Root/net/l2tp/l2tp_ppp.c

1/*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6 *
7 * Version: 2.0.0
8 *
9 * Authors: James Chapman (jchapman@katalix.com)
10 *
11 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
12 *
13 * License:
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version
17 * 2 of the License, or (at your option) any later version.
18 *
19 */
20
21/* This driver handles only L2TP data frames; control frames are handled by a
22 * userspace application.
23 *
24 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
25 * attaches it to a bound UDP socket with local tunnel_id / session_id and
26 * peer tunnel_id / session_id set. Data can then be sent or received using
27 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
28 * can be read or modified using ioctl() or [gs]etsockopt() calls.
29 *
30 * When a PPPoL2TP socket is connected with local and peer session_id values
31 * zero, the socket is treated as a special tunnel management socket.
32 *
33 * Here's example userspace code to create a socket for sending/receiving data
34 * over an L2TP session:-
35 *
36 * struct sockaddr_pppol2tp sax;
37 * int fd;
38 * int session_fd;
39 *
40 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
41 *
42 * sax.sa_family = AF_PPPOX;
43 * sax.sa_protocol = PX_PROTO_OL2TP;
44 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
45 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
46 * sax.pppol2tp.addr.sin_port = addr->sin_port;
47 * sax.pppol2tp.addr.sin_family = AF_INET;
48 * sax.pppol2tp.s_tunnel = tunnel_id;
49 * sax.pppol2tp.s_session = session_id;
50 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
51 * sax.pppol2tp.d_session = peer_session_id;
52 *
53 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
54 *
55 * A pppd plugin that allows PPP traffic to be carried over L2TP using
56 * this driver is available from the OpenL2TP project at
57 * http://openl2tp.sourceforge.net.
58 */
59
60#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
61
62#include <linux/module.h>
63#include <linux/string.h>
64#include <linux/list.h>
65#include <linux/uaccess.h>
66
67#include <linux/kernel.h>
68#include <linux/spinlock.h>
69#include <linux/kthread.h>
70#include <linux/sched.h>
71#include <linux/slab.h>
72#include <linux/errno.h>
73#include <linux/jiffies.h>
74
75#include <linux/netdevice.h>
76#include <linux/net.h>
77#include <linux/inetdevice.h>
78#include <linux/skbuff.h>
79#include <linux/init.h>
80#include <linux/ip.h>
81#include <linux/udp.h>
82#include <linux/if_pppox.h>
83#include <linux/if_pppol2tp.h>
84#include <net/sock.h>
85#include <linux/ppp_channel.h>
86#include <linux/ppp_defs.h>
87#include <linux/ppp-ioctl.h>
88#include <linux/file.h>
89#include <linux/hash.h>
90#include <linux/sort.h>
91#include <linux/proc_fs.h>
92#include <linux/l2tp.h>
93#include <linux/nsproxy.h>
94#include <net/net_namespace.h>
95#include <net/netns/generic.h>
96#include <net/dst.h>
97#include <net/ip.h>
98#include <net/udp.h>
99#include <net/xfrm.h>
100#include <net/inet_common.h>
101
102#include <asm/byteorder.h>
103#include <linux/atomic.h>
104
105#include "l2tp_core.h"
106
107#define PPPOL2TP_DRV_VERSION "V2.0"
108
109/* Space for UDP, L2TP and PPP headers */
110#define PPPOL2TP_HEADER_OVERHEAD 40
111
112/* Number of bytes to build transmit L2TP headers.
113 * Unfortunately the size is different depending on whether sequence numbers
114 * are enabled.
115 */
116#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
117#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
118
119/* Private data of each session. This data lives at the end of struct
120 * l2tp_session, referenced via session->priv[].
121 */
122struct pppol2tp_session {
123    int owner; /* pid that opened the socket */
124
125    struct sock *sock; /* Pointer to the session
126                         * PPPoX socket */
127    struct sock *tunnel_sock; /* Pointer to the tunnel UDP
128                         * socket */
129    int flags; /* accessed by PPPIOCGFLAGS.
130                         * Unused. */
131};
132
133static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
134
135static const struct ppp_channel_ops pppol2tp_chan_ops = {
136    .start_xmit = pppol2tp_xmit,
137};
138
139static const struct proto_ops pppol2tp_ops;
140
141/* Helpers to obtain tunnel/session contexts from sockets.
142 */
143static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
144{
145    struct l2tp_session *session;
146
147    if (sk == NULL)
148        return NULL;
149
150    sock_hold(sk);
151    session = (struct l2tp_session *)(sk->sk_user_data);
152    if (session == NULL) {
153        sock_put(sk);
154        goto out;
155    }
156
157    BUG_ON(session->magic != L2TP_SESSION_MAGIC);
158
159out:
160    return session;
161}
162
163/*****************************************************************************
164 * Receive data handling
165 *****************************************************************************/
166
167static int pppol2tp_recv_payload_hook(struct sk_buff *skb)
168{
169    /* Skip PPP header, if present. In testing, Microsoft L2TP clients
170     * don't send the PPP header (PPP header compression enabled), but
171     * other clients can include the header. So we cope with both cases
172     * here. The PPP header is always FF03 when using L2TP.
173     *
174     * Note that skb->data[] isn't dereferenced from a u16 ptr here since
175     * the field may be unaligned.
176     */
177    if (!pskb_may_pull(skb, 2))
178        return 1;
179
180    if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
181        skb_pull(skb, 2);
182
183    return 0;
184}
185
186/* Receive message. This is the recvmsg for the PPPoL2TP socket.
187 */
188static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
189                struct msghdr *msg, size_t len,
190                int flags)
191{
192    int err;
193    struct sk_buff *skb;
194    struct sock *sk = sock->sk;
195
196    err = -EIO;
197    if (sk->sk_state & PPPOX_BOUND)
198        goto end;
199
200    err = 0;
201    skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
202                flags & MSG_DONTWAIT, &err);
203    if (!skb)
204        goto end;
205
206    if (len > skb->len)
207        len = skb->len;
208    else if (len < skb->len)
209        msg->msg_flags |= MSG_TRUNC;
210
211    err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
212    if (likely(err == 0))
213        err = len;
214
215    kfree_skb(skb);
216end:
217    return err;
218}
219
220static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
221{
222    struct pppol2tp_session *ps = l2tp_session_priv(session);
223    struct sock *sk = NULL;
224
225    /* If the socket is bound, send it in to PPP's input queue. Otherwise
226     * queue it on the session socket.
227     */
228    sk = ps->sock;
229    if (sk == NULL)
230        goto no_sock;
231
232    if (sk->sk_state & PPPOX_BOUND) {
233        struct pppox_sock *po;
234        l2tp_dbg(session, PPPOL2TP_MSG_DATA,
235             "%s: recv %d byte data frame, passing to ppp\n",
236             session->name, data_len);
237
238        /* We need to forget all info related to the L2TP packet
239         * gathered in the skb as we are going to reuse the same
240         * skb for the inner packet.
241         * Namely we need to:
242         * - reset xfrm (IPSec) information as it applies to
243         * the outer L2TP packet and not to the inner one
244         * - release the dst to force a route lookup on the inner
245         * IP packet since skb->dst currently points to the dst
246         * of the UDP tunnel
247         * - reset netfilter information as it doesn't apply
248         * to the inner packet either
249         */
250        secpath_reset(skb);
251        skb_dst_drop(skb);
252        nf_reset(skb);
253
254        po = pppox_sk(sk);
255        ppp_input(&po->chan, skb);
256    } else {
257        l2tp_dbg(session, PPPOL2TP_MSG_DATA,
258             "%s: recv %d byte data frame, passing to L2TP socket\n",
259             session->name, data_len);
260
261        if (sock_queue_rcv_skb(sk, skb) < 0) {
262            atomic_long_inc(&session->stats.rx_errors);
263            kfree_skb(skb);
264        }
265    }
266
267    return;
268
269no_sock:
270    l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: no socket\n", session->name);
271    kfree_skb(skb);
272}
273
274static void pppol2tp_session_sock_hold(struct l2tp_session *session)
275{
276    struct pppol2tp_session *ps = l2tp_session_priv(session);
277
278    if (ps->sock)
279        sock_hold(ps->sock);
280}
281
282static void pppol2tp_session_sock_put(struct l2tp_session *session)
283{
284    struct pppol2tp_session *ps = l2tp_session_priv(session);
285
286    if (ps->sock)
287        sock_put(ps->sock);
288}
289
290/************************************************************************
291 * Transmit handling
292 ***********************************************************************/
293
294/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
295 * when a user application does a sendmsg() on the session socket. L2TP and
296 * PPP headers must be inserted into the user's data.
297 */
298static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
299                size_t total_len)
300{
301    static const unsigned char ppph[2] = { 0xff, 0x03 };
302    struct sock *sk = sock->sk;
303    struct sk_buff *skb;
304    int error;
305    struct l2tp_session *session;
306    struct l2tp_tunnel *tunnel;
307    struct pppol2tp_session *ps;
308    int uhlen;
309
310    error = -ENOTCONN;
311    if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
312        goto error;
313
314    /* Get session and tunnel contexts */
315    error = -EBADF;
316    session = pppol2tp_sock_to_session(sk);
317    if (session == NULL)
318        goto error;
319
320    ps = l2tp_session_priv(session);
321    tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
322    if (tunnel == NULL)
323        goto error_put_sess;
324
325    uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
326
327    /* Allocate a socket buffer */
328    error = -ENOMEM;
329    skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
330               uhlen + session->hdr_len +
331               sizeof(ppph) + total_len,
332               0, GFP_KERNEL);
333    if (!skb)
334        goto error_put_sess_tun;
335
336    /* Reserve space for headers. */
337    skb_reserve(skb, NET_SKB_PAD);
338    skb_reset_network_header(skb);
339    skb_reserve(skb, sizeof(struct iphdr));
340    skb_reset_transport_header(skb);
341    skb_reserve(skb, uhlen);
342
343    /* Add PPP header */
344    skb->data[0] = ppph[0];
345    skb->data[1] = ppph[1];
346    skb_put(skb, 2);
347
348    /* Copy user data into skb */
349    error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov,
350                 total_len);
351    if (error < 0) {
352        kfree_skb(skb);
353        goto error_put_sess_tun;
354    }
355
356    local_bh_disable();
357    l2tp_xmit_skb(session, skb, session->hdr_len);
358    local_bh_enable();
359
360    sock_put(ps->tunnel_sock);
361    sock_put(sk);
362
363    return total_len;
364
365error_put_sess_tun:
366    sock_put(ps->tunnel_sock);
367error_put_sess:
368    sock_put(sk);
369error:
370    return error;
371}
372
373/* Transmit function called by generic PPP driver. Sends PPP frame
374 * over PPPoL2TP socket.
375 *
376 * This is almost the same as pppol2tp_sendmsg(), but rather than
377 * being called with a msghdr from userspace, it is called with a skb
378 * from the kernel.
379 *
380 * The supplied skb from ppp doesn't have enough headroom for the
381 * insertion of L2TP, UDP and IP headers so we need to allocate more
382 * headroom in the skb. This will create a cloned skb. But we must be
383 * careful in the error case because the caller will expect to free
384 * the skb it supplied, not our cloned skb. So we take care to always
385 * leave the original skb unfreed if we return an error.
386 */
387static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
388{
389    static const u8 ppph[2] = { 0xff, 0x03 };
390    struct sock *sk = (struct sock *) chan->private;
391    struct sock *sk_tun;
392    struct l2tp_session *session;
393    struct l2tp_tunnel *tunnel;
394    struct pppol2tp_session *ps;
395    int uhlen, headroom;
396
397    if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
398        goto abort;
399
400    /* Get session and tunnel contexts from the socket */
401    session = pppol2tp_sock_to_session(sk);
402    if (session == NULL)
403        goto abort;
404
405    ps = l2tp_session_priv(session);
406    sk_tun = ps->tunnel_sock;
407    if (sk_tun == NULL)
408        goto abort_put_sess;
409    tunnel = l2tp_sock_to_tunnel(sk_tun);
410    if (tunnel == NULL)
411        goto abort_put_sess;
412
413    uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
414    headroom = NET_SKB_PAD +
415           sizeof(struct iphdr) + /* IP header */
416           uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */
417           session->hdr_len + /* L2TP header */
418           sizeof(ppph); /* PPP header */
419    if (skb_cow_head(skb, headroom))
420        goto abort_put_sess_tun;
421
422    /* Setup PPP header */
423    __skb_push(skb, sizeof(ppph));
424    skb->data[0] = ppph[0];
425    skb->data[1] = ppph[1];
426
427    local_bh_disable();
428    l2tp_xmit_skb(session, skb, session->hdr_len);
429    local_bh_enable();
430
431    sock_put(sk_tun);
432    sock_put(sk);
433    return 1;
434
435abort_put_sess_tun:
436    sock_put(sk_tun);
437abort_put_sess:
438    sock_put(sk);
439abort:
440    /* Free the original skb */
441    kfree_skb(skb);
442    return 1;
443}
444
445/*****************************************************************************
446 * Session (and tunnel control) socket create/destroy.
447 *****************************************************************************/
448
449/* Called by l2tp_core when a session socket is being closed.
450 */
451static void pppol2tp_session_close(struct l2tp_session *session)
452{
453    struct pppol2tp_session *ps = l2tp_session_priv(session);
454    struct sock *sk = ps->sock;
455    struct socket *sock = sk->sk_socket;
456
457    BUG_ON(session->magic != L2TP_SESSION_MAGIC);
458
459    if (sock) {
460        inet_shutdown(sock, 2);
461        /* Don't let the session go away before our socket does */
462        l2tp_session_inc_refcount(session);
463    }
464}
465
466/* Really kill the session socket. (Called from sock_put() if
467 * refcnt == 0.)
468 */
469static void pppol2tp_session_destruct(struct sock *sk)
470{
471    struct l2tp_session *session = sk->sk_user_data;
472    if (session) {
473        sk->sk_user_data = NULL;
474        BUG_ON(session->magic != L2TP_SESSION_MAGIC);
475        l2tp_session_dec_refcount(session);
476    }
477}
478
479/* Called when the PPPoX socket (session) is closed.
480 */
481static int pppol2tp_release(struct socket *sock)
482{
483    struct sock *sk = sock->sk;
484    struct l2tp_session *session;
485    int error;
486
487    if (!sk)
488        return 0;
489
490    error = -EBADF;
491    lock_sock(sk);
492    if (sock_flag(sk, SOCK_DEAD) != 0)
493        goto error;
494
495    pppox_unbind_sock(sk);
496
497    /* Signal the death of the socket. */
498    sk->sk_state = PPPOX_DEAD;
499    sock_orphan(sk);
500    sock->sk = NULL;
501
502    session = pppol2tp_sock_to_session(sk);
503
504    /* Purge any queued data */
505    if (session != NULL) {
506        __l2tp_session_unhash(session);
507        l2tp_session_queue_purge(session);
508        sock_put(sk);
509    }
510    skb_queue_purge(&sk->sk_receive_queue);
511    skb_queue_purge(&sk->sk_write_queue);
512
513    release_sock(sk);
514
515    /* This will delete the session context via
516     * pppol2tp_session_destruct() if the socket's refcnt drops to
517     * zero.
518     */
519    sock_put(sk);
520
521    return 0;
522
523error:
524    release_sock(sk);
525    return error;
526}
527
528static struct proto pppol2tp_sk_proto = {
529    .name = "PPPOL2TP",
530    .owner = THIS_MODULE,
531    .obj_size = sizeof(struct pppox_sock),
532};
533
534static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
535{
536    int rc;
537
538    rc = l2tp_udp_encap_recv(sk, skb);
539    if (rc)
540        kfree_skb(skb);
541
542    return NET_RX_SUCCESS;
543}
544
545/* socket() handler. Initialize a new struct sock.
546 */
547static int pppol2tp_create(struct net *net, struct socket *sock)
548{
549    int error = -ENOMEM;
550    struct sock *sk;
551
552    sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
553    if (!sk)
554        goto out;
555
556    sock_init_data(sock, sk);
557
558    sock->state = SS_UNCONNECTED;
559    sock->ops = &pppol2tp_ops;
560
561    sk->sk_backlog_rcv = pppol2tp_backlog_recv;
562    sk->sk_protocol = PX_PROTO_OL2TP;
563    sk->sk_family = PF_PPPOX;
564    sk->sk_state = PPPOX_NONE;
565    sk->sk_type = SOCK_STREAM;
566    sk->sk_destruct = pppol2tp_session_destruct;
567
568    error = 0;
569
570out:
571    return error;
572}
573
574#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
575static void pppol2tp_show(struct seq_file *m, void *arg)
576{
577    struct l2tp_session *session = arg;
578    struct pppol2tp_session *ps = l2tp_session_priv(session);
579
580    if (ps) {
581        struct pppox_sock *po = pppox_sk(ps->sock);
582        if (po)
583            seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
584    }
585}
586#endif
587
588/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
589 */
590static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
591                int sockaddr_len, int flags)
592{
593    struct sock *sk = sock->sk;
594    struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
595    struct pppox_sock *po = pppox_sk(sk);
596    struct l2tp_session *session = NULL;
597    struct l2tp_tunnel *tunnel;
598    struct pppol2tp_session *ps;
599    struct dst_entry *dst;
600    struct l2tp_session_cfg cfg = { 0, };
601    int error = 0;
602    u32 tunnel_id, peer_tunnel_id;
603    u32 session_id, peer_session_id;
604    int ver = 2;
605    int fd;
606
607    lock_sock(sk);
608
609    error = -EINVAL;
610    if (sp->sa_protocol != PX_PROTO_OL2TP)
611        goto end;
612
613    /* Check for already bound sockets */
614    error = -EBUSY;
615    if (sk->sk_state & PPPOX_CONNECTED)
616        goto end;
617
618    /* We don't supporting rebinding anyway */
619    error = -EALREADY;
620    if (sk->sk_user_data)
621        goto end; /* socket is already attached */
622
623    /* Get params from socket address. Handle L2TPv2 and L2TPv3.
624     * This is nasty because there are different sockaddr_pppol2tp
625     * structs for L2TPv2, L2TPv3, over IPv4 and IPv6. We use
626     * the sockaddr size to determine which structure the caller
627     * is using.
628     */
629    peer_tunnel_id = 0;
630    if (sockaddr_len == sizeof(struct sockaddr_pppol2tp)) {
631        fd = sp->pppol2tp.fd;
632        tunnel_id = sp->pppol2tp.s_tunnel;
633        peer_tunnel_id = sp->pppol2tp.d_tunnel;
634        session_id = sp->pppol2tp.s_session;
635        peer_session_id = sp->pppol2tp.d_session;
636    } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3)) {
637        struct sockaddr_pppol2tpv3 *sp3 =
638            (struct sockaddr_pppol2tpv3 *) sp;
639        ver = 3;
640        fd = sp3->pppol2tp.fd;
641        tunnel_id = sp3->pppol2tp.s_tunnel;
642        peer_tunnel_id = sp3->pppol2tp.d_tunnel;
643        session_id = sp3->pppol2tp.s_session;
644        peer_session_id = sp3->pppol2tp.d_session;
645    } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpin6)) {
646        struct sockaddr_pppol2tpin6 *sp6 =
647            (struct sockaddr_pppol2tpin6 *) sp;
648        fd = sp6->pppol2tp.fd;
649        tunnel_id = sp6->pppol2tp.s_tunnel;
650        peer_tunnel_id = sp6->pppol2tp.d_tunnel;
651        session_id = sp6->pppol2tp.s_session;
652        peer_session_id = sp6->pppol2tp.d_session;
653    } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3in6)) {
654        struct sockaddr_pppol2tpv3in6 *sp6 =
655            (struct sockaddr_pppol2tpv3in6 *) sp;
656        ver = 3;
657        fd = sp6->pppol2tp.fd;
658        tunnel_id = sp6->pppol2tp.s_tunnel;
659        peer_tunnel_id = sp6->pppol2tp.d_tunnel;
660        session_id = sp6->pppol2tp.s_session;
661        peer_session_id = sp6->pppol2tp.d_session;
662    } else {
663        error = -EINVAL;
664        goto end; /* bad socket address */
665    }
666
667    /* Don't bind if tunnel_id is 0 */
668    error = -EINVAL;
669    if (tunnel_id == 0)
670        goto end;
671
672    tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id);
673
674    /* Special case: create tunnel context if session_id and
675     * peer_session_id is 0. Otherwise look up tunnel using supplied
676     * tunnel id.
677     */
678    if ((session_id == 0) && (peer_session_id == 0)) {
679        if (tunnel == NULL) {
680            struct l2tp_tunnel_cfg tcfg = {
681                .encap = L2TP_ENCAPTYPE_UDP,
682                .debug = 0,
683            };
684            error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel);
685            if (error < 0)
686                goto end;
687        }
688    } else {
689        /* Error if we can't find the tunnel */
690        error = -ENOENT;
691        if (tunnel == NULL)
692            goto end;
693
694        /* Error if socket is not prepped */
695        if (tunnel->sock == NULL)
696            goto end;
697    }
698
699    if (tunnel->recv_payload_hook == NULL)
700        tunnel->recv_payload_hook = pppol2tp_recv_payload_hook;
701
702    if (tunnel->peer_tunnel_id == 0)
703        tunnel->peer_tunnel_id = peer_tunnel_id;
704
705    /* Create session if it doesn't already exist. We handle the
706     * case where a session was previously created by the netlink
707     * interface by checking that the session doesn't already have
708     * a socket and its tunnel socket are what we expect. If any
709     * of those checks fail, return EEXIST to the caller.
710     */
711    session = l2tp_session_find(sock_net(sk), tunnel, session_id);
712    if (session == NULL) {
713        /* Default MTU must allow space for UDP/L2TP/PPP
714         * headers.
715         */
716        cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
717
718        /* Allocate and initialize a new session context. */
719        session = l2tp_session_create(sizeof(struct pppol2tp_session),
720                          tunnel, session_id,
721                          peer_session_id, &cfg);
722        if (session == NULL) {
723            error = -ENOMEM;
724            goto end;
725        }
726    } else {
727        ps = l2tp_session_priv(session);
728        error = -EEXIST;
729        if (ps->sock != NULL)
730            goto end;
731
732        /* consistency checks */
733        if (ps->tunnel_sock != tunnel->sock)
734            goto end;
735    }
736
737    /* Associate session with its PPPoL2TP socket */
738    ps = l2tp_session_priv(session);
739    ps->owner = current->pid;
740    ps->sock = sk;
741    ps->tunnel_sock = tunnel->sock;
742
743    session->recv_skb = pppol2tp_recv;
744    session->session_close = pppol2tp_session_close;
745#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
746    session->show = pppol2tp_show;
747#endif
748
749    /* We need to know each time a skb is dropped from the reorder
750     * queue.
751     */
752    session->ref = pppol2tp_session_sock_hold;
753    session->deref = pppol2tp_session_sock_put;
754
755    /* If PMTU discovery was enabled, use the MTU that was discovered */
756    dst = sk_dst_get(tunnel->sock);
757    if (dst != NULL) {
758        u32 pmtu = dst_mtu(__sk_dst_get(tunnel->sock));
759        if (pmtu != 0)
760            session->mtu = session->mru = pmtu -
761                PPPOL2TP_HEADER_OVERHEAD;
762        dst_release(dst);
763    }
764
765    /* Special case: if source & dest session_id == 0x0000, this
766     * socket is being created to manage the tunnel. Just set up
767     * the internal context for use by ioctl() and sockopt()
768     * handlers.
769     */
770    if ((session->session_id == 0) &&
771        (session->peer_session_id == 0)) {
772        error = 0;
773        goto out_no_ppp;
774    }
775
776    /* The only header we need to worry about is the L2TP
777     * header. This size is different depending on whether
778     * sequence numbers are enabled for the data channel.
779     */
780    po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
781
782    po->chan.private = sk;
783    po->chan.ops = &pppol2tp_chan_ops;
784    po->chan.mtu = session->mtu;
785
786    error = ppp_register_net_channel(sock_net(sk), &po->chan);
787    if (error)
788        goto end;
789
790out_no_ppp:
791    /* This is how we get the session context from the socket. */
792    sk->sk_user_data = session;
793    sk->sk_state = PPPOX_CONNECTED;
794    l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
795          session->name);
796
797end:
798    release_sock(sk);
799
800    return error;
801}
802
803#ifdef CONFIG_L2TP_V3
804
805/* Called when creating sessions via the netlink interface.
806 */
807static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
808{
809    int error;
810    struct l2tp_tunnel *tunnel;
811    struct l2tp_session *session;
812    struct pppol2tp_session *ps;
813
814    tunnel = l2tp_tunnel_find(net, tunnel_id);
815
816    /* Error if we can't find the tunnel */
817    error = -ENOENT;
818    if (tunnel == NULL)
819        goto out;
820
821    /* Error if tunnel socket is not prepped */
822    if (tunnel->sock == NULL)
823        goto out;
824
825    /* Check that this session doesn't already exist */
826    error = -EEXIST;
827    session = l2tp_session_find(net, tunnel, session_id);
828    if (session != NULL)
829        goto out;
830
831    /* Default MTU values. */
832    if (cfg->mtu == 0)
833        cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD;
834    if (cfg->mru == 0)
835        cfg->mru = cfg->mtu;
836
837    /* Allocate and initialize a new session context. */
838    error = -ENOMEM;
839    session = l2tp_session_create(sizeof(struct pppol2tp_session),
840                      tunnel, session_id,
841                      peer_session_id, cfg);
842    if (session == NULL)
843        goto out;
844
845    ps = l2tp_session_priv(session);
846    ps->tunnel_sock = tunnel->sock;
847
848    l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
849          session->name);
850
851    error = 0;
852
853out:
854    return error;
855}
856
857#endif /* CONFIG_L2TP_V3 */
858
859/* getname() support.
860 */
861static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
862                int *usockaddr_len, int peer)
863{
864    int len = 0;
865    int error = 0;
866    struct l2tp_session *session;
867    struct l2tp_tunnel *tunnel;
868    struct sock *sk = sock->sk;
869    struct inet_sock *inet;
870    struct pppol2tp_session *pls;
871
872    error = -ENOTCONN;
873    if (sk == NULL)
874        goto end;
875    if (sk->sk_state != PPPOX_CONNECTED)
876        goto end;
877
878    error = -EBADF;
879    session = pppol2tp_sock_to_session(sk);
880    if (session == NULL)
881        goto end;
882
883    pls = l2tp_session_priv(session);
884    tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock);
885    if (tunnel == NULL) {
886        error = -EBADF;
887        goto end_put_sess;
888    }
889
890    inet = inet_sk(tunnel->sock);
891    if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) {
892        struct sockaddr_pppol2tp sp;
893        len = sizeof(sp);
894        memset(&sp, 0, len);
895        sp.sa_family = AF_PPPOX;
896        sp.sa_protocol = PX_PROTO_OL2TP;
897        sp.pppol2tp.fd = tunnel->fd;
898        sp.pppol2tp.pid = pls->owner;
899        sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
900        sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
901        sp.pppol2tp.s_session = session->session_id;
902        sp.pppol2tp.d_session = session->peer_session_id;
903        sp.pppol2tp.addr.sin_family = AF_INET;
904        sp.pppol2tp.addr.sin_port = inet->inet_dport;
905        sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
906        memcpy(uaddr, &sp, len);
907#if IS_ENABLED(CONFIG_IPV6)
908    } else if ((tunnel->version == 2) &&
909           (tunnel->sock->sk_family == AF_INET6)) {
910        struct sockaddr_pppol2tpin6 sp;
911
912        len = sizeof(sp);
913        memset(&sp, 0, len);
914        sp.sa_family = AF_PPPOX;
915        sp.sa_protocol = PX_PROTO_OL2TP;
916        sp.pppol2tp.fd = tunnel->fd;
917        sp.pppol2tp.pid = pls->owner;
918        sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
919        sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
920        sp.pppol2tp.s_session = session->session_id;
921        sp.pppol2tp.d_session = session->peer_session_id;
922        sp.pppol2tp.addr.sin6_family = AF_INET6;
923        sp.pppol2tp.addr.sin6_port = inet->inet_dport;
924        memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
925               sizeof(tunnel->sock->sk_v6_daddr));
926        memcpy(uaddr, &sp, len);
927    } else if ((tunnel->version == 3) &&
928           (tunnel->sock->sk_family == AF_INET6)) {
929        struct sockaddr_pppol2tpv3in6 sp;
930
931        len = sizeof(sp);
932        memset(&sp, 0, len);
933        sp.sa_family = AF_PPPOX;
934        sp.sa_protocol = PX_PROTO_OL2TP;
935        sp.pppol2tp.fd = tunnel->fd;
936        sp.pppol2tp.pid = pls->owner;
937        sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
938        sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
939        sp.pppol2tp.s_session = session->session_id;
940        sp.pppol2tp.d_session = session->peer_session_id;
941        sp.pppol2tp.addr.sin6_family = AF_INET6;
942        sp.pppol2tp.addr.sin6_port = inet->inet_dport;
943        memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
944               sizeof(tunnel->sock->sk_v6_daddr));
945        memcpy(uaddr, &sp, len);
946#endif
947    } else if (tunnel->version == 3) {
948        struct sockaddr_pppol2tpv3 sp;
949        len = sizeof(sp);
950        memset(&sp, 0, len);
951        sp.sa_family = AF_PPPOX;
952        sp.sa_protocol = PX_PROTO_OL2TP;
953        sp.pppol2tp.fd = tunnel->fd;
954        sp.pppol2tp.pid = pls->owner;
955        sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
956        sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
957        sp.pppol2tp.s_session = session->session_id;
958        sp.pppol2tp.d_session = session->peer_session_id;
959        sp.pppol2tp.addr.sin_family = AF_INET;
960        sp.pppol2tp.addr.sin_port = inet->inet_dport;
961        sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
962        memcpy(uaddr, &sp, len);
963    }
964
965    *usockaddr_len = len;
966
967    sock_put(pls->tunnel_sock);
968end_put_sess:
969    sock_put(sk);
970    error = 0;
971
972end:
973    return error;
974}
975
976/****************************************************************************
977 * ioctl() handlers.
978 *
979 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
980 * sockets. However, in order to control kernel tunnel features, we allow
981 * userspace to create a special "tunnel" PPPoX socket which is used for
982 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
983 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
984 * calls.
985 ****************************************************************************/
986
987static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
988                struct l2tp_stats *stats)
989{
990    dest->tx_packets = atomic_long_read(&stats->tx_packets);
991    dest->tx_bytes = atomic_long_read(&stats->tx_bytes);
992    dest->tx_errors = atomic_long_read(&stats->tx_errors);
993    dest->rx_packets = atomic_long_read(&stats->rx_packets);
994    dest->rx_bytes = atomic_long_read(&stats->rx_bytes);
995    dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);
996    dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);
997    dest->rx_errors = atomic_long_read(&stats->rx_errors);
998}
999
1000/* Session ioctl helper.
1001 */
1002static int pppol2tp_session_ioctl(struct l2tp_session *session,
1003                  unsigned int cmd, unsigned long arg)
1004{
1005    struct ifreq ifr;
1006    int err = 0;
1007    struct sock *sk;
1008    int val = (int) arg;
1009    struct pppol2tp_session *ps = l2tp_session_priv(session);
1010    struct l2tp_tunnel *tunnel = session->tunnel;
1011    struct pppol2tp_ioc_stats stats;
1012
1013    l2tp_dbg(session, PPPOL2TP_MSG_CONTROL,
1014         "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1015         session->name, cmd, arg);
1016
1017    sk = ps->sock;
1018    sock_hold(sk);
1019
1020    switch (cmd) {
1021    case SIOCGIFMTU:
1022        err = -ENXIO;
1023        if (!(sk->sk_state & PPPOX_CONNECTED))
1024            break;
1025
1026        err = -EFAULT;
1027        if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1028            break;
1029        ifr.ifr_mtu = session->mtu;
1030        if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1031            break;
1032
1033        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mtu=%d\n",
1034              session->name, session->mtu);
1035        err = 0;
1036        break;
1037
1038    case SIOCSIFMTU:
1039        err = -ENXIO;
1040        if (!(sk->sk_state & PPPOX_CONNECTED))
1041            break;
1042
1043        err = -EFAULT;
1044        if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1045            break;
1046
1047        session->mtu = ifr.ifr_mtu;
1048
1049        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mtu=%d\n",
1050              session->name, session->mtu);
1051        err = 0;
1052        break;
1053
1054    case PPPIOCGMRU:
1055        err = -ENXIO;
1056        if (!(sk->sk_state & PPPOX_CONNECTED))
1057            break;
1058
1059        err = -EFAULT;
1060        if (put_user(session->mru, (int __user *) arg))
1061            break;
1062
1063        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mru=%d\n",
1064              session->name, session->mru);
1065        err = 0;
1066        break;
1067
1068    case PPPIOCSMRU:
1069        err = -ENXIO;
1070        if (!(sk->sk_state & PPPOX_CONNECTED))
1071            break;
1072
1073        err = -EFAULT;
1074        if (get_user(val, (int __user *) arg))
1075            break;
1076
1077        session->mru = val;
1078        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mru=%d\n",
1079              session->name, session->mru);
1080        err = 0;
1081        break;
1082
1083    case PPPIOCGFLAGS:
1084        err = -EFAULT;
1085        if (put_user(ps->flags, (int __user *) arg))
1086            break;
1087
1088        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get flags=%d\n",
1089              session->name, ps->flags);
1090        err = 0;
1091        break;
1092
1093    case PPPIOCSFLAGS:
1094        err = -EFAULT;
1095        if (get_user(val, (int __user *) arg))
1096            break;
1097        ps->flags = val;
1098        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set flags=%d\n",
1099              session->name, ps->flags);
1100        err = 0;
1101        break;
1102
1103    case PPPIOCGL2TPSTATS:
1104        err = -ENXIO;
1105        if (!(sk->sk_state & PPPOX_CONNECTED))
1106            break;
1107
1108        memset(&stats, 0, sizeof(stats));
1109        stats.tunnel_id = tunnel->tunnel_id;
1110        stats.session_id = session->session_id;
1111        pppol2tp_copy_stats(&stats, &session->stats);
1112        if (copy_to_user((void __user *) arg, &stats,
1113                 sizeof(stats)))
1114            break;
1115        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1116              session->name);
1117        err = 0;
1118        break;
1119
1120    default:
1121        err = -ENOSYS;
1122        break;
1123    }
1124
1125    sock_put(sk);
1126
1127    return err;
1128}
1129
1130/* Tunnel ioctl helper.
1131 *
1132 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1133 * specifies a session_id, the session ioctl handler is called. This allows an
1134 * application to retrieve session stats via a tunnel socket.
1135 */
1136static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
1137                 unsigned int cmd, unsigned long arg)
1138{
1139    int err = 0;
1140    struct sock *sk;
1141    struct pppol2tp_ioc_stats stats;
1142
1143    l2tp_dbg(tunnel, PPPOL2TP_MSG_CONTROL,
1144         "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
1145         tunnel->name, cmd, arg);
1146
1147    sk = tunnel->sock;
1148    sock_hold(sk);
1149
1150    switch (cmd) {
1151    case PPPIOCGL2TPSTATS:
1152        err = -ENXIO;
1153        if (!(sk->sk_state & PPPOX_CONNECTED))
1154            break;
1155
1156        if (copy_from_user(&stats, (void __user *) arg,
1157                   sizeof(stats))) {
1158            err = -EFAULT;
1159            break;
1160        }
1161        if (stats.session_id != 0) {
1162            /* resend to session ioctl handler */
1163            struct l2tp_session *session =
1164                l2tp_session_find(sock_net(sk), tunnel, stats.session_id);
1165            if (session != NULL)
1166                err = pppol2tp_session_ioctl(session, cmd, arg);
1167            else
1168                err = -EBADR;
1169            break;
1170        }
1171#ifdef CONFIG_XFRM
1172        stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1173#endif
1174        pppol2tp_copy_stats(&stats, &tunnel->stats);
1175        if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) {
1176            err = -EFAULT;
1177            break;
1178        }
1179        l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1180              tunnel->name);
1181        err = 0;
1182        break;
1183
1184    default:
1185        err = -ENOSYS;
1186        break;
1187    }
1188
1189    sock_put(sk);
1190
1191    return err;
1192}
1193
1194/* Main ioctl() handler.
1195 * Dispatch to tunnel or session helpers depending on the socket.
1196 */
1197static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1198              unsigned long arg)
1199{
1200    struct sock *sk = sock->sk;
1201    struct l2tp_session *session;
1202    struct l2tp_tunnel *tunnel;
1203    struct pppol2tp_session *ps;
1204    int err;
1205
1206    if (!sk)
1207        return 0;
1208
1209    err = -EBADF;
1210    if (sock_flag(sk, SOCK_DEAD) != 0)
1211        goto end;
1212
1213    err = -ENOTCONN;
1214    if ((sk->sk_user_data == NULL) ||
1215        (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1216        goto end;
1217
1218    /* Get session context from the socket */
1219    err = -EBADF;
1220    session = pppol2tp_sock_to_session(sk);
1221    if (session == NULL)
1222        goto end;
1223
1224    /* Special case: if session's session_id is zero, treat ioctl as a
1225     * tunnel ioctl
1226     */
1227    ps = l2tp_session_priv(session);
1228    if ((session->session_id == 0) &&
1229        (session->peer_session_id == 0)) {
1230        err = -EBADF;
1231        tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1232        if (tunnel == NULL)
1233            goto end_put_sess;
1234
1235        err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1236        sock_put(ps->tunnel_sock);
1237        goto end_put_sess;
1238    }
1239
1240    err = pppol2tp_session_ioctl(session, cmd, arg);
1241
1242end_put_sess:
1243    sock_put(sk);
1244end:
1245    return err;
1246}
1247
1248/*****************************************************************************
1249 * setsockopt() / getsockopt() support.
1250 *
1251 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1252 * sockets. In order to control kernel tunnel features, we allow userspace to
1253 * create a special "tunnel" PPPoX socket which is used for control only.
1254 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1255 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1256 *****************************************************************************/
1257
1258/* Tunnel setsockopt() helper.
1259 */
1260static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1261                      struct l2tp_tunnel *tunnel,
1262                      int optname, int val)
1263{
1264    int err = 0;
1265
1266    switch (optname) {
1267    case PPPOL2TP_SO_DEBUG:
1268        tunnel->debug = val;
1269        l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
1270              tunnel->name, tunnel->debug);
1271        break;
1272
1273    default:
1274        err = -ENOPROTOOPT;
1275        break;
1276    }
1277
1278    return err;
1279}
1280
1281/* Session setsockopt helper.
1282 */
1283static int pppol2tp_session_setsockopt(struct sock *sk,
1284                       struct l2tp_session *session,
1285                       int optname, int val)
1286{
1287    int err = 0;
1288    struct pppol2tp_session *ps = l2tp_session_priv(session);
1289
1290    switch (optname) {
1291    case PPPOL2TP_SO_RECVSEQ:
1292        if ((val != 0) && (val != 1)) {
1293            err = -EINVAL;
1294            break;
1295        }
1296        session->recv_seq = val ? -1 : 0;
1297        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1298              "%s: set recv_seq=%d\n",
1299              session->name, session->recv_seq);
1300        break;
1301
1302    case PPPOL2TP_SO_SENDSEQ:
1303        if ((val != 0) && (val != 1)) {
1304            err = -EINVAL;
1305            break;
1306        }
1307        session->send_seq = val ? -1 : 0;
1308        {
1309            struct sock *ssk = ps->sock;
1310            struct pppox_sock *po = pppox_sk(ssk);
1311            po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1312                PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1313        }
1314        l2tp_session_set_header_len(session, session->tunnel->version);
1315        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1316              "%s: set send_seq=%d\n",
1317              session->name, session->send_seq);
1318        break;
1319
1320    case PPPOL2TP_SO_LNSMODE:
1321        if ((val != 0) && (val != 1)) {
1322            err = -EINVAL;
1323            break;
1324        }
1325        session->lns_mode = val ? -1 : 0;
1326        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1327              "%s: set lns_mode=%d\n",
1328              session->name, session->lns_mode);
1329        break;
1330
1331    case PPPOL2TP_SO_DEBUG:
1332        session->debug = val;
1333        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
1334              session->name, session->debug);
1335        break;
1336
1337    case PPPOL2TP_SO_REORDERTO:
1338        session->reorder_timeout = msecs_to_jiffies(val);
1339        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1340              "%s: set reorder_timeout=%d\n",
1341              session->name, session->reorder_timeout);
1342        break;
1343
1344    default:
1345        err = -ENOPROTOOPT;
1346        break;
1347    }
1348
1349    return err;
1350}
1351
1352/* Main setsockopt() entry point.
1353 * Does API checks, then calls either the tunnel or session setsockopt
1354 * handler, according to whether the PPPoL2TP socket is a for a regular
1355 * session or the special tunnel type.
1356 */
1357static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1358                   char __user *optval, unsigned int optlen)
1359{
1360    struct sock *sk = sock->sk;
1361    struct l2tp_session *session;
1362    struct l2tp_tunnel *tunnel;
1363    struct pppol2tp_session *ps;
1364    int val;
1365    int err;
1366
1367    if (level != SOL_PPPOL2TP)
1368        return udp_prot.setsockopt(sk, level, optname, optval, optlen);
1369
1370    if (optlen < sizeof(int))
1371        return -EINVAL;
1372
1373    if (get_user(val, (int __user *)optval))
1374        return -EFAULT;
1375
1376    err = -ENOTCONN;
1377    if (sk->sk_user_data == NULL)
1378        goto end;
1379
1380    /* Get session context from the socket */
1381    err = -EBADF;
1382    session = pppol2tp_sock_to_session(sk);
1383    if (session == NULL)
1384        goto end;
1385
1386    /* Special case: if session_id == 0x0000, treat as operation on tunnel
1387     */
1388    ps = l2tp_session_priv(session);
1389    if ((session->session_id == 0) &&
1390        (session->peer_session_id == 0)) {
1391        err = -EBADF;
1392        tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1393        if (tunnel == NULL)
1394            goto end_put_sess;
1395
1396        err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1397        sock_put(ps->tunnel_sock);
1398    } else
1399        err = pppol2tp_session_setsockopt(sk, session, optname, val);
1400
1401    err = 0;
1402
1403end_put_sess:
1404    sock_put(sk);
1405end:
1406    return err;
1407}
1408
1409/* Tunnel getsockopt helper. Called with sock locked.
1410 */
1411static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1412                      struct l2tp_tunnel *tunnel,
1413                      int optname, int *val)
1414{
1415    int err = 0;
1416
1417    switch (optname) {
1418    case PPPOL2TP_SO_DEBUG:
1419        *val = tunnel->debug;
1420        l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get debug=%x\n",
1421              tunnel->name, tunnel->debug);
1422        break;
1423
1424    default:
1425        err = -ENOPROTOOPT;
1426        break;
1427    }
1428
1429    return err;
1430}
1431
1432/* Session getsockopt helper. Called with sock locked.
1433 */
1434static int pppol2tp_session_getsockopt(struct sock *sk,
1435                       struct l2tp_session *session,
1436                       int optname, int *val)
1437{
1438    int err = 0;
1439
1440    switch (optname) {
1441    case PPPOL2TP_SO_RECVSEQ:
1442        *val = session->recv_seq;
1443        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1444              "%s: get recv_seq=%d\n", session->name, *val);
1445        break;
1446
1447    case PPPOL2TP_SO_SENDSEQ:
1448        *val = session->send_seq;
1449        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1450              "%s: get send_seq=%d\n", session->name, *val);
1451        break;
1452
1453    case PPPOL2TP_SO_LNSMODE:
1454        *val = session->lns_mode;
1455        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1456              "%s: get lns_mode=%d\n", session->name, *val);
1457        break;
1458
1459    case PPPOL2TP_SO_DEBUG:
1460        *val = session->debug;
1461        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get debug=%d\n",
1462              session->name, *val);
1463        break;
1464
1465    case PPPOL2TP_SO_REORDERTO:
1466        *val = (int) jiffies_to_msecs(session->reorder_timeout);
1467        l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1468              "%s: get reorder_timeout=%d\n", session->name, *val);
1469        break;
1470
1471    default:
1472        err = -ENOPROTOOPT;
1473    }
1474
1475    return err;
1476}
1477
1478/* Main getsockopt() entry point.
1479 * Does API checks, then calls either the tunnel or session getsockopt
1480 * handler, according to whether the PPPoX socket is a for a regular session
1481 * or the special tunnel type.
1482 */
1483static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1484                   char __user *optval, int __user *optlen)
1485{
1486    struct sock *sk = sock->sk;
1487    struct l2tp_session *session;
1488    struct l2tp_tunnel *tunnel;
1489    int val, len;
1490    int err;
1491    struct pppol2tp_session *ps;
1492
1493    if (level != SOL_PPPOL2TP)
1494        return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1495
1496    if (get_user(len, optlen))
1497        return -EFAULT;
1498
1499    len = min_t(unsigned int, len, sizeof(int));
1500
1501    if (len < 0)
1502        return -EINVAL;
1503
1504    err = -ENOTCONN;
1505    if (sk->sk_user_data == NULL)
1506        goto end;
1507
1508    /* Get the session context */
1509    err = -EBADF;
1510    session = pppol2tp_sock_to_session(sk);
1511    if (session == NULL)
1512        goto end;
1513
1514    /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1515    ps = l2tp_session_priv(session);
1516    if ((session->session_id == 0) &&
1517        (session->peer_session_id == 0)) {
1518        err = -EBADF;
1519        tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1520        if (tunnel == NULL)
1521            goto end_put_sess;
1522
1523        err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1524        sock_put(ps->tunnel_sock);
1525    } else
1526        err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1527
1528    err = -EFAULT;
1529    if (put_user(len, optlen))
1530        goto end_put_sess;
1531
1532    if (copy_to_user((void __user *) optval, &val, len))
1533        goto end_put_sess;
1534
1535    err = 0;
1536
1537end_put_sess:
1538    sock_put(sk);
1539end:
1540    return err;
1541}
1542
1543/*****************************************************************************
1544 * /proc filesystem for debug
1545 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1546 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1547 *****************************************************************************/
1548
1549static unsigned int pppol2tp_net_id;
1550
1551#ifdef CONFIG_PROC_FS
1552
1553struct pppol2tp_seq_data {
1554    struct seq_net_private p;
1555    int tunnel_idx; /* current tunnel */
1556    int session_idx; /* index of session within current tunnel */
1557    struct l2tp_tunnel *tunnel;
1558    struct l2tp_session *session; /* NULL means get next tunnel */
1559};
1560
1561static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1562{
1563    for (;;) {
1564        pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx);
1565        pd->tunnel_idx++;
1566
1567        if (pd->tunnel == NULL)
1568            break;
1569
1570        /* Ignore L2TPv3 tunnels */
1571        if (pd->tunnel->version < 3)
1572            break;
1573    }
1574}
1575
1576static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1577{
1578    pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
1579    pd->session_idx++;
1580
1581    if (pd->session == NULL) {
1582        pd->session_idx = 0;
1583        pppol2tp_next_tunnel(net, pd);
1584    }
1585}
1586
1587static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1588{
1589    struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1590    loff_t pos = *offs;
1591    struct net *net;
1592
1593    if (!pos)
1594        goto out;
1595
1596    BUG_ON(m->private == NULL);
1597    pd = m->private;
1598    net = seq_file_net(m);
1599
1600    if (pd->tunnel == NULL)
1601        pppol2tp_next_tunnel(net, pd);
1602    else
1603        pppol2tp_next_session(net, pd);
1604
1605    /* NULL tunnel and session indicates end of list */
1606    if ((pd->tunnel == NULL) && (pd->session == NULL))
1607        pd = NULL;
1608
1609out:
1610    return pd;
1611}
1612
1613static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1614{
1615    (*pos)++;
1616    return NULL;
1617}
1618
1619static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1620{
1621    /* nothing to do */
1622}
1623
1624static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1625{
1626    struct l2tp_tunnel *tunnel = v;
1627
1628    seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1629           tunnel->name,
1630           (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1631           atomic_read(&tunnel->ref_count) - 1);
1632    seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",
1633           tunnel->debug,
1634           atomic_long_read(&tunnel->stats.tx_packets),
1635           atomic_long_read(&tunnel->stats.tx_bytes),
1636           atomic_long_read(&tunnel->stats.tx_errors),
1637           atomic_long_read(&tunnel->stats.rx_packets),
1638           atomic_long_read(&tunnel->stats.rx_bytes),
1639           atomic_long_read(&tunnel->stats.rx_errors));
1640}
1641
1642static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1643{
1644    struct l2tp_session *session = v;
1645    struct l2tp_tunnel *tunnel = session->tunnel;
1646    struct pppol2tp_session *ps = l2tp_session_priv(session);
1647    struct pppox_sock *po = pppox_sk(ps->sock);
1648    u32 ip = 0;
1649    u16 port = 0;
1650
1651    if (tunnel->sock) {
1652        struct inet_sock *inet = inet_sk(tunnel->sock);
1653        ip = ntohl(inet->inet_saddr);
1654        port = ntohs(inet->inet_sport);
1655    }
1656
1657    seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
1658           "%04X/%04X %d %c\n",
1659           session->name, ip, port,
1660           tunnel->tunnel_id,
1661           session->session_id,
1662           tunnel->peer_tunnel_id,
1663           session->peer_session_id,
1664           ps->sock->sk_state,
1665           (session == ps->sock->sk_user_data) ?
1666           'Y' : 'N');
1667    seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
1668           session->mtu, session->mru,
1669           session->recv_seq ? 'R' : '-',
1670           session->send_seq ? 'S' : '-',
1671           session->lns_mode ? "LNS" : "LAC",
1672           session->debug,
1673           jiffies_to_msecs(session->reorder_timeout));
1674    seq_printf(m, " %hu/%hu %ld/%ld/%ld %ld/%ld/%ld\n",
1675           session->nr, session->ns,
1676           atomic_long_read(&session->stats.tx_packets),
1677           atomic_long_read(&session->stats.tx_bytes),
1678           atomic_long_read(&session->stats.tx_errors),
1679           atomic_long_read(&session->stats.rx_packets),
1680           atomic_long_read(&session->stats.rx_bytes),
1681           atomic_long_read(&session->stats.rx_errors));
1682
1683    if (po)
1684        seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
1685}
1686
1687static int pppol2tp_seq_show(struct seq_file *m, void *v)
1688{
1689    struct pppol2tp_seq_data *pd = v;
1690
1691    /* display header on line 1 */
1692    if (v == SEQ_START_TOKEN) {
1693        seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1694        seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1695        seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1696        seq_puts(m, " SESSION name, addr/port src-tid/sid "
1697             "dest-tid/sid state user-data-ok\n");
1698        seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1699        seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1700        goto out;
1701    }
1702
1703    /* Show the tunnel or session context.
1704     */
1705    if (pd->session == NULL)
1706        pppol2tp_seq_tunnel_show(m, pd->tunnel);
1707    else
1708        pppol2tp_seq_session_show(m, pd->session);
1709
1710out:
1711    return 0;
1712}
1713
1714static const struct seq_operations pppol2tp_seq_ops = {
1715    .start = pppol2tp_seq_start,
1716    .next = pppol2tp_seq_next,
1717    .stop = pppol2tp_seq_stop,
1718    .show = pppol2tp_seq_show,
1719};
1720
1721/* Called when our /proc file is opened. We allocate data for use when
1722 * iterating our tunnel / session contexts and store it in the private
1723 * data of the seq_file.
1724 */
1725static int pppol2tp_proc_open(struct inode *inode, struct file *file)
1726{
1727    return seq_open_net(inode, file, &pppol2tp_seq_ops,
1728                sizeof(struct pppol2tp_seq_data));
1729}
1730
1731static const struct file_operations pppol2tp_proc_fops = {
1732    .owner = THIS_MODULE,
1733    .open = pppol2tp_proc_open,
1734    .read = seq_read,
1735    .llseek = seq_lseek,
1736    .release = seq_release_net,
1737};
1738
1739#endif /* CONFIG_PROC_FS */
1740
1741/*****************************************************************************
1742 * Network namespace
1743 *****************************************************************************/
1744
1745static __net_init int pppol2tp_init_net(struct net *net)
1746{
1747    struct proc_dir_entry *pde;
1748    int err = 0;
1749
1750    pde = proc_create("pppol2tp", S_IRUGO, net->proc_net,
1751              &pppol2tp_proc_fops);
1752    if (!pde) {
1753        err = -ENOMEM;
1754        goto out;
1755    }
1756
1757out:
1758    return err;
1759}
1760
1761static __net_exit void pppol2tp_exit_net(struct net *net)
1762{
1763    remove_proc_entry("pppol2tp", net->proc_net);
1764}
1765
1766static struct pernet_operations pppol2tp_net_ops = {
1767    .init = pppol2tp_init_net,
1768    .exit = pppol2tp_exit_net,
1769    .id = &pppol2tp_net_id,
1770};
1771
1772/*****************************************************************************
1773 * Init and cleanup
1774 *****************************************************************************/
1775
1776static const struct proto_ops pppol2tp_ops = {
1777    .family = AF_PPPOX,
1778    .owner = THIS_MODULE,
1779    .release = pppol2tp_release,
1780    .bind = sock_no_bind,
1781    .connect = pppol2tp_connect,
1782    .socketpair = sock_no_socketpair,
1783    .accept = sock_no_accept,
1784    .getname = pppol2tp_getname,
1785    .poll = datagram_poll,
1786    .listen = sock_no_listen,
1787    .shutdown = sock_no_shutdown,
1788    .setsockopt = pppol2tp_setsockopt,
1789    .getsockopt = pppol2tp_getsockopt,
1790    .sendmsg = pppol2tp_sendmsg,
1791    .recvmsg = pppol2tp_recvmsg,
1792    .mmap = sock_no_mmap,
1793    .ioctl = pppox_ioctl,
1794};
1795
1796static const struct pppox_proto pppol2tp_proto = {
1797    .create = pppol2tp_create,
1798    .ioctl = pppol2tp_ioctl,
1799    .owner = THIS_MODULE,
1800};
1801
1802#ifdef CONFIG_L2TP_V3
1803
1804static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1805    .session_create = pppol2tp_session_create,
1806    .session_delete = l2tp_session_delete,
1807};
1808
1809#endif /* CONFIG_L2TP_V3 */
1810
1811static int __init pppol2tp_init(void)
1812{
1813    int err;
1814
1815    err = register_pernet_device(&pppol2tp_net_ops);
1816    if (err)
1817        goto out;
1818
1819    err = proto_register(&pppol2tp_sk_proto, 0);
1820    if (err)
1821        goto out_unregister_pppol2tp_pernet;
1822
1823    err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1824    if (err)
1825        goto out_unregister_pppol2tp_proto;
1826
1827#ifdef CONFIG_L2TP_V3
1828    err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1829    if (err)
1830        goto out_unregister_pppox;
1831#endif
1832
1833    pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
1834
1835out:
1836    return err;
1837
1838#ifdef CONFIG_L2TP_V3
1839out_unregister_pppox:
1840    unregister_pppox_proto(PX_PROTO_OL2TP);
1841#endif
1842out_unregister_pppol2tp_proto:
1843    proto_unregister(&pppol2tp_sk_proto);
1844out_unregister_pppol2tp_pernet:
1845    unregister_pernet_device(&pppol2tp_net_ops);
1846    goto out;
1847}
1848
1849static void __exit pppol2tp_exit(void)
1850{
1851#ifdef CONFIG_L2TP_V3
1852    l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1853#endif
1854    unregister_pppox_proto(PX_PROTO_OL2TP);
1855    proto_unregister(&pppol2tp_sk_proto);
1856    unregister_pernet_device(&pppol2tp_net_ops);
1857}
1858
1859module_init(pppol2tp_init);
1860module_exit(pppol2tp_exit);
1861
1862MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1863MODULE_DESCRIPTION("PPP over L2TP over UDP");
1864MODULE_LICENSE("GPL");
1865MODULE_VERSION(PPPOL2TP_DRV_VERSION);
1866MODULE_ALIAS("pppox-proto-" __stringify(PX_PROTO_OL2TP));
1867

Archive Download this file



interactive