nl_cmd_ops[cfg.pw_type]->session_create)(net, tunnel_id,
486 session_id, peer_session_id, &cfg);
487
488out:
489 return ret;
490}
491
492static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *info)
493{
494 int ret = 0;
495 struct l2tp_session *session;
496 u16 pw_type;
497
498 session = l2tp_nl_session_find(info);
499 if (session == NULL) {
500 ret = -ENODEV;
501 goto out;
502 }
503
504 pw_type = session->pwtype;
505 if (pw_type < __L2TP_PWTYPE_MAX)
506 if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete)
507 ret = (*l2tp_nl_cmd_ops[pw_type]->session_delete)(session);
508
509out:
510 return ret;
511}
512
513static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *info)
514{
515 int ret = 0;
516 struct l2tp_session *session;
517
518 session = l2tp_nl_session_find(info);
519 if (session == NULL) {
520 ret = -ENODEV;
521 goto out;
522 }
523
524 if (info->attrs[L2TP_ATTR_DEBUG])
525 session->debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]);
526
527 if (info->attrs[L2TP_ATTR_DATA_SEQ])
528 session->data_seq = nla_get_u8(info->attrs[L2TP_ATTR_DATA_SEQ]);
529
530 if (info->attrs[L2TP_ATTR_RECV_SEQ])
531 session->recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
532
533 if (info->attrs[L2TP_ATTR_SEND_SEQ])
534 session->send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
535
536 if (info->attrs[L2TP_ATTR_LNS_MODE])
537 session->lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
538
539 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
540 session->reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
541
542 if (info->attrs[L2TP_ATTR_MTU])
543 session->mtu = nla_get_u16(info->attrs[L2TP_ATTR_MTU]);
544
545 if (info->attrs[L2TP_ATTR_MRU])
546 session->mru = nla_get_u16(info->attrs[L2TP_ATTR_MRU]);
547
548out:
549 return ret;
550}
551
552static int l2tp_nl_session_send(struct sk_buff *skb, u32 pid, u32 seq, int flags,
553 struct l2tp_session *session)
554{
555 void *hdr;
556 struct nlattr *nest;
557 struct l2tp_tunnel *tunnel = session->tunnel;
558 struct sock *sk = NULL;
559
560 sk = tunnel->sock;
561
562 hdr = genlmsg_put(skb, pid, seq, &l2tp_nl_family, flags, L2TP_CMD_SESSION_GET);
563 if (IS_ERR(hdr))
564 return PTR_ERR(hdr);
565
566 NLA_PUT_U32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id);
567 NLA_PUT_U32(skb, L2TP_ATTR_SESSION_ID, session->session_id);
568 NLA_PUT_U32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id);
569 NLA_PUT_U32(skb, L2TP_ATTR_PEER_SESSION_ID, session->peer_session_id);
570 NLA_PUT_U32(skb, L2TP_ATTR_DEBUG, session->debug);
571 NLA_PUT_U16(skb, L2TP_ATTR_PW_TYPE, session->pwtype);
572 NLA_PUT_U16(skb, L2TP_ATTR_MTU, session->mtu);
573 if (session->mru)
574 NLA_PUT_U16(skb, L2TP_ATTR_MRU, session->mru);
575
576 if (session->ifname && session->ifname[0])
577 NLA_PUT_STRING(skb, L2TP_ATTR_IFNAME, session->ifname);
578 if (session->cookie_len)
579 NLA_PUT(skb, L2TP_ATTR_COOKIE, session->cookie_len, &session->cookie[0]);
580 if (session->peer_cookie_len)
581 NLA_PUT(skb, L2TP_ATTR_PEER_COOKIE, session->peer_cookie_len, &session->peer_cookie[0]);
582 NLA_PUT_U8(skb, L2TP_ATTR_RECV_SEQ, session->recv_seq);
583 NLA_PUT_U8(skb, L2TP_ATTR_SEND_SEQ, session->send_seq);
584 NLA_PUT_U8(skb, L2TP_ATTR_LNS_MODE, session->lns_mode);
585#ifdef CONFIG_XFRM
586 if ((sk) && (sk->sk_policy[0] || sk->sk_policy[1]))
587 NLA_PUT_U8(skb, L2TP_ATTR_USING_IPSEC, 1);
588#endif
589 if (session->reorder_timeout)
590 NLA_PUT_MSECS(skb, L2TP_ATTR_RECV_TIMEOUT, session->reorder_timeout);
591
592 nest = nla_nest_start(skb, L2TP_ATTR_STATS);
593 if (nest == NULL)
594 goto nla_put_failure;
595 NLA_PUT_U64(skb, L2TP_ATTR_TX_PACKETS, session->stats.tx_packets);
596 NLA_PUT_U64(skb, L2TP_ATTR_TX_BYTES, session->stats.tx_bytes);
597 NLA_PUT_U64(skb, L2TP_ATTR_TX_ERRORS, session->stats.tx_errors);
598 NLA_PUT_U64(skb, L2TP_ATTR_RX_PACKETS, session->stats.rx_packets);
599 NLA_PUT_U64(skb, L2TP_ATTR_RX_BYTES, session->stats.rx_bytes);
600 NLA_PUT_U64(skb, L2TP_ATTR_RX_SEQ_DISCARDS, session->stats.rx_seq_discards);
601 NLA_PUT_U64(skb, L2TP_ATTR_RX_OOS_PACKETS, session->stats.rx_oos_packets);
602 NLA_PUT_U64(skb, L2TP_ATTR_RX_ERRORS, session->stats.rx_errors);
603 nla_nest_end(skb, nest);
604
605 return genlmsg_end(skb, hdr);
606
607 nla_put_failure:
608 genlmsg_cancel(skb, hdr);
609 return -1;
610}
611
612static int l2tp_nl_cmd_session_get(struct sk_buff *skb, struct genl_info *info)
613{
614 struct l2tp_session *session;
615 struct sk_buff *msg;
616 int ret;
617
618 session = l2tp_nl_session_find(info);
619 if (session == NULL) {
620 ret = -ENODEV;
621 goto out;
622 }
623
624 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
625 if (!msg) {
626 ret = -ENOMEM;
627 goto out;
628 }
629
630 ret = l2tp_nl_session_send(msg, info->snd_pid, info->snd_seq,
631 0, session);
632 if (ret < 0)
633 goto err_out;
634
635 return genlmsg_unicast(genl_info_net(info), msg, info->snd_pid);
636
637err_out:
638 nlmsg_free(msg);
639
640out:
641 return ret;
642}
643
644static int l2tp_nl_cmd_session_dump(struct sk_buff *skb, struct netlink_callback *cb)
645{
646 struct net *net = sock_net(skb->sk);
647 struct l2tp_session *session;
648 struct l2tp_tunnel *tunnel = NULL;
649 int ti = cb->args[0];
650 int si = cb->args[1];
651
652 for (;;) {
653 if (tunnel == NULL) {
654 tunnel = l2tp_tunnel_find_nth(net, ti);
655 if (tunnel == NULL)
656 goto out;
657 }
658
659 session = l2tp_session_find_nth(tunnel, si);
660 if (session == NULL) {
661 ti++;
662 tunnel = NULL;
663 si = 0;
664 continue;
665 }
666
667 if (l2tp_nl_session_send(skb, NETLINK_CB(cb->skb).pid,
668 cb->nlh->nlmsg_seq, NLM_F_MULTI,
669 session) <= 0)
670 break;
671
672 si++;
673 }
674
675out:
676 cb->args[0] = ti;
677 cb->args[1] = si;
678
679 return skb->len;
680}
681
682static struct nla_policy l2tp_nl_policy[L2TP_ATTR_MAX + 1] = {
683 [L2TP_ATTR_NONE] = { .type = NLA_UNSPEC, },
684 [L2TP_ATTR_PW_TYPE] = { .type = NLA_U16, },
685 [L2TP_ATTR_ENCAP_TYPE] = { .type = NLA_U16, },
686 [L2TP_ATTR_OFFSET] = { .type = NLA_U16, },
687 [L2TP_ATTR_DATA_SEQ] = { .type = NLA_U8, },
688 [L2TP_ATTR_L2SPEC_TYPE] = { .type = NLA_U8, },
689 [L2TP_ATTR_L2SPEC_LEN] = { .type = NLA_U8, },
690 [L2TP_ATTR_PROTO_VERSION] = { .type = NLA_U8, },
691 [L2TP_ATTR_CONN_ID] = { .type = NLA_U32, },
692 [L2TP_ATTR_PEER_CONN_ID] = { .type = NLA_U32, },
693 [L2TP_ATTR_SESSION_ID] = { .type = NLA_U32, },
694 [L2TP_ATTR_PEER_SESSION_ID] = { .type = NLA_U32, },
695 [L2TP_ATTR_UDP_CSUM] = { .type = NLA_U8, },
696 [L2TP_ATTR_VLAN_ID] = { .type = NLA_U16, },
697 [L2TP_ATTR_DEBUG] = { .type = NLA_U32, },
698 [L2TP_ATTR_RECV_SEQ] = { .type = NLA_U8, },
699 [L2TP_ATTR_SEND_SEQ] = { .type = NLA_U8, },
700 [L2TP_ATTR_LNS_MODE] = { .type = NLA_U8, },
701 [L2TP_ATTR_USING_IPSEC] = { .type = NLA_U8, },
702 [L2TP_ATTR_RECV_TIMEOUT] = { .type = NLA_MSECS, },
703 [L2TP_ATTR_FD] = { .type = NLA_U32, },
704 [L2TP_ATTR_IP_SADDR] = { .type = NLA_U32, },
705 [L2TP_ATTR_IP_DADDR] = { .type = NLA_U32, },
706 [L2TP_ATTR_UDP_SPORT] = { .type = NLA_U16, },
707 [L2TP_ATTR_UDP_DPORT] = { .type = NLA_U16, },
708 [L2TP_ATTR_MTU] = { .type = NLA_U16, },
709 [L2TP_ATTR_MRU] = { .type = NLA_U16, },
710 [L2TP_ATTR_STATS] = { .type = NLA_NESTED, },
711 [L2TP_ATTR_IFNAME] = {
712 .type = NLA_NUL_STRING,
713 .len = IFNAMSIZ - 1,
714 },
715 [L2TP_ATTR_COOKIE] = {
716 .type = NLA_BINARY,
717 .len = 8,
718 },
719 [L2TP_ATTR_PEER_COOKIE] = {
720 .type = NLA_BINARY,
721 .len = 8,
722 },
723};
724
725static struct genl_ops l2tp_nl_ops[] = {
726 {
727 .cmd = L2TP_CMD_NOOP,
728 .doit = l2tp_nl_cmd_noop,
729 .policy = l2tp_nl_policy,
730 /* can be retrieved by unprivileged users */
731 },
732 {
733 .cmd = L2TP_CMD_TUNNEL_CREATE,
734 .doit = l2tp_nl_cmd_tunnel_create,
735 .policy = l2tp_nl_policy,
736 .flags = GENL_ADMIN_PERM,
737 },
738 {
739 .cmd = L2TP_CMD_TUNNEL_DELETE,
740 .doit = l2tp_nl_cmd_tunnel_delete,
741 .policy = l2tp_nl_policy,
742 .flags = GENL_ADMIN_PERM,
743 },
744 {
745 .cmd = L2TP_CMD_TUNNEL_MODIFY,
746 .doit = l2tp_nl_cmd_tunnel_modify,
747 .policy = l2tp_nl_policy,
748 .flags = GENL_ADMIN_PERM,
749 },
750 {
751 .cmd = L2TP_CMD_TUNNEL_GET,
752 .doit = l2tp_nl_cmd_tunnel_get,
753 .dumpit = l2tp_nl_cmd_tunnel_dump,
754 .policy = l2tp_nl_policy,
755 .flags = GENL_ADMIN_PERM,
756 },
757 {
758 .cmd = L2TP_CMD_SESSION_CREATE,
759 .doit = l2tp_nl_cmd_session_create,
760 .policy = l2tp_nl_policy,
761 .flags = GENL_ADMIN_PERM,
762 },
763 {
764 .cmd = L2TP_CMD_SESSION_DELETE,
765 .doit = l2tp_nl_cmd_session_delete,
766 .policy = l2tp_nl_policy,
767 .flags = GENL_ADMIN_PERM,
768 },
769 {
770 .cmd = L2TP_CMD_SESSION_MODIFY,
771 .doit = l2tp_nl_cmd_session_modify,
772 .policy = l2tp_nl_policy,
773 .flags = GENL_ADMIN_PERM,
774 },
775 {
776 .cmd = L2TP_CMD_SESSION_GET,
777 .doit = l2tp_nl_cmd_session_get,
778 .dumpit = l2tp_nl_cmd_session_dump,
779 .policy = l2tp_nl_policy,
780 .flags = GENL_ADMIN_PERM,
781 },
782};
783
784int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, const struct l2tp_nl_cmd_ops *ops)
785{
786 int ret;
787
788 ret = -EINVAL;
789 if (pw_type >= __L2TP_PWTYPE_MAX)
790 goto err;
791
792 genl_lock();
793 ret = -EBUSY;
794 if (l2tp_nl_cmd_ops[pw_type])
795 goto out;
796
797 l2tp_nl_cmd_ops[pw_type] = ops;
798
799out:
800 genl_unlock();
801err:
802 return 0;
803}
804EXPORT_SYMBOL_GPL(l2tp_nl_register_ops);
805
806void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type)
807{
808 if (pw_type < __L2TP_PWTYPE_MAX) {
809 genl_lock();
810 l2tp_nl_cmd_ops[pw_type] = NULL;
811 genl_unlock();
812 }
813}
814EXPORT_SYMBOL_GPL(l2tp_nl_unregister_ops);
815
816static int l2tp_nl_init(void)
817{
818 int err;
819
820 printk(KERN_INFO "L2TP netlink interface\n");
821 err = genl_register_family_with_ops(&l2tp_nl_family, l2tp_nl_ops,
822 ARRAY_SIZE(l2tp_nl_ops));
823
824 return err;
825}
826
827static void l2tp_nl_cleanup(void)
828{
829 genl_unregister_family(&l2tp_nl_family);
830}
831
832module_init(l2tp_nl_init);
833module_exit(l2tp_nl_cleanup);
834
835MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
836MODULE_DESCRIPTION("L2TP netlink");
837MODULE_LICENSE("GPL");
838MODULE_VERSION("1.0");
839MODULE_ALIAS("net-pf-" __stringify(PF_NETLINK) "-proto-" \
840 __stringify(NETLINK_GENERIC) "-type-" "l2tp");
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
new file mode 100644
index 000000000000..90d82b3f2889
--- /dev/null
+++ b/net/l2tp/l2tp_ppp.c
@@ -0,0 +1,1837 @@
1/*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6 *
7 * Version: 2.0.0
8 *
9 * Authors: James Chapman (jchapman@katalix.com)
10 *
11 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
12 *
13 * License:
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version
17 * 2 of the License, or (at your option) any later version.
18 *
19 */
20
21/* This driver handles only L2TP data frames; control frames are handled by a
22 * userspace application.
23 *
24 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
25 * attaches it to a bound UDP socket with local tunnel_id / session_id and
26 * peer tunnel_id / session_id set. Data can then be sent or received using
27 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
28 * can be read or modified using ioctl() or [gs]etsockopt() calls.
29 *
30 * When a PPPoL2TP socket is connected with local and peer session_id values
31 * zero, the socket is treated as a special tunnel management socket.
32 *
33 * Here's example userspace code to create a socket for sending/receiving data
34 * over an L2TP session:-
35 *
36 * struct sockaddr_pppol2tp sax;
37 * int fd;
38 * int session_fd;
39 *
40 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
41 *
42 * sax.sa_family = AF_PPPOX;
43 * sax.sa_protocol = PX_PROTO_OL2TP;
44 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
45 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
46 * sax.pppol2tp.addr.sin_port = addr->sin_port;
47 * sax.pppol2tp.addr.sin_family = AF_INET;
48 * sax.pppol2tp.s_tunnel = tunnel_id;
49 * sax.pppol2tp.s_session = session_id;
50 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
51 * sax.pppol2tp.d_session = peer_session_id;
52 *
53 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
54 *
55 * A pppd plugin that allows PPP traffic to be carried over L2TP using
56 * this driver is available from the OpenL2TP project at
57 * http://openl2tp.sourceforge.net.
58 */
59
60#include <linux/module.h>
61#include <linux/string.h>
62#include <linux/list.h>
63#include <linux/uaccess.h>
64
65#include <linux/kernel.h>
66#include <linux/spinlock.h>
67#include <linux/kthread.h>
68#include <linux/sched.h>
69#include <linux/slab.h>
70#include <linux/errno.h>
71#include <linux/jiffies.h>
72
73#include <linux/netdevice.h>
74#include <linux/net.h>
75#include <linux/inetdevice.h>
76#include <linux/skbuff.h>
77#include <linux/init.h>
78#include <linux/ip.h>
79#include <linux/udp.h>
80#include <linux/if_pppox.h>
81#include <linux/if_pppol2tp.h>
82#include <net/sock.h>
83#include <linux/ppp_channel.h>
84#include <linux/ppp_defs.h>
85#include <linux/if_ppp.h>
86#include <linux/file.h>
87#include <linux/hash.h>
88#include <linux/sort.h>
89#include <linux/proc_fs.h>
90#include <linux/l2tp.h>
91#include <linux/nsproxy.h>
92#include <net/net_namespace.h>
93#include <net/netns/generic.h>
94#include <net/dst.h>
95#include <net/ip.h>
96#include <net/udp.h>
97#include <net/xfrm.h>
98
99#include <asm/byteorder.h>
100#include <asm/atomic.h>
101
102#include "l2tp_core.h"
103
104#define PPPOL2TP_DRV_VERSION "V2.0"
105
106/* Space for UDP, L2TP and PPP headers */
107#define PPPOL2TP_HEADER_OVERHEAD 40
108
109#define PRINTK(_mask, _type, _lvl, _fmt, args...) \
110 do { \
111 if ((_mask) & (_type)) \
112 printk(_lvl "PPPOL2TP: " _fmt, ##args); \
113 } while (0)
114
115/* Number of bytes to build transmit L2TP headers.
116 * Unfortunately the size is different depending on whether sequence numbers
117 * are enabled.
118 */
119#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
120#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
121
122/* Private data of each session. This data lives at the end of struct
123 * l2tp_session, referenced via session->priv[].
124 */
125struct pppol2tp_session {
126 int owner; /* pid that opened the socket */
127
128 struct sock *sock; /* Pointer to the session
129 * PPPoX socket */
130 struct sock *tunnel_sock; /* Pointer to the tunnel UDP
131 * socket */
132 int flags; /* accessed by PPPIOCGFLAGS.
133 * Unused. */
134};
135
136static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
137
138static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
139static const struct proto_ops pppol2tp_ops;
140
141/* Helpers to obtain tunnel/session contexts from sockets.
142 */
143static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
144{
145 struct l2tp_session *session;
146
147 if (sk == NULL)
148 return NULL;
149
150 sock_hold(sk);
151 session = (struct l2tp_session *)(sk->sk_user_data);
152 if (session == NULL) {
153 sock_put(sk);
154 goto out;
155 }
156
157 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
158
159out:
160 return session;
161}
162
163/*****************************************************************************
164 * Receive data handling
165 *****************************************************************************/
166
167static int pppol2tp_recv_payload_hook(struct sk_buff *skb)
168{
169 /* Skip PPP header, if present. In testing, Microsoft L2TP clients
170 * don't send the PPP header (PPP header compression enabled), but
171 * other clients can include the header. So we cope with both cases
172 * here. The PPP header is always FF03 when using L2TP.
173 *
174 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
175 * the field may be unaligned.
176 */
177 if (!pskb_may_pull(skb, 2))
178 return 1;
179
180 if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
181 skb_pull(skb, 2);
182
183 return 0;
184}
185
186/* Receive message. This is the recvmsg for the PPPoL2TP socket.
187 */
188static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
189 struct msghdr *msg, size_t len,
190 int flags)
191{
192 int err;
193 struct sk_buff *skb;
194 struct sock *sk = sock->sk;
195
196 err = -EIO;
197 if (sk->sk_state & PPPOX_BOUND)
198 goto end;
199
200 msg->msg_namelen = 0;
201
202 err = 0;
203 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
204 flags & MSG_DONTWAIT, &err);
205 if (!skb)
206 goto end;
207
208 if (len > skb->len)
209 len = skb->len;
210 else if (len < skb->len)
211 msg->msg_flags |= MSG_TRUNC;
212
213 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
214 if (likely(err == 0))
215 err = len;
216
217 kfree_skb(skb);
218end:
219 return err;
220}
221
222static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
223{
224 struct pppol2tp_session *ps = l2tp_session_priv(session);
225 struct sock *sk = NULL;
226
227 /* If the socket is bound, send it in to PPP's input queue. Otherwise
228 * queue it on the session socket.
229 */
230 sk = ps->sock;
231 if (sk == NULL)
232 goto no_sock;
233
234 if (sk->sk_state & PPPOX_BOUND) {
235 struct pppox_sock *po;
236 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
237 "%s: recv %d byte data frame, passing to ppp\n",
238 session->name, data_len);
239
240 /* We need to forget all info related to the L2TP packet
241 * gathered in the skb as we are going to reuse the same
242 * skb for the inner packet.
243 * Namely we need to:
244 * - reset xfrm (IPSec) information as it applies to
245 * the outer L2TP packet and not to the inner one
246 * - release the dst to force a route lookup on the inner
247 * IP packet since skb->dst currently points to the dst
248 * of the UDP tunnel
249 * - reset netfilter information as it doesn't apply
250 * to the inner packet either
251 */
252 secpath_reset(skb);
253 skb_dst_drop(skb);
254 nf_reset(skb);
255
256 po = pppox_sk(sk);
257 ppp_input(&po->chan, skb);
258 } else {
259 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
260 "%s: socket not bound\n", session->name);
261
262 /* Not bound. Nothing we can do, so discard. */
263 session->stats.rx_errors++;
264 kfree_skb(skb);
265 }
266
267 return;
268
269no_sock:
270 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
271 "%s: no socket\n", session->name);
272 kfree_skb(skb);
273}
274
275static void pppol2tp_session_sock_hold(struct l2tp_session *session)
276{
277 struct pppol2tp_session *ps = l2tp_session_priv(session);
278
279 if (ps->sock)
280 sock_hold(ps->sock);
281}
282
283static void pppol2tp_session_sock_put(struct l2tp_session *session)
284{
285 struct pppol2tp_session *ps = l2tp_session_priv(session);
286
287 if (ps->sock)
288 sock_put(ps->sock);
289}
290
291/************************************************************************
292 * Transmit handling
293 ***********************************************************************/
294
295/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
296 * when a user application does a sendmsg() on the session socket. L2TP and
297 * PPP headers must be inserted into the user's data.
298 */
299static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
300 size_t total_len)
301{
302 static const unsigned char ppph[2] = { 0xff, 0x03 };
303 struct sock *sk = sock->sk;
304 struct sk_buff *skb;
305 int error;
306 struct l2tp_session *session;
307 struct l2tp_tunnel *tunnel;
308 struct pppol2tp_session *ps;
309 int uhlen;
310
311 error = -ENOTCONN;
312 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
313 goto error;
314
315 /* Get session and tunnel contexts */
316 error = -EBADF;
317 session = pppol2tp_sock_to_session(sk);
318 if (session == NULL)
319 goto error;
320
321 ps = l2tp_session_priv(session);
322 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
323 if (tunnel == NULL)
324 goto error_put_sess;
325
326 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
327
328 /* Allocate a socket buffer */
329 error = -ENOMEM;
330 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
331 uhlen + session->hdr_len +
332 sizeof(ppph) + total_len,
333 0, GFP_KERNEL);
334 if (!skb)
335 goto error_put_sess_tun;
336
337 /* Reserve space for headers. */
338 skb_reserve(skb, NET_SKB_PAD);
339 skb_reset_network_header(skb);
340 skb_reserve(skb, sizeof(struct iphdr));
341 skb_reset_transport_header(skb);
342 skb_reserve(skb, uhlen);
343
344 /* Add PPP header */
345 skb->data[0] = ppph[0];
346 skb->data[1] = ppph[1];
347 skb_put(skb, 2);
348
349 /* Copy user data into skb */
350 error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
351 if (error < 0) {
352 kfree_skb(skb);
353 goto error_put_sess_tun;
354 }
355 skb_put(skb, total_len);
356
357 l2tp_xmit_skb(session, skb, session->hdr_len);
358
359 sock_put(ps->tunnel_sock);
360
361 return error;
362
363error_put_sess_tun:
364 sock_put(ps->tunnel_sock);
365error_put_sess:
366 sock_put(sk);
367error:
368 return error;
369}
370
371/* Transmit function called by generic PPP driver. Sends PPP frame
372 * over PPPoL2TP socket.
373 *
374 * This is almost the same as pppol2tp_sendmsg(), but rather than
375 * being called with a msghdr from userspace, it is called with a skb
376 * from the kernel.
377 *
378 * The supplied skb from ppp doesn't have enough headroom for the
379 * insertion of L2TP, UDP and IP headers so we need to allocate more
380 * headroom in the skb. This will create a cloned skb. But we must be
381 * careful in the error case because the caller will expect to free
382 * the skb it supplied, not our cloned skb. So we take care to always
383 * leave the original skb unfreed if we return an error.
384 */
385static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
386{
387 static const u8 ppph[2] = { 0xff, 0x03 };
388 struct sock *sk = (struct sock *) chan->private;
389 struct sock *sk_tun;
390 struct l2tp_session *session;
391 struct l2tp_tunnel *tunnel;
392 struct pppol2tp_session *ps;
393 int old_headroom;
394 int new_headroom;
395
396 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
397 goto abort;
398
399 /* Get session and tunnel contexts from the socket */
400 session = pppol2tp_sock_to_session(sk);
401 if (session == NULL)
402 goto abort;
403
404 ps = l2tp_session_priv(session);
405 sk_tun = ps->tunnel_sock;
406 if (sk_tun == NULL)
407 goto abort_put_sess;
408 tunnel = l2tp_sock_to_tunnel(sk_tun);
409 if (tunnel == NULL)
410 goto abort_put_sess;
411
412 old_headroom = skb_headroom(skb);
413 if (skb_cow_head(skb, sizeof(ppph)))
414 goto abort_put_sess_tun;
415
416 new_headroom = skb_headroom(skb);
417 skb->truesize += new_headroom - old_headroom;
418
419 /* Setup PPP header */
420 __skb_push(skb, sizeof(ppph));
421 skb->data[0] = ppph[0];
422 skb->data[1] = ppph[1];
423
424 l2tp_xmit_skb(session, skb, session->hdr_len);
425
426 sock_put(sk_tun);
427 sock_put(sk);
428 return 1;
429
430abort_put_sess_tun:
431 sock_put(sk_tun);
432abort_put_sess:
433 sock_put(sk);
434abort:
435 /* Free the original skb */
436 kfree_skb(skb);
437 return 1;
438}
439
440/*****************************************************************************
441 * Session (and tunnel control) socket create/destroy.
442 *****************************************************************************/
443
444/* Called by l2tp_core when a session socket is being closed.
445 */
446static void pppol2tp_session_close(struct l2tp_session *session)
447{
448 struct pppol2tp_session *ps = l2tp_session_priv(session);
449 struct sock *sk = ps->sock;
450 struct sk_buff *skb;
451
452 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
453
454 if (session->session_id == 0)
455 goto out;
456
457 if (sk != NULL) {
458 lock_sock(sk);
459
460 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
461 pppox_unbind_sock(sk);
462 sk->sk_state = PPPOX_DEAD;
463 sk->sk_state_change(sk);
464 }
465
466 /* Purge any queued data */
467 skb_queue_purge(&sk->sk_receive_queue);
468 skb_queue_purge(&sk->sk_write_queue);
469 while ((skb = skb_dequeue(&session->reorder_q))) {
470 kfree_skb(skb);
471 sock_put(sk);
472 }
473
474 release_sock(sk);
475 }
476
477out:
478 return;
479}
480
481/* Really kill the session socket. (Called from sock_put() if
482 * refcnt == 0.)
483 */
484static void pppol2tp_session_destruct(struct sock *sk)
485{
486 struct l2tp_session *session;
487
488 if (sk->sk_user_data != NULL) {
489 session = sk->sk_user_data;
490 if (session == NULL)
491 goto out;
492
493 sk->sk_user_data = NULL;
494 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
495 l2tp_session_dec_refcount(session);
496 }
497
498out:
499 return;
500}
501
502/* Called when the PPPoX socket (session) is closed.
503 */
504static int pppol2tp_release(struct socket *sock)
505{
506 struct sock *sk = sock->sk;
507 struct l2tp_session *session;
508 int error;
509
510 if (!sk)
511 return 0;
512
513 error = -EBADF;
514 lock_sock(sk);
515 if (sock_flag(sk, SOCK_DEAD) != 0)
516 goto error;
517
518 pppox_unbind_sock(sk);
519
520 /* Signal the death of the socket. */
521 sk->sk_state = PPPOX_DEAD;
522 sock_orphan(sk);
523 sock->sk = NULL;
524
525 session = pppol2tp_sock_to_session(sk);
526
527 /* Purge any queued data */
528 skb_queue_purge(&sk->sk_receive_queue);
529 skb_queue_purge(&sk->sk_write_queue);
530 if (session != NULL) {
531 struct sk_buff *skb;
532 while ((skb = skb_dequeue(&session->reorder_q))) {
533 kfree_skb(skb);
534 sock_put(sk);
535 }
536 sock_put(sk);
537 }
538
539 release_sock(sk);
540
541 /* This will delete the session context via
542 * pppol2tp_session_destruct() if the socket's refcnt drops to
543 * zero.
544 */
545 sock_put(sk);
546
547 return 0;
548
549error:
550 release_sock(sk);
551 return error;
552}
553
554static struct proto pppol2tp_sk_proto = {
555 .name = "PPPOL2TP",
556 .owner = THIS_MODULE,
557 .obj_size = sizeof(struct pppox_sock),
558};
559
560static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
561{
562 int rc;
563
564 rc = l2tp_udp_encap_recv(sk, skb);
565 if (rc)
566 kfree_skb(skb);
567
568 return NET_RX_SUCCESS;
569}
570
571/* socket() handler. Initialize a new struct sock.
572 */
573static int pppol2tp_create(struct net *net, struct socket *sock)
574{
575 int error = -ENOMEM;
576 struct sock *sk;
577
578 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
579 if (!sk)
580 goto out;
581
582 sock_init_data(sock, sk);
583
584 sock->state = SS_UNCONNECTED;
585 sock->ops = &pppol2tp_ops;
586
587 sk->sk_backlog_rcv = pppol2tp_backlog_recv;
588 sk->sk_protocol = PX_PROTO_OL2TP;
589 sk->sk_family = PF_PPPOX;
590 sk->sk_state = PPPOX_NONE;
591 sk->sk_type = SOCK_STREAM;
592 sk->sk_destruct = pppol2tp_session_destruct;
593
594 error = 0;
595
596out:
597 return error;
598}
599
600#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
601static void pppol2tp_show(struct seq_file *m, void *arg)
602{
603 struct l2tp_session *session = arg;
604 struct pppol2tp_session *ps = l2tp_session_priv(session);
605
606 if (ps) {
607 struct pppox_sock *po = pppox_sk(ps->sock);
608 if (po)
609 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
610 }
611}
612#endif
613
614/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
615 */
616static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
617 int sockaddr_len, int flags)
618{
619 struct sock *sk = sock->sk;
620 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
621 struct sockaddr_pppol2tpv3 *sp3 = (struct sockaddr_pppol2tpv3 *) uservaddr;
622 struct pppox_sock *po = pppox_sk(sk);
623 struct l2tp_session *session = NULL;
624 struct l2tp_tunnel *tunnel;
625 struct pppol2tp_session *ps;
626 struct dst_entry *dst;
627 struct l2tp_session_cfg cfg = { 0, };
628 int error = 0;
629 u32 tunnel_id, peer_tunnel_id;
630 u32 session_id, peer_session_id;
631 int ver = 2;
632 int fd;
633
634 lock_sock(sk);
635
636 error = -EINVAL;
637 if (sp->sa_protocol != PX_PROTO_OL2TP)
638 goto end;
639
640 /* Check for already bound sockets */
641 error = -EBUSY;
642 if (sk->sk_state & PPPOX_CONNECTED)
643 goto end;
644
645 /* We don't supporting rebinding anyway */
646 error = -EALREADY;
647 if (sk->sk_user_data)
648 goto end; /* socket is already attached */
649
650 /* Get params from socket address. Handle L2TPv2 and L2TPv3 */
651 if (sockaddr_len == sizeof(struct sockaddr_pppol2tp)) {
652 fd = sp->pppol2tp.fd;
653 tunnel_id = sp->pppol2tp.s_tunnel;
654 peer_tunnel_id = sp->pppol2tp.d_tunnel;
655 session_id = sp->pppol2tp.s_session;
656 peer_session_id = sp->pppol2tp.d_session;
657 } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3)) {
658 ver = 3;
659 fd = sp3->pppol2tp.fd;
660 tunnel_id = sp3->pppol2tp.s_tunnel;
661 peer_tunnel_id = sp3->pppol2tp.d_tunnel;
662 session_id = sp3->pppol2tp.s_session;
663 peer_session_id = sp3->pppol2tp.d_session;
664 } else {
665 error = -EINVAL;
666 goto end; /* bad socket address */
667 }
668
669 /* Don't bind if tunnel_id is 0 */
670 error = -EINVAL;
671 if (tunnel_id == 0)
672 goto end;
673
674 tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id);
675
676 /* Special case: create tunnel context if session_id and
677 * peer_session_id is 0. Otherwise look up tunnel using supplied
678 * tunnel id.
679 */
680 if ((session_id == 0) && (peer_session_id == 0)) {
681 if (tunnel == NULL) {
682 struct l2tp_tunnel_cfg tcfg = {
683 .encap = L2TP_ENCAPTYPE_UDP,
684 .debug = 0,
685 };
686 error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel);
687 if (error < 0)
688 goto end;
689 }
690 } else {
691 /* Error if we can't find the tunnel */
692 error = -ENOENT;
693 if (tunnel == NULL)
694 goto end;
695
696 /* Error if socket is not prepped */
697 if (tunnel->sock == NULL)
698 goto end;
699 }
700
701 if (tunnel->recv_payload_hook == NULL)
702 tunnel->recv_payload_hook = pppol2tp_recv_payload_hook;
703
704 if (tunnel->peer_tunnel_id == 0) {
705 if (ver == 2)
706 tunnel->peer_tunnel_id = sp->pppol2tp.d_tunnel;
707 else
708 tunnel->peer_tunnel_id = sp3->pppol2tp.d_tunnel;
709 }
710
711 /* Create session if it doesn't already exist. We handle the
712 * case where a session was previously created by the netlink
713 * interface by checking that the session doesn't already have
714 * a socket and its tunnel socket are what we expect. If any
715 * of those checks fail, return EEXIST to the caller.
716 */
717 session = l2tp_session_find(sock_net(sk), tunnel, session_id);
718 if (session == NULL) {
719 /* Default MTU must allow space for UDP/L2TP/PPP
720 * headers.
721 */
722 cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
723
724 /* Allocate and initialize a new session context. */
725 session = l2tp_session_create(sizeof(struct pppol2tp_session),
726 tunnel, session_id,
727 peer_session_id, &cfg);
728 if (session == NULL) {
729 error = -ENOMEM;
730 goto end;
731 }
732 } else {
733 ps = l2tp_session_priv(session);
734 error = -EEXIST;
735 if (ps->sock != NULL)
736 goto end;
737
738 /* consistency checks */
739 if (ps->tunnel_sock != tunnel->sock)
740 goto end;
741 }
742
743 /* Associate session with its PPPoL2TP socket */
744 ps = l2tp_session_priv(session);
745 ps->owner = current->pid;
746 ps->sock = sk;
747 ps->tunnel_sock = tunnel->sock;
748
749 session->recv_skb = pppol2tp_recv;
750 session->session_close = pppol2tp_session_close;
751#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
752 session->show = pppol2tp_show;
753#endif
754
755 /* We need to know each time a skb is dropped from the reorder
756 * queue.
757 */
758 session->ref = pppol2tp_session_sock_hold;
759 session->deref = pppol2tp_session_sock_put;
760
761 /* If PMTU discovery was enabled, use the MTU that was discovered */
762 dst = sk_dst_get(sk);
763 if (dst != NULL) {
764 u32 pmtu = dst_mtu(__sk_dst_get(sk));
765 if (pmtu != 0)
766 session->mtu = session->mru = pmtu -
767 PPPOL2TP_HEADER_OVERHEAD;
768 dst_release(dst);
769 }
770
771 /* Special case: if source & dest session_id == 0x0000, this
772 * socket is being created to manage the tunnel. Just set up
773 * the internal context for use by ioctl() and sockopt()
774 * handlers.
775 */
776 if ((session->session_id == 0) &&
777 (session->peer_session_id == 0)) {
778 error = 0;
779 goto out_no_ppp;
780 }
781
782 /* The only header we need to worry about is the L2TP
783 * header. This size is different depending on whether
784 * sequence numbers are enabled for the data channel.
785 */
786 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
787
788 po->chan.private = sk;
789 po->chan.ops = &pppol2tp_chan_ops;
790 po->chan.mtu = session->mtu;
791
792 error = ppp_register_net_channel(sock_net(sk), &po->chan);
793 if (error)
794 goto end;
795
796out_no_ppp:
797 /* This is how we get the session context from the socket. */
798 sk->sk_user_data = session;
799 sk->sk_state = PPPOX_CONNECTED;
800 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
801 "%s: created\n", session->name);
802
803end:
804 release_sock(sk);
805
806 return error;
807}
808
809#ifdef CONFIG_L2TP_V3
810
811/* Called when creating sessions via the netlink interface.
812 */
813static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
814{
815 int error;
816 struct l2tp_tunnel *tunnel;
817 struct l2tp_session *session;
818 struct pppol2tp_session *ps;
819
820 tunnel = l2tp_tunnel_find(net, tunnel_id);
821
822 /* Error if we can't find the tunnel */
823 error = -ENOENT;
824 if (tunnel == NULL)
825 goto out;
826
827 /* Error if tunnel socket is not prepped */
828 if (tunnel->sock == NULL)
829 goto out;
830
831 /* Check that this session doesn't already exist */
832 error = -EEXIST;
833 session = l2tp_session_find(net, tunnel, session_id);
834 if (session != NULL)
835 goto out;
836
837 /* Default MTU values. */
838 if (cfg->mtu == 0)
839 cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD;
840 if (cfg->mru == 0)
841 cfg->mru = cfg->mtu;
842
843 /* Allocate and initialize a new session context. */
844 error = -ENOMEM;
845 session = l2tp_session_create(sizeof(struct pppol2tp_session),
846 tunnel, session_id,
847 peer_session_id, cfg);
848 if (session == NULL)
849 goto out;
850
851 ps = l2tp_session_priv(session);
852 ps->tunnel_sock = tunnel->sock;
853
854 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
855 "%s: created\n", session->name);
856
857 error = 0;
858
859out:
860 return error;
861}
862
863/* Called when deleting sessions via the netlink interface.
864 */
865static int pppol2tp_session_delete(struct l2tp_session *session)
866{
867 struct pppol2tp_session *ps = l2tp_session_priv(session);
868
869 if (ps->sock == NULL)
870 l2tp_session_dec_refcount(session);
871
872 return 0;
873}
874
875#endif /* CONFIG_L2TP_V3 */
876
877/* getname() support.
878 */
879static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
880 int *usockaddr_len, int peer)
881{
882 int len = 0;
883 int error = 0;
884 struct l2tp_session *session;
885 struct l2tp_tunnel *tunnel;
886 struct sock *sk = sock->sk;
887 struct inet_sock *inet;
888 struct pppol2tp_session *pls;
889
890 error = -ENOTCONN;
891 if (sk == NULL)
892 goto end;
893 if (sk->sk_state != PPPOX_CONNECTED)
894 goto end;
895
896 error = -EBADF;
897 session = pppol2tp_sock_to_session(sk);
898 if (session == NULL)
899 goto end;
900
901 pls = l2tp_session_priv(session);
902 tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock);
903 if (tunnel == NULL) {
904 error = -EBADF;
905 goto end_put_sess;
906 }
907
908 inet = inet_sk(sk);
909 if (tunnel->version == 2) {
910 struct sockaddr_pppol2tp sp;
911 len = sizeof(sp);
912 memset(&sp, 0, len);
913 sp.sa_family = AF_PPPOX;
914 sp.sa_protocol = PX_PROTO_OL2TP;
915 sp.pppol2tp.fd = tunnel->fd;
916 sp.pppol2tp.pid = pls->owner;
917 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
918 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
919 sp.pppol2tp.s_session = session->session_id;
920 sp.pppol2tp.d_session = session->peer_session_id;
921 sp.pppol2tp.addr.sin_family = AF_INET;
922 sp.pppol2tp.addr.sin_port = inet->inet_dport;
923 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
924 memcpy(uaddr, &sp, len);
925 } else if (tunnel->version == 3) {
926 struct sockaddr_pppol2tpv3 sp;
927 len = sizeof(sp);
928 memset(&sp, 0, len);
929 sp.sa_family = AF_PPPOX;
930 sp.sa_protocol = PX_PROTO_OL2TP;
931 sp.pppol2tp.fd = tunnel->fd;
932 sp.pppol2tp.pid = pls->owner;
933 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
934 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
935 sp.pppol2tp.s_session = session->session_id;
936 sp.pppol2tp.d_session = session->peer_session_id;
937 sp.pppol2tp.addr.sin_family = AF_INET;
938 sp.pppol2tp.addr.sin_port = inet->inet_dport;
939 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
940 memcpy(uaddr, &sp, len);
941 }
942
943 *usockaddr_len = len;
944
945 sock_put(pls->tunnel_sock);
946end_put_sess:
947 sock_put(sk);
948 error = 0;
949
950end:
951 return error;
952}
953
954/****************************************************************************
955 * ioctl() handlers.
956 *
957 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
958 * sockets. However, in order to control kernel tunnel features, we allow
959 * userspace to create a special "tunnel" PPPoX socket which is used for
960 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
961 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
962 * calls.
963 ****************************************************************************/
964
965static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
966 struct l2tp_stats *stats)
967{
968 dest->tx_packets = stats->tx_packets;
969 dest->tx_bytes = stats->tx_bytes;
970 dest->tx_errors = stats->tx_errors;
971 dest->rx_packets = stats->rx_packets;
972 dest->rx_bytes = stats->rx_bytes;
973 dest->rx_seq_discards = stats->rx_seq_discards;
974 dest->rx_oos_packets = stats->rx_oos_packets;
975 dest->rx_errors = stats->rx_errors;
976}
977
978/* Session ioctl helper.
979 */
980static int pppol2tp_session_ioctl(struct l2tp_session *session,
981 unsigned int cmd, unsigned long arg)
982{
983 struct ifreq ifr;
984 int err = 0;
985 struct sock *sk;
986 int val = (int) arg;
987 struct pppol2tp_session *ps = l2tp_session_priv(session);
988 struct l2tp_tunnel *tunnel = session->tunnel;
989 struct pppol2tp_ioc_stats stats;
990
991 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
992 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
993 session->name, cmd, arg);
994
995 sk = ps->sock;
996 sock_hold(sk);
997
998 switch (cmd) {
999 case SIOCGIFMTU:
1000 err = -ENXIO;
1001 if (!(sk->sk_state & PPPOX_CONNECTED))
1002 break;
1003
1004 err = -EFAULT;
1005 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1006 break;
1007 ifr.ifr_mtu = session->mtu;
1008 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1009 break;
1010
1011 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1012 "%s: get mtu=%d\n", session->name, session->mtu);
1013 err = 0;
1014 break;
1015
1016 case SIOCSIFMTU:
1017 err = -ENXIO;
1018 if (!(sk->sk_state & PPPOX_CONNECTED))
1019 break;
1020
1021 err = -EFAULT;
1022 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1023 break;
1024
1025 session->mtu = ifr.ifr_mtu;
1026
1027 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1028 "%s: set mtu=%d\n", session->name, session->mtu);
1029 err = 0;
1030 break;
1031
1032 case PPPIOCGMRU:
1033 err = -ENXIO;
1034 if (!(sk->sk_state & PPPOX_CONNECTED))
1035 break;
1036
1037 err = -EFAULT;
1038 if (put_user(session->mru, (int __user *) arg))
1039 break;
1040
1041 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1042 "%s: get mru=%d\n", session->name, session->mru);
1043 err = 0;
1044 break;
1045
1046 case PPPIOCSMRU:
1047 err = -ENXIO;
1048 if (!(sk->sk_state & PPPOX_CONNECTED))
1049 break;
1050
1051 err = -EFAULT;
1052 if (get_user(val, (int __user *) arg))
1053 break;
1054
1055 session->mru = val;
1056 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1057 "%s: set mru=%d\n", session->name, session->mru);
1058 err = 0;
1059 break;
1060
1061 case PPPIOCGFLAGS:
1062 err = -EFAULT;
1063 if (put_user(ps->flags, (int __user *) arg))
1064 break;
1065
1066 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1067 "%s: get flags=%d\n", session->name, ps->flags);
1068 err = 0;
1069 break;
1070
1071 case PPPIOCSFLAGS:
1072 err = -EFAULT;
1073 if (get_user(val, (int __user *) arg))
1074 break;
1075 ps->flags = val;
1076 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1077 "%s: set flags=%d\n", session->name, ps->flags);
1078 err = 0;
1079 break;
1080
1081 case PPPIOCGL2TPSTATS:
1082 err = -ENXIO;
1083 if (!(sk->sk_state & PPPOX_CONNECTED))
1084 break;
1085
1086 memset(&stats, 0, sizeof(stats));
1087 stats.tunnel_id = tunnel->tunnel_id;
1088 stats.session_id = session->session_id;
1089 pppol2tp_copy_stats(&stats, &session->stats);
1090 if (copy_to_user((void __user *) arg, &stats,
1091 sizeof(stats)))
1092 break;
1093 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1094 "%s: get L2TP stats\n", session->name);
1095 err = 0;
1096 break;
1097
1098 default:
1099 err = -ENOSYS;
1100 break;
1101 }
1102
1103 sock_put(sk);
1104
1105 return err;
1106}
1107
1108/* Tunnel ioctl helper.
1109 *
1110 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1111 * specifies a session_id, the session ioctl handler is called. This allows an
1112 * application to retrieve session stats via a tunnel socket.
1113 */
1114static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
1115 unsigned int cmd, unsigned long arg)
1116{
1117 int err = 0;
1118 struct sock *sk;
1119 struct pppol2tp_ioc_stats stats;
1120
1121 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1122 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
1123 tunnel->name, cmd, arg);
1124
1125 sk = tunnel->sock;
1126 sock_hold(sk);
1127
1128 switch (cmd) {
1129 case PPPIOCGL2TPSTATS:
1130 err = -ENXIO;
1131 if (!(sk->sk_state & PPPOX_CONNECTED))
1132 break;
1133
1134 if (copy_from_user(&stats, (void __user *) arg,
1135 sizeof(stats))) {
1136 err = -EFAULT;
1137 break;
1138 }
1139 if (stats.session_id != 0) {
1140 /* resend to session ioctl handler */
1141 struct l2tp_session *session =
1142 l2tp_session_find(sock_net(sk), tunnel, stats.session_id);
1143 if (session != NULL)
1144 err = pppol2tp_session_ioctl(session, cmd, arg);
1145 else
1146 err = -EBADR;
1147 break;
1148 }
1149#ifdef CONFIG_XFRM
1150 stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1151#endif
1152 pppol2tp_copy_stats(&stats, &tunnel->stats);
1153 if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) {
1154 err = -EFAULT;
1155 break;
1156 }
1157 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1158 "%s: get L2TP stats\n", tunnel->name);
1159 err = 0;
1160 break;
1161
1162 default:
1163 err = -ENOSYS;
1164 break;
1165 }
1166
1167 sock_put(sk);
1168
1169 return err;
1170}
1171
1172/* Main ioctl() handler.
1173 * Dispatch to tunnel or session helpers depending on the socket.
1174 */
1175static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1176 unsigned long arg)
1177{
1178 struct sock *sk = sock->sk;
1179 struct l2tp_session *session;
1180 struct l2tp_tunnel *tunnel;
1181 struct pppol2tp_session *ps;
1182 int err;
1183
1184 if (!sk)
1185 return 0;
1186
1187 err = -EBADF;
1188 if (sock_flag(sk, SOCK_DEAD) != 0)
1189 goto end;
1190
1191 err = -ENOTCONN;
1192 if ((sk->sk_user_data == NULL) ||
1193 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1194 goto end;
1195
1196 /* Get session context from the socket */
1197 err = -EBADF;
1198 session = pppol2tp_sock_to_session(sk);
1199 if (session == NULL)
1200 goto end;
1201
1202 /* Special case: if session's session_id is zero, treat ioctl as a
1203 * tunnel ioctl
1204 */
1205 ps = l2tp_session_priv(session);
1206 if ((session->session_id == 0) &&
1207 (session->peer_session_id == 0)) {
1208 err = -EBADF;
1209 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1210 if (tunnel == NULL)
1211 goto end_put_sess;
1212
1213 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1214 sock_put(ps->tunnel_sock);
1215 goto end_put_sess;
1216 }
1217
1218 err = pppol2tp_session_ioctl(session, cmd, arg);
1219
1220end_put_sess:
1221 sock_put(sk);
1222end:
1223 return err;
1224}
1225
1226/*****************************************************************************
1227 * setsockopt() / getsockopt() support.
1228 *
1229 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1230 * sockets. In order to control kernel tunnel features, we allow userspace to
1231 * create a special "tunnel" PPPoX socket which is used for control only.
1232 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1233 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1234 *****************************************************************************/
1235
1236/* Tunnel setsockopt() helper.
1237 */
1238static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1239 struct l2tp_tunnel *tunnel,
1240 int optname, int val)
1241{
1242 int err = 0;
1243
1244 switch (optname) {
1245 case PPPOL2TP_SO_DEBUG:
1246 tunnel->debug = val;
1247 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1248 "%s: set debug=%x\n", tunnel->name, tunnel->debug);
1249 break;
1250
1251 default:
1252 err = -ENOPROTOOPT;
1253 break;
1254 }
1255
1256 return err;
1257}
1258
1259/* Session setsockopt helper.
1260 */
1261static int pppol2tp_session_setsockopt(struct sock *sk,
1262 struct l2tp_session *session,
1263 int optname, int val)
1264{
1265 int err = 0;
1266 struct pppol2tp_session *ps = l2tp_session_priv(session);
1267
1268 switch (optname) {
1269 case PPPOL2TP_SO_RECVSEQ:
1270 if ((val != 0) && (val != 1)) {
1271 err = -EINVAL;
1272 break;
1273 }
1274 session->recv_seq = val ? -1 : 0;
1275 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1276 "%s: set recv_seq=%d\n", session->name, session->recv_seq);
1277 break;
1278
1279 case PPPOL2TP_SO_SENDSEQ:
1280 if ((val != 0) && (val != 1)) {
1281 err = -EINVAL;
1282 break;
1283 }
1284 session->send_seq = val ? -1 : 0;
1285 {
1286 struct sock *ssk = ps->sock;
1287 struct pppox_sock *po = pppox_sk(ssk);
1288 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1289 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1290 }
1291 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1292 "%s: set send_seq=%d\n", session->name, session->send_seq);
1293 break;
1294
1295 case PPPOL2TP_SO_LNSMODE:
1296 if ((val != 0) && (val != 1)) {
1297 err = -EINVAL;
1298 break;
1299 }
1300 session->lns_mode = val ? -1 : 0;
1301 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1302 "%s: set lns_mode=%d\n", session->name, session->lns_mode);
1303 break;
1304
1305 case PPPOL2TP_SO_DEBUG:
1306 session->debug = val;
1307 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1308 "%s: set debug=%x\n", session->name, session->debug);
1309 break;
1310
1311 case PPPOL2TP_SO_REORDERTO:
1312 session->reorder_timeout = msecs_to_jiffies(val);
1313 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1314 "%s: set reorder_timeout=%d\n", session->name, session->reorder_timeout);
1315 break;
1316
1317 default:
1318 err = -ENOPROTOOPT;
1319 break;
1320 }
1321
1322 return err;
1323}
1324
1325/* Main setsockopt() entry point.
1326 * Does API checks, then calls either the tunnel or session setsockopt
1327 * handler, according to whether the PPPoL2TP socket is a for a regular
1328 * session or the special tunnel type.
1329 */
1330static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1331 char __user *optval, unsigned int optlen)
1332{
1333 struct sock *sk = sock->sk;
1334 struct l2tp_session *session;
1335 struct l2tp_tunnel *tunnel;
1336 struct pppol2tp_session *ps;
1337 int val;
1338 int err;
1339
1340 if (level != SOL_PPPOL2TP)
1341 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
1342
1343 if (optlen < sizeof(int))
1344 return -EINVAL;
1345
1346 if (get_user(val, (int __user *)optval))
1347 return -EFAULT;
1348
1349 err = -ENOTCONN;
1350 if (sk->sk_user_data == NULL)
1351 goto end;
1352
1353 /* Get session context from the socket */
1354 err = -EBADF;
1355 session = pppol2tp_sock_to_session(sk);
1356 if (session == NULL)
1357 goto end;
1358
1359 /* Special case: if session_id == 0x0000, treat as operation on tunnel
1360 */
1361 ps = l2tp_session_priv(session);
1362 if ((session->session_id == 0) &&
1363 (session->peer_session_id == 0)) {
1364 err = -EBADF;
1365 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1366 if (tunnel == NULL)
1367 goto end_put_sess;
1368
1369 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1370 sock_put(ps->tunnel_sock);
1371 } else
1372 err = pppol2tp_session_setsockopt(sk, session, optname, val);
1373
1374 err = 0;
1375
1376end_put_sess:
1377 sock_put(sk);
1378end:
1379 return err;
1380}
1381
1382/* Tunnel getsockopt helper. Called with sock locked.
1383 */
1384static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1385 struct l2tp_tunnel *tunnel,
1386 int optname, int *val)
1387{
1388 int err = 0;
1389
1390 switch (optname) {
1391 case PPPOL2TP_SO_DEBUG:
1392 *val = tunnel->debug;
1393 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1394 "%s: get debug=%x\n", tunnel->name, tunnel->debug);
1395 break;
1396
1397 default:
1398 err = -ENOPROTOOPT;
1399 break;
1400 }
1401
1402 return err;
1403}
1404
1405/* Session getsockopt helper. Called with sock locked.
1406 */
1407static int pppol2tp_session_getsockopt(struct sock *sk,
1408 struct l2tp_session *session,
1409 int optname, int *val)
1410{
1411 int err = 0;
1412
1413 switch (optname) {
1414 case PPPOL2TP_SO_RECVSEQ:
1415 *val = session->recv_seq;
1416 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1417 "%s: get recv_seq=%d\n", session->name, *val);
1418 break;
1419
1420 case PPPOL2TP_SO_SENDSEQ:
1421 *val = session->send_seq;
1422 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1423 "%s: get send_seq=%d\n", session->name, *val);
1424 break;
1425
1426 case PPPOL2TP_SO_LNSMODE:
1427 *val = session->lns_mode;
1428 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1429 "%s: get lns_mode=%d\n", session->name, *val);
1430 break;
1431
1432 case PPPOL2TP_SO_DEBUG:
1433 *val = session->debug;
1434 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1435 "%s: get debug=%d\n", session->name, *val);
1436 break;
1437
1438 case PPPOL2TP_SO_REORDERTO:
1439 *val = (int) jiffies_to_msecs(session->reorder_timeout);
1440 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1441 "%s: get reorder_timeout=%d\n", session->name, *val);
1442 break;
1443
1444 default:
1445 err = -ENOPROTOOPT;
1446 }
1447
1448 return err;
1449}
1450
1451/* Main getsockopt() entry point.
1452 * Does API checks, then calls either the tunnel or session getsockopt
1453 * handler, according to whether the PPPoX socket is a for a regular session
1454 * or the special tunnel type.
1455 */
1456static int pppol2tp_getsockopt(struct socket *sock, int level,
1457 int optname, char __user *optval, int __user *optlen)
1458{
1459 struct sock *sk = sock->sk;
1460 struct l2tp_session *session;
1461 struct l2tp_tunnel *tunnel;
1462 int val, len;
1463 int err;
1464 struct pppol2tp_session *ps;
1465
1466 if (level != SOL_PPPOL2TP)
1467 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1468
1469 if (get_user(len, (int __user *) optlen))
1470 return -EFAULT;
1471
1472 len = min_t(unsigned int, len, sizeof(int));
1473
1474 if (len < 0)
1475 return -EINVAL;
1476
1477 err = -ENOTCONN;
1478 if (sk->sk_user_data == NULL)
1479 goto end;
1480
1481 /* Get the session context */
1482 err = -EBADF;
1483 session = pppol2tp_sock_to_session(sk);
1484 if (session == NULL)
1485 goto end;
1486
1487 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1488 ps = l2tp_session_priv(session);
1489 if ((session->session_id == 0) &&
1490 (session->peer_session_id == 0)) {
1491 err = -EBADF;
1492 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1493 if (tunnel == NULL)
1494 goto end_put_sess;
1495
1496 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1497 sock_put(ps->tunnel_sock);
1498 } else
1499 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1500
1501 err = -EFAULT;
1502 if (put_user(len, (int __user *) optlen))
1503 goto end_put_sess;
1504
1505 if (copy_to_user((void __user *) optval, &val, len))
1506 goto end_put_sess;
1507
1508 err = 0;
1509
1510end_put_sess:
1511 sock_put(sk);
1512end:
1513 return err;
1514}
1515
1516/*****************************************************************************
1517 * /proc filesystem for debug
1518 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1519 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1520 *****************************************************************************/
1521
1522static unsigned int pppol2tp_net_id;
1523
1524#ifdef CONFIG_PROC_FS
1525
1526struct pppol2tp_seq_data {
1527 struct seq_net_private p;
1528 int tunnel_idx; /* current tunnel */
1529 int session_idx; /* index of session within current tunnel */
1530 struct l2tp_tunnel *tunnel;
1531 struct l2tp_session *session; /* NULL means get next tunnel */
1532};
1533
1534static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1535{
1536 for (;;) {
1537 pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx);
1538 pd->tunnel_idx++;
1539
1540 if (pd->tunnel == NULL)
1541 break;
1542
1543 /* Ignore L2TPv3 tunnels */
1544 if (pd->tunnel->version < 3)
1545 break;
1546 }
1547}
1548
1549static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1550{
1551 pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
1552 pd->session_idx++;
1553
1554 if (pd->session == NULL) {
1555 pd->session_idx = 0;
1556 pppol2tp_next_tunnel(net, pd);
1557 }
1558}
1559
1560static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1561{
1562 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1563 loff_t pos = *offs;
1564 struct net *net;
1565
1566 if (!pos)
1567 goto out;
1568
1569 BUG_ON(m->private == NULL);
1570 pd = m->private;
1571 net = seq_file_net(m);
1572
1573 if (pd->tunnel == NULL)
1574 pppol2tp_next_tunnel(net, pd);
1575 else
1576 pppol2tp_next_session(net, pd);
1577
1578 /* NULL tunnel and session indicates end of list */
1579 if ((pd->tunnel == NULL) && (pd->session == NULL))
1580 pd = NULL;
1581
1582out:
1583 return pd;
1584}
1585
1586static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1587{
1588 (*pos)++;
1589 return NULL;
1590}
1591
1592static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1593{
1594 /* nothing to do */
1595}
1596
1597static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1598{
1599 struct l2tp_tunnel *tunnel = v;
1600
1601 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1602 tunnel->name,
1603 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1604 atomic_read(&tunnel->ref_count) - 1);
1605 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
1606 tunnel->debug,
1607 (unsigned long long)tunnel->stats.tx_packets,
1608 (unsigned long long)tunnel->stats.tx_bytes,
1609 (unsigned long long)tunnel->stats.tx_errors,
1610 (unsigned long long)tunnel->stats.rx_packets,
1611 (unsigned long long)tunnel->stats.rx_bytes,
1612 (unsigned long long)tunnel->stats.rx_errors);
1613}
1614
1615static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1616{
1617 struct l2tp_session *session = v;
1618 struct l2tp_tunnel *tunnel = session->tunnel;
1619 struct pppol2tp_session *ps = l2tp_session_priv(session);
1620 struct pppox_sock *po = pppox_sk(ps->sock);
1621 u32 ip = 0;
1622 u16 port = 0;
1623
1624 if (tunnel->sock) {
1625 struct inet_sock *inet = inet_sk(tunnel->sock);
1626 ip = ntohl(inet->inet_saddr);
1627 port = ntohs(inet->inet_sport);
1628 }
1629
1630 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
1631 "%04X/%04X %d %c\n",
1632 session->name, ip, port,
1633 tunnel->tunnel_id,
1634 session->session_id,
1635 tunnel->peer_tunnel_id,
1636 session->peer_session_id,
1637 ps->sock->sk_state,
1638 (session == ps->sock->sk_user_data) ?
1639 'Y' : 'N');
1640 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
1641 session->mtu, session->mru,
1642 session->recv_seq ? 'R' : '-',
1643 session->send_seq ? 'S' : '-',
1644 session->lns_mode ? "LNS" : "LAC",
1645 session->debug,
1646 jiffies_to_msecs(session->reorder_timeout));
1647 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
1648 session->nr, session->ns,
1649 (unsigned long long)session->stats.tx_packets,
1650 (unsigned long long)session->stats.tx_bytes,
1651 (unsigned long long)session->stats.tx_errors,
1652 (unsigned long long)session->stats.rx_packets,
1653 (unsigned long long)session->stats.rx_bytes,
1654 (unsigned long long)session->stats.rx_errors);
1655
1656 if (po)
1657 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
1658}
1659
1660static int pppol2tp_seq_show(struct seq_file *m, void *v)
1661{
1662 struct pppol2tp_seq_data *pd = v;
1663
1664 /* display header on line 1 */
1665 if (v == SEQ_START_TOKEN) {
1666 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1667 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1668 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1669 seq_puts(m, " SESSION name, addr/port src-tid/sid "
1670 "dest-tid/sid state user-data-ok\n");
1671 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1672 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1673 goto out;
1674 }
1675
1676 /* Show the tunnel or session context.
1677 */
1678 if (pd->session == NULL)
1679 pppol2tp_seq_tunnel_show(m, pd->tunnel);
1680 else
1681 pppol2tp_seq_session_show(m, pd->session);
1682
1683out:
1684 return 0;
1685}
1686
1687static const struct seq_operations pppol2tp_seq_ops = {
1688 .start = pppol2tp_seq_start,
1689 .next = pppol2tp_seq_next,
1690 .stop = pppol2tp_seq_stop,
1691 .show = pppol2tp_seq_show,
1692};
1693
1694/* Called when our /proc file is opened. We allocate data for use when
1695 * iterating our tunnel / session contexts and store it in the private
1696 * data of the seq_file.
1697 */
1698static int pppol2tp_proc_open(struct inode *inode, struct file *file)
1699{
1700 return seq_open_net(inode, file, &pppol2tp_seq_ops,
1701 sizeof(struct pppol2tp_seq_data));
1702}
1703
1704static const struct file_operations pppol2tp_proc_fops = {
1705 .owner = THIS_MODULE,
1706 .open = pppol2tp_proc_open,
1707 .read = seq_read,
1708 .llseek = seq_lseek,
1709 .release = seq_release_net,
1710};
1711
1712#endif /* CONFIG_PROC_FS */
1713
1714/*****************************************************************************
1715 * Network namespace
1716 *****************************************************************************/
1717
1718static __net_init int pppol2tp_init_net(struct net *net)
1719{
1720 struct proc_dir_entry *pde;
1721 int err = 0;
1722
1723 pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
1724 if (!pde) {
1725 err = -ENOMEM;
1726 goto out;
1727 }
1728
1729out:
1730 return err;
1731}
1732
1733static __net_exit void pppol2tp_exit_net(struct net *net)
1734{
1735 proc_net_remove(net, "pppol2tp");
1736}
1737
1738static struct pernet_operations pppol2tp_net_ops = {
1739 .init = pppol2tp_init_net,
1740 .exit = pppol2tp_exit_net,
1741 .id = &pppol2tp_net_id,
1742};
1743
1744/*****************************************************************************
1745 * Init and cleanup
1746 *****************************************************************************/
1747
1748static const struct proto_ops pppol2tp_ops = {
1749 .family = AF_PPPOX,
1750 .owner = THIS_MODULE,
1751 .release = pppol2tp_release,
1752 .bind = sock_no_bind,
1753 .connect = pppol2tp_connect,
1754 .socketpair = sock_no_socketpair,
1755 .accept = sock_no_accept,
1756 .getname = pppol2tp_getname,
1757 .poll = datagram_poll,
1758 .listen = sock_no_listen,
1759 .shutdown = sock_no_shutdown,
1760 .setsockopt = pppol2tp_setsockopt,
1761 .getsockopt = pppol2tp_getsockopt,
1762 .sendmsg = pppol2tp_sendmsg,
1763 .recvmsg = pppol2tp_recvmsg,
1764 .mmap = sock_no_mmap,
1765 .ioctl = pppox_ioctl,
1766};
1767
1768static struct pppox_proto pppol2tp_proto = {
1769 .create = pppol2tp_create,
1770 .ioctl = pppol2tp_ioctl
1771};
1772
1773#ifdef CONFIG_L2TP_V3
1774
1775static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1776 .session_create = pppol2tp_session_create,
1777 .session_delete = pppol2tp_session_delete,
1778};
1779
1780#endif /* CONFIG_L2TP_V3 */
1781
1782static int __init pppol2tp_init(void)
1783{
1784 int err;
1785
1786 err = register_pernet_device(&pppol2tp_net_ops);
1787 if (err)
1788 goto out;
1789
1790 err = proto_register(&pppol2tp_sk_proto, 0);
1791 if (err)
1792 goto out_unregister_pppol2tp_pernet;
1793
1794 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1795 if (err)
1796 goto out_unregister_pppol2tp_proto;
1797
1798#ifdef CONFIG_L2TP_V3
1799 err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1800 if (err)
1801 goto out_unregister_pppox;
1802#endif
1803
1804 printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
1805 PPPOL2TP_DRV_VERSION);
1806
1807out:
1808 return err;
1809
1810#ifdef CONFIG_L2TP_V3
1811out_unregister_pppox:
1812 unregister_pppox_proto(PX_PROTO_OL2TP);
1813#endif
1814out_unregister_pppol2tp_proto:
1815 proto_unregister(&pppol2tp_sk_proto);
1816out_unregister_pppol2tp_pernet:
1817 unregister_pernet_device(&pppol2tp_net_ops);
1818 goto out;
1819}
1820
1821static void __exit pppol2tp_exit(void)
1822{
1823#ifdef CONFIG_L2TP_V3
1824 l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1825#endif
1826 unregister_pppox_proto(PX_PROTO_OL2TP);
1827 proto_unregister(&pppol2tp_sk_proto);
1828 unregister_pernet_device(&pppol2tp_net_ops);
1829}
1830
1831module_init(pppol2tp_init);
1832module_exit(pppol2tp_exit);
1833
1834MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1835MODULE_DESCRIPTION("PPP over L2TP over UDP");
1836MODULE_LICENSE("GPL");
1837MODULE_VERSION(PPPOL2TP_DRV_VERSION);