linux/net/l2tp/l2tp_core.c
<<
>>
Prefs
   1/*
   2 * L2TP core.
   3 *
   4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
   5 *
   6 * This file contains some code of the original L2TPv2 pppol2tp
   7 * driver, which has the following copyright:
   8 *
   9 * Authors:     Martijn van Oosterhout <kleptog@svana.org>
  10 *              James Chapman (jchapman@katalix.com)
  11 * Contributors:
  12 *              Michal Ostrowski <mostrows@speakeasy.net>
  13 *              Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
  14 *              David S. Miller (davem@redhat.com)
  15 *
  16 * This program is free software; you can redistribute it and/or modify
  17 * it under the terms of the GNU General Public License version 2 as
  18 * published by the Free Software Foundation.
  19 */
  20
  21#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  22
  23#include <linux/module.h>
  24#include <linux/string.h>
  25#include <linux/list.h>
  26#include <linux/rculist.h>
  27#include <linux/uaccess.h>
  28
  29#include <linux/kernel.h>
  30#include <linux/spinlock.h>
  31#include <linux/kthread.h>
  32#include <linux/sched.h>
  33#include <linux/slab.h>
  34#include <linux/errno.h>
  35#include <linux/jiffies.h>
  36
  37#include <linux/netdevice.h>
  38#include <linux/net.h>
  39#include <linux/inetdevice.h>
  40#include <linux/skbuff.h>
  41#include <linux/init.h>
  42#include <linux/in.h>
  43#include <linux/ip.h>
  44#include <linux/udp.h>
  45#include <linux/l2tp.h>
  46#include <linux/hash.h>
  47#include <linux/sort.h>
  48#include <linux/file.h>
  49#include <linux/nsproxy.h>
  50#include <net/net_namespace.h>
  51#include <net/netns/generic.h>
  52#include <net/dst.h>
  53#include <net/ip.h>
  54#include <net/udp.h>
  55#include <net/inet_common.h>
  56#include <net/xfrm.h>
  57#include <net/protocol.h>
  58#include <net/inet6_connection_sock.h>
  59#include <net/inet_ecn.h>
  60#include <net/ip6_route.h>
  61#include <net/ip6_checksum.h>
  62
  63#include <asm/byteorder.h>
  64#include <linux/atomic.h>
  65
  66#include "l2tp_core.h"
  67
  68#define L2TP_DRV_VERSION        "V2.0"
  69
  70/* L2TP header constants */
  71#define L2TP_HDRFLAG_T     0x8000
  72#define L2TP_HDRFLAG_L     0x4000
  73#define L2TP_HDRFLAG_S     0x0800
  74#define L2TP_HDRFLAG_O     0x0200
  75#define L2TP_HDRFLAG_P     0x0100
  76
  77#define L2TP_HDR_VER_MASK  0x000F
  78#define L2TP_HDR_VER_2     0x0002
  79#define L2TP_HDR_VER_3     0x0003
  80
  81/* L2TPv3 default L2-specific sublayer */
  82#define L2TP_SLFLAG_S      0x40000000
  83#define L2TP_SL_SEQ_MASK   0x00ffffff
  84
  85#define L2TP_HDR_SIZE_SEQ               10
  86#define L2TP_HDR_SIZE_NOSEQ             6
  87
  88/* Default trace flags */
  89#define L2TP_DEFAULT_DEBUG_FLAGS        0
  90
  91/* Private data stored for received packets in the skb.
  92 */
  93struct l2tp_skb_cb {
  94        u32                     ns;
  95        u16                     has_seq;
  96        u16                     length;
  97        unsigned long           expires;
  98};
  99
 100#define L2TP_SKB_CB(skb)        ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
 101
 102static atomic_t l2tp_tunnel_count;
 103static atomic_t l2tp_session_count;
 104
 105/* per-net private data for this module */
 106static unsigned int l2tp_net_id;
 107struct l2tp_net {
 108        struct list_head l2tp_tunnel_list;
 109        spinlock_t l2tp_tunnel_list_lock;
 110        struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
 111        spinlock_t l2tp_session_hlist_lock;
 112};
 113
 114static void l2tp_session_set_header_len(struct l2tp_session *session, int version);
 115static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel);
 116static void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel);
 117
 118static inline struct l2tp_net *l2tp_pernet(struct net *net)
 119{
 120        BUG_ON(!net);
 121
 122        return net_generic(net, l2tp_net_id);
 123}
 124
 125
 126/* Tunnel reference counts. Incremented per session that is added to
 127 * the tunnel.
 128 */
 129static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel)
 130{
 131        atomic_inc(&tunnel->ref_count);
 132}
 133
 134static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel)
 135{
 136        if (atomic_dec_and_test(&tunnel->ref_count))
 137                l2tp_tunnel_free(tunnel);
 138}
 139#ifdef L2TP_REFCNT_DEBUG
 140#define l2tp_tunnel_inc_refcount(_t)                                    \
 141do {                                                                    \
 142        pr_debug("l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n",        \
 143                 __func__, __LINE__, (_t)->name,                        \
 144                 atomic_read(&_t->ref_count));                          \
 145        l2tp_tunnel_inc_refcount_1(_t);                                 \
 146} while (0)
 147#define l2tp_tunnel_dec_refcount(_t)
 148do {                                                                    \
 149        pr_debug("l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n",        \
 150                 __func__, __LINE__, (_t)->name,                        \
 151                 atomic_read(&_t->ref_count));                          \
 152        l2tp_tunnel_dec_refcount_1(_t);                                 \
 153} while (0)
 154#else
 155#define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t)
 156#define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t)
 157#endif
 158
 159/* Session hash global list for L2TPv3.
 160 * The session_id SHOULD be random according to RFC3931, but several
 161 * L2TP implementations use incrementing session_ids.  So we do a real
 162 * hash on the session_id, rather than a simple bitmask.
 163 */
 164static inline struct hlist_head *
 165l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
 166{
 167        return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
 168
 169}
 170
 171/* Lookup a session by id in the global session list
 172 */
 173static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
 174{
 175        struct l2tp_net *pn = l2tp_pernet(net);
 176        struct hlist_head *session_list =
 177                l2tp_session_id_hash_2(pn, session_id);
 178        struct l2tp_session *session;
 179        struct hlist_node *walk;
 180
 181        rcu_read_lock_bh();
 182        hlist_for_each_entry_rcu(session, walk, session_list, global_hlist) {
 183                if (session->session_id == session_id) {
 184                        rcu_read_unlock_bh();
 185                        return session;
 186                }
 187        }
 188        rcu_read_unlock_bh();
 189
 190        return NULL;
 191}
 192
 193/* Session hash list.
 194 * The session_id SHOULD be random according to RFC2661, but several
 195 * L2TP implementations (Cisco and Microsoft) use incrementing
 196 * session_ids.  So we do a real hash on the session_id, rather than a
 197 * simple bitmask.
 198 */
 199static inline struct hlist_head *
 200l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
 201{
 202        return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
 203}
 204
 205/* Lookup a session by id
 206 */
 207struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id)
 208{
 209        struct hlist_head *session_list;
 210        struct l2tp_session *session;
 211        struct hlist_node *walk;
 212
 213        /* In L2TPv3, session_ids are unique over all tunnels and we
 214         * sometimes need to look them up before we know the
 215         * tunnel.
 216         */
 217        if (tunnel == NULL)
 218                return l2tp_session_find_2(net, session_id);
 219
 220        session_list = l2tp_session_id_hash(tunnel, session_id);
 221        read_lock_bh(&tunnel->hlist_lock);
 222        hlist_for_each_entry(session, walk, session_list, hlist) {
 223                if (session->session_id == session_id) {
 224                        read_unlock_bh(&tunnel->hlist_lock);
 225                        return session;
 226                }
 227        }
 228        read_unlock_bh(&tunnel->hlist_lock);
 229
 230        return NULL;
 231}
 232EXPORT_SYMBOL_GPL(l2tp_session_find);
 233
 234struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth)
 235{
 236        int hash;
 237        struct hlist_node *walk;
 238        struct l2tp_session *session;
 239        int count = 0;
 240
 241        read_lock_bh(&tunnel->hlist_lock);
 242        for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
 243                hlist_for_each_entry(session, walk, &tunnel->session_hlist[hash], hlist) {
 244                        if (++count > nth) {
 245                                read_unlock_bh(&tunnel->hlist_lock);
 246                                return session;
 247                        }
 248                }
 249        }
 250
 251        read_unlock_bh(&tunnel->hlist_lock);
 252
 253        return NULL;
 254}
 255EXPORT_SYMBOL_GPL(l2tp_session_find_nth);
 256
 257/* Lookup a session by interface name.
 258 * This is very inefficient but is only used by management interfaces.
 259 */
 260struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname)
 261{
 262        struct l2tp_net *pn = l2tp_pernet(net);
 263        int hash;
 264        struct hlist_node *walk;
 265        struct l2tp_session *session;
 266
 267        rcu_read_lock_bh();
 268        for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
 269                hlist_for_each_entry_rcu(session, walk, &pn->l2tp_session_hlist[hash], global_hlist) {
 270                        if (!strcmp(session->ifname, ifname)) {
 271                                rcu_read_unlock_bh();
 272                                return session;
 273                        }
 274                }
 275        }
 276
 277        rcu_read_unlock_bh();
 278
 279        return NULL;
 280}
 281EXPORT_SYMBOL_GPL(l2tp_session_find_by_ifname);
 282
 283/* Lookup a tunnel by id
 284 */
 285struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id)
 286{
 287        struct l2tp_tunnel *tunnel;
 288        struct l2tp_net *pn = l2tp_pernet(net);
 289
 290        rcu_read_lock_bh();
 291        list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
 292                if (tunnel->tunnel_id == tunnel_id) {
 293                        rcu_read_unlock_bh();
 294                        return tunnel;
 295                }
 296        }
 297        rcu_read_unlock_bh();
 298
 299        return NULL;
 300}
 301EXPORT_SYMBOL_GPL(l2tp_tunnel_find);
 302
 303struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth)
 304{
 305        struct l2tp_net *pn = l2tp_pernet(net);
 306        struct l2tp_tunnel *tunnel;
 307        int count = 0;
 308
 309        rcu_read_lock_bh();
 310        list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
 311                if (++count > nth) {
 312                        rcu_read_unlock_bh();
 313                        return tunnel;
 314                }
 315        }
 316
 317        rcu_read_unlock_bh();
 318
 319        return NULL;
 320}
 321EXPORT_SYMBOL_GPL(l2tp_tunnel_find_nth);
 322
 323/*****************************************************************************
 324 * Receive data handling
 325 *****************************************************************************/
 326
 327/* Queue a skb in order. We come here only if the skb has an L2TP sequence
 328 * number.
 329 */
 330static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
 331{
 332        struct sk_buff *skbp;
 333        struct sk_buff *tmp;
 334        u32 ns = L2TP_SKB_CB(skb)->ns;
 335        struct l2tp_stats *sstats;
 336
 337        spin_lock_bh(&session->reorder_q.lock);
 338        sstats = &session->stats;
 339        skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
 340                if (L2TP_SKB_CB(skbp)->ns > ns) {
 341                        __skb_queue_before(&session->reorder_q, skbp, skb);
 342                        l2tp_dbg(session, L2TP_MSG_SEQ,
 343                                 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
 344                                 session->name, ns, L2TP_SKB_CB(skbp)->ns,
 345                                 skb_queue_len(&session->reorder_q));
 346                        u64_stats_update_begin(&sstats->syncp);
 347                        sstats->rx_oos_packets++;
 348                        u64_stats_update_end(&sstats->syncp);
 349                        goto out;
 350                }
 351        }
 352
 353        __skb_queue_tail(&session->reorder_q, skb);
 354
 355out:
 356        spin_unlock_bh(&session->reorder_q.lock);
 357}
 358
 359/* Dequeue a single skb.
 360 */
 361static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
 362{
 363        struct l2tp_tunnel *tunnel = session->tunnel;
 364        int length = L2TP_SKB_CB(skb)->length;
 365        struct l2tp_stats *tstats, *sstats;
 366
 367        /* We're about to requeue the skb, so return resources
 368         * to its current owner (a socket receive buffer).
 369         */
 370        skb_orphan(skb);
 371
 372        tstats = &tunnel->stats;
 373        u64_stats_update_begin(&tstats->syncp);
 374        sstats = &session->stats;
 375        u64_stats_update_begin(&sstats->syncp);
 376        tstats->rx_packets++;
 377        tstats->rx_bytes += length;
 378        sstats->rx_packets++;
 379        sstats->rx_bytes += length;
 380        u64_stats_update_end(&tstats->syncp);
 381        u64_stats_update_end(&sstats->syncp);
 382
 383        if (L2TP_SKB_CB(skb)->has_seq) {
 384                /* Bump our Nr */
 385                session->nr++;
 386                if (tunnel->version == L2TP_HDR_VER_2)
 387                        session->nr &= 0xffff;
 388                else
 389                        session->nr &= 0xffffff;
 390
 391                l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated nr to %hu\n",
 392                         session->name, session->nr);
 393        }
 394
 395        /* call private receive handler */
 396        if (session->recv_skb != NULL)
 397                (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
 398        else
 399                kfree_skb(skb);
 400
 401        if (session->deref)
 402                (*session->deref)(session);
 403}
 404
 405/* Dequeue skbs from the session's reorder_q, subject to packet order.
 406 * Skbs that have been in the queue for too long are simply discarded.
 407 */
 408static void l2tp_recv_dequeue(struct l2tp_session *session)
 409{
 410        struct sk_buff *skb;
 411        struct sk_buff *tmp;
 412        struct l2tp_stats *sstats;
 413
 414        /* If the pkt at the head of the queue has the nr that we
 415         * expect to send up next, dequeue it and any other
 416         * in-sequence packets behind it.
 417         */
 418start:
 419        spin_lock_bh(&session->reorder_q.lock);
 420        sstats = &session->stats;
 421        skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
 422                if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
 423                        u64_stats_update_begin(&sstats->syncp);
 424                        sstats->rx_seq_discards++;
 425                        sstats->rx_errors++;
 426                        u64_stats_update_end(&sstats->syncp);
 427                        l2tp_dbg(session, L2TP_MSG_SEQ,
 428                                 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n",
 429                                 session->name, L2TP_SKB_CB(skb)->ns,
 430                                 L2TP_SKB_CB(skb)->length, session->nr,
 431                                 skb_queue_len(&session->reorder_q));
 432                        session->reorder_skip = 1;
 433                        __skb_unlink(skb, &session->reorder_q);
 434                        kfree_skb(skb);
 435                        if (session->deref)
 436                                (*session->deref)(session);
 437                        continue;
 438                }
 439
 440                if (L2TP_SKB_CB(skb)->has_seq) {
 441                        if (session->reorder_skip) {
 442                                l2tp_dbg(session, L2TP_MSG_SEQ,
 443                                         "%s: advancing nr to next pkt: %u -> %u",
 444                                         session->name, session->nr,
 445                                         L2TP_SKB_CB(skb)->ns);
 446                                session->reorder_skip = 0;
 447                                session->nr = L2TP_SKB_CB(skb)->ns;
 448                        }
 449                        if (L2TP_SKB_CB(skb)->ns != session->nr) {
 450                                l2tp_dbg(session, L2TP_MSG_SEQ,
 451                                         "%s: holding oos pkt %u len %d, waiting for %u, reorder_q_len=%d\n",
 452                                         session->name, L2TP_SKB_CB(skb)->ns,
 453                                         L2TP_SKB_CB(skb)->length, session->nr,
 454                                         skb_queue_len(&session->reorder_q));
 455                                goto out;
 456                        }
 457                }
 458                __skb_unlink(skb, &session->reorder_q);
 459
 460                /* Process the skb. We release the queue lock while we
 461                 * do so to let other contexts process the queue.
 462                 */
 463                spin_unlock_bh(&session->reorder_q.lock);
 464                l2tp_recv_dequeue_skb(session, skb);
 465                goto start;
 466        }
 467
 468out:
 469        spin_unlock_bh(&session->reorder_q.lock);
 470}
 471
 472static inline int l2tp_verify_udp_checksum(struct sock *sk,
 473                                           struct sk_buff *skb)
 474{
 475        struct udphdr *uh = udp_hdr(skb);
 476        u16 ulen = ntohs(uh->len);
 477        __wsum psum;
 478
 479        if (sk->sk_no_check || skb_csum_unnecessary(skb))
 480                return 0;
 481
 482#if IS_ENABLED(CONFIG_IPV6)
 483        if (sk->sk_family == PF_INET6) {
 484                if (!uh->check) {
 485                        LIMIT_NETDEBUG(KERN_INFO "L2TP: IPv6: checksum is 0\n");
 486                        return 1;
 487                }
 488                if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
 489                    !csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
 490                                     &ipv6_hdr(skb)->daddr, ulen,
 491                                     IPPROTO_UDP, skb->csum)) {
 492                        skb->ip_summed = CHECKSUM_UNNECESSARY;
 493                        return 0;
 494                }
 495                skb->csum = ~csum_unfold(csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
 496                                                         &ipv6_hdr(skb)->daddr,
 497                                                         skb->len, IPPROTO_UDP,
 498                                                         0));
 499        } else
 500#endif
 501        {
 502                struct inet_sock *inet;
 503                if (!uh->check)
 504                        return 0;
 505                inet = inet_sk(sk);
 506                psum = csum_tcpudp_nofold(inet->inet_saddr, inet->inet_daddr,
 507                                          ulen, IPPROTO_UDP, 0);
 508
 509                if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
 510                    !csum_fold(csum_add(psum, skb->csum)))
 511                        return 0;
 512                skb->csum = psum;
 513        }
 514
 515        return __skb_checksum_complete(skb);
 516}
 517
 518/* Do receive processing of L2TP data frames. We handle both L2TPv2
 519 * and L2TPv3 data frames here.
 520 *
 521 * L2TPv2 Data Message Header
 522 *
 523 *  0                   1                   2                   3
 524 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 525 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 526 * |T|L|x|x|S|x|O|P|x|x|x|x|  Ver  |          Length (opt)         |
 527 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 528 * |           Tunnel ID           |           Session ID          |
 529 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 530 * |             Ns (opt)          |             Nr (opt)          |
 531 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 532 * |      Offset Size (opt)        |    Offset pad... (opt)
 533 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 534 *
 535 * Data frames are marked by T=0. All other fields are the same as
 536 * those in L2TP control frames.
 537 *
 538 * L2TPv3 Data Message Header
 539 *
 540 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 541 * |                      L2TP Session Header                      |
 542 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 543 * |                      L2-Specific Sublayer                     |
 544 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 545 * |                        Tunnel Payload                      ...
 546 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 547 *
 548 * L2TPv3 Session Header Over IP
 549 *
 550 *  0                   1                   2                   3
 551 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 552 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 553 * |                           Session ID                          |
 554 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 555 * |               Cookie (optional, maximum 64 bits)...
 556 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 557 *                                                                 |
 558 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 559 *
 560 * L2TPv3 L2-Specific Sublayer Format
 561 *
 562 *  0                   1                   2                   3
 563 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 564 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 565 * |x|S|x|x|x|x|x|x|              Sequence Number                  |
 566 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 567 *
 568 * Cookie value, sublayer format and offset (pad) are negotiated with
 569 * the peer when the session is set up. Unlike L2TPv2, we do not need
 570 * to parse the packet header to determine if optional fields are
 571 * present.
 572 *
 573 * Caller must already have parsed the frame and determined that it is
 574 * a data (not control) frame before coming here. Fields up to the
 575 * session-id have already been parsed and ptr points to the data
 576 * after the session-id.
 577 */
 578void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
 579                      unsigned char *ptr, unsigned char *optr, u16 hdrflags,
 580                      int length, int (*payload_hook)(struct sk_buff *skb))
 581{
 582        struct l2tp_tunnel *tunnel = session->tunnel;
 583        int offset;
 584        u32 ns, nr;
 585        struct l2tp_stats *sstats = &session->stats;
 586
 587        /* The ref count is increased since we now hold a pointer to
 588         * the session. Take care to decrement the refcnt when exiting
 589         * this function from now on...
 590         */
 591        l2tp_session_inc_refcount(session);
 592        if (session->ref)
 593                (*session->ref)(session);
 594
 595        /* Parse and check optional cookie */
 596        if (session->peer_cookie_len > 0) {
 597                if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
 598                        l2tp_info(tunnel, L2TP_MSG_DATA,
 599                                  "%s: cookie mismatch (%u/%u). Discarding.\n",
 600                                  tunnel->name, tunnel->tunnel_id,
 601                                  session->session_id);
 602                        u64_stats_update_begin(&sstats->syncp);
 603                        sstats->rx_cookie_discards++;
 604                        u64_stats_update_end(&sstats->syncp);
 605                        goto discard;
 606                }
 607                ptr += session->peer_cookie_len;
 608        }
 609
 610        /* Handle the optional sequence numbers. Sequence numbers are
 611         * in different places for L2TPv2 and L2TPv3.
 612         *
 613         * If we are the LAC, enable/disable sequence numbers under
 614         * the control of the LNS.  If no sequence numbers present but
 615         * we were expecting them, discard frame.
 616         */
 617        ns = nr = 0;
 618        L2TP_SKB_CB(skb)->has_seq = 0;
 619        if (tunnel->version == L2TP_HDR_VER_2) {
 620                if (hdrflags & L2TP_HDRFLAG_S) {
 621                        ns = ntohs(*(__be16 *) ptr);
 622                        ptr += 2;
 623                        nr = ntohs(*(__be16 *) ptr);
 624                        ptr += 2;
 625
 626                        /* Store L2TP info in the skb */
 627                        L2TP_SKB_CB(skb)->ns = ns;
 628                        L2TP_SKB_CB(skb)->has_seq = 1;
 629
 630                        l2tp_dbg(session, L2TP_MSG_SEQ,
 631                                 "%s: recv data ns=%u, nr=%u, session nr=%u\n",
 632                                 session->name, ns, nr, session->nr);
 633                }
 634        } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
 635                u32 l2h = ntohl(*(__be32 *) ptr);
 636
 637                if (l2h & 0x40000000) {
 638                        ns = l2h & 0x00ffffff;
 639
 640                        /* Store L2TP info in the skb */
 641                        L2TP_SKB_CB(skb)->ns = ns;
 642                        L2TP_SKB_CB(skb)->has_seq = 1;
 643
 644                        l2tp_dbg(session, L2TP_MSG_SEQ,
 645                                 "%s: recv data ns=%u, session nr=%u\n",
 646                                 session->name, ns, session->nr);
 647                }
 648        }
 649
 650        /* Advance past L2-specific header, if present */
 651        ptr += session->l2specific_len;
 652
 653        if (L2TP_SKB_CB(skb)->has_seq) {
 654                /* Received a packet with sequence numbers. If we're the LNS,
 655                 * check if we sre sending sequence numbers and if not,
 656                 * configure it so.
 657                 */
 658                if ((!session->lns_mode) && (!session->send_seq)) {
 659                        l2tp_info(session, L2TP_MSG_SEQ,
 660                                  "%s: requested to enable seq numbers by LNS\n",
 661                                  session->name);
 662                        session->send_seq = -1;
 663                        l2tp_session_set_header_len(session, tunnel->version);
 664                }
 665        } else {
 666                /* No sequence numbers.
 667                 * If user has configured mandatory sequence numbers, discard.
 668                 */
 669                if (session->recv_seq) {
 670                        l2tp_warn(session, L2TP_MSG_SEQ,
 671                                  "%s: recv data has no seq numbers when required. Discarding.\n",
 672                                  session->name);
 673                        u64_stats_update_begin(&sstats->syncp);
 674                        sstats->rx_seq_discards++;
 675                        u64_stats_update_end(&sstats->syncp);
 676                        goto discard;
 677                }
 678
 679                /* If we're the LAC and we're sending sequence numbers, the
 680                 * LNS has requested that we no longer send sequence numbers.
 681                 * If we're the LNS and we're sending sequence numbers, the
 682                 * LAC is broken. Discard the frame.
 683                 */
 684                if ((!session->lns_mode) && (session->send_seq)) {
 685                        l2tp_info(session, L2TP_MSG_SEQ,
 686                                  "%s: requested to disable seq numbers by LNS\n",
 687                                  session->name);
 688                        session->send_seq = 0;
 689                        l2tp_session_set_header_len(session, tunnel->version);
 690                } else if (session->send_seq) {
 691                        l2tp_warn(session, L2TP_MSG_SEQ,
 692                                  "%s: recv data has no seq numbers when required. Discarding.\n",
 693                                  session->name);
 694                        u64_stats_update_begin(&sstats->syncp);
 695                        sstats->rx_seq_discards++;
 696                        u64_stats_update_end(&sstats->syncp);
 697                        goto discard;
 698                }
 699        }
 700
 701        /* Session data offset is handled differently for L2TPv2 and
 702         * L2TPv3. For L2TPv2, there is an optional 16-bit value in
 703         * the header. For L2TPv3, the offset is negotiated using AVPs
 704         * in the session setup control protocol.
 705         */
 706        if (tunnel->version == L2TP_HDR_VER_2) {
 707                /* If offset bit set, skip it. */
 708                if (hdrflags & L2TP_HDRFLAG_O) {
 709                        offset = ntohs(*(__be16 *)ptr);
 710                        ptr += 2 + offset;
 711                }
 712        } else
 713                ptr += session->offset;
 714
 715        offset = ptr - optr;
 716        if (!pskb_may_pull(skb, offset))
 717                goto discard;
 718
 719        __skb_pull(skb, offset);
 720
 721        /* If caller wants to process the payload before we queue the
 722         * packet, do so now.
 723         */
 724        if (payload_hook)
 725                if ((*payload_hook)(skb))
 726                        goto discard;
 727
 728        /* Prepare skb for adding to the session's reorder_q.  Hold
 729         * packets for max reorder_timeout or 1 second if not
 730         * reordering.
 731         */
 732        L2TP_SKB_CB(skb)->length = length;
 733        L2TP_SKB_CB(skb)->expires = jiffies +
 734                (session->reorder_timeout ? session->reorder_timeout : HZ);
 735
 736        /* Add packet to the session's receive queue. Reordering is done here, if
 737         * enabled. Saved L2TP protocol info is stored in skb->sb[].
 738         */
 739        if (L2TP_SKB_CB(skb)->has_seq) {
 740                if (session->reorder_timeout != 0) {
 741                        /* Packet reordering enabled. Add skb to session's
 742                         * reorder queue, in order of ns.
 743                         */
 744                        l2tp_recv_queue_skb(session, skb);
 745                } else {
 746                        /* Packet reordering disabled. Discard out-of-sequence
 747                         * packets
 748                         */
 749                        if (L2TP_SKB_CB(skb)->ns != session->nr) {
 750                                u64_stats_update_begin(&sstats->syncp);
 751                                sstats->rx_seq_discards++;
 752                                u64_stats_update_end(&sstats->syncp);
 753                                l2tp_dbg(session, L2TP_MSG_SEQ,
 754                                         "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n",
 755                                         session->name, L2TP_SKB_CB(skb)->ns,
 756                                         L2TP_SKB_CB(skb)->length, session->nr,
 757                                         skb_queue_len(&session->reorder_q));
 758                                goto discard;
 759                        }
 760                        skb_queue_tail(&session->reorder_q, skb);
 761                }
 762        } else {
 763                /* No sequence numbers. Add the skb to the tail of the
 764                 * reorder queue. This ensures that it will be
 765                 * delivered after all previous sequenced skbs.
 766                 */
 767                skb_queue_tail(&session->reorder_q, skb);
 768        }
 769
 770        /* Try to dequeue as many skbs from reorder_q as we can. */
 771        l2tp_recv_dequeue(session);
 772
 773        l2tp_session_dec_refcount(session);
 774
 775        return;
 776
 777discard:
 778        u64_stats_update_begin(&sstats->syncp);
 779        sstats->rx_errors++;
 780        u64_stats_update_end(&sstats->syncp);
 781        kfree_skb(skb);
 782
 783        if (session->deref)
 784                (*session->deref)(session);
 785
 786        l2tp_session_dec_refcount(session);
 787}
 788EXPORT_SYMBOL(l2tp_recv_common);
 789
 790/* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
 791 * here. The skb is not on a list when we get here.
 792 * Returns 0 if the packet was a data packet and was successfully passed on.
 793 * Returns 1 if the packet was not a good data packet and could not be
 794 * forwarded.  All such packets are passed up to userspace to deal with.
 795 */
 796static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
 797                              int (*payload_hook)(struct sk_buff *skb))
 798{
 799        struct l2tp_session *session = NULL;
 800        unsigned char *ptr, *optr;
 801        u16 hdrflags;
 802        u32 tunnel_id, session_id;
 803        u16 version;
 804        int length;
 805        struct l2tp_stats *tstats;
 806
 807        if (tunnel->sock && l2tp_verify_udp_checksum(tunnel->sock, skb))
 808                goto discard_bad_csum;
 809
 810        /* UDP always verifies the packet length. */
 811        __skb_pull(skb, sizeof(struct udphdr));
 812
 813        /* Short packet? */
 814        if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) {
 815                l2tp_info(tunnel, L2TP_MSG_DATA,
 816                          "%s: recv short packet (len=%d)\n",
 817                          tunnel->name, skb->len);
 818                goto error;
 819        }
 820
 821        /* Trace packet contents, if enabled */
 822        if (tunnel->debug & L2TP_MSG_DATA) {
 823                length = min(32u, skb->len);
 824                if (!pskb_may_pull(skb, length))
 825                        goto error;
 826
 827                pr_debug("%s: recv\n", tunnel->name);
 828                print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length);
 829        }
 830
 831        /* Point to L2TP header */
 832        optr = ptr = skb->data;
 833
 834        /* Get L2TP header flags */
 835        hdrflags = ntohs(*(__be16 *) ptr);
 836
 837        /* Check protocol version */
 838        version = hdrflags & L2TP_HDR_VER_MASK;
 839        if (version != tunnel->version) {
 840                l2tp_info(tunnel, L2TP_MSG_DATA,
 841                          "%s: recv protocol version mismatch: got %d expected %d\n",
 842                          tunnel->name, version, tunnel->version);
 843                goto error;
 844        }
 845
 846        /* Get length of L2TP packet */
 847        length = skb->len;
 848
 849        /* If type is control packet, it is handled by userspace. */
 850        if (hdrflags & L2TP_HDRFLAG_T) {
 851                l2tp_dbg(tunnel, L2TP_MSG_DATA,
 852                         "%s: recv control packet, len=%d\n",
 853                         tunnel->name, length);
 854                goto error;
 855        }
 856
 857        /* Skip flags */
 858        ptr += 2;
 859
 860        if (tunnel->version == L2TP_HDR_VER_2) {
 861                /* If length is present, skip it */
 862                if (hdrflags & L2TP_HDRFLAG_L)
 863                        ptr += 2;
 864
 865                /* Extract tunnel and session ID */
 866                tunnel_id = ntohs(*(__be16 *) ptr);
 867                ptr += 2;
 868                session_id = ntohs(*(__be16 *) ptr);
 869                ptr += 2;
 870        } else {
 871                ptr += 2;       /* skip reserved bits */
 872                tunnel_id = tunnel->tunnel_id;
 873                session_id = ntohl(*(__be32 *) ptr);
 874                ptr += 4;
 875        }
 876
 877        /* Find the session context */
 878        session = l2tp_session_find(tunnel->l2tp_net, tunnel, session_id);
 879        if (!session || !session->recv_skb) {
 880                /* Not found? Pass to userspace to deal with */
 881                l2tp_info(tunnel, L2TP_MSG_DATA,
 882                          "%s: no session found (%u/%u). Passing up.\n",
 883                          tunnel->name, tunnel_id, session_id);
 884                goto error;
 885        }
 886
 887        l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook);
 888
 889        return 0;
 890
 891discard_bad_csum:
 892        LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
 893        UDP_INC_STATS_USER(tunnel->l2tp_net, UDP_MIB_INERRORS, 0);
 894        tstats = &tunnel->stats;
 895        u64_stats_update_begin(&tstats->syncp);
 896        tstats->rx_errors++;
 897        u64_stats_update_end(&tstats->syncp);
 898        kfree_skb(skb);
 899
 900        return 0;
 901
 902error:
 903        /* Put UDP header back */
 904        __skb_push(skb, sizeof(struct udphdr));
 905
 906        return 1;
 907}
 908
 909/* UDP encapsulation receive handler. See net/ipv4/udp.c.
 910 * Return codes:
 911 * 0 : success.
 912 * <0: error
 913 * >0: skb should be passed up to userspace as UDP.
 914 */
 915int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
 916{
 917        struct l2tp_tunnel *tunnel;
 918
 919        tunnel = l2tp_sock_to_tunnel(sk);
 920        if (tunnel == NULL)
 921                goto pass_up;
 922
 923        l2tp_dbg(tunnel, L2TP_MSG_DATA, "%s: received %d bytes\n",
 924                 tunnel->name, skb->len);
 925
 926        if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook))
 927                goto pass_up_put;
 928
 929        sock_put(sk);
 930        return 0;
 931
 932pass_up_put:
 933        sock_put(sk);
 934pass_up:
 935        return 1;
 936}
 937EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
 938
 939/************************************************************************
 940 * Transmit handling
 941 ***********************************************************************/
 942
 943/* Build an L2TP header for the session into the buffer provided.
 944 */
 945static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf)
 946{
 947        struct l2tp_tunnel *tunnel = session->tunnel;
 948        __be16 *bufp = buf;
 949        __be16 *optr = buf;
 950        u16 flags = L2TP_HDR_VER_2;
 951        u32 tunnel_id = tunnel->peer_tunnel_id;
 952        u32 session_id = session->peer_session_id;
 953
 954        if (session->send_seq)
 955                flags |= L2TP_HDRFLAG_S;
 956
 957        /* Setup L2TP header. */
 958        *bufp++ = htons(flags);
 959        *bufp++ = htons(tunnel_id);
 960        *bufp++ = htons(session_id);
 961        if (session->send_seq) {
 962                *bufp++ = htons(session->ns);
 963                *bufp++ = 0;
 964                session->ns++;
 965                session->ns &= 0xffff;
 966                l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated ns to %u\n",
 967                         session->name, session->ns);
 968        }
 969
 970        return bufp - optr;
 971}
 972
 973static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf)
 974{
 975        struct l2tp_tunnel *tunnel = session->tunnel;
 976        char *bufp = buf;
 977        char *optr = bufp;
 978
 979        /* Setup L2TP header. The header differs slightly for UDP and
 980         * IP encapsulations. For UDP, there is 4 bytes of flags.
 981         */
 982        if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
 983                u16 flags = L2TP_HDR_VER_3;
 984                *((__be16 *) bufp) = htons(flags);
 985                bufp += 2;
 986                *((__be16 *) bufp) = 0;
 987                bufp += 2;
 988        }
 989
 990        *((__be32 *) bufp) = htonl(session->peer_session_id);
 991        bufp += 4;
 992        if (session->cookie_len) {
 993                memcpy(bufp, &session->cookie[0], session->cookie_len);
 994                bufp += session->cookie_len;
 995        }
 996        if (session->l2specific_len) {
 997                if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
 998                        u32 l2h = 0;
 999                        if (session->send_seq) {
1000                                l2h = 0x40000000 | session->ns;
1001                                session->ns++;
1002                                session->ns &= 0xffffff;
1003                                l2tp_dbg(session, L2TP_MSG_SEQ,
1004                                         "%s: updated ns to %u\n",
1005                                         session->name, session->ns);
1006                        }
1007
1008                        *((__be32 *) bufp) = htonl(l2h);
1009                }
1010                bufp += session->l2specific_len;
1011        }
1012        if (session->offset)
1013                bufp += session->offset;
1014
1015        return bufp - optr;
1016}
1017
1018static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1019                          struct flowi *fl, size_t data_len)
1020{
1021        struct l2tp_tunnel *tunnel = session->tunnel;
1022        unsigned int len = skb->len;
1023        int error;
1024        struct l2tp_stats *tstats, *sstats;
1025
1026        /* Debug */
1027        if (session->send_seq)
1028                l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes, ns=%u\n",
1029                         session->name, data_len, session->ns - 1);
1030        else
1031                l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes\n",
1032                         session->name, data_len);
1033
1034        if (session->debug & L2TP_MSG_DATA) {
1035                int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1036                unsigned char *datap = skb->data + uhlen;
1037
1038                pr_debug("%s: xmit\n", session->name);
1039                print_hex_dump_bytes("", DUMP_PREFIX_OFFSET,
1040                                     datap, min_t(size_t, 32, len - uhlen));
1041        }
1042
1043        /* Queue the packet to IP for output */
1044        skb->local_df = 1;
1045#if IS_ENABLED(CONFIG_IPV6)
1046        if (skb->sk->sk_family == PF_INET6)
1047                error = inet6_csk_xmit(skb, NULL);
1048        else
1049#endif
1050                error = ip_queue_xmit(skb, fl);
1051
1052        /* Update stats */
1053        tstats = &tunnel->stats;
1054        u64_stats_update_begin(&tstats->syncp);
1055        sstats = &session->stats;
1056        u64_stats_update_begin(&sstats->syncp);
1057        if (error >= 0) {
1058                tstats->tx_packets++;
1059                tstats->tx_bytes += len;
1060                sstats->tx_packets++;
1061                sstats->tx_bytes += len;
1062        } else {
1063                tstats->tx_errors++;
1064                sstats->tx_errors++;
1065        }
1066        u64_stats_update_end(&tstats->syncp);
1067        u64_stats_update_end(&sstats->syncp);
1068
1069        return 0;
1070}
1071
1072/* Automatically called when the skb is freed.
1073 */
1074static void l2tp_sock_wfree(struct sk_buff *skb)
1075{
1076        sock_put(skb->sk);
1077}
1078
1079/* For data skbs that we transmit, we associate with the tunnel socket
1080 * but don't do accounting.
1081 */
1082static inline void l2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
1083{
1084        sock_hold(sk);
1085        skb->sk = sk;
1086        skb->destructor = l2tp_sock_wfree;
1087}
1088
1089#if IS_ENABLED(CONFIG_IPV6)
1090static void l2tp_xmit_ipv6_csum(struct sock *sk, struct sk_buff *skb,
1091                                int udp_len)
1092{
1093        struct ipv6_pinfo *np = inet6_sk(sk);
1094        struct udphdr *uh = udp_hdr(skb);
1095
1096        if (!skb_dst(skb) || !skb_dst(skb)->dev ||
1097            !(skb_dst(skb)->dev->features & NETIF_F_IPV6_CSUM)) {
1098                __wsum csum = skb_checksum(skb, 0, udp_len, 0);
1099                skb->ip_summed = CHECKSUM_UNNECESSARY;
1100                uh->check = csum_ipv6_magic(&np->saddr, &np->daddr, udp_len,
1101                                            IPPROTO_UDP, csum);
1102                if (uh->check == 0)
1103                        uh->check = CSUM_MANGLED_0;
1104        } else {
1105                skb->ip_summed = CHECKSUM_PARTIAL;
1106                skb->csum_start = skb_transport_header(skb) - skb->head;
1107                skb->csum_offset = offsetof(struct udphdr, check);
1108                uh->check = ~csum_ipv6_magic(&np->saddr, &np->daddr,
1109                                             udp_len, IPPROTO_UDP, 0);
1110        }
1111}
1112#endif
1113
1114/* If caller requires the skb to have a ppp header, the header must be
1115 * inserted in the skb data before calling this function.
1116 */
1117int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
1118{
1119        int data_len = skb->len;
1120        struct l2tp_tunnel *tunnel = session->tunnel;
1121        struct sock *sk = tunnel->sock;
1122        struct flowi *fl;
1123        struct udphdr *uh;
1124        struct inet_sock *inet;
1125        __wsum csum;
1126        int old_headroom;
1127        int new_headroom;
1128        int headroom;
1129        int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1130        int udp_len;
1131        int ret = NET_XMIT_SUCCESS;
1132
1133        /* Check that there's enough headroom in the skb to insert IP,
1134         * UDP and L2TP headers. If not enough, expand it to
1135         * make room. Adjust truesize.
1136         */
1137        headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1138                uhlen + hdr_len;
1139        old_headroom = skb_headroom(skb);
1140        if (skb_cow_head(skb, headroom)) {
1141                kfree_skb(skb);
1142                return NET_XMIT_DROP;
1143        }
1144
1145        new_headroom = skb_headroom(skb);
1146        skb_orphan(skb);
1147        skb->truesize += new_headroom - old_headroom;
1148
1149        /* Setup L2TP header */
1150        session->build_header(session, __skb_push(skb, hdr_len));
1151
1152        /* Reset skb netfilter state */
1153        memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1154        IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1155                              IPSKB_REROUTED);
1156        nf_reset(skb);
1157
1158        bh_lock_sock(sk);
1159        if (sock_owned_by_user(sk)) {
1160                kfree_skb(skb);
1161                ret = NET_XMIT_DROP;
1162                goto out_unlock;
1163        }
1164
1165        /* Get routing info from the tunnel socket */
1166        skb_dst_drop(skb);
1167        skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
1168
1169        inet = inet_sk(sk);
1170        fl = &inet->cork.fl;
1171        switch (tunnel->encap) {
1172        case L2TP_ENCAPTYPE_UDP:
1173                /* Setup UDP header */
1174                __skb_push(skb, sizeof(*uh));
1175                skb_reset_transport_header(skb);
1176                uh = udp_hdr(skb);
1177                uh->source = inet->inet_sport;
1178                uh->dest = inet->inet_dport;
1179                udp_len = uhlen + hdr_len + data_len;
1180                uh->len = htons(udp_len);
1181                uh->check = 0;
1182
1183                /* Calculate UDP checksum if configured to do so */
1184#if IS_ENABLED(CONFIG_IPV6)
1185                if (sk->sk_family == PF_INET6)
1186                        l2tp_xmit_ipv6_csum(sk, skb, udp_len);
1187                else
1188#endif
1189                if (sk->sk_no_check == UDP_CSUM_NOXMIT)
1190                        skb->ip_summed = CHECKSUM_NONE;
1191                else if ((skb_dst(skb) && skb_dst(skb)->dev) &&
1192                         (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM))) {
1193                        skb->ip_summed = CHECKSUM_COMPLETE;
1194                        csum = skb_checksum(skb, 0, udp_len, 0);
1195                        uh->check = csum_tcpudp_magic(inet->inet_saddr,
1196                                                      inet->inet_daddr,
1197                                                      udp_len, IPPROTO_UDP, csum);
1198                        if (uh->check == 0)
1199                                uh->check = CSUM_MANGLED_0;
1200                } else {
1201                        skb->ip_summed = CHECKSUM_PARTIAL;
1202                        skb->csum_start = skb_transport_header(skb) - skb->head;
1203                        skb->csum_offset = offsetof(struct udphdr, check);
1204                        uh->check = ~csum_tcpudp_magic(inet->inet_saddr,
1205                                                       inet->inet_daddr,
1206                                                       udp_len, IPPROTO_UDP, 0);
1207                }
1208                break;
1209
1210        case L2TP_ENCAPTYPE_IP:
1211                break;
1212        }
1213
1214        l2tp_skb_set_owner_w(skb, sk);
1215
1216        l2tp_xmit_core(session, skb, fl, data_len);
1217out_unlock:
1218        bh_unlock_sock(sk);
1219
1220        return ret;
1221}
1222EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1223
1224/*****************************************************************************
1225 * Tinnel and session create/destroy.
1226 *****************************************************************************/
1227
1228/* Tunnel socket destruct hook.
1229 * The tunnel context is deleted only when all session sockets have been
1230 * closed.
1231 */
1232static void l2tp_tunnel_destruct(struct sock *sk)
1233{
1234        struct l2tp_tunnel *tunnel;
1235
1236        tunnel = sk->sk_user_data;
1237        if (tunnel == NULL)
1238                goto end;
1239
1240        l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name);
1241
1242        /* Close all sessions */
1243        l2tp_tunnel_closeall(tunnel);
1244
1245        switch (tunnel->encap) {
1246        case L2TP_ENCAPTYPE_UDP:
1247                /* No longer an encapsulation socket. See net/ipv4/udp.c */
1248                (udp_sk(sk))->encap_type = 0;
1249                (udp_sk(sk))->encap_rcv = NULL;
1250                break;
1251        case L2TP_ENCAPTYPE_IP:
1252                break;
1253        }
1254
1255        /* Remove hooks into tunnel socket */
1256        tunnel->sock = NULL;
1257        sk->sk_destruct = tunnel->old_sk_destruct;
1258        sk->sk_user_data = NULL;
1259
1260        /* Call the original destructor */
1261        if (sk->sk_destruct)
1262                (*sk->sk_destruct)(sk);
1263
1264        /* We're finished with the socket */
1265        l2tp_tunnel_dec_refcount(tunnel);
1266
1267end:
1268        return;
1269}
1270
1271/* When the tunnel is closed, all the attached sessions need to go too.
1272 */
1273static void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1274{
1275        int hash;
1276        struct hlist_node *walk;
1277        struct hlist_node *tmp;
1278        struct l2tp_session *session;
1279
1280        BUG_ON(tunnel == NULL);
1281
1282        l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing all sessions...\n",
1283                  tunnel->name);
1284
1285        write_lock_bh(&tunnel->hlist_lock);
1286        for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1287again:
1288                hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1289                        session = hlist_entry(walk, struct l2tp_session, hlist);
1290
1291                        l2tp_info(session, L2TP_MSG_CONTROL,
1292                                  "%s: closing session\n", session->name);
1293
1294                        hlist_del_init(&session->hlist);
1295
1296                        /* Since we should hold the sock lock while
1297                         * doing any unbinding, we need to release the
1298                         * lock we're holding before taking that lock.
1299                         * Hold a reference to the sock so it doesn't
1300                         * disappear as we're jumping between locks.
1301                         */
1302                        if (session->ref != NULL)
1303                                (*session->ref)(session);
1304
1305                        write_unlock_bh(&tunnel->hlist_lock);
1306
1307                        if (tunnel->version != L2TP_HDR_VER_2) {
1308                                struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1309
1310                                spin_lock_bh(&pn->l2tp_session_hlist_lock);
1311                                hlist_del_init_rcu(&session->global_hlist);
1312                                spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1313                                synchronize_rcu();
1314                        }
1315
1316                        if (session->session_close != NULL)
1317                                (*session->session_close)(session);
1318
1319                        if (session->deref != NULL)
1320                                (*session->deref)(session);
1321
1322                        write_lock_bh(&tunnel->hlist_lock);
1323
1324                        /* Now restart from the beginning of this hash
1325                         * chain.  We always remove a session from the
1326                         * list so we are guaranteed to make forward
1327                         * progress.
1328                         */
1329                        goto again;
1330                }
1331        }
1332        write_unlock_bh(&tunnel->hlist_lock);
1333}
1334
1335/* Really kill the tunnel.
1336 * Come here only when all sessions have been cleared from the tunnel.
1337 */
1338static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
1339{
1340        struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1341
1342        BUG_ON(atomic_read(&tunnel->ref_count) != 0);
1343        BUG_ON(tunnel->sock != NULL);
1344
1345        l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name);
1346
1347        /* Remove from tunnel list */
1348        spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1349        list_del_rcu(&tunnel->list);
1350        kfree_rcu(tunnel, rcu);
1351        spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1352
1353        atomic_dec(&l2tp_tunnel_count);
1354}
1355
1356/* Create a socket for the tunnel, if one isn't set up by
1357 * userspace. This is used for static tunnels where there is no
1358 * managing L2TP daemon.
1359 */
1360static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct socket **sockp)
1361{
1362        int err = -EINVAL;
1363        struct sockaddr_in udp_addr;
1364#if IS_ENABLED(CONFIG_IPV6)
1365        struct sockaddr_in6 udp6_addr;
1366        struct sockaddr_l2tpip6 ip6_addr;
1367#endif
1368        struct sockaddr_l2tpip ip_addr;
1369        struct socket *sock = NULL;
1370
1371        switch (cfg->encap) {
1372        case L2TP_ENCAPTYPE_UDP:
1373#if IS_ENABLED(CONFIG_IPV6)
1374                if (cfg->local_ip6 && cfg->peer_ip6) {
1375                        err = sock_create(AF_INET6, SOCK_DGRAM, 0, sockp);
1376                        if (err < 0)
1377                                goto out;
1378
1379                        sock = *sockp;
1380
1381                        memset(&udp6_addr, 0, sizeof(udp6_addr));
1382                        udp6_addr.sin6_family = AF_INET6;
1383                        memcpy(&udp6_addr.sin6_addr, cfg->local_ip6,
1384                               sizeof(udp6_addr.sin6_addr));
1385                        udp6_addr.sin6_port = htons(cfg->local_udp_port);
1386                        err = kernel_bind(sock, (struct sockaddr *) &udp6_addr,
1387                                          sizeof(udp6_addr));
1388                        if (err < 0)
1389                                goto out;
1390
1391                        udp6_addr.sin6_family = AF_INET6;
1392                        memcpy(&udp6_addr.sin6_addr, cfg->peer_ip6,
1393                               sizeof(udp6_addr.sin6_addr));
1394                        udp6_addr.sin6_port = htons(cfg->peer_udp_port);
1395                        err = kernel_connect(sock,
1396                                             (struct sockaddr *) &udp6_addr,
1397                                             sizeof(udp6_addr), 0);
1398                        if (err < 0)
1399                                goto out;
1400                } else
1401#endif
1402                {
1403                        err = sock_create(AF_INET, SOCK_DGRAM, 0, sockp);
1404                        if (err < 0)
1405                                goto out;
1406
1407                        sock = *sockp;
1408
1409                        memset(&udp_addr, 0, sizeof(udp_addr));
1410                        udp_addr.sin_family = AF_INET;
1411                        udp_addr.sin_addr = cfg->local_ip;
1412                        udp_addr.sin_port = htons(cfg->local_udp_port);
1413                        err = kernel_bind(sock, (struct sockaddr *) &udp_addr,
1414                                          sizeof(udp_addr));
1415                        if (err < 0)
1416                                goto out;
1417
1418                        udp_addr.sin_family = AF_INET;
1419                        udp_addr.sin_addr = cfg->peer_ip;
1420                        udp_addr.sin_port = htons(cfg->peer_udp_port);
1421                        err = kernel_connect(sock,
1422                                             (struct sockaddr *) &udp_addr,
1423                                             sizeof(udp_addr), 0);
1424                        if (err < 0)
1425                                goto out;
1426                }
1427
1428                if (!cfg->use_udp_checksums)
1429                        sock->sk->sk_no_check = UDP_CSUM_NOXMIT;
1430
1431                break;
1432
1433        case L2TP_ENCAPTYPE_IP:
1434#if IS_ENABLED(CONFIG_IPV6)
1435                if (cfg->local_ip6 && cfg->peer_ip6) {
1436                        err = sock_create(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP,
1437                                          sockp);
1438                        if (err < 0)
1439                                goto out;
1440
1441                        sock = *sockp;
1442
1443                        memset(&ip6_addr, 0, sizeof(ip6_addr));
1444                        ip6_addr.l2tp_family = AF_INET6;
1445                        memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1446                               sizeof(ip6_addr.l2tp_addr));
1447                        ip6_addr.l2tp_conn_id = tunnel_id;
1448                        err = kernel_bind(sock, (struct sockaddr *) &ip6_addr,
1449                                          sizeof(ip6_addr));
1450                        if (err < 0)
1451                                goto out;
1452
1453                        ip6_addr.l2tp_family = AF_INET6;
1454                        memcpy(&ip6_addr.l2tp_addr, cfg->peer_ip6,
1455                               sizeof(ip6_addr.l2tp_addr));
1456                        ip6_addr.l2tp_conn_id = peer_tunnel_id;
1457                        err = kernel_connect(sock,
1458                                             (struct sockaddr *) &ip6_addr,
1459                                             sizeof(ip6_addr), 0);
1460                        if (err < 0)
1461                                goto out;
1462                } else
1463#endif
1464                {
1465                        err = sock_create(AF_INET, SOCK_DGRAM, IPPROTO_L2TP,
1466                                          sockp);
1467                        if (err < 0)
1468                                goto out;
1469
1470                        sock = *sockp;
1471
1472                        memset(&ip_addr, 0, sizeof(ip_addr));
1473                        ip_addr.l2tp_family = AF_INET;
1474                        ip_addr.l2tp_addr = cfg->local_ip;
1475                        ip_addr.l2tp_conn_id = tunnel_id;
1476                        err = kernel_bind(sock, (struct sockaddr *) &ip_addr,
1477                                          sizeof(ip_addr));
1478                        if (err < 0)
1479                                goto out;
1480
1481                        ip_addr.l2tp_family = AF_INET;
1482                        ip_addr.l2tp_addr = cfg->peer_ip;
1483                        ip_addr.l2tp_conn_id = peer_tunnel_id;
1484                        err = kernel_connect(sock, (struct sockaddr *) &ip_addr,
1485                                             sizeof(ip_addr), 0);
1486                        if (err < 0)
1487                                goto out;
1488                }
1489                break;
1490
1491        default:
1492                goto out;
1493        }
1494
1495out:
1496        if ((err < 0) && sock) {
1497                sock_release(sock);
1498                *sockp = NULL;
1499        }
1500
1501        return err;
1502}
1503
1504static struct lock_class_key l2tp_socket_class;
1505
1506int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1507{
1508        struct l2tp_tunnel *tunnel = NULL;
1509        int err;
1510        struct socket *sock = NULL;
1511        struct sock *sk = NULL;
1512        struct l2tp_net *pn;
1513        enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1514
1515        /* Get the tunnel socket from the fd, which was opened by
1516         * the userspace L2TP daemon. If not specified, create a
1517         * kernel socket.
1518         */
1519        if (fd < 0) {
1520                err = l2tp_tunnel_sock_create(tunnel_id, peer_tunnel_id, cfg, &sock);
1521                if (err < 0)
1522                        goto err;
1523        } else {
1524                err = -EBADF;
1525                sock = sockfd_lookup(fd, &err);
1526                if (!sock) {
1527                        pr_err("tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1528                               tunnel_id, fd, err);
1529                        goto err;
1530                }
1531        }
1532
1533        sk = sock->sk;
1534
1535        if (cfg != NULL)
1536                encap = cfg->encap;
1537
1538        /* Quick sanity checks */
1539        switch (encap) {
1540        case L2TP_ENCAPTYPE_UDP:
1541                err = -EPROTONOSUPPORT;
1542                if (sk->sk_protocol != IPPROTO_UDP) {
1543                        pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1544                               tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1545                        goto err;
1546                }
1547                break;
1548        case L2TP_ENCAPTYPE_IP:
1549                err = -EPROTONOSUPPORT;
1550                if (sk->sk_protocol != IPPROTO_L2TP) {
1551                        pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1552                               tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP);
1553                        goto err;
1554                }
1555                break;
1556        }
1557
1558        /* Check if this socket has already been prepped */
1559        tunnel = (struct l2tp_tunnel *)sk->sk_user_data;
1560        if (tunnel != NULL) {
1561                /* This socket has already been prepped */
1562                err = -EBUSY;
1563                goto err;
1564        }
1565
1566        tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1567        if (tunnel == NULL) {
1568                err = -ENOMEM;
1569                goto err;
1570        }
1571
1572        tunnel->version = version;
1573        tunnel->tunnel_id = tunnel_id;
1574        tunnel->peer_tunnel_id = peer_tunnel_id;
1575        tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1576
1577        tunnel->magic = L2TP_TUNNEL_MAGIC;
1578        sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1579        rwlock_init(&tunnel->hlist_lock);
1580
1581        /* The net we belong to */
1582        tunnel->l2tp_net = net;
1583        pn = l2tp_pernet(net);
1584
1585        if (cfg != NULL)
1586                tunnel->debug = cfg->debug;
1587
1588        /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1589        tunnel->encap = encap;
1590        if (encap == L2TP_ENCAPTYPE_UDP) {
1591                /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1592                udp_sk(sk)->encap_type = UDP_ENCAP_L2TPINUDP;
1593                udp_sk(sk)->encap_rcv = l2tp_udp_encap_recv;
1594#if IS_ENABLED(CONFIG_IPV6)
1595                if (sk->sk_family == PF_INET6)
1596                        udpv6_encap_enable();
1597                else
1598#endif
1599                udp_encap_enable();
1600        }
1601
1602        sk->sk_user_data = tunnel;
1603
1604        /* Hook on the tunnel socket destructor so that we can cleanup
1605         * if the tunnel socket goes away.
1606         */
1607        tunnel->old_sk_destruct = sk->sk_destruct;
1608        sk->sk_destruct = &l2tp_tunnel_destruct;
1609        tunnel->sock = sk;
1610        lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock");
1611
1612        sk->sk_allocation = GFP_ATOMIC;
1613
1614        /* Add tunnel to our list */
1615        INIT_LIST_HEAD(&tunnel->list);
1616        atomic_inc(&l2tp_tunnel_count);
1617
1618        /* Bump the reference count. The tunnel context is deleted
1619         * only when this drops to zero. Must be done before list insertion
1620         */
1621        l2tp_tunnel_inc_refcount(tunnel);
1622        spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1623        list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list);
1624        spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1625
1626        err = 0;
1627err:
1628        if (tunnelp)
1629                *tunnelp = tunnel;
1630
1631        /* If tunnel's socket was created by the kernel, it doesn't
1632         *  have a file.
1633         */
1634        if (sock && sock->file)
1635                sockfd_put(sock);
1636
1637        return err;
1638}
1639EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1640
1641/* This function is used by the netlink TUNNEL_DELETE command.
1642 */
1643int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1644{
1645        int err = 0;
1646        struct socket *sock = tunnel->sock ? tunnel->sock->sk_socket : NULL;
1647
1648        /* Force the tunnel socket to close. This will eventually
1649         * cause the tunnel to be deleted via the normal socket close
1650         * mechanisms when userspace closes the tunnel socket.
1651         */
1652        if (sock != NULL) {
1653                err = inet_shutdown(sock, 2);
1654
1655                /* If the tunnel's socket was created by the kernel,
1656                 * close the socket here since the socket was not
1657                 * created by userspace.
1658                 */
1659                if (sock->file == NULL)
1660                        err = inet_release(sock);
1661        }
1662
1663        return err;
1664}
1665EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1666
1667/* Really kill the session.
1668 */
1669void l2tp_session_free(struct l2tp_session *session)
1670{
1671        struct l2tp_tunnel *tunnel;
1672
1673        BUG_ON(atomic_read(&session->ref_count) != 0);
1674
1675        tunnel = session->tunnel;
1676        if (tunnel != NULL) {
1677                BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1678
1679                /* Delete the session from the hash */
1680                write_lock_bh(&tunnel->hlist_lock);
1681                hlist_del_init(&session->hlist);
1682                write_unlock_bh(&tunnel->hlist_lock);
1683
1684                /* Unlink from the global hash if not L2TPv2 */
1685                if (tunnel->version != L2TP_HDR_VER_2) {
1686                        struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1687
1688                        spin_lock_bh(&pn->l2tp_session_hlist_lock);
1689                        hlist_del_init_rcu(&session->global_hlist);
1690                        spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1691                        synchronize_rcu();
1692                }
1693
1694                if (session->session_id != 0)
1695                        atomic_dec(&l2tp_session_count);
1696
1697                sock_put(tunnel->sock);
1698
1699                /* This will delete the tunnel context if this
1700                 * is the last session on the tunnel.
1701                 */
1702                session->tunnel = NULL;
1703                l2tp_tunnel_dec_refcount(tunnel);
1704        }
1705
1706        kfree(session);
1707
1708        return;
1709}
1710EXPORT_SYMBOL_GPL(l2tp_session_free);
1711
1712/* This function is used by the netlink SESSION_DELETE command and by
1713   pseudowire modules.
1714 */
1715int l2tp_session_delete(struct l2tp_session *session)
1716{
1717        if (session->session_close != NULL)
1718                (*session->session_close)(session);
1719
1720        l2tp_session_dec_refcount(session);
1721
1722        return 0;
1723}
1724EXPORT_SYMBOL_GPL(l2tp_session_delete);
1725
1726
1727/* We come here whenever a session's send_seq, cookie_len or
1728 * l2specific_len parameters are set.
1729 */
1730static void l2tp_session_set_header_len(struct l2tp_session *session, int version)
1731{
1732        if (version == L2TP_HDR_VER_2) {
1733                session->hdr_len = 6;
1734                if (session->send_seq)
1735                        session->hdr_len += 4;
1736        } else {
1737                session->hdr_len = 4 + session->cookie_len + session->l2specific_len + session->offset;
1738                if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1739                        session->hdr_len += 4;
1740        }
1741
1742}
1743
1744struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1745{
1746        struct l2tp_session *session;
1747
1748        session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1749        if (session != NULL) {
1750                session->magic = L2TP_SESSION_MAGIC;
1751                session->tunnel = tunnel;
1752
1753                session->session_id = session_id;
1754                session->peer_session_id = peer_session_id;
1755                session->nr = 0;
1756
1757                sprintf(&session->name[0], "sess %u/%u",
1758                        tunnel->tunnel_id, session->session_id);
1759
1760                skb_queue_head_init(&session->reorder_q);
1761
1762                INIT_HLIST_NODE(&session->hlist);
1763                INIT_HLIST_NODE(&session->global_hlist);
1764
1765                /* Inherit debug options from tunnel */
1766                session->debug = tunnel->debug;
1767
1768                if (cfg) {
1769                        session->pwtype = cfg->pw_type;
1770                        session->debug = cfg->debug;
1771                        session->mtu = cfg->mtu;
1772                        session->mru = cfg->mru;
1773                        session->send_seq = cfg->send_seq;
1774                        session->recv_seq = cfg->recv_seq;
1775                        session->lns_mode = cfg->lns_mode;
1776                        session->reorder_timeout = cfg->reorder_timeout;
1777                        session->offset = cfg->offset;
1778                        session->l2specific_type = cfg->l2specific_type;
1779                        session->l2specific_len = cfg->l2specific_len;
1780                        session->cookie_len = cfg->cookie_len;
1781                        memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len);
1782                        session->peer_cookie_len = cfg->peer_cookie_len;
1783                        memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1784                }
1785
1786                if (tunnel->version == L2TP_HDR_VER_2)
1787                        session->build_header = l2tp_build_l2tpv2_header;
1788                else
1789                        session->build_header = l2tp_build_l2tpv3_header;
1790
1791                l2tp_session_set_header_len(session, tunnel->version);
1792
1793                /* Bump the reference count. The session context is deleted
1794                 * only when this drops to zero.
1795                 */
1796                l2tp_session_inc_refcount(session);
1797                l2tp_tunnel_inc_refcount(tunnel);
1798
1799                /* Ensure tunnel socket isn't deleted */
1800                sock_hold(tunnel->sock);
1801
1802                /* Add session to the tunnel's hash list */
1803                write_lock_bh(&tunnel->hlist_lock);
1804                hlist_add_head(&session->hlist,
1805                               l2tp_session_id_hash(tunnel, session_id));
1806                write_unlock_bh(&tunnel->hlist_lock);
1807
1808                /* And to the global session list if L2TPv3 */
1809                if (tunnel->version != L2TP_HDR_VER_2) {
1810                        struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1811
1812                        spin_lock_bh(&pn->l2tp_session_hlist_lock);
1813                        hlist_add_head_rcu(&session->global_hlist,
1814                                           l2tp_session_id_hash_2(pn, session_id));
1815                        spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1816                }
1817
1818                /* Ignore management session in session count value */
1819                if (session->session_id != 0)
1820                        atomic_inc(&l2tp_session_count);
1821        }
1822
1823        return session;
1824}
1825EXPORT_SYMBOL_GPL(l2tp_session_create);
1826
1827/*****************************************************************************
1828 * Init and cleanup
1829 *****************************************************************************/
1830
1831static __net_init int l2tp_init_net(struct net *net)
1832{
1833        struct l2tp_net *pn = net_generic(net, l2tp_net_id);
1834        int hash;
1835
1836        INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1837        spin_lock_init(&pn->l2tp_tunnel_list_lock);
1838
1839        for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1840                INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
1841
1842        spin_lock_init(&pn->l2tp_session_hlist_lock);
1843
1844        return 0;
1845}
1846
1847static struct pernet_operations l2tp_net_ops = {
1848        .init = l2tp_init_net,
1849        .id   = &l2tp_net_id,
1850        .size = sizeof(struct l2tp_net),
1851};
1852
1853static int __init l2tp_init(void)
1854{
1855        int rc = 0;
1856
1857        rc = register_pernet_device(&l2tp_net_ops);
1858        if (rc)
1859                goto out;
1860
1861        pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION);
1862
1863out:
1864        return rc;
1865}
1866
1867static void __exit l2tp_exit(void)
1868{
1869        unregister_pernet_device(&l2tp_net_ops);
1870}
1871
1872module_init(l2tp_init);
1873module_exit(l2tp_exit);
1874
1875MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1876MODULE_DESCRIPTION("L2TP core");
1877MODULE_LICENSE("GPL");
1878MODULE_VERSION(L2TP_DRV_VERSION);
1879
1880
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.