LXR linux/drivers/net/ppp/ppp

   1/*
   2 * Generic PPP layer for Linux.
   3 *
   4 * Copyright 1999-2002 Paul Mackerras.
   5 *
   6 *  This program is free software; you can redistribute it and/or
   7 *  modify it under the terms of the GNU General Public License
   8 *  as published by the Free Software Foundation; either version
   9 *  2 of the License, or (at your option) any later version.
  10 *
  11 * The generic PPP layer handles the PPP network interfaces, the
  12 * /dev/ppp device, packet and VJ compression, and multilink.
  13 * It talks to PPP `channels' via the interface defined in
  14 * include/linux/ppp_channel.h.  Channels provide the basic means for
  15 * sending and receiving PPP frames on some kind of communications
  16 * channel.
  17 *
  18 * Part of the code in this driver was inspired by the old async-only
  19 * PPP driver, written by Michael Callahan and Al Longyear, and
  20 * subsequently hacked by Paul Mackerras.
  21 *
  22 * ==FILEVERSION 20041108==
  23 */
  24
  25#include <linux/module.h>
  26#include <linux/kernel.h>
  27#include <linux/sched/signal.h>
  28#include <linux/kmod.h>
  29#include <linux/init.h>
  30#include <linux/list.h>
  31#include <linux/idr.h>
  32#include <linux/netdevice.h>
  33#include <linux/poll.h>
  34#include <linux/ppp_defs.h>
  35#include <linux/filter.h>
  36#include <linux/ppp-ioctl.h>
  37#include <linux/ppp_channel.h>
  38#include <linux/ppp-comp.h>
  39#include <linux/skbuff.h>
  40#include <linux/rtnetlink.h>
  41#include <linux/if_arp.h>
  42#include <linux/ip.h>
  43#include <linux/tcp.h>
  44#include <linux/spinlock.h>
  45#include <linux/rwsem.h>
  46#include <linux/stddef.h>
  47#include <linux/device.h>
  48#include <linux/mutex.h>
  49#include <linux/slab.h>
  50#include <linux/file.h>
  51#include <asm/unaligned.h>
  52#include <net/slhc_vj.h>
  53#include <linux/atomic.h>
  54#include <linux/refcount.h>
  55
  56#include <linux/nsproxy.h>
  57#include <net/net_namespace.h>
  58#include <net/netns/generic.h>
  59
  60#define PPP_VERSION     "2.4.2"
  61
  62/*
  63 * Network protocols we support.
  64 */
  65#define NP_IP   0               /* Internet Protocol V4 */
  66#define NP_IPV6 1               /* Internet Protocol V6 */
  67#define NP_IPX  2               /* IPX protocol */
  68#define NP_AT   3               /* Appletalk protocol */
  69#define NP_MPLS_UC 4            /* MPLS unicast */
  70#define NP_MPLS_MC 5            /* MPLS multicast */
  71#define NUM_NP  6               /* Number of NPs. */
  72
  73#define MPHDRLEN        6       /* multilink protocol header length */
  74#define MPHDRLEN_SSN    4       /* ditto with short sequence numbers */
  75
  76/*
  77 * An instance of /dev/ppp can be associated with either a ppp
  78 * interface unit or a ppp channel.  In both cases, file->private_data
  79 * points to one of these.
  80 */
  81struct ppp_file {
  82        enum {
  83                INTERFACE=1, CHANNEL
  84        }               kind;
  85        struct sk_buff_head xq;         /* pppd transmit queue */
  86        struct sk_buff_head rq;         /* receive queue for pppd */
  87        wait_queue_head_t rwait;        /* for poll on reading /dev/ppp */
  88        refcount_t      refcnt;         /* # refs (incl /dev/ppp attached) */
  89        int             hdrlen;         /* space to leave for headers */
  90        int             index;          /* interface unit / channel number */
  91        int             dead;           /* unit/channel has been shut down */
  92};
  93
  94#define PF_TO_X(pf, X)          container_of(pf, X, file)
  95
  96#define PF_TO_PPP(pf)           PF_TO_X(pf, struct ppp)
  97#define PF_TO_CHANNEL(pf)       PF_TO_X(pf, struct channel)
  98
  99/*
 100 * Data structure to hold primary network stats for which
 101 * we want to use 64 bit storage.  Other network stats
 102 * are stored in dev->stats of the ppp strucute.
 103 */
 104struct ppp_link_stats {
 105        u64 rx_packets;
 106        u64 tx_packets;
 107        u64 rx_bytes;
 108        u64 tx_bytes;
 109};
 110
 111/*
 112 * Data structure describing one ppp unit.
 113 * A ppp unit corresponds to a ppp network interface device
 114 * and represents a multilink bundle.
 115 * It can have 0 or more ppp channels connected to it.
 116 */
 117struct ppp {
 118        struct ppp_file file;           /* stuff for read/write/poll 0 */
 119        struct file     *owner;         /* file that owns this unit 48 */
 120        struct list_head channels;      /* list of attached channels 4c */
 121        int             n_channels;     /* how many channels are attached 54 */
 122        spinlock_t      rlock;          /* lock for receive side 58 */
 123        spinlock_t      wlock;          /* lock for transmit side 5c */
 124        int __percpu    *xmit_recursion; /* xmit recursion detect */
 125        int             mru;            /* max receive unit 60 */
 126        unsigned int    flags;          /* control bits 64 */
 127        unsigned int    xstate;         /* transmit state bits 68 */
 128        unsigned int    rstate;         /* receive state bits 6c */
 129        int             debug;          /* debug flags 70 */
 130        struct slcompress *vj;          /* state for VJ header compression */
 131        enum NPmode     npmode[NUM_NP]; /* what to do with each net proto 78 */
 132        struct sk_buff  *xmit_pending;  /* a packet ready to go out 88 */
 133        struct compressor *xcomp;       /* transmit packet compressor 8c */
 134        void            *xc_state;      /* its internal state 90 */
 135        struct compressor *rcomp;       /* receive decompressor 94 */
 136        void            *rc_state;      /* its internal state 98 */
 137        unsigned long   last_xmit;      /* jiffies when last pkt sent 9c */
 138        unsigned long   last_recv;      /* jiffies when last pkt rcvd a0 */
 139        struct net_device *dev;         /* network interface device a4 */
 140        int             closing;        /* is device closing down? a8 */
 141#ifdef CONFIG_PPP_MULTILINK
 142        int             nxchan;         /* next channel to send something on */
 143        u32             nxseq;          /* next sequence number to send */
 144        int             mrru;           /* MP: max reconst. receive unit */
 145        u32             nextseq;        /* MP: seq no of next packet */
 146        u32             minseq;         /* MP: min of most recent seqnos */
 147        struct sk_buff_head mrq;        /* MP: receive reconstruction queue */
 148#endif /* CONFIG_PPP_MULTILINK */
 149#ifdef CONFIG_PPP_FILTER
 150        struct bpf_prog *pass_filter;   /* filter for packets to pass */
 151        struct bpf_prog *active_filter; /* filter for pkts to reset idle */
 152#endif /* CONFIG_PPP_FILTER */
 153        struct net      *ppp_net;       /* the net we belong to */
 154        struct ppp_link_stats stats64;  /* 64 bit network stats */
 155};
 156
 157/*
 158 * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC,
 159 * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP,
 160 * SC_MUST_COMP
 161 * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR.
 162 * Bits in xstate: SC_COMP_RUN
 163 */
 164#define SC_FLAG_BITS    (SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \
 165                         |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \
 166                         |SC_COMP_TCP|SC_REJ_COMP_TCP|SC_MUST_COMP)
 167
 168/*
 169 * Private data structure for each channel.
 170 * This includes the data structure used for multilink.
 171 */
 172struct channel {
 173        struct ppp_file file;           /* stuff for read/write/poll */
 174        struct list_head list;          /* link in all/new_channels list */
 175        struct ppp_channel *chan;       /* public channel data structure */
 176        struct rw_semaphore chan_sem;   /* protects `chan' during chan ioctl */
 177        spinlock_t      downl;          /* protects `chan', file.xq dequeue */
 178        struct ppp      *ppp;           /* ppp unit we're connected to */
 179        struct net      *chan_net;      /* the net channel belongs to */
 180        struct list_head clist;         /* link in list of channels per unit */
 181        rwlock_t        upl;            /* protects `ppp' */
 182#ifdef CONFIG_PPP_MULTILINK
 183        u8              avail;          /* flag used in multilink stuff */
 184        u8              had_frag;       /* >= 1 fragments have been sent */
 185        u32             lastseq;        /* MP: last sequence # received */
 186        int             speed;          /* speed of the corresponding ppp channel*/
 187#endif /* CONFIG_PPP_MULTILINK */
 188};
 189
 190struct ppp_config {
 191        struct file *file;
 192        s32 unit;
 193        bool ifname_is_set;
 194};
 195
 196/*
 197 * SMP locking issues:
 198 * Both the ppp.rlock and ppp.wlock locks protect the ppp.channels
 199 * list and the ppp.n_channels field, you need to take both locks
 200 * before you modify them.
 201 * The lock ordering is: channel.upl -> ppp.wlock -> ppp.rlock ->
 202 * channel.downl.
 203 */
 204
 205static DEFINE_MUTEX(ppp_mutex);
 206static atomic_t ppp_unit_count = ATOMIC_INIT(0);
 207static atomic_t channel_count = ATOMIC_INIT(0);
 208
 209/* per-net private data for this module */
 210static unsigned int ppp_net_id __read_mostly;
 211struct ppp_net {
 212        /* units to ppp mapping */
 213        struct idr units_idr;
 214
 215        /*
 216         * all_ppp_mutex protects the units_idr mapping.
 217         * It also ensures that finding a ppp unit in the units_idr
 218         * map and updating its file.refcnt field is atomic.
 219         */
 220        struct mutex all_ppp_mutex;
 221
 222        /* channels */
 223        struct list_head all_channels;
 224        struct list_head new_channels;
 225        int last_channel_index;
 226
 227        /*
 228         * all_channels_lock protects all_channels and
 229         * last_channel_index, and the atomicity of find
 230         * a channel and updating its file.refcnt field.
 231         */
 232        spinlock_t all_channels_lock;
 233};
 234
 235/* Get the PPP protocol number from a skb */
 236#define PPP_PROTO(skb)  get_unaligned_be16((skb)->data)
 237
 238/* We limit the length of ppp->file.rq to this (arbitrary) value */
 239#define PPP_MAX_RQLEN   32
 240
 241/*
 242 * Maximum number of multilink fragments queued up.
 243 * This has to be large enough to cope with the maximum latency of
 244 * the slowest channel relative to the others.  Strictly it should
 245 * depend on the number of channels and their characteristics.
 246 */
 247#define PPP_MP_MAX_QLEN 128
 248
 249/* Multilink header bits. */
 250#define B       0x80            /* this fragment begins a packet */
 251#define E       0x40            /* this fragment ends a packet */
 252
 253/* Compare multilink sequence numbers (assumed to be 32 bits wide) */
 254#define seq_before(a, b)        ((s32)((a) - (b)) < 0)
 255#define seq_after(a, b)         ((s32)((a) - (b)) > 0)
 256
 257/* Prototypes. */
 258static int ppp_unattached_ioctl(struct net *net, struct ppp_file *pf,
 259                        struct file *file, unsigned int cmd, unsigned long arg);
 260static void ppp_xmit_process(struct ppp *ppp, struct sk_buff *skb);
 261static void ppp_send_frame(struct ppp *ppp, struct sk_buff *skb);
 262static void ppp_push(struct ppp *ppp);
 263static void ppp_channel_push(struct channel *pch);
 264static void ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb,
 265                              struct channel *pch);
 266static void ppp_receive_error(struct ppp *ppp);
 267static void ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb);
 268static struct sk_buff *ppp_decompress_frame(struct ppp *ppp,
 269                                            struct sk_buff *skb);
 270#ifdef CONFIG_PPP_MULTILINK
 271static void ppp_receive_mp_frame(struct ppp *ppp, struct sk_buff *skb,
 272                                struct channel *pch);
 273static void ppp_mp_insert(struct ppp *ppp, struct sk_buff *skb);
 274static struct sk_buff *ppp_mp_reconstruct(struct ppp *ppp);
 275static int ppp_mp_explode(struct ppp *ppp, struct sk_buff *skb);
 276#endif /* CONFIG_PPP_MULTILINK */
 277static int ppp_set_compress(struct ppp *ppp, unsigned long arg);
 278static void ppp_ccp_peek(struct ppp *ppp, struct sk_buff *skb, int inbound);
 279static void ppp_ccp_closed(struct ppp *ppp);
 280static struct compressor *find_compressor(int type);
 281static void ppp_get_stats(struct ppp *ppp, struct ppp_stats *st);
 282static int ppp_create_interface(struct net *net, struct file *file, int *unit);
 283static void init_ppp_file(struct ppp_file *pf, int kind);
 284static void ppp_destroy_interface(struct ppp *ppp);
 285static struct ppp *ppp_find_unit(struct ppp_net *pn, int unit);
 286static struct channel *ppp_find_channel(struct ppp_net *pn, int unit);
 287static int ppp_connect_channel(struct channel *pch, int unit);
 288static int ppp_disconnect_channel(struct channel *pch);
 289static void ppp_destroy_channel(struct channel *pch);
 290static int unit_get(struct idr *p, void *ptr);
 291static int unit_set(struct idr *p, void *ptr, int n);
 292static void unit_put(struct idr *p, int n);
 293static void *unit_find(struct idr *p, int n);
 294static void ppp_setup(struct net_device *dev);
 295
 296static const struct net_device_ops ppp_netdev_ops;
 297
 298static struct class *ppp_class;
 299
 300/* per net-namespace data */
 301static inline struct ppp_net *ppp_pernet(struct net *net)
 302{
 303        BUG_ON(!net);
 304
 305        return net_generic(net, ppp_net_id);
 306}
 307
 308/* Translates a PPP protocol number to a NP index (NP == network protocol) */
 309static inline int proto_to_npindex(int proto)
 310{
 311        switch (proto) {
 312        case PPP_IP:
 313                return NP_IP;
 314        case PPP_IPV6:
 315                return NP_IPV6;
 316        case PPP_IPX:
 317                return NP_IPX;
 318        case PPP_AT:
 319                return NP_AT;
 320        case PPP_MPLS_UC:
 321                return NP_MPLS_UC;
 322        case PPP_MPLS_MC:
 323                return NP_MPLS_MC;
 324        }
 325        return -EINVAL;
 326}
 327
 328/* Translates an NP index into a PPP protocol number */
 329static const int npindex_to_proto[NUM_NP] = {
 330        PPP_IP,
 331        PPP_IPV6,
 332        PPP_IPX,
 333        PPP_AT,
 334        PPP_MPLS_UC,
 335        PPP_MPLS_MC,
 336};
 337
 338/* Translates an ethertype into an NP index */
 339static inline int ethertype_to_npindex(int ethertype)
 340{
 341        switch (ethertype) {
 342        case ETH_P_IP:
 343                return NP_IP;
 344        case ETH_P_IPV6:
 345                return NP_IPV6;
 346        case ETH_P_IPX:
 347                return NP_IPX;
 348        case ETH_P_PPPTALK:
 349        case ETH_P_ATALK:
 350                return NP_AT;
 351        case ETH_P_MPLS_UC:
 352                return NP_MPLS_UC;
 353        case ETH_P_MPLS_MC:
 354                return NP_MPLS_MC;
 355        }
 356        return -1;
 357}
 358
 359/* Translates an NP index into an ethertype */
 360static const int npindex_to_ethertype[NUM_NP] = {
 361        ETH_P_IP,
 362        ETH_P_IPV6,
 363        ETH_P_IPX,
 364        ETH_P_PPPTALK,
 365        ETH_P_MPLS_UC,
 366        ETH_P_MPLS_MC,
 367};
 368
 369/*
 370 * Locking shorthand.
 371 */
 372#define ppp_xmit_lock(ppp)      spin_lock_bh(&(ppp)->wlock)
 373#define ppp_xmit_unlock(ppp)    spin_unlock_bh(&(ppp)->wlock)
 374#define ppp_recv_lock(ppp)      spin_lock_bh(&(ppp)->rlock)
 375#define ppp_recv_unlock(ppp)    spin_unlock_bh(&(ppp)->rlock)
 376#define ppp_lock(ppp)           do { ppp_xmit_lock(ppp); \
 377                                     ppp_recv_lock(ppp); } while (0)
 378#define ppp_unlock(ppp)         do { ppp_recv_unlock(ppp); \
 379                                     ppp_xmit_unlock(ppp); } while (0)
 380
 381/*
 382 * /dev/ppp device routines.
 383 * The /dev/ppp device is used by pppd to control the ppp unit.
 384 * It supports the read, write, ioctl and poll functions.
 385 * Open instances of /dev/ppp can be in one of three states:
 386 * unattached, attached to a ppp unit, or attached to a ppp channel.
 387 */
 388static int ppp_open(struct inode *inode, struct file *file)
 389{
 390        /*
 391         * This could (should?) be enforced by the permissions on /dev/ppp.
 392         */
 393        if (!ns_capable(file->f_cred->user_ns, CAP_NET_ADMIN))
 394                return -EPERM;
 395        return 0;
 396}
 397
 398static int ppp_release(struct inode *unused, struct file *file)
 399{
 400        struct ppp_file *pf = file->private_data;
 401        struct ppp *ppp;
 402
 403        if (pf) {
 404                file->private_data = NULL;
 405                if (pf->kind == INTERFACE) {
 406                        ppp = PF_TO_PPP(pf);
 407                        rtnl_lock();
 408                        if (file == ppp->owner)
 409                                unregister_netdevice(ppp->dev);
 410                        rtnl_unlock();
 411                }
 412                if (refcount_dec_and_test(&pf->refcnt)) {
 413                        switch (pf->kind) {
 414                        case INTERFACE:
 415                                ppp_destroy_interface(PF_TO_PPP(pf));
 416                                break;
 417                        case CHANNEL:
 418                                ppp_destroy_channel(PF_TO_CHANNEL(pf));
 419                                break;
 420                        }
 421                }
 422        }
 423        return 0;
 424}
 425
 426static ssize_t ppp_read(struct file *file, char __user *buf,
 427                        size_t count, loff_t *ppos)
 428{
 429        struct ppp_file *pf = file->private_data;
 430        DECLARE_WAITQUEUE(wait, current);
 431        ssize_t ret;
 432        struct sk_buff *skb = NULL;
 433        struct iovec iov;
 434        struct iov_iter to;
 435
 436        ret = count;
 437
 438        if (!pf)
 439                return -ENXIO;
 440        add_wait_queue(&pf->rwait, &wait);
 441        for (;;) {
 442                set_current_state(TASK_INTERRUPTIBLE);
 443                skb = skb_dequeue(&pf->rq);
 444                if (skb)
 445                        break;
 446                ret = 0;
 447                if (pf->dead)
 448                        break;
 449                if (pf->kind == INTERFACE) {
 450                        /*
 451                         * Return 0 (EOF) on an interface that has no
 452                         * channels connected, unless it is looping
 453                         * network traffic (demand mode).
 454                         */
 455                        struct ppp *ppp = PF_TO_PPP(pf);
 456
 457                        ppp_recv_lock(ppp);
 458                        if (ppp->n_channels == 0 &&
 459                            (ppp->flags & SC_LOOP_TRAFFIC) == 0) {
 460                                ppp_recv_unlock(ppp);
 461                                break;
 462                        }
 463                        ppp_recv_unlock(ppp);
 464                }
 465                ret = -EAGAIN;
 466                if (file->f_flags & O_NONBLOCK)
 467                        break;
 468                ret = -ERESTARTSYS;
 469                if (signal_pending(current))
 470                        break;
 471                schedule();
 472        }
 473        set_current_state(TASK_RUNNING);
 474        remove_wait_queue(&pf->rwait, &wait);
 475
 476        if (!skb)
 477                goto out;
 478
 479        ret = -EOVERFLOW;
 480        if (skb->len > count)
 481                goto outf;
 482        ret = -EFAULT;
 483        iov.iov_base = buf;
 484        iov.iov_len = count;
 485        iov_iter_init(&to, READ, &iov, 1, count);
 486        if (skb_copy_datagram_iter(skb, 0, &to, skb->len))
 487                goto outf;
 488        ret = skb->len;
 489
 490 outf:
 491        kfree_skb(skb);
 492 out:
 493        return ret;
 494}
 495
 496static ssize_t ppp_write(struct file *file, const char __user *buf,
 497                         size_t count, loff_t *ppos)
 498{
 499        struct ppp_file *pf = file->private_data;
 500        struct sk_buff *skb;
 501        ssize_t ret;
 502
 503        if (!pf)
 504                return -ENXIO;
 505        ret = -ENOMEM;
 506        skb = alloc_skb(count + pf->hdrlen, GFP_KERNEL);
 507        if (!skb)
 508                goto out;
 509        skb_reserve(skb, pf->hdrlen);
 510        ret = -EFAULT;
 511        if (copy_from_user(skb_put(skb, count), buf, count)) {
 512                kfree_skb(skb);
 513                goto out;
 514        }
 515
 516        switch (pf->kind) {
 517        case INTERFACE:
 518                ppp_xmit_process(PF_TO_PPP(pf), skb);
 519                break;
 520        case CHANNEL:
 521                skb_queue_tail(&pf->xq, skb);
 522                ppp_channel_push(PF_TO_CHANNEL(pf));
 523                break;
 524        }
 525
 526        ret = count;
 527
 528 out:
 529        return ret;
 530}
 531
 532/* No kernel lock - fine */
 533static __poll_t ppp_poll(struct file *file, poll_table *wait)
 534{
 535        struct ppp_file *pf = file->private_data;
 536        __poll_t mask;
 537
 538        if (!pf)
 539                return 0;
 540        poll_wait(file, &pf->rwait, wait);
 541        mask = EPOLLOUT | EPOLLWRNORM;
 542        if (skb_peek(&pf->rq))
 543                mask |= EPOLLIN | EPOLLRDNORM;
 544        if (pf->dead)
 545                mask |= EPOLLHUP;
 546        else if (pf->kind == INTERFACE) {
 547                /* see comment in ppp_read */
 548                struct ppp *ppp = PF_TO_PPP(pf);
 549
 550                ppp_recv_lock(ppp);
 551                if (ppp->n_channels == 0 &&
 552                    (ppp->flags & SC_LOOP_TRAFFIC) == 0)
 553                        mask |= EPOLLIN | EPOLLRDNORM;
 554                ppp_recv_unlock(ppp);
 555        }
 556
 557        return mask;
 558}
 559
 560#ifdef CONFIG_PPP_FILTER
 561static int get_filter(void __user *arg, struct sock_filter **p)
 562{
 563        struct sock_fprog uprog;
 564        struct sock_filter *code = NULL;
 565        int len;
 566
 567        if (copy_from_user(&uprog, arg, sizeof(uprog)))
 568                return -EFAULT;
 569
 570        if (!uprog.len) {
 571                *p = NULL;
 572                return 0;
 573        }
 574
 575        len = uprog.len * sizeof(struct sock_filter);
 576        code = memdup_user(uprog.filter, len);
 577        if (IS_ERR(code))
 578                return PTR_ERR(code);
 579
 580        *p = code;
 581        return uprog.len;
 582}
 583#endif /* CONFIG_PPP_FILTER */
 584
 585static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 586{
 587        struct ppp_file *pf;
 588        struct ppp *ppp;
 589        int err = -EFAULT, val, val2, i;
 590        struct ppp_idle idle;
 591        struct npioctl npi;
 592        int unit, cflags;
 593        struct slcompress *vj;
 594        void __user *argp = (void __user *)arg;
 595        int __user *p = argp;
 596
 597        mutex_lock(&ppp_mutex);
 598
 599        pf = file->private_data;
 600        if (!pf) {
 601                err = ppp_unattached_ioctl(current->nsproxy->net_ns,
 602                                           pf, file, cmd, arg);
 603                goto out;
 604        }
 605
 606        if (cmd == PPPIOCDETACH) {
 607                /*
 608                 * PPPIOCDETACH is no longer supported as it was heavily broken,
 609                 * and is only known to have been used by pppd older than
 610                 * ppp-2.4.2 (released November 2003).
 611                 */
 612                pr_warn_once("%s (%d) used obsolete PPPIOCDETACH ioctl\n",
 613                             current->comm, current->pid);
 614                err = -EINVAL;
 615                goto out;
 616        }
 617
 618        if (pf->kind == CHANNEL) {
 619                struct channel *pch;
 620                struct ppp_channel *chan;
 621
 622                pch = PF_TO_CHANNEL(pf);
 623
 624                switch (cmd) {
 625                case PPPIOCCONNECT:
 626                        if (get_user(unit, p))
 627                                break;
 628                        err = ppp_connect_channel(pch, unit);
 629                        break;
 630
 631                case PPPIOCDISCONN:
 632                        err = ppp_disconnect_channel(pch);
 633                        break;
 634
 635                default:
 636                        down_read(&pch->chan_sem);
 637                        chan = pch->chan;
 638                        err = -ENOTTY;
 639                        if (chan && chan->ops->ioctl)
 640                                err = chan->ops->ioctl(chan, cmd, arg);
 641                        up_read(&pch->chan_sem);
 642                }
 643                goto out;
 644        }
 645
 646        if (pf->kind != INTERFACE) {
 647                /* can't happen */
 648                pr_err("PPP: not interface or channel??\n");
 649                err = -EINVAL;
 650                goto out;
 651        }
 652
 653        ppp = PF_TO_PPP(pf);
 654        switch (cmd) {
 655        case PPPIOCSMRU:
 656                if (get_user(val, p))
 657                        break;
 658                ppp->mru = val;
 659                err = 0;
 660                break;
 661
 662        case PPPIOCSFLAGS:
 663                if (get_user(val, p))
 664                        break;
 665                ppp_lock(ppp);
 666                cflags = ppp->flags & ~val;
 667#ifdef CONFIG_PPP_MULTILINK
 668                if (!(ppp->flags & SC_MULTILINK) && (val & SC_MULTILINK))
 669                        ppp->nextseq = 0;
 670#endif
 671                ppp->flags = val & SC_FLAG_BITS;
 672                ppp_unlock(ppp);
 673                if (cflags & SC_CCP_OPEN)
 674                        ppp_ccp_closed(ppp);
 675                err = 0;
 676                break;
 677
 678        case PPPIOCGFLAGS:
 679                val = ppp->flags | ppp->xstate | ppp->rstate;
 680                if (put_user(val, p))
 681                        break;
 682                err = 0;
 683                break;
 684
 685        case PPPIOCSCOMPRESS:
 686                err = ppp_set_compress(ppp, arg);
 687                break;
 688
 689        case PPPIOCGUNIT:
 690                if (put_user(ppp->file.index, p))
 691                        break;
 692                err = 0;
 693                break;
 694
 695        case PPPIOCSDEBUG:
 696                if (get_user(val, p))
 697                        break;
 698                ppp->debug = val;
 699                err = 0;
 700                break;
 701
 702        case PPPIOCGDEBUG:
 703                if (put_user(ppp->debug, p))
 704                        break;
 705                err = 0;
 706                break;
 707
 708        case PPPIOCGIDLE:
 709                idle.xmit_idle = (jiffies - ppp->last_xmit) / HZ;
 710                idle.recv_idle = (jiffies - ppp->last_recv) / HZ;
 711                if (copy_to_user(argp, &idle, sizeof(idle)))
 712                        break;
 713                err = 0;
 714                break;
 715
 716        case PPPIOCSMAXCID:
 717                if (get_user(val, p))
 718                        break;
 719                val2 = 15;
 720                if ((val >> 16) != 0) {
 721                        val2 = val >> 16;
 722                        val &= 0xffff;
 723                }
 724                vj = slhc_init(val2+1, val+1);
 725                if (IS_ERR(vj)) {
 726                        err = PTR_ERR(vj);
 727                        break;
 728                }
 729                ppp_lock(ppp);
 730                if (ppp->vj)
 731                        slhc_free(ppp->vj);
 732                ppp->vj = vj;
 733                ppp_unlock(ppp);
 734                err = 0;
 735                break;
 736
 737        case PPPIOCGNPMODE:
 738        case PPPIOCSNPMODE:
 739                if (copy_from_user(&npi, argp, sizeof(npi)))
 740                        break;
 741                err = proto_to_npindex(npi.protocol);
 742                if (err < 0)
 743                        break;
 744                i = err;
 745                if (cmd == PPPIOCGNPMODE) {
 746                        err = -EFAULT;
 747                        npi.mode = ppp->npmode[i];
 748                        if (copy_to_user(argp, &npi, sizeof(npi)))
 749                                break;
 750                } else {
 751                        ppp->npmode[i] = npi.mode;
 752                        /* we may be able to transmit more packets now (??) */
 753                        netif_wake_queue(ppp->dev);
 754                }
 755                err = 0;
 756                break;
 757
 758#ifdef CONFIG_PPP_FILTER
 759        case PPPIOCSPASS:
 760        {
 761                struct sock_filter *code;
 762
 763                err = get_filter(argp, &code);
 764                if (err >= 0) {
 765                        struct bpf_prog *pass_filter = NULL;
 766                        struct sock_fprog_kern fprog = {
 767                                .len = err,
 768                                .filter = code,
 769                        };
 770
 771                        err = 0;
 772                        if (fprog.filter)
 773                                err = bpf_prog_create(&pass_filter, &fprog);
 774                        if (!err) {
 775                                ppp_lock(ppp);
 776                                if (ppp->pass_filter)
 777                                        bpf_prog_destroy(ppp->pass_filter);
 778                                ppp->pass_filter = pass_filter;
 779                                ppp_unlock(ppp);
 780                        }
 781                        kfree(code);
 782                }
 783                break;
 784        }
 785        case PPPIOCSACTIVE:
 786        {
 787                struct sock_filter *code;
 788
 789                err = get_filter(argp, &code);
 790                if (err >= 0) {
 791                        struct bpf_prog *active_filter = NULL;
 792                        struct sock_fprog_kern fprog = {
 793                                .len = err,
 794                                .filter = code,
 795                        };
 796
 797                        err = 0;
 798                        if (fprog.filter)
 799                                err = bpf_prog_create(&active_filter, &fprog);
 800                        if (!err) {
 801                                ppp_lock(ppp);
 802                                if (ppp->active_filter)
 803                                        bpf_prog_destroy(ppp->active_filter);
 804                                ppp->active_filter = active_filter;
 805                                ppp_unlock(ppp);
 806                        }
 807                        kfree(code);
 808                }
 809                break;
 810        }
 811#endif /* CONFIG_PPP_FILTER */
 812
 813#ifdef CONFIG_PPP_MULTILINK
 814        case PPPIOCSMRRU:
 815                if (get_user(val, p))
 816                        break;
 817                ppp_recv_lock(ppp);
 818                ppp->mrru = val;
 819                ppp_recv_unlock(ppp);
 820                err = 0;
 821                break;
 822#endif /* CONFIG_PPP_MULTILINK */
 823
 824        default:
 825                err = -ENOTTY;
 826        }
 827
 828out:
 829        mutex_unlock(&ppp_mutex);
 830
 831        return err;
 832}
 833
 834static int ppp_unattached_ioctl(struct net *net, struct ppp_file *pf,
 835                        struct file *file, unsigned int cmd, unsigned long arg)
 836{
 837        int unit, err = -EFAULT;
 838        struct ppp *ppp;
 839        struct channel *chan;
 840        struct ppp_net *pn;
 841        int __user *p = (int __user *)arg;
 842
 843        switch (cmd) {
 844        case PPPIOCNEWUNIT:
 845                /* Create a new ppp unit */
 846                if (get_user(unit, p))
 847                        break;
 848                err = ppp_create_interface(net, file, &unit);
 849                if (err < 0)
 850                        break;
 851
 852                err = -EFAULT;
 853                if (put_user(unit, p))
 854                        break;
 855                err = 0;
 856                break;
 857
 858        case PPPIOCATTACH:
 859                /* Attach to an existing ppp unit */
 860                if (get_user(unit, p))
 861                        break;
 862                err = -ENXIO;
 863                pn = ppp_pernet(net);
 864                mutex_lock(&pn->all_ppp_mutex);
 865                ppp = ppp_find_unit(pn, unit);
 866                if (ppp) {
 867                        refcount_inc(&ppp->file.refcnt);
 868                        file->private_data = &ppp->file;
 869                        err = 0;
 870                }
 871                mutex_unlock(&pn->all_ppp_mutex);
 872                break;
 873
 874        case PPPIOCATTCHAN:
 875                if (get_user(unit, p))
 876                        break;
 877                err = -ENXIO;
 878                pn = ppp_pernet(net);
 879                spin_lock_bh(&pn->all_channels_lock);
 880                chan = ppp_find_channel(pn, unit);
 881                if (chan) {
 882                        refcount_inc(&chan->file.refcnt);
 883                        file->private_data = &chan->file;
 884                        err = 0;
 885                }
 886                spin_unlock_bh(&pn->all_channels_lock);
 887                break;
 888
 889        default:
 890                err = -ENOTTY;
 891        }
 892
 893        return err;
 894}
 895
 896static const struct file_operations ppp_device_fops = {
 897        .owner          = THIS_MODULE,
 898        .read           = ppp_read,
 899        .write          = ppp_write,
 900        .poll           = ppp_poll,
 901        .unlocked_ioctl = ppp_ioctl,
 902        .open           = ppp_open,
 903        .release        = ppp_release,
 904        .llseek         = noop_llseek,
 905};
 906
 907static __net_init int ppp_init_net(struct net *net)
 908{
 909        struct ppp_net *pn = net_generic(net, ppp_net_id);
 910
 911        idr_init(&pn->units_idr);
 912        mutex_init(&pn->all_ppp_mutex);
 913
 914        INIT_LIST_HEAD(&pn->all_channels);
 915        INIT_LIST_HEAD(&pn->new_channels);
 916
 917        spin_lock_init(&pn->all_channels_lock);
 918
 919        return 0;
 920}
 921
 922static __net_exit void ppp_exit_net(struct net *net)
 923{
 924        struct ppp_net *pn = net_generic(net, ppp_net_id);
 925        struct net_device *dev;
 926        struct net_device *aux;
 927        struct ppp *ppp;
 928        LIST_HEAD(list);
 929        int id;
 930
 931        rtnl_lock();
 932        for_each_netdev_safe(net, dev, aux) {
 933                if (dev->netdev_ops == &ppp_netdev_ops)
 934                        unregister_netdevice_queue(dev, &list);
 935        }
 936
 937        idr_for_each_entry(&pn->units_idr, ppp, id)
 938                /* Skip devices already unregistered by previous loop */
 939                if (!net_eq(dev_net(ppp->dev), net))
 940                        unregister_netdevice_queue(ppp->dev, &list);
 941
 942        unregister_netdevice_many(&list);
 943        rtnl_unlock();
 944
 945        mutex_destroy(&pn->all_ppp_mutex);
 946        idr_destroy(&pn->units_idr);
 947        WARN_ON_ONCE(!list_empty(&pn->all_channels));
 948        WARN_ON_ONCE(!list_empty(&pn->new_channels));
 949}
 950
 951static struct pernet_operations ppp_net_ops = {
 952        .init = ppp_init_net,
 953        .exit = ppp_exit_net,
 954        .id   = &ppp_net_id,
 955        .size = sizeof(struct ppp_net),
 956};
 957
 958static int ppp_unit_register(struct ppp *ppp, int unit, bool ifname_is_set)
 959{
 960        struct ppp_net *pn = ppp_pernet(ppp->ppp_net);
 961        int ret;
 962
 963        mutex_lock(&pn->all_ppp_mutex);
 964
 965        if (unit < 0) {
 966                ret = unit_get(&pn->units_idr, ppp);
 967                if (ret < 0)
 968                        goto err;
 969        } else {
 970                /* Caller asked for a specific unit number. Fail with -EEXIST
 971                 * if unavailable. For backward compatibility, return -EEXIST
 972                 * too if idr allocation fails; this makes pppd retry without
 973                 * requesting a specific unit number.
 974                 */
 975                if (unit_find(&pn->units_idr, unit)) {
 976                        ret = -EEXIST;
 977                        goto err;
 978                }
 979                ret = unit_set(&pn->units_idr, ppp, unit);
 980                if (ret < 0) {
 981                        /* Rewrite error for backward compatibility */
 982                        ret = -EEXIST;
 983                        goto err;
 984                }
 985        }
 986        ppp->file.index = ret;
 987
 988        if (!ifname_is_set)
 989                snprintf(ppp->dev->name, IFNAMSIZ, "ppp%i", ppp->file.index);
 990
 991        mutex_unlock(&pn->all_ppp_mutex);
 992
 993        ret = register_netdevice(ppp->dev);
 994        if (ret < 0)
 995                goto err_unit;
 996
 997        atomic_inc(&ppp_unit_count);
 998
 999        return 0;
1000

1001err_unit:
1002        mutex_lock(&pn->all_ppp_mutex);
1003        unit_put(&pn->units_idr, ppp->file.index);
1004err:
1005        mutex_unlock(&pn->all_ppp_mutex);
1006
1007        return ret;
1008}
1009
1010static int ppp_dev_configure(struct net *src_net, struct net_device *dev,
1011                             const struct ppp_config *conf)
1012{
1013        struct ppp *ppp = netdev_priv(dev);
1014        int indx;
1015        int err;
1016        int cpu;
1017
1018        ppp->dev = dev;
1019        ppp->ppp_net = src_net;
1020        ppp->mru = PPP_MRU;
1021        ppp->owner = conf->file;
1022
1023        init_ppp_file(&ppp->file, INTERFACE);
1024        ppp->file.hdrlen = PPP_HDRLEN - 2; /* don't count proto bytes */
1025
1026        for (indx = 0; indx < NUM_NP; ++indx)
1027                ppp->npmode[indx] = NPMODE_PASS;
1028        INIT_LIST_HEAD(&ppp->channels);
1029        spin_lock_init(&ppp->rlock);
1030        spin_lock_init(&ppp->wlock);
1031
1032        ppp->xmit_recursion = alloc_percpu(int);
1033        if (!ppp->xmit_recursion) {
1034                err = -ENOMEM;
1035                goto err1;
1036        }
1037        for_each_possible_cpu(cpu)
1038                (*per_cpu_ptr(ppp->xmit_recursion, cpu)) = 0;
1039
1040#ifdef CONFIG_PPP_MULTILINK
1041        ppp->minseq = -1;
1042        skb_queue_head_init(&ppp->mrq);
1043#endif /* CONFIG_PPP_MULTILINK */
1044#ifdef CONFIG_PPP_FILTER
1045        ppp->pass_filter = NULL;
1046        ppp->active_filter = NULL;
1047#endif /* CONFIG_PPP_FILTER */
1048
1049        err = ppp_unit_register(ppp, conf->unit, conf->ifname_is_set);
1050        if (err < 0)
1051                goto err2;
1052
1053        conf->file->private_data = &ppp->file;
1054
1055        return 0;
1056err2:
1057        free_percpu(ppp->xmit_recursion);
1058err1:
1059        return err;
1060}
1061
1062static const struct nla_policy ppp_nl_policy[IFLA_PPP_MAX + 1] = {
1063        [IFLA_PPP_DEV_FD]       = { .type = NLA_S32 },
1064};
1065
1066static int ppp_nl_validate(struct nlattr *tb[], struct nlattr *data[],
1067                           struct netlink_ext_ack *extack)
1068{
1069        if (!data)
1070                return -EINVAL;
1071
1072        if (!data[IFLA_PPP_DEV_FD])
1073                return -EINVAL;
1074        if (nla_get_s32(data[IFLA_PPP_DEV_FD]) < 0)
1075                return -EBADF;
1076
1077        return 0;
1078}
1079
1080static int ppp_nl_newlink(struct net *src_net, struct net_device *dev,
1081                          struct nlattr *tb[], struct nlattr *data[],
1082                          struct netlink_ext_ack *extack)
1083{
1084        struct ppp_config conf = {
1085                .unit = -1,
1086                .ifname_is_set = true,
1087        };
1088        struct file *file;
1089        int err;
1090
1091        file = fget(nla_get_s32(data[IFLA_PPP_DEV_FD]));
1092        if (!file)
1093                return -EBADF;
1094
1095        /* rtnl_lock is already held here, but ppp_create_interface() locks
1096         * ppp_mutex before holding rtnl_lock. Using mutex_trylock() avoids
1097         * possible deadlock due to lock order inversion, at the cost of
1098         * pushing the problem back to userspace.
1099         */
1100        if (!mutex_trylock(&ppp_mutex)) {
1101                err = -EBUSY;
1102                goto out;
1103        }
1104
1105        if (file->f_op != &ppp_device_fops || file->private_data) {
1106                err = -EBADF;
1107                goto out_unlock;
1108        }
1109
1110        conf.file = file;
1111
1112        /* Don't use device name generated by the rtnetlink layer when ifname
1113         * isn't specified. Let ppp_dev_configure() set the device name using
1114         * the PPP unit identifer as suffix (i.e. ppp<unit_id>). This allows
1115         * userspace to infer the device name using to the PPPIOCGUNIT ioctl.
1116         */
1117        if (!tb[IFLA_IFNAME])
1118                conf.ifname_is_set = false;
1119
1120        err = ppp_dev_configure(src_net, dev, &conf);
1121
1122out_unlock:
1123        mutex_unlock(&ppp_mutex);
1124out:
1125        fput(file);
1126
1127        return err;
1128}
1129
1130static void ppp_nl_dellink(struct net_device *dev, struct list_head *head)
1131{
1132        unregister_netdevice_queue(dev, head);
1133}
1134
1135static size_t ppp_nl_get_size(const struct net_device *dev)
1136{
1137        return 0;
1138}
1139
1140static int ppp_nl_fill_info(struct sk_buff *skb, const struct net_device *dev)
1141{
1142        return 0;
1143}
1144
1145static struct net *ppp_nl_get_link_net(const struct net_device *dev)
1146{
1147        struct ppp *ppp = netdev_priv(dev);
1148
1149        return ppp->ppp_net;
1150}
1151
1152static struct rtnl_link_ops ppp_link_ops __read_mostly = {
1153        .kind           = "ppp",
1154        .maxtype        = IFLA_PPP_MAX,
1155        .policy         = ppp_nl_policy,
1156        .priv_size      = sizeof(struct ppp),
1157        .setup          = ppp_setup,
1158        .validate       = ppp_nl_validate,
1159        .newlink        = ppp_nl_newlink,
1160        .dellink        = ppp_nl_dellink,
1161        .get_size       = ppp_nl_get_size,
1162        .fill_info      = ppp_nl_fill_info,
1163        .get_link_net   = ppp_nl_get_link_net,
1164};
1165
1166#define PPP_MAJOR       108
1167
1168/* Called at boot time if ppp is compiled into the kernel,
1169   or at module load time (from init_module) if compiled as a module. */
1170static int __init ppp_init(void)
1171{
1172        int err;
1173
1174        pr_info("PPP generic driver version " PPP_VERSION "\n");
1175
1176        err = register_pernet_device(&ppp_net_ops);
1177        if (err) {
1178                pr_err("failed to register PPP pernet device (%d)\n", err);
1179                goto out;
1180        }
1181
1182        err = register_chrdev(PPP_MAJOR, "ppp", &ppp_device_fops);
1183        if (err) {
1184                pr_err("failed to register PPP device (%d)\n", err);
1185                goto out_net;
1186        }
1187
1188        ppp_class = class_create(THIS_MODULE, "ppp");
1189        if (IS_ERR(ppp_class)) {
1190                err = PTR_ERR(ppp_class);
1191                goto out_chrdev;
1192        }
1193
1194        err = rtnl_link_register(&ppp_link_ops);
1195        if (err) {
1196                pr_err("failed to register rtnetlink PPP handler\n");
1197                goto out_class;
1198        }
1199
1200        /* not a big deal if we fail here :-) */
1201        device_create(ppp_class, NULL, MKDEV(PPP_MAJOR, 0), NULL, "ppp");
1202
1203        return 0;
1204
1205out_class:
1206        class_destroy(ppp_class);
1207out_chrdev:
1208        unregister_chrdev(PPP_MAJOR, "ppp");
1209out_net:
1210        unregister_pernet_device(&ppp_net_ops);
1211out:
1212        return err;
1213}
1214
1215/*
1216 * Network interface unit routines.
1217 */
1218static netdev_tx_t
1219ppp_start_xmit(struct sk_buff *skb, struct net_device *dev)
1220{
1221        struct ppp *ppp = netdev_priv(dev);
1222        int npi, proto;
1223        unsigned char *pp;
1224
1225        npi = ethertype_to_npindex(ntohs(skb->protocol));
1226        if (npi < 0)
1227                goto outf;
1228
1229        /* Drop, accept or reject the packet */
1230        switch (ppp->npmode[npi]) {
1231        case NPMODE_PASS:
1232                break;
1233        case NPMODE_QUEUE:
1234                /* it would be nice to have a way to tell the network
1235                   system to queue this one up for later. */
1236                goto outf;
1237        case NPMODE_DROP:
1238        case NPMODE_ERROR:
1239                goto outf;
1240        }
1241
1242        /* Put the 2-byte PPP protocol number on the front,
1243           making sure there is room for the address and control fields. */
1244        if (skb_cow_head(skb, PPP_HDRLEN))
1245                goto outf;
1246
1247        pp = skb_push(skb, 2);
1248        proto = npindex_to_proto[npi];
1249        put_unaligned_be16(proto, pp);
1250
1251        skb_scrub_packet(skb, !net_eq(ppp->ppp_net, dev_net(dev)));
1252        ppp_xmit_process(ppp, skb);
1253
1254        return NETDEV_TX_OK;
1255
1256 outf:
1257        kfree_skb(skb);
1258        ++dev->stats.tx_dropped;
1259        return NETDEV_TX_OK;
1260}
1261
1262static int
1263ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1264{
1265        struct ppp *ppp = netdev_priv(dev);
1266        int err = -EFAULT;
1267        void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
1268        struct ppp_stats stats;
1269        struct ppp_comp_stats cstats;
1270        char *vers;
1271
1272        switch (cmd) {
1273        case SIOCGPPPSTATS:
1274                ppp_get_stats(ppp, &stats);
1275                if (copy_to_user(addr, &stats, sizeof(stats)))
1276                        break;
1277                err = 0;
1278                break;
1279
1280        case SIOCGPPPCSTATS:
1281                memset(&cstats, 0, sizeof(cstats));
1282                if (ppp->xc_state)
1283                        ppp->xcomp->comp_stat(ppp->xc_state, &cstats.c);
1284                if (ppp->rc_state)
1285                        ppp->rcomp->decomp_stat(ppp->rc_state, &cstats.d);
1286                if (copy_to_user(addr, &cstats, sizeof(cstats)))
1287                        break;
1288                err = 0;
1289                break;
1290
1291        case SIOCGPPPVER:
1292                vers = PPP_VERSION;
1293                if (copy_to_user(addr, vers, strlen(vers) + 1))
1294                        break;
1295                err = 0;
1296                break;
1297
1298        default:
1299                err = -EINVAL;
1300        }
1301
1302        return err;
1303}
1304
1305static void
1306ppp_get_stats64(struct net_device *dev, struct rtnl_link_stats64 *stats64)
1307{
1308        struct ppp *ppp = netdev_priv(dev);
1309
1310        ppp_recv_lock(ppp);
1311        stats64->rx_packets = ppp->stats64.rx_packets;
1312        stats64->rx_bytes   = ppp->stats64.rx_bytes;
1313        ppp_recv_unlock(ppp);
1314
1315        ppp_xmit_lock(ppp);
1316        stats64->tx_packets = ppp->stats64.tx_packets;
1317        stats64->tx_bytes   = ppp->stats64.tx_bytes;
1318        ppp_xmit_unlock(ppp);
1319
1320        stats64->rx_errors        = dev->stats.rx_errors;
1321        stats64->tx_errors        = dev->stats.tx_errors;
1322        stats64->rx_dropped       = dev->stats.rx_dropped;
1323        stats64->tx_dropped       = dev->stats.tx_dropped;
1324        stats64->rx_length_errors = dev->stats.rx_length_errors;
1325}
1326
1327static int ppp_dev_init(struct net_device *dev)
1328{
1329        struct ppp *ppp;
1330
1331        netdev_lockdep_set_classes(dev);
1332
1333        ppp = netdev_priv(dev);
1334        /* Let the netdevice take a reference on the ppp file. This ensures
1335         * that ppp_destroy_interface() won't run before the device gets
1336         * unregistered.
1337         */
1338        refcount_inc(&ppp->file.refcnt);
1339
1340        return 0;
1341}
1342
1343static void ppp_dev_uninit(struct net_device *dev)
1344{
1345        struct ppp *ppp = netdev_priv(dev);
1346        struct ppp_net *pn = ppp_pernet(ppp->ppp_net);
1347
1348        ppp_lock(ppp);
1349        ppp->closing = 1;
1350        ppp_unlock(ppp);
1351
1352        mutex_lock(&pn->all_ppp_mutex);
1353        unit_put(&pn->units_idr, ppp->file.index);
1354        mutex_unlock(&pn->all_ppp_mutex);
1355
1356        ppp->owner = NULL;
1357
1358        ppp->file.dead = 1;
1359        wake_up_interruptible(&ppp->file.rwait);
1360}
1361
1362static void ppp_dev_priv_destructor(struct net_device *dev)
1363{
1364        struct ppp *ppp;
1365
1366        ppp = netdev_priv(dev);
1367        if (refcount_dec_and_test(&ppp->file.refcnt))
1368                ppp_destroy_interface(ppp);
1369}
1370
1371static const struct net_device_ops ppp_netdev_ops = {
1372        .ndo_init        = ppp_dev_init,
1373        .ndo_uninit      = ppp_dev_uninit,
1374        .ndo_start_xmit  = ppp_start_xmit,
1375        .ndo_do_ioctl    = ppp_net_ioctl,
1376        .ndo_get_stats64 = ppp_get_stats64,
1377};
1378
1379static struct device_type ppp_type = {
1380        .name = "ppp",
1381};
1382
1383static void ppp_setup(struct net_device *dev)
1384{
1385        dev->netdev_ops = &ppp_netdev_ops;
1386        SET_NETDEV_DEVTYPE(dev, &ppp_type);
1387
1388        dev->features |= NETIF_F_LLTX;
1389
1390        dev->hard_header_len = PPP_HDRLEN;
1391        dev->mtu = PPP_MRU;
1392        dev->addr_len = 0;
1393        dev->tx_queue_len = 3;
1394        dev->type = ARPHRD_PPP;
1395        dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
1396        dev->priv_destructor = ppp_dev_priv_destructor;
1397        netif_keep_dst(dev);
1398}
1399
1400/*
1401 * Transmit-side routines.
1402 */
1403
1404/* Called to do any work queued up on the transmit side that can now be done */
1405static void __ppp_xmit_process(struct ppp *ppp, struct sk_buff *skb)
1406{
1407        ppp_xmit_lock(ppp);
1408        if (!ppp->closing) {
1409                ppp_push(ppp);
1410
1411                if (skb)
1412                        skb_queue_tail(&ppp->file.xq, skb);
1413                while (!ppp->xmit_pending &&
1414                       (skb = skb_dequeue(&ppp->file.xq)))
1415                        ppp_send_frame(ppp, skb);
1416                /* If there's no work left to do, tell the core net
1417                   code that we can accept some more. */
1418                if (!ppp->xmit_pending && !skb_peek(&ppp->file.xq))
1419                        netif_wake_queue(ppp->dev);
1420                else
1421                        netif_stop_queue(ppp->dev);
1422        } else {
1423                kfree_skb(skb);
1424        }
1425        ppp_xmit_unlock(ppp);
1426}
1427
1428static void ppp_xmit_process(struct ppp *ppp, struct sk_buff *skb)
1429{
1430        local_bh_disable();
1431
1432        if (unlikely(*this_cpu_ptr(ppp->xmit_recursion)))
1433                goto err;
1434
1435        (*this_cpu_ptr(ppp->xmit_recursion))++;
1436        __ppp_xmit_process(ppp, skb);
1437        (*this_cpu_ptr(ppp->xmit_recursion))--;
1438
1439        local_bh_enable();
1440
1441        return;
1442
1443err:
1444        local_bh_enable();
1445
1446        kfree_skb(skb);
1447
1448        if (net_ratelimit())
1449                netdev_err(ppp->dev, "recursion detected\n");
1450}
1451
1452static inline struct sk_buff *
1453pad_compress_skb(struct ppp *ppp, struct sk_buff *skb)
1454{
1455        struct sk_buff *new_skb;
1456        int len;
1457        int new_skb_size = ppp->dev->mtu +
1458                ppp->xcomp->comp_extra + ppp->dev->hard_header_len;
1459        int compressor_skb_size = ppp->dev->mtu +
1460                ppp->xcomp->comp_extra + PPP_HDRLEN;
1461        new_skb = alloc_skb(new_skb_size, GFP_ATOMIC);
1462        if (!new_skb) {
1463                if (net_ratelimit())
1464                        netdev_err(ppp->dev, "PPP: no memory (comp pkt)\n");
1465                return NULL;
1466        }
1467        if (ppp->dev->hard_header_len > PPP_HDRLEN)
1468                skb_reserve(new_skb,
1469                            ppp->dev->hard_header_len - PPP_HDRLEN);
1470
1471        /* compressor still expects A/C bytes in hdr */
1472        len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
1473                                   new_skb->data, skb->len + 2,
1474                                   compressor_skb_size);
1475        if (len > 0 && (ppp->flags & SC_CCP_UP)) {
1476                consume_skb(skb);
1477                skb = new_skb;
1478                skb_put(skb, len);
1479                skb_pull(skb, 2);       /* pull off A/C bytes */
1480        } else if (len == 0) {
1481                /* didn't compress, or CCP not up yet */
1482                consume_skb(new_skb);
1483                new_skb = skb;
1484        } else {
1485                /*
1486                 * (len < 0)
1487                 * MPPE requires that we do not send unencrypted
1488                 * frames.  The compressor will return -1 if we
1489                 * should drop the frame.  We cannot simply test
1490                 * the compress_proto because MPPE and MPPC share
1491                 * the same number.
1492                 */
1493                if (net_ratelimit())
1494                        netdev_err(ppp->dev, "ppp: compressor dropped pkt\n");
1495                kfree_skb(skb);
1496                consume_skb(new_skb);
1497                new_skb = NULL;
1498        }
1499        return new_skb;
1500}
1501
1502/*
1503 * Compress and send a frame.
1504 * The caller should have locked the xmit path,
1505 * and xmit_pending should be 0.
1506 */
1507static void
1508ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
1509{
1510        int proto = PPP_PROTO(skb);
1511        struct sk_buff *new_skb;
1512        int len;
1513        unsigned char *cp;
1514
1515        if (proto < 0x8000) {
1516#ifdef CONFIG_PPP_FILTER
1517                /* check if we should pass this packet */
1518                /* the filter instructions are constructed assuming
1519                   a four-byte PPP header on each packet */
1520                *(u8 *)skb_push(skb, 2) = 1;
1521                if (ppp->pass_filter &&
1522                    BPF_PROG_RUN(ppp->pass_filter, skb) == 0) {
1523                        if (ppp->debug & 1)
1524                                netdev_printk(KERN_DEBUG, ppp->dev,
1525                                              "PPP: outbound frame "
1526                                              "not passed\n");
1527                        kfree_skb(skb);
1528                        return;
1529                }
1530                /* if this packet passes the active filter, record the time */
1531                if (!(ppp->active_filter &&
1532                      BPF_PROG_RUN(ppp->active_filter, skb) == 0))
1533                        ppp->last_xmit = jiffies;
1534                skb_pull(skb, 2);
1535#else
1536                /* for data packets, record the time */
1537                ppp->last_xmit = jiffies;
1538#endif /* CONFIG_PPP_FILTER */
1539        }
1540
1541        ++ppp->stats64.tx_packets;
1542        ppp->stats64.tx_bytes += skb->len - 2;
1543
1544        switch (proto) {
1545        case PPP_IP:
1546                if (!ppp->vj || (ppp->flags & SC_COMP_TCP) == 0)
1547                        break;
1548                /* try to do VJ TCP header compression */
1549                new_skb = alloc_skb(skb->len + ppp->dev->hard_header_len - 2,
1550                                    GFP_ATOMIC);
1551                if (!new_skb) {
1552                        netdev_err(ppp->dev, "PPP: no memory (VJ comp pkt)\n");
1553                        goto drop;
1554                }
1555                skb_reserve(new_skb, ppp->dev->hard_header_len - 2);
1556                cp = skb->data + 2;
1557                len = slhc_compress(ppp->vj, cp, skb->len - 2,
1558                                    new_skb->data + 2, &cp,
1559                                    !(ppp->flags & SC_NO_TCP_CCID));
1560                if (cp == skb->data + 2) {
1561                        /* didn't compress */
1562                        consume_skb(new_skb);
1563                } else {
1564                        if (cp[0] & SL_TYPE_COMPRESSED_TCP) {
1565                                proto = PPP_VJC_COMP;
1566                                cp[0] &= ~SL_TYPE_COMPRESSED_TCP;
1567                        } else {
1568                                proto = PPP_VJC_UNCOMP;
1569                                cp[0] = skb->data[2];
1570                        }
1571                        consume_skb(skb);
1572                        skb = new_skb;
1573                        cp = skb_put(skb, len + 2);
1574                        cp[0] = 0;
1575                        cp[1] = proto;
1576                }
1577                break;
1578
1579        case PPP_CCP:
1580                /* peek at outbound CCP frames */
1581                ppp_ccp_peek(ppp, skb, 0);
1582                break;
1583        }
1584
1585        /* try to do packet compression */
1586        if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state &&
1587            proto != PPP_LCP && proto != PPP_CCP) {
1588                if (!(ppp->flags & SC_CCP_UP) && (ppp->flags & SC_MUST_COMP)) {
1589                        if (net_ratelimit())
1590                                netdev_err(ppp->dev,
1591                                           "ppp: compression required but "
1592                                           "down - pkt dropped.\n");
1593                        goto drop;
1594                }
1595                skb = pad_compress_skb(ppp, skb);
1596                if (!skb)
1597                        goto drop;
1598        }
1599
1600        /*
1601         * If we are waiting for traffic (demand dialling),
1602         * queue it up for pppd to receive.
1603         */
1604        if (ppp->flags & SC_LOOP_TRAFFIC) {
1605                if (ppp->file.rq.qlen > PPP_MAX_RQLEN)
1606                        goto drop;
1607                skb_queue_tail(&ppp->file.rq, skb);
1608                wake_up_interruptible(&ppp->file.rwait);
1609                return;
1610        }
1611
1612        ppp->xmit_pending = skb;
1613        ppp_push(ppp);
1614        return;
1615
1616 drop:
1617        kfree_skb(skb);
1618        ++ppp->dev->stats.tx_errors;
1619}
1620
1621/*
1622 * Try to send the frame in xmit_pending.
1623 * The caller should have the xmit path locked.
1624 */
1625static void
1626ppp_push(struct ppp *ppp)
1627{
1628        struct list_head *list;
1629        struct channel *pch;
1630        struct sk_buff *skb = ppp->xmit_pending;
1631
1632        if (!skb)
1633                return;
1634
1635        list = &ppp->channels;
1636        if (list_empty(list)) {
1637                /* nowhere to send the packet, just drop it */
1638                ppp->xmit_pending = NULL;
1639                kfree_skb(skb);
1640                return;
1641        }
1642
1643        if ((ppp->flags & SC_MULTILINK) == 0) {
1644                /* not doing multilink: send it down the first channel */
1645                list = list->next;
1646                pch = list_entry(list, struct channel, clist);
1647
1648                spin_lock(&pch->downl);
1649                if (pch->chan) {
1650                        if (pch->chan->ops->start_xmit(pch->chan, skb))
1651                                ppp->xmit_pending = NULL;
1652                } else {
1653                        /* channel got unregistered */
1654                        kfree_skb(skb);
1655                        ppp->xmit_pending = NULL;
1656                }
1657                spin_unlock(&pch->downl);
1658                return;
1659        }
1660
1661#ifdef CONFIG_PPP_MULTILINK
1662        /* Multilink: fragment the packet over as many links
1663           as can take the packet at the moment. */
1664        if (!ppp_mp_explode(ppp, skb))
1665                return;
1666#endif /* CONFIG_PPP_MULTILINK */
1667
1668        ppp->xmit_pending = NULL;
1669        kfree_skb(skb);
1670}
1671
1672#ifdef CONFIG_PPP_MULTILINK
1673static bool mp_protocol_compress __read_mostly = true;
1674module_param(mp_protocol_compress, bool, 0644);
1675MODULE_PARM_DESC(mp_protocol_compress,
1676                 "compress protocol id in multilink fragments");
1677
1678/*
1679 * Divide a packet to be transmitted into fragments and
1680 * send them out the individual links.
1681 */
1682static int ppp_mp_explode(struct ppp *ppp, struct sk_buff *skb)
1683{
1684        int len, totlen;
1685        int i, bits, hdrlen, mtu;
1686        int flen;
1687        int navail, nfree, nzero;
1688        int nbigger;
1689        int totspeed;
1690        int totfree;
1691        unsigned char *p, *q;
1692        struct list_head *list;
1693        struct channel *pch;
1694        struct sk_buff *frag;
1695        struct ppp_channel *chan;
1696
1697        totspeed = 0; /*total bitrate of the bundle*/
1698        nfree = 0; /* # channels which have no packet already queued */
1699        navail = 0; /* total # of usable channels (not deregistered) */
1700        nzero = 0; /* number of channels with zero speed associated*/
1701        totfree = 0; /*total # of channels available and
1702                                  *having no queued packets before
1703                                  *starting the fragmentation*/
1704
1705        hdrlen = (ppp->flags & SC_MP_XSHORTSEQ)? MPHDRLEN_SSN: MPHDRLEN;
1706        i = 0;
1707        list_for_each_entry(pch, &ppp->channels, clist) {
1708                if (pch->chan) {
1709                        pch->avail = 1;
1710                        navail++;
1711                        pch->speed = pch->chan->speed;
1712                } else {
1713                        pch->avail = 0;
1714                }
1715                if (pch->avail) {
1716                        if (skb_queue_empty(&pch->file.xq) ||
1717                                !pch->had_frag) {
1718                                        if (pch->speed == 0)
1719                                                nzero++;
1720                                        else
1721                                                totspeed += pch->speed;
1722
1723                                        pch->avail = 2;
1724                                        ++nfree;
1725                                        ++totfree;
1726                                }
1727                        if (!pch->had_frag && i < ppp->nxchan)
1728                                ppp->nxchan = i;
1729                }
1730                ++i;
1731        }
1732        /*
1733         * Don't start sending this packet unless at least half of
1734         * the channels are free.  This gives much better TCP
1735         * performance if we have a lot of channels.
1736         */
1737        if (nfree == 0 || nfree < navail / 2)
1738                return 0; /* can't take now, leave it in xmit_pending */
1739
1740        /* Do protocol field compression */
1741        p = skb->data;
1742        len = skb->len;
1743        if (*p == 0 && mp_protocol_compress) {
1744                ++p;
1745                --len;
1746        }
1747
1748        totlen = len;
1749        nbigger = len % nfree;
1750
1751        /* skip to the channel after the one we last used
1752           and start at that one */
1753        list = &ppp->channels;
1754        for (i = 0; i < ppp->nxchan; ++i) {
1755                list = list->next;
1756                if (list == &ppp->channels) {
1757                        i = 0;
1758                        break;
1759                }
1760        }
1761
1762        /* create a fragment for each channel */
1763        bits = B;
1764        while (len > 0) {
1765                list = list->next;
1766                if (list == &ppp->channels) {
1767                        i = 0;
1768                        continue;
1769                }
1770                pch = list_entry(list, struct channel, clist);
1771                ++i;
1772                if (!pch->avail)
1773                        continue;
1774
1775                /*
1776                 * Skip this channel if it has a fragment pending already and
1777                 * we haven't given a fragment to all of the free channels.
1778                 */
1779                if (pch->avail == 1) {
1780                        if (nfree > 0)
1781                                continue;
1782                } else {
1783                        pch->avail = 1;
1784                }
1785
1786                /* check the channel's mtu and whether it is still attached. */
1787                spin_lock(&pch->downl);
1788                if (pch->chan == NULL) {
1789                        /* can't use this channel, it's being deregistered */
1790                        if (pch->speed == 0)
1791                                nzero--;
1792                        else
1793                                totspeed -= pch->speed;
1794
1795                        spin_unlock(&pch->downl);
1796                        pch->avail = 0;
1797                        totlen = len;
1798                        totfree--;
1799                        nfree--;
1800                        if (--navail == 0)
1801                                break;
1802                        continue;
1803                }
1804
1805                /*
1806                *if the channel speed is not set divide
1807                *the packet evenly among the free channels;
1808                *otherwise divide it according to the speed
1809                *of the channel we are going to transmit on
1810                */
1811                flen = len;
1812                if (nfree > 0) {
1813                        if (pch->speed == 0) {
1814                                flen = len/nfree;
1815                                if (nbigger > 0) {
1816                                        flen++;
1817                                        nbigger--;
1818                                }
1819                        } else {
1820                                flen = (((totfree - nzero)*(totlen + hdrlen*totfree)) /
1821                                        ((totspeed*totfree)/pch->speed)) - hdrlen;
1822                                if (nbigger > 0) {
1823                                        flen += ((totfree - nzero)*pch->speed)/totspeed;
1824                                        nbigger -= ((totfree - nzero)*pch->speed)/
1825                                                        totspeed;
1826                                }
1827                        }
1828                        nfree--;
1829                }
1830
1831                /*
1832                 *check if we are on the last channel or
1833                 *we exceded the length of the data to
1834                 *fragment
1835                 */
1836                if ((nfree <= 0) || (flen > len))
1837                        flen = len;
1838                /*
1839                 *it is not worth to tx on slow channels:
1840                 *in that case from the resulting flen according to the
1841                 *above formula will be equal or less than zero.
1842                 *Skip the channel in this case
1843                 */
1844                if (flen <= 0) {
1845                        pch->avail = 2;
1846                        spin_unlock(&pch->downl);
1847                        continue;
1848                }
1849
1850                /*
1851                 * hdrlen includes the 2-byte PPP protocol field, but the
1852                 * MTU counts only the payload excluding the protocol field.
1853                 * (RFC1661 Section 2)
1854                 */
1855                mtu = pch->chan->mtu - (hdrlen - 2);
1856                if (mtu < 4)
1857                        mtu = 4;
1858                if (flen > mtu)
1859                        flen = mtu;
1860                if (flen == len)
1861                        bits |= E;
1862                frag = alloc_skb(flen + hdrlen + (flen == 0), GFP_ATOMIC);
1863                if (!frag)
1864                        goto noskb;
1865                q = skb_put(frag, flen + hdrlen);
1866
1867                /* make the MP header */
1868                put_unaligned_be16(PPP_MP, q);
1869                if (ppp->flags & SC_MP_XSHORTSEQ) {
1870                        q[2] = bits + ((ppp->nxseq >> 8) & 0xf);
1871                        q[3] = ppp->nxseq;
1872                } else {
1873                        q[2] = bits;
1874                        q[3] = ppp->nxseq >> 16;
1875                        q[4] = ppp->nxseq >> 8;
1876                        q[5] = ppp->nxseq;
1877                }
1878
1879                memcpy(q + hdrlen, p, flen);
1880
1881                /* try to send it down the channel */
1882                chan = pch->chan;
1883                if (!skb_queue_empty(&pch->file.xq) ||
1884                        !chan->ops->start_xmit(chan, frag))
1885                        skb_queue_tail(&pch->file.xq, frag);
1886                pch->had_frag = 1;
1887                p += flen;
1888                len -= flen;
1889                ++ppp->nxseq;
1890                bits = 0;
1891                spin_unlock(&pch->downl);
1892        }
1893        ppp->nxchan = i;
1894
1895        return 1;
1896
1897 noskb:
1898        spin_unlock(&pch->downl);
1899        if (ppp->debug & 1)
1900                netdev_err(ppp->dev, "PPP: no memory (fragment)\n");
1901        ++ppp->dev->stats.tx_errors;
1902        ++ppp->nxseq;
1903        return 1;       /* abandon the frame */
1904}
1905#endif /* CONFIG_PPP_MULTILINK */
1906
1907/* Try to send data out on a channel */
1908static void __ppp_channel_push(struct channel *pch)
1909{
1910        struct sk_buff *skb;
1911        struct ppp *ppp;
1912
1913        spin_lock(&pch->downl);
1914        if (pch->chan) {
1915                while (!skb_queue_empty(&pch->file.xq)) {
1916                        skb = skb_dequeue(&pch->file.xq);
1917                        if (!pch->chan->ops->start_xmit(pch->chan, skb)) {
1918                                /* put the packet back and try again later */
1919                                skb_queue_head(&pch->file.xq, skb);
1920                                break;
1921                        }
1922                }
1923        } else {
1924                /* channel got deregistered */
1925                skb_queue_purge(&pch->file.xq);
1926        }
1927        spin_unlock(&pch->downl);
1928        /* see if there is anything from the attached unit to be sent */
1929        if (skb_queue_empty(&pch->file.xq)) {
1930                ppp = pch->ppp;
1931                if (ppp)
1932                        __ppp_xmit_process(ppp, NULL);
1933        }
1934}
1935
1936static void ppp_channel_push(struct channel *pch)
1937{
1938        read_lock_bh(&pch->upl);
1939        if (pch->ppp) {
1940                (*this_cpu_ptr(pch->ppp->xmit_recursion))++;
1941                __ppp_channel_push(pch);
1942                (*this_cpu_ptr(pch->ppp->xmit_recursion))--;
1943        } else {
1944                __ppp_channel_push(pch);
1945        }
1946        read_unlock_bh(&pch->upl);
1947}
1948
1949/*
1950 * Receive-side routines.
1951 */
1952
1953struct ppp_mp_skb_parm {
1954        u32             sequence;
1955        u8              BEbits;
1956};
1957#define PPP_MP_CB(skb)  ((struct ppp_mp_skb_parm *)((skb)->cb))
1958
1959static inline void
1960ppp_do_recv(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
1961{
1962        ppp_recv_lock(ppp);
1963        if (!ppp->closing)
1964                ppp_receive_frame(ppp, skb, pch);
1965        else
1966                kfree_skb(skb);
1967        ppp_recv_unlock(ppp);
1968}
1969
1970void
1971ppp_input(struct ppp_channel *chan, struct sk_buff *skb)
1972{
1973        struct channel *pch = chan->ppp;
1974        int proto;
1975
1976        if (!pch) {
1977                kfree_skb(skb);
1978                return;
1979        }
1980
1981        read_lock_bh(&pch->upl);
1982        if (!pskb_may_pull(skb, 2)) {
1983                kfree_skb(skb);
1984                if (pch->ppp) {
1985                        ++pch->ppp->dev->stats.rx_length_errors;
1986                        ppp_receive_error(pch->ppp);
1987                }
1988                goto done;
1989        }
1990
1991        proto = PPP_PROTO(skb);
1992        if (!pch->ppp || proto >= 0xc000 || proto == PPP_CCPFRAG) {
1993                /* put it on the channel queue */
1994                skb_queue_tail(&pch->file.rq, skb);
1995                /* drop old frames if queue too long */
1996                while (pch->file.rq.qlen > PPP_MAX_RQLEN &&
1997                       (skb = skb_dequeue(&pch->file.rq)))
1998                        kfree_skb(skb);
1999                wake_up_interruptible(&pch->file.rwait);
2000        } else {

2001                ppp_do_recv(pch->ppp, skb, pch);
2002        }
2003
2004done:
2005        read_unlock_bh(&pch->upl);
2006}
2007
2008/* Put a 0-length skb in the receive queue as an error indication */
2009void
2010ppp_input_error(struct ppp_channel *chan, int code)
2011{
2012        struct channel *pch = chan->ppp;
2013        struct sk_buff *skb;
2014
2015        if (!pch)
2016                return;
2017
2018        read_lock_bh(&pch->upl);
2019        if (pch->ppp) {
2020                skb = alloc_skb(0, GFP_ATOMIC);
2021                if (skb) {
2022                        skb->len = 0;           /* probably unnecessary */
2023                        skb->cb[0] = code;
2024                        ppp_do_recv(pch->ppp, skb, pch);
2025                }
2026        }
2027        read_unlock_bh(&pch->upl);
2028}
2029
2030/*
2031 * We come in here to process a received frame.
2032 * The receive side of the ppp unit is locked.
2033 */
2034static void
2035ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
2036{
2037        /* note: a 0-length skb is used as an error indication */
2038        if (skb->len > 0) {
2039                skb_checksum_complete_unset(skb);
2040#ifdef CONFIG_PPP_MULTILINK
2041                /* XXX do channel-level decompression here */
2042                if (PPP_PROTO(skb) == PPP_MP)
2043                        ppp_receive_mp_frame(ppp, skb, pch);
2044                else
2045#endif /* CONFIG_PPP_MULTILINK */
2046                        ppp_receive_nonmp_frame(ppp, skb);
2047        } else {
2048                kfree_skb(skb);
2049                ppp_receive_error(ppp);
2050        }
2051}
2052
2053static void
2054ppp_receive_error(struct ppp *ppp)
2055{
2056        ++ppp->dev->stats.rx_errors;
2057        if (ppp->vj)
2058                slhc_toss(ppp->vj);
2059}
2060
2061static void
2062ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb)
2063{
2064        struct sk_buff *ns;
2065        int proto, len, npi;
2066
2067        /*
2068         * Decompress the frame, if compressed.
2069         * Note that some decompressors need to see uncompressed frames
2070         * that come in as well as compressed frames.
2071         */
2072        if (ppp->rc_state && (ppp->rstate & SC_DECOMP_RUN) &&
2073            (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0)
2074                skb = ppp_decompress_frame(ppp, skb);
2075
2076        if (ppp->flags & SC_MUST_COMP && ppp->rstate & SC_DC_FERROR)
2077                goto err;
2078
2079        proto = PPP_PROTO(skb);
2080        switch (proto) {
2081        case PPP_VJC_COMP:
2082                /* decompress VJ compressed packets */
2083                if (!ppp->vj || (ppp->flags & SC_REJ_COMP_TCP))
2084                        goto err;
2085
2086                if (skb_tailroom(skb) < 124 || skb_cloned(skb)) {
2087                        /* copy to a new sk_buff with more tailroom */
2088                        ns = dev_alloc_skb(skb->len + 128);
2089                        if (!ns) {
2090                                netdev_err(ppp->dev, "PPP: no memory "
2091                                           "(VJ decomp)\n");
2092                                goto err;
2093                        }
2094                        skb_reserve(ns, 2);
2095                        skb_copy_bits(skb, 0, skb_put(ns, skb->len), skb->len);
2096                        consume_skb(skb);
2097                        skb = ns;
2098                }
2099                else
2100                        skb->ip_summed = CHECKSUM_NONE;
2101
2102                len = slhc_uncompress(ppp->vj, skb->data + 2, skb->len - 2);
2103                if (len <= 0) {
2104                        netdev_printk(KERN_DEBUG, ppp->dev,
2105                                      "PPP: VJ decompression error\n");
2106                        goto err;
2107                }
2108                len += 2;
2109                if (len > skb->len)
2110                        skb_put(skb, len - skb->len);
2111                else if (len < skb->len)
2112                        skb_trim(skb, len);
2113                proto = PPP_IP;
2114                break;
2115
2116        case PPP_VJC_UNCOMP:
2117                if (!ppp->vj || (ppp->flags & SC_REJ_COMP_TCP))
2118                        goto err;
2119
2120                /* Until we fix the decompressor need to make sure
2121                 * data portion is linear.
2122                 */
2123                if (!pskb_may_pull(skb, skb->len))
2124                        goto err;
2125
2126                if (slhc_remember(ppp->vj, skb->data + 2, skb->len - 2) <= 0) {
2127                        netdev_err(ppp->dev, "PPP: VJ uncompressed error\n");
2128                        goto err;
2129                }
2130                proto = PPP_IP;
2131                break;
2132
2133        case PPP_CCP:
2134                ppp_ccp_peek(ppp, skb, 1);
2135                break;
2136        }
2137
2138        ++ppp->stats64.rx_packets;
2139        ppp->stats64.rx_bytes += skb->len - 2;
2140
2141        npi = proto_to_npindex(proto);
2142        if (npi < 0) {
2143                /* control or unknown frame - pass it to pppd */
2144                skb_queue_tail(&ppp->file.rq, skb);
2145                /* limit queue length by dropping old frames */
2146                while (ppp->file.rq.qlen > PPP_MAX_RQLEN &&
2147                       (skb = skb_dequeue(&ppp->file.rq)))
2148                        kfree_skb(skb);
2149                /* wake up any process polling or blocking on read */
2150                wake_up_interruptible(&ppp->file.rwait);
2151
2152        } else {
2153                /* network protocol frame - give it to the kernel */
2154
2155#ifdef CONFIG_PPP_FILTER
2156                /* check if the packet passes the pass and active filters */
2157                /* the filter instructions are constructed assuming
2158                   a four-byte PPP header on each packet */
2159                if (ppp->pass_filter || ppp->active_filter) {
2160                        if (skb_unclone(skb, GFP_ATOMIC))
2161                                goto err;
2162
2163                        *(u8 *)skb_push(skb, 2) = 0;
2164                        if (ppp->pass_filter &&
2165                            BPF_PROG_RUN(ppp->pass_filter, skb) == 0) {
2166                                if (ppp->debug & 1)
2167                                        netdev_printk(KERN_DEBUG, ppp->dev,
2168                                                      "PPP: inbound frame "
2169                                                      "not passed\n");
2170                                kfree_skb(skb);
2171                                return;
2172                        }
2173                        if (!(ppp->active_filter &&
2174                              BPF_PROG_RUN(ppp->active_filter, skb) == 0))
2175                                ppp->last_recv = jiffies;
2176                        __skb_pull(skb, 2);
2177                } else
2178#endif /* CONFIG_PPP_FILTER */
2179                        ppp->last_recv = jiffies;
2180
2181                if ((ppp->dev->flags & IFF_UP) == 0 ||
2182                    ppp->npmode[npi] != NPMODE_PASS) {
2183                        kfree_skb(skb);
2184                } else {
2185                        /* chop off protocol */
2186                        skb_pull_rcsum(skb, 2);
2187                        skb->dev = ppp->dev;
2188                        skb->protocol = htons(npindex_to_ethertype[npi]);
2189                        skb_reset_mac_header(skb);
2190                        skb_scrub_packet(skb, !net_eq(ppp->ppp_net,
2191                                                      dev_net(ppp->dev)));
2192                        netif_rx(skb);
2193                }
2194        }
2195        return;
2196
2197 err:
2198        kfree_skb(skb);
2199        ppp_receive_error(ppp);
2200}
2201
2202static struct sk_buff *
2203ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
2204{
2205        int proto = PPP_PROTO(skb);
2206        struct sk_buff *ns;
2207        int len;
2208
2209        /* Until we fix all the decompressor's need to make sure
2210         * data portion is linear.
2211         */
2212        if (!pskb_may_pull(skb, skb->len))
2213                goto err;
2214
2215        if (proto == PPP_COMP) {
2216                int obuff_size;
2217
2218                switch(ppp->rcomp->compress_proto) {
2219                case CI_MPPE:
2220                        obuff_size = ppp->mru + PPP_HDRLEN + 1;
2221                        break;
2222                default:
2223                        obuff_size = ppp->mru + PPP_HDRLEN;
2224                        break;
2225                }
2226
2227                ns = dev_alloc_skb(obuff_size);
2228                if (!ns) {
2229                        netdev_err(ppp->dev, "ppp_decompress_frame: "
2230                                   "no memory\n");
2231                        goto err;
2232                }
2233                /* the decompressor still expects the A/C bytes in the hdr */
2234                len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
2235                                skb->len + 2, ns->data, obuff_size);
2236                if (len < 0) {
2237                        /* Pass the compressed frame to pppd as an
2238                           error indication. */
2239                        if (len == DECOMP_FATALERROR)
2240                                ppp->rstate |= SC_DC_FERROR;
2241                        kfree_skb(ns);
2242                        goto err;
2243                }
2244
2245                consume_skb(skb);
2246                skb = ns;
2247                skb_put(skb, len);
2248                skb_pull(skb, 2);       /* pull off the A/C bytes */
2249
2250        } else {
2251                /* Uncompressed frame - pass to decompressor so it
2252                   can update its dictionary if necessary. */
2253                if (ppp->rcomp->incomp)
2254                        ppp->rcomp->incomp(ppp->rc_state, skb->data - 2,
2255                                           skb->len + 2);
2256        }
2257
2258        return skb;
2259
2260 err:
2261        ppp->rstate |= SC_DC_ERROR;
2262        ppp_receive_error(ppp);
2263        return skb;
2264}
2265
2266#ifdef CONFIG_PPP_MULTILINK
2267/*
2268 * Receive a multilink frame.
2269 * We put it on the reconstruction queue and then pull off
2270 * as many completed frames as we can.
2271 */
2272static void
2273ppp_receive_mp_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
2274{
2275        u32 mask, seq;
2276        struct channel *ch;
2277        int mphdrlen = (ppp->flags & SC_MP_SHORTSEQ)? MPHDRLEN_SSN: MPHDRLEN;
2278
2279        if (!pskb_may_pull(skb, mphdrlen + 1) || ppp->mrru == 0)
2280                goto err;               /* no good, throw it away */
2281
2282        /* Decode sequence number and begin/end bits */
2283        if (ppp->flags & SC_MP_SHORTSEQ) {
2284                seq = ((skb->data[2] & 0x0f) << 8) | skb->data[3];
2285                mask = 0xfff;
2286        } else {
2287                seq = (skb->data[3] << 16) | (skb->data[4] << 8)| skb->data[5];
2288                mask = 0xffffff;
2289        }
2290        PPP_MP_CB(skb)->BEbits = skb->data[2];
2291        skb_pull(skb, mphdrlen);        /* pull off PPP and MP headers */
2292
2293        /*
2294         * Do protocol ID decompression on the first fragment of each packet.
2295         */
2296        if ((PPP_MP_CB(skb)->BEbits & B) && (skb->data[0] & 1))
2297                *(u8 *)skb_push(skb, 1) = 0;
2298
2299        /*
2300         * Expand sequence number to 32 bits, making it as close
2301         * as possible to ppp->minseq.
2302         */
2303        seq |= ppp->minseq & ~mask;
2304        if ((int)(ppp->minseq - seq) > (int)(mask >> 1))
2305                seq += mask + 1;
2306        else if ((int)(seq - ppp->minseq) > (int)(mask >> 1))
2307                seq -= mask + 1;        /* should never happen */
2308        PPP_MP_CB(skb)->sequence = seq;
2309        pch->lastseq = seq;
2310
2311        /*
2312         * If this packet comes before the next one we were expecting,
2313         * drop it.
2314         */
2315        if (seq_before(seq, ppp->nextseq)) {
2316                kfree_skb(skb);
2317                ++ppp->dev->stats.rx_dropped;
2318                ppp_receive_error(ppp);
2319                return;
2320        }
2321
2322        /*
2323         * Reevaluate minseq, the minimum over all channels of the
2324         * last sequence number received on each channel.  Because of
2325         * the increasing sequence number rule, we know that any fragment
2326         * before `minseq' which hasn't arrived is never going to arrive.
2327         * The list of channels can't change because we have the receive
2328         * side of the ppp unit locked.
2329         */
2330        list_for_each_entry(ch, &ppp->channels, clist) {
2331                if (seq_before(ch->lastseq, seq))
2332                        seq = ch->lastseq;
2333        }
2334        if (seq_before(ppp->minseq, seq))
2335                ppp->minseq = seq;
2336
2337        /* Put the fragment on the reconstruction queue */
2338        ppp_mp_insert(ppp, skb);
2339
2340        /* If the queue is getting long, don't wait any longer for packets
2341           before the start of the queue. */
2342        if (skb_queue_len(&ppp->mrq) >= PPP_MP_MAX_QLEN) {
2343                struct sk_buff *mskb = skb_peek(&ppp->mrq);
2344                if (seq_before(ppp->minseq, PPP_MP_CB(mskb)->sequence))
2345                        ppp->minseq = PPP_MP_CB(mskb)->sequence;
2346        }
2347
2348        /* Pull completed packets off the queue and receive them. */
2349        while ((skb = ppp_mp_reconstruct(ppp))) {
2350                if (pskb_may_pull(skb, 2))
2351                        ppp_receive_nonmp_frame(ppp, skb);
2352                else {
2353                        ++ppp->dev->stats.rx_length_errors;
2354                        kfree_skb(skb);
2355                        ppp_receive_error(ppp);
2356                }
2357        }
2358
2359        return;
2360
2361 err:
2362        kfree_skb(skb);
2363        ppp_receive_error(ppp);
2364}
2365
2366/*
2367 * Insert a fragment on the MP reconstruction queue.
2368 * The queue is ordered by increasing sequence number.
2369 */
2370static void
2371ppp_mp_insert(struct ppp *ppp, struct sk_buff *skb)
2372{
2373        struct sk_buff *p;
2374        struct sk_buff_head *list = &ppp->mrq;
2375        u32 seq = PPP_MP_CB(skb)->sequence;
2376
2377        /* N.B. we don't need to lock the list lock because we have the
2378           ppp unit receive-side lock. */
2379        skb_queue_walk(list, p) {
2380                if (seq_before(seq, PPP_MP_CB(p)->sequence))
2381                        break;
2382        }
2383        __skb_queue_before(list, p, skb);
2384}
2385
2386/*
2387 * Reconstruct a packet from the MP fragment queue.
2388 * We go through increasing sequence numbers until we find a
2389 * complete packet, or we get to the sequence number for a fragment
2390 * which hasn't arrived but might still do so.
2391 */
2392static struct sk_buff *
2393ppp_mp_reconstruct(struct ppp *ppp)
2394{
2395        u32 seq = ppp->nextseq;
2396        u32 minseq = ppp->minseq;
2397        struct sk_buff_head *list = &ppp->mrq;
2398        struct sk_buff *p, *tmp;
2399        struct sk_buff *head, *tail;
2400        struct sk_buff *skb = NULL;
2401        int lost = 0, len = 0;
2402
2403        if (ppp->mrru == 0)     /* do nothing until mrru is set */
2404                return NULL;
2405        head = __skb_peek(list);
2406        tail = NULL;
2407        skb_queue_walk_safe(list, p, tmp) {
2408        again:
2409                if (seq_before(PPP_MP_CB(p)->sequence, seq)) {
2410                        /* this can't happen, anyway ignore the skb */
2411                        netdev_err(ppp->dev, "ppp_mp_reconstruct bad "
2412                                   "seq %u < %u\n",
2413                                   PPP_MP_CB(p)->sequence, seq);
2414                        __skb_unlink(p, list);
2415                        kfree_skb(p);
2416                        continue;
2417                }
2418                if (PPP_MP_CB(p)->sequence != seq) {
2419                        u32 oldseq;
2420                        /* Fragment `seq' is missing.  If it is after
2421                           minseq, it might arrive later, so stop here. */
2422                        if (seq_after(seq, minseq))
2423                                break;
2424                        /* Fragment `seq' is lost, keep going. */
2425                        lost = 1;
2426                        oldseq = seq;
2427                        seq = seq_before(minseq, PPP_MP_CB(p)->sequence)?
2428                                minseq + 1: PPP_MP_CB(p)->sequence;
2429
2430                        if (ppp->debug & 1)
2431                                netdev_printk(KERN_DEBUG, ppp->dev,
2432                                              "lost frag %u..%u\n",
2433                                              oldseq, seq-1);
2434
2435                        goto again;
2436                }
2437
2438                /*
2439                 * At this point we know that all the fragments from
2440                 * ppp->nextseq to seq are either present or lost.
2441                 * Also, there are no complete packets in the queue
2442                 * that have no missing fragments and end before this
2443                 * fragment.
2444                 */
2445
2446                /* B bit set indicates this fragment starts a packet */
2447                if (PPP_MP_CB(p)->BEbits & B) {
2448                        head = p;
2449                        lost = 0;
2450                        len = 0;
2451                }
2452
2453                len += p->len;
2454
2455                /* Got a complete packet yet? */
2456                if (lost == 0 && (PPP_MP_CB(p)->BEbits & E) &&
2457                    (PPP_MP_CB(head)->BEbits & B)) {
2458                        if (len > ppp->mrru + 2) {
2459                                ++ppp->dev->stats.rx_length_errors;
2460                                netdev_printk(KERN_DEBUG, ppp->dev,
2461                                              "PPP: reconstructed packet"
2462                                              " is too long (%d)\n", len);
2463                        } else {
2464                                tail = p;
2465                                break;
2466                        }
2467                        ppp->nextseq = seq + 1;
2468                }
2469
2470                /*
2471                 * If this is the ending fragment of a packet,
2472                 * and we haven't found a complete valid packet yet,
2473                 * we can discard up to and including this fragment.
2474                 */
2475                if (PPP_MP_CB(p)->BEbits & E) {
2476                        struct sk_buff *tmp2;
2477
2478                        skb_queue_reverse_walk_from_safe(list, p, tmp2) {
2479                                if (ppp->debug & 1)
2480                                        netdev_printk(KERN_DEBUG, ppp->dev,
2481                                                      "discarding frag %u\n",
2482                                                      PPP_MP_CB(p)->sequence);
2483                                __skb_unlink(p, list);
2484                                kfree_skb(p);
2485                        }
2486                        head = skb_peek(list);
2487                        if (!head)
2488                                break;
2489                }
2490                ++seq;
2491        }
2492
2493        /* If we have a complete packet, copy it all into one skb. */
2494        if (tail != NULL) {
2495                /* If we have discarded any fragments,
2496                   signal a receive error. */
2497                if (PPP_MP_CB(head)->sequence != ppp->nextseq) {
2498                        skb_queue_walk_safe(list, p, tmp) {
2499                                if (p == head)
2500                                        break;
2501                                if (ppp->debug & 1)
2502                                        netdev_printk(KERN_DEBUG, ppp->dev,
2503                                                      "discarding frag %u\n",
2504                                                      PPP_MP_CB(p)->sequence);
2505                                __skb_unlink(p, list);
2506                                kfree_skb(p);
2507                        }
2508
2509                        if (ppp->debug & 1)
2510                                netdev_printk(KERN_DEBUG, ppp->dev,
2511                                              "  missed pkts %u..%u\n",
2512                                              ppp->nextseq,
2513                                              PPP_MP_CB(head)->sequence-1);
2514                        ++ppp->dev->stats.rx_dropped;
2515                        ppp_receive_error(ppp);
2516                }
2517
2518                skb = head;
2519                if (head != tail) {
2520                        struct sk_buff **fragpp = &skb_shinfo(skb)->frag_list;
2521                        p = skb_queue_next(list, head);
2522                        __skb_unlink(skb, list);
2523                        skb_queue_walk_from_safe(list, p, tmp) {
2524                                __skb_unlink(p, list);
2525                                *fragpp = p;
2526                                p->next = NULL;
2527                                fragpp = &p->next;
2528
2529                                skb->len += p->len;
2530                                skb->data_len += p->len;
2531                                skb->truesize += p->truesize;
2532
2533                                if (p == tail)
2534                                        break;
2535                        }
2536                } else {
2537                        __skb_unlink(skb, list);
2538                }
2539
2540                ppp->nextseq = PPP_MP_CB(tail)->sequence + 1;
2541        }
2542
2543        return skb;
2544}
2545#endif /* CONFIG_PPP_MULTILINK */
2546
2547/*
2548 * Channel interface.
2549 */
2550
2551/* Create a new, unattached ppp channel. */
2552int ppp_register_channel(struct ppp_channel *chan)
2553{
2554        return ppp_register_net_channel(current->nsproxy->net_ns, chan);
2555}
2556
2557/* Create a new, unattached ppp channel for specified net. */
2558int ppp_register_net_channel(struct net *net, struct ppp_channel *chan)
2559{
2560        struct channel *pch;
2561        struct ppp_net *pn;
2562
2563        pch = kzalloc(sizeof(struct channel), GFP_KERNEL);
2564        if (!pch)
2565                return -ENOMEM;
2566
2567        pn = ppp_pernet(net);
2568
2569        pch->ppp = NULL;
2570        pch->chan = chan;
2571        pch->chan_net = get_net(net);
2572        chan->ppp = pch;
2573        init_ppp_file(&pch->file, CHANNEL);
2574        pch->file.hdrlen = chan->hdrlen;
2575#ifdef CONFIG_PPP_MULTILINK
2576        pch->lastseq = -1;
2577#endif /* CONFIG_PPP_MULTILINK */
2578        init_rwsem(&pch->chan_sem);
2579        spin_lock_init(&pch->downl);
2580        rwlock_init(&pch->upl);
2581
2582        spin_lock_bh(&pn->all_channels_lock);
2583        pch->file.index = ++pn->last_channel_index;
2584        list_add(&pch->list, &pn->new_channels);
2585        atomic_inc(&channel_count);
2586        spin_unlock_bh(&pn->all_channels_lock);
2587
2588        return 0;
2589}
2590
2591/*
2592 * Return the index of a channel.
2593 */
2594int ppp_channel_index(struct ppp_channel *chan)
2595{
2596        struct channel *pch = chan->ppp;
2597
2598        if (pch)
2599                return pch->file.index;
2600        return -1;
2601}
2602
2603/*
2604 * Return the PPP unit number to which a channel is connected.
2605 */
2606int ppp_unit_number(struct ppp_channel *chan)
2607{
2608        struct channel *pch = chan->ppp;
2609        int unit = -1;
2610
2611        if (pch) {
2612                read_lock_bh(&pch->upl);
2613                if (pch->ppp)
2614                        unit = pch->ppp->file.index;
2615                read_unlock_bh(&pch->upl);
2616        }
2617        return unit;
2618}
2619
2620/*
2621 * Return the PPP device interface name of a channel.
2622 */
2623char *ppp_dev_name(struct ppp_channel *chan)
2624{
2625        struct channel *pch = chan->ppp;
2626        char *name = NULL;
2627
2628        if (pch) {
2629                read_lock_bh(&pch->upl);
2630                if (pch->ppp && pch->ppp->dev)
2631                        name = pch->ppp->dev->name;
2632                read_unlock_bh(&pch->upl);
2633        }
2634        return name;
2635}
2636
2637
2638/*
2639 * Disconnect a channel from the generic layer.
2640 * This must be called in process context.
2641 */
2642void
2643ppp_unregister_channel(struct ppp_channel *chan)
2644{
2645        struct channel *pch = chan->ppp;
2646        struct ppp_net *pn;
2647
2648        if (!pch)
2649                return;         /* should never happen */
2650
2651        chan->ppp = NULL;
2652
2653        /*
2654         * This ensures that we have returned from any calls into the
2655         * the channel's start_xmit or ioctl routine before we proceed.
2656         */
2657        down_write(&pch->chan_sem);
2658        spin_lock_bh(&pch->downl);
2659        pch->chan = NULL;
2660        spin_unlock_bh(&pch->downl);
2661        up_write(&pch->chan_sem);
2662        ppp_disconnect_channel(pch);
2663
2664        pn = ppp_pernet(pch->chan_net);
2665        spin_lock_bh(&pn->all_channels_lock);
2666        list_del(&pch->list);
2667        spin_unlock_bh(&pn->all_channels_lock);
2668
2669        pch->file.dead = 1;
2670        wake_up_interruptible(&pch->file.rwait);
2671        if (refcount_dec_and_test(&pch->file.refcnt))
2672                ppp_destroy_channel(pch);
2673}
2674
2675/*
2676 * Callback from a channel when it can accept more to transmit.
2677 * This should be called at BH/softirq level, not interrupt level.
2678 */
2679void
2680ppp_output_wakeup(struct ppp_channel *chan)
2681{
2682        struct channel *pch = chan->ppp;
2683
2684        if (!pch)
2685                return;
2686        ppp_channel_push(pch);
2687}
2688
2689/*
2690 * Compression control.
2691 */
2692
2693/* Process the PPPIOCSCOMPRESS ioctl. */
2694static int
2695ppp_set_compress(struct ppp *ppp, unsigned long arg)
2696{
2697        int err;
2698        struct compressor *cp, *ocomp;
2699        struct ppp_option_data data;
2700        void *state, *ostate;
2701        unsigned char ccp_option[CCP_MAX_OPTION_LENGTH];
2702
2703        err = -EFAULT;
2704        if (copy_from_user(&data, (void __user *) arg, sizeof(data)))
2705                goto out;
2706        if (data.length > CCP_MAX_OPTION_LENGTH)
2707                goto out;
2708        if (copy_from_user(ccp_option, (void __user *) data.ptr, data.length))
2709                goto out;
2710
2711        err = -EINVAL;
2712        if (data.length < 2 || ccp_option[1] < 2 || ccp_option[1] > data.length)
2713                goto out;
2714
2715        cp = try_then_request_module(
2716                find_compressor(ccp_option[0]),
2717                "ppp-compress-%d", ccp_option[0]);
2718        if (!cp)
2719                goto out;
2720
2721        err = -ENOBUFS;
2722        if (data.transmit) {
2723                state = cp->comp_alloc(ccp_option, data.length);
2724                if (state) {
2725                        ppp_xmit_lock(ppp);
2726                        ppp->xstate &= ~SC_COMP_RUN;
2727                        ocomp = ppp->xcomp;
2728                        ostate = ppp->xc_state;
2729                        ppp->xcomp = cp;
2730                        ppp->xc_state = state;
2731                        ppp_xmit_unlock(ppp);
2732                        if (ostate) {
2733                                ocomp->comp_free(ostate);
2734                                module_put(ocomp->owner);
2735                        }
2736                        err = 0;
2737                } else
2738                        module_put(cp->owner);
2739
2740        } else {
2741                state = cp->decomp_alloc(ccp_option, data.length);
2742                if (state) {
2743                        ppp_recv_lock(ppp);
2744                        ppp->rstate &= ~SC_DECOMP_RUN;
2745                        ocomp = ppp->rcomp;
2746                        ostate = ppp->rc_state;
2747                        ppp->rcomp = cp;
2748                        ppp->rc_state = state;
2749                        ppp_recv_unlock(ppp);
2750                        if (ostate) {
2751                                ocomp->decomp_free(ostate);
2752                                module_put(ocomp->owner);
2753                        }
2754                        err = 0;
2755                } else
2756                        module_put(cp->owner);
2757        }
2758
2759 out:
2760        return err;
2761}
2762
2763/*
2764 * Look at a CCP packet and update our state accordingly.
2765 * We assume the caller has the xmit or recv path locked.
2766 */
2767static void
2768ppp_ccp_peek(struct ppp *ppp, struct sk_buff *skb, int inbound)
2769{
2770        unsigned char *dp;
2771        int len;
2772
2773        if (!pskb_may_pull(skb, CCP_HDRLEN + 2))
2774                return; /* no header */
2775        dp = skb->data + 2;
2776
2777        switch (CCP_CODE(dp)) {
2778        case CCP_CONFREQ:
2779
2780                /* A ConfReq starts negotiation of compression
2781                 * in one direction of transmission,
2782                 * and hence brings it down...but which way?
2783                 *
2784                 * Remember:
2785                 * A ConfReq indicates what the sender would like to receive
2786                 */
2787                if(inbound)
2788                        /* He is proposing what I should send */
2789                        ppp->xstate &= ~SC_COMP_RUN;
2790                else
2791                        /* I am proposing to what he should send */
2792                        ppp->rstate &= ~SC_DECOMP_RUN;
2793
2794                break;
2795
2796        case CCP_TERMREQ:
2797        case CCP_TERMACK:
2798                /*
2799                 * CCP is going down, both directions of transmission
2800                 */
2801                ppp->rstate &= ~SC_DECOMP_RUN;
2802                ppp->xstate &= ~SC_COMP_RUN;
2803                break;
2804
2805        case CCP_CONFACK:
2806                if ((ppp->flags & (SC_CCP_OPEN | SC_CCP_UP)) != SC_CCP_OPEN)
2807                        break;
2808                len = CCP_LENGTH(dp);
2809                if (!pskb_may_pull(skb, len + 2))
2810                        return;         /* too short */
2811                dp += CCP_HDRLEN;
2812                len -= CCP_HDRLEN;
2813                if (len < CCP_OPT_MINLEN || len < CCP_OPT_LENGTH(dp))
2814                        break;
2815                if (inbound) {
2816                        /* we will start receiving compressed packets */
2817                        if (!ppp->rc_state)
2818                                break;
2819                        if (ppp->rcomp->decomp_init(ppp->rc_state, dp, len,
2820                                        ppp->file.index, 0, ppp->mru, ppp->debug)) {
2821                                ppp->rstate |= SC_DECOMP_RUN;
2822                                ppp->rstate &= ~(SC_DC_ERROR | SC_DC_FERROR);
2823                        }
2824                } else {
2825                        /* we will soon start sending compressed packets */
2826                        if (!ppp->xc_state)
2827                                break;
2828                        if (ppp->xcomp->comp_init(ppp->xc_state, dp, len,
2829                                        ppp->file.index, 0, ppp->debug))
2830                                ppp->xstate |= SC_COMP_RUN;
2831                }
2832                break;
2833
2834        case CCP_RESETACK:
2835                /* reset the [de]compressor */
2836                if ((ppp->flags & SC_CCP_UP) == 0)
2837                        break;
2838                if (inbound) {
2839                        if (ppp->rc_state && (ppp->rstate & SC_DECOMP_RUN)) {
2840                                ppp->rcomp->decomp_reset(ppp->rc_state);
2841                                ppp->rstate &= ~SC_DC_ERROR;
2842                        }
2843                } else {
2844                        if (ppp->xc_state && (ppp->xstate & SC_COMP_RUN))
2845                                ppp->xcomp->comp_reset(ppp->xc_state);
2846                }
2847                break;
2848        }
2849}
2850
2851/* Free up compression resources. */
2852static void
2853ppp_ccp_closed(struct ppp *ppp)
2854{
2855        void *xstate, *rstate;
2856        struct compressor *xcomp, *rcomp;
2857
2858        ppp_lock(ppp);
2859        ppp->flags &= ~(SC_CCP_OPEN | SC_CCP_UP);
2860        ppp->xstate = 0;
2861        xcomp = ppp->xcomp;
2862        xstate = ppp->xc_state;
2863        ppp->xc_state = NULL;
2864        ppp->rstate = 0;
2865        rcomp = ppp->rcomp;
2866        rstate = ppp->rc_state;
2867        ppp->rc_state = NULL;
2868        ppp_unlock(ppp);
2869
2870        if (xstate) {
2871                xcomp->comp_free(xstate);
2872                module_put(xcomp->owner);
2873        }
2874        if (rstate) {
2875                rcomp->decomp_free(rstate);
2876                module_put(rcomp->owner);
2877        }
2878}
2879
2880/* List of compressors. */
2881static LIST_HEAD(compressor_list);
2882static DEFINE_SPINLOCK(compressor_list_lock);
2883
2884struct compressor_entry {
2885        struct list_head list;
2886        struct compressor *comp;
2887};
2888
2889static struct compressor_entry *
2890find_comp_entry(int proto)
2891{
2892        struct compressor_entry *ce;
2893
2894        list_for_each_entry(ce, &compressor_list, list) {
2895                if (ce->comp->compress_proto == proto)
2896                        return ce;
2897        }
2898        return NULL;
2899}
2900
2901/* Register a compressor */
2902int
2903ppp_register_compressor(struct compressor *cp)
2904{
2905        struct compressor_entry *ce;
2906        int ret;
2907        spin_lock(&compressor_list_lock);
2908        ret = -EEXIST;
2909        if (find_comp_entry(cp->compress_proto))
2910                goto out;
2911        ret = -ENOMEM;
2912        ce = kmalloc(sizeof(struct compressor_entry), GFP_ATOMIC);
2913        if (!ce)
2914                goto out;
2915        ret = 0;
2916        ce->comp = cp;
2917        list_add(&ce->list, &compressor_list);
2918 out:
2919        spin_unlock(&compressor_list_lock);
2920        return ret;
2921}
2922
2923/* Unregister a compressor */
2924void
2925ppp_unregister_compressor(struct compressor *cp)
2926{
2927        struct compressor_entry *ce;
2928
2929        spin_lock(&compressor_list_lock);
2930        ce = find_comp_entry(cp->compress_proto);
2931        if (ce && ce->comp == cp) {
2932                list_del(&ce->list);
2933                kfree(ce);
2934        }
2935        spin_unlock(&compressor_list_lock);
2936}
2937
2938/* Find a compressor. */
2939static struct compressor *
2940find_compressor(int type)
2941{
2942        struct compressor_entry *ce;
2943        struct compressor *cp = NULL;
2944
2945        spin_lock(&compressor_list_lock);
2946        ce = find_comp_entry(type);
2947        if (ce) {
2948                cp = ce->comp;
2949                if (!try_module_get(cp->owner))
2950                        cp = NULL;
2951        }
2952        spin_unlock(&compressor_list_lock);
2953        return cp;
2954}
2955
2956/*
2957 * Miscelleneous stuff.
2958 */
2959
2960static void
2961ppp_get_stats(struct ppp *ppp, struct ppp_stats *st)
2962{
2963        struct slcompress *vj = ppp->vj;
2964
2965        memset(st, 0, sizeof(*st));
2966        st->p.ppp_ipackets = ppp->stats64.rx_packets;
2967        st->p.ppp_ierrors = ppp->dev->stats.rx_errors;
2968        st->p.ppp_ibytes = ppp->stats64.rx_bytes;
2969        st->p.ppp_opackets = ppp->stats64.tx_packets;
2970        st->p.ppp_oerrors = ppp->dev->stats.tx_errors;
2971        st->p.ppp_obytes = ppp->stats64.tx_bytes;
2972        if (!vj)
2973                return;
2974        st->vj.vjs_packets = vj->sls_o_compressed + vj->sls_o_uncompressed;
2975        st->vj.vjs_compressed = vj->sls_o_compressed;
2976        st->vj.vjs_searches = vj->sls_o_searches;
2977        st->vj.vjs_misses = vj->sls_o_misses;
2978        st->vj.vjs_errorin = vj->sls_i_error;
2979        st->vj.vjs_tossed = vj->sls_i_tossed;
2980        st->vj.vjs_uncompressedin = vj->sls_i_uncompressed;
2981        st->vj.vjs_compressedin = vj->sls_i_compressed;
2982}
2983
2984/*
2985 * Stuff for handling the lists of ppp units and channels
2986 * and for initialization.
2987 */
2988
2989/*
2990 * Create a new ppp interface unit.  Fails if it can't allocate memory
2991 * or if there is already a unit with the requested number.
2992 * unit == -1 means allocate a new number.
2993 */
2994static int ppp_create_interface(struct net *net, struct file *file, int *unit)
2995{
2996        struct ppp_config conf = {
2997                .file = file,
2998                .unit = *unit,
2999                .ifname_is_set = false,
3000        };

3001        struct net_device *dev;
3002        struct ppp *ppp;
3003        int err;
3004
3005        dev = alloc_netdev(sizeof(struct ppp), "", NET_NAME_ENUM, ppp_setup);
3006        if (!dev) {
3007                err = -ENOMEM;
3008                goto err;
3009        }
3010        dev_net_set(dev, net);
3011        dev->rtnl_link_ops = &ppp_link_ops;
3012
3013        rtnl_lock();
3014
3015        err = ppp_dev_configure(net, dev, &conf);
3016        if (err < 0)
3017                goto err_dev;
3018        ppp = netdev_priv(dev);
3019        *unit = ppp->file.index;
3020
3021        rtnl_unlock();
3022
3023        return 0;
3024
3025err_dev:
3026        rtnl_unlock();
3027        free_netdev(dev);
3028err:
3029        return err;
3030}
3031
3032/*
3033 * Initialize a ppp_file structure.
3034 */
3035static void
3036init_ppp_file(struct ppp_file *pf, int kind)
3037{
3038        pf->kind = kind;
3039        skb_queue_head_init(&pf->xq);
3040        skb_queue_head_init(&pf->rq);
3041        refcount_set(&pf->refcnt, 1);
3042        init_waitqueue_head(&pf->rwait);
3043}
3044
3045/*
3046 * Free the memory used by a ppp unit.  This is only called once
3047 * there are no channels connected to the unit and no file structs
3048 * that reference the unit.
3049 */
3050static void ppp_destroy_interface(struct ppp *ppp)
3051{
3052        atomic_dec(&ppp_unit_count);
3053
3054        if (!ppp->file.dead || ppp->n_channels) {
3055                /* "can't happen" */
3056                netdev_err(ppp->dev, "ppp: destroying ppp struct %p "
3057                           "but dead=%d n_channels=%d !\n",
3058                           ppp, ppp->file.dead, ppp->n_channels);
3059                return;
3060        }
3061
3062        ppp_ccp_closed(ppp);
3063        if (ppp->vj) {
3064                slhc_free(ppp->vj);
3065                ppp->vj = NULL;
3066        }
3067        skb_queue_purge(&ppp->file.xq);
3068        skb_queue_purge(&ppp->file.rq);
3069#ifdef CONFIG_PPP_MULTILINK
3070        skb_queue_purge(&ppp->mrq);
3071#endif /* CONFIG_PPP_MULTILINK */
3072#ifdef CONFIG_PPP_FILTER
3073        if (ppp->pass_filter) {
3074                bpf_prog_destroy(ppp->pass_filter);
3075                ppp->pass_filter = NULL;
3076        }
3077
3078        if (ppp->active_filter) {
3079                bpf_prog_destroy(ppp->active_filter);
3080                ppp->active_filter = NULL;
3081        }
3082#endif /* CONFIG_PPP_FILTER */
3083
3084        kfree_skb(ppp->xmit_pending);
3085        free_percpu(ppp->xmit_recursion);
3086
3087        free_netdev(ppp->dev);
3088}
3089
3090/*
3091 * Locate an existing ppp unit.
3092 * The caller should have locked the all_ppp_mutex.
3093 */
3094static struct ppp *
3095ppp_find_unit(struct ppp_net *pn, int unit)
3096{
3097        return unit_find(&pn->units_idr, unit);
3098}
3099
3100/*
3101 * Locate an existing ppp channel.
3102 * The caller should have locked the all_channels_lock.
3103 * First we look in the new_channels list, then in the
3104 * all_channels list.  If found in the new_channels list,
3105 * we move it to the all_channels list.  This is for speed
3106 * when we have a lot of channels in use.
3107 */
3108static struct channel *
3109ppp_find_channel(struct ppp_net *pn, int unit)
3110{
3111        struct channel *pch;
3112
3113        list_for_each_entry(pch, &pn->new_channels, list) {
3114                if (pch->file.index == unit) {
3115                        list_move(&pch->list, &pn->all_channels);
3116                        return pch;
3117                }
3118        }
3119
3120        list_for_each_entry(pch, &pn->all_channels, list) {
3121                if (pch->file.index == unit)
3122                        return pch;
3123        }
3124
3125        return NULL;
3126}
3127
3128/*
3129 * Connect a PPP channel to a PPP interface unit.
3130 */
3131static int
3132ppp_connect_channel(struct channel *pch, int unit)
3133{
3134        struct ppp *ppp;
3135        struct ppp_net *pn;
3136        int ret = -ENXIO;
3137        int hdrlen;
3138
3139        pn = ppp_pernet(pch->chan_net);
3140
3141        mutex_lock(&pn->all_ppp_mutex);
3142        ppp = ppp_find_unit(pn, unit);
3143        if (!ppp)
3144                goto out;
3145        write_lock_bh(&pch->upl);
3146        ret = -EINVAL;
3147        if (pch->ppp)
3148                goto outl;
3149
3150        ppp_lock(ppp);
3151        spin_lock_bh(&pch->downl);
3152        if (!pch->chan) {
3153                /* Don't connect unregistered channels */
3154                spin_unlock_bh(&pch->downl);
3155                ppp_unlock(ppp);
3156                ret = -ENOTCONN;
3157                goto outl;
3158        }
3159        spin_unlock_bh(&pch->downl);
3160        if (pch->file.hdrlen > ppp->file.hdrlen)
3161                ppp->file.hdrlen = pch->file.hdrlen;
3162        hdrlen = pch->file.hdrlen + 2;  /* for protocol bytes */
3163        if (hdrlen > ppp->dev->hard_header_len)
3164                ppp->dev->hard_header_len = hdrlen;
3165        list_add_tail(&pch->clist, &ppp->channels);
3166        ++ppp->n_channels;
3167        pch->ppp = ppp;
3168        refcount_inc(&ppp->file.refcnt);
3169        ppp_unlock(ppp);
3170        ret = 0;
3171
3172 outl:
3173        write_unlock_bh(&pch->upl);
3174 out:
3175        mutex_unlock(&pn->all_ppp_mutex);
3176        return ret;
3177}
3178
3179/*
3180 * Disconnect a channel from its ppp unit.
3181 */
3182static int
3183ppp_disconnect_channel(struct channel *pch)
3184{
3185        struct ppp *ppp;
3186        int err = -EINVAL;
3187
3188        write_lock_bh(&pch->upl);
3189        ppp = pch->ppp;
3190        pch->ppp = NULL;
3191        write_unlock_bh(&pch->upl);
3192        if (ppp) {
3193                /* remove it from the ppp unit's list */
3194                ppp_lock(ppp);
3195                list_del(&pch->clist);
3196                if (--ppp->n_channels == 0)
3197                        wake_up_interruptible(&ppp->file.rwait);
3198                ppp_unlock(ppp);
3199                if (refcount_dec_and_test(&ppp->file.refcnt))
3200                        ppp_destroy_interface(ppp);
3201                err = 0;
3202        }
3203        return err;
3204}
3205
3206/*
3207 * Free up the resources used by a ppp channel.
3208 */
3209static void ppp_destroy_channel(struct channel *pch)
3210{
3211        put_net(pch->chan_net);
3212        pch->chan_net = NULL;
3213
3214        atomic_dec(&channel_count);
3215
3216        if (!pch->file.dead) {
3217                /* "can't happen" */
3218                pr_err("ppp: destroying undead channel %p !\n", pch);
3219                return;
3220        }
3221        skb_queue_purge(&pch->file.xq);
3222        skb_queue_purge(&pch->file.rq);
3223        kfree(pch);
3224}
3225
3226static void __exit ppp_cleanup(void)
3227{
3228        /* should never happen */
3229        if (atomic_read(&ppp_unit_count) || atomic_read(&channel_count))
3230                pr_err("PPP: removing module but units remain!\n");
3231        rtnl_link_unregister(&ppp_link_ops);
3232        unregister_chrdev(PPP_MAJOR, "ppp");
3233        device_destroy(ppp_class, MKDEV(PPP_MAJOR, 0));
3234        class_destroy(ppp_class);
3235        unregister_pernet_device(&ppp_net_ops);
3236}
3237
3238/*
3239 * Units handling. Caller must protect concurrent access
3240 * by holding all_ppp_mutex
3241 */
3242
3243/* associate pointer with specified number */
3244static int unit_set(struct idr *p, void *ptr, int n)
3245{
3246        int unit;
3247
3248        unit = idr_alloc(p, ptr, n, n + 1, GFP_KERNEL);
3249        if (unit == -ENOSPC)
3250                unit = -EINVAL;
3251        return unit;
3252}
3253
3254/* get new free unit number and associate pointer with it */
3255static int unit_get(struct idr *p, void *ptr)
3256{
3257        return idr_alloc(p, ptr, 0, 0, GFP_KERNEL);
3258}
3259
3260/* put unit number back to a pool */
3261static void unit_put(struct idr *p, int n)
3262{
3263        idr_remove(p, n);
3264}
3265
3266/* get pointer associated with the number */
3267static void *unit_find(struct idr *p, int n)
3268{
3269        return idr_find(p, n);
3270}
3271
3272/* Module/initialization stuff */
3273
3274module_init(ppp_init);
3275module_exit(ppp_cleanup);
3276
3277EXPORT_SYMBOL(ppp_register_net_channel);
3278EXPORT_SYMBOL(ppp_register_channel);
3279EXPORT_SYMBOL(ppp_unregister_channel);
3280EXPORT_SYMBOL(ppp_channel_index);
3281EXPORT_SYMBOL(ppp_unit_number);
3282EXPORT_SYMBOL(ppp_dev_name);
3283EXPORT_SYMBOL(ppp_input);
3284EXPORT_SYMBOL(ppp_input_error);
3285EXPORT_SYMBOL(ppp_output_wakeup);
3286EXPORT_SYMBOL(ppp_register_compressor);
3287EXPORT_SYMBOL(ppp_unregister_compressor);
3288MODULE_LICENSE("GPL");
3289MODULE_ALIAS_CHARDEV(PPP_MAJOR, 0);
3290MODULE_ALIAS_RTNL_LINK("ppp");
3291MODULE_ALIAS("devname:ppp");
3292