1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*****************************************************************************
3 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
4 *
5 * PPPoX --- Generic PPP encapsulation socket family
6 * PPPoL2TP --- PPP over L2TP (RFC 2661)
7 *
8 * Version: 2.0.0
9 *
10 * Authors: James Chapman (jchapman@katalix.com)
11 *
12 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
13 *
14 * License:
15 */
16
17 /* This driver handles only L2TP data frames; control frames are handled by a
18 * userspace application.
19 *
20 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
21 * attaches it to a bound UDP socket with local tunnel_id / session_id and
22 * peer tunnel_id / session_id set. Data can then be sent or received using
23 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
24 * can be read or modified using ioctl() or [gs]etsockopt() calls.
25 *
26 * When a PPPoL2TP socket is connected with local and peer session_id values
27 * zero, the socket is treated as a special tunnel management socket.
28 *
29 * Here's example userspace code to create a socket for sending/receiving data
30 * over an L2TP session:-
31 *
32 * struct sockaddr_pppol2tp sax;
33 * int fd;
34 * int session_fd;
35 *
36 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
37 *
38 * sax.sa_family = AF_PPPOX;
39 * sax.sa_protocol = PX_PROTO_OL2TP;
40 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
41 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
42 * sax.pppol2tp.addr.sin_port = addr->sin_port;
43 * sax.pppol2tp.addr.sin_family = AF_INET;
44 * sax.pppol2tp.s_tunnel = tunnel_id;
45 * sax.pppol2tp.s_session = session_id;
46 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
47 * sax.pppol2tp.d_session = peer_session_id;
48 *
49 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
50 *
51 * A pppd plugin that allows PPP traffic to be carried over L2TP using
52 * this driver is available from the OpenL2TP project at
53 * http://openl2tp.sourceforge.net.
54 */
55
56 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
57
58 #include <linux/module.h>
59 #include <linux/string.h>
60 #include <linux/list.h>
61 #include <linux/uaccess.h>
62
63 #include <linux/kernel.h>
64 #include <linux/spinlock.h>
65 #include <linux/kthread.h>
66 #include <linux/sched.h>
67 #include <linux/slab.h>
68 #include <linux/errno.h>
69 #include <linux/jiffies.h>
70
71 #include <linux/netdevice.h>
72 #include <linux/net.h>
73 #include <linux/inetdevice.h>
74 #include <linux/skbuff.h>
75 #include <linux/init.h>
76 #include <linux/ip.h>
77 #include <linux/udp.h>
78 #include <linux/if_pppox.h>
79 #include <linux/if_pppol2tp.h>
80 #include <net/sock.h>
81 #include <linux/ppp_channel.h>
82 #include <linux/ppp_defs.h>
83 #include <linux/ppp-ioctl.h>
84 #include <linux/file.h>
85 #include <linux/hash.h>
86 #include <linux/sort.h>
87 #include <linux/proc_fs.h>
88 #include <linux/l2tp.h>
89 #include <linux/nsproxy.h>
90 #include <net/net_namespace.h>
91 #include <net/netns/generic.h>
92 #include <net/ip.h>
93 #include <net/udp.h>
94 #include <net/inet_common.h>
95
96 #include <asm/byteorder.h>
97 #include <linux/atomic.h>
98
99 #include "l2tp_core.h"
100
101 #define PPPOL2TP_DRV_VERSION "V2.0"
102
103 /* Space for UDP, L2TP and PPP headers */
104 #define PPPOL2TP_HEADER_OVERHEAD 40
105
106 /* Number of bytes to build transmit L2TP headers.
107 * Unfortunately the size is different depending on whether sequence numbers
108 * are enabled.
109 */
110 #define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
111 #define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
112
113 /* Private data of each session. This data lives at the end of struct
114 * l2tp_session, referenced via session->priv[].
115 */
116 struct pppol2tp_session {
117 int owner; /* pid that opened the socket */
118
119 struct mutex sk_lock; /* Protects .sk */
120 struct sock __rcu *sk; /* Pointer to the session
121 * PPPoX socket */
122 struct sock *__sk; /* Copy of .sk, for cleanup */
123 struct rcu_head rcu; /* For asynchronous release */
124 };
125
126 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
127
128 static const struct ppp_channel_ops pppol2tp_chan_ops = {
129 .start_xmit = pppol2tp_xmit,
130 };
131
132 static const struct proto_ops pppol2tp_ops;
133
134 /* Retrieves the pppol2tp socket associated to a session.
135 * A reference is held on the returned socket, so this function must be paired
136 * with sock_put().
137 */
pppol2tp_session_get_sock(struct l2tp_session * session)138 static struct sock *pppol2tp_session_get_sock(struct l2tp_session *session)
139 {
140 struct pppol2tp_session *ps = l2tp_session_priv(session);
141 struct sock *sk;
142
143 rcu_read_lock();
144 sk = rcu_dereference(ps->sk);
145 if (sk)
146 sock_hold(sk);
147 rcu_read_unlock();
148
149 return sk;
150 }
151
152 /* Helpers to obtain tunnel/session contexts from sockets.
153 */
pppol2tp_sock_to_session(struct sock * sk)154 static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
155 {
156 struct l2tp_session *session;
157
158 if (sk == NULL)
159 return NULL;
160
161 sock_hold(sk);
162 session = (struct l2tp_session *)(sk->sk_user_data);
163 if (session == NULL) {
164 sock_put(sk);
165 goto out;
166 }
167
168 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
169
170 out:
171 return session;
172 }
173
174 /*****************************************************************************
175 * Receive data handling
176 *****************************************************************************/
177
178 /* Receive message. This is the recvmsg for the PPPoL2TP socket.
179 */
pppol2tp_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)180 static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg,
181 size_t len, int flags)
182 {
183 int err;
184 struct sk_buff *skb;
185 struct sock *sk = sock->sk;
186
187 err = -EIO;
188 if (sk->sk_state & PPPOX_BOUND)
189 goto end;
190
191 err = 0;
192 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
193 flags & MSG_DONTWAIT, &err);
194 if (!skb)
195 goto end;
196
197 if (len > skb->len)
198 len = skb->len;
199 else if (len < skb->len)
200 msg->msg_flags |= MSG_TRUNC;
201
202 err = skb_copy_datagram_msg(skb, 0, msg, len);
203 if (likely(err == 0))
204 err = len;
205
206 kfree_skb(skb);
207 end:
208 return err;
209 }
210
pppol2tp_recv(struct l2tp_session * session,struct sk_buff * skb,int data_len)211 static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
212 {
213 struct pppol2tp_session *ps = l2tp_session_priv(session);
214 struct sock *sk = NULL;
215
216 /* If the socket is bound, send it in to PPP's input queue. Otherwise
217 * queue it on the session socket.
218 */
219 rcu_read_lock();
220 sk = rcu_dereference(ps->sk);
221 if (sk == NULL)
222 goto no_sock;
223
224 /* If the first two bytes are 0xFF03, consider that it is the PPP's
225 * Address and Control fields and skip them. The L2TP module has always
226 * worked this way, although, in theory, the use of these fields should
227 * be negociated and handled at the PPP layer. These fields are
228 * constant: 0xFF is the All-Stations Address and 0x03 the Unnumbered
229 * Information command with Poll/Final bit set to zero (RFC 1662).
230 */
231 if (pskb_may_pull(skb, 2) && skb->data[0] == PPP_ALLSTATIONS &&
232 skb->data[1] == PPP_UI)
233 skb_pull(skb, 2);
234
235 if (sk->sk_state & PPPOX_BOUND) {
236 struct pppox_sock *po;
237
238 l2tp_dbg(session, L2TP_MSG_DATA,
239 "%s: recv %d byte data frame, passing to ppp\n",
240 session->name, data_len);
241
242 po = pppox_sk(sk);
243 ppp_input(&po->chan, skb);
244 } else {
245 l2tp_dbg(session, L2TP_MSG_DATA,
246 "%s: recv %d byte data frame, passing to L2TP socket\n",
247 session->name, data_len);
248
249 if (sock_queue_rcv_skb(sk, skb) < 0) {
250 atomic_long_inc(&session->stats.rx_errors);
251 kfree_skb(skb);
252 }
253 }
254 rcu_read_unlock();
255
256 return;
257
258 no_sock:
259 rcu_read_unlock();
260 l2tp_info(session, L2TP_MSG_DATA, "%s: no socket\n", session->name);
261 kfree_skb(skb);
262 }
263
264 /************************************************************************
265 * Transmit handling
266 ***********************************************************************/
267
268 /* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
269 * when a user application does a sendmsg() on the session socket. L2TP and
270 * PPP headers must be inserted into the user's data.
271 */
pppol2tp_sendmsg(struct socket * sock,struct msghdr * m,size_t total_len)272 static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m,
273 size_t total_len)
274 {
275 struct sock *sk = sock->sk;
276 struct sk_buff *skb;
277 int error;
278 struct l2tp_session *session;
279 struct l2tp_tunnel *tunnel;
280 int uhlen;
281
282 error = -ENOTCONN;
283 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
284 goto error;
285
286 /* Get session and tunnel contexts */
287 error = -EBADF;
288 session = pppol2tp_sock_to_session(sk);
289 if (session == NULL)
290 goto error;
291
292 tunnel = session->tunnel;
293
294 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
295
296 /* Allocate a socket buffer */
297 error = -ENOMEM;
298 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
299 uhlen + session->hdr_len +
300 2 + total_len, /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
301 0, GFP_KERNEL);
302 if (!skb)
303 goto error_put_sess;
304
305 /* Reserve space for headers. */
306 skb_reserve(skb, NET_SKB_PAD);
307 skb_reset_network_header(skb);
308 skb_reserve(skb, sizeof(struct iphdr));
309 skb_reset_transport_header(skb);
310 skb_reserve(skb, uhlen);
311
312 /* Add PPP header */
313 skb->data[0] = PPP_ALLSTATIONS;
314 skb->data[1] = PPP_UI;
315 skb_put(skb, 2);
316
317 /* Copy user data into skb */
318 error = memcpy_from_msg(skb_put(skb, total_len), m, total_len);
319 if (error < 0) {
320 kfree_skb(skb);
321 goto error_put_sess;
322 }
323
324 local_bh_disable();
325 l2tp_xmit_skb(session, skb, session->hdr_len);
326 local_bh_enable();
327
328 sock_put(sk);
329
330 return total_len;
331
332 error_put_sess:
333 sock_put(sk);
334 error:
335 return error;
336 }
337
338 /* Transmit function called by generic PPP driver. Sends PPP frame
339 * over PPPoL2TP socket.
340 *
341 * This is almost the same as pppol2tp_sendmsg(), but rather than
342 * being called with a msghdr from userspace, it is called with a skb
343 * from the kernel.
344 *
345 * The supplied skb from ppp doesn't have enough headroom for the
346 * insertion of L2TP, UDP and IP headers so we need to allocate more
347 * headroom in the skb. This will create a cloned skb. But we must be
348 * careful in the error case because the caller will expect to free
349 * the skb it supplied, not our cloned skb. So we take care to always
350 * leave the original skb unfreed if we return an error.
351 */
pppol2tp_xmit(struct ppp_channel * chan,struct sk_buff * skb)352 static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
353 {
354 struct sock *sk = (struct sock *) chan->private;
355 struct l2tp_session *session;
356 struct l2tp_tunnel *tunnel;
357 int uhlen, headroom;
358
359 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
360 goto abort;
361
362 /* Get session and tunnel contexts from the socket */
363 session = pppol2tp_sock_to_session(sk);
364 if (session == NULL)
365 goto abort;
366
367 tunnel = session->tunnel;
368
369 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
370 headroom = NET_SKB_PAD +
371 sizeof(struct iphdr) + /* IP header */
372 uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */
373 session->hdr_len + /* L2TP header */
374 2; /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
375 if (skb_cow_head(skb, headroom))
376 goto abort_put_sess;
377
378 /* Setup PPP header */
379 __skb_push(skb, 2);
380 skb->data[0] = PPP_ALLSTATIONS;
381 skb->data[1] = PPP_UI;
382
383 local_bh_disable();
384 l2tp_xmit_skb(session, skb, session->hdr_len);
385 local_bh_enable();
386
387 sock_put(sk);
388
389 return 1;
390
391 abort_put_sess:
392 sock_put(sk);
393 abort:
394 /* Free the original skb */
395 kfree_skb(skb);
396 return 1;
397 }
398
399 /*****************************************************************************
400 * Session (and tunnel control) socket create/destroy.
401 *****************************************************************************/
402
pppol2tp_put_sk(struct rcu_head * head)403 static void pppol2tp_put_sk(struct rcu_head *head)
404 {
405 struct pppol2tp_session *ps;
406
407 ps = container_of(head, typeof(*ps), rcu);
408 sock_put(ps->__sk);
409 }
410
411 /* Really kill the session socket. (Called from sock_put() if
412 * refcnt == 0.)
413 */
pppol2tp_session_destruct(struct sock * sk)414 static void pppol2tp_session_destruct(struct sock *sk)
415 {
416 struct l2tp_session *session = sk->sk_user_data;
417
418 skb_queue_purge(&sk->sk_receive_queue);
419 skb_queue_purge(&sk->sk_write_queue);
420
421 if (session) {
422 sk->sk_user_data = NULL;
423 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
424 l2tp_session_dec_refcount(session);
425 }
426 }
427
428 /* Called when the PPPoX socket (session) is closed.
429 */
pppol2tp_release(struct socket * sock)430 static int pppol2tp_release(struct socket *sock)
431 {
432 struct sock *sk = sock->sk;
433 struct l2tp_session *session;
434 int error;
435
436 if (!sk)
437 return 0;
438
439 error = -EBADF;
440 lock_sock(sk);
441 if (sock_flag(sk, SOCK_DEAD) != 0)
442 goto error;
443
444 pppox_unbind_sock(sk);
445
446 /* Signal the death of the socket. */
447 sk->sk_state = PPPOX_DEAD;
448 sock_orphan(sk);
449 sock->sk = NULL;
450
451 session = pppol2tp_sock_to_session(sk);
452 if (session) {
453 struct pppol2tp_session *ps;
454
455 l2tp_session_delete(session);
456
457 ps = l2tp_session_priv(session);
458 mutex_lock(&ps->sk_lock);
459 ps->__sk = rcu_dereference_protected(ps->sk,
460 lockdep_is_held(&ps->sk_lock));
461 RCU_INIT_POINTER(ps->sk, NULL);
462 mutex_unlock(&ps->sk_lock);
463 call_rcu(&ps->rcu, pppol2tp_put_sk);
464
465 /* Rely on the sock_put() call at the end of the function for
466 * dropping the reference held by pppol2tp_sock_to_session().
467 * The last reference will be dropped by pppol2tp_put_sk().
468 */
469 }
470
471 release_sock(sk);
472
473 /* This will delete the session context via
474 * pppol2tp_session_destruct() if the socket's refcnt drops to
475 * zero.
476 */
477 sock_put(sk);
478
479 return 0;
480
481 error:
482 release_sock(sk);
483 return error;
484 }
485
486 static struct proto pppol2tp_sk_proto = {
487 .name = "PPPOL2TP",
488 .owner = THIS_MODULE,
489 .obj_size = sizeof(struct pppox_sock),
490 };
491
pppol2tp_backlog_recv(struct sock * sk,struct sk_buff * skb)492 static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
493 {
494 int rc;
495
496 rc = l2tp_udp_encap_recv(sk, skb);
497 if (rc)
498 kfree_skb(skb);
499
500 return NET_RX_SUCCESS;
501 }
502
503 /* socket() handler. Initialize a new struct sock.
504 */
pppol2tp_create(struct net * net,struct socket * sock,int kern)505 static int pppol2tp_create(struct net *net, struct socket *sock, int kern)
506 {
507 int error = -ENOMEM;
508 struct sock *sk;
509
510 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, kern);
511 if (!sk)
512 goto out;
513
514 sock_init_data(sock, sk);
515
516 sock->state = SS_UNCONNECTED;
517 sock->ops = &pppol2tp_ops;
518
519 sk->sk_backlog_rcv = pppol2tp_backlog_recv;
520 sk->sk_protocol = PX_PROTO_OL2TP;
521 sk->sk_family = PF_PPPOX;
522 sk->sk_state = PPPOX_NONE;
523 sk->sk_type = SOCK_STREAM;
524 sk->sk_destruct = pppol2tp_session_destruct;
525
526 error = 0;
527
528 out:
529 return error;
530 }
531
pppol2tp_show(struct seq_file * m,void * arg)532 static void pppol2tp_show(struct seq_file *m, void *arg)
533 {
534 struct l2tp_session *session = arg;
535 struct sock *sk;
536
537 sk = pppol2tp_session_get_sock(session);
538 if (sk) {
539 struct pppox_sock *po = pppox_sk(sk);
540
541 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
542 sock_put(sk);
543 }
544 }
545
pppol2tp_session_init(struct l2tp_session * session)546 static void pppol2tp_session_init(struct l2tp_session *session)
547 {
548 struct pppol2tp_session *ps;
549
550 session->recv_skb = pppol2tp_recv;
551 if (IS_ENABLED(CONFIG_L2TP_DEBUGFS))
552 session->show = pppol2tp_show;
553
554 ps = l2tp_session_priv(session);
555 mutex_init(&ps->sk_lock);
556 ps->owner = current->pid;
557 }
558
559 struct l2tp_connect_info {
560 u8 version;
561 int fd;
562 u32 tunnel_id;
563 u32 peer_tunnel_id;
564 u32 session_id;
565 u32 peer_session_id;
566 };
567
pppol2tp_sockaddr_get_info(const void * sa,int sa_len,struct l2tp_connect_info * info)568 static int pppol2tp_sockaddr_get_info(const void *sa, int sa_len,
569 struct l2tp_connect_info *info)
570 {
571 switch (sa_len) {
572 case sizeof(struct sockaddr_pppol2tp):
573 {
574 const struct sockaddr_pppol2tp *sa_v2in4 = sa;
575
576 if (sa_v2in4->sa_protocol != PX_PROTO_OL2TP)
577 return -EINVAL;
578
579 info->version = 2;
580 info->fd = sa_v2in4->pppol2tp.fd;
581 info->tunnel_id = sa_v2in4->pppol2tp.s_tunnel;
582 info->peer_tunnel_id = sa_v2in4->pppol2tp.d_tunnel;
583 info->session_id = sa_v2in4->pppol2tp.s_session;
584 info->peer_session_id = sa_v2in4->pppol2tp.d_session;
585
586 break;
587 }
588 case sizeof(struct sockaddr_pppol2tpv3):
589 {
590 const struct sockaddr_pppol2tpv3 *sa_v3in4 = sa;
591
592 if (sa_v3in4->sa_protocol != PX_PROTO_OL2TP)
593 return -EINVAL;
594
595 info->version = 3;
596 info->fd = sa_v3in4->pppol2tp.fd;
597 info->tunnel_id = sa_v3in4->pppol2tp.s_tunnel;
598 info->peer_tunnel_id = sa_v3in4->pppol2tp.d_tunnel;
599 info->session_id = sa_v3in4->pppol2tp.s_session;
600 info->peer_session_id = sa_v3in4->pppol2tp.d_session;
601
602 break;
603 }
604 case sizeof(struct sockaddr_pppol2tpin6):
605 {
606 const struct sockaddr_pppol2tpin6 *sa_v2in6 = sa;
607
608 if (sa_v2in6->sa_protocol != PX_PROTO_OL2TP)
609 return -EINVAL;
610
611 info->version = 2;
612 info->fd = sa_v2in6->pppol2tp.fd;
613 info->tunnel_id = sa_v2in6->pppol2tp.s_tunnel;
614 info->peer_tunnel_id = sa_v2in6->pppol2tp.d_tunnel;
615 info->session_id = sa_v2in6->pppol2tp.s_session;
616 info->peer_session_id = sa_v2in6->pppol2tp.d_session;
617
618 break;
619 }
620 case sizeof(struct sockaddr_pppol2tpv3in6):
621 {
622 const struct sockaddr_pppol2tpv3in6 *sa_v3in6 = sa;
623
624 if (sa_v3in6->sa_protocol != PX_PROTO_OL2TP)
625 return -EINVAL;
626
627 info->version = 3;
628 info->fd = sa_v3in6->pppol2tp.fd;
629 info->tunnel_id = sa_v3in6->pppol2tp.s_tunnel;
630 info->peer_tunnel_id = sa_v3in6->pppol2tp.d_tunnel;
631 info->session_id = sa_v3in6->pppol2tp.s_session;
632 info->peer_session_id = sa_v3in6->pppol2tp.d_session;
633
634 break;
635 }
636 default:
637 return -EINVAL;
638 }
639
640 return 0;
641 }
642
643 /* Rough estimation of the maximum payload size a tunnel can transmit without
644 * fragmenting at the lower IP layer. Assumes L2TPv2 with sequence
645 * numbers and no IP option. Not quite accurate, but the result is mostly
646 * unused anyway.
647 */
pppol2tp_tunnel_mtu(const struct l2tp_tunnel * tunnel)648 static int pppol2tp_tunnel_mtu(const struct l2tp_tunnel *tunnel)
649 {
650 int mtu;
651
652 mtu = l2tp_tunnel_dst_mtu(tunnel);
653 if (mtu <= PPPOL2TP_HEADER_OVERHEAD)
654 return 1500 - PPPOL2TP_HEADER_OVERHEAD;
655
656 return mtu - PPPOL2TP_HEADER_OVERHEAD;
657 }
658
659 /* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
660 */
pppol2tp_connect(struct socket * sock,struct sockaddr * uservaddr,int sockaddr_len,int flags)661 static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
662 int sockaddr_len, int flags)
663 {
664 struct sock *sk = sock->sk;
665 struct pppox_sock *po = pppox_sk(sk);
666 struct l2tp_session *session = NULL;
667 struct l2tp_connect_info info;
668 struct l2tp_tunnel *tunnel;
669 struct pppol2tp_session *ps;
670 struct l2tp_session_cfg cfg = { 0, };
671 bool drop_refcnt = false;
672 bool drop_tunnel = false;
673 bool new_session = false;
674 bool new_tunnel = false;
675 int error;
676
677 error = pppol2tp_sockaddr_get_info(uservaddr, sockaddr_len, &info);
678 if (error < 0)
679 return error;
680
681 lock_sock(sk);
682
683 /* Check for already bound sockets */
684 error = -EBUSY;
685 if (sk->sk_state & PPPOX_CONNECTED)
686 goto end;
687
688 /* We don't supporting rebinding anyway */
689 error = -EALREADY;
690 if (sk->sk_user_data)
691 goto end; /* socket is already attached */
692
693 /* Don't bind if tunnel_id is 0 */
694 error = -EINVAL;
695 if (!info.tunnel_id)
696 goto end;
697
698 tunnel = l2tp_tunnel_get(sock_net(sk), info.tunnel_id);
699 if (tunnel)
700 drop_tunnel = true;
701
702 /* Special case: create tunnel context if session_id and
703 * peer_session_id is 0. Otherwise look up tunnel using supplied
704 * tunnel id.
705 */
706 if (!info.session_id && !info.peer_session_id) {
707 if (tunnel == NULL) {
708 struct l2tp_tunnel_cfg tcfg = {
709 .encap = L2TP_ENCAPTYPE_UDP,
710 .debug = 0,
711 };
712
713 /* Prevent l2tp_tunnel_register() from trying to set up
714 * a kernel socket.
715 */
716 if (info.fd < 0) {
717 error = -EBADF;
718 goto end;
719 }
720
721 error = l2tp_tunnel_create(sock_net(sk), info.fd,
722 info.version,
723 info.tunnel_id,
724 info.peer_tunnel_id, &tcfg,
725 &tunnel);
726 if (error < 0)
727 goto end;
728
729 l2tp_tunnel_inc_refcount(tunnel);
730 error = l2tp_tunnel_register(tunnel, sock_net(sk),
731 &tcfg);
732 if (error < 0) {
733 kfree(tunnel);
734 goto end;
735 }
736 drop_tunnel = true;
737 new_tunnel = true;
738 }
739 } else {
740 /* Error if we can't find the tunnel */
741 error = -ENOENT;
742 if (tunnel == NULL)
743 goto end;
744
745 /* Error if socket is not prepped */
746 if (tunnel->sock == NULL)
747 goto end;
748 }
749
750 if (tunnel->peer_tunnel_id == 0)
751 tunnel->peer_tunnel_id = info.peer_tunnel_id;
752
753 session = l2tp_tunnel_get_session(tunnel, info.session_id);
754 if (session) {
755 drop_refcnt = true;
756
757 if (session->pwtype != L2TP_PWTYPE_PPP) {
758 error = -EPROTOTYPE;
759 goto end;
760 }
761
762 ps = l2tp_session_priv(session);
763
764 /* Using a pre-existing session is fine as long as it hasn't
765 * been connected yet.
766 */
767 mutex_lock(&ps->sk_lock);
768 if (rcu_dereference_protected(ps->sk,
769 lockdep_is_held(&ps->sk_lock)) ||
770 ps->__sk) {
771 mutex_unlock(&ps->sk_lock);
772 error = -EEXIST;
773 goto end;
774 }
775 } else {
776 cfg.pw_type = L2TP_PWTYPE_PPP;
777
778 session = l2tp_session_create(sizeof(struct pppol2tp_session),
779 tunnel, info.session_id,
780 info.peer_session_id, &cfg);
781 if (IS_ERR(session)) {
782 error = PTR_ERR(session);
783 goto end;
784 }
785
786 pppol2tp_session_init(session);
787 ps = l2tp_session_priv(session);
788 l2tp_session_inc_refcount(session);
789
790 mutex_lock(&ps->sk_lock);
791 error = l2tp_session_register(session, tunnel);
792 if (error < 0) {
793 mutex_unlock(&ps->sk_lock);
794 kfree(session);
795 goto end;
796 }
797 drop_refcnt = true;
798 new_session = true;
799 }
800
801 /* Special case: if source & dest session_id == 0x0000, this
802 * socket is being created to manage the tunnel. Just set up
803 * the internal context for use by ioctl() and sockopt()
804 * handlers.
805 */
806 if ((session->session_id == 0) &&
807 (session->peer_session_id == 0)) {
808 error = 0;
809 goto out_no_ppp;
810 }
811
812 /* The only header we need to worry about is the L2TP
813 * header. This size is different depending on whether
814 * sequence numbers are enabled for the data channel.
815 */
816 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
817
818 po->chan.private = sk;
819 po->chan.ops = &pppol2tp_chan_ops;
820 po->chan.mtu = pppol2tp_tunnel_mtu(tunnel);
821
822 error = ppp_register_net_channel(sock_net(sk), &po->chan);
823 if (error) {
824 mutex_unlock(&ps->sk_lock);
825 goto end;
826 }
827
828 out_no_ppp:
829 /* This is how we get the session context from the socket. */
830 sk->sk_user_data = session;
831 rcu_assign_pointer(ps->sk, sk);
832 mutex_unlock(&ps->sk_lock);
833
834 /* Keep the reference we've grabbed on the session: sk doesn't expect
835 * the session to disappear. pppol2tp_session_destruct() is responsible
836 * for dropping it.
837 */
838 drop_refcnt = false;
839
840 sk->sk_state = PPPOX_CONNECTED;
841 l2tp_info(session, L2TP_MSG_CONTROL, "%s: created\n",
842 session->name);
843
844 end:
845 if (error) {
846 if (new_session)
847 l2tp_session_delete(session);
848 if (new_tunnel)
849 l2tp_tunnel_delete(tunnel);
850 }
851 if (drop_refcnt)
852 l2tp_session_dec_refcount(session);
853 if (drop_tunnel)
854 l2tp_tunnel_dec_refcount(tunnel);
855 release_sock(sk);
856
857 return error;
858 }
859
860 #ifdef CONFIG_L2TP_V3
861
862 /* Called when creating sessions via the netlink interface. */
pppol2tp_session_create(struct net * net,struct l2tp_tunnel * tunnel,u32 session_id,u32 peer_session_id,struct l2tp_session_cfg * cfg)863 static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel,
864 u32 session_id, u32 peer_session_id,
865 struct l2tp_session_cfg *cfg)
866 {
867 int error;
868 struct l2tp_session *session;
869
870 /* Error if tunnel socket is not prepped */
871 if (!tunnel->sock) {
872 error = -ENOENT;
873 goto err;
874 }
875
876 /* Allocate and initialize a new session context. */
877 session = l2tp_session_create(sizeof(struct pppol2tp_session),
878 tunnel, session_id,
879 peer_session_id, cfg);
880 if (IS_ERR(session)) {
881 error = PTR_ERR(session);
882 goto err;
883 }
884
885 pppol2tp_session_init(session);
886
887 error = l2tp_session_register(session, tunnel);
888 if (error < 0)
889 goto err_sess;
890
891 return 0;
892
893 err_sess:
894 kfree(session);
895 err:
896 return error;
897 }
898
899 #endif /* CONFIG_L2TP_V3 */
900
901 /* getname() support.
902 */
pppol2tp_getname(struct socket * sock,struct sockaddr * uaddr,int peer)903 static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
904 int peer)
905 {
906 int len = 0;
907 int error = 0;
908 struct l2tp_session *session;
909 struct l2tp_tunnel *tunnel;
910 struct sock *sk = sock->sk;
911 struct inet_sock *inet;
912 struct pppol2tp_session *pls;
913
914 error = -ENOTCONN;
915 if (sk == NULL)
916 goto end;
917 if (!(sk->sk_state & PPPOX_CONNECTED))
918 goto end;
919
920 error = -EBADF;
921 session = pppol2tp_sock_to_session(sk);
922 if (session == NULL)
923 goto end;
924
925 pls = l2tp_session_priv(session);
926 tunnel = session->tunnel;
927
928 inet = inet_sk(tunnel->sock);
929 if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) {
930 struct sockaddr_pppol2tp sp;
931 len = sizeof(sp);
932 memset(&sp, 0, len);
933 sp.sa_family = AF_PPPOX;
934 sp.sa_protocol = PX_PROTO_OL2TP;
935 sp.pppol2tp.fd = tunnel->fd;
936 sp.pppol2tp.pid = pls->owner;
937 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
938 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
939 sp.pppol2tp.s_session = session->session_id;
940 sp.pppol2tp.d_session = session->peer_session_id;
941 sp.pppol2tp.addr.sin_family = AF_INET;
942 sp.pppol2tp.addr.sin_port = inet->inet_dport;
943 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
944 memcpy(uaddr, &sp, len);
945 #if IS_ENABLED(CONFIG_IPV6)
946 } else if ((tunnel->version == 2) &&
947 (tunnel->sock->sk_family == AF_INET6)) {
948 struct sockaddr_pppol2tpin6 sp;
949
950 len = sizeof(sp);
951 memset(&sp, 0, len);
952 sp.sa_family = AF_PPPOX;
953 sp.sa_protocol = PX_PROTO_OL2TP;
954 sp.pppol2tp.fd = tunnel->fd;
955 sp.pppol2tp.pid = pls->owner;
956 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
957 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
958 sp.pppol2tp.s_session = session->session_id;
959 sp.pppol2tp.d_session = session->peer_session_id;
960 sp.pppol2tp.addr.sin6_family = AF_INET6;
961 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
962 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
963 sizeof(tunnel->sock->sk_v6_daddr));
964 memcpy(uaddr, &sp, len);
965 } else if ((tunnel->version == 3) &&
966 (tunnel->sock->sk_family == AF_INET6)) {
967 struct sockaddr_pppol2tpv3in6 sp;
968
969 len = sizeof(sp);
970 memset(&sp, 0, len);
971 sp.sa_family = AF_PPPOX;
972 sp.sa_protocol = PX_PROTO_OL2TP;
973 sp.pppol2tp.fd = tunnel->fd;
974 sp.pppol2tp.pid = pls->owner;
975 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
976 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
977 sp.pppol2tp.s_session = session->session_id;
978 sp.pppol2tp.d_session = session->peer_session_id;
979 sp.pppol2tp.addr.sin6_family = AF_INET6;
980 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
981 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
982 sizeof(tunnel->sock->sk_v6_daddr));
983 memcpy(uaddr, &sp, len);
984 #endif
985 } else if (tunnel->version == 3) {
986 struct sockaddr_pppol2tpv3 sp;
987 len = sizeof(sp);
988 memset(&sp, 0, len);
989 sp.sa_family = AF_PPPOX;
990 sp.sa_protocol = PX_PROTO_OL2TP;
991 sp.pppol2tp.fd = tunnel->fd;
992 sp.pppol2tp.pid = pls->owner;
993 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
994 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
995 sp.pppol2tp.s_session = session->session_id;
996 sp.pppol2tp.d_session = session->peer_session_id;
997 sp.pppol2tp.addr.sin_family = AF_INET;
998 sp.pppol2tp.addr.sin_port = inet->inet_dport;
999 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
1000 memcpy(uaddr, &sp, len);
1001 }
1002
1003 error = len;
1004
1005 sock_put(sk);
1006 end:
1007 return error;
1008 }
1009
1010 /****************************************************************************
1011 * ioctl() handlers.
1012 *
1013 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1014 * sockets. However, in order to control kernel tunnel features, we allow
1015 * userspace to create a special "tunnel" PPPoX socket which is used for
1016 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1017 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1018 * calls.
1019 ****************************************************************************/
1020
pppol2tp_copy_stats(struct pppol2tp_ioc_stats * dest,const struct l2tp_stats * stats)1021 static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
1022 const struct l2tp_stats *stats)
1023 {
1024 memset(dest, 0, sizeof(*dest));
1025
1026 dest->tx_packets = atomic_long_read(&stats->tx_packets);
1027 dest->tx_bytes = atomic_long_read(&stats->tx_bytes);
1028 dest->tx_errors = atomic_long_read(&stats->tx_errors);
1029 dest->rx_packets = atomic_long_read(&stats->rx_packets);
1030 dest->rx_bytes = atomic_long_read(&stats->rx_bytes);
1031 dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);
1032 dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);
1033 dest->rx_errors = atomic_long_read(&stats->rx_errors);
1034 }
1035
pppol2tp_tunnel_copy_stats(struct pppol2tp_ioc_stats * stats,struct l2tp_tunnel * tunnel)1036 static int pppol2tp_tunnel_copy_stats(struct pppol2tp_ioc_stats *stats,
1037 struct l2tp_tunnel *tunnel)
1038 {
1039 struct l2tp_session *session;
1040
1041 if (!stats->session_id) {
1042 pppol2tp_copy_stats(stats, &tunnel->stats);
1043 return 0;
1044 }
1045
1046 /* If session_id is set, search the corresponding session in the
1047 * context of this tunnel and record the session's statistics.
1048 */
1049 session = l2tp_tunnel_get_session(tunnel, stats->session_id);
1050 if (!session)
1051 return -EBADR;
1052
1053 if (session->pwtype != L2TP_PWTYPE_PPP) {
1054 l2tp_session_dec_refcount(session);
1055 return -EBADR;
1056 }
1057
1058 pppol2tp_copy_stats(stats, &session->stats);
1059 l2tp_session_dec_refcount(session);
1060
1061 return 0;
1062 }
1063
pppol2tp_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)1064 static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1065 unsigned long arg)
1066 {
1067 struct pppol2tp_ioc_stats stats;
1068 struct l2tp_session *session;
1069
1070 switch (cmd) {
1071 case PPPIOCGMRU:
1072 case PPPIOCGFLAGS:
1073 session = sock->sk->sk_user_data;
1074 if (!session)
1075 return -ENOTCONN;
1076
1077 /* Not defined for tunnels */
1078 if (!session->session_id && !session->peer_session_id)
1079 return -ENOSYS;
1080
1081 if (put_user(0, (int __user *)arg))
1082 return -EFAULT;
1083 break;
1084
1085 case PPPIOCSMRU:
1086 case PPPIOCSFLAGS:
1087 session = sock->sk->sk_user_data;
1088 if (!session)
1089 return -ENOTCONN;
1090
1091 /* Not defined for tunnels */
1092 if (!session->session_id && !session->peer_session_id)
1093 return -ENOSYS;
1094
1095 if (!access_ok((int __user *)arg, sizeof(int)))
1096 return -EFAULT;
1097 break;
1098
1099 case PPPIOCGL2TPSTATS:
1100 session = sock->sk->sk_user_data;
1101 if (!session)
1102 return -ENOTCONN;
1103
1104 /* Session 0 represents the parent tunnel */
1105 if (!session->session_id && !session->peer_session_id) {
1106 u32 session_id;
1107 int err;
1108
1109 if (copy_from_user(&stats, (void __user *)arg,
1110 sizeof(stats)))
1111 return -EFAULT;
1112
1113 session_id = stats.session_id;
1114 err = pppol2tp_tunnel_copy_stats(&stats,
1115 session->tunnel);
1116 if (err < 0)
1117 return err;
1118
1119 stats.session_id = session_id;
1120 } else {
1121 pppol2tp_copy_stats(&stats, &session->stats);
1122 stats.session_id = session->session_id;
1123 }
1124 stats.tunnel_id = session->tunnel->tunnel_id;
1125 stats.using_ipsec = l2tp_tunnel_uses_xfrm(session->tunnel);
1126
1127 if (copy_to_user((void __user *)arg, &stats, sizeof(stats)))
1128 return -EFAULT;
1129 break;
1130
1131 default:
1132 return -ENOIOCTLCMD;
1133 }
1134
1135 return 0;
1136 }
1137
1138 /*****************************************************************************
1139 * setsockopt() / getsockopt() support.
1140 *
1141 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1142 * sockets. In order to control kernel tunnel features, we allow userspace to
1143 * create a special "tunnel" PPPoX socket which is used for control only.
1144 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1145 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1146 *****************************************************************************/
1147
1148 /* Tunnel setsockopt() helper.
1149 */
pppol2tp_tunnel_setsockopt(struct sock * sk,struct l2tp_tunnel * tunnel,int optname,int val)1150 static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1151 struct l2tp_tunnel *tunnel,
1152 int optname, int val)
1153 {
1154 int err = 0;
1155
1156 switch (optname) {
1157 case PPPOL2TP_SO_DEBUG:
1158 tunnel->debug = val;
1159 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
1160 tunnel->name, tunnel->debug);
1161 break;
1162
1163 default:
1164 err = -ENOPROTOOPT;
1165 break;
1166 }
1167
1168 return err;
1169 }
1170
1171 /* Session setsockopt helper.
1172 */
pppol2tp_session_setsockopt(struct sock * sk,struct l2tp_session * session,int optname,int val)1173 static int pppol2tp_session_setsockopt(struct sock *sk,
1174 struct l2tp_session *session,
1175 int optname, int val)
1176 {
1177 int err = 0;
1178
1179 switch (optname) {
1180 case PPPOL2TP_SO_RECVSEQ:
1181 if ((val != 0) && (val != 1)) {
1182 err = -EINVAL;
1183 break;
1184 }
1185 session->recv_seq = !!val;
1186 l2tp_info(session, L2TP_MSG_CONTROL,
1187 "%s: set recv_seq=%d\n",
1188 session->name, session->recv_seq);
1189 break;
1190
1191 case PPPOL2TP_SO_SENDSEQ:
1192 if ((val != 0) && (val != 1)) {
1193 err = -EINVAL;
1194 break;
1195 }
1196 session->send_seq = !!val;
1197 {
1198 struct pppox_sock *po = pppox_sk(sk);
1199
1200 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1201 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1202 }
1203 l2tp_session_set_header_len(session, session->tunnel->version);
1204 l2tp_info(session, L2TP_MSG_CONTROL,
1205 "%s: set send_seq=%d\n",
1206 session->name, session->send_seq);
1207 break;
1208
1209 case PPPOL2TP_SO_LNSMODE:
1210 if ((val != 0) && (val != 1)) {
1211 err = -EINVAL;
1212 break;
1213 }
1214 session->lns_mode = !!val;
1215 l2tp_info(session, L2TP_MSG_CONTROL,
1216 "%s: set lns_mode=%d\n",
1217 session->name, session->lns_mode);
1218 break;
1219
1220 case PPPOL2TP_SO_DEBUG:
1221 session->debug = val;
1222 l2tp_info(session, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
1223 session->name, session->debug);
1224 break;
1225
1226 case PPPOL2TP_SO_REORDERTO:
1227 session->reorder_timeout = msecs_to_jiffies(val);
1228 l2tp_info(session, L2TP_MSG_CONTROL,
1229 "%s: set reorder_timeout=%d\n",
1230 session->name, session->reorder_timeout);
1231 break;
1232
1233 default:
1234 err = -ENOPROTOOPT;
1235 break;
1236 }
1237
1238 return err;
1239 }
1240
1241 /* Main setsockopt() entry point.
1242 * Does API checks, then calls either the tunnel or session setsockopt
1243 * handler, according to whether the PPPoL2TP socket is a for a regular
1244 * session or the special tunnel type.
1245 */
pppol2tp_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)1246 static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1247 char __user *optval, unsigned int optlen)
1248 {
1249 struct sock *sk = sock->sk;
1250 struct l2tp_session *session;
1251 struct l2tp_tunnel *tunnel;
1252 int val;
1253 int err;
1254
1255 if (level != SOL_PPPOL2TP)
1256 return -EINVAL;
1257
1258 if (optlen < sizeof(int))
1259 return -EINVAL;
1260
1261 if (get_user(val, (int __user *)optval))
1262 return -EFAULT;
1263
1264 err = -ENOTCONN;
1265 if (sk->sk_user_data == NULL)
1266 goto end;
1267
1268 /* Get session context from the socket */
1269 err = -EBADF;
1270 session = pppol2tp_sock_to_session(sk);
1271 if (session == NULL)
1272 goto end;
1273
1274 /* Special case: if session_id == 0x0000, treat as operation on tunnel
1275 */
1276 if ((session->session_id == 0) &&
1277 (session->peer_session_id == 0)) {
1278 tunnel = session->tunnel;
1279 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1280 } else {
1281 err = pppol2tp_session_setsockopt(sk, session, optname, val);
1282 }
1283
1284 sock_put(sk);
1285 end:
1286 return err;
1287 }
1288
1289 /* Tunnel getsockopt helper. Called with sock locked.
1290 */
pppol2tp_tunnel_getsockopt(struct sock * sk,struct l2tp_tunnel * tunnel,int optname,int * val)1291 static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1292 struct l2tp_tunnel *tunnel,
1293 int optname, int *val)
1294 {
1295 int err = 0;
1296
1297 switch (optname) {
1298 case PPPOL2TP_SO_DEBUG:
1299 *val = tunnel->debug;
1300 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get debug=%x\n",
1301 tunnel->name, tunnel->debug);
1302 break;
1303
1304 default:
1305 err = -ENOPROTOOPT;
1306 break;
1307 }
1308
1309 return err;
1310 }
1311
1312 /* Session getsockopt helper. Called with sock locked.
1313 */
pppol2tp_session_getsockopt(struct sock * sk,struct l2tp_session * session,int optname,int * val)1314 static int pppol2tp_session_getsockopt(struct sock *sk,
1315 struct l2tp_session *session,
1316 int optname, int *val)
1317 {
1318 int err = 0;
1319
1320 switch (optname) {
1321 case PPPOL2TP_SO_RECVSEQ:
1322 *val = session->recv_seq;
1323 l2tp_info(session, L2TP_MSG_CONTROL,
1324 "%s: get recv_seq=%d\n", session->name, *val);
1325 break;
1326
1327 case PPPOL2TP_SO_SENDSEQ:
1328 *val = session->send_seq;
1329 l2tp_info(session, L2TP_MSG_CONTROL,
1330 "%s: get send_seq=%d\n", session->name, *val);
1331 break;
1332
1333 case PPPOL2TP_SO_LNSMODE:
1334 *val = session->lns_mode;
1335 l2tp_info(session, L2TP_MSG_CONTROL,
1336 "%s: get lns_mode=%d\n", session->name, *val);
1337 break;
1338
1339 case PPPOL2TP_SO_DEBUG:
1340 *val = session->debug;
1341 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get debug=%d\n",
1342 session->name, *val);
1343 break;
1344
1345 case PPPOL2TP_SO_REORDERTO:
1346 *val = (int) jiffies_to_msecs(session->reorder_timeout);
1347 l2tp_info(session, L2TP_MSG_CONTROL,
1348 "%s: get reorder_timeout=%d\n", session->name, *val);
1349 break;
1350
1351 default:
1352 err = -ENOPROTOOPT;
1353 }
1354
1355 return err;
1356 }
1357
1358 /* Main getsockopt() entry point.
1359 * Does API checks, then calls either the tunnel or session getsockopt
1360 * handler, according to whether the PPPoX socket is a for a regular session
1361 * or the special tunnel type.
1362 */
pppol2tp_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1363 static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1364 char __user *optval, int __user *optlen)
1365 {
1366 struct sock *sk = sock->sk;
1367 struct l2tp_session *session;
1368 struct l2tp_tunnel *tunnel;
1369 int val, len;
1370 int err;
1371
1372 if (level != SOL_PPPOL2TP)
1373 return -EINVAL;
1374
1375 if (get_user(len, optlen))
1376 return -EFAULT;
1377
1378 len = min_t(unsigned int, len, sizeof(int));
1379
1380 if (len < 0)
1381 return -EINVAL;
1382
1383 err = -ENOTCONN;
1384 if (sk->sk_user_data == NULL)
1385 goto end;
1386
1387 /* Get the session context */
1388 err = -EBADF;
1389 session = pppol2tp_sock_to_session(sk);
1390 if (session == NULL)
1391 goto end;
1392
1393 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
1394 if ((session->session_id == 0) &&
1395 (session->peer_session_id == 0)) {
1396 tunnel = session->tunnel;
1397 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1398 if (err)
1399 goto end_put_sess;
1400 } else {
1401 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1402 if (err)
1403 goto end_put_sess;
1404 }
1405
1406 err = -EFAULT;
1407 if (put_user(len, optlen))
1408 goto end_put_sess;
1409
1410 if (copy_to_user((void __user *) optval, &val, len))
1411 goto end_put_sess;
1412
1413 err = 0;
1414
1415 end_put_sess:
1416 sock_put(sk);
1417 end:
1418 return err;
1419 }
1420
1421 /*****************************************************************************
1422 * /proc filesystem for debug
1423 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1424 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1425 *****************************************************************************/
1426
1427 static unsigned int pppol2tp_net_id;
1428
1429 #ifdef CONFIG_PROC_FS
1430
1431 struct pppol2tp_seq_data {
1432 struct seq_net_private p;
1433 int tunnel_idx; /* current tunnel */
1434 int session_idx; /* index of session within current tunnel */
1435 struct l2tp_tunnel *tunnel;
1436 struct l2tp_session *session; /* NULL means get next tunnel */
1437 };
1438
pppol2tp_next_tunnel(struct net * net,struct pppol2tp_seq_data * pd)1439 static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1440 {
1441 /* Drop reference taken during previous invocation */
1442 if (pd->tunnel)
1443 l2tp_tunnel_dec_refcount(pd->tunnel);
1444
1445 for (;;) {
1446 pd->tunnel = l2tp_tunnel_get_nth(net, pd->tunnel_idx);
1447 pd->tunnel_idx++;
1448
1449 /* Only accept L2TPv2 tunnels */
1450 if (!pd->tunnel || pd->tunnel->version == 2)
1451 return;
1452
1453 l2tp_tunnel_dec_refcount(pd->tunnel);
1454 }
1455 }
1456
pppol2tp_next_session(struct net * net,struct pppol2tp_seq_data * pd)1457 static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1458 {
1459 /* Drop reference taken during previous invocation */
1460 if (pd->session)
1461 l2tp_session_dec_refcount(pd->session);
1462
1463 pd->session = l2tp_session_get_nth(pd->tunnel, pd->session_idx);
1464 pd->session_idx++;
1465
1466 if (pd->session == NULL) {
1467 pd->session_idx = 0;
1468 pppol2tp_next_tunnel(net, pd);
1469 }
1470 }
1471
pppol2tp_seq_start(struct seq_file * m,loff_t * offs)1472 static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1473 {
1474 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1475 loff_t pos = *offs;
1476 struct net *net;
1477
1478 if (!pos)
1479 goto out;
1480
1481 BUG_ON(m->private == NULL);
1482 pd = m->private;
1483 net = seq_file_net(m);
1484
1485 if (pd->tunnel == NULL)
1486 pppol2tp_next_tunnel(net, pd);
1487 else
1488 pppol2tp_next_session(net, pd);
1489
1490 /* NULL tunnel and session indicates end of list */
1491 if ((pd->tunnel == NULL) && (pd->session == NULL))
1492 pd = NULL;
1493
1494 out:
1495 return pd;
1496 }
1497
pppol2tp_seq_next(struct seq_file * m,void * v,loff_t * pos)1498 static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1499 {
1500 (*pos)++;
1501 return NULL;
1502 }
1503
pppol2tp_seq_stop(struct seq_file * p,void * v)1504 static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1505 {
1506 struct pppol2tp_seq_data *pd = v;
1507
1508 if (!pd || pd == SEQ_START_TOKEN)
1509 return;
1510
1511 /* Drop reference taken by last invocation of pppol2tp_next_session()
1512 * or pppol2tp_next_tunnel().
1513 */
1514 if (pd->session) {
1515 l2tp_session_dec_refcount(pd->session);
1516 pd->session = NULL;
1517 }
1518 if (pd->tunnel) {
1519 l2tp_tunnel_dec_refcount(pd->tunnel);
1520 pd->tunnel = NULL;
1521 }
1522 }
1523
pppol2tp_seq_tunnel_show(struct seq_file * m,void * v)1524 static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1525 {
1526 struct l2tp_tunnel *tunnel = v;
1527
1528 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1529 tunnel->name,
1530 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1531 refcount_read(&tunnel->ref_count) - 1);
1532 seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",
1533 tunnel->debug,
1534 atomic_long_read(&tunnel->stats.tx_packets),
1535 atomic_long_read(&tunnel->stats.tx_bytes),
1536 atomic_long_read(&tunnel->stats.tx_errors),
1537 atomic_long_read(&tunnel->stats.rx_packets),
1538 atomic_long_read(&tunnel->stats.rx_bytes),
1539 atomic_long_read(&tunnel->stats.rx_errors));
1540 }
1541
pppol2tp_seq_session_show(struct seq_file * m,void * v)1542 static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1543 {
1544 struct l2tp_session *session = v;
1545 struct l2tp_tunnel *tunnel = session->tunnel;
1546 unsigned char state;
1547 char user_data_ok;
1548 struct sock *sk;
1549 u32 ip = 0;
1550 u16 port = 0;
1551
1552 if (tunnel->sock) {
1553 struct inet_sock *inet = inet_sk(tunnel->sock);
1554 ip = ntohl(inet->inet_saddr);
1555 port = ntohs(inet->inet_sport);
1556 }
1557
1558 sk = pppol2tp_session_get_sock(session);
1559 if (sk) {
1560 state = sk->sk_state;
1561 user_data_ok = (session == sk->sk_user_data) ? 'Y' : 'N';
1562 } else {
1563 state = 0;
1564 user_data_ok = 'N';
1565 }
1566
1567 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
1568 "%04X/%04X %d %c\n",
1569 session->name, ip, port,
1570 tunnel->tunnel_id,
1571 session->session_id,
1572 tunnel->peer_tunnel_id,
1573 session->peer_session_id,
1574 state, user_data_ok);
1575 seq_printf(m, " 0/0/%c/%c/%s %08x %u\n",
1576 session->recv_seq ? 'R' : '-',
1577 session->send_seq ? 'S' : '-',
1578 session->lns_mode ? "LNS" : "LAC",
1579 session->debug,
1580 jiffies_to_msecs(session->reorder_timeout));
1581 seq_printf(m, " %hu/%hu %ld/%ld/%ld %ld/%ld/%ld\n",
1582 session->nr, session->ns,
1583 atomic_long_read(&session->stats.tx_packets),
1584 atomic_long_read(&session->stats.tx_bytes),
1585 atomic_long_read(&session->stats.tx_errors),
1586 atomic_long_read(&session->stats.rx_packets),
1587 atomic_long_read(&session->stats.rx_bytes),
1588 atomic_long_read(&session->stats.rx_errors));
1589
1590 if (sk) {
1591 struct pppox_sock *po = pppox_sk(sk);
1592
1593 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
1594 sock_put(sk);
1595 }
1596 }
1597
pppol2tp_seq_show(struct seq_file * m,void * v)1598 static int pppol2tp_seq_show(struct seq_file *m, void *v)
1599 {
1600 struct pppol2tp_seq_data *pd = v;
1601
1602 /* display header on line 1 */
1603 if (v == SEQ_START_TOKEN) {
1604 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1605 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1606 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1607 seq_puts(m, " SESSION name, addr/port src-tid/sid "
1608 "dest-tid/sid state user-data-ok\n");
1609 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1610 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1611 goto out;
1612 }
1613
1614 if (!pd->session)
1615 pppol2tp_seq_tunnel_show(m, pd->tunnel);
1616 else
1617 pppol2tp_seq_session_show(m, pd->session);
1618
1619 out:
1620 return 0;
1621 }
1622
1623 static const struct seq_operations pppol2tp_seq_ops = {
1624 .start = pppol2tp_seq_start,
1625 .next = pppol2tp_seq_next,
1626 .stop = pppol2tp_seq_stop,
1627 .show = pppol2tp_seq_show,
1628 };
1629 #endif /* CONFIG_PROC_FS */
1630
1631 /*****************************************************************************
1632 * Network namespace
1633 *****************************************************************************/
1634
pppol2tp_init_net(struct net * net)1635 static __net_init int pppol2tp_init_net(struct net *net)
1636 {
1637 struct proc_dir_entry *pde;
1638 int err = 0;
1639
1640 pde = proc_create_net("pppol2tp", 0444, net->proc_net,
1641 &pppol2tp_seq_ops, sizeof(struct pppol2tp_seq_data));
1642 if (!pde) {
1643 err = -ENOMEM;
1644 goto out;
1645 }
1646
1647 out:
1648 return err;
1649 }
1650
pppol2tp_exit_net(struct net * net)1651 static __net_exit void pppol2tp_exit_net(struct net *net)
1652 {
1653 remove_proc_entry("pppol2tp", net->proc_net);
1654 }
1655
1656 static struct pernet_operations pppol2tp_net_ops = {
1657 .init = pppol2tp_init_net,
1658 .exit = pppol2tp_exit_net,
1659 .id = &pppol2tp_net_id,
1660 };
1661
1662 /*****************************************************************************
1663 * Init and cleanup
1664 *****************************************************************************/
1665
1666 static const struct proto_ops pppol2tp_ops = {
1667 .family = AF_PPPOX,
1668 .owner = THIS_MODULE,
1669 .release = pppol2tp_release,
1670 .bind = sock_no_bind,
1671 .connect = pppol2tp_connect,
1672 .socketpair = sock_no_socketpair,
1673 .accept = sock_no_accept,
1674 .getname = pppol2tp_getname,
1675 .poll = datagram_poll,
1676 .listen = sock_no_listen,
1677 .shutdown = sock_no_shutdown,
1678 .setsockopt = pppol2tp_setsockopt,
1679 .getsockopt = pppol2tp_getsockopt,
1680 .sendmsg = pppol2tp_sendmsg,
1681 .recvmsg = pppol2tp_recvmsg,
1682 .mmap = sock_no_mmap,
1683 .ioctl = pppox_ioctl,
1684 #ifdef CONFIG_COMPAT
1685 .compat_ioctl = pppox_compat_ioctl,
1686 #endif
1687 };
1688
1689 static const struct pppox_proto pppol2tp_proto = {
1690 .create = pppol2tp_create,
1691 .ioctl = pppol2tp_ioctl,
1692 .owner = THIS_MODULE,
1693 };
1694
1695 #ifdef CONFIG_L2TP_V3
1696
1697 static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1698 .session_create = pppol2tp_session_create,
1699 .session_delete = l2tp_session_delete,
1700 };
1701
1702 #endif /* CONFIG_L2TP_V3 */
1703
pppol2tp_init(void)1704 static int __init pppol2tp_init(void)
1705 {
1706 int err;
1707
1708 err = register_pernet_device(&pppol2tp_net_ops);
1709 if (err)
1710 goto out;
1711
1712 err = proto_register(&pppol2tp_sk_proto, 0);
1713 if (err)
1714 goto out_unregister_pppol2tp_pernet;
1715
1716 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1717 if (err)
1718 goto out_unregister_pppol2tp_proto;
1719
1720 #ifdef CONFIG_L2TP_V3
1721 err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1722 if (err)
1723 goto out_unregister_pppox;
1724 #endif
1725
1726 pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
1727
1728 out:
1729 return err;
1730
1731 #ifdef CONFIG_L2TP_V3
1732 out_unregister_pppox:
1733 unregister_pppox_proto(PX_PROTO_OL2TP);
1734 #endif
1735 out_unregister_pppol2tp_proto:
1736 proto_unregister(&pppol2tp_sk_proto);
1737 out_unregister_pppol2tp_pernet:
1738 unregister_pernet_device(&pppol2tp_net_ops);
1739 goto out;
1740 }
1741
pppol2tp_exit(void)1742 static void __exit pppol2tp_exit(void)
1743 {
1744 #ifdef CONFIG_L2TP_V3
1745 l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1746 #endif
1747 unregister_pppox_proto(PX_PROTO_OL2TP);
1748 proto_unregister(&pppol2tp_sk_proto);
1749 unregister_pernet_device(&pppol2tp_net_ops);
1750 }
1751
1752 module_init(pppol2tp_init);
1753 module_exit(pppol2tp_exit);
1754
1755 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1756 MODULE_DESCRIPTION("PPP over L2TP over UDP");
1757 MODULE_LICENSE("GPL");
1758 MODULE_VERSION(PPPOL2TP_DRV_VERSION);
1759 MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OL2TP);
1760 MODULE_ALIAS_L2TP_PWTYPE(7);
1761