1 /* drivers/net/pppolac.c
2 *
3 * Driver for PPP on L2TP Access Concentrator / PPPoLAC Socket (RFC 2661)
4 *
5 * Copyright (C) 2009 Google, Inc.
6 * Author: Chia-chi Yeh <chiachi@android.com>
7 *
8 * This software is licensed under the terms of the GNU General Public
9 * License version 2, as published by the Free Software Foundation, and
10 * may be copied, distributed, and modified under those terms.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 */
17
18 /* This driver handles L2TP data packets between a UDP socket and a PPP channel.
19 * To keep things simple, only one session per socket is permitted. Packets are
20 * sent via the socket, so it must keep connected to the same address. One must
21 * not set sequencing in ICCN but let LNS controll it. Currently this driver
22 * only works on IPv4 due to the lack of UDP encapsulation support in IPv6. */
23
24 #include <linux/module.h>
25 #include <linux/skbuff.h>
26 #include <linux/file.h>
27 #include <linux/net.h>
28 #include <linux/udp.h>
29 #include <linux/ppp_defs.h>
30 #include <linux/if_ppp.h>
31 #include <linux/if_pppox.h>
32 #include <linux/ppp_channel.h>
33 #include <net/tcp_states.h>
34
35 #define L2TP_CONTROL_BIT 0x80
36 #define L2TP_LENGTH_BIT 0x40
37 #define L2TP_SEQUENCE_BIT 0x08
38 #define L2TP_OFFSET_BIT 0x02
39 #define L2TP_VERSION 0x02
40 #define L2TP_VERSION_MASK 0x0F
41
42 #define PPP_ADDR 0xFF
43 #define PPP_CTRL 0x03
44
45 union unaligned {
46 __u32 u32;
47 } __attribute__((packed));
48
unaligned(void * ptr)49 static inline union unaligned *unaligned(void *ptr)
50 {
51 return (union unaligned *)ptr;
52 }
53
pppolac_recv(struct sock * sk_udp,struct sk_buff * skb)54 static int pppolac_recv(struct sock *sk_udp, struct sk_buff *skb)
55 {
56 struct sock *sk;
57 struct pppolac_opt *opt;
58 __u8 bits;
59 __u8 *ptr;
60
61 /* Drop the packet if it is too short. */
62 if (skb->len < sizeof(struct udphdr) + 6)
63 goto drop;
64
65 /* Put it back if it is a control packet. */
66 if (skb->data[sizeof(struct udphdr)] & L2TP_CONTROL_BIT)
67 return 1;
68
69 /* Now the packet is ours. Skip UDP header. */
70 skb_pull(skb, sizeof(struct udphdr));
71
72 /* Check the version. */
73 if ((skb->data[1] & L2TP_VERSION_MASK) != L2TP_VERSION)
74 goto drop;
75 bits = skb->data[0];
76 ptr = &skb->data[2];
77
78 /* Check the length if it is present. */
79 if (bits & L2TP_LENGTH_BIT) {
80 if ((ptr[0] << 8 | ptr[1]) != skb->len)
81 goto drop;
82 ptr += 2;
83 }
84
85 /* Skip all fields including optional ones. */
86 if (!skb_pull(skb, 6 + (bits & L2TP_SEQUENCE_BIT ? 4 : 0) +
87 (bits & L2TP_LENGTH_BIT ? 2 : 0) +
88 (bits & L2TP_OFFSET_BIT ? 2 : 0)))
89 goto drop;
90
91 /* Skip the offset padding if it is present. */
92 if (bits & L2TP_OFFSET_BIT &&
93 !skb_pull(skb, skb->data[-2] << 8 | skb->data[-1]))
94 goto drop;
95
96 /* Now ptr is pointing to the tunnel and skb is pointing to the payload.
97 * We have to lock sk_udp to prevent sk from being closed. */
98 lock_sock(sk_udp);
99 sk = sk_udp->sk_user_data;
100 if (!sk) {
101 release_sock(sk_udp);
102 goto drop;
103 }
104 sock_hold(sk);
105 release_sock(sk_udp);
106 opt = &pppox_sk(sk)->proto.lac;
107
108 /* Check the tunnel and the session. */
109 if (unaligned(ptr)->u32 != opt->local) {
110 sock_put(sk);
111 goto drop;
112 }
113
114 /* Check the sequence if it is present. According to RFC 2661 page 10
115 * and 43, the only thing to do is updating opt->sequencing. */
116 opt->sequencing = bits & L2TP_SEQUENCE_BIT;
117
118 /* Skip PPP address and control if they are present. */
119 if (skb->len >= 2 && skb->data[0] == PPP_ADDR &&
120 skb->data[1] == PPP_CTRL)
121 skb_pull(skb, 2);
122
123 /* Fix PPP protocol if it is compressed. */
124 if (skb->len >= 1 && skb->data[0] & 1)
125 skb_push(skb, 1)[0] = 0;
126
127 /* Finally, deliver the packet to PPP channel. We have to lock sk to
128 * prevent another thread from calling pppox_unbind_sock(). */
129 skb_orphan(skb);
130 lock_sock(sk);
131 ppp_input(&pppox_sk(sk)->chan, skb);
132 release_sock(sk);
133 sock_put(sk);
134 return 0;
135
136 drop:
137 kfree_skb(skb);
138 return 0;
139 }
140
pppolac_xmit(struct ppp_channel * chan,struct sk_buff * skb)141 static int pppolac_xmit(struct ppp_channel *chan, struct sk_buff *skb)
142 {
143 struct sock *sk_udp = (struct sock *)chan->private;
144 struct pppolac_opt *opt = &pppox_sk(sk_udp->sk_user_data)->proto.lac;
145 struct msghdr msg = {.msg_flags = MSG_NOSIGNAL | MSG_DONTWAIT};
146 struct kvec iov;
147
148 /* Install PPP address and control. */
149 skb_push(skb, 2);
150 skb->data[0] = PPP_ADDR;
151 skb->data[1] = PPP_CTRL;
152
153 /* Install L2TP header. */
154 if (opt->sequencing) {
155 skb_push(skb, 10);
156 skb->data[0] = L2TP_SEQUENCE_BIT;
157 skb->data[6] = opt->sequence >> 8;
158 skb->data[7] = opt->sequence;
159 skb->data[8] = 0;
160 skb->data[9] = 0;
161 opt->sequence++;
162 } else {
163 skb_push(skb, 6);
164 skb->data[0] = 0;
165 }
166 skb->data[1] = L2TP_VERSION;
167 unaligned(&skb->data[2])->u32 = opt->remote;
168
169 /* Now send the packet via UDP socket. */
170 iov.iov_base = skb->data;
171 iov.iov_len = skb->len;
172 kernel_sendmsg(sk_udp->sk_socket, &msg, &iov, 1, skb->len);
173 kfree_skb(skb);
174 return 1;
175 }
176
177 /******************************************************************************/
178
179 static struct ppp_channel_ops pppolac_channel_ops = {
180 .start_xmit = pppolac_xmit,
181 };
182
pppolac_connect(struct socket * sock,struct sockaddr * useraddr,int addrlen,int flags)183 static int pppolac_connect(struct socket *sock, struct sockaddr *useraddr,
184 int addrlen, int flags)
185 {
186 struct sock *sk = sock->sk;
187 struct pppox_sock *po = pppox_sk(sk);
188 struct sockaddr_pppolac *addr = (struct sockaddr_pppolac *)useraddr;
189 struct socket *sock_udp = NULL;
190 struct sock *sk_udp;
191 int error;
192
193 if (addrlen != sizeof(struct sockaddr_pppolac) ||
194 !addr->local.tunnel || !addr->local.session ||
195 !addr->remote.tunnel || !addr->remote.session) {
196 return -EINVAL;
197 }
198
199 lock_sock(sk);
200 error = -EALREADY;
201 if (sk->sk_state != PPPOX_NONE)
202 goto out;
203
204 sock_udp = sockfd_lookup(addr->udp_socket, &error);
205 if (!sock_udp)
206 goto out;
207 sk_udp = sock_udp->sk;
208 lock_sock(sk_udp);
209
210 /* Remove this check when IPv6 supports UDP encapsulation. */
211 error = -EAFNOSUPPORT;
212 if (sk_udp->sk_family != AF_INET)
213 goto out;
214 error = -EPROTONOSUPPORT;
215 if (sk_udp->sk_protocol != IPPROTO_UDP)
216 goto out;
217 error = -EDESTADDRREQ;
218 if (sk_udp->sk_state != TCP_ESTABLISHED)
219 goto out;
220 error = -EBUSY;
221 if (udp_sk(sk_udp)->encap_type || sk_udp->sk_user_data)
222 goto out;
223 if (!sk_udp->sk_bound_dev_if) {
224 struct dst_entry *dst = sk_dst_get(sk_udp);
225 error = -ENODEV;
226 if (!dst)
227 goto out;
228 sk_udp->sk_bound_dev_if = dst->dev->ifindex;
229 dst_release(dst);
230 }
231
232 po->chan.hdrlen = 12;
233 po->chan.private = sk_udp;
234 po->chan.ops = &pppolac_channel_ops;
235 po->chan.mtu = PPP_MTU - 80;
236 po->proto.lac.local = unaligned(&addr->local)->u32;
237 po->proto.lac.remote = unaligned(&addr->remote)->u32;
238
239 error = ppp_register_channel(&po->chan);
240 if (error)
241 goto out;
242
243 sk->sk_state = PPPOX_CONNECTED;
244 udp_sk(sk_udp)->encap_type = UDP_ENCAP_L2TPINUDP;
245 udp_sk(sk_udp)->encap_rcv = pppolac_recv;
246 sk_udp->sk_user_data = sk;
247
248 out:
249 if (sock_udp) {
250 release_sock(sk_udp);
251 if (error)
252 sockfd_put(sock_udp);
253 }
254 release_sock(sk);
255 return error;
256 }
257
pppolac_release(struct socket * sock)258 static int pppolac_release(struct socket *sock)
259 {
260 struct sock *sk = sock->sk;
261
262 if (!sk)
263 return 0;
264
265 lock_sock(sk);
266 if (sock_flag(sk, SOCK_DEAD)) {
267 release_sock(sk);
268 return -EBADF;
269 }
270
271 if (sk->sk_state != PPPOX_NONE) {
272 struct sock *sk_udp = (struct sock *)pppox_sk(sk)->chan.private;
273 pppox_unbind_sock(sk);
274
275 lock_sock(sk_udp);
276 sk_udp->sk_user_data = NULL;
277 udp_sk(sk_udp)->encap_type = 0;
278 udp_sk(sk_udp)->encap_rcv = NULL;
279 release_sock(sk_udp);
280 sockfd_put(sk_udp->sk_socket);
281 }
282
283 sock_orphan(sk);
284 sock->sk = NULL;
285 release_sock(sk);
286 sock_put(sk);
287 return 0;
288 }
289
290 /******************************************************************************/
291
292 static struct proto pppolac_proto = {
293 .name = "PPPOLAC",
294 .owner = THIS_MODULE,
295 .obj_size = sizeof(struct pppox_sock),
296 };
297
298 static struct proto_ops pppolac_proto_ops = {
299 .family = PF_PPPOX,
300 .owner = THIS_MODULE,
301 .release = pppolac_release,
302 .bind = sock_no_bind,
303 .connect = pppolac_connect,
304 .socketpair = sock_no_socketpair,
305 .accept = sock_no_accept,
306 .getname = sock_no_getname,
307 .poll = sock_no_poll,
308 .ioctl = pppox_ioctl,
309 .listen = sock_no_listen,
310 .shutdown = sock_no_shutdown,
311 .setsockopt = sock_no_setsockopt,
312 .getsockopt = sock_no_getsockopt,
313 .sendmsg = sock_no_sendmsg,
314 .recvmsg = sock_no_recvmsg,
315 .mmap = sock_no_mmap,
316 };
317
pppolac_create(struct net * net,struct socket * sock)318 static int pppolac_create(struct net *net, struct socket *sock)
319 {
320 struct sock *sk;
321
322 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppolac_proto);
323 if (!sk)
324 return -ENOMEM;
325
326 sock_init_data(sock, sk);
327 sock->state = SS_UNCONNECTED;
328 sock->ops = &pppolac_proto_ops;
329 sk->sk_protocol = PX_PROTO_OLAC;
330 sk->sk_state = PPPOX_NONE;
331 return 0;
332 }
333
334 /******************************************************************************/
335
336 static struct pppox_proto pppolac_pppox_proto = {
337 .create = pppolac_create,
338 .owner = THIS_MODULE,
339 };
340
pppolac_init(void)341 static int __init pppolac_init(void)
342 {
343 int error;
344
345 error = proto_register(&pppolac_proto, 0);
346 if (error)
347 return error;
348
349 error = register_pppox_proto(PX_PROTO_OLAC, &pppolac_pppox_proto);
350 if (error)
351 proto_unregister(&pppolac_proto);
352 return error;
353 }
354
pppolac_exit(void)355 static void __exit pppolac_exit(void)
356 {
357 unregister_pppox_proto(PX_PROTO_OLAC);
358 proto_unregister(&pppolac_proto);
359 }
360
361 module_init(pppolac_init);
362 module_exit(pppolac_exit);
363
364 MODULE_DESCRIPTION("PPP on L2TP Access Concentrator (PPPoLAC)");
365 MODULE_AUTHOR("Chia-chi Yeh <chiachi@android.com>");
366 MODULE_LICENSE("GPL");
367