1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
22
23#include <linux/module.h>
24#include <linux/string.h>
25#include <linux/list.h>
26#include <linux/rculist.h>
27#include <linux/uaccess.h>
28
29#include <linux/kernel.h>
30#include <linux/spinlock.h>
31#include <linux/kthread.h>
32#include <linux/sched.h>
33#include <linux/slab.h>
34#include <linux/errno.h>
35#include <linux/jiffies.h>
36
37#include <linux/netdevice.h>
38#include <linux/net.h>
39#include <linux/inetdevice.h>
40#include <linux/skbuff.h>
41#include <linux/init.h>
42#include <linux/in.h>
43#include <linux/ip.h>
44#include <linux/udp.h>
45#include <linux/l2tp.h>
46#include <linux/hash.h>
47#include <linux/sort.h>
48#include <linux/file.h>
49#include <linux/nsproxy.h>
50#include <net/net_namespace.h>
51#include <net/netns/generic.h>
52#include <net/dst.h>
53#include <net/ip.h>
54#include <net/udp.h>
55#include <net/inet_common.h>
56#include <net/xfrm.h>
57#include <net/protocol.h>
58#include <net/inet6_connection_sock.h>
59#include <net/inet_ecn.h>
60#include <net/ip6_route.h>
61#include <net/ip6_checksum.h>
62
63#include <asm/byteorder.h>
64#include <linux/atomic.h>
65
66#include "l2tp_core.h"
67
68#define L2TP_DRV_VERSION "V2.0"
69
70
71#define L2TP_HDRFLAG_T 0x8000
72#define L2TP_HDRFLAG_L 0x4000
73#define L2TP_HDRFLAG_S 0x0800
74#define L2TP_HDRFLAG_O 0x0200
75#define L2TP_HDRFLAG_P 0x0100
76
77#define L2TP_HDR_VER_MASK 0x000F
78#define L2TP_HDR_VER_2 0x0002
79#define L2TP_HDR_VER_3 0x0003
80
81
82#define L2TP_SLFLAG_S 0x40000000
83#define L2TP_SL_SEQ_MASK 0x00ffffff
84
85#define L2TP_HDR_SIZE_SEQ 10
86#define L2TP_HDR_SIZE_NOSEQ 6
87
88
89#define L2TP_DEFAULT_DEBUG_FLAGS 0
90
91
92
93struct l2tp_skb_cb {
94 u32 ns;
95 u16 has_seq;
96 u16 length;
97 unsigned long expires;
98};
99
100#define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
101
102static atomic_t l2tp_tunnel_count;
103static atomic_t l2tp_session_count;
104
105
106static unsigned int l2tp_net_id;
107struct l2tp_net {
108 struct list_head l2tp_tunnel_list;
109 spinlock_t l2tp_tunnel_list_lock;
110 struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
111 spinlock_t l2tp_session_hlist_lock;
112};
113
114static void l2tp_session_set_header_len(struct l2tp_session *session, int version);
115static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel);
116static void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel);
117
118static inline struct l2tp_net *l2tp_pernet(struct net *net)
119{
120 BUG_ON(!net);
121
122 return net_generic(net, l2tp_net_id);
123}
124
125
126
127
128
129static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel)
130{
131 atomic_inc(&tunnel->ref_count);
132}
133
134static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel)
135{
136 if (atomic_dec_and_test(&tunnel->ref_count))
137 l2tp_tunnel_free(tunnel);
138}
139#ifdef L2TP_REFCNT_DEBUG
140#define l2tp_tunnel_inc_refcount(_t) \
141do { \
142 pr_debug("l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n", \
143 __func__, __LINE__, (_t)->name, \
144 atomic_read(&_t->ref_count)); \
145 l2tp_tunnel_inc_refcount_1(_t); \
146} while (0)
147#define l2tp_tunnel_dec_refcount(_t)
148do { \
149 pr_debug("l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n", \
150 __func__, __LINE__, (_t)->name, \
151 atomic_read(&_t->ref_count)); \
152 l2tp_tunnel_dec_refcount_1(_t); \
153} while (0)
154#else
155#define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t)
156#define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t)
157#endif
158
159
160
161
162
163
164static inline struct hlist_head *
165l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
166{
167 return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
168
169}
170
171
172
173static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
174{
175 struct l2tp_net *pn = l2tp_pernet(net);
176 struct hlist_head *session_list =
177 l2tp_session_id_hash_2(pn, session_id);
178 struct l2tp_session *session;
179 struct hlist_node *walk;
180
181 rcu_read_lock_bh();
182 hlist_for_each_entry_rcu(session, walk, session_list, global_hlist) {
183 if (session->session_id == session_id) {
184 rcu_read_unlock_bh();
185 return session;
186 }
187 }
188 rcu_read_unlock_bh();
189
190 return NULL;
191}
192
193
194
195
196
197
198
199static inline struct hlist_head *
200l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
201{
202 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
203}
204
205
206
207struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id)
208{
209 struct hlist_head *session_list;
210 struct l2tp_session *session;
211 struct hlist_node *walk;
212
213
214
215
216
217 if (tunnel == NULL)
218 return l2tp_session_find_2(net, session_id);
219
220 session_list = l2tp_session_id_hash(tunnel, session_id);
221 read_lock_bh(&tunnel->hlist_lock);
222 hlist_for_each_entry(session, walk, session_list, hlist) {
223 if (session->session_id == session_id) {
224 read_unlock_bh(&tunnel->hlist_lock);
225 return session;
226 }
227 }
228 read_unlock_bh(&tunnel->hlist_lock);
229
230 return NULL;
231}
232EXPORT_SYMBOL_GPL(l2tp_session_find);
233
234struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth)
235{
236 int hash;
237 struct hlist_node *walk;
238 struct l2tp_session *session;
239 int count = 0;
240
241 read_lock_bh(&tunnel->hlist_lock);
242 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
243 hlist_for_each_entry(session, walk, &tunnel->session_hlist[hash], hlist) {
244 if (++count > nth) {
245 read_unlock_bh(&tunnel->hlist_lock);
246 return session;
247 }
248 }
249 }
250
251 read_unlock_bh(&tunnel->hlist_lock);
252
253 return NULL;
254}
255EXPORT_SYMBOL_GPL(l2tp_session_find_nth);
256
257
258
259
260struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname)
261{
262 struct l2tp_net *pn = l2tp_pernet(net);
263 int hash;
264 struct hlist_node *walk;
265 struct l2tp_session *session;
266
267 rcu_read_lock_bh();
268 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
269 hlist_for_each_entry_rcu(session, walk, &pn->l2tp_session_hlist[hash], global_hlist) {
270 if (!strcmp(session->ifname, ifname)) {
271 rcu_read_unlock_bh();
272 return session;
273 }
274 }
275 }
276
277 rcu_read_unlock_bh();
278
279 return NULL;
280}
281EXPORT_SYMBOL_GPL(l2tp_session_find_by_ifname);
282
283
284
285struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id)
286{
287 struct l2tp_tunnel *tunnel;
288 struct l2tp_net *pn = l2tp_pernet(net);
289
290 rcu_read_lock_bh();
291 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
292 if (tunnel->tunnel_id == tunnel_id) {
293 rcu_read_unlock_bh();
294 return tunnel;
295 }
296 }
297 rcu_read_unlock_bh();
298
299 return NULL;
300}
301EXPORT_SYMBOL_GPL(l2tp_tunnel_find);
302
303struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth)
304{
305 struct l2tp_net *pn = l2tp_pernet(net);
306 struct l2tp_tunnel *tunnel;
307 int count = 0;
308
309 rcu_read_lock_bh();
310 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
311 if (++count > nth) {
312 rcu_read_unlock_bh();
313 return tunnel;
314 }
315 }
316
317 rcu_read_unlock_bh();
318
319 return NULL;
320}
321EXPORT_SYMBOL_GPL(l2tp_tunnel_find_nth);
322
323
324
325
326
327
328
329
330static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
331{
332 struct sk_buff *skbp;
333 struct sk_buff *tmp;
334 u32 ns = L2TP_SKB_CB(skb)->ns;
335 struct l2tp_stats *sstats;
336
337 spin_lock_bh(&session->reorder_q.lock);
338 sstats = &session->stats;
339 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
340 if (L2TP_SKB_CB(skbp)->ns > ns) {
341 __skb_queue_before(&session->reorder_q, skbp, skb);
342 l2tp_dbg(session, L2TP_MSG_SEQ,
343 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
344 session->name, ns, L2TP_SKB_CB(skbp)->ns,
345 skb_queue_len(&session->reorder_q));
346 u64_stats_update_begin(&sstats->syncp);
347 sstats->rx_oos_packets++;
348 u64_stats_update_end(&sstats->syncp);
349 goto out;
350 }
351 }
352
353 __skb_queue_tail(&session->reorder_q, skb);
354
355out:
356 spin_unlock_bh(&session->reorder_q.lock);
357}
358
359
360
361static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
362{
363 struct l2tp_tunnel *tunnel = session->tunnel;
364 int length = L2TP_SKB_CB(skb)->length;
365 struct l2tp_stats *tstats, *sstats;
366
367
368
369
370 skb_orphan(skb);
371
372 tstats = &tunnel->stats;
373 u64_stats_update_begin(&tstats->syncp);
374 sstats = &session->stats;
375 u64_stats_update_begin(&sstats->syncp);
376 tstats->rx_packets++;
377 tstats->rx_bytes += length;
378 sstats->rx_packets++;
379 sstats->rx_bytes += length;
380 u64_stats_update_end(&tstats->syncp);
381 u64_stats_update_end(&sstats->syncp);
382
383 if (L2TP_SKB_CB(skb)->has_seq) {
384
385 session->nr++;
386 if (tunnel->version == L2TP_HDR_VER_2)
387 session->nr &= 0xffff;
388 else
389 session->nr &= 0xffffff;
390
391 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated nr to %hu\n",
392 session->name, session->nr);
393 }
394
395
396 if (session->recv_skb != NULL)
397 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
398 else
399 kfree_skb(skb);
400
401 if (session->deref)
402 (*session->deref)(session);
403}
404
405
406
407
408static void l2tp_recv_dequeue(struct l2tp_session *session)
409{
410 struct sk_buff *skb;
411 struct sk_buff *tmp;
412 struct l2tp_stats *sstats;
413
414
415
416
417
418start:
419 spin_lock_bh(&session->reorder_q.lock);
420 sstats = &session->stats;
421 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
422 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
423 u64_stats_update_begin(&sstats->syncp);
424 sstats->rx_seq_discards++;
425 sstats->rx_errors++;
426 u64_stats_update_end(&sstats->syncp);
427 l2tp_dbg(session, L2TP_MSG_SEQ,
428 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n",
429 session->name, L2TP_SKB_CB(skb)->ns,
430 L2TP_SKB_CB(skb)->length, session->nr,
431 skb_queue_len(&session->reorder_q));
432 session->reorder_skip = 1;
433 __skb_unlink(skb, &session->reorder_q);
434 kfree_skb(skb);
435 if (session->deref)
436 (*session->deref)(session);
437 continue;
438 }
439
440 if (L2TP_SKB_CB(skb)->has_seq) {
441 if (session->reorder_skip) {
442 l2tp_dbg(session, L2TP_MSG_SEQ,
443 "%s: advancing nr to next pkt: %u -> %u",
444 session->name, session->nr,
445 L2TP_SKB_CB(skb)->ns);
446 session->reorder_skip = 0;
447 session->nr = L2TP_SKB_CB(skb)->ns;
448 }
449 if (L2TP_SKB_CB(skb)->ns != session->nr) {
450 l2tp_dbg(session, L2TP_MSG_SEQ,
451 "%s: holding oos pkt %u len %d, waiting for %u, reorder_q_len=%d\n",
452 session->name, L2TP_SKB_CB(skb)->ns,
453 L2TP_SKB_CB(skb)->length, session->nr,
454 skb_queue_len(&session->reorder_q));
455 goto out;
456 }
457 }
458 __skb_unlink(skb, &session->reorder_q);
459
460
461
462
463 spin_unlock_bh(&session->reorder_q.lock);
464 l2tp_recv_dequeue_skb(session, skb);
465 goto start;
466 }
467
468out:
469 spin_unlock_bh(&session->reorder_q.lock);
470}
471
472static inline int l2tp_verify_udp_checksum(struct sock *sk,
473 struct sk_buff *skb)
474{
475 struct udphdr *uh = udp_hdr(skb);
476 u16 ulen = ntohs(uh->len);
477 __wsum psum;
478
479 if (sk->sk_no_check || skb_csum_unnecessary(skb))
480 return 0;
481
482#if IS_ENABLED(CONFIG_IPV6)
483 if (sk->sk_family == PF_INET6) {
484 if (!uh->check) {
485 LIMIT_NETDEBUG(KERN_INFO "L2TP: IPv6: checksum is 0\n");
486 return 1;
487 }
488 if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
489 !csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
490 &ipv6_hdr(skb)->daddr, ulen,
491 IPPROTO_UDP, skb->csum)) {
492 skb->ip_summed = CHECKSUM_UNNECESSARY;
493 return 0;
494 }
495 skb->csum = ~csum_unfold(csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
496 &ipv6_hdr(skb)->daddr,
497 skb->len, IPPROTO_UDP,
498 0));
499 } else
500#endif
501 {
502 struct inet_sock *inet;
503 if (!uh->check)
504 return 0;
505 inet = inet_sk(sk);
506 psum = csum_tcpudp_nofold(inet->inet_saddr, inet->inet_daddr,
507 ulen, IPPROTO_UDP, 0);
508
509 if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
510 !csum_fold(csum_add(psum, skb->csum)))
511 return 0;
512 skb->csum = psum;
513 }
514
515 return __skb_checksum_complete(skb);
516}
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
579 unsigned char *ptr, unsigned char *optr, u16 hdrflags,
580 int length, int (*payload_hook)(struct sk_buff *skb))
581{
582 struct l2tp_tunnel *tunnel = session->tunnel;
583 int offset;
584 u32 ns, nr;
585 struct l2tp_stats *sstats = &session->stats;
586
587
588
589
590
591 l2tp_session_inc_refcount(session);
592 if (session->ref)
593 (*session->ref)(session);
594
595
596 if (session->peer_cookie_len > 0) {
597 if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
598 l2tp_info(tunnel, L2TP_MSG_DATA,
599 "%s: cookie mismatch (%u/%u). Discarding.\n",
600 tunnel->name, tunnel->tunnel_id,
601 session->session_id);
602 u64_stats_update_begin(&sstats->syncp);
603 sstats->rx_cookie_discards++;
604 u64_stats_update_end(&sstats->syncp);
605 goto discard;
606 }
607 ptr += session->peer_cookie_len;
608 }
609
610
611
612
613
614
615
616
617 ns = nr = 0;
618 L2TP_SKB_CB(skb)->has_seq = 0;
619 if (tunnel->version == L2TP_HDR_VER_2) {
620 if (hdrflags & L2TP_HDRFLAG_S) {
621 ns = ntohs(*(__be16 *) ptr);
622 ptr += 2;
623 nr = ntohs(*(__be16 *) ptr);
624 ptr += 2;
625
626
627 L2TP_SKB_CB(skb)->ns = ns;
628 L2TP_SKB_CB(skb)->has_seq = 1;
629
630 l2tp_dbg(session, L2TP_MSG_SEQ,
631 "%s: recv data ns=%u, nr=%u, session nr=%u\n",
632 session->name, ns, nr, session->nr);
633 }
634 } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
635 u32 l2h = ntohl(*(__be32 *) ptr);
636
637 if (l2h & 0x40000000) {
638 ns = l2h & 0x00ffffff;
639
640
641 L2TP_SKB_CB(skb)->ns = ns;
642 L2TP_SKB_CB(skb)->has_seq = 1;
643
644 l2tp_dbg(session, L2TP_MSG_SEQ,
645 "%s: recv data ns=%u, session nr=%u\n",
646 session->name, ns, session->nr);
647 }
648 }
649
650
651 ptr += session->l2specific_len;
652
653 if (L2TP_SKB_CB(skb)->has_seq) {
654
655
656
657
658 if ((!session->lns_mode) && (!session->send_seq)) {
659 l2tp_info(session, L2TP_MSG_SEQ,
660 "%s: requested to enable seq numbers by LNS\n",
661 session->name);
662 session->send_seq = -1;
663 l2tp_session_set_header_len(session, tunnel->version);
664 }
665 } else {
666
667
668
669 if (session->recv_seq) {
670 l2tp_warn(session, L2TP_MSG_SEQ,
671 "%s: recv data has no seq numbers when required. Discarding.\n",
672 session->name);
673 u64_stats_update_begin(&sstats->syncp);
674 sstats->rx_seq_discards++;
675 u64_stats_update_end(&sstats->syncp);
676 goto discard;
677 }
678
679
680
681
682
683
684 if ((!session->lns_mode) && (session->send_seq)) {
685 l2tp_info(session, L2TP_MSG_SEQ,
686 "%s: requested to disable seq numbers by LNS\n",
687 session->name);
688 session->send_seq = 0;
689 l2tp_session_set_header_len(session, tunnel->version);
690 } else if (session->send_seq) {
691 l2tp_warn(session, L2TP_MSG_SEQ,
692 "%s: recv data has no seq numbers when required. Discarding.\n",
693 session->name);
694 u64_stats_update_begin(&sstats->syncp);
695 sstats->rx_seq_discards++;
696 u64_stats_update_end(&sstats->syncp);
697 goto discard;
698 }
699 }
700
701
702
703
704
705
706 if (tunnel->version == L2TP_HDR_VER_2) {
707
708 if (hdrflags & L2TP_HDRFLAG_O) {
709 offset = ntohs(*(__be16 *)ptr);
710 ptr += 2 + offset;
711 }
712 } else
713 ptr += session->offset;
714
715 offset = ptr - optr;
716 if (!pskb_may_pull(skb, offset))
717 goto discard;
718
719 __skb_pull(skb, offset);
720
721
722
723
724 if (payload_hook)
725 if ((*payload_hook)(skb))
726 goto discard;
727
728
729
730
731
732 L2TP_SKB_CB(skb)->length = length;
733 L2TP_SKB_CB(skb)->expires = jiffies +
734 (session->reorder_timeout ? session->reorder_timeout : HZ);
735
736
737
738
739 if (L2TP_SKB_CB(skb)->has_seq) {
740 if (session->reorder_timeout != 0) {
741
742
743
744 l2tp_recv_queue_skb(session, skb);
745 } else {
746
747
748
749 if (L2TP_SKB_CB(skb)->ns != session->nr) {
750 u64_stats_update_begin(&sstats->syncp);
751 sstats->rx_seq_discards++;
752 u64_stats_update_end(&sstats->syncp);
753 l2tp_dbg(session, L2TP_MSG_SEQ,
754 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n",
755 session->name, L2TP_SKB_CB(skb)->ns,
756 L2TP_SKB_CB(skb)->length, session->nr,
757 skb_queue_len(&session->reorder_q));
758 goto discard;
759 }
760 skb_queue_tail(&session->reorder_q, skb);
761 }
762 } else {
763
764
765
766
767 skb_queue_tail(&session->reorder_q, skb);
768 }
769
770
771 l2tp_recv_dequeue(session);
772
773 l2tp_session_dec_refcount(session);
774
775 return;
776
777discard:
778 u64_stats_update_begin(&sstats->syncp);
779 sstats->rx_errors++;
780 u64_stats_update_end(&sstats->syncp);
781 kfree_skb(skb);
782
783 if (session->deref)
784 (*session->deref)(session);
785
786 l2tp_session_dec_refcount(session);
787}
788EXPORT_SYMBOL(l2tp_recv_common);
789
790
791
792
793
794
795
796static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
797 int (*payload_hook)(struct sk_buff *skb))
798{
799 struct l2tp_session *session = NULL;
800 unsigned char *ptr, *optr;
801 u16 hdrflags;
802 u32 tunnel_id, session_id;
803 u16 version;
804 int length;
805 struct l2tp_stats *tstats;
806
807 if (tunnel->sock && l2tp_verify_udp_checksum(tunnel->sock, skb))
808 goto discard_bad_csum;
809
810
811 __skb_pull(skb, sizeof(struct udphdr));
812
813
814 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) {
815 l2tp_info(tunnel, L2TP_MSG_DATA,
816 "%s: recv short packet (len=%d)\n",
817 tunnel->name, skb->len);
818 goto error;
819 }
820
821
822 if (tunnel->debug & L2TP_MSG_DATA) {
823 length = min(32u, skb->len);
824 if (!pskb_may_pull(skb, length))
825 goto error;
826
827 pr_debug("%s: recv\n", tunnel->name);
828 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length);
829 }
830
831
832 optr = ptr = skb->data;
833
834
835 hdrflags = ntohs(*(__be16 *) ptr);
836
837
838 version = hdrflags & L2TP_HDR_VER_MASK;
839 if (version != tunnel->version) {
840 l2tp_info(tunnel, L2TP_MSG_DATA,
841 "%s: recv protocol version mismatch: got %d expected %d\n",
842 tunnel->name, version, tunnel->version);
843 goto error;
844 }
845
846
847 length = skb->len;
848
849
850 if (hdrflags & L2TP_HDRFLAG_T) {
851 l2tp_dbg(tunnel, L2TP_MSG_DATA,
852 "%s: recv control packet, len=%d\n",
853 tunnel->name, length);
854 goto error;
855 }
856
857
858 ptr += 2;
859
860 if (tunnel->version == L2TP_HDR_VER_2) {
861
862 if (hdrflags & L2TP_HDRFLAG_L)
863 ptr += 2;
864
865
866 tunnel_id = ntohs(*(__be16 *) ptr);
867 ptr += 2;
868 session_id = ntohs(*(__be16 *) ptr);
869 ptr += 2;
870 } else {
871 ptr += 2;
872 tunnel_id = tunnel->tunnel_id;
873 session_id = ntohl(*(__be32 *) ptr);
874 ptr += 4;
875 }
876
877
878 session = l2tp_session_find(tunnel->l2tp_net, tunnel, session_id);
879 if (!session || !session->recv_skb) {
880
881 l2tp_info(tunnel, L2TP_MSG_DATA,
882 "%s: no session found (%u/%u). Passing up.\n",
883 tunnel->name, tunnel_id, session_id);
884 goto error;
885 }
886
887 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook);
888
889 return 0;
890
891discard_bad_csum:
892 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
893 UDP_INC_STATS_USER(tunnel->l2tp_net, UDP_MIB_INERRORS, 0);
894 tstats = &tunnel->stats;
895 u64_stats_update_begin(&tstats->syncp);
896 tstats->rx_errors++;
897 u64_stats_update_end(&tstats->syncp);
898 kfree_skb(skb);
899
900 return 0;
901
902error:
903
904 __skb_push(skb, sizeof(struct udphdr));
905
906 return 1;
907}
908
909
910
911
912
913
914
915int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
916{
917 struct l2tp_tunnel *tunnel;
918
919 tunnel = l2tp_sock_to_tunnel(sk);
920 if (tunnel == NULL)
921 goto pass_up;
922
923 l2tp_dbg(tunnel, L2TP_MSG_DATA, "%s: received %d bytes\n",
924 tunnel->name, skb->len);
925
926 if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook))
927 goto pass_up_put;
928
929 sock_put(sk);
930 return 0;
931
932pass_up_put:
933 sock_put(sk);
934pass_up:
935 return 1;
936}
937EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
938
939
940
941
942
943
944
945static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf)
946{
947 struct l2tp_tunnel *tunnel = session->tunnel;
948 __be16 *bufp = buf;
949 __be16 *optr = buf;
950 u16 flags = L2TP_HDR_VER_2;
951 u32 tunnel_id = tunnel->peer_tunnel_id;
952 u32 session_id = session->peer_session_id;
953
954 if (session->send_seq)
955 flags |= L2TP_HDRFLAG_S;
956
957
958 *bufp++ = htons(flags);
959 *bufp++ = htons(tunnel_id);
960 *bufp++ = htons(session_id);
961 if (session->send_seq) {
962 *bufp++ = htons(session->ns);
963 *bufp++ = 0;
964 session->ns++;
965 session->ns &= 0xffff;
966 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated ns to %u\n",
967 session->name, session->ns);
968 }
969
970 return bufp - optr;
971}
972
973static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf)
974{
975 struct l2tp_tunnel *tunnel = session->tunnel;
976 char *bufp = buf;
977 char *optr = bufp;
978
979
980
981
982 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
983 u16 flags = L2TP_HDR_VER_3;
984 *((__be16 *) bufp) = htons(flags);
985 bufp += 2;
986 *((__be16 *) bufp) = 0;
987 bufp += 2;
988 }
989
990 *((__be32 *) bufp) = htonl(session->peer_session_id);
991 bufp += 4;
992 if (session->cookie_len) {
993 memcpy(bufp, &session->cookie[0], session->cookie_len);
994 bufp += session->cookie_len;
995 }
996 if (session->l2specific_len) {
997 if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
998 u32 l2h = 0;
999 if (session->send_seq) {
1000 l2h = 0x40000000 | session->ns;
1001 session->ns++;
1002 session->ns &= 0xffffff;
1003 l2tp_dbg(session, L2TP_MSG_SEQ,
1004 "%s: updated ns to %u\n",
1005 session->name, session->ns);
1006 }
1007
1008 *((__be32 *) bufp) = htonl(l2h);
1009 }
1010 bufp += session->l2specific_len;
1011 }
1012 if (session->offset)
1013 bufp += session->offset;
1014
1015 return bufp - optr;
1016}
1017
1018static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1019 struct flowi *fl, size_t data_len)
1020{
1021 struct l2tp_tunnel *tunnel = session->tunnel;
1022 unsigned int len = skb->len;
1023 int error;
1024 struct l2tp_stats *tstats, *sstats;
1025
1026
1027 if (session->send_seq)
1028 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes, ns=%u\n",
1029 session->name, data_len, session->ns - 1);
1030 else
1031 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes\n",
1032 session->name, data_len);
1033
1034 if (session->debug & L2TP_MSG_DATA) {
1035 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1036 unsigned char *datap = skb->data + uhlen;
1037
1038 pr_debug("%s: xmit\n", session->name);
1039 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET,
1040 datap, min_t(size_t, 32, len - uhlen));
1041 }
1042
1043
1044 skb->local_df = 1;
1045#if IS_ENABLED(CONFIG_IPV6)
1046 if (skb->sk->sk_family == PF_INET6)
1047 error = inet6_csk_xmit(skb, NULL);
1048 else
1049#endif
1050 error = ip_queue_xmit(skb, fl);
1051
1052
1053 tstats = &tunnel->stats;
1054 u64_stats_update_begin(&tstats->syncp);
1055 sstats = &session->stats;
1056 u64_stats_update_begin(&sstats->syncp);
1057 if (error >= 0) {
1058 tstats->tx_packets++;
1059 tstats->tx_bytes += len;
1060 sstats->tx_packets++;
1061 sstats->tx_bytes += len;
1062 } else {
1063 tstats->tx_errors++;
1064 sstats->tx_errors++;
1065 }
1066 u64_stats_update_end(&tstats->syncp);
1067 u64_stats_update_end(&sstats->syncp);
1068
1069 return 0;
1070}
1071
1072
1073
1074static void l2tp_sock_wfree(struct sk_buff *skb)
1075{
1076 sock_put(skb->sk);
1077}
1078
1079
1080
1081
1082static inline void l2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
1083{
1084 sock_hold(sk);
1085 skb->sk = sk;
1086 skb->destructor = l2tp_sock_wfree;
1087}
1088
1089#if IS_ENABLED(CONFIG_IPV6)
1090static void l2tp_xmit_ipv6_csum(struct sock *sk, struct sk_buff *skb,
1091 int udp_len)
1092{
1093 struct ipv6_pinfo *np = inet6_sk(sk);
1094 struct udphdr *uh = udp_hdr(skb);
1095
1096 if (!skb_dst(skb) || !skb_dst(skb)->dev ||
1097 !(skb_dst(skb)->dev->features & NETIF_F_IPV6_CSUM)) {
1098 __wsum csum = skb_checksum(skb, 0, udp_len, 0);
1099 skb->ip_summed = CHECKSUM_UNNECESSARY;
1100 uh->check = csum_ipv6_magic(&np->saddr, &np->daddr, udp_len,
1101 IPPROTO_UDP, csum);
1102 if (uh->check == 0)
1103 uh->check = CSUM_MANGLED_0;
1104 } else {
1105 skb->ip_summed = CHECKSUM_PARTIAL;
1106 skb->csum_start = skb_transport_header(skb) - skb->head;
1107 skb->csum_offset = offsetof(struct udphdr, check);
1108 uh->check = ~csum_ipv6_magic(&np->saddr, &np->daddr,
1109 udp_len, IPPROTO_UDP, 0);
1110 }
1111}
1112#endif
1113
1114
1115
1116
1117int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
1118{
1119 int data_len = skb->len;
1120 struct l2tp_tunnel *tunnel = session->tunnel;
1121 struct sock *sk = tunnel->sock;
1122 struct flowi *fl;
1123 struct udphdr *uh;
1124 struct inet_sock *inet;
1125 __wsum csum;
1126 int old_headroom;
1127 int new_headroom;
1128 int headroom;
1129 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1130 int udp_len;
1131 int ret = NET_XMIT_SUCCESS;
1132
1133
1134
1135
1136
1137 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1138 uhlen + hdr_len;
1139 old_headroom = skb_headroom(skb);
1140 if (skb_cow_head(skb, headroom)) {
1141 kfree_skb(skb);
1142 return NET_XMIT_DROP;
1143 }
1144
1145 new_headroom = skb_headroom(skb);
1146 skb_orphan(skb);
1147 skb->truesize += new_headroom - old_headroom;
1148
1149
1150 session->build_header(session, __skb_push(skb, hdr_len));
1151
1152
1153 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1154 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1155 IPSKB_REROUTED);
1156 nf_reset(skb);
1157
1158 bh_lock_sock(sk);
1159 if (sock_owned_by_user(sk)) {
1160 kfree_skb(skb);
1161 ret = NET_XMIT_DROP;
1162 goto out_unlock;
1163 }
1164
1165
1166 skb_dst_drop(skb);
1167 skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
1168
1169 inet = inet_sk(sk);
1170 fl = &inet->cork.fl;
1171 switch (tunnel->encap) {
1172 case L2TP_ENCAPTYPE_UDP:
1173
1174 __skb_push(skb, sizeof(*uh));
1175 skb_reset_transport_header(skb);
1176 uh = udp_hdr(skb);
1177 uh->source = inet->inet_sport;
1178 uh->dest = inet->inet_dport;
1179 udp_len = uhlen + hdr_len + data_len;
1180 uh->len = htons(udp_len);
1181 uh->check = 0;
1182
1183
1184#if IS_ENABLED(CONFIG_IPV6)
1185 if (sk->sk_family == PF_INET6)
1186 l2tp_xmit_ipv6_csum(sk, skb, udp_len);
1187 else
1188#endif
1189 if (sk->sk_no_check == UDP_CSUM_NOXMIT)
1190 skb->ip_summed = CHECKSUM_NONE;
1191 else if ((skb_dst(skb) && skb_dst(skb)->dev) &&
1192 (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM))) {
1193 skb->ip_summed = CHECKSUM_COMPLETE;
1194 csum = skb_checksum(skb, 0, udp_len, 0);
1195 uh->check = csum_tcpudp_magic(inet->inet_saddr,
1196 inet->inet_daddr,
1197 udp_len, IPPROTO_UDP, csum);
1198 if (uh->check == 0)
1199 uh->check = CSUM_MANGLED_0;
1200 } else {
1201 skb->ip_summed = CHECKSUM_PARTIAL;
1202 skb->csum_start = skb_transport_header(skb) - skb->head;
1203 skb->csum_offset = offsetof(struct udphdr, check);
1204 uh->check = ~csum_tcpudp_magic(inet->inet_saddr,
1205 inet->inet_daddr,
1206 udp_len, IPPROTO_UDP, 0);
1207 }
1208 break;
1209
1210 case L2TP_ENCAPTYPE_IP:
1211 break;
1212 }
1213
1214 l2tp_skb_set_owner_w(skb, sk);
1215
1216 l2tp_xmit_core(session, skb, fl, data_len);
1217out_unlock:
1218 bh_unlock_sock(sk);
1219
1220 return ret;
1221}
1222EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232static void l2tp_tunnel_destruct(struct sock *sk)
1233{
1234 struct l2tp_tunnel *tunnel;
1235
1236 tunnel = sk->sk_user_data;
1237 if (tunnel == NULL)
1238 goto end;
1239
1240 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name);
1241
1242
1243 l2tp_tunnel_closeall(tunnel);
1244
1245 switch (tunnel->encap) {
1246 case L2TP_ENCAPTYPE_UDP:
1247
1248 (udp_sk(sk))->encap_type = 0;
1249 (udp_sk(sk))->encap_rcv = NULL;
1250 break;
1251 case L2TP_ENCAPTYPE_IP:
1252 break;
1253 }
1254
1255
1256 tunnel->sock = NULL;
1257 sk->sk_destruct = tunnel->old_sk_destruct;
1258 sk->sk_user_data = NULL;
1259
1260
1261 if (sk->sk_destruct)
1262 (*sk->sk_destruct)(sk);
1263
1264
1265 l2tp_tunnel_dec_refcount(tunnel);
1266
1267end:
1268 return;
1269}
1270
1271
1272
1273static void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1274{
1275 int hash;
1276 struct hlist_node *walk;
1277 struct hlist_node *tmp;
1278 struct l2tp_session *session;
1279
1280 BUG_ON(tunnel == NULL);
1281
1282 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing all sessions...\n",
1283 tunnel->name);
1284
1285 write_lock_bh(&tunnel->hlist_lock);
1286 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1287again:
1288 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1289 session = hlist_entry(walk, struct l2tp_session, hlist);
1290
1291 l2tp_info(session, L2TP_MSG_CONTROL,
1292 "%s: closing session\n", session->name);
1293
1294 hlist_del_init(&session->hlist);
1295
1296
1297
1298
1299
1300
1301
1302 if (session->ref != NULL)
1303 (*session->ref)(session);
1304
1305 write_unlock_bh(&tunnel->hlist_lock);
1306
1307 if (tunnel->version != L2TP_HDR_VER_2) {
1308 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1309
1310 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1311 hlist_del_init_rcu(&session->global_hlist);
1312 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1313 synchronize_rcu();
1314 }
1315
1316 if (session->session_close != NULL)
1317 (*session->session_close)(session);
1318
1319 if (session->deref != NULL)
1320 (*session->deref)(session);
1321
1322 write_lock_bh(&tunnel->hlist_lock);
1323
1324
1325
1326
1327
1328
1329 goto again;
1330 }
1331 }
1332 write_unlock_bh(&tunnel->hlist_lock);
1333}
1334
1335
1336
1337
1338static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
1339{
1340 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1341
1342 BUG_ON(atomic_read(&tunnel->ref_count) != 0);
1343 BUG_ON(tunnel->sock != NULL);
1344
1345 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name);
1346
1347
1348 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1349 list_del_rcu(&tunnel->list);
1350 kfree_rcu(tunnel, rcu);
1351 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1352
1353 atomic_dec(&l2tp_tunnel_count);
1354}
1355
1356
1357
1358
1359
1360static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct socket **sockp)
1361{
1362 int err = -EINVAL;
1363 struct sockaddr_in udp_addr;
1364#if IS_ENABLED(CONFIG_IPV6)
1365 struct sockaddr_in6 udp6_addr;
1366 struct sockaddr_l2tpip6 ip6_addr;
1367#endif
1368 struct sockaddr_l2tpip ip_addr;
1369 struct socket *sock = NULL;
1370
1371 switch (cfg->encap) {
1372 case L2TP_ENCAPTYPE_UDP:
1373#if IS_ENABLED(CONFIG_IPV6)
1374 if (cfg->local_ip6 && cfg->peer_ip6) {
1375 err = sock_create(AF_INET6, SOCK_DGRAM, 0, sockp);
1376 if (err < 0)
1377 goto out;
1378
1379 sock = *sockp;
1380
1381 memset(&udp6_addr, 0, sizeof(udp6_addr));
1382 udp6_addr.sin6_family = AF_INET6;
1383 memcpy(&udp6_addr.sin6_addr, cfg->local_ip6,
1384 sizeof(udp6_addr.sin6_addr));
1385 udp6_addr.sin6_port = htons(cfg->local_udp_port);
1386 err = kernel_bind(sock, (struct sockaddr *) &udp6_addr,
1387 sizeof(udp6_addr));
1388 if (err < 0)
1389 goto out;
1390
1391 udp6_addr.sin6_family = AF_INET6;
1392 memcpy(&udp6_addr.sin6_addr, cfg->peer_ip6,
1393 sizeof(udp6_addr.sin6_addr));
1394 udp6_addr.sin6_port = htons(cfg->peer_udp_port);
1395 err = kernel_connect(sock,
1396 (struct sockaddr *) &udp6_addr,
1397 sizeof(udp6_addr), 0);
1398 if (err < 0)
1399 goto out;
1400 } else
1401#endif
1402 {
1403 err = sock_create(AF_INET, SOCK_DGRAM, 0, sockp);
1404 if (err < 0)
1405 goto out;
1406
1407 sock = *sockp;
1408
1409 memset(&udp_addr, 0, sizeof(udp_addr));
1410 udp_addr.sin_family = AF_INET;
1411 udp_addr.sin_addr = cfg->local_ip;
1412 udp_addr.sin_port = htons(cfg->local_udp_port);
1413 err = kernel_bind(sock, (struct sockaddr *) &udp_addr,
1414 sizeof(udp_addr));
1415 if (err < 0)
1416 goto out;
1417
1418 udp_addr.sin_family = AF_INET;
1419 udp_addr.sin_addr = cfg->peer_ip;
1420 udp_addr.sin_port = htons(cfg->peer_udp_port);
1421 err = kernel_connect(sock,
1422 (struct sockaddr *) &udp_addr,
1423 sizeof(udp_addr), 0);
1424 if (err < 0)
1425 goto out;
1426 }
1427
1428 if (!cfg->use_udp_checksums)
1429 sock->sk->sk_no_check = UDP_CSUM_NOXMIT;
1430
1431 break;
1432
1433 case L2TP_ENCAPTYPE_IP:
1434#if IS_ENABLED(CONFIG_IPV6)
1435 if (cfg->local_ip6 && cfg->peer_ip6) {
1436 err = sock_create(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP,
1437 sockp);
1438 if (err < 0)
1439 goto out;
1440
1441 sock = *sockp;
1442
1443 memset(&ip6_addr, 0, sizeof(ip6_addr));
1444 ip6_addr.l2tp_family = AF_INET6;
1445 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1446 sizeof(ip6_addr.l2tp_addr));
1447 ip6_addr.l2tp_conn_id = tunnel_id;
1448 err = kernel_bind(sock, (struct sockaddr *) &ip6_addr,
1449 sizeof(ip6_addr));
1450 if (err < 0)
1451 goto out;
1452
1453 ip6_addr.l2tp_family = AF_INET6;
1454 memcpy(&ip6_addr.l2tp_addr, cfg->peer_ip6,
1455 sizeof(ip6_addr.l2tp_addr));
1456 ip6_addr.l2tp_conn_id = peer_tunnel_id;
1457 err = kernel_connect(sock,
1458 (struct sockaddr *) &ip6_addr,
1459 sizeof(ip6_addr), 0);
1460 if (err < 0)
1461 goto out;
1462 } else
1463#endif
1464 {
1465 err = sock_create(AF_INET, SOCK_DGRAM, IPPROTO_L2TP,
1466 sockp);
1467 if (err < 0)
1468 goto out;
1469
1470 sock = *sockp;
1471
1472 memset(&ip_addr, 0, sizeof(ip_addr));
1473 ip_addr.l2tp_family = AF_INET;
1474 ip_addr.l2tp_addr = cfg->local_ip;
1475 ip_addr.l2tp_conn_id = tunnel_id;
1476 err = kernel_bind(sock, (struct sockaddr *) &ip_addr,
1477 sizeof(ip_addr));
1478 if (err < 0)
1479 goto out;
1480
1481 ip_addr.l2tp_family = AF_INET;
1482 ip_addr.l2tp_addr = cfg->peer_ip;
1483 ip_addr.l2tp_conn_id = peer_tunnel_id;
1484 err = kernel_connect(sock, (struct sockaddr *) &ip_addr,
1485 sizeof(ip_addr), 0);
1486 if (err < 0)
1487 goto out;
1488 }
1489 break;
1490
1491 default:
1492 goto out;
1493 }
1494
1495out:
1496 if ((err < 0) && sock) {
1497 sock_release(sock);
1498 *sockp = NULL;
1499 }
1500
1501 return err;
1502}
1503
1504static struct lock_class_key l2tp_socket_class;
1505
1506int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1507{
1508 struct l2tp_tunnel *tunnel = NULL;
1509 int err;
1510 struct socket *sock = NULL;
1511 struct sock *sk = NULL;
1512 struct l2tp_net *pn;
1513 enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1514
1515
1516
1517
1518
1519 if (fd < 0) {
1520 err = l2tp_tunnel_sock_create(tunnel_id, peer_tunnel_id, cfg, &sock);
1521 if (err < 0)
1522 goto err;
1523 } else {
1524 err = -EBADF;
1525 sock = sockfd_lookup(fd, &err);
1526 if (!sock) {
1527 pr_err("tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1528 tunnel_id, fd, err);
1529 goto err;
1530 }
1531 }
1532
1533 sk = sock->sk;
1534
1535 if (cfg != NULL)
1536 encap = cfg->encap;
1537
1538
1539 switch (encap) {
1540 case L2TP_ENCAPTYPE_UDP:
1541 err = -EPROTONOSUPPORT;
1542 if (sk->sk_protocol != IPPROTO_UDP) {
1543 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1544 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1545 goto err;
1546 }
1547 break;
1548 case L2TP_ENCAPTYPE_IP:
1549 err = -EPROTONOSUPPORT;
1550 if (sk->sk_protocol != IPPROTO_L2TP) {
1551 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1552 tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP);
1553 goto err;
1554 }
1555 break;
1556 }
1557
1558
1559 tunnel = (struct l2tp_tunnel *)sk->sk_user_data;
1560 if (tunnel != NULL) {
1561
1562 err = -EBUSY;
1563 goto err;
1564 }
1565
1566 tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1567 if (tunnel == NULL) {
1568 err = -ENOMEM;
1569 goto err;
1570 }
1571
1572 tunnel->version = version;
1573 tunnel->tunnel_id = tunnel_id;
1574 tunnel->peer_tunnel_id = peer_tunnel_id;
1575 tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1576
1577 tunnel->magic = L2TP_TUNNEL_MAGIC;
1578 sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1579 rwlock_init(&tunnel->hlist_lock);
1580
1581
1582 tunnel->l2tp_net = net;
1583 pn = l2tp_pernet(net);
1584
1585 if (cfg != NULL)
1586 tunnel->debug = cfg->debug;
1587
1588
1589 tunnel->encap = encap;
1590 if (encap == L2TP_ENCAPTYPE_UDP) {
1591
1592 udp_sk(sk)->encap_type = UDP_ENCAP_L2TPINUDP;
1593 udp_sk(sk)->encap_rcv = l2tp_udp_encap_recv;
1594#if IS_ENABLED(CONFIG_IPV6)
1595 if (sk->sk_family == PF_INET6)
1596 udpv6_encap_enable();
1597 else
1598#endif
1599 udp_encap_enable();
1600 }
1601
1602 sk->sk_user_data = tunnel;
1603
1604
1605
1606
1607 tunnel->old_sk_destruct = sk->sk_destruct;
1608 sk->sk_destruct = &l2tp_tunnel_destruct;
1609 tunnel->sock = sk;
1610 lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock");
1611
1612 sk->sk_allocation = GFP_ATOMIC;
1613
1614
1615 INIT_LIST_HEAD(&tunnel->list);
1616 atomic_inc(&l2tp_tunnel_count);
1617
1618
1619
1620
1621 l2tp_tunnel_inc_refcount(tunnel);
1622 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1623 list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list);
1624 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1625
1626 err = 0;
1627err:
1628 if (tunnelp)
1629 *tunnelp = tunnel;
1630
1631
1632
1633
1634 if (sock && sock->file)
1635 sockfd_put(sock);
1636
1637 return err;
1638}
1639EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1640
1641
1642
1643int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1644{
1645 int err = 0;
1646 struct socket *sock = tunnel->sock ? tunnel->sock->sk_socket : NULL;
1647
1648
1649
1650
1651
1652 if (sock != NULL) {
1653 err = inet_shutdown(sock, 2);
1654
1655
1656
1657
1658
1659 if (sock->file == NULL)
1660 err = inet_release(sock);
1661 }
1662
1663 return err;
1664}
1665EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1666
1667
1668
1669void l2tp_session_free(struct l2tp_session *session)
1670{
1671 struct l2tp_tunnel *tunnel;
1672
1673 BUG_ON(atomic_read(&session->ref_count) != 0);
1674
1675 tunnel = session->tunnel;
1676 if (tunnel != NULL) {
1677 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1678
1679
1680 write_lock_bh(&tunnel->hlist_lock);
1681 hlist_del_init(&session->hlist);
1682 write_unlock_bh(&tunnel->hlist_lock);
1683
1684
1685 if (tunnel->version != L2TP_HDR_VER_2) {
1686 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1687
1688 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1689 hlist_del_init_rcu(&session->global_hlist);
1690 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1691 synchronize_rcu();
1692 }
1693
1694 if (session->session_id != 0)
1695 atomic_dec(&l2tp_session_count);
1696
1697 sock_put(tunnel->sock);
1698
1699
1700
1701
1702 session->tunnel = NULL;
1703 l2tp_tunnel_dec_refcount(tunnel);
1704 }
1705
1706 kfree(session);
1707
1708 return;
1709}
1710EXPORT_SYMBOL_GPL(l2tp_session_free);
1711
1712
1713
1714
1715int l2tp_session_delete(struct l2tp_session *session)
1716{
1717 if (session->session_close != NULL)
1718 (*session->session_close)(session);
1719
1720 l2tp_session_dec_refcount(session);
1721
1722 return 0;
1723}
1724EXPORT_SYMBOL_GPL(l2tp_session_delete);
1725
1726
1727
1728
1729
1730static void l2tp_session_set_header_len(struct l2tp_session *session, int version)
1731{
1732 if (version == L2TP_HDR_VER_2) {
1733 session->hdr_len = 6;
1734 if (session->send_seq)
1735 session->hdr_len += 4;
1736 } else {
1737 session->hdr_len = 4 + session->cookie_len + session->l2specific_len + session->offset;
1738 if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1739 session->hdr_len += 4;
1740 }
1741
1742}
1743
1744struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1745{
1746 struct l2tp_session *session;
1747
1748 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1749 if (session != NULL) {
1750 session->magic = L2TP_SESSION_MAGIC;
1751 session->tunnel = tunnel;
1752
1753 session->session_id = session_id;
1754 session->peer_session_id = peer_session_id;
1755 session->nr = 0;
1756
1757 sprintf(&session->name[0], "sess %u/%u",
1758 tunnel->tunnel_id, session->session_id);
1759
1760 skb_queue_head_init(&session->reorder_q);
1761
1762 INIT_HLIST_NODE(&session->hlist);
1763 INIT_HLIST_NODE(&session->global_hlist);
1764
1765
1766 session->debug = tunnel->debug;
1767
1768 if (cfg) {
1769 session->pwtype = cfg->pw_type;
1770 session->debug = cfg->debug;
1771 session->mtu = cfg->mtu;
1772 session->mru = cfg->mru;
1773 session->send_seq = cfg->send_seq;
1774 session->recv_seq = cfg->recv_seq;
1775 session->lns_mode = cfg->lns_mode;
1776 session->reorder_timeout = cfg->reorder_timeout;
1777 session->offset = cfg->offset;
1778 session->l2specific_type = cfg->l2specific_type;
1779 session->l2specific_len = cfg->l2specific_len;
1780 session->cookie_len = cfg->cookie_len;
1781 memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len);
1782 session->peer_cookie_len = cfg->peer_cookie_len;
1783 memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1784 }
1785
1786 if (tunnel->version == L2TP_HDR_VER_2)
1787 session->build_header = l2tp_build_l2tpv2_header;
1788 else
1789 session->build_header = l2tp_build_l2tpv3_header;
1790
1791 l2tp_session_set_header_len(session, tunnel->version);
1792
1793
1794
1795
1796 l2tp_session_inc_refcount(session);
1797 l2tp_tunnel_inc_refcount(tunnel);
1798
1799
1800 sock_hold(tunnel->sock);
1801
1802
1803 write_lock_bh(&tunnel->hlist_lock);
1804 hlist_add_head(&session->hlist,
1805 l2tp_session_id_hash(tunnel, session_id));
1806 write_unlock_bh(&tunnel->hlist_lock);
1807
1808
1809 if (tunnel->version != L2TP_HDR_VER_2) {
1810 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1811
1812 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1813 hlist_add_head_rcu(&session->global_hlist,
1814 l2tp_session_id_hash_2(pn, session_id));
1815 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1816 }
1817
1818
1819 if (session->session_id != 0)
1820 atomic_inc(&l2tp_session_count);
1821 }
1822
1823 return session;
1824}
1825EXPORT_SYMBOL_GPL(l2tp_session_create);
1826
1827
1828
1829
1830
1831static __net_init int l2tp_init_net(struct net *net)
1832{
1833 struct l2tp_net *pn = net_generic(net, l2tp_net_id);
1834 int hash;
1835
1836 INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1837 spin_lock_init(&pn->l2tp_tunnel_list_lock);
1838
1839 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1840 INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
1841
1842 spin_lock_init(&pn->l2tp_session_hlist_lock);
1843
1844 return 0;
1845}
1846
1847static struct pernet_operations l2tp_net_ops = {
1848 .init = l2tp_init_net,
1849 .id = &l2tp_net_id,
1850 .size = sizeof(struct l2tp_net),
1851};
1852
1853static int __init l2tp_init(void)
1854{
1855 int rc = 0;
1856
1857 rc = register_pernet_device(&l2tp_net_ops);
1858 if (rc)
1859 goto out;
1860
1861 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION);
1862
1863out:
1864 return rc;
1865}
1866
1867static void __exit l2tp_exit(void)
1868{
1869 unregister_pernet_device(&l2tp_net_ops);
1870}
1871
1872module_init(l2tp_init);
1873module_exit(l2tp_exit);
1874
1875MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1876MODULE_DESCRIPTION("L2TP core");
1877MODULE_LICENSE("GPL");
1878MODULE_VERSION(L2TP_DRV_VERSION);
1879
1880
