projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
l2tp: cleanup whitespace use
[linux-block.git] / net / l2tp / l2tp_ppp.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
fd558d18
JC		 2/*****************************************************************************
3 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
4 *
5 * PPPoX --- Generic PPP encapsulation socket family
6 * PPPoL2TP --- PPP over L2TP (RFC 2661)
7 *
8 * Version: 2.0.0
9 *
10 * Authors: James Chapman (jchapman@katalix.com)
11 *
12 * Based on original work by Martijn van Oosterhout <kleptog@svana.org>
13 *
14 * License:
fd558d18
JC		 15 */
16
17/* This driver handles only L2TP data frames; control frames are handled by a
18 * userspace application.
19 *
20 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
21 * attaches it to a bound UDP socket with local tunnel_id / session_id and
22 * peer tunnel_id / session_id set. Data can then be sent or received using
23 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
24 * can be read or modified using ioctl() or [gs]etsockopt() calls.
25 *
26 * When a PPPoL2TP socket is connected with local and peer session_id values
27 * zero, the socket is treated as a special tunnel management socket.
28 *
29 * Here's example userspace code to create a socket for sending/receiving data
30 * over an L2TP session:-
31 *
32 * struct sockaddr_pppol2tp sax;
33 * int fd;
34 * int session_fd;
35 *
36 * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
37 *
38 * sax.sa_family = AF_PPPOX;
39 * sax.sa_protocol = PX_PROTO_OL2TP;
40 * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
41 * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
42 * sax.pppol2tp.addr.sin_port = addr->sin_port;
43 * sax.pppol2tp.addr.sin_family = AF_INET;
44 * sax.pppol2tp.s_tunnel = tunnel_id;
45 * sax.pppol2tp.s_session = session_id;
46 * sax.pppol2tp.d_tunnel = peer_tunnel_id;
47 * sax.pppol2tp.d_session = peer_session_id;
48 *
49 * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
50 *
51 * A pppd plugin that allows PPP traffic to be carried over L2TP using
52 * this driver is available from the OpenL2TP project at
53 * http://openl2tp.sourceforge.net.
54 */
55
a4ca44fa
JP		 56#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
57
fd558d18
JC		 58#include <linux/module.h>
59#include <linux/string.h>
60#include <linux/list.h>
61#include <linux/uaccess.h>
62
63#include <linux/kernel.h>
64#include <linux/spinlock.h>
65#include <linux/kthread.h>
66#include <linux/sched.h>
67#include <linux/slab.h>
68#include <linux/errno.h>
69#include <linux/jiffies.h>
70
71#include <linux/netdevice.h>
72#include <linux/net.h>
73#include <linux/inetdevice.h>
74#include <linux/skbuff.h>
75#include <linux/init.h>
76#include <linux/ip.h>
77#include <linux/udp.h>
78#include <linux/if_pppox.h>
79#include <linux/if_pppol2tp.h>
80#include <net/sock.h>
81#include <linux/ppp_channel.h>
82#include <linux/ppp_defs.h>
4b32da2b 83#include <linux/ppp-ioctl.h>
fd558d18
JC		 84#include <linux/file.h>
85#include <linux/hash.h>
86#include <linux/sort.h>
87#include <linux/proc_fs.h>
309795f4 88#include <linux/l2tp.h>
fd558d18
JC		 89#include <linux/nsproxy.h>
90#include <net/net_namespace.h>
91#include <net/netns/generic.h>
fd558d18
JC		 92#include <net/ip.h>
93#include <net/udp.h>
cf2f5c88 94#include <net/inet_common.h>
fd558d18
JC		 95
96#include <asm/byteorder.h>
60063497 97#include <linux/atomic.h>
fd558d18
JC		 98
99#include "l2tp_core.h"
100
101#define PPPOL2TP_DRV_VERSION "V2.0"
102
103/* Space for UDP, L2TP and PPP headers */
104#define PPPOL2TP_HEADER_OVERHEAD 40
105
fd558d18
JC		 106/* Number of bytes to build transmit L2TP headers.
107 * Unfortunately the size is different depending on whether sequence numbers
108 * are enabled.
109 */
110#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
111#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
112
113/* Private data of each session. This data lives at the end of struct
114 * l2tp_session, referenced via session->priv[].
115 */
116struct pppol2tp_session {
117 int owner; /* pid that opened the socket */
118
ee40fb2e
GN		 119 struct mutex sk_lock; /* Protects .sk */
120 struct sock __rcu *sk; /* Pointer to the session
fd558d18 121 * PPPoX socket */
ee40fb2e
GN		 122 struct sock *__sk; /* Copy of .sk, for cleanup */
123 struct rcu_head rcu; /* For asynchronous release */
fd558d18
JC		 124};
125
126static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
127
d7100da0 128static const struct ppp_channel_ops pppol2tp_chan_ops = {
129 .start_xmit = pppol2tp_xmit,
130};
131
fd558d18
JC		 132static const struct proto_ops pppol2tp_ops;
133
ee40fb2e
GN		 134/* Retrieves the pppol2tp socket associated to a session.
135 * A reference is held on the returned socket, so this function must be paired
136 * with sock_put().
137 */
138static struct sock *pppol2tp_session_get_sock(struct l2tp_session *session)
139{
140 struct pppol2tp_session *ps = l2tp_session_priv(session);
141 struct sock *sk;
142
143 rcu_read_lock();
144 sk = rcu_dereference(ps->sk);
145 if (sk)
146 sock_hold(sk);
147 rcu_read_unlock();
148
149 return sk;
150}
151
fd558d18
JC		 152/* Helpers to obtain tunnel/session contexts from sockets.
153 */
154static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
155{
156 struct l2tp_session *session;
157
158 if (sk == NULL)
159 return NULL;
160
161 sock_hold(sk);
162 session = (struct l2tp_session *)(sk->sk_user_data);
163 if (session == NULL) {
164 sock_put(sk);
165 goto out;
166 }
167
168 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
169
170out:
171 return session;
172}
173
174/*****************************************************************************
175 * Receive data handling
176 *****************************************************************************/
177
fd558d18
JC		 178/* Receive message. This is the recvmsg for the PPPoL2TP socket.
179 */
1b784140
YX		 180static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg,
181 size_t len, int flags)
fd558d18
JC		 182{
183 int err;
184 struct sk_buff *skb;
185 struct sock *sk = sock->sk;
186
187 err = -EIO;
188 if (sk->sk_state & PPPOX_BOUND)
189 goto end;
190
fd558d18
JC		 191 err = 0;
192 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
193 flags & MSG_DONTWAIT, &err);
194 if (!skb)
195 goto end;
196
197 if (len > skb->len)
198 len = skb->len;
199 else if (len < skb->len)
200 msg->msg_flags |= MSG_TRUNC;
201
51f3d02b 202 err = skb_copy_datagram_msg(skb, 0, msg, len);
fd558d18
JC		 203 if (likely(err == 0))
204 err = len;
205
206 kfree_skb(skb);
207end:
208 return err;
209}
210
211static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
212{
213 struct pppol2tp_session *ps = l2tp_session_priv(session);
214 struct sock *sk = NULL;
215
216 /* If the socket is bound, send it in to PPP's input queue. Otherwise
217 * queue it on the session socket.
218 */
ee40fb2e
GN		 219 rcu_read_lock();
220 sk = rcu_dereference(ps->sk);
fd558d18
JC		 221 if (sk == NULL)
222 goto no_sock;
223
2b139e6b
GN		 224 /* If the first two bytes are 0xFF03, consider that it is the PPP's
225 * Address and Control fields and skip them. The L2TP module has always
226 * worked this way, although, in theory, the use of these fields should
227 * be negociated and handled at the PPP layer. These fields are
228 * constant: 0xFF is the All-Stations Address and 0x03 the Unnumbered
229 * Information command with Poll/Final bit set to zero (RFC 1662).
230 */
231 if (pskb_may_pull(skb, 2) && skb->data[0] == PPP_ALLSTATIONS &&
232 skb->data[1] == PPP_UI)
233 skb_pull(skb, 2);
234
fd558d18
JC		 235 if (sk->sk_state & PPPOX_BOUND) {
236 struct pppox_sock *po;
98f40b3e 237
fba40c63 238 l2tp_dbg(session, L2TP_MSG_DATA,
a4ca44fa
JP		 239 "%s: recv %d byte data frame, passing to ppp\n",
240 session->name, data_len);
fd558d18 241
fd558d18
JC		 242 po = pppox_sk(sk);
243 ppp_input(&po->chan, skb);
244 } else {
fba40c63 245 l2tp_dbg(session, L2TP_MSG_DATA,
9e9cb622
GN		 246 "%s: recv %d byte data frame, passing to L2TP socket\n",
247 session->name, data_len);
fd558d18 248
9e9cb622
GN		 249 if (sock_queue_rcv_skb(sk, skb) < 0) {
250 atomic_long_inc(&session->stats.rx_errors);
251 kfree_skb(skb);
252 }
fd558d18 253 }
ee40fb2e 254 rcu_read_unlock();
fd558d18
JC		 255
256 return;
257
258no_sock:
ee40fb2e 259 rcu_read_unlock();
fba40c63 260 l2tp_info(session, L2TP_MSG_DATA, "%s: no socket\n", session->name);
fd558d18
JC		 261 kfree_skb(skb);
262}
263
fd558d18
JC		 264/************************************************************************
265 * Transmit handling
266 ***********************************************************************/
267
fd558d18
JC		 268/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
269 * when a user application does a sendmsg() on the session socket. L2TP and
270 * PPP headers must be inserted into the user's data.
271 */
1b784140 272static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m,
fd558d18
JC		 273 size_t total_len)
274{
fd558d18
JC		 275 struct sock *sk = sock->sk;
276 struct sk_buff *skb;
277 int error;
278 struct l2tp_session *session;
279 struct l2tp_tunnel *tunnel;
0d76751f 280 int uhlen;
fd558d18
JC		 281
282 error = -ENOTCONN;
283 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
284 goto error;
285
286 /* Get session and tunnel contexts */
287 error = -EBADF;
288 session = pppol2tp_sock_to_session(sk);
289 if (session == NULL)
290 goto error;
291
7198c77a 292 tunnel = session->tunnel;
fd558d18 293
0d76751f
JC		 294 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
295
fd558d18
JC		 296 /* Allocate a socket buffer */
297 error = -ENOMEM;
298 skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
0d76751f 299 uhlen + session->hdr_len +
54c151d9 300 2 + total_len, /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
fd558d18
JC		 301 0, GFP_KERNEL);
302 if (!skb)
7198c77a 303 goto error_put_sess;
fd558d18
JC		 304
305 /* Reserve space for headers. */
306 skb_reserve(skb, NET_SKB_PAD);
307 skb_reset_network_header(skb);
308 skb_reserve(skb, sizeof(struct iphdr));
309 skb_reset_transport_header(skb);
0d76751f 310 skb_reserve(skb, uhlen);
fd558d18
JC		 311
312 /* Add PPP header */
54c151d9
GF		 313 skb->data[0] = PPP_ALLSTATIONS;
314 skb->data[1] = PPP_UI;
fd558d18
JC		 315 skb_put(skb, 2);
316
317 /* Copy user data into skb */
6ce8e9ce 318 error = memcpy_from_msg(skb_put(skb, total_len), m, total_len);
fd558d18
JC		 319 if (error < 0) {
320 kfree_skb(skb);
7198c77a 321 goto error_put_sess;
fd558d18 322 }
fd558d18 323
455cc32b 324 local_bh_disable();
fd558d18 325 l2tp_xmit_skb(session, skb, session->hdr_len);
455cc32b 326 local_bh_enable();
fd558d18 327
8b82547e 328 sock_put(sk);
fd558d18 329
a6f79d0f 330 return total_len;
fd558d18 331
fd558d18
JC		 332error_put_sess:
333 sock_put(sk);
334error:
335 return error;
336}
337
338/* Transmit function called by generic PPP driver. Sends PPP frame
339 * over PPPoL2TP socket.
340 *
341 * This is almost the same as pppol2tp_sendmsg(), but rather than
342 * being called with a msghdr from userspace, it is called with a skb
343 * from the kernel.
344 *
345 * The supplied skb from ppp doesn't have enough headroom for the
346 * insertion of L2TP, UDP and IP headers so we need to allocate more
347 * headroom in the skb. This will create a cloned skb. But we must be
348 * careful in the error case because the caller will expect to free
349 * the skb it supplied, not our cloned skb. So we take care to always
350 * leave the original skb unfreed if we return an error.
351 */
352static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
353{
b71a61cc 354 struct sock *sk = (struct sock *)chan->private;
fd558d18
JC		 355 struct l2tp_session *session;
356 struct l2tp_tunnel *tunnel;
09df57ca 357 int uhlen, headroom;
fd558d18
JC		 358
359 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
360 goto abort;
361
362 /* Get session and tunnel contexts from the socket */
363 session = pppol2tp_sock_to_session(sk);
364 if (session == NULL)
365 goto abort;
366
7198c77a 367 tunnel = session->tunnel;
fd558d18 368
09df57ca
ED		 369 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
370 headroom = NET_SKB_PAD +
371 sizeof(struct iphdr) + /* IP header */
372 uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */
373 session->hdr_len + /* L2TP header */
54c151d9 374 2; /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */
09df57ca 375 if (skb_cow_head(skb, headroom))
7198c77a 376 goto abort_put_sess;
fd558d18 377
fd558d18 378 /* Setup PPP header */
54c151d9
GF		 379 __skb_push(skb, 2);
380 skb->data[0] = PPP_ALLSTATIONS;
381 skb->data[1] = PPP_UI;
fd558d18 382
455cc32b 383 local_bh_disable();
e0d4435f 384 l2tp_xmit_skb(session, skb, session->hdr_len);
455cc32b 385 local_bh_enable();
fd558d18 386
fd558d18 387 sock_put(sk);
7198c77a 388
fd558d18
JC		 389 return 1;
390
fd558d18
JC		 391abort_put_sess:
392 sock_put(sk);
393abort:
394 /* Free the original skb */
395 kfree_skb(skb);
396 return 1;
397}
398
399/*****************************************************************************
400 * Session (and tunnel control) socket create/destroy.
401 *****************************************************************************/
402
d02ba2a6
JC		 403static void pppol2tp_put_sk(struct rcu_head *head)
404{
405 struct pppol2tp_session *ps;
406
407 ps = container_of(head, typeof(*ps), rcu);
408 sock_put(ps->__sk);
409}
410
fd558d18
JC		 411/* Really kill the session socket. (Called from sock_put() if
412 * refcnt == 0.)
413 */
414static void pppol2tp_session_destruct(struct sock *sk)
415{
f6e16b29 416 struct l2tp_session *session = sk->sk_user_data;
e91793bb
GN		 417
418 skb_queue_purge(&sk->sk_receive_queue);
419 skb_queue_purge(&sk->sk_write_queue);
420
f6e16b29 421 if (session) {
fd558d18
JC		 422 sk->sk_user_data = NULL;
423 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
424 l2tp_session_dec_refcount(session);
425 }
fd558d18
JC		 426}
427
428/* Called when the PPPoX socket (session) is closed.
429 */
430static int pppol2tp_release(struct socket *sock)
431{
432 struct sock *sk = sock->sk;
433 struct l2tp_session *session;
434 int error;
435
436 if (!sk)
437 return 0;
438
439 error = -EBADF;
440 lock_sock(sk);
441 if (sock_flag(sk, SOCK_DEAD) != 0)
442 goto error;
443
444 pppox_unbind_sock(sk);
445
446 /* Signal the death of the socket. */
447 sk->sk_state = PPPOX_DEAD;
448 sock_orphan(sk);
449 sock->sk = NULL;
450
451 session = pppol2tp_sock_to_session(sk);
d02ba2a6 452 if (session) {
3d609342
GN		 453 struct pppol2tp_session *ps;
454
f98be6c6 455 l2tp_session_delete(session);
3d609342
GN		 456
457 ps = l2tp_session_priv(session);
458 mutex_lock(&ps->sk_lock);
459 ps->__sk = rcu_dereference_protected(ps->sk,
460 lockdep_is_held(&ps->sk_lock));
461 RCU_INIT_POINTER(ps->sk, NULL);
462 mutex_unlock(&ps->sk_lock);
463 call_rcu(&ps->rcu, pppol2tp_put_sk);
464
465 /* Rely on the sock_put() call at the end of the function for
466 * dropping the reference held by pppol2tp_sock_to_session().
467 * The last reference will be dropped by pppol2tp_put_sk().
468 */
fd558d18 469 }
d02ba2a6 470
fd558d18
JC		 471 release_sock(sk);
472
473 /* This will delete the session context via
474 * pppol2tp_session_destruct() if the socket's refcnt drops to
475 * zero.
476 */
477 sock_put(sk);
478
479 return 0;
480
481error:
482 release_sock(sk);
483 return error;
484}
485
486static struct proto pppol2tp_sk_proto = {
487 .name = "PPPOL2TP",
488 .owner = THIS_MODULE,
489 .obj_size = sizeof(struct pppox_sock),
490};
491
492static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
493{
494 int rc;
495
496 rc = l2tp_udp_encap_recv(sk, skb);
497 if (rc)
498 kfree_skb(skb);
499
500 return NET_RX_SUCCESS;
501}
502
503/* socket() handler. Initialize a new struct sock.
504 */
11aa9c28 505static int pppol2tp_create(struct net *net, struct socket *sock, int kern)
fd558d18
JC		 506{
507 int error = -ENOMEM;
508 struct sock *sk;
509
11aa9c28 510 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, kern);
fd558d18
JC		 511 if (!sk)
512 goto out;
513
514 sock_init_data(sock, sk);
515
516 sock->state = SS_UNCONNECTED;
517 sock->ops = &pppol2tp_ops;
518
519 sk->sk_backlog_rcv = pppol2tp_backlog_recv;
520 sk->sk_protocol = PX_PROTO_OL2TP;
521 sk->sk_family = PF_PPPOX;
522 sk->sk_state = PPPOX_NONE;
523 sk->sk_type = SOCK_STREAM;
524 sk->sk_destruct = pppol2tp_session_destruct;
525
526 error = 0;
527
528out:
529 return error;
530}
531
0ad66140
JC		 532static void pppol2tp_show(struct seq_file *m, void *arg)
533{
534 struct l2tp_session *session = arg;
ee40fb2e
GN		 535 struct sock *sk;
536
537 sk = pppol2tp_session_get_sock(session);
538 if (sk) {
539 struct pppox_sock *po = pppox_sk(sk);
0ad66140 540
ee40fb2e
GN		 541 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
542 sock_put(sk);
0ad66140
JC		 543 }
544}
0ad66140 545
f98be6c6
GN		 546static void pppol2tp_session_init(struct l2tp_session *session)
547{
548 struct pppol2tp_session *ps;
f98be6c6
GN		 549
550 session->recv_skb = pppol2tp_recv;
c2ebc256
AB		 551 if (IS_ENABLED(CONFIG_L2TP_DEBUGFS))
552 session->show = pppol2tp_show;
f98be6c6
GN		 553
554 ps = l2tp_session_priv(session);
555 mutex_init(&ps->sk_lock);
f98be6c6 556 ps->owner = current->pid;
f98be6c6
GN		 557}
558
a408194a
GN		 559struct l2tp_connect_info {
560 u8 version;
561 int fd;
562 u32 tunnel_id;
563 u32 peer_tunnel_id;
564 u32 session_id;
565 u32 peer_session_id;
566};
567
568static int pppol2tp_sockaddr_get_info(const void *sa, int sa_len,
569 struct l2tp_connect_info *info)
570{
571 switch (sa_len) {
572 case sizeof(struct sockaddr_pppol2tp):
573 {
574 const struct sockaddr_pppol2tp *sa_v2in4 = sa;
575
576 if (sa_v2in4->sa_protocol != PX_PROTO_OL2TP)
577 return -EINVAL;
578
579 info->version = 2;
580 info->fd = sa_v2in4->pppol2tp.fd;
581 info->tunnel_id = sa_v2in4->pppol2tp.s_tunnel;
582 info->peer_tunnel_id = sa_v2in4->pppol2tp.d_tunnel;
583 info->session_id = sa_v2in4->pppol2tp.s_session;
584 info->peer_session_id = sa_v2in4->pppol2tp.d_session;
585
586 break;
587 }
588 case sizeof(struct sockaddr_pppol2tpv3):
589 {
590 const struct sockaddr_pppol2tpv3 *sa_v3in4 = sa;
591
592 if (sa_v3in4->sa_protocol != PX_PROTO_OL2TP)
593 return -EINVAL;
594
595 info->version = 3;
596 info->fd = sa_v3in4->pppol2tp.fd;
597 info->tunnel_id = sa_v3in4->pppol2tp.s_tunnel;
598 info->peer_tunnel_id = sa_v3in4->pppol2tp.d_tunnel;
599 info->session_id = sa_v3in4->pppol2tp.s_session;
600 info->peer_session_id = sa_v3in4->pppol2tp.d_session;
601
602 break;
603 }
604 case sizeof(struct sockaddr_pppol2tpin6):
605 {
606 const struct sockaddr_pppol2tpin6 *sa_v2in6 = sa;
607
608 if (sa_v2in6->sa_protocol != PX_PROTO_OL2TP)
609 return -EINVAL;
610
611 info->version = 2;
612 info->fd = sa_v2in6->pppol2tp.fd;
613 info->tunnel_id = sa_v2in6->pppol2tp.s_tunnel;
614 info->peer_tunnel_id = sa_v2in6->pppol2tp.d_tunnel;
615 info->session_id = sa_v2in6->pppol2tp.s_session;
616 info->peer_session_id = sa_v2in6->pppol2tp.d_session;
617
618 break;
619 }
620 case sizeof(struct sockaddr_pppol2tpv3in6):
621 {
622 const struct sockaddr_pppol2tpv3in6 *sa_v3in6 = sa;
623
624 if (sa_v3in6->sa_protocol != PX_PROTO_OL2TP)
625 return -EINVAL;
626
627 info->version = 3;
628 info->fd = sa_v3in6->pppol2tp.fd;
629 info->tunnel_id = sa_v3in6->pppol2tp.s_tunnel;
630 info->peer_tunnel_id = sa_v3in6->pppol2tp.d_tunnel;
631 info->session_id = sa_v3in6->pppol2tp.s_session;
632 info->peer_session_id = sa_v3in6->pppol2tp.d_session;
633
634 break;
635 }
636 default:
637 return -EINVAL;
638 }
639
640 return 0;
641}
642
789141b2
GN		 643/* Rough estimation of the maximum payload size a tunnel can transmit without
644 * fragmenting at the lower IP layer. Assumes L2TPv2 with sequence
645 * numbers and no IP option. Not quite accurate, but the result is mostly
646 * unused anyway.
647 */
648static int pppol2tp_tunnel_mtu(const struct l2tp_tunnel *tunnel)
649{
650 int mtu;
651
652 mtu = l2tp_tunnel_dst_mtu(tunnel);
653 if (mtu <= PPPOL2TP_HEADER_OVERHEAD)
654 return 1500 - PPPOL2TP_HEADER_OVERHEAD;
655
656 return mtu - PPPOL2TP_HEADER_OVERHEAD;
657}
658
fd558d18
JC		 659/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
660 */
661static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
662 int sockaddr_len, int flags)
663{
664 struct sock *sk = sock->sk;
fd558d18
JC		 665 struct pppox_sock *po = pppox_sk(sk);
666 struct l2tp_session *session = NULL;
a408194a 667 struct l2tp_connect_info info;
fd558d18
JC		 668 struct l2tp_tunnel *tunnel;
669 struct pppol2tp_session *ps;
fd558d18 670 struct l2tp_session_cfg cfg = { 0, };
dbdbc73b 671 bool drop_refcnt = false;
f9e56baf 672 bool drop_tunnel = false;
bda06be2
GN		 673 bool new_session = false;
674 bool new_tunnel = false;
a408194a 675 int error;
eb1c28c0 676
a408194a
GN		 677 error = pppol2tp_sockaddr_get_info(uservaddr, sockaddr_len, &info);
678 if (error < 0)
679 return error;
eb1c28c0 680
a408194a 681 lock_sock(sk);
fd558d18
JC		 682
683 /* Check for already bound sockets */
684 error = -EBUSY;
685 if (sk->sk_state & PPPOX_CONNECTED)
686 goto end;
687
688 /* We don't supporting rebinding anyway */
689 error = -EALREADY;
690 if (sk->sk_user_data)
691 goto end; /* socket is already attached */
692
e0d4435f 693 /* Don't bind if tunnel_id is 0 */
fd558d18 694 error = -EINVAL;
a408194a 695 if (!info.tunnel_id)
fd558d18
JC		 696 goto end;
697
a408194a 698 tunnel = l2tp_tunnel_get(sock_net(sk), info.tunnel_id);
f9e56baf
GN		 699 if (tunnel)
700 drop_tunnel = true;
309795f4 701
e0d4435f
JC		 702 /* Special case: create tunnel context if session_id and
703 * peer_session_id is 0. Otherwise look up tunnel using supplied
fd558d18
JC		 704 * tunnel id.
705 */
a408194a 706 if (!info.session_id && !info.peer_session_id) {
309795f4
JC		 707 if (tunnel == NULL) {
708 struct l2tp_tunnel_cfg tcfg = {
709 .encap = L2TP_ENCAPTYPE_UDP,
710 .debug = 0,
711 };
3e1bc8bf
GN		 712
713 /* Prevent l2tp_tunnel_register() from trying to set up
714 * a kernel socket.
715 */
a408194a 716 if (info.fd < 0) {
3e1bc8bf
GN		 717 error = -EBADF;
718 goto end;
719 }
720
a408194a
GN		 721 error = l2tp_tunnel_create(sock_net(sk), info.fd,
722 info.version,
723 info.tunnel_id,
724 info.peer_tunnel_id, &tcfg,
725 &tunnel);
309795f4
JC		 726 if (error < 0)
727 goto end;
6b9f3423
GN		 728
729 l2tp_tunnel_inc_refcount(tunnel);
730 error = l2tp_tunnel_register(tunnel, sock_net(sk),
731 &tcfg);
732 if (error < 0) {
733 kfree(tunnel);
734 goto end;
735 }
736 drop_tunnel = true;
bda06be2 737 new_tunnel = true;
309795f4 738 }
fd558d18 739 } else {
fd558d18
JC		 740 /* Error if we can't find the tunnel */
741 error = -ENOENT;
742 if (tunnel == NULL)
743 goto end;
744
745 /* Error if socket is not prepped */
746 if (tunnel->sock == NULL)
747 goto end;
748 }
749
b79585f5 750 if (tunnel->peer_tunnel_id == 0)
a408194a 751 tunnel->peer_tunnel_id = info.peer_tunnel_id;
fd558d18 752
01e28b92 753 session = l2tp_tunnel_get_session(tunnel, info.session_id);
dbdbc73b
GN		 754 if (session) {
755 drop_refcnt = true;
7ac6ab1f
GN		 756
757 if (session->pwtype != L2TP_PWTYPE_PPP) {
758 error = -EPROTOTYPE;
759 goto end;
760 }
761
dbdbc73b
GN		 762 ps = l2tp_session_priv(session);
763
764 /* Using a pre-existing session is fine as long as it hasn't
765 * been connected yet.
309795f4 766 */
ee40fb2e
GN		 767 mutex_lock(&ps->sk_lock);
768 if (rcu_dereference_protected(ps->sk,
3d609342
GN		 769 lockdep_is_held(&ps->sk_lock)) ||
770 ps->__sk) {
ee40fb2e 771 mutex_unlock(&ps->sk_lock);
dbdbc73b
GN		 772 error = -EEXIST;
773 goto end;
774 }
309795f4 775 } else {
90904ff5 776 cfg.pw_type = L2TP_PWTYPE_PPP;
309795f4 777
dbdbc73b 778 session = l2tp_session_create(sizeof(struct pppol2tp_session),
a408194a
GN		 779 tunnel, info.session_id,
780 info.peer_session_id, &cfg);
dbdbc73b
GN		 781 if (IS_ERR(session)) {
782 error = PTR_ERR(session);
309795f4 783 goto end;
dbdbc73b 784 }
3953ae7b 785
f98be6c6 786 pppol2tp_session_init(session);
ee40fb2e 787 ps = l2tp_session_priv(session);
3953ae7b 788 l2tp_session_inc_refcount(session);
ee40fb2e
GN		 789
790 mutex_lock(&ps->sk_lock);
3953ae7b
GN		 791 error = l2tp_session_register(session, tunnel);
792 if (error < 0) {
ee40fb2e 793 mutex_unlock(&ps->sk_lock);
3953ae7b
GN		 794 kfree(session);
795 goto end;
796 }
797 drop_refcnt = true;
bda06be2 798 new_session = true;
fd558d18
JC		 799 }
800
fd558d18
JC		 801 /* Special case: if source & dest session_id == 0x0000, this
802 * socket is being created to manage the tunnel. Just set up
803 * the internal context for use by ioctl() and sockopt()
804 * handlers.
805 */
806 if ((session->session_id == 0) &&
807 (session->peer_session_id == 0)) {
808 error = 0;
809 goto out_no_ppp;
810 }
811
812 /* The only header we need to worry about is the L2TP
813 * header. This size is different depending on whether
814 * sequence numbers are enabled for the data channel.
815 */
816 po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
817
818 po->chan.private = sk;
819 po->chan.ops = &pppol2tp_chan_ops;
789141b2 820 po->chan.mtu = pppol2tp_tunnel_mtu(tunnel);
fd558d18
JC		 821
822 error = ppp_register_net_channel(sock_net(sk), &po->chan);
ee40fb2e
GN		 823 if (error) {
824 mutex_unlock(&ps->sk_lock);
fd558d18 825 goto end;
ee40fb2e 826 }
fd558d18
JC		 827
828out_no_ppp:
829 /* This is how we get the session context from the socket. */
830 sk->sk_user_data = session;
ee40fb2e
GN		 831 rcu_assign_pointer(ps->sk, sk);
832 mutex_unlock(&ps->sk_lock);
833
f98be6c6
GN		 834 /* Keep the reference we've grabbed on the session: sk doesn't expect
835 * the session to disappear. pppol2tp_session_destruct() is responsible
836 * for dropping it.
837 */
838 drop_refcnt = false;
839
fd558d18 840 sk->sk_state = PPPOX_CONNECTED;
fba40c63 841 l2tp_info(session, L2TP_MSG_CONTROL, "%s: created\n",
a4ca44fa 842 session->name);
fd558d18
JC		 843
844end:
bda06be2
GN		 845 if (error) {
846 if (new_session)
847 l2tp_session_delete(session);
848 if (new_tunnel)
849 l2tp_tunnel_delete(tunnel);
850 }
dbdbc73b
GN		 851 if (drop_refcnt)
852 l2tp_session_dec_refcount(session);
f9e56baf
GN		 853 if (drop_tunnel)
854 l2tp_tunnel_dec_refcount(tunnel);
fd558d18
JC		 855 release_sock(sk);
856
857 return error;
858}
859
309795f4
JC		 860#ifdef CONFIG_L2TP_V3
861
f026bc29
GN		 862/* Called when creating sessions via the netlink interface. */
863static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel,
864 u32 session_id, u32 peer_session_id,
865 struct l2tp_session_cfg *cfg)
309795f4
JC		 866{
867 int error;
309795f4 868 struct l2tp_session *session;
309795f4 869
309795f4 870 /* Error if tunnel socket is not prepped */
f026bc29
GN		 871 if (!tunnel->sock) {
872 error = -ENOENT;
3953ae7b 873 goto err;
f026bc29 874 }
309795f4 875
309795f4 876 /* Allocate and initialize a new session context. */
309795f4
JC		 877 session = l2tp_session_create(sizeof(struct pppol2tp_session),
878 tunnel, session_id,
879 peer_session_id, cfg);
dbdbc73b
GN		 880 if (IS_ERR(session)) {
881 error = PTR_ERR(session);
3953ae7b 882 goto err;
dbdbc73b 883 }
309795f4 884
f98be6c6 885 pppol2tp_session_init(session);
309795f4 886
3953ae7b
GN		 887 error = l2tp_session_register(session, tunnel);
888 if (error < 0)
889 goto err_sess;
309795f4 890
3953ae7b 891 return 0;
309795f4 892
3953ae7b
GN		 893err_sess:
894 kfree(session);
895err:
309795f4
JC		 896 return error;
897}
898
309795f4
JC		 899#endif /* CONFIG_L2TP_V3 */
900
fd558d18
JC		 901/* getname() support.
902 */
903static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
9b2c45d4 904 int peer)
fd558d18 905{
e0d4435f 906 int len = 0;
fd558d18
JC		 907 int error = 0;
908 struct l2tp_session *session;
909 struct l2tp_tunnel *tunnel;
910 struct sock *sk = sock->sk;
911 struct inet_sock *inet;
912 struct pppol2tp_session *pls;
913
914 error = -ENOTCONN;
915 if (sk == NULL)
916 goto end;
56cff471 917 if (!(sk->sk_state & PPPOX_CONNECTED))
fd558d18
JC		 918 goto end;
919
920 error = -EBADF;
921 session = pppol2tp_sock_to_session(sk);
922 if (session == NULL)
923 goto end;
924
925 pls = l2tp_session_priv(session);
7198c77a 926 tunnel = session->tunnel;
fd558d18 927
bbdb32cb 928 inet = inet_sk(tunnel->sock);
d2cf3361 929 if ((tunnel->version == 2) && (tunnel->sock->sk_family == AF_INET)) {
e0d4435f 930 struct sockaddr_pppol2tp sp;
b71a61cc 931
e0d4435f
JC		 932 len = sizeof(sp);
933 memset(&sp, 0, len);
934 sp.sa_family = AF_PPPOX;
935 sp.sa_protocol = PX_PROTO_OL2TP;
936 sp.pppol2tp.fd = tunnel->fd;
937 sp.pppol2tp.pid = pls->owner;
938 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
939 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
940 sp.pppol2tp.s_session = session->session_id;
941 sp.pppol2tp.d_session = session->peer_session_id;
942 sp.pppol2tp.addr.sin_family = AF_INET;
943 sp.pppol2tp.addr.sin_port = inet->inet_dport;
944 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
945 memcpy(uaddr, &sp, len);
d2cf3361
BL		 946#if IS_ENABLED(CONFIG_IPV6)
947 } else if ((tunnel->version == 2) &&
948 (tunnel->sock->sk_family == AF_INET6)) {
d2cf3361 949 struct sockaddr_pppol2tpin6 sp;
efe4208f 950
d2cf3361
BL		 951 len = sizeof(sp);
952 memset(&sp, 0, len);
953 sp.sa_family = AF_PPPOX;
954 sp.sa_protocol = PX_PROTO_OL2TP;
955 sp.pppol2tp.fd = tunnel->fd;
956 sp.pppol2tp.pid = pls->owner;
957 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
958 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
959 sp.pppol2tp.s_session = session->session_id;
960 sp.pppol2tp.d_session = session->peer_session_id;
961 sp.pppol2tp.addr.sin6_family = AF_INET6;
962 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
efe4208f
ED		 963 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
964 sizeof(tunnel->sock->sk_v6_daddr));
d2cf3361
BL		 965 memcpy(uaddr, &sp, len);
966 } else if ((tunnel->version == 3) &&
967 (tunnel->sock->sk_family == AF_INET6)) {
d2cf3361 968 struct sockaddr_pppol2tpv3in6 sp;
efe4208f 969
d2cf3361
BL		 970 len = sizeof(sp);
971 memset(&sp, 0, len);
972 sp.sa_family = AF_PPPOX;
973 sp.sa_protocol = PX_PROTO_OL2TP;
974 sp.pppol2tp.fd = tunnel->fd;
975 sp.pppol2tp.pid = pls->owner;
976 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
977 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
978 sp.pppol2tp.s_session = session->session_id;
979 sp.pppol2tp.d_session = session->peer_session_id;
980 sp.pppol2tp.addr.sin6_family = AF_INET6;
981 sp.pppol2tp.addr.sin6_port = inet->inet_dport;
efe4208f
ED		 982 memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,
983 sizeof(tunnel->sock->sk_v6_daddr));
d2cf3361
BL		 984 memcpy(uaddr, &sp, len);
985#endif
e0d4435f
JC		 986 } else if (tunnel->version == 3) {
987 struct sockaddr_pppol2tpv3 sp;
b71a61cc 988
e0d4435f
JC		 989 len = sizeof(sp);
990 memset(&sp, 0, len);
991 sp.sa_family = AF_PPPOX;
992 sp.sa_protocol = PX_PROTO_OL2TP;
993 sp.pppol2tp.fd = tunnel->fd;
994 sp.pppol2tp.pid = pls->owner;
995 sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
996 sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
997 sp.pppol2tp.s_session = session->session_id;
998 sp.pppol2tp.d_session = session->peer_session_id;
999 sp.pppol2tp.addr.sin_family = AF_INET;
1000 sp.pppol2tp.addr.sin_port = inet->inet_dport;
1001 sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
1002 memcpy(uaddr, &sp, len);
1003 }
fd558d18 1004
9b2c45d4 1005 error = len;
fd558d18 1006
fd558d18 1007 sock_put(sk);
fd558d18
JC		 1008end:
1009 return error;
1010}
1011
1012/****************************************************************************
1013 * ioctl() handlers.
1014 *
1015 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1016 * sockets. However, in order to control kernel tunnel features, we allow
1017 * userspace to create a special "tunnel" PPPoX socket which is used for
1018 * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1019 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1020 * calls.
1021 ****************************************************************************/
1022
1023static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
7390ed8a 1024 const struct l2tp_stats *stats)
fd558d18 1025{
7390ed8a
GN		 1026 memset(dest, 0, sizeof(*dest));
1027
7b7c0719
TP		 1028 dest->tx_packets = atomic_long_read(&stats->tx_packets);
1029 dest->tx_bytes = atomic_long_read(&stats->tx_bytes);
1030 dest->tx_errors = atomic_long_read(&stats->tx_errors);
1031 dest->rx_packets = atomic_long_read(&stats->rx_packets);
1032 dest->rx_bytes = atomic_long_read(&stats->rx_bytes);
1033 dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);
1034 dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);
1035 dest->rx_errors = atomic_long_read(&stats->rx_errors);
fd558d18
JC		 1036}
1037
528534f0
GN		 1038static int pppol2tp_tunnel_copy_stats(struct pppol2tp_ioc_stats *stats,
1039 struct l2tp_tunnel *tunnel)
1040{
1041 struct l2tp_session *session;
1042
1043 if (!stats->session_id) {
528534f0
GN		 1044 pppol2tp_copy_stats(stats, &tunnel->stats);
1045 return 0;
1046 }
1047
1048 /* If session_id is set, search the corresponding session in the
1049 * context of this tunnel and record the session's statistics.
1050 */
1051 session = l2tp_tunnel_get_session(tunnel, stats->session_id);
1052 if (!session)
1053 return -EBADR;
1054
1055 if (session->pwtype != L2TP_PWTYPE_PPP) {
1056 l2tp_session_dec_refcount(session);
1057 return -EBADR;
1058 }
1059
528534f0
GN		 1060 pppol2tp_copy_stats(stats, &session->stats);
1061 l2tp_session_dec_refcount(session);
1062
1063 return 0;
1064}
1065
fd558d18
JC		 1066static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1067 unsigned long arg)
1068{
528534f0 1069 struct pppol2tp_ioc_stats stats;
fd558d18 1070 struct l2tp_session *session;
79e6760e
GN		 1071
1072 switch (cmd) {
1073 case PPPIOCGMRU:
1074 case PPPIOCGFLAGS:
1075 session = sock->sk->sk_user_data;
1076 if (!session)
1077 return -ENOTCONN;
fd558d18 1078
79e6760e
GN		 1079 /* Not defined for tunnels */
1080 if (!session->session_id && !session->peer_session_id)
1081 return -ENOSYS;
fd558d18 1082
79e6760e
GN		 1083 if (put_user(0, (int __user *)arg))
1084 return -EFAULT;
1085 break;
1086
1087 case PPPIOCSMRU:
1088 case PPPIOCSFLAGS:
1089 session = sock->sk->sk_user_data;
1090 if (!session)
1091 return -ENOTCONN;
fd558d18 1092
79e6760e
GN		 1093 /* Not defined for tunnels */
1094 if (!session->session_id && !session->peer_session_id)
1095 return -ENOSYS;
1096
503c0188 1097 if (!access_ok((int __user *)arg, sizeof(int)))
79e6760e
GN		 1098 return -EFAULT;
1099 break;
1100
1101 case PPPIOCGL2TPSTATS:
1102 session = sock->sk->sk_user_data;
1103 if (!session)
1104 return -ENOTCONN;
1105
1106 /* Session 0 represents the parent tunnel */
528534f0
GN		 1107 if (!session->session_id && !session->peer_session_id) {
1108 u32 session_id;
1109 int err;
1110
1111 if (copy_from_user(&stats, (void __user *)arg,
1112 sizeof(stats)))
1113 return -EFAULT;
1114
1115 session_id = stats.session_id;
1116 err = pppol2tp_tunnel_copy_stats(&stats,
1117 session->tunnel);
1118 if (err < 0)
1119 return err;
1120
1121 stats.session_id = session_id;
1122 } else {
b0e29063
GN		 1123 pppol2tp_copy_stats(&stats, &session->stats);
1124 stats.session_id = session->session_id;
528534f0
GN		 1125 }
1126 stats.tunnel_id = session->tunnel->tunnel_id;
1127 stats.using_ipsec = l2tp_tunnel_uses_xfrm(session->tunnel);
1128
1129 if (copy_to_user((void __user *)arg, &stats, sizeof(stats)))
1130 return -EFAULT;
79e6760e
GN		 1131 break;
1132
1133 default:
4f5f85e9 1134 return -ENOIOCTLCMD;
bdd0292f 1135 }
fd558d18 1136
79e6760e 1137 return 0;
fd558d18
JC		 1138}
1139
1140/*****************************************************************************
1141 * setsockopt() / getsockopt() support.
1142 *
1143 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1144 * sockets. In order to control kernel tunnel features, we allow userspace to
1145 * create a special "tunnel" PPPoX socket which is used for control only.
1146 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1147 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1148 *****************************************************************************/
1149
1150/* Tunnel setsockopt() helper.
1151 */
1152static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1153 struct l2tp_tunnel *tunnel,
1154 int optname, int val)
1155{
1156 int err = 0;
1157
1158 switch (optname) {
1159 case PPPOL2TP_SO_DEBUG:
1160 tunnel->debug = val;
fba40c63 1161 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
a4ca44fa 1162 tunnel->name, tunnel->debug);
fd558d18
JC		 1163 break;
1164
1165 default:
1166 err = -ENOPROTOOPT;
1167 break;
1168 }
1169
1170 return err;
1171}
1172
1173/* Session setsockopt helper.
1174 */
1175static int pppol2tp_session_setsockopt(struct sock *sk,
1176 struct l2tp_session *session,
1177 int optname, int val)
1178{
1179 int err = 0;
fd558d18
JC		 1180
1181 switch (optname) {
1182 case PPPOL2TP_SO_RECVSEQ:
1183 if ((val != 0) && (val != 1)) {
1184 err = -EINVAL;
1185 break;
1186 }
3f9b9770 1187 session->recv_seq = !!val;
fba40c63 1188 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1189 "%s: set recv_seq=%d\n",
1190 session->name, session->recv_seq);
fd558d18
JC		 1191 break;
1192
1193 case PPPOL2TP_SO_SENDSEQ:
1194 if ((val != 0) && (val != 1)) {
1195 err = -EINVAL;
1196 break;
1197 }
3f9b9770 1198 session->send_seq = !!val;
fd558d18 1199 {
ee40fb2e
GN		 1200 struct pppox_sock *po = pppox_sk(sk);
1201
fd558d18
JC		 1202 po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1203 PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1204 }
bb5016ea 1205 l2tp_session_set_header_len(session, session->tunnel->version);
fba40c63 1206 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1207 "%s: set send_seq=%d\n",
1208 session->name, session->send_seq);
fd558d18
JC		 1209 break;
1210
1211 case PPPOL2TP_SO_LNSMODE:
1212 if ((val != 0) && (val != 1)) {
1213 err = -EINVAL;
1214 break;
1215 }
3f9b9770 1216 session->lns_mode = !!val;
fba40c63 1217 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1218 "%s: set lns_mode=%d\n",
1219 session->name, session->lns_mode);
fd558d18
JC		 1220 break;
1221
1222 case PPPOL2TP_SO_DEBUG:
1223 session->debug = val;
fba40c63 1224 l2tp_info(session, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
a4ca44fa 1225 session->name, session->debug);
fd558d18
JC		 1226 break;
1227
1228 case PPPOL2TP_SO_REORDERTO:
1229 session->reorder_timeout = msecs_to_jiffies(val);
fba40c63 1230 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa
JP		 1231 "%s: set reorder_timeout=%d\n",
1232 session->name, session->reorder_timeout);
fd558d18
JC		 1233 break;
1234
1235 default:
1236 err = -ENOPROTOOPT;
1237 break;
1238 }
1239
1240 return err;
1241}
1242
1243/* Main setsockopt() entry point.
1244 * Does API checks, then calls either the tunnel or session setsockopt
1245 * handler, according to whether the PPPoL2TP socket is a for a regular
1246 * session or the special tunnel type.
1247 */
1248static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1249 char __user *optval, unsigned int optlen)
1250{
1251 struct sock *sk = sock->sk;
1252 struct l2tp_session *session;
1253 struct l2tp_tunnel *tunnel;
fd558d18
JC		 1254 int val;
1255 int err;
1256
1257 if (level != SOL_PPPOL2TP)
3cf521f7 1258 return -EINVAL;
fd558d18
JC		 1259
1260 if (optlen < sizeof(int))
1261 return -EINVAL;
1262
1263 if (get_user(val, (int __user *)optval))
1264 return -EFAULT;
1265
1266 err = -ENOTCONN;
1267 if (sk->sk_user_data == NULL)
1268 goto end;
1269
1270 /* Get session context from the socket */
1271 err = -EBADF;
1272 session = pppol2tp_sock_to_session(sk);
1273 if (session == NULL)
1274 goto end;
1275
1276 /* Special case: if session_id == 0x0000, treat as operation on tunnel
1277 */
fd558d18
JC		 1278 if ((session->session_id == 0) &&
1279 (session->peer_session_id == 0)) {
7198c77a 1280 tunnel = session->tunnel;
fd558d18 1281 err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
7198c77a 1282 } else {
fd558d18 1283 err = pppol2tp_session_setsockopt(sk, session, optname, val);
7198c77a 1284 }
fd558d18 1285
fd558d18
JC		 1286 sock_put(sk);
1287end:
1288 return err;
1289}
1290
1291/* Tunnel getsockopt helper. Called with sock locked.
1292 */
1293static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1294 struct l2tp_tunnel *tunnel,
1295 int optname, int *val)
1296{
1297 int err = 0;
1298
1299 switch (optname) {
1300 case PPPOL2TP_SO_DEBUG:
1301 *val = tunnel->debug;
fba40c63 1302 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get debug=%x\n",
a4ca44fa 1303 tunnel->name, tunnel->debug);
fd558d18
JC		 1304 break;
1305
1306 default:
1307 err = -ENOPROTOOPT;
1308 break;
1309 }
1310
1311 return err;
1312}
1313
1314/* Session getsockopt helper. Called with sock locked.
1315 */
1316static int pppol2tp_session_getsockopt(struct sock *sk,
1317 struct l2tp_session *session,
1318 int optname, int *val)
1319{
1320 int err = 0;
1321
1322 switch (optname) {
1323 case PPPOL2TP_SO_RECVSEQ:
1324 *val = session->recv_seq;
fba40c63 1325 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1326 "%s: get recv_seq=%d\n", session->name, *val);
fd558d18
JC		 1327 break;
1328
1329 case PPPOL2TP_SO_SENDSEQ:
1330 *val = session->send_seq;
fba40c63 1331 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1332 "%s: get send_seq=%d\n", session->name, *val);
fd558d18
JC		 1333 break;
1334
1335 case PPPOL2TP_SO_LNSMODE:
1336 *val = session->lns_mode;
fba40c63 1337 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1338 "%s: get lns_mode=%d\n", session->name, *val);
fd558d18
JC		 1339 break;
1340
1341 case PPPOL2TP_SO_DEBUG:
1342 *val = session->debug;
fba40c63 1343 l2tp_info(session, L2TP_MSG_CONTROL, "%s: get debug=%d\n",
a4ca44fa 1344 session->name, *val);
fd558d18
JC		 1345 break;
1346
1347 case PPPOL2TP_SO_REORDERTO:
b71a61cc 1348 *val = (int)jiffies_to_msecs(session->reorder_timeout);
fba40c63 1349 l2tp_info(session, L2TP_MSG_CONTROL,
a4ca44fa 1350 "%s: get reorder_timeout=%d\n", session->name, *val);
fd558d18
JC		 1351 break;
1352
1353 default:
1354 err = -ENOPROTOOPT;
1355 }
1356
1357 return err;
1358}
1359
1360/* Main getsockopt() entry point.
1361 * Does API checks, then calls either the tunnel or session getsockopt
1362 * handler, according to whether the PPPoX socket is a for a regular session
1363 * or the special tunnel type.
1364 */
e3192690
JP		 1365static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
1366 char __user *optval, int __user *optlen)
fd558d18
JC		 1367{
1368 struct sock *sk = sock->sk;
1369 struct l2tp_session *session;
1370 struct l2tp_tunnel *tunnel;
1371 int val, len;
1372 int err;
fd558d18
JC		 1373
1374 if (level != SOL_PPPOL2TP)
3cf521f7 1375 return -EINVAL;
fd558d18 1376
e3192690 1377 if (get_user(len, optlen))
fd558d18
JC		 1378 return -EFAULT;
1379
1380 len = min_t(unsigned int, len, sizeof(int));
1381
1382 if (len < 0)
1383 return -EINVAL;
1384
1385 err = -ENOTCONN;
1386 if (sk->sk_user_data == NULL)
1387 goto end;
1388
1389 /* Get the session context */
1390 err = -EBADF;
1391 session = pppol2tp_sock_to_session(sk);
1392 if (session == NULL)
1393 goto end;
1394
1395 /* Special case: if session_id == 0x0000, treat as operation on tunnel */
fd558d18
JC		 1396 if ((session->session_id == 0) &&
1397 (session->peer_session_id == 0)) {
7198c77a 1398 tunnel = session->tunnel;
fd558d18 1399 err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
321a52a3
GN		 1400 if (err)
1401 goto end_put_sess;
1402 } else {
fd558d18 1403 err = pppol2tp_session_getsockopt(sk, session, optname, &val);
321a52a3
GN		 1404 if (err)
1405 goto end_put_sess;
1406 }
fd558d18
JC		 1407
1408 err = -EFAULT;
e3192690 1409 if (put_user(len, optlen))
fd558d18
JC		 1410 goto end_put_sess;
1411
b71a61cc 1412 if (copy_to_user((void __user *)optval, &val, len))
fd558d18
JC		 1413 goto end_put_sess;
1414
1415 err = 0;
1416
1417end_put_sess:
1418 sock_put(sk);
1419end:
1420 return err;
1421}
1422
1423/*****************************************************************************
1424 * /proc filesystem for debug
f7faffa3
JC		 1425 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1426 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
fd558d18
JC		 1427 *****************************************************************************/
1428
1429static unsigned int pppol2tp_net_id;
1430
1431#ifdef CONFIG_PROC_FS
1432
1433struct pppol2tp_seq_data {
1434 struct seq_net_private p;
1435 int tunnel_idx; /* current tunnel */
1436 int session_idx; /* index of session within current tunnel */
1437 struct l2tp_tunnel *tunnel;
1438 struct l2tp_session *session; /* NULL means get next tunnel */
1439};
1440
1441static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1442{
0e0c3fee
GN		 1443 /* Drop reference taken during previous invocation */
1444 if (pd->tunnel)
1445 l2tp_tunnel_dec_refcount(pd->tunnel);
1446
f7faffa3 1447 for (;;) {
0e0c3fee 1448 pd->tunnel = l2tp_tunnel_get_nth(net, pd->tunnel_idx);
f7faffa3
JC		 1449 pd->tunnel_idx++;
1450
0e0c3fee
GN		 1451 /* Only accept L2TPv2 tunnels */
1452 if (!pd->tunnel || pd->tunnel->version == 2)
1453 return;
f7faffa3 1454
0e0c3fee 1455 l2tp_tunnel_dec_refcount(pd->tunnel);
f7faffa3 1456 }
fd558d18
JC		 1457}
1458
1459static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1460{
83494407
GN		 1461 /* Drop reference taken during previous invocation */
1462 if (pd->session)
1463 l2tp_session_dec_refcount(pd->session);
1464
a4346210 1465 pd->session = l2tp_session_get_nth(pd->tunnel, pd->session_idx);
fd558d18 1466 pd->session_idx++;
f7faffa3 1467
fd558d18
JC		 1468 if (pd->session == NULL) {
1469 pd->session_idx = 0;
1470 pppol2tp_next_tunnel(net, pd);
1471 }
1472}
1473
1474static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1475{
1476 struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1477 loff_t pos = *offs;
1478 struct net *net;
1479
1480 if (!pos)
1481 goto out;
1482
1483 BUG_ON(m->private == NULL);
1484 pd = m->private;
1485 net = seq_file_net(m);
1486
1487 if (pd->tunnel == NULL)
1488 pppol2tp_next_tunnel(net, pd);
1489 else
1490 pppol2tp_next_session(net, pd);
1491
1492 /* NULL tunnel and session indicates end of list */
1493 if ((pd->tunnel == NULL) && (pd->session == NULL))
1494 pd = NULL;
1495
1496out:
1497 return pd;
1498}
1499
1500static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1501{
1502 (*pos)++;
1503 return NULL;
1504}
1505
1506static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1507{
0e0c3fee
GN		 1508 struct pppol2tp_seq_data *pd = v;
1509
1510 if (!pd || pd == SEQ_START_TOKEN)
1511 return;
1512
83494407
GN		 1513 /* Drop reference taken by last invocation of pppol2tp_next_session()
1514 * or pppol2tp_next_tunnel().
1515 */
1516 if (pd->session) {
1517 l2tp_session_dec_refcount(pd->session);
1518 pd->session = NULL;
1519 }
5411b618 1520 if (pd->tunnel) {
0e0c3fee 1521 l2tp_tunnel_dec_refcount(pd->tunnel);
5411b618 1522 pd->tunnel = NULL;
5411b618 1523 }
fd558d18
JC		 1524}
1525
1526static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1527{
1528 struct l2tp_tunnel *tunnel = v;
1529
1530 seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1531 tunnel->name,
1532 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
fbea9e07 1533 refcount_read(&tunnel->ref_count) - 1);
7b7c0719 1534 seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",
fd558d18 1535 tunnel->debug,
7b7c0719
TP		 1536 atomic_long_read(&tunnel->stats.tx_packets),
1537 atomic_long_read(&tunnel->stats.tx_bytes),
1538 atomic_long_read(&tunnel->stats.tx_errors),
1539 atomic_long_read(&tunnel->stats.rx_packets),
1540 atomic_long_read(&tunnel->stats.rx_bytes),
1541 atomic_long_read(&tunnel->stats.rx_errors));
fd558d18
JC		 1542}
1543
1544static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1545{
1546 struct l2tp_session *session = v;
1547 struct l2tp_tunnel *tunnel = session->tunnel;
ee40fb2e
GN		 1548 unsigned char state;
1549 char user_data_ok;
1550 struct sock *sk;
fd558d18
JC		 1551 u32 ip = 0;
1552 u16 port = 0;
1553
1554 if (tunnel->sock) {
1555 struct inet_sock *inet = inet_sk(tunnel->sock);
b71a61cc 1556
fd558d18
JC		 1557 ip = ntohl(inet->inet_saddr);
1558 port = ntohs(inet->inet_sport);
1559 }
1560
ee40fb2e
GN		 1561 sk = pppol2tp_session_get_sock(session);
1562 if (sk) {
1563 state = sk->sk_state;
1564 user_data_ok = (session == sk->sk_user_data) ? 'Y' : 'N';
1565 } else {
1566 state = 0;
1567 user_data_ok = 'N';
1568 }
1569
fd558d18
JC		 1570 seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
1571 "%04X/%04X %d %c\n",
1572 session->name, ip, port,
1573 tunnel->tunnel_id,
1574 session->session_id,
1575 tunnel->peer_tunnel_id,
1576 session->peer_session_id,
ee40fb2e 1577 state, user_data_ok);
789141b2 1578 seq_printf(m, " 0/0/%c/%c/%s %08x %u\n",
fd558d18
JC		 1579 session->recv_seq ? 'R' : '-',
1580 session->send_seq ? 'S' : '-',
1581 session->lns_mode ? "LNS" : "LAC",
1582 session->debug,
1583 jiffies_to_msecs(session->reorder_timeout));
7b7c0719 1584 seq_printf(m, " %hu/%hu %ld/%ld/%ld %ld/%ld/%ld\n",
fd558d18 1585 session->nr, session->ns,
7b7c0719
TP		 1586 atomic_long_read(&session->stats.tx_packets),
1587 atomic_long_read(&session->stats.tx_bytes),
1588 atomic_long_read(&session->stats.tx_errors),
1589 atomic_long_read(&session->stats.rx_packets),
1590 atomic_long_read(&session->stats.rx_bytes),
1591 atomic_long_read(&session->stats.rx_errors));
9345471b 1592
ee40fb2e
GN		 1593 if (sk) {
1594 struct pppox_sock *po = pppox_sk(sk);
1595
9345471b 1596 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
ee40fb2e
GN		 1597 sock_put(sk);
1598 }
fd558d18
JC		 1599}
1600
1601static int pppol2tp_seq_show(struct seq_file *m, void *v)
1602{
1603 struct pppol2tp_seq_data *pd = v;
1604
1605 /* display header on line 1 */
1606 if (v == SEQ_START_TOKEN) {
1607 seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1608 seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1609 seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1610 seq_puts(m, " SESSION name, addr/port src-tid/sid "
1611 "dest-tid/sid state user-data-ok\n");
1612 seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1613 seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1614 goto out;
1615 }
1616
83494407 1617 if (!pd->session)
fd558d18 1618 pppol2tp_seq_tunnel_show(m, pd->tunnel);
83494407 1619 else
fd558d18
JC		 1620 pppol2tp_seq_session_show(m, pd->session);
1621
1622out:
1623 return 0;
1624}
1625
1626static const struct seq_operations pppol2tp_seq_ops = {
1627 .start = pppol2tp_seq_start,
1628 .next = pppol2tp_seq_next,
1629 .stop = pppol2tp_seq_stop,
1630 .show = pppol2tp_seq_show,
1631};
fd558d18
JC		 1632#endif /* CONFIG_PROC_FS */
1633
1634/*****************************************************************************
1635 * Network namespace
1636 *****************************************************************************/
1637
1638static __net_init int pppol2tp_init_net(struct net *net)
1639{
1640 struct proc_dir_entry *pde;
1641 int err = 0;
1642
c3506372
CH		 1643 pde = proc_create_net("pppol2tp", 0444, net->proc_net,
1644 &pppol2tp_seq_ops, sizeof(struct pppol2tp_seq_data));
fd558d18
JC		 1645 if (!pde) {
1646 err = -ENOMEM;
1647 goto out;
1648 }
1649
1650out:
1651 return err;
1652}
1653
1654static __net_exit void pppol2tp_exit_net(struct net *net)
1655{
ece31ffd 1656 remove_proc_entry("pppol2tp", net->proc_net);
fd558d18
JC		 1657}
1658
1659static struct pernet_operations pppol2tp_net_ops = {
1660 .init = pppol2tp_init_net,
1661 .exit = pppol2tp_exit_net,
1662 .id = &pppol2tp_net_id,
1663};
1664
1665/*****************************************************************************
1666 * Init and cleanup
1667 *****************************************************************************/
1668
1669static const struct proto_ops pppol2tp_ops = {
1670 .family = AF_PPPOX,
1671 .owner = THIS_MODULE,
1672 .release = pppol2tp_release,
1673 .bind = sock_no_bind,
1674 .connect = pppol2tp_connect,
1675 .socketpair = sock_no_socketpair,
1676 .accept = sock_no_accept,
1677 .getname = pppol2tp_getname,
a11e1d43 1678 .poll = datagram_poll,
fd558d18
JC		 1679 .listen = sock_no_listen,
1680 .shutdown = sock_no_shutdown,
1681 .setsockopt = pppol2tp_setsockopt,
1682 .getsockopt = pppol2tp_getsockopt,
1683 .sendmsg = pppol2tp_sendmsg,
1684 .recvmsg = pppol2tp_recvmsg,
1685 .mmap = sock_no_mmap,
1686 .ioctl = pppox_ioctl,
055d8824
AB		 1687#ifdef CONFIG_COMPAT
1688 .compat_ioctl = pppox_compat_ioctl,
1689#endif
fd558d18
JC		 1690};
1691
756e64a0 1692static const struct pppox_proto pppol2tp_proto = {
fd558d18 1693 .create = pppol2tp_create,
e1558a93
WY		 1694 .ioctl = pppol2tp_ioctl,
1695 .owner = THIS_MODULE,
fd558d18
JC		 1696};
1697
309795f4
JC		 1698#ifdef CONFIG_L2TP_V3
1699
1700static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1701 .session_create = pppol2tp_session_create,
cf2f5c88 1702 .session_delete = l2tp_session_delete,
309795f4
JC		 1703};
1704
1705#endif /* CONFIG_L2TP_V3 */
1706
fd558d18
JC		 1707static int __init pppol2tp_init(void)
1708{
1709 int err;
1710
1711 err = register_pernet_device(&pppol2tp_net_ops);
1712 if (err)
1713 goto out;
1714
1715 err = proto_register(&pppol2tp_sk_proto, 0);
1716 if (err)
1717 goto out_unregister_pppol2tp_pernet;
1718
1719 err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1720 if (err)
1721 goto out_unregister_pppol2tp_proto;
1722
309795f4
JC		 1723#ifdef CONFIG_L2TP_V3
1724 err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1725 if (err)
1726 goto out_unregister_pppox;
1727#endif
1728
a4ca44fa 1729 pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);
fd558d18
JC		 1730
1731out:
1732 return err;
309795f4
JC		 1733
1734#ifdef CONFIG_L2TP_V3
1735out_unregister_pppox:
1736 unregister_pppox_proto(PX_PROTO_OL2TP);
1737#endif
fd558d18
JC		 1738out_unregister_pppol2tp_proto:
1739 proto_unregister(&pppol2tp_sk_proto);
1740out_unregister_pppol2tp_pernet:
1741 unregister_pernet_device(&pppol2tp_net_ops);
1742 goto out;
1743}
1744
1745static void __exit pppol2tp_exit(void)
1746{
309795f4
JC		 1747#ifdef CONFIG_L2TP_V3
1748 l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1749#endif
fd558d18
JC		 1750 unregister_pppox_proto(PX_PROTO_OL2TP);
1751 proto_unregister(&pppol2tp_sk_proto);
1752 unregister_pernet_device(&pppol2tp_net_ops);
1753}
1754
1755module_init(pppol2tp_init);
1756module_exit(pppol2tp_exit);
1757
1758MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1759MODULE_DESCRIPTION("PPP over L2TP over UDP");
1760MODULE_LICENSE("GPL");
1761MODULE_VERSION(PPPOL2TP_DRV_VERSION);
681b4d88 1762MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OL2TP);
249ee819 1763MODULE_ALIAS_L2TP_PWTYPE(7);
Linux 6.x block layer and io_uring tree(s)