1
/*****************************************************************************
2
 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
3
 *
4
 * PPPoX    --- Generic PPP encapsulation socket family
5
 * PPPoL2TP --- PPP over L2TP (RFC 2661)
6
 *
7
 * Version:	2.0.0
8
 *
9
 * Authors:	James Chapman ([email protected])
10
 *
11
 * Based on original work by Martijn van Oosterhout <[email protected]>
12
 *
13
 * License:
14
 *		This program is free software; you can redistribute it and/or
15
 *		modify it under the terms of the GNU General Public License
16
 *		as published by the Free Software Foundation; either version
17
 *		2 of the License, or (at your option) any later version.
18
 *
19
 */
20

21
/* This driver handles only L2TP data frames; control frames are handled by a
22
 * userspace application.
23
 *
24
 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
25
 * attaches it to a bound UDP socket with local tunnel_id / session_id and
26
 * peer tunnel_id / session_id set. Data can then be sent or received using
27
 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
28
 * can be read or modified using ioctl() or [gs]etsockopt() calls.
29
 *
30
 * When a PPPoL2TP socket is connected with local and peer session_id values
31
 * zero, the socket is treated as a special tunnel management socket.
32
 *
33
 * Here's example userspace code to create a socket for sending/receiving data
34
 * over an L2TP session:-
35
 *
36
 *	struct sockaddr_pppol2tp sax;
37
 *	int fd;
38
 *	int session_fd;
39
 *
40
 *	fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
41
 *
42
 *	sax.sa_family = AF_PPPOX;
43
 *	sax.sa_protocol = PX_PROTO_OL2TP;
44
 *	sax.pppol2tp.fd = tunnel_fd;	// bound UDP socket
45
 *	sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
46
 *	sax.pppol2tp.addr.sin_port = addr->sin_port;
47
 *	sax.pppol2tp.addr.sin_family = AF_INET;
48
 *	sax.pppol2tp.s_tunnel  = tunnel_id;
49
 *	sax.pppol2tp.s_session = session_id;
50
 *	sax.pppol2tp.d_tunnel  = peer_tunnel_id;
51
 *	sax.pppol2tp.d_session = peer_session_id;
52
 *
53
 *	session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
54
 *
55
 * A pppd plugin that allows PPP traffic to be carried over L2TP using
56
 * this driver is available from the OpenL2TP project at
57
 * http://openl2tp.sourceforge.net.
58
 */
59

60
#include <linux/module.h>
61
#include <linux/string.h>
62
#include <linux/list.h>
63
#include <linux/uaccess.h>
64

65
#include <linux/kernel.h>
66
#include <linux/spinlock.h>
67
#include <linux/kthread.h>
68
#include <linux/sched.h>
69
#include <linux/slab.h>
70
#include <linux/errno.h>
71
#include <linux/jiffies.h>
72

73
#include <linux/netdevice.h>
74
#include <linux/net.h>
75
#include <linux/inetdevice.h>
76
#include <linux/skbuff.h>
77
#include <linux/init.h>
78
#include <linux/ip.h>
79
#include <linux/udp.h>
80
#include <linux/if_pppox.h>
81
#include <linux/if_pppol2tp.h>
82
#include <net/sock.h>
83
#include <linux/ppp_channel.h>
84
#include <linux/ppp_defs.h>
85
#include <linux/if_ppp.h>
86
#include <linux/file.h>
87
#include <linux/hash.h>
88
#include <linux/sort.h>
89
#include <linux/proc_fs.h>
90
#include <linux/l2tp.h>
91
#include <linux/nsproxy.h>
92
#include <net/net_namespace.h>
93
#include <net/netns/generic.h>
94
#include <net/dst.h>
95
#include <net/ip.h>
96
#include <net/udp.h>
97
#include <net/xfrm.h>
98

99
#include <asm/byteorder.h>
100
#include <asm/atomic.h>
101

102
#include "l2tp_core.h"
103

104
#define PPPOL2TP_DRV_VERSION	"V2.0"
105

106
/* Space for UDP, L2TP and PPP headers */
107
#define PPPOL2TP_HEADER_OVERHEAD	40
108

109
#define PRINTK(_mask, _type, _lvl, _fmt, args...)			\
110
	do {								\
111
		if ((_mask) & (_type))					\
112
			printk(_lvl "PPPOL2TP: " _fmt, ##args);		\
113
	} while (0)
114

115
/* Number of bytes to build transmit L2TP headers.
116
 * Unfortunately the size is different depending on whether sequence numbers
117
 * are enabled.
118
 */
119
#define PPPOL2TP_L2TP_HDR_SIZE_SEQ		10
120
#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ		6
121

122
/* Private data of each session. This data lives at the end of struct
123
 * l2tp_session, referenced via session->priv[].
124
 */
125
struct pppol2tp_session {
126
	int			owner;		/* pid that opened the socket */
127

128
	struct sock		*sock;		/* Pointer to the session
129
						 * PPPoX socket */
130
	struct sock		*tunnel_sock;	/* Pointer to the tunnel UDP
131
						 * socket */
132
	int			flags;		/* accessed by PPPIOCGFLAGS.
133
						 * Unused. */
134
};
135

136
static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
137

138
static const struct ppp_channel_ops pppol2tp_chan_ops = {
139
	.start_xmit =  pppol2tp_xmit,
140
};
141

142
static const struct proto_ops pppol2tp_ops;
143

144
/* Helpers to obtain tunnel/session contexts from sockets.
145
 */
146
static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
147
{
148
	struct l2tp_session *session;
149

150
	if (sk == NULL)
151
		return NULL;
152

153
	sock_hold(sk);
154
	session = (struct l2tp_session *)(sk->sk_user_data);
155
	if (session == NULL) {
156
		sock_put(sk);
157
		goto out;
158
	}
159

160
	BUG_ON(session->magic != L2TP_SESSION_MAGIC);
161

162
out:
163
	return session;
164
}
165

166
/*****************************************************************************
167
 * Receive data handling
168
 *****************************************************************************/
169

170
static int pppol2tp_recv_payload_hook(struct sk_buff *skb)
171
{
172
	/* Skip PPP header, if present.	 In testing, Microsoft L2TP clients
173
	 * don't send the PPP header (PPP header compression enabled), but
174
	 * other clients can include the header. So we cope with both cases
175
	 * here. The PPP header is always FF03 when using L2TP.
176
	 *
177
	 * Note that skb->data[] isn't dereferenced from a u16 ptr here since
178
	 * the field may be unaligned.
179
	 */
180
	if (!pskb_may_pull(skb, 2))
181
		return 1;
182

183
	if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
184
		skb_pull(skb, 2);
185

186
	return 0;
187
}
188

189
/* Receive message. This is the recvmsg for the PPPoL2TP socket.
190
 */
191
static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
192
			    struct msghdr *msg, size_t len,
193
			    int flags)
194
{
195
	int err;
196
	struct sk_buff *skb;
197
	struct sock *sk = sock->sk;
198

199
	err = -EIO;
200
	if (sk->sk_state & PPPOX_BOUND)
201
		goto end;
202

203
	msg->msg_namelen = 0;
204

205
	err = 0;
206
	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
207
				flags & MSG_DONTWAIT, &err);
208
	if (!skb)
209
		goto end;
210

211
	if (len > skb->len)
212
		len = skb->len;
213
	else if (len < skb->len)
214
		msg->msg_flags |= MSG_TRUNC;
215

216
	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
217
	if (likely(err == 0))
218
		err = len;
219

220
	kfree_skb(skb);
221
end:
222
	return err;
223
}
224

225
static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
226
{
227
	struct pppol2tp_session *ps = l2tp_session_priv(session);
228
	struct sock *sk = NULL;
229

230
	/* If the socket is bound, send it in to PPP's input queue. Otherwise
231
	 * queue it on the session socket.
232
	 */
233
	sk = ps->sock;
234
	if (sk == NULL)
235
		goto no_sock;
236

237
	if (sk->sk_state & PPPOX_BOUND) {
238
		struct pppox_sock *po;
239
		PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
240
		       "%s: recv %d byte data frame, passing to ppp\n",
241
		       session->name, data_len);
242

243
		/* We need to forget all info related to the L2TP packet
244
		 * gathered in the skb as we are going to reuse the same
245
		 * skb for the inner packet.
246
		 * Namely we need to:
247
		 * - reset xfrm (IPSec) information as it applies to
248
		 *   the outer L2TP packet and not to the inner one
249
		 * - release the dst to force a route lookup on the inner
250
		 *   IP packet since skb->dst currently points to the dst
251
		 *   of the UDP tunnel
252
		 * - reset netfilter information as it doesn't apply
253
		 *   to the inner packet either
254
		 */
255
		secpath_reset(skb);
256
		skb_dst_drop(skb);
257
		nf_reset(skb);
258

259
		po = pppox_sk(sk);
260
		ppp_input(&po->chan, skb);
261
	} else {
262
		PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
263
		       "%s: socket not bound\n", session->name);
264

265
		/* Not bound. Nothing we can do, so discard. */
266
		session->stats.rx_errors++;
267
		kfree_skb(skb);
268
	}
269

270
	return;
271

272
no_sock:
273
	PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
274
	       "%s: no socket\n", session->name);
275
	kfree_skb(skb);
276
}
277

278
static void pppol2tp_session_sock_hold(struct l2tp_session *session)
279
{
280
	struct pppol2tp_session *ps = l2tp_session_priv(session);
281

282
	if (ps->sock)
283
		sock_hold(ps->sock);
284
}
285

286
static void pppol2tp_session_sock_put(struct l2tp_session *session)
287
{
288
	struct pppol2tp_session *ps = l2tp_session_priv(session);
289

290
	if (ps->sock)
291
		sock_put(ps->sock);
292
}
293

294
/************************************************************************
295
 * Transmit handling
296
 ***********************************************************************/
297

298
/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket.  We come here
299
 * when a user application does a sendmsg() on the session socket. L2TP and
300
 * PPP headers must be inserted into the user's data.
301
 */
302
static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
303
			    size_t total_len)
304
{
305
	static const unsigned char ppph[2] = { 0xff, 0x03 };
306
	struct sock *sk = sock->sk;
307
	struct sk_buff *skb;
308
	int error;
309
	struct l2tp_session *session;
310
	struct l2tp_tunnel *tunnel;
311
	struct pppol2tp_session *ps;
312
	int uhlen;
313

314
	error = -ENOTCONN;
315
	if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
316
		goto error;
317

318
	/* Get session and tunnel contexts */
319
	error = -EBADF;
320
	session = pppol2tp_sock_to_session(sk);
321
	if (session == NULL)
322
		goto error;
323

324
	ps = l2tp_session_priv(session);
325
	tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
326
	if (tunnel == NULL)
327
		goto error_put_sess;
328

329
	uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
330

331
	/* Allocate a socket buffer */
332
	error = -ENOMEM;
333
	skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
334
			   uhlen + session->hdr_len +
335
			   sizeof(ppph) + total_len,
336
			   0, GFP_KERNEL);
337
	if (!skb)
338
		goto error_put_sess_tun;
339

340
	/* Reserve space for headers. */
341
	skb_reserve(skb, NET_SKB_PAD);
342
	skb_reset_network_header(skb);
343
	skb_reserve(skb, sizeof(struct iphdr));
344
	skb_reset_transport_header(skb);
345
	skb_reserve(skb, uhlen);
346

347
	/* Add PPP header */
348
	skb->data[0] = ppph[0];
349
	skb->data[1] = ppph[1];
350
	skb_put(skb, 2);
351

352
	/* Copy user data into skb */
353
	error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
354
	if (error < 0) {
355
		kfree_skb(skb);
356
		goto error_put_sess_tun;
357
	}
358
	skb_put(skb, total_len);
359

360
	l2tp_xmit_skb(session, skb, session->hdr_len);
361

362
	sock_put(ps->tunnel_sock);
363

364
	return error;
365

366
error_put_sess_tun:
367
	sock_put(ps->tunnel_sock);
368
error_put_sess:
369
	sock_put(sk);
370
error:
371
	return error;
372
}
373

374
/* Transmit function called by generic PPP driver.  Sends PPP frame
375
 * over PPPoL2TP socket.
376
 *
377
 * This is almost the same as pppol2tp_sendmsg(), but rather than
378
 * being called with a msghdr from userspace, it is called with a skb
379
 * from the kernel.
380
 *
381
 * The supplied skb from ppp doesn't have enough headroom for the
382
 * insertion of L2TP, UDP and IP headers so we need to allocate more
383
 * headroom in the skb. This will create a cloned skb. But we must be
384
 * careful in the error case because the caller will expect to free
385
 * the skb it supplied, not our cloned skb. So we take care to always
386
 * leave the original skb unfreed if we return an error.
387
 */
388
static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
389
{
390
	static const u8 ppph[2] = { 0xff, 0x03 };
391
	struct sock *sk = (struct sock *) chan->private;
392
	struct sock *sk_tun;
393
	struct l2tp_session *session;
394
	struct l2tp_tunnel *tunnel;
395
	struct pppol2tp_session *ps;
396
	int old_headroom;
397
	int new_headroom;
398

399
	if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
400
		goto abort;
401

402
	/* Get session and tunnel contexts from the socket */
403
	session = pppol2tp_sock_to_session(sk);
404
	if (session == NULL)
405
		goto abort;
406

407
	ps = l2tp_session_priv(session);
408
	sk_tun = ps->tunnel_sock;
409
	if (sk_tun == NULL)
410
		goto abort_put_sess;
411
	tunnel = l2tp_sock_to_tunnel(sk_tun);
412
	if (tunnel == NULL)
413
		goto abort_put_sess;
414

415
	old_headroom = skb_headroom(skb);
416
	if (skb_cow_head(skb, sizeof(ppph)))
417
		goto abort_put_sess_tun;
418

419
	new_headroom = skb_headroom(skb);
420
	skb->truesize += new_headroom - old_headroom;
421

422
	/* Setup PPP header */
423
	__skb_push(skb, sizeof(ppph));
424
	skb->data[0] = ppph[0];
425
	skb->data[1] = ppph[1];
426

427
	l2tp_xmit_skb(session, skb, session->hdr_len);
428

429
	sock_put(sk_tun);
430
	sock_put(sk);
431
	return 1;
432

433
abort_put_sess_tun:
434
	sock_put(sk_tun);
435
abort_put_sess:
436
	sock_put(sk);
437
abort:
438
	/* Free the original skb */
439
	kfree_skb(skb);
440
	return 1;
441
}
442

443
/*****************************************************************************
444
 * Session (and tunnel control) socket create/destroy.
445
 *****************************************************************************/
446

447
/* Called by l2tp_core when a session socket is being closed.
448
 */
449
static void pppol2tp_session_close(struct l2tp_session *session)
450
{
451
	struct pppol2tp_session *ps = l2tp_session_priv(session);
452
	struct sock *sk = ps->sock;
453
	struct sk_buff *skb;
454

455
	BUG_ON(session->magic != L2TP_SESSION_MAGIC);
456

457
	if (session->session_id == 0)
458
		goto out;
459

460
	if (sk != NULL) {
461
		lock_sock(sk);
462

463
		if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
464
			pppox_unbind_sock(sk);
465
			sk->sk_state = PPPOX_DEAD;
466
			sk->sk_state_change(sk);
467
		}
468

469
		/* Purge any queued data */
470
		skb_queue_purge(&sk->sk_receive_queue);
471
		skb_queue_purge(&sk->sk_write_queue);
472
		while ((skb = skb_dequeue(&session->reorder_q))) {
473
			kfree_skb(skb);
474
			sock_put(sk);
475
		}
476

477
		release_sock(sk);
478
	}
479

480
out:
481
	return;
482
}
483

484
/* Really kill the session socket. (Called from sock_put() if
485
 * refcnt == 0.)
486
 */
487
static void pppol2tp_session_destruct(struct sock *sk)
488
{
489
	struct l2tp_session *session;
490

491
	if (sk->sk_user_data != NULL) {
492
		session = sk->sk_user_data;
493
		if (session == NULL)
494
			goto out;
495

496
		sk->sk_user_data = NULL;
497
		BUG_ON(session->magic != L2TP_SESSION_MAGIC);
498
		l2tp_session_dec_refcount(session);
499
	}
500

501
out:
502
	return;
503
}
504

505
/* Called when the PPPoX socket (session) is closed.
506
 */
507
static int pppol2tp_release(struct socket *sock)
508
{
509
	struct sock *sk = sock->sk;
510
	struct l2tp_session *session;
511
	int error;
512

513
	if (!sk)
514
		return 0;
515

516
	error = -EBADF;
517
	lock_sock(sk);
518
	if (sock_flag(sk, SOCK_DEAD) != 0)
519
		goto error;
520

521
	pppox_unbind_sock(sk);
522

523
	/* Signal the death of the socket. */
524
	sk->sk_state = PPPOX_DEAD;
525
	sock_orphan(sk);
526
	sock->sk = NULL;
527

528
	session = pppol2tp_sock_to_session(sk);
529

530
	/* Purge any queued data */
531
	skb_queue_purge(&sk->sk_receive_queue);
532
	skb_queue_purge(&sk->sk_write_queue);
533
	if (session != NULL) {
534
		struct sk_buff *skb;
535
		while ((skb = skb_dequeue(&session->reorder_q))) {
536
			kfree_skb(skb);
537
			sock_put(sk);
538
		}
539
		sock_put(sk);
540
	}
541

542
	release_sock(sk);
543

544
	/* This will delete the session context via
545
	 * pppol2tp_session_destruct() if the socket's refcnt drops to
546
	 * zero.
547
	 */
548
	sock_put(sk);
549

550
	return 0;
551

552
error:
553
	release_sock(sk);
554
	return error;
555
}
556

557
static struct proto pppol2tp_sk_proto = {
558
	.name	  = "PPPOL2TP",
559
	.owner	  = THIS_MODULE,
560
	.obj_size = sizeof(struct pppox_sock),
561
};
562

563
static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)
564
{
565
	int rc;
566

567
	rc = l2tp_udp_encap_recv(sk, skb);
568
	if (rc)
569
		kfree_skb(skb);
570

571
	return NET_RX_SUCCESS;
572
}
573

574
/* socket() handler. Initialize a new struct sock.
575
 */
576
static int pppol2tp_create(struct net *net, struct socket *sock)
577
{
578
	int error = -ENOMEM;
579
	struct sock *sk;
580

581
	sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
582
	if (!sk)
583
		goto out;
584

585
	sock_init_data(sock, sk);
586

587
	sock->state  = SS_UNCONNECTED;
588
	sock->ops    = &pppol2tp_ops;
589

590
	sk->sk_backlog_rcv = pppol2tp_backlog_recv;
591
	sk->sk_protocol	   = PX_PROTO_OL2TP;
592
	sk->sk_family	   = PF_PPPOX;
593
	sk->sk_state	   = PPPOX_NONE;
594
	sk->sk_type	   = SOCK_STREAM;
595
	sk->sk_destruct	   = pppol2tp_session_destruct;
596

597
	error = 0;
598

599
out:
600
	return error;
601
}
602

603
#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
604
static void pppol2tp_show(struct seq_file *m, void *arg)
605
{
606
	struct l2tp_session *session = arg;
607
	struct pppol2tp_session *ps = l2tp_session_priv(session);
608

609
	if (ps) {
610
		struct pppox_sock *po = pppox_sk(ps->sock);
611
		if (po)
612
			seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));
613
	}
614
}
615
#endif
616

617
/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
618
 */
619
static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
620
			    int sockaddr_len, int flags)
621
{
622
	struct sock *sk = sock->sk;
623
	struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
624
	struct sockaddr_pppol2tpv3 *sp3 = (struct sockaddr_pppol2tpv3 *) uservaddr;
625
	struct pppox_sock *po = pppox_sk(sk);
626
	struct l2tp_session *session = NULL;
627
	struct l2tp_tunnel *tunnel;
628
	struct pppol2tp_session *ps;
629
	struct dst_entry *dst;
630
	struct l2tp_session_cfg cfg = { 0, };
631
	int error = 0;
632
	u32 tunnel_id, peer_tunnel_id;
633
	u32 session_id, peer_session_id;
634
	int ver = 2;
635
	int fd;
636

637
	lock_sock(sk);
638

639
	error = -EINVAL;
640
	if (sp->sa_protocol != PX_PROTO_OL2TP)
641
		goto end;
642

643
	/* Check for already bound sockets */
644
	error = -EBUSY;
645
	if (sk->sk_state & PPPOX_CONNECTED)
646
		goto end;
647

648
	/* We don't supporting rebinding anyway */
649
	error = -EALREADY;
650
	if (sk->sk_user_data)
651
		goto end; /* socket is already attached */
652

653
	/* Get params from socket address. Handle L2TPv2 and L2TPv3 */
654
	if (sockaddr_len == sizeof(struct sockaddr_pppol2tp)) {
655
		fd = sp->pppol2tp.fd;
656
		tunnel_id = sp->pppol2tp.s_tunnel;
657
		peer_tunnel_id = sp->pppol2tp.d_tunnel;
658
		session_id = sp->pppol2tp.s_session;
659
		peer_session_id = sp->pppol2tp.d_session;
660
	} else if (sockaddr_len == sizeof(struct sockaddr_pppol2tpv3)) {
661
		ver = 3;
662
		fd = sp3->pppol2tp.fd;
663
		tunnel_id = sp3->pppol2tp.s_tunnel;
664
		peer_tunnel_id = sp3->pppol2tp.d_tunnel;
665
		session_id = sp3->pppol2tp.s_session;
666
		peer_session_id = sp3->pppol2tp.d_session;
667
	} else {
668
		error = -EINVAL;
669
		goto end; /* bad socket address */
670
	}
671

672
	/* Don't bind if tunnel_id is 0 */
673
	error = -EINVAL;
674
	if (tunnel_id == 0)
675
		goto end;
676

677
	tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id);
678

679
	/* Special case: create tunnel context if session_id and
680
	 * peer_session_id is 0. Otherwise look up tunnel using supplied
681
	 * tunnel id.
682
	 */
683
	if ((session_id == 0) && (peer_session_id == 0)) {
684
		if (tunnel == NULL) {
685
			struct l2tp_tunnel_cfg tcfg = {
686
				.encap = L2TP_ENCAPTYPE_UDP,
687
				.debug = 0,
688
			};
689
			error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel);
690
			if (error < 0)
691
				goto end;
692
		}
693
	} else {
694
		/* Error if we can't find the tunnel */
695
		error = -ENOENT;
696
		if (tunnel == NULL)
697
			goto end;
698

699
		/* Error if socket is not prepped */
700
		if (tunnel->sock == NULL)
701
			goto end;
702
	}
703

704
	if (tunnel->recv_payload_hook == NULL)
705
		tunnel->recv_payload_hook = pppol2tp_recv_payload_hook;
706

707
	if (tunnel->peer_tunnel_id == 0) {
708
		if (ver == 2)
709
			tunnel->peer_tunnel_id = sp->pppol2tp.d_tunnel;
710
		else
711
			tunnel->peer_tunnel_id = sp3->pppol2tp.d_tunnel;
712
	}
713

714
	/* Create session if it doesn't already exist. We handle the
715
	 * case where a session was previously created by the netlink
716
	 * interface by checking that the session doesn't already have
717
	 * a socket and its tunnel socket are what we expect. If any
718
	 * of those checks fail, return EEXIST to the caller.
719
	 */
720
	session = l2tp_session_find(sock_net(sk), tunnel, session_id);
721
	if (session == NULL) {
722
		/* Default MTU must allow space for UDP/L2TP/PPP
723
		 * headers.
724
		 */
725
		cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
726

727
		/* Allocate and initialize a new session context. */
728
		session = l2tp_session_create(sizeof(struct pppol2tp_session),
729
					      tunnel, session_id,
730
					      peer_session_id, &cfg);
731
		if (session == NULL) {
732
			error = -ENOMEM;
733
			goto end;
734
		}
735
	} else {
736
		ps = l2tp_session_priv(session);
737
		error = -EEXIST;
738
		if (ps->sock != NULL)
739
			goto end;
740

741
		/* consistency checks */
742
		if (ps->tunnel_sock != tunnel->sock)
743
			goto end;
744
	}
745

746
	/* Associate session with its PPPoL2TP socket */
747
	ps = l2tp_session_priv(session);
748
	ps->owner	     = current->pid;
749
	ps->sock	     = sk;
750
	ps->tunnel_sock = tunnel->sock;
751

752
	session->recv_skb	= pppol2tp_recv;
753
	session->session_close	= pppol2tp_session_close;
754
#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE)
755
	session->show		= pppol2tp_show;
756
#endif
757

758
	/* We need to know each time a skb is dropped from the reorder
759
	 * queue.
760
	 */
761
	session->ref = pppol2tp_session_sock_hold;
762
	session->deref = pppol2tp_session_sock_put;
763

764
	/* If PMTU discovery was enabled, use the MTU that was discovered */
765
	dst = sk_dst_get(sk);
766
	if (dst != NULL) {
767
		u32 pmtu = dst_mtu(__sk_dst_get(sk));
768
		if (pmtu != 0)
769
			session->mtu = session->mru = pmtu -
770
				PPPOL2TP_HEADER_OVERHEAD;
771
		dst_release(dst);
772
	}
773

774
	/* Special case: if source & dest session_id == 0x0000, this
775
	 * socket is being created to manage the tunnel. Just set up
776
	 * the internal context for use by ioctl() and sockopt()
777
	 * handlers.
778
	 */
779
	if ((session->session_id == 0) &&
780
	    (session->peer_session_id == 0)) {
781
		error = 0;
782
		goto out_no_ppp;
783
	}
784

785
	/* The only header we need to worry about is the L2TP
786
	 * header. This size is different depending on whether
787
	 * sequence numbers are enabled for the data channel.
788
	 */
789
	po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
790

791
	po->chan.private = sk;
792
	po->chan.ops	 = &pppol2tp_chan_ops;
793
	po->chan.mtu	 = session->mtu;
794

795
	error = ppp_register_net_channel(sock_net(sk), &po->chan);
796
	if (error)
797
		goto end;
798

799
out_no_ppp:
800
	/* This is how we get the session context from the socket. */
801
	sk->sk_user_data = session;
802
	sk->sk_state = PPPOX_CONNECTED;
803
	PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
804
	       "%s: created\n", session->name);
805

806
end:
807
	release_sock(sk);
808

809
	return error;
810
}
811

812
#ifdef CONFIG_L2TP_V3
813

814
/* Called when creating sessions via the netlink interface.
815
 */
816
static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
817
{
818
	int error;
819
	struct l2tp_tunnel *tunnel;
820
	struct l2tp_session *session;
821
	struct pppol2tp_session *ps;
822

823
	tunnel = l2tp_tunnel_find(net, tunnel_id);
824

825
	/* Error if we can't find the tunnel */
826
	error = -ENOENT;
827
	if (tunnel == NULL)
828
		goto out;
829

830
	/* Error if tunnel socket is not prepped */
831
	if (tunnel->sock == NULL)
832
		goto out;
833

834
	/* Check that this session doesn't already exist */
835
	error = -EEXIST;
836
	session = l2tp_session_find(net, tunnel, session_id);
837
	if (session != NULL)
838
		goto out;
839

840
	/* Default MTU values. */
841
	if (cfg->mtu == 0)
842
		cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD;
843
	if (cfg->mru == 0)
844
		cfg->mru = cfg->mtu;
845

846
	/* Allocate and initialize a new session context. */
847
	error = -ENOMEM;
848
	session = l2tp_session_create(sizeof(struct pppol2tp_session),
849
				      tunnel, session_id,
850
				      peer_session_id, cfg);
851
	if (session == NULL)
852
		goto out;
853

854
	ps = l2tp_session_priv(session);
855
	ps->tunnel_sock = tunnel->sock;
856

857
	PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
858
	       "%s: created\n", session->name);
859

860
	error = 0;
861

862
out:
863
	return error;
864
}
865

866
/* Called when deleting sessions via the netlink interface.
867
 */
868
static int pppol2tp_session_delete(struct l2tp_session *session)
869
{
870
	struct pppol2tp_session *ps = l2tp_session_priv(session);
871

872
	if (ps->sock == NULL)
873
		l2tp_session_dec_refcount(session);
874

875
	return 0;
876
}
877

878
#endif /* CONFIG_L2TP_V3 */
879

880
/* getname() support.
881
 */
882
static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
883
			    int *usockaddr_len, int peer)
884
{
885
	int len = 0;
886
	int error = 0;
887
	struct l2tp_session *session;
888
	struct l2tp_tunnel *tunnel;
889
	struct sock *sk = sock->sk;
890
	struct inet_sock *inet;
891
	struct pppol2tp_session *pls;
892

893
	error = -ENOTCONN;
894
	if (sk == NULL)
895
		goto end;
896
	if (sk->sk_state != PPPOX_CONNECTED)
897
		goto end;
898

899
	error = -EBADF;
900
	session = pppol2tp_sock_to_session(sk);
901
	if (session == NULL)
902
		goto end;
903

904
	pls = l2tp_session_priv(session);
905
	tunnel = l2tp_sock_to_tunnel(pls->tunnel_sock);
906
	if (tunnel == NULL) {
907
		error = -EBADF;
908
		goto end_put_sess;
909
	}
910

911
	inet = inet_sk(sk);
912
	if (tunnel->version == 2) {
913
		struct sockaddr_pppol2tp sp;
914
		len = sizeof(sp);
915
		memset(&sp, 0, len);
916
		sp.sa_family	= AF_PPPOX;
917
		sp.sa_protocol	= PX_PROTO_OL2TP;
918
		sp.pppol2tp.fd  = tunnel->fd;
919
		sp.pppol2tp.pid = pls->owner;
920
		sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
921
		sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
922
		sp.pppol2tp.s_session = session->session_id;
923
		sp.pppol2tp.d_session = session->peer_session_id;
924
		sp.pppol2tp.addr.sin_family = AF_INET;
925
		sp.pppol2tp.addr.sin_port = inet->inet_dport;
926
		sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
927
		memcpy(uaddr, &sp, len);
928
	} else if (tunnel->version == 3) {
929
		struct sockaddr_pppol2tpv3 sp;
930
		len = sizeof(sp);
931
		memset(&sp, 0, len);
932
		sp.sa_family	= AF_PPPOX;
933
		sp.sa_protocol	= PX_PROTO_OL2TP;
934
		sp.pppol2tp.fd  = tunnel->fd;
935
		sp.pppol2tp.pid = pls->owner;
936
		sp.pppol2tp.s_tunnel = tunnel->tunnel_id;
937
		sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;
938
		sp.pppol2tp.s_session = session->session_id;
939
		sp.pppol2tp.d_session = session->peer_session_id;
940
		sp.pppol2tp.addr.sin_family = AF_INET;
941
		sp.pppol2tp.addr.sin_port = inet->inet_dport;
942
		sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;
943
		memcpy(uaddr, &sp, len);
944
	}
945

946
	*usockaddr_len = len;
947

948
	sock_put(pls->tunnel_sock);
949
end_put_sess:
950
	sock_put(sk);
951
	error = 0;
952

953
end:
954
	return error;
955
}
956

957
/****************************************************************************
958
 * ioctl() handlers.
959
 *
960
 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
961
 * sockets. However, in order to control kernel tunnel features, we allow
962
 * userspace to create a special "tunnel" PPPoX socket which is used for
963
 * control only.  Tunnel PPPoX sockets have session_id == 0 and simply allow
964
 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
965
 * calls.
966
 ****************************************************************************/
967

968
static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
969
				struct l2tp_stats *stats)
970
{
971
	dest->tx_packets = stats->tx_packets;
972
	dest->tx_bytes = stats->tx_bytes;
973
	dest->tx_errors = stats->tx_errors;
974
	dest->rx_packets = stats->rx_packets;
975
	dest->rx_bytes = stats->rx_bytes;
976
	dest->rx_seq_discards = stats->rx_seq_discards;
977
	dest->rx_oos_packets = stats->rx_oos_packets;
978
	dest->rx_errors = stats->rx_errors;
979
}
980

981
/* Session ioctl helper.
982
 */
983
static int pppol2tp_session_ioctl(struct l2tp_session *session,
984
				  unsigned int cmd, unsigned long arg)
985
{
986
	struct ifreq ifr;
987
	int err = 0;
988
	struct sock *sk;
989
	int val = (int) arg;
990
	struct pppol2tp_session *ps = l2tp_session_priv(session);
991
	struct l2tp_tunnel *tunnel = session->tunnel;
992
	struct pppol2tp_ioc_stats stats;
993

994
	PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
995
	       "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
996
	       session->name, cmd, arg);
997

998
	sk = ps->sock;
999
	sock_hold(sk);
1000

1001
	switch (cmd) {
1002
	case SIOCGIFMTU:
1003
		err = -ENXIO;
1004
		if (!(sk->sk_state & PPPOX_CONNECTED))
1005
			break;
1006

1007
		err = -EFAULT;
1008
		if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1009
			break;
1010
		ifr.ifr_mtu = session->mtu;
1011
		if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1012
			break;
1013

1014
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1015
		       "%s: get mtu=%d\n", session->name, session->mtu);
1016
		err = 0;
1017
		break;
1018

1019
	case SIOCSIFMTU:
1020
		err = -ENXIO;
1021
		if (!(sk->sk_state & PPPOX_CONNECTED))
1022
			break;
1023

1024
		err = -EFAULT;
1025
		if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1026
			break;
1027

1028
		session->mtu = ifr.ifr_mtu;
1029

1030
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1031
		       "%s: set mtu=%d\n", session->name, session->mtu);
1032
		err = 0;
1033
		break;
1034

1035
	case PPPIOCGMRU:
1036
		err = -ENXIO;
1037
		if (!(sk->sk_state & PPPOX_CONNECTED))
1038
			break;
1039

1040
		err = -EFAULT;
1041
		if (put_user(session->mru, (int __user *) arg))
1042
			break;
1043

1044
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1045
		       "%s: get mru=%d\n", session->name, session->mru);
1046
		err = 0;
1047
		break;
1048

1049
	case PPPIOCSMRU:
1050
		err = -ENXIO;
1051
		if (!(sk->sk_state & PPPOX_CONNECTED))
1052
			break;
1053

1054
		err = -EFAULT;
1055
		if (get_user(val, (int __user *) arg))
1056
			break;
1057

1058
		session->mru = val;
1059
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1060
		       "%s: set mru=%d\n", session->name, session->mru);
1061
		err = 0;
1062
		break;
1063

1064
	case PPPIOCGFLAGS:
1065
		err = -EFAULT;
1066
		if (put_user(ps->flags, (int __user *) arg))
1067
			break;
1068

1069
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1070
		       "%s: get flags=%d\n", session->name, ps->flags);
1071
		err = 0;
1072
		break;
1073

1074
	case PPPIOCSFLAGS:
1075
		err = -EFAULT;
1076
		if (get_user(val, (int __user *) arg))
1077
			break;
1078
		ps->flags = val;
1079
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1080
		       "%s: set flags=%d\n", session->name, ps->flags);
1081
		err = 0;
1082
		break;
1083

1084
	case PPPIOCGL2TPSTATS:
1085
		err = -ENXIO;
1086
		if (!(sk->sk_state & PPPOX_CONNECTED))
1087
			break;
1088

1089
		memset(&stats, 0, sizeof(stats));
1090
		stats.tunnel_id = tunnel->tunnel_id;
1091
		stats.session_id = session->session_id;
1092
		pppol2tp_copy_stats(&stats, &session->stats);
1093
		if (copy_to_user((void __user *) arg, &stats,
1094
				 sizeof(stats)))
1095
			break;
1096
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1097
		       "%s: get L2TP stats\n", session->name);
1098
		err = 0;
1099
		break;
1100

1101
	default:
1102
		err = -ENOSYS;
1103
		break;
1104
	}
1105

1106
	sock_put(sk);
1107

1108
	return err;
1109
}
1110

1111
/* Tunnel ioctl helper.
1112
 *
1113
 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1114
 * specifies a session_id, the session ioctl handler is called. This allows an
1115
 * application to retrieve session stats via a tunnel socket.
1116
 */
1117
static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
1118
				 unsigned int cmd, unsigned long arg)
1119
{
1120
	int err = 0;
1121
	struct sock *sk;
1122
	struct pppol2tp_ioc_stats stats;
1123

1124
	PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1125
	       "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
1126
	       tunnel->name, cmd, arg);
1127

1128
	sk = tunnel->sock;
1129
	sock_hold(sk);
1130

1131
	switch (cmd) {
1132
	case PPPIOCGL2TPSTATS:
1133
		err = -ENXIO;
1134
		if (!(sk->sk_state & PPPOX_CONNECTED))
1135
			break;
1136

1137
		if (copy_from_user(&stats, (void __user *) arg,
1138
				   sizeof(stats))) {
1139
			err = -EFAULT;
1140
			break;
1141
		}
1142
		if (stats.session_id != 0) {
1143
			/* resend to session ioctl handler */
1144
			struct l2tp_session *session =
1145
				l2tp_session_find(sock_net(sk), tunnel, stats.session_id);
1146
			if (session != NULL)
1147
				err = pppol2tp_session_ioctl(session, cmd, arg);
1148
			else
1149
				err = -EBADR;
1150
			break;
1151
		}
1152
#ifdef CONFIG_XFRM
1153
		stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
1154
#endif
1155
		pppol2tp_copy_stats(&stats, &tunnel->stats);
1156
		if (copy_to_user((void __user *) arg, &stats, sizeof(stats))) {
1157
			err = -EFAULT;
1158
			break;
1159
		}
1160
		PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1161
		       "%s: get L2TP stats\n", tunnel->name);
1162
		err = 0;
1163
		break;
1164

1165
	default:
1166
		err = -ENOSYS;
1167
		break;
1168
	}
1169

1170
	sock_put(sk);
1171

1172
	return err;
1173
}
1174

1175
/* Main ioctl() handler.
1176
 * Dispatch to tunnel or session helpers depending on the socket.
1177
 */
1178
static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
1179
			  unsigned long arg)
1180
{
1181
	struct sock *sk = sock->sk;
1182
	struct l2tp_session *session;
1183
	struct l2tp_tunnel *tunnel;
1184
	struct pppol2tp_session *ps;
1185
	int err;
1186

1187
	if (!sk)
1188
		return 0;
1189

1190
	err = -EBADF;
1191
	if (sock_flag(sk, SOCK_DEAD) != 0)
1192
		goto end;
1193

1194
	err = -ENOTCONN;
1195
	if ((sk->sk_user_data == NULL) ||
1196
	    (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
1197
		goto end;
1198

1199
	/* Get session context from the socket */
1200
	err = -EBADF;
1201
	session = pppol2tp_sock_to_session(sk);
1202
	if (session == NULL)
1203
		goto end;
1204

1205
	/* Special case: if session's session_id is zero, treat ioctl as a
1206
	 * tunnel ioctl
1207
	 */
1208
	ps = l2tp_session_priv(session);
1209
	if ((session->session_id == 0) &&
1210
	    (session->peer_session_id == 0)) {
1211
		err = -EBADF;
1212
		tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1213
		if (tunnel == NULL)
1214
			goto end_put_sess;
1215

1216
		err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
1217
		sock_put(ps->tunnel_sock);
1218
		goto end_put_sess;
1219
	}
1220

1221
	err = pppol2tp_session_ioctl(session, cmd, arg);
1222

1223
end_put_sess:
1224
	sock_put(sk);
1225
end:
1226
	return err;
1227
}
1228

1229
/*****************************************************************************
1230
 * setsockopt() / getsockopt() support.
1231
 *
1232
 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1233
 * sockets. In order to control kernel tunnel features, we allow userspace to
1234
 * create a special "tunnel" PPPoX socket which is used for control only.
1235
 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
1236
 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
1237
 *****************************************************************************/
1238

1239
/* Tunnel setsockopt() helper.
1240
 */
1241
static int pppol2tp_tunnel_setsockopt(struct sock *sk,
1242
				      struct l2tp_tunnel *tunnel,
1243
				      int optname, int val)
1244
{
1245
	int err = 0;
1246

1247
	switch (optname) {
1248
	case PPPOL2TP_SO_DEBUG:
1249
		tunnel->debug = val;
1250
		PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1251
		       "%s: set debug=%x\n", tunnel->name, tunnel->debug);
1252
		break;
1253

1254
	default:
1255
		err = -ENOPROTOOPT;
1256
		break;
1257
	}
1258

1259
	return err;
1260
}
1261

1262
/* Session setsockopt helper.
1263
 */
1264
static int pppol2tp_session_setsockopt(struct sock *sk,
1265
				       struct l2tp_session *session,
1266
				       int optname, int val)
1267
{
1268
	int err = 0;
1269
	struct pppol2tp_session *ps = l2tp_session_priv(session);
1270

1271
	switch (optname) {
1272
	case PPPOL2TP_SO_RECVSEQ:
1273
		if ((val != 0) && (val != 1)) {
1274
			err = -EINVAL;
1275
			break;
1276
		}
1277
		session->recv_seq = val ? -1 : 0;
1278
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1279
		       "%s: set recv_seq=%d\n", session->name, session->recv_seq);
1280
		break;
1281

1282
	case PPPOL2TP_SO_SENDSEQ:
1283
		if ((val != 0) && (val != 1)) {
1284
			err = -EINVAL;
1285
			break;
1286
		}
1287
		session->send_seq = val ? -1 : 0;
1288
		{
1289
			struct sock *ssk      = ps->sock;
1290
			struct pppox_sock *po = pppox_sk(ssk);
1291
			po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
1292
				PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1293
		}
1294
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1295
		       "%s: set send_seq=%d\n", session->name, session->send_seq);
1296
		break;
1297

1298
	case PPPOL2TP_SO_LNSMODE:
1299
		if ((val != 0) && (val != 1)) {
1300
			err = -EINVAL;
1301
			break;
1302
		}
1303
		session->lns_mode = val ? -1 : 0;
1304
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1305
		       "%s: set lns_mode=%d\n", session->name, session->lns_mode);
1306
		break;
1307

1308
	case PPPOL2TP_SO_DEBUG:
1309
		session->debug = val;
1310
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1311
		       "%s: set debug=%x\n", session->name, session->debug);
1312
		break;
1313

1314
	case PPPOL2TP_SO_REORDERTO:
1315
		session->reorder_timeout = msecs_to_jiffies(val);
1316
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1317
		       "%s: set reorder_timeout=%d\n", session->name, session->reorder_timeout);
1318
		break;
1319

1320
	default:
1321
		err = -ENOPROTOOPT;
1322
		break;
1323
	}
1324

1325
	return err;
1326
}
1327

1328
/* Main setsockopt() entry point.
1329
 * Does API checks, then calls either the tunnel or session setsockopt
1330
 * handler, according to whether the PPPoL2TP socket is a for a regular
1331
 * session or the special tunnel type.
1332
 */
1333
static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
1334
			       char __user *optval, unsigned int optlen)
1335
{
1336
	struct sock *sk = sock->sk;
1337
	struct l2tp_session *session;
1338
	struct l2tp_tunnel *tunnel;
1339
	struct pppol2tp_session *ps;
1340
	int val;
1341
	int err;
1342

1343
	if (level != SOL_PPPOL2TP)
1344
		return udp_prot.setsockopt(sk, level, optname, optval, optlen);
1345

1346
	if (optlen < sizeof(int))
1347
		return -EINVAL;
1348

1349
	if (get_user(val, (int __user *)optval))
1350
		return -EFAULT;
1351

1352
	err = -ENOTCONN;
1353
	if (sk->sk_user_data == NULL)
1354
		goto end;
1355

1356
	/* Get session context from the socket */
1357
	err = -EBADF;
1358
	session = pppol2tp_sock_to_session(sk);
1359
	if (session == NULL)
1360
		goto end;
1361

1362
	/* Special case: if session_id == 0x0000, treat as operation on tunnel
1363
	 */
1364
	ps = l2tp_session_priv(session);
1365
	if ((session->session_id == 0) &&
1366
	    (session->peer_session_id == 0)) {
1367
		err = -EBADF;
1368
		tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1369
		if (tunnel == NULL)
1370
			goto end_put_sess;
1371

1372
		err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
1373
		sock_put(ps->tunnel_sock);
1374
	} else
1375
		err = pppol2tp_session_setsockopt(sk, session, optname, val);
1376

1377
	err = 0;
1378

1379
end_put_sess:
1380
	sock_put(sk);
1381
end:
1382
	return err;
1383
}
1384

1385
/* Tunnel getsockopt helper. Called with sock locked.
1386
 */
1387
static int pppol2tp_tunnel_getsockopt(struct sock *sk,
1388
				      struct l2tp_tunnel *tunnel,
1389
				      int optname, int *val)
1390
{
1391
	int err = 0;
1392

1393
	switch (optname) {
1394
	case PPPOL2TP_SO_DEBUG:
1395
		*val = tunnel->debug;
1396
		PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1397
		       "%s: get debug=%x\n", tunnel->name, tunnel->debug);
1398
		break;
1399

1400
	default:
1401
		err = -ENOPROTOOPT;
1402
		break;
1403
	}
1404

1405
	return err;
1406
}
1407

1408
/* Session getsockopt helper. Called with sock locked.
1409
 */
1410
static int pppol2tp_session_getsockopt(struct sock *sk,
1411
				       struct l2tp_session *session,
1412
				       int optname, int *val)
1413
{
1414
	int err = 0;
1415

1416
	switch (optname) {
1417
	case PPPOL2TP_SO_RECVSEQ:
1418
		*val = session->recv_seq;
1419
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1420
		       "%s: get recv_seq=%d\n", session->name, *val);
1421
		break;
1422

1423
	case PPPOL2TP_SO_SENDSEQ:
1424
		*val = session->send_seq;
1425
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1426
		       "%s: get send_seq=%d\n", session->name, *val);
1427
		break;
1428

1429
	case PPPOL2TP_SO_LNSMODE:
1430
		*val = session->lns_mode;
1431
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1432
		       "%s: get lns_mode=%d\n", session->name, *val);
1433
		break;
1434

1435
	case PPPOL2TP_SO_DEBUG:
1436
		*val = session->debug;
1437
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1438
		       "%s: get debug=%d\n", session->name, *val);
1439
		break;
1440

1441
	case PPPOL2TP_SO_REORDERTO:
1442
		*val = (int) jiffies_to_msecs(session->reorder_timeout);
1443
		PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1444
		       "%s: get reorder_timeout=%d\n", session->name, *val);
1445
		break;
1446

1447
	default:
1448
		err = -ENOPROTOOPT;
1449
	}
1450

1451
	return err;
1452
}
1453

1454
/* Main getsockopt() entry point.
1455
 * Does API checks, then calls either the tunnel or session getsockopt
1456
 * handler, according to whether the PPPoX socket is a for a regular session
1457
 * or the special tunnel type.
1458
 */
1459
static int pppol2tp_getsockopt(struct socket *sock, int level,
1460
			       int optname, char __user *optval, int __user *optlen)
1461
{
1462
	struct sock *sk = sock->sk;
1463
	struct l2tp_session *session;
1464
	struct l2tp_tunnel *tunnel;
1465
	int val, len;
1466
	int err;
1467
	struct pppol2tp_session *ps;
1468

1469
	if (level != SOL_PPPOL2TP)
1470
		return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1471

1472
	if (get_user(len, (int __user *) optlen))
1473
		return -EFAULT;
1474

1475
	len = min_t(unsigned int, len, sizeof(int));
1476

1477
	if (len < 0)
1478
		return -EINVAL;
1479

1480
	err = -ENOTCONN;
1481
	if (sk->sk_user_data == NULL)
1482
		goto end;
1483

1484
	/* Get the session context */
1485
	err = -EBADF;
1486
	session = pppol2tp_sock_to_session(sk);
1487
	if (session == NULL)
1488
		goto end;
1489

1490
	/* Special case: if session_id == 0x0000, treat as operation on tunnel */
1491
	ps = l2tp_session_priv(session);
1492
	if ((session->session_id == 0) &&
1493
	    (session->peer_session_id == 0)) {
1494
		err = -EBADF;
1495
		tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock);
1496
		if (tunnel == NULL)
1497
			goto end_put_sess;
1498

1499
		err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
1500
		sock_put(ps->tunnel_sock);
1501
	} else
1502
		err = pppol2tp_session_getsockopt(sk, session, optname, &val);
1503

1504
	err = -EFAULT;
1505
	if (put_user(len, (int __user *) optlen))
1506
		goto end_put_sess;
1507

1508
	if (copy_to_user((void __user *) optval, &val, len))
1509
		goto end_put_sess;
1510

1511
	err = 0;
1512

1513
end_put_sess:
1514
	sock_put(sk);
1515
end:
1516
	return err;
1517
}
1518

1519
/*****************************************************************************
1520
 * /proc filesystem for debug
1521
 * Since the original pppol2tp driver provided /proc/net/pppol2tp for
1522
 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.
1523
 *****************************************************************************/
1524

1525
static unsigned int pppol2tp_net_id;
1526

1527
#ifdef CONFIG_PROC_FS
1528

1529
struct pppol2tp_seq_data {
1530
	struct seq_net_private p;
1531
	int tunnel_idx;			/* current tunnel */
1532
	int session_idx;		/* index of session within current tunnel */
1533
	struct l2tp_tunnel *tunnel;
1534
	struct l2tp_session *session;	/* NULL means get next tunnel */
1535
};
1536

1537
static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)
1538
{
1539
	for (;;) {
1540
		pd->tunnel = l2tp_tunnel_find_nth(net, pd->tunnel_idx);
1541
		pd->tunnel_idx++;
1542

1543
		if (pd->tunnel == NULL)
1544
			break;
1545

1546
		/* Ignore L2TPv3 tunnels */
1547
		if (pd->tunnel->version < 3)
1548
			break;
1549
	}
1550
}
1551

1552
static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)
1553
{
1554
	pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx);
1555
	pd->session_idx++;
1556

1557
	if (pd->session == NULL) {
1558
		pd->session_idx = 0;
1559
		pppol2tp_next_tunnel(net, pd);
1560
	}
1561
}
1562

1563
static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
1564
{
1565
	struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
1566
	loff_t pos = *offs;
1567
	struct net *net;
1568

1569
	if (!pos)
1570
		goto out;
1571

1572
	BUG_ON(m->private == NULL);
1573
	pd = m->private;
1574
	net = seq_file_net(m);
1575

1576
	if (pd->tunnel == NULL)
1577
		pppol2tp_next_tunnel(net, pd);
1578
	else
1579
		pppol2tp_next_session(net, pd);
1580

1581
	/* NULL tunnel and session indicates end of list */
1582
	if ((pd->tunnel == NULL) && (pd->session == NULL))
1583
		pd = NULL;
1584

1585
out:
1586
	return pd;
1587
}
1588

1589
static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
1590
{
1591
	(*pos)++;
1592
	return NULL;
1593
}
1594

1595
static void pppol2tp_seq_stop(struct seq_file *p, void *v)
1596
{
1597
	/* nothing to do */
1598
}
1599

1600
static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1601
{
1602
	struct l2tp_tunnel *tunnel = v;
1603

1604
	seq_printf(m, "\nTUNNEL '%s', %c %d\n",
1605
		   tunnel->name,
1606
		   (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1607
		   atomic_read(&tunnel->ref_count) - 1);
1608
	seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
1609
		   tunnel->debug,
1610
		   (unsigned long long)tunnel->stats.tx_packets,
1611
		   (unsigned long long)tunnel->stats.tx_bytes,
1612
		   (unsigned long long)tunnel->stats.tx_errors,
1613
		   (unsigned long long)tunnel->stats.rx_packets,
1614
		   (unsigned long long)tunnel->stats.rx_bytes,
1615
		   (unsigned long long)tunnel->stats.rx_errors);
1616
}
1617

1618
static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1619
{
1620
	struct l2tp_session *session = v;
1621
	struct l2tp_tunnel *tunnel = session->tunnel;
1622
	struct pppol2tp_session *ps = l2tp_session_priv(session);
1623
	struct pppox_sock *po = pppox_sk(ps->sock);
1624
	u32 ip = 0;
1625
	u16 port = 0;
1626

1627
	if (tunnel->sock) {
1628
		struct inet_sock *inet = inet_sk(tunnel->sock);
1629
		ip = ntohl(inet->inet_saddr);
1630
		port = ntohs(inet->inet_sport);
1631
	}
1632

1633
	seq_printf(m, "  SESSION '%s' %08X/%d %04X/%04X -> "
1634
		   "%04X/%04X %d %c\n",
1635
		   session->name, ip, port,
1636
		   tunnel->tunnel_id,
1637
		   session->session_id,
1638
		   tunnel->peer_tunnel_id,
1639
		   session->peer_session_id,
1640
		   ps->sock->sk_state,
1641
		   (session == ps->sock->sk_user_data) ?
1642
		   'Y' : 'N');
1643
	seq_printf(m, "   %d/%d/%c/%c/%s %08x %u\n",
1644
		   session->mtu, session->mru,
1645
		   session->recv_seq ? 'R' : '-',
1646
		   session->send_seq ? 'S' : '-',
1647
		   session->lns_mode ? "LNS" : "LAC",
1648
		   session->debug,
1649
		   jiffies_to_msecs(session->reorder_timeout));
1650
	seq_printf(m, "   %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
1651
		   session->nr, session->ns,
1652
		   (unsigned long long)session->stats.tx_packets,
1653
		   (unsigned long long)session->stats.tx_bytes,
1654
		   (unsigned long long)session->stats.tx_errors,
1655
		   (unsigned long long)session->stats.rx_packets,
1656
		   (unsigned long long)session->stats.rx_bytes,
1657
		   (unsigned long long)session->stats.rx_errors);
1658

1659
	if (po)
1660
		seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));
1661
}
1662

1663
static int pppol2tp_seq_show(struct seq_file *m, void *v)
1664
{
1665
	struct pppol2tp_seq_data *pd = v;
1666

1667
	/* display header on line 1 */
1668
	if (v == SEQ_START_TOKEN) {
1669
		seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
1670
		seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
1671
		seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1672
		seq_puts(m, "  SESSION name, addr/port src-tid/sid "
1673
			 "dest-tid/sid state user-data-ok\n");
1674
		seq_puts(m, "   mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
1675
		seq_puts(m, "   nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
1676
		goto out;
1677
	}
1678

1679
	/* Show the tunnel or session context.
1680
	 */
1681
	if (pd->session == NULL)
1682
		pppol2tp_seq_tunnel_show(m, pd->tunnel);
1683
	else
1684
		pppol2tp_seq_session_show(m, pd->session);
1685

1686
out:
1687
	return 0;
1688
}
1689

1690
static const struct seq_operations pppol2tp_seq_ops = {
1691
	.start		= pppol2tp_seq_start,
1692
	.next		= pppol2tp_seq_next,
1693
	.stop		= pppol2tp_seq_stop,
1694
	.show		= pppol2tp_seq_show,
1695
};
1696

1697
/* Called when our /proc file is opened. We allocate data for use when
1698
 * iterating our tunnel / session contexts and store it in the private
1699
 * data of the seq_file.
1700
 */
1701
static int pppol2tp_proc_open(struct inode *inode, struct file *file)
1702
{
1703
	return seq_open_net(inode, file, &pppol2tp_seq_ops,
1704
			    sizeof(struct pppol2tp_seq_data));
1705
}
1706

1707
static const struct file_operations pppol2tp_proc_fops = {
1708
	.owner		= THIS_MODULE,
1709
	.open		= pppol2tp_proc_open,
1710
	.read		= seq_read,
1711
	.llseek		= seq_lseek,
1712
	.release	= seq_release_net,
1713
};
1714

1715
#endif /* CONFIG_PROC_FS */
1716

1717
/*****************************************************************************
1718
 * Network namespace
1719
 *****************************************************************************/
1720

1721
static __net_init int pppol2tp_init_net(struct net *net)
1722
{
1723
	struct proc_dir_entry *pde;
1724
	int err = 0;
1725

1726
	pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
1727
	if (!pde) {
1728
		err = -ENOMEM;
1729
		goto out;
1730
	}
1731

1732
out:
1733
	return err;
1734
}
1735

1736
static __net_exit void pppol2tp_exit_net(struct net *net)
1737
{
1738
	proc_net_remove(net, "pppol2tp");
1739
}
1740

1741
static struct pernet_operations pppol2tp_net_ops = {
1742
	.init = pppol2tp_init_net,
1743
	.exit = pppol2tp_exit_net,
1744
	.id   = &pppol2tp_net_id,
1745
};
1746

1747
/*****************************************************************************
1748
 * Init and cleanup
1749
 *****************************************************************************/
1750

1751
static const struct proto_ops pppol2tp_ops = {
1752
	.family		= AF_PPPOX,
1753
	.owner		= THIS_MODULE,
1754
	.release	= pppol2tp_release,
1755
	.bind		= sock_no_bind,
1756
	.connect	= pppol2tp_connect,
1757
	.socketpair	= sock_no_socketpair,
1758
	.accept		= sock_no_accept,
1759
	.getname	= pppol2tp_getname,
1760
	.poll		= datagram_poll,
1761
	.listen		= sock_no_listen,
1762
	.shutdown	= sock_no_shutdown,
1763
	.setsockopt	= pppol2tp_setsockopt,
1764
	.getsockopt	= pppol2tp_getsockopt,
1765
	.sendmsg	= pppol2tp_sendmsg,
1766
	.recvmsg	= pppol2tp_recvmsg,
1767
	.mmap		= sock_no_mmap,
1768
	.ioctl		= pppox_ioctl,
1769
};
1770

1771
static const struct pppox_proto pppol2tp_proto = {
1772
	.create		= pppol2tp_create,
1773
	.ioctl		= pppol2tp_ioctl
1774
};
1775

1776
#ifdef CONFIG_L2TP_V3
1777

1778
static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1779
	.session_create	= pppol2tp_session_create,
1780
	.session_delete	= pppol2tp_session_delete,
1781
};
1782

1783
#endif /* CONFIG_L2TP_V3 */
1784

1785
static int __init pppol2tp_init(void)
1786
{
1787
	int err;
1788

1789
	err = register_pernet_device(&pppol2tp_net_ops);
1790
	if (err)
1791
		goto out;
1792

1793
	err = proto_register(&pppol2tp_sk_proto, 0);
1794
	if (err)
1795
		goto out_unregister_pppol2tp_pernet;
1796

1797
	err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
1798
	if (err)
1799
		goto out_unregister_pppol2tp_proto;
1800

1801
#ifdef CONFIG_L2TP_V3
1802
	err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);
1803
	if (err)
1804
		goto out_unregister_pppox;
1805
#endif
1806

1807
	printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
1808
	       PPPOL2TP_DRV_VERSION);
1809

1810
out:
1811
	return err;
1812

1813
#ifdef CONFIG_L2TP_V3
1814
out_unregister_pppox:
1815
	unregister_pppox_proto(PX_PROTO_OL2TP);
1816
#endif
1817
out_unregister_pppol2tp_proto:
1818
	proto_unregister(&pppol2tp_sk_proto);
1819
out_unregister_pppol2tp_pernet:
1820
	unregister_pernet_device(&pppol2tp_net_ops);
1821
	goto out;
1822
}
1823

1824
static void __exit pppol2tp_exit(void)
1825
{
1826
#ifdef CONFIG_L2TP_V3
1827
	l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);
1828
#endif
1829
	unregister_pppox_proto(PX_PROTO_OL2TP);
1830
	proto_unregister(&pppol2tp_sk_proto);
1831
	unregister_pernet_device(&pppol2tp_net_ops);
1832
}
1833

1834
module_init(pppol2tp_init);
1835
module_exit(pppol2tp_exit);
1836

1837
MODULE_AUTHOR("James Chapman <[email protected]>");
1838
MODULE_DESCRIPTION("PPP over L2TP over UDP");
1839
MODULE_LICENSE("GPL");
1840
MODULE_VERSION(PPPOL2TP_DRV_VERSION);
1841

1842