1 // SPDX-License-Identifier: GPL-2.0-only 2 /* L2TP netlink layer, for management 3 * 4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd 5 * 6 * Partly based on the IrDA nelink implementation 7 * (see net/irda/irnetlink.c) which is: 8 * Copyright (c) 2007 Samuel Ortiz <samuel@sortiz.org> 9 * which is in turn partly based on the wireless netlink code: 10 * Copyright 2006 Johannes Berg <johannes@sipsolutions.net> 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <net/sock.h> 16 #include <net/genetlink.h> 17 #include <net/udp.h> 18 #include <linux/in.h> 19 #include <linux/udp.h> 20 #include <linux/socket.h> 21 #include <linux/module.h> 22 #include <linux/list.h> 23 #include <net/net_namespace.h> 24 25 #include <linux/l2tp.h> 26 27 #include "l2tp_core.h" 28 29 static struct genl_family l2tp_nl_family; 30 31 static const struct genl_multicast_group l2tp_multicast_group[] = { 32 { 33 .name = L2TP_GENL_MCGROUP, 34 }, 35 }; 36 37 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, 38 int flags, struct l2tp_tunnel *tunnel, u8 cmd); 39 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, 40 int flags, struct l2tp_session *session, 41 u8 cmd); 42 43 /* Accessed under genl lock */ 44 static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX]; 45 46 static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info) 47 { 48 u32 tunnel_id; 49 u32 session_id; 50 char *ifname; 51 struct l2tp_tunnel *tunnel; 52 struct l2tp_session *session = NULL; 53 struct net *net = genl_info_net(info); 54 55 if (info->attrs[L2TP_ATTR_IFNAME]) { 56 ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]); 57 session = l2tp_session_get_by_ifname(net, ifname); 58 } else if ((info->attrs[L2TP_ATTR_SESSION_ID]) && 59 (info->attrs[L2TP_ATTR_CONN_ID])) { 60 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); 61 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]); 62 tunnel = l2tp_tunnel_get(net, tunnel_id); 63 if (tunnel) { 64 session = l2tp_tunnel_get_session(tunnel, session_id); 65 l2tp_tunnel_dec_refcount(tunnel); 66 } 67 } 68 69 return session; 70 } 71 72 static int l2tp_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info) 73 { 74 struct sk_buff *msg; 75 void *hdr; 76 int ret = -ENOBUFS; 77 78 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 79 if (!msg) { 80 ret = -ENOMEM; 81 goto out; 82 } 83 84 hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq, 85 &l2tp_nl_family, 0, L2TP_CMD_NOOP); 86 if (!hdr) { 87 ret = -EMSGSIZE; 88 goto err_out; 89 } 90 91 genlmsg_end(msg, hdr); 92 93 return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); 94 95 err_out: 96 nlmsg_free(msg); 97 98 out: 99 return ret; 100 } 101 102 static int l2tp_tunnel_notify(struct genl_family *family, 103 struct genl_info *info, 104 struct l2tp_tunnel *tunnel, 105 u8 cmd) 106 { 107 struct sk_buff *msg; 108 int ret; 109 110 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 111 if (!msg) 112 return -ENOMEM; 113 114 ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq, 115 NLM_F_ACK, tunnel, cmd); 116 117 if (ret >= 0) { 118 ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC); 119 /* We don't care if no one is listening */ 120 if (ret == -ESRCH) 121 ret = 0; 122 return ret; 123 } 124 125 nlmsg_free(msg); 126 127 return ret; 128 } 129 130 static int l2tp_session_notify(struct genl_family *family, 131 struct genl_info *info, 132 struct l2tp_session *session, 133 u8 cmd) 134 { 135 struct sk_buff *msg; 136 int ret; 137 138 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 139 if (!msg) 140 return -ENOMEM; 141 142 ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq, 143 NLM_F_ACK, session, cmd); 144 145 if (ret >= 0) { 146 ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC); 147 /* We don't care if no one is listening */ 148 if (ret == -ESRCH) 149 ret = 0; 150 return ret; 151 } 152 153 nlmsg_free(msg); 154 155 return ret; 156 } 157 158 static int l2tp_nl_cmd_tunnel_create_get_addr(struct nlattr **attrs, struct l2tp_tunnel_cfg *cfg) 159 { 160 if (attrs[L2TP_ATTR_UDP_SPORT]) 161 cfg->local_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_SPORT]); 162 if (attrs[L2TP_ATTR_UDP_DPORT]) 163 cfg->peer_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_DPORT]); 164 cfg->use_udp_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_CSUM]); 165 166 /* Must have either AF_INET or AF_INET6 address for source and destination */ 167 #if IS_ENABLED(CONFIG_IPV6) 168 if (attrs[L2TP_ATTR_IP6_SADDR] && attrs[L2TP_ATTR_IP6_DADDR]) { 169 cfg->local_ip6 = nla_data(attrs[L2TP_ATTR_IP6_SADDR]); 170 cfg->peer_ip6 = nla_data(attrs[L2TP_ATTR_IP6_DADDR]); 171 cfg->udp6_zero_tx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_TX]); 172 cfg->udp6_zero_rx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_RX]); 173 return 0; 174 } 175 #endif 176 if (attrs[L2TP_ATTR_IP_SADDR] && attrs[L2TP_ATTR_IP_DADDR]) { 177 cfg->local_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_SADDR]); 178 cfg->peer_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_DADDR]); 179 return 0; 180 } 181 return -EINVAL; 182 } 183 184 static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info) 185 { 186 u32 tunnel_id; 187 u32 peer_tunnel_id; 188 int proto_version; 189 int fd = -1; 190 int ret = 0; 191 struct l2tp_tunnel_cfg cfg = { 0, }; 192 struct l2tp_tunnel *tunnel; 193 struct net *net = genl_info_net(info); 194 struct nlattr **attrs = info->attrs; 195 196 if (!attrs[L2TP_ATTR_CONN_ID]) { 197 ret = -EINVAL; 198 goto out; 199 } 200 tunnel_id = nla_get_u32(attrs[L2TP_ATTR_CONN_ID]); 201 202 if (!attrs[L2TP_ATTR_PEER_CONN_ID]) { 203 ret = -EINVAL; 204 goto out; 205 } 206 peer_tunnel_id = nla_get_u32(attrs[L2TP_ATTR_PEER_CONN_ID]); 207 208 if (!attrs[L2TP_ATTR_PROTO_VERSION]) { 209 ret = -EINVAL; 210 goto out; 211 } 212 proto_version = nla_get_u8(attrs[L2TP_ATTR_PROTO_VERSION]); 213 214 if (!attrs[L2TP_ATTR_ENCAP_TYPE]) { 215 ret = -EINVAL; 216 goto out; 217 } 218 cfg.encap = nla_get_u16(attrs[L2TP_ATTR_ENCAP_TYPE]); 219 220 /* Managed tunnels take the tunnel socket from userspace. 221 * Unmanaged tunnels must call out the source and destination addresses 222 * for the kernel to create the tunnel socket itself. 223 */ 224 if (attrs[L2TP_ATTR_FD]) { 225 fd = nla_get_u32(attrs[L2TP_ATTR_FD]); 226 } else { 227 ret = l2tp_nl_cmd_tunnel_create_get_addr(attrs, &cfg); 228 if (ret < 0) 229 goto out; 230 } 231 232 if (attrs[L2TP_ATTR_DEBUG]) 233 cfg.debug = nla_get_u32(attrs[L2TP_ATTR_DEBUG]); 234 235 ret = -EINVAL; 236 switch (cfg.encap) { 237 case L2TP_ENCAPTYPE_UDP: 238 case L2TP_ENCAPTYPE_IP: 239 ret = l2tp_tunnel_create(net, fd, proto_version, tunnel_id, 240 peer_tunnel_id, &cfg, &tunnel); 241 break; 242 } 243 244 if (ret < 0) 245 goto out; 246 247 l2tp_tunnel_inc_refcount(tunnel); 248 ret = l2tp_tunnel_register(tunnel, net, &cfg); 249 if (ret < 0) { 250 kfree(tunnel); 251 goto out; 252 } 253 ret = l2tp_tunnel_notify(&l2tp_nl_family, info, tunnel, 254 L2TP_CMD_TUNNEL_CREATE); 255 l2tp_tunnel_dec_refcount(tunnel); 256 257 out: 258 return ret; 259 } 260 261 static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info) 262 { 263 struct l2tp_tunnel *tunnel; 264 u32 tunnel_id; 265 int ret = 0; 266 struct net *net = genl_info_net(info); 267 268 if (!info->attrs[L2TP_ATTR_CONN_ID]) { 269 ret = -EINVAL; 270 goto out; 271 } 272 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); 273 274 tunnel = l2tp_tunnel_get(net, tunnel_id); 275 if (!tunnel) { 276 ret = -ENODEV; 277 goto out; 278 } 279 280 l2tp_tunnel_notify(&l2tp_nl_family, info, 281 tunnel, L2TP_CMD_TUNNEL_DELETE); 282 283 l2tp_tunnel_delete(tunnel); 284 285 l2tp_tunnel_dec_refcount(tunnel); 286 287 out: 288 return ret; 289 } 290 291 static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info) 292 { 293 struct l2tp_tunnel *tunnel; 294 u32 tunnel_id; 295 int ret = 0; 296 struct net *net = genl_info_net(info); 297 298 if (!info->attrs[L2TP_ATTR_CONN_ID]) { 299 ret = -EINVAL; 300 goto out; 301 } 302 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); 303 304 tunnel = l2tp_tunnel_get(net, tunnel_id); 305 if (!tunnel) { 306 ret = -ENODEV; 307 goto out; 308 } 309 310 if (info->attrs[L2TP_ATTR_DEBUG]) 311 tunnel->debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]); 312 313 ret = l2tp_tunnel_notify(&l2tp_nl_family, info, 314 tunnel, L2TP_CMD_TUNNEL_MODIFY); 315 316 l2tp_tunnel_dec_refcount(tunnel); 317 318 out: 319 return ret; 320 } 321 322 #if IS_ENABLED(CONFIG_IPV6) 323 static int l2tp_nl_tunnel_send_addr6(struct sk_buff *skb, struct sock *sk, 324 enum l2tp_encap_type encap) 325 { 326 struct inet_sock *inet = inet_sk(sk); 327 struct ipv6_pinfo *np = inet6_sk(sk); 328 329 switch (encap) { 330 case L2TP_ENCAPTYPE_UDP: 331 if (udp_get_no_check6_tx(sk) && 332 nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_TX)) 333 return -1; 334 if (udp_get_no_check6_rx(sk) && 335 nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_RX)) 336 return -1; 337 if (nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) || 338 nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport))) 339 return -1; 340 fallthrough; 341 case L2TP_ENCAPTYPE_IP: 342 if (nla_put_in6_addr(skb, L2TP_ATTR_IP6_SADDR, &np->saddr) || 343 nla_put_in6_addr(skb, L2TP_ATTR_IP6_DADDR, &sk->sk_v6_daddr)) 344 return -1; 345 break; 346 } 347 return 0; 348 } 349 #endif 350 351 static int l2tp_nl_tunnel_send_addr4(struct sk_buff *skb, struct sock *sk, 352 enum l2tp_encap_type encap) 353 { 354 struct inet_sock *inet = inet_sk(sk); 355 356 switch (encap) { 357 case L2TP_ENCAPTYPE_UDP: 358 if (nla_put_u8(skb, L2TP_ATTR_UDP_CSUM, !sk->sk_no_check_tx) || 359 nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) || 360 nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport))) 361 return -1; 362 fallthrough; 363 case L2TP_ENCAPTYPE_IP: 364 if (nla_put_in_addr(skb, L2TP_ATTR_IP_SADDR, inet->inet_saddr) || 365 nla_put_in_addr(skb, L2TP_ATTR_IP_DADDR, inet->inet_daddr)) 366 return -1; 367 break; 368 } 369 370 return 0; 371 } 372 373 /* Append attributes for the tunnel address, handling the different attribute types 374 * used for different tunnel encapsulation and AF_INET v.s. AF_INET6. 375 */ 376 static int l2tp_nl_tunnel_send_addr(struct sk_buff *skb, struct l2tp_tunnel *tunnel) 377 { 378 struct sock *sk = tunnel->sock; 379 380 if (!sk) 381 return 0; 382 383 #if IS_ENABLED(CONFIG_IPV6) 384 if (sk->sk_family == AF_INET6) 385 return l2tp_nl_tunnel_send_addr6(skb, sk, tunnel->encap); 386 #endif 387 return l2tp_nl_tunnel_send_addr4(skb, sk, tunnel->encap); 388 } 389 390 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int flags, 391 struct l2tp_tunnel *tunnel, u8 cmd) 392 { 393 void *hdr; 394 struct nlattr *nest; 395 396 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd); 397 if (!hdr) 398 return -EMSGSIZE; 399 400 if (nla_put_u8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version) || 401 nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) || 402 nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) || 403 nla_put_u32(skb, L2TP_ATTR_DEBUG, tunnel->debug) || 404 nla_put_u16(skb, L2TP_ATTR_ENCAP_TYPE, tunnel->encap)) 405 goto nla_put_failure; 406 407 nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS); 408 if (!nest) 409 goto nla_put_failure; 410 411 if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS, 412 atomic_long_read(&tunnel->stats.tx_packets), 413 L2TP_ATTR_STATS_PAD) || 414 nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES, 415 atomic_long_read(&tunnel->stats.tx_bytes), 416 L2TP_ATTR_STATS_PAD) || 417 nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS, 418 atomic_long_read(&tunnel->stats.tx_errors), 419 L2TP_ATTR_STATS_PAD) || 420 nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS, 421 atomic_long_read(&tunnel->stats.rx_packets), 422 L2TP_ATTR_STATS_PAD) || 423 nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES, 424 atomic_long_read(&tunnel->stats.rx_bytes), 425 L2TP_ATTR_STATS_PAD) || 426 nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS, 427 atomic_long_read(&tunnel->stats.rx_seq_discards), 428 L2TP_ATTR_STATS_PAD) || 429 nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS, 430 atomic_long_read(&tunnel->stats.rx_oos_packets), 431 L2TP_ATTR_STATS_PAD) || 432 nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS, 433 atomic_long_read(&tunnel->stats.rx_errors), 434 L2TP_ATTR_STATS_PAD)) 435 goto nla_put_failure; 436 nla_nest_end(skb, nest); 437 438 if (l2tp_nl_tunnel_send_addr(skb, tunnel)) 439 goto nla_put_failure; 440 441 genlmsg_end(skb, hdr); 442 return 0; 443 444 nla_put_failure: 445 genlmsg_cancel(skb, hdr); 446 return -1; 447 } 448 449 static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info) 450 { 451 struct l2tp_tunnel *tunnel; 452 struct sk_buff *msg; 453 u32 tunnel_id; 454 int ret = -ENOBUFS; 455 struct net *net = genl_info_net(info); 456 457 if (!info->attrs[L2TP_ATTR_CONN_ID]) { 458 ret = -EINVAL; 459 goto err; 460 } 461 462 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); 463 464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 465 if (!msg) { 466 ret = -ENOMEM; 467 goto err; 468 } 469 470 tunnel = l2tp_tunnel_get(net, tunnel_id); 471 if (!tunnel) { 472 ret = -ENODEV; 473 goto err_nlmsg; 474 } 475 476 ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq, 477 NLM_F_ACK, tunnel, L2TP_CMD_TUNNEL_GET); 478 if (ret < 0) 479 goto err_nlmsg_tunnel; 480 481 l2tp_tunnel_dec_refcount(tunnel); 482 483 return genlmsg_unicast(net, msg, info->snd_portid); 484 485 err_nlmsg_tunnel: 486 l2tp_tunnel_dec_refcount(tunnel); 487 err_nlmsg: 488 nlmsg_free(msg); 489 err: 490 return ret; 491 } 492 493 static int l2tp_nl_cmd_tunnel_dump(struct sk_buff *skb, struct netlink_callback *cb) 494 { 495 int ti = cb->args[0]; 496 struct l2tp_tunnel *tunnel; 497 struct net *net = sock_net(skb->sk); 498 499 for (;;) { 500 tunnel = l2tp_tunnel_get_nth(net, ti); 501 if (!tunnel) 502 goto out; 503 504 if (l2tp_nl_tunnel_send(skb, NETLINK_CB(cb->skb).portid, 505 cb->nlh->nlmsg_seq, NLM_F_MULTI, 506 tunnel, L2TP_CMD_TUNNEL_GET) < 0) { 507 l2tp_tunnel_dec_refcount(tunnel); 508 goto out; 509 } 510 l2tp_tunnel_dec_refcount(tunnel); 511 512 ti++; 513 } 514 515 out: 516 cb->args[0] = ti; 517 518 return skb->len; 519 } 520 521 static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *info) 522 { 523 u32 tunnel_id = 0; 524 u32 session_id; 525 u32 peer_session_id; 526 int ret = 0; 527 struct l2tp_tunnel *tunnel; 528 struct l2tp_session *session; 529 struct l2tp_session_cfg cfg = { 0, }; 530 struct net *net = genl_info_net(info); 531 532 if (!info->attrs[L2TP_ATTR_CONN_ID]) { 533 ret = -EINVAL; 534 goto out; 535 } 536 537 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); 538 tunnel = l2tp_tunnel_get(net, tunnel_id); 539 if (!tunnel) { 540 ret = -ENODEV; 541 goto out; 542 } 543 544 if (!info->attrs[L2TP_ATTR_SESSION_ID]) { 545 ret = -EINVAL; 546 goto out_tunnel; 547 } 548 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]); 549 550 if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) { 551 ret = -EINVAL; 552 goto out_tunnel; 553 } 554 peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]); 555 556 if (!info->attrs[L2TP_ATTR_PW_TYPE]) { 557 ret = -EINVAL; 558 goto out_tunnel; 559 } 560 cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]); 561 if (cfg.pw_type >= __L2TP_PWTYPE_MAX) { 562 ret = -EINVAL; 563 goto out_tunnel; 564 } 565 566 /* L2TPv2 only accepts PPP pseudo-wires */ 567 if (tunnel->version == 2 && cfg.pw_type != L2TP_PWTYPE_PPP) { 568 ret = -EPROTONOSUPPORT; 569 goto out_tunnel; 570 } 571 572 if (tunnel->version > 2) { 573 if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) { 574 cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]); 575 if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT && 576 cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) { 577 ret = -EINVAL; 578 goto out_tunnel; 579 } 580 } else { 581 cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT; 582 } 583 584 if (info->attrs[L2TP_ATTR_COOKIE]) { 585 u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]); 586 587 if (len > 8) { 588 ret = -EINVAL; 589 goto out_tunnel; 590 } 591 cfg.cookie_len = len; 592 memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len); 593 } 594 if (info->attrs[L2TP_ATTR_PEER_COOKIE]) { 595 u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]); 596 597 if (len > 8) { 598 ret = -EINVAL; 599 goto out_tunnel; 600 } 601 cfg.peer_cookie_len = len; 602 memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len); 603 } 604 if (info->attrs[L2TP_ATTR_IFNAME]) 605 cfg.ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]); 606 } 607 608 if (info->attrs[L2TP_ATTR_DEBUG]) 609 cfg.debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]); 610 611 if (info->attrs[L2TP_ATTR_RECV_SEQ]) 612 cfg.recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]); 613 614 if (info->attrs[L2TP_ATTR_SEND_SEQ]) 615 cfg.send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]); 616 617 if (info->attrs[L2TP_ATTR_LNS_MODE]) 618 cfg.lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]); 619 620 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT]) 621 cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]); 622 623 #ifdef CONFIG_MODULES 624 if (!l2tp_nl_cmd_ops[cfg.pw_type]) { 625 genl_unlock(); 626 request_module("net-l2tp-type-%u", cfg.pw_type); 627 genl_lock(); 628 } 629 #endif 630 if (!l2tp_nl_cmd_ops[cfg.pw_type] || !l2tp_nl_cmd_ops[cfg.pw_type]->session_create) { 631 ret = -EPROTONOSUPPORT; 632 goto out_tunnel; 633 } 634 635 ret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel, 636 session_id, 637 peer_session_id, 638 &cfg); 639 640 if (ret >= 0) { 641 session = l2tp_tunnel_get_session(tunnel, session_id); 642 if (session) { 643 ret = l2tp_session_notify(&l2tp_nl_family, info, session, 644 L2TP_CMD_SESSION_CREATE); 645 l2tp_session_dec_refcount(session); 646 } 647 } 648 649 out_tunnel: 650 l2tp_tunnel_dec_refcount(tunnel); 651 out: 652 return ret; 653 } 654 655 static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *info) 656 { 657 int ret = 0; 658 struct l2tp_session *session; 659 u16 pw_type; 660 661 session = l2tp_nl_session_get(info); 662 if (!session) { 663 ret = -ENODEV; 664 goto out; 665 } 666 667 l2tp_session_notify(&l2tp_nl_family, info, 668 session, L2TP_CMD_SESSION_DELETE); 669 670 pw_type = session->pwtype; 671 if (pw_type < __L2TP_PWTYPE_MAX) 672 if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete) 673 ret = (*l2tp_nl_cmd_ops[pw_type]->session_delete)(session); 674 675 l2tp_session_dec_refcount(session); 676 677 out: 678 return ret; 679 } 680 681 static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *info) 682 { 683 int ret = 0; 684 struct l2tp_session *session; 685 686 session = l2tp_nl_session_get(info); 687 if (!session) { 688 ret = -ENODEV; 689 goto out; 690 } 691 692 if (info->attrs[L2TP_ATTR_DEBUG]) 693 session->debug = nla_get_u32(info->attrs[L2TP_ATTR_DEBUG]); 694 695 if (info->attrs[L2TP_ATTR_RECV_SEQ]) 696 session->recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]); 697 698 if (info->attrs[L2TP_ATTR_SEND_SEQ]) { 699 session->send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]); 700 l2tp_session_set_header_len(session, session->tunnel->version); 701 } 702 703 if (info->attrs[L2TP_ATTR_LNS_MODE]) 704 session->lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]); 705 706 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT]) 707 session->reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]); 708 709 ret = l2tp_session_notify(&l2tp_nl_family, info, 710 session, L2TP_CMD_SESSION_MODIFY); 711 712 l2tp_session_dec_refcount(session); 713 714 out: 715 return ret; 716 } 717 718 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int flags, 719 struct l2tp_session *session, u8 cmd) 720 { 721 void *hdr; 722 struct nlattr *nest; 723 struct l2tp_tunnel *tunnel = session->tunnel; 724 725 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd); 726 if (!hdr) 727 return -EMSGSIZE; 728 729 if (nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) || 730 nla_put_u32(skb, L2TP_ATTR_SESSION_ID, session->session_id) || 731 nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) || 732 nla_put_u32(skb, L2TP_ATTR_PEER_SESSION_ID, session->peer_session_id) || 733 nla_put_u32(skb, L2TP_ATTR_DEBUG, session->debug) || 734 nla_put_u16(skb, L2TP_ATTR_PW_TYPE, session->pwtype)) 735 goto nla_put_failure; 736 737 if ((session->ifname[0] && 738 nla_put_string(skb, L2TP_ATTR_IFNAME, session->ifname)) || 739 (session->cookie_len && 740 nla_put(skb, L2TP_ATTR_COOKIE, session->cookie_len, session->cookie)) || 741 (session->peer_cookie_len && 742 nla_put(skb, L2TP_ATTR_PEER_COOKIE, session->peer_cookie_len, session->peer_cookie)) || 743 nla_put_u8(skb, L2TP_ATTR_RECV_SEQ, session->recv_seq) || 744 nla_put_u8(skb, L2TP_ATTR_SEND_SEQ, session->send_seq) || 745 nla_put_u8(skb, L2TP_ATTR_LNS_MODE, session->lns_mode) || 746 (l2tp_tunnel_uses_xfrm(tunnel) && 747 nla_put_u8(skb, L2TP_ATTR_USING_IPSEC, 1)) || 748 (session->reorder_timeout && 749 nla_put_msecs(skb, L2TP_ATTR_RECV_TIMEOUT, 750 session->reorder_timeout, L2TP_ATTR_PAD))) 751 goto nla_put_failure; 752 753 nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS); 754 if (!nest) 755 goto nla_put_failure; 756 757 if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS, 758 atomic_long_read(&session->stats.tx_packets), 759 L2TP_ATTR_STATS_PAD) || 760 nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES, 761 atomic_long_read(&session->stats.tx_bytes), 762 L2TP_ATTR_STATS_PAD) || 763 nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS, 764 atomic_long_read(&session->stats.tx_errors), 765 L2TP_ATTR_STATS_PAD) || 766 nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS, 767 atomic_long_read(&session->stats.rx_packets), 768 L2TP_ATTR_STATS_PAD) || 769 nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES, 770 atomic_long_read(&session->stats.rx_bytes), 771 L2TP_ATTR_STATS_PAD) || 772 nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS, 773 atomic_long_read(&session->stats.rx_seq_discards), 774 L2TP_ATTR_STATS_PAD) || 775 nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS, 776 atomic_long_read(&session->stats.rx_oos_packets), 777 L2TP_ATTR_STATS_PAD) || 778 nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS, 779 atomic_long_read(&session->stats.rx_errors), 780 L2TP_ATTR_STATS_PAD)) 781 goto nla_put_failure; 782 nla_nest_end(skb, nest); 783 784 genlmsg_end(skb, hdr); 785 return 0; 786 787 nla_put_failure: 788 genlmsg_cancel(skb, hdr); 789 return -1; 790 } 791 792 static int l2tp_nl_cmd_session_get(struct sk_buff *skb, struct genl_info *info) 793 { 794 struct l2tp_session *session; 795 struct sk_buff *msg; 796 int ret; 797 798 session = l2tp_nl_session_get(info); 799 if (!session) { 800 ret = -ENODEV; 801 goto err; 802 } 803 804 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 805 if (!msg) { 806 ret = -ENOMEM; 807 goto err_ref; 808 } 809 810 ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq, 811 0, session, L2TP_CMD_SESSION_GET); 812 if (ret < 0) 813 goto err_ref_msg; 814 815 ret = genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); 816 817 l2tp_session_dec_refcount(session); 818 819 return ret; 820 821 err_ref_msg: 822 nlmsg_free(msg); 823 err_ref: 824 l2tp_session_dec_refcount(session); 825 err: 826 return ret; 827 } 828 829 static int l2tp_nl_cmd_session_dump(struct sk_buff *skb, struct netlink_callback *cb) 830 { 831 struct net *net = sock_net(skb->sk); 832 struct l2tp_session *session; 833 struct l2tp_tunnel *tunnel = NULL; 834 int ti = cb->args[0]; 835 int si = cb->args[1]; 836 837 for (;;) { 838 if (!tunnel) { 839 tunnel = l2tp_tunnel_get_nth(net, ti); 840 if (!tunnel) 841 goto out; 842 } 843 844 session = l2tp_session_get_nth(tunnel, si); 845 if (!session) { 846 ti++; 847 l2tp_tunnel_dec_refcount(tunnel); 848 tunnel = NULL; 849 si = 0; 850 continue; 851 } 852 853 if (l2tp_nl_session_send(skb, NETLINK_CB(cb->skb).portid, 854 cb->nlh->nlmsg_seq, NLM_F_MULTI, 855 session, L2TP_CMD_SESSION_GET) < 0) { 856 l2tp_session_dec_refcount(session); 857 l2tp_tunnel_dec_refcount(tunnel); 858 break; 859 } 860 l2tp_session_dec_refcount(session); 861 862 si++; 863 } 864 865 out: 866 cb->args[0] = ti; 867 cb->args[1] = si; 868 869 return skb->len; 870 } 871 872 static const struct nla_policy l2tp_nl_policy[L2TP_ATTR_MAX + 1] = { 873 [L2TP_ATTR_NONE] = { .type = NLA_UNSPEC, }, 874 [L2TP_ATTR_PW_TYPE] = { .type = NLA_U16, }, 875 [L2TP_ATTR_ENCAP_TYPE] = { .type = NLA_U16, }, 876 [L2TP_ATTR_OFFSET] = { .type = NLA_U16, }, 877 [L2TP_ATTR_DATA_SEQ] = { .type = NLA_U8, }, 878 [L2TP_ATTR_L2SPEC_TYPE] = { .type = NLA_U8, }, 879 [L2TP_ATTR_L2SPEC_LEN] = { .type = NLA_U8, }, 880 [L2TP_ATTR_PROTO_VERSION] = { .type = NLA_U8, }, 881 [L2TP_ATTR_CONN_ID] = { .type = NLA_U32, }, 882 [L2TP_ATTR_PEER_CONN_ID] = { .type = NLA_U32, }, 883 [L2TP_ATTR_SESSION_ID] = { .type = NLA_U32, }, 884 [L2TP_ATTR_PEER_SESSION_ID] = { .type = NLA_U32, }, 885 [L2TP_ATTR_UDP_CSUM] = { .type = NLA_U8, }, 886 [L2TP_ATTR_VLAN_ID] = { .type = NLA_U16, }, 887 [L2TP_ATTR_DEBUG] = { .type = NLA_U32, }, 888 [L2TP_ATTR_RECV_SEQ] = { .type = NLA_U8, }, 889 [L2TP_ATTR_SEND_SEQ] = { .type = NLA_U8, }, 890 [L2TP_ATTR_LNS_MODE] = { .type = NLA_U8, }, 891 [L2TP_ATTR_USING_IPSEC] = { .type = NLA_U8, }, 892 [L2TP_ATTR_RECV_TIMEOUT] = { .type = NLA_MSECS, }, 893 [L2TP_ATTR_FD] = { .type = NLA_U32, }, 894 [L2TP_ATTR_IP_SADDR] = { .type = NLA_U32, }, 895 [L2TP_ATTR_IP_DADDR] = { .type = NLA_U32, }, 896 [L2TP_ATTR_UDP_SPORT] = { .type = NLA_U16, }, 897 [L2TP_ATTR_UDP_DPORT] = { .type = NLA_U16, }, 898 [L2TP_ATTR_MTU] = { .type = NLA_U16, }, 899 [L2TP_ATTR_MRU] = { .type = NLA_U16, }, 900 [L2TP_ATTR_STATS] = { .type = NLA_NESTED, }, 901 [L2TP_ATTR_IP6_SADDR] = { 902 .type = NLA_BINARY, 903 .len = sizeof(struct in6_addr), 904 }, 905 [L2TP_ATTR_IP6_DADDR] = { 906 .type = NLA_BINARY, 907 .len = sizeof(struct in6_addr), 908 }, 909 [L2TP_ATTR_IFNAME] = { 910 .type = NLA_NUL_STRING, 911 .len = IFNAMSIZ - 1, 912 }, 913 [L2TP_ATTR_COOKIE] = { 914 .type = NLA_BINARY, 915 .len = 8, 916 }, 917 [L2TP_ATTR_PEER_COOKIE] = { 918 .type = NLA_BINARY, 919 .len = 8, 920 }, 921 }; 922 923 static const struct genl_ops l2tp_nl_ops[] = { 924 { 925 .cmd = L2TP_CMD_NOOP, 926 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 927 .doit = l2tp_nl_cmd_noop, 928 /* can be retrieved by unprivileged users */ 929 }, 930 { 931 .cmd = L2TP_CMD_TUNNEL_CREATE, 932 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 933 .doit = l2tp_nl_cmd_tunnel_create, 934 .flags = GENL_UNS_ADMIN_PERM, 935 }, 936 { 937 .cmd = L2TP_CMD_TUNNEL_DELETE, 938 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 939 .doit = l2tp_nl_cmd_tunnel_delete, 940 .flags = GENL_UNS_ADMIN_PERM, 941 }, 942 { 943 .cmd = L2TP_CMD_TUNNEL_MODIFY, 944 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 945 .doit = l2tp_nl_cmd_tunnel_modify, 946 .flags = GENL_UNS_ADMIN_PERM, 947 }, 948 { 949 .cmd = L2TP_CMD_TUNNEL_GET, 950 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 951 .doit = l2tp_nl_cmd_tunnel_get, 952 .dumpit = l2tp_nl_cmd_tunnel_dump, 953 .flags = GENL_UNS_ADMIN_PERM, 954 }, 955 { 956 .cmd = L2TP_CMD_SESSION_CREATE, 957 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 958 .doit = l2tp_nl_cmd_session_create, 959 .flags = GENL_UNS_ADMIN_PERM, 960 }, 961 { 962 .cmd = L2TP_CMD_SESSION_DELETE, 963 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 964 .doit = l2tp_nl_cmd_session_delete, 965 .flags = GENL_UNS_ADMIN_PERM, 966 }, 967 { 968 .cmd = L2TP_CMD_SESSION_MODIFY, 969 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 970 .doit = l2tp_nl_cmd_session_modify, 971 .flags = GENL_UNS_ADMIN_PERM, 972 }, 973 { 974 .cmd = L2TP_CMD_SESSION_GET, 975 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 976 .doit = l2tp_nl_cmd_session_get, 977 .dumpit = l2tp_nl_cmd_session_dump, 978 .flags = GENL_UNS_ADMIN_PERM, 979 }, 980 }; 981 982 static struct genl_family l2tp_nl_family __ro_after_init = { 983 .name = L2TP_GENL_NAME, 984 .version = L2TP_GENL_VERSION, 985 .hdrsize = 0, 986 .maxattr = L2TP_ATTR_MAX, 987 .policy = l2tp_nl_policy, 988 .netnsok = true, 989 .module = THIS_MODULE, 990 .ops = l2tp_nl_ops, 991 .n_ops = ARRAY_SIZE(l2tp_nl_ops), 992 .mcgrps = l2tp_multicast_group, 993 .n_mcgrps = ARRAY_SIZE(l2tp_multicast_group), 994 }; 995 996 int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, const struct l2tp_nl_cmd_ops *ops) 997 { 998 int ret; 999 1000 ret = -EINVAL; 1001 if (pw_type >= __L2TP_PWTYPE_MAX) 1002 goto err; 1003 1004 genl_lock(); 1005 ret = -EBUSY; 1006 if (l2tp_nl_cmd_ops[pw_type]) 1007 goto out; 1008 1009 l2tp_nl_cmd_ops[pw_type] = ops; 1010 ret = 0; 1011 1012 out: 1013 genl_unlock(); 1014 err: 1015 return ret; 1016 } 1017 EXPORT_SYMBOL_GPL(l2tp_nl_register_ops); 1018 1019 void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type) 1020 { 1021 if (pw_type < __L2TP_PWTYPE_MAX) { 1022 genl_lock(); 1023 l2tp_nl_cmd_ops[pw_type] = NULL; 1024 genl_unlock(); 1025 } 1026 } 1027 EXPORT_SYMBOL_GPL(l2tp_nl_unregister_ops); 1028 1029 static int __init l2tp_nl_init(void) 1030 { 1031 pr_info("L2TP netlink interface\n"); 1032 return genl_register_family(&l2tp_nl_family); 1033 } 1034 1035 static void l2tp_nl_cleanup(void) 1036 { 1037 genl_unregister_family(&l2tp_nl_family); 1038 } 1039 1040 module_init(l2tp_nl_init); 1041 module_exit(l2tp_nl_cleanup); 1042 1043 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>"); 1044 MODULE_DESCRIPTION("L2TP netlink"); 1045 MODULE_LICENSE("GPL"); 1046 MODULE_VERSION("1.0"); 1047 MODULE_ALIAS_GENL_FAMILY("l2tp"); 1048