1 /* drivers/net/pppopns.c
2 *
3 * Driver for PPP on PPTP Network Server / PPPoPNS Socket (RFC 2637)
4 *
5 * Copyright (C) 2009 Google, Inc.
6 * Author: Chia-chi Yeh <chiachi@android.com>
7 *
8 * This software is licensed under the terms of the GNU General Public
9 * License version 2, as published by the Free Software Foundation, and
10 * may be copied, distributed, and modified under those terms.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 */
17
18 /* This driver handles PPTP data packets between a RAW socket and a PPP channel.
19 * The socket is created in the kernel space and connected to the same address
20 * of the control socket. To keep things simple, packets are always sent with
21 * sequence but without acknowledgement. This driver should work on both IPv4
22 * and IPv6. */
23
24 #include <linux/module.h>
25 #include <linux/skbuff.h>
26 #include <linux/file.h>
27 #include <linux/net.h>
28 #include <linux/ppp_defs.h>
29 #include <linux/if.h>
30 #include <linux/if_ppp.h>
31 #include <linux/if_pppox.h>
32 #include <linux/ppp_channel.h>
33
34 #define GRE_HEADER_SIZE 8
35
36 #define PPTP_GRE_BITS htons(0x2001)
37 #define PPTP_GRE_BITS_MASK htons(0xEF7F)
38 #define PPTP_GRE_SEQ_BIT htons(0x1000)
39 #define PPTP_GRE_ACK_BIT htons(0x0080)
40 #define PPTP_GRE_TYPE htons(0x880B)
41
42 #define PPP_ADDR 0xFF
43 #define PPP_CTRL 0x03
44
45 struct header {
46 __u16 bits;
47 __u16 type;
48 __u16 length;
49 __u16 call;
50 __u32 sequence;
51 } __attribute__((packed));
52
pppopns_recv(struct sock * sk_raw,int length)53 static void pppopns_recv(struct sock *sk_raw, int length)
54 {
55 struct sock *sk;
56 struct pppopns_opt *opt;
57 struct sk_buff *skb;
58 struct header *hdr;
59
60 /* Lock sk_raw to prevent sk from being closed. */
61 lock_sock(sk_raw);
62 sk = (struct sock *)sk_raw->sk_user_data;
63 if (!sk) {
64 release_sock(sk_raw);
65 return;
66 }
67 sock_hold(sk);
68 release_sock(sk_raw);
69 opt = &pppox_sk(sk)->proto.pns;
70
71 /* Process packets from the receive queue. */
72 while ((skb = skb_dequeue(&sk_raw->sk_receive_queue))) {
73 skb_pull(skb, skb_transport_header(skb) - skb->data);
74
75 /* Drop the packet if it is too short. */
76 if (skb->len < GRE_HEADER_SIZE)
77 goto drop;
78
79 /* Check the header. */
80 hdr = (struct header *)skb->data;
81 if (hdr->type != PPTP_GRE_TYPE || hdr->call != opt->local ||
82 (hdr->bits & PPTP_GRE_BITS_MASK) != PPTP_GRE_BITS)
83 goto drop;
84
85 /* Skip all fields including optional ones. */
86 if (!skb_pull(skb, GRE_HEADER_SIZE +
87 (hdr->bits & PPTP_GRE_SEQ_BIT ? 4 : 0) +
88 (hdr->bits & PPTP_GRE_ACK_BIT ? 4 : 0)))
89 goto drop;
90
91 /* Check the length. */
92 if (skb->len != ntohs(hdr->length))
93 goto drop;
94
95 /* Skip PPP address and control if they are present. */
96 if (skb->len >= 2 && skb->data[0] == PPP_ADDR &&
97 skb->data[1] == PPP_CTRL)
98 skb_pull(skb, 2);
99
100 /* Fix PPP protocol if it is compressed. */
101 if (skb->len >= 1 && skb->data[0] & 1)
102 skb_push(skb, 1)[0] = 0;
103
104 /* Deliver the packet to PPP channel. We have to lock sk to
105 * prevent another thread from calling pppox_unbind_sock(). */
106 skb_orphan(skb);
107 lock_sock(sk);
108 ppp_input(&pppox_sk(sk)->chan, skb);
109 release_sock(sk);
110 continue;
111 drop:
112 kfree_skb(skb);
113 }
114 sock_put(sk);
115 }
116
pppopns_xmit(struct ppp_channel * chan,struct sk_buff * skb)117 static int pppopns_xmit(struct ppp_channel *chan, struct sk_buff *skb)
118 {
119 struct sock *sk_raw = (struct sock *)chan->private;
120 struct pppopns_opt *opt = &pppox_sk(sk_raw->sk_user_data)->proto.pns;
121 struct msghdr msg = {.msg_flags = MSG_NOSIGNAL | MSG_DONTWAIT};
122 struct kvec iov;
123 struct header *hdr;
124 __u16 length;
125
126 /* Install PPP address and control. */
127 skb_push(skb, 2);
128 skb->data[0] = PPP_ADDR;
129 skb->data[1] = PPP_CTRL;
130 length = skb->len;
131
132 /* Install PPTP GRE header. */
133 hdr = (struct header *)skb_push(skb, 12);
134 hdr->bits = PPTP_GRE_BITS | PPTP_GRE_SEQ_BIT;
135 hdr->type = PPTP_GRE_TYPE;
136 hdr->length = htons(length);
137 hdr->call = opt->remote;
138 hdr->sequence = htonl(opt->sequence);
139 opt->sequence++;
140
141 /* Now send the packet via RAW socket. */
142 iov.iov_base = skb->data;
143 iov.iov_len = skb->len;
144 kernel_sendmsg(sk_raw->sk_socket, &msg, &iov, 1, skb->len);
145 kfree_skb(skb);
146 return 1;
147 }
148
149 /******************************************************************************/
150
151 static struct ppp_channel_ops pppopns_channel_ops = {
152 .start_xmit = pppopns_xmit,
153 };
154
pppopns_connect(struct socket * sock,struct sockaddr * useraddr,int addrlen,int flags)155 static int pppopns_connect(struct socket *sock, struct sockaddr *useraddr,
156 int addrlen, int flags)
157 {
158 struct sock *sk = sock->sk;
159 struct pppox_sock *po = pppox_sk(sk);
160 struct sockaddr_pppopns *addr = (struct sockaddr_pppopns *)useraddr;
161 struct sockaddr_storage ss;
162 struct socket *sock_tcp = NULL;
163 struct socket *sock_raw = NULL;
164 struct sock *sk_tcp;
165 struct sock *sk_raw;
166 int error;
167
168 if (addrlen != sizeof(struct sockaddr_pppopns))
169 return -EINVAL;
170
171 lock_sock(sk);
172 error = -EALREADY;
173 if (sk->sk_state != PPPOX_NONE)
174 goto out;
175
176 sock_tcp = sockfd_lookup(addr->tcp_socket, &error);
177 if (!sock_tcp)
178 goto out;
179 sk_tcp = sock_tcp->sk;
180 error = -EPROTONOSUPPORT;
181 if (sk_tcp->sk_protocol != IPPROTO_TCP)
182 goto out;
183 addrlen = sizeof(struct sockaddr_storage);
184 error = kernel_getpeername(sock_tcp, (struct sockaddr *)&ss, &addrlen);
185 if (error)
186 goto out;
187 if (!sk_tcp->sk_bound_dev_if) {
188 struct dst_entry *dst = sk_dst_get(sk_tcp);
189 error = -ENODEV;
190 if (!dst)
191 goto out;
192 sk_tcp->sk_bound_dev_if = dst->dev->ifindex;
193 dst_release(dst);
194 }
195
196 error = sock_create(ss.ss_family, SOCK_RAW, IPPROTO_GRE, &sock_raw);
197 if (error)
198 goto out;
199 sk_raw = sock_raw->sk;
200 sk_raw->sk_bound_dev_if = sk_tcp->sk_bound_dev_if;
201 error = kernel_connect(sock_raw, (struct sockaddr *)&ss, addrlen, 0);
202 if (error)
203 goto out;
204
205 po->chan.hdrlen = 14;
206 po->chan.private = sk_raw;
207 po->chan.ops = &pppopns_channel_ops;
208 po->chan.mtu = PPP_MTU - 80;
209 po->proto.pns.local = addr->local;
210 po->proto.pns.remote = addr->remote;
211
212 error = ppp_register_channel(&po->chan);
213 if (error)
214 goto out;
215
216 sk->sk_state = PPPOX_CONNECTED;
217 sk_raw->sk_user_data = sk;
218 sk_raw->sk_data_ready = pppopns_recv;
219
220 out:
221 if (sock_tcp)
222 sockfd_put(sock_tcp);
223 if (error && sock_raw)
224 sock_release(sock_raw);
225 release_sock(sk);
226 return error;
227 }
228
pppopns_release(struct socket * sock)229 static int pppopns_release(struct socket *sock)
230 {
231 struct sock *sk = sock->sk;
232
233 if (!sk)
234 return 0;
235
236 lock_sock(sk);
237 if (sock_flag(sk, SOCK_DEAD)) {
238 release_sock(sk);
239 return -EBADF;
240 }
241
242 if (sk->sk_state != PPPOX_NONE) {
243 struct sock *sk_raw = (struct sock *)pppox_sk(sk)->chan.private;
244 pppox_unbind_sock(sk);
245 lock_sock(sk_raw);
246 sk_raw->sk_user_data = NULL;
247 release_sock(sk_raw);
248 sock_release(sk_raw->sk_socket);
249 }
250
251 sock_orphan(sk);
252 sock->sk = NULL;
253 release_sock(sk);
254 sock_put(sk);
255 return 0;
256 }
257
258 /******************************************************************************/
259
260 static struct proto pppopns_proto = {
261 .name = "PPPOPNS",
262 .owner = THIS_MODULE,
263 .obj_size = sizeof(struct pppox_sock),
264 };
265
266 static struct proto_ops pppopns_proto_ops = {
267 .family = PF_PPPOX,
268 .owner = THIS_MODULE,
269 .release = pppopns_release,
270 .bind = sock_no_bind,
271 .connect = pppopns_connect,
272 .socketpair = sock_no_socketpair,
273 .accept = sock_no_accept,
274 .getname = sock_no_getname,
275 .poll = sock_no_poll,
276 .ioctl = pppox_ioctl,
277 .listen = sock_no_listen,
278 .shutdown = sock_no_shutdown,
279 .setsockopt = sock_no_setsockopt,
280 .getsockopt = sock_no_getsockopt,
281 .sendmsg = sock_no_sendmsg,
282 .recvmsg = sock_no_recvmsg,
283 .mmap = sock_no_mmap,
284 };
285
pppopns_create(struct net * net,struct socket * sock)286 static int pppopns_create(struct net *net, struct socket *sock)
287 {
288 struct sock *sk;
289
290 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppopns_proto);
291 if (!sk)
292 return -ENOMEM;
293
294 sock_init_data(sock, sk);
295 sock->state = SS_UNCONNECTED;
296 sock->ops = &pppopns_proto_ops;
297 sk->sk_protocol = PX_PROTO_OPNS;
298 sk->sk_state = PPPOX_NONE;
299 return 0;
300 }
301
302 /******************************************************************************/
303
304 static struct pppox_proto pppopns_pppox_proto = {
305 .create = pppopns_create,
306 .owner = THIS_MODULE,
307 };
308
pppopns_init(void)309 static int __init pppopns_init(void)
310 {
311 int error;
312
313 error = proto_register(&pppopns_proto, 0);
314 if (error)
315 return error;
316
317 error = register_pppox_proto(PX_PROTO_OPNS, &pppopns_pppox_proto);
318 if (error)
319 proto_unregister(&pppopns_proto);
320 return error;
321 }
322
pppopns_exit(void)323 static void __exit pppopns_exit(void)
324 {
325 unregister_pppox_proto(PX_PROTO_OPNS);
326 proto_unregister(&pppopns_proto);
327 }
328
329 module_init(pppopns_init);
330 module_exit(pppopns_exit);
331
332 MODULE_DESCRIPTION("PPP on PPTP Network Server (PPPoPNS)");
333 MODULE_AUTHOR("Chia-chi Yeh <chiachi@android.com>");
334 MODULE_LICENSE("GPL");
335