Loading...
1/*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6 *
7 * Version: 2.0.0
8 *
9 * Authors: James Chapman (jchapman@katalix.com)
10 *
11 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
12 *
13 * License:
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version
17 * 2 of the License, or (at your option) any later version.
18 *
19 */
20
21/* This driver handles only L2TP data frames; control frames are handled by a
22 * userspace application.
23 *
24 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
25 * attaches it to a bound UDP socket with local tunnel_id / session_id and
26 * peer tunnel_id / session_id set. Data can then be sent or received using
27 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
28 * can be read or modified using ioctl() or [gs]etsockopt() calls.
29 *
30 * When a PPPoL2TP socket is connected with local and peer session_id values
31 * zero, the socket is treated as a special tunnel management socket.
32 *
33 * Here's example userspace code to create a socket for sending/receiving data
34 * over an L2TP session:-
35 *
36 * struct sockaddr_pppol2tp sax;
37 * int fd;
38 * int session_fd;
39 *
40 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
41 *
42 * sax.sa_family = AF_PPPOX;
43 * sax.sa_protocol = PX_PROTO_OL2TP;
44 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
45 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
46 * sax.pppol2tp.addr.sin_port = addr->sin_port;
47 * sax.pppol2tp.addr.sin_family = AF_INET;
48 * sax.pppol2tp.s_tunnel = tunnel_id;
49 * sax.pppol2tp.s_session = session_id;
50 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
51 * sax.pppol2tp.d_session = peer_session_id;
52 *
53 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
54 *
55 * A pppd plugin that allows PPP traffic to be carried over L2TP using
56 * this driver is available from the OpenL2TP project at
57 * http://openl2tp.sourceforge.net.
58 */
59
60#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
61
62#include <linux/module.h>
63#include <linux/string.h>
64#include <linux/list.h>
65#include <linux/uaccess.h>
66
67#include <linux/kernel.h>
68#include <linux/spinlock.h>
69#include <linux/kthread.h>
70#include <linux/sched.h>
71#include <linux/slab.h>
72#include <linux/errno.h>
73#include <linux/jiffies.h>
74
75#include <linux/netdevice.h>
76#include <linux/net.h>
77#include <linux/inetdevice.h>
78#include <linux/skbuff.h>
79#include <linux/init.h>
80#include <linux/ip.h>
81#include <linux/udp.h>
82#include <linux/if_pppox.h>
83#include <linux/if_pppol2tp.h>
84#include <net/sock.h>
85#include <linux/ppp_channel.h>
86#include <linux/ppp_defs.h>
87#include <linux/ppp-ioctl.h>
88#include <linux/file.h>
89#include <linux/hash.h>
90#include <linux/sort.h>
91#include <linux/proc_fs.h>
92#include <linux/l2tp.h>
93#include <linux/nsproxy.h>
94#include <net/net_namespace.h>
95#include <net/netns/generic.h>
96#include <net/dst.h>
97#include <net/ip.h>
98#include <net/udp.h>
99#include <net/xfrm.h>
100#include <net/inet_common.h>
101
102#include <asm/byteorder.h>
103#include <linux/atomic.h>
104
105#include "l2tp_core.h"
106
107#define PPPOL2TP_DRV_VERSION "V2.0"
108
109/* Space for UDP, L2TP and PPP headers */
110#define PPPOL2TP_HEADER_OVERHEAD 40
111
112/* Number of bytes to build transmit L2TP headers.
113 * Unfortunately the size is different depending on whether sequence numbers
114 * are enabled.
115 */
116#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
117#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
118
119/* Private data of each session. This data lives at the end of struct
120 * l2tp_session, referenced via session->priv[].
121 */
122struct pppol2tp_session {
123 int owner; /* pid that opened the socket */
124
125 struct sock *sock; /* Pointer to the session
126 * PPPoX socket */
127 struct sock *tunnel_sock; /* Pointer to the tunnel UDP
128 * socket */
129 int flags; /* accessed by PPPIOCGFLAGS.
130 * Unused. */
131};
132
133static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
134
135static const struct ppp_channel_ops pppol2tp_chan_ops = {
136 .start_xmit = pppol2tp_xmit,
137};
138
139static const struct proto_ops pppol2tp_ops;
140
141/* Helpers to obtain tunnel/session contexts from sockets.
142 */
143static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
144{
145 struct l2tp_session *session;
146
147 if (sk == NULL)
148 return NULL;
149
150 sock_hold(sk);
151 session = (struct l2tp_session *)(sk->sk_user_data);
152 if (session == NULL) {
153 sock_put(sk);
154 goto out;
155 }
156
157 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
158
159out:
160 return session;
161}
162
163/*****************************************************************************
164 * Receive data handling
165 *****************************************************************************/
166
167static int pppol2tp_recv_payload_hook(struct sk_buff *skb)
168{
169 /* Skip PPP header, if present. In testing, Microsoft L2TP clients
170 * don't send the PPP header (PPP header compression enabled), but
171 * other clients can include the header. So we cope with both cases
172 * here. The PPP header is always FF03 when using L2TP.
173 *
174 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
175 * the field may be unaligned.
176 */
177 if (!pskb_may_pull(skb, 2))
178 return 1;
179
180 if ((skb->data[0] == PPP_ALLSTATIONS) && (skb->data[1] == PPP_UI))
181 skb_pull(skb, 2);
182
183 return 0;
184}
185
186/* Receive message. This is the recvmsg for the PPPoL2TP socket.
187 */
188static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg,
189 size_t len, int flags)
190{
191 int err;
192 struct sk_buff *skb;
193 struct sock *sk = sock->sk;
194
195 err = -EIO;
196 if (sk->sk_state & PPPOX_BOUND)
197 goto end;
198
199 err = 0;
200 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
201 flags & MSG_DONTWAIT, &err);
202 if (!skb)
203 goto end;
204
205 if (len > skb->len)
206 len = skb->len;
207 else if (len < skb->len)
208 msg->msg_flags |= MSG_TRUNC;
209
210 err = skb_copy_datagram_msg(skb, 0, msg, len);
211 if (likely(err == 0))
212 err = len;
213
214 kfree_skb(skb);
215end:
216 return err;
217}
218
219static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
220{
221 struct pppol2tp_session *ps = l2tp_session_priv(session);
222 struct sock *sk = NULL;
223
224 /* If the socket is bound, send it in to PPP's input queue. Otherwise
225 * queue it on the session socket.
226 */
227 sk = ps->sock;
228 if (sk == NULL)
229 goto no_sock;
230
231 if (sk->sk_state & PPPOX_BOUND) {
232 struct pppox_sock *po;
233
234 l2tp_dbg(session, L2TP_MSG_DATA,
235 "%s: recv %d byte data frame, passing to ppp\n",
236 session->name, data_len);
237
238 po = pppox_sk(sk);
239 ppp_input(&po->chan, skb);
240 } else {
241 l2tp_dbg(session, L2TP_MSG_DATA,
242 "%s: recv %d byte data frame, passing to L2TP socket\n",
243 session->name, data_len);
244
245 if (sock_queue_rcv_skb(sk, skb) < 0) {
246 atomic_long_inc(&session->stats.rx_errors);
247 kfree_skb(skb);
248 }
249 }
250
251 return;
252
253no_sock:
254 l2tp_info(session, L2TP_MSG_DATA, "%s: no socket\n", session->name);
255 kfree_skb(skb);
256}
257
258static void pppol2tp_session_sock_hold(struct l2tp_session *session)
259{
260 struct pppol2tp_session *ps = l2tp_session_priv(session);
261
262 if (ps->sock)
263 sock_hold(ps->sock);
264}
265
266static void pppol2tp_session_sock_put(struct l2tp_session *session)
267{
268 struct pppol2tp_session *ps = l2tp_session_priv(session);
269
270 if (ps->sock)
271 sock_put(ps->sock);
272}
273
274/************************************************************************
275 * Transmit handling
276 ***********************************************************************/
277
278/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
279 * when a user application does a sendmsg() on the session socket. L2TP and
280 * PPP headers must be inserted into the user's data.
281 */
282static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m,
283 size_t total_len)
284{
285 struct sock *sk = sock->sk;
286 struct sk_buff *skb;
287 int error;
288 struct l2tp_session *session;
289 struct l2tp_tunnel *tunnel;
290 struct pppol2tp_session *ps;
291 int uhlen;
292
293 error = -ENOTCONN;
294 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
295 goto error;
296
297 /* Get session and tunnel contexts */
298 error = -EBADF;
299 session = pppol2tp_sock_to_session(sk);
300 if (session == NULL)
301 goto error;
302
303 ps = l2tp_session_priv(session);
304 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
305 if (tunnel == NULL)
306 goto error_put_sess;
307
308 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
309
310 /* Allocate a socket buffer */
311 error = -ENOMEM;
312 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
313 uhlen + session->hdr_len +
314 2 + total_len, /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
315 0, GFP_KERNEL);
316 if (!skb)
317 goto error_put_sess_tun;
318
319 /* Reserve space for headers. */
320 skb_reserve(skb, NET_SKB_PAD);
321 skb_reset_network_header(skb);
322 skb_reserve(skb, sizeof(struct iphdr));
323 skb_reset_transport_header(skb);
324 skb_reserve(skb, uhlen);
325
326 /* Add PPP header */
327 skb->data[0] = PPP_ALLSTATIONS;
328 skb->data[1] = PPP_UI;
329 skb_put(skb, 2);
330
331 /* Copy user data into skb */
332 error = memcpy_from_msg(skb_put(skb, total_len), m, total_len);
333 if (error < 0) {
334 kfree_skb(skb);
335 goto error_put_sess_tun;
336 }
337
338 local_bh_disable();
339 l2tp_xmit_skb(session, skb, session->hdr_len);
340 local_bh_enable();
341
342 sock_put(ps->tunnel_sock);
343 sock_put(sk);
344
345 return total_len;
346
347error_put_sess_tun:
348 sock_put(ps->tunnel_sock);
349error_put_sess:
350 sock_put(sk);
351error:
352 return error;
353}
354
355/* Transmit function called by generic PPP driver. Sends PPP frame
356 * over PPPoL2TP socket.
357 *
358 * This is almost the same as pppol2tp_sendmsg(), but rather than
359 * being called with a msghdr from userspace, it is called with a skb
360 * from the kernel.
361 *
362 * The supplied skb from ppp doesn't have enough headroom for the
363 * insertion of L2TP, UDP and IP headers so we need to allocate more
364 * headroom in the skb. This will create a cloned skb. But we must be
365 * careful in the error case because the caller will expect to free
366 * the skb it supplied, not our cloned skb. So we take care to always
367 * leave the original skb unfreed if we return an error.
368 */
369static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
370{
371 struct sock *sk = (struct sock *) chan->private;
372 struct sock *sk_tun;
373 struct l2tp_session *session;
374 struct l2tp_tunnel *tunnel;
375 struct pppol2tp_session *ps;
376 int uhlen, headroom;
377
378 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
379 goto abort;
380
381 /* Get session and tunnel contexts from the socket */
382 session = pppol2tp_sock_to_session(sk);
383 if (session == NULL)
384 goto abort;
385
386 ps = l2tp_session_priv(session);
387 sk_tun = ps->tunnel_sock;
388 if (sk_tun == NULL)
389 goto abort_put_sess;
390 tunnel = l2tp_sock_to_tunnel(sk_tun);
391 if (tunnel == NULL)
392 goto abort_put_sess;
393
394 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
395 headroom = NET_SKB_PAD +
396 sizeof(struct iphdr) + /* IP header */
397 uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */
398 session->hdr_len + /* L2TP header */
399 2; /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
400 if (skb_cow_head(skb, headroom))
401 goto abort_put_sess_tun;
402
403 /* Setup PPP header */
404 __skb_push(skb, 2);
405 skb->data[0] = PPP_ALLSTATIONS;
406 skb->data[1] = PPP_UI;
407
408 local_bh_disable();
409 l2tp_xmit_skb(session, skb, session->hdr_len);
410 local_bh_enable();
411
412 sock_put(sk_tun);
413 sock_put(sk);
414 return 1;
415
416abort_put_sess_tun:
417 sock_put(sk_tun);
418abort_put_sess:
419 sock_put(sk);
420abort:
421 /* Free the original skb */
422 kfree_skb(skb);
423 return 1;
424}
425
426/*****************************************************************************
427 * Session (and tunnel control) socket create/destroy.
428 *****************************************************************************/
429
430/* Called by l2tp_core when a session socket is being closed.
431 */
432static void pppol2tp_session_close(struct l2tp_session *session)
433{
434 struct pppol2tp_session *ps = l2tp_session_priv(session);
435 struct sock *sk = ps->sock;
436 struct socket *sock = sk->sk_socket;
437
438 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
439
440 if (sock) {
441 inet_shutdown(sock, SEND_SHUTDOWN);
442 /* Don't let the session go away before our socket does */
443 l2tp_session_inc_refcount(session);
444 }
445}
446
447/* Really kill the session socket. (Called from sock_put() if
448 * refcnt == 0.)
449 */
450static void pppol2tp_session_destruct(struct sock *sk)
451{
452 struct l2tp_session *session = sk->sk_user_data;
453 if (session) {
454 sk->sk_user_data = NULL;
455 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
456 l2tp_session_dec_refcount(session);
457 }
458}
459
460/* Called when the PPPoX socket (session) is closed.
461 */
462static int pppol2tp_release(struct socket *sock)
463{
464 struct sock *sk = sock->sk;
465 struct l2tp_session *session;
466 int error;
467
468 if (!sk)
469 return 0;
470
471 error = -EBADF;
472 lock_sock(sk);
473 if (sock_flag(sk, SOCK_DEAD) != 0)
474 goto error;
475
476 pppox_unbind_sock(sk);
477
478 /* Signal the death of the socket. */
479 sk->sk_state = PPPOX_DEAD;
480 sock_orphan(sk);
481 sock->sk = NULL;
482
483 session = pppol2tp_sock_to_session(sk);
484
485 /* Purge any queued data */
486 if (session != NULL) {
487 __l2tp_session_unhash(session);
488 l2tp_session_queue_purge(session);
489 sock_put(sk);
490 }
491 skb_queue_purge(&sk->sk_receive_queue);
492 skb_queue_purge(&sk->sk_write_queue);
493
494 release_sock(sk);
495
496 /* This will delete the session context via
497 * pppol2tp_session_destruct() if the socket's refcnt drops to
498 * zero.
499 */
500 sock_put(sk);
501
502 return 0;
503
504error:
505 release_sock(sk);
506 return error;
507}
508
509static struct proto pppol2tp_sk_proto = {
510 .name = "PPPOL2TP",
511 .owner = THIS_MODULE,
512 .obj_size = sizeof(struct pppox_sock),
513};
514
515static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
516{
517 int rc;
518
519 rc = l2tp_udp_encap_recv(sk, skb);
520 if (rc)
521 kfree_skb(skb);
522
523 return NET_RX_SUCCESS;
524}
525
526/* socket() handler. Initialize a new struct sock.
527 */
528static int pppol2tp_create(struct net *net, struct socket *sock, int kern)
529{
530 int error = -ENOMEM;
531 struct sock *sk;
532
533 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, kern);
534 if (!sk)
535 goto out;
536
537 sock_init_data(sock, sk);
538
539 sock->state = SS_UNCONNECTED;
540 sock->ops = &pppol2tp_ops;
541
542 sk->sk_backlog_rcv = pppol2tp_backlog_recv;
543 sk->sk_protocol = PX_PROTO_OL2TP;
544 sk->sk_family = PF_PPPOX;
545 sk->sk_state = PPPOX_NONE;
546 sk->sk_type = SOCK_STREAM;
547 sk->sk_destruct = pppol2tp_session_destruct;
548
549 error = 0;
550
551out:
552 return error;
553}
554
555#if IS_ENABLED(CONFIG_L2TP_DEBUGFS)
556static void pppol2tp_show(struct seq_file *m, void *arg)
557{
558 struct l2tp_session *session = arg;
559 struct pppol2tp_session *ps = l2tp_session_priv(session);
560
561 if (ps) {
562 struct pppox_sock *po = pppox_sk(ps->sock);
563 if (po)
564 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
565 }
566}
567#endif
568
569/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
570 */
571static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
572 int sockaddr_len, int flags)
573{
574 struct sock *sk = sock->sk;
575 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
576 struct pppox_sock *po = pppox_sk(sk);
577 struct l2tp_session *session = NULL;
578 struct l2tp_tunnel *tunnel;
579 struct pppol2tp_session *ps;
580 struct dst_entry *dst;
581 struct l2tp_session_cfg cfg = { 0, };
582 int error = 0;
583 u32 tunnel_id, peer_tunnel_id;
584 u32 session_id, peer_session_id;
585 int ver = 2;
586 int fd;
587
588 lock_sock(sk);
589
590 error = -EINVAL;
591 if (sp->sa_protocol != PX_PROTO_OL2TP)
592 goto end;
593
594 /* Check for already bound sockets */
595 error = -EBUSY;
596 if (sk->sk_state & PPPOX_CONNECTED)
597 goto end;
598
599 /* We don't supporting rebinding anyway */
600 error = -EALREADY;
601 if (sk->sk_user_data)
602 goto end; /* socket is already attached */
603
604 /* Get params from socket address. Handle L2TPv2 and L2TPv3.
605 * This is nasty because there are different sockaddr_pppol2tp
606 * structs for L2TPv2, L2TPv3, over IPv4 and IPv6. We use
607 * the sockaddr size to determine which structure the caller
608 * is using.
609 */
610 peer_tunnel_id = 0;
611 if (sockaddr_len == sizeof(struct sockaddr_pppol2tp)) {
612 fd = sp->pppol2tp.fd;
613 tunnel_id = sp->pppol2tp.s_tunnel;
614 peer_tunnel_id = sp->pppol2tp.d_tunnel;
615 session_id = sp->pppol2tp.s_session;
616 peer_session_id = sp->pppol2tp.d_session;
617 } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3)) {
618 struct sockaddr_pppol2tpv3 *sp3 =
619 (struct sockaddr_pppol2tpv3 *) sp;
620 ver = 3;
621 fd = sp3->pppol2tp.fd;
622 tunnel_id = sp3->pppol2tp.s_tunnel;
623 peer_tunnel_id = sp3->pppol2tp.d_tunnel;
624 session_id = sp3->pppol2tp.s_session;
625 peer_session_id = sp3->pppol2tp.d_session;
626 } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpin6)) {
627 struct sockaddr_pppol2tpin6 *sp6 =
628 (struct sockaddr_pppol2tpin6 *) sp;
629 fd = sp6->pppol2tp.fd;
630 tunnel_id = sp6->pppol2tp.s_tunnel;
631 peer_tunnel_id = sp6->pppol2tp.d_tunnel;
632 session_id = sp6->pppol2tp.s_session;
633 peer_session_id = sp6->pppol2tp.d_session;
634 } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3in6)) {
635 struct sockaddr_pppol2tpv3in6 *sp6 =
636 (struct sockaddr_pppol2tpv3in6 *) sp;
637 ver = 3;
638 fd = sp6->pppol2tp.fd;
639 tunnel_id = sp6->pppol2tp.s_tunnel;
640 peer_tunnel_id = sp6->pppol2tp.d_tunnel;
641 session_id = sp6->pppol2tp.s_session;
642 peer_session_id = sp6->pppol2tp.d_session;
643 } else {
644 error = -EINVAL;
645 goto end; /* bad socket address */
646 }
647
648 /* Don't bind if tunnel_id is 0 */
649 error = -EINVAL;
650 if (tunnel_id == 0)
651 goto end;
652
653 tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id);
654
655 /* Special case: create tunnel context if session_id and
656 * peer_session_id is 0. Otherwise look up tunnel using supplied
657 * tunnel id.
658 */
659 if ((session_id == 0) && (peer_session_id == 0)) {
660 if (tunnel == NULL) {
661 struct l2tp_tunnel_cfg tcfg = {
662 .encap = L2TP_ENCAPTYPE_UDP,
663 .debug = 0,
664 };
665 error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel);
666 if (error < 0)
667 goto end;
668 }
669 } else {
670 /* Error if we can't find the tunnel */
671 error = -ENOENT;
672 if (tunnel == NULL)
673 goto end;
674
675 /* Error if socket is not prepped */
676 if (tunnel->sock == NULL)
677 goto end;
678 }
679
680 if (tunnel->recv_payload_hook == NULL)
681 tunnel->recv_payload_hook = pppol2tp_recv_payload_hook;
682
683 if (tunnel->peer_tunnel_id == 0)
684 tunnel->peer_tunnel_id = peer_tunnel_id;
685
686 /* Create session if it doesn't already exist. We handle the
687 * case where a session was previously created by the netlink
688 * interface by checking that the session doesn't already have
689 * a socket and its tunnel socket are what we expect. If any
690 * of those checks fail, return EEXIST to the caller.
691 */
692 session = l2tp_session_find(sock_net(sk), tunnel, session_id);
693 if (session == NULL) {
694 /* Default MTU must allow space for UDP/L2TP/PPP
695 * headers.
696 */
697 cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
698
699 /* Allocate and initialize a new session context. */
700 session = l2tp_session_create(sizeof(struct pppol2tp_session),
701 tunnel, session_id,
702 peer_session_id, &cfg);
703 if (session == NULL) {
704 error = -ENOMEM;
705 goto end;
706 }
707 } else {
708 ps = l2tp_session_priv(session);
709 error = -EEXIST;
710 if (ps->sock != NULL)
711 goto end;
712
713 /* consistency checks */
714 if (ps->tunnel_sock != tunnel->sock)
715 goto end;
716 }
717
718 /* Associate session with its PPPoL2TP socket */
719 ps = l2tp_session_priv(session);
720 ps->owner = current->pid;
721 ps->sock = sk;
722 ps->tunnel_sock = tunnel->sock;
723
724 session->recv_skb = pppol2tp_recv;
725 session->session_close = pppol2tp_session_close;
726#if IS_ENABLED(CONFIG_L2TP_DEBUGFS)
727 session->show = pppol2tp_show;
728#endif
729
730 /* We need to know each time a skb is dropped from the reorder
731 * queue.
732 */
733 session->ref = pppol2tp_session_sock_hold;
734 session->deref = pppol2tp_session_sock_put;
735
736 /* If PMTU discovery was enabled, use the MTU that was discovered */
737 dst = sk_dst_get(tunnel->sock);
738 if (dst != NULL) {
739 u32 pmtu = dst_mtu(dst);
740
741 if (pmtu != 0)
742 session->mtu = session->mru = pmtu -
743 PPPOL2TP_HEADER_OVERHEAD;
744 dst_release(dst);
745 }
746
747 /* Special case: if source & dest session_id == 0x0000, this
748 * socket is being created to manage the tunnel. Just set up
749 * the internal context for use by ioctl() and sockopt()
750 * handlers.
751 */
752 if ((session->session_id == 0) &&
753 (session->peer_session_id == 0)) {
754 error = 0;
755 goto out_no_ppp;
756 }
757
758 /* The only header we need to worry about is the L2TP
759 * header. This size is different depending on whether
760 * sequence numbers are enabled for the data channel.
761 */
762 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
763
764 po->chan.private = sk;
765 po->chan.ops = &pppol2tp_chan_ops;
766 po->chan.mtu = session->mtu;
767
768 error = ppp_register_net_channel(sock_net(sk), &po->chan);
769 if (error)
770 goto end;
771
772out_no_ppp:
773 /* This is how we get the session context from the socket. */
774 sk->sk_user_data = session;
775 sk->sk_state = PPPOX_CONNECTED;
776 l2tp_info(session, L2TP_MSG_CONTROL, "%s: created\n",
777 session->name);
778
779end:
780 release_sock(sk);
781
782 return error;
783}
784
785#ifdef CONFIG_L2TP_V3
786
787/* Called when creating sessions via the netlink interface.
788 */
789static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
790{
791 int error;
792 struct l2tp_tunnel *tunnel;
793 struct l2tp_session *session;
794 struct pppol2tp_session *ps;
795
796 tunnel = l2tp_tunnel_find(net, tunnel_id);
797
798 /* Error if we can't find the tunnel */
799 error = -ENOENT;
800 if (tunnel == NULL)
801 goto out;
802
803 /* Error if tunnel socket is not prepped */
804 if (tunnel->sock == NULL)
805 goto out;
806
807 /* Check that this session doesn't already exist */
808 error = -EEXIST;
809 session = l2tp_session_find(net, tunnel, session_id);
810 if (session != NULL)
811 goto out;
812
813 /* Default MTU values. */
814 if (cfg->mtu == 0)
815 cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD;
816 if (cfg->mru == 0)
817 cfg->mru = cfg->mtu;
818
819 /* Allocate and initialize a new session context. */
820 error = -ENOMEM;
821 session = l2tp_session_create(sizeof(struct pppol2tp_session),
822 tunnel, session_id,
823 peer_session_id, cfg);
824 if (session == NULL)
825 goto out;
826
827 ps = l2tp_session_priv(session);
828 ps->tunnel_sock = tunnel->sock;
829
830 l2tp_info(session, L2TP_MSG_CONTROL, "%s: created\n",
831 session->name);
832
833 error = 0;
834
835out:
836 return error;
837}
838
839#endif /* CONFIG_L2TP_V3 */
840
841/* getname() support.
842 */
843static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
844 int *usockaddr_len, int peer)
845{
846 int len = 0;
847 int error = 0;
848 struct l2tp_session *session;
849 struct l2tp_tunnel *tunnel;
850 struct sock *sk = sock->sk;
851 struct inet_sock *inet;
852 struct pppol2tp_session *pls;
853
854 error = -ENOTCONN;
855 if (sk == NULL)
856 goto end;
857 if (!(sk->sk_state & PPPOX_CONNECTED))
858 goto end;
859
860 error = -EBADF;
861 session = pppol2tp_sock_to_session(sk);
862 if (session == NULL)
863 goto end;
864
865 pls = l2tp_session_priv(session);
866 tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock);
867 if (tunnel == NULL)
868 goto end_put_sess;
869
870 inet = inet_sk(tunnel->sock);
871 if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) {
872 struct sockaddr_pppol2tp sp;
873 len = sizeof(sp);
874 memset(&sp, 0, len);
875 sp.sa_family = AF_PPPOX;
876 sp.sa_protocol = PX_PROTO_OL2TP;
877 sp.pppol2tp.fd = tunnel->fd;
878 sp.pppol2tp.pid = pls->owner;
879 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
880 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
881 sp.pppol2tp.s_session = session->session_id;
882 sp.pppol2tp.d_session = session->peer_session_id;
883 sp.pppol2tp.addr.sin_family = AF_INET;
884 sp.pppol2tp.addr.sin_port = inet->inet_dport;
885 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
886 memcpy(uaddr, &sp, len);
887#if IS_ENABLED(CONFIG_IPV6)
888 } else if ((tunnel->version == 2) &&
889 (tunnel->sock->sk_family == AF_INET6)) {
890 struct sockaddr_pppol2tpin6 sp;
891
892 len = sizeof(sp);
893 memset(&sp, 0, len);
894 sp.sa_family = AF_PPPOX;
895 sp.sa_protocol = PX_PROTO_OL2TP;
896 sp.pppol2tp.fd = tunnel->fd;
897 sp.pppol2tp.pid = pls->owner;
898 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
899 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
900 sp.pppol2tp.s_session = session->session_id;
901 sp.pppol2tp.d_session = session->peer_session_id;
902 sp.pppol2tp.addr.sin6_family = AF_INET6;
903 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
904 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
905 sizeof(tunnel->sock->sk_v6_daddr));
906 memcpy(uaddr, &sp, len);
907 } else if ((tunnel->version == 3) &&
908 (tunnel->sock->sk_family == AF_INET6)) {
909 struct sockaddr_pppol2tpv3in6 sp;
910
911 len = sizeof(sp);
912 memset(&sp, 0, len);
913 sp.sa_family = AF_PPPOX;
914 sp.sa_protocol = PX_PROTO_OL2TP;
915 sp.pppol2tp.fd = tunnel->fd;
916 sp.pppol2tp.pid = pls->owner;
917 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
918 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
919 sp.pppol2tp.s_session = session->session_id;
920 sp.pppol2tp.d_session = session->peer_session_id;
921 sp.pppol2tp.addr.sin6_family = AF_INET6;
922 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
923 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
924 sizeof(tunnel->sock->sk_v6_daddr));
925 memcpy(uaddr, &sp, len);
926#endif
927 } else if (tunnel->version == 3) {
928 struct sockaddr_pppol2tpv3 sp;
929 len = sizeof(sp);
930 memset(&sp, 0, len);
931 sp.sa_family = AF_PPPOX;
932 sp.sa_protocol = PX_PROTO_OL2TP;
933 sp.pppol2tp.fd = tunnel->fd;
934 sp.pppol2tp.pid = pls->owner;
935 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
936 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
937 sp.pppol2tp.s_session = session->session_id;
938 sp.pppol2tp.d_session = session->peer_session_id;
939 sp.pppol2tp.addr.sin_family = AF_INET;
940 sp.pppol2tp.addr.sin_port = inet->inet_dport;
941 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
942 memcpy(uaddr, &sp, len);
943 }
944
945 *usockaddr_len = len;
946 error = 0;
947
948 sock_put(pls->tunnel_sock);
949end_put_sess:
950 sock_put(sk);
951end:
952 return error;
953}
954
955/****************************************************************************
956 * ioctl() handlers.
957 *
958 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
959 * sockets. However, in order to control kernel tunnel features, we allow
960 * userspace to create a special "tunnel" PPPoX socket which is used for
961 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
962 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
963 * calls.
964 ****************************************************************************/
965
966static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
967 struct l2tp_stats *stats)
968{
969 dest->tx_packets = atomic_long_read(&stats->tx_packets);
970 dest->tx_bytes = atomic_long_read(&stats->tx_bytes);
971 dest->tx_errors = atomic_long_read(&stats->tx_errors);
972 dest->rx_packets = atomic_long_read(&stats->rx_packets);
973 dest->rx_bytes = atomic_long_read(&stats->rx_bytes);
974 dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);
975 dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);
976 dest->rx_errors = atomic_long_read(&stats->rx_errors);
977}
978
979/* Session ioctl helper.
980 */
981static int pppol2tp_session_ioctl(struct l2tp_session *session,
982 unsigned int cmd, unsigned long arg)
983{
984 struct ifreq ifr;
985 int err = 0;
986 struct sock *sk;
987 int val = (int) arg;
988 struct pppol2tp_session *ps = l2tp_session_priv(session);
989 struct l2tp_tunnel *tunnel = session->tunnel;
990 struct pppol2tp_ioc_stats stats;
991
992 l2tp_dbg(session, L2TP_MSG_CONTROL,
993 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
994 session->name, cmd, arg);
995
996 sk = ps->sock;
997 sock_hold(sk);
998
999 switch (cmd) {
1000 case SIOCGIFMTU:
1001 err = -ENXIO;
1002 if (!(sk->sk_state & PPPOX_CONNECTED))
1003 break;
1004
1005 err = -EFAULT;
1006 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1007 break;
1008 ifr.ifr_mtu = session->mtu;
1009 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1010 break;
1011
1012 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get mtu=%d\n",
1013 session->name, session->mtu);
1014 err = 0;
1015 break;
1016
1017 case SIOCSIFMTU:
1018 err = -ENXIO;
1019 if (!(sk->sk_state & PPPOX_CONNECTED))
1020 break;
1021
1022 err = -EFAULT;
1023 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1024 break;
1025
1026 session->mtu = ifr.ifr_mtu;
1027
1028 l2tp_info(session, L2TP_MSG_CONTROL, "%s: set mtu=%d\n",
1029 session->name, session->mtu);
1030 err = 0;
1031 break;
1032
1033 case PPPIOCGMRU:
1034 err = -ENXIO;
1035 if (!(sk->sk_state & PPPOX_CONNECTED))
1036 break;
1037
1038 err = -EFAULT;
1039 if (put_user(session->mru, (int __user *) arg))
1040 break;
1041
1042 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get mru=%d\n",
1043 session->name, session->mru);
1044 err = 0;
1045 break;
1046
1047 case PPPIOCSMRU:
1048 err = -ENXIO;
1049 if (!(sk->sk_state & PPPOX_CONNECTED))
1050 break;
1051
1052 err = -EFAULT;
1053 if (get_user(val, (int __user *) arg))
1054 break;
1055
1056 session->mru = val;
1057 l2tp_info(session, L2TP_MSG_CONTROL, "%s: set mru=%d\n",
1058 session->name, session->mru);
1059 err = 0;
1060 break;
1061
1062 case PPPIOCGFLAGS:
1063 err = -EFAULT;
1064 if (put_user(ps->flags, (int __user *) arg))
1065 break;
1066
1067 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get flags=%d\n",
1068 session->name, ps->flags);
1069 err = 0;
1070 break;
1071
1072 case PPPIOCSFLAGS:
1073 err = -EFAULT;
1074 if (get_user(val, (int __user *) arg))
1075 break;
1076 ps->flags = val;
1077 l2tp_info(session, L2TP_MSG_CONTROL, "%s: set flags=%d\n",
1078 session->name, ps->flags);
1079 err = 0;
1080 break;
1081
1082 case PPPIOCGL2TPSTATS:
1083 err = -ENXIO;
1084 if (!(sk->sk_state & PPPOX_CONNECTED))
1085 break;
1086
1087 memset(&stats, 0, sizeof(stats));
1088 stats.tunnel_id = tunnel->tunnel_id;
1089 stats.session_id = session->session_id;
1090 pppol2tp_copy_stats(&stats, &session->stats);
1091 if (copy_to_user((void __user *) arg, &stats,
1092 sizeof(stats)))
1093 break;
1094 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1095 session->name);
1096 err = 0;
1097 break;
1098
1099 default:
1100 err = -ENOSYS;
1101 break;
1102 }
1103
1104 sock_put(sk);
1105
1106 return err;
1107}
1108
1109/* Tunnel ioctl helper.
1110 *
1111 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1112 * specifies a session_id, the session ioctl handler is called. This allows an
1113 * application to retrieve session stats via a tunnel socket.
1114 */
1115static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
1116 unsigned int cmd, unsigned long arg)
1117{
1118 int err = 0;
1119 struct sock *sk;
1120 struct pppol2tp_ioc_stats stats;
1121
1122 l2tp_dbg(tunnel, L2TP_MSG_CONTROL,
1123 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
1124 tunnel->name, cmd, arg);
1125
1126 sk = tunnel->sock;
1127 sock_hold(sk);
1128
1129 switch (cmd) {
1130 case PPPIOCGL2TPSTATS:
1131 err = -ENXIO;
1132 if (!(sk->sk_state & PPPOX_CONNECTED))
1133 break;
1134
1135 if (copy_from_user(&stats, (void __user *) arg,
1136 sizeof(stats))) {
1137 err = -EFAULT;
1138 break;
1139 }
1140 if (stats.session_id != 0) {
1141 /* resend to session ioctl handler */
1142 struct l2tp_session *session =
1143 l2tp_session_find(sock_net(sk), tunnel, stats.session_id);
1144 if (session != NULL)
1145 err = pppol2tp_session_ioctl(session, cmd, arg);
1146 else
1147 err = -EBADR;
1148 break;
1149 }
1150#ifdef CONFIG_XFRM
1151 stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1152#endif
1153 pppol2tp_copy_stats(&stats, &tunnel->stats);
1154 if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) {
1155 err = -EFAULT;
1156 break;
1157 }
1158 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get L2TP stats\n",
1159 tunnel->name);
1160 err = 0;
1161 break;
1162
1163 default:
1164 err = -ENOSYS;
1165 break;
1166 }
1167
1168 sock_put(sk);
1169
1170 return err;
1171}
1172
1173/* Main ioctl() handler.
1174 * Dispatch to tunnel or session helpers depending on the socket.
1175 */
1176static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1177 unsigned long arg)
1178{
1179 struct sock *sk = sock->sk;
1180 struct l2tp_session *session;
1181 struct l2tp_tunnel *tunnel;
1182 struct pppol2tp_session *ps;
1183 int err;
1184
1185 if (!sk)
1186 return 0;
1187
1188 err = -EBADF;
1189 if (sock_flag(sk, SOCK_DEAD) != 0)
1190 goto end;
1191
1192 err = -ENOTCONN;
1193 if ((sk->sk_user_data == NULL) ||
1194 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1195 goto end;
1196
1197 /* Get session context from the socket */
1198 err = -EBADF;
1199 session = pppol2tp_sock_to_session(sk);
1200 if (session == NULL)
1201 goto end;
1202
1203 /* Special case: if session's session_id is zero, treat ioctl as a
1204 * tunnel ioctl
1205 */
1206 ps = l2tp_session_priv(session);
1207 if ((session->session_id == 0) &&
1208 (session->peer_session_id == 0)) {
1209 err = -EBADF;
1210 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1211 if (tunnel == NULL)
1212 goto end_put_sess;
1213
1214 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1215 sock_put(ps->tunnel_sock);
1216 goto end_put_sess;
1217 }
1218
1219 err = pppol2tp_session_ioctl(session, cmd, arg);
1220
1221end_put_sess:
1222 sock_put(sk);
1223end:
1224 return err;
1225}
1226
1227/*****************************************************************************
1228 * setsockopt() / getsockopt() support.
1229 *
1230 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1231 * sockets. In order to control kernel tunnel features, we allow userspace to
1232 * create a special "tunnel" PPPoX socket which is used for control only.
1233 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1234 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1235 *****************************************************************************/
1236
1237/* Tunnel setsockopt() helper.
1238 */
1239static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1240 struct l2tp_tunnel *tunnel,
1241 int optname, int val)
1242{
1243 int err = 0;
1244
1245 switch (optname) {
1246 case PPPOL2TP_SO_DEBUG:
1247 tunnel->debug = val;
1248 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
1249 tunnel->name, tunnel->debug);
1250 break;
1251
1252 default:
1253 err = -ENOPROTOOPT;
1254 break;
1255 }
1256
1257 return err;
1258}
1259
1260/* Session setsockopt helper.
1261 */
1262static int pppol2tp_session_setsockopt(struct sock *sk,
1263 struct l2tp_session *session,
1264 int optname, int val)
1265{
1266 int err = 0;
1267 struct pppol2tp_session *ps = l2tp_session_priv(session);
1268
1269 switch (optname) {
1270 case PPPOL2TP_SO_RECVSEQ:
1271 if ((val != 0) && (val != 1)) {
1272 err = -EINVAL;
1273 break;
1274 }
1275 session->recv_seq = !!val;
1276 l2tp_info(session, L2TP_MSG_CONTROL,
1277 "%s: set recv_seq=%d\n",
1278 session->name, session->recv_seq);
1279 break;
1280
1281 case PPPOL2TP_SO_SENDSEQ:
1282 if ((val != 0) && (val != 1)) {
1283 err = -EINVAL;
1284 break;
1285 }
1286 session->send_seq = !!val;
1287 {
1288 struct sock *ssk = ps->sock;
1289 struct pppox_sock *po = pppox_sk(ssk);
1290 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1291 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1292 }
1293 l2tp_session_set_header_len(session, session->tunnel->version);
1294 l2tp_info(session, L2TP_MSG_CONTROL,
1295 "%s: set send_seq=%d\n",
1296 session->name, session->send_seq);
1297 break;
1298
1299 case PPPOL2TP_SO_LNSMODE:
1300 if ((val != 0) && (val != 1)) {
1301 err = -EINVAL;
1302 break;
1303 }
1304 session->lns_mode = !!val;
1305 l2tp_info(session, L2TP_MSG_CONTROL,
1306 "%s: set lns_mode=%d\n",
1307 session->name, session->lns_mode);
1308 break;
1309
1310 case PPPOL2TP_SO_DEBUG:
1311 session->debug = val;
1312 l2tp_info(session, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
1313 session->name, session->debug);
1314 break;
1315
1316 case PPPOL2TP_SO_REORDERTO:
1317 session->reorder_timeout = msecs_to_jiffies(val);
1318 l2tp_info(session, L2TP_MSG_CONTROL,
1319 "%s: set reorder_timeout=%d\n",
1320 session->name, session->reorder_timeout);
1321 break;
1322
1323 default:
1324 err = -ENOPROTOOPT;
1325 break;
1326 }
1327
1328 return err;
1329}
1330
1331/* Main setsockopt() entry point.
1332 * Does API checks, then calls either the tunnel or session setsockopt
1333 * handler, according to whether the PPPoL2TP socket is a for a regular
1334 * session or the special tunnel type.
1335 */
1336static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1337 char __user *optval, unsigned int optlen)
1338{
1339 struct sock *sk = sock->sk;
1340 struct l2tp_session *session;
1341 struct l2tp_tunnel *tunnel;
1342 struct pppol2tp_session *ps;
1343 int val;
1344 int err;
1345
1346 if (level != SOL_PPPOL2TP)
1347 return -EINVAL;
1348
1349 if (optlen < sizeof(int))
1350 return -EINVAL;
1351
1352 if (get_user(val, (int __user *)optval))
1353 return -EFAULT;
1354
1355 err = -ENOTCONN;
1356 if (sk->sk_user_data == NULL)
1357 goto end;
1358
1359 /* Get session context from the socket */
1360 err = -EBADF;
1361 session = pppol2tp_sock_to_session(sk);
1362 if (session == NULL)
1363 goto end;
1364
1365 /* Special case: if session_id == 0x0000, treat as operation on tunnel
1366 */
1367 ps = l2tp_session_priv(session);
1368 if ((session->session_id == 0) &&
1369 (session->peer_session_id == 0)) {
1370 err = -EBADF;
1371 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1372 if (tunnel == NULL)
1373 goto end_put_sess;
1374
1375 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1376 sock_put(ps->tunnel_sock);
1377 } else
1378 err = pppol2tp_session_setsockopt(sk, session, optname, val);
1379
1380 err = 0;
1381
1382end_put_sess:
1383 sock_put(sk);
1384end:
1385 return err;
1386}
1387
1388/* Tunnel getsockopt helper. Called with sock locked.
1389 */
1390static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1391 struct l2tp_tunnel *tunnel,
1392 int optname, int *val)
1393{
1394 int err = 0;
1395
1396 switch (optname) {
1397 case PPPOL2TP_SO_DEBUG:
1398 *val = tunnel->debug;
1399 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get debug=%x\n",
1400 tunnel->name, tunnel->debug);
1401 break;
1402
1403 default:
1404 err = -ENOPROTOOPT;
1405 break;
1406 }
1407
1408 return err;
1409}
1410
1411/* Session getsockopt helper. Called with sock locked.
1412 */
1413static int pppol2tp_session_getsockopt(struct sock *sk,
1414 struct l2tp_session *session,
1415 int optname, int *val)
1416{
1417 int err = 0;
1418
1419 switch (optname) {
1420 case PPPOL2TP_SO_RECVSEQ:
1421 *val = session->recv_seq;
1422 l2tp_info(session, L2TP_MSG_CONTROL,
1423 "%s: get recv_seq=%d\n", session->name, *val);
1424 break;
1425
1426 case PPPOL2TP_SO_SENDSEQ:
1427 *val = session->send_seq;
1428 l2tp_info(session, L2TP_MSG_CONTROL,
1429 "%s: get send_seq=%d\n", session->name, *val);
1430 break;
1431
1432 case PPPOL2TP_SO_LNSMODE:
1433 *val = session->lns_mode;
1434 l2tp_info(session, L2TP_MSG_CONTROL,
1435 "%s: get lns_mode=%d\n", session->name, *val);
1436 break;
1437
1438 case PPPOL2TP_SO_DEBUG:
1439 *val = session->debug;
1440 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get debug=%d\n",
1441 session->name, *val);
1442 break;
1443
1444 case PPPOL2TP_SO_REORDERTO:
1445 *val = (int) jiffies_to_msecs(session->reorder_timeout);
1446 l2tp_info(session, L2TP_MSG_CONTROL,
1447 "%s: get reorder_timeout=%d\n", session->name, *val);
1448 break;
1449
1450 default:
1451 err = -ENOPROTOOPT;
1452 }
1453
1454 return err;
1455}
1456
1457/* Main getsockopt() entry point.
1458 * Does API checks, then calls either the tunnel or session getsockopt
1459 * handler, according to whether the PPPoX socket is a for a regular session
1460 * or the special tunnel type.
1461 */
1462static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1463 char __user *optval, int __user *optlen)
1464{
1465 struct sock *sk = sock->sk;
1466 struct l2tp_session *session;
1467 struct l2tp_tunnel *tunnel;
1468 int val, len;
1469 int err;
1470 struct pppol2tp_session *ps;
1471
1472 if (level != SOL_PPPOL2TP)
1473 return -EINVAL;
1474
1475 if (get_user(len, optlen))
1476 return -EFAULT;
1477
1478 len = min_t(unsigned int, len, sizeof(int));
1479
1480 if (len < 0)
1481 return -EINVAL;
1482
1483 err = -ENOTCONN;
1484 if (sk->sk_user_data == NULL)
1485 goto end;
1486
1487 /* Get the session context */
1488 err = -EBADF;
1489 session = pppol2tp_sock_to_session(sk);
1490 if (session == NULL)
1491 goto end;
1492
1493 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1494 ps = l2tp_session_priv(session);
1495 if ((session->session_id == 0) &&
1496 (session->peer_session_id == 0)) {
1497 err = -EBADF;
1498 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1499 if (tunnel == NULL)
1500 goto end_put_sess;
1501
1502 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1503 sock_put(ps->tunnel_sock);
1504 } else
1505 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1506
1507 err = -EFAULT;
1508 if (put_user(len, optlen))
1509 goto end_put_sess;
1510
1511 if (copy_to_user((void __user *) optval, &val, len))
1512 goto end_put_sess;
1513
1514 err = 0;
1515
1516end_put_sess:
1517 sock_put(sk);
1518end:
1519 return err;
1520}
1521
1522/*****************************************************************************
1523 * /proc filesystem for debug
1524 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1525 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1526 *****************************************************************************/
1527
1528static unsigned int pppol2tp_net_id;
1529
1530#ifdef CONFIG_PROC_FS
1531
1532struct pppol2tp_seq_data {
1533 struct seq_net_private p;
1534 int tunnel_idx; /* current tunnel */
1535 int session_idx; /* index of session within current tunnel */
1536 struct l2tp_tunnel *tunnel;
1537 struct l2tp_session *session; /* NULL means get next tunnel */
1538};
1539
1540static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1541{
1542 for (;;) {
1543 pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx);
1544 pd->tunnel_idx++;
1545
1546 if (pd->tunnel == NULL)
1547 break;
1548
1549 /* Ignore L2TPv3 tunnels */
1550 if (pd->tunnel->version < 3)
1551 break;
1552 }
1553}
1554
1555static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1556{
1557 pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
1558 pd->session_idx++;
1559
1560 if (pd->session == NULL) {
1561 pd->session_idx = 0;
1562 pppol2tp_next_tunnel(net, pd);
1563 }
1564}
1565
1566static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1567{
1568 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1569 loff_t pos = *offs;
1570 struct net *net;
1571
1572 if (!pos)
1573 goto out;
1574
1575 BUG_ON(m->private == NULL);
1576 pd = m->private;
1577 net = seq_file_net(m);
1578
1579 if (pd->tunnel == NULL)
1580 pppol2tp_next_tunnel(net, pd);
1581 else
1582 pppol2tp_next_session(net, pd);
1583
1584 /* NULL tunnel and session indicates end of list */
1585 if ((pd->tunnel == NULL) && (pd->session == NULL))
1586 pd = NULL;
1587
1588out:
1589 return pd;
1590}
1591
1592static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1593{
1594 (*pos)++;
1595 return NULL;
1596}
1597
1598static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1599{
1600 /* nothing to do */
1601}
1602
1603static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1604{
1605 struct l2tp_tunnel *tunnel = v;
1606
1607 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1608 tunnel->name,
1609 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1610 atomic_read(&tunnel->ref_count) - 1);
1611 seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",
1612 tunnel->debug,
1613 atomic_long_read(&tunnel->stats.tx_packets),
1614 atomic_long_read(&tunnel->stats.tx_bytes),
1615 atomic_long_read(&tunnel->stats.tx_errors),
1616 atomic_long_read(&tunnel->stats.rx_packets),
1617 atomic_long_read(&tunnel->stats.rx_bytes),
1618 atomic_long_read(&tunnel->stats.rx_errors));
1619}
1620
1621static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1622{
1623 struct l2tp_session *session = v;
1624 struct l2tp_tunnel *tunnel = session->tunnel;
1625 struct pppol2tp_session *ps = l2tp_session_priv(session);
1626 struct pppox_sock *po = pppox_sk(ps->sock);
1627 u32 ip = 0;
1628 u16 port = 0;
1629
1630 if (tunnel->sock) {
1631 struct inet_sock *inet = inet_sk(tunnel->sock);
1632 ip = ntohl(inet->inet_saddr);
1633 port = ntohs(inet->inet_sport);
1634 }
1635
1636 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
1637 "%04X/%04X %d %c\n",
1638 session->name, ip, port,
1639 tunnel->tunnel_id,
1640 session->session_id,
1641 tunnel->peer_tunnel_id,
1642 session->peer_session_id,
1643 ps->sock->sk_state,
1644 (session == ps->sock->sk_user_data) ?
1645 'Y' : 'N');
1646 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
1647 session->mtu, session->mru,
1648 session->recv_seq ? 'R' : '-',
1649 session->send_seq ? 'S' : '-',
1650 session->lns_mode ? "LNS" : "LAC",
1651 session->debug,
1652 jiffies_to_msecs(session->reorder_timeout));
1653 seq_printf(m, " %hu/%hu %ld/%ld/%ld %ld/%ld/%ld\n",
1654 session->nr, session->ns,
1655 atomic_long_read(&session->stats.tx_packets),
1656 atomic_long_read(&session->stats.tx_bytes),
1657 atomic_long_read(&session->stats.tx_errors),
1658 atomic_long_read(&session->stats.rx_packets),
1659 atomic_long_read(&session->stats.rx_bytes),
1660 atomic_long_read(&session->stats.rx_errors));
1661
1662 if (po)
1663 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
1664}
1665
1666static int pppol2tp_seq_show(struct seq_file *m, void *v)
1667{
1668 struct pppol2tp_seq_data *pd = v;
1669
1670 /* display header on line 1 */
1671 if (v == SEQ_START_TOKEN) {
1672 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1673 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1674 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1675 seq_puts(m, " SESSION name, addr/port src-tid/sid "
1676 "dest-tid/sid state user-data-ok\n");
1677 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1678 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1679 goto out;
1680 }
1681
1682 /* Show the tunnel or session context.
1683 */
1684 if (pd->session == NULL)
1685 pppol2tp_seq_tunnel_show(m, pd->tunnel);
1686 else
1687 pppol2tp_seq_session_show(m, pd->session);
1688
1689out:
1690 return 0;
1691}
1692
1693static const struct seq_operations pppol2tp_seq_ops = {
1694 .start = pppol2tp_seq_start,
1695 .next = pppol2tp_seq_next,
1696 .stop = pppol2tp_seq_stop,
1697 .show = pppol2tp_seq_show,
1698};
1699
1700/* Called when our /proc file is opened. We allocate data for use when
1701 * iterating our tunnel / session contexts and store it in the private
1702 * data of the seq_file.
1703 */
1704static int pppol2tp_proc_open(struct inode *inode, struct file *file)
1705{
1706 return seq_open_net(inode, file, &pppol2tp_seq_ops,
1707 sizeof(struct pppol2tp_seq_data));
1708}
1709
1710static const struct file_operations pppol2tp_proc_fops = {
1711 .owner = THIS_MODULE,
1712 .open = pppol2tp_proc_open,
1713 .read = seq_read,
1714 .llseek = seq_lseek,
1715 .release = seq_release_net,
1716};
1717
1718#endif /* CONFIG_PROC_FS */
1719
1720/*****************************************************************************
1721 * Network namespace
1722 *****************************************************************************/
1723
1724static __net_init int pppol2tp_init_net(struct net *net)
1725{
1726 struct proc_dir_entry *pde;
1727 int err = 0;
1728
1729 pde = proc_create("pppol2tp", S_IRUGO, net->proc_net,
1730 &pppol2tp_proc_fops);
1731 if (!pde) {
1732 err = -ENOMEM;
1733 goto out;
1734 }
1735
1736out:
1737 return err;
1738}
1739
1740static __net_exit void pppol2tp_exit_net(struct net *net)
1741{
1742 remove_proc_entry("pppol2tp", net->proc_net);
1743}
1744
1745static struct pernet_operations pppol2tp_net_ops = {
1746 .init = pppol2tp_init_net,
1747 .exit = pppol2tp_exit_net,
1748 .id = &pppol2tp_net_id,
1749};
1750
1751/*****************************************************************************
1752 * Init and cleanup
1753 *****************************************************************************/
1754
1755static const struct proto_ops pppol2tp_ops = {
1756 .family = AF_PPPOX,
1757 .owner = THIS_MODULE,
1758 .release = pppol2tp_release,
1759 .bind = sock_no_bind,
1760 .connect = pppol2tp_connect,
1761 .socketpair = sock_no_socketpair,
1762 .accept = sock_no_accept,
1763 .getname = pppol2tp_getname,
1764 .poll = datagram_poll,
1765 .listen = sock_no_listen,
1766 .shutdown = sock_no_shutdown,
1767 .setsockopt = pppol2tp_setsockopt,
1768 .getsockopt = pppol2tp_getsockopt,
1769 .sendmsg = pppol2tp_sendmsg,
1770 .recvmsg = pppol2tp_recvmsg,
1771 .mmap = sock_no_mmap,
1772 .ioctl = pppox_ioctl,
1773};
1774
1775static const struct pppox_proto pppol2tp_proto = {
1776 .create = pppol2tp_create,
1777 .ioctl = pppol2tp_ioctl,
1778 .owner = THIS_MODULE,
1779};
1780
1781#ifdef CONFIG_L2TP_V3
1782
1783static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1784 .session_create = pppol2tp_session_create,
1785 .session_delete = l2tp_session_delete,
1786};
1787
1788#endif /* CONFIG_L2TP_V3 */
1789
1790static int __init pppol2tp_init(void)
1791{
1792 int err;
1793
1794 err = register_pernet_device(&pppol2tp_net_ops);
1795 if (err)
1796 goto out;
1797
1798 err = proto_register(&pppol2tp_sk_proto, 0);
1799 if (err)
1800 goto out_unregister_pppol2tp_pernet;
1801
1802 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1803 if (err)
1804 goto out_unregister_pppol2tp_proto;
1805
1806#ifdef CONFIG_L2TP_V3
1807 err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1808 if (err)
1809 goto out_unregister_pppox;
1810#endif
1811
1812 pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
1813
1814out:
1815 return err;
1816
1817#ifdef CONFIG_L2TP_V3
1818out_unregister_pppox:
1819 unregister_pppox_proto(PX_PROTO_OL2TP);
1820#endif
1821out_unregister_pppol2tp_proto:
1822 proto_unregister(&pppol2tp_sk_proto);
1823out_unregister_pppol2tp_pernet:
1824 unregister_pernet_device(&pppol2tp_net_ops);
1825 goto out;
1826}
1827
1828static void __exit pppol2tp_exit(void)
1829{
1830#ifdef CONFIG_L2TP_V3
1831 l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1832#endif
1833 unregister_pppox_proto(PX_PROTO_OL2TP);
1834 proto_unregister(&pppol2tp_sk_proto);
1835 unregister_pernet_device(&pppol2tp_net_ops);
1836}
1837
1838module_init(pppol2tp_init);
1839module_exit(pppol2tp_exit);
1840
1841MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1842MODULE_DESCRIPTION("PPP over L2TP over UDP");
1843MODULE_LICENSE("GPL");
1844MODULE_VERSION(PPPOL2TP_DRV_VERSION);
1845MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OL2TP);
1846MODULE_ALIAS_L2TP_PWTYPE(11);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*****************************************************************************
3 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
4 *
5 * PPPoX --- Generic PPP encapsulation socket family
6 * PPPoL2TP --- PPP over L2TP (RFC 2661)
7 *
8 * Version: 2.0.0
9 *
10 * Authors: James Chapman (jchapman@katalix.com)
11 *
12 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
13 *
14 * License:
15 */
16
17/* This driver handles only L2TP data frames; control frames are handled by a
18 * userspace application.
19 *
20 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
21 * attaches it to a bound UDP socket with local tunnel_id / session_id and
22 * peer tunnel_id / session_id set. Data can then be sent or received using
23 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
24 * can be read or modified using ioctl() or [gs]etsockopt() calls.
25 *
26 * When a PPPoL2TP socket is connected with local and peer session_id values
27 * zero, the socket is treated as a special tunnel management socket.
28 *
29 * Here's example userspace code to create a socket for sending/receiving data
30 * over an L2TP session:-
31 *
32 * struct sockaddr_pppol2tp sax;
33 * int fd;
34 * int session_fd;
35 *
36 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
37 *
38 * sax.sa_family = AF_PPPOX;
39 * sax.sa_protocol = PX_PROTO_OL2TP;
40 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
41 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
42 * sax.pppol2tp.addr.sin_port = addr->sin_port;
43 * sax.pppol2tp.addr.sin_family = AF_INET;
44 * sax.pppol2tp.s_tunnel = tunnel_id;
45 * sax.pppol2tp.s_session = session_id;
46 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
47 * sax.pppol2tp.d_session = peer_session_id;
48 *
49 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
50 *
51 * A pppd plugin that allows PPP traffic to be carried over L2TP using
52 * this driver is available from the OpenL2TP project at
53 * http://openl2tp.sourceforge.net.
54 */
55
56#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
57
58#include <linux/module.h>
59#include <linux/string.h>
60#include <linux/list.h>
61#include <linux/uaccess.h>
62
63#include <linux/kernel.h>
64#include <linux/spinlock.h>
65#include <linux/kthread.h>
66#include <linux/sched.h>
67#include <linux/slab.h>
68#include <linux/errno.h>
69#include <linux/jiffies.h>
70
71#include <linux/netdevice.h>
72#include <linux/net.h>
73#include <linux/inetdevice.h>
74#include <linux/skbuff.h>
75#include <linux/init.h>
76#include <linux/ip.h>
77#include <linux/udp.h>
78#include <linux/if_pppox.h>
79#include <linux/if_pppol2tp.h>
80#include <net/sock.h>
81#include <linux/ppp_channel.h>
82#include <linux/ppp_defs.h>
83#include <linux/ppp-ioctl.h>
84#include <linux/file.h>
85#include <linux/hash.h>
86#include <linux/sort.h>
87#include <linux/proc_fs.h>
88#include <linux/l2tp.h>
89#include <linux/nsproxy.h>
90#include <net/net_namespace.h>
91#include <net/netns/generic.h>
92#include <net/ip.h>
93#include <net/udp.h>
94#include <net/inet_common.h>
95
96#include <asm/byteorder.h>
97#include <linux/atomic.h>
98
99#include "l2tp_core.h"
100
101#define PPPOL2TP_DRV_VERSION "V2.0"
102
103/* Space for UDP, L2TP and PPP headers */
104#define PPPOL2TP_HEADER_OVERHEAD 40
105
106/* Number of bytes to build transmit L2TP headers.
107 * Unfortunately the size is different depending on whether sequence numbers
108 * are enabled.
109 */
110#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
111#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
112
113/* Private data of each session. This data lives at the end of struct
114 * l2tp_session, referenced via session->priv[].
115 */
116struct pppol2tp_session {
117 int owner; /* pid that opened the socket */
118
119 struct mutex sk_lock; /* Protects .sk */
120 struct sock __rcu *sk; /* Pointer to the session PPPoX socket */
121 struct sock *__sk; /* Copy of .sk, for cleanup */
122 struct rcu_head rcu; /* For asynchronous release */
123};
124
125static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
126
127static const struct ppp_channel_ops pppol2tp_chan_ops = {
128 .start_xmit = pppol2tp_xmit,
129};
130
131static const struct proto_ops pppol2tp_ops;
132
133/* Retrieves the pppol2tp socket associated to a session.
134 * A reference is held on the returned socket, so this function must be paired
135 * with sock_put().
136 */
137static struct sock *pppol2tp_session_get_sock(struct l2tp_session *session)
138{
139 struct pppol2tp_session *ps = l2tp_session_priv(session);
140 struct sock *sk;
141
142 rcu_read_lock();
143 sk = rcu_dereference(ps->sk);
144 if (sk)
145 sock_hold(sk);
146 rcu_read_unlock();
147
148 return sk;
149}
150
151/* Helpers to obtain tunnel/session contexts from sockets.
152 */
153static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
154{
155 struct l2tp_session *session;
156
157 if (!sk)
158 return NULL;
159
160 sock_hold(sk);
161 session = (struct l2tp_session *)(sk->sk_user_data);
162 if (!session) {
163 sock_put(sk);
164 goto out;
165 }
166 if (WARN_ON(session->magic != L2TP_SESSION_MAGIC)) {
167 session = NULL;
168 sock_put(sk);
169 goto out;
170 }
171
172out:
173 return session;
174}
175
176/*****************************************************************************
177 * Receive data handling
178 *****************************************************************************/
179
180/* Receive message. This is the recvmsg for the PPPoL2TP socket.
181 */
182static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg,
183 size_t len, int flags)
184{
185 int err;
186 struct sk_buff *skb;
187 struct sock *sk = sock->sk;
188
189 err = -EIO;
190 if (sk->sk_state & PPPOX_BOUND)
191 goto end;
192
193 err = 0;
194 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
195 flags & MSG_DONTWAIT, &err);
196 if (!skb)
197 goto end;
198
199 if (len > skb->len)
200 len = skb->len;
201 else if (len < skb->len)
202 msg->msg_flags |= MSG_TRUNC;
203
204 err = skb_copy_datagram_msg(skb, 0, msg, len);
205 if (likely(err == 0))
206 err = len;
207
208 kfree_skb(skb);
209end:
210 return err;
211}
212
213static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
214{
215 struct pppol2tp_session *ps = l2tp_session_priv(session);
216 struct sock *sk = NULL;
217
218 /* If the socket is bound, send it in to PPP's input queue. Otherwise
219 * queue it on the session socket.
220 */
221 rcu_read_lock();
222 sk = rcu_dereference(ps->sk);
223 if (!sk)
224 goto no_sock;
225
226 /* If the first two bytes are 0xFF03, consider that it is the PPP's
227 * Address and Control fields and skip them. The L2TP module has always
228 * worked this way, although, in theory, the use of these fields should
229 * be negotiated and handled at the PPP layer. These fields are
230 * constant: 0xFF is the All-Stations Address and 0x03 the Unnumbered
231 * Information command with Poll/Final bit set to zero (RFC 1662).
232 */
233 if (pskb_may_pull(skb, 2) && skb->data[0] == PPP_ALLSTATIONS &&
234 skb->data[1] == PPP_UI)
235 skb_pull(skb, 2);
236
237 if (sk->sk_state & PPPOX_BOUND) {
238 struct pppox_sock *po;
239
240 po = pppox_sk(sk);
241 ppp_input(&po->chan, skb);
242 } else {
243 if (sock_queue_rcv_skb(sk, skb) < 0) {
244 atomic_long_inc(&session->stats.rx_errors);
245 kfree_skb(skb);
246 }
247 }
248 rcu_read_unlock();
249
250 return;
251
252no_sock:
253 rcu_read_unlock();
254 pr_warn_ratelimited("%s: no socket in recv\n", session->name);
255 kfree_skb(skb);
256}
257
258/************************************************************************
259 * Transmit handling
260 ***********************************************************************/
261
262/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
263 * when a user application does a sendmsg() on the session socket. L2TP and
264 * PPP headers must be inserted into the user's data.
265 */
266static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m,
267 size_t total_len)
268{
269 struct sock *sk = sock->sk;
270 struct sk_buff *skb;
271 int error;
272 struct l2tp_session *session;
273 struct l2tp_tunnel *tunnel;
274 int uhlen;
275
276 error = -ENOTCONN;
277 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
278 goto error;
279
280 /* Get session and tunnel contexts */
281 error = -EBADF;
282 session = pppol2tp_sock_to_session(sk);
283 if (!session)
284 goto error;
285
286 tunnel = session->tunnel;
287
288 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
289
290 /* Allocate a socket buffer */
291 error = -ENOMEM;
292 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
293 uhlen + session->hdr_len +
294 2 + total_len, /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
295 0, GFP_KERNEL);
296 if (!skb)
297 goto error_put_sess;
298
299 /* Reserve space for headers. */
300 skb_reserve(skb, NET_SKB_PAD);
301 skb_reset_network_header(skb);
302 skb_reserve(skb, sizeof(struct iphdr));
303 skb_reset_transport_header(skb);
304 skb_reserve(skb, uhlen);
305
306 /* Add PPP header */
307 skb->data[0] = PPP_ALLSTATIONS;
308 skb->data[1] = PPP_UI;
309 skb_put(skb, 2);
310
311 /* Copy user data into skb */
312 error = memcpy_from_msg(skb_put(skb, total_len), m, total_len);
313 if (error < 0) {
314 kfree_skb(skb);
315 goto error_put_sess;
316 }
317
318 local_bh_disable();
319 l2tp_xmit_skb(session, skb);
320 local_bh_enable();
321
322 sock_put(sk);
323
324 return total_len;
325
326error_put_sess:
327 sock_put(sk);
328error:
329 return error;
330}
331
332/* Transmit function called by generic PPP driver. Sends PPP frame
333 * over PPPoL2TP socket.
334 *
335 * This is almost the same as pppol2tp_sendmsg(), but rather than
336 * being called with a msghdr from userspace, it is called with a skb
337 * from the kernel.
338 *
339 * The supplied skb from ppp doesn't have enough headroom for the
340 * insertion of L2TP, UDP and IP headers so we need to allocate more
341 * headroom in the skb. This will create a cloned skb. But we must be
342 * careful in the error case because the caller will expect to free
343 * the skb it supplied, not our cloned skb. So we take care to always
344 * leave the original skb unfreed if we return an error.
345 */
346static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
347{
348 struct sock *sk = (struct sock *)chan->private;
349 struct l2tp_session *session;
350 struct l2tp_tunnel *tunnel;
351 int uhlen, headroom;
352
353 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
354 goto abort;
355
356 /* Get session and tunnel contexts from the socket */
357 session = pppol2tp_sock_to_session(sk);
358 if (!session)
359 goto abort;
360
361 tunnel = session->tunnel;
362
363 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
364 headroom = NET_SKB_PAD +
365 sizeof(struct iphdr) + /* IP header */
366 uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */
367 session->hdr_len + /* L2TP header */
368 2; /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
369 if (skb_cow_head(skb, headroom))
370 goto abort_put_sess;
371
372 /* Setup PPP header */
373 __skb_push(skb, 2);
374 skb->data[0] = PPP_ALLSTATIONS;
375 skb->data[1] = PPP_UI;
376
377 local_bh_disable();
378 l2tp_xmit_skb(session, skb);
379 local_bh_enable();
380
381 sock_put(sk);
382
383 return 1;
384
385abort_put_sess:
386 sock_put(sk);
387abort:
388 /* Free the original skb */
389 kfree_skb(skb);
390 return 1;
391}
392
393/*****************************************************************************
394 * Session (and tunnel control) socket create/destroy.
395 *****************************************************************************/
396
397static void pppol2tp_put_sk(struct rcu_head *head)
398{
399 struct pppol2tp_session *ps;
400
401 ps = container_of(head, typeof(*ps), rcu);
402 sock_put(ps->__sk);
403}
404
405/* Really kill the session socket. (Called from sock_put() if
406 * refcnt == 0.)
407 */
408static void pppol2tp_session_destruct(struct sock *sk)
409{
410 struct l2tp_session *session = sk->sk_user_data;
411
412 skb_queue_purge(&sk->sk_receive_queue);
413 skb_queue_purge(&sk->sk_write_queue);
414
415 if (session) {
416 sk->sk_user_data = NULL;
417 if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))
418 return;
419 l2tp_session_dec_refcount(session);
420 }
421}
422
423/* Called when the PPPoX socket (session) is closed.
424 */
425static int pppol2tp_release(struct socket *sock)
426{
427 struct sock *sk = sock->sk;
428 struct l2tp_session *session;
429 int error;
430
431 if (!sk)
432 return 0;
433
434 error = -EBADF;
435 lock_sock(sk);
436 if (sock_flag(sk, SOCK_DEAD) != 0)
437 goto error;
438
439 pppox_unbind_sock(sk);
440
441 /* Signal the death of the socket. */
442 sk->sk_state = PPPOX_DEAD;
443 sock_orphan(sk);
444 sock->sk = NULL;
445
446 session = pppol2tp_sock_to_session(sk);
447 if (session) {
448 struct pppol2tp_session *ps;
449
450 l2tp_session_delete(session);
451
452 ps = l2tp_session_priv(session);
453 mutex_lock(&ps->sk_lock);
454 ps->__sk = rcu_dereference_protected(ps->sk,
455 lockdep_is_held(&ps->sk_lock));
456 RCU_INIT_POINTER(ps->sk, NULL);
457 mutex_unlock(&ps->sk_lock);
458 call_rcu(&ps->rcu, pppol2tp_put_sk);
459
460 /* Rely on the sock_put() call at the end of the function for
461 * dropping the reference held by pppol2tp_sock_to_session().
462 * The last reference will be dropped by pppol2tp_put_sk().
463 */
464 }
465
466 release_sock(sk);
467
468 /* This will delete the session context via
469 * pppol2tp_session_destruct() if the socket's refcnt drops to
470 * zero.
471 */
472 sock_put(sk);
473
474 return 0;
475
476error:
477 release_sock(sk);
478 return error;
479}
480
481static struct proto pppol2tp_sk_proto = {
482 .name = "PPPOL2TP",
483 .owner = THIS_MODULE,
484 .obj_size = sizeof(struct pppox_sock),
485};
486
487static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
488{
489 int rc;
490
491 rc = l2tp_udp_encap_recv(sk, skb);
492 if (rc)
493 kfree_skb(skb);
494
495 return NET_RX_SUCCESS;
496}
497
498/* socket() handler. Initialize a new struct sock.
499 */
500static int pppol2tp_create(struct net *net, struct socket *sock, int kern)
501{
502 int error = -ENOMEM;
503 struct sock *sk;
504
505 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, kern);
506 if (!sk)
507 goto out;
508
509 sock_init_data(sock, sk);
510
511 sock->state = SS_UNCONNECTED;
512 sock->ops = &pppol2tp_ops;
513
514 sk->sk_backlog_rcv = pppol2tp_backlog_recv;
515 sk->sk_protocol = PX_PROTO_OL2TP;
516 sk->sk_family = PF_PPPOX;
517 sk->sk_state = PPPOX_NONE;
518 sk->sk_type = SOCK_STREAM;
519 sk->sk_destruct = pppol2tp_session_destruct;
520
521 error = 0;
522
523out:
524 return error;
525}
526
527static void pppol2tp_show(struct seq_file *m, void *arg)
528{
529 struct l2tp_session *session = arg;
530 struct sock *sk;
531
532 sk = pppol2tp_session_get_sock(session);
533 if (sk) {
534 struct pppox_sock *po = pppox_sk(sk);
535
536 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
537 sock_put(sk);
538 }
539}
540
541static void pppol2tp_session_init(struct l2tp_session *session)
542{
543 struct pppol2tp_session *ps;
544
545 session->recv_skb = pppol2tp_recv;
546 if (IS_ENABLED(CONFIG_L2TP_DEBUGFS))
547 session->show = pppol2tp_show;
548
549 ps = l2tp_session_priv(session);
550 mutex_init(&ps->sk_lock);
551 ps->owner = current->pid;
552}
553
554struct l2tp_connect_info {
555 u8 version;
556 int fd;
557 u32 tunnel_id;
558 u32 peer_tunnel_id;
559 u32 session_id;
560 u32 peer_session_id;
561};
562
563static int pppol2tp_sockaddr_get_info(const void *sa, int sa_len,
564 struct l2tp_connect_info *info)
565{
566 switch (sa_len) {
567 case sizeof(struct sockaddr_pppol2tp):
568 {
569 const struct sockaddr_pppol2tp *sa_v2in4 = sa;
570
571 if (sa_v2in4->sa_protocol != PX_PROTO_OL2TP)
572 return -EINVAL;
573
574 info->version = 2;
575 info->fd = sa_v2in4->pppol2tp.fd;
576 info->tunnel_id = sa_v2in4->pppol2tp.s_tunnel;
577 info->peer_tunnel_id = sa_v2in4->pppol2tp.d_tunnel;
578 info->session_id = sa_v2in4->pppol2tp.s_session;
579 info->peer_session_id = sa_v2in4->pppol2tp.d_session;
580
581 break;
582 }
583 case sizeof(struct sockaddr_pppol2tpv3):
584 {
585 const struct sockaddr_pppol2tpv3 *sa_v3in4 = sa;
586
587 if (sa_v3in4->sa_protocol != PX_PROTO_OL2TP)
588 return -EINVAL;
589
590 info->version = 3;
591 info->fd = sa_v3in4->pppol2tp.fd;
592 info->tunnel_id = sa_v3in4->pppol2tp.s_tunnel;
593 info->peer_tunnel_id = sa_v3in4->pppol2tp.d_tunnel;
594 info->session_id = sa_v3in4->pppol2tp.s_session;
595 info->peer_session_id = sa_v3in4->pppol2tp.d_session;
596
597 break;
598 }
599 case sizeof(struct sockaddr_pppol2tpin6):
600 {
601 const struct sockaddr_pppol2tpin6 *sa_v2in6 = sa;
602
603 if (sa_v2in6->sa_protocol != PX_PROTO_OL2TP)
604 return -EINVAL;
605
606 info->version = 2;
607 info->fd = sa_v2in6->pppol2tp.fd;
608 info->tunnel_id = sa_v2in6->pppol2tp.s_tunnel;
609 info->peer_tunnel_id = sa_v2in6->pppol2tp.d_tunnel;
610 info->session_id = sa_v2in6->pppol2tp.s_session;
611 info->peer_session_id = sa_v2in6->pppol2tp.d_session;
612
613 break;
614 }
615 case sizeof(struct sockaddr_pppol2tpv3in6):
616 {
617 const struct sockaddr_pppol2tpv3in6 *sa_v3in6 = sa;
618
619 if (sa_v3in6->sa_protocol != PX_PROTO_OL2TP)
620 return -EINVAL;
621
622 info->version = 3;
623 info->fd = sa_v3in6->pppol2tp.fd;
624 info->tunnel_id = sa_v3in6->pppol2tp.s_tunnel;
625 info->peer_tunnel_id = sa_v3in6->pppol2tp.d_tunnel;
626 info->session_id = sa_v3in6->pppol2tp.s_session;
627 info->peer_session_id = sa_v3in6->pppol2tp.d_session;
628
629 break;
630 }
631 default:
632 return -EINVAL;
633 }
634
635 return 0;
636}
637
638/* Rough estimation of the maximum payload size a tunnel can transmit without
639 * fragmenting at the lower IP layer. Assumes L2TPv2 with sequence
640 * numbers and no IP option. Not quite accurate, but the result is mostly
641 * unused anyway.
642 */
643static int pppol2tp_tunnel_mtu(const struct l2tp_tunnel *tunnel)
644{
645 int mtu;
646
647 mtu = l2tp_tunnel_dst_mtu(tunnel);
648 if (mtu <= PPPOL2TP_HEADER_OVERHEAD)
649 return 1500 - PPPOL2TP_HEADER_OVERHEAD;
650
651 return mtu - PPPOL2TP_HEADER_OVERHEAD;
652}
653
654/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
655 */
656static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
657 int sockaddr_len, int flags)
658{
659 struct sock *sk = sock->sk;
660 struct pppox_sock *po = pppox_sk(sk);
661 struct l2tp_session *session = NULL;
662 struct l2tp_connect_info info;
663 struct l2tp_tunnel *tunnel;
664 struct pppol2tp_session *ps;
665 struct l2tp_session_cfg cfg = { 0, };
666 bool drop_refcnt = false;
667 bool drop_tunnel = false;
668 bool new_session = false;
669 bool new_tunnel = false;
670 int error;
671
672 error = pppol2tp_sockaddr_get_info(uservaddr, sockaddr_len, &info);
673 if (error < 0)
674 return error;
675
676 lock_sock(sk);
677
678 /* Check for already bound sockets */
679 error = -EBUSY;
680 if (sk->sk_state & PPPOX_CONNECTED)
681 goto end;
682
683 /* We don't supporting rebinding anyway */
684 error = -EALREADY;
685 if (sk->sk_user_data)
686 goto end; /* socket is already attached */
687
688 /* Don't bind if tunnel_id is 0 */
689 error = -EINVAL;
690 if (!info.tunnel_id)
691 goto end;
692
693 tunnel = l2tp_tunnel_get(sock_net(sk), info.tunnel_id);
694 if (tunnel)
695 drop_tunnel = true;
696
697 /* Special case: create tunnel context if session_id and
698 * peer_session_id is 0. Otherwise look up tunnel using supplied
699 * tunnel id.
700 */
701 if (!info.session_id && !info.peer_session_id) {
702 if (!tunnel) {
703 struct l2tp_tunnel_cfg tcfg = {
704 .encap = L2TP_ENCAPTYPE_UDP,
705 };
706
707 /* Prevent l2tp_tunnel_register() from trying to set up
708 * a kernel socket.
709 */
710 if (info.fd < 0) {
711 error = -EBADF;
712 goto end;
713 }
714
715 error = l2tp_tunnel_create(info.fd,
716 info.version,
717 info.tunnel_id,
718 info.peer_tunnel_id, &tcfg,
719 &tunnel);
720 if (error < 0)
721 goto end;
722
723 l2tp_tunnel_inc_refcount(tunnel);
724 error = l2tp_tunnel_register(tunnel, sock_net(sk),
725 &tcfg);
726 if (error < 0) {
727 kfree(tunnel);
728 goto end;
729 }
730 drop_tunnel = true;
731 new_tunnel = true;
732 }
733 } else {
734 /* Error if we can't find the tunnel */
735 error = -ENOENT;
736 if (!tunnel)
737 goto end;
738
739 /* Error if socket is not prepped */
740 if (!tunnel->sock)
741 goto end;
742 }
743
744 if (tunnel->peer_tunnel_id == 0)
745 tunnel->peer_tunnel_id = info.peer_tunnel_id;
746
747 session = l2tp_tunnel_get_session(tunnel, info.session_id);
748 if (session) {
749 drop_refcnt = true;
750
751 if (session->pwtype != L2TP_PWTYPE_PPP) {
752 error = -EPROTOTYPE;
753 goto end;
754 }
755
756 ps = l2tp_session_priv(session);
757
758 /* Using a pre-existing session is fine as long as it hasn't
759 * been connected yet.
760 */
761 mutex_lock(&ps->sk_lock);
762 if (rcu_dereference_protected(ps->sk,
763 lockdep_is_held(&ps->sk_lock)) ||
764 ps->__sk) {
765 mutex_unlock(&ps->sk_lock);
766 error = -EEXIST;
767 goto end;
768 }
769 } else {
770 cfg.pw_type = L2TP_PWTYPE_PPP;
771
772 session = l2tp_session_create(sizeof(struct pppol2tp_session),
773 tunnel, info.session_id,
774 info.peer_session_id, &cfg);
775 if (IS_ERR(session)) {
776 error = PTR_ERR(session);
777 goto end;
778 }
779
780 pppol2tp_session_init(session);
781 ps = l2tp_session_priv(session);
782 l2tp_session_inc_refcount(session);
783
784 mutex_lock(&ps->sk_lock);
785 error = l2tp_session_register(session, tunnel);
786 if (error < 0) {
787 mutex_unlock(&ps->sk_lock);
788 kfree(session);
789 goto end;
790 }
791 drop_refcnt = true;
792 new_session = true;
793 }
794
795 /* Special case: if source & dest session_id == 0x0000, this
796 * socket is being created to manage the tunnel. Just set up
797 * the internal context for use by ioctl() and sockopt()
798 * handlers.
799 */
800 if (session->session_id == 0 && session->peer_session_id == 0) {
801 error = 0;
802 goto out_no_ppp;
803 }
804
805 /* The only header we need to worry about is the L2TP
806 * header. This size is different depending on whether
807 * sequence numbers are enabled for the data channel.
808 */
809 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
810
811 po->chan.private = sk;
812 po->chan.ops = &pppol2tp_chan_ops;
813 po->chan.mtu = pppol2tp_tunnel_mtu(tunnel);
814
815 error = ppp_register_net_channel(sock_net(sk), &po->chan);
816 if (error) {
817 mutex_unlock(&ps->sk_lock);
818 goto end;
819 }
820
821out_no_ppp:
822 /* This is how we get the session context from the socket. */
823 sk->sk_user_data = session;
824 rcu_assign_pointer(ps->sk, sk);
825 mutex_unlock(&ps->sk_lock);
826
827 /* Keep the reference we've grabbed on the session: sk doesn't expect
828 * the session to disappear. pppol2tp_session_destruct() is responsible
829 * for dropping it.
830 */
831 drop_refcnt = false;
832
833 sk->sk_state = PPPOX_CONNECTED;
834
835end:
836 if (error) {
837 if (new_session)
838 l2tp_session_delete(session);
839 if (new_tunnel)
840 l2tp_tunnel_delete(tunnel);
841 }
842 if (drop_refcnt)
843 l2tp_session_dec_refcount(session);
844 if (drop_tunnel)
845 l2tp_tunnel_dec_refcount(tunnel);
846 release_sock(sk);
847
848 return error;
849}
850
851#ifdef CONFIG_L2TP_V3
852
853/* Called when creating sessions via the netlink interface. */
854static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel,
855 u32 session_id, u32 peer_session_id,
856 struct l2tp_session_cfg *cfg)
857{
858 int error;
859 struct l2tp_session *session;
860
861 /* Error if tunnel socket is not prepped */
862 if (!tunnel->sock) {
863 error = -ENOENT;
864 goto err;
865 }
866
867 /* Allocate and initialize a new session context. */
868 session = l2tp_session_create(sizeof(struct pppol2tp_session),
869 tunnel, session_id,
870 peer_session_id, cfg);
871 if (IS_ERR(session)) {
872 error = PTR_ERR(session);
873 goto err;
874 }
875
876 pppol2tp_session_init(session);
877
878 error = l2tp_session_register(session, tunnel);
879 if (error < 0)
880 goto err_sess;
881
882 return 0;
883
884err_sess:
885 kfree(session);
886err:
887 return error;
888}
889
890#endif /* CONFIG_L2TP_V3 */
891
892/* getname() support.
893 */
894static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
895 int peer)
896{
897 int len = 0;
898 int error = 0;
899 struct l2tp_session *session;
900 struct l2tp_tunnel *tunnel;
901 struct sock *sk = sock->sk;
902 struct inet_sock *inet;
903 struct pppol2tp_session *pls;
904
905 error = -ENOTCONN;
906 if (!sk)
907 goto end;
908 if (!(sk->sk_state & PPPOX_CONNECTED))
909 goto end;
910
911 error = -EBADF;
912 session = pppol2tp_sock_to_session(sk);
913 if (!session)
914 goto end;
915
916 pls = l2tp_session_priv(session);
917 tunnel = session->tunnel;
918
919 inet = inet_sk(tunnel->sock);
920 if (tunnel->version == 2 && tunnel->sock->sk_family == AF_INET) {
921 struct sockaddr_pppol2tp sp;
922
923 len = sizeof(sp);
924 memset(&sp, 0, len);
925 sp.sa_family = AF_PPPOX;
926 sp.sa_protocol = PX_PROTO_OL2TP;
927 sp.pppol2tp.fd = tunnel->fd;
928 sp.pppol2tp.pid = pls->owner;
929 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
930 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
931 sp.pppol2tp.s_session = session->session_id;
932 sp.pppol2tp.d_session = session->peer_session_id;
933 sp.pppol2tp.addr.sin_family = AF_INET;
934 sp.pppol2tp.addr.sin_port = inet->inet_dport;
935 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
936 memcpy(uaddr, &sp, len);
937#if IS_ENABLED(CONFIG_IPV6)
938 } else if (tunnel->version == 2 && tunnel->sock->sk_family == AF_INET6) {
939 struct sockaddr_pppol2tpin6 sp;
940
941 len = sizeof(sp);
942 memset(&sp, 0, len);
943 sp.sa_family = AF_PPPOX;
944 sp.sa_protocol = PX_PROTO_OL2TP;
945 sp.pppol2tp.fd = tunnel->fd;
946 sp.pppol2tp.pid = pls->owner;
947 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
948 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
949 sp.pppol2tp.s_session = session->session_id;
950 sp.pppol2tp.d_session = session->peer_session_id;
951 sp.pppol2tp.addr.sin6_family = AF_INET6;
952 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
953 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
954 sizeof(tunnel->sock->sk_v6_daddr));
955 memcpy(uaddr, &sp, len);
956 } else if (tunnel->version == 3 && tunnel->sock->sk_family == AF_INET6) {
957 struct sockaddr_pppol2tpv3in6 sp;
958
959 len = sizeof(sp);
960 memset(&sp, 0, len);
961 sp.sa_family = AF_PPPOX;
962 sp.sa_protocol = PX_PROTO_OL2TP;
963 sp.pppol2tp.fd = tunnel->fd;
964 sp.pppol2tp.pid = pls->owner;
965 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
966 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
967 sp.pppol2tp.s_session = session->session_id;
968 sp.pppol2tp.d_session = session->peer_session_id;
969 sp.pppol2tp.addr.sin6_family = AF_INET6;
970 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
971 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
972 sizeof(tunnel->sock->sk_v6_daddr));
973 memcpy(uaddr, &sp, len);
974#endif
975 } else if (tunnel->version == 3) {
976 struct sockaddr_pppol2tpv3 sp;
977
978 len = sizeof(sp);
979 memset(&sp, 0, len);
980 sp.sa_family = AF_PPPOX;
981 sp.sa_protocol = PX_PROTO_OL2TP;
982 sp.pppol2tp.fd = tunnel->fd;
983 sp.pppol2tp.pid = pls->owner;
984 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
985 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
986 sp.pppol2tp.s_session = session->session_id;
987 sp.pppol2tp.d_session = session->peer_session_id;
988 sp.pppol2tp.addr.sin_family = AF_INET;
989 sp.pppol2tp.addr.sin_port = inet->inet_dport;
990 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
991 memcpy(uaddr, &sp, len);
992 }
993
994 error = len;
995
996 sock_put(sk);
997end:
998 return error;
999}
1000
1001/****************************************************************************
1002 * ioctl() handlers.
1003 *
1004 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1005 * sockets. However, in order to control kernel tunnel features, we allow
1006 * userspace to create a special "tunnel" PPPoX socket which is used for
1007 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1008 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1009 * calls.
1010 ****************************************************************************/
1011
1012static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
1013 const struct l2tp_stats *stats)
1014{
1015 memset(dest, 0, sizeof(*dest));
1016
1017 dest->tx_packets = atomic_long_read(&stats->tx_packets);
1018 dest->tx_bytes = atomic_long_read(&stats->tx_bytes);
1019 dest->tx_errors = atomic_long_read(&stats->tx_errors);
1020 dest->rx_packets = atomic_long_read(&stats->rx_packets);
1021 dest->rx_bytes = atomic_long_read(&stats->rx_bytes);
1022 dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);
1023 dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);
1024 dest->rx_errors = atomic_long_read(&stats->rx_errors);
1025}
1026
1027static int pppol2tp_tunnel_copy_stats(struct pppol2tp_ioc_stats *stats,
1028 struct l2tp_tunnel *tunnel)
1029{
1030 struct l2tp_session *session;
1031
1032 if (!stats->session_id) {
1033 pppol2tp_copy_stats(stats, &tunnel->stats);
1034 return 0;
1035 }
1036
1037 /* If session_id is set, search the corresponding session in the
1038 * context of this tunnel and record the session's statistics.
1039 */
1040 session = l2tp_tunnel_get_session(tunnel, stats->session_id);
1041 if (!session)
1042 return -EBADR;
1043
1044 if (session->pwtype != L2TP_PWTYPE_PPP) {
1045 l2tp_session_dec_refcount(session);
1046 return -EBADR;
1047 }
1048
1049 pppol2tp_copy_stats(stats, &session->stats);
1050 l2tp_session_dec_refcount(session);
1051
1052 return 0;
1053}
1054
1055static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1056 unsigned long arg)
1057{
1058 struct pppol2tp_ioc_stats stats;
1059 struct l2tp_session *session;
1060
1061 switch (cmd) {
1062 case PPPIOCGMRU:
1063 case PPPIOCGFLAGS:
1064 session = sock->sk->sk_user_data;
1065 if (!session)
1066 return -ENOTCONN;
1067
1068 if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))
1069 return -EBADF;
1070
1071 /* Not defined for tunnels */
1072 if (!session->session_id && !session->peer_session_id)
1073 return -ENOSYS;
1074
1075 if (put_user(0, (int __user *)arg))
1076 return -EFAULT;
1077 break;
1078
1079 case PPPIOCSMRU:
1080 case PPPIOCSFLAGS:
1081 session = sock->sk->sk_user_data;
1082 if (!session)
1083 return -ENOTCONN;
1084
1085 if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))
1086 return -EBADF;
1087
1088 /* Not defined for tunnels */
1089 if (!session->session_id && !session->peer_session_id)
1090 return -ENOSYS;
1091
1092 if (!access_ok((int __user *)arg, sizeof(int)))
1093 return -EFAULT;
1094 break;
1095
1096 case PPPIOCGL2TPSTATS:
1097 session = sock->sk->sk_user_data;
1098 if (!session)
1099 return -ENOTCONN;
1100
1101 if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))
1102 return -EBADF;
1103
1104 /* Session 0 represents the parent tunnel */
1105 if (!session->session_id && !session->peer_session_id) {
1106 u32 session_id;
1107 int err;
1108
1109 if (copy_from_user(&stats, (void __user *)arg,
1110 sizeof(stats)))
1111 return -EFAULT;
1112
1113 session_id = stats.session_id;
1114 err = pppol2tp_tunnel_copy_stats(&stats,
1115 session->tunnel);
1116 if (err < 0)
1117 return err;
1118
1119 stats.session_id = session_id;
1120 } else {
1121 pppol2tp_copy_stats(&stats, &session->stats);
1122 stats.session_id = session->session_id;
1123 }
1124 stats.tunnel_id = session->tunnel->tunnel_id;
1125 stats.using_ipsec = l2tp_tunnel_uses_xfrm(session->tunnel);
1126
1127 if (copy_to_user((void __user *)arg, &stats, sizeof(stats)))
1128 return -EFAULT;
1129 break;
1130
1131 default:
1132 return -ENOIOCTLCMD;
1133 }
1134
1135 return 0;
1136}
1137
1138/*****************************************************************************
1139 * setsockopt() / getsockopt() support.
1140 *
1141 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1142 * sockets. In order to control kernel tunnel features, we allow userspace to
1143 * create a special "tunnel" PPPoX socket which is used for control only.
1144 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1145 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1146 *****************************************************************************/
1147
1148/* Tunnel setsockopt() helper.
1149 */
1150static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1151 struct l2tp_tunnel *tunnel,
1152 int optname, int val)
1153{
1154 int err = 0;
1155
1156 switch (optname) {
1157 case PPPOL2TP_SO_DEBUG:
1158 /* Tunnel debug flags option is deprecated */
1159 break;
1160
1161 default:
1162 err = -ENOPROTOOPT;
1163 break;
1164 }
1165
1166 return err;
1167}
1168
1169/* Session setsockopt helper.
1170 */
1171static int pppol2tp_session_setsockopt(struct sock *sk,
1172 struct l2tp_session *session,
1173 int optname, int val)
1174{
1175 int err = 0;
1176
1177 switch (optname) {
1178 case PPPOL2TP_SO_RECVSEQ:
1179 if (val != 0 && val != 1) {
1180 err = -EINVAL;
1181 break;
1182 }
1183 session->recv_seq = !!val;
1184 break;
1185
1186 case PPPOL2TP_SO_SENDSEQ:
1187 if (val != 0 && val != 1) {
1188 err = -EINVAL;
1189 break;
1190 }
1191 session->send_seq = !!val;
1192 {
1193 struct pppox_sock *po = pppox_sk(sk);
1194
1195 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1196 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1197 }
1198 l2tp_session_set_header_len(session, session->tunnel->version);
1199 break;
1200
1201 case PPPOL2TP_SO_LNSMODE:
1202 if (val != 0 && val != 1) {
1203 err = -EINVAL;
1204 break;
1205 }
1206 session->lns_mode = !!val;
1207 break;
1208
1209 case PPPOL2TP_SO_DEBUG:
1210 /* Session debug flags option is deprecated */
1211 break;
1212
1213 case PPPOL2TP_SO_REORDERTO:
1214 session->reorder_timeout = msecs_to_jiffies(val);
1215 break;
1216
1217 default:
1218 err = -ENOPROTOOPT;
1219 break;
1220 }
1221
1222 return err;
1223}
1224
1225/* Main setsockopt() entry point.
1226 * Does API checks, then calls either the tunnel or session setsockopt
1227 * handler, according to whether the PPPoL2TP socket is a for a regular
1228 * session or the special tunnel type.
1229 */
1230static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1231 sockptr_t optval, unsigned int optlen)
1232{
1233 struct sock *sk = sock->sk;
1234 struct l2tp_session *session;
1235 struct l2tp_tunnel *tunnel;
1236 int val;
1237 int err;
1238
1239 if (level != SOL_PPPOL2TP)
1240 return -EINVAL;
1241
1242 if (optlen < sizeof(int))
1243 return -EINVAL;
1244
1245 if (copy_from_sockptr(&val, optval, sizeof(int)))
1246 return -EFAULT;
1247
1248 err = -ENOTCONN;
1249 if (!sk->sk_user_data)
1250 goto end;
1251
1252 /* Get session context from the socket */
1253 err = -EBADF;
1254 session = pppol2tp_sock_to_session(sk);
1255 if (!session)
1256 goto end;
1257
1258 /* Special case: if session_id == 0x0000, treat as operation on tunnel
1259 */
1260 if (session->session_id == 0 && session->peer_session_id == 0) {
1261 tunnel = session->tunnel;
1262 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1263 } else {
1264 err = pppol2tp_session_setsockopt(sk, session, optname, val);
1265 }
1266
1267 sock_put(sk);
1268end:
1269 return err;
1270}
1271
1272/* Tunnel getsockopt helper. Called with sock locked.
1273 */
1274static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1275 struct l2tp_tunnel *tunnel,
1276 int optname, int *val)
1277{
1278 int err = 0;
1279
1280 switch (optname) {
1281 case PPPOL2TP_SO_DEBUG:
1282 /* Tunnel debug flags option is deprecated */
1283 *val = 0;
1284 break;
1285
1286 default:
1287 err = -ENOPROTOOPT;
1288 break;
1289 }
1290
1291 return err;
1292}
1293
1294/* Session getsockopt helper. Called with sock locked.
1295 */
1296static int pppol2tp_session_getsockopt(struct sock *sk,
1297 struct l2tp_session *session,
1298 int optname, int *val)
1299{
1300 int err = 0;
1301
1302 switch (optname) {
1303 case PPPOL2TP_SO_RECVSEQ:
1304 *val = session->recv_seq;
1305 break;
1306
1307 case PPPOL2TP_SO_SENDSEQ:
1308 *val = session->send_seq;
1309 break;
1310
1311 case PPPOL2TP_SO_LNSMODE:
1312 *val = session->lns_mode;
1313 break;
1314
1315 case PPPOL2TP_SO_DEBUG:
1316 /* Session debug flags option is deprecated */
1317 *val = 0;
1318 break;
1319
1320 case PPPOL2TP_SO_REORDERTO:
1321 *val = (int)jiffies_to_msecs(session->reorder_timeout);
1322 break;
1323
1324 default:
1325 err = -ENOPROTOOPT;
1326 }
1327
1328 return err;
1329}
1330
1331/* Main getsockopt() entry point.
1332 * Does API checks, then calls either the tunnel or session getsockopt
1333 * handler, according to whether the PPPoX socket is a for a regular session
1334 * or the special tunnel type.
1335 */
1336static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1337 char __user *optval, int __user *optlen)
1338{
1339 struct sock *sk = sock->sk;
1340 struct l2tp_session *session;
1341 struct l2tp_tunnel *tunnel;
1342 int val, len;
1343 int err;
1344
1345 if (level != SOL_PPPOL2TP)
1346 return -EINVAL;
1347
1348 if (get_user(len, optlen))
1349 return -EFAULT;
1350
1351 len = min_t(unsigned int, len, sizeof(int));
1352
1353 if (len < 0)
1354 return -EINVAL;
1355
1356 err = -ENOTCONN;
1357 if (!sk->sk_user_data)
1358 goto end;
1359
1360 /* Get the session context */
1361 err = -EBADF;
1362 session = pppol2tp_sock_to_session(sk);
1363 if (!session)
1364 goto end;
1365
1366 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1367 if (session->session_id == 0 && session->peer_session_id == 0) {
1368 tunnel = session->tunnel;
1369 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1370 if (err)
1371 goto end_put_sess;
1372 } else {
1373 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1374 if (err)
1375 goto end_put_sess;
1376 }
1377
1378 err = -EFAULT;
1379 if (put_user(len, optlen))
1380 goto end_put_sess;
1381
1382 if (copy_to_user((void __user *)optval, &val, len))
1383 goto end_put_sess;
1384
1385 err = 0;
1386
1387end_put_sess:
1388 sock_put(sk);
1389end:
1390 return err;
1391}
1392
1393/*****************************************************************************
1394 * /proc filesystem for debug
1395 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1396 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1397 *****************************************************************************/
1398
1399static unsigned int pppol2tp_net_id;
1400
1401#ifdef CONFIG_PROC_FS
1402
1403struct pppol2tp_seq_data {
1404 struct seq_net_private p;
1405 int tunnel_idx; /* current tunnel */
1406 int session_idx; /* index of session within current tunnel */
1407 struct l2tp_tunnel *tunnel;
1408 struct l2tp_session *session; /* NULL means get next tunnel */
1409};
1410
1411static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1412{
1413 /* Drop reference taken during previous invocation */
1414 if (pd->tunnel)
1415 l2tp_tunnel_dec_refcount(pd->tunnel);
1416
1417 for (;;) {
1418 pd->tunnel = l2tp_tunnel_get_nth(net, pd->tunnel_idx);
1419 pd->tunnel_idx++;
1420
1421 /* Only accept L2TPv2 tunnels */
1422 if (!pd->tunnel || pd->tunnel->version == 2)
1423 return;
1424
1425 l2tp_tunnel_dec_refcount(pd->tunnel);
1426 }
1427}
1428
1429static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1430{
1431 /* Drop reference taken during previous invocation */
1432 if (pd->session)
1433 l2tp_session_dec_refcount(pd->session);
1434
1435 pd->session = l2tp_session_get_nth(pd->tunnel, pd->session_idx);
1436 pd->session_idx++;
1437
1438 if (!pd->session) {
1439 pd->session_idx = 0;
1440 pppol2tp_next_tunnel(net, pd);
1441 }
1442}
1443
1444static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1445{
1446 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1447 loff_t pos = *offs;
1448 struct net *net;
1449
1450 if (!pos)
1451 goto out;
1452
1453 if (WARN_ON(!m->private)) {
1454 pd = NULL;
1455 goto out;
1456 }
1457
1458 pd = m->private;
1459 net = seq_file_net(m);
1460
1461 if (!pd->tunnel)
1462 pppol2tp_next_tunnel(net, pd);
1463 else
1464 pppol2tp_next_session(net, pd);
1465
1466 /* NULL tunnel and session indicates end of list */
1467 if (!pd->tunnel && !pd->session)
1468 pd = NULL;
1469
1470out:
1471 return pd;
1472}
1473
1474static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1475{
1476 (*pos)++;
1477 return NULL;
1478}
1479
1480static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1481{
1482 struct pppol2tp_seq_data *pd = v;
1483
1484 if (!pd || pd == SEQ_START_TOKEN)
1485 return;
1486
1487 /* Drop reference taken by last invocation of pppol2tp_next_session()
1488 * or pppol2tp_next_tunnel().
1489 */
1490 if (pd->session) {
1491 l2tp_session_dec_refcount(pd->session);
1492 pd->session = NULL;
1493 }
1494 if (pd->tunnel) {
1495 l2tp_tunnel_dec_refcount(pd->tunnel);
1496 pd->tunnel = NULL;
1497 }
1498}
1499
1500static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1501{
1502 struct l2tp_tunnel *tunnel = v;
1503
1504 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1505 tunnel->name,
1506 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1507 refcount_read(&tunnel->ref_count) - 1);
1508 seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",
1509 0,
1510 atomic_long_read(&tunnel->stats.tx_packets),
1511 atomic_long_read(&tunnel->stats.tx_bytes),
1512 atomic_long_read(&tunnel->stats.tx_errors),
1513 atomic_long_read(&tunnel->stats.rx_packets),
1514 atomic_long_read(&tunnel->stats.rx_bytes),
1515 atomic_long_read(&tunnel->stats.rx_errors));
1516}
1517
1518static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1519{
1520 struct l2tp_session *session = v;
1521 struct l2tp_tunnel *tunnel = session->tunnel;
1522 unsigned char state;
1523 char user_data_ok;
1524 struct sock *sk;
1525 u32 ip = 0;
1526 u16 port = 0;
1527
1528 if (tunnel->sock) {
1529 struct inet_sock *inet = inet_sk(tunnel->sock);
1530
1531 ip = ntohl(inet->inet_saddr);
1532 port = ntohs(inet->inet_sport);
1533 }
1534
1535 sk = pppol2tp_session_get_sock(session);
1536 if (sk) {
1537 state = sk->sk_state;
1538 user_data_ok = (session == sk->sk_user_data) ? 'Y' : 'N';
1539 } else {
1540 state = 0;
1541 user_data_ok = 'N';
1542 }
1543
1544 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> %04X/%04X %d %c\n",
1545 session->name, ip, port,
1546 tunnel->tunnel_id,
1547 session->session_id,
1548 tunnel->peer_tunnel_id,
1549 session->peer_session_id,
1550 state, user_data_ok);
1551 seq_printf(m, " 0/0/%c/%c/%s %08x %u\n",
1552 session->recv_seq ? 'R' : '-',
1553 session->send_seq ? 'S' : '-',
1554 session->lns_mode ? "LNS" : "LAC",
1555 0,
1556 jiffies_to_msecs(session->reorder_timeout));
1557 seq_printf(m, " %hu/%hu %ld/%ld/%ld %ld/%ld/%ld\n",
1558 session->nr, session->ns,
1559 atomic_long_read(&session->stats.tx_packets),
1560 atomic_long_read(&session->stats.tx_bytes),
1561 atomic_long_read(&session->stats.tx_errors),
1562 atomic_long_read(&session->stats.rx_packets),
1563 atomic_long_read(&session->stats.rx_bytes),
1564 atomic_long_read(&session->stats.rx_errors));
1565
1566 if (sk) {
1567 struct pppox_sock *po = pppox_sk(sk);
1568
1569 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
1570 sock_put(sk);
1571 }
1572}
1573
1574static int pppol2tp_seq_show(struct seq_file *m, void *v)
1575{
1576 struct pppol2tp_seq_data *pd = v;
1577
1578 /* display header on line 1 */
1579 if (v == SEQ_START_TOKEN) {
1580 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1581 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1582 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1583 seq_puts(m, " SESSION name, addr/port src-tid/sid dest-tid/sid state user-data-ok\n");
1584 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1585 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1586 goto out;
1587 }
1588
1589 if (!pd->session)
1590 pppol2tp_seq_tunnel_show(m, pd->tunnel);
1591 else
1592 pppol2tp_seq_session_show(m, pd->session);
1593
1594out:
1595 return 0;
1596}
1597
1598static const struct seq_operations pppol2tp_seq_ops = {
1599 .start = pppol2tp_seq_start,
1600 .next = pppol2tp_seq_next,
1601 .stop = pppol2tp_seq_stop,
1602 .show = pppol2tp_seq_show,
1603};
1604#endif /* CONFIG_PROC_FS */
1605
1606/*****************************************************************************
1607 * Network namespace
1608 *****************************************************************************/
1609
1610static __net_init int pppol2tp_init_net(struct net *net)
1611{
1612 struct proc_dir_entry *pde;
1613 int err = 0;
1614
1615 pde = proc_create_net("pppol2tp", 0444, net->proc_net,
1616 &pppol2tp_seq_ops, sizeof(struct pppol2tp_seq_data));
1617 if (!pde) {
1618 err = -ENOMEM;
1619 goto out;
1620 }
1621
1622out:
1623 return err;
1624}
1625
1626static __net_exit void pppol2tp_exit_net(struct net *net)
1627{
1628 remove_proc_entry("pppol2tp", net->proc_net);
1629}
1630
1631static struct pernet_operations pppol2tp_net_ops = {
1632 .init = pppol2tp_init_net,
1633 .exit = pppol2tp_exit_net,
1634 .id = &pppol2tp_net_id,
1635};
1636
1637/*****************************************************************************
1638 * Init and cleanup
1639 *****************************************************************************/
1640
1641static const struct proto_ops pppol2tp_ops = {
1642 .family = AF_PPPOX,
1643 .owner = THIS_MODULE,
1644 .release = pppol2tp_release,
1645 .bind = sock_no_bind,
1646 .connect = pppol2tp_connect,
1647 .socketpair = sock_no_socketpair,
1648 .accept = sock_no_accept,
1649 .getname = pppol2tp_getname,
1650 .poll = datagram_poll,
1651 .listen = sock_no_listen,
1652 .shutdown = sock_no_shutdown,
1653 .setsockopt = pppol2tp_setsockopt,
1654 .getsockopt = pppol2tp_getsockopt,
1655 .sendmsg = pppol2tp_sendmsg,
1656 .recvmsg = pppol2tp_recvmsg,
1657 .mmap = sock_no_mmap,
1658 .ioctl = pppox_ioctl,
1659#ifdef CONFIG_COMPAT
1660 .compat_ioctl = pppox_compat_ioctl,
1661#endif
1662};
1663
1664static const struct pppox_proto pppol2tp_proto = {
1665 .create = pppol2tp_create,
1666 .ioctl = pppol2tp_ioctl,
1667 .owner = THIS_MODULE,
1668};
1669
1670#ifdef CONFIG_L2TP_V3
1671
1672static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1673 .session_create = pppol2tp_session_create,
1674 .session_delete = l2tp_session_delete,
1675};
1676
1677#endif /* CONFIG_L2TP_V3 */
1678
1679static int __init pppol2tp_init(void)
1680{
1681 int err;
1682
1683 err = register_pernet_device(&pppol2tp_net_ops);
1684 if (err)
1685 goto out;
1686
1687 err = proto_register(&pppol2tp_sk_proto, 0);
1688 if (err)
1689 goto out_unregister_pppol2tp_pernet;
1690
1691 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1692 if (err)
1693 goto out_unregister_pppol2tp_proto;
1694
1695#ifdef CONFIG_L2TP_V3
1696 err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1697 if (err)
1698 goto out_unregister_pppox;
1699#endif
1700
1701 pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
1702
1703out:
1704 return err;
1705
1706#ifdef CONFIG_L2TP_V3
1707out_unregister_pppox:
1708 unregister_pppox_proto(PX_PROTO_OL2TP);
1709#endif
1710out_unregister_pppol2tp_proto:
1711 proto_unregister(&pppol2tp_sk_proto);
1712out_unregister_pppol2tp_pernet:
1713 unregister_pernet_device(&pppol2tp_net_ops);
1714 goto out;
1715}
1716
1717static void __exit pppol2tp_exit(void)
1718{
1719#ifdef CONFIG_L2TP_V3
1720 l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1721#endif
1722 unregister_pppox_proto(PX_PROTO_OL2TP);
1723 proto_unregister(&pppol2tp_sk_proto);
1724 unregister_pernet_device(&pppol2tp_net_ops);
1725}
1726
1727module_init(pppol2tp_init);
1728module_exit(pppol2tp_exit);
1729
1730MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1731MODULE_DESCRIPTION("PPP over L2TP over UDP");
1732MODULE_LICENSE("GPL");
1733MODULE_VERSION(PPPOL2TP_DRV_VERSION);
1734MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OL2TP);
1735MODULE_ALIAS_L2TP_PWTYPE(7);