1 /*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6 *
7 * Version: 1.0.0
8 *
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
15 *
16 * License:
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version
20 * 2 of the License, or (at your option) any later version.
21 *
22 */
23
24 /* This driver handles only L2TP data frames; control frames are handled by a
25 * userspace application.
26 *
27 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
28 * attaches it to a bound UDP socket with local tunnel_id / session_id and
29 * peer tunnel_id / session_id set. Data can then be sent or received using
30 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
31 * can be read or modified using ioctl() or [gs]etsockopt() calls.
32 *
33 * When a PPPoL2TP socket is connected with local and peer session_id values
34 * zero, the socket is treated as a special tunnel management socket.
35 *
36 * Here's example userspace code to create a socket for sending/receiving data
37 * over an L2TP session:-
38 *
39 * struct sockaddr_pppol2tp sax;
40 * int fd;
41 * int session_fd;
42 *
43 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
44 *
45 * sax.sa_family = AF_PPPOX;
46 * sax.sa_protocol = PX_PROTO_OL2TP;
47 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
48 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
49 * sax.pppol2tp.addr.sin_port = addr->sin_port;
50 * sax.pppol2tp.addr.sin_family = AF_INET;
51 * sax.pppol2tp.s_tunnel = tunnel_id;
52 * sax.pppol2tp.s_session = session_id;
53 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
54 * sax.pppol2tp.d_session = peer_session_id;
55 *
56 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
57 *
58 * A pppd plugin that allows PPP traffic to be carried over L2TP using
59 * this driver is available from the OpenL2TP project at
60 * http://openl2tp.sourceforge.net.
61 */
62
63 #include <linux/module.h>
64 #include <linux/string.h>
65 #include <linux/list.h>
66 #include <asm/uaccess.h>
67
68 #include <linux/kernel.h>
69 #include <linux/spinlock.h>
70 #include <linux/kthread.h>
71 #include <linux/sched.h>
72 #include <linux/slab.h>
73 #include <linux/errno.h>
74 #include <linux/jiffies.h>
75
76 #include <linux/netdevice.h>
77 #include <linux/net.h>
78 #include <linux/inetdevice.h>
79 #include <linux/skbuff.h>
80 #include <linux/init.h>
81 #include <linux/ip.h>
82 #include <linux/udp.h>
83 #include <linux/if_pppox.h>
84 #include <linux/if_pppol2tp.h>
85 #include <net/sock.h>
86 #include <linux/ppp_channel.h>
87 #include <linux/ppp_defs.h>
88 #include <linux/if_ppp.h>
89 #include <linux/file.h>
90 #include <linux/hash.h>
91 #include <linux/sort.h>
92 #include <linux/proc_fs.h>
93 #include <net/net_namespace.h>
94 #include <net/dst.h>
95 #include <net/ip.h>
96 #include <net/udp.h>
97 #include <net/xfrm.h>
98
99 #include <asm/byteorder.h>
100 #include <asm/atomic.h>
101
102
103 #define PPPOL2TP_DRV_VERSION "V1.0"
104
105 /* L2TP header constants */
106 #define L2TP_HDRFLAG_T 0x8000
107 #define L2TP_HDRFLAG_L 0x4000
108 #define L2TP_HDRFLAG_S 0x0800
109 #define L2TP_HDRFLAG_O 0x0200
110 #define L2TP_HDRFLAG_P 0x0100
111
112 #define L2TP_HDR_VER_MASK 0x000F
113 #define L2TP_HDR_VER 0x0002
114
115 /* Space for UDP, L2TP and PPP headers */
116 #define PPPOL2TP_HEADER_OVERHEAD 40
117
118 /* Just some random numbers */
119 #define L2TP_TUNNEL_MAGIC 0x42114DDA
120 #define L2TP_SESSION_MAGIC 0x0C04EB7D
121
122 #define PPPOL2TP_HASH_BITS 4
123 #define PPPOL2TP_HASH_SIZE (1 << PPPOL2TP_HASH_BITS)
124
125 /* Default trace flags */
126 #define PPPOL2TP_DEFAULT_DEBUG_FLAGS 0
127
128 #define PRINTK(_mask, _type, _lvl, _fmt, args...) \
129 do { \
130 if ((_mask) & (_type)) \
131 printk(_lvl "PPPOL2TP: " _fmt, ##args); \
132 } while(0)
133
134 /* Number of bytes to build transmit L2TP headers.
135 * Unfortunately the size is different depending on whether sequence numbers
136 * are enabled.
137 */
138 #define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
139 #define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
140
141 struct pppol2tp_tunnel;
142
143 /* Describes a session. It is the sk_user_data field in the PPPoL2TP
144 * socket. Contains information to determine incoming packets and transmit
145 * outgoing ones.
146 */
147 struct pppol2tp_session
148 {
149 int magic; /* should be
150 * L2TP_SESSION_MAGIC */
151 int owner; /* pid that opened the socket */
152
153 struct sock *sock; /* Pointer to the session
154 * PPPoX socket */
155 struct sock *tunnel_sock; /* Pointer to the tunnel UDP
156 * socket */
157
158 struct pppol2tp_addr tunnel_addr; /* Description of tunnel */
159
160 struct pppol2tp_tunnel *tunnel; /* back pointer to tunnel
161 * context */
162
163 char name[20]; /* "sess xxxxx/yyyyy", where
164 * x=tunnel_id, y=session_id */
165 int mtu;
166 int mru;
167 int flags; /* accessed by PPPIOCGFLAGS.
168 * Unused. */
169 unsigned recv_seq:1; /* expect receive packets with
170 * sequence numbers? */
171 unsigned send_seq:1; /* send packets with sequence
172 * numbers? */
173 unsigned lns_mode:1; /* behave as LNS? LAC enables
174 * sequence numbers under
175 * control of LNS. */
176 int debug; /* bitmask of debug message
177 * categories */
178 int reorder_timeout; /* configured reorder timeout
179 * (in jiffies) */
180 u16 nr; /* session NR state (receive) */
181 u16 ns; /* session NR state (send) */
182 struct sk_buff_head reorder_q; /* receive reorder queue */
183 struct pppol2tp_ioc_stats stats;
184 struct hlist_node hlist; /* Hash list node */
185 };
186
187 /* The sk_user_data field of the tunnel's UDP socket. It contains info to track
188 * all the associated sessions so incoming packets can be sorted out
189 */
190 struct pppol2tp_tunnel
191 {
192 int magic; /* Should be L2TP_TUNNEL_MAGIC */
193 rwlock_t hlist_lock; /* protect session_hlist */
194 struct hlist_head session_hlist[PPPOL2TP_HASH_SIZE];
195 /* hashed list of sessions,
196 * hashed by id */
197 int debug; /* bitmask of debug message
198 * categories */
199 char name[12]; /* "tunl xxxxx" */
200 struct pppol2tp_ioc_stats stats;
201
202 void (*old_sk_destruct)(struct sock *);
203
204 struct sock *sock; /* Parent socket */
205 struct list_head list; /* Keep a list of all open
206 * prepared sockets */
207
208 atomic_t ref_count;
209 };
210
211 /* Private data stored for received packets in the skb.
212 */
213 struct pppol2tp_skb_cb {
214 u16 ns;
215 u16 nr;
216 u16 has_seq;
217 u16 length;
218 unsigned long expires;
219 };
220
221 #define PPPOL2TP_SKB_CB(skb) ((struct pppol2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
222
223 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
224 static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel);
225
226 static atomic_t pppol2tp_tunnel_count;
227 static atomic_t pppol2tp_session_count;
228 static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
229 static struct proto_ops pppol2tp_ops;
230 static LIST_HEAD(pppol2tp_tunnel_list);
231 static DEFINE_RWLOCK(pppol2tp_tunnel_list_lock);
232
233 /* Helpers to obtain tunnel/session contexts from sockets.
234 */
pppol2tp_sock_to_session(struct sock * sk)235 static inline struct pppol2tp_session *pppol2tp_sock_to_session(struct sock *sk)
236 {
237 struct pppol2tp_session *session;
238
239 if (sk == NULL)
240 return NULL;
241
242 sock_hold(sk);
243 session = (struct pppol2tp_session *)(sk->sk_user_data);
244 if (session == NULL) {
245 sock_put(sk);
246 goto out;
247 }
248
249 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
250 out:
251 return session;
252 }
253
pppol2tp_sock_to_tunnel(struct sock * sk)254 static inline struct pppol2tp_tunnel *pppol2tp_sock_to_tunnel(struct sock *sk)
255 {
256 struct pppol2tp_tunnel *tunnel;
257
258 if (sk == NULL)
259 return NULL;
260
261 sock_hold(sk);
262 tunnel = (struct pppol2tp_tunnel *)(sk->sk_user_data);
263 if (tunnel == NULL) {
264 sock_put(sk);
265 goto out;
266 }
267
268 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
269 out:
270 return tunnel;
271 }
272
273 /* Tunnel reference counts. Incremented per session that is added to
274 * the tunnel.
275 */
pppol2tp_tunnel_inc_refcount(struct pppol2tp_tunnel * tunnel)276 static inline void pppol2tp_tunnel_inc_refcount(struct pppol2tp_tunnel *tunnel)
277 {
278 atomic_inc(&tunnel->ref_count);
279 }
280
pppol2tp_tunnel_dec_refcount(struct pppol2tp_tunnel * tunnel)281 static inline void pppol2tp_tunnel_dec_refcount(struct pppol2tp_tunnel *tunnel)
282 {
283 if (atomic_dec_and_test(&tunnel->ref_count))
284 pppol2tp_tunnel_free(tunnel);
285 }
286
287 /* Session hash list.
288 * The session_id SHOULD be random according to RFC2661, but several
289 * L2TP implementations (Cisco and Microsoft) use incrementing
290 * session_ids. So we do a real hash on the session_id, rather than a
291 * simple bitmask.
292 */
293 static inline struct hlist_head *
pppol2tp_session_id_hash(struct pppol2tp_tunnel * tunnel,u16 session_id)294 pppol2tp_session_id_hash(struct pppol2tp_tunnel *tunnel, u16 session_id)
295 {
296 unsigned long hash_val = (unsigned long) session_id;
297 return &tunnel->session_hlist[hash_long(hash_val, PPPOL2TP_HASH_BITS)];
298 }
299
300 /* Lookup a session by id
301 */
302 static struct pppol2tp_session *
pppol2tp_session_find(struct pppol2tp_tunnel * tunnel,u16 session_id)303 pppol2tp_session_find(struct pppol2tp_tunnel *tunnel, u16 session_id)
304 {
305 struct hlist_head *session_list =
306 pppol2tp_session_id_hash(tunnel, session_id);
307 struct pppol2tp_session *session;
308 struct hlist_node *walk;
309
310 read_lock_bh(&tunnel->hlist_lock);
311 hlist_for_each_entry(session, walk, session_list, hlist) {
312 if (session->tunnel_addr.s_session == session_id) {
313 read_unlock_bh(&tunnel->hlist_lock);
314 return session;
315 }
316 }
317 read_unlock_bh(&tunnel->hlist_lock);
318
319 return NULL;
320 }
321
322 /* Lookup a tunnel by id
323 */
pppol2tp_tunnel_find(u16 tunnel_id)324 static struct pppol2tp_tunnel *pppol2tp_tunnel_find(u16 tunnel_id)
325 {
326 struct pppol2tp_tunnel *tunnel = NULL;
327
328 read_lock_bh(&pppol2tp_tunnel_list_lock);
329 list_for_each_entry(tunnel, &pppol2tp_tunnel_list, list) {
330 if (tunnel->stats.tunnel_id == tunnel_id) {
331 read_unlock_bh(&pppol2tp_tunnel_list_lock);
332 return tunnel;
333 }
334 }
335 read_unlock_bh(&pppol2tp_tunnel_list_lock);
336
337 return NULL;
338 }
339
340 /*****************************************************************************
341 * Receive data handling
342 *****************************************************************************/
343
344 /* Queue a skb in order. We come here only if the skb has an L2TP sequence
345 * number.
346 */
pppol2tp_recv_queue_skb(struct pppol2tp_session * session,struct sk_buff * skb)347 static void pppol2tp_recv_queue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
348 {
349 struct sk_buff *skbp;
350 struct sk_buff *tmp;
351 u16 ns = PPPOL2TP_SKB_CB(skb)->ns;
352
353 spin_lock_bh(&session->reorder_q.lock);
354 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
355 if (PPPOL2TP_SKB_CB(skbp)->ns > ns) {
356 __skb_queue_before(&session->reorder_q, skbp, skb);
357 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
358 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
359 session->name, ns, PPPOL2TP_SKB_CB(skbp)->ns,
360 skb_queue_len(&session->reorder_q));
361 session->stats.rx_oos_packets++;
362 goto out;
363 }
364 }
365
366 __skb_queue_tail(&session->reorder_q, skb);
367
368 out:
369 spin_unlock_bh(&session->reorder_q.lock);
370 }
371
372 /* Dequeue a single skb.
373 */
pppol2tp_recv_dequeue_skb(struct pppol2tp_session * session,struct sk_buff * skb)374 static void pppol2tp_recv_dequeue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
375 {
376 struct pppol2tp_tunnel *tunnel = session->tunnel;
377 int length = PPPOL2TP_SKB_CB(skb)->length;
378 struct sock *session_sock = NULL;
379
380 /* We're about to requeue the skb, so return resources
381 * to its current owner (a socket receive buffer).
382 */
383 skb_orphan(skb);
384
385 tunnel->stats.rx_packets++;
386 tunnel->stats.rx_bytes += length;
387 session->stats.rx_packets++;
388 session->stats.rx_bytes += length;
389
390 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
391 /* Bump our Nr */
392 session->nr++;
393 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
394 "%s: updated nr to %hu\n", session->name, session->nr);
395 }
396
397 /* If the socket is bound, send it in to PPP's input queue. Otherwise
398 * queue it on the session socket.
399 */
400 session_sock = session->sock;
401 if (session_sock->sk_state & PPPOX_BOUND) {
402 struct pppox_sock *po;
403 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
404 "%s: recv %d byte data frame, passing to ppp\n",
405 session->name, length);
406
407 /* We need to forget all info related to the L2TP packet
408 * gathered in the skb as we are going to reuse the same
409 * skb for the inner packet.
410 * Namely we need to:
411 * - reset xfrm (IPSec) information as it applies to
412 * the outer L2TP packet and not to the inner one
413 * - release the dst to force a route lookup on the inner
414 * IP packet since skb->dst currently points to the dst
415 * of the UDP tunnel
416 * - reset netfilter information as it doesn't apply
417 * to the inner packet either
418 */
419 secpath_reset(skb);
420 dst_release(skb->dst);
421 skb->dst = NULL;
422 nf_reset(skb);
423
424 po = pppox_sk(session_sock);
425 ppp_input(&po->chan, skb);
426 } else {
427 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
428 "%s: socket not bound\n", session->name);
429
430 /* Not bound. Nothing we can do, so discard. */
431 session->stats.rx_errors++;
432 kfree_skb(skb);
433 }
434
435 sock_put(session->sock);
436 }
437
438 /* Dequeue skbs from the session's reorder_q, subject to packet order.
439 * Skbs that have been in the queue for too long are simply discarded.
440 */
pppol2tp_recv_dequeue(struct pppol2tp_session * session)441 static void pppol2tp_recv_dequeue(struct pppol2tp_session *session)
442 {
443 struct sk_buff *skb;
444 struct sk_buff *tmp;
445
446 /* If the pkt at the head of the queue has the nr that we
447 * expect to send up next, dequeue it and any other
448 * in-sequence packets behind it.
449 */
450 spin_lock_bh(&session->reorder_q.lock);
451 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
452 if (time_after(jiffies, PPPOL2TP_SKB_CB(skb)->expires)) {
453 session->stats.rx_seq_discards++;
454 session->stats.rx_errors++;
455 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
456 "%s: oos pkt %hu len %d discarded (too old), "
457 "waiting for %hu, reorder_q_len=%d\n",
458 session->name, PPPOL2TP_SKB_CB(skb)->ns,
459 PPPOL2TP_SKB_CB(skb)->length, session->nr,
460 skb_queue_len(&session->reorder_q));
461 __skb_unlink(skb, &session->reorder_q);
462 kfree_skb(skb);
463 sock_put(session->sock);
464 continue;
465 }
466
467 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
468 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
469 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
470 "%s: holding oos pkt %hu len %d, "
471 "waiting for %hu, reorder_q_len=%d\n",
472 session->name, PPPOL2TP_SKB_CB(skb)->ns,
473 PPPOL2TP_SKB_CB(skb)->length, session->nr,
474 skb_queue_len(&session->reorder_q));
475 goto out;
476 }
477 }
478 __skb_unlink(skb, &session->reorder_q);
479
480 /* Process the skb. We release the queue lock while we
481 * do so to let other contexts process the queue.
482 */
483 spin_unlock_bh(&session->reorder_q.lock);
484 pppol2tp_recv_dequeue_skb(session, skb);
485 spin_lock_bh(&session->reorder_q.lock);
486 }
487
488 out:
489 spin_unlock_bh(&session->reorder_q.lock);
490 }
491
pppol2tp_verify_udp_checksum(struct sock * sk,struct sk_buff * skb)492 static inline int pppol2tp_verify_udp_checksum(struct sock *sk,
493 struct sk_buff *skb)
494 {
495 struct udphdr *uh = udp_hdr(skb);
496 u16 ulen = ntohs(uh->len);
497 struct inet_sock *inet;
498 __wsum psum;
499
500 if (sk->sk_no_check || skb_csum_unnecessary(skb) || !uh->check)
501 return 0;
502
503 inet = inet_sk(sk);
504 psum = csum_tcpudp_nofold(inet->saddr, inet->daddr, ulen,
505 IPPROTO_UDP, 0);
506
507 if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
508 !csum_fold(csum_add(psum, skb->csum)))
509 return 0;
510
511 skb->csum = psum;
512
513 return __skb_checksum_complete(skb);
514 }
515
516 /* Internal receive frame. Do the real work of receiving an L2TP data frame
517 * here. The skb is not on a list when we get here.
518 * Returns 0 if the packet was a data packet and was successfully passed on.
519 * Returns 1 if the packet was not a good data packet and could not be
520 * forwarded. All such packets are passed up to userspace to deal with.
521 */
pppol2tp_recv_core(struct sock * sock,struct sk_buff * skb)522 static int pppol2tp_recv_core(struct sock *sock, struct sk_buff *skb)
523 {
524 struct pppol2tp_session *session = NULL;
525 struct pppol2tp_tunnel *tunnel;
526 unsigned char *ptr, *optr;
527 u16 hdrflags;
528 u16 tunnel_id, session_id;
529 int length;
530 int offset;
531
532 tunnel = pppol2tp_sock_to_tunnel(sock);
533 if (tunnel == NULL)
534 goto no_tunnel;
535
536 if (tunnel->sock && pppol2tp_verify_udp_checksum(tunnel->sock, skb))
537 goto discard_bad_csum;
538
539 /* UDP always verifies the packet length. */
540 __skb_pull(skb, sizeof(struct udphdr));
541
542 /* Short packet? */
543 if (!pskb_may_pull(skb, 12)) {
544 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
545 "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
546 goto error;
547 }
548
549 /* Point to L2TP header */
550 optr = ptr = skb->data;
551
552 /* Get L2TP header flags */
553 hdrflags = ntohs(*(__be16*)ptr);
554
555 /* Trace packet contents, if enabled */
556 if (tunnel->debug & PPPOL2TP_MSG_DATA) {
557 length = min(16u, skb->len);
558 if (!pskb_may_pull(skb, length))
559 goto error;
560
561 printk(KERN_DEBUG "%s: recv: ", tunnel->name);
562
563 offset = 0;
564 do {
565 printk(" %02X", ptr[offset]);
566 } while (++offset < length);
567
568 printk("\n");
569 }
570
571 /* Get length of L2TP packet */
572 length = skb->len;
573
574 /* If type is control packet, it is handled by userspace. */
575 if (hdrflags & L2TP_HDRFLAG_T) {
576 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
577 "%s: recv control packet, len=%d\n", tunnel->name, length);
578 goto error;
579 }
580
581 /* Skip flags */
582 ptr += 2;
583
584 /* If length is present, skip it */
585 if (hdrflags & L2TP_HDRFLAG_L)
586 ptr += 2;
587
588 /* Extract tunnel and session ID */
589 tunnel_id = ntohs(*(__be16 *) ptr);
590 ptr += 2;
591 session_id = ntohs(*(__be16 *) ptr);
592 ptr += 2;
593
594 /* Find the session context */
595 session = pppol2tp_session_find(tunnel, session_id);
596 if (!session) {
597 /* Not found? Pass to userspace to deal with */
598 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
599 "%s: no socket found (%hu/%hu). Passing up.\n",
600 tunnel->name, tunnel_id, session_id);
601 goto error;
602 }
603 sock_hold(session->sock);
604
605 /* The ref count on the socket was increased by the above call since
606 * we now hold a pointer to the session. Take care to do sock_put()
607 * when exiting this function from now on...
608 */
609
610 /* Handle the optional sequence numbers. If we are the LAC,
611 * enable/disable sequence numbers under the control of the LNS. If
612 * no sequence numbers present but we were expecting them, discard
613 * frame.
614 */
615 if (hdrflags & L2TP_HDRFLAG_S) {
616 u16 ns, nr;
617 ns = ntohs(*(__be16 *) ptr);
618 ptr += 2;
619 nr = ntohs(*(__be16 *) ptr);
620 ptr += 2;
621
622 /* Received a packet with sequence numbers. If we're the LNS,
623 * check if we sre sending sequence numbers and if not,
624 * configure it so.
625 */
626 if ((!session->lns_mode) && (!session->send_seq)) {
627 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
628 "%s: requested to enable seq numbers by LNS\n",
629 session->name);
630 session->send_seq = -1;
631 }
632
633 /* Store L2TP info in the skb */
634 PPPOL2TP_SKB_CB(skb)->ns = ns;
635 PPPOL2TP_SKB_CB(skb)->nr = nr;
636 PPPOL2TP_SKB_CB(skb)->has_seq = 1;
637
638 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
639 "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n",
640 session->name, ns, nr, session->nr);
641 } else {
642 /* No sequence numbers.
643 * If user has configured mandatory sequence numbers, discard.
644 */
645 if (session->recv_seq) {
646 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
647 "%s: recv data has no seq numbers when required. "
648 "Discarding\n", session->name);
649 session->stats.rx_seq_discards++;
650 goto discard;
651 }
652
653 /* If we're the LAC and we're sending sequence numbers, the
654 * LNS has requested that we no longer send sequence numbers.
655 * If we're the LNS and we're sending sequence numbers, the
656 * LAC is broken. Discard the frame.
657 */
658 if ((!session->lns_mode) && (session->send_seq)) {
659 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
660 "%s: requested to disable seq numbers by LNS\n",
661 session->name);
662 session->send_seq = 0;
663 } else if (session->send_seq) {
664 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
665 "%s: recv data has no seq numbers when required. "
666 "Discarding\n", session->name);
667 session->stats.rx_seq_discards++;
668 goto discard;
669 }
670
671 /* Store L2TP info in the skb */
672 PPPOL2TP_SKB_CB(skb)->has_seq = 0;
673 }
674
675 /* If offset bit set, skip it. */
676 if (hdrflags & L2TP_HDRFLAG_O) {
677 offset = ntohs(*(__be16 *)ptr);
678 ptr += 2 + offset;
679 }
680
681 offset = ptr - optr;
682 if (!pskb_may_pull(skb, offset))
683 goto discard;
684
685 __skb_pull(skb, offset);
686
687 /* Skip PPP header, if present. In testing, Microsoft L2TP clients
688 * don't send the PPP header (PPP header compression enabled), but
689 * other clients can include the header. So we cope with both cases
690 * here. The PPP header is always FF03 when using L2TP.
691 *
692 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
693 * the field may be unaligned.
694 */
695 if (!pskb_may_pull(skb, 2))
696 goto discard;
697
698 if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
699 skb_pull(skb, 2);
700
701 /* Prepare skb for adding to the session's reorder_q. Hold
702 * packets for max reorder_timeout or 1 second if not
703 * reordering.
704 */
705 PPPOL2TP_SKB_CB(skb)->length = length;
706 PPPOL2TP_SKB_CB(skb)->expires = jiffies +
707 (session->reorder_timeout ? session->reorder_timeout : HZ);
708
709 /* Add packet to the session's receive queue. Reordering is done here, if
710 * enabled. Saved L2TP protocol info is stored in skb->sb[].
711 */
712 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
713 if (session->reorder_timeout != 0) {
714 /* Packet reordering enabled. Add skb to session's
715 * reorder queue, in order of ns.
716 */
717 pppol2tp_recv_queue_skb(session, skb);
718 } else {
719 /* Packet reordering disabled. Discard out-of-sequence
720 * packets
721 */
722 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
723 session->stats.rx_seq_discards++;
724 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
725 "%s: oos pkt %hu len %d discarded, "
726 "waiting for %hu, reorder_q_len=%d\n",
727 session->name, PPPOL2TP_SKB_CB(skb)->ns,
728 PPPOL2TP_SKB_CB(skb)->length, session->nr,
729 skb_queue_len(&session->reorder_q));
730 goto discard;
731 }
732 skb_queue_tail(&session->reorder_q, skb);
733 }
734 } else {
735 /* No sequence numbers. Add the skb to the tail of the
736 * reorder queue. This ensures that it will be
737 * delivered after all previous sequenced skbs.
738 */
739 skb_queue_tail(&session->reorder_q, skb);
740 }
741
742 /* Try to dequeue as many skbs from reorder_q as we can. */
743 pppol2tp_recv_dequeue(session);
744
745 return 0;
746
747 discard:
748 session->stats.rx_errors++;
749 kfree_skb(skb);
750 sock_put(session->sock);
751 sock_put(sock);
752
753 return 0;
754
755 discard_bad_csum:
756 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
757 UDP_INC_STATS_USER(&init_net, UDP_MIB_INERRORS, 0);
758 tunnel->stats.rx_errors++;
759 kfree_skb(skb);
760
761 return 0;
762
763 error:
764 /* Put UDP header back */
765 __skb_push(skb, sizeof(struct udphdr));
766 sock_put(sock);
767
768 no_tunnel:
769 return 1;
770 }
771
772 /* UDP encapsulation receive handler. See net/ipv4/udp.c.
773 * Return codes:
774 * 0 : success.
775 * <0: error
776 * >0: skb should be passed up to userspace as UDP.
777 */
pppol2tp_udp_encap_recv(struct sock * sk,struct sk_buff * skb)778 static int pppol2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
779 {
780 struct pppol2tp_tunnel *tunnel;
781
782 tunnel = pppol2tp_sock_to_tunnel(sk);
783 if (tunnel == NULL)
784 goto pass_up;
785
786 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
787 "%s: received %d bytes\n", tunnel->name, skb->len);
788
789 if (pppol2tp_recv_core(sk, skb))
790 goto pass_up_put;
791
792 sock_put(sk);
793 return 0;
794
795 pass_up_put:
796 sock_put(sk);
797 pass_up:
798 return 1;
799 }
800
801 /* Receive message. This is the recvmsg for the PPPoL2TP socket.
802 */
pppol2tp_recvmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len,int flags)803 static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
804 struct msghdr *msg, size_t len,
805 int flags)
806 {
807 int err;
808 struct sk_buff *skb;
809 struct sock *sk = sock->sk;
810
811 err = -EIO;
812 if (sk->sk_state & PPPOX_BOUND)
813 goto end;
814
815 msg->msg_namelen = 0;
816
817 err = 0;
818 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
819 flags & MSG_DONTWAIT, &err);
820 if (!skb)
821 goto end;
822
823 if (len > skb->len)
824 len = skb->len;
825 else if (len < skb->len)
826 msg->msg_flags |= MSG_TRUNC;
827
828 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
829 if (likely(err == 0))
830 err = len;
831
832 kfree_skb(skb);
833 end:
834 return err;
835 }
836
837 /************************************************************************
838 * Transmit handling
839 ***********************************************************************/
840
841 /* Tell how big L2TP headers are for a particular session. This
842 * depends on whether sequence numbers are being used.
843 */
pppol2tp_l2tp_header_len(struct pppol2tp_session * session)844 static inline int pppol2tp_l2tp_header_len(struct pppol2tp_session *session)
845 {
846 if (session->send_seq)
847 return PPPOL2TP_L2TP_HDR_SIZE_SEQ;
848
849 return PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
850 }
851
852 /* Build an L2TP header for the session into the buffer provided.
853 */
pppol2tp_build_l2tp_header(struct pppol2tp_session * session,void * buf)854 static void pppol2tp_build_l2tp_header(struct pppol2tp_session *session,
855 void *buf)
856 {
857 __be16 *bufp = buf;
858 u16 flags = L2TP_HDR_VER;
859
860 if (session->send_seq)
861 flags |= L2TP_HDRFLAG_S;
862
863 /* Setup L2TP header.
864 * FIXME: Can this ever be unaligned? Is direct dereferencing of
865 * 16-bit header fields safe here for all architectures?
866 */
867 *bufp++ = htons(flags);
868 *bufp++ = htons(session->tunnel_addr.d_tunnel);
869 *bufp++ = htons(session->tunnel_addr.d_session);
870 if (session->send_seq) {
871 *bufp++ = htons(session->ns);
872 *bufp++ = 0;
873 session->ns++;
874 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
875 "%s: updated ns to %hu\n", session->name, session->ns);
876 }
877 }
878
879 /* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
880 * when a user application does a sendmsg() on the session socket. L2TP and
881 * PPP headers must be inserted into the user's data.
882 */
pppol2tp_sendmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * m,size_t total_len)883 static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
884 size_t total_len)
885 {
886 static const unsigned char ppph[2] = { 0xff, 0x03 };
887 struct sock *sk = sock->sk;
888 struct inet_sock *inet;
889 __wsum csum;
890 struct sk_buff *skb;
891 int error;
892 int hdr_len;
893 struct pppol2tp_session *session;
894 struct pppol2tp_tunnel *tunnel;
895 struct udphdr *uh;
896 unsigned int len;
897 struct sock *sk_tun;
898 u16 udp_len;
899
900 error = -ENOTCONN;
901 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
902 goto error;
903
904 /* Get session and tunnel contexts */
905 error = -EBADF;
906 session = pppol2tp_sock_to_session(sk);
907 if (session == NULL)
908 goto error;
909
910 sk_tun = session->tunnel_sock;
911 tunnel = pppol2tp_sock_to_tunnel(sk_tun);
912 if (tunnel == NULL)
913 goto error_put_sess;
914
915 /* What header length is configured for this session? */
916 hdr_len = pppol2tp_l2tp_header_len(session);
917
918 /* Allocate a socket buffer */
919 error = -ENOMEM;
920 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
921 sizeof(struct udphdr) + hdr_len +
922 sizeof(ppph) + total_len,
923 0, GFP_KERNEL);
924 if (!skb)
925 goto error_put_sess_tun;
926
927 /* Reserve space for headers. */
928 skb_reserve(skb, NET_SKB_PAD);
929 skb_reset_network_header(skb);
930 skb_reserve(skb, sizeof(struct iphdr));
931 skb_reset_transport_header(skb);
932
933 /* Build UDP header */
934 inet = inet_sk(sk_tun);
935 udp_len = hdr_len + sizeof(ppph) + total_len;
936 uh = (struct udphdr *) skb->data;
937 uh->source = inet->sport;
938 uh->dest = inet->dport;
939 uh->len = htons(udp_len);
940 uh->check = 0;
941 skb_put(skb, sizeof(struct udphdr));
942
943 /* Build L2TP header */
944 pppol2tp_build_l2tp_header(session, skb->data);
945 skb_put(skb, hdr_len);
946
947 /* Add PPP header */
948 skb->data[0] = ppph[0];
949 skb->data[1] = ppph[1];
950 skb_put(skb, 2);
951
952 /* Copy user data into skb */
953 error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
954 if (error < 0) {
955 kfree_skb(skb);
956 goto error_put_sess_tun;
957 }
958 skb_put(skb, total_len);
959
960 /* Calculate UDP checksum if configured to do so */
961 if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
962 skb->ip_summed = CHECKSUM_NONE;
963 else if (!(skb->dst->dev->features & NETIF_F_V4_CSUM)) {
964 skb->ip_summed = CHECKSUM_COMPLETE;
965 csum = skb_checksum(skb, 0, udp_len, 0);
966 uh->check = csum_tcpudp_magic(inet->saddr, inet->daddr,
967 udp_len, IPPROTO_UDP, csum);
968 if (uh->check == 0)
969 uh->check = CSUM_MANGLED_0;
970 } else {
971 skb->ip_summed = CHECKSUM_PARTIAL;
972 skb->csum_start = skb_transport_header(skb) - skb->head;
973 skb->csum_offset = offsetof(struct udphdr, check);
974 uh->check = ~csum_tcpudp_magic(inet->saddr, inet->daddr,
975 udp_len, IPPROTO_UDP, 0);
976 }
977
978 /* Debug */
979 if (session->send_seq)
980 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
981 "%s: send %Zd bytes, ns=%hu\n", session->name,
982 total_len, session->ns - 1);
983 else
984 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
985 "%s: send %Zd bytes\n", session->name, total_len);
986
987 if (session->debug & PPPOL2TP_MSG_DATA) {
988 int i;
989 unsigned char *datap = skb->data;
990
991 printk(KERN_DEBUG "%s: xmit:", session->name);
992 for (i = 0; i < total_len; i++) {
993 printk(" %02X", *datap++);
994 if (i == 15) {
995 printk(" ...");
996 break;
997 }
998 }
999 printk("\n");
1000 }
1001
1002 /* Queue the packet to IP for output */
1003 len = skb->len;
1004 error = ip_queue_xmit(skb, 1);
1005
1006 /* Update stats */
1007 if (error >= 0) {
1008 tunnel->stats.tx_packets++;
1009 tunnel->stats.tx_bytes += len;
1010 session->stats.tx_packets++;
1011 session->stats.tx_bytes += len;
1012 } else {
1013 tunnel->stats.tx_errors++;
1014 session->stats.tx_errors++;
1015 }
1016
1017 return error;
1018
1019 error_put_sess_tun:
1020 sock_put(session->tunnel_sock);
1021 error_put_sess:
1022 sock_put(sk);
1023 error:
1024 return error;
1025 }
1026
1027 /* Automatically called when the skb is freed.
1028 */
pppol2tp_sock_wfree(struct sk_buff * skb)1029 static void pppol2tp_sock_wfree(struct sk_buff *skb)
1030 {
1031 sock_put(skb->sk);
1032 }
1033
1034 /* For data skbs that we transmit, we associate with the tunnel socket
1035 * but don't do accounting.
1036 */
pppol2tp_skb_set_owner_w(struct sk_buff * skb,struct sock * sk)1037 static inline void pppol2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
1038 {
1039 sock_hold(sk);
1040 skb->sk = sk;
1041 skb->destructor = pppol2tp_sock_wfree;
1042 }
1043
1044 /* Transmit function called by generic PPP driver. Sends PPP frame
1045 * over PPPoL2TP socket.
1046 *
1047 * This is almost the same as pppol2tp_sendmsg(), but rather than
1048 * being called with a msghdr from userspace, it is called with a skb
1049 * from the kernel.
1050 *
1051 * The supplied skb from ppp doesn't have enough headroom for the
1052 * insertion of L2TP, UDP and IP headers so we need to allocate more
1053 * headroom in the skb. This will create a cloned skb. But we must be
1054 * careful in the error case because the caller will expect to free
1055 * the skb it supplied, not our cloned skb. So we take care to always
1056 * leave the original skb unfreed if we return an error.
1057 */
pppol2tp_xmit(struct ppp_channel * chan,struct sk_buff * skb)1058 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
1059 {
1060 static const u8 ppph[2] = { 0xff, 0x03 };
1061 struct sock *sk = (struct sock *) chan->private;
1062 struct sock *sk_tun;
1063 int hdr_len;
1064 u16 udp_len;
1065 struct pppol2tp_session *session;
1066 struct pppol2tp_tunnel *tunnel;
1067 int rc;
1068 int headroom;
1069 int data_len = skb->len;
1070 struct inet_sock *inet;
1071 __wsum csum;
1072 struct udphdr *uh;
1073 unsigned int len;
1074 int old_headroom;
1075 int new_headroom;
1076
1077 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
1078 goto abort;
1079
1080 /* Get session and tunnel contexts from the socket */
1081 session = pppol2tp_sock_to_session(sk);
1082 if (session == NULL)
1083 goto abort;
1084
1085 sk_tun = session->tunnel_sock;
1086 if (sk_tun == NULL)
1087 goto abort_put_sess;
1088 tunnel = pppol2tp_sock_to_tunnel(sk_tun);
1089 if (tunnel == NULL)
1090 goto abort_put_sess;
1091
1092 /* What header length is configured for this session? */
1093 hdr_len = pppol2tp_l2tp_header_len(session);
1094
1095 /* Check that there's enough headroom in the skb to insert IP,
1096 * UDP and L2TP and PPP headers. If not enough, expand it to
1097 * make room. Adjust truesize.
1098 */
1099 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1100 sizeof(struct udphdr) + hdr_len + sizeof(ppph);
1101 old_headroom = skb_headroom(skb);
1102 if (skb_cow_head(skb, headroom))
1103 goto abort_put_sess_tun;
1104
1105 new_headroom = skb_headroom(skb);
1106 skb_orphan(skb);
1107 skb->truesize += new_headroom - old_headroom;
1108
1109 /* Setup PPP header */
1110 __skb_push(skb, sizeof(ppph));
1111 skb->data[0] = ppph[0];
1112 skb->data[1] = ppph[1];
1113
1114 /* Setup L2TP header */
1115 pppol2tp_build_l2tp_header(session, __skb_push(skb, hdr_len));
1116
1117 udp_len = sizeof(struct udphdr) + hdr_len + sizeof(ppph) + data_len;
1118
1119 /* Setup UDP header */
1120 inet = inet_sk(sk_tun);
1121 __skb_push(skb, sizeof(*uh));
1122 skb_reset_transport_header(skb);
1123 uh = udp_hdr(skb);
1124 uh->source = inet->sport;
1125 uh->dest = inet->dport;
1126 uh->len = htons(udp_len);
1127 uh->check = 0;
1128
1129 /* Debug */
1130 if (session->send_seq)
1131 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1132 "%s: send %d bytes, ns=%hu\n", session->name,
1133 data_len, session->ns - 1);
1134 else
1135 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1136 "%s: send %d bytes\n", session->name, data_len);
1137
1138 if (session->debug & PPPOL2TP_MSG_DATA) {
1139 int i;
1140 unsigned char *datap = skb->data;
1141
1142 printk(KERN_DEBUG "%s: xmit:", session->name);
1143 for (i = 0; i < data_len; i++) {
1144 printk(" %02X", *datap++);
1145 if (i == 31) {
1146 printk(" ...");
1147 break;
1148 }
1149 }
1150 printk("\n");
1151 }
1152
1153 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1154 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1155 IPSKB_REROUTED);
1156 nf_reset(skb);
1157
1158 /* Get routing info from the tunnel socket */
1159 dst_release(skb->dst);
1160 skb->dst = dst_clone(__sk_dst_get(sk_tun));
1161 pppol2tp_skb_set_owner_w(skb, sk_tun);
1162
1163 /* Calculate UDP checksum if configured to do so */
1164 if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
1165 skb->ip_summed = CHECKSUM_NONE;
1166 else if (!(skb->dst->dev->features & NETIF_F_V4_CSUM)) {
1167 skb->ip_summed = CHECKSUM_COMPLETE;
1168 csum = skb_checksum(skb, 0, udp_len, 0);
1169 uh->check = csum_tcpudp_magic(inet->saddr, inet->daddr,
1170 udp_len, IPPROTO_UDP, csum);
1171 if (uh->check == 0)
1172 uh->check = CSUM_MANGLED_0;
1173 } else {
1174 skb->ip_summed = CHECKSUM_PARTIAL;
1175 skb->csum_start = skb_transport_header(skb) - skb->head;
1176 skb->csum_offset = offsetof(struct udphdr, check);
1177 uh->check = ~csum_tcpudp_magic(inet->saddr, inet->daddr,
1178 udp_len, IPPROTO_UDP, 0);
1179 }
1180
1181 /* Queue the packet to IP for output */
1182 len = skb->len;
1183 rc = ip_queue_xmit(skb, 1);
1184
1185 /* Update stats */
1186 if (rc >= 0) {
1187 tunnel->stats.tx_packets++;
1188 tunnel->stats.tx_bytes += len;
1189 session->stats.tx_packets++;
1190 session->stats.tx_bytes += len;
1191 } else {
1192 tunnel->stats.tx_errors++;
1193 session->stats.tx_errors++;
1194 }
1195
1196 sock_put(sk_tun);
1197 sock_put(sk);
1198 return 1;
1199
1200 abort_put_sess_tun:
1201 sock_put(sk_tun);
1202 abort_put_sess:
1203 sock_put(sk);
1204 abort:
1205 /* Free the original skb */
1206 kfree_skb(skb);
1207 return 1;
1208 }
1209
1210 /*****************************************************************************
1211 * Session (and tunnel control) socket create/destroy.
1212 *****************************************************************************/
1213
1214 /* When the tunnel UDP socket is closed, all the attached sockets need to go
1215 * too.
1216 */
pppol2tp_tunnel_closeall(struct pppol2tp_tunnel * tunnel)1217 static void pppol2tp_tunnel_closeall(struct pppol2tp_tunnel *tunnel)
1218 {
1219 int hash;
1220 struct hlist_node *walk;
1221 struct hlist_node *tmp;
1222 struct pppol2tp_session *session;
1223 struct sock *sk;
1224
1225 if (tunnel == NULL)
1226 BUG();
1227
1228 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1229 "%s: closing all sessions...\n", tunnel->name);
1230
1231 write_lock_bh(&tunnel->hlist_lock);
1232 for (hash = 0; hash < PPPOL2TP_HASH_SIZE; hash++) {
1233 again:
1234 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1235 struct sk_buff *skb;
1236
1237 session = hlist_entry(walk, struct pppol2tp_session, hlist);
1238
1239 sk = session->sock;
1240
1241 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1242 "%s: closing session\n", session->name);
1243
1244 hlist_del_init(&session->hlist);
1245
1246 /* Since we should hold the sock lock while
1247 * doing any unbinding, we need to release the
1248 * lock we're holding before taking that lock.
1249 * Hold a reference to the sock so it doesn't
1250 * disappear as we're jumping between locks.
1251 */
1252 sock_hold(sk);
1253 write_unlock_bh(&tunnel->hlist_lock);
1254 lock_sock(sk);
1255
1256 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
1257 pppox_unbind_sock(sk);
1258 sk->sk_state = PPPOX_DEAD;
1259 sk->sk_state_change(sk);
1260 }
1261
1262 /* Purge any queued data */
1263 skb_queue_purge(&sk->sk_receive_queue);
1264 skb_queue_purge(&sk->sk_write_queue);
1265 while ((skb = skb_dequeue(&session->reorder_q))) {
1266 kfree_skb(skb);
1267 sock_put(sk);
1268 }
1269
1270 release_sock(sk);
1271 sock_put(sk);
1272
1273 /* Now restart from the beginning of this hash
1274 * chain. We always remove a session from the
1275 * list so we are guaranteed to make forward
1276 * progress.
1277 */
1278 write_lock_bh(&tunnel->hlist_lock);
1279 goto again;
1280 }
1281 }
1282 write_unlock_bh(&tunnel->hlist_lock);
1283 }
1284
1285 /* Really kill the tunnel.
1286 * Come here only when all sessions have been cleared from the tunnel.
1287 */
pppol2tp_tunnel_free(struct pppol2tp_tunnel * tunnel)1288 static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel)
1289 {
1290 /* Remove from socket list */
1291 write_lock_bh(&pppol2tp_tunnel_list_lock);
1292 list_del_init(&tunnel->list);
1293 write_unlock_bh(&pppol2tp_tunnel_list_lock);
1294
1295 atomic_dec(&pppol2tp_tunnel_count);
1296 kfree(tunnel);
1297 }
1298
1299 /* Tunnel UDP socket destruct hook.
1300 * The tunnel context is deleted only when all session sockets have been
1301 * closed.
1302 */
pppol2tp_tunnel_destruct(struct sock * sk)1303 static void pppol2tp_tunnel_destruct(struct sock *sk)
1304 {
1305 struct pppol2tp_tunnel *tunnel;
1306
1307 tunnel = sk->sk_user_data;
1308 if (tunnel == NULL)
1309 goto end;
1310
1311 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1312 "%s: closing...\n", tunnel->name);
1313
1314 /* Close all sessions */
1315 pppol2tp_tunnel_closeall(tunnel);
1316
1317 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1318 (udp_sk(sk))->encap_type = 0;
1319 (udp_sk(sk))->encap_rcv = NULL;
1320
1321 /* Remove hooks into tunnel socket */
1322 tunnel->sock = NULL;
1323 sk->sk_destruct = tunnel->old_sk_destruct;
1324 sk->sk_user_data = NULL;
1325
1326 /* Call original (UDP) socket descructor */
1327 if (sk->sk_destruct != NULL)
1328 (*sk->sk_destruct)(sk);
1329
1330 pppol2tp_tunnel_dec_refcount(tunnel);
1331
1332 end:
1333 return;
1334 }
1335
1336 /* Really kill the session socket. (Called from sock_put() if
1337 * refcnt == 0.)
1338 */
pppol2tp_session_destruct(struct sock * sk)1339 static void pppol2tp_session_destruct(struct sock *sk)
1340 {
1341 struct pppol2tp_session *session = NULL;
1342
1343 if (sk->sk_user_data != NULL) {
1344 struct pppol2tp_tunnel *tunnel;
1345
1346 session = sk->sk_user_data;
1347 if (session == NULL)
1348 goto out;
1349
1350 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
1351
1352 /* Don't use pppol2tp_sock_to_tunnel() here to
1353 * get the tunnel context because the tunnel
1354 * socket might have already been closed (its
1355 * sk->sk_user_data will be NULL) so use the
1356 * session's private tunnel ptr instead.
1357 */
1358 tunnel = session->tunnel;
1359 if (tunnel != NULL) {
1360 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1361
1362 /* If session_id is zero, this is a null
1363 * session context, which was created for a
1364 * socket that is being used only to manage
1365 * tunnels.
1366 */
1367 if (session->tunnel_addr.s_session != 0) {
1368 /* Delete the session socket from the
1369 * hash
1370 */
1371 write_lock_bh(&tunnel->hlist_lock);
1372 hlist_del_init(&session->hlist);
1373 write_unlock_bh(&tunnel->hlist_lock);
1374
1375 atomic_dec(&pppol2tp_session_count);
1376 }
1377
1378 /* This will delete the tunnel context if this
1379 * is the last session on the tunnel.
1380 */
1381 session->tunnel = NULL;
1382 session->tunnel_sock = NULL;
1383 pppol2tp_tunnel_dec_refcount(tunnel);
1384 }
1385 }
1386
1387 kfree(session);
1388 out:
1389 return;
1390 }
1391
1392 /* Called when the PPPoX socket (session) is closed.
1393 */
pppol2tp_release(struct socket * sock)1394 static int pppol2tp_release(struct socket *sock)
1395 {
1396 struct sock *sk = sock->sk;
1397 struct pppol2tp_session *session;
1398 int error;
1399
1400 if (!sk)
1401 return 0;
1402
1403 error = -EBADF;
1404 lock_sock(sk);
1405 if (sock_flag(sk, SOCK_DEAD) != 0)
1406 goto error;
1407
1408 pppox_unbind_sock(sk);
1409
1410 /* Signal the death of the socket. */
1411 sk->sk_state = PPPOX_DEAD;
1412 sock_orphan(sk);
1413 sock->sk = NULL;
1414
1415 session = pppol2tp_sock_to_session(sk);
1416
1417 /* Purge any queued data */
1418 skb_queue_purge(&sk->sk_receive_queue);
1419 skb_queue_purge(&sk->sk_write_queue);
1420 if (session != NULL) {
1421 struct sk_buff *skb;
1422 while ((skb = skb_dequeue(&session->reorder_q))) {
1423 kfree_skb(skb);
1424 sock_put(sk);
1425 }
1426 sock_put(sk);
1427 }
1428
1429 release_sock(sk);
1430
1431 /* This will delete the session context via
1432 * pppol2tp_session_destruct() if the socket's refcnt drops to
1433 * zero.
1434 */
1435 sock_put(sk);
1436
1437 return 0;
1438
1439 error:
1440 release_sock(sk);
1441 return error;
1442 }
1443
1444 /* Internal function to prepare a tunnel (UDP) socket to have PPPoX
1445 * sockets attached to it.
1446 */
pppol2tp_prepare_tunnel_socket(int fd,u16 tunnel_id,int * error)1447 static struct sock *pppol2tp_prepare_tunnel_socket(int fd, u16 tunnel_id,
1448 int *error)
1449 {
1450 int err;
1451 struct socket *sock = NULL;
1452 struct sock *sk;
1453 struct pppol2tp_tunnel *tunnel;
1454 struct sock *ret = NULL;
1455
1456 /* Get the tunnel UDP socket from the fd, which was opened by
1457 * the userspace L2TP daemon.
1458 */
1459 err = -EBADF;
1460 sock = sockfd_lookup(fd, &err);
1461 if (!sock) {
1462 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1463 "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1464 tunnel_id, fd, err);
1465 goto err;
1466 }
1467
1468 sk = sock->sk;
1469
1470 /* Quick sanity checks */
1471 err = -EPROTONOSUPPORT;
1472 if (sk->sk_protocol != IPPROTO_UDP) {
1473 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1474 "tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1475 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1476 goto err;
1477 }
1478 err = -EAFNOSUPPORT;
1479 if (sock->ops->family != AF_INET) {
1480 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1481 "tunl %hu: fd %d wrong family, got %d, expected %d\n",
1482 tunnel_id, fd, sock->ops->family, AF_INET);
1483 goto err;
1484 }
1485
1486 err = -ENOTCONN;
1487
1488 /* Check if this socket has already been prepped */
1489 tunnel = (struct pppol2tp_tunnel *)sk->sk_user_data;
1490 if (tunnel != NULL) {
1491 /* User-data field already set */
1492 err = -EBUSY;
1493 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1494
1495 /* This socket has already been prepped */
1496 ret = tunnel->sock;
1497 goto out;
1498 }
1499
1500 /* This socket is available and needs prepping. Create a new tunnel
1501 * context and init it.
1502 */
1503 sk->sk_user_data = tunnel = kzalloc(sizeof(struct pppol2tp_tunnel), GFP_KERNEL);
1504 if (sk->sk_user_data == NULL) {
1505 err = -ENOMEM;
1506 goto err;
1507 }
1508
1509 tunnel->magic = L2TP_TUNNEL_MAGIC;
1510 sprintf(&tunnel->name[0], "tunl %hu", tunnel_id);
1511
1512 tunnel->stats.tunnel_id = tunnel_id;
1513 tunnel->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS;
1514
1515 /* Hook on the tunnel socket destructor so that we can cleanup
1516 * if the tunnel socket goes away.
1517 */
1518 tunnel->old_sk_destruct = sk->sk_destruct;
1519 sk->sk_destruct = &pppol2tp_tunnel_destruct;
1520
1521 tunnel->sock = sk;
1522 sk->sk_allocation = GFP_ATOMIC;
1523
1524 /* Misc init */
1525 rwlock_init(&tunnel->hlist_lock);
1526
1527 /* Add tunnel to our list */
1528 INIT_LIST_HEAD(&tunnel->list);
1529 write_lock_bh(&pppol2tp_tunnel_list_lock);
1530 list_add(&tunnel->list, &pppol2tp_tunnel_list);
1531 write_unlock_bh(&pppol2tp_tunnel_list_lock);
1532 atomic_inc(&pppol2tp_tunnel_count);
1533
1534 /* Bump the reference count. The tunnel context is deleted
1535 * only when this drops to zero.
1536 */
1537 pppol2tp_tunnel_inc_refcount(tunnel);
1538
1539 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1540 (udp_sk(sk))->encap_type = UDP_ENCAP_L2TPINUDP;
1541 (udp_sk(sk))->encap_rcv = pppol2tp_udp_encap_recv;
1542
1543 ret = tunnel->sock;
1544
1545 *error = 0;
1546 out:
1547 if (sock)
1548 sockfd_put(sock);
1549
1550 return ret;
1551
1552 err:
1553 *error = err;
1554 goto out;
1555 }
1556
1557 static struct proto pppol2tp_sk_proto = {
1558 .name = "PPPOL2TP",
1559 .owner = THIS_MODULE,
1560 .obj_size = sizeof(struct pppox_sock),
1561 };
1562
1563 /* socket() handler. Initialize a new struct sock.
1564 */
pppol2tp_create(struct net * net,struct socket * sock)1565 static int pppol2tp_create(struct net *net, struct socket *sock)
1566 {
1567 int error = -ENOMEM;
1568 struct sock *sk;
1569
1570 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
1571 if (!sk)
1572 goto out;
1573
1574 sock_init_data(sock, sk);
1575
1576 sock->state = SS_UNCONNECTED;
1577 sock->ops = &pppol2tp_ops;
1578
1579 sk->sk_backlog_rcv = pppol2tp_recv_core;
1580 sk->sk_protocol = PX_PROTO_OL2TP;
1581 sk->sk_family = PF_PPPOX;
1582 sk->sk_state = PPPOX_NONE;
1583 sk->sk_type = SOCK_STREAM;
1584 sk->sk_destruct = pppol2tp_session_destruct;
1585
1586 error = 0;
1587
1588 out:
1589 return error;
1590 }
1591
1592 /* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
1593 */
pppol2tp_connect(struct socket * sock,struct sockaddr * uservaddr,int sockaddr_len,int flags)1594 static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
1595 int sockaddr_len, int flags)
1596 {
1597 struct sock *sk = sock->sk;
1598 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
1599 struct pppox_sock *po = pppox_sk(sk);
1600 struct sock *tunnel_sock = NULL;
1601 struct pppol2tp_session *session = NULL;
1602 struct pppol2tp_tunnel *tunnel;
1603 struct dst_entry *dst;
1604 int error = 0;
1605
1606 lock_sock(sk);
1607
1608 error = -EINVAL;
1609 if (sp->sa_protocol != PX_PROTO_OL2TP)
1610 goto end;
1611
1612 /* Check for already bound sockets */
1613 error = -EBUSY;
1614 if (sk->sk_state & PPPOX_CONNECTED)
1615 goto end;
1616
1617 /* We don't supporting rebinding anyway */
1618 error = -EALREADY;
1619 if (sk->sk_user_data)
1620 goto end; /* socket is already attached */
1621
1622 /* Don't bind if s_tunnel is 0 */
1623 error = -EINVAL;
1624 if (sp->pppol2tp.s_tunnel == 0)
1625 goto end;
1626
1627 /* Special case: prepare tunnel socket if s_session and
1628 * d_session is 0. Otherwise look up tunnel using supplied
1629 * tunnel id.
1630 */
1631 if ((sp->pppol2tp.s_session == 0) && (sp->pppol2tp.d_session == 0)) {
1632 tunnel_sock = pppol2tp_prepare_tunnel_socket(sp->pppol2tp.fd,
1633 sp->pppol2tp.s_tunnel,
1634 &error);
1635 if (tunnel_sock == NULL)
1636 goto end;
1637
1638 tunnel = tunnel_sock->sk_user_data;
1639 } else {
1640 tunnel = pppol2tp_tunnel_find(sp->pppol2tp.s_tunnel);
1641
1642 /* Error if we can't find the tunnel */
1643 error = -ENOENT;
1644 if (tunnel == NULL)
1645 goto end;
1646
1647 tunnel_sock = tunnel->sock;
1648 }
1649
1650 /* Check that this session doesn't already exist */
1651 error = -EEXIST;
1652 session = pppol2tp_session_find(tunnel, sp->pppol2tp.s_session);
1653 if (session != NULL)
1654 goto end;
1655
1656 /* Allocate and initialize a new session context. */
1657 session = kzalloc(sizeof(struct pppol2tp_session), GFP_KERNEL);
1658 if (session == NULL) {
1659 error = -ENOMEM;
1660 goto end;
1661 }
1662
1663 skb_queue_head_init(&session->reorder_q);
1664
1665 session->magic = L2TP_SESSION_MAGIC;
1666 session->owner = current->pid;
1667 session->sock = sk;
1668 session->tunnel = tunnel;
1669 session->tunnel_sock = tunnel_sock;
1670 session->tunnel_addr = sp->pppol2tp;
1671 sprintf(&session->name[0], "sess %hu/%hu",
1672 session->tunnel_addr.s_tunnel,
1673 session->tunnel_addr.s_session);
1674
1675 session->stats.tunnel_id = session->tunnel_addr.s_tunnel;
1676 session->stats.session_id = session->tunnel_addr.s_session;
1677
1678 INIT_HLIST_NODE(&session->hlist);
1679
1680 /* Inherit debug options from tunnel */
1681 session->debug = tunnel->debug;
1682
1683 /* Default MTU must allow space for UDP/L2TP/PPP
1684 * headers.
1685 */
1686 session->mtu = session->mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
1687
1688 /* If PMTU discovery was enabled, use the MTU that was discovered */
1689 dst = sk_dst_get(sk);
1690 if (dst != NULL) {
1691 u32 pmtu = dst_mtu(__sk_dst_get(sk));
1692 if (pmtu != 0)
1693 session->mtu = session->mru = pmtu -
1694 PPPOL2TP_HEADER_OVERHEAD;
1695 dst_release(dst);
1696 }
1697
1698 /* Special case: if source & dest session_id == 0x0000, this socket is
1699 * being created to manage the tunnel. Don't add the session to the
1700 * session hash list, just set up the internal context for use by
1701 * ioctl() and sockopt() handlers.
1702 */
1703 if ((session->tunnel_addr.s_session == 0) &&
1704 (session->tunnel_addr.d_session == 0)) {
1705 error = 0;
1706 sk->sk_user_data = session;
1707 goto out_no_ppp;
1708 }
1709
1710 /* Get tunnel context from the tunnel socket */
1711 tunnel = pppol2tp_sock_to_tunnel(tunnel_sock);
1712 if (tunnel == NULL) {
1713 error = -EBADF;
1714 goto end;
1715 }
1716
1717 /* Right now, because we don't have a way to push the incoming skb's
1718 * straight through the UDP layer, the only header we need to worry
1719 * about is the L2TP header. This size is different depending on
1720 * whether sequence numbers are enabled for the data channel.
1721 */
1722 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1723
1724 po->chan.private = sk;
1725 po->chan.ops = &pppol2tp_chan_ops;
1726 po->chan.mtu = session->mtu;
1727
1728 error = ppp_register_channel(&po->chan);
1729 if (error)
1730 goto end_put_tun;
1731
1732 /* This is how we get the session context from the socket. */
1733 sk->sk_user_data = session;
1734
1735 /* Add session to the tunnel's hash list */
1736 write_lock_bh(&tunnel->hlist_lock);
1737 hlist_add_head(&session->hlist,
1738 pppol2tp_session_id_hash(tunnel,
1739 session->tunnel_addr.s_session));
1740 write_unlock_bh(&tunnel->hlist_lock);
1741
1742 atomic_inc(&pppol2tp_session_count);
1743
1744 out_no_ppp:
1745 pppol2tp_tunnel_inc_refcount(tunnel);
1746 sk->sk_state = PPPOX_CONNECTED;
1747 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1748 "%s: created\n", session->name);
1749
1750 end_put_tun:
1751 sock_put(tunnel_sock);
1752 end:
1753 release_sock(sk);
1754
1755 if (error != 0) {
1756 if (session)
1757 PRINTK(session->debug,
1758 PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1759 "%s: connect failed: %d\n",
1760 session->name, error);
1761 else
1762 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1763 "connect failed: %d\n", error);
1764 }
1765
1766 return error;
1767 }
1768
1769 /* getname() support.
1770 */
pppol2tp_getname(struct socket * sock,struct sockaddr * uaddr,int * usockaddr_len,int peer)1771 static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
1772 int *usockaddr_len, int peer)
1773 {
1774 int len = sizeof(struct sockaddr_pppol2tp);
1775 struct sockaddr_pppol2tp sp;
1776 int error = 0;
1777 struct pppol2tp_session *session;
1778
1779 error = -ENOTCONN;
1780 if (sock->sk->sk_state != PPPOX_CONNECTED)
1781 goto end;
1782
1783 session = pppol2tp_sock_to_session(sock->sk);
1784 if (session == NULL) {
1785 error = -EBADF;
1786 goto end;
1787 }
1788
1789 sp.sa_family = AF_PPPOX;
1790 sp.sa_protocol = PX_PROTO_OL2TP;
1791 memcpy(&sp.pppol2tp, &session->tunnel_addr,
1792 sizeof(struct pppol2tp_addr));
1793
1794 memcpy(uaddr, &sp, len);
1795
1796 *usockaddr_len = len;
1797
1798 error = 0;
1799 sock_put(sock->sk);
1800
1801 end:
1802 return error;
1803 }
1804
1805 /****************************************************************************
1806 * ioctl() handlers.
1807 *
1808 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1809 * sockets. However, in order to control kernel tunnel features, we allow
1810 * userspace to create a special "tunnel" PPPoX socket which is used for
1811 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1812 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1813 * calls.
1814 ****************************************************************************/
1815
1816 /* Session ioctl helper.
1817 */
pppol2tp_session_ioctl(struct pppol2tp_session * session,unsigned int cmd,unsigned long arg)1818 static int pppol2tp_session_ioctl(struct pppol2tp_session *session,
1819 unsigned int cmd, unsigned long arg)
1820 {
1821 struct ifreq ifr;
1822 int err = 0;
1823 struct sock *sk = session->sock;
1824 int val = (int) arg;
1825
1826 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1827 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1828 session->name, cmd, arg);
1829
1830 sock_hold(sk);
1831
1832 switch (cmd) {
1833 case SIOCGIFMTU:
1834 err = -ENXIO;
1835 if (!(sk->sk_state & PPPOX_CONNECTED))
1836 break;
1837
1838 err = -EFAULT;
1839 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1840 break;
1841 ifr.ifr_mtu = session->mtu;
1842 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1843 break;
1844
1845 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1846 "%s: get mtu=%d\n", session->name, session->mtu);
1847 err = 0;
1848 break;
1849
1850 case SIOCSIFMTU:
1851 err = -ENXIO;
1852 if (!(sk->sk_state & PPPOX_CONNECTED))
1853 break;
1854
1855 err = -EFAULT;
1856 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1857 break;
1858
1859 session->mtu = ifr.ifr_mtu;
1860
1861 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1862 "%s: set mtu=%d\n", session->name, session->mtu);
1863 err = 0;
1864 break;
1865
1866 case PPPIOCGMRU:
1867 err = -ENXIO;
1868 if (!(sk->sk_state & PPPOX_CONNECTED))
1869 break;
1870
1871 err = -EFAULT;
1872 if (put_user(session->mru, (int __user *) arg))
1873 break;
1874
1875 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1876 "%s: get mru=%d\n", session->name, session->mru);
1877 err = 0;
1878 break;
1879
1880 case PPPIOCSMRU:
1881 err = -ENXIO;
1882 if (!(sk->sk_state & PPPOX_CONNECTED))
1883 break;
1884
1885 err = -EFAULT;
1886 if (get_user(val,(int __user *) arg))
1887 break;
1888
1889 session->mru = val;
1890 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1891 "%s: set mru=%d\n", session->name, session->mru);
1892 err = 0;
1893 break;
1894
1895 case PPPIOCGFLAGS:
1896 err = -EFAULT;
1897 if (put_user(session->flags, (int __user *) arg))
1898 break;
1899
1900 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1901 "%s: get flags=%d\n", session->name, session->flags);
1902 err = 0;
1903 break;
1904
1905 case PPPIOCSFLAGS:
1906 err = -EFAULT;
1907 if (get_user(val, (int __user *) arg))
1908 break;
1909 session->flags = val;
1910 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1911 "%s: set flags=%d\n", session->name, session->flags);
1912 err = 0;
1913 break;
1914
1915 case PPPIOCGL2TPSTATS:
1916 err = -ENXIO;
1917 if (!(sk->sk_state & PPPOX_CONNECTED))
1918 break;
1919
1920 if (copy_to_user((void __user *) arg, &session->stats,
1921 sizeof(session->stats)))
1922 break;
1923 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1924 "%s: get L2TP stats\n", session->name);
1925 err = 0;
1926 break;
1927
1928 default:
1929 err = -ENOSYS;
1930 break;
1931 }
1932
1933 sock_put(sk);
1934
1935 return err;
1936 }
1937
1938 /* Tunnel ioctl helper.
1939 *
1940 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1941 * specifies a session_id, the session ioctl handler is called. This allows an
1942 * application to retrieve session stats via a tunnel socket.
1943 */
pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel * tunnel,unsigned int cmd,unsigned long arg)1944 static int pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel *tunnel,
1945 unsigned int cmd, unsigned long arg)
1946 {
1947 int err = 0;
1948 struct sock *sk = tunnel->sock;
1949 struct pppol2tp_ioc_stats stats_req;
1950
1951 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1952 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", tunnel->name,
1953 cmd, arg);
1954
1955 sock_hold(sk);
1956
1957 switch (cmd) {
1958 case PPPIOCGL2TPSTATS:
1959 err = -ENXIO;
1960 if (!(sk->sk_state & PPPOX_CONNECTED))
1961 break;
1962
1963 if (copy_from_user(&stats_req, (void __user *) arg,
1964 sizeof(stats_req))) {
1965 err = -EFAULT;
1966 break;
1967 }
1968 if (stats_req.session_id != 0) {
1969 /* resend to session ioctl handler */
1970 struct pppol2tp_session *session =
1971 pppol2tp_session_find(tunnel, stats_req.session_id);
1972 if (session != NULL)
1973 err = pppol2tp_session_ioctl(session, cmd, arg);
1974 else
1975 err = -EBADR;
1976 break;
1977 }
1978 #ifdef CONFIG_XFRM
1979 tunnel->stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1980 #endif
1981 if (copy_to_user((void __user *) arg, &tunnel->stats,
1982 sizeof(tunnel->stats))) {
1983 err = -EFAULT;
1984 break;
1985 }
1986 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1987 "%s: get L2TP stats\n", tunnel->name);
1988 err = 0;
1989 break;
1990
1991 default:
1992 err = -ENOSYS;
1993 break;
1994 }
1995
1996 sock_put(sk);
1997
1998 return err;
1999 }
2000
2001 /* Main ioctl() handler.
2002 * Dispatch to tunnel or session helpers depending on the socket.
2003 */
pppol2tp_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)2004 static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
2005 unsigned long arg)
2006 {
2007 struct sock *sk = sock->sk;
2008 struct pppol2tp_session *session;
2009 struct pppol2tp_tunnel *tunnel;
2010 int err;
2011
2012 if (!sk)
2013 return 0;
2014
2015 err = -EBADF;
2016 if (sock_flag(sk, SOCK_DEAD) != 0)
2017 goto end;
2018
2019 err = -ENOTCONN;
2020 if ((sk->sk_user_data == NULL) ||
2021 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
2022 goto end;
2023
2024 /* Get session context from the socket */
2025 err = -EBADF;
2026 session = pppol2tp_sock_to_session(sk);
2027 if (session == NULL)
2028 goto end;
2029
2030 /* Special case: if session's session_id is zero, treat ioctl as a
2031 * tunnel ioctl
2032 */
2033 if ((session->tunnel_addr.s_session == 0) &&
2034 (session->tunnel_addr.d_session == 0)) {
2035 err = -EBADF;
2036 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2037 if (tunnel == NULL)
2038 goto end_put_sess;
2039
2040 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
2041 sock_put(session->tunnel_sock);
2042 goto end_put_sess;
2043 }
2044
2045 err = pppol2tp_session_ioctl(session, cmd, arg);
2046
2047 end_put_sess:
2048 sock_put(sk);
2049 end:
2050 return err;
2051 }
2052
2053 /*****************************************************************************
2054 * setsockopt() / getsockopt() support.
2055 *
2056 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
2057 * sockets. In order to control kernel tunnel features, we allow userspace to
2058 * create a special "tunnel" PPPoX socket which is used for control only.
2059 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
2060 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
2061 *****************************************************************************/
2062
2063 /* Tunnel setsockopt() helper.
2064 */
pppol2tp_tunnel_setsockopt(struct sock * sk,struct pppol2tp_tunnel * tunnel,int optname,int val)2065 static int pppol2tp_tunnel_setsockopt(struct sock *sk,
2066 struct pppol2tp_tunnel *tunnel,
2067 int optname, int val)
2068 {
2069 int err = 0;
2070
2071 switch (optname) {
2072 case PPPOL2TP_SO_DEBUG:
2073 tunnel->debug = val;
2074 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2075 "%s: set debug=%x\n", tunnel->name, tunnel->debug);
2076 break;
2077
2078 default:
2079 err = -ENOPROTOOPT;
2080 break;
2081 }
2082
2083 return err;
2084 }
2085
2086 /* Session setsockopt helper.
2087 */
pppol2tp_session_setsockopt(struct sock * sk,struct pppol2tp_session * session,int optname,int val)2088 static int pppol2tp_session_setsockopt(struct sock *sk,
2089 struct pppol2tp_session *session,
2090 int optname, int val)
2091 {
2092 int err = 0;
2093
2094 switch (optname) {
2095 case PPPOL2TP_SO_RECVSEQ:
2096 if ((val != 0) && (val != 1)) {
2097 err = -EINVAL;
2098 break;
2099 }
2100 session->recv_seq = val ? -1 : 0;
2101 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2102 "%s: set recv_seq=%d\n", session->name,
2103 session->recv_seq);
2104 break;
2105
2106 case PPPOL2TP_SO_SENDSEQ:
2107 if ((val != 0) && (val != 1)) {
2108 err = -EINVAL;
2109 break;
2110 }
2111 session->send_seq = val ? -1 : 0;
2112 {
2113 struct sock *ssk = session->sock;
2114 struct pppox_sock *po = pppox_sk(ssk);
2115 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
2116 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
2117 }
2118 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2119 "%s: set send_seq=%d\n", session->name, session->send_seq);
2120 break;
2121
2122 case PPPOL2TP_SO_LNSMODE:
2123 if ((val != 0) && (val != 1)) {
2124 err = -EINVAL;
2125 break;
2126 }
2127 session->lns_mode = val ? -1 : 0;
2128 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2129 "%s: set lns_mode=%d\n", session->name,
2130 session->lns_mode);
2131 break;
2132
2133 case PPPOL2TP_SO_DEBUG:
2134 session->debug = val;
2135 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2136 "%s: set debug=%x\n", session->name, session->debug);
2137 break;
2138
2139 case PPPOL2TP_SO_REORDERTO:
2140 session->reorder_timeout = msecs_to_jiffies(val);
2141 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2142 "%s: set reorder_timeout=%d\n", session->name,
2143 session->reorder_timeout);
2144 break;
2145
2146 default:
2147 err = -ENOPROTOOPT;
2148 break;
2149 }
2150
2151 return err;
2152 }
2153
2154 /* Main setsockopt() entry point.
2155 * Does API checks, then calls either the tunnel or session setsockopt
2156 * handler, according to whether the PPPoL2TP socket is a for a regular
2157 * session or the special tunnel type.
2158 */
pppol2tp_setsockopt(struct socket * sock,int level,int optname,char __user * optval,int optlen)2159 static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
2160 char __user *optval, int optlen)
2161 {
2162 struct sock *sk = sock->sk;
2163 struct pppol2tp_session *session = sk->sk_user_data;
2164 struct pppol2tp_tunnel *tunnel;
2165 int val;
2166 int err;
2167
2168 if (level != SOL_PPPOL2TP)
2169 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
2170
2171 if (optlen < sizeof(int))
2172 return -EINVAL;
2173
2174 if (get_user(val, (int __user *)optval))
2175 return -EFAULT;
2176
2177 err = -ENOTCONN;
2178 if (sk->sk_user_data == NULL)
2179 goto end;
2180
2181 /* Get session context from the socket */
2182 err = -EBADF;
2183 session = pppol2tp_sock_to_session(sk);
2184 if (session == NULL)
2185 goto end;
2186
2187 /* Special case: if session_id == 0x0000, treat as operation on tunnel
2188 */
2189 if ((session->tunnel_addr.s_session == 0) &&
2190 (session->tunnel_addr.d_session == 0)) {
2191 err = -EBADF;
2192 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2193 if (tunnel == NULL)
2194 goto end_put_sess;
2195
2196 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
2197 sock_put(session->tunnel_sock);
2198 } else
2199 err = pppol2tp_session_setsockopt(sk, session, optname, val);
2200
2201 err = 0;
2202
2203 end_put_sess:
2204 sock_put(sk);
2205 end:
2206 return err;
2207 }
2208
2209 /* Tunnel getsockopt helper. Called with sock locked.
2210 */
pppol2tp_tunnel_getsockopt(struct sock * sk,struct pppol2tp_tunnel * tunnel,int optname,int * val)2211 static int pppol2tp_tunnel_getsockopt(struct sock *sk,
2212 struct pppol2tp_tunnel *tunnel,
2213 int optname, int *val)
2214 {
2215 int err = 0;
2216
2217 switch (optname) {
2218 case PPPOL2TP_SO_DEBUG:
2219 *val = tunnel->debug;
2220 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2221 "%s: get debug=%x\n", tunnel->name, tunnel->debug);
2222 break;
2223
2224 default:
2225 err = -ENOPROTOOPT;
2226 break;
2227 }
2228
2229 return err;
2230 }
2231
2232 /* Session getsockopt helper. Called with sock locked.
2233 */
pppol2tp_session_getsockopt(struct sock * sk,struct pppol2tp_session * session,int optname,int * val)2234 static int pppol2tp_session_getsockopt(struct sock *sk,
2235 struct pppol2tp_session *session,
2236 int optname, int *val)
2237 {
2238 int err = 0;
2239
2240 switch (optname) {
2241 case PPPOL2TP_SO_RECVSEQ:
2242 *val = session->recv_seq;
2243 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2244 "%s: get recv_seq=%d\n", session->name, *val);
2245 break;
2246
2247 case PPPOL2TP_SO_SENDSEQ:
2248 *val = session->send_seq;
2249 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2250 "%s: get send_seq=%d\n", session->name, *val);
2251 break;
2252
2253 case PPPOL2TP_SO_LNSMODE:
2254 *val = session->lns_mode;
2255 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2256 "%s: get lns_mode=%d\n", session->name, *val);
2257 break;
2258
2259 case PPPOL2TP_SO_DEBUG:
2260 *val = session->debug;
2261 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2262 "%s: get debug=%d\n", session->name, *val);
2263 break;
2264
2265 case PPPOL2TP_SO_REORDERTO:
2266 *val = (int) jiffies_to_msecs(session->reorder_timeout);
2267 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2268 "%s: get reorder_timeout=%d\n", session->name, *val);
2269 break;
2270
2271 default:
2272 err = -ENOPROTOOPT;
2273 }
2274
2275 return err;
2276 }
2277
2278 /* Main getsockopt() entry point.
2279 * Does API checks, then calls either the tunnel or session getsockopt
2280 * handler, according to whether the PPPoX socket is a for a regular session
2281 * or the special tunnel type.
2282 */
pppol2tp_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)2283 static int pppol2tp_getsockopt(struct socket *sock, int level,
2284 int optname, char __user *optval, int __user *optlen)
2285 {
2286 struct sock *sk = sock->sk;
2287 struct pppol2tp_session *session = sk->sk_user_data;
2288 struct pppol2tp_tunnel *tunnel;
2289 int val, len;
2290 int err;
2291
2292 if (level != SOL_PPPOL2TP)
2293 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
2294
2295 if (get_user(len, (int __user *) optlen))
2296 return -EFAULT;
2297
2298 len = min_t(unsigned int, len, sizeof(int));
2299
2300 if (len < 0)
2301 return -EINVAL;
2302
2303 err = -ENOTCONN;
2304 if (sk->sk_user_data == NULL)
2305 goto end;
2306
2307 /* Get the session context */
2308 err = -EBADF;
2309 session = pppol2tp_sock_to_session(sk);
2310 if (session == NULL)
2311 goto end;
2312
2313 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
2314 if ((session->tunnel_addr.s_session == 0) &&
2315 (session->tunnel_addr.d_session == 0)) {
2316 err = -EBADF;
2317 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2318 if (tunnel == NULL)
2319 goto end_put_sess;
2320
2321 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
2322 sock_put(session->tunnel_sock);
2323 } else
2324 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
2325
2326 err = -EFAULT;
2327 if (put_user(len, (int __user *) optlen))
2328 goto end_put_sess;
2329
2330 if (copy_to_user((void __user *) optval, &val, len))
2331 goto end_put_sess;
2332
2333 err = 0;
2334
2335 end_put_sess:
2336 sock_put(sk);
2337 end:
2338 return err;
2339 }
2340
2341 /*****************************************************************************
2342 * /proc filesystem for debug
2343 *****************************************************************************/
2344
2345 #ifdef CONFIG_PROC_FS
2346
2347 #include <linux/seq_file.h>
2348
2349 struct pppol2tp_seq_data {
2350 struct pppol2tp_tunnel *tunnel; /* current tunnel */
2351 struct pppol2tp_session *session; /* NULL means get first session in tunnel */
2352 };
2353
next_session(struct pppol2tp_tunnel * tunnel,struct pppol2tp_session * curr)2354 static struct pppol2tp_session *next_session(struct pppol2tp_tunnel *tunnel, struct pppol2tp_session *curr)
2355 {
2356 struct pppol2tp_session *session = NULL;
2357 struct hlist_node *walk;
2358 int found = 0;
2359 int next = 0;
2360 int i;
2361
2362 read_lock_bh(&tunnel->hlist_lock);
2363 for (i = 0; i < PPPOL2TP_HASH_SIZE; i++) {
2364 hlist_for_each_entry(session, walk, &tunnel->session_hlist[i], hlist) {
2365 if (curr == NULL) {
2366 found = 1;
2367 goto out;
2368 }
2369 if (session == curr) {
2370 next = 1;
2371 continue;
2372 }
2373 if (next) {
2374 found = 1;
2375 goto out;
2376 }
2377 }
2378 }
2379 out:
2380 read_unlock_bh(&tunnel->hlist_lock);
2381 if (!found)
2382 session = NULL;
2383
2384 return session;
2385 }
2386
next_tunnel(struct pppol2tp_tunnel * curr)2387 static struct pppol2tp_tunnel *next_tunnel(struct pppol2tp_tunnel *curr)
2388 {
2389 struct pppol2tp_tunnel *tunnel = NULL;
2390
2391 read_lock_bh(&pppol2tp_tunnel_list_lock);
2392 if (list_is_last(&curr->list, &pppol2tp_tunnel_list)) {
2393 goto out;
2394 }
2395 tunnel = list_entry(curr->list.next, struct pppol2tp_tunnel, list);
2396 out:
2397 read_unlock_bh(&pppol2tp_tunnel_list_lock);
2398
2399 return tunnel;
2400 }
2401
pppol2tp_seq_start(struct seq_file * m,loff_t * offs)2402 static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
2403 {
2404 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
2405 loff_t pos = *offs;
2406
2407 if (!pos)
2408 goto out;
2409
2410 BUG_ON(m->private == NULL);
2411 pd = m->private;
2412
2413 if (pd->tunnel == NULL) {
2414 if (!list_empty(&pppol2tp_tunnel_list))
2415 pd->tunnel = list_entry(pppol2tp_tunnel_list.next, struct pppol2tp_tunnel, list);
2416 } else {
2417 pd->session = next_session(pd->tunnel, pd->session);
2418 if (pd->session == NULL) {
2419 pd->tunnel = next_tunnel(pd->tunnel);
2420 }
2421 }
2422
2423 /* NULL tunnel and session indicates end of list */
2424 if ((pd->tunnel == NULL) && (pd->session == NULL))
2425 pd = NULL;
2426
2427 out:
2428 return pd;
2429 }
2430
pppol2tp_seq_next(struct seq_file * m,void * v,loff_t * pos)2431 static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
2432 {
2433 (*pos)++;
2434 return NULL;
2435 }
2436
pppol2tp_seq_stop(struct seq_file * p,void * v)2437 static void pppol2tp_seq_stop(struct seq_file *p, void *v)
2438 {
2439 /* nothing to do */
2440 }
2441
pppol2tp_seq_tunnel_show(struct seq_file * m,void * v)2442 static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
2443 {
2444 struct pppol2tp_tunnel *tunnel = v;
2445
2446 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
2447 tunnel->name,
2448 (tunnel == tunnel->sock->sk_user_data) ? 'Y':'N',
2449 atomic_read(&tunnel->ref_count) - 1);
2450 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
2451 tunnel->debug,
2452 (unsigned long long)tunnel->stats.tx_packets,
2453 (unsigned long long)tunnel->stats.tx_bytes,
2454 (unsigned long long)tunnel->stats.tx_errors,
2455 (unsigned long long)tunnel->stats.rx_packets,
2456 (unsigned long long)tunnel->stats.rx_bytes,
2457 (unsigned long long)tunnel->stats.rx_errors);
2458 }
2459
pppol2tp_seq_session_show(struct seq_file * m,void * v)2460 static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2461 {
2462 struct pppol2tp_session *session = v;
2463
2464 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
2465 "%04X/%04X %d %c\n",
2466 session->name,
2467 ntohl(session->tunnel_addr.addr.sin_addr.s_addr),
2468 ntohs(session->tunnel_addr.addr.sin_port),
2469 session->tunnel_addr.s_tunnel,
2470 session->tunnel_addr.s_session,
2471 session->tunnel_addr.d_tunnel,
2472 session->tunnel_addr.d_session,
2473 session->sock->sk_state,
2474 (session == session->sock->sk_user_data) ?
2475 'Y' : 'N');
2476 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
2477 session->mtu, session->mru,
2478 session->recv_seq ? 'R' : '-',
2479 session->send_seq ? 'S' : '-',
2480 session->lns_mode ? "LNS" : "LAC",
2481 session->debug,
2482 jiffies_to_msecs(session->reorder_timeout));
2483 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
2484 session->nr, session->ns,
2485 (unsigned long long)session->stats.tx_packets,
2486 (unsigned long long)session->stats.tx_bytes,
2487 (unsigned long long)session->stats.tx_errors,
2488 (unsigned long long)session->stats.rx_packets,
2489 (unsigned long long)session->stats.rx_bytes,
2490 (unsigned long long)session->stats.rx_errors);
2491 }
2492
pppol2tp_seq_show(struct seq_file * m,void * v)2493 static int pppol2tp_seq_show(struct seq_file *m, void *v)
2494 {
2495 struct pppol2tp_seq_data *pd = v;
2496
2497 /* display header on line 1 */
2498 if (v == SEQ_START_TOKEN) {
2499 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
2500 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
2501 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2502 seq_puts(m, " SESSION name, addr/port src-tid/sid "
2503 "dest-tid/sid state user-data-ok\n");
2504 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
2505 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2506 goto out;
2507 }
2508
2509 /* Show the tunnel or session context.
2510 */
2511 if (pd->session == NULL)
2512 pppol2tp_seq_tunnel_show(m, pd->tunnel);
2513 else
2514 pppol2tp_seq_session_show(m, pd->session);
2515
2516 out:
2517 return 0;
2518 }
2519
2520 static struct seq_operations pppol2tp_seq_ops = {
2521 .start = pppol2tp_seq_start,
2522 .next = pppol2tp_seq_next,
2523 .stop = pppol2tp_seq_stop,
2524 .show = pppol2tp_seq_show,
2525 };
2526
2527 /* Called when our /proc file is opened. We allocate data for use when
2528 * iterating our tunnel / session contexts and store it in the private
2529 * data of the seq_file.
2530 */
pppol2tp_proc_open(struct inode * inode,struct file * file)2531 static int pppol2tp_proc_open(struct inode *inode, struct file *file)
2532 {
2533 struct seq_file *m;
2534 struct pppol2tp_seq_data *pd;
2535 int ret = 0;
2536
2537 ret = seq_open(file, &pppol2tp_seq_ops);
2538 if (ret < 0)
2539 goto out;
2540
2541 m = file->private_data;
2542
2543 /* Allocate and fill our proc_data for access later */
2544 ret = -ENOMEM;
2545 m->private = kzalloc(sizeof(struct pppol2tp_seq_data), GFP_KERNEL);
2546 if (m->private == NULL)
2547 goto out;
2548
2549 pd = m->private;
2550 ret = 0;
2551
2552 out:
2553 return ret;
2554 }
2555
2556 /* Called when /proc file access completes.
2557 */
pppol2tp_proc_release(struct inode * inode,struct file * file)2558 static int pppol2tp_proc_release(struct inode *inode, struct file *file)
2559 {
2560 struct seq_file *m = (struct seq_file *)file->private_data;
2561
2562 kfree(m->private);
2563 m->private = NULL;
2564
2565 return seq_release(inode, file);
2566 }
2567
2568 static struct file_operations pppol2tp_proc_fops = {
2569 .owner = THIS_MODULE,
2570 .open = pppol2tp_proc_open,
2571 .read = seq_read,
2572 .llseek = seq_lseek,
2573 .release = pppol2tp_proc_release,
2574 };
2575
2576 static struct proc_dir_entry *pppol2tp_proc;
2577
2578 #endif /* CONFIG_PROC_FS */
2579
2580 /*****************************************************************************
2581 * Init and cleanup
2582 *****************************************************************************/
2583
2584 static struct proto_ops pppol2tp_ops = {
2585 .family = AF_PPPOX,
2586 .owner = THIS_MODULE,
2587 .release = pppol2tp_release,
2588 .bind = sock_no_bind,
2589 .connect = pppol2tp_connect,
2590 .socketpair = sock_no_socketpair,
2591 .accept = sock_no_accept,
2592 .getname = pppol2tp_getname,
2593 .poll = datagram_poll,
2594 .listen = sock_no_listen,
2595 .shutdown = sock_no_shutdown,
2596 .setsockopt = pppol2tp_setsockopt,
2597 .getsockopt = pppol2tp_getsockopt,
2598 .sendmsg = pppol2tp_sendmsg,
2599 .recvmsg = pppol2tp_recvmsg,
2600 .mmap = sock_no_mmap,
2601 .ioctl = pppox_ioctl,
2602 };
2603
2604 static struct pppox_proto pppol2tp_proto = {
2605 .create = pppol2tp_create,
2606 .ioctl = pppol2tp_ioctl
2607 };
2608
pppol2tp_init(void)2609 static int __init pppol2tp_init(void)
2610 {
2611 int err;
2612
2613 err = proto_register(&pppol2tp_sk_proto, 0);
2614 if (err)
2615 goto out;
2616 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
2617 if (err)
2618 goto out_unregister_pppol2tp_proto;
2619
2620 #ifdef CONFIG_PROC_FS
2621 pppol2tp_proc = proc_net_fops_create(&init_net, "pppol2tp", 0,
2622 &pppol2tp_proc_fops);
2623 if (!pppol2tp_proc) {
2624 err = -ENOMEM;
2625 goto out_unregister_pppox_proto;
2626 }
2627 #endif /* CONFIG_PROC_FS */
2628 printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
2629 PPPOL2TP_DRV_VERSION);
2630
2631 out:
2632 return err;
2633 #ifdef CONFIG_PROC_FS
2634 out_unregister_pppox_proto:
2635 unregister_pppox_proto(PX_PROTO_OL2TP);
2636 #endif
2637 out_unregister_pppol2tp_proto:
2638 proto_unregister(&pppol2tp_sk_proto);
2639 goto out;
2640 }
2641
pppol2tp_exit(void)2642 static void __exit pppol2tp_exit(void)
2643 {
2644 unregister_pppox_proto(PX_PROTO_OL2TP);
2645
2646 #ifdef CONFIG_PROC_FS
2647 remove_proc_entry("pppol2tp", init_net.proc_net);
2648 #endif
2649 proto_unregister(&pppol2tp_sk_proto);
2650 }
2651
2652 module_init(pppol2tp_init);
2653 module_exit(pppol2tp_exit);
2654
2655 MODULE_AUTHOR("Martijn van Oosterhout <kleptog@svana.org>, "
2656 "James Chapman <jchapman@katalix.com>");
2657 MODULE_DESCRIPTION("PPP over L2TP over UDP");
2658 MODULE_LICENSE("GPL");
2659 MODULE_VERSION(PPPOL2TP_DRV_VERSION);
2660