1 /***************************************************************************** 2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets 3 * 4 * PPPoX --- Generic PPP encapsulation socket family 5 * PPPoL2TP --- PPP over L2TP (RFC 2661) 6 * 7 * Version: 2.0.0 8 * 9 * Authors: James Chapman (jchapman@katalix.com) 10 * 11 * Based on original work by Martijn van Oosterhout <kleptog@svana.org> 12 * 13 * License: 14 * This program is free software; you can redistribute it and/or 15 * modify it under the terms of the GNU General Public License 16 * as published by the Free Software Foundation; either version 17 * 2 of the License, or (at your option) any later version. 18 * 19 */ 20 21 /* This driver handles only L2TP data frames; control frames are handled by a 22 * userspace application. 23 * 24 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and 25 * attaches it to a bound UDP socket with local tunnel_id / session_id and 26 * peer tunnel_id / session_id set. Data can then be sent or received using 27 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket 28 * can be read or modified using ioctl() or [gs]etsockopt() calls. 29 * 30 * When a PPPoL2TP socket is connected with local and peer session_id values 31 * zero, the socket is treated as a special tunnel management socket. 32 * 33 * Here's example userspace code to create a socket for sending/receiving data 34 * over an L2TP session:- 35 * 36 * struct sockaddr_pppol2tp sax; 37 * int fd; 38 * int session_fd; 39 * 40 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); 41 * 42 * sax.sa_family = AF_PPPOX; 43 * sax.sa_protocol = PX_PROTO_OL2TP; 44 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket 45 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr; 46 * sax.pppol2tp.addr.sin_port = addr->sin_port; 47 * sax.pppol2tp.addr.sin_family = AF_INET; 48 * sax.pppol2tp.s_tunnel = tunnel_id; 49 * sax.pppol2tp.s_session = session_id; 50 * sax.pppol2tp.d_tunnel = peer_tunnel_id; 51 * sax.pppol2tp.d_session = peer_session_id; 52 * 53 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax)); 54 * 55 * A pppd plugin that allows PPP traffic to be carried over L2TP using 56 * this driver is available from the OpenL2TP project at 57 * http://openl2tp.sourceforge.net. 58 */ 59 60 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 61 62 #include <linux/module.h> 63 #include <linux/string.h> 64 #include <linux/list.h> 65 #include <linux/uaccess.h> 66 67 #include <linux/kernel.h> 68 #include <linux/spinlock.h> 69 #include <linux/kthread.h> 70 #include <linux/sched.h> 71 #include <linux/slab.h> 72 #include <linux/errno.h> 73 #include <linux/jiffies.h> 74 75 #include <linux/netdevice.h> 76 #include <linux/net.h> 77 #include <linux/inetdevice.h> 78 #include <linux/skbuff.h> 79 #include <linux/init.h> 80 #include <linux/ip.h> 81 #include <linux/udp.h> 82 #include <linux/if_pppox.h> 83 #include <linux/if_pppol2tp.h> 84 #include <net/sock.h> 85 #include <linux/ppp_channel.h> 86 #include <linux/ppp_defs.h> 87 #include <linux/ppp-ioctl.h> 88 #include <linux/file.h> 89 #include <linux/hash.h> 90 #include <linux/sort.h> 91 #include <linux/proc_fs.h> 92 #include <linux/l2tp.h> 93 #include <linux/nsproxy.h> 94 #include <net/net_namespace.h> 95 #include <net/netns/generic.h> 96 #include <net/dst.h> 97 #include <net/ip.h> 98 #include <net/udp.h> 99 #include <net/xfrm.h> 100 101 #include <asm/byteorder.h> 102 #include <linux/atomic.h> 103 104 #include "l2tp_core.h" 105 106 #define PPPOL2TP_DRV_VERSION "V2.0" 107 108 /* Space for UDP, L2TP and PPP headers */ 109 #define PPPOL2TP_HEADER_OVERHEAD 40 110 111 /* Number of bytes to build transmit L2TP headers. 112 * Unfortunately the size is different depending on whether sequence numbers 113 * are enabled. 114 */ 115 #define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10 116 #define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6 117 118 /* Private data of each session. This data lives at the end of struct 119 * l2tp_session, referenced via session->priv[]. 120 */ 121 struct pppol2tp_session { 122 int owner; /* pid that opened the socket */ 123 124 struct sock *sock; /* Pointer to the session 125 * PPPoX socket */ 126 struct sock *tunnel_sock; /* Pointer to the tunnel UDP 127 * socket */ 128 int flags; /* accessed by PPPIOCGFLAGS. 129 * Unused. */ 130 }; 131 132 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb); 133 134 static const struct ppp_channel_ops pppol2tp_chan_ops = { 135 .start_xmit = pppol2tp_xmit, 136 }; 137 138 static const struct proto_ops pppol2tp_ops; 139 140 /* Helpers to obtain tunnel/session contexts from sockets. 141 */ 142 static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk) 143 { 144 struct l2tp_session *session; 145 146 if (sk == NULL) 147 return NULL; 148 149 sock_hold(sk); 150 session = (struct l2tp_session *)(sk->sk_user_data); 151 if (session == NULL) { 152 sock_put(sk); 153 goto out; 154 } 155 156 BUG_ON(session->magic != L2TP_SESSION_MAGIC); 157 158 out: 159 return session; 160 } 161 162 /***************************************************************************** 163 * Receive data handling 164 *****************************************************************************/ 165 166 static int pppol2tp_recv_payload_hook(struct sk_buff *skb) 167 { 168 /* Skip PPP header, if present. In testing, Microsoft L2TP clients 169 * don't send the PPP header (PPP header compression enabled), but 170 * other clients can include the header. So we cope with both cases 171 * here. The PPP header is always FF03 when using L2TP. 172 * 173 * Note that skb->data[] isn't dereferenced from a u16 ptr here since 174 * the field may be unaligned. 175 */ 176 if (!pskb_may_pull(skb, 2)) 177 return 1; 178 179 if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03)) 180 skb_pull(skb, 2); 181 182 return 0; 183 } 184 185 /* Receive message. This is the recvmsg for the PPPoL2TP socket. 186 */ 187 static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock, 188 struct msghdr *msg, size_t len, 189 int flags) 190 { 191 int err; 192 struct sk_buff *skb; 193 struct sock *sk = sock->sk; 194 195 err = -EIO; 196 if (sk->sk_state & PPPOX_BOUND) 197 goto end; 198 199 msg->msg_namelen = 0; 200 201 err = 0; 202 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 203 flags & MSG_DONTWAIT, &err); 204 if (!skb) 205 goto end; 206 207 if (len > skb->len) 208 len = skb->len; 209 else if (len < skb->len) 210 msg->msg_flags |= MSG_TRUNC; 211 212 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len); 213 if (likely(err == 0)) 214 err = len; 215 216 kfree_skb(skb); 217 end: 218 return err; 219 } 220 221 static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len) 222 { 223 struct pppol2tp_session *ps = l2tp_session_priv(session); 224 struct sock *sk = NULL; 225 226 /* If the socket is bound, send it in to PPP's input queue. Otherwise 227 * queue it on the session socket. 228 */ 229 sk = ps->sock; 230 if (sk == NULL) 231 goto no_sock; 232 233 if (sk->sk_state & PPPOX_BOUND) { 234 struct pppox_sock *po; 235 l2tp_dbg(session, PPPOL2TP_MSG_DATA, 236 "%s: recv %d byte data frame, passing to ppp\n", 237 session->name, data_len); 238 239 /* We need to forget all info related to the L2TP packet 240 * gathered in the skb as we are going to reuse the same 241 * skb for the inner packet. 242 * Namely we need to: 243 * - reset xfrm (IPSec) information as it applies to 244 * the outer L2TP packet and not to the inner one 245 * - release the dst to force a route lookup on the inner 246 * IP packet since skb->dst currently points to the dst 247 * of the UDP tunnel 248 * - reset netfilter information as it doesn't apply 249 * to the inner packet either 250 */ 251 secpath_reset(skb); 252 skb_dst_drop(skb); 253 nf_reset(skb); 254 255 po = pppox_sk(sk); 256 ppp_input(&po->chan, skb); 257 } else { 258 l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: socket not bound\n", 259 session->name); 260 261 /* Not bound. Nothing we can do, so discard. */ 262 session->stats.rx_errors++; 263 kfree_skb(skb); 264 } 265 266 return; 267 268 no_sock: 269 l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: no socket\n", session->name); 270 kfree_skb(skb); 271 } 272 273 static void pppol2tp_session_sock_hold(struct l2tp_session *session) 274 { 275 struct pppol2tp_session *ps = l2tp_session_priv(session); 276 277 if (ps->sock) 278 sock_hold(ps->sock); 279 } 280 281 static void pppol2tp_session_sock_put(struct l2tp_session *session) 282 { 283 struct pppol2tp_session *ps = l2tp_session_priv(session); 284 285 if (ps->sock) 286 sock_put(ps->sock); 287 } 288 289 /************************************************************************ 290 * Transmit handling 291 ***********************************************************************/ 292 293 /* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here 294 * when a user application does a sendmsg() on the session socket. L2TP and 295 * PPP headers must be inserted into the user's data. 296 */ 297 static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, 298 size_t total_len) 299 { 300 static const unsigned char ppph[2] = { 0xff, 0x03 }; 301 struct sock *sk = sock->sk; 302 struct sk_buff *skb; 303 int error; 304 struct l2tp_session *session; 305 struct l2tp_tunnel *tunnel; 306 struct pppol2tp_session *ps; 307 int uhlen; 308 309 error = -ENOTCONN; 310 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) 311 goto error; 312 313 /* Get session and tunnel contexts */ 314 error = -EBADF; 315 session = pppol2tp_sock_to_session(sk); 316 if (session == NULL) 317 goto error; 318 319 ps = l2tp_session_priv(session); 320 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock); 321 if (tunnel == NULL) 322 goto error_put_sess; 323 324 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0; 325 326 /* Allocate a socket buffer */ 327 error = -ENOMEM; 328 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) + 329 uhlen + session->hdr_len + 330 sizeof(ppph) + total_len, 331 0, GFP_KERNEL); 332 if (!skb) 333 goto error_put_sess_tun; 334 335 /* Reserve space for headers. */ 336 skb_reserve(skb, NET_SKB_PAD); 337 skb_reset_network_header(skb); 338 skb_reserve(skb, sizeof(struct iphdr)); 339 skb_reset_transport_header(skb); 340 skb_reserve(skb, uhlen); 341 342 /* Add PPP header */ 343 skb->data[0] = ppph[0]; 344 skb->data[1] = ppph[1]; 345 skb_put(skb, 2); 346 347 /* Copy user data into skb */ 348 error = memcpy_fromiovec(skb->data, m->msg_iov, total_len); 349 if (error < 0) { 350 kfree_skb(skb); 351 goto error_put_sess_tun; 352 } 353 skb_put(skb, total_len); 354 355 l2tp_xmit_skb(session, skb, session->hdr_len); 356 357 sock_put(ps->tunnel_sock); 358 359 return error; 360 361 error_put_sess_tun: 362 sock_put(ps->tunnel_sock); 363 error_put_sess: 364 sock_put(sk); 365 error: 366 return error; 367 } 368 369 /* Transmit function called by generic PPP driver. Sends PPP frame 370 * over PPPoL2TP socket. 371 * 372 * This is almost the same as pppol2tp_sendmsg(), but rather than 373 * being called with a msghdr from userspace, it is called with a skb 374 * from the kernel. 375 * 376 * The supplied skb from ppp doesn't have enough headroom for the 377 * insertion of L2TP, UDP and IP headers so we need to allocate more 378 * headroom in the skb. This will create a cloned skb. But we must be 379 * careful in the error case because the caller will expect to free 380 * the skb it supplied, not our cloned skb. So we take care to always 381 * leave the original skb unfreed if we return an error. 382 */ 383 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb) 384 { 385 static const u8 ppph[2] = { 0xff, 0x03 }; 386 struct sock *sk = (struct sock *) chan->private; 387 struct sock *sk_tun; 388 struct l2tp_session *session; 389 struct l2tp_tunnel *tunnel; 390 struct pppol2tp_session *ps; 391 int uhlen, headroom; 392 393 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) 394 goto abort; 395 396 /* Get session and tunnel contexts from the socket */ 397 session = pppol2tp_sock_to_session(sk); 398 if (session == NULL) 399 goto abort; 400 401 ps = l2tp_session_priv(session); 402 sk_tun = ps->tunnel_sock; 403 if (sk_tun == NULL) 404 goto abort_put_sess; 405 tunnel = l2tp_sock_to_tunnel(sk_tun); 406 if (tunnel == NULL) 407 goto abort_put_sess; 408 409 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0; 410 headroom = NET_SKB_PAD + 411 sizeof(struct iphdr) + /* IP header */ 412 uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */ 413 session->hdr_len + /* L2TP header */ 414 sizeof(ppph); /* PPP header */ 415 if (skb_cow_head(skb, headroom)) 416 goto abort_put_sess_tun; 417 418 /* Setup PPP header */ 419 __skb_push(skb, sizeof(ppph)); 420 skb->data[0] = ppph[0]; 421 skb->data[1] = ppph[1]; 422 423 l2tp_xmit_skb(session, skb, session->hdr_len); 424 425 sock_put(sk_tun); 426 sock_put(sk); 427 return 1; 428 429 abort_put_sess_tun: 430 sock_put(sk_tun); 431 abort_put_sess: 432 sock_put(sk); 433 abort: 434 /* Free the original skb */ 435 kfree_skb(skb); 436 return 1; 437 } 438 439 /***************************************************************************** 440 * Session (and tunnel control) socket create/destroy. 441 *****************************************************************************/ 442 443 /* Called by l2tp_core when a session socket is being closed. 444 */ 445 static void pppol2tp_session_close(struct l2tp_session *session) 446 { 447 struct pppol2tp_session *ps = l2tp_session_priv(session); 448 struct sock *sk = ps->sock; 449 struct sk_buff *skb; 450 451 BUG_ON(session->magic != L2TP_SESSION_MAGIC); 452 453 if (session->session_id == 0) 454 goto out; 455 456 if (sk != NULL) { 457 lock_sock(sk); 458 459 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) { 460 pppox_unbind_sock(sk); 461 sk->sk_state = PPPOX_DEAD; 462 sk->sk_state_change(sk); 463 } 464 465 /* Purge any queued data */ 466 skb_queue_purge(&sk->sk_receive_queue); 467 skb_queue_purge(&sk->sk_write_queue); 468 while ((skb = skb_dequeue(&session->reorder_q))) { 469 kfree_skb(skb); 470 sock_put(sk); 471 } 472 473 release_sock(sk); 474 } 475 476 out: 477 return; 478 } 479 480 /* Really kill the session socket. (Called from sock_put() if 481 * refcnt == 0.) 482 */ 483 static void pppol2tp_session_destruct(struct sock *sk) 484 { 485 struct l2tp_session *session; 486 487 if (sk->sk_user_data != NULL) { 488 session = sk->sk_user_data; 489 if (session == NULL) 490 goto out; 491 492 sk->sk_user_data = NULL; 493 BUG_ON(session->magic != L2TP_SESSION_MAGIC); 494 l2tp_session_dec_refcount(session); 495 } 496 497 out: 498 return; 499 } 500 501 /* Called when the PPPoX socket (session) is closed. 502 */ 503 static int pppol2tp_release(struct socket *sock) 504 { 505 struct sock *sk = sock->sk; 506 struct l2tp_session *session; 507 int error; 508 509 if (!sk) 510 return 0; 511 512 error = -EBADF; 513 lock_sock(sk); 514 if (sock_flag(sk, SOCK_DEAD) != 0) 515 goto error; 516 517 pppox_unbind_sock(sk); 518 519 /* Signal the death of the socket. */ 520 sk->sk_state = PPPOX_DEAD; 521 sock_orphan(sk); 522 sock->sk = NULL; 523 524 session = pppol2tp_sock_to_session(sk); 525 526 /* Purge any queued data */ 527 skb_queue_purge(&sk->sk_receive_queue); 528 skb_queue_purge(&sk->sk_write_queue); 529 if (session != NULL) { 530 struct sk_buff *skb; 531 while ((skb = skb_dequeue(&session->reorder_q))) { 532 kfree_skb(skb); 533 sock_put(sk); 534 } 535 sock_put(sk); 536 } 537 538 release_sock(sk); 539 540 /* This will delete the session context via 541 * pppol2tp_session_destruct() if the socket's refcnt drops to 542 * zero. 543 */ 544 sock_put(sk); 545 546 return 0; 547 548 error: 549 release_sock(sk); 550 return error; 551 } 552 553 static struct proto pppol2tp_sk_proto = { 554 .name = "PPPOL2TP", 555 .owner = THIS_MODULE, 556 .obj_size = sizeof(struct pppox_sock), 557 }; 558 559 static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb) 560 { 561 int rc; 562 563 rc = l2tp_udp_encap_recv(sk, skb); 564 if (rc) 565 kfree_skb(skb); 566 567 return NET_RX_SUCCESS; 568 } 569 570 /* socket() handler. Initialize a new struct sock. 571 */ 572 static int pppol2tp_create(struct net *net, struct socket *sock) 573 { 574 int error = -ENOMEM; 575 struct sock *sk; 576 577 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto); 578 if (!sk) 579 goto out; 580 581 sock_init_data(sock, sk); 582 583 sock->state = SS_UNCONNECTED; 584 sock->ops = &pppol2tp_ops; 585 586 sk->sk_backlog_rcv = pppol2tp_backlog_recv; 587 sk->sk_protocol = PX_PROTO_OL2TP; 588 sk->sk_family = PF_PPPOX; 589 sk->sk_state = PPPOX_NONE; 590 sk->sk_type = SOCK_STREAM; 591 sk->sk_destruct = pppol2tp_session_destruct; 592 593 error = 0; 594 595 out: 596 return error; 597 } 598 599 #if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE) 600 static void pppol2tp_show(struct seq_file *m, void *arg) 601 { 602 struct l2tp_session *session = arg; 603 struct pppol2tp_session *ps = l2tp_session_priv(session); 604 605 if (ps) { 606 struct pppox_sock *po = pppox_sk(ps->sock); 607 if (po) 608 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan)); 609 } 610 } 611 #endif 612 613 /* connect() handler. Attach a PPPoX socket to a tunnel UDP socket 614 */ 615 static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, 616 int sockaddr_len, int flags) 617 { 618 struct sock *sk = sock->sk; 619 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr; 620 struct pppox_sock *po = pppox_sk(sk); 621 struct l2tp_session *session = NULL; 622 struct l2tp_tunnel *tunnel; 623 struct pppol2tp_session *ps; 624 struct dst_entry *dst; 625 struct l2tp_session_cfg cfg = { 0, }; 626 int error = 0; 627 u32 tunnel_id, peer_tunnel_id; 628 u32 session_id, peer_session_id; 629 int ver = 2; 630 int fd; 631 632 lock_sock(sk); 633 634 error = -EINVAL; 635 if (sp->sa_protocol != PX_PROTO_OL2TP) 636 goto end; 637 638 /* Check for already bound sockets */ 639 error = -EBUSY; 640 if (sk->sk_state & PPPOX_CONNECTED) 641 goto end; 642 643 /* We don't supporting rebinding anyway */ 644 error = -EALREADY; 645 if (sk->sk_user_data) 646 goto end; /* socket is already attached */ 647 648 /* Get params from socket address. Handle L2TPv2 and L2TPv3. 649 * This is nasty because there are different sockaddr_pppol2tp 650 * structs for L2TPv2, L2TPv3, over IPv4 and IPv6. We use 651 * the sockaddr size to determine which structure the caller 652 * is using. 653 */ 654 peer_tunnel_id = 0; 655 if (sockaddr_len == sizeof(struct sockaddr_pppol2tp)) { 656 fd = sp->pppol2tp.fd; 657 tunnel_id = sp->pppol2tp.s_tunnel; 658 peer_tunnel_id = sp->pppol2tp.d_tunnel; 659 session_id = sp->pppol2tp.s_session; 660 peer_session_id = sp->pppol2tp.d_session; 661 } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3)) { 662 struct sockaddr_pppol2tpv3 *sp3 = 663 (struct sockaddr_pppol2tpv3 *) sp; 664 ver = 3; 665 fd = sp3->pppol2tp.fd; 666 tunnel_id = sp3->pppol2tp.s_tunnel; 667 peer_tunnel_id = sp3->pppol2tp.d_tunnel; 668 session_id = sp3->pppol2tp.s_session; 669 peer_session_id = sp3->pppol2tp.d_session; 670 } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpin6)) { 671 struct sockaddr_pppol2tpin6 *sp6 = 672 (struct sockaddr_pppol2tpin6 *) sp; 673 fd = sp6->pppol2tp.fd; 674 tunnel_id = sp6->pppol2tp.s_tunnel; 675 peer_tunnel_id = sp6->pppol2tp.d_tunnel; 676 session_id = sp6->pppol2tp.s_session; 677 peer_session_id = sp6->pppol2tp.d_session; 678 } else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3in6)) { 679 struct sockaddr_pppol2tpv3in6 *sp6 = 680 (struct sockaddr_pppol2tpv3in6 *) sp; 681 ver = 3; 682 fd = sp6->pppol2tp.fd; 683 tunnel_id = sp6->pppol2tp.s_tunnel; 684 peer_tunnel_id = sp6->pppol2tp.d_tunnel; 685 session_id = sp6->pppol2tp.s_session; 686 peer_session_id = sp6->pppol2tp.d_session; 687 } else { 688 error = -EINVAL; 689 goto end; /* bad socket address */ 690 } 691 692 /* Don't bind if tunnel_id is 0 */ 693 error = -EINVAL; 694 if (tunnel_id == 0) 695 goto end; 696 697 tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id); 698 699 /* Special case: create tunnel context if session_id and 700 * peer_session_id is 0. Otherwise look up tunnel using supplied 701 * tunnel id. 702 */ 703 if ((session_id == 0) && (peer_session_id == 0)) { 704 if (tunnel == NULL) { 705 struct l2tp_tunnel_cfg tcfg = { 706 .encap = L2TP_ENCAPTYPE_UDP, 707 .debug = 0, 708 }; 709 error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel); 710 if (error < 0) 711 goto end; 712 } 713 } else { 714 /* Error if we can't find the tunnel */ 715 error = -ENOENT; 716 if (tunnel == NULL) 717 goto end; 718 719 /* Error if socket is not prepped */ 720 if (tunnel->sock == NULL) 721 goto end; 722 } 723 724 if (tunnel->recv_payload_hook == NULL) 725 tunnel->recv_payload_hook = pppol2tp_recv_payload_hook; 726 727 if (tunnel->peer_tunnel_id == 0) 728 tunnel->peer_tunnel_id = peer_tunnel_id; 729 730 /* Create session if it doesn't already exist. We handle the 731 * case where a session was previously created by the netlink 732 * interface by checking that the session doesn't already have 733 * a socket and its tunnel socket are what we expect. If any 734 * of those checks fail, return EEXIST to the caller. 735 */ 736 session = l2tp_session_find(sock_net(sk), tunnel, session_id); 737 if (session == NULL) { 738 /* Default MTU must allow space for UDP/L2TP/PPP 739 * headers. 740 */ 741 cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD; 742 743 /* Allocate and initialize a new session context. */ 744 session = l2tp_session_create(sizeof(struct pppol2tp_session), 745 tunnel, session_id, 746 peer_session_id, &cfg); 747 if (session == NULL) { 748 error = -ENOMEM; 749 goto end; 750 } 751 } else { 752 ps = l2tp_session_priv(session); 753 error = -EEXIST; 754 if (ps->sock != NULL) 755 goto end; 756 757 /* consistency checks */ 758 if (ps->tunnel_sock != tunnel->sock) 759 goto end; 760 } 761 762 /* Associate session with its PPPoL2TP socket */ 763 ps = l2tp_session_priv(session); 764 ps->owner = current->pid; 765 ps->sock = sk; 766 ps->tunnel_sock = tunnel->sock; 767 768 session->recv_skb = pppol2tp_recv; 769 session->session_close = pppol2tp_session_close; 770 #if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE) 771 session->show = pppol2tp_show; 772 #endif 773 774 /* We need to know each time a skb is dropped from the reorder 775 * queue. 776 */ 777 session->ref = pppol2tp_session_sock_hold; 778 session->deref = pppol2tp_session_sock_put; 779 780 /* If PMTU discovery was enabled, use the MTU that was discovered */ 781 dst = sk_dst_get(sk); 782 if (dst != NULL) { 783 u32 pmtu = dst_mtu(__sk_dst_get(sk)); 784 if (pmtu != 0) 785 session->mtu = session->mru = pmtu - 786 PPPOL2TP_HEADER_OVERHEAD; 787 dst_release(dst); 788 } 789 790 /* Special case: if source & dest session_id == 0x0000, this 791 * socket is being created to manage the tunnel. Just set up 792 * the internal context for use by ioctl() and sockopt() 793 * handlers. 794 */ 795 if ((session->session_id == 0) && 796 (session->peer_session_id == 0)) { 797 error = 0; 798 goto out_no_ppp; 799 } 800 801 /* The only header we need to worry about is the L2TP 802 * header. This size is different depending on whether 803 * sequence numbers are enabled for the data channel. 804 */ 805 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ; 806 807 po->chan.private = sk; 808 po->chan.ops = &pppol2tp_chan_ops; 809 po->chan.mtu = session->mtu; 810 811 error = ppp_register_net_channel(sock_net(sk), &po->chan); 812 if (error) 813 goto end; 814 815 out_no_ppp: 816 /* This is how we get the session context from the socket. */ 817 sk->sk_user_data = session; 818 sk->sk_state = PPPOX_CONNECTED; 819 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n", 820 session->name); 821 822 end: 823 release_sock(sk); 824 825 return error; 826 } 827 828 #ifdef CONFIG_L2TP_V3 829 830 /* Called when creating sessions via the netlink interface. 831 */ 832 static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg) 833 { 834 int error; 835 struct l2tp_tunnel *tunnel; 836 struct l2tp_session *session; 837 struct pppol2tp_session *ps; 838 839 tunnel = l2tp_tunnel_find(net, tunnel_id); 840 841 /* Error if we can't find the tunnel */ 842 error = -ENOENT; 843 if (tunnel == NULL) 844 goto out; 845 846 /* Error if tunnel socket is not prepped */ 847 if (tunnel->sock == NULL) 848 goto out; 849 850 /* Check that this session doesn't already exist */ 851 error = -EEXIST; 852 session = l2tp_session_find(net, tunnel, session_id); 853 if (session != NULL) 854 goto out; 855 856 /* Default MTU values. */ 857 if (cfg->mtu == 0) 858 cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD; 859 if (cfg->mru == 0) 860 cfg->mru = cfg->mtu; 861 862 /* Allocate and initialize a new session context. */ 863 error = -ENOMEM; 864 session = l2tp_session_create(sizeof(struct pppol2tp_session), 865 tunnel, session_id, 866 peer_session_id, cfg); 867 if (session == NULL) 868 goto out; 869 870 ps = l2tp_session_priv(session); 871 ps->tunnel_sock = tunnel->sock; 872 873 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n", 874 session->name); 875 876 error = 0; 877 878 out: 879 return error; 880 } 881 882 /* Called when deleting sessions via the netlink interface. 883 */ 884 static int pppol2tp_session_delete(struct l2tp_session *session) 885 { 886 struct pppol2tp_session *ps = l2tp_session_priv(session); 887 888 if (ps->sock == NULL) 889 l2tp_session_dec_refcount(session); 890 891 return 0; 892 } 893 894 #endif /* CONFIG_L2TP_V3 */ 895 896 /* getname() support. 897 */ 898 static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr, 899 int *usockaddr_len, int peer) 900 { 901 int len = 0; 902 int error = 0; 903 struct l2tp_session *session; 904 struct l2tp_tunnel *tunnel; 905 struct sock *sk = sock->sk; 906 struct inet_sock *inet; 907 struct pppol2tp_session *pls; 908 909 error = -ENOTCONN; 910 if (sk == NULL) 911 goto end; 912 if (sk->sk_state != PPPOX_CONNECTED) 913 goto end; 914 915 error = -EBADF; 916 session = pppol2tp_sock_to_session(sk); 917 if (session == NULL) 918 goto end; 919 920 pls = l2tp_session_priv(session); 921 tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock); 922 if (tunnel == NULL) { 923 error = -EBADF; 924 goto end_put_sess; 925 } 926 927 inet = inet_sk(tunnel->sock); 928 if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) { 929 struct sockaddr_pppol2tp sp; 930 len = sizeof(sp); 931 memset(&sp, 0, len); 932 sp.sa_family = AF_PPPOX; 933 sp.sa_protocol = PX_PROTO_OL2TP; 934 sp.pppol2tp.fd = tunnel->fd; 935 sp.pppol2tp.pid = pls->owner; 936 sp.pppol2tp.s_tunnel = tunnel->tunnel_id; 937 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id; 938 sp.pppol2tp.s_session = session->session_id; 939 sp.pppol2tp.d_session = session->peer_session_id; 940 sp.pppol2tp.addr.sin_family = AF_INET; 941 sp.pppol2tp.addr.sin_port = inet->inet_dport; 942 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr; 943 memcpy(uaddr, &sp, len); 944 #if IS_ENABLED(CONFIG_IPV6) 945 } else if ((tunnel->version == 2) && 946 (tunnel->sock->sk_family == AF_INET6)) { 947 struct ipv6_pinfo *np = inet6_sk(tunnel->sock); 948 struct sockaddr_pppol2tpin6 sp; 949 len = sizeof(sp); 950 memset(&sp, 0, len); 951 sp.sa_family = AF_PPPOX; 952 sp.sa_protocol = PX_PROTO_OL2TP; 953 sp.pppol2tp.fd = tunnel->fd; 954 sp.pppol2tp.pid = pls->owner; 955 sp.pppol2tp.s_tunnel = tunnel->tunnel_id; 956 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id; 957 sp.pppol2tp.s_session = session->session_id; 958 sp.pppol2tp.d_session = session->peer_session_id; 959 sp.pppol2tp.addr.sin6_family = AF_INET6; 960 sp.pppol2tp.addr.sin6_port = inet->inet_dport; 961 memcpy(&sp.pppol2tp.addr.sin6_addr, &np->daddr, 962 sizeof(np->daddr)); 963 memcpy(uaddr, &sp, len); 964 } else if ((tunnel->version == 3) && 965 (tunnel->sock->sk_family == AF_INET6)) { 966 struct ipv6_pinfo *np = inet6_sk(tunnel->sock); 967 struct sockaddr_pppol2tpv3in6 sp; 968 len = sizeof(sp); 969 memset(&sp, 0, len); 970 sp.sa_family = AF_PPPOX; 971 sp.sa_protocol = PX_PROTO_OL2TP; 972 sp.pppol2tp.fd = tunnel->fd; 973 sp.pppol2tp.pid = pls->owner; 974 sp.pppol2tp.s_tunnel = tunnel->tunnel_id; 975 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id; 976 sp.pppol2tp.s_session = session->session_id; 977 sp.pppol2tp.d_session = session->peer_session_id; 978 sp.pppol2tp.addr.sin6_family = AF_INET6; 979 sp.pppol2tp.addr.sin6_port = inet->inet_dport; 980 memcpy(&sp.pppol2tp.addr.sin6_addr, &np->daddr, 981 sizeof(np->daddr)); 982 memcpy(uaddr, &sp, len); 983 #endif 984 } else if (tunnel->version == 3) { 985 struct sockaddr_pppol2tpv3 sp; 986 len = sizeof(sp); 987 memset(&sp, 0, len); 988 sp.sa_family = AF_PPPOX; 989 sp.sa_protocol = PX_PROTO_OL2TP; 990 sp.pppol2tp.fd = tunnel->fd; 991 sp.pppol2tp.pid = pls->owner; 992 sp.pppol2tp.s_tunnel = tunnel->tunnel_id; 993 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id; 994 sp.pppol2tp.s_session = session->session_id; 995 sp.pppol2tp.d_session = session->peer_session_id; 996 sp.pppol2tp.addr.sin_family = AF_INET; 997 sp.pppol2tp.addr.sin_port = inet->inet_dport; 998 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr; 999 memcpy(uaddr, &sp, len); 1000 } 1001 1002 *usockaddr_len = len; 1003 1004 sock_put(pls->tunnel_sock); 1005 end_put_sess: 1006 sock_put(sk); 1007 error = 0; 1008 1009 end: 1010 return error; 1011 } 1012 1013 /**************************************************************************** 1014 * ioctl() handlers. 1015 * 1016 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP 1017 * sockets. However, in order to control kernel tunnel features, we allow 1018 * userspace to create a special "tunnel" PPPoX socket which is used for 1019 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow 1020 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl() 1021 * calls. 1022 ****************************************************************************/ 1023 1024 static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest, 1025 struct l2tp_stats *stats) 1026 { 1027 dest->tx_packets = stats->tx_packets; 1028 dest->tx_bytes = stats->tx_bytes; 1029 dest->tx_errors = stats->tx_errors; 1030 dest->rx_packets = stats->rx_packets; 1031 dest->rx_bytes = stats->rx_bytes; 1032 dest->rx_seq_discards = stats->rx_seq_discards; 1033 dest->rx_oos_packets = stats->rx_oos_packets; 1034 dest->rx_errors = stats->rx_errors; 1035 } 1036 1037 /* Session ioctl helper. 1038 */ 1039 static int pppol2tp_session_ioctl(struct l2tp_session *session, 1040 unsigned int cmd, unsigned long arg) 1041 { 1042 struct ifreq ifr; 1043 int err = 0; 1044 struct sock *sk; 1045 int val = (int) arg; 1046 struct pppol2tp_session *ps = l2tp_session_priv(session); 1047 struct l2tp_tunnel *tunnel = session->tunnel; 1048 struct pppol2tp_ioc_stats stats; 1049 1050 l2tp_dbg(session, PPPOL2TP_MSG_CONTROL, 1051 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n", 1052 session->name, cmd, arg); 1053 1054 sk = ps->sock; 1055 sock_hold(sk); 1056 1057 switch (cmd) { 1058 case SIOCGIFMTU: 1059 err = -ENXIO; 1060 if (!(sk->sk_state & PPPOX_CONNECTED)) 1061 break; 1062 1063 err = -EFAULT; 1064 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq))) 1065 break; 1066 ifr.ifr_mtu = session->mtu; 1067 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq))) 1068 break; 1069 1070 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mtu=%d\n", 1071 session->name, session->mtu); 1072 err = 0; 1073 break; 1074 1075 case SIOCSIFMTU: 1076 err = -ENXIO; 1077 if (!(sk->sk_state & PPPOX_CONNECTED)) 1078 break; 1079 1080 err = -EFAULT; 1081 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq))) 1082 break; 1083 1084 session->mtu = ifr.ifr_mtu; 1085 1086 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mtu=%d\n", 1087 session->name, session->mtu); 1088 err = 0; 1089 break; 1090 1091 case PPPIOCGMRU: 1092 err = -ENXIO; 1093 if (!(sk->sk_state & PPPOX_CONNECTED)) 1094 break; 1095 1096 err = -EFAULT; 1097 if (put_user(session->mru, (int __user *) arg)) 1098 break; 1099 1100 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mru=%d\n", 1101 session->name, session->mru); 1102 err = 0; 1103 break; 1104 1105 case PPPIOCSMRU: 1106 err = -ENXIO; 1107 if (!(sk->sk_state & PPPOX_CONNECTED)) 1108 break; 1109 1110 err = -EFAULT; 1111 if (get_user(val, (int __user *) arg)) 1112 break; 1113 1114 session->mru = val; 1115 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mru=%d\n", 1116 session->name, session->mru); 1117 err = 0; 1118 break; 1119 1120 case PPPIOCGFLAGS: 1121 err = -EFAULT; 1122 if (put_user(ps->flags, (int __user *) arg)) 1123 break; 1124 1125 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get flags=%d\n", 1126 session->name, ps->flags); 1127 err = 0; 1128 break; 1129 1130 case PPPIOCSFLAGS: 1131 err = -EFAULT; 1132 if (get_user(val, (int __user *) arg)) 1133 break; 1134 ps->flags = val; 1135 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set flags=%d\n", 1136 session->name, ps->flags); 1137 err = 0; 1138 break; 1139 1140 case PPPIOCGL2TPSTATS: 1141 err = -ENXIO; 1142 if (!(sk->sk_state & PPPOX_CONNECTED)) 1143 break; 1144 1145 memset(&stats, 0, sizeof(stats)); 1146 stats.tunnel_id = tunnel->tunnel_id; 1147 stats.session_id = session->session_id; 1148 pppol2tp_copy_stats(&stats, &session->stats); 1149 if (copy_to_user((void __user *) arg, &stats, 1150 sizeof(stats))) 1151 break; 1152 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n", 1153 session->name); 1154 err = 0; 1155 break; 1156 1157 default: 1158 err = -ENOSYS; 1159 break; 1160 } 1161 1162 sock_put(sk); 1163 1164 return err; 1165 } 1166 1167 /* Tunnel ioctl helper. 1168 * 1169 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data 1170 * specifies a session_id, the session ioctl handler is called. This allows an 1171 * application to retrieve session stats via a tunnel socket. 1172 */ 1173 static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel, 1174 unsigned int cmd, unsigned long arg) 1175 { 1176 int err = 0; 1177 struct sock *sk; 1178 struct pppol2tp_ioc_stats stats; 1179 1180 l2tp_dbg(tunnel, PPPOL2TP_MSG_CONTROL, 1181 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", 1182 tunnel->name, cmd, arg); 1183 1184 sk = tunnel->sock; 1185 sock_hold(sk); 1186 1187 switch (cmd) { 1188 case PPPIOCGL2TPSTATS: 1189 err = -ENXIO; 1190 if (!(sk->sk_state & PPPOX_CONNECTED)) 1191 break; 1192 1193 if (copy_from_user(&stats, (void __user *) arg, 1194 sizeof(stats))) { 1195 err = -EFAULT; 1196 break; 1197 } 1198 if (stats.session_id != 0) { 1199 /* resend to session ioctl handler */ 1200 struct l2tp_session *session = 1201 l2tp_session_find(sock_net(sk), tunnel, stats.session_id); 1202 if (session != NULL) 1203 err = pppol2tp_session_ioctl(session, cmd, arg); 1204 else 1205 err = -EBADR; 1206 break; 1207 } 1208 #ifdef CONFIG_XFRM 1209 stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0; 1210 #endif 1211 pppol2tp_copy_stats(&stats, &tunnel->stats); 1212 if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) { 1213 err = -EFAULT; 1214 break; 1215 } 1216 l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n", 1217 tunnel->name); 1218 err = 0; 1219 break; 1220 1221 default: 1222 err = -ENOSYS; 1223 break; 1224 } 1225 1226 sock_put(sk); 1227 1228 return err; 1229 } 1230 1231 /* Main ioctl() handler. 1232 * Dispatch to tunnel or session helpers depending on the socket. 1233 */ 1234 static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd, 1235 unsigned long arg) 1236 { 1237 struct sock *sk = sock->sk; 1238 struct l2tp_session *session; 1239 struct l2tp_tunnel *tunnel; 1240 struct pppol2tp_session *ps; 1241 int err; 1242 1243 if (!sk) 1244 return 0; 1245 1246 err = -EBADF; 1247 if (sock_flag(sk, SOCK_DEAD) != 0) 1248 goto end; 1249 1250 err = -ENOTCONN; 1251 if ((sk->sk_user_data == NULL) || 1252 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)))) 1253 goto end; 1254 1255 /* Get session context from the socket */ 1256 err = -EBADF; 1257 session = pppol2tp_sock_to_session(sk); 1258 if (session == NULL) 1259 goto end; 1260 1261 /* Special case: if session's session_id is zero, treat ioctl as a 1262 * tunnel ioctl 1263 */ 1264 ps = l2tp_session_priv(session); 1265 if ((session->session_id == 0) && 1266 (session->peer_session_id == 0)) { 1267 err = -EBADF; 1268 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock); 1269 if (tunnel == NULL) 1270 goto end_put_sess; 1271 1272 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg); 1273 sock_put(ps->tunnel_sock); 1274 goto end_put_sess; 1275 } 1276 1277 err = pppol2tp_session_ioctl(session, cmd, arg); 1278 1279 end_put_sess: 1280 sock_put(sk); 1281 end: 1282 return err; 1283 } 1284 1285 /***************************************************************************** 1286 * setsockopt() / getsockopt() support. 1287 * 1288 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP 1289 * sockets. In order to control kernel tunnel features, we allow userspace to 1290 * create a special "tunnel" PPPoX socket which is used for control only. 1291 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user 1292 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls. 1293 *****************************************************************************/ 1294 1295 /* Tunnel setsockopt() helper. 1296 */ 1297 static int pppol2tp_tunnel_setsockopt(struct sock *sk, 1298 struct l2tp_tunnel *tunnel, 1299 int optname, int val) 1300 { 1301 int err = 0; 1302 1303 switch (optname) { 1304 case PPPOL2TP_SO_DEBUG: 1305 tunnel->debug = val; 1306 l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n", 1307 tunnel->name, tunnel->debug); 1308 break; 1309 1310 default: 1311 err = -ENOPROTOOPT; 1312 break; 1313 } 1314 1315 return err; 1316 } 1317 1318 /* Session setsockopt helper. 1319 */ 1320 static int pppol2tp_session_setsockopt(struct sock *sk, 1321 struct l2tp_session *session, 1322 int optname, int val) 1323 { 1324 int err = 0; 1325 struct pppol2tp_session *ps = l2tp_session_priv(session); 1326 1327 switch (optname) { 1328 case PPPOL2TP_SO_RECVSEQ: 1329 if ((val != 0) && (val != 1)) { 1330 err = -EINVAL; 1331 break; 1332 } 1333 session->recv_seq = val ? -1 : 0; 1334 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1335 "%s: set recv_seq=%d\n", 1336 session->name, session->recv_seq); 1337 break; 1338 1339 case PPPOL2TP_SO_SENDSEQ: 1340 if ((val != 0) && (val != 1)) { 1341 err = -EINVAL; 1342 break; 1343 } 1344 session->send_seq = val ? -1 : 0; 1345 { 1346 struct sock *ssk = ps->sock; 1347 struct pppox_sock *po = pppox_sk(ssk); 1348 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ : 1349 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ; 1350 } 1351 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1352 "%s: set send_seq=%d\n", 1353 session->name, session->send_seq); 1354 break; 1355 1356 case PPPOL2TP_SO_LNSMODE: 1357 if ((val != 0) && (val != 1)) { 1358 err = -EINVAL; 1359 break; 1360 } 1361 session->lns_mode = val ? -1 : 0; 1362 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1363 "%s: set lns_mode=%d\n", 1364 session->name, session->lns_mode); 1365 break; 1366 1367 case PPPOL2TP_SO_DEBUG: 1368 session->debug = val; 1369 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n", 1370 session->name, session->debug); 1371 break; 1372 1373 case PPPOL2TP_SO_REORDERTO: 1374 session->reorder_timeout = msecs_to_jiffies(val); 1375 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1376 "%s: set reorder_timeout=%d\n", 1377 session->name, session->reorder_timeout); 1378 break; 1379 1380 default: 1381 err = -ENOPROTOOPT; 1382 break; 1383 } 1384 1385 return err; 1386 } 1387 1388 /* Main setsockopt() entry point. 1389 * Does API checks, then calls either the tunnel or session setsockopt 1390 * handler, according to whether the PPPoL2TP socket is a for a regular 1391 * session or the special tunnel type. 1392 */ 1393 static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, 1394 char __user *optval, unsigned int optlen) 1395 { 1396 struct sock *sk = sock->sk; 1397 struct l2tp_session *session; 1398 struct l2tp_tunnel *tunnel; 1399 struct pppol2tp_session *ps; 1400 int val; 1401 int err; 1402 1403 if (level != SOL_PPPOL2TP) 1404 return udp_prot.setsockopt(sk, level, optname, optval, optlen); 1405 1406 if (optlen < sizeof(int)) 1407 return -EINVAL; 1408 1409 if (get_user(val, (int __user *)optval)) 1410 return -EFAULT; 1411 1412 err = -ENOTCONN; 1413 if (sk->sk_user_data == NULL) 1414 goto end; 1415 1416 /* Get session context from the socket */ 1417 err = -EBADF; 1418 session = pppol2tp_sock_to_session(sk); 1419 if (session == NULL) 1420 goto end; 1421 1422 /* Special case: if session_id == 0x0000, treat as operation on tunnel 1423 */ 1424 ps = l2tp_session_priv(session); 1425 if ((session->session_id == 0) && 1426 (session->peer_session_id == 0)) { 1427 err = -EBADF; 1428 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock); 1429 if (tunnel == NULL) 1430 goto end_put_sess; 1431 1432 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val); 1433 sock_put(ps->tunnel_sock); 1434 } else 1435 err = pppol2tp_session_setsockopt(sk, session, optname, val); 1436 1437 err = 0; 1438 1439 end_put_sess: 1440 sock_put(sk); 1441 end: 1442 return err; 1443 } 1444 1445 /* Tunnel getsockopt helper. Called with sock locked. 1446 */ 1447 static int pppol2tp_tunnel_getsockopt(struct sock *sk, 1448 struct l2tp_tunnel *tunnel, 1449 int optname, int *val) 1450 { 1451 int err = 0; 1452 1453 switch (optname) { 1454 case PPPOL2TP_SO_DEBUG: 1455 *val = tunnel->debug; 1456 l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get debug=%x\n", 1457 tunnel->name, tunnel->debug); 1458 break; 1459 1460 default: 1461 err = -ENOPROTOOPT; 1462 break; 1463 } 1464 1465 return err; 1466 } 1467 1468 /* Session getsockopt helper. Called with sock locked. 1469 */ 1470 static int pppol2tp_session_getsockopt(struct sock *sk, 1471 struct l2tp_session *session, 1472 int optname, int *val) 1473 { 1474 int err = 0; 1475 1476 switch (optname) { 1477 case PPPOL2TP_SO_RECVSEQ: 1478 *val = session->recv_seq; 1479 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1480 "%s: get recv_seq=%d\n", session->name, *val); 1481 break; 1482 1483 case PPPOL2TP_SO_SENDSEQ: 1484 *val = session->send_seq; 1485 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1486 "%s: get send_seq=%d\n", session->name, *val); 1487 break; 1488 1489 case PPPOL2TP_SO_LNSMODE: 1490 *val = session->lns_mode; 1491 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1492 "%s: get lns_mode=%d\n", session->name, *val); 1493 break; 1494 1495 case PPPOL2TP_SO_DEBUG: 1496 *val = session->debug; 1497 l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get debug=%d\n", 1498 session->name, *val); 1499 break; 1500 1501 case PPPOL2TP_SO_REORDERTO: 1502 *val = (int) jiffies_to_msecs(session->reorder_timeout); 1503 l2tp_info(session, PPPOL2TP_MSG_CONTROL, 1504 "%s: get reorder_timeout=%d\n", session->name, *val); 1505 break; 1506 1507 default: 1508 err = -ENOPROTOOPT; 1509 } 1510 1511 return err; 1512 } 1513 1514 /* Main getsockopt() entry point. 1515 * Does API checks, then calls either the tunnel or session getsockopt 1516 * handler, according to whether the PPPoX socket is a for a regular session 1517 * or the special tunnel type. 1518 */ 1519 static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, 1520 char __user *optval, int __user *optlen) 1521 { 1522 struct sock *sk = sock->sk; 1523 struct l2tp_session *session; 1524 struct l2tp_tunnel *tunnel; 1525 int val, len; 1526 int err; 1527 struct pppol2tp_session *ps; 1528 1529 if (level != SOL_PPPOL2TP) 1530 return udp_prot.getsockopt(sk, level, optname, optval, optlen); 1531 1532 if (get_user(len, optlen)) 1533 return -EFAULT; 1534 1535 len = min_t(unsigned int, len, sizeof(int)); 1536 1537 if (len < 0) 1538 return -EINVAL; 1539 1540 err = -ENOTCONN; 1541 if (sk->sk_user_data == NULL) 1542 goto end; 1543 1544 /* Get the session context */ 1545 err = -EBADF; 1546 session = pppol2tp_sock_to_session(sk); 1547 if (session == NULL) 1548 goto end; 1549 1550 /* Special case: if session_id == 0x0000, treat as operation on tunnel */ 1551 ps = l2tp_session_priv(session); 1552 if ((session->session_id == 0) && 1553 (session->peer_session_id == 0)) { 1554 err = -EBADF; 1555 tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock); 1556 if (tunnel == NULL) 1557 goto end_put_sess; 1558 1559 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val); 1560 sock_put(ps->tunnel_sock); 1561 } else 1562 err = pppol2tp_session_getsockopt(sk, session, optname, &val); 1563 1564 err = -EFAULT; 1565 if (put_user(len, optlen)) 1566 goto end_put_sess; 1567 1568 if (copy_to_user((void __user *) optval, &val, len)) 1569 goto end_put_sess; 1570 1571 err = 0; 1572 1573 end_put_sess: 1574 sock_put(sk); 1575 end: 1576 return err; 1577 } 1578 1579 /***************************************************************************** 1580 * /proc filesystem for debug 1581 * Since the original pppol2tp driver provided /proc/net/pppol2tp for 1582 * L2TPv2, we dump only L2TPv2 tunnels and sessions here. 1583 *****************************************************************************/ 1584 1585 static unsigned int pppol2tp_net_id; 1586 1587 #ifdef CONFIG_PROC_FS 1588 1589 struct pppol2tp_seq_data { 1590 struct seq_net_private p; 1591 int tunnel_idx; /* current tunnel */ 1592 int session_idx; /* index of session within current tunnel */ 1593 struct l2tp_tunnel *tunnel; 1594 struct l2tp_session *session; /* NULL means get next tunnel */ 1595 }; 1596 1597 static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd) 1598 { 1599 for (;;) { 1600 pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx); 1601 pd->tunnel_idx++; 1602 1603 if (pd->tunnel == NULL) 1604 break; 1605 1606 /* Ignore L2TPv3 tunnels */ 1607 if (pd->tunnel->version < 3) 1608 break; 1609 } 1610 } 1611 1612 static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd) 1613 { 1614 pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx); 1615 pd->session_idx++; 1616 1617 if (pd->session == NULL) { 1618 pd->session_idx = 0; 1619 pppol2tp_next_tunnel(net, pd); 1620 } 1621 } 1622 1623 static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs) 1624 { 1625 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN; 1626 loff_t pos = *offs; 1627 struct net *net; 1628 1629 if (!pos) 1630 goto out; 1631 1632 BUG_ON(m->private == NULL); 1633 pd = m->private; 1634 net = seq_file_net(m); 1635 1636 if (pd->tunnel == NULL) 1637 pppol2tp_next_tunnel(net, pd); 1638 else 1639 pppol2tp_next_session(net, pd); 1640 1641 /* NULL tunnel and session indicates end of list */ 1642 if ((pd->tunnel == NULL) && (pd->session == NULL)) 1643 pd = NULL; 1644 1645 out: 1646 return pd; 1647 } 1648 1649 static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos) 1650 { 1651 (*pos)++; 1652 return NULL; 1653 } 1654 1655 static void pppol2tp_seq_stop(struct seq_file *p, void *v) 1656 { 1657 /* nothing to do */ 1658 } 1659 1660 static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v) 1661 { 1662 struct l2tp_tunnel *tunnel = v; 1663 1664 seq_printf(m, "\nTUNNEL '%s', %c %d\n", 1665 tunnel->name, 1666 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N', 1667 atomic_read(&tunnel->ref_count) - 1); 1668 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n", 1669 tunnel->debug, 1670 (unsigned long long)tunnel->stats.tx_packets, 1671 (unsigned long long)tunnel->stats.tx_bytes, 1672 (unsigned long long)tunnel->stats.tx_errors, 1673 (unsigned long long)tunnel->stats.rx_packets, 1674 (unsigned long long)tunnel->stats.rx_bytes, 1675 (unsigned long long)tunnel->stats.rx_errors); 1676 } 1677 1678 static void pppol2tp_seq_session_show(struct seq_file *m, void *v) 1679 { 1680 struct l2tp_session *session = v; 1681 struct l2tp_tunnel *tunnel = session->tunnel; 1682 struct pppol2tp_session *ps = l2tp_session_priv(session); 1683 struct pppox_sock *po = pppox_sk(ps->sock); 1684 u32 ip = 0; 1685 u16 port = 0; 1686 1687 if (tunnel->sock) { 1688 struct inet_sock *inet = inet_sk(tunnel->sock); 1689 ip = ntohl(inet->inet_saddr); 1690 port = ntohs(inet->inet_sport); 1691 } 1692 1693 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> " 1694 "%04X/%04X %d %c\n", 1695 session->name, ip, port, 1696 tunnel->tunnel_id, 1697 session->session_id, 1698 tunnel->peer_tunnel_id, 1699 session->peer_session_id, 1700 ps->sock->sk_state, 1701 (session == ps->sock->sk_user_data) ? 1702 'Y' : 'N'); 1703 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n", 1704 session->mtu, session->mru, 1705 session->recv_seq ? 'R' : '-', 1706 session->send_seq ? 'S' : '-', 1707 session->lns_mode ? "LNS" : "LAC", 1708 session->debug, 1709 jiffies_to_msecs(session->reorder_timeout)); 1710 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n", 1711 session->nr, session->ns, 1712 (unsigned long long)session->stats.tx_packets, 1713 (unsigned long long)session->stats.tx_bytes, 1714 (unsigned long long)session->stats.tx_errors, 1715 (unsigned long long)session->stats.rx_packets, 1716 (unsigned long long)session->stats.rx_bytes, 1717 (unsigned long long)session->stats.rx_errors); 1718 1719 if (po) 1720 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan)); 1721 } 1722 1723 static int pppol2tp_seq_show(struct seq_file *m, void *v) 1724 { 1725 struct pppol2tp_seq_data *pd = v; 1726 1727 /* display header on line 1 */ 1728 if (v == SEQ_START_TOKEN) { 1729 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n"); 1730 seq_puts(m, "TUNNEL name, user-data-ok session-count\n"); 1731 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n"); 1732 seq_puts(m, " SESSION name, addr/port src-tid/sid " 1733 "dest-tid/sid state user-data-ok\n"); 1734 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n"); 1735 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n"); 1736 goto out; 1737 } 1738 1739 /* Show the tunnel or session context. 1740 */ 1741 if (pd->session == NULL) 1742 pppol2tp_seq_tunnel_show(m, pd->tunnel); 1743 else 1744 pppol2tp_seq_session_show(m, pd->session); 1745 1746 out: 1747 return 0; 1748 } 1749 1750 static const struct seq_operations pppol2tp_seq_ops = { 1751 .start = pppol2tp_seq_start, 1752 .next = pppol2tp_seq_next, 1753 .stop = pppol2tp_seq_stop, 1754 .show = pppol2tp_seq_show, 1755 }; 1756 1757 /* Called when our /proc file is opened. We allocate data for use when 1758 * iterating our tunnel / session contexts and store it in the private 1759 * data of the seq_file. 1760 */ 1761 static int pppol2tp_proc_open(struct inode *inode, struct file *file) 1762 { 1763 return seq_open_net(inode, file, &pppol2tp_seq_ops, 1764 sizeof(struct pppol2tp_seq_data)); 1765 } 1766 1767 static const struct file_operations pppol2tp_proc_fops = { 1768 .owner = THIS_MODULE, 1769 .open = pppol2tp_proc_open, 1770 .read = seq_read, 1771 .llseek = seq_lseek, 1772 .release = seq_release_net, 1773 }; 1774 1775 #endif /* CONFIG_PROC_FS */ 1776 1777 /***************************************************************************** 1778 * Network namespace 1779 *****************************************************************************/ 1780 1781 static __net_init int pppol2tp_init_net(struct net *net) 1782 { 1783 struct proc_dir_entry *pde; 1784 int err = 0; 1785 1786 pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops); 1787 if (!pde) { 1788 err = -ENOMEM; 1789 goto out; 1790 } 1791 1792 out: 1793 return err; 1794 } 1795 1796 static __net_exit void pppol2tp_exit_net(struct net *net) 1797 { 1798 proc_net_remove(net, "pppol2tp"); 1799 } 1800 1801 static struct pernet_operations pppol2tp_net_ops = { 1802 .init = pppol2tp_init_net, 1803 .exit = pppol2tp_exit_net, 1804 .id = &pppol2tp_net_id, 1805 }; 1806 1807 /***************************************************************************** 1808 * Init and cleanup 1809 *****************************************************************************/ 1810 1811 static const struct proto_ops pppol2tp_ops = { 1812 .family = AF_PPPOX, 1813 .owner = THIS_MODULE, 1814 .release = pppol2tp_release, 1815 .bind = sock_no_bind, 1816 .connect = pppol2tp_connect, 1817 .socketpair = sock_no_socketpair, 1818 .accept = sock_no_accept, 1819 .getname = pppol2tp_getname, 1820 .poll = datagram_poll, 1821 .listen = sock_no_listen, 1822 .shutdown = sock_no_shutdown, 1823 .setsockopt = pppol2tp_setsockopt, 1824 .getsockopt = pppol2tp_getsockopt, 1825 .sendmsg = pppol2tp_sendmsg, 1826 .recvmsg = pppol2tp_recvmsg, 1827 .mmap = sock_no_mmap, 1828 .ioctl = pppox_ioctl, 1829 }; 1830 1831 static const struct pppox_proto pppol2tp_proto = { 1832 .create = pppol2tp_create, 1833 .ioctl = pppol2tp_ioctl 1834 }; 1835 1836 #ifdef CONFIG_L2TP_V3 1837 1838 static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = { 1839 .session_create = pppol2tp_session_create, 1840 .session_delete = pppol2tp_session_delete, 1841 }; 1842 1843 #endif /* CONFIG_L2TP_V3 */ 1844 1845 static int __init pppol2tp_init(void) 1846 { 1847 int err; 1848 1849 err = register_pernet_device(&pppol2tp_net_ops); 1850 if (err) 1851 goto out; 1852 1853 err = proto_register(&pppol2tp_sk_proto, 0); 1854 if (err) 1855 goto out_unregister_pppol2tp_pernet; 1856 1857 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto); 1858 if (err) 1859 goto out_unregister_pppol2tp_proto; 1860 1861 #ifdef CONFIG_L2TP_V3 1862 err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops); 1863 if (err) 1864 goto out_unregister_pppox; 1865 #endif 1866 1867 pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION); 1868 1869 out: 1870 return err; 1871 1872 #ifdef CONFIG_L2TP_V3 1873 out_unregister_pppox: 1874 unregister_pppox_proto(PX_PROTO_OL2TP); 1875 #endif 1876 out_unregister_pppol2tp_proto: 1877 proto_unregister(&pppol2tp_sk_proto); 1878 out_unregister_pppol2tp_pernet: 1879 unregister_pernet_device(&pppol2tp_net_ops); 1880 goto out; 1881 } 1882 1883 static void __exit pppol2tp_exit(void) 1884 { 1885 #ifdef CONFIG_L2TP_V3 1886 l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP); 1887 #endif 1888 unregister_pppox_proto(PX_PROTO_OL2TP); 1889 proto_unregister(&pppol2tp_sk_proto); 1890 unregister_pernet_device(&pppol2tp_net_ops); 1891 } 1892 1893 module_init(pppol2tp_init); 1894 module_exit(pppol2tp_exit); 1895 1896 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>"); 1897 MODULE_DESCRIPTION("PPP over L2TP over UDP"); 1898 MODULE_LICENSE("GPL"); 1899 MODULE_VERSION(PPPOL2TP_DRV_VERSION); 1900 MODULE_ALIAS("pppox-proto-" __stringify(PX_PROTO_OL2TP)); 1901