linux/net/l2tp/l2tp_ppp.c
<<
>>
Prefs
   1/*****************************************************************************
   2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
   3 *
   4 * PPPoX    --- Generic PPP encapsulation socket family
   5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
   6 *
   7 * Version:     2.0.0
   8 *
   9 * Authors:     James Chapman (jchapman@katalix.com)
  10 *
  11 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
  12 *
  13 * License:
  14 *              This program is free software; you can redistribute it and/or
  15 *              modify it under the terms of the GNU General Public License
  16 *              as published by the Free Software Foundation; either version
  17 *              2 of the License, or (at your option) any later version.
  18 *
  19 */
  20
  21/* This driver handles only L2TP data frames; control frames are handled by a
  22 * userspace application.
  23 *
  24 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
  25 * attaches it to a bound UDP socket with local tunnel_id / session_id and
  26 * peer tunnel_id / session_id set. Data can then be sent or received using
  27 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
  28 * can be read or modified using ioctl() or [gs]etsockopt() calls.
  29 *
  30 * When a PPPoL2TP socket is connected with local and peer session_id values
  31 * zero, the socket is treated as a special tunnel management socket.
  32 *
  33 * Here's example userspace code to create a socket for sending/receiving data
  34 * over an L2TP session:-
  35 *
  36 *      struct sockaddr_pppol2tp sax;
  37 *      int fd;
  38 *      int session_fd;
  39 *
  40 *      fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
  41 *
  42 *      sax.sa_family = AF_PPPOX;
  43 *      sax.sa_protocol = PX_PROTO_OL2TP;
  44 *      sax.pppol2tp.fd = tunnel_fd;    // bound UDP socket
  45 *      sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
  46 *      sax.pppol2tp.addr.sin_port = addr->sin_port;
  47 *      sax.pppol2tp.addr.sin_family = AF_INET;
  48 *      sax.pppol2tp.s_tunnel  = tunnel_id;
  49 *      sax.pppol2tp.s_session = session_id;
  50 *      sax.pppol2tp.d_tunnel  = peer_tunnel_id;
  51 *      sax.pppol2tp.d_session = peer_session_id;
  52 *
  53 *      session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
  54 *
  55 * A pppd plugin that allows PPP traffic to be carried over L2TP using
  56 * this driver is available from the OpenL2TP project at
  57 * http://openl2tp.sourceforge.net.
  58 */
  59
  60#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  61
  62#include <linux/module.h>
  63#include <linux/string.h>
  64#include <linux/list.h>
  65#include <linux/uaccess.h>
  66
  67#include <linux/kernel.h>
  68#include <linux/spinlock.h>
  69#include <linux/kthread.h>
  70#include <linux/sched.h>
  71#include <linux/slab.h>
  72#include <linux/errno.h>
  73#include <linux/jiffies.h>
  74
  75#include <linux/netdevice.h>
  76#include <linux/net.h>
  77#include <linux/inetdevice.h>
  78#include <linux/skbuff.h>
  79#include <linux/init.h>
  80#include <linux/ip.h>
  81#include <linux/udp.h>
  82#include <linux/if_pppox.h>
  83#include <linux/if_pppol2tp.h>
  84#include <net/sock.h>
  85#include <linux/ppp_channel.h>
  86#include <linux/ppp_defs.h>
  87#include <linux/ppp-ioctl.h>
  88#include <linux/file.h>
  89#include <linux/hash.h>
  90#include <linux/sort.h>
  91#include <linux/proc_fs.h>
  92#include <linux/l2tp.h>
  93#include <linux/nsproxy.h>
  94#include <net/net_namespace.h>
  95#include <net/netns/generic.h>
  96#include <net/dst.h>
  97#include <net/ip.h>
  98#include <net/udp.h>
  99#include <net/xfrm.h>
 100
 101#include <asm/byteorder.h>
 102#include <linux/atomic.h>
 103
 104#include "l2tp_core.h"
 105
 106#define PPPOL2TP_DRV_VERSION    "V2.0"
 107
 108/* Space for UDP, L2TP and PPP headers */
 109#define PPPOL2TP_HEADER_OVERHEAD        40
 110
 111/* Number of bytes to build transmit L2TP headers.
 112 * Unfortunately the size is different depending on whether sequence numbers
 113 * are enabled.
 114 */
 115#define PPPOL2TP_L2TP_HDR_SIZE_SEQ              10
 116#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ            6
 117
 118/* Private data of each session. This data lives at the end of struct
 119 * l2tp_session, referenced via session->priv[].
 120 */
 121struct pppol2tp_session {
 122        int                     owner;          /* pid that opened the socket */
 123
 124        struct sock             *sock;          /* Pointer to the session
 125                                                 * PPPoX socket */
 126        struct sock             *tunnel_sock;   /* Pointer to the tunnel UDP
 127                                                 * socket */
 128        int                     flags;          /* accessed by PPPIOCGFLAGS.
 129                                                 * Unused. */
 130};
 131
 132static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
 133
 134static const struct ppp_channel_ops pppol2tp_chan_ops = {
 135        .start_xmit =  pppol2tp_xmit,
 136};
 137
 138static const struct proto_ops pppol2tp_ops;
 139
 140/* Helpers to obtain tunnel/session contexts from sockets.
 141 */
 142static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
 143{
 144        struct l2tp_session *session;
 145
 146        if (sk == NULL)
 147                return NULL;
 148
 149        sock_hold(sk);
 150        session = (struct l2tp_session *)(sk->sk_user_data);
 151        if (session == NULL) {
 152                sock_put(sk);
 153                goto out;
 154        }
 155
 156        BUG_ON(session->magic != L2TP_SESSION_MAGIC);
 157
 158out:
 159        return session;
 160}
 161
 162/*****************************************************************************
 163 * Receive data handling
 164 *****************************************************************************/
 165
 166static int pppol2tp_recv_payload_hook(struct sk_buff *skb)
 167{
 168        /* Skip PPP header, if present.  In testing, Microsoft L2TP clients
 169         * don't send the PPP header (PPP header compression enabled), but
 170         * other clients can include the header. So we cope with both cases
 171         * here. The PPP header is always FF03 when using L2TP.
 172         *
 173         * Note that skb->data[] isn't dereferenced from a u16 ptr here since
 174         * the field may be unaligned.
 175         */
 176        if (!pskb_may_pull(skb, 2))
 177                return 1;
 178
 179        if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
 180                skb_pull(skb, 2);
 181
 182        return 0;
 183}
 184
 185/* Receive message. This is the recvmsg for the PPPoL2TP socket.
 186 */
 187static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
 188                            struct msghdr *msg, size_t len,
 189                            int flags)
 190{
 191        int err;
 192        struct sk_buff *skb;
 193        struct sock *sk = sock->sk;
 194
 195        err = -EIO;
 196        if (sk->sk_state & PPPOX_BOUND)
 197                goto end;
 198
 199        msg->msg_namelen = 0;
 200
 201        err = 0;
 202        skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
 203                                flags & MSG_DONTWAIT, &err);
 204        if (!skb)
 205                goto end;
 206
 207        if (len > skb->len)
 208                len = skb->len;
 209        else if (len < skb->len)
 210                msg->msg_flags |= MSG_TRUNC;
 211
 212        err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
 213        if (likely(err == 0))
 214                err = len;
 215
 216        kfree_skb(skb);
 217end:
 218        return err;
 219}
 220
 221static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
 222{
 223        struct pppol2tp_session *ps = l2tp_session_priv(session);
 224        struct sock *sk = NULL;
 225
 226        /* If the socket is bound, send it in to PPP's input queue. Otherwise
 227         * queue it on the session socket.
 228         */
 229        sk = ps->sock;
 230        if (sk == NULL)
 231                goto no_sock;
 232
 233        if (sk->sk_state & PPPOX_BOUND) {
 234                struct pppox_sock *po;
 235                l2tp_dbg(session, PPPOL2TP_MSG_DATA,
 236                         "%s: recv %d byte data frame, passing to ppp\n",
 237                         session->name, data_len);
 238
 239                /* We need to forget all info related to the L2TP packet
 240                 * gathered in the skb as we are going to reuse the same
 241                 * skb for the inner packet.
 242                 * Namely we need to:
 243                 * - reset xfrm (IPSec) information as it applies to
 244                 *   the outer L2TP packet and not to the inner one
 245                 * - release the dst to force a route lookup on the inner
 246                 *   IP packet since skb->dst currently points to the dst
 247                 *   of the UDP tunnel
 248                 * - reset netfilter information as it doesn't apply
 249                 *   to the inner packet either
 250                 */
 251                secpath_reset(skb);
 252                skb_dst_drop(skb);
 253                nf_reset(skb);
 254
 255                po = pppox_sk(sk);
 256                ppp_input(&po->chan, skb);
 257        } else {
 258                l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: socket not bound\n",
 259                          session->name);
 260
 261                /* Not bound. Nothing we can do, so discard. */
 262                session->stats.rx_errors++;
 263                kfree_skb(skb);
 264        }
 265
 266        return;
 267
 268no_sock:
 269        l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: no socket\n", session->name);
 270        kfree_skb(skb);
 271}
 272
 273static void pppol2tp_session_sock_hold(struct l2tp_session *session)
 274{
 275        struct pppol2tp_session *ps = l2tp_session_priv(session);
 276
 277        if (ps->sock)
 278                sock_hold(ps->sock);
 279}
 280
 281static void pppol2tp_session_sock_put(struct l2tp_session *session)
 282{
 283        struct pppol2tp_session *ps = l2tp_session_priv(session);
 284
 285        if (ps->sock)
 286                sock_put(ps->sock);
 287}
 288
 289/************************************************************************
 290 * Transmit handling
 291 ***********************************************************************/
 292
 293/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket.  We come here
 294 * when a user application does a sendmsg() on the session socket. L2TP and
 295 * PPP headers must be inserted into the user's data.
 296 */
 297static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
 298                            size_t total_len)
 299{
 300        static const unsigned char ppph[2] = { 0xff, 0x03 };
 301        struct sock *sk = sock->sk;
 302        struct sk_buff *skb;
 303        int error;
 304        struct l2tp_session *session;
 305        struct l2tp_tunnel *tunnel;
 306        struct pppol2tp_session *ps;
 307        int uhlen;
 308
 309        error = -ENOTCONN;
 310        if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
 311                goto error;
 312
 313        /* Get session and tunnel contexts */
 314        error = -EBADF;
 315        session = pppol2tp_sock_to_session(sk);
 316        if (session == NULL)
 317                goto error;
 318
 319        ps = l2tp_session_priv(session);
 320        tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
 321        if (tunnel == NULL)
 322                goto error_put_sess;
 323
 324        uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
 325
 326        /* Allocate a socket buffer */
 327        error = -ENOMEM;
 328        skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
 329                           uhlen + session->hdr_len +
 330                           sizeof(ppph) + total_len,
 331                           0, GFP_KERNEL);
 332        if (!skb)
 333                goto error_put_sess_tun;
 334
 335        /* Reserve space for headers. */
 336        skb_reserve(skb, NET_SKB_PAD);
 337        skb_reset_network_header(skb);
 338        skb_reserve(skb, sizeof(struct iphdr));
 339        skb_reset_transport_header(skb);
 340        skb_reserve(skb, uhlen);
 341
 342        /* Add PPP header */
 343        skb->data[0] = ppph[0];
 344        skb->data[1] = ppph[1];
 345        skb_put(skb, 2);
 346
 347        /* Copy user data into skb */
 348        error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
 349        if (error < 0) {
 350                kfree_skb(skb);
 351                goto error_put_sess_tun;
 352        }
 353        skb_put(skb, total_len);
 354
 355        l2tp_xmit_skb(session, skb, session->hdr_len);
 356
 357        sock_put(ps->tunnel_sock);
 358
 359        return error;
 360
 361error_put_sess_tun:
 362        sock_put(ps->tunnel_sock);
 363error_put_sess:
 364        sock_put(sk);
 365error:
 366        return error;
 367}
 368
 369/* Transmit function called by generic PPP driver.  Sends PPP frame
 370 * over PPPoL2TP socket.
 371 *
 372 * This is almost the same as pppol2tp_sendmsg(), but rather than
 373 * being called with a msghdr from userspace, it is called with a skb
 374 * from the kernel.
 375 *
 376 * The supplied skb from ppp doesn't have enough headroom for the
 377 * insertion of L2TP, UDP and IP headers so we need to allocate more
 378 * headroom in the skb. This will create a cloned skb. But we must be
 379 * careful in the error case because the caller will expect to free
 380 * the skb it supplied, not our cloned skb. So we take care to always
 381 * leave the original skb unfreed if we return an error.
 382 */
 383static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
 384{
 385        static const u8 ppph[2] = { 0xff, 0x03 };
 386        struct sock *sk = (struct sock *) chan->private;
 387        struct sock *sk_tun;
 388        struct l2tp_session *session;
 389        struct l2tp_tunnel *tunnel;
 390        struct pppol2tp_session *ps;
 391        int old_headroom;
 392        int new_headroom;
 393        int uhlen, headroom;
 394
 395        if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
 396                goto abort;
 397
 398        /* Get session and tunnel contexts from the socket */
 399        session = pppol2tp_sock_to_session(sk);
 400        if (session == NULL)
 401                goto abort;
 402
 403        ps = l2tp_session_priv(session);
 404        sk_tun = ps->tunnel_sock;
 405        if (sk_tun == NULL)
 406                goto abort_put_sess;
 407        tunnel = l2tp_sock_to_tunnel(sk_tun);
 408        if (tunnel == NULL)
 409                goto abort_put_sess;
 410
 411        old_headroom = skb_headroom(skb);
 412        uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
 413        headroom = NET_SKB_PAD +
 414                   sizeof(struct iphdr) + /* IP header */
 415                   uhlen +              /* UDP header (if L2TP_ENCAPTYPE_UDP) */
 416                   session->hdr_len +   /* L2TP header */
 417                   sizeof(ppph);        /* PPP header */
 418        if (skb_cow_head(skb, headroom))
 419                goto abort_put_sess_tun;
 420
 421        new_headroom = skb_headroom(skb);
 422        skb->truesize += new_headroom - old_headroom;
 423
 424        /* Setup PPP header */
 425        __skb_push(skb, sizeof(ppph));
 426        skb->data[0] = ppph[0];
 427        skb->data[1] = ppph[1];
 428
 429        l2tp_xmit_skb(session, skb, session->hdr_len);
 430
 431        sock_put(sk_tun);
 432        sock_put(sk);
 433        return 1;
 434
 435abort_put_sess_tun:
 436        sock_put(sk_tun);
 437abort_put_sess:
 438        sock_put(sk);
 439abort:
 440        /* Free the original skb */
 441        kfree_skb(skb);
 442        return 1;
 443}
 444
 445/*****************************************************************************
 446 * Session (and tunnel control) socket create/destroy.
 447 *****************************************************************************/
 448
 449/* Called by l2tp_core when a session socket is being closed.
 450 */
 451static void pppol2tp_session_close(struct l2tp_session *session)
 452{
 453        struct pppol2tp_session *ps = l2tp_session_priv(session);
 454        struct sock *sk = ps->sock;
 455        struct sk_buff *skb;
 456
 457        BUG_ON(session->magic != L2TP_SESSION_MAGIC);
 458
 459        if (session->session_id == 0)
 460                goto out;
 461
 462        if (sk != NULL) {
 463                lock_sock(sk);
 464
 465                if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
 466                        pppox_unbind_sock(sk);
 467                        sk->sk_state = PPPOX_DEAD;
 468                        sk->sk_state_change(sk);
 469                }
 470
 471                /* Purge any queued data */
 472                skb_queue_purge(&sk->sk_receive_queue);
 473                skb_queue_purge(&sk->sk_write_queue);
 474                while ((skb = skb_dequeue(&session->reorder_q))) {
 475                        kfree_skb(skb);
 476                        sock_put(sk);
 477                }
 478
 479                release_sock(sk);
 480        }
 481
 482out:
 483        return;
 484}
 485
 486/* Really kill the session socket. (Called from sock_put() if
 487 * refcnt == 0.)
 488 */
 489static void pppol2tp_session_destruct(struct sock *sk)
 490{
 491        struct l2tp_session *session;
 492
 493        if (sk->sk_user_data != NULL) {
 494                session = sk->sk_user_data;
 495                if (session == NULL)
 496                        goto out;
 497
 498                sk->sk_user_data = NULL;
 499                BUG_ON(session->magic != L2TP_SESSION_MAGIC);
 500                l2tp_session_dec_refcount(session);
 501        }
 502
 503out:
 504        return;
 505}
 506
 507/* Called when the PPPoX socket (session) is closed.
 508 */
 509static int pppol2tp_release(struct socket *sock)
 510{
 511        struct sock *sk = sock->sk;
 512        struct l2tp_session *session;
 513        int error;
 514
 515        if (!sk)
 516                return 0;
 517
 518        error = -EBADF;
 519        lock_sock(sk);
 520        if (sock_flag(sk, SOCK_DEAD) != 0)
 521                goto error;
 522
 523        pppox_unbind_sock(sk);
 524
 525        /* Signal the death of the socket. */
 526        sk->sk_state = PPPOX_DEAD;
 527        sock_orphan(sk);
 528        sock->sk = NULL;
 529
 530        session = pppol2tp_sock_to_session(sk);
 531
 532        /* Purge any queued data */
 533        skb_queue_purge(&sk->sk_receive_queue);
 534        skb_queue_purge(&sk->sk_write_queue);
 535        if (session != NULL) {
 536                struct sk_buff *skb;
 537                while ((skb = skb_dequeue(&session->reorder_q))) {
 538                        kfree_skb(skb);
 539                        sock_put(sk);
 540                }
 541                sock_put(sk);
 542        }
 543
 544        release_sock(sk);
 545
 546        /* This will delete the session context via
 547         * pppol2tp_session_destruct() if the socket's refcnt drops to
 548         * zero.
 549         */
 550        sock_put(sk);
 551
 552        return 0;
 553
 554error:
 555        release_sock(sk);
 556        return error;
 557}
 558
 559static struct proto pppol2tp_sk_proto = {
 560        .name     = "PPPOL2TP",
 561        .owner    = THIS_MODULE,
 562        .obj_size = sizeof(struct pppox_sock),
 563};
 564
 565static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
 566{
 567        int rc;
 568
 569        rc = l2tp_udp_encap_recv(sk, skb);
 570        if (rc)
 571                kfree_skb(skb);
 572
 573        return NET_RX_SUCCESS;
 574}
 575
 576/* socket() handler. Initialize a new struct sock.
 577 */
 578static int pppol2tp_create(struct net *net, struct socket *sock)
 579{
 580        int error = -ENOMEM;
 581        struct sock *sk;
 582
 583        sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
 584        if (!sk)
 585                goto out;
 586
 587        sock_init_data(sock, sk);
 588
 589        sock->state  = SS_UNCONNECTED;
 590        sock->ops    = &pppol2tp_ops;
 591
 592        sk->sk_backlog_rcv = pppol2tp_backlog_recv;
 593        sk->sk_protocol    = PX_PROTO_OL2TP;
 594        sk->sk_family      = PF_PPPOX;
 595        sk->sk_state       = PPPOX_NONE;
 596        sk->sk_type        = SOCK_STREAM;
 597        sk->sk_destruct    = pppol2tp_session_destruct;
 598
 599        error = 0;
 600
 601out:
 602        return error;
 603}
 604
 605#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
 606static void pppol2tp_show(struct seq_file *m, void *arg)
 607{
 608        struct l2tp_session *session = arg;
 609        struct pppol2tp_session *ps = l2tp_session_priv(session);
 610
 611        if (ps) {
 612                struct pppox_sock *po = pppox_sk(ps->sock);
 613                if (po)
 614                        seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));
 615        }
 616}
 617#endif
 618
 619/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
 620 */
 621static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
 622                            int sockaddr_len, int flags)
 623{
 624        struct sock *sk = sock->sk;
 625        struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
 626        struct pppox_sock *po = pppox_sk(sk);
 627        struct l2tp_session *session = NULL;
 628        struct l2tp_tunnel *tunnel;
 629        struct pppol2tp_session *ps;
 630        struct dst_entry *dst;
 631        struct l2tp_session_cfg cfg = { 0, };
 632        int error = 0;
 633        u32 tunnel_id, peer_tunnel_id;
 634        u32 session_id, peer_session_id;
 635        int ver = 2;
 636        int fd;
 637
 638        lock_sock(sk);
 639
 640        error = -EINVAL;
 641        if (sp->sa_protocol != PX_PROTO_OL2TP)
 642                goto end;
 643
 644        /* Check for already bound sockets */
 645        error = -EBUSY;
 646        if (sk->sk_state & PPPOX_CONNECTED)
 647                goto end;
 648
 649        /* We don't supporting rebinding anyway */
 650        error = -EALREADY;
 651        if (sk->sk_user_data)
 652                goto end; /* socket is already attached */
 653
 654        /* Get params from socket address. Handle L2TPv2 and L2TPv3.
 655         * This is nasty because there are different sockaddr_pppol2tp
 656         * structs for L2TPv2, L2TPv3, over IPv4 and IPv6. We use
 657         * the sockaddr size to determine which structure the caller
 658         * is using.
 659         */
 660        peer_tunnel_id = 0;
 661        if (sockaddr_len == sizeof(struct sockaddr_pppol2tp)) {
 662                fd = sp->pppol2tp.fd;
 663                tunnel_id = sp->pppol2tp.s_tunnel;
 664                peer_tunnel_id = sp->pppol2tp.d_tunnel;
 665                session_id = sp->pppol2tp.s_session;
 666                peer_session_id = sp->pppol2tp.d_session;
 667        } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3)) {
 668                struct sockaddr_pppol2tpv3 *sp3 =
 669                        (struct sockaddr_pppol2tpv3 *) sp;
 670                ver = 3;
 671                fd = sp3->pppol2tp.fd;
 672                tunnel_id = sp3->pppol2tp.s_tunnel;
 673                peer_tunnel_id = sp3->pppol2tp.d_tunnel;
 674                session_id = sp3->pppol2tp.s_session;
 675                peer_session_id = sp3->pppol2tp.d_session;
 676        } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpin6)) {
 677                struct sockaddr_pppol2tpin6 *sp6 =
 678                        (struct sockaddr_pppol2tpin6 *) sp;
 679                fd = sp6->pppol2tp.fd;
 680                tunnel_id = sp6->pppol2tp.s_tunnel;
 681                peer_tunnel_id = sp6->pppol2tp.d_tunnel;
 682                session_id = sp6->pppol2tp.s_session;
 683                peer_session_id = sp6->pppol2tp.d_session;
 684        } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3in6)) {
 685                struct sockaddr_pppol2tpv3in6 *sp6 =
 686                        (struct sockaddr_pppol2tpv3in6 *) sp;
 687                ver = 3;
 688                fd = sp6->pppol2tp.fd;
 689                tunnel_id = sp6->pppol2tp.s_tunnel;
 690                peer_tunnel_id = sp6->pppol2tp.d_tunnel;
 691                session_id = sp6->pppol2tp.s_session;
 692                peer_session_id = sp6->pppol2tp.d_session;
 693        } else {
 694                error = -EINVAL;
 695                goto end; /* bad socket address */
 696        }
 697
 698        /* Don't bind if tunnel_id is 0 */
 699        error = -EINVAL;
 700        if (tunnel_id == 0)
 701                goto end;
 702
 703        tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id);
 704
 705        /* Special case: create tunnel context if session_id and
 706         * peer_session_id is 0. Otherwise look up tunnel using supplied
 707         * tunnel id.
 708         */
 709        if ((session_id == 0) && (peer_session_id == 0)) {
 710                if (tunnel == NULL) {
 711                        struct l2tp_tunnel_cfg tcfg = {
 712                                .encap = L2TP_ENCAPTYPE_UDP,
 713                                .debug = 0,
 714                        };
 715                        error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel);
 716                        if (error < 0)
 717                                goto end;
 718                }
 719        } else {
 720                /* Error if we can't find the tunnel */
 721                error = -ENOENT;
 722                if (tunnel == NULL)
 723                        goto end;
 724
 725                /* Error if socket is not prepped */
 726                if (tunnel->sock == NULL)
 727                        goto end;
 728        }
 729
 730        if (tunnel->recv_payload_hook == NULL)
 731                tunnel->recv_payload_hook = pppol2tp_recv_payload_hook;
 732
 733        if (tunnel->peer_tunnel_id == 0)
 734                tunnel->peer_tunnel_id = peer_tunnel_id;
 735
 736        /* Create session if it doesn't already exist. We handle the
 737         * case where a session was previously created by the netlink
 738         * interface by checking that the session doesn't already have
 739         * a socket and its tunnel socket are what we expect. If any
 740         * of those checks fail, return EEXIST to the caller.
 741         */
 742        session = l2tp_session_find(sock_net(sk), tunnel, session_id);
 743        if (session == NULL) {
 744                /* Default MTU must allow space for UDP/L2TP/PPP
 745                 * headers.
 746                 */
 747                cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
 748
 749                /* Allocate and initialize a new session context. */
 750                session = l2tp_session_create(sizeof(struct pppol2tp_session),
 751                                              tunnel, session_id,
 752                                              peer_session_id, &cfg);
 753                if (session == NULL) {
 754                        error = -ENOMEM;
 755                        goto end;
 756                }
 757        } else {
 758                ps = l2tp_session_priv(session);
 759                error = -EEXIST;
 760                if (ps->sock != NULL)
 761                        goto end;
 762
 763                /* consistency checks */
 764                if (ps->tunnel_sock != tunnel->sock)
 765                        goto end;
 766        }
 767
 768        /* Associate session with its PPPoL2TP socket */
 769        ps = l2tp_session_priv(session);
 770        ps->owner            = current->pid;
 771        ps->sock             = sk;
 772        ps->tunnel_sock = tunnel->sock;
 773
 774        session->recv_skb       = pppol2tp_recv;
 775        session->session_close  = pppol2tp_session_close;
 776#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
 777        session->show           = pppol2tp_show;
 778#endif
 779
 780        /* We need to know each time a skb is dropped from the reorder
 781         * queue.
 782         */
 783        session->ref = pppol2tp_session_sock_hold;
 784        session->deref = pppol2tp_session_sock_put;
 785
 786        /* If PMTU discovery was enabled, use the MTU that was discovered */
 787        dst = sk_dst_get(sk);
 788        if (dst != NULL) {
 789                u32 pmtu = dst_mtu(__sk_dst_get(sk));
 790                if (pmtu != 0)
 791                        session->mtu = session->mru = pmtu -
 792                                PPPOL2TP_HEADER_OVERHEAD;
 793                dst_release(dst);
 794        }
 795
 796        /* Special case: if source & dest session_id == 0x0000, this
 797         * socket is being created to manage the tunnel. Just set up
 798         * the internal context for use by ioctl() and sockopt()
 799         * handlers.
 800         */
 801        if ((session->session_id == 0) &&
 802            (session->peer_session_id == 0)) {
 803                error = 0;
 804                goto out_no_ppp;
 805        }
 806
 807        /* The only header we need to worry about is the L2TP
 808         * header. This size is different depending on whether
 809         * sequence numbers are enabled for the data channel.
 810         */
 811        po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
 812
 813        po->chan.private = sk;
 814        po->chan.ops     = &pppol2tp_chan_ops;
 815        po->chan.mtu     = session->mtu;
 816
 817        error = ppp_register_net_channel(sock_net(sk), &po->chan);
 818        if (error)
 819                goto end;
 820
 821out_no_ppp:
 822        /* This is how we get the session context from the socket. */
 823        sk->sk_user_data = session;
 824        sk->sk_state = PPPOX_CONNECTED;
 825        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
 826                  session->name);
 827
 828end:
 829        release_sock(sk);
 830
 831        return error;
 832}
 833
 834#ifdef CONFIG_L2TP_V3
 835
 836/* Called when creating sessions via the netlink interface.
 837 */
 838static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
 839{
 840        int error;
 841        struct l2tp_tunnel *tunnel;
 842        struct l2tp_session *session;
 843        struct pppol2tp_session *ps;
 844
 845        tunnel = l2tp_tunnel_find(net, tunnel_id);
 846
 847        /* Error if we can't find the tunnel */
 848        error = -ENOENT;
 849        if (tunnel == NULL)
 850                goto out;
 851
 852        /* Error if tunnel socket is not prepped */
 853        if (tunnel->sock == NULL)
 854                goto out;
 855
 856        /* Check that this session doesn't already exist */
 857        error = -EEXIST;
 858        session = l2tp_session_find(net, tunnel, session_id);
 859        if (session != NULL)
 860                goto out;
 861
 862        /* Default MTU values. */
 863        if (cfg->mtu == 0)
 864                cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD;
 865        if (cfg->mru == 0)
 866                cfg->mru = cfg->mtu;
 867
 868        /* Allocate and initialize a new session context. */
 869        error = -ENOMEM;
 870        session = l2tp_session_create(sizeof(struct pppol2tp_session),
 871                                      tunnel, session_id,
 872                                      peer_session_id, cfg);
 873        if (session == NULL)
 874                goto out;
 875
 876        ps = l2tp_session_priv(session);
 877        ps->tunnel_sock = tunnel->sock;
 878
 879        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
 880                  session->name);
 881
 882        error = 0;
 883
 884out:
 885        return error;
 886}
 887
 888/* Called when deleting sessions via the netlink interface.
 889 */
 890static int pppol2tp_session_delete(struct l2tp_session *session)
 891{
 892        struct pppol2tp_session *ps = l2tp_session_priv(session);
 893
 894        if (ps->sock == NULL)
 895                l2tp_session_dec_refcount(session);
 896
 897        return 0;
 898}
 899
 900#endif /* CONFIG_L2TP_V3 */
 901
 902/* getname() support.
 903 */
 904static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
 905                            int *usockaddr_len, int peer)
 906{
 907        int len = 0;
 908        int error = 0;
 909        struct l2tp_session *session;
 910        struct l2tp_tunnel *tunnel;
 911        struct sock *sk = sock->sk;
 912        struct inet_sock *inet;
 913        struct pppol2tp_session *pls;
 914
 915        error = -ENOTCONN;
 916        if (sk == NULL)
 917                goto end;
 918        if (sk->sk_state != PPPOX_CONNECTED)
 919                goto end;
 920
 921        error = -EBADF;
 922        session = pppol2tp_sock_to_session(sk);
 923        if (session == NULL)
 924                goto end;
 925
 926        pls = l2tp_session_priv(session);
 927        tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock);
 928        if (tunnel == NULL) {
 929                error = -EBADF;
 930                goto end_put_sess;
 931        }
 932
 933        inet = inet_sk(tunnel->sock);
 934        if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) {
 935                struct sockaddr_pppol2tp sp;
 936                len = sizeof(sp);
 937                memset(&sp, 0, len);
 938                sp.sa_family    = AF_PPPOX;
 939                sp.sa_protocol  = PX_PROTO_OL2TP;
 940                sp.pppol2tp.fd  = tunnel->fd;
 941                sp.pppol2tp.pid = pls->owner;
 942                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 943                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
 944                sp.pppol2tp.s_session = session->session_id;
 945                sp.pppol2tp.d_session = session->peer_session_id;
 946                sp.pppol2tp.addr.sin_family = AF_INET;
 947                sp.pppol2tp.addr.sin_port = inet->inet_dport;
 948                sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
 949                memcpy(uaddr, &sp, len);
 950#if IS_ENABLED(CONFIG_IPV6)
 951        } else if ((tunnel->version == 2) &&
 952                   (tunnel->sock->sk_family == AF_INET6)) {
 953                struct ipv6_pinfo *np = inet6_sk(tunnel->sock);
 954                struct sockaddr_pppol2tpin6 sp;
 955                len = sizeof(sp);
 956                memset(&sp, 0, len);
 957                sp.sa_family    = AF_PPPOX;
 958                sp.sa_protocol  = PX_PROTO_OL2TP;
 959                sp.pppol2tp.fd  = tunnel->fd;
 960                sp.pppol2tp.pid = pls->owner;
 961                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 962                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
 963                sp.pppol2tp.s_session = session->session_id;
 964                sp.pppol2tp.d_session = session->peer_session_id;
 965                sp.pppol2tp.addr.sin6_family = AF_INET6;
 966                sp.pppol2tp.addr.sin6_port = inet->inet_dport;
 967                memcpy(&sp.pppol2tp.addr.sin6_addr, &np->daddr,
 968                       sizeof(np->daddr));
 969                memcpy(uaddr, &sp, len);
 970        } else if ((tunnel->version == 3) &&
 971                   (tunnel->sock->sk_family == AF_INET6)) {
 972                struct ipv6_pinfo *np = inet6_sk(tunnel->sock);
 973                struct sockaddr_pppol2tpv3in6 sp;
 974                len = sizeof(sp);
 975                memset(&sp, 0, len);
 976                sp.sa_family    = AF_PPPOX;
 977                sp.sa_protocol  = PX_PROTO_OL2TP;
 978                sp.pppol2tp.fd  = tunnel->fd;
 979                sp.pppol2tp.pid = pls->owner;
 980                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 981                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
 982                sp.pppol2tp.s_session = session->session_id;
 983                sp.pppol2tp.d_session = session->peer_session_id;
 984                sp.pppol2tp.addr.sin6_family = AF_INET6;
 985                sp.pppol2tp.addr.sin6_port = inet->inet_dport;
 986                memcpy(&sp.pppol2tp.addr.sin6_addr, &np->daddr,
 987                       sizeof(np->daddr));
 988                memcpy(uaddr, &sp, len);
 989#endif
 990        } else if (tunnel->version == 3) {
 991                struct sockaddr_pppol2tpv3 sp;
 992                len = sizeof(sp);
 993                memset(&sp, 0, len);
 994                sp.sa_family    = AF_PPPOX;
 995                sp.sa_protocol  = PX_PROTO_OL2TP;
 996                sp.pppol2tp.fd  = tunnel->fd;
 997                sp.pppol2tp.pid = pls->owner;
 998                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 999                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
1000                sp.pppol2tp.s_session = session->session_id;
1001                sp.pppol2tp.d_session = session->peer_session_id;
1002                sp.pppol2tp.addr.sin_family = AF_INET;
1003                sp.pppol2tp.addr.sin_port = inet->inet_dport;
1004                sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
1005                memcpy(uaddr, &sp, len);
1006        }
1007
1008        *usockaddr_len = len;
1009
1010        sock_put(pls->tunnel_sock);
1011end_put_sess:
1012        sock_put(sk);
1013        error = 0;
1014
1015end:
1016        return error;
1017}
1018
1019/****************************************************************************
1020 * ioctl() handlers.
1021 *
1022 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1023 * sockets. However, in order to control kernel tunnel features, we allow
1024 * userspace to create a special "tunnel" PPPoX socket which is used for
1025 * control only.  Tunnel PPPoX sockets have session_id == 0 and simply allow
1026 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1027 * calls.
1028 ****************************************************************************/
1029
1030static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
1031                                struct l2tp_stats *stats)
1032{
1033        dest->tx_packets = stats->tx_packets;
1034        dest->tx_bytes = stats->tx_bytes;
1035        dest->tx_errors = stats->tx_errors;
1036        dest->rx_packets = stats->rx_packets;
1037        dest->rx_bytes = stats->rx_bytes;
1038        dest->rx_seq_discards = stats->rx_seq_discards;
1039        dest->rx_oos_packets = stats->rx_oos_packets;
1040        dest->rx_errors = stats->rx_errors;
1041}
1042
1043/* Session ioctl helper.
1044 */
1045static int pppol2tp_session_ioctl(struct l2tp_session *session,
1046                                  unsigned int cmd, unsigned long arg)
1047{
1048        struct ifreq ifr;
1049        int err = 0;
1050        struct sock *sk;
1051        int val = (int) arg;
1052        struct pppol2tp_session *ps = l2tp_session_priv(session);
1053        struct l2tp_tunnel *tunnel = session->tunnel;
1054        struct pppol2tp_ioc_stats stats;
1055
1056        l2tp_dbg(session, PPPOL2TP_MSG_CONTROL,
1057                 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1058                 session->name, cmd, arg);
1059
1060        sk = ps->sock;
1061        sock_hold(sk);
1062
1063        switch (cmd) {
1064        case SIOCGIFMTU:
1065                err = -ENXIO;
1066                if (!(sk->sk_state & PPPOX_CONNECTED))
1067                        break;
1068
1069                err = -EFAULT;
1070                if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1071                        break;
1072                ifr.ifr_mtu = session->mtu;
1073                if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1074                        break;
1075
1076                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mtu=%d\n",
1077                          session->name, session->mtu);
1078                err = 0;
1079                break;
1080
1081        case SIOCSIFMTU:
1082                err = -ENXIO;
1083                if (!(sk->sk_state & PPPOX_CONNECTED))
1084                        break;
1085
1086                err = -EFAULT;
1087                if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1088                        break;
1089
1090                session->mtu = ifr.ifr_mtu;
1091
1092                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mtu=%d\n",
1093                          session->name, session->mtu);
1094                err = 0;
1095                break;
1096
1097        case PPPIOCGMRU:
1098                err = -ENXIO;
1099                if (!(sk->sk_state & PPPOX_CONNECTED))
1100                        break;
1101
1102                err = -EFAULT;
1103                if (put_user(session->mru, (int __user *) arg))
1104                        break;
1105
1106                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mru=%d\n",
1107                          session->name, session->mru);
1108                err = 0;
1109                break;
1110
1111        case PPPIOCSMRU:
1112                err = -ENXIO;
1113                if (!(sk->sk_state & PPPOX_CONNECTED))
1114                        break;
1115
1116                err = -EFAULT;
1117                if (get_user(val, (int __user *) arg))
1118                        break;
1119
1120                session->mru = val;
1121                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mru=%d\n",
1122                          session->name, session->mru);
1123                err = 0;
1124                break;
1125
1126        case PPPIOCGFLAGS:
1127                err = -EFAULT;
1128                if (put_user(ps->flags, (int __user *) arg))
1129                        break;
1130
1131                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get flags=%d\n",
1132                          session->name, ps->flags);
1133                err = 0;
1134                break;
1135
1136        case PPPIOCSFLAGS:
1137                err = -EFAULT;
1138                if (get_user(val, (int __user *) arg))
1139                        break;
1140                ps->flags = val;
1141                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set flags=%d\n",
1142                          session->name, ps->flags);
1143                err = 0;
1144                break;
1145
1146        case PPPIOCGL2TPSTATS:
1147                err = -ENXIO;
1148                if (!(sk->sk_state & PPPOX_CONNECTED))
1149                        break;
1150
1151                memset(&stats, 0, sizeof(stats));
1152                stats.tunnel_id = tunnel->tunnel_id;
1153                stats.session_id = session->session_id;
1154                pppol2tp_copy_stats(&stats, &session->stats);
1155                if (copy_to_user((void __user *) arg, &stats,
1156                                 sizeof(stats)))
1157                        break;
1158                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1159                          session->name);
1160                err = 0;
1161                break;
1162
1163        default:
1164                err = -ENOSYS;
1165                break;
1166        }
1167
1168        sock_put(sk);
1169
1170        return err;
1171}
1172
1173/* Tunnel ioctl helper.
1174 *
1175 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1176 * specifies a session_id, the session ioctl handler is called. This allows an
1177 * application to retrieve session stats via a tunnel socket.
1178 */
1179static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
1180                                 unsigned int cmd, unsigned long arg)
1181{
1182        int err = 0;
1183        struct sock *sk;
1184        struct pppol2tp_ioc_stats stats;
1185
1186        l2tp_dbg(tunnel, PPPOL2TP_MSG_CONTROL,
1187                 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
1188                 tunnel->name, cmd, arg);
1189
1190        sk = tunnel->sock;
1191        sock_hold(sk);
1192
1193        switch (cmd) {
1194        case PPPIOCGL2TPSTATS:
1195                err = -ENXIO;
1196                if (!(sk->sk_state & PPPOX_CONNECTED))
1197                        break;
1198
1199                if (copy_from_user(&stats, (void __user *) arg,
1200                                   sizeof(stats))) {
1201                        err = -EFAULT;
1202                        break;
1203                }
1204                if (stats.session_id != 0) {
1205                        /* resend to session ioctl handler */
1206                        struct l2tp_session *session =
1207                                l2tp_session_find(sock_net(sk), tunnel, stats.session_id);
1208                        if (session != NULL)
1209                                err = pppol2tp_session_ioctl(session, cmd, arg);
1210                        else
1211                                err = -EBADR;
1212                        break;
1213                }
1214#ifdef CONFIG_XFRM
1215                stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1216#endif
1217                pppol2tp_copy_stats(&stats, &tunnel->stats);
1218                if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) {
1219                        err = -EFAULT;
1220                        break;
1221                }
1222                l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1223                          tunnel->name);
1224                err = 0;
1225                break;
1226
1227        default:
1228                err = -ENOSYS;
1229                break;
1230        }
1231
1232        sock_put(sk);
1233
1234        return err;
1235}
1236
1237/* Main ioctl() handler.
1238 * Dispatch to tunnel or session helpers depending on the socket.
1239 */
1240static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1241                          unsigned long arg)
1242{
1243        struct sock *sk = sock->sk;
1244        struct l2tp_session *session;
1245        struct l2tp_tunnel *tunnel;
1246        struct pppol2tp_session *ps;
1247        int err;
1248
1249        if (!sk)
1250                return 0;
1251
1252        err = -EBADF;
1253        if (sock_flag(sk, SOCK_DEAD) != 0)
1254                goto end;
1255
1256        err = -ENOTCONN;
1257        if ((sk->sk_user_data == NULL) ||
1258            (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1259                goto end;
1260
1261        /* Get session context from the socket */
1262        err = -EBADF;
1263        session = pppol2tp_sock_to_session(sk);
1264        if (session == NULL)
1265                goto end;
1266
1267        /* Special case: if session's session_id is zero, treat ioctl as a
1268         * tunnel ioctl
1269         */
1270        ps = l2tp_session_priv(session);
1271        if ((session->session_id == 0) &&
1272            (session->peer_session_id == 0)) {
1273                err = -EBADF;
1274                tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1275                if (tunnel == NULL)
1276                        goto end_put_sess;
1277
1278                err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1279                sock_put(ps->tunnel_sock);
1280                goto end_put_sess;
1281        }
1282
1283        err = pppol2tp_session_ioctl(session, cmd, arg);
1284
1285end_put_sess:
1286        sock_put(sk);
1287end:
1288        return err;
1289}
1290
1291/*****************************************************************************
1292 * setsockopt() / getsockopt() support.
1293 *
1294 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1295 * sockets. In order to control kernel tunnel features, we allow userspace to
1296 * create a special "tunnel" PPPoX socket which is used for control only.
1297 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1298 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1299 *****************************************************************************/
1300
1301/* Tunnel setsockopt() helper.
1302 */
1303static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1304                                      struct l2tp_tunnel *tunnel,
1305                                      int optname, int val)
1306{
1307        int err = 0;
1308
1309        switch (optname) {
1310        case PPPOL2TP_SO_DEBUG:
1311                tunnel->debug = val;
1312                l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
1313                          tunnel->name, tunnel->debug);
1314                break;
1315
1316        default:
1317                err = -ENOPROTOOPT;
1318                break;
1319        }
1320
1321        return err;
1322}
1323
1324/* Session setsockopt helper.
1325 */
1326static int pppol2tp_session_setsockopt(struct sock *sk,
1327                                       struct l2tp_session *session,
1328                                       int optname, int val)
1329{
1330        int err = 0;
1331        struct pppol2tp_session *ps = l2tp_session_priv(session);
1332
1333        switch (optname) {
1334        case PPPOL2TP_SO_RECVSEQ:
1335                if ((val != 0) && (val != 1)) {
1336                        err = -EINVAL;
1337                        break;
1338                }
1339                session->recv_seq = val ? -1 : 0;
1340                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1341                          "%s: set recv_seq=%d\n",
1342                          session->name, session->recv_seq);
1343                break;
1344
1345        case PPPOL2TP_SO_SENDSEQ:
1346                if ((val != 0) && (val != 1)) {
1347                        err = -EINVAL;
1348                        break;
1349                }
1350                session->send_seq = val ? -1 : 0;
1351                {
1352                        struct sock *ssk      = ps->sock;
1353                        struct pppox_sock *po = pppox_sk(ssk);
1354                        po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1355                                PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1356                }
1357                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1358                          "%s: set send_seq=%d\n",
1359                          session->name, session->send_seq);
1360                break;
1361
1362        case PPPOL2TP_SO_LNSMODE:
1363                if ((val != 0) && (val != 1)) {
1364                        err = -EINVAL;
1365                        break;
1366                }
1367                session->lns_mode = val ? -1 : 0;
1368                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1369                          "%s: set lns_mode=%d\n",
1370                          session->name, session->lns_mode);
1371                break;
1372
1373        case PPPOL2TP_SO_DEBUG:
1374                session->debug = val;
1375                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
1376                          session->name, session->debug);
1377                break;
1378
1379        case PPPOL2TP_SO_REORDERTO:
1380                session->reorder_timeout = msecs_to_jiffies(val);
1381                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1382                          "%s: set reorder_timeout=%d\n",
1383                          session->name, session->reorder_timeout);
1384                break;
1385
1386        default:
1387                err = -ENOPROTOOPT;
1388                break;
1389        }
1390
1391        return err;
1392}
1393
1394/* Main setsockopt() entry point.
1395 * Does API checks, then calls either the tunnel or session setsockopt
1396 * handler, according to whether the PPPoL2TP socket is a for a regular
1397 * session or the special tunnel type.
1398 */
1399static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1400                               char __user *optval, unsigned int optlen)
1401{
1402        struct sock *sk = sock->sk;
1403        struct l2tp_session *session;
1404        struct l2tp_tunnel *tunnel;
1405        struct pppol2tp_session *ps;
1406        int val;
1407        int err;
1408
1409        if (level != SOL_PPPOL2TP)
1410                return udp_prot.setsockopt(sk, level, optname, optval, optlen);
1411
1412        if (optlen < sizeof(int))
1413                return -EINVAL;
1414
1415        if (get_user(val, (int __user *)optval))
1416                return -EFAULT;
1417
1418        err = -ENOTCONN;
1419        if (sk->sk_user_data == NULL)
1420                goto end;
1421
1422        /* Get session context from the socket */
1423        err = -EBADF;
1424        session = pppol2tp_sock_to_session(sk);
1425        if (session == NULL)
1426                goto end;
1427
1428        /* Special case: if session_id == 0x0000, treat as operation on tunnel
1429         */
1430        ps = l2tp_session_priv(session);
1431        if ((session->session_id == 0) &&
1432            (session->peer_session_id == 0)) {
1433                err = -EBADF;
1434                tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1435                if (tunnel == NULL)
1436                        goto end_put_sess;
1437
1438                err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1439                sock_put(ps->tunnel_sock);
1440        } else
1441                err = pppol2tp_session_setsockopt(sk, session, optname, val);
1442
1443        err = 0;
1444
1445end_put_sess:
1446        sock_put(sk);
1447end:
1448        return err;
1449}
1450
1451/* Tunnel getsockopt helper. Called with sock locked.
1452 */
1453static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1454                                      struct l2tp_tunnel *tunnel,
1455                                      int optname, int *val)
1456{
1457        int err = 0;
1458
1459        switch (optname) {
1460        case PPPOL2TP_SO_DEBUG:
1461                *val = tunnel->debug;
1462                l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get debug=%x\n",
1463                          tunnel->name, tunnel->debug);
1464                break;
1465
1466        default:
1467                err = -ENOPROTOOPT;
1468                break;
1469        }
1470
1471        return err;
1472}
1473
1474/* Session getsockopt helper. Called with sock locked.
1475 */
1476static int pppol2tp_session_getsockopt(struct sock *sk,
1477                                       struct l2tp_session *session,
1478                                       int optname, int *val)
1479{
1480        int err = 0;
1481
1482        switch (optname) {
1483        case PPPOL2TP_SO_RECVSEQ:
1484                *val = session->recv_seq;
1485                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1486                          "%s: get recv_seq=%d\n", session->name, *val);
1487                break;
1488
1489        case PPPOL2TP_SO_SENDSEQ:
1490                *val = session->send_seq;
1491                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1492                          "%s: get send_seq=%d\n", session->name, *val);
1493                break;
1494
1495        case PPPOL2TP_SO_LNSMODE:
1496                *val = session->lns_mode;
1497                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1498                          "%s: get lns_mode=%d\n", session->name, *val);
1499                break;
1500
1501        case PPPOL2TP_SO_DEBUG:
1502                *val = session->debug;
1503                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get debug=%d\n",
1504                          session->name, *val);
1505                break;
1506
1507        case PPPOL2TP_SO_REORDERTO:
1508                *val = (int) jiffies_to_msecs(session->reorder_timeout);
1509                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1510                          "%s: get reorder_timeout=%d\n", session->name, *val);
1511                break;
1512
1513        default:
1514                err = -ENOPROTOOPT;
1515        }
1516
1517        return err;
1518}
1519
1520/* Main getsockopt() entry point.
1521 * Does API checks, then calls either the tunnel or session getsockopt
1522 * handler, according to whether the PPPoX socket is a for a regular session
1523 * or the special tunnel type.
1524 */
1525static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1526                               char __user *optval, int __user *optlen)
1527{
1528        struct sock *sk = sock->sk;
1529        struct l2tp_session *session;
1530        struct l2tp_tunnel *tunnel;
1531        int val, len;
1532        int err;
1533        struct pppol2tp_session *ps;
1534
1535        if (level != SOL_PPPOL2TP)
1536                return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1537
1538        if (get_user(len, optlen))
1539                return -EFAULT;
1540
1541        len = min_t(unsigned int, len, sizeof(int));
1542
1543        if (len < 0)
1544                return -EINVAL;
1545
1546        err = -ENOTCONN;
1547        if (sk->sk_user_data == NULL)
1548                goto end;
1549
1550        /* Get the session context */
1551        err = -EBADF;
1552        session = pppol2tp_sock_to_session(sk);
1553        if (session == NULL)
1554                goto end;
1555
1556        /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1557        ps = l2tp_session_priv(session);
1558        if ((session->session_id == 0) &&
1559            (session->peer_session_id == 0)) {
1560                err = -EBADF;
1561                tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1562                if (tunnel == NULL)
1563                        goto end_put_sess;
1564
1565                err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1566                sock_put(ps->tunnel_sock);
1567        } else
1568                err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1569
1570        err = -EFAULT;
1571        if (put_user(len, optlen))
1572                goto end_put_sess;
1573
1574        if (copy_to_user((void __user *) optval, &val, len))
1575                goto end_put_sess;
1576
1577        err = 0;
1578
1579end_put_sess:
1580        sock_put(sk);
1581end:
1582        return err;
1583}
1584
1585/*****************************************************************************
1586 * /proc filesystem for debug
1587 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1588 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1589 *****************************************************************************/
1590
1591static unsigned int pppol2tp_net_id;
1592
1593#ifdef CONFIG_PROC_FS
1594
1595struct pppol2tp_seq_data {
1596        struct seq_net_private p;
1597        int tunnel_idx;                 /* current tunnel */
1598        int session_idx;                /* index of session within current tunnel */
1599        struct l2tp_tunnel *tunnel;
1600        struct l2tp_session *session;   /* NULL means get next tunnel */
1601};
1602
1603static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1604{
1605        for (;;) {
1606                pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx);
1607                pd->tunnel_idx++;
1608
1609                if (pd->tunnel == NULL)
1610                        break;
1611
1612                /* Ignore L2TPv3 tunnels */
1613                if (pd->tunnel->version < 3)
1614                        break;
1615        }
1616}
1617
1618static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1619{
1620        pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
1621        pd->session_idx++;
1622
1623        if (pd->session == NULL) {
1624                pd->session_idx = 0;
1625                pppol2tp_next_tunnel(net, pd);
1626        }
1627}
1628
1629static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1630{
1631        struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1632        loff_t pos = *offs;
1633        struct net *net;
1634
1635        if (!pos)
1636                goto out;
1637
1638        BUG_ON(m->private == NULL);
1639        pd = m->private;
1640        net = seq_file_net(m);
1641
1642        if (pd->tunnel == NULL)
1643                pppol2tp_next_tunnel(net, pd);
1644        else
1645                pppol2tp_next_session(net, pd);
1646
1647        /* NULL tunnel and session indicates end of list */
1648        if ((pd->tunnel == NULL) && (pd->session == NULL))
1649                pd = NULL;
1650
1651out:
1652        return pd;
1653}
1654
1655static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1656{
1657        (*pos)++;
1658        return NULL;
1659}
1660
1661static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1662{
1663        /* nothing to do */
1664}
1665
1666static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1667{
1668        struct l2tp_tunnel *tunnel = v;
1669
1670        seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1671                   tunnel->name,
1672                   (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1673                   atomic_read(&tunnel->ref_count) - 1);
1674        seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
1675                   tunnel->debug,
1676                   (unsigned long long)tunnel->stats.tx_packets,
1677                   (unsigned long long)tunnel->stats.tx_bytes,
1678                   (unsigned long long)tunnel->stats.tx_errors,
1679                   (unsigned long long)tunnel->stats.rx_packets,
1680                   (unsigned long long)tunnel->stats.rx_bytes,
1681                   (unsigned long long)tunnel->stats.rx_errors);
1682}
1683
1684static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1685{
1686        struct l2tp_session *session = v;
1687        struct l2tp_tunnel *tunnel = session->tunnel;
1688        struct pppol2tp_session *ps = l2tp_session_priv(session);
1689        struct pppox_sock *po = pppox_sk(ps->sock);
1690        u32 ip = 0;
1691        u16 port = 0;
1692
1693        if (tunnel->sock) {
1694                struct inet_sock *inet = inet_sk(tunnel->sock);
1695                ip = ntohl(inet->inet_saddr);
1696                port = ntohs(inet->inet_sport);
1697        }
1698
1699        seq_printf(m, "  SESSION '%s' %08X/%d %04X/%04X -> "
1700                   "%04X/%04X %d %c\n",
1701                   session->name, ip, port,
1702                   tunnel->tunnel_id,
1703                   session->session_id,
1704                   tunnel->peer_tunnel_id,
1705                   session->peer_session_id,
1706                   ps->sock->sk_state,
1707                   (session == ps->sock->sk_user_data) ?
1708                   'Y' : 'N');
1709        seq_printf(m, "   %d/%d/%c/%c/%s %08x %u\n",
1710                   session->mtu, session->mru,
1711                   session->recv_seq ? 'R' : '-',
1712                   session->send_seq ? 'S' : '-',
1713                   session->lns_mode ? "LNS" : "LAC",
1714                   session->debug,
1715                   jiffies_to_msecs(session->reorder_timeout));
1716        seq_printf(m, "   %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
1717                   session->nr, session->ns,
1718                   (unsigned long long)session->stats.tx_packets,
1719                   (unsigned long long)session->stats.tx_bytes,
1720                   (unsigned long long)session->stats.tx_errors,
1721                   (unsigned long long)session->stats.rx_packets,
1722                   (unsigned long long)session->stats.rx_bytes,
1723                   (unsigned long long)session->stats.rx_errors);
1724
1725        if (po)
1726                seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));
1727}
1728
1729static int pppol2tp_seq_show(struct seq_file *m, void *v)
1730{
1731        struct pppol2tp_seq_data *pd = v;
1732
1733        /* display header on line 1 */
1734        if (v == SEQ_START_TOKEN) {
1735                seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1736                seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1737                seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1738                seq_puts(m, "  SESSION name, addr/port src-tid/sid "
1739                         "dest-tid/sid state user-data-ok\n");
1740                seq_puts(m, "   mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1741                seq_puts(m, "   nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1742                goto out;
1743        }
1744
1745        /* Show the tunnel or session context.
1746         */
1747        if (pd->session == NULL)
1748                pppol2tp_seq_tunnel_show(m, pd->tunnel);
1749        else
1750                pppol2tp_seq_session_show(m, pd->session);
1751
1752out:
1753        return 0;
1754}
1755
1756static const struct seq_operations pppol2tp_seq_ops = {
1757        .start          = pppol2tp_seq_start,
1758        .next           = pppol2tp_seq_next,
1759        .stop           = pppol2tp_seq_stop,
1760        .show           = pppol2tp_seq_show,
1761};
1762
1763/* Called when our /proc file is opened. We allocate data for use when
1764 * iterating our tunnel / session contexts and store it in the private
1765 * data of the seq_file.
1766 */
1767static int pppol2tp_proc_open(struct inode *inode, struct file *file)
1768{
1769        return seq_open_net(inode, file, &pppol2tp_seq_ops,
1770                            sizeof(struct pppol2tp_seq_data));
1771}
1772
1773static const struct file_operations pppol2tp_proc_fops = {
1774        .owner          = THIS_MODULE,
1775        .open           = pppol2tp_proc_open,
1776        .read           = seq_read,
1777        .llseek         = seq_lseek,
1778        .release        = seq_release_net,
1779};
1780
1781#endif /* CONFIG_PROC_FS */
1782
1783/*****************************************************************************
1784 * Network namespace
1785 *****************************************************************************/
1786
1787static __net_init int pppol2tp_init_net(struct net *net)
1788{
1789        struct proc_dir_entry *pde;
1790        int err = 0;
1791
1792        pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
1793        if (!pde) {
1794                err = -ENOMEM;
1795                goto out;
1796        }
1797
1798out:
1799        return err;
1800}
1801
1802static __net_exit void pppol2tp_exit_net(struct net *net)
1803{
1804        proc_net_remove(net, "pppol2tp");
1805}
1806
1807static struct pernet_operations pppol2tp_net_ops = {
1808        .init = pppol2tp_init_net,
1809        .exit = pppol2tp_exit_net,
1810        .id   = &pppol2tp_net_id,
1811};
1812
1813/*****************************************************************************
1814 * Init and cleanup
1815 *****************************************************************************/
1816
1817static const struct proto_ops pppol2tp_ops = {
1818        .family         = AF_PPPOX,
1819        .owner          = THIS_MODULE,
1820        .release        = pppol2tp_release,
1821        .bind           = sock_no_bind,
1822        .connect        = pppol2tp_connect,
1823        .socketpair     = sock_no_socketpair,
1824        .accept         = sock_no_accept,
1825        .getname        = pppol2tp_getname,
1826        .poll           = datagram_poll,
1827        .listen         = sock_no_listen,
1828        .shutdown       = sock_no_shutdown,
1829        .setsockopt     = pppol2tp_setsockopt,
1830        .getsockopt     = pppol2tp_getsockopt,
1831        .sendmsg        = pppol2tp_sendmsg,
1832        .recvmsg        = pppol2tp_recvmsg,
1833        .mmap           = sock_no_mmap,
1834        .ioctl          = pppox_ioctl,
1835};
1836
1837static const struct pppox_proto pppol2tp_proto = {
1838        .create         = pppol2tp_create,
1839        .ioctl          = pppol2tp_ioctl
1840};
1841
1842#ifdef CONFIG_L2TP_V3
1843
1844static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1845        .session_create = pppol2tp_session_create,
1846        .session_delete = pppol2tp_session_delete,
1847};
1848
1849#endif /* CONFIG_L2TP_V3 */
1850
1851static int __init pppol2tp_init(void)
1852{
1853        int err;
1854
1855        err = register_pernet_device(&pppol2tp_net_ops);
1856        if (err)
1857                goto out;
1858
1859        err = proto_register(&pppol2tp_sk_proto, 0);
1860        if (err)
1861                goto out_unregister_pppol2tp_pernet;
1862
1863        err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1864        if (err)
1865                goto out_unregister_pppol2tp_proto;
1866
1867#ifdef CONFIG_L2TP_V3
1868        err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1869        if (err)
1870                goto out_unregister_pppox;
1871#endif
1872
1873        pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
1874
1875out:
1876        return err;
1877
1878#ifdef CONFIG_L2TP_V3
1879out_unregister_pppox:
1880        unregister_pppox_proto(PX_PROTO_OL2TP);
1881#endif
1882out_unregister_pppol2tp_proto:
1883        proto_unregister(&pppol2tp_sk_proto);
1884out_unregister_pppol2tp_pernet:
1885        unregister_pernet_device(&pppol2tp_net_ops);
1886        goto out;
1887}
1888
1889static void __exit pppol2tp_exit(void)
1890{
1891#ifdef CONFIG_L2TP_V3
1892        l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1893#endif
1894        unregister_pppox_proto(PX_PROTO_OL2TP);
1895        proto_unregister(&pppol2tp_sk_proto);
1896        unregister_pernet_device(&pppol2tp_net_ops);
1897}
1898
1899module_init(pppol2tp_init);
1900module_exit(pppol2tp_exit);
1901
1902MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1903MODULE_DESCRIPTION("PPP over L2TP over UDP");
1904MODULE_LICENSE("GPL");
1905MODULE_VERSION(PPPOL2TP_DRV_VERSION);
1906MODULE_ALIAS("pppox-proto-" __stringify(PX_PROTO_OL2TP));
1907
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.