linux/net/l2tp/l2tp_ppp.c
<<
>>
Prefs
   1/*****************************************************************************
   2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
   3 *
   4 * PPPoX    --- Generic PPP encapsulation socket family
   5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
   6 *
   7 * Version:     2.0.0
   8 *
   9 * Authors:     James Chapman (jchapman@katalix.com)
  10 *
  11 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
  12 *
  13 * License:
  14 *              This program is free software; you can redistribute it and/or
  15 *              modify it under the terms of the GNU General Public License
  16 *              as published by the Free Software Foundation; either version
  17 *              2 of the License, or (at your option) any later version.
  18 *
  19 */
  20
  21/* This driver handles only L2TP data frames; control frames are handled by a
  22 * userspace application.
  23 *
  24 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
  25 * attaches it to a bound UDP socket with local tunnel_id / session_id and
  26 * peer tunnel_id / session_id set. Data can then be sent or received using
  27 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
  28 * can be read or modified using ioctl() or [gs]etsockopt() calls.
  29 *
  30 * When a PPPoL2TP socket is connected with local and peer session_id values
  31 * zero, the socket is treated as a special tunnel management socket.
  32 *
  33 * Here's example userspace code to create a socket for sending/receiving data
  34 * over an L2TP session:-
  35 *
  36 *      struct sockaddr_pppol2tp sax;
  37 *      int fd;
  38 *      int session_fd;
  39 *
  40 *      fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
  41 *
  42 *      sax.sa_family = AF_PPPOX;
  43 *      sax.sa_protocol = PX_PROTO_OL2TP;
  44 *      sax.pppol2tp.fd = tunnel_fd;    // bound UDP socket
  45 *      sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
  46 *      sax.pppol2tp.addr.sin_port = addr->sin_port;
  47 *      sax.pppol2tp.addr.sin_family = AF_INET;
  48 *      sax.pppol2tp.s_tunnel  = tunnel_id;
  49 *      sax.pppol2tp.s_session = session_id;
  50 *      sax.pppol2tp.d_tunnel  = peer_tunnel_id;
  51 *      sax.pppol2tp.d_session = peer_session_id;
  52 *
  53 *      session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
  54 *
  55 * A pppd plugin that allows PPP traffic to be carried over L2TP using
  56 * this driver is available from the OpenL2TP project at
  57 * http://openl2tp.sourceforge.net.
  58 */
  59
  60#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  61
  62#include <linux/module.h>
  63#include <linux/string.h>
  64#include <linux/list.h>
  65#include <linux/uaccess.h>
  66
  67#include <linux/kernel.h>
  68#include <linux/spinlock.h>
  69#include <linux/kthread.h>
  70#include <linux/sched.h>
  71#include <linux/slab.h>
  72#include <linux/errno.h>
  73#include <linux/jiffies.h>
  74
  75#include <linux/netdevice.h>
  76#include <linux/net.h>
  77#include <linux/inetdevice.h>
  78#include <linux/skbuff.h>
  79#include <linux/init.h>
  80#include <linux/ip.h>
  81#include <linux/udp.h>
  82#include <linux/if_pppox.h>
  83#include <linux/if_pppol2tp.h>
  84#include <net/sock.h>
  85#include <linux/ppp_channel.h>
  86#include <linux/ppp_defs.h>
  87#include <linux/ppp-ioctl.h>
  88#include <linux/file.h>
  89#include <linux/hash.h>
  90#include <linux/sort.h>
  91#include <linux/proc_fs.h>
  92#include <linux/l2tp.h>
  93#include <linux/nsproxy.h>
  94#include <net/net_namespace.h>
  95#include <net/netns/generic.h>
  96#include <net/dst.h>
  97#include <net/ip.h>
  98#include <net/udp.h>
  99#include <net/xfrm.h>
 100
 101#include <asm/byteorder.h>
 102#include <linux/atomic.h>
 103
 104#include "l2tp_core.h"
 105
 106#define PPPOL2TP_DRV_VERSION    "V2.0"
 107
 108/* Space for UDP, L2TP and PPP headers */
 109#define PPPOL2TP_HEADER_OVERHEAD        40
 110
 111/* Number of bytes to build transmit L2TP headers.
 112 * Unfortunately the size is different depending on whether sequence numbers
 113 * are enabled.
 114 */
 115#define PPPOL2TP_L2TP_HDR_SIZE_SEQ              10
 116#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ            6
 117
 118/* Private data of each session. This data lives at the end of struct
 119 * l2tp_session, referenced via session->priv[].
 120 */
 121struct pppol2tp_session {
 122        int                     owner;          /* pid that opened the socket */
 123
 124        struct sock             *sock;          /* Pointer to the session
 125                                                 * PPPoX socket */
 126        struct sock             *tunnel_sock;   /* Pointer to the tunnel UDP
 127                                                 * socket */
 128        int                     flags;          /* accessed by PPPIOCGFLAGS.
 129                                                 * Unused. */
 130};
 131
 132static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
 133
 134static const struct ppp_channel_ops pppol2tp_chan_ops = {
 135        .start_xmit =  pppol2tp_xmit,
 136};
 137
 138static const struct proto_ops pppol2tp_ops;
 139
 140/* Helpers to obtain tunnel/session contexts from sockets.
 141 */
 142static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
 143{
 144        struct l2tp_session *session;
 145
 146        if (sk == NULL)
 147                return NULL;
 148
 149        sock_hold(sk);
 150        session = (struct l2tp_session *)(sk->sk_user_data);
 151        if (session == NULL) {
 152                sock_put(sk);
 153                goto out;
 154        }
 155
 156        BUG_ON(session->magic != L2TP_SESSION_MAGIC);
 157
 158out:
 159        return session;
 160}
 161
 162/*****************************************************************************
 163 * Receive data handling
 164 *****************************************************************************/
 165
 166static int pppol2tp_recv_payload_hook(struct sk_buff *skb)
 167{
 168        /* Skip PPP header, if present.  In testing, Microsoft L2TP clients
 169         * don't send the PPP header (PPP header compression enabled), but
 170         * other clients can include the header. So we cope with both cases
 171         * here. The PPP header is always FF03 when using L2TP.
 172         *
 173         * Note that skb->data[] isn't dereferenced from a u16 ptr here since
 174         * the field may be unaligned.
 175         */
 176        if (!pskb_may_pull(skb, 2))
 177                return 1;
 178
 179        if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
 180                skb_pull(skb, 2);
 181
 182        return 0;
 183}
 184
 185/* Receive message. This is the recvmsg for the PPPoL2TP socket.
 186 */
 187static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
 188                            struct msghdr *msg, size_t len,
 189                            int flags)
 190{
 191        int err;
 192        struct sk_buff *skb;
 193        struct sock *sk = sock->sk;
 194
 195        err = -EIO;
 196        if (sk->sk_state & PPPOX_BOUND)
 197                goto end;
 198
 199        msg->msg_namelen = 0;
 200
 201        err = 0;
 202        skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
 203                                flags & MSG_DONTWAIT, &err);
 204        if (!skb)
 205                goto end;
 206
 207        if (len > skb->len)
 208                len = skb->len;
 209        else if (len < skb->len)
 210                msg->msg_flags |= MSG_TRUNC;
 211
 212        err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
 213        if (likely(err == 0))
 214                err = len;
 215
 216        kfree_skb(skb);
 217end:
 218        return err;
 219}
 220
 221static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
 222{
 223        struct pppol2tp_session *ps = l2tp_session_priv(session);
 224        struct sock *sk = NULL;
 225
 226        /* If the socket is bound, send it in to PPP's input queue. Otherwise
 227         * queue it on the session socket.
 228         */
 229        sk = ps->sock;
 230        if (sk == NULL)
 231                goto no_sock;
 232
 233        if (sk->sk_state & PPPOX_BOUND) {
 234                struct pppox_sock *po;
 235                l2tp_dbg(session, PPPOL2TP_MSG_DATA,
 236                         "%s: recv %d byte data frame, passing to ppp\n",
 237                         session->name, data_len);
 238
 239                /* We need to forget all info related to the L2TP packet
 240                 * gathered in the skb as we are going to reuse the same
 241                 * skb for the inner packet.
 242                 * Namely we need to:
 243                 * - reset xfrm (IPSec) information as it applies to
 244                 *   the outer L2TP packet and not to the inner one
 245                 * - release the dst to force a route lookup on the inner
 246                 *   IP packet since skb->dst currently points to the dst
 247                 *   of the UDP tunnel
 248                 * - reset netfilter information as it doesn't apply
 249                 *   to the inner packet either
 250                 */
 251                secpath_reset(skb);
 252                skb_dst_drop(skb);
 253                nf_reset(skb);
 254
 255                po = pppox_sk(sk);
 256                ppp_input(&po->chan, skb);
 257        } else {
 258                l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: socket not bound\n",
 259                          session->name);
 260
 261                /* Not bound. Nothing we can do, so discard. */
 262                session->stats.rx_errors++;
 263                kfree_skb(skb);
 264        }
 265
 266        return;
 267
 268no_sock:
 269        l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: no socket\n", session->name);
 270        kfree_skb(skb);
 271}
 272
 273static void pppol2tp_session_sock_hold(struct l2tp_session *session)
 274{
 275        struct pppol2tp_session *ps = l2tp_session_priv(session);
 276
 277        if (ps->sock)
 278                sock_hold(ps->sock);
 279}
 280
 281static void pppol2tp_session_sock_put(struct l2tp_session *session)
 282{
 283        struct pppol2tp_session *ps = l2tp_session_priv(session);
 284
 285        if (ps->sock)
 286                sock_put(ps->sock);
 287}
 288
 289/************************************************************************
 290 * Transmit handling
 291 ***********************************************************************/
 292
 293/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket.  We come here
 294 * when a user application does a sendmsg() on the session socket. L2TP and
 295 * PPP headers must be inserted into the user's data.
 296 */
 297static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
 298                            size_t total_len)
 299{
 300        static const unsigned char ppph[2] = { 0xff, 0x03 };
 301        struct sock *sk = sock->sk;
 302        struct sk_buff *skb;
 303        int error;
 304        struct l2tp_session *session;
 305        struct l2tp_tunnel *tunnel;
 306        struct pppol2tp_session *ps;
 307        int uhlen;
 308
 309        error = -ENOTCONN;
 310        if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
 311                goto error;
 312
 313        /* Get session and tunnel contexts */
 314        error = -EBADF;
 315        session = pppol2tp_sock_to_session(sk);
 316        if (session == NULL)
 317                goto error;
 318
 319        ps = l2tp_session_priv(session);
 320        tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
 321        if (tunnel == NULL)
 322                goto error_put_sess;
 323
 324        uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
 325
 326        /* Allocate a socket buffer */
 327        error = -ENOMEM;
 328        skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
 329                           uhlen + session->hdr_len +
 330                           sizeof(ppph) + total_len,
 331                           0, GFP_KERNEL);
 332        if (!skb)
 333                goto error_put_sess_tun;
 334
 335        /* Reserve space for headers. */
 336        skb_reserve(skb, NET_SKB_PAD);
 337        skb_reset_network_header(skb);
 338        skb_reserve(skb, sizeof(struct iphdr));
 339        skb_reset_transport_header(skb);
 340        skb_reserve(skb, uhlen);
 341
 342        /* Add PPP header */
 343        skb->data[0] = ppph[0];
 344        skb->data[1] = ppph[1];
 345        skb_put(skb, 2);
 346
 347        /* Copy user data into skb */
 348        error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
 349        if (error < 0) {
 350                kfree_skb(skb);
 351                goto error_put_sess_tun;
 352        }
 353        skb_put(skb, total_len);
 354
 355        l2tp_xmit_skb(session, skb, session->hdr_len);
 356
 357        sock_put(ps->tunnel_sock);
 358        sock_put(sk);
 359
 360        return error;
 361
 362error_put_sess_tun:
 363        sock_put(ps->tunnel_sock);
 364error_put_sess:
 365        sock_put(sk);
 366error:
 367        return error;
 368}
 369
 370/* Transmit function called by generic PPP driver.  Sends PPP frame
 371 * over PPPoL2TP socket.
 372 *
 373 * This is almost the same as pppol2tp_sendmsg(), but rather than
 374 * being called with a msghdr from userspace, it is called with a skb
 375 * from the kernel.
 376 *
 377 * The supplied skb from ppp doesn't have enough headroom for the
 378 * insertion of L2TP, UDP and IP headers so we need to allocate more
 379 * headroom in the skb. This will create a cloned skb. But we must be
 380 * careful in the error case because the caller will expect to free
 381 * the skb it supplied, not our cloned skb. So we take care to always
 382 * leave the original skb unfreed if we return an error.
 383 */
 384static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
 385{
 386        static const u8 ppph[2] = { 0xff, 0x03 };
 387        struct sock *sk = (struct sock *) chan->private;
 388        struct sock *sk_tun;
 389        struct l2tp_session *session;
 390        struct l2tp_tunnel *tunnel;
 391        struct pppol2tp_session *ps;
 392        int uhlen, headroom;
 393
 394        if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
 395                goto abort;
 396
 397        /* Get session and tunnel contexts from the socket */
 398        session = pppol2tp_sock_to_session(sk);
 399        if (session == NULL)
 400                goto abort;
 401
 402        ps = l2tp_session_priv(session);
 403        sk_tun = ps->tunnel_sock;
 404        if (sk_tun == NULL)
 405                goto abort_put_sess;
 406        tunnel = l2tp_sock_to_tunnel(sk_tun);
 407        if (tunnel == NULL)
 408                goto abort_put_sess;
 409
 410        uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
 411        headroom = NET_SKB_PAD +
 412                   sizeof(struct iphdr) + /* IP header */
 413                   uhlen +              /* UDP header (if L2TP_ENCAPTYPE_UDP) */
 414                   session->hdr_len +   /* L2TP header */
 415                   sizeof(ppph);        /* PPP header */
 416        if (skb_cow_head(skb, headroom))
 417                goto abort_put_sess_tun;
 418
 419        /* Setup PPP header */
 420        __skb_push(skb, sizeof(ppph));
 421        skb->data[0] = ppph[0];
 422        skb->data[1] = ppph[1];
 423
 424        l2tp_xmit_skb(session, skb, session->hdr_len);
 425
 426        sock_put(sk_tun);
 427        sock_put(sk);
 428        return 1;
 429
 430abort_put_sess_tun:
 431        sock_put(sk_tun);
 432abort_put_sess:
 433        sock_put(sk);
 434abort:
 435        /* Free the original skb */
 436        kfree_skb(skb);
 437        return 1;
 438}
 439
 440/*****************************************************************************
 441 * Session (and tunnel control) socket create/destroy.
 442 *****************************************************************************/
 443
 444/* Called by l2tp_core when a session socket is being closed.
 445 */
 446static void pppol2tp_session_close(struct l2tp_session *session)
 447{
 448        struct pppol2tp_session *ps = l2tp_session_priv(session);
 449        struct sock *sk = ps->sock;
 450        struct sk_buff *skb;
 451
 452        BUG_ON(session->magic != L2TP_SESSION_MAGIC);
 453
 454        if (session->session_id == 0)
 455                goto out;
 456
 457        if (sk != NULL) {
 458                lock_sock(sk);
 459
 460                if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
 461                        pppox_unbind_sock(sk);
 462                        sk->sk_state = PPPOX_DEAD;
 463                        sk->sk_state_change(sk);
 464                }
 465
 466                /* Purge any queued data */
 467                skb_queue_purge(&sk->sk_receive_queue);
 468                skb_queue_purge(&sk->sk_write_queue);
 469                while ((skb = skb_dequeue(&session->reorder_q))) {
 470                        kfree_skb(skb);
 471                        sock_put(sk);
 472                }
 473
 474                release_sock(sk);
 475        }
 476
 477out:
 478        return;
 479}
 480
 481/* Really kill the session socket. (Called from sock_put() if
 482 * refcnt == 0.)
 483 */
 484static void pppol2tp_session_destruct(struct sock *sk)
 485{
 486        struct l2tp_session *session;
 487
 488        if (sk->sk_user_data != NULL) {
 489                session = sk->sk_user_data;
 490                if (session == NULL)
 491                        goto out;
 492
 493                sk->sk_user_data = NULL;
 494                BUG_ON(session->magic != L2TP_SESSION_MAGIC);
 495                l2tp_session_dec_refcount(session);
 496        }
 497
 498out:
 499        return;
 500}
 501
 502/* Called when the PPPoX socket (session) is closed.
 503 */
 504static int pppol2tp_release(struct socket *sock)
 505{
 506        struct sock *sk = sock->sk;
 507        struct l2tp_session *session;
 508        int error;
 509
 510        if (!sk)
 511                return 0;
 512
 513        error = -EBADF;
 514        lock_sock(sk);
 515        if (sock_flag(sk, SOCK_DEAD) != 0)
 516                goto error;
 517
 518        pppox_unbind_sock(sk);
 519
 520        /* Signal the death of the socket. */
 521        sk->sk_state = PPPOX_DEAD;
 522        sock_orphan(sk);
 523        sock->sk = NULL;
 524
 525        session = pppol2tp_sock_to_session(sk);
 526
 527        /* Purge any queued data */
 528        skb_queue_purge(&sk->sk_receive_queue);
 529        skb_queue_purge(&sk->sk_write_queue);
 530        if (session != NULL) {
 531                struct sk_buff *skb;
 532                while ((skb = skb_dequeue(&session->reorder_q))) {
 533                        kfree_skb(skb);
 534                        sock_put(sk);
 535                }
 536                sock_put(sk);
 537        }
 538
 539        release_sock(sk);
 540
 541        /* This will delete the session context via
 542         * pppol2tp_session_destruct() if the socket's refcnt drops to
 543         * zero.
 544         */
 545        sock_put(sk);
 546
 547        return 0;
 548
 549error:
 550        release_sock(sk);
 551        return error;
 552}
 553
 554static struct proto pppol2tp_sk_proto = {
 555        .name     = "PPPOL2TP",
 556        .owner    = THIS_MODULE,
 557        .obj_size = sizeof(struct pppox_sock),
 558};
 559
 560static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
 561{
 562        int rc;
 563
 564        rc = l2tp_udp_encap_recv(sk, skb);
 565        if (rc)
 566                kfree_skb(skb);
 567
 568        return NET_RX_SUCCESS;
 569}
 570
 571/* socket() handler. Initialize a new struct sock.
 572 */
 573static int pppol2tp_create(struct net *net, struct socket *sock)
 574{
 575        int error = -ENOMEM;
 576        struct sock *sk;
 577
 578        sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
 579        if (!sk)
 580                goto out;
 581
 582        sock_init_data(sock, sk);
 583
 584        sock->state  = SS_UNCONNECTED;
 585        sock->ops    = &pppol2tp_ops;
 586
 587        sk->sk_backlog_rcv = pppol2tp_backlog_recv;
 588        sk->sk_protocol    = PX_PROTO_OL2TP;
 589        sk->sk_family      = PF_PPPOX;
 590        sk->sk_state       = PPPOX_NONE;
 591        sk->sk_type        = SOCK_STREAM;
 592        sk->sk_destruct    = pppol2tp_session_destruct;
 593
 594        error = 0;
 595
 596out:
 597        return error;
 598}
 599
 600#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
 601static void pppol2tp_show(struct seq_file *m, void *arg)
 602{
 603        struct l2tp_session *session = arg;
 604        struct pppol2tp_session *ps = l2tp_session_priv(session);
 605
 606        if (ps) {
 607                struct pppox_sock *po = pppox_sk(ps->sock);
 608                if (po)
 609                        seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));
 610        }
 611}
 612#endif
 613
 614/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
 615 */
 616static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
 617                            int sockaddr_len, int flags)
 618{
 619        struct sock *sk = sock->sk;
 620        struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
 621        struct pppox_sock *po = pppox_sk(sk);
 622        struct l2tp_session *session = NULL;
 623        struct l2tp_tunnel *tunnel;
 624        struct pppol2tp_session *ps;
 625        struct dst_entry *dst;
 626        struct l2tp_session_cfg cfg = { 0, };
 627        int error = 0;
 628        u32 tunnel_id, peer_tunnel_id;
 629        u32 session_id, peer_session_id;
 630        int ver = 2;
 631        int fd;
 632
 633        lock_sock(sk);
 634
 635        error = -EINVAL;
 636        if (sp->sa_protocol != PX_PROTO_OL2TP)
 637                goto end;
 638
 639        /* Check for already bound sockets */
 640        error = -EBUSY;
 641        if (sk->sk_state & PPPOX_CONNECTED)
 642                goto end;
 643
 644        /* We don't supporting rebinding anyway */
 645        error = -EALREADY;
 646        if (sk->sk_user_data)
 647                goto end; /* socket is already attached */
 648
 649        /* Get params from socket address. Handle L2TPv2 and L2TPv3.
 650         * This is nasty because there are different sockaddr_pppol2tp
 651         * structs for L2TPv2, L2TPv3, over IPv4 and IPv6. We use
 652         * the sockaddr size to determine which structure the caller
 653         * is using.
 654         */
 655        peer_tunnel_id = 0;
 656        if (sockaddr_len == sizeof(struct sockaddr_pppol2tp)) {
 657                fd = sp->pppol2tp.fd;
 658                tunnel_id = sp->pppol2tp.s_tunnel;
 659                peer_tunnel_id = sp->pppol2tp.d_tunnel;
 660                session_id = sp->pppol2tp.s_session;
 661                peer_session_id = sp->pppol2tp.d_session;
 662        } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3)) {
 663                struct sockaddr_pppol2tpv3 *sp3 =
 664                        (struct sockaddr_pppol2tpv3 *) sp;
 665                ver = 3;
 666                fd = sp3->pppol2tp.fd;
 667                tunnel_id = sp3->pppol2tp.s_tunnel;
 668                peer_tunnel_id = sp3->pppol2tp.d_tunnel;
 669                session_id = sp3->pppol2tp.s_session;
 670                peer_session_id = sp3->pppol2tp.d_session;
 671        } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpin6)) {
 672                struct sockaddr_pppol2tpin6 *sp6 =
 673                        (struct sockaddr_pppol2tpin6 *) sp;
 674                fd = sp6->pppol2tp.fd;
 675                tunnel_id = sp6->pppol2tp.s_tunnel;
 676                peer_tunnel_id = sp6->pppol2tp.d_tunnel;
 677                session_id = sp6->pppol2tp.s_session;
 678                peer_session_id = sp6->pppol2tp.d_session;
 679        } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3in6)) {
 680                struct sockaddr_pppol2tpv3in6 *sp6 =
 681                        (struct sockaddr_pppol2tpv3in6 *) sp;
 682                ver = 3;
 683                fd = sp6->pppol2tp.fd;
 684                tunnel_id = sp6->pppol2tp.s_tunnel;
 685                peer_tunnel_id = sp6->pppol2tp.d_tunnel;
 686                session_id = sp6->pppol2tp.s_session;
 687                peer_session_id = sp6->pppol2tp.d_session;
 688        } else {
 689                error = -EINVAL;
 690                goto end; /* bad socket address */
 691        }
 692
 693        /* Don't bind if tunnel_id is 0 */
 694        error = -EINVAL;
 695        if (tunnel_id == 0)
 696                goto end;
 697
 698        tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id);
 699
 700        /* Special case: create tunnel context if session_id and
 701         * peer_session_id is 0. Otherwise look up tunnel using supplied
 702         * tunnel id.
 703         */
 704        if ((session_id == 0) && (peer_session_id == 0)) {
 705                if (tunnel == NULL) {
 706                        struct l2tp_tunnel_cfg tcfg = {
 707                                .encap = L2TP_ENCAPTYPE_UDP,
 708                                .debug = 0,
 709                        };
 710                        error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel);
 711                        if (error < 0)
 712                                goto end;
 713                }
 714        } else {
 715                /* Error if we can't find the tunnel */
 716                error = -ENOENT;
 717                if (tunnel == NULL)
 718                        goto end;
 719
 720                /* Error if socket is not prepped */
 721                if (tunnel->sock == NULL)
 722                        goto end;
 723        }
 724
 725        if (tunnel->recv_payload_hook == NULL)
 726                tunnel->recv_payload_hook = pppol2tp_recv_payload_hook;
 727
 728        if (tunnel->peer_tunnel_id == 0)
 729                tunnel->peer_tunnel_id = peer_tunnel_id;
 730
 731        /* Create session if it doesn't already exist. We handle the
 732         * case where a session was previously created by the netlink
 733         * interface by checking that the session doesn't already have
 734         * a socket and its tunnel socket are what we expect. If any
 735         * of those checks fail, return EEXIST to the caller.
 736         */
 737        session = l2tp_session_find(sock_net(sk), tunnel, session_id);
 738        if (session == NULL) {
 739                /* Default MTU must allow space for UDP/L2TP/PPP
 740                 * headers.
 741                 */
 742                cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
 743
 744                /* Allocate and initialize a new session context. */
 745                session = l2tp_session_create(sizeof(struct pppol2tp_session),
 746                                              tunnel, session_id,
 747                                              peer_session_id, &cfg);
 748                if (session == NULL) {
 749                        error = -ENOMEM;
 750                        goto end;
 751                }
 752        } else {
 753                ps = l2tp_session_priv(session);
 754                error = -EEXIST;
 755                if (ps->sock != NULL)
 756                        goto end;
 757
 758                /* consistency checks */
 759                if (ps->tunnel_sock != tunnel->sock)
 760                        goto end;
 761        }
 762
 763        /* Associate session with its PPPoL2TP socket */
 764        ps = l2tp_session_priv(session);
 765        ps->owner            = current->pid;
 766        ps->sock             = sk;
 767        ps->tunnel_sock = tunnel->sock;
 768
 769        session->recv_skb       = pppol2tp_recv;
 770        session->session_close  = pppol2tp_session_close;
 771#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
 772        session->show           = pppol2tp_show;
 773#endif
 774
 775        /* We need to know each time a skb is dropped from the reorder
 776         * queue.
 777         */
 778        session->ref = pppol2tp_session_sock_hold;
 779        session->deref = pppol2tp_session_sock_put;
 780
 781        /* If PMTU discovery was enabled, use the MTU that was discovered */
 782        dst = sk_dst_get(sk);
 783        if (dst != NULL) {
 784                u32 pmtu = dst_mtu(__sk_dst_get(sk));
 785                if (pmtu != 0)
 786                        session->mtu = session->mru = pmtu -
 787                                PPPOL2TP_HEADER_OVERHEAD;
 788                dst_release(dst);
 789        }
 790
 791        /* Special case: if source & dest session_id == 0x0000, this
 792         * socket is being created to manage the tunnel. Just set up
 793         * the internal context for use by ioctl() and sockopt()
 794         * handlers.
 795         */
 796        if ((session->session_id == 0) &&
 797            (session->peer_session_id == 0)) {
 798                error = 0;
 799                goto out_no_ppp;
 800        }
 801
 802        /* The only header we need to worry about is the L2TP
 803         * header. This size is different depending on whether
 804         * sequence numbers are enabled for the data channel.
 805         */
 806        po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
 807
 808        po->chan.private = sk;
 809        po->chan.ops     = &pppol2tp_chan_ops;
 810        po->chan.mtu     = session->mtu;
 811
 812        error = ppp_register_net_channel(sock_net(sk), &po->chan);
 813        if (error)
 814                goto end;
 815
 816out_no_ppp:
 817        /* This is how we get the session context from the socket. */
 818        sk->sk_user_data = session;
 819        sk->sk_state = PPPOX_CONNECTED;
 820        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
 821                  session->name);
 822
 823end:
 824        release_sock(sk);
 825
 826        return error;
 827}
 828
 829#ifdef CONFIG_L2TP_V3
 830
 831/* Called when creating sessions via the netlink interface.
 832 */
 833static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
 834{
 835        int error;
 836        struct l2tp_tunnel *tunnel;
 837        struct l2tp_session *session;
 838        struct pppol2tp_session *ps;
 839
 840        tunnel = l2tp_tunnel_find(net, tunnel_id);
 841
 842        /* Error if we can't find the tunnel */
 843        error = -ENOENT;
 844        if (tunnel == NULL)
 845                goto out;
 846
 847        /* Error if tunnel socket is not prepped */
 848        if (tunnel->sock == NULL)
 849                goto out;
 850
 851        /* Check that this session doesn't already exist */
 852        error = -EEXIST;
 853        session = l2tp_session_find(net, tunnel, session_id);
 854        if (session != NULL)
 855                goto out;
 856
 857        /* Default MTU values. */
 858        if (cfg->mtu == 0)
 859                cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD;
 860        if (cfg->mru == 0)
 861                cfg->mru = cfg->mtu;
 862
 863        /* Allocate and initialize a new session context. */
 864        error = -ENOMEM;
 865        session = l2tp_session_create(sizeof(struct pppol2tp_session),
 866                                      tunnel, session_id,
 867                                      peer_session_id, cfg);
 868        if (session == NULL)
 869                goto out;
 870
 871        ps = l2tp_session_priv(session);
 872        ps->tunnel_sock = tunnel->sock;
 873
 874        l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
 875                  session->name);
 876
 877        error = 0;
 878
 879out:
 880        return error;
 881}
 882
 883/* Called when deleting sessions via the netlink interface.
 884 */
 885static int pppol2tp_session_delete(struct l2tp_session *session)
 886{
 887        struct pppol2tp_session *ps = l2tp_session_priv(session);
 888
 889        if (ps->sock == NULL)
 890                l2tp_session_dec_refcount(session);
 891
 892        return 0;
 893}
 894
 895#endif /* CONFIG_L2TP_V3 */
 896
 897/* getname() support.
 898 */
 899static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
 900                            int *usockaddr_len, int peer)
 901{
 902        int len = 0;
 903        int error = 0;
 904        struct l2tp_session *session;
 905        struct l2tp_tunnel *tunnel;
 906        struct sock *sk = sock->sk;
 907        struct inet_sock *inet;
 908        struct pppol2tp_session *pls;
 909
 910        error = -ENOTCONN;
 911        if (sk == NULL)
 912                goto end;
 913        if (sk->sk_state != PPPOX_CONNECTED)
 914                goto end;
 915
 916        error = -EBADF;
 917        session = pppol2tp_sock_to_session(sk);
 918        if (session == NULL)
 919                goto end;
 920
 921        pls = l2tp_session_priv(session);
 922        tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock);
 923        if (tunnel == NULL) {
 924                error = -EBADF;
 925                goto end_put_sess;
 926        }
 927
 928        inet = inet_sk(tunnel->sock);
 929        if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) {
 930                struct sockaddr_pppol2tp sp;
 931                len = sizeof(sp);
 932                memset(&sp, 0, len);
 933                sp.sa_family    = AF_PPPOX;
 934                sp.sa_protocol  = PX_PROTO_OL2TP;
 935                sp.pppol2tp.fd  = tunnel->fd;
 936                sp.pppol2tp.pid = pls->owner;
 937                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 938                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
 939                sp.pppol2tp.s_session = session->session_id;
 940                sp.pppol2tp.d_session = session->peer_session_id;
 941                sp.pppol2tp.addr.sin_family = AF_INET;
 942                sp.pppol2tp.addr.sin_port = inet->inet_dport;
 943                sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
 944                memcpy(uaddr, &sp, len);
 945#if IS_ENABLED(CONFIG_IPV6)
 946        } else if ((tunnel->version == 2) &&
 947                   (tunnel->sock->sk_family == AF_INET6)) {
 948                struct ipv6_pinfo *np = inet6_sk(tunnel->sock);
 949                struct sockaddr_pppol2tpin6 sp;
 950                len = sizeof(sp);
 951                memset(&sp, 0, len);
 952                sp.sa_family    = AF_PPPOX;
 953                sp.sa_protocol  = PX_PROTO_OL2TP;
 954                sp.pppol2tp.fd  = tunnel->fd;
 955                sp.pppol2tp.pid = pls->owner;
 956                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 957                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
 958                sp.pppol2tp.s_session = session->session_id;
 959                sp.pppol2tp.d_session = session->peer_session_id;
 960                sp.pppol2tp.addr.sin6_family = AF_INET6;
 961                sp.pppol2tp.addr.sin6_port = inet->inet_dport;
 962                memcpy(&sp.pppol2tp.addr.sin6_addr, &np->daddr,
 963                       sizeof(np->daddr));
 964                memcpy(uaddr, &sp, len);
 965        } else if ((tunnel->version == 3) &&
 966                   (tunnel->sock->sk_family == AF_INET6)) {
 967                struct ipv6_pinfo *np = inet6_sk(tunnel->sock);
 968                struct sockaddr_pppol2tpv3in6 sp;
 969                len = sizeof(sp);
 970                memset(&sp, 0, len);
 971                sp.sa_family    = AF_PPPOX;
 972                sp.sa_protocol  = PX_PROTO_OL2TP;
 973                sp.pppol2tp.fd  = tunnel->fd;
 974                sp.pppol2tp.pid = pls->owner;
 975                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 976                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
 977                sp.pppol2tp.s_session = session->session_id;
 978                sp.pppol2tp.d_session = session->peer_session_id;
 979                sp.pppol2tp.addr.sin6_family = AF_INET6;
 980                sp.pppol2tp.addr.sin6_port = inet->inet_dport;
 981                memcpy(&sp.pppol2tp.addr.sin6_addr, &np->daddr,
 982                       sizeof(np->daddr));
 983                memcpy(uaddr, &sp, len);
 984#endif
 985        } else if (tunnel->version == 3) {
 986                struct sockaddr_pppol2tpv3 sp;
 987                len = sizeof(sp);
 988                memset(&sp, 0, len);
 989                sp.sa_family    = AF_PPPOX;
 990                sp.sa_protocol  = PX_PROTO_OL2TP;
 991                sp.pppol2tp.fd  = tunnel->fd;
 992                sp.pppol2tp.pid = pls->owner;
 993                sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
 994                sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
 995                sp.pppol2tp.s_session = session->session_id;
 996                sp.pppol2tp.d_session = session->peer_session_id;
 997                sp.pppol2tp.addr.sin_family = AF_INET;
 998                sp.pppol2tp.addr.sin_port = inet->inet_dport;
 999                sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
1000                memcpy(uaddr, &sp, len);
1001        }
1002
1003        *usockaddr_len = len;
1004
1005        sock_put(pls->tunnel_sock);
1006end_put_sess:
1007        sock_put(sk);
1008        error = 0;
1009
1010end:
1011        return error;
1012}
1013
1014/****************************************************************************
1015 * ioctl() handlers.
1016 *
1017 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1018 * sockets. However, in order to control kernel tunnel features, we allow
1019 * userspace to create a special "tunnel" PPPoX socket which is used for
1020 * control only.  Tunnel PPPoX sockets have session_id == 0 and simply allow
1021 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1022 * calls.
1023 ****************************************************************************/
1024
1025static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
1026                                struct l2tp_stats *stats)
1027{
1028        dest->tx_packets = stats->tx_packets;
1029        dest->tx_bytes = stats->tx_bytes;
1030        dest->tx_errors = stats->tx_errors;
1031        dest->rx_packets = stats->rx_packets;
1032        dest->rx_bytes = stats->rx_bytes;
1033        dest->rx_seq_discards = stats->rx_seq_discards;
1034        dest->rx_oos_packets = stats->rx_oos_packets;
1035        dest->rx_errors = stats->rx_errors;
1036}
1037
1038/* Session ioctl helper.
1039 */
1040static int pppol2tp_session_ioctl(struct l2tp_session *session,
1041                                  unsigned int cmd, unsigned long arg)
1042{
1043        struct ifreq ifr;
1044        int err = 0;
1045        struct sock *sk;
1046        int val = (int) arg;
1047        struct pppol2tp_session *ps = l2tp_session_priv(session);
1048        struct l2tp_tunnel *tunnel = session->tunnel;
1049        struct pppol2tp_ioc_stats stats;
1050
1051        l2tp_dbg(session, PPPOL2TP_MSG_CONTROL,
1052                 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1053                 session->name, cmd, arg);
1054
1055        sk = ps->sock;
1056        sock_hold(sk);
1057
1058        switch (cmd) {
1059        case SIOCGIFMTU:
1060                err = -ENXIO;
1061                if (!(sk->sk_state & PPPOX_CONNECTED))
1062                        break;
1063
1064                err = -EFAULT;
1065                if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1066                        break;
1067                ifr.ifr_mtu = session->mtu;
1068                if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1069                        break;
1070
1071                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mtu=%d\n",
1072                          session->name, session->mtu);
1073                err = 0;
1074                break;
1075
1076        case SIOCSIFMTU:
1077                err = -ENXIO;
1078                if (!(sk->sk_state & PPPOX_CONNECTED))
1079                        break;
1080
1081                err = -EFAULT;
1082                if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1083                        break;
1084
1085                session->mtu = ifr.ifr_mtu;
1086
1087                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mtu=%d\n",
1088                          session->name, session->mtu);
1089                err = 0;
1090                break;
1091
1092        case PPPIOCGMRU:
1093                err = -ENXIO;
1094                if (!(sk->sk_state & PPPOX_CONNECTED))
1095                        break;
1096
1097                err = -EFAULT;
1098                if (put_user(session->mru, (int __user *) arg))
1099                        break;
1100
1101                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mru=%d\n",
1102                          session->name, session->mru);
1103                err = 0;
1104                break;
1105
1106        case PPPIOCSMRU:
1107                err = -ENXIO;
1108                if (!(sk->sk_state & PPPOX_CONNECTED))
1109                        break;
1110
1111                err = -EFAULT;
1112                if (get_user(val, (int __user *) arg))
1113                        break;
1114
1115                session->mru = val;
1116                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mru=%d\n",
1117                          session->name, session->mru);
1118                err = 0;
1119                break;
1120
1121        case PPPIOCGFLAGS:
1122                err = -EFAULT;
1123                if (put_user(ps->flags, (int __user *) arg))
1124                        break;
1125
1126                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get flags=%d\n",
1127                          session->name, ps->flags);
1128                err = 0;
1129                break;
1130
1131        case PPPIOCSFLAGS:
1132                err = -EFAULT;
1133                if (get_user(val, (int __user *) arg))
1134                        break;
1135                ps->flags = val;
1136                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set flags=%d\n",
1137                          session->name, ps->flags);
1138                err = 0;
1139                break;
1140
1141        case PPPIOCGL2TPSTATS:
1142                err = -ENXIO;
1143                if (!(sk->sk_state & PPPOX_CONNECTED))
1144                        break;
1145
1146                memset(&stats, 0, sizeof(stats));
1147                stats.tunnel_id = tunnel->tunnel_id;
1148                stats.session_id = session->session_id;
1149                pppol2tp_copy_stats(&stats, &session->stats);
1150                if (copy_to_user((void __user *) arg, &stats,
1151                                 sizeof(stats)))
1152                        break;
1153                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1154                          session->name);
1155                err = 0;
1156                break;
1157
1158        default:
1159                err = -ENOSYS;
1160                break;
1161        }
1162
1163        sock_put(sk);
1164
1165        return err;
1166}
1167
1168/* Tunnel ioctl helper.
1169 *
1170 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1171 * specifies a session_id, the session ioctl handler is called. This allows an
1172 * application to retrieve session stats via a tunnel socket.
1173 */
1174static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
1175                                 unsigned int cmd, unsigned long arg)
1176{
1177        int err = 0;
1178        struct sock *sk;
1179        struct pppol2tp_ioc_stats stats;
1180
1181        l2tp_dbg(tunnel, PPPOL2TP_MSG_CONTROL,
1182                 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
1183                 tunnel->name, cmd, arg);
1184
1185        sk = tunnel->sock;
1186        sock_hold(sk);
1187
1188        switch (cmd) {
1189        case PPPIOCGL2TPSTATS:
1190                err = -ENXIO;
1191                if (!(sk->sk_state & PPPOX_CONNECTED))
1192                        break;
1193
1194                if (copy_from_user(&stats, (void __user *) arg,
1195                                   sizeof(stats))) {
1196                        err = -EFAULT;
1197                        break;
1198                }
1199                if (stats.session_id != 0) {
1200                        /* resend to session ioctl handler */
1201                        struct l2tp_session *session =
1202                                l2tp_session_find(sock_net(sk), tunnel, stats.session_id);
1203                        if (session != NULL)
1204                                err = pppol2tp_session_ioctl(session, cmd, arg);
1205                        else
1206                                err = -EBADR;
1207                        break;
1208                }
1209#ifdef CONFIG_XFRM
1210                stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1211#endif
1212                pppol2tp_copy_stats(&stats, &tunnel->stats);
1213                if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) {
1214                        err = -EFAULT;
1215                        break;
1216                }
1217                l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1218                          tunnel->name);
1219                err = 0;
1220                break;
1221
1222        default:
1223                err = -ENOSYS;
1224                break;
1225        }
1226
1227        sock_put(sk);
1228
1229        return err;
1230}
1231
1232/* Main ioctl() handler.
1233 * Dispatch to tunnel or session helpers depending on the socket.
1234 */
1235static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1236                          unsigned long arg)
1237{
1238        struct sock *sk = sock->sk;
1239        struct l2tp_session *session;
1240        struct l2tp_tunnel *tunnel;
1241        struct pppol2tp_session *ps;
1242        int err;
1243
1244        if (!sk)
1245                return 0;
1246
1247        err = -EBADF;
1248        if (sock_flag(sk, SOCK_DEAD) != 0)
1249                goto end;
1250
1251        err = -ENOTCONN;
1252        if ((sk->sk_user_data == NULL) ||
1253            (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1254                goto end;
1255
1256        /* Get session context from the socket */
1257        err = -EBADF;
1258        session = pppol2tp_sock_to_session(sk);
1259        if (session == NULL)
1260                goto end;
1261
1262        /* Special case: if session's session_id is zero, treat ioctl as a
1263         * tunnel ioctl
1264         */
1265        ps = l2tp_session_priv(session);
1266        if ((session->session_id == 0) &&
1267            (session->peer_session_id == 0)) {
1268                err = -EBADF;
1269                tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1270                if (tunnel == NULL)
1271                        goto end_put_sess;
1272
1273                err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1274                sock_put(ps->tunnel_sock);
1275                goto end_put_sess;
1276        }
1277
1278        err = pppol2tp_session_ioctl(session, cmd, arg);
1279
1280end_put_sess:
1281        sock_put(sk);
1282end:
1283        return err;
1284}
1285
1286/*****************************************************************************
1287 * setsockopt() / getsockopt() support.
1288 *
1289 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1290 * sockets. In order to control kernel tunnel features, we allow userspace to
1291 * create a special "tunnel" PPPoX socket which is used for control only.
1292 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1293 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1294 *****************************************************************************/
1295
1296/* Tunnel setsockopt() helper.
1297 */
1298static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1299                                      struct l2tp_tunnel *tunnel,
1300                                      int optname, int val)
1301{
1302        int err = 0;
1303
1304        switch (optname) {
1305        case PPPOL2TP_SO_DEBUG:
1306                tunnel->debug = val;
1307                l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
1308                          tunnel->name, tunnel->debug);
1309                break;
1310
1311        default:
1312                err = -ENOPROTOOPT;
1313                break;
1314        }
1315
1316        return err;
1317}
1318
1319/* Session setsockopt helper.
1320 */
1321static int pppol2tp_session_setsockopt(struct sock *sk,
1322                                       struct l2tp_session *session,
1323                                       int optname, int val)
1324{
1325        int err = 0;
1326        struct pppol2tp_session *ps = l2tp_session_priv(session);
1327
1328        switch (optname) {
1329        case PPPOL2TP_SO_RECVSEQ:
1330                if ((val != 0) && (val != 1)) {
1331                        err = -EINVAL;
1332                        break;
1333                }
1334                session->recv_seq = val ? -1 : 0;
1335                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1336                          "%s: set recv_seq=%d\n",
1337                          session->name, session->recv_seq);
1338                break;
1339
1340        case PPPOL2TP_SO_SENDSEQ:
1341                if ((val != 0) && (val != 1)) {
1342                        err = -EINVAL;
1343                        break;
1344                }
1345                session->send_seq = val ? -1 : 0;
1346                {
1347                        struct sock *ssk      = ps->sock;
1348                        struct pppox_sock *po = pppox_sk(ssk);
1349                        po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1350                                PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1351                }
1352                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1353                          "%s: set send_seq=%d\n",
1354                          session->name, session->send_seq);
1355                break;
1356
1357        case PPPOL2TP_SO_LNSMODE:
1358                if ((val != 0) && (val != 1)) {
1359                        err = -EINVAL;
1360                        break;
1361                }
1362                session->lns_mode = val ? -1 : 0;
1363                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1364                          "%s: set lns_mode=%d\n",
1365                          session->name, session->lns_mode);
1366                break;
1367
1368        case PPPOL2TP_SO_DEBUG:
1369                session->debug = val;
1370                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
1371                          session->name, session->debug);
1372                break;
1373
1374        case PPPOL2TP_SO_REORDERTO:
1375                session->reorder_timeout = msecs_to_jiffies(val);
1376                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1377                          "%s: set reorder_timeout=%d\n",
1378                          session->name, session->reorder_timeout);
1379                break;
1380
1381        default:
1382                err = -ENOPROTOOPT;
1383                break;
1384        }
1385
1386        return err;
1387}
1388
1389/* Main setsockopt() entry point.
1390 * Does API checks, then calls either the tunnel or session setsockopt
1391 * handler, according to whether the PPPoL2TP socket is a for a regular
1392 * session or the special tunnel type.
1393 */
1394static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1395                               char __user *optval, unsigned int optlen)
1396{
1397        struct sock *sk = sock->sk;
1398        struct l2tp_session *session;
1399        struct l2tp_tunnel *tunnel;
1400        struct pppol2tp_session *ps;
1401        int val;
1402        int err;
1403
1404        if (level != SOL_PPPOL2TP)
1405                return udp_prot.setsockopt(sk, level, optname, optval, optlen);
1406
1407        if (optlen < sizeof(int))
1408                return -EINVAL;
1409
1410        if (get_user(val, (int __user *)optval))
1411                return -EFAULT;
1412
1413        err = -ENOTCONN;
1414        if (sk->sk_user_data == NULL)
1415                goto end;
1416
1417        /* Get session context from the socket */
1418        err = -EBADF;
1419        session = pppol2tp_sock_to_session(sk);
1420        if (session == NULL)
1421                goto end;
1422
1423        /* Special case: if session_id == 0x0000, treat as operation on tunnel
1424         */
1425        ps = l2tp_session_priv(session);
1426        if ((session->session_id == 0) &&
1427            (session->peer_session_id == 0)) {
1428                err = -EBADF;
1429                tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1430                if (tunnel == NULL)
1431                        goto end_put_sess;
1432
1433                err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1434                sock_put(ps->tunnel_sock);
1435        } else
1436                err = pppol2tp_session_setsockopt(sk, session, optname, val);
1437
1438        err = 0;
1439
1440end_put_sess:
1441        sock_put(sk);
1442end:
1443        return err;
1444}
1445
1446/* Tunnel getsockopt helper. Called with sock locked.
1447 */
1448static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1449                                      struct l2tp_tunnel *tunnel,
1450                                      int optname, int *val)
1451{
1452        int err = 0;
1453
1454        switch (optname) {
1455        case PPPOL2TP_SO_DEBUG:
1456                *val = tunnel->debug;
1457                l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get debug=%x\n",
1458                          tunnel->name, tunnel->debug);
1459                break;
1460
1461        default:
1462                err = -ENOPROTOOPT;
1463                break;
1464        }
1465
1466        return err;
1467}
1468
1469/* Session getsockopt helper. Called with sock locked.
1470 */
1471static int pppol2tp_session_getsockopt(struct sock *sk,
1472                                       struct l2tp_session *session,
1473                                       int optname, int *val)
1474{
1475        int err = 0;
1476
1477        switch (optname) {
1478        case PPPOL2TP_SO_RECVSEQ:
1479                *val = session->recv_seq;
1480                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1481                          "%s: get recv_seq=%d\n", session->name, *val);
1482                break;
1483
1484        case PPPOL2TP_SO_SENDSEQ:
1485                *val = session->send_seq;
1486                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1487                          "%s: get send_seq=%d\n", session->name, *val);
1488                break;
1489
1490        case PPPOL2TP_SO_LNSMODE:
1491                *val = session->lns_mode;
1492                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1493                          "%s: get lns_mode=%d\n", session->name, *val);
1494                break;
1495
1496        case PPPOL2TP_SO_DEBUG:
1497                *val = session->debug;
1498                l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get debug=%d\n",
1499                          session->name, *val);
1500                break;
1501
1502        case PPPOL2TP_SO_REORDERTO:
1503                *val = (int) jiffies_to_msecs(session->reorder_timeout);
1504                l2tp_info(session, PPPOL2TP_MSG_CONTROL,
1505                          "%s: get reorder_timeout=%d\n", session->name, *val);
1506                break;
1507
1508        default:
1509                err = -ENOPROTOOPT;
1510        }
1511
1512        return err;
1513}
1514
1515/* Main getsockopt() entry point.
1516 * Does API checks, then calls either the tunnel or session getsockopt
1517 * handler, according to whether the PPPoX socket is a for a regular session
1518 * or the special tunnel type.
1519 */
1520static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1521                               char __user *optval, int __user *optlen)
1522{
1523        struct sock *sk = sock->sk;
1524        struct l2tp_session *session;
1525        struct l2tp_tunnel *tunnel;
1526        int val, len;
1527        int err;
1528        struct pppol2tp_session *ps;
1529
1530        if (level != SOL_PPPOL2TP)
1531                return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1532
1533        if (get_user(len, optlen))
1534                return -EFAULT;
1535
1536        len = min_t(unsigned int, len, sizeof(int));
1537
1538        if (len < 0)
1539                return -EINVAL;
1540
1541        err = -ENOTCONN;
1542        if (sk->sk_user_data == NULL)
1543                goto end;
1544
1545        /* Get the session context */
1546        err = -EBADF;
1547        session = pppol2tp_sock_to_session(sk);
1548        if (session == NULL)
1549                goto end;
1550
1551        /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1552        ps = l2tp_session_priv(session);
1553        if ((session->session_id == 0) &&
1554            (session->peer_session_id == 0)) {
1555                err = -EBADF;
1556                tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1557                if (tunnel == NULL)
1558                        goto end_put_sess;
1559
1560                err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1561                sock_put(ps->tunnel_sock);
1562        } else
1563                err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1564
1565        err = -EFAULT;
1566        if (put_user(len, optlen))
1567                goto end_put_sess;
1568
1569        if (copy_to_user((void __user *) optval, &val, len))
1570                goto end_put_sess;
1571
1572        err = 0;
1573
1574end_put_sess:
1575        sock_put(sk);
1576end:
1577        return err;
1578}
1579
1580/*****************************************************************************
1581 * /proc filesystem for debug
1582 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1583 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1584 *****************************************************************************/
1585
1586static unsigned int pppol2tp_net_id;
1587
1588#ifdef CONFIG_PROC_FS
1589
1590struct pppol2tp_seq_data {
1591        struct seq_net_private p;
1592        int tunnel_idx;                 /* current tunnel */
1593        int session_idx;                /* index of session within current tunnel */
1594        struct l2tp_tunnel *tunnel;
1595        struct l2tp_session *session;   /* NULL means get next tunnel */
1596};
1597
1598static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1599{
1600        for (;;) {
1601                pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx);
1602                pd->tunnel_idx++;
1603
1604                if (pd->tunnel == NULL)
1605                        break;
1606
1607                /* Ignore L2TPv3 tunnels */
1608                if (pd->tunnel->version < 3)
1609                        break;
1610        }
1611}
1612
1613static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1614{
1615        pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
1616        pd->session_idx++;
1617
1618        if (pd->session == NULL) {
1619                pd->session_idx = 0;
1620                pppol2tp_next_tunnel(net, pd);
1621        }
1622}
1623
1624static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1625{
1626        struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1627        loff_t pos = *offs;
1628        struct net *net;
1629
1630        if (!pos)
1631                goto out;
1632
1633        BUG_ON(m->private == NULL);
1634        pd = m->private;
1635        net = seq_file_net(m);
1636
1637        if (pd->tunnel == NULL)
1638                pppol2tp_next_tunnel(net, pd);
1639        else
1640                pppol2tp_next_session(net, pd);
1641
1642        /* NULL tunnel and session indicates end of list */
1643        if ((pd->tunnel == NULL) && (pd->session == NULL))
1644                pd = NULL;
1645
1646out:
1647        return pd;
1648}
1649
1650static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1651{
1652        (*pos)++;
1653        return NULL;
1654}
1655
1656static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1657{
1658        /* nothing to do */
1659}
1660
1661static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1662{
1663        struct l2tp_tunnel *tunnel = v;
1664
1665        seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1666                   tunnel->name,
1667                   (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1668                   atomic_read(&tunnel->ref_count) - 1);
1669        seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
1670                   tunnel->debug,
1671                   (unsigned long long)tunnel->stats.tx_packets,
1672                   (unsigned long long)tunnel->stats.tx_bytes,
1673                   (unsigned long long)tunnel->stats.tx_errors,
1674                   (unsigned long long)tunnel->stats.rx_packets,
1675                   (unsigned long long)tunnel->stats.rx_bytes,
1676                   (unsigned long long)tunnel->stats.rx_errors);
1677}
1678
1679static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1680{
1681        struct l2tp_session *session = v;
1682        struct l2tp_tunnel *tunnel = session->tunnel;
1683        struct pppol2tp_session *ps = l2tp_session_priv(session);
1684        struct pppox_sock *po = pppox_sk(ps->sock);
1685        u32 ip = 0;
1686        u16 port = 0;
1687
1688        if (tunnel->sock) {
1689                struct inet_sock *inet = inet_sk(tunnel->sock);
1690                ip = ntohl(inet->inet_saddr);
1691                port = ntohs(inet->inet_sport);
1692        }
1693
1694        seq_printf(m, "  SESSION '%s' %08X/%d %04X/%04X -> "
1695                   "%04X/%04X %d %c\n",
1696                   session->name, ip, port,
1697                   tunnel->tunnel_id,
1698                   session->session_id,
1699                   tunnel->peer_tunnel_id,
1700                   session->peer_session_id,
1701                   ps->sock->sk_state,
1702                   (session == ps->sock->sk_user_data) ?
1703                   'Y' : 'N');
1704        seq_printf(m, "   %d/%d/%c/%c/%s %08x %u\n",
1705                   session->mtu, session->mru,
1706                   session->recv_seq ? 'R' : '-',
1707                   session->send_seq ? 'S' : '-',
1708                   session->lns_mode ? "LNS" : "LAC",
1709                   session->debug,
1710                   jiffies_to_msecs(session->reorder_timeout));
1711        seq_printf(m, "   %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
1712                   session->nr, session->ns,
1713                   (unsigned long long)session->stats.tx_packets,
1714                   (unsigned long long)session->stats.tx_bytes,
1715                   (unsigned long long)session->stats.tx_errors,
1716                   (unsigned long long)session->stats.rx_packets,
1717                   (unsigned long long)session->stats.rx_bytes,
1718                   (unsigned long long)session->stats.rx_errors);
1719
1720        if (po)
1721                seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));
1722}
1723
1724static int pppol2tp_seq_show(struct seq_file *m, void *v)
1725{
1726        struct pppol2tp_seq_data *pd = v;
1727
1728        /* display header on line 1 */
1729        if (v == SEQ_START_TOKEN) {
1730                seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1731                seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1732                seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1733                seq_puts(m, "  SESSION name, addr/port src-tid/sid "
1734                         "dest-tid/sid state user-data-ok\n");
1735                seq_puts(m, "   mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1736                seq_puts(m, "   nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1737                goto out;
1738        }
1739
1740        /* Show the tunnel or session context.
1741         */
1742        if (pd->session == NULL)
1743                pppol2tp_seq_tunnel_show(m, pd->tunnel);
1744        else
1745                pppol2tp_seq_session_show(m, pd->session);
1746
1747out:
1748        return 0;
1749}
1750
1751static const struct seq_operations pppol2tp_seq_ops = {
1752        .start          = pppol2tp_seq_start,
1753        .next           = pppol2tp_seq_next,
1754        .stop           = pppol2tp_seq_stop,
1755        .show           = pppol2tp_seq_show,
1756};
1757
1758/* Called when our /proc file is opened. We allocate data for use when
1759 * iterating our tunnel / session contexts and store it in the private
1760 * data of the seq_file.
1761 */
1762static int pppol2tp_proc_open(struct inode *inode, struct file *file)
1763{
1764        return seq_open_net(inode, file, &pppol2tp_seq_ops,
1765                            sizeof(struct pppol2tp_seq_data));
1766}
1767
1768static const struct file_operations pppol2tp_proc_fops = {
1769        .owner          = THIS_MODULE,
1770        .open           = pppol2tp_proc_open,
1771        .read           = seq_read,
1772        .llseek         = seq_lseek,
1773        .release        = seq_release_net,
1774};
1775
1776#endif /* CONFIG_PROC_FS */
1777
1778/*****************************************************************************
1779 * Network namespace
1780 *****************************************************************************/
1781
1782static __net_init int pppol2tp_init_net(struct net *net)
1783{
1784        struct proc_dir_entry *pde;
1785        int err = 0;
1786
1787        pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
1788        if (!pde) {
1789                err = -ENOMEM;
1790                goto out;
1791        }
1792
1793out:
1794        return err;
1795}
1796
1797static __net_exit void pppol2tp_exit_net(struct net *net)
1798{
1799        proc_net_remove(net, "pppol2tp");
1800}
1801
1802static struct pernet_operations pppol2tp_net_ops = {
1803        .init = pppol2tp_init_net,
1804        .exit = pppol2tp_exit_net,
1805        .id   = &pppol2tp_net_id,
1806};
1807
1808/*****************************************************************************
1809 * Init and cleanup
1810 *****************************************************************************/
1811
1812static const struct proto_ops pppol2tp_ops = {
1813        .family         = AF_PPPOX,
1814        .owner          = THIS_MODULE,
1815        .release        = pppol2tp_release,
1816        .bind           = sock_no_bind,
1817        .connect        = pppol2tp_connect,
1818        .socketpair     = sock_no_socketpair,
1819        .accept         = sock_no_accept,
1820        .getname        = pppol2tp_getname,
1821        .poll           = datagram_poll,
1822        .listen         = sock_no_listen,
1823        .shutdown       = sock_no_shutdown,
1824        .setsockopt     = pppol2tp_setsockopt,
1825        .getsockopt     = pppol2tp_getsockopt,
1826        .sendmsg        = pppol2tp_sendmsg,
1827        .recvmsg        = pppol2tp_recvmsg,
1828        .mmap           = sock_no_mmap,
1829        .ioctl          = pppox_ioctl,
1830};
1831
1832static const struct pppox_proto pppol2tp_proto = {
1833        .create         = pppol2tp_create,
1834        .ioctl          = pppol2tp_ioctl
1835};
1836
1837#ifdef CONFIG_L2TP_V3
1838
1839static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1840        .session_create = pppol2tp_session_create,
1841        .session_delete = pppol2tp_session_delete,
1842};
1843
1844#endif /* CONFIG_L2TP_V3 */
1845
1846static int __init pppol2tp_init(void)
1847{
1848        int err;
1849
1850        err = register_pernet_device(&pppol2tp_net_ops);
1851        if (err)
1852                goto out;
1853
1854        err = proto_register(&pppol2tp_sk_proto, 0);
1855        if (err)
1856                goto out_unregister_pppol2tp_pernet;
1857
1858        err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1859        if (err)
1860                goto out_unregister_pppol2tp_proto;
1861
1862#ifdef CONFIG_L2TP_V3
1863        err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1864        if (err)
1865                goto out_unregister_pppox;
1866#endif
1867
1868        pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
1869
1870out:
1871        return err;
1872
1873#ifdef CONFIG_L2TP_V3
1874out_unregister_pppox:
1875        unregister_pppox_proto(PX_PROTO_OL2TP);
1876#endif
1877out_unregister_pppol2tp_proto:
1878        proto_unregister(&pppol2tp_sk_proto);
1879out_unregister_pppol2tp_pernet:
1880        unregister_pernet_device(&pppol2tp_net_ops);
1881        goto out;
1882}
1883
1884static void __exit pppol2tp_exit(void)
1885{
1886#ifdef CONFIG_L2TP_V3
1887        l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1888#endif
1889        unregister_pppox_proto(PX_PROTO_OL2TP);
1890        proto_unregister(&pppol2tp_sk_proto);
1891        unregister_pernet_device(&pppol2tp_net_ops);
1892}
1893
1894module_init(pppol2tp_init);
1895module_exit(pppol2tp_exit);
1896
1897MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1898MODULE_DESCRIPTION("PPP over L2TP over UDP");
1899MODULE_LICENSE("GPL");
1900MODULE_VERSION(PPPOL2TP_DRV_VERSION);
1901MODULE_ALIAS("pppox-proto-" __stringify(PX_PROTO_OL2TP));
1902
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.