Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzi...
[linux-2.6/mini2440.git] / drivers / net / pppol2tp.c
blob5b07dd8e5c04e6b274e303b837c8243b31ba47dc
1 /*****************************************************************************
2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
7 * Version: 1.0.0
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
16 * License:
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version
20 * 2 of the License, or (at your option) any later version.
24 /* This driver handles only L2TP data frames; control frames are handled by a
25 * userspace application.
27 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
28 * attaches it to a bound UDP socket with local tunnel_id / session_id and
29 * peer tunnel_id / session_id set. Data can then be sent or received using
30 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
31 * can be read or modified using ioctl() or [gs]etsockopt() calls.
33 * When a PPPoL2TP socket is connected with local and peer session_id values
34 * zero, the socket is treated as a special tunnel management socket.
36 * Here's example userspace code to create a socket for sending/receiving data
37 * over an L2TP session:-
39 * struct sockaddr_pppol2tp sax;
40 * int fd;
41 * int session_fd;
43 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
45 * sax.sa_family = AF_PPPOX;
46 * sax.sa_protocol = PX_PROTO_OL2TP;
47 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
48 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
49 * sax.pppol2tp.addr.sin_port = addr->sin_port;
50 * sax.pppol2tp.addr.sin_family = AF_INET;
51 * sax.pppol2tp.s_tunnel = tunnel_id;
52 * sax.pppol2tp.s_session = session_id;
53 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
54 * sax.pppol2tp.d_session = peer_session_id;
56 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
58 * A pppd plugin that allows PPP traffic to be carried over L2TP using
59 * this driver is available from the OpenL2TP project at
60 * http://openl2tp.sourceforge.net.
63 #include <linux/module.h>
64 #include <linux/string.h>
65 #include <linux/list.h>
66 #include <asm/uaccess.h>
68 #include <linux/kernel.h>
69 #include <linux/spinlock.h>
70 #include <linux/kthread.h>
71 #include <linux/sched.h>
72 #include <linux/slab.h>
73 #include <linux/errno.h>
74 #include <linux/jiffies.h>
76 #include <linux/netdevice.h>
77 #include <linux/net.h>
78 #include <linux/inetdevice.h>
79 #include <linux/skbuff.h>
80 #include <linux/init.h>
81 #include <linux/ip.h>
82 #include <linux/udp.h>
83 #include <linux/if_pppox.h>
84 #include <linux/if_pppol2tp.h>
85 #include <net/sock.h>
86 #include <linux/ppp_channel.h>
87 #include <linux/ppp_defs.h>
88 #include <linux/if_ppp.h>
89 #include <linux/file.h>
90 #include <linux/hash.h>
91 #include <linux/sort.h>
92 #include <linux/proc_fs.h>
93 #include <linux/nsproxy.h>
94 #include <net/net_namespace.h>
95 #include <net/netns/generic.h>
96 #include <net/dst.h>
97 #include <net/ip.h>
98 #include <net/udp.h>
99 #include <net/xfrm.h>
101 #include <asm/byteorder.h>
102 #include <asm/atomic.h>
105 #define PPPOL2TP_DRV_VERSION "V1.0"
107 /* L2TP header constants */
108 #define L2TP_HDRFLAG_T 0x8000
109 #define L2TP_HDRFLAG_L 0x4000
110 #define L2TP_HDRFLAG_S 0x0800
111 #define L2TP_HDRFLAG_O 0x0200
112 #define L2TP_HDRFLAG_P 0x0100
114 #define L2TP_HDR_VER_MASK 0x000F
115 #define L2TP_HDR_VER 0x0002
117 /* Space for UDP, L2TP and PPP headers */
118 #define PPPOL2TP_HEADER_OVERHEAD 40
120 /* Just some random numbers */
121 #define L2TP_TUNNEL_MAGIC 0x42114DDA
122 #define L2TP_SESSION_MAGIC 0x0C04EB7D
124 #define PPPOL2TP_HASH_BITS 4
125 #define PPPOL2TP_HASH_SIZE (1 << PPPOL2TP_HASH_BITS)
127 /* Default trace flags */
128 #define PPPOL2TP_DEFAULT_DEBUG_FLAGS 0
130 #define PRINTK(_mask, _type, _lvl, _fmt, args...) \
131 do { \
132 if ((_mask) & (_type)) \
133 printk(_lvl "PPPOL2TP: " _fmt, ##args); \
134 } while(0)
136 /* Number of bytes to build transmit L2TP headers.
137 * Unfortunately the size is different depending on whether sequence numbers
138 * are enabled.
140 #define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
141 #define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
143 struct pppol2tp_tunnel;
145 /* Describes a session. It is the sk_user_data field in the PPPoL2TP
146 * socket. Contains information to determine incoming packets and transmit
147 * outgoing ones.
149 struct pppol2tp_session
151 int magic; /* should be
152 * L2TP_SESSION_MAGIC */
153 int owner; /* pid that opened the socket */
155 struct sock *sock; /* Pointer to the session
156 * PPPoX socket */
157 struct sock *tunnel_sock; /* Pointer to the tunnel UDP
158 * socket */
160 struct pppol2tp_addr tunnel_addr; /* Description of tunnel */
162 struct pppol2tp_tunnel *tunnel; /* back pointer to tunnel
163 * context */
165 char name[20]; /* "sess xxxxx/yyyyy", where
166 * x=tunnel_id, y=session_id */
167 int mtu;
168 int mru;
169 int flags; /* accessed by PPPIOCGFLAGS.
170 * Unused. */
171 unsigned recv_seq:1; /* expect receive packets with
172 * sequence numbers? */
173 unsigned send_seq:1; /* send packets with sequence
174 * numbers? */
175 unsigned lns_mode:1; /* behave as LNS? LAC enables
176 * sequence numbers under
177 * control of LNS. */
178 int debug; /* bitmask of debug message
179 * categories */
180 int reorder_timeout; /* configured reorder timeout
181 * (in jiffies) */
182 u16 nr; /* session NR state (receive) */
183 u16 ns; /* session NR state (send) */
184 struct sk_buff_head reorder_q; /* receive reorder queue */
185 struct pppol2tp_ioc_stats stats;
186 struct hlist_node hlist; /* Hash list node */
189 /* The sk_user_data field of the tunnel's UDP socket. It contains info to track
190 * all the associated sessions so incoming packets can be sorted out
192 struct pppol2tp_tunnel
194 int magic; /* Should be L2TP_TUNNEL_MAGIC */
195 rwlock_t hlist_lock; /* protect session_hlist */
196 struct hlist_head session_hlist[PPPOL2TP_HASH_SIZE];
197 /* hashed list of sessions,
198 * hashed by id */
199 int debug; /* bitmask of debug message
200 * categories */
201 char name[12]; /* "tunl xxxxx" */
202 struct pppol2tp_ioc_stats stats;
204 void (*old_sk_destruct)(struct sock *);
206 struct sock *sock; /* Parent socket */
207 struct list_head list; /* Keep a list of all open
208 * prepared sockets */
209 struct net *pppol2tp_net; /* the net we belong to */
211 atomic_t ref_count;
214 /* Private data stored for received packets in the skb.
216 struct pppol2tp_skb_cb {
217 u16 ns;
218 u16 nr;
219 u16 has_seq;
220 u16 length;
221 unsigned long expires;
224 #define PPPOL2TP_SKB_CB(skb) ((struct pppol2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
226 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
227 static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel);
229 static atomic_t pppol2tp_tunnel_count;
230 static atomic_t pppol2tp_session_count;
231 static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
232 static struct proto_ops pppol2tp_ops;
234 /* per-net private data for this module */
235 static int pppol2tp_net_id;
236 struct pppol2tp_net {
237 struct list_head pppol2tp_tunnel_list;
238 rwlock_t pppol2tp_tunnel_list_lock;
241 static inline struct pppol2tp_net *pppol2tp_pernet(struct net *net)
243 BUG_ON(!net);
245 return net_generic(net, pppol2tp_net_id);
248 /* Helpers to obtain tunnel/session contexts from sockets.
250 static inline struct pppol2tp_session *pppol2tp_sock_to_session(struct sock *sk)
252 struct pppol2tp_session *session;
254 if (sk == NULL)
255 return NULL;
257 sock_hold(sk);
258 session = (struct pppol2tp_session *)(sk->sk_user_data);
259 if (session == NULL) {
260 sock_put(sk);
261 goto out;
264 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
265 out:
266 return session;
269 static inline struct pppol2tp_tunnel *pppol2tp_sock_to_tunnel(struct sock *sk)
271 struct pppol2tp_tunnel *tunnel;
273 if (sk == NULL)
274 return NULL;
276 sock_hold(sk);
277 tunnel = (struct pppol2tp_tunnel *)(sk->sk_user_data);
278 if (tunnel == NULL) {
279 sock_put(sk);
280 goto out;
283 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
284 out:
285 return tunnel;
288 /* Tunnel reference counts. Incremented per session that is added to
289 * the tunnel.
291 static inline void pppol2tp_tunnel_inc_refcount(struct pppol2tp_tunnel *tunnel)
293 atomic_inc(&tunnel->ref_count);
296 static inline void pppol2tp_tunnel_dec_refcount(struct pppol2tp_tunnel *tunnel)
298 if (atomic_dec_and_test(&tunnel->ref_count))
299 pppol2tp_tunnel_free(tunnel);
302 /* Session hash list.
303 * The session_id SHOULD be random according to RFC2661, but several
304 * L2TP implementations (Cisco and Microsoft) use incrementing
305 * session_ids. So we do a real hash on the session_id, rather than a
306 * simple bitmask.
308 static inline struct hlist_head *
309 pppol2tp_session_id_hash(struct pppol2tp_tunnel *tunnel, u16 session_id)
311 unsigned long hash_val = (unsigned long) session_id;
312 return &tunnel->session_hlist[hash_long(hash_val, PPPOL2TP_HASH_BITS)];
315 /* Lookup a session by id
317 static struct pppol2tp_session *
318 pppol2tp_session_find(struct pppol2tp_tunnel *tunnel, u16 session_id)
320 struct hlist_head *session_list =
321 pppol2tp_session_id_hash(tunnel, session_id);
322 struct pppol2tp_session *session;
323 struct hlist_node *walk;
325 read_lock_bh(&tunnel->hlist_lock);
326 hlist_for_each_entry(session, walk, session_list, hlist) {
327 if (session->tunnel_addr.s_session == session_id) {
328 read_unlock_bh(&tunnel->hlist_lock);
329 return session;
332 read_unlock_bh(&tunnel->hlist_lock);
334 return NULL;
337 /* Lookup a tunnel by id
339 static struct pppol2tp_tunnel *pppol2tp_tunnel_find(struct net *net, u16 tunnel_id)
341 struct pppol2tp_tunnel *tunnel;
342 struct pppol2tp_net *pn = pppol2tp_pernet(net);
344 read_lock_bh(&pn->pppol2tp_tunnel_list_lock);
345 list_for_each_entry(tunnel, &pn->pppol2tp_tunnel_list, list) {
346 if (tunnel->stats.tunnel_id == tunnel_id) {
347 read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
348 return tunnel;
351 read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
353 return NULL;
356 /*****************************************************************************
357 * Receive data handling
358 *****************************************************************************/
360 /* Queue a skb in order. We come here only if the skb has an L2TP sequence
361 * number.
363 static void pppol2tp_recv_queue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
365 struct sk_buff *skbp;
366 struct sk_buff *tmp;
367 u16 ns = PPPOL2TP_SKB_CB(skb)->ns;
369 spin_lock_bh(&session->reorder_q.lock);
370 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
371 if (PPPOL2TP_SKB_CB(skbp)->ns > ns) {
372 __skb_queue_before(&session->reorder_q, skbp, skb);
373 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
374 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
375 session->name, ns, PPPOL2TP_SKB_CB(skbp)->ns,
376 skb_queue_len(&session->reorder_q));
377 session->stats.rx_oos_packets++;
378 goto out;
382 __skb_queue_tail(&session->reorder_q, skb);
384 out:
385 spin_unlock_bh(&session->reorder_q.lock);
388 /* Dequeue a single skb.
390 static void pppol2tp_recv_dequeue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
392 struct pppol2tp_tunnel *tunnel = session->tunnel;
393 int length = PPPOL2TP_SKB_CB(skb)->length;
394 struct sock *session_sock = NULL;
396 /* We're about to requeue the skb, so return resources
397 * to its current owner (a socket receive buffer).
399 skb_orphan(skb);
401 tunnel->stats.rx_packets++;
402 tunnel->stats.rx_bytes += length;
403 session->stats.rx_packets++;
404 session->stats.rx_bytes += length;
406 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
407 /* Bump our Nr */
408 session->nr++;
409 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
410 "%s: updated nr to %hu\n", session->name, session->nr);
413 /* If the socket is bound, send it in to PPP's input queue. Otherwise
414 * queue it on the session socket.
416 session_sock = session->sock;
417 if (session_sock->sk_state & PPPOX_BOUND) {
418 struct pppox_sock *po;
419 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
420 "%s: recv %d byte data frame, passing to ppp\n",
421 session->name, length);
423 /* We need to forget all info related to the L2TP packet
424 * gathered in the skb as we are going to reuse the same
425 * skb for the inner packet.
426 * Namely we need to:
427 * - reset xfrm (IPSec) information as it applies to
428 * the outer L2TP packet and not to the inner one
429 * - release the dst to force a route lookup on the inner
430 * IP packet since skb->dst currently points to the dst
431 * of the UDP tunnel
432 * - reset netfilter information as it doesn't apply
433 * to the inner packet either
435 secpath_reset(skb);
436 dst_release(skb->dst);
437 skb->dst = NULL;
438 nf_reset(skb);
440 po = pppox_sk(session_sock);
441 ppp_input(&po->chan, skb);
442 } else {
443 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
444 "%s: socket not bound\n", session->name);
446 /* Not bound. Nothing we can do, so discard. */
447 session->stats.rx_errors++;
448 kfree_skb(skb);
451 sock_put(session->sock);
454 /* Dequeue skbs from the session's reorder_q, subject to packet order.
455 * Skbs that have been in the queue for too long are simply discarded.
457 static void pppol2tp_recv_dequeue(struct pppol2tp_session *session)
459 struct sk_buff *skb;
460 struct sk_buff *tmp;
462 /* If the pkt at the head of the queue has the nr that we
463 * expect to send up next, dequeue it and any other
464 * in-sequence packets behind it.
466 spin_lock_bh(&session->reorder_q.lock);
467 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
468 if (time_after(jiffies, PPPOL2TP_SKB_CB(skb)->expires)) {
469 session->stats.rx_seq_discards++;
470 session->stats.rx_errors++;
471 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
472 "%s: oos pkt %hu len %d discarded (too old), "
473 "waiting for %hu, reorder_q_len=%d\n",
474 session->name, PPPOL2TP_SKB_CB(skb)->ns,
475 PPPOL2TP_SKB_CB(skb)->length, session->nr,
476 skb_queue_len(&session->reorder_q));
477 __skb_unlink(skb, &session->reorder_q);
478 kfree_skb(skb);
479 sock_put(session->sock);
480 continue;
483 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
484 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
485 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
486 "%s: holding oos pkt %hu len %d, "
487 "waiting for %hu, reorder_q_len=%d\n",
488 session->name, PPPOL2TP_SKB_CB(skb)->ns,
489 PPPOL2TP_SKB_CB(skb)->length, session->nr,
490 skb_queue_len(&session->reorder_q));
491 goto out;
494 __skb_unlink(skb, &session->reorder_q);
496 /* Process the skb. We release the queue lock while we
497 * do so to let other contexts process the queue.
499 spin_unlock_bh(&session->reorder_q.lock);
500 pppol2tp_recv_dequeue_skb(session, skb);
501 spin_lock_bh(&session->reorder_q.lock);
504 out:
505 spin_unlock_bh(&session->reorder_q.lock);
508 static inline int pppol2tp_verify_udp_checksum(struct sock *sk,
509 struct sk_buff *skb)
511 struct udphdr *uh = udp_hdr(skb);
512 u16 ulen = ntohs(uh->len);
513 struct inet_sock *inet;
514 __wsum psum;
516 if (sk->sk_no_check || skb_csum_unnecessary(skb) || !uh->check)
517 return 0;
519 inet = inet_sk(sk);
520 psum = csum_tcpudp_nofold(inet->saddr, inet->daddr, ulen,
521 IPPROTO_UDP, 0);
523 if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
524 !csum_fold(csum_add(psum, skb->csum)))
525 return 0;
527 skb->csum = psum;
529 return __skb_checksum_complete(skb);
532 /* Internal receive frame. Do the real work of receiving an L2TP data frame
533 * here. The skb is not on a list when we get here.
534 * Returns 0 if the packet was a data packet and was successfully passed on.
535 * Returns 1 if the packet was not a good data packet and could not be
536 * forwarded. All such packets are passed up to userspace to deal with.
538 static int pppol2tp_recv_core(struct sock *sock, struct sk_buff *skb)
540 struct pppol2tp_session *session = NULL;
541 struct pppol2tp_tunnel *tunnel;
542 unsigned char *ptr, *optr;
543 u16 hdrflags;
544 u16 tunnel_id, session_id;
545 int length;
546 int offset;
548 tunnel = pppol2tp_sock_to_tunnel(sock);
549 if (tunnel == NULL)
550 goto no_tunnel;
552 if (tunnel->sock && pppol2tp_verify_udp_checksum(tunnel->sock, skb))
553 goto discard_bad_csum;
555 /* UDP always verifies the packet length. */
556 __skb_pull(skb, sizeof(struct udphdr));
558 /* Short packet? */
559 if (!pskb_may_pull(skb, 12)) {
560 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
561 "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
562 goto error;
565 /* Point to L2TP header */
566 optr = ptr = skb->data;
568 /* Get L2TP header flags */
569 hdrflags = ntohs(*(__be16*)ptr);
571 /* Trace packet contents, if enabled */
572 if (tunnel->debug & PPPOL2TP_MSG_DATA) {
573 length = min(16u, skb->len);
574 if (!pskb_may_pull(skb, length))
575 goto error;
577 printk(KERN_DEBUG "%s: recv: ", tunnel->name);
579 offset = 0;
580 do {
581 printk(" %02X", ptr[offset]);
582 } while (++offset < length);
584 printk("\n");
587 /* Get length of L2TP packet */
588 length = skb->len;
590 /* If type is control packet, it is handled by userspace. */
591 if (hdrflags & L2TP_HDRFLAG_T) {
592 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
593 "%s: recv control packet, len=%d\n", tunnel->name, length);
594 goto error;
597 /* Skip flags */
598 ptr += 2;
600 /* If length is present, skip it */
601 if (hdrflags & L2TP_HDRFLAG_L)
602 ptr += 2;
604 /* Extract tunnel and session ID */
605 tunnel_id = ntohs(*(__be16 *) ptr);
606 ptr += 2;
607 session_id = ntohs(*(__be16 *) ptr);
608 ptr += 2;
610 /* Find the session context */
611 session = pppol2tp_session_find(tunnel, session_id);
612 if (!session) {
613 /* Not found? Pass to userspace to deal with */
614 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
615 "%s: no socket found (%hu/%hu). Passing up.\n",
616 tunnel->name, tunnel_id, session_id);
617 goto error;
619 sock_hold(session->sock);
621 /* The ref count on the socket was increased by the above call since
622 * we now hold a pointer to the session. Take care to do sock_put()
623 * when exiting this function from now on...
626 /* Handle the optional sequence numbers. If we are the LAC,
627 * enable/disable sequence numbers under the control of the LNS. If
628 * no sequence numbers present but we were expecting them, discard
629 * frame.
631 if (hdrflags & L2TP_HDRFLAG_S) {
632 u16 ns, nr;
633 ns = ntohs(*(__be16 *) ptr);
634 ptr += 2;
635 nr = ntohs(*(__be16 *) ptr);
636 ptr += 2;
638 /* Received a packet with sequence numbers. If we're the LNS,
639 * check if we sre sending sequence numbers and if not,
640 * configure it so.
642 if ((!session->lns_mode) && (!session->send_seq)) {
643 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
644 "%s: requested to enable seq numbers by LNS\n",
645 session->name);
646 session->send_seq = -1;
649 /* Store L2TP info in the skb */
650 PPPOL2TP_SKB_CB(skb)->ns = ns;
651 PPPOL2TP_SKB_CB(skb)->nr = nr;
652 PPPOL2TP_SKB_CB(skb)->has_seq = 1;
654 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
655 "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n",
656 session->name, ns, nr, session->nr);
657 } else {
658 /* No sequence numbers.
659 * If user has configured mandatory sequence numbers, discard.
661 if (session->recv_seq) {
662 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
663 "%s: recv data has no seq numbers when required. "
664 "Discarding\n", session->name);
665 session->stats.rx_seq_discards++;
666 goto discard;
669 /* If we're the LAC and we're sending sequence numbers, the
670 * LNS has requested that we no longer send sequence numbers.
671 * If we're the LNS and we're sending sequence numbers, the
672 * LAC is broken. Discard the frame.
674 if ((!session->lns_mode) && (session->send_seq)) {
675 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
676 "%s: requested to disable seq numbers by LNS\n",
677 session->name);
678 session->send_seq = 0;
679 } else if (session->send_seq) {
680 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
681 "%s: recv data has no seq numbers when required. "
682 "Discarding\n", session->name);
683 session->stats.rx_seq_discards++;
684 goto discard;
687 /* Store L2TP info in the skb */
688 PPPOL2TP_SKB_CB(skb)->has_seq = 0;
691 /* If offset bit set, skip it. */
692 if (hdrflags & L2TP_HDRFLAG_O) {
693 offset = ntohs(*(__be16 *)ptr);
694 ptr += 2 + offset;
697 offset = ptr - optr;
698 if (!pskb_may_pull(skb, offset))
699 goto discard;
701 __skb_pull(skb, offset);
703 /* Skip PPP header, if present. In testing, Microsoft L2TP clients
704 * don't send the PPP header (PPP header compression enabled), but
705 * other clients can include the header. So we cope with both cases
706 * here. The PPP header is always FF03 when using L2TP.
708 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
709 * the field may be unaligned.
711 if (!pskb_may_pull(skb, 2))
712 goto discard;
714 if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
715 skb_pull(skb, 2);
717 /* Prepare skb for adding to the session's reorder_q. Hold
718 * packets for max reorder_timeout or 1 second if not
719 * reordering.
721 PPPOL2TP_SKB_CB(skb)->length = length;
722 PPPOL2TP_SKB_CB(skb)->expires = jiffies +
723 (session->reorder_timeout ? session->reorder_timeout : HZ);
725 /* Add packet to the session's receive queue. Reordering is done here, if
726 * enabled. Saved L2TP protocol info is stored in skb->sb[].
728 if (PPPOL2TP_SKB_CB(skb)->has_seq) {
729 if (session->reorder_timeout != 0) {
730 /* Packet reordering enabled. Add skb to session's
731 * reorder queue, in order of ns.
733 pppol2tp_recv_queue_skb(session, skb);
734 } else {
735 /* Packet reordering disabled. Discard out-of-sequence
736 * packets
738 if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
739 session->stats.rx_seq_discards++;
740 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
741 "%s: oos pkt %hu len %d discarded, "
742 "waiting for %hu, reorder_q_len=%d\n",
743 session->name, PPPOL2TP_SKB_CB(skb)->ns,
744 PPPOL2TP_SKB_CB(skb)->length, session->nr,
745 skb_queue_len(&session->reorder_q));
746 goto discard;
748 skb_queue_tail(&session->reorder_q, skb);
750 } else {
751 /* No sequence numbers. Add the skb to the tail of the
752 * reorder queue. This ensures that it will be
753 * delivered after all previous sequenced skbs.
755 skb_queue_tail(&session->reorder_q, skb);
758 /* Try to dequeue as many skbs from reorder_q as we can. */
759 pppol2tp_recv_dequeue(session);
761 return 0;
763 discard:
764 session->stats.rx_errors++;
765 kfree_skb(skb);
766 sock_put(session->sock);
767 sock_put(sock);
769 return 0;
771 discard_bad_csum:
772 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
773 UDP_INC_STATS_USER(&init_net, UDP_MIB_INERRORS, 0);
774 tunnel->stats.rx_errors++;
775 kfree_skb(skb);
777 return 0;
779 error:
780 /* Put UDP header back */
781 __skb_push(skb, sizeof(struct udphdr));
782 sock_put(sock);
784 no_tunnel:
785 return 1;
788 /* UDP encapsulation receive handler. See net/ipv4/udp.c.
789 * Return codes:
790 * 0 : success.
791 * <0: error
792 * >0: skb should be passed up to userspace as UDP.
794 static int pppol2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
796 struct pppol2tp_tunnel *tunnel;
798 tunnel = pppol2tp_sock_to_tunnel(sk);
799 if (tunnel == NULL)
800 goto pass_up;
802 PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
803 "%s: received %d bytes\n", tunnel->name, skb->len);
805 if (pppol2tp_recv_core(sk, skb))
806 goto pass_up_put;
808 sock_put(sk);
809 return 0;
811 pass_up_put:
812 sock_put(sk);
813 pass_up:
814 return 1;
817 /* Receive message. This is the recvmsg for the PPPoL2TP socket.
819 static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
820 struct msghdr *msg, size_t len,
821 int flags)
823 int err;
824 struct sk_buff *skb;
825 struct sock *sk = sock->sk;
827 err = -EIO;
828 if (sk->sk_state & PPPOX_BOUND)
829 goto end;
831 msg->msg_namelen = 0;
833 err = 0;
834 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
835 flags & MSG_DONTWAIT, &err);
836 if (!skb)
837 goto end;
839 if (len > skb->len)
840 len = skb->len;
841 else if (len < skb->len)
842 msg->msg_flags |= MSG_TRUNC;
844 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
845 if (likely(err == 0))
846 err = len;
848 kfree_skb(skb);
849 end:
850 return err;
853 /************************************************************************
854 * Transmit handling
855 ***********************************************************************/
857 /* Tell how big L2TP headers are for a particular session. This
858 * depends on whether sequence numbers are being used.
860 static inline int pppol2tp_l2tp_header_len(struct pppol2tp_session *session)
862 if (session->send_seq)
863 return PPPOL2TP_L2TP_HDR_SIZE_SEQ;
865 return PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
868 /* Build an L2TP header for the session into the buffer provided.
870 static void pppol2tp_build_l2tp_header(struct pppol2tp_session *session,
871 void *buf)
873 __be16 *bufp = buf;
874 u16 flags = L2TP_HDR_VER;
876 if (session->send_seq)
877 flags |= L2TP_HDRFLAG_S;
879 /* Setup L2TP header.
880 * FIXME: Can this ever be unaligned? Is direct dereferencing of
881 * 16-bit header fields safe here for all architectures?
883 *bufp++ = htons(flags);
884 *bufp++ = htons(session->tunnel_addr.d_tunnel);
885 *bufp++ = htons(session->tunnel_addr.d_session);
886 if (session->send_seq) {
887 *bufp++ = htons(session->ns);
888 *bufp++ = 0;
889 session->ns++;
890 PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
891 "%s: updated ns to %hu\n", session->name, session->ns);
895 /* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
896 * when a user application does a sendmsg() on the session socket. L2TP and
897 * PPP headers must be inserted into the user's data.
899 static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
900 size_t total_len)
902 static const unsigned char ppph[2] = { 0xff, 0x03 };
903 struct sock *sk = sock->sk;
904 struct inet_sock *inet;
905 __wsum csum;
906 struct sk_buff *skb;
907 int error;
908 int hdr_len;
909 struct pppol2tp_session *session;
910 struct pppol2tp_tunnel *tunnel;
911 struct udphdr *uh;
912 unsigned int len;
913 struct sock *sk_tun;
914 u16 udp_len;
916 error = -ENOTCONN;
917 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
918 goto error;
920 /* Get session and tunnel contexts */
921 error = -EBADF;
922 session = pppol2tp_sock_to_session(sk);
923 if (session == NULL)
924 goto error;
926 sk_tun = session->tunnel_sock;
927 tunnel = pppol2tp_sock_to_tunnel(sk_tun);
928 if (tunnel == NULL)
929 goto error_put_sess;
931 /* What header length is configured for this session? */
932 hdr_len = pppol2tp_l2tp_header_len(session);
934 /* Allocate a socket buffer */
935 error = -ENOMEM;
936 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
937 sizeof(struct udphdr) + hdr_len +
938 sizeof(ppph) + total_len,
939 0, GFP_KERNEL);
940 if (!skb)
941 goto error_put_sess_tun;
943 /* Reserve space for headers. */
944 skb_reserve(skb, NET_SKB_PAD);
945 skb_reset_network_header(skb);
946 skb_reserve(skb, sizeof(struct iphdr));
947 skb_reset_transport_header(skb);
949 /* Build UDP header */
950 inet = inet_sk(sk_tun);
951 udp_len = hdr_len + sizeof(ppph) + total_len;
952 uh = (struct udphdr *) skb->data;
953 uh->source = inet->sport;
954 uh->dest = inet->dport;
955 uh->len = htons(udp_len);
956 uh->check = 0;
957 skb_put(skb, sizeof(struct udphdr));
959 /* Build L2TP header */
960 pppol2tp_build_l2tp_header(session, skb->data);
961 skb_put(skb, hdr_len);
963 /* Add PPP header */
964 skb->data[0] = ppph[0];
965 skb->data[1] = ppph[1];
966 skb_put(skb, 2);
968 /* Copy user data into skb */
969 error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
970 if (error < 0) {
971 kfree_skb(skb);
972 goto error_put_sess_tun;
974 skb_put(skb, total_len);
976 /* Calculate UDP checksum if configured to do so */
977 if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
978 skb->ip_summed = CHECKSUM_NONE;
979 else if (!(skb->dst->dev->features & NETIF_F_V4_CSUM)) {
980 skb->ip_summed = CHECKSUM_COMPLETE;
981 csum = skb_checksum(skb, 0, udp_len, 0);
982 uh->check = csum_tcpudp_magic(inet->saddr, inet->daddr,
983 udp_len, IPPROTO_UDP, csum);
984 if (uh->check == 0)
985 uh->check = CSUM_MANGLED_0;
986 } else {
987 skb->ip_summed = CHECKSUM_PARTIAL;
988 skb->csum_start = skb_transport_header(skb) - skb->head;
989 skb->csum_offset = offsetof(struct udphdr, check);
990 uh->check = ~csum_tcpudp_magic(inet->saddr, inet->daddr,
991 udp_len, IPPROTO_UDP, 0);
994 /* Debug */
995 if (session->send_seq)
996 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
997 "%s: send %Zd bytes, ns=%hu\n", session->name,
998 total_len, session->ns - 1);
999 else
1000 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1001 "%s: send %Zd bytes\n", session->name, total_len);
1003 if (session->debug & PPPOL2TP_MSG_DATA) {
1004 int i;
1005 unsigned char *datap = skb->data;
1007 printk(KERN_DEBUG "%s: xmit:", session->name);
1008 for (i = 0; i < total_len; i++) {
1009 printk(" %02X", *datap++);
1010 if (i == 15) {
1011 printk(" ...");
1012 break;
1015 printk("\n");
1018 /* Queue the packet to IP for output */
1019 len = skb->len;
1020 error = ip_queue_xmit(skb, 1);
1022 /* Update stats */
1023 if (error >= 0) {
1024 tunnel->stats.tx_packets++;
1025 tunnel->stats.tx_bytes += len;
1026 session->stats.tx_packets++;
1027 session->stats.tx_bytes += len;
1028 } else {
1029 tunnel->stats.tx_errors++;
1030 session->stats.tx_errors++;
1033 return error;
1035 error_put_sess_tun:
1036 sock_put(session->tunnel_sock);
1037 error_put_sess:
1038 sock_put(sk);
1039 error:
1040 return error;
1043 /* Automatically called when the skb is freed.
1045 static void pppol2tp_sock_wfree(struct sk_buff *skb)
1047 sock_put(skb->sk);
1050 /* For data skbs that we transmit, we associate with the tunnel socket
1051 * but don't do accounting.
1053 static inline void pppol2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
1055 sock_hold(sk);
1056 skb->sk = sk;
1057 skb->destructor = pppol2tp_sock_wfree;
1060 /* Transmit function called by generic PPP driver. Sends PPP frame
1061 * over PPPoL2TP socket.
1063 * This is almost the same as pppol2tp_sendmsg(), but rather than
1064 * being called with a msghdr from userspace, it is called with a skb
1065 * from the kernel.
1067 * The supplied skb from ppp doesn't have enough headroom for the
1068 * insertion of L2TP, UDP and IP headers so we need to allocate more
1069 * headroom in the skb. This will create a cloned skb. But we must be
1070 * careful in the error case because the caller will expect to free
1071 * the skb it supplied, not our cloned skb. So we take care to always
1072 * leave the original skb unfreed if we return an error.
1074 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
1076 static const u8 ppph[2] = { 0xff, 0x03 };
1077 struct sock *sk = (struct sock *) chan->private;
1078 struct sock *sk_tun;
1079 int hdr_len;
1080 u16 udp_len;
1081 struct pppol2tp_session *session;
1082 struct pppol2tp_tunnel *tunnel;
1083 int rc;
1084 int headroom;
1085 int data_len = skb->len;
1086 struct inet_sock *inet;
1087 __wsum csum;
1088 struct udphdr *uh;
1089 unsigned int len;
1090 int old_headroom;
1091 int new_headroom;
1093 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
1094 goto abort;
1096 /* Get session and tunnel contexts from the socket */
1097 session = pppol2tp_sock_to_session(sk);
1098 if (session == NULL)
1099 goto abort;
1101 sk_tun = session->tunnel_sock;
1102 if (sk_tun == NULL)
1103 goto abort_put_sess;
1104 tunnel = pppol2tp_sock_to_tunnel(sk_tun);
1105 if (tunnel == NULL)
1106 goto abort_put_sess;
1108 /* What header length is configured for this session? */
1109 hdr_len = pppol2tp_l2tp_header_len(session);
1111 /* Check that there's enough headroom in the skb to insert IP,
1112 * UDP and L2TP and PPP headers. If not enough, expand it to
1113 * make room. Adjust truesize.
1115 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1116 sizeof(struct udphdr) + hdr_len + sizeof(ppph);
1117 old_headroom = skb_headroom(skb);
1118 if (skb_cow_head(skb, headroom))
1119 goto abort_put_sess_tun;
1121 new_headroom = skb_headroom(skb);
1122 skb_orphan(skb);
1123 skb->truesize += new_headroom - old_headroom;
1125 /* Setup PPP header */
1126 __skb_push(skb, sizeof(ppph));
1127 skb->data[0] = ppph[0];
1128 skb->data[1] = ppph[1];
1130 /* Setup L2TP header */
1131 pppol2tp_build_l2tp_header(session, __skb_push(skb, hdr_len));
1133 udp_len = sizeof(struct udphdr) + hdr_len + sizeof(ppph) + data_len;
1135 /* Setup UDP header */
1136 inet = inet_sk(sk_tun);
1137 __skb_push(skb, sizeof(*uh));
1138 skb_reset_transport_header(skb);
1139 uh = udp_hdr(skb);
1140 uh->source = inet->sport;
1141 uh->dest = inet->dport;
1142 uh->len = htons(udp_len);
1143 uh->check = 0;
1145 /* Debug */
1146 if (session->send_seq)
1147 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1148 "%s: send %d bytes, ns=%hu\n", session->name,
1149 data_len, session->ns - 1);
1150 else
1151 PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1152 "%s: send %d bytes\n", session->name, data_len);
1154 if (session->debug & PPPOL2TP_MSG_DATA) {
1155 int i;
1156 unsigned char *datap = skb->data;
1158 printk(KERN_DEBUG "%s: xmit:", session->name);
1159 for (i = 0; i < data_len; i++) {
1160 printk(" %02X", *datap++);
1161 if (i == 31) {
1162 printk(" ...");
1163 break;
1166 printk("\n");
1169 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1170 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1171 IPSKB_REROUTED);
1172 nf_reset(skb);
1174 /* Get routing info from the tunnel socket */
1175 dst_release(skb->dst);
1176 skb->dst = dst_clone(__sk_dst_get(sk_tun));
1177 pppol2tp_skb_set_owner_w(skb, sk_tun);
1179 /* Calculate UDP checksum if configured to do so */
1180 if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
1181 skb->ip_summed = CHECKSUM_NONE;
1182 else if (!(skb->dst->dev->features & NETIF_F_V4_CSUM)) {
1183 skb->ip_summed = CHECKSUM_COMPLETE;
1184 csum = skb_checksum(skb, 0, udp_len, 0);
1185 uh->check = csum_tcpudp_magic(inet->saddr, inet->daddr,
1186 udp_len, IPPROTO_UDP, csum);
1187 if (uh->check == 0)
1188 uh->check = CSUM_MANGLED_0;
1189 } else {
1190 skb->ip_summed = CHECKSUM_PARTIAL;
1191 skb->csum_start = skb_transport_header(skb) - skb->head;
1192 skb->csum_offset = offsetof(struct udphdr, check);
1193 uh->check = ~csum_tcpudp_magic(inet->saddr, inet->daddr,
1194 udp_len, IPPROTO_UDP, 0);
1197 /* Queue the packet to IP for output */
1198 len = skb->len;
1199 rc = ip_queue_xmit(skb, 1);
1201 /* Update stats */
1202 if (rc >= 0) {
1203 tunnel->stats.tx_packets++;
1204 tunnel->stats.tx_bytes += len;
1205 session->stats.tx_packets++;
1206 session->stats.tx_bytes += len;
1207 } else {
1208 tunnel->stats.tx_errors++;
1209 session->stats.tx_errors++;
1212 sock_put(sk_tun);
1213 sock_put(sk);
1214 return 1;
1216 abort_put_sess_tun:
1217 sock_put(sk_tun);
1218 abort_put_sess:
1219 sock_put(sk);
1220 abort:
1221 /* Free the original skb */
1222 kfree_skb(skb);
1223 return 1;
1226 /*****************************************************************************
1227 * Session (and tunnel control) socket create/destroy.
1228 *****************************************************************************/
1230 /* When the tunnel UDP socket is closed, all the attached sockets need to go
1231 * too.
1233 static void pppol2tp_tunnel_closeall(struct pppol2tp_tunnel *tunnel)
1235 int hash;
1236 struct hlist_node *walk;
1237 struct hlist_node *tmp;
1238 struct pppol2tp_session *session;
1239 struct sock *sk;
1241 if (tunnel == NULL)
1242 BUG();
1244 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1245 "%s: closing all sessions...\n", tunnel->name);
1247 write_lock_bh(&tunnel->hlist_lock);
1248 for (hash = 0; hash < PPPOL2TP_HASH_SIZE; hash++) {
1249 again:
1250 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1251 struct sk_buff *skb;
1253 session = hlist_entry(walk, struct pppol2tp_session, hlist);
1255 sk = session->sock;
1257 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1258 "%s: closing session\n", session->name);
1260 hlist_del_init(&session->hlist);
1262 /* Since we should hold the sock lock while
1263 * doing any unbinding, we need to release the
1264 * lock we're holding before taking that lock.
1265 * Hold a reference to the sock so it doesn't
1266 * disappear as we're jumping between locks.
1268 sock_hold(sk);
1269 write_unlock_bh(&tunnel->hlist_lock);
1270 lock_sock(sk);
1272 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
1273 pppox_unbind_sock(sk);
1274 sk->sk_state = PPPOX_DEAD;
1275 sk->sk_state_change(sk);
1278 /* Purge any queued data */
1279 skb_queue_purge(&sk->sk_receive_queue);
1280 skb_queue_purge(&sk->sk_write_queue);
1281 while ((skb = skb_dequeue(&session->reorder_q))) {
1282 kfree_skb(skb);
1283 sock_put(sk);
1286 release_sock(sk);
1287 sock_put(sk);
1289 /* Now restart from the beginning of this hash
1290 * chain. We always remove a session from the
1291 * list so we are guaranteed to make forward
1292 * progress.
1294 write_lock_bh(&tunnel->hlist_lock);
1295 goto again;
1298 write_unlock_bh(&tunnel->hlist_lock);
1301 /* Really kill the tunnel.
1302 * Come here only when all sessions have been cleared from the tunnel.
1304 static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel)
1306 struct pppol2tp_net *pn = pppol2tp_pernet(tunnel->pppol2tp_net);
1308 /* Remove from socket list */
1309 write_lock_bh(&pn->pppol2tp_tunnel_list_lock);
1310 list_del_init(&tunnel->list);
1311 write_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
1313 atomic_dec(&pppol2tp_tunnel_count);
1314 kfree(tunnel);
1317 /* Tunnel UDP socket destruct hook.
1318 * The tunnel context is deleted only when all session sockets have been
1319 * closed.
1321 static void pppol2tp_tunnel_destruct(struct sock *sk)
1323 struct pppol2tp_tunnel *tunnel;
1325 tunnel = sk->sk_user_data;
1326 if (tunnel == NULL)
1327 goto end;
1329 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1330 "%s: closing...\n", tunnel->name);
1332 /* Close all sessions */
1333 pppol2tp_tunnel_closeall(tunnel);
1335 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1336 (udp_sk(sk))->encap_type = 0;
1337 (udp_sk(sk))->encap_rcv = NULL;
1339 /* Remove hooks into tunnel socket */
1340 tunnel->sock = NULL;
1341 sk->sk_destruct = tunnel->old_sk_destruct;
1342 sk->sk_user_data = NULL;
1344 /* Call original (UDP) socket descructor */
1345 if (sk->sk_destruct != NULL)
1346 (*sk->sk_destruct)(sk);
1348 pppol2tp_tunnel_dec_refcount(tunnel);
1350 end:
1351 return;
1354 /* Really kill the session socket. (Called from sock_put() if
1355 * refcnt == 0.)
1357 static void pppol2tp_session_destruct(struct sock *sk)
1359 struct pppol2tp_session *session = NULL;
1361 if (sk->sk_user_data != NULL) {
1362 struct pppol2tp_tunnel *tunnel;
1364 session = sk->sk_user_data;
1365 if (session == NULL)
1366 goto out;
1368 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
1370 /* Don't use pppol2tp_sock_to_tunnel() here to
1371 * get the tunnel context because the tunnel
1372 * socket might have already been closed (its
1373 * sk->sk_user_data will be NULL) so use the
1374 * session's private tunnel ptr instead.
1376 tunnel = session->tunnel;
1377 if (tunnel != NULL) {
1378 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1380 /* If session_id is zero, this is a null
1381 * session context, which was created for a
1382 * socket that is being used only to manage
1383 * tunnels.
1385 if (session->tunnel_addr.s_session != 0) {
1386 /* Delete the session socket from the
1387 * hash
1389 write_lock_bh(&tunnel->hlist_lock);
1390 hlist_del_init(&session->hlist);
1391 write_unlock_bh(&tunnel->hlist_lock);
1393 atomic_dec(&pppol2tp_session_count);
1396 /* This will delete the tunnel context if this
1397 * is the last session on the tunnel.
1399 session->tunnel = NULL;
1400 session->tunnel_sock = NULL;
1401 pppol2tp_tunnel_dec_refcount(tunnel);
1405 kfree(session);
1406 out:
1407 return;
1410 /* Called when the PPPoX socket (session) is closed.
1412 static int pppol2tp_release(struct socket *sock)
1414 struct sock *sk = sock->sk;
1415 struct pppol2tp_session *session;
1416 int error;
1418 if (!sk)
1419 return 0;
1421 error = -EBADF;
1422 lock_sock(sk);
1423 if (sock_flag(sk, SOCK_DEAD) != 0)
1424 goto error;
1426 pppox_unbind_sock(sk);
1428 /* Signal the death of the socket. */
1429 sk->sk_state = PPPOX_DEAD;
1430 sock_orphan(sk);
1431 sock->sk = NULL;
1433 session = pppol2tp_sock_to_session(sk);
1435 /* Purge any queued data */
1436 skb_queue_purge(&sk->sk_receive_queue);
1437 skb_queue_purge(&sk->sk_write_queue);
1438 if (session != NULL) {
1439 struct sk_buff *skb;
1440 while ((skb = skb_dequeue(&session->reorder_q))) {
1441 kfree_skb(skb);
1442 sock_put(sk);
1444 sock_put(sk);
1447 release_sock(sk);
1449 /* This will delete the session context via
1450 * pppol2tp_session_destruct() if the socket's refcnt drops to
1451 * zero.
1453 sock_put(sk);
1455 return 0;
1457 error:
1458 release_sock(sk);
1459 return error;
1462 /* Internal function to prepare a tunnel (UDP) socket to have PPPoX
1463 * sockets attached to it.
1465 static struct sock *pppol2tp_prepare_tunnel_socket(struct net *net,
1466 int fd, u16 tunnel_id, int *error)
1468 int err;
1469 struct socket *sock = NULL;
1470 struct sock *sk;
1471 struct pppol2tp_tunnel *tunnel;
1472 struct pppol2tp_net *pn;
1473 struct sock *ret = NULL;
1475 /* Get the tunnel UDP socket from the fd, which was opened by
1476 * the userspace L2TP daemon.
1478 err = -EBADF;
1479 sock = sockfd_lookup(fd, &err);
1480 if (!sock) {
1481 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1482 "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1483 tunnel_id, fd, err);
1484 goto err;
1487 sk = sock->sk;
1489 /* Quick sanity checks */
1490 err = -EPROTONOSUPPORT;
1491 if (sk->sk_protocol != IPPROTO_UDP) {
1492 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1493 "tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1494 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1495 goto err;
1497 err = -EAFNOSUPPORT;
1498 if (sock->ops->family != AF_INET) {
1499 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1500 "tunl %hu: fd %d wrong family, got %d, expected %d\n",
1501 tunnel_id, fd, sock->ops->family, AF_INET);
1502 goto err;
1505 err = -ENOTCONN;
1507 /* Check if this socket has already been prepped */
1508 tunnel = (struct pppol2tp_tunnel *)sk->sk_user_data;
1509 if (tunnel != NULL) {
1510 /* User-data field already set */
1511 err = -EBUSY;
1512 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1514 /* This socket has already been prepped */
1515 ret = tunnel->sock;
1516 goto out;
1519 /* This socket is available and needs prepping. Create a new tunnel
1520 * context and init it.
1522 sk->sk_user_data = tunnel = kzalloc(sizeof(struct pppol2tp_tunnel), GFP_KERNEL);
1523 if (sk->sk_user_data == NULL) {
1524 err = -ENOMEM;
1525 goto err;
1528 tunnel->magic = L2TP_TUNNEL_MAGIC;
1529 sprintf(&tunnel->name[0], "tunl %hu", tunnel_id);
1531 tunnel->stats.tunnel_id = tunnel_id;
1532 tunnel->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS;
1534 /* Hook on the tunnel socket destructor so that we can cleanup
1535 * if the tunnel socket goes away.
1537 tunnel->old_sk_destruct = sk->sk_destruct;
1538 sk->sk_destruct = &pppol2tp_tunnel_destruct;
1540 tunnel->sock = sk;
1541 sk->sk_allocation = GFP_ATOMIC;
1543 /* Misc init */
1544 rwlock_init(&tunnel->hlist_lock);
1546 /* The net we belong to */
1547 tunnel->pppol2tp_net = net;
1548 pn = pppol2tp_pernet(net);
1550 /* Add tunnel to our list */
1551 INIT_LIST_HEAD(&tunnel->list);
1552 write_lock_bh(&pn->pppol2tp_tunnel_list_lock);
1553 list_add(&tunnel->list, &pn->pppol2tp_tunnel_list);
1554 write_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
1555 atomic_inc(&pppol2tp_tunnel_count);
1557 /* Bump the reference count. The tunnel context is deleted
1558 * only when this drops to zero.
1560 pppol2tp_tunnel_inc_refcount(tunnel);
1562 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1563 (udp_sk(sk))->encap_type = UDP_ENCAP_L2TPINUDP;
1564 (udp_sk(sk))->encap_rcv = pppol2tp_udp_encap_recv;
1566 ret = tunnel->sock;
1568 *error = 0;
1569 out:
1570 if (sock)
1571 sockfd_put(sock);
1573 return ret;
1575 err:
1576 *error = err;
1577 goto out;
1580 static struct proto pppol2tp_sk_proto = {
1581 .name = "PPPOL2TP",
1582 .owner = THIS_MODULE,
1583 .obj_size = sizeof(struct pppox_sock),
1586 /* socket() handler. Initialize a new struct sock.
1588 static int pppol2tp_create(struct net *net, struct socket *sock)
1590 int error = -ENOMEM;
1591 struct sock *sk;
1593 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
1594 if (!sk)
1595 goto out;
1597 sock_init_data(sock, sk);
1599 sock->state = SS_UNCONNECTED;
1600 sock->ops = &pppol2tp_ops;
1602 sk->sk_backlog_rcv = pppol2tp_recv_core;
1603 sk->sk_protocol = PX_PROTO_OL2TP;
1604 sk->sk_family = PF_PPPOX;
1605 sk->sk_state = PPPOX_NONE;
1606 sk->sk_type = SOCK_STREAM;
1607 sk->sk_destruct = pppol2tp_session_destruct;
1609 error = 0;
1611 out:
1612 return error;
1615 /* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
1617 static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
1618 int sockaddr_len, int flags)
1620 struct sock *sk = sock->sk;
1621 struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
1622 struct pppox_sock *po = pppox_sk(sk);
1623 struct sock *tunnel_sock = NULL;
1624 struct pppol2tp_session *session = NULL;
1625 struct pppol2tp_tunnel *tunnel;
1626 struct dst_entry *dst;
1627 int error = 0;
1629 lock_sock(sk);
1631 error = -EINVAL;
1632 if (sp->sa_protocol != PX_PROTO_OL2TP)
1633 goto end;
1635 /* Check for already bound sockets */
1636 error = -EBUSY;
1637 if (sk->sk_state & PPPOX_CONNECTED)
1638 goto end;
1640 /* We don't supporting rebinding anyway */
1641 error = -EALREADY;
1642 if (sk->sk_user_data)
1643 goto end; /* socket is already attached */
1645 /* Don't bind if s_tunnel is 0 */
1646 error = -EINVAL;
1647 if (sp->pppol2tp.s_tunnel == 0)
1648 goto end;
1650 /* Special case: prepare tunnel socket if s_session and
1651 * d_session is 0. Otherwise look up tunnel using supplied
1652 * tunnel id.
1654 if ((sp->pppol2tp.s_session == 0) && (sp->pppol2tp.d_session == 0)) {
1655 tunnel_sock = pppol2tp_prepare_tunnel_socket(sock_net(sk),
1656 sp->pppol2tp.fd,
1657 sp->pppol2tp.s_tunnel,
1658 &error);
1659 if (tunnel_sock == NULL)
1660 goto end;
1662 tunnel = tunnel_sock->sk_user_data;
1663 } else {
1664 tunnel = pppol2tp_tunnel_find(sock_net(sk), sp->pppol2tp.s_tunnel);
1666 /* Error if we can't find the tunnel */
1667 error = -ENOENT;
1668 if (tunnel == NULL)
1669 goto end;
1671 tunnel_sock = tunnel->sock;
1674 /* Check that this session doesn't already exist */
1675 error = -EEXIST;
1676 session = pppol2tp_session_find(tunnel, sp->pppol2tp.s_session);
1677 if (session != NULL)
1678 goto end;
1680 /* Allocate and initialize a new session context. */
1681 session = kzalloc(sizeof(struct pppol2tp_session), GFP_KERNEL);
1682 if (session == NULL) {
1683 error = -ENOMEM;
1684 goto end;
1687 skb_queue_head_init(&session->reorder_q);
1689 session->magic = L2TP_SESSION_MAGIC;
1690 session->owner = current->pid;
1691 session->sock = sk;
1692 session->tunnel = tunnel;
1693 session->tunnel_sock = tunnel_sock;
1694 session->tunnel_addr = sp->pppol2tp;
1695 sprintf(&session->name[0], "sess %hu/%hu",
1696 session->tunnel_addr.s_tunnel,
1697 session->tunnel_addr.s_session);
1699 session->stats.tunnel_id = session->tunnel_addr.s_tunnel;
1700 session->stats.session_id = session->tunnel_addr.s_session;
1702 INIT_HLIST_NODE(&session->hlist);
1704 /* Inherit debug options from tunnel */
1705 session->debug = tunnel->debug;
1707 /* Default MTU must allow space for UDP/L2TP/PPP
1708 * headers.
1710 session->mtu = session->mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
1712 /* If PMTU discovery was enabled, use the MTU that was discovered */
1713 dst = sk_dst_get(sk);
1714 if (dst != NULL) {
1715 u32 pmtu = dst_mtu(__sk_dst_get(sk));
1716 if (pmtu != 0)
1717 session->mtu = session->mru = pmtu -
1718 PPPOL2TP_HEADER_OVERHEAD;
1719 dst_release(dst);
1722 /* Special case: if source & dest session_id == 0x0000, this socket is
1723 * being created to manage the tunnel. Don't add the session to the
1724 * session hash list, just set up the internal context for use by
1725 * ioctl() and sockopt() handlers.
1727 if ((session->tunnel_addr.s_session == 0) &&
1728 (session->tunnel_addr.d_session == 0)) {
1729 error = 0;
1730 sk->sk_user_data = session;
1731 goto out_no_ppp;
1734 /* Get tunnel context from the tunnel socket */
1735 tunnel = pppol2tp_sock_to_tunnel(tunnel_sock);
1736 if (tunnel == NULL) {
1737 error = -EBADF;
1738 goto end;
1741 /* Right now, because we don't have a way to push the incoming skb's
1742 * straight through the UDP layer, the only header we need to worry
1743 * about is the L2TP header. This size is different depending on
1744 * whether sequence numbers are enabled for the data channel.
1746 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1748 po->chan.private = sk;
1749 po->chan.ops = &pppol2tp_chan_ops;
1750 po->chan.mtu = session->mtu;
1752 error = ppp_register_net_channel(sock_net(sk), &po->chan);
1753 if (error)
1754 goto end_put_tun;
1756 /* This is how we get the session context from the socket. */
1757 sk->sk_user_data = session;
1759 /* Add session to the tunnel's hash list */
1760 write_lock_bh(&tunnel->hlist_lock);
1761 hlist_add_head(&session->hlist,
1762 pppol2tp_session_id_hash(tunnel,
1763 session->tunnel_addr.s_session));
1764 write_unlock_bh(&tunnel->hlist_lock);
1766 atomic_inc(&pppol2tp_session_count);
1768 out_no_ppp:
1769 pppol2tp_tunnel_inc_refcount(tunnel);
1770 sk->sk_state = PPPOX_CONNECTED;
1771 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1772 "%s: created\n", session->name);
1774 end_put_tun:
1775 sock_put(tunnel_sock);
1776 end:
1777 release_sock(sk);
1779 if (error != 0) {
1780 if (session)
1781 PRINTK(session->debug,
1782 PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1783 "%s: connect failed: %d\n",
1784 session->name, error);
1785 else
1786 PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1787 "connect failed: %d\n", error);
1790 return error;
1793 /* getname() support.
1795 static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
1796 int *usockaddr_len, int peer)
1798 int len = sizeof(struct sockaddr_pppol2tp);
1799 struct sockaddr_pppol2tp sp;
1800 int error = 0;
1801 struct pppol2tp_session *session;
1803 error = -ENOTCONN;
1804 if (sock->sk->sk_state != PPPOX_CONNECTED)
1805 goto end;
1807 session = pppol2tp_sock_to_session(sock->sk);
1808 if (session == NULL) {
1809 error = -EBADF;
1810 goto end;
1813 sp.sa_family = AF_PPPOX;
1814 sp.sa_protocol = PX_PROTO_OL2TP;
1815 memcpy(&sp.pppol2tp, &session->tunnel_addr,
1816 sizeof(struct pppol2tp_addr));
1818 memcpy(uaddr, &sp, len);
1820 *usockaddr_len = len;
1822 error = 0;
1823 sock_put(sock->sk);
1825 end:
1826 return error;
1829 /****************************************************************************
1830 * ioctl() handlers.
1832 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1833 * sockets. However, in order to control kernel tunnel features, we allow
1834 * userspace to create a special "tunnel" PPPoX socket which is used for
1835 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1836 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1837 * calls.
1838 ****************************************************************************/
1840 /* Session ioctl helper.
1842 static int pppol2tp_session_ioctl(struct pppol2tp_session *session,
1843 unsigned int cmd, unsigned long arg)
1845 struct ifreq ifr;
1846 int err = 0;
1847 struct sock *sk = session->sock;
1848 int val = (int) arg;
1850 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1851 "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1852 session->name, cmd, arg);
1854 sock_hold(sk);
1856 switch (cmd) {
1857 case SIOCGIFMTU:
1858 err = -ENXIO;
1859 if (!(sk->sk_state & PPPOX_CONNECTED))
1860 break;
1862 err = -EFAULT;
1863 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1864 break;
1865 ifr.ifr_mtu = session->mtu;
1866 if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1867 break;
1869 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1870 "%s: get mtu=%d\n", session->name, session->mtu);
1871 err = 0;
1872 break;
1874 case SIOCSIFMTU:
1875 err = -ENXIO;
1876 if (!(sk->sk_state & PPPOX_CONNECTED))
1877 break;
1879 err = -EFAULT;
1880 if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1881 break;
1883 session->mtu = ifr.ifr_mtu;
1885 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1886 "%s: set mtu=%d\n", session->name, session->mtu);
1887 err = 0;
1888 break;
1890 case PPPIOCGMRU:
1891 err = -ENXIO;
1892 if (!(sk->sk_state & PPPOX_CONNECTED))
1893 break;
1895 err = -EFAULT;
1896 if (put_user(session->mru, (int __user *) arg))
1897 break;
1899 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1900 "%s: get mru=%d\n", session->name, session->mru);
1901 err = 0;
1902 break;
1904 case PPPIOCSMRU:
1905 err = -ENXIO;
1906 if (!(sk->sk_state & PPPOX_CONNECTED))
1907 break;
1909 err = -EFAULT;
1910 if (get_user(val,(int __user *) arg))
1911 break;
1913 session->mru = val;
1914 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1915 "%s: set mru=%d\n", session->name, session->mru);
1916 err = 0;
1917 break;
1919 case PPPIOCGFLAGS:
1920 err = -EFAULT;
1921 if (put_user(session->flags, (int __user *) arg))
1922 break;
1924 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1925 "%s: get flags=%d\n", session->name, session->flags);
1926 err = 0;
1927 break;
1929 case PPPIOCSFLAGS:
1930 err = -EFAULT;
1931 if (get_user(val, (int __user *) arg))
1932 break;
1933 session->flags = val;
1934 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1935 "%s: set flags=%d\n", session->name, session->flags);
1936 err = 0;
1937 break;
1939 case PPPIOCGL2TPSTATS:
1940 err = -ENXIO;
1941 if (!(sk->sk_state & PPPOX_CONNECTED))
1942 break;
1944 if (copy_to_user((void __user *) arg, &session->stats,
1945 sizeof(session->stats)))
1946 break;
1947 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1948 "%s: get L2TP stats\n", session->name);
1949 err = 0;
1950 break;
1952 default:
1953 err = -ENOSYS;
1954 break;
1957 sock_put(sk);
1959 return err;
1962 /* Tunnel ioctl helper.
1964 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1965 * specifies a session_id, the session ioctl handler is called. This allows an
1966 * application to retrieve session stats via a tunnel socket.
1968 static int pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel *tunnel,
1969 unsigned int cmd, unsigned long arg)
1971 int err = 0;
1972 struct sock *sk = tunnel->sock;
1973 struct pppol2tp_ioc_stats stats_req;
1975 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1976 "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", tunnel->name,
1977 cmd, arg);
1979 sock_hold(sk);
1981 switch (cmd) {
1982 case PPPIOCGL2TPSTATS:
1983 err = -ENXIO;
1984 if (!(sk->sk_state & PPPOX_CONNECTED))
1985 break;
1987 if (copy_from_user(&stats_req, (void __user *) arg,
1988 sizeof(stats_req))) {
1989 err = -EFAULT;
1990 break;
1992 if (stats_req.session_id != 0) {
1993 /* resend to session ioctl handler */
1994 struct pppol2tp_session *session =
1995 pppol2tp_session_find(tunnel, stats_req.session_id);
1996 if (session != NULL)
1997 err = pppol2tp_session_ioctl(session, cmd, arg);
1998 else
1999 err = -EBADR;
2000 break;
2002 #ifdef CONFIG_XFRM
2003 tunnel->stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
2004 #endif
2005 if (copy_to_user((void __user *) arg, &tunnel->stats,
2006 sizeof(tunnel->stats))) {
2007 err = -EFAULT;
2008 break;
2010 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2011 "%s: get L2TP stats\n", tunnel->name);
2012 err = 0;
2013 break;
2015 default:
2016 err = -ENOSYS;
2017 break;
2020 sock_put(sk);
2022 return err;
2025 /* Main ioctl() handler.
2026 * Dispatch to tunnel or session helpers depending on the socket.
2028 static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
2029 unsigned long arg)
2031 struct sock *sk = sock->sk;
2032 struct pppol2tp_session *session;
2033 struct pppol2tp_tunnel *tunnel;
2034 int err;
2036 if (!sk)
2037 return 0;
2039 err = -EBADF;
2040 if (sock_flag(sk, SOCK_DEAD) != 0)
2041 goto end;
2043 err = -ENOTCONN;
2044 if ((sk->sk_user_data == NULL) ||
2045 (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
2046 goto end;
2048 /* Get session context from the socket */
2049 err = -EBADF;
2050 session = pppol2tp_sock_to_session(sk);
2051 if (session == NULL)
2052 goto end;
2054 /* Special case: if session's session_id is zero, treat ioctl as a
2055 * tunnel ioctl
2057 if ((session->tunnel_addr.s_session == 0) &&
2058 (session->tunnel_addr.d_session == 0)) {
2059 err = -EBADF;
2060 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2061 if (tunnel == NULL)
2062 goto end_put_sess;
2064 err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
2065 sock_put(session->tunnel_sock);
2066 goto end_put_sess;
2069 err = pppol2tp_session_ioctl(session, cmd, arg);
2071 end_put_sess:
2072 sock_put(sk);
2073 end:
2074 return err;
2077 /*****************************************************************************
2078 * setsockopt() / getsockopt() support.
2080 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
2081 * sockets. In order to control kernel tunnel features, we allow userspace to
2082 * create a special "tunnel" PPPoX socket which is used for control only.
2083 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
2084 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
2085 *****************************************************************************/
2087 /* Tunnel setsockopt() helper.
2089 static int pppol2tp_tunnel_setsockopt(struct sock *sk,
2090 struct pppol2tp_tunnel *tunnel,
2091 int optname, int val)
2093 int err = 0;
2095 switch (optname) {
2096 case PPPOL2TP_SO_DEBUG:
2097 tunnel->debug = val;
2098 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2099 "%s: set debug=%x\n", tunnel->name, tunnel->debug);
2100 break;
2102 default:
2103 err = -ENOPROTOOPT;
2104 break;
2107 return err;
2110 /* Session setsockopt helper.
2112 static int pppol2tp_session_setsockopt(struct sock *sk,
2113 struct pppol2tp_session *session,
2114 int optname, int val)
2116 int err = 0;
2118 switch (optname) {
2119 case PPPOL2TP_SO_RECVSEQ:
2120 if ((val != 0) && (val != 1)) {
2121 err = -EINVAL;
2122 break;
2124 session->recv_seq = val ? -1 : 0;
2125 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2126 "%s: set recv_seq=%d\n", session->name,
2127 session->recv_seq);
2128 break;
2130 case PPPOL2TP_SO_SENDSEQ:
2131 if ((val != 0) && (val != 1)) {
2132 err = -EINVAL;
2133 break;
2135 session->send_seq = val ? -1 : 0;
2137 struct sock *ssk = session->sock;
2138 struct pppox_sock *po = pppox_sk(ssk);
2139 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
2140 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
2142 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2143 "%s: set send_seq=%d\n", session->name, session->send_seq);
2144 break;
2146 case PPPOL2TP_SO_LNSMODE:
2147 if ((val != 0) && (val != 1)) {
2148 err = -EINVAL;
2149 break;
2151 session->lns_mode = val ? -1 : 0;
2152 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2153 "%s: set lns_mode=%d\n", session->name,
2154 session->lns_mode);
2155 break;
2157 case PPPOL2TP_SO_DEBUG:
2158 session->debug = val;
2159 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2160 "%s: set debug=%x\n", session->name, session->debug);
2161 break;
2163 case PPPOL2TP_SO_REORDERTO:
2164 session->reorder_timeout = msecs_to_jiffies(val);
2165 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2166 "%s: set reorder_timeout=%d\n", session->name,
2167 session->reorder_timeout);
2168 break;
2170 default:
2171 err = -ENOPROTOOPT;
2172 break;
2175 return err;
2178 /* Main setsockopt() entry point.
2179 * Does API checks, then calls either the tunnel or session setsockopt
2180 * handler, according to whether the PPPoL2TP socket is a for a regular
2181 * session or the special tunnel type.
2183 static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
2184 char __user *optval, int optlen)
2186 struct sock *sk = sock->sk;
2187 struct pppol2tp_session *session = sk->sk_user_data;
2188 struct pppol2tp_tunnel *tunnel;
2189 int val;
2190 int err;
2192 if (level != SOL_PPPOL2TP)
2193 return udp_prot.setsockopt(sk, level, optname, optval, optlen);
2195 if (optlen < sizeof(int))
2196 return -EINVAL;
2198 if (get_user(val, (int __user *)optval))
2199 return -EFAULT;
2201 err = -ENOTCONN;
2202 if (sk->sk_user_data == NULL)
2203 goto end;
2205 /* Get session context from the socket */
2206 err = -EBADF;
2207 session = pppol2tp_sock_to_session(sk);
2208 if (session == NULL)
2209 goto end;
2211 /* Special case: if session_id == 0x0000, treat as operation on tunnel
2213 if ((session->tunnel_addr.s_session == 0) &&
2214 (session->tunnel_addr.d_session == 0)) {
2215 err = -EBADF;
2216 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2217 if (tunnel == NULL)
2218 goto end_put_sess;
2220 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
2221 sock_put(session->tunnel_sock);
2222 } else
2223 err = pppol2tp_session_setsockopt(sk, session, optname, val);
2225 err = 0;
2227 end_put_sess:
2228 sock_put(sk);
2229 end:
2230 return err;
2233 /* Tunnel getsockopt helper. Called with sock locked.
2235 static int pppol2tp_tunnel_getsockopt(struct sock *sk,
2236 struct pppol2tp_tunnel *tunnel,
2237 int optname, int *val)
2239 int err = 0;
2241 switch (optname) {
2242 case PPPOL2TP_SO_DEBUG:
2243 *val = tunnel->debug;
2244 PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2245 "%s: get debug=%x\n", tunnel->name, tunnel->debug);
2246 break;
2248 default:
2249 err = -ENOPROTOOPT;
2250 break;
2253 return err;
2256 /* Session getsockopt helper. Called with sock locked.
2258 static int pppol2tp_session_getsockopt(struct sock *sk,
2259 struct pppol2tp_session *session,
2260 int optname, int *val)
2262 int err = 0;
2264 switch (optname) {
2265 case PPPOL2TP_SO_RECVSEQ:
2266 *val = session->recv_seq;
2267 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2268 "%s: get recv_seq=%d\n", session->name, *val);
2269 break;
2271 case PPPOL2TP_SO_SENDSEQ:
2272 *val = session->send_seq;
2273 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2274 "%s: get send_seq=%d\n", session->name, *val);
2275 break;
2277 case PPPOL2TP_SO_LNSMODE:
2278 *val = session->lns_mode;
2279 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2280 "%s: get lns_mode=%d\n", session->name, *val);
2281 break;
2283 case PPPOL2TP_SO_DEBUG:
2284 *val = session->debug;
2285 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2286 "%s: get debug=%d\n", session->name, *val);
2287 break;
2289 case PPPOL2TP_SO_REORDERTO:
2290 *val = (int) jiffies_to_msecs(session->reorder_timeout);
2291 PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2292 "%s: get reorder_timeout=%d\n", session->name, *val);
2293 break;
2295 default:
2296 err = -ENOPROTOOPT;
2299 return err;
2302 /* Main getsockopt() entry point.
2303 * Does API checks, then calls either the tunnel or session getsockopt
2304 * handler, according to whether the PPPoX socket is a for a regular session
2305 * or the special tunnel type.
2307 static int pppol2tp_getsockopt(struct socket *sock, int level,
2308 int optname, char __user *optval, int __user *optlen)
2310 struct sock *sk = sock->sk;
2311 struct pppol2tp_session *session = sk->sk_user_data;
2312 struct pppol2tp_tunnel *tunnel;
2313 int val, len;
2314 int err;
2316 if (level != SOL_PPPOL2TP)
2317 return udp_prot.getsockopt(sk, level, optname, optval, optlen);
2319 if (get_user(len, (int __user *) optlen))
2320 return -EFAULT;
2322 len = min_t(unsigned int, len, sizeof(int));
2324 if (len < 0)
2325 return -EINVAL;
2327 err = -ENOTCONN;
2328 if (sk->sk_user_data == NULL)
2329 goto end;
2331 /* Get the session context */
2332 err = -EBADF;
2333 session = pppol2tp_sock_to_session(sk);
2334 if (session == NULL)
2335 goto end;
2337 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
2338 if ((session->tunnel_addr.s_session == 0) &&
2339 (session->tunnel_addr.d_session == 0)) {
2340 err = -EBADF;
2341 tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2342 if (tunnel == NULL)
2343 goto end_put_sess;
2345 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
2346 sock_put(session->tunnel_sock);
2347 } else
2348 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
2350 err = -EFAULT;
2351 if (put_user(len, (int __user *) optlen))
2352 goto end_put_sess;
2354 if (copy_to_user((void __user *) optval, &val, len))
2355 goto end_put_sess;
2357 err = 0;
2359 end_put_sess:
2360 sock_put(sk);
2361 end:
2362 return err;
2365 /*****************************************************************************
2366 * /proc filesystem for debug
2367 *****************************************************************************/
2369 #ifdef CONFIG_PROC_FS
2371 #include <linux/seq_file.h>
2373 struct pppol2tp_seq_data {
2374 struct seq_net_private p;
2375 struct pppol2tp_tunnel *tunnel; /* current tunnel */
2376 struct pppol2tp_session *session; /* NULL means get first session in tunnel */
2379 static struct pppol2tp_session *next_session(struct pppol2tp_tunnel *tunnel, struct pppol2tp_session *curr)
2381 struct pppol2tp_session *session = NULL;
2382 struct hlist_node *walk;
2383 int found = 0;
2384 int next = 0;
2385 int i;
2387 read_lock_bh(&tunnel->hlist_lock);
2388 for (i = 0; i < PPPOL2TP_HASH_SIZE; i++) {
2389 hlist_for_each_entry(session, walk, &tunnel->session_hlist[i], hlist) {
2390 if (curr == NULL) {
2391 found = 1;
2392 goto out;
2394 if (session == curr) {
2395 next = 1;
2396 continue;
2398 if (next) {
2399 found = 1;
2400 goto out;
2404 out:
2405 read_unlock_bh(&tunnel->hlist_lock);
2406 if (!found)
2407 session = NULL;
2409 return session;
2412 static struct pppol2tp_tunnel *next_tunnel(struct pppol2tp_net *pn,
2413 struct pppol2tp_tunnel *curr)
2415 struct pppol2tp_tunnel *tunnel = NULL;
2417 read_lock_bh(&pn->pppol2tp_tunnel_list_lock);
2418 if (list_is_last(&curr->list, &pn->pppol2tp_tunnel_list)) {
2419 goto out;
2421 tunnel = list_entry(curr->list.next, struct pppol2tp_tunnel, list);
2422 out:
2423 read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
2425 return tunnel;
2428 static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
2430 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
2431 struct pppol2tp_net *pn;
2432 loff_t pos = *offs;
2434 if (!pos)
2435 goto out;
2437 BUG_ON(m->private == NULL);
2438 pd = m->private;
2439 pn = pppol2tp_pernet(seq_file_net(m));
2441 if (pd->tunnel == NULL) {
2442 if (!list_empty(&pn->pppol2tp_tunnel_list))
2443 pd->tunnel = list_entry(pn->pppol2tp_tunnel_list.next, struct pppol2tp_tunnel, list);
2444 } else {
2445 pd->session = next_session(pd->tunnel, pd->session);
2446 if (pd->session == NULL) {
2447 pd->tunnel = next_tunnel(pn, pd->tunnel);
2451 /* NULL tunnel and session indicates end of list */
2452 if ((pd->tunnel == NULL) && (pd->session == NULL))
2453 pd = NULL;
2455 out:
2456 return pd;
2459 static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
2461 (*pos)++;
2462 return NULL;
2465 static void pppol2tp_seq_stop(struct seq_file *p, void *v)
2467 /* nothing to do */
2470 static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
2472 struct pppol2tp_tunnel *tunnel = v;
2474 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
2475 tunnel->name,
2476 (tunnel == tunnel->sock->sk_user_data) ? 'Y':'N',
2477 atomic_read(&tunnel->ref_count) - 1);
2478 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
2479 tunnel->debug,
2480 (unsigned long long)tunnel->stats.tx_packets,
2481 (unsigned long long)tunnel->stats.tx_bytes,
2482 (unsigned long long)tunnel->stats.tx_errors,
2483 (unsigned long long)tunnel->stats.rx_packets,
2484 (unsigned long long)tunnel->stats.rx_bytes,
2485 (unsigned long long)tunnel->stats.rx_errors);
2488 static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2490 struct pppol2tp_session *session = v;
2492 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
2493 "%04X/%04X %d %c\n",
2494 session->name,
2495 ntohl(session->tunnel_addr.addr.sin_addr.s_addr),
2496 ntohs(session->tunnel_addr.addr.sin_port),
2497 session->tunnel_addr.s_tunnel,
2498 session->tunnel_addr.s_session,
2499 session->tunnel_addr.d_tunnel,
2500 session->tunnel_addr.d_session,
2501 session->sock->sk_state,
2502 (session == session->sock->sk_user_data) ?
2503 'Y' : 'N');
2504 seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
2505 session->mtu, session->mru,
2506 session->recv_seq ? 'R' : '-',
2507 session->send_seq ? 'S' : '-',
2508 session->lns_mode ? "LNS" : "LAC",
2509 session->debug,
2510 jiffies_to_msecs(session->reorder_timeout));
2511 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
2512 session->nr, session->ns,
2513 (unsigned long long)session->stats.tx_packets,
2514 (unsigned long long)session->stats.tx_bytes,
2515 (unsigned long long)session->stats.tx_errors,
2516 (unsigned long long)session->stats.rx_packets,
2517 (unsigned long long)session->stats.rx_bytes,
2518 (unsigned long long)session->stats.rx_errors);
2521 static int pppol2tp_seq_show(struct seq_file *m, void *v)
2523 struct pppol2tp_seq_data *pd = v;
2525 /* display header on line 1 */
2526 if (v == SEQ_START_TOKEN) {
2527 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
2528 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
2529 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2530 seq_puts(m, " SESSION name, addr/port src-tid/sid "
2531 "dest-tid/sid state user-data-ok\n");
2532 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
2533 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2534 goto out;
2537 /* Show the tunnel or session context.
2539 if (pd->session == NULL)
2540 pppol2tp_seq_tunnel_show(m, pd->tunnel);
2541 else
2542 pppol2tp_seq_session_show(m, pd->session);
2544 out:
2545 return 0;
2548 static const struct seq_operations pppol2tp_seq_ops = {
2549 .start = pppol2tp_seq_start,
2550 .next = pppol2tp_seq_next,
2551 .stop = pppol2tp_seq_stop,
2552 .show = pppol2tp_seq_show,
2555 /* Called when our /proc file is opened. We allocate data for use when
2556 * iterating our tunnel / session contexts and store it in the private
2557 * data of the seq_file.
2559 static int pppol2tp_proc_open(struct inode *inode, struct file *file)
2561 return seq_open_net(inode, file, &pppol2tp_seq_ops,
2562 sizeof(struct pppol2tp_seq_data));
2565 static const struct file_operations pppol2tp_proc_fops = {
2566 .owner = THIS_MODULE,
2567 .open = pppol2tp_proc_open,
2568 .read = seq_read,
2569 .llseek = seq_lseek,
2570 .release = seq_release_net,
2573 #endif /* CONFIG_PROC_FS */
2575 /*****************************************************************************
2576 * Init and cleanup
2577 *****************************************************************************/
2579 static struct proto_ops pppol2tp_ops = {
2580 .family = AF_PPPOX,
2581 .owner = THIS_MODULE,
2582 .release = pppol2tp_release,
2583 .bind = sock_no_bind,
2584 .connect = pppol2tp_connect,
2585 .socketpair = sock_no_socketpair,
2586 .accept = sock_no_accept,
2587 .getname = pppol2tp_getname,
2588 .poll = datagram_poll,
2589 .listen = sock_no_listen,
2590 .shutdown = sock_no_shutdown,
2591 .setsockopt = pppol2tp_setsockopt,
2592 .getsockopt = pppol2tp_getsockopt,
2593 .sendmsg = pppol2tp_sendmsg,
2594 .recvmsg = pppol2tp_recvmsg,
2595 .mmap = sock_no_mmap,
2596 .ioctl = pppox_ioctl,
2599 static struct pppox_proto pppol2tp_proto = {
2600 .create = pppol2tp_create,
2601 .ioctl = pppol2tp_ioctl
2604 static __net_init int pppol2tp_init_net(struct net *net)
2606 struct pppol2tp_net *pn;
2607 struct proc_dir_entry *pde;
2608 int err;
2610 pn = kzalloc(sizeof(*pn), GFP_KERNEL);
2611 if (!pn)
2612 return -ENOMEM;
2614 INIT_LIST_HEAD(&pn->pppol2tp_tunnel_list);
2615 rwlock_init(&pn->pppol2tp_tunnel_list_lock);
2617 err = net_assign_generic(net, pppol2tp_net_id, pn);
2618 if (err)
2619 goto out;
2621 pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
2622 #ifdef CONFIG_PROC_FS
2623 if (!pde) {
2624 err = -ENOMEM;
2625 goto out;
2627 #endif
2629 return 0;
2631 out:
2632 kfree(pn);
2633 return err;
2636 static __net_exit void pppol2tp_exit_net(struct net *net)
2638 struct pppoe_net *pn;
2640 proc_net_remove(net, "pppol2tp");
2641 pn = net_generic(net, pppol2tp_net_id);
2643 * if someone has cached our net then
2644 * further net_generic call will return NULL
2646 net_assign_generic(net, pppol2tp_net_id, NULL);
2647 kfree(pn);
2650 static struct pernet_operations pppol2tp_net_ops = {
2651 .init = pppol2tp_init_net,
2652 .exit = pppol2tp_exit_net,
2655 static int __init pppol2tp_init(void)
2657 int err;
2659 err = proto_register(&pppol2tp_sk_proto, 0);
2660 if (err)
2661 goto out;
2662 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
2663 if (err)
2664 goto out_unregister_pppol2tp_proto;
2666 err = register_pernet_gen_device(&pppol2tp_net_id, &pppol2tp_net_ops);
2667 if (err)
2668 goto out_unregister_pppox_proto;
2670 printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
2671 PPPOL2TP_DRV_VERSION);
2673 out:
2674 return err;
2675 out_unregister_pppox_proto:
2676 unregister_pppox_proto(PX_PROTO_OL2TP);
2677 out_unregister_pppol2tp_proto:
2678 proto_unregister(&pppol2tp_sk_proto);
2679 goto out;
2682 static void __exit pppol2tp_exit(void)
2684 unregister_pppox_proto(PX_PROTO_OL2TP);
2685 proto_unregister(&pppol2tp_sk_proto);
2688 module_init(pppol2tp_init);
2689 module_exit(pppol2tp_exit);
2691 MODULE_AUTHOR("Martijn van Oosterhout <kleptog@svana.org>, "
2692 "James Chapman <jchapman@katalix.com>");
2693 MODULE_DESCRIPTION("PPP over L2TP over UDP");
2694 MODULE_LICENSE("GPL");
2695 MODULE_VERSION(PPPOL2TP_DRV_VERSION);