Loading...
Note: File does not exist in v6.8.
1/** -*- linux-c -*- ***********************************************************
2 * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoE --- PPP over Ethernet (RFC 2516)
6 *
7 *
8 * Version: 0.7.0
9 *
10 * 070228 : Fix to allow multiple sessions with same remote MAC and same
11 * session id by including the local device ifindex in the
12 * tuple identifying a session. This also ensures packets can't
13 * be injected into a session from interfaces other than the one
14 * specified by userspace. Florian Zumbiehl <florz@florz.de>
15 * (Oh, BTW, this one is YYMMDD, in case you were wondering ...)
16 * 220102 : Fix module use count on failure in pppoe_create, pppox_sk -acme
17 * 030700 : Fixed connect logic to allow for disconnect.
18 * 270700 : Fixed potential SMP problems; we must protect against
19 * simultaneous invocation of ppp_input
20 * and ppp_unregister_channel.
21 * 040800 : Respect reference count mechanisms on net-devices.
22 * 200800 : fix kfree(skb) in pppoe_rcv (acme)
23 * Module reference count is decremented in the right spot now,
24 * guards against sock_put not actually freeing the sk
25 * in pppoe_release.
26 * 051000 : Initialization cleanup.
27 * 111100 : Fix recvmsg.
28 * 050101 : Fix PADT procesing.
29 * 140501 : Use pppoe_rcv_core to handle all backlog. (Alexey)
30 * 170701 : Do not lock_sock with rwlock held. (DaveM)
31 * Ignore discovery frames if user has socket
32 * locked. (DaveM)
33 * Ignore return value of dev_queue_xmit in __pppoe_xmit
34 * or else we may kfree an SKB twice. (DaveM)
35 * 190701 : When doing copies of skb's in __pppoe_xmit, always delete
36 * the original skb that was passed in on success, never on
37 * failure. Delete the copy of the skb on failure to avoid
38 * a memory leak.
39 * 081001 : Misc. cleanup (licence string, non-blocking, prevent
40 * reference of device on close).
41 * 121301 : New ppp channels interface; cannot unregister a channel
42 * from interrupts. Thus, we mark the socket as a ZOMBIE
43 * and do the unregistration later.
44 * 081002 : seq_file support for proc stuff -acme
45 * 111602 : Merge all 2.4 fixes into 2.5/2.6 tree. Label 2.5/2.6
46 * as version 0.7. Spacing cleanup.
47 * Author: Michal Ostrowski <mostrows@speakeasy.net>
48 * Contributors:
49 * Arnaldo Carvalho de Melo <acme@conectiva.com.br>
50 * David S. Miller (davem@redhat.com)
51 *
52 * License:
53 * This program is free software; you can redistribute it and/or
54 * modify it under the terms of the GNU General Public License
55 * as published by the Free Software Foundation; either version
56 * 2 of the License, or (at your option) any later version.
57 *
58 */
59
60#include <linux/string.h>
61#include <linux/module.h>
62#include <linux/kernel.h>
63#include <linux/slab.h>
64#include <linux/errno.h>
65#include <linux/netdevice.h>
66#include <linux/net.h>
67#include <linux/inetdevice.h>
68#include <linux/etherdevice.h>
69#include <linux/skbuff.h>
70#include <linux/init.h>
71#include <linux/if_ether.h>
72#include <linux/if_pppox.h>
73#include <linux/ppp_channel.h>
74#include <linux/ppp_defs.h>
75#include <linux/if_ppp.h>
76#include <linux/notifier.h>
77#include <linux/file.h>
78#include <linux/proc_fs.h>
79#include <linux/seq_file.h>
80
81#include <linux/nsproxy.h>
82#include <net/net_namespace.h>
83#include <net/netns/generic.h>
84#include <net/sock.h>
85
86#include <asm/uaccess.h>
87
88#define PPPOE_HASH_BITS 4
89#define PPPOE_HASH_SIZE (1 << PPPOE_HASH_BITS)
90#define PPPOE_HASH_MASK (PPPOE_HASH_SIZE - 1)
91
92static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb);
93
94static const struct proto_ops pppoe_ops;
95static const struct ppp_channel_ops pppoe_chan_ops;
96
97/* per-net private data for this module */
98static int pppoe_net_id __read_mostly;
99struct pppoe_net {
100 /*
101 * we could use _single_ hash table for all
102 * nets by injecting net id into the hash but
103 * it would increase hash chains and add
104 * a few additional math comparations messy
105 * as well, moreover in case of SMP less locking
106 * controversy here
107 */
108 struct pppox_sock *hash_table[PPPOE_HASH_SIZE];
109 rwlock_t hash_lock;
110};
111
112/*
113 * PPPoE could be in the following stages:
114 * 1) Discovery stage (to obtain remote MAC and Session ID)
115 * 2) Session stage (MAC and SID are known)
116 *
117 * Ethernet frames have a special tag for this but
118 * we use simpler approach based on session id
119 */
120static inline bool stage_session(__be16 sid)
121{
122 return sid != 0;
123}
124
125static inline struct pppoe_net *pppoe_pernet(struct net *net)
126{
127 BUG_ON(!net);
128
129 return net_generic(net, pppoe_net_id);
130}
131
132static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b)
133{
134 return a->sid == b->sid && !memcmp(a->remote, b->remote, ETH_ALEN);
135}
136
137static inline int cmp_addr(struct pppoe_addr *a, __be16 sid, char *addr)
138{
139 return a->sid == sid && !memcmp(a->remote, addr, ETH_ALEN);
140}
141
142#if 8 % PPPOE_HASH_BITS
143#error 8 must be a multiple of PPPOE_HASH_BITS
144#endif
145
146static int hash_item(__be16 sid, unsigned char *addr)
147{
148 unsigned char hash = 0;
149 unsigned int i;
150
151 for (i = 0; i < ETH_ALEN; i++)
152 hash ^= addr[i];
153 for (i = 0; i < sizeof(sid_t) * 8; i += 8)
154 hash ^= (__force __u32)sid >> i;
155 for (i = 8; (i >>= 1) >= PPPOE_HASH_BITS;)
156 hash ^= hash >> i;
157
158 return hash & PPPOE_HASH_MASK;
159}
160
161/**********************************************************************
162 *
163 * Set/get/delete/rehash items (internal versions)
164 *
165 **********************************************************************/
166static struct pppox_sock *__get_item(struct pppoe_net *pn, __be16 sid,
167 unsigned char *addr, int ifindex)
168{
169 int hash = hash_item(sid, addr);
170 struct pppox_sock *ret;
171
172 ret = pn->hash_table[hash];
173 while (ret) {
174 if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
175 ret->pppoe_ifindex == ifindex)
176 return ret;
177
178 ret = ret->next;
179 }
180
181 return NULL;
182}
183
184static int __set_item(struct pppoe_net *pn, struct pppox_sock *po)
185{
186 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
187 struct pppox_sock *ret;
188
189 ret = pn->hash_table[hash];
190 while (ret) {
191 if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) &&
192 ret->pppoe_ifindex == po->pppoe_ifindex)
193 return -EALREADY;
194
195 ret = ret->next;
196 }
197
198 po->next = pn->hash_table[hash];
199 pn->hash_table[hash] = po;
200
201 return 0;
202}
203
204static struct pppox_sock *__delete_item(struct pppoe_net *pn, __be16 sid,
205 char *addr, int ifindex)
206{
207 int hash = hash_item(sid, addr);
208 struct pppox_sock *ret, **src;
209
210 ret = pn->hash_table[hash];
211 src = &pn->hash_table[hash];
212
213 while (ret) {
214 if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
215 ret->pppoe_ifindex == ifindex) {
216 *src = ret->next;
217 break;
218 }
219
220 src = &ret->next;
221 ret = ret->next;
222 }
223
224 return ret;
225}
226
227/**********************************************************************
228 *
229 * Set/get/delete/rehash items
230 *
231 **********************************************************************/
232static inline struct pppox_sock *get_item(struct pppoe_net *pn, __be16 sid,
233 unsigned char *addr, int ifindex)
234{
235 struct pppox_sock *po;
236
237 read_lock_bh(&pn->hash_lock);
238 po = __get_item(pn, sid, addr, ifindex);
239 if (po)
240 sock_hold(sk_pppox(po));
241 read_unlock_bh(&pn->hash_lock);
242
243 return po;
244}
245
246static inline struct pppox_sock *get_item_by_addr(struct net *net,
247 struct sockaddr_pppox *sp)
248{
249 struct net_device *dev;
250 struct pppoe_net *pn;
251 struct pppox_sock *pppox_sock = NULL;
252
253 int ifindex;
254
255 rcu_read_lock();
256 dev = dev_get_by_name_rcu(net, sp->sa_addr.pppoe.dev);
257 if (dev) {
258 ifindex = dev->ifindex;
259 pn = pppoe_pernet(net);
260 pppox_sock = get_item(pn, sp->sa_addr.pppoe.sid,
261 sp->sa_addr.pppoe.remote, ifindex);
262 }
263 rcu_read_unlock();
264 return pppox_sock;
265}
266
267static inline struct pppox_sock *delete_item(struct pppoe_net *pn, __be16 sid,
268 char *addr, int ifindex)
269{
270 struct pppox_sock *ret;
271
272 write_lock_bh(&pn->hash_lock);
273 ret = __delete_item(pn, sid, addr, ifindex);
274 write_unlock_bh(&pn->hash_lock);
275
276 return ret;
277}
278
279/***************************************************************************
280 *
281 * Handler for device events.
282 * Certain device events require that sockets be unconnected.
283 *
284 **************************************************************************/
285
286static void pppoe_flush_dev(struct net_device *dev)
287{
288 struct pppoe_net *pn;
289 int i;
290
291 pn = pppoe_pernet(dev_net(dev));
292 write_lock_bh(&pn->hash_lock);
293 for (i = 0; i < PPPOE_HASH_SIZE; i++) {
294 struct pppox_sock *po = pn->hash_table[i];
295 struct sock *sk;
296
297 while (po) {
298 while (po && po->pppoe_dev != dev) {
299 po = po->next;
300 }
301
302 if (!po)
303 break;
304
305 sk = sk_pppox(po);
306
307 /* We always grab the socket lock, followed by the
308 * hash_lock, in that order. Since we should hold the
309 * sock lock while doing any unbinding, we need to
310 * release the lock we're holding. Hold a reference to
311 * the sock so it doesn't disappear as we're jumping
312 * between locks.
313 */
314
315 sock_hold(sk);
316 write_unlock_bh(&pn->hash_lock);
317 lock_sock(sk);
318
319 if (po->pppoe_dev == dev &&
320 sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) {
321 pppox_unbind_sock(sk);
322 sk->sk_state = PPPOX_ZOMBIE;
323 sk->sk_state_change(sk);
324 po->pppoe_dev = NULL;
325 dev_put(dev);
326 }
327
328 release_sock(sk);
329 sock_put(sk);
330
331 /* Restart the process from the start of the current
332 * hash chain. We dropped locks so the world may have
333 * change from underneath us.
334 */
335
336 BUG_ON(pppoe_pernet(dev_net(dev)) == NULL);
337 write_lock_bh(&pn->hash_lock);
338 po = pn->hash_table[i];
339 }
340 }
341 write_unlock_bh(&pn->hash_lock);
342}
343
344static int pppoe_device_event(struct notifier_block *this,
345 unsigned long event, void *ptr)
346{
347 struct net_device *dev = (struct net_device *)ptr;
348
349 /* Only look at sockets that are using this specific device. */
350 switch (event) {
351 case NETDEV_CHANGEADDR:
352 case NETDEV_CHANGEMTU:
353 /* A change in mtu or address is a bad thing, requiring
354 * LCP re-negotiation.
355 */
356
357 case NETDEV_GOING_DOWN:
358 case NETDEV_DOWN:
359 /* Find every socket on this device and kill it. */
360 pppoe_flush_dev(dev);
361 break;
362
363 default:
364 break;
365 }
366
367 return NOTIFY_DONE;
368}
369
370static struct notifier_block pppoe_notifier = {
371 .notifier_call = pppoe_device_event,
372};
373
374/************************************************************************
375 *
376 * Do the real work of receiving a PPPoE Session frame.
377 *
378 ***********************************************************************/
379static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
380{
381 struct pppox_sock *po = pppox_sk(sk);
382 struct pppox_sock *relay_po;
383
384 /* Backlog receive. Semantics of backlog rcv preclude any code from
385 * executing in lock_sock()/release_sock() bounds; meaning sk->sk_state
386 * can't change.
387 */
388
389 if (sk->sk_state & PPPOX_BOUND) {
390 ppp_input(&po->chan, skb);
391 } else if (sk->sk_state & PPPOX_RELAY) {
392 relay_po = get_item_by_addr(sock_net(sk),
393 &po->pppoe_relay);
394 if (relay_po == NULL)
395 goto abort_kfree;
396
397 if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == 0)
398 goto abort_put;
399
400 if (!__pppoe_xmit(sk_pppox(relay_po), skb))
401 goto abort_put;
402 } else {
403 if (sock_queue_rcv_skb(sk, skb))
404 goto abort_kfree;
405 }
406
407 return NET_RX_SUCCESS;
408
409abort_put:
410 sock_put(sk_pppox(relay_po));
411
412abort_kfree:
413 kfree_skb(skb);
414 return NET_RX_DROP;
415}
416
417/************************************************************************
418 *
419 * Receive wrapper called in BH context.
420 *
421 ***********************************************************************/
422static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev,
423 struct packet_type *pt, struct net_device *orig_dev)
424{
425 struct pppoe_hdr *ph;
426 struct pppox_sock *po;
427 struct pppoe_net *pn;
428 int len;
429
430 skb = skb_share_check(skb, GFP_ATOMIC);
431 if (!skb)
432 goto out;
433
434 if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
435 goto drop;
436
437 ph = pppoe_hdr(skb);
438 len = ntohs(ph->length);
439
440 skb_pull_rcsum(skb, sizeof(*ph));
441 if (skb->len < len)
442 goto drop;
443
444 if (pskb_trim_rcsum(skb, len))
445 goto drop;
446
447 pn = pppoe_pernet(dev_net(dev));
448
449 /* Note that get_item does a sock_hold(), so sk_pppox(po)
450 * is known to be safe.
451 */
452 po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
453 if (!po)
454 goto drop;
455
456 return sk_receive_skb(sk_pppox(po), skb, 0);
457
458drop:
459 kfree_skb(skb);
460out:
461 return NET_RX_DROP;
462}
463
464/************************************************************************
465 *
466 * Receive a PPPoE Discovery frame.
467 * This is solely for detection of PADT frames
468 *
469 ***********************************************************************/
470static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev,
471 struct packet_type *pt, struct net_device *orig_dev)
472
473{
474 struct pppoe_hdr *ph;
475 struct pppox_sock *po;
476 struct pppoe_net *pn;
477
478 skb = skb_share_check(skb, GFP_ATOMIC);
479 if (!skb)
480 goto out;
481
482 if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
483 goto abort;
484
485 ph = pppoe_hdr(skb);
486 if (ph->code != PADT_CODE)
487 goto abort;
488
489 pn = pppoe_pernet(dev_net(dev));
490 po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
491 if (po) {
492 struct sock *sk = sk_pppox(po);
493
494 bh_lock_sock(sk);
495
496 /* If the user has locked the socket, just ignore
497 * the packet. With the way two rcv protocols hook into
498 * one socket family type, we cannot (easily) distinguish
499 * what kind of SKB it is during backlog rcv.
500 */
501 if (sock_owned_by_user(sk) == 0) {
502 /* We're no longer connect at the PPPOE layer,
503 * and must wait for ppp channel to disconnect us.
504 */
505 sk->sk_state = PPPOX_ZOMBIE;
506 }
507
508 bh_unlock_sock(sk);
509 sock_put(sk);
510 }
511
512abort:
513 kfree_skb(skb);
514out:
515 return NET_RX_SUCCESS; /* Lies... :-) */
516}
517
518static struct packet_type pppoes_ptype __read_mostly = {
519 .type = cpu_to_be16(ETH_P_PPP_SES),
520 .func = pppoe_rcv,
521};
522
523static struct packet_type pppoed_ptype __read_mostly = {
524 .type = cpu_to_be16(ETH_P_PPP_DISC),
525 .func = pppoe_disc_rcv,
526};
527
528static struct proto pppoe_sk_proto __read_mostly = {
529 .name = "PPPOE",
530 .owner = THIS_MODULE,
531 .obj_size = sizeof(struct pppox_sock),
532};
533
534/***********************************************************************
535 *
536 * Initialize a new struct sock.
537 *
538 **********************************************************************/
539static int pppoe_create(struct net *net, struct socket *sock)
540{
541 struct sock *sk;
542
543 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto);
544 if (!sk)
545 return -ENOMEM;
546
547 sock_init_data(sock, sk);
548
549 sock->state = SS_UNCONNECTED;
550 sock->ops = &pppoe_ops;
551
552 sk->sk_backlog_rcv = pppoe_rcv_core;
553 sk->sk_state = PPPOX_NONE;
554 sk->sk_type = SOCK_STREAM;
555 sk->sk_family = PF_PPPOX;
556 sk->sk_protocol = PX_PROTO_OE;
557
558 return 0;
559}
560
561static int pppoe_release(struct socket *sock)
562{
563 struct sock *sk = sock->sk;
564 struct pppox_sock *po;
565 struct pppoe_net *pn;
566 struct net *net = NULL;
567
568 if (!sk)
569 return 0;
570
571 lock_sock(sk);
572 if (sock_flag(sk, SOCK_DEAD)) {
573 release_sock(sk);
574 return -EBADF;
575 }
576
577 po = pppox_sk(sk);
578
579 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
580 dev_put(po->pppoe_dev);
581 po->pppoe_dev = NULL;
582 }
583
584 pppox_unbind_sock(sk);
585
586 /* Signal the death of the socket. */
587 sk->sk_state = PPPOX_DEAD;
588
589 net = sock_net(sk);
590 pn = pppoe_pernet(net);
591
592 /*
593 * protect "po" from concurrent updates
594 * on pppoe_flush_dev
595 */
596 delete_item(pn, po->pppoe_pa.sid, po->pppoe_pa.remote,
597 po->pppoe_ifindex);
598
599 sock_orphan(sk);
600 sock->sk = NULL;
601
602 skb_queue_purge(&sk->sk_receive_queue);
603 release_sock(sk);
604 sock_put(sk);
605
606 return 0;
607}
608
609static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
610 int sockaddr_len, int flags)
611{
612 struct sock *sk = sock->sk;
613 struct sockaddr_pppox *sp = (struct sockaddr_pppox *)uservaddr;
614 struct pppox_sock *po = pppox_sk(sk);
615 struct net_device *dev = NULL;
616 struct pppoe_net *pn;
617 struct net *net = NULL;
618 int error;
619
620 lock_sock(sk);
621
622 error = -EINVAL;
623 if (sp->sa_protocol != PX_PROTO_OE)
624 goto end;
625
626 /* Check for already bound sockets */
627 error = -EBUSY;
628 if ((sk->sk_state & PPPOX_CONNECTED) &&
629 stage_session(sp->sa_addr.pppoe.sid))
630 goto end;
631
632 /* Check for already disconnected sockets, on attempts to disconnect */
633 error = -EALREADY;
634 if ((sk->sk_state & PPPOX_DEAD) &&
635 !stage_session(sp->sa_addr.pppoe.sid))
636 goto end;
637
638 error = 0;
639
640 /* Delete the old binding */
641 if (stage_session(po->pppoe_pa.sid)) {
642 pppox_unbind_sock(sk);
643 pn = pppoe_pernet(sock_net(sk));
644 delete_item(pn, po->pppoe_pa.sid,
645 po->pppoe_pa.remote, po->pppoe_ifindex);
646 if (po->pppoe_dev) {
647 dev_put(po->pppoe_dev);
648 po->pppoe_dev = NULL;
649 }
650
651 memset(sk_pppox(po) + 1, 0,
652 sizeof(struct pppox_sock) - sizeof(struct sock));
653 sk->sk_state = PPPOX_NONE;
654 }
655
656 /* Re-bind in session stage only */
657 if (stage_session(sp->sa_addr.pppoe.sid)) {
658 error = -ENODEV;
659 net = sock_net(sk);
660 dev = dev_get_by_name(net, sp->sa_addr.pppoe.dev);
661 if (!dev)
662 goto err_put;
663
664 po->pppoe_dev = dev;
665 po->pppoe_ifindex = dev->ifindex;
666 pn = pppoe_pernet(net);
667 if (!(dev->flags & IFF_UP)) {
668 goto err_put;
669 }
670
671 memcpy(&po->pppoe_pa,
672 &sp->sa_addr.pppoe,
673 sizeof(struct pppoe_addr));
674
675 write_lock_bh(&pn->hash_lock);
676 error = __set_item(pn, po);
677 write_unlock_bh(&pn->hash_lock);
678 if (error < 0)
679 goto err_put;
680
681 po->chan.hdrlen = (sizeof(struct pppoe_hdr) +
682 dev->hard_header_len);
683
684 po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr);
685 po->chan.private = sk;
686 po->chan.ops = &pppoe_chan_ops;
687
688 error = ppp_register_net_channel(dev_net(dev), &po->chan);
689 if (error) {
690 delete_item(pn, po->pppoe_pa.sid,
691 po->pppoe_pa.remote, po->pppoe_ifindex);
692 goto err_put;
693 }
694
695 sk->sk_state = PPPOX_CONNECTED;
696 }
697
698 po->num = sp->sa_addr.pppoe.sid;
699
700end:
701 release_sock(sk);
702 return error;
703err_put:
704 if (po->pppoe_dev) {
705 dev_put(po->pppoe_dev);
706 po->pppoe_dev = NULL;
707 }
708 goto end;
709}
710
711static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr,
712 int *usockaddr_len, int peer)
713{
714 int len = sizeof(struct sockaddr_pppox);
715 struct sockaddr_pppox sp;
716
717 sp.sa_family = AF_PPPOX;
718 sp.sa_protocol = PX_PROTO_OE;
719 memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa,
720 sizeof(struct pppoe_addr));
721
722 memcpy(uaddr, &sp, len);
723
724 *usockaddr_len = len;
725
726 return 0;
727}
728
729static int pppoe_ioctl(struct socket *sock, unsigned int cmd,
730 unsigned long arg)
731{
732 struct sock *sk = sock->sk;
733 struct pppox_sock *po = pppox_sk(sk);
734 int val;
735 int err;
736
737 switch (cmd) {
738 case PPPIOCGMRU:
739 err = -ENXIO;
740 if (!(sk->sk_state & PPPOX_CONNECTED))
741 break;
742
743 err = -EFAULT;
744 if (put_user(po->pppoe_dev->mtu -
745 sizeof(struct pppoe_hdr) -
746 PPP_HDRLEN,
747 (int __user *)arg))
748 break;
749 err = 0;
750 break;
751
752 case PPPIOCSMRU:
753 err = -ENXIO;
754 if (!(sk->sk_state & PPPOX_CONNECTED))
755 break;
756
757 err = -EFAULT;
758 if (get_user(val, (int __user *)arg))
759 break;
760
761 if (val < (po->pppoe_dev->mtu
762 - sizeof(struct pppoe_hdr)
763 - PPP_HDRLEN))
764 err = 0;
765 else
766 err = -EINVAL;
767 break;
768
769 case PPPIOCSFLAGS:
770 err = -EFAULT;
771 if (get_user(val, (int __user *)arg))
772 break;
773 err = 0;
774 break;
775
776 case PPPOEIOCSFWD:
777 {
778 struct pppox_sock *relay_po;
779
780 err = -EBUSY;
781 if (sk->sk_state & (PPPOX_BOUND | PPPOX_ZOMBIE | PPPOX_DEAD))
782 break;
783
784 err = -ENOTCONN;
785 if (!(sk->sk_state & PPPOX_CONNECTED))
786 break;
787
788 /* PPPoE address from the user specifies an outbound
789 PPPoE address which frames are forwarded to */
790 err = -EFAULT;
791 if (copy_from_user(&po->pppoe_relay,
792 (void __user *)arg,
793 sizeof(struct sockaddr_pppox)))
794 break;
795
796 err = -EINVAL;
797 if (po->pppoe_relay.sa_family != AF_PPPOX ||
798 po->pppoe_relay.sa_protocol != PX_PROTO_OE)
799 break;
800
801 /* Check that the socket referenced by the address
802 actually exists. */
803 relay_po = get_item_by_addr(sock_net(sk), &po->pppoe_relay);
804 if (!relay_po)
805 break;
806
807 sock_put(sk_pppox(relay_po));
808 sk->sk_state |= PPPOX_RELAY;
809 err = 0;
810 break;
811 }
812
813 case PPPOEIOCDFWD:
814 err = -EALREADY;
815 if (!(sk->sk_state & PPPOX_RELAY))
816 break;
817
818 sk->sk_state &= ~PPPOX_RELAY;
819 err = 0;
820 break;
821
822 default:
823 err = -ENOTTY;
824 }
825
826 return err;
827}
828
829static int pppoe_sendmsg(struct kiocb *iocb, struct socket *sock,
830 struct msghdr *m, size_t total_len)
831{
832 struct sk_buff *skb;
833 struct sock *sk = sock->sk;
834 struct pppox_sock *po = pppox_sk(sk);
835 int error;
836 struct pppoe_hdr hdr;
837 struct pppoe_hdr *ph;
838 struct net_device *dev;
839 char *start;
840
841 lock_sock(sk);
842 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) {
843 error = -ENOTCONN;
844 goto end;
845 }
846
847 hdr.ver = 1;
848 hdr.type = 1;
849 hdr.code = 0;
850 hdr.sid = po->num;
851
852 dev = po->pppoe_dev;
853
854 error = -EMSGSIZE;
855 if (total_len > (dev->mtu + dev->hard_header_len))
856 goto end;
857
858
859 skb = sock_wmalloc(sk, total_len + dev->hard_header_len + 32,
860 0, GFP_KERNEL);
861 if (!skb) {
862 error = -ENOMEM;
863 goto end;
864 }
865
866 /* Reserve space for headers. */
867 skb_reserve(skb, dev->hard_header_len);
868 skb_reset_network_header(skb);
869
870 skb->dev = dev;
871
872 skb->priority = sk->sk_priority;
873 skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
874
875 ph = (struct pppoe_hdr *)skb_put(skb, total_len + sizeof(struct pppoe_hdr));
876 start = (char *)&ph->tag[0];
877
878 error = memcpy_fromiovec(start, m->msg_iov, total_len);
879 if (error < 0) {
880 kfree_skb(skb);
881 goto end;
882 }
883
884 error = total_len;
885 dev_hard_header(skb, dev, ETH_P_PPP_SES,
886 po->pppoe_pa.remote, NULL, total_len);
887
888 memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
889
890 ph->length = htons(total_len);
891
892 dev_queue_xmit(skb);
893
894end:
895 release_sock(sk);
896 return error;
897}
898
899/************************************************************************
900 *
901 * xmit function for internal use.
902 *
903 ***********************************************************************/
904static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb)
905{
906 struct pppox_sock *po = pppox_sk(sk);
907 struct net_device *dev = po->pppoe_dev;
908 struct pppoe_hdr *ph;
909 int data_len = skb->len;
910
911 /* The higher-level PPP code (ppp_unregister_channel()) ensures the PPP
912 * xmit operations conclude prior to an unregistration call. Thus
913 * sk->sk_state cannot change, so we don't need to do lock_sock().
914 * But, we also can't do a lock_sock since that introduces a potential
915 * deadlock as we'd reverse the lock ordering used when calling
916 * ppp_unregister_channel().
917 */
918
919 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
920 goto abort;
921
922 if (!dev)
923 goto abort;
924
925 /* Copy the data if there is no space for the header or if it's
926 * read-only.
927 */
928 if (skb_cow_head(skb, sizeof(*ph) + dev->hard_header_len))
929 goto abort;
930
931 __skb_push(skb, sizeof(*ph));
932 skb_reset_network_header(skb);
933
934 ph = pppoe_hdr(skb);
935 ph->ver = 1;
936 ph->type = 1;
937 ph->code = 0;
938 ph->sid = po->num;
939 ph->length = htons(data_len);
940
941 skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
942 skb->dev = dev;
943
944 dev_hard_header(skb, dev, ETH_P_PPP_SES,
945 po->pppoe_pa.remote, NULL, data_len);
946
947 dev_queue_xmit(skb);
948 return 1;
949
950abort:
951 kfree_skb(skb);
952 return 1;
953}
954
955/************************************************************************
956 *
957 * xmit function called by generic PPP driver
958 * sends PPP frame over PPPoE socket
959 *
960 ***********************************************************************/
961static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb)
962{
963 struct sock *sk = (struct sock *)chan->private;
964 return __pppoe_xmit(sk, skb);
965}
966
967static const struct ppp_channel_ops pppoe_chan_ops = {
968 .start_xmit = pppoe_xmit,
969};
970
971static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock,
972 struct msghdr *m, size_t total_len, int flags)
973{
974 struct sock *sk = sock->sk;
975 struct sk_buff *skb;
976 int error = 0;
977
978 if (sk->sk_state & PPPOX_BOUND) {
979 error = -EIO;
980 goto end;
981 }
982
983 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
984 flags & MSG_DONTWAIT, &error);
985 if (error < 0)
986 goto end;
987
988 m->msg_namelen = 0;
989
990 if (skb) {
991 total_len = min_t(size_t, total_len, skb->len);
992 error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len);
993 if (error == 0)
994 error = total_len;
995 }
996
997 kfree_skb(skb);
998end:
999 return error;
1000}
1001
1002#ifdef CONFIG_PROC_FS
1003static int pppoe_seq_show(struct seq_file *seq, void *v)
1004{
1005 struct pppox_sock *po;
1006 char *dev_name;
1007
1008 if (v == SEQ_START_TOKEN) {
1009 seq_puts(seq, "Id Address Device\n");
1010 goto out;
1011 }
1012
1013 po = v;
1014 dev_name = po->pppoe_pa.dev;
1015
1016 seq_printf(seq, "%08X %pM %8s\n",
1017 po->pppoe_pa.sid, po->pppoe_pa.remote, dev_name);
1018out:
1019 return 0;
1020}
1021
1022static inline struct pppox_sock *pppoe_get_idx(struct pppoe_net *pn, loff_t pos)
1023{
1024 struct pppox_sock *po;
1025 int i;
1026
1027 for (i = 0; i < PPPOE_HASH_SIZE; i++) {
1028 po = pn->hash_table[i];
1029 while (po) {
1030 if (!pos--)
1031 goto out;
1032 po = po->next;
1033 }
1034 }
1035
1036out:
1037 return po;
1038}
1039
1040static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos)
1041 __acquires(pn->hash_lock)
1042{
1043 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1044 loff_t l = *pos;
1045
1046 read_lock_bh(&pn->hash_lock);
1047 return l ? pppoe_get_idx(pn, --l) : SEQ_START_TOKEN;
1048}
1049
1050static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1051{
1052 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1053 struct pppox_sock *po;
1054
1055 ++*pos;
1056 if (v == SEQ_START_TOKEN) {
1057 po = pppoe_get_idx(pn, 0);
1058 goto out;
1059 }
1060 po = v;
1061 if (po->next)
1062 po = po->next;
1063 else {
1064 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
1065
1066 po = NULL;
1067 while (++hash < PPPOE_HASH_SIZE) {
1068 po = pn->hash_table[hash];
1069 if (po)
1070 break;
1071 }
1072 }
1073
1074out:
1075 return po;
1076}
1077
1078static void pppoe_seq_stop(struct seq_file *seq, void *v)
1079 __releases(pn->hash_lock)
1080{
1081 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1082 read_unlock_bh(&pn->hash_lock);
1083}
1084
1085static const struct seq_operations pppoe_seq_ops = {
1086 .start = pppoe_seq_start,
1087 .next = pppoe_seq_next,
1088 .stop = pppoe_seq_stop,
1089 .show = pppoe_seq_show,
1090};
1091
1092static int pppoe_seq_open(struct inode *inode, struct file *file)
1093{
1094 return seq_open_net(inode, file, &pppoe_seq_ops,
1095 sizeof(struct seq_net_private));
1096}
1097
1098static const struct file_operations pppoe_seq_fops = {
1099 .owner = THIS_MODULE,
1100 .open = pppoe_seq_open,
1101 .read = seq_read,
1102 .llseek = seq_lseek,
1103 .release = seq_release_net,
1104};
1105
1106#endif /* CONFIG_PROC_FS */
1107
1108static const struct proto_ops pppoe_ops = {
1109 .family = AF_PPPOX,
1110 .owner = THIS_MODULE,
1111 .release = pppoe_release,
1112 .bind = sock_no_bind,
1113 .connect = pppoe_connect,
1114 .socketpair = sock_no_socketpair,
1115 .accept = sock_no_accept,
1116 .getname = pppoe_getname,
1117 .poll = datagram_poll,
1118 .listen = sock_no_listen,
1119 .shutdown = sock_no_shutdown,
1120 .setsockopt = sock_no_setsockopt,
1121 .getsockopt = sock_no_getsockopt,
1122 .sendmsg = pppoe_sendmsg,
1123 .recvmsg = pppoe_recvmsg,
1124 .mmap = sock_no_mmap,
1125 .ioctl = pppox_ioctl,
1126};
1127
1128static const struct pppox_proto pppoe_proto = {
1129 .create = pppoe_create,
1130 .ioctl = pppoe_ioctl,
1131 .owner = THIS_MODULE,
1132};
1133
1134static __net_init int pppoe_init_net(struct net *net)
1135{
1136 struct pppoe_net *pn = pppoe_pernet(net);
1137 struct proc_dir_entry *pde;
1138
1139 rwlock_init(&pn->hash_lock);
1140
1141 pde = proc_net_fops_create(net, "pppoe", S_IRUGO, &pppoe_seq_fops);
1142#ifdef CONFIG_PROC_FS
1143 if (!pde)
1144 return -ENOMEM;
1145#endif
1146
1147 return 0;
1148}
1149
1150static __net_exit void pppoe_exit_net(struct net *net)
1151{
1152 proc_net_remove(net, "pppoe");
1153}
1154
1155static struct pernet_operations pppoe_net_ops = {
1156 .init = pppoe_init_net,
1157 .exit = pppoe_exit_net,
1158 .id = &pppoe_net_id,
1159 .size = sizeof(struct pppoe_net),
1160};
1161
1162static int __init pppoe_init(void)
1163{
1164 int err;
1165
1166 err = register_pernet_device(&pppoe_net_ops);
1167 if (err)
1168 goto out;
1169
1170 err = proto_register(&pppoe_sk_proto, 0);
1171 if (err)
1172 goto out_unregister_net_ops;
1173
1174 err = register_pppox_proto(PX_PROTO_OE, &pppoe_proto);
1175 if (err)
1176 goto out_unregister_pppoe_proto;
1177
1178 dev_add_pack(&pppoes_ptype);
1179 dev_add_pack(&pppoed_ptype);
1180 register_netdevice_notifier(&pppoe_notifier);
1181
1182 return 0;
1183
1184out_unregister_pppoe_proto:
1185 proto_unregister(&pppoe_sk_proto);
1186out_unregister_net_ops:
1187 unregister_pernet_device(&pppoe_net_ops);
1188out:
1189 return err;
1190}
1191
1192static void __exit pppoe_exit(void)
1193{
1194 unregister_netdevice_notifier(&pppoe_notifier);
1195 dev_remove_pack(&pppoed_ptype);
1196 dev_remove_pack(&pppoes_ptype);
1197 unregister_pppox_proto(PX_PROTO_OE);
1198 proto_unregister(&pppoe_sk_proto);
1199 unregister_pernet_device(&pppoe_net_ops);
1200}
1201
1202module_init(pppoe_init);
1203module_exit(pppoe_exit);
1204
1205MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>");
1206MODULE_DESCRIPTION("PPP over Ethernet driver");
1207MODULE_LICENSE("GPL");
1208MODULE_ALIAS_NETPROTO(PF_PPPOX);