Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/net/l2tp/l2tp_ppp.c
26146 views
1
// SPDX-License-Identifier: GPL-2.0-or-later

2
/*****************************************************************************

3
 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets

4
 *

5
 * PPPoX    --- Generic PPP encapsulation socket family

6
 * PPPoL2TP --- PPP over L2TP (RFC 2661)

7
 *

8
 * Version:	2.0.0

9
 *

10
 * Authors:	James Chapman ([email protected])

11
 *

12
 * Based on original work by Martijn van Oosterhout <[email protected]>

13
 *

14
 * License:

15
 */

16


17
/* This driver handles only L2TP data frames; control frames are handled by a

18
 * userspace application.

19
 *

20
 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and

21
 * attaches it to a bound UDP socket with local tunnel_id / session_id and

22
 * peer tunnel_id / session_id set. Data can then be sent or received using

23
 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket

24
 * can be read or modified using ioctl() or [gs]etsockopt() calls.

25
 *

26
 * When a PPPoL2TP socket is connected with local and peer session_id values

27
 * zero, the socket is treated as a special tunnel management socket.

28
 *

29
 * Here's example userspace code to create a socket for sending/receiving data

30
 * over an L2TP session:-

31
 *

32
 *	struct sockaddr_pppol2tp sax;

33
 *	int fd;

34
 *	int session_fd;

35
 *

36
 *	fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);

37
 *

38
 *	sax.sa_family = AF_PPPOX;

39
 *	sax.sa_protocol = PX_PROTO_OL2TP;

40
 *	sax.pppol2tp.fd = tunnel_fd;	// bound UDP socket

41
 *	sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;

42
 *	sax.pppol2tp.addr.sin_port = addr->sin_port;

43
 *	sax.pppol2tp.addr.sin_family = AF_INET;

44
 *	sax.pppol2tp.s_tunnel  = tunnel_id;

45
 *	sax.pppol2tp.s_session = session_id;

46
 *	sax.pppol2tp.d_tunnel  = peer_tunnel_id;

47
 *	sax.pppol2tp.d_session = peer_session_id;

48
 *

49
 *	session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));

50
 *

51
 * A pppd plugin that allows PPP traffic to be carried over L2TP using

52
 * this driver is available from the OpenL2TP project at

53
 * http://openl2tp.sourceforge.net.

54
 */

55


56
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

57


58
#include <linux/module.h>

59
#include <linux/string.h>

60
#include <linux/list.h>

61
#include <linux/uaccess.h>

62


63
#include <linux/kernel.h>

64
#include <linux/spinlock.h>

65
#include <linux/kthread.h>

66
#include <linux/sched.h>

67
#include <linux/slab.h>

68
#include <linux/errno.h>

69
#include <linux/jiffies.h>

70


71
#include <linux/netdevice.h>

72
#include <linux/net.h>

73
#include <linux/inetdevice.h>

74
#include <linux/skbuff.h>

75
#include <linux/init.h>

76
#include <linux/ip.h>

77
#include <linux/udp.h>

78
#include <linux/if_pppox.h>

79
#include <linux/if_pppol2tp.h>

80
#include <net/sock.h>

81
#include <linux/ppp_channel.h>

82
#include <linux/ppp_defs.h>

83
#include <linux/ppp-ioctl.h>

84
#include <linux/file.h>

85
#include <linux/hash.h>

86
#include <linux/sort.h>

87
#include <linux/proc_fs.h>

88
#include <linux/l2tp.h>

89
#include <linux/nsproxy.h>

90
#include <net/net_namespace.h>

91
#include <net/netns/generic.h>

92
#include <net/ip.h>

93
#include <net/udp.h>

94
#include <net/inet_common.h>

95


96
#include <asm/byteorder.h>

97
#include <linux/atomic.h>

98


99
#include "l2tp_core.h"

100


101
#define PPPOL2TP_DRV_VERSION	"V2.0"

102


103
/* Space for UDP, L2TP and PPP headers */

104
#define PPPOL2TP_HEADER_OVERHEAD	40

105


106
/* Number of bytes to build transmit L2TP headers.

107
 * Unfortunately the size is different depending on whether sequence numbers

108
 * are enabled.

109
 */

110
#define PPPOL2TP_L2TP_HDR_SIZE_SEQ		10

111
#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ		6

112


113
/* Private data of each session. This data lives at the end of struct

114
 * l2tp_session, referenced via session->priv[].

115
 */

116
struct pppol2tp_session {

117
	int			owner;		/* pid that opened the socket */

118


119
	struct mutex		sk_lock;	/* Protects .sk */

120
	struct sock __rcu	*sk;		/* Pointer to the session PPPoX socket */

121
	struct sock		*__sk;		/* Copy of .sk, for cleanup */

122
};

123


124
static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);

125


126
static const struct ppp_channel_ops pppol2tp_chan_ops = {

127
	.start_xmit =  pppol2tp_xmit,

128
};

129


130
static const struct proto_ops pppol2tp_ops;

131


132
/* Retrieves the pppol2tp socket associated to a session. */

133
static struct sock *pppol2tp_session_get_sock(struct l2tp_session *session)

134
{

135
	struct pppol2tp_session *ps = l2tp_session_priv(session);

136


137
	return rcu_dereference(ps->sk);

138
}

139


140
/* Helpers to obtain tunnel/session contexts from sockets.

141
 */

142
static struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)

143
{

144
	struct l2tp_session *session;

145


146
	if (!sk)

147
		return NULL;

148


149
	rcu_read_lock();

150
	session = rcu_dereference_sk_user_data(sk);

151
	if (session && refcount_inc_not_zero(&session->ref_count)) {

152
		rcu_read_unlock();

153
		WARN_ON_ONCE(session->magic != L2TP_SESSION_MAGIC);

154
		return session;

155
	}

156
	rcu_read_unlock();

157


158
	return NULL;

159
}

160


161
/*****************************************************************************

162
 * Receive data handling

163
 *****************************************************************************/

164


165
/* Receive message. This is the recvmsg for the PPPoL2TP socket.

166
 */

167
static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg,

168
			    size_t len, int flags)

169
{

170
	int err;

171
	struct sk_buff *skb;

172
	struct sock *sk = sock->sk;

173


174
	err = -EIO;

175
	if (sk->sk_state & PPPOX_BOUND)

176
		goto end;

177


178
	err = 0;

179
	skb = skb_recv_datagram(sk, flags, &err);

180
	if (!skb)

181
		goto end;

182


183
	if (len > skb->len)

184
		len = skb->len;

185
	else if (len < skb->len)

186
		msg->msg_flags |= MSG_TRUNC;

187


188
	err = skb_copy_datagram_msg(skb, 0, msg, len);

189
	if (likely(err == 0))

190
		err = len;

191


192
	kfree_skb(skb);

193
end:

194
	return err;

195
}

196


197
static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)

198
{

199
	struct sock *sk;

200


201
	/* If the socket is bound, send it in to PPP's input queue. Otherwise

202
	 * queue it on the session socket.

203
	 */

204
	rcu_read_lock();

205
	sk = pppol2tp_session_get_sock(session);

206
	if (!sk)

207
		goto no_sock;

208


209
	/* If the first two bytes are 0xFF03, consider that it is the PPP's

210
	 * Address and Control fields and skip them. The L2TP module has always

211
	 * worked this way, although, in theory, the use of these fields should

212
	 * be negotiated and handled at the PPP layer. These fields are

213
	 * constant: 0xFF is the All-Stations Address and 0x03 the Unnumbered

214
	 * Information command with Poll/Final bit set to zero (RFC 1662).

215
	 */

216
	if (pskb_may_pull(skb, 2) && skb->data[0] == PPP_ALLSTATIONS &&

217
	    skb->data[1] == PPP_UI)

218
		skb_pull(skb, 2);

219


220
	if (sk->sk_state & PPPOX_BOUND) {

221
		struct pppox_sock *po;

222


223
		po = pppox_sk(sk);

224
		ppp_input(&po->chan, skb);

225
	} else {

226
		if (sock_queue_rcv_skb(sk, skb) < 0) {

227
			atomic_long_inc(&session->stats.rx_errors);

228
			kfree_skb(skb);

229
		}

230
	}

231
	rcu_read_unlock();

232


233
	return;

234


235
no_sock:

236
	rcu_read_unlock();

237
	pr_warn_ratelimited("%s: no socket in recv\n", session->name);

238
	kfree_skb(skb);

239
}

240


241
/************************************************************************

242
 * Transmit handling

243
 ***********************************************************************/

244


245
/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket.  We come here

246
 * when a user application does a sendmsg() on the session socket. L2TP and

247
 * PPP headers must be inserted into the user's data.

248
 */

249
static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m,

250
			    size_t total_len)

251
{

252
	struct sock *sk = sock->sk;

253
	struct sk_buff *skb;

254
	int error;

255
	struct l2tp_session *session;

256
	struct l2tp_tunnel *tunnel;

257
	int uhlen;

258


259
	error = -ENOTCONN;

260
	if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))

261
		goto error;

262


263
	/* Get session and tunnel contexts */

264
	error = -EBADF;

265
	session = pppol2tp_sock_to_session(sk);

266
	if (!session)

267
		goto error;

268


269
	tunnel = session->tunnel;

270


271
	uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;

272


273
	/* Allocate a socket buffer */

274
	error = -ENOMEM;

275
	skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +

276
			   uhlen + session->hdr_len +

277
			   2 + total_len, /* 2 bytes for PPP_ALLSTATIONS & PPP_UI */

278
			   0, GFP_KERNEL);

279
	if (!skb)

280
		goto error_put_sess;

281


282
	/* Reserve space for headers. */

283
	skb_reserve(skb, NET_SKB_PAD);

284
	skb_reset_network_header(skb);

285
	skb_reserve(skb, sizeof(struct iphdr));

286
	skb_reset_transport_header(skb);

287
	skb_reserve(skb, uhlen);

288


289
	/* Add PPP header */

290
	skb->data[0] = PPP_ALLSTATIONS;

291
	skb->data[1] = PPP_UI;

292
	skb_put(skb, 2);

293


294
	/* Copy user data into skb */

295
	error = memcpy_from_msg(skb_put(skb, total_len), m, total_len);

296
	if (error < 0) {

297
		kfree_skb(skb);

298
		goto error_put_sess;

299
	}

300


301
	local_bh_disable();

302
	l2tp_xmit_skb(session, skb);

303
	local_bh_enable();

304


305
	l2tp_session_put(session);

306


307
	return total_len;

308


309
error_put_sess:

310
	l2tp_session_put(session);

311
error:

312
	return error;

313
}

314


315
/* Transmit function called by generic PPP driver.  Sends PPP frame

316
 * over PPPoL2TP socket.

317
 *

318
 * This is almost the same as pppol2tp_sendmsg(), but rather than

319
 * being called with a msghdr from userspace, it is called with a skb

320
 * from the kernel.

321
 *

322
 * The supplied skb from ppp doesn't have enough headroom for the

323
 * insertion of L2TP, UDP and IP headers so we need to allocate more

324
 * headroom in the skb. This will create a cloned skb. But we must be

325
 * careful in the error case because the caller will expect to free

326
 * the skb it supplied, not our cloned skb. So we take care to always

327
 * leave the original skb unfreed if we return an error.

328
 */

329
static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)

330
{

331
	struct sock *sk = (struct sock *)chan->private;

332
	struct l2tp_session *session;

333
	struct l2tp_tunnel *tunnel;

334
	int uhlen, headroom;

335


336
	if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))

337
		goto abort;

338


339
	/* Get session and tunnel contexts from the socket */

340
	session = pppol2tp_sock_to_session(sk);

341
	if (!session)

342
		goto abort;

343


344
	tunnel = session->tunnel;

345


346
	uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;

347
	headroom = NET_SKB_PAD +

348
		   sizeof(struct iphdr) + /* IP header */

349
		   uhlen +		/* UDP header (if L2TP_ENCAPTYPE_UDP) */

350
		   session->hdr_len +	/* L2TP header */

351
		   2;			/* 2 bytes for PPP_ALLSTATIONS & PPP_UI */

352
	if (skb_cow_head(skb, headroom))

353
		goto abort_put_sess;

354


355
	/* Setup PPP header */

356
	__skb_push(skb, 2);

357
	skb->data[0] = PPP_ALLSTATIONS;

358
	skb->data[1] = PPP_UI;

359


360
	local_bh_disable();

361
	l2tp_xmit_skb(session, skb);

362
	local_bh_enable();

363


364
	l2tp_session_put(session);

365


366
	return 1;

367


368
abort_put_sess:

369
	l2tp_session_put(session);

370
abort:

371
	/* Free the original skb */

372
	kfree_skb(skb);

373
	return 1;

374
}

375


376
/*****************************************************************************

377
 * Session (and tunnel control) socket create/destroy.

378
 *****************************************************************************/

379


380
/* Really kill the session socket. (Called from sock_put() if

381
 * refcnt == 0.)

382
 */

383
static void pppol2tp_session_destruct(struct sock *sk)

384
{

385
	skb_queue_purge(&sk->sk_receive_queue);

386
	skb_queue_purge(&sk->sk_write_queue);

387
}

388


389
static void pppol2tp_session_close(struct l2tp_session *session)

390
{

391
	struct pppol2tp_session *ps;

392


393
	ps = l2tp_session_priv(session);

394
	mutex_lock(&ps->sk_lock);

395
	ps->__sk = rcu_dereference_protected(ps->sk,

396
					     lockdep_is_held(&ps->sk_lock));

397
	RCU_INIT_POINTER(ps->sk, NULL);

398
	mutex_unlock(&ps->sk_lock);

399
	if (ps->__sk) {

400
		/* detach socket */

401
		rcu_assign_sk_user_data(ps->__sk, NULL);

402
		sock_put(ps->__sk);

403


404
		/* drop ref taken when we referenced socket via sk_user_data */

405
		l2tp_session_put(session);

406
	}

407
}

408


409
/* Called when the PPPoX socket (session) is closed.

410
 */

411
static int pppol2tp_release(struct socket *sock)

412
{

413
	struct sock *sk = sock->sk;

414
	struct l2tp_session *session;

415
	int error;

416


417
	if (!sk)

418
		return 0;

419


420
	error = -EBADF;

421
	lock_sock(sk);

422
	if (sock_flag(sk, SOCK_DEAD) != 0)

423
		goto error;

424


425
	pppox_unbind_sock(sk);

426


427
	/* Signal the death of the socket. */

428
	sk->sk_state = PPPOX_DEAD;

429
	sock_orphan(sk);

430
	sock->sk = NULL;

431


432
	session = pppol2tp_sock_to_session(sk);

433
	if (session) {

434
		l2tp_session_delete(session);

435
		/* drop ref taken by pppol2tp_sock_to_session */

436
		l2tp_session_put(session);

437
	}

438


439
	release_sock(sk);

440


441
	sock_put(sk);

442


443
	return 0;

444


445
error:

446
	release_sock(sk);

447
	return error;

448
}

449


450
static struct proto pppol2tp_sk_proto = {

451
	.name	  = "PPPOL2TP",

452
	.owner	  = THIS_MODULE,

453
	.obj_size = sizeof(struct pppox_sock),

454
};

455


456
static int pppol2tp_backlog_recv(struct sock *sk, struct sk_buff *skb)

457
{

458
	int rc;

459


460
	rc = l2tp_udp_encap_recv(sk, skb);

461
	if (rc)

462
		kfree_skb(skb);

463


464
	return NET_RX_SUCCESS;

465
}

466


467
/* socket() handler. Initialize a new struct sock.

468
 */

469
static int pppol2tp_create(struct net *net, struct socket *sock, int kern)

470
{

471
	int error = -ENOMEM;

472
	struct sock *sk;

473


474
	sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, kern);

475
	if (!sk)

476
		goto out;

477


478
	sock_init_data(sock, sk);

479
	sock_set_flag(sk, SOCK_RCU_FREE);

480


481
	sock->state  = SS_UNCONNECTED;

482
	sock->ops    = &pppol2tp_ops;

483


484
	sk->sk_backlog_rcv = pppol2tp_backlog_recv;

485
	sk->sk_protocol	   = PX_PROTO_OL2TP;

486
	sk->sk_family	   = PF_PPPOX;

487
	sk->sk_state	   = PPPOX_NONE;

488
	sk->sk_type	   = SOCK_STREAM;

489
	sk->sk_destruct	   = pppol2tp_session_destruct;

490


491
	error = 0;

492


493
out:

494
	return error;

495
}

496


497
static void pppol2tp_show(struct seq_file *m, void *arg)

498
{

499
	struct l2tp_session *session = arg;

500
	struct sock *sk;

501


502
	rcu_read_lock();

503
	sk = pppol2tp_session_get_sock(session);

504
	if (sk) {

505
		struct pppox_sock *po = pppox_sk(sk);

506


507
		seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));

508
	}

509
	rcu_read_unlock();

510
}

511


512
static void pppol2tp_session_init(struct l2tp_session *session)

513
{

514
	struct pppol2tp_session *ps;

515


516
	session->recv_skb = pppol2tp_recv;

517
	session->session_close = pppol2tp_session_close;

518
	if (IS_ENABLED(CONFIG_L2TP_DEBUGFS))

519
		session->show = pppol2tp_show;

520


521
	ps = l2tp_session_priv(session);

522
	mutex_init(&ps->sk_lock);

523
	ps->owner = current->pid;

524
}

525


526
struct l2tp_connect_info {

527
	u8 version;

528
	int fd;

529
	u32 tunnel_id;

530
	u32 peer_tunnel_id;

531
	u32 session_id;

532
	u32 peer_session_id;

533
};

534


535
static int pppol2tp_sockaddr_get_info(const void *sa, int sa_len,

536
				      struct l2tp_connect_info *info)

537
{

538
	switch (sa_len) {

539
	case sizeof(struct sockaddr_pppol2tp):

540
	{

541
		const struct sockaddr_pppol2tp *sa_v2in4 = sa;

542


543
		if (sa_v2in4->sa_protocol != PX_PROTO_OL2TP)

544
			return -EINVAL;

545


546
		info->version = 2;

547
		info->fd = sa_v2in4->pppol2tp.fd;

548
		info->tunnel_id = sa_v2in4->pppol2tp.s_tunnel;

549
		info->peer_tunnel_id = sa_v2in4->pppol2tp.d_tunnel;

550
		info->session_id = sa_v2in4->pppol2tp.s_session;

551
		info->peer_session_id = sa_v2in4->pppol2tp.d_session;

552


553
		break;

554
	}

555
	case sizeof(struct sockaddr_pppol2tpv3):

556
	{

557
		const struct sockaddr_pppol2tpv3 *sa_v3in4 = sa;

558


559
		if (sa_v3in4->sa_protocol != PX_PROTO_OL2TP)

560
			return -EINVAL;

561


562
		info->version = 3;

563
		info->fd = sa_v3in4->pppol2tp.fd;

564
		info->tunnel_id = sa_v3in4->pppol2tp.s_tunnel;

565
		info->peer_tunnel_id = sa_v3in4->pppol2tp.d_tunnel;

566
		info->session_id = sa_v3in4->pppol2tp.s_session;

567
		info->peer_session_id = sa_v3in4->pppol2tp.d_session;

568


569
		break;

570
	}

571
	case sizeof(struct sockaddr_pppol2tpin6):

572
	{

573
		const struct sockaddr_pppol2tpin6 *sa_v2in6 = sa;

574


575
		if (sa_v2in6->sa_protocol != PX_PROTO_OL2TP)

576
			return -EINVAL;

577


578
		info->version = 2;

579
		info->fd = sa_v2in6->pppol2tp.fd;

580
		info->tunnel_id = sa_v2in6->pppol2tp.s_tunnel;

581
		info->peer_tunnel_id = sa_v2in6->pppol2tp.d_tunnel;

582
		info->session_id = sa_v2in6->pppol2tp.s_session;

583
		info->peer_session_id = sa_v2in6->pppol2tp.d_session;

584


585
		break;

586
	}

587
	case sizeof(struct sockaddr_pppol2tpv3in6):

588
	{

589
		const struct sockaddr_pppol2tpv3in6 *sa_v3in6 = sa;

590


591
		if (sa_v3in6->sa_protocol != PX_PROTO_OL2TP)

592
			return -EINVAL;

593


594
		info->version = 3;

595
		info->fd = sa_v3in6->pppol2tp.fd;

596
		info->tunnel_id = sa_v3in6->pppol2tp.s_tunnel;

597
		info->peer_tunnel_id = sa_v3in6->pppol2tp.d_tunnel;

598
		info->session_id = sa_v3in6->pppol2tp.s_session;

599
		info->peer_session_id = sa_v3in6->pppol2tp.d_session;

600


601
		break;

602
	}

603
	default:

604
		return -EINVAL;

605
	}

606


607
	return 0;

608
}

609


610
/* Rough estimation of the maximum payload size a tunnel can transmit without

611
 * fragmenting at the lower IP layer. Assumes L2TPv2 with sequence

612
 * numbers and no IP option. Not quite accurate, but the result is mostly

613
 * unused anyway.

614
 */

615
static int pppol2tp_tunnel_mtu(const struct l2tp_tunnel *tunnel)

616
{

617
	int mtu;

618


619
	mtu = l2tp_tunnel_dst_mtu(tunnel);

620
	if (mtu <= PPPOL2TP_HEADER_OVERHEAD)

621
		return 1500 - PPPOL2TP_HEADER_OVERHEAD;

622


623
	return mtu - PPPOL2TP_HEADER_OVERHEAD;

624
}

625


626
static struct l2tp_tunnel *pppol2tp_tunnel_get(struct net *net,

627
					       const struct l2tp_connect_info *info,

628
					       bool *new_tunnel)

629
{

630
	struct l2tp_tunnel *tunnel;

631
	int error;

632


633
	*new_tunnel = false;

634


635
	tunnel = l2tp_tunnel_get(net, info->tunnel_id);

636


637
	/* Special case: create tunnel context if session_id and

638
	 * peer_session_id is 0. Otherwise look up tunnel using supplied

639
	 * tunnel id.

640
	 */

641
	if (!info->session_id && !info->peer_session_id) {

642
		if (!tunnel) {

643
			struct l2tp_tunnel_cfg tcfg = {

644
				.encap = L2TP_ENCAPTYPE_UDP,

645
			};

646


647
			/* Prevent l2tp_tunnel_register() from trying to set up

648
			 * a kernel socket.

649
			 */

650
			if (info->fd < 0)

651
				return ERR_PTR(-EBADF);

652


653
			error = l2tp_tunnel_create(info->fd,

654
						   info->version,

655
						   info->tunnel_id,

656
						   info->peer_tunnel_id, &tcfg,

657
						   &tunnel);

658
			if (error < 0)

659
				return ERR_PTR(error);

660


661
			refcount_inc(&tunnel->ref_count);

662
			error = l2tp_tunnel_register(tunnel, net, &tcfg);

663
			if (error < 0) {

664
				kfree(tunnel);

665
				return ERR_PTR(error);

666
			}

667


668
			*new_tunnel = true;

669
		}

670
	} else {

671
		/* Error if we can't find the tunnel */

672
		if (!tunnel)

673
			return ERR_PTR(-ENOENT);

674


675
		/* Error if socket is not prepped */

676
		if (!tunnel->sock) {

677
			l2tp_tunnel_put(tunnel);

678
			return ERR_PTR(-ENOENT);

679
		}

680
	}

681


682
	return tunnel;

683
}

684


685
/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket

686
 */

687
static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,

688
			    int sockaddr_len, int flags)

689
{

690
	struct sock *sk = sock->sk;

691
	struct pppox_sock *po = pppox_sk(sk);

692
	struct l2tp_session *session = NULL;

693
	struct l2tp_connect_info info;

694
	struct l2tp_tunnel *tunnel;

695
	struct pppol2tp_session *ps;

696
	struct l2tp_session_cfg cfg = { 0, };

697
	bool drop_refcnt = false;

698
	bool new_session = false;

699
	bool new_tunnel = false;

700
	int error;

701


702
	error = pppol2tp_sockaddr_get_info(uservaddr, sockaddr_len, &info);

703
	if (error < 0)

704
		return error;

705


706
	/* Don't bind if tunnel_id is 0 */

707
	if (!info.tunnel_id)

708
		return -EINVAL;

709


710
	tunnel = pppol2tp_tunnel_get(sock_net(sk), &info, &new_tunnel);

711
	if (IS_ERR(tunnel))

712
		return PTR_ERR(tunnel);

713


714
	lock_sock(sk);

715


716
	/* Check for already bound sockets */

717
	error = -EBUSY;

718
	if (sk->sk_state & PPPOX_CONNECTED)

719
		goto end;

720


721
	/* We don't supporting rebinding anyway */

722
	error = -EALREADY;

723
	if (sk->sk_user_data)

724
		goto end; /* socket is already attached */

725


726
	if (tunnel->peer_tunnel_id == 0)

727
		tunnel->peer_tunnel_id = info.peer_tunnel_id;

728


729
	session = l2tp_session_get(sock_net(sk), tunnel->sock, tunnel->version,

730
				   info.tunnel_id, info.session_id);

731
	if (session) {

732
		drop_refcnt = true;

733


734
		if (session->pwtype != L2TP_PWTYPE_PPP) {

735
			error = -EPROTOTYPE;

736
			goto end;

737
		}

738


739
		ps = l2tp_session_priv(session);

740


741
		/* Using a pre-existing session is fine as long as it hasn't

742
		 * been connected yet.

743
		 */

744
		mutex_lock(&ps->sk_lock);

745
		if (rcu_dereference_protected(ps->sk,

746
					      lockdep_is_held(&ps->sk_lock)) ||

747
		    ps->__sk) {

748
			mutex_unlock(&ps->sk_lock);

749
			error = -EEXIST;

750
			goto end;

751
		}

752
	} else {

753
		cfg.pw_type = L2TP_PWTYPE_PPP;

754


755
		session = l2tp_session_create(sizeof(struct pppol2tp_session),

756
					      tunnel, info.session_id,

757
					      info.peer_session_id, &cfg);

758
		if (IS_ERR(session)) {

759
			error = PTR_ERR(session);

760
			goto end;

761
		}

762


763
		drop_refcnt = true;

764


765
		pppol2tp_session_init(session);

766
		ps = l2tp_session_priv(session);

767
		refcount_inc(&session->ref_count);

768


769
		mutex_lock(&ps->sk_lock);

770
		error = l2tp_session_register(session, tunnel);

771
		if (error < 0) {

772
			mutex_unlock(&ps->sk_lock);

773
			l2tp_session_put(session);

774
			goto end;

775
		}

776


777
		new_session = true;

778
	}

779


780
	/* Special case: if source & dest session_id == 0x0000, this

781
	 * socket is being created to manage the tunnel. Just set up

782
	 * the internal context for use by ioctl() and sockopt()

783
	 * handlers.

784
	 */

785
	if (session->session_id == 0 && session->peer_session_id == 0) {

786
		error = 0;

787
		goto out_no_ppp;

788
	}

789


790
	/* The only header we need to worry about is the L2TP

791
	 * header. This size is different depending on whether

792
	 * sequence numbers are enabled for the data channel.

793
	 */

794
	po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;

795


796
	po->chan.private = sk;

797
	po->chan.ops	 = &pppol2tp_chan_ops;

798
	po->chan.mtu	 = pppol2tp_tunnel_mtu(tunnel);

799
	po->chan.direct_xmit	= true;

800


801
	error = ppp_register_net_channel(sock_net(sk), &po->chan);

802
	if (error) {

803
		mutex_unlock(&ps->sk_lock);

804
		goto end;

805
	}

806


807
out_no_ppp:

808
	/* This is how we get the session context from the socket. */

809
	sock_hold(sk);

810
	rcu_assign_sk_user_data(sk, session);

811
	rcu_assign_pointer(ps->sk, sk);

812
	mutex_unlock(&ps->sk_lock);

813


814
	/* Keep the reference we've grabbed on the session: sk doesn't expect

815
	 * the session to disappear. pppol2tp_session_close() is responsible

816
	 * for dropping it.

817
	 */

818
	drop_refcnt = false;

819


820
	sk->sk_state = PPPOX_CONNECTED;

821


822
end:

823
	if (error) {

824
		if (new_session)

825
			l2tp_session_delete(session);

826
		if (new_tunnel)

827
			l2tp_tunnel_delete(tunnel);

828
	}

829
	if (drop_refcnt)

830
		l2tp_session_put(session);

831
	l2tp_tunnel_put(tunnel);

832
	release_sock(sk);

833


834
	return error;

835
}

836


837
#ifdef CONFIG_L2TP_V3

838


839
/* Called when creating sessions via the netlink interface. */

840
static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel,

841
				   u32 session_id, u32 peer_session_id,

842
				   struct l2tp_session_cfg *cfg)

843
{

844
	int error;

845
	struct l2tp_session *session;

846


847
	/* Error if tunnel socket is not prepped */

848
	if (!tunnel->sock) {

849
		error = -ENOENT;

850
		goto err;

851
	}

852


853
	/* Allocate and initialize a new session context. */

854
	session = l2tp_session_create(sizeof(struct pppol2tp_session),

855
				      tunnel, session_id,

856
				      peer_session_id, cfg);

857
	if (IS_ERR(session)) {

858
		error = PTR_ERR(session);

859
		goto err;

860
	}

861


862
	pppol2tp_session_init(session);

863


864
	error = l2tp_session_register(session, tunnel);

865
	if (error < 0)

866
		goto err_sess;

867


868
	return 0;

869


870
err_sess:

871
	l2tp_session_put(session);

872
err:

873
	return error;

874
}

875


876
#endif /* CONFIG_L2TP_V3 */

877


878
/* getname() support.

879
 */

880
static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,

881
			    int peer)

882
{

883
	int len = 0;

884
	int error = 0;

885
	struct l2tp_session *session;

886
	struct l2tp_tunnel *tunnel;

887
	struct sock *sk = sock->sk;

888
	struct inet_sock *inet;

889
	struct pppol2tp_session *pls;

890


891
	error = -ENOTCONN;

892
	if (!sk)

893
		goto end;

894
	if (!(sk->sk_state & PPPOX_CONNECTED))

895
		goto end;

896


897
	error = -EBADF;

898
	session = pppol2tp_sock_to_session(sk);

899
	if (!session)

900
		goto end;

901


902
	pls = l2tp_session_priv(session);

903
	tunnel = session->tunnel;

904


905
	inet = inet_sk(tunnel->sock);

906
	if (tunnel->version == 2 && tunnel->sock->sk_family == AF_INET) {

907
		struct sockaddr_pppol2tp sp;

908


909
		len = sizeof(sp);

910
		memset(&sp, 0, len);

911
		sp.sa_family	= AF_PPPOX;

912
		sp.sa_protocol	= PX_PROTO_OL2TP;

913
		sp.pppol2tp.fd  = tunnel->fd;

914
		sp.pppol2tp.pid = pls->owner;

915
		sp.pppol2tp.s_tunnel = tunnel->tunnel_id;

916
		sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;

917
		sp.pppol2tp.s_session = session->session_id;

918
		sp.pppol2tp.d_session = session->peer_session_id;

919
		sp.pppol2tp.addr.sin_family = AF_INET;

920
		sp.pppol2tp.addr.sin_port = inet->inet_dport;

921
		sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;

922
		memcpy(uaddr, &sp, len);

923
#if IS_ENABLED(CONFIG_IPV6)

924
	} else if (tunnel->version == 2 && tunnel->sock->sk_family == AF_INET6) {

925
		struct sockaddr_pppol2tpin6 sp;

926


927
		len = sizeof(sp);

928
		memset(&sp, 0, len);

929
		sp.sa_family	= AF_PPPOX;

930
		sp.sa_protocol	= PX_PROTO_OL2TP;

931
		sp.pppol2tp.fd  = tunnel->fd;

932
		sp.pppol2tp.pid = pls->owner;

933
		sp.pppol2tp.s_tunnel = tunnel->tunnel_id;

934
		sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;

935
		sp.pppol2tp.s_session = session->session_id;

936
		sp.pppol2tp.d_session = session->peer_session_id;

937
		sp.pppol2tp.addr.sin6_family = AF_INET6;

938
		sp.pppol2tp.addr.sin6_port = inet->inet_dport;

939
		memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,

940
		       sizeof(tunnel->sock->sk_v6_daddr));

941
		memcpy(uaddr, &sp, len);

942
	} else if (tunnel->version == 3 && tunnel->sock->sk_family == AF_INET6) {

943
		struct sockaddr_pppol2tpv3in6 sp;

944


945
		len = sizeof(sp);

946
		memset(&sp, 0, len);

947
		sp.sa_family	= AF_PPPOX;

948
		sp.sa_protocol	= PX_PROTO_OL2TP;

949
		sp.pppol2tp.fd  = tunnel->fd;

950
		sp.pppol2tp.pid = pls->owner;

951
		sp.pppol2tp.s_tunnel = tunnel->tunnel_id;

952
		sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;

953
		sp.pppol2tp.s_session = session->session_id;

954
		sp.pppol2tp.d_session = session->peer_session_id;

955
		sp.pppol2tp.addr.sin6_family = AF_INET6;

956
		sp.pppol2tp.addr.sin6_port = inet->inet_dport;

957
		memcpy(&sp.pppol2tp.addr.sin6_addr, &tunnel->sock->sk_v6_daddr,

958
		       sizeof(tunnel->sock->sk_v6_daddr));

959
		memcpy(uaddr, &sp, len);

960
#endif

961
	} else if (tunnel->version == 3) {

962
		struct sockaddr_pppol2tpv3 sp;

963


964
		len = sizeof(sp);

965
		memset(&sp, 0, len);

966
		sp.sa_family	= AF_PPPOX;

967
		sp.sa_protocol	= PX_PROTO_OL2TP;

968
		sp.pppol2tp.fd  = tunnel->fd;

969
		sp.pppol2tp.pid = pls->owner;

970
		sp.pppol2tp.s_tunnel = tunnel->tunnel_id;

971
		sp.pppol2tp.d_tunnel = tunnel->peer_tunnel_id;

972
		sp.pppol2tp.s_session = session->session_id;

973
		sp.pppol2tp.d_session = session->peer_session_id;

974
		sp.pppol2tp.addr.sin_family = AF_INET;

975
		sp.pppol2tp.addr.sin_port = inet->inet_dport;

976
		sp.pppol2tp.addr.sin_addr.s_addr = inet->inet_daddr;

977
		memcpy(uaddr, &sp, len);

978
	}

979


980
	error = len;

981


982
	l2tp_session_put(session);

983
end:

984
	return error;

985
}

986


987
/****************************************************************************

988
 * ioctl() handlers.

989
 *

990
 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP

991
 * sockets. However, in order to control kernel tunnel features, we allow

992
 * userspace to create a special "tunnel" PPPoX socket which is used for

993
 * control only.  Tunnel PPPoX sockets have session_id == 0 and simply allow

994
 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()

995
 * calls.

996
 ****************************************************************************/

997


998
static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,

999
				const struct l2tp_stats *stats)

1000
{

1001
	memset(dest, 0, sizeof(*dest));

1002


1003
	dest->tx_packets = atomic_long_read(&stats->tx_packets);

1004
	dest->tx_bytes = atomic_long_read(&stats->tx_bytes);

1005
	dest->tx_errors = atomic_long_read(&stats->tx_errors);

1006
	dest->rx_packets = atomic_long_read(&stats->rx_packets);

1007
	dest->rx_bytes = atomic_long_read(&stats->rx_bytes);

1008
	dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);

1009
	dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);

1010
	dest->rx_errors = atomic_long_read(&stats->rx_errors);

1011
}

1012


1013
static int pppol2tp_tunnel_copy_stats(struct pppol2tp_ioc_stats *stats,

1014
				      struct l2tp_tunnel *tunnel)

1015
{

1016
	struct l2tp_session *session;

1017


1018
	if (!stats->session_id) {

1019
		pppol2tp_copy_stats(stats, &tunnel->stats);

1020
		return 0;

1021
	}

1022


1023
	/* If session_id is set, search the corresponding session in the

1024
	 * context of this tunnel and record the session's statistics.

1025
	 */

1026
	session = l2tp_session_get(tunnel->l2tp_net, tunnel->sock, tunnel->version,

1027
				   tunnel->tunnel_id, stats->session_id);

1028
	if (!session)

1029
		return -EBADR;

1030


1031
	if (session->pwtype != L2TP_PWTYPE_PPP) {

1032
		l2tp_session_put(session);

1033
		return -EBADR;

1034
	}

1035


1036
	pppol2tp_copy_stats(stats, &session->stats);

1037
	l2tp_session_put(session);

1038


1039
	return 0;

1040
}

1041


1042
static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,

1043
			  unsigned long arg)

1044
{

1045
	struct pppol2tp_ioc_stats stats;

1046
	struct l2tp_session *session;

1047


1048
	switch (cmd) {

1049
	case PPPIOCGMRU:

1050
	case PPPIOCGFLAGS:

1051
		session = sock->sk->sk_user_data;

1052
		if (!session)

1053
			return -ENOTCONN;

1054


1055
		if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))

1056
			return -EBADF;

1057


1058
		/* Not defined for tunnels */

1059
		if (!session->session_id && !session->peer_session_id)

1060
			return -ENOSYS;

1061


1062
		if (put_user(0, (int __user *)arg))

1063
			return -EFAULT;

1064
		break;

1065


1066
	case PPPIOCSMRU:

1067
	case PPPIOCSFLAGS:

1068
		session = sock->sk->sk_user_data;

1069
		if (!session)

1070
			return -ENOTCONN;

1071


1072
		if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))

1073
			return -EBADF;

1074


1075
		/* Not defined for tunnels */

1076
		if (!session->session_id && !session->peer_session_id)

1077
			return -ENOSYS;

1078


1079
		if (!access_ok((int __user *)arg, sizeof(int)))

1080
			return -EFAULT;

1081
		break;

1082


1083
	case PPPIOCGL2TPSTATS:

1084
		session = sock->sk->sk_user_data;

1085
		if (!session)

1086
			return -ENOTCONN;

1087


1088
		if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))

1089
			return -EBADF;

1090


1091
		/* Session 0 represents the parent tunnel */

1092
		if (!session->session_id && !session->peer_session_id) {

1093
			u32 session_id;

1094
			int err;

1095


1096
			if (copy_from_user(&stats, (void __user *)arg,

1097
					   sizeof(stats)))

1098
				return -EFAULT;

1099


1100
			session_id = stats.session_id;

1101
			err = pppol2tp_tunnel_copy_stats(&stats,

1102
							 session->tunnel);

1103
			if (err < 0)

1104
				return err;

1105


1106
			stats.session_id = session_id;

1107
		} else {

1108
			pppol2tp_copy_stats(&stats, &session->stats);

1109
			stats.session_id = session->session_id;

1110
		}

1111
		stats.tunnel_id = session->tunnel->tunnel_id;

1112
		stats.using_ipsec = l2tp_tunnel_uses_xfrm(session->tunnel);

1113


1114
		if (copy_to_user((void __user *)arg, &stats, sizeof(stats)))

1115
			return -EFAULT;

1116
		break;

1117


1118
	default:

1119
		return -ENOIOCTLCMD;

1120
	}

1121


1122
	return 0;

1123
}

1124


1125
/*****************************************************************************

1126
 * setsockopt() / getsockopt() support.

1127
 *

1128
 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP

1129
 * sockets. In order to control kernel tunnel features, we allow userspace to

1130
 * create a special "tunnel" PPPoX socket which is used for control only.

1131
 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user

1132
 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.

1133
 *****************************************************************************/

1134


1135
/* Tunnel setsockopt() helper.

1136
 */

1137
static int pppol2tp_tunnel_setsockopt(struct sock *sk,

1138
				      struct l2tp_tunnel *tunnel,

1139
				      int optname, int val)

1140
{

1141
	int err = 0;

1142


1143
	switch (optname) {

1144
	case PPPOL2TP_SO_DEBUG:

1145
		/* Tunnel debug flags option is deprecated */

1146
		break;

1147


1148
	default:

1149
		err = -ENOPROTOOPT;

1150
		break;

1151
	}

1152


1153
	return err;

1154
}

1155


1156
/* Session setsockopt helper.

1157
 */

1158
static int pppol2tp_session_setsockopt(struct sock *sk,

1159
				       struct l2tp_session *session,

1160
				       int optname, int val)

1161
{

1162
	int err = 0;

1163


1164
	switch (optname) {

1165
	case PPPOL2TP_SO_RECVSEQ:

1166
		if (val != 0 && val != 1) {

1167
			err = -EINVAL;

1168
			break;

1169
		}

1170
		session->recv_seq = !!val;

1171
		break;

1172


1173
	case PPPOL2TP_SO_SENDSEQ:

1174
		if (val != 0 && val != 1) {

1175
			err = -EINVAL;

1176
			break;

1177
		}

1178
		session->send_seq = !!val;

1179
		{

1180
			struct pppox_sock *po = pppox_sk(sk);

1181


1182
			po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :

1183
				PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;

1184
		}

1185
		l2tp_session_set_header_len(session, session->tunnel->version,

1186
					    session->tunnel->encap);

1187
		break;

1188


1189
	case PPPOL2TP_SO_LNSMODE:

1190
		if (val != 0 && val != 1) {

1191
			err = -EINVAL;

1192
			break;

1193
		}

1194
		session->lns_mode = !!val;

1195
		break;

1196


1197
	case PPPOL2TP_SO_DEBUG:

1198
		/* Session debug flags option is deprecated */

1199
		break;

1200


1201
	case PPPOL2TP_SO_REORDERTO:

1202
		session->reorder_timeout = msecs_to_jiffies(val);

1203
		break;

1204


1205
	default:

1206
		err = -ENOPROTOOPT;

1207
		break;

1208
	}

1209


1210
	return err;

1211
}

1212


1213
/* Main setsockopt() entry point.

1214
 * Does API checks, then calls either the tunnel or session setsockopt

1215
 * handler, according to whether the PPPoL2TP socket is a for a regular

1216
 * session or the special tunnel type.

1217
 */

1218
static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,

1219
			       sockptr_t optval, unsigned int optlen)

1220
{

1221
	struct sock *sk = sock->sk;

1222
	struct l2tp_session *session;

1223
	struct l2tp_tunnel *tunnel;

1224
	int val;

1225
	int err;

1226


1227
	if (level != SOL_PPPOL2TP)

1228
		return -EINVAL;

1229


1230
	if (optlen < sizeof(int))

1231
		return -EINVAL;

1232


1233
	if (copy_from_sockptr(&val, optval, sizeof(int)))

1234
		return -EFAULT;

1235


1236
	err = -ENOTCONN;

1237
	if (!sk->sk_user_data)

1238
		goto end;

1239


1240
	/* Get session context from the socket */

1241
	err = -EBADF;

1242
	session = pppol2tp_sock_to_session(sk);

1243
	if (!session)

1244
		goto end;

1245


1246
	/* Special case: if session_id == 0x0000, treat as operation on tunnel

1247
	 */

1248
	if (session->session_id == 0 && session->peer_session_id == 0) {

1249
		tunnel = session->tunnel;

1250
		err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);

1251
	} else {

1252
		err = pppol2tp_session_setsockopt(sk, session, optname, val);

1253
	}

1254


1255
	l2tp_session_put(session);

1256
end:

1257
	return err;

1258
}

1259


1260
/* Tunnel getsockopt helper. Called with sock locked.

1261
 */

1262
static int pppol2tp_tunnel_getsockopt(struct sock *sk,

1263
				      struct l2tp_tunnel *tunnel,

1264
				      int optname, int *val)

1265
{

1266
	int err = 0;

1267


1268
	switch (optname) {

1269
	case PPPOL2TP_SO_DEBUG:

1270
		/* Tunnel debug flags option is deprecated */

1271
		*val = 0;

1272
		break;

1273


1274
	default:

1275
		err = -ENOPROTOOPT;

1276
		break;

1277
	}

1278


1279
	return err;

1280
}

1281


1282
/* Session getsockopt helper. Called with sock locked.

1283
 */

1284
static int pppol2tp_session_getsockopt(struct sock *sk,

1285
				       struct l2tp_session *session,

1286
				       int optname, int *val)

1287
{

1288
	int err = 0;

1289


1290
	switch (optname) {

1291
	case PPPOL2TP_SO_RECVSEQ:

1292
		*val = session->recv_seq;

1293
		break;

1294


1295
	case PPPOL2TP_SO_SENDSEQ:

1296
		*val = session->send_seq;

1297
		break;

1298


1299
	case PPPOL2TP_SO_LNSMODE:

1300
		*val = session->lns_mode;

1301
		break;

1302


1303
	case PPPOL2TP_SO_DEBUG:

1304
		/* Session debug flags option is deprecated */

1305
		*val = 0;

1306
		break;

1307


1308
	case PPPOL2TP_SO_REORDERTO:

1309
		*val = (int)jiffies_to_msecs(session->reorder_timeout);

1310
		break;

1311


1312
	default:

1313
		err = -ENOPROTOOPT;

1314
	}

1315


1316
	return err;

1317
}

1318


1319
/* Main getsockopt() entry point.

1320
 * Does API checks, then calls either the tunnel or session getsockopt

1321
 * handler, according to whether the PPPoX socket is a for a regular session

1322
 * or the special tunnel type.

1323
 */

1324
static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,

1325
			       char __user *optval, int __user *optlen)

1326
{

1327
	struct sock *sk = sock->sk;

1328
	struct l2tp_session *session;

1329
	struct l2tp_tunnel *tunnel;

1330
	int val, len;

1331
	int err;

1332


1333
	if (level != SOL_PPPOL2TP)

1334
		return -EINVAL;

1335


1336
	if (get_user(len, optlen))

1337
		return -EFAULT;

1338


1339
	if (len < 0)

1340
		return -EINVAL;

1341


1342
	len = min_t(unsigned int, len, sizeof(int));

1343


1344
	err = -ENOTCONN;

1345
	if (!sk->sk_user_data)

1346
		goto end;

1347


1348
	/* Get the session context */

1349
	err = -EBADF;

1350
	session = pppol2tp_sock_to_session(sk);

1351
	if (!session)

1352
		goto end;

1353


1354
	/* Special case: if session_id == 0x0000, treat as operation on tunnel */

1355
	if (session->session_id == 0 && session->peer_session_id == 0) {

1356
		tunnel = session->tunnel;

1357
		err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);

1358
		if (err)

1359
			goto end_put_sess;

1360
	} else {

1361
		err = pppol2tp_session_getsockopt(sk, session, optname, &val);

1362
		if (err)

1363
			goto end_put_sess;

1364
	}

1365


1366
	err = -EFAULT;

1367
	if (put_user(len, optlen))

1368
		goto end_put_sess;

1369


1370
	if (copy_to_user((void __user *)optval, &val, len))

1371
		goto end_put_sess;

1372


1373
	err = 0;

1374


1375
end_put_sess:

1376
	l2tp_session_put(session);

1377
end:

1378
	return err;

1379
}

1380


1381
/*****************************************************************************

1382
 * /proc filesystem for debug

1383
 * Since the original pppol2tp driver provided /proc/net/pppol2tp for

1384
 * L2TPv2, we dump only L2TPv2 tunnels and sessions here.

1385
 *****************************************************************************/

1386


1387
#ifdef CONFIG_PROC_FS

1388


1389
struct pppol2tp_seq_data {

1390
	struct seq_net_private p;

1391
	unsigned long tkey;		/* lookup key of current tunnel */

1392
	unsigned long skey;		/* lookup key of current session */

1393
	struct l2tp_tunnel *tunnel;

1394
	struct l2tp_session *session;	/* NULL means get next tunnel */

1395
};

1396


1397
static void pppol2tp_next_tunnel(struct net *net, struct pppol2tp_seq_data *pd)

1398
{

1399
	/* Drop reference taken during previous invocation */

1400
	if (pd->tunnel)

1401
		l2tp_tunnel_put(pd->tunnel);

1402


1403
	for (;;) {

1404
		pd->tunnel = l2tp_tunnel_get_next(net, &pd->tkey);

1405
		pd->tkey++;

1406


1407
		/* Only accept L2TPv2 tunnels */

1408
		if (!pd->tunnel || pd->tunnel->version == 2)

1409
			return;

1410


1411
		l2tp_tunnel_put(pd->tunnel);

1412
	}

1413
}

1414


1415
static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd)

1416
{

1417
	/* Drop reference taken during previous invocation */

1418
	if (pd->session)

1419
		l2tp_session_put(pd->session);

1420


1421
	pd->session = l2tp_session_get_next(net, pd->tunnel->sock,

1422
					    pd->tunnel->version,

1423
					    pd->tunnel->tunnel_id, &pd->skey);

1424
	pd->skey++;

1425


1426
	if (!pd->session) {

1427
		pd->skey = 0;

1428
		pppol2tp_next_tunnel(net, pd);

1429
	}

1430
}

1431


1432
static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)

1433
{

1434
	struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;

1435
	loff_t pos = *offs;

1436
	struct net *net;

1437


1438
	if (!pos)

1439
		goto out;

1440


1441
	if (WARN_ON(!m->private)) {

1442
		pd = NULL;

1443
		goto out;

1444
	}

1445


1446
	pd = m->private;

1447
	net = seq_file_net(m);

1448


1449
	if (!pd->tunnel)

1450
		pppol2tp_next_tunnel(net, pd);

1451
	else

1452
		pppol2tp_next_session(net, pd);

1453


1454
	/* NULL tunnel and session indicates end of list */

1455
	if (!pd->tunnel && !pd->session)

1456
		pd = NULL;

1457


1458
out:

1459
	return pd;

1460
}

1461


1462
static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)

1463
{

1464
	(*pos)++;

1465
	return NULL;

1466
}

1467


1468
static void pppol2tp_seq_stop(struct seq_file *p, void *v)

1469
{

1470
	struct pppol2tp_seq_data *pd = v;

1471


1472
	if (!pd || pd == SEQ_START_TOKEN)

1473
		return;

1474


1475
	/* Drop reference taken by last invocation of pppol2tp_next_session()

1476
	 * or pppol2tp_next_tunnel().

1477
	 */

1478
	if (pd->session) {

1479
		l2tp_session_put(pd->session);

1480
		pd->session = NULL;

1481
	}

1482
	if (pd->tunnel) {

1483
		l2tp_tunnel_put(pd->tunnel);

1484
		pd->tunnel = NULL;

1485
	}

1486
}

1487


1488
static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)

1489
{

1490
	struct l2tp_tunnel *tunnel = v;

1491


1492
	seq_printf(m, "\nTUNNEL '%s', %c %d\n",

1493
		   tunnel->name,

1494
		   tunnel->sock ? 'Y' : 'N',

1495
		   refcount_read(&tunnel->ref_count) - 1);

1496
	seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",

1497
		   0,

1498
		   atomic_long_read(&tunnel->stats.tx_packets),

1499
		   atomic_long_read(&tunnel->stats.tx_bytes),

1500
		   atomic_long_read(&tunnel->stats.tx_errors),

1501
		   atomic_long_read(&tunnel->stats.rx_packets),

1502
		   atomic_long_read(&tunnel->stats.rx_bytes),

1503
		   atomic_long_read(&tunnel->stats.rx_errors));

1504
}

1505


1506
static void pppol2tp_seq_session_show(struct seq_file *m, void *v)

1507
{

1508
	struct l2tp_session *session = v;

1509
	struct l2tp_tunnel *tunnel = session->tunnel;

1510
	unsigned char state;

1511
	char user_data_ok;

1512
	struct sock *sk;

1513
	u32 ip = 0;

1514
	u16 port = 0;

1515


1516
	if (tunnel->sock) {

1517
		struct inet_sock *inet = inet_sk(tunnel->sock);

1518


1519
		ip = ntohl(inet->inet_saddr);

1520
		port = ntohs(inet->inet_sport);

1521
	}

1522


1523
	rcu_read_lock();

1524
	sk = pppol2tp_session_get_sock(session);

1525
	if (sk) {

1526
		state = sk->sk_state;

1527
		user_data_ok = (session == sk->sk_user_data) ? 'Y' : 'N';

1528
	} else {

1529
		state = 0;

1530
		user_data_ok = 'N';

1531
	}

1532


1533
	seq_printf(m, "  SESSION '%s' %08X/%d %04X/%04X -> %04X/%04X %d %c\n",

1534
		   session->name, ip, port,

1535
		   tunnel->tunnel_id,

1536
		   session->session_id,

1537
		   tunnel->peer_tunnel_id,

1538
		   session->peer_session_id,

1539
		   state, user_data_ok);

1540
	seq_printf(m, "   0/0/%c/%c/%s %08x %u\n",

1541
		   session->recv_seq ? 'R' : '-',

1542
		   session->send_seq ? 'S' : '-',

1543
		   session->lns_mode ? "LNS" : "LAC",

1544
		   0,

1545
		   jiffies_to_msecs(session->reorder_timeout));

1546
	seq_printf(m, "   %u/%u %ld/%ld/%ld %ld/%ld/%ld\n",

1547
		   session->nr, session->ns,

1548
		   atomic_long_read(&session->stats.tx_packets),

1549
		   atomic_long_read(&session->stats.tx_bytes),

1550
		   atomic_long_read(&session->stats.tx_errors),

1551
		   atomic_long_read(&session->stats.rx_packets),

1552
		   atomic_long_read(&session->stats.rx_bytes),

1553
		   atomic_long_read(&session->stats.rx_errors));

1554


1555
	if (sk) {

1556
		struct pppox_sock *po = pppox_sk(sk);

1557


1558
		seq_printf(m, "   interface %s\n", ppp_dev_name(&po->chan));

1559
	}

1560
	rcu_read_unlock();

1561
}

1562


1563
static int pppol2tp_seq_show(struct seq_file *m, void *v)

1564
{

1565
	struct pppol2tp_seq_data *pd = v;

1566


1567
	/* display header on line 1 */

1568
	if (v == SEQ_START_TOKEN) {

1569
		seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");

1570
		seq_puts(m, "TUNNEL name, user-data-ok session-count\n");

1571
		seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");

1572
		seq_puts(m, "  SESSION name, addr/port src-tid/sid dest-tid/sid state user-data-ok\n");

1573
		seq_puts(m, "   mtu/mru/rcvseq/sendseq/lns debug reorderto\n");

1574
		seq_puts(m, "   nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");

1575
		goto out;

1576
	}

1577


1578
	if (!pd->session)

1579
		pppol2tp_seq_tunnel_show(m, pd->tunnel);

1580
	else

1581
		pppol2tp_seq_session_show(m, pd->session);

1582


1583
out:

1584
	return 0;

1585
}

1586


1587
static const struct seq_operations pppol2tp_seq_ops = {

1588
	.start		= pppol2tp_seq_start,

1589
	.next		= pppol2tp_seq_next,

1590
	.stop		= pppol2tp_seq_stop,

1591
	.show		= pppol2tp_seq_show,

1592
};

1593
#endif /* CONFIG_PROC_FS */

1594


1595
/*****************************************************************************

1596
 * Network namespace

1597
 *****************************************************************************/

1598


1599
static __net_init int pppol2tp_init_net(struct net *net)

1600
{

1601
	struct proc_dir_entry *pde;

1602
	int err = 0;

1603


1604
	pde = proc_create_net("pppol2tp", 0444, net->proc_net,

1605
			      &pppol2tp_seq_ops, sizeof(struct pppol2tp_seq_data));

1606
	if (!pde) {

1607
		err = -ENOMEM;

1608
		goto out;

1609
	}

1610


1611
out:

1612
	return err;

1613
}

1614


1615
static __net_exit void pppol2tp_exit_net(struct net *net)

1616
{

1617
	remove_proc_entry("pppol2tp", net->proc_net);

1618
}

1619


1620
static struct pernet_operations pppol2tp_net_ops = {

1621
	.init = pppol2tp_init_net,

1622
	.exit = pppol2tp_exit_net,

1623
};

1624


1625
/*****************************************************************************

1626
 * Init and cleanup

1627
 *****************************************************************************/

1628


1629
static const struct proto_ops pppol2tp_ops = {

1630
	.family		= AF_PPPOX,

1631
	.owner		= THIS_MODULE,

1632
	.release	= pppol2tp_release,

1633
	.bind		= sock_no_bind,

1634
	.connect	= pppol2tp_connect,

1635
	.socketpair	= sock_no_socketpair,

1636
	.accept		= sock_no_accept,

1637
	.getname	= pppol2tp_getname,

1638
	.poll		= datagram_poll,

1639
	.listen		= sock_no_listen,

1640
	.shutdown	= sock_no_shutdown,

1641
	.setsockopt	= pppol2tp_setsockopt,

1642
	.getsockopt	= pppol2tp_getsockopt,

1643
	.sendmsg	= pppol2tp_sendmsg,

1644
	.recvmsg	= pppol2tp_recvmsg,

1645
	.mmap		= sock_no_mmap,

1646
	.ioctl		= pppox_ioctl,

1647
#ifdef CONFIG_COMPAT

1648
	.compat_ioctl = pppox_compat_ioctl,

1649
#endif

1650
};

1651


1652
static const struct pppox_proto pppol2tp_proto = {

1653
	.create		= pppol2tp_create,

1654
	.ioctl		= pppol2tp_ioctl,

1655
	.owner		= THIS_MODULE,

1656
};

1657


1658
#ifdef CONFIG_L2TP_V3

1659


1660
static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {

1661
	.session_create	= pppol2tp_session_create,

1662
	.session_delete	= l2tp_session_delete,

1663
};

1664


1665
#endif /* CONFIG_L2TP_V3 */

1666


1667
static int __init pppol2tp_init(void)

1668
{

1669
	int err;

1670


1671
	err = register_pernet_device(&pppol2tp_net_ops);

1672
	if (err)

1673
		goto out;

1674


1675
	err = proto_register(&pppol2tp_sk_proto, 0);

1676
	if (err)

1677
		goto out_unregister_pppol2tp_pernet;

1678


1679
	err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);

1680
	if (err)

1681
		goto out_unregister_pppol2tp_proto;

1682


1683
#ifdef CONFIG_L2TP_V3

1684
	err = l2tp_nl_register_ops(L2TP_PWTYPE_PPP, &pppol2tp_nl_cmd_ops);

1685
	if (err)

1686
		goto out_unregister_pppox;

1687
#endif

1688


1689
	pr_info("PPPoL2TP kernel driver, %s\n", PPPOL2TP_DRV_VERSION);

1690


1691
out:

1692
	return err;

1693


1694
#ifdef CONFIG_L2TP_V3

1695
out_unregister_pppox:

1696
	unregister_pppox_proto(PX_PROTO_OL2TP);

1697
#endif

1698
out_unregister_pppol2tp_proto:

1699
	proto_unregister(&pppol2tp_sk_proto);

1700
out_unregister_pppol2tp_pernet:

1701
	unregister_pernet_device(&pppol2tp_net_ops);

1702
	goto out;

1703
}

1704


1705
static void __exit pppol2tp_exit(void)

1706
{

1707
#ifdef CONFIG_L2TP_V3

1708
	l2tp_nl_unregister_ops(L2TP_PWTYPE_PPP);

1709
#endif

1710
	unregister_pppox_proto(PX_PROTO_OL2TP);

1711
	proto_unregister(&pppol2tp_sk_proto);

1712
	unregister_pernet_device(&pppol2tp_net_ops);

1713
}

1714


1715
module_init(pppol2tp_init);

1716
module_exit(pppol2tp_exit);

1717


1718
MODULE_AUTHOR("James Chapman <[email protected]>");

1719
MODULE_DESCRIPTION("PPP over L2TP over UDP");

1720
MODULE_LICENSE("GPL");

1721
MODULE_VERSION(PPPOL2TP_DRV_VERSION);

1722
MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OL2TP);

1723
MODULE_ALIAS_L2TP_PWTYPE(7);

1724


1725