projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tipc: fix unitilized skb list crash
[linux-block.git] / net / l2tp / l2tp_ppp.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
fd558d18
JC		 2/*****************************************************************************
3 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
4 *
5 * PPPoX --- Generic PPP encapsulation socket family
6 * PPPoL2TP --- PPP over L2TP (RFC 2661)
7 *
8 * Version: 2.0.0
9 *
10 * Authors: James Chapman (jchapman@katalix.com)
11 *
12 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
13 *
14 * License:
fd558d18
JC		 15 */
16
17/* This driver handles only L2TP data frames; control frames are handled by a
18 * userspace application.
19 *
20 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
21 * attaches it to a bound UDP socket with local tunnel_id / session_id and
22 * peer tunnel_id / session_id set. Data can then be sent or received using
23 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
24 * can be read or modified using ioctl() or [gs]etsockopt() calls.
25 *
26 * When a PPPoL2TP socket is connected with local and peer session_id values
27 * zero, the socket is treated as a special tunnel management socket.
28 *
29 * Here's example userspace code to create a socket for sending/receiving data
30 * over an L2TP session:-
31 *
32 * struct sockaddr_pppol2tp sax;
33 * int fd;
34 * int session_fd;
35 *
36 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
37 *
38 * sax.sa_family = AF_PPPOX;
39 * sax.sa_protocol = PX_PROTO_OL2TP;
40 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
41 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
42 * sax.pppol2tp.addr.sin_port = addr->sin_port;
43 * sax.pppol2tp.addr.sin_family = AF_INET;
44 * sax.pppol2tp.s_tunnel = tunnel_id;
45 * sax.pppol2tp.s_session = session_id;
46 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
47 * sax.pppol2tp.d_session = peer_session_id;
48 *
49 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
50 *
51 * A pppd plugin that allows PPP traffic to be carried over L2TP using
52 * this driver is available from the OpenL2TP project at
53 * http://openl2tp.sourceforge.net.
54 */
55
a4ca44fa
JP		 56#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
57
fd558d18
JC		 58#include <linux/module.h>
59#include <linux/string.h>
60#include <linux/list.h>
61#include <linux/uaccess.h>
62
63#include <linux/kernel.h>
64#include <linux/spinlock.h>
65#include <linux/kthread.h>
66#include <linux/sched.h>
67#include <linux/slab.h>
68#include <linux/errno.h>
69#include <linux/jiffies.h>
70
71#include <linux/netdevice.h>
72#include <linux/net.h>
73#include <linux/inetdevice.h>
74#include <linux/skbuff.h>
75#include <linux/init.h>
76#include <linux/ip.h>
77#include <linux/udp.h>
78#include <linux/if_pppox.h>
79#include <linux/if_pppol2tp.h>
80#include <net/sock.h>
81#include <linux/ppp_channel.h>
82#include <linux/ppp_defs.h>
4b32da2b 83#include <linux/ppp-ioctl.h>
fd558d18
JC		 84#include <linux/file.h>
85#include <linux/hash.h>
86#include <linux/sort.h>
87#include <linux/proc_fs.h>
309795f4 88#include <linux/l2tp.h>
fd558d18
JC		 89#include <linux/nsproxy.h>
90#include <net/net_namespace.h>
91#include <net/netns/generic.h>
fd558d18
JC		 92#include <net/ip.h>
93#include <net/udp.h>
cf2f5c88 94#include <net/inet_common.h>
fd558d18
JC		 95
96#include <asm/byteorder.h>
60063497 97#include <linux/atomic.h>
fd558d18
JC		 98
99#include "l2tp_core.h"
100
101#define PPPOL2TP_DRV_VERSION "V2.0"
102
103/* Space for UDP, L2TP and PPP headers */
104#define PPPOL2TP_HEADER_OVERHEAD 40
105
fd558d18
JC		 106/* Number of bytes to build transmit L2TP headers.
107 * Unfortunately the size is different depending on whether sequence numbers
108 * are enabled.
109 */
110#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
111#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
112
113/* Private data of each session. This data lives at the end of struct
114 * l2tp_session, referenced via session->priv[].
115 */
116struct pppol2tp_session {
117 int owner; /* pid that opened the socket */
118
ee40fb2e
GN		 119 struct mutex sk_lock; /* Protects .sk */
120 struct sock __rcu *sk; /* Pointer to the session
fd558d18 121 * PPPoX socket */
ee40fb2e
GN		 122 struct sock *__sk; /* Copy of .sk, for cleanup */
123 struct rcu_head rcu; /* For asynchronous release */
fd558d18
JC		 124};
125
126static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
127
d7100da0 128static const struct ppp_channel_ops pppol2tp_chan_ops = {
129 .start_xmit = pppol2tp_xmit,
130};
131
fd558d18
JC		 132static const struct proto_ops pppol2tp_ops;
133
ee40fb2e
GN		 134/* Retrieves the pppol2tp socket associated to a session.
135 * A reference is held on the returned socket, so this function must be paired
136 * with sock_put().
137 */
138static struct sock *pppol2tp_session_get_sock(struct l2tp_session *session)
139{
140 struct pppol2tp_session *ps = l2tp_session_priv(session);
141 struct sock *sk;
142
143 rcu_read_lock();
144 sk = rcu_dereference(ps->sk);
145 if (sk)
146 sock_hold(sk);
147 rcu_read_unlock();
148
149 return sk;
150}
151
fd558d18
JC		 152/* Helpers to obtain tunnel/session contexts from sockets.
153 */
154static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
155{
156 struct l2tp_session *session;
157
158 if (sk == NULL)
159 return NULL;
160
161 sock_hold(sk);
162 session = (struct l2tp_session *)(sk->sk_user_data);
163 if (session == NULL) {
164 sock_put(sk);
165 goto out;
166 }
167
168 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
169
170out:
171 return session;
172}
173
174/*****************************************************************************
175 * Receive data handling
176 *****************************************************************************/
177
fd558d18
JC		 178/* Receive message. This is the recvmsg for the PPPoL2TP socket.
179 */
1b784140
YX		 180static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg,
181 size_t len, int flags)
fd558d18
JC		 182{
183 int err;
184 struct sk_buff *skb;
185 struct sock *sk = sock->sk;
186
187 err = -EIO;
188 if (sk->sk_state & PPPOX_BOUND)
189 goto end;
190
fd558d18
JC		 191 err = 0;
192 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
193 flags & MSG_DONTWAIT, &err);
194 if (!skb)
195 goto end;
196
197 if (len > skb->len)
198 len = skb->len;
199 else if (len < skb->len)
200 msg->msg_flags |= MSG_TRUNC;
201
51f3d02b 202 err = skb_copy_datagram_msg(skb, 0, msg, len);
fd558d18
JC		 203 if (likely(err == 0))
204 err = len;
205
206 kfree_skb(skb);
207end:
208 return err;
209}
210
211static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
212{
213 struct pppol2tp_session *ps = l2tp_session_priv(session);
214 struct sock *sk = NULL;
215
216 /* If the socket is bound, send it in to PPP's input queue. Otherwise
217 * queue it on the session socket.
218 */
ee40fb2e
GN		 219 rcu_read_lock();
220 sk = rcu_dereference(ps->sk);
fd558d18
JC		 221 if (sk == NULL)
222 goto no_sock;
223
2b139e6b
GN		 224 /* If the first two bytes are 0xFF03, consider that it is the PPP's
225 * Address and Control fields and skip them. The L2TP module has always
226 * worked this way, although, in theory, the use of these fields should
227 * be negociated and handled at the PPP layer. These fields are
228 * constant: 0xFF is the All-Stations Address and 0x03 the Unnumbered
229 * Information command with Poll/Final bit set to zero (RFC 1662).
230 */
231 if (pskb_may_pull(skb, 2) && skb->data[0] == PPP_ALLSTATIONS &&
232 skb->data[1] == PPP_UI)
233 skb_pull(skb, 2);
234
fd558d18
JC		 235 if (sk->sk_state & PPPOX_BOUND) {
236 struct pppox_sock *po;
98f40b3e 237
fba40c63 238 l2tp_dbg(session, L2TP_MSG_DATA,
a4ca44fa
JP		 239 "%s: recv %d byte data frame, passing to ppp\n",
240 session->name, data_len);
fd558d18 241
fd558d18
JC		 242 po = pppox_sk(sk);
243 ppp_input(&po->chan, skb);
244 } else {
fba40c63 245 l2tp_dbg(session, L2TP_MSG_DATA,
9e9cb622
GN		 246 "%s: recv %d byte data frame, passing to L2TP socket\n",
247 session->name, data_len);
fd558d18 248
9e9cb622
GN		 249 if (sock_queue_rcv_skb(sk, skb) < 0) {
250 atomic_long_inc(&session->stats.rx_errors);
251 kfree_skb(skb);
252 }
fd558d18 253 }
ee40fb2e 254 rcu_read_unlock();
fd558d18
JC		 255
256 return;
257
258no_sock:
ee40fb2e 259 rcu_read_unlock();
fba40c63 260 l2tp_info(session, L2TP_MSG_DATA, "%s: no socket\n", session->name);
fd558d18
JC		 261 kfree_skb(skb);
262}
263
fd558d18
JC		 264/************************************************************************
265 * Transmit handling
266 ***********************************************************************/
267
fd558d18
JC		 268/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
269 * when a user application does a sendmsg() on the session socket. L2TP and
270 * PPP headers must be inserted into the user's data.
271 */
1b784140 272static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m,
fd558d18
JC		 273 size_t total_len)
274{
fd558d18
JC		 275 struct sock *sk = sock->sk;
276 struct sk_buff *skb;
277 int error;
278 struct l2tp_session *session;
279 struct l2tp_tunnel *tunnel;
0d76751f 280 int uhlen;
fd558d18
JC		 281
282 error = -ENOTCONN;
283 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
284 goto error;
285
286 /* Get session and tunnel contexts */
287 error = -EBADF;
288 session = pppol2tp_sock_to_session(sk);
289 if (session == NULL)
290 goto error;
291
7198c77a 292 tunnel = session->tunnel;
fd558d18 293
0d76751f
JC		 294 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
295
fd558d18
JC		 296 /* Allocate a socket buffer */
297 error = -ENOMEM;
298 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
0d76751f 299 uhlen + session->hdr_len +
54c151d9 300 2 + total_len, /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
fd558d18
JC		 301 0, GFP_KERNEL);
302 if (!skb)
7198c77a 303 goto error_put_sess;
fd558d18
JC		 304
305 /* Reserve space for headers. */
306 skb_reserve(skb, NET_SKB_PAD);
307 skb_reset_network_header(skb);
308 skb_reserve(skb, sizeof(struct iphdr));
309 skb_reset_transport_header(skb);
0d76751f 310 skb_reserve(skb, uhlen);
fd558d18
JC		 311
312 /* Add PPP header */
54c151d9
GF		 313 skb->data[0] = PPP_ALLSTATIONS;
314 skb->data[1] = PPP_UI;
fd558d18
JC		 315 skb_put(skb, 2);
316
317 /* Copy user data into skb */
6ce8e9ce 318 error = memcpy_from_msg(skb_put(skb, total_len), m, total_len);
fd558d18
JC		 319 if (error < 0) {
320 kfree_skb(skb);
7198c77a 321 goto error_put_sess;
fd558d18 322 }
fd558d18 323
455cc32b 324 local_bh_disable();
fd558d18 325 l2tp_xmit_skb(session, skb, session->hdr_len);
455cc32b 326 local_bh_enable();
fd558d18 327
8b82547e 328 sock_put(sk);
fd558d18 329
a6f79d0f 330 return total_len;
fd558d18 331
fd558d18
JC		 332error_put_sess:
333 sock_put(sk);
334error:
335 return error;
336}
337
338/* Transmit function called by generic PPP driver. Sends PPP frame
339 * over PPPoL2TP socket.
340 *
341 * This is almost the same as pppol2tp_sendmsg(), but rather than
342 * being called with a msghdr from userspace, it is called with a skb
343 * from the kernel.
344 *
345 * The supplied skb from ppp doesn't have enough headroom for the
346 * insertion of L2TP, UDP and IP headers so we need to allocate more
347 * headroom in the skb. This will create a cloned skb. But we must be
348 * careful in the error case because the caller will expect to free
349 * the skb it supplied, not our cloned skb. So we take care to always
350 * leave the original skb unfreed if we return an error.
351 */
352static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
353{
fd558d18 354 struct sock *sk = (struct sock *) chan->private;
fd558d18
JC		 355 struct l2tp_session *session;
356 struct l2tp_tunnel *tunnel;
09df57ca 357 int uhlen, headroom;
fd558d18
JC		 358
359 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
360 goto abort;
361
362 /* Get session and tunnel contexts from the socket */
363 session = pppol2tp_sock_to_session(sk);
364 if (session == NULL)
365 goto abort;
366
7198c77a 367 tunnel = session->tunnel;
fd558d18 368
09df57ca
ED		 369 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
370 headroom = NET_SKB_PAD +
371 sizeof(struct iphdr) + /* IP header */
372 uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */
373 session->hdr_len + /* L2TP header */
54c151d9 374 2; /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
09df57ca 375 if (skb_cow_head(skb, headroom))
7198c77a 376 goto abort_put_sess;
fd558d18 377
fd558d18 378 /* Setup PPP header */
54c151d9
GF		 379 __skb_push(skb, 2);
380 skb->data[0] = PPP_ALLSTATIONS;
381 skb->data[1] = PPP_UI;
fd558d18 382
455cc32b 383 local_bh_disable();
e0d4435f 384 l2tp_xmit_skb(session, skb, session->hdr_len);
455cc32b 385 local_bh_enable();
fd558d18 386
fd558d18 387 sock_put(sk);
7198c77a 388
fd558d18
JC		 389 return 1;
390
fd558d18
JC		 391abort_put_sess:
392 sock_put(sk);
393abort:
394 /* Free the original skb */
395 kfree_skb(skb);
396 return 1;
397}
398
399/*****************************************************************************
400 * Session (and tunnel control) socket create/destroy.
401 *****************************************************************************/
402
d02ba2a6
JC		 403static void pppol2tp_put_sk(struct rcu_head *head)
404{
405 struct pppol2tp_session *ps;
406
407 ps = container_of(head, typeof(*ps), rcu);
408 sock_put(ps->__sk);
409}
410
fd558d18
JC		 411/* Really kill the session socket. (Called from sock_put() if
412 * refcnt == 0.)
413 */
414static void pppol2tp_session_destruct(struct sock *sk)
415{
f6e16b29 416 struct l2tp_session *session = sk->sk_user_data;
e91793bb
GN		 417
418 skb_queue_purge(&sk->sk_receive_queue);
419 skb_queue_purge(&sk->sk_write_queue);
420
f6e16b29 421 if (session) {
fd558d18
JC		 422 sk->sk_user_data = NULL;
423 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
424 l2tp_session_dec_refcount(session);
425 }
fd558d18
JC		 426}
427
428/* Called when the PPPoX socket (session) is closed.
429 */
430static int pppol2tp_release(struct socket *sock)
431{
432 struct sock *sk = sock->sk;
433 struct l2tp_session *session;
434 int error;
435
436 if (!sk)
437 return 0;
438
439 error = -EBADF;
440 lock_sock(sk);
441 if (sock_flag(sk, SOCK_DEAD) != 0)
442 goto error;
443
444 pppox_unbind_sock(sk);
445
446 /* Signal the death of the socket. */
447 sk->sk_state = PPPOX_DEAD;
448 sock_orphan(sk);
449 sock->sk = NULL;
450
451 session = pppol2tp_sock_to_session(sk);
d02ba2a6 452 if (session) {
3d609342
GN		 453 struct pppol2tp_session *ps;
454
f98be6c6 455 l2tp_session_delete(session);
3d609342
GN		 456
457 ps = l2tp_session_priv(session);
458 mutex_lock(&ps->sk_lock);
459 ps->__sk = rcu_dereference_protected(ps->sk,
460 lockdep_is_held(&ps->sk_lock));
461 RCU_INIT_POINTER(ps->sk, NULL);
462 mutex_unlock(&ps->sk_lock);
463 call_rcu(&ps->rcu, pppol2tp_put_sk);
464
465 /* Rely on the sock_put() call at the end of the function for
466 * dropping the reference held by pppol2tp_sock_to_session().
467 * The last reference will be dropped by pppol2tp_put_sk().
468 */
fd558d18 469 }
d02ba2a6 470
fd558d18
JC		 471 release_sock(sk);
472
473 /* This will delete the session context via
474 * pppol2tp_session_destruct() if the socket's refcnt drops to
475 * zero.
476 */
477 sock_put(sk);
478
479 return 0;
480
481error:
482 release_sock(sk);
483 return error;
484}
485
486static struct proto pppol2tp_sk_proto = {
487 .name = "PPPOL2TP",
488 .owner = THIS_MODULE,
489 .obj_size = sizeof(struct pppox_sock),
490};
491
492static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
493{
494 int rc;
495
496 rc = l2tp_udp_encap_recv(sk, skb);
497 if (rc)
498 kfree_skb(skb);
499
500 return NET_RX_SUCCESS;
501}
502
503/* socket() handler. Initialize a new struct sock.
504 */
11aa9c28 505static int pppol2tp_create(struct net *net, struct socket *sock, int kern)
fd558d18
JC		 506{
507 int error = -ENOMEM;
508 struct sock *sk;
509
11aa9c28 510 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, kern);
fd558d18
JC		 511 if (!sk)
512 goto out;
513
514 sock_init_data(sock, sk);
515
516 sock->state = SS_UNCONNECTED;
517 sock->ops = &pppol2tp_ops;
518
519 sk->sk_backlog_rcv = pppol2tp_backlog_recv;
520 sk->sk_protocol = PX_PROTO_OL2TP;
521 sk->sk_family = PF_PPPOX;
522 sk->sk_state = PPPOX_NONE;
523 sk->sk_type = SOCK_STREAM;
524 sk->sk_destruct = pppol2tp_session_destruct;
525
526 error = 0;
527
528out:
529 return error;
530}
531
0ad66140
JC		 532static void pppol2tp_show(struct seq_file *m, void *arg)
533{
534 struct l2tp_session *session = arg;
ee40fb2e
GN		 535 struct sock *sk;
536
537 sk = pppol2tp_session_get_sock(session);
538 if (sk) {
539 struct pppox_sock *po = pppox_sk(sk);
0ad66140 540
ee40fb2e
GN		 541 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
542 sock_put(sk);
0ad66140
JC		 543 }
544}
0ad66140 545
f98be6c6
GN		 546static void pppol2tp_session_init(struct l2tp_session *session)
547{
548 struct pppol2tp_session *ps;
f98be6c6
GN		 549
550 session->recv_skb = pppol2tp_recv;
c2ebc256
AB		 551 if (IS_ENABLED(CONFIG_L2TP_DEBUGFS))
552 session->show = pppol2tp_show;
f98be6c6
GN		 553
554 ps = l2tp_session_priv(session);
555 mutex_init(&ps->sk_lock);
f98be6c6 556 ps->owner = current->pid;
f98be6c6
GN		 557}
558
a408194a
GN		 559struct l2tp_connect_info {
560 u8 version;
561 int fd;
562 u32 tunnel_id;
563 u32 peer_tunnel_id;
564 u32 session_id;
565 u32 peer_session_id;
566};
567
568static int pppol2tp_sockaddr_get_info(const void *sa, int sa_len,
569 struct l2tp_connect_info *info)
570{
571 switch (sa_len) {
572 case sizeof(struct sockaddr_pppol2tp):
573 {
574 const struct sockaddr_pppol2tp *sa_v2in4 = sa;
575
576 if (sa_v2in4->sa_protocol != PX_PROTO_OL2TP)
577 return -EINVAL;
578
579 info->version = 2;
580 info->fd = sa_v2in4->pppol2tp.fd;
581 info->tunnel_id = sa_v2in4->pppol2tp.s_tunnel;
582 info->peer_tunnel_id = sa_v2in4->pppol2tp.d_tunnel;
583 info->session_id = sa_v2in4->pppol2tp.s_session;
584 info->peer_session_id = sa_v2in4->pppol2tp.d_session;
585
586 break;
587 }
588 case sizeof(struct sockaddr_pppol2tpv3):
589 {
590 const struct sockaddr_pppol2tpv3 *sa_v3in4 = sa;
591
592 if (sa_v3in4->sa_protocol != PX_PROTO_OL2TP)
593 return -EINVAL;
594
595 info->version = 3;
596 info->fd = sa_v3in4->pppol2tp.fd;
597 info->tunnel_id = sa_v3in4->pppol2tp.s_tunnel;
598 info->peer_tunnel_id = sa_v3in4->pppol2tp.d_tunnel;
599 info->session_id = sa_v3in4->pppol2tp.s_session;
600 info->peer_session_id = sa_v3in4->pppol2tp.d_session;
601
602 break;
603 }
604 case sizeof(struct sockaddr_pppol2tpin6):
605 {
606 const struct sockaddr_pppol2tpin6 *sa_v2in6 = sa;
607
608 if (sa_v2in6->sa_protocol != PX_PROTO_OL2TP)
609 return -EINVAL;
610
611 info->version = 2;
612 info->fd = sa_v2in6->pppol2tp.fd;
613 info->tunnel_id = sa_v2in6->pppol2tp.s_tunnel;
614 info->peer_tunnel_id = sa_v2in6->pppol2tp.d_tunnel;
615 info->session_id = sa_v2in6->pppol2tp.s_session;
616 info->peer_session_id = sa_v2in6->pppol2tp.d_session;
617
618 break;
619 }
620 case sizeof(struct sockaddr_pppol2tpv3in6):
621 {
622 const struct sockaddr_pppol2tpv3in6 *sa_v3in6 = sa;
623
624 if (sa_v3in6->sa_protocol != PX_PROTO_OL2TP)
625 return -EINVAL;
626
627 info->version = 3;
628 info->fd = sa_v3in6->pppol2tp.fd;
629 info->tunnel_id = sa_v3in6->pppol2tp.s_tunnel;
630 info->peer_tunnel_id = sa_v3in6->pppol2tp.d_tunnel;
631 info->session_id = sa_v3in6->pppol2tp.s_session;
632 info->peer_session_id = sa_v3in6->pppol2tp.d_session;
633
634 break;
635 }
636 default:
637 return -EINVAL;
638 }
639
640 return 0;
641}
642
789141b2
GN		 643/* Rough estimation of the maximum payload size a tunnel can transmit without
644 * fragmenting at the lower IP layer. Assumes L2TPv2 with sequence
645 * numbers and no IP option. Not quite accurate, but the result is mostly
646 * unused anyway.
647 */
648static int pppol2tp_tunnel_mtu(const struct l2tp_tunnel *tunnel)
649{
650 int mtu;
651
652 mtu = l2tp_tunnel_dst_mtu(tunnel);
653 if (mtu <= PPPOL2TP_HEADER_OVERHEAD)
654 return 1500 - PPPOL2TP_HEADER_OVERHEAD;
655
656 return mtu - PPPOL2TP_HEADER_OVERHEAD;
657}
658
fd558d18
JC		 659/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
660 */
661static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
662 int sockaddr_len, int flags)
663{
664 struct sock *sk = sock->sk;
fd558d18
JC		 665 struct pppox_sock *po = pppox_sk(sk);
666 struct l2tp_session *session = NULL;
a408194a 667 struct l2tp_connect_info info;
fd558d18
JC		 668 struct l2tp_tunnel *tunnel;
669 struct pppol2tp_session *ps;
fd558d18 670 struct l2tp_session_cfg cfg = { 0, };
dbdbc73b 671 bool drop_refcnt = false;
f9e56baf 672 bool drop_tunnel = false;
bda06be2
GN		 673 bool new_session = false;
674 bool new_tunnel = false;
a408194a 675 int error;
eb1c28c0 676
a408194a
GN		 677 error = pppol2tp_sockaddr_get_info(uservaddr, sockaddr_len, &info);
678 if (error < 0)
679 return error;
eb1c28c0 680
a408194a 681 lock_sock(sk);
fd558d18
JC		 682
683 /* Check for already bound sockets */
684 error = -EBUSY;
685 if (sk->sk_state & PPPOX_CONNECTED)
686 goto end;
687
688 /* We don't supporting rebinding anyway */
689 error = -EALREADY;
690 if (sk->sk_user_data)
691 goto end; /* socket is already attached */
692
e0d4435f 693 /* Don't bind if tunnel_id is 0 */
fd558d18 694 error = -EINVAL;
a408194a 695 if (!info.tunnel_id)
fd558d18
JC		 696 goto end;
697
a408194a 698 tunnel = l2tp_tunnel_get(sock_net(sk), info.tunnel_id);
f9e56baf
GN		 699 if (tunnel)
700 drop_tunnel = true;
309795f4 701
e0d4435f
JC		 702 /* Special case: create tunnel context if session_id and
703 * peer_session_id is 0. Otherwise look up tunnel using supplied
fd558d18
JC		 704 * tunnel id.
705 */
a408194a 706 if (!info.session_id && !info.peer_session_id) {
309795f4
JC		 707 if (tunnel == NULL) {
708 struct l2tp_tunnel_cfg tcfg = {
709 .encap = L2TP_ENCAPTYPE_UDP,
710 .debug = 0,
711 };
3e1bc8bf
GN		 712
713 /* Prevent l2tp_tunnel_register() from trying to set up
714 * a kernel socket.
715 */
a408194a 716 if (info.fd < 0) {
3e1bc8bf
GN		 717 error = -EBADF;
718 goto end;
719 }
720
a408194a
GN		 721 error = l2tp_tunnel_create(sock_net(sk), info.fd,
722 info.version,
723 info.tunnel_id,
724 info.peer_tunnel_id, &tcfg,
725 &tunnel);
309795f4
JC		 726 if (error < 0)
727 goto end;
6b9f3423
GN		 728
729 l2tp_tunnel_inc_refcount(tunnel);
730 error = l2tp_tunnel_register(tunnel, sock_net(sk),
731 &tcfg);
732 if (error < 0) {
733 kfree(tunnel);
734 goto end;
735 }
736 drop_tunnel = true;
bda06be2 737 new_tunnel = true;
309795f4 738 }
fd558d18 739 } else {
fd558d18
JC		 740 /* Error if we can't find the tunnel */
741 error = -ENOENT;
742 if (tunnel == NULL)
743 goto end;
744
745 /* Error if socket is not prepped */
746 if (tunnel->sock == NULL)
747 goto end;
748 }
749
b79585f5 750 if (tunnel->peer_tunnel_id == 0)
a408194a 751 tunnel->peer_tunnel_id = info.peer_tunnel_id;
fd558d18 752
01e28b92 753 session = l2tp_tunnel_get_session(tunnel, info.session_id);
dbdbc73b
GN		 754 if (session) {
755 drop_refcnt = true;
7ac6ab1f
GN		 756
757 if (session->pwtype != L2TP_PWTYPE_PPP) {
758 error = -EPROTOTYPE;
759 goto end;
760 }
761
dbdbc73b
GN		 762 ps = l2tp_session_priv(session);
763
764 /* Using a pre-existing session is fine as long as it hasn't
765 * been connected yet.
309795f4 766 */
ee40fb2e
GN		 767 mutex_lock(&ps->sk_lock);
768 if (rcu_dereference_protected(ps->sk,
3d609342
GN		 769 lockdep_is_held(&ps->sk_lock)) ||
770 ps->__sk) {
ee40fb2e 771 mutex_unlock(&ps->sk_lock);
dbdbc73b
GN		 772 error = -EEXIST;
773 goto end;
774 }
309795f4 775 } else {
90904ff5 776 cfg.pw_type = L2TP_PWTYPE_PPP;
309795f4 777
dbdbc73b 778 session = l2tp_session_create(sizeof(struct pppol2tp_session),
a408194a
GN		 779 tunnel, info.session_id,
780 info.peer_session_id, &cfg);
dbdbc73b
GN		 781 if (IS_ERR(session)) {
782 error = PTR_ERR(session);
309795f4 783 goto end;
dbdbc73b 784 }
3953ae7b 785
f98be6c6 786 pppol2tp_session_init(session);
ee40fb2e 787 ps = l2tp_session_priv(session);
3953ae7b 788 l2tp_session_inc_refcount(session);
ee40fb2e
GN		 789
790 mutex_lock(&ps->sk_lock);
3953ae7b
GN		 791 error = l2tp_session_register(session, tunnel);
792 if (error < 0) {
ee40fb2e 793 mutex_unlock(&ps->sk_lock);
3953ae7b
GN		 794 kfree(session);
795 goto end;
796 }
797 drop_refcnt = true;
bda06be2 798 new_session = true;
fd558d18
JC		 799 }
800
fd558d18
JC		 801 /* Special case: if source & dest session_id == 0x0000, this
802 * socket is being created to manage the tunnel. Just set up
803 * the internal context for use by ioctl() and sockopt()
804 * handlers.
805 */
806 if ((session->session_id == 0) &&
807 (session->peer_session_id == 0)) {
808 error = 0;
809 goto out_no_ppp;
810 }
811
812 /* The only header we need to worry about is the L2TP
813 * header. This size is different depending on whether
814 * sequence numbers are enabled for the data channel.
815 */
816 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
817
818 po->chan.private = sk;
819 po->chan.ops = &pppol2tp_chan_ops;
789141b2 820 po->chan.mtu = pppol2tp_tunnel_mtu(tunnel);
fd558d18
JC		 821
822 error = ppp_register_net_channel(sock_net(sk), &po->chan);
ee40fb2e
GN		 823 if (error) {
824 mutex_unlock(&ps->sk_lock);
fd558d18 825 goto end;
ee40fb2e 826 }
fd558d18
JC		 827
828out_no_ppp:
829 /* This is how we get the session context from the socket. */
830 sk->sk_user_data = session;
ee40fb2e
GN		 831 rcu_assign_pointer(ps->sk, sk);
832 mutex_unlock(&ps->sk_lock);
833
f98be6c6
GN		 834 /* Keep the reference we've grabbed on the session: sk doesn't expect
835 * the session to disappear. pppol2tp_session_destruct() is responsible
836 * for dropping it.
837 */
838 drop_refcnt = false;
839
fd558d18 840 sk->sk_state = PPPOX_CONNECTED;
fba40c63 841 l2tp_info(session, L2TP_MSG_CONTROL, "%s: created\n",
a4ca44fa 842 session->name);
fd558d18
JC		 843
844end:
bda06be2
GN		 845 if (error) {
846 if (new_session)
847 l2tp_session_delete(session);
848 if (new_tunnel)
849 l2tp_tunnel_delete(tunnel);
850 }
dbdbc73b
GN		 851 if (drop_refcnt)
852 l2tp_session_dec_refcount(session);
f9e56baf
GN		 853 if (drop_tunnel)
854 l2tp_tunnel_dec_refcount(tunnel);
fd558d18
JC		 855 release_sock(sk);
856
857 return error;
858}
859
309795f4
JC		 860#ifdef CONFIG_L2TP_V3
861
f026bc29
GN		 862/* Called when creating sessions via the netlink interface. */
863static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel,
864 u32 session_id, u32 peer_session_id,
865 struct l2tp_session_cfg *cfg)
309795f4
JC		 866{
867 int error;
309795f4 868 struct l2tp_session *session;
309795f4 869
309795f4 870 /* Error if tunnel socket is not prepped */
f026bc29
GN		 871 if (!tunnel->sock) {
872 error = -ENOENT;
3953ae7b 873 goto err;
f026bc29 874 }
309795f4 875
309795f4 876 /* Allocate and initialize a new session context. */
309795f4
JC		 877 session = l2tp_session_create(sizeof(struct pppol2tp_session),
878 tunnel, session_id,
879 peer_session_id, cfg);
dbdbc73b
GN		 880 if (IS_ERR(session)) {
881 error = PTR_ERR(session);
3953ae7b 882 goto err;
dbdbc73b 883 }
309795f4 884
f98be6c6 885 pppol2tp_session_init(session);
309795f4 886
3953ae7b
GN		 887 error = l2tp_session_register(session, tunnel);
888 if (error < 0)
889 goto err_sess;
309795f4 890
3953ae7b 891 return 0;
309795f4 892
3953ae7b
GN		 893err_sess:
894 kfree(session);
895err:
309795f4
JC		 896 return error;
897}
898
309795f4
JC		 899#endif /* CONFIG_L2TP_V3 */
900
fd558d18
JC		 901/* getname() support.
902 */
903static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
9b2c45d4 904 int peer)
fd558d18 905{
e0d4435f 906 int len = 0;
fd558d18
JC		 907 int error = 0;
908 struct l2tp_session *session;
909 struct l2tp_tunnel *tunnel;
910 struct sock *sk = sock->sk;
911 struct inet_sock *inet;
912 struct pppol2tp_session *pls;
913
914 error = -ENOTCONN;
915 if (sk == NULL)
916 goto end;
56cff471 917 if (!(sk->sk_state & PPPOX_CONNECTED))
fd558d18
JC		 918 goto end;
919
920 error = -EBADF;
921 session = pppol2tp_sock_to_session(sk);
922 if (session == NULL)
923 goto end;
924
925 pls = l2tp_session_priv(session);
7198c77a 926 tunnel = session->tunnel;
fd558d18 927
bbdb32cb 928 inet = inet_sk(tunnel->sock);
d2cf3361 929 if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) {
e0d4435f
JC		 930 struct sockaddr_pppol2tp sp;
931 len = sizeof(sp);
932 memset(&sp, 0, len);
933 sp.sa_family = AF_PPPOX;
934 sp.sa_protocol = PX_PROTO_OL2TP;
935 sp.pppol2tp.fd = tunnel->fd;
936 sp.pppol2tp.pid = pls->owner;
937 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
938 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
939 sp.pppol2tp.s_session = session->session_id;
940 sp.pppol2tp.d_session = session->peer_session_id;
941 sp.pppol2tp.addr.sin_family = AF_INET;
942 sp.pppol2tp.addr.sin_port = inet->inet_dport;
943 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
944 memcpy(uaddr, &sp, len);
d2cf3361
BL		 945#if IS_ENABLED(CONFIG_IPV6)
946 } else if ((tunnel->version == 2) &&
947 (tunnel->sock->sk_family == AF_INET6)) {
d2cf3361 948 struct sockaddr_pppol2tpin6 sp;
efe4208f 949
d2cf3361
BL		 950 len = sizeof(sp);
951 memset(&sp, 0, len);
952 sp.sa_family = AF_PPPOX;
953 sp.sa_protocol = PX_PROTO_OL2TP;
954 sp.pppol2tp.fd = tunnel->fd;
955 sp.pppol2tp.pid = pls->owner;
956 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
957 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
958 sp.pppol2tp.s_session = session->session_id;
959 sp.pppol2tp.d_session = session->peer_session_id;
960 sp.pppol2tp.addr.sin6_family = AF_INET6;
961 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
efe4208f
ED		 962 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
963 sizeof(tunnel->sock->sk_v6_daddr));
d2cf3361
BL		 964 memcpy(uaddr, &sp, len);
965 } else if ((tunnel->version == 3) &&
966 (tunnel->sock->sk_family == AF_INET6)) {
d2cf3361 967 struct sockaddr_pppol2tpv3in6 sp;
efe4208f 968
d2cf3361
BL		 969 len = sizeof(sp);
970 memset(&sp, 0, len);
971 sp.sa_family = AF_PPPOX;
972 sp.sa_protocol = PX_PROTO_OL2TP;
973 sp.pppol2tp.fd = tunnel->fd;
974 sp.pppol2tp.pid = pls->owner;
975 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
976 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
977 sp.pppol2tp.s_session = session->session_id;
978 sp.pppol2tp.d_session = session->peer_session_id;
979 sp.pppol2tp.addr.sin6_family = AF_INET6;
980 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
efe4208f
ED		 981 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
982 sizeof(tunnel->sock->sk_v6_daddr));
d2cf3361
BL		 983 memcpy(uaddr, &sp, len);
984#endif
e0d4435f
JC		 985 } else if (tunnel->version == 3) {
986 struct sockaddr_pppol2tpv3 sp;
987 len = sizeof(sp);
988 memset(&sp, 0, len);
989 sp.sa_family = AF_PPPOX;
990 sp.sa_protocol = PX_PROTO_OL2TP;
991 sp.pppol2tp.fd = tunnel->fd;
992 sp.pppol2tp.pid = pls->owner;
993 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
994 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
995 sp.pppol2tp.s_session = session->session_id;
996 sp.pppol2tp.d_session = session->peer_session_id;
997 sp.pppol2tp.addr.sin_family = AF_INET;
998 sp.pppol2tp.addr.sin_port = inet->inet_dport;
999 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
1000 memcpy(uaddr, &sp, len);
1001 }
fd558d18 1002
9b2c45d4 1003 error = len;
fd558d18 1004
fd558d18 1005 sock_put(sk);
fd558d18
JC		 1006end:
1007 return error;
1008}
1009
1010/****************************************************************************
1011 * ioctl() handlers.
1012 *
1013 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1014 * sockets. However, in order to control kernel tunnel features, we allow
1015 * userspace to create a special "tunnel" PPPoX socket which is used for
1016 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1017 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1018 * calls.
1019 ****************************************************************************/
1020
1021static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
7390ed8a 1022 const struct l2tp_stats *stats)
fd558d18 1023{
7390ed8a
GN		 1024 memset(dest, 0, sizeof(*dest));
1025
7b7c0719
TP		 1026 dest->tx_packets = atomic_long_read(&stats->tx_packets);
1027 dest->tx_bytes = atomic_long_read(&stats->tx_bytes);
1028 dest->tx_errors = atomic_long_read(&stats->tx_errors);
1029 dest->rx_packets = atomic_long_read(&stats->rx_packets);
1030 dest->rx_bytes = atomic_long_read(&stats->rx_bytes);
1031 dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);
1032 dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);
1033 dest->rx_errors = atomic_long_read(&stats->rx_errors);
fd558d18
JC		 1034}
1035
528534f0
GN		 1036static int pppol2tp_tunnel_copy_stats(struct pppol2tp_ioc_stats *stats,
1037 struct l2tp_tunnel *tunnel)
1038{
1039 struct l2tp_session *session;
1040
1041 if (!stats->session_id) {
528534f0
GN		 1042 pppol2tp_copy_stats(stats, &tunnel->stats);
1043 return 0;
1044 }
1045
1046 /* If session_id is set, search the corresponding session in the
1047 * context of this tunnel and record the session's statistics.
1048 */
1049 session = l2tp_tunnel_get_session(tunnel, stats->session_id);
1050 if (!session)
1051 return -EBADR;
1052
1053 if (session->pwtype != L2TP_PWTYPE_PPP) {
1054 l2tp_session_dec_refcount(session);
1055 return -EBADR;
1056 }
1057
528534f0
GN		 1058 pppol2tp_copy_stats(stats, &session->stats);
1059 l2tp_session_dec_refcount(session);
1060
1061 return 0;
1062}
1063
fd558d18
JC		 1064static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1065 unsigned long arg)
1066{
528534f0 1067 struct pppol2tp_ioc_stats stats;
fd558d18 1068 struct l2tp_session *session;
79e6760e
GN		 1069
1070 switch (cmd) {
1071 case PPPIOCGMRU:
1072 case PPPIOCGFLAGS:
1073 session = sock->sk->sk_user_data;
1074 if (!session)
1075 return -ENOTCONN;
fd558d18 1076
79e6760e
GN		 1077 /* Not defined for tunnels */
1078 if (!session->session_id && !session->peer_session_id)
1079 return -ENOSYS;
fd558d18 1080
79e6760e
GN		 1081 if (put_user(0, (int __user *)arg))
1082 return -EFAULT;
1083 break;
1084
1085 case PPPIOCSMRU:
1086 case PPPIOCSFLAGS:
1087 session = sock->sk->sk_user_data;
1088 if (!session)
1089 return -ENOTCONN;
fd558d18 1090
79e6760e
GN		 1091 /* Not defined for tunnels */
1092 if (!session->session_id && !session->peer_session_id)
1093 return -ENOSYS;
1094
503c0188 1095 if (!access_ok((int __user *)arg, sizeof(int)))
79e6760e
GN		 1096 return -EFAULT;
1097 break;
1098
1099 case PPPIOCGL2TPSTATS:
1100 session = sock->sk->sk_user_data;
1101 if (!session)
1102 return -ENOTCONN;
1103
1104 /* Session 0 represents the parent tunnel */
528534f0
GN		 1105 if (!session->session_id && !session->peer_session_id) {
1106 u32 session_id;
1107 int err;
1108
1109 if (copy_from_user(&stats, (void __user *)arg,
1110 sizeof(stats)))
1111 return -EFAULT;
1112
1113 session_id = stats.session_id;
1114 err = pppol2tp_tunnel_copy_stats(&stats,
1115 session->tunnel);
1116 if (err < 0)
1117 return err;
1118
1119 stats.session_id = session_id;
1120 } else {
b0e29063
GN		 1121 pppol2tp_copy_stats(&stats, &session->stats);
1122 stats.session_id = session->session_id;
528534f0
GN		 1123 }
1124 stats.tunnel_id = session->tunnel->tunnel_id;
1125 stats.using_ipsec = l2tp_tunnel_uses_xfrm(session->tunnel);
1126
1127 if (copy_to_user((void __user *)arg, &stats, sizeof(stats)))
1128 return -EFAULT;
79e6760e
GN		 1129 break;
1130
1131 default:
4f5f85e9 1132 return -ENOIOCTLCMD;
bdd0292f 1133 }
fd558d18 1134
79e6760e 1135 return 0;
fd558d18
JC		 1136}
1137
1138/*****************************************************************************
1139 * setsockopt() / getsockopt() support.
1140 *
1141 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1142 * sockets. In order to control kernel tunnel features, we allow userspace to
1143 * create a special "tunnel" PPPoX socket which is used for control only.
1144 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1145 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1146 *****************************************************************************/
1147
1148/* Tunnel setsockopt() helper.
1149 */
1150static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1151 struct l2tp_tunnel *tunnel,
1152 int optname, int val)
1153{
1154 int err = 0;
1155
1156 switch (optname) {
1157 case PPPOL2TP_SO_DEBUG:
1158 tunnel->debug = val;
fba40c63 1159 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
a4ca44fa 1160 tunnel->name, tunnel->debug);
fd558d18
JC		 1161 break;
1162
1163 default:
1164 err = -ENOPROTOOPT;
1165 break;
1166 }
1167
1168 return err;
1169}
1170
1171/* Session setsockopt helper.
1172 */
1173static int pppol2tp_session_setsockopt(struct sock *sk,
1174 struct l2tp_session *session,
1175 int optname, int val)
1176{
1177 int err = 0;
fd558d18
JC		 1178
1179 switch (optname) {
1180 case PPPOL2TP_SO_RECVSEQ:
1181 if ((val != 0) && (val != 1)) {
1182 err = -EINVAL;
1183 break;
1184 }
3f9b9770 1185 session->recv_seq = !!val;
fba40c63 1186 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1187 "%s: set recv_seq=%d\n",
1188 session->name, session->recv_seq);
fd558d18
JC		 1189 break;
1190
1191 case PPPOL2TP_SO_SENDSEQ:
1192 if ((val != 0) && (val != 1)) {
1193 err = -EINVAL;
1194 break;
1195 }
3f9b9770 1196 session->send_seq = !!val;
fd558d18 1197 {
ee40fb2e
GN		 1198 struct pppox_sock *po = pppox_sk(sk);
1199
fd558d18
JC		 1200 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1201 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1202 }
bb5016ea 1203 l2tp_session_set_header_len(session, session->tunnel->version);
fba40c63 1204 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1205 "%s: set send_seq=%d\n",
1206 session->name, session->send_seq);
fd558d18
JC		 1207 break;
1208
1209 case PPPOL2TP_SO_LNSMODE:
1210 if ((val != 0) && (val != 1)) {
1211 err = -EINVAL;
1212 break;
1213 }
3f9b9770 1214 session->lns_mode = !!val;
fba40c63 1215 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1216 "%s: set lns_mode=%d\n",
1217 session->name, session->lns_mode);
fd558d18
JC		 1218 break;
1219
1220 case PPPOL2TP_SO_DEBUG:
1221 session->debug = val;
fba40c63 1222 l2tp_info(session, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
a4ca44fa 1223 session->name, session->debug);
fd558d18
JC		 1224 break;
1225
1226 case PPPOL2TP_SO_REORDERTO:
1227 session->reorder_timeout = msecs_to_jiffies(val);
fba40c63 1228 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1229 "%s: set reorder_timeout=%d\n",
1230 session->name, session->reorder_timeout);
fd558d18
JC		 1231 break;
1232
1233 default:
1234 err = -ENOPROTOOPT;
1235 break;
1236 }
1237
1238 return err;
1239}
1240
1241/* Main setsockopt() entry point.
1242 * Does API checks, then calls either the tunnel or session setsockopt
1243 * handler, according to whether the PPPoL2TP socket is a for a regular
1244 * session or the special tunnel type.
1245 */
1246static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1247 char __user *optval, unsigned int optlen)
1248{
1249 struct sock *sk = sock->sk;
1250 struct l2tp_session *session;
1251 struct l2tp_tunnel *tunnel;
fd558d18
JC		 1252 int val;
1253 int err;
1254
1255 if (level != SOL_PPPOL2TP)
3cf521f7 1256 return -EINVAL;
fd558d18
JC		 1257
1258 if (optlen < sizeof(int))
1259 return -EINVAL;
1260
1261 if (get_user(val, (int __user *)optval))
1262 return -EFAULT;
1263
1264 err = -ENOTCONN;
1265 if (sk->sk_user_data == NULL)
1266 goto end;
1267
1268 /* Get session context from the socket */
1269 err = -EBADF;
1270 session = pppol2tp_sock_to_session(sk);
1271 if (session == NULL)
1272 goto end;
1273
1274 /* Special case: if session_id == 0x0000, treat as operation on tunnel
1275 */
fd558d18
JC		 1276 if ((session->session_id == 0) &&
1277 (session->peer_session_id == 0)) {
7198c77a 1278 tunnel = session->tunnel;
fd558d18 1279 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
7198c77a 1280 } else {
fd558d18 1281 err = pppol2tp_session_setsockopt(sk, session, optname, val);
7198c77a 1282 }
fd558d18 1283
fd558d18
JC		 1284 sock_put(sk);
1285end:
1286 return err;
1287}
1288
1289/* Tunnel getsockopt helper. Called with sock locked.
1290 */
1291static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1292 struct l2tp_tunnel *tunnel,
1293 int optname, int *val)
1294{
1295 int err = 0;
1296
1297 switch (optname) {
1298 case PPPOL2TP_SO_DEBUG:
1299 *val = tunnel->debug;
fba40c63 1300 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get debug=%x\n",
a4ca44fa 1301 tunnel->name, tunnel->debug);
fd558d18
JC		 1302 break;
1303
1304 default:
1305 err = -ENOPROTOOPT;
1306 break;
1307 }
1308
1309 return err;
1310}
1311
1312/* Session getsockopt helper. Called with sock locked.
1313 */
1314static int pppol2tp_session_getsockopt(struct sock *sk,
1315 struct l2tp_session *session,
1316 int optname, int *val)
1317{
1318 int err = 0;
1319
1320 switch (optname) {
1321 case PPPOL2TP_SO_RECVSEQ:
1322 *val = session->recv_seq;
fba40c63 1323 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1324 "%s: get recv_seq=%d\n", session->name, *val);
fd558d18
JC		 1325 break;
1326
1327 case PPPOL2TP_SO_SENDSEQ:
1328 *val = session->send_seq;
fba40c63 1329 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1330 "%s: get send_seq=%d\n", session->name, *val);
fd558d18
JC		 1331 break;
1332
1333 case PPPOL2TP_SO_LNSMODE:
1334 *val = session->lns_mode;
fba40c63 1335 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1336 "%s: get lns_mode=%d\n", session->name, *val);
fd558d18
JC		 1337 break;
1338
1339 case PPPOL2TP_SO_DEBUG:
1340 *val = session->debug;
fba40c63 1341 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get debug=%d\n",
a4ca44fa 1342 session->name, *val);
fd558d18
JC		 1343 break;
1344
1345 case PPPOL2TP_SO_REORDERTO:
1346 *val = (int) jiffies_to_msecs(session->reorder_timeout);
fba40c63 1347 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1348 "%s: get reorder_timeout=%d\n", session->name, *val);
fd558d18
JC		 1349 break;
1350
1351 default:
1352 err = -ENOPROTOOPT;
1353 }
1354
1355 return err;
1356}
1357
1358/* Main getsockopt() entry point.
1359 * Does API checks, then calls either the tunnel or session getsockopt
1360 * handler, according to whether the PPPoX socket is a for a regular session
1361 * or the special tunnel type.
1362 */
e3192690
JP		 1363static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1364 char __user *optval, int __user *optlen)
fd558d18
JC		 1365{
1366 struct sock *sk = sock->sk;
1367 struct l2tp_session *session;
1368 struct l2tp_tunnel *tunnel;
1369 int val, len;
1370 int err;
fd558d18
JC		 1371
1372 if (level != SOL_PPPOL2TP)
3cf521f7 1373 return -EINVAL;
fd558d18 1374
e3192690 1375 if (get_user(len, optlen))
fd558d18
JC		 1376 return -EFAULT;
1377
1378 len = min_t(unsigned int, len, sizeof(int));
1379
1380 if (len < 0)
1381 return -EINVAL;
1382
1383 err = -ENOTCONN;
1384 if (sk->sk_user_data == NULL)
1385 goto end;
1386
1387 /* Get the session context */
1388 err = -EBADF;
1389 session = pppol2tp_sock_to_session(sk);
1390 if (session == NULL)
1391 goto end;
1392
1393 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
fd558d18
JC		 1394 if ((session->session_id == 0) &&
1395 (session->peer_session_id == 0)) {
7198c77a 1396 tunnel = session->tunnel;
fd558d18 1397 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
321a52a3
GN		 1398 if (err)
1399 goto end_put_sess;
1400 } else {
fd558d18 1401 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
321a52a3
GN		 1402 if (err)
1403 goto end_put_sess;
1404 }
fd558d18
JC		 1405
1406 err = -EFAULT;
e3192690 1407 if (put_user(len, optlen))
fd558d18
JC		 1408 goto end_put_sess;
1409
1410 if (copy_to_user((void __user *) optval, &val, len))
1411 goto end_put_sess;
1412
1413 err = 0;
1414
1415end_put_sess:
1416 sock_put(sk);
1417end:
1418 return err;
1419}
1420
1421/*****************************************************************************
1422 * /proc filesystem for debug
f7faffa3
JC		 1423 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1424 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
fd558d18
JC		 1425 *****************************************************************************/
1426
1427static unsigned int pppol2tp_net_id;
1428
1429#ifdef CONFIG_PROC_FS
1430
1431struct pppol2tp_seq_data {
1432 struct seq_net_private p;
1433 int tunnel_idx; /* current tunnel */
1434 int session_idx; /* index of session within current tunnel */
1435 struct l2tp_tunnel *tunnel;
1436 struct l2tp_session *session; /* NULL means get next tunnel */
1437};
1438
1439static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1440{
0e0c3fee
GN		 1441 /* Drop reference taken during previous invocation */
1442 if (pd->tunnel)
1443 l2tp_tunnel_dec_refcount(pd->tunnel);
1444
f7faffa3 1445 for (;;) {
0e0c3fee 1446 pd->tunnel = l2tp_tunnel_get_nth(net, pd->tunnel_idx);
f7faffa3
JC		 1447 pd->tunnel_idx++;
1448
0e0c3fee
GN		 1449 /* Only accept L2TPv2 tunnels */
1450 if (!pd->tunnel || pd->tunnel->version == 2)
1451 return;
f7faffa3 1452
0e0c3fee 1453 l2tp_tunnel_dec_refcount(pd->tunnel);
f7faffa3 1454 }
fd558d18
JC		 1455}
1456
1457static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1458{
83494407
GN		 1459 /* Drop reference taken during previous invocation */
1460 if (pd->session)
1461 l2tp_session_dec_refcount(pd->session);
1462
a4346210 1463 pd->session = l2tp_session_get_nth(pd->tunnel, pd->session_idx);
fd558d18 1464 pd->session_idx++;
f7faffa3 1465
fd558d18
JC		 1466 if (pd->session == NULL) {
1467 pd->session_idx = 0;
1468 pppol2tp_next_tunnel(net, pd);
1469 }
1470}
1471
1472static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1473{
1474 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1475 loff_t pos = *offs;
1476 struct net *net;
1477
1478 if (!pos)
1479 goto out;
1480
1481 BUG_ON(m->private == NULL);
1482 pd = m->private;
1483 net = seq_file_net(m);
1484
1485 if (pd->tunnel == NULL)
1486 pppol2tp_next_tunnel(net, pd);
1487 else
1488 pppol2tp_next_session(net, pd);
1489
1490 /* NULL tunnel and session indicates end of list */
1491 if ((pd->tunnel == NULL) && (pd->session == NULL))
1492 pd = NULL;
1493
1494out:
1495 return pd;
1496}
1497
1498static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1499{
1500 (*pos)++;
1501 return NULL;
1502}
1503
1504static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1505{
0e0c3fee
GN		 1506 struct pppol2tp_seq_data *pd = v;
1507
1508 if (!pd || pd == SEQ_START_TOKEN)
1509 return;
1510
83494407
GN		 1511 /* Drop reference taken by last invocation of pppol2tp_next_session()
1512 * or pppol2tp_next_tunnel().
1513 */
1514 if (pd->session) {
1515 l2tp_session_dec_refcount(pd->session);
1516 pd->session = NULL;
1517 }
5411b618 1518 if (pd->tunnel) {
0e0c3fee 1519 l2tp_tunnel_dec_refcount(pd->tunnel);
5411b618 1520 pd->tunnel = NULL;
5411b618 1521 }
fd558d18
JC		 1522}
1523
1524static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1525{
1526 struct l2tp_tunnel *tunnel = v;
1527
1528 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1529 tunnel->name,
1530 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
fbea9e07 1531 refcount_read(&tunnel->ref_count) - 1);
7b7c0719 1532 seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",
fd558d18 1533 tunnel->debug,
7b7c0719
TP		 1534 atomic_long_read(&tunnel->stats.tx_packets),
1535 atomic_long_read(&tunnel->stats.tx_bytes),
1536 atomic_long_read(&tunnel->stats.tx_errors),
1537 atomic_long_read(&tunnel->stats.rx_packets),
1538 atomic_long_read(&tunnel->stats.rx_bytes),
1539 atomic_long_read(&tunnel->stats.rx_errors));
fd558d18
JC		 1540}
1541
1542static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1543{
1544 struct l2tp_session *session = v;
1545 struct l2tp_tunnel *tunnel = session->tunnel;
ee40fb2e
GN		 1546 unsigned char state;
1547 char user_data_ok;
1548 struct sock *sk;
fd558d18
JC		 1549 u32 ip = 0;
1550 u16 port = 0;
1551
1552 if (tunnel->sock) {
1553 struct inet_sock *inet = inet_sk(tunnel->sock);
1554 ip = ntohl(inet->inet_saddr);
1555 port = ntohs(inet->inet_sport);
1556 }
1557
ee40fb2e
GN		 1558 sk = pppol2tp_session_get_sock(session);
1559 if (sk) {
1560 state = sk->sk_state;
1561 user_data_ok = (session == sk->sk_user_data) ? 'Y' : 'N';
1562 } else {
1563 state = 0;
1564 user_data_ok = 'N';
1565 }
1566
fd558d18
JC		 1567 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
1568 "%04X/%04X %d %c\n",
1569 session->name, ip, port,
1570 tunnel->tunnel_id,
1571 session->session_id,
1572 tunnel->peer_tunnel_id,
1573 session->peer_session_id,
ee40fb2e 1574 state, user_data_ok);
789141b2 1575 seq_printf(m, " 0/0/%c/%c/%s %08x %u\n",
fd558d18
JC		 1576 session->recv_seq ? 'R' : '-',
1577 session->send_seq ? 'S' : '-',
1578 session->lns_mode ? "LNS" : "LAC",
1579 session->debug,
1580 jiffies_to_msecs(session->reorder_timeout));
7b7c0719 1581 seq_printf(m, " %hu/%hu %ld/%ld/%ld %ld/%ld/%ld\n",
fd558d18 1582 session->nr, session->ns,
7b7c0719
TP		 1583 atomic_long_read(&session->stats.tx_packets),
1584 atomic_long_read(&session->stats.tx_bytes),
1585 atomic_long_read(&session->stats.tx_errors),
1586 atomic_long_read(&session->stats.rx_packets),
1587 atomic_long_read(&session->stats.rx_bytes),
1588 atomic_long_read(&session->stats.rx_errors));
9345471b 1589
ee40fb2e
GN		 1590 if (sk) {
1591 struct pppox_sock *po = pppox_sk(sk);
1592
9345471b 1593 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
ee40fb2e
GN		 1594 sock_put(sk);
1595 }
fd558d18
JC		 1596}
1597
1598static int pppol2tp_seq_show(struct seq_file *m, void *v)
1599{
1600 struct pppol2tp_seq_data *pd = v;
1601
1602 /* display header on line 1 */
1603 if (v == SEQ_START_TOKEN) {
1604 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1605 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1606 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1607 seq_puts(m, " SESSION name, addr/port src-tid/sid "
1608 "dest-tid/sid state user-data-ok\n");
1609 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1610 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1611 goto out;
1612 }
1613
83494407 1614 if (!pd->session)
fd558d18 1615 pppol2tp_seq_tunnel_show(m, pd->tunnel);
83494407 1616 else
fd558d18
JC		 1617 pppol2tp_seq_session_show(m, pd->session);
1618
1619out:
1620 return 0;
1621}
1622
1623static const struct seq_operations pppol2tp_seq_ops = {
1624 .start = pppol2tp_seq_start,
1625 .next = pppol2tp_seq_next,
1626 .stop = pppol2tp_seq_stop,
1627 .show = pppol2tp_seq_show,
1628};
fd558d18
JC		 1629#endif /* CONFIG_PROC_FS */
1630
1631/*****************************************************************************
1632 * Network namespace
1633 *****************************************************************************/
1634
1635static __net_init int pppol2tp_init_net(struct net *net)
1636{
1637 struct proc_dir_entry *pde;
1638 int err = 0;
1639
c3506372
CH		 1640 pde = proc_create_net("pppol2tp", 0444, net->proc_net,
1641 &pppol2tp_seq_ops, sizeof(struct pppol2tp_seq_data));
fd558d18
JC		 1642 if (!pde) {
1643 err = -ENOMEM;
1644 goto out;
1645 }
1646
1647out:
1648 return err;
1649}
1650
1651static __net_exit void pppol2tp_exit_net(struct net *net)
1652{
ece31ffd 1653 remove_proc_entry("pppol2tp", net->proc_net);
fd558d18
JC		 1654}
1655
1656static struct pernet_operations pppol2tp_net_ops = {
1657 .init = pppol2tp_init_net,
1658 .exit = pppol2tp_exit_net,
1659 .id = &pppol2tp_net_id,
1660};
1661
1662/*****************************************************************************
1663 * Init and cleanup
1664 *****************************************************************************/
1665
1666static const struct proto_ops pppol2tp_ops = {
1667 .family = AF_PPPOX,
1668 .owner = THIS_MODULE,
1669 .release = pppol2tp_release,
1670 .bind = sock_no_bind,
1671 .connect = pppol2tp_connect,
1672 .socketpair = sock_no_socketpair,
1673 .accept = sock_no_accept,
1674 .getname = pppol2tp_getname,
a11e1d43 1675 .poll = datagram_poll,
fd558d18
JC		 1676 .listen = sock_no_listen,
1677 .shutdown = sock_no_shutdown,
1678 .setsockopt = pppol2tp_setsockopt,
1679 .getsockopt = pppol2tp_getsockopt,
1680 .sendmsg = pppol2tp_sendmsg,
1681 .recvmsg = pppol2tp_recvmsg,
1682 .mmap = sock_no_mmap,
1683 .ioctl = pppox_ioctl,
1684};
1685
756e64a0 1686static const struct pppox_proto pppol2tp_proto = {
fd558d18 1687 .create = pppol2tp_create,
e1558a93
WY		 1688 .ioctl = pppol2tp_ioctl,
1689 .owner = THIS_MODULE,
fd558d18
JC		 1690};
1691
309795f4
JC		 1692#ifdef CONFIG_L2TP_V3
1693
1694static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1695 .session_create = pppol2tp_session_create,
cf2f5c88 1696 .session_delete = l2tp_session_delete,
309795f4
JC		 1697};
1698
1699#endif /* CONFIG_L2TP_V3 */
1700
fd558d18
JC		 1701static int __init pppol2tp_init(void)
1702{
1703 int err;
1704
1705 err = register_pernet_device(&pppol2tp_net_ops);
1706 if (err)
1707 goto out;
1708
1709 err = proto_register(&pppol2tp_sk_proto, 0);
1710 if (err)
1711 goto out_unregister_pppol2tp_pernet;
1712
1713 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1714 if (err)
1715 goto out_unregister_pppol2tp_proto;
1716
309795f4
JC		 1717#ifdef CONFIG_L2TP_V3
1718 err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1719 if (err)
1720 goto out_unregister_pppox;
1721#endif
1722
a4ca44fa 1723 pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
fd558d18
JC		 1724
1725out:
1726 return err;
309795f4
JC		 1727
1728#ifdef CONFIG_L2TP_V3
1729out_unregister_pppox:
1730 unregister_pppox_proto(PX_PROTO_OL2TP);
1731#endif
fd558d18
JC		 1732out_unregister_pppol2tp_proto:
1733 proto_unregister(&pppol2tp_sk_proto);
1734out_unregister_pppol2tp_pernet:
1735 unregister_pernet_device(&pppol2tp_net_ops);
1736 goto out;
1737}
1738
1739static void __exit pppol2tp_exit(void)
1740{
309795f4
JC		 1741#ifdef CONFIG_L2TP_V3
1742 l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1743#endif
fd558d18
JC		 1744 unregister_pppox_proto(PX_PROTO_OL2TP);
1745 proto_unregister(&pppol2tp_sk_proto);
1746 unregister_pernet_device(&pppol2tp_net_ops);
1747}
1748
1749module_init(pppol2tp_init);
1750module_exit(pppol2tp_exit);
1751
1752MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1753MODULE_DESCRIPTION("PPP over L2TP over UDP");
1754MODULE_LICENSE("GPL");
1755MODULE_VERSION(PPPOL2TP_DRV_VERSION);
681b4d88 1756MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OL2TP);
249ee819 1757MODULE_ALIAS_L2TP_PWTYPE(7);
Linux 6.x block layer and io_uring tree(s)