xref: /openbmc/linux/net/l2tp/l2tp_netlink.c (revision b8265621)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* L2TP netlink layer, for management
3  *
4  * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5  *
6  * Partly based on the IrDA nelink implementation
7  * (see net/irda/irnetlink.c) which is:
8  * Copyright (c) 2007 Samuel Ortiz <samuel@sortiz.org>
9  * which is in turn partly based on the wireless netlink code:
10  * Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
11  */
12 
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 
15 #include <net/sock.h>
16 #include <net/genetlink.h>
17 #include <net/udp.h>
18 #include <linux/in.h>
19 #include <linux/udp.h>
20 #include <linux/socket.h>
21 #include <linux/module.h>
22 #include <linux/list.h>
23 #include <net/net_namespace.h>
24 
25 #include <linux/l2tp.h>
26 
27 #include "l2tp_core.h"
28 
29 static struct genl_family l2tp_nl_family;
30 
31 static const struct genl_multicast_group l2tp_multicast_group[] = {
32 	{
33 		.name = L2TP_GENL_MCGROUP,
34 	},
35 };
36 
37 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq,
38 			       int flags, struct l2tp_tunnel *tunnel, u8 cmd);
39 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq,
40 				int flags, struct l2tp_session *session,
41 				u8 cmd);
42 
43 /* Accessed under genl lock */
44 static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX];
45 
46 static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info)
47 {
48 	u32 tunnel_id;
49 	u32 session_id;
50 	char *ifname;
51 	struct l2tp_tunnel *tunnel;
52 	struct l2tp_session *session = NULL;
53 	struct net *net = genl_info_net(info);
54 
55 	if (info->attrs[L2TP_ATTR_IFNAME]) {
56 		ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
57 		session = l2tp_session_get_by_ifname(net, ifname);
58 	} else if ((info->attrs[L2TP_ATTR_SESSION_ID]) &&
59 		   (info->attrs[L2TP_ATTR_CONN_ID])) {
60 		tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
61 		session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
62 		tunnel = l2tp_tunnel_get(net, tunnel_id);
63 		if (tunnel) {
64 			session = l2tp_tunnel_get_session(tunnel, session_id);
65 			l2tp_tunnel_dec_refcount(tunnel);
66 		}
67 	}
68 
69 	return session;
70 }
71 
72 static int l2tp_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info)
73 {
74 	struct sk_buff *msg;
75 	void *hdr;
76 	int ret = -ENOBUFS;
77 
78 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
79 	if (!msg) {
80 		ret = -ENOMEM;
81 		goto out;
82 	}
83 
84 	hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq,
85 			  &l2tp_nl_family, 0, L2TP_CMD_NOOP);
86 	if (!hdr) {
87 		ret = -EMSGSIZE;
88 		goto err_out;
89 	}
90 
91 	genlmsg_end(msg, hdr);
92 
93 	return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
94 
95 err_out:
96 	nlmsg_free(msg);
97 
98 out:
99 	return ret;
100 }
101 
102 static int l2tp_tunnel_notify(struct genl_family *family,
103 			      struct genl_info *info,
104 			      struct l2tp_tunnel *tunnel,
105 			      u8 cmd)
106 {
107 	struct sk_buff *msg;
108 	int ret;
109 
110 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
111 	if (!msg)
112 		return -ENOMEM;
113 
114 	ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
115 				  NLM_F_ACK, tunnel, cmd);
116 
117 	if (ret >= 0) {
118 		ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
119 		/* We don't care if no one is listening */
120 		if (ret == -ESRCH)
121 			ret = 0;
122 		return ret;
123 	}
124 
125 	nlmsg_free(msg);
126 
127 	return ret;
128 }
129 
130 static int l2tp_session_notify(struct genl_family *family,
131 			       struct genl_info *info,
132 			       struct l2tp_session *session,
133 			       u8 cmd)
134 {
135 	struct sk_buff *msg;
136 	int ret;
137 
138 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
139 	if (!msg)
140 		return -ENOMEM;
141 
142 	ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
143 				   NLM_F_ACK, session, cmd);
144 
145 	if (ret >= 0) {
146 		ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
147 		/* We don't care if no one is listening */
148 		if (ret == -ESRCH)
149 			ret = 0;
150 		return ret;
151 	}
152 
153 	nlmsg_free(msg);
154 
155 	return ret;
156 }
157 
158 static int l2tp_nl_cmd_tunnel_create_get_addr(struct nlattr **attrs, struct l2tp_tunnel_cfg *cfg)
159 {
160 	if (attrs[L2TP_ATTR_UDP_SPORT])
161 		cfg->local_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_SPORT]);
162 	if (attrs[L2TP_ATTR_UDP_DPORT])
163 		cfg->peer_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_DPORT]);
164 	cfg->use_udp_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_CSUM]);
165 
166 	/* Must have either AF_INET or AF_INET6 address for source and destination */
167 #if IS_ENABLED(CONFIG_IPV6)
168 	if (attrs[L2TP_ATTR_IP6_SADDR] && attrs[L2TP_ATTR_IP6_DADDR]) {
169 		cfg->local_ip6 = nla_data(attrs[L2TP_ATTR_IP6_SADDR]);
170 		cfg->peer_ip6 = nla_data(attrs[L2TP_ATTR_IP6_DADDR]);
171 		cfg->udp6_zero_tx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_TX]);
172 		cfg->udp6_zero_rx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_RX]);
173 		return 0;
174 	}
175 #endif
176 	if (attrs[L2TP_ATTR_IP_SADDR] && attrs[L2TP_ATTR_IP_DADDR]) {
177 		cfg->local_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_SADDR]);
178 		cfg->peer_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_DADDR]);
179 		return 0;
180 	}
181 	return -EINVAL;
182 }
183 
184 static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info)
185 {
186 	u32 tunnel_id;
187 	u32 peer_tunnel_id;
188 	int proto_version;
189 	int fd = -1;
190 	int ret = 0;
191 	struct l2tp_tunnel_cfg cfg = { 0, };
192 	struct l2tp_tunnel *tunnel;
193 	struct net *net = genl_info_net(info);
194 	struct nlattr **attrs = info->attrs;
195 
196 	if (!attrs[L2TP_ATTR_CONN_ID]) {
197 		ret = -EINVAL;
198 		goto out;
199 	}
200 	tunnel_id = nla_get_u32(attrs[L2TP_ATTR_CONN_ID]);
201 
202 	if (!attrs[L2TP_ATTR_PEER_CONN_ID]) {
203 		ret = -EINVAL;
204 		goto out;
205 	}
206 	peer_tunnel_id = nla_get_u32(attrs[L2TP_ATTR_PEER_CONN_ID]);
207 
208 	if (!attrs[L2TP_ATTR_PROTO_VERSION]) {
209 		ret = -EINVAL;
210 		goto out;
211 	}
212 	proto_version = nla_get_u8(attrs[L2TP_ATTR_PROTO_VERSION]);
213 
214 	if (!attrs[L2TP_ATTR_ENCAP_TYPE]) {
215 		ret = -EINVAL;
216 		goto out;
217 	}
218 	cfg.encap = nla_get_u16(attrs[L2TP_ATTR_ENCAP_TYPE]);
219 
220 	/* Managed tunnels take the tunnel socket from userspace.
221 	 * Unmanaged tunnels must call out the source and destination addresses
222 	 * for the kernel to create the tunnel socket itself.
223 	 */
224 	if (attrs[L2TP_ATTR_FD]) {
225 		fd = nla_get_u32(attrs[L2TP_ATTR_FD]);
226 	} else {
227 		ret = l2tp_nl_cmd_tunnel_create_get_addr(attrs, &cfg);
228 		if (ret < 0)
229 			goto out;
230 	}
231 
232 	if (attrs[L2TP_ATTR_DEBUG])
233 		cfg.debug = nla_get_u32(attrs[L2TP_ATTR_DEBUG]);
234 
235 	ret = -EINVAL;
236 	switch (cfg.encap) {
237 	case L2TP_ENCAPTYPE_UDP:
238 	case L2TP_ENCAPTYPE_IP:
239 		ret = l2tp_tunnel_create(net, fd, proto_version, tunnel_id,
240 					 peer_tunnel_id, &cfg, &tunnel);
241 		break;
242 	}
243 
244 	if (ret < 0)
245 		goto out;
246 
247 	l2tp_tunnel_inc_refcount(tunnel);
248 	ret = l2tp_tunnel_register(tunnel, net, &cfg);
249 	if (ret < 0) {
250 		kfree(tunnel);
251 		goto out;
252 	}
253 	ret = l2tp_tunnel_notify(&l2tp_nl_family, info, tunnel,
254 				 L2TP_CMD_TUNNEL_CREATE);
255 	l2tp_tunnel_dec_refcount(tunnel);
256 
257 out:
258 	return ret;
259 }
260 
261 static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info)
262 {
263 	struct l2tp_tunnel *tunnel;
264 	u32 tunnel_id;
265 	int ret = 0;
266 	struct net *net = genl_info_net(info);
267 
268 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
269 		ret = -EINVAL;
270 		goto out;
271 	}
272 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
273 
274 	tunnel = l2tp_tunnel_get(net, tunnel_id);
275 	if (!tunnel) {
276 		ret = -ENODEV;
277 		goto out;
278 	}
279 
280 	l2tp_tunnel_notify(&l2tp_nl_family, info,
281 			   tunnel, L2TP_CMD_TUNNEL_DELETE);
282 
283 	l2tp_tunnel_delete(tunnel);
284 
285 	l2tp_tunnel_dec_refcount(tunnel);
286 
287 out:
288 	return ret;
289 }
290 
291 static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info)
292 {
293 	struct l2tp_tunnel *tunnel;
294 	u32 tunnel_id;
295 	int ret = 0;
296 	struct net *net = genl_info_net(info);
297 
298 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
299 		ret = -EINVAL;
300 		goto out;
301 	}
302 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
303 
304 	tunnel = l2tp_tunnel_get(net, tunnel_id);
305 	if (!tunnel) {
306 		ret = -ENODEV;
307 		goto out;
308 	}
309 
310 	if (info->attrs[L2TP_ATTR_DEBUG])
311 		tunnel->debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]);
312 
313 	ret = l2tp_tunnel_notify(&l2tp_nl_family, info,
314 				 tunnel, L2TP_CMD_TUNNEL_MODIFY);
315 
316 	l2tp_tunnel_dec_refcount(tunnel);
317 
318 out:
319 	return ret;
320 }
321 
322 #if IS_ENABLED(CONFIG_IPV6)
323 static int l2tp_nl_tunnel_send_addr6(struct sk_buff *skb, struct sock *sk,
324 				     enum l2tp_encap_type encap)
325 {
326 	struct inet_sock *inet = inet_sk(sk);
327 	struct ipv6_pinfo *np = inet6_sk(sk);
328 
329 	switch (encap) {
330 	case L2TP_ENCAPTYPE_UDP:
331 		if (udp_get_no_check6_tx(sk) &&
332 		    nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_TX))
333 			return -1;
334 		if (udp_get_no_check6_rx(sk) &&
335 		    nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_RX))
336 			return -1;
337 		if (nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
338 		    nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
339 			return -1;
340 		fallthrough;
341 	case L2TP_ENCAPTYPE_IP:
342 		if (nla_put_in6_addr(skb, L2TP_ATTR_IP6_SADDR, &np->saddr) ||
343 		    nla_put_in6_addr(skb, L2TP_ATTR_IP6_DADDR, &sk->sk_v6_daddr))
344 			return -1;
345 		break;
346 	}
347 	return 0;
348 }
349 #endif
350 
351 static int l2tp_nl_tunnel_send_addr4(struct sk_buff *skb, struct sock *sk,
352 				     enum l2tp_encap_type encap)
353 {
354 	struct inet_sock *inet = inet_sk(sk);
355 
356 	switch (encap) {
357 	case L2TP_ENCAPTYPE_UDP:
358 		if (nla_put_u8(skb, L2TP_ATTR_UDP_CSUM, !sk->sk_no_check_tx) ||
359 		    nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
360 		    nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
361 			return -1;
362 		fallthrough;
363 	case L2TP_ENCAPTYPE_IP:
364 		if (nla_put_in_addr(skb, L2TP_ATTR_IP_SADDR, inet->inet_saddr) ||
365 		    nla_put_in_addr(skb, L2TP_ATTR_IP_DADDR, inet->inet_daddr))
366 			return -1;
367 		break;
368 	}
369 
370 	return 0;
371 }
372 
373 /* Append attributes for the tunnel address, handling the different attribute types
374  * used for different tunnel encapsulation and AF_INET v.s. AF_INET6.
375  */
376 static int l2tp_nl_tunnel_send_addr(struct sk_buff *skb, struct l2tp_tunnel *tunnel)
377 {
378 	struct sock *sk = tunnel->sock;
379 
380 	if (!sk)
381 		return 0;
382 
383 #if IS_ENABLED(CONFIG_IPV6)
384 	if (sk->sk_family == AF_INET6)
385 		return l2tp_nl_tunnel_send_addr6(skb, sk, tunnel->encap);
386 #endif
387 	return l2tp_nl_tunnel_send_addr4(skb, sk, tunnel->encap);
388 }
389 
390 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
391 			       struct l2tp_tunnel *tunnel, u8 cmd)
392 {
393 	void *hdr;
394 	struct nlattr *nest;
395 
396 	hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
397 	if (!hdr)
398 		return -EMSGSIZE;
399 
400 	if (nla_put_u8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version) ||
401 	    nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
402 	    nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
403 	    nla_put_u32(skb, L2TP_ATTR_DEBUG, tunnel->debug) ||
404 	    nla_put_u16(skb, L2TP_ATTR_ENCAP_TYPE, tunnel->encap))
405 		goto nla_put_failure;
406 
407 	nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
408 	if (!nest)
409 		goto nla_put_failure;
410 
411 	if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
412 			      atomic_long_read(&tunnel->stats.tx_packets),
413 			      L2TP_ATTR_STATS_PAD) ||
414 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
415 			      atomic_long_read(&tunnel->stats.tx_bytes),
416 			      L2TP_ATTR_STATS_PAD) ||
417 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
418 			      atomic_long_read(&tunnel->stats.tx_errors),
419 			      L2TP_ATTR_STATS_PAD) ||
420 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
421 			      atomic_long_read(&tunnel->stats.rx_packets),
422 			      L2TP_ATTR_STATS_PAD) ||
423 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
424 			      atomic_long_read(&tunnel->stats.rx_bytes),
425 			      L2TP_ATTR_STATS_PAD) ||
426 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
427 			      atomic_long_read(&tunnel->stats.rx_seq_discards),
428 			      L2TP_ATTR_STATS_PAD) ||
429 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
430 			      atomic_long_read(&tunnel->stats.rx_oos_packets),
431 			      L2TP_ATTR_STATS_PAD) ||
432 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
433 			      atomic_long_read(&tunnel->stats.rx_errors),
434 			      L2TP_ATTR_STATS_PAD))
435 		goto nla_put_failure;
436 	nla_nest_end(skb, nest);
437 
438 	if (l2tp_nl_tunnel_send_addr(skb, tunnel))
439 		goto nla_put_failure;
440 
441 	genlmsg_end(skb, hdr);
442 	return 0;
443 
444 nla_put_failure:
445 	genlmsg_cancel(skb, hdr);
446 	return -1;
447 }
448 
449 static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info)
450 {
451 	struct l2tp_tunnel *tunnel;
452 	struct sk_buff *msg;
453 	u32 tunnel_id;
454 	int ret = -ENOBUFS;
455 	struct net *net = genl_info_net(info);
456 
457 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
458 		ret = -EINVAL;
459 		goto err;
460 	}
461 
462 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
463 
464 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
465 	if (!msg) {
466 		ret = -ENOMEM;
467 		goto err;
468 	}
469 
470 	tunnel = l2tp_tunnel_get(net, tunnel_id);
471 	if (!tunnel) {
472 		ret = -ENODEV;
473 		goto err_nlmsg;
474 	}
475 
476 	ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
477 				  NLM_F_ACK, tunnel, L2TP_CMD_TUNNEL_GET);
478 	if (ret < 0)
479 		goto err_nlmsg_tunnel;
480 
481 	l2tp_tunnel_dec_refcount(tunnel);
482 
483 	return genlmsg_unicast(net, msg, info->snd_portid);
484 
485 err_nlmsg_tunnel:
486 	l2tp_tunnel_dec_refcount(tunnel);
487 err_nlmsg:
488 	nlmsg_free(msg);
489 err:
490 	return ret;
491 }
492 
493 static int l2tp_nl_cmd_tunnel_dump(struct sk_buff *skb, struct netlink_callback *cb)
494 {
495 	int ti = cb->args[0];
496 	struct l2tp_tunnel *tunnel;
497 	struct net *net = sock_net(skb->sk);
498 
499 	for (;;) {
500 		tunnel = l2tp_tunnel_get_nth(net, ti);
501 		if (!tunnel)
502 			goto out;
503 
504 		if (l2tp_nl_tunnel_send(skb, NETLINK_CB(cb->skb).portid,
505 					cb->nlh->nlmsg_seq, NLM_F_MULTI,
506 					tunnel, L2TP_CMD_TUNNEL_GET) < 0) {
507 			l2tp_tunnel_dec_refcount(tunnel);
508 			goto out;
509 		}
510 		l2tp_tunnel_dec_refcount(tunnel);
511 
512 		ti++;
513 	}
514 
515 out:
516 	cb->args[0] = ti;
517 
518 	return skb->len;
519 }
520 
521 static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *info)
522 {
523 	u32 tunnel_id = 0;
524 	u32 session_id;
525 	u32 peer_session_id;
526 	int ret = 0;
527 	struct l2tp_tunnel *tunnel;
528 	struct l2tp_session *session;
529 	struct l2tp_session_cfg cfg = { 0, };
530 	struct net *net = genl_info_net(info);
531 
532 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
533 		ret = -EINVAL;
534 		goto out;
535 	}
536 
537 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
538 	tunnel = l2tp_tunnel_get(net, tunnel_id);
539 	if (!tunnel) {
540 		ret = -ENODEV;
541 		goto out;
542 	}
543 
544 	if (!info->attrs[L2TP_ATTR_SESSION_ID]) {
545 		ret = -EINVAL;
546 		goto out_tunnel;
547 	}
548 	session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
549 
550 	if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) {
551 		ret = -EINVAL;
552 		goto out_tunnel;
553 	}
554 	peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]);
555 
556 	if (!info->attrs[L2TP_ATTR_PW_TYPE]) {
557 		ret = -EINVAL;
558 		goto out_tunnel;
559 	}
560 	cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]);
561 	if (cfg.pw_type >= __L2TP_PWTYPE_MAX) {
562 		ret = -EINVAL;
563 		goto out_tunnel;
564 	}
565 
566 	/* L2TPv2 only accepts PPP pseudo-wires */
567 	if (tunnel->version == 2 && cfg.pw_type != L2TP_PWTYPE_PPP) {
568 		ret = -EPROTONOSUPPORT;
569 		goto out_tunnel;
570 	}
571 
572 	if (tunnel->version > 2) {
573 		if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) {
574 			cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
575 			if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT &&
576 			    cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) {
577 				ret = -EINVAL;
578 				goto out_tunnel;
579 			}
580 		} else {
581 			cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
582 		}
583 
584 		if (info->attrs[L2TP_ATTR_COOKIE]) {
585 			u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]);
586 
587 			if (len > 8) {
588 				ret = -EINVAL;
589 				goto out_tunnel;
590 			}
591 			cfg.cookie_len = len;
592 			memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len);
593 		}
594 		if (info->attrs[L2TP_ATTR_PEER_COOKIE]) {
595 			u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]);
596 
597 			if (len > 8) {
598 				ret = -EINVAL;
599 				goto out_tunnel;
600 			}
601 			cfg.peer_cookie_len = len;
602 			memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len);
603 		}
604 		if (info->attrs[L2TP_ATTR_IFNAME])
605 			cfg.ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
606 	}
607 
608 	if (info->attrs[L2TP_ATTR_DEBUG])
609 		cfg.debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]);
610 
611 	if (info->attrs[L2TP_ATTR_RECV_SEQ])
612 		cfg.recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
613 
614 	if (info->attrs[L2TP_ATTR_SEND_SEQ])
615 		cfg.send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
616 
617 	if (info->attrs[L2TP_ATTR_LNS_MODE])
618 		cfg.lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
619 
620 	if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
621 		cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
622 
623 #ifdef CONFIG_MODULES
624 	if (!l2tp_nl_cmd_ops[cfg.pw_type]) {
625 		genl_unlock();
626 		request_module("net-l2tp-type-%u", cfg.pw_type);
627 		genl_lock();
628 	}
629 #endif
630 	if (!l2tp_nl_cmd_ops[cfg.pw_type] || !l2tp_nl_cmd_ops[cfg.pw_type]->session_create) {
631 		ret = -EPROTONOSUPPORT;
632 		goto out_tunnel;
633 	}
634 
635 	ret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel,
636 							   session_id,
637 							   peer_session_id,
638 							   &cfg);
639 
640 	if (ret >= 0) {
641 		session = l2tp_tunnel_get_session(tunnel, session_id);
642 		if (session) {
643 			ret = l2tp_session_notify(&l2tp_nl_family, info, session,
644 						  L2TP_CMD_SESSION_CREATE);
645 			l2tp_session_dec_refcount(session);
646 		}
647 	}
648 
649 out_tunnel:
650 	l2tp_tunnel_dec_refcount(tunnel);
651 out:
652 	return ret;
653 }
654 
655 static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *info)
656 {
657 	int ret = 0;
658 	struct l2tp_session *session;
659 	u16 pw_type;
660 
661 	session = l2tp_nl_session_get(info);
662 	if (!session) {
663 		ret = -ENODEV;
664 		goto out;
665 	}
666 
667 	l2tp_session_notify(&l2tp_nl_family, info,
668 			    session, L2TP_CMD_SESSION_DELETE);
669 
670 	pw_type = session->pwtype;
671 	if (pw_type < __L2TP_PWTYPE_MAX)
672 		if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete)
673 			ret = (*l2tp_nl_cmd_ops[pw_type]->session_delete)(session);
674 
675 	l2tp_session_dec_refcount(session);
676 
677 out:
678 	return ret;
679 }
680 
681 static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *info)
682 {
683 	int ret = 0;
684 	struct l2tp_session *session;
685 
686 	session = l2tp_nl_session_get(info);
687 	if (!session) {
688 		ret = -ENODEV;
689 		goto out;
690 	}
691 
692 	if (info->attrs[L2TP_ATTR_DEBUG])
693 		session->debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]);
694 
695 	if (info->attrs[L2TP_ATTR_RECV_SEQ])
696 		session->recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
697 
698 	if (info->attrs[L2TP_ATTR_SEND_SEQ]) {
699 		session->send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
700 		l2tp_session_set_header_len(session, session->tunnel->version);
701 	}
702 
703 	if (info->attrs[L2TP_ATTR_LNS_MODE])
704 		session->lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
705 
706 	if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
707 		session->reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
708 
709 	ret = l2tp_session_notify(&l2tp_nl_family, info,
710 				  session, L2TP_CMD_SESSION_MODIFY);
711 
712 	l2tp_session_dec_refcount(session);
713 
714 out:
715 	return ret;
716 }
717 
718 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
719 				struct l2tp_session *session, u8 cmd)
720 {
721 	void *hdr;
722 	struct nlattr *nest;
723 	struct l2tp_tunnel *tunnel = session->tunnel;
724 
725 	hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
726 	if (!hdr)
727 		return -EMSGSIZE;
728 
729 	if (nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
730 	    nla_put_u32(skb, L2TP_ATTR_SESSION_ID, session->session_id) ||
731 	    nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
732 	    nla_put_u32(skb, L2TP_ATTR_PEER_SESSION_ID, session->peer_session_id) ||
733 	    nla_put_u32(skb, L2TP_ATTR_DEBUG, session->debug) ||
734 	    nla_put_u16(skb, L2TP_ATTR_PW_TYPE, session->pwtype))
735 		goto nla_put_failure;
736 
737 	if ((session->ifname[0] &&
738 	     nla_put_string(skb, L2TP_ATTR_IFNAME, session->ifname)) ||
739 	    (session->cookie_len &&
740 	     nla_put(skb, L2TP_ATTR_COOKIE, session->cookie_len, session->cookie)) ||
741 	    (session->peer_cookie_len &&
742 	     nla_put(skb, L2TP_ATTR_PEER_COOKIE, session->peer_cookie_len, session->peer_cookie)) ||
743 	    nla_put_u8(skb, L2TP_ATTR_RECV_SEQ, session->recv_seq) ||
744 	    nla_put_u8(skb, L2TP_ATTR_SEND_SEQ, session->send_seq) ||
745 	    nla_put_u8(skb, L2TP_ATTR_LNS_MODE, session->lns_mode) ||
746 	    (l2tp_tunnel_uses_xfrm(tunnel) &&
747 	     nla_put_u8(skb, L2TP_ATTR_USING_IPSEC, 1)) ||
748 	    (session->reorder_timeout &&
749 	     nla_put_msecs(skb, L2TP_ATTR_RECV_TIMEOUT,
750 			   session->reorder_timeout, L2TP_ATTR_PAD)))
751 		goto nla_put_failure;
752 
753 	nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
754 	if (!nest)
755 		goto nla_put_failure;
756 
757 	if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
758 			      atomic_long_read(&session->stats.tx_packets),
759 			      L2TP_ATTR_STATS_PAD) ||
760 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
761 			      atomic_long_read(&session->stats.tx_bytes),
762 			      L2TP_ATTR_STATS_PAD) ||
763 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
764 			      atomic_long_read(&session->stats.tx_errors),
765 			      L2TP_ATTR_STATS_PAD) ||
766 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
767 			      atomic_long_read(&session->stats.rx_packets),
768 			      L2TP_ATTR_STATS_PAD) ||
769 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
770 			      atomic_long_read(&session->stats.rx_bytes),
771 			      L2TP_ATTR_STATS_PAD) ||
772 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
773 			      atomic_long_read(&session->stats.rx_seq_discards),
774 			      L2TP_ATTR_STATS_PAD) ||
775 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
776 			      atomic_long_read(&session->stats.rx_oos_packets),
777 			      L2TP_ATTR_STATS_PAD) ||
778 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
779 			      atomic_long_read(&session->stats.rx_errors),
780 			      L2TP_ATTR_STATS_PAD))
781 		goto nla_put_failure;
782 	nla_nest_end(skb, nest);
783 
784 	genlmsg_end(skb, hdr);
785 	return 0;
786 
787  nla_put_failure:
788 	genlmsg_cancel(skb, hdr);
789 	return -1;
790 }
791 
792 static int l2tp_nl_cmd_session_get(struct sk_buff *skb, struct genl_info *info)
793 {
794 	struct l2tp_session *session;
795 	struct sk_buff *msg;
796 	int ret;
797 
798 	session = l2tp_nl_session_get(info);
799 	if (!session) {
800 		ret = -ENODEV;
801 		goto err;
802 	}
803 
804 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
805 	if (!msg) {
806 		ret = -ENOMEM;
807 		goto err_ref;
808 	}
809 
810 	ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
811 				   0, session, L2TP_CMD_SESSION_GET);
812 	if (ret < 0)
813 		goto err_ref_msg;
814 
815 	ret = genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
816 
817 	l2tp_session_dec_refcount(session);
818 
819 	return ret;
820 
821 err_ref_msg:
822 	nlmsg_free(msg);
823 err_ref:
824 	l2tp_session_dec_refcount(session);
825 err:
826 	return ret;
827 }
828 
829 static int l2tp_nl_cmd_session_dump(struct sk_buff *skb, struct netlink_callback *cb)
830 {
831 	struct net *net = sock_net(skb->sk);
832 	struct l2tp_session *session;
833 	struct l2tp_tunnel *tunnel = NULL;
834 	int ti = cb->args[0];
835 	int si = cb->args[1];
836 
837 	for (;;) {
838 		if (!tunnel) {
839 			tunnel = l2tp_tunnel_get_nth(net, ti);
840 			if (!tunnel)
841 				goto out;
842 		}
843 
844 		session = l2tp_session_get_nth(tunnel, si);
845 		if (!session) {
846 			ti++;
847 			l2tp_tunnel_dec_refcount(tunnel);
848 			tunnel = NULL;
849 			si = 0;
850 			continue;
851 		}
852 
853 		if (l2tp_nl_session_send(skb, NETLINK_CB(cb->skb).portid,
854 					 cb->nlh->nlmsg_seq, NLM_F_MULTI,
855 					 session, L2TP_CMD_SESSION_GET) < 0) {
856 			l2tp_session_dec_refcount(session);
857 			l2tp_tunnel_dec_refcount(tunnel);
858 			break;
859 		}
860 		l2tp_session_dec_refcount(session);
861 
862 		si++;
863 	}
864 
865 out:
866 	cb->args[0] = ti;
867 	cb->args[1] = si;
868 
869 	return skb->len;
870 }
871 
872 static const struct nla_policy l2tp_nl_policy[L2TP_ATTR_MAX + 1] = {
873 	[L2TP_ATTR_NONE]		= { .type = NLA_UNSPEC, },
874 	[L2TP_ATTR_PW_TYPE]		= { .type = NLA_U16, },
875 	[L2TP_ATTR_ENCAP_TYPE]		= { .type = NLA_U16, },
876 	[L2TP_ATTR_OFFSET]		= { .type = NLA_U16, },
877 	[L2TP_ATTR_DATA_SEQ]		= { .type = NLA_U8, },
878 	[L2TP_ATTR_L2SPEC_TYPE]		= { .type = NLA_U8, },
879 	[L2TP_ATTR_L2SPEC_LEN]		= { .type = NLA_U8, },
880 	[L2TP_ATTR_PROTO_VERSION]	= { .type = NLA_U8, },
881 	[L2TP_ATTR_CONN_ID]		= { .type = NLA_U32, },
882 	[L2TP_ATTR_PEER_CONN_ID]	= { .type = NLA_U32, },
883 	[L2TP_ATTR_SESSION_ID]		= { .type = NLA_U32, },
884 	[L2TP_ATTR_PEER_SESSION_ID]	= { .type = NLA_U32, },
885 	[L2TP_ATTR_UDP_CSUM]		= { .type = NLA_U8, },
886 	[L2TP_ATTR_VLAN_ID]		= { .type = NLA_U16, },
887 	[L2TP_ATTR_DEBUG]		= { .type = NLA_U32, },
888 	[L2TP_ATTR_RECV_SEQ]		= { .type = NLA_U8, },
889 	[L2TP_ATTR_SEND_SEQ]		= { .type = NLA_U8, },
890 	[L2TP_ATTR_LNS_MODE]		= { .type = NLA_U8, },
891 	[L2TP_ATTR_USING_IPSEC]		= { .type = NLA_U8, },
892 	[L2TP_ATTR_RECV_TIMEOUT]	= { .type = NLA_MSECS, },
893 	[L2TP_ATTR_FD]			= { .type = NLA_U32, },
894 	[L2TP_ATTR_IP_SADDR]		= { .type = NLA_U32, },
895 	[L2TP_ATTR_IP_DADDR]		= { .type = NLA_U32, },
896 	[L2TP_ATTR_UDP_SPORT]		= { .type = NLA_U16, },
897 	[L2TP_ATTR_UDP_DPORT]		= { .type = NLA_U16, },
898 	[L2TP_ATTR_MTU]			= { .type = NLA_U16, },
899 	[L2TP_ATTR_MRU]			= { .type = NLA_U16, },
900 	[L2TP_ATTR_STATS]		= { .type = NLA_NESTED, },
901 	[L2TP_ATTR_IP6_SADDR] = {
902 		.type = NLA_BINARY,
903 		.len = sizeof(struct in6_addr),
904 	},
905 	[L2TP_ATTR_IP6_DADDR] = {
906 		.type = NLA_BINARY,
907 		.len = sizeof(struct in6_addr),
908 	},
909 	[L2TP_ATTR_IFNAME] = {
910 		.type = NLA_NUL_STRING,
911 		.len = IFNAMSIZ - 1,
912 	},
913 	[L2TP_ATTR_COOKIE] = {
914 		.type = NLA_BINARY,
915 		.len = 8,
916 	},
917 	[L2TP_ATTR_PEER_COOKIE] = {
918 		.type = NLA_BINARY,
919 		.len = 8,
920 	},
921 };
922 
923 static const struct genl_ops l2tp_nl_ops[] = {
924 	{
925 		.cmd = L2TP_CMD_NOOP,
926 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
927 		.doit = l2tp_nl_cmd_noop,
928 		/* can be retrieved by unprivileged users */
929 	},
930 	{
931 		.cmd = L2TP_CMD_TUNNEL_CREATE,
932 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
933 		.doit = l2tp_nl_cmd_tunnel_create,
934 		.flags = GENL_UNS_ADMIN_PERM,
935 	},
936 	{
937 		.cmd = L2TP_CMD_TUNNEL_DELETE,
938 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
939 		.doit = l2tp_nl_cmd_tunnel_delete,
940 		.flags = GENL_UNS_ADMIN_PERM,
941 	},
942 	{
943 		.cmd = L2TP_CMD_TUNNEL_MODIFY,
944 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
945 		.doit = l2tp_nl_cmd_tunnel_modify,
946 		.flags = GENL_UNS_ADMIN_PERM,
947 	},
948 	{
949 		.cmd = L2TP_CMD_TUNNEL_GET,
950 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
951 		.doit = l2tp_nl_cmd_tunnel_get,
952 		.dumpit = l2tp_nl_cmd_tunnel_dump,
953 		.flags = GENL_UNS_ADMIN_PERM,
954 	},
955 	{
956 		.cmd = L2TP_CMD_SESSION_CREATE,
957 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
958 		.doit = l2tp_nl_cmd_session_create,
959 		.flags = GENL_UNS_ADMIN_PERM,
960 	},
961 	{
962 		.cmd = L2TP_CMD_SESSION_DELETE,
963 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
964 		.doit = l2tp_nl_cmd_session_delete,
965 		.flags = GENL_UNS_ADMIN_PERM,
966 	},
967 	{
968 		.cmd = L2TP_CMD_SESSION_MODIFY,
969 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
970 		.doit = l2tp_nl_cmd_session_modify,
971 		.flags = GENL_UNS_ADMIN_PERM,
972 	},
973 	{
974 		.cmd = L2TP_CMD_SESSION_GET,
975 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
976 		.doit = l2tp_nl_cmd_session_get,
977 		.dumpit = l2tp_nl_cmd_session_dump,
978 		.flags = GENL_UNS_ADMIN_PERM,
979 	},
980 };
981 
982 static struct genl_family l2tp_nl_family __ro_after_init = {
983 	.name		= L2TP_GENL_NAME,
984 	.version	= L2TP_GENL_VERSION,
985 	.hdrsize	= 0,
986 	.maxattr	= L2TP_ATTR_MAX,
987 	.policy = l2tp_nl_policy,
988 	.netnsok	= true,
989 	.module		= THIS_MODULE,
990 	.ops		= l2tp_nl_ops,
991 	.n_ops		= ARRAY_SIZE(l2tp_nl_ops),
992 	.mcgrps		= l2tp_multicast_group,
993 	.n_mcgrps	= ARRAY_SIZE(l2tp_multicast_group),
994 };
995 
996 int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, const struct l2tp_nl_cmd_ops *ops)
997 {
998 	int ret;
999 
1000 	ret = -EINVAL;
1001 	if (pw_type >= __L2TP_PWTYPE_MAX)
1002 		goto err;
1003 
1004 	genl_lock();
1005 	ret = -EBUSY;
1006 	if (l2tp_nl_cmd_ops[pw_type])
1007 		goto out;
1008 
1009 	l2tp_nl_cmd_ops[pw_type] = ops;
1010 	ret = 0;
1011 
1012 out:
1013 	genl_unlock();
1014 err:
1015 	return ret;
1016 }
1017 EXPORT_SYMBOL_GPL(l2tp_nl_register_ops);
1018 
1019 void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type)
1020 {
1021 	if (pw_type < __L2TP_PWTYPE_MAX) {
1022 		genl_lock();
1023 		l2tp_nl_cmd_ops[pw_type] = NULL;
1024 		genl_unlock();
1025 	}
1026 }
1027 EXPORT_SYMBOL_GPL(l2tp_nl_unregister_ops);
1028 
1029 static int __init l2tp_nl_init(void)
1030 {
1031 	pr_info("L2TP netlink interface\n");
1032 	return genl_register_family(&l2tp_nl_family);
1033 }
1034 
1035 static void l2tp_nl_cleanup(void)
1036 {
1037 	genl_unregister_family(&l2tp_nl_family);
1038 }
1039 
1040 module_init(l2tp_nl_init);
1041 module_exit(l2tp_nl_cleanup);
1042 
1043 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1044 MODULE_DESCRIPTION("L2TP netlink");
1045 MODULE_LICENSE("GPL");
1046 MODULE_VERSION("1.0");
1047 MODULE_ALIAS_GENL_FAMILY("l2tp");
1048