linux/drivers/net/pppol2tp.c
<<
>>
Prefs 
   1/*****************************************************************************
   2 * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
   3 *
   4 * PPPoX    --- Generic PPP encapsulation socket family
   5 * PPPoL2TP --- PPP over L2TP (RFC 2661)
   6 *
   7 * Version:     1.0.0
   8 *
   9 * Authors:     Martijn van Oosterhout <kleptog@svana.org>
  10 *              James Chapman (jchapman@katalix.com)
  11 * Contributors:
  12 *              Michal Ostrowski <mostrows@speakeasy.net>
  13 *              Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
  14 *              David S. Miller (davem@redhat.com)
  15 *
  16 * License:
  17 *              This program is free software; you can redistribute it and/or
  18 *              modify it under the terms of the GNU General Public License
  19 *              as published by the Free Software Foundation; either version
  20 *              2 of the License, or (at your option) any later version.
  21 *
  22 */
  23
  24/* This driver handles only L2TP data frames; control frames are handled by a
  25 * userspace application.
  26 *
  27 * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
  28 * attaches it to a bound UDP socket with local tunnel_id / session_id and
  29 * peer tunnel_id / session_id set. Data can then be sent or received using
  30 * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
  31 * can be read or modified using ioctl() or [gs]etsockopt() calls.
  32 *
  33 * When a PPPoL2TP socket is connected with local and peer session_id values
  34 * zero, the socket is treated as a special tunnel management socket.
  35 *
  36 * Here's example userspace code to create a socket for sending/receiving data
  37 * over an L2TP session:-
  38 *
  39 *      struct sockaddr_pppol2tp sax;
  40 *      int fd;
  41 *      int session_fd;
  42 *
  43 *      fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
  44 *
  45 *      sax.sa_family = AF_PPPOX;
  46 *      sax.sa_protocol = PX_PROTO_OL2TP;
  47 *      sax.pppol2tp.fd = tunnel_fd;    // bound UDP socket
  48 *      sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
  49 *      sax.pppol2tp.addr.sin_port = addr->sin_port;
  50 *      sax.pppol2tp.addr.sin_family = AF_INET;
  51 *      sax.pppol2tp.s_tunnel  = tunnel_id;
  52 *      sax.pppol2tp.s_session = session_id;
  53 *      sax.pppol2tp.d_tunnel  = peer_tunnel_id;
  54 *      sax.pppol2tp.d_session = peer_session_id;
  55 *
  56 *      session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
  57 *
  58 * A pppd plugin that allows PPP traffic to be carried over L2TP using
  59 * this driver is available from the OpenL2TP project at
  60 * http://openl2tp.sourceforge.net.
  61 */
  62
  63#include <linux/module.h>
  64#include <linux/string.h>
  65#include <linux/list.h>
  66#include <asm/uaccess.h>
  67
  68#include <linux/kernel.h>
  69#include <linux/spinlock.h>
  70#include <linux/kthread.h>
  71#include <linux/sched.h>
  72#include <linux/slab.h>
  73#include <linux/errno.h>
  74#include <linux/jiffies.h>
  75
  76#include <linux/netdevice.h>
  77#include <linux/net.h>
  78#include <linux/inetdevice.h>
  79#include <linux/skbuff.h>
  80#include <linux/init.h>
  81#include <linux/ip.h>
  82#include <linux/udp.h>
  83#include <linux/if_pppox.h>
  84#include <linux/if_pppol2tp.h>
  85#include <net/sock.h>
  86#include <linux/ppp_channel.h>
  87#include <linux/ppp_defs.h>
  88#include <linux/if_ppp.h>
  89#include <linux/file.h>
  90#include <linux/hash.h>
  91#include <linux/sort.h>
  92#include <linux/proc_fs.h>
  93#include <linux/nsproxy.h>
  94#include <net/net_namespace.h>
  95#include <net/netns/generic.h>
  96#include <net/dst.h>
  97#include <net/ip.h>
  98#include <net/udp.h>
  99#include <net/xfrm.h>
 100
 101#include <asm/byteorder.h>
 102#include <asm/atomic.h>
 103
 104
 105#define PPPOL2TP_DRV_VERSION    "V1.0"
 106
 107/* L2TP header constants */
 108#define L2TP_HDRFLAG_T     0x8000
 109#define L2TP_HDRFLAG_L     0x4000
 110#define L2TP_HDRFLAG_S     0x0800
 111#define L2TP_HDRFLAG_O     0x0200
 112#define L2TP_HDRFLAG_P     0x0100
 113
 114#define L2TP_HDR_VER_MASK  0x000F
 115#define L2TP_HDR_VER       0x0002
 116
 117/* Space for UDP, L2TP and PPP headers */
 118#define PPPOL2TP_HEADER_OVERHEAD        40
 119
 120/* Just some random numbers */
 121#define L2TP_TUNNEL_MAGIC       0x42114DDA
 122#define L2TP_SESSION_MAGIC      0x0C04EB7D
 123
 124#define PPPOL2TP_HASH_BITS      4
 125#define PPPOL2TP_HASH_SIZE      (1 << PPPOL2TP_HASH_BITS)
 126
 127/* Default trace flags */
 128#define PPPOL2TP_DEFAULT_DEBUG_FLAGS    0
 129
 130#define PRINTK(_mask, _type, _lvl, _fmt, args...)                       \
 131        do {                                                            \
 132                if ((_mask) & (_type))                                  \
 133                        printk(_lvl "PPPOL2TP: " _fmt, ##args);         \
 134        } while(0)
 135
 136/* Number of bytes to build transmit L2TP headers.
 137 * Unfortunately the size is different depending on whether sequence numbers
 138 * are enabled.
 139 */
 140#define PPPOL2TP_L2TP_HDR_SIZE_SEQ              10
 141#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ            6
 142
 143struct pppol2tp_tunnel;
 144
 145/* Describes a session. It is the sk_user_data field in the PPPoL2TP
 146 * socket. Contains information to determine incoming packets and transmit
 147 * outgoing ones.
 148 */
 149struct pppol2tp_session
 150{
 151        int                     magic;          /* should be
 152                                                 * L2TP_SESSION_MAGIC */
 153        int                     owner;          /* pid that opened the socket */
 154
 155        struct sock             *sock;          /* Pointer to the session
 156                                                 * PPPoX socket */
 157        struct sock             *tunnel_sock;   /* Pointer to the tunnel UDP
 158                                                 * socket */
 159
 160        struct pppol2tp_addr    tunnel_addr;    /* Description of tunnel */
 161
 162        struct pppol2tp_tunnel  *tunnel;        /* back pointer to tunnel
 163                                                 * context */
 164
 165        char                    name[20];       /* "sess xxxxx/yyyyy", where
 166                                                 * x=tunnel_id, y=session_id */
 167        int                     mtu;
 168        int                     mru;
 169        int                     flags;          /* accessed by PPPIOCGFLAGS.
 170                                                 * Unused. */
 171        unsigned                recv_seq:1;     /* expect receive packets with
 172                                                 * sequence numbers? */
 173        unsigned                send_seq:1;     /* send packets with sequence
 174                                                 * numbers? */
 175        unsigned                lns_mode:1;     /* behave as LNS? LAC enables
 176                                                 * sequence numbers under
 177                                                 * control of LNS. */
 178        int                     debug;          /* bitmask of debug message
 179                                                 * categories */
 180        int                     reorder_timeout; /* configured reorder timeout
 181                                                  * (in jiffies) */
 182        u16                     nr;             /* session NR state (receive) */
 183        u16                     ns;             /* session NR state (send) */
 184        struct sk_buff_head     reorder_q;      /* receive reorder queue */
 185        struct pppol2tp_ioc_stats stats;
 186        struct hlist_node       hlist;          /* Hash list node */
 187};
 188
 189/* The sk_user_data field of the tunnel's UDP socket. It contains info to track
 190 * all the associated sessions so incoming packets can be sorted out
 191 */
 192struct pppol2tp_tunnel
 193{
 194        int                     magic;          /* Should be L2TP_TUNNEL_MAGIC */
 195        rwlock_t                hlist_lock;     /* protect session_hlist */
 196        struct hlist_head       session_hlist[PPPOL2TP_HASH_SIZE];
 197                                                /* hashed list of sessions,
 198                                                 * hashed by id */
 199        int                     debug;          /* bitmask of debug message
 200                                                 * categories */
 201        char                    name[12];       /* "tunl xxxxx" */
 202        struct pppol2tp_ioc_stats stats;
 203
 204        void (*old_sk_destruct)(struct sock *);
 205
 206        struct sock             *sock;          /* Parent socket */
 207        struct list_head        list;           /* Keep a list of all open
 208                                                 * prepared sockets */
 209        struct net              *pppol2tp_net;  /* the net we belong to */
 210
 211        atomic_t                ref_count;
 212};
 213
 214/* Private data stored for received packets in the skb.
 215 */
 216struct pppol2tp_skb_cb {
 217        u16                     ns;
 218        u16                     nr;
 219        u16                     has_seq;
 220        u16                     length;
 221        unsigned long           expires;
 222};
 223
 224#define PPPOL2TP_SKB_CB(skb)    ((struct pppol2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
 225
 226static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
 227static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel);
 228
 229static atomic_t pppol2tp_tunnel_count;
 230static atomic_t pppol2tp_session_count;
 231static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
 232static const struct proto_ops pppol2tp_ops;
 233
 234/* per-net private data for this module */
 235static int pppol2tp_net_id;
 236struct pppol2tp_net {
 237        struct list_head pppol2tp_tunnel_list;
 238        rwlock_t pppol2tp_tunnel_list_lock;
 239};
 240
 241static inline struct pppol2tp_net *pppol2tp_pernet(struct net *net)
 242{
 243        BUG_ON(!net);
 244
 245        return net_generic(net, pppol2tp_net_id);
 246}
 247
 248/* Helpers to obtain tunnel/session contexts from sockets.
 249 */
 250static inline struct pppol2tp_session *pppol2tp_sock_to_session(struct sock *sk)
 251{
 252        struct pppol2tp_session *session;
 253
 254        if (sk == NULL)
 255                return NULL;
 256
 257        sock_hold(sk);
 258        session = (struct pppol2tp_session *)(sk->sk_user_data);
 259        if (session == NULL) {
 260                sock_put(sk);
 261                goto out;
 262        }
 263
 264        BUG_ON(session->magic != L2TP_SESSION_MAGIC);
 265out:
 266        return session;
 267}
 268
 269static inline struct pppol2tp_tunnel *pppol2tp_sock_to_tunnel(struct sock *sk)
 270{
 271        struct pppol2tp_tunnel *tunnel;
 272
 273        if (sk == NULL)
 274                return NULL;
 275
 276        sock_hold(sk);
 277        tunnel = (struct pppol2tp_tunnel *)(sk->sk_user_data);
 278        if (tunnel == NULL) {
 279                sock_put(sk);
 280                goto out;
 281        }
 282
 283        BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
 284out:
 285        return tunnel;
 286}
 287
 288/* Tunnel reference counts. Incremented per session that is added to
 289 * the tunnel.
 290 */
 291static inline void pppol2tp_tunnel_inc_refcount(struct pppol2tp_tunnel *tunnel)
 292{
 293        atomic_inc(&tunnel->ref_count);
 294}
 295
 296static inline void pppol2tp_tunnel_dec_refcount(struct pppol2tp_tunnel *tunnel)
 297{
 298        if (atomic_dec_and_test(&tunnel->ref_count))
 299                pppol2tp_tunnel_free(tunnel);
 300}
 301
 302/* Session hash list.
 303 * The session_id SHOULD be random according to RFC2661, but several
 304 * L2TP implementations (Cisco and Microsoft) use incrementing
 305 * session_ids.  So we do a real hash on the session_id, rather than a
 306 * simple bitmask.
 307 */
 308static inline struct hlist_head *
 309pppol2tp_session_id_hash(struct pppol2tp_tunnel *tunnel, u16 session_id)
 310{
 311        unsigned long hash_val = (unsigned long) session_id;
 312        return &tunnel->session_hlist[hash_long(hash_val, PPPOL2TP_HASH_BITS)];
 313}
 314
 315/* Lookup a session by id
 316 */
 317static struct pppol2tp_session *
 318pppol2tp_session_find(struct pppol2tp_tunnel *tunnel, u16 session_id)
 319{
 320        struct hlist_head *session_list =
 321                pppol2tp_session_id_hash(tunnel, session_id);
 322        struct pppol2tp_session *session;
 323        struct hlist_node *walk;
 324
 325        read_lock_bh(&tunnel->hlist_lock);
 326        hlist_for_each_entry(session, walk, session_list, hlist) {
 327                if (session->tunnel_addr.s_session == session_id) {
 328                        read_unlock_bh(&tunnel->hlist_lock);
 329                        return session;
 330                }
 331        }
 332        read_unlock_bh(&tunnel->hlist_lock);
 333
 334        return NULL;
 335}
 336
 337/* Lookup a tunnel by id
 338 */
 339static struct pppol2tp_tunnel *pppol2tp_tunnel_find(struct net *net, u16 tunnel_id)
 340{
 341        struct pppol2tp_tunnel *tunnel;
 342        struct pppol2tp_net *pn = pppol2tp_pernet(net);
 343
 344        read_lock_bh(&pn->pppol2tp_tunnel_list_lock);
 345        list_for_each_entry(tunnel, &pn->pppol2tp_tunnel_list, list) {
 346                if (tunnel->stats.tunnel_id == tunnel_id) {
 347                        read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
 348                        return tunnel;
 349                }
 350        }
 351        read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
 352
 353        return NULL;
 354}
 355
 356/*****************************************************************************
 357 * Receive data handling
 358 *****************************************************************************/
 359
 360/* Queue a skb in order. We come here only if the skb has an L2TP sequence
 361 * number.
 362 */
 363static void pppol2tp_recv_queue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
 364{
 365        struct sk_buff *skbp;
 366        struct sk_buff *tmp;
 367        u16 ns = PPPOL2TP_SKB_CB(skb)->ns;
 368
 369        spin_lock_bh(&session->reorder_q.lock);
 370        skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
 371                if (PPPOL2TP_SKB_CB(skbp)->ns > ns) {
 372                        __skb_queue_before(&session->reorder_q, skbp, skb);
 373                        PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
 374                               "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
 375                               session->name, ns, PPPOL2TP_SKB_CB(skbp)->ns,
 376                               skb_queue_len(&session->reorder_q));
 377                        session->stats.rx_oos_packets++;
 378                        goto out;
 379                }
 380        }
 381
 382        __skb_queue_tail(&session->reorder_q, skb);
 383
 384out:
 385        spin_unlock_bh(&session->reorder_q.lock);
 386}
 387
 388/* Dequeue a single skb.
 389 */
 390static void pppol2tp_recv_dequeue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
 391{
 392        struct pppol2tp_tunnel *tunnel = session->tunnel;
 393        int length = PPPOL2TP_SKB_CB(skb)->length;
 394        struct sock *session_sock = NULL;
 395
 396        /* We're about to requeue the skb, so return resources
 397         * to its current owner (a socket receive buffer).
 398         */
 399        skb_orphan(skb);
 400
 401        tunnel->stats.rx_packets++;
 402        tunnel->stats.rx_bytes += length;
 403        session->stats.rx_packets++;
 404        session->stats.rx_bytes += length;
 405
 406        if (PPPOL2TP_SKB_CB(skb)->has_seq) {
 407                /* Bump our Nr */
 408                session->nr++;
 409                PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
 410                       "%s: updated nr to %hu\n", session->name, session->nr);
 411        }
 412
 413        /* If the socket is bound, send it in to PPP's input queue. Otherwise
 414         * queue it on the session socket.
 415         */
 416        session_sock = session->sock;
 417        if (session_sock->sk_state & PPPOX_BOUND) {
 418                struct pppox_sock *po;
 419                PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
 420                       "%s: recv %d byte data frame, passing to ppp\n",
 421                       session->name, length);
 422
 423                /* We need to forget all info related to the L2TP packet
 424                 * gathered in the skb as we are going to reuse the same
 425                 * skb for the inner packet.
 426                 * Namely we need to:
 427                 * - reset xfrm (IPSec) information as it applies to
 428                 *   the outer L2TP packet and not to the inner one
 429                 * - release the dst to force a route lookup on the inner
 430                 *   IP packet since skb->dst currently points to the dst
 431                 *   of the UDP tunnel
 432                 * - reset netfilter information as it doesn't apply
 433                 *   to the inner packet either
 434                 */
 435                secpath_reset(skb);
 436                skb_dst_drop(skb);
 437                nf_reset(skb);
 438
 439                po = pppox_sk(session_sock);
 440                ppp_input(&po->chan, skb);
 441        } else {
 442                PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
 443                       "%s: socket not bound\n", session->name);
 444
 445                /* Not bound. Nothing we can do, so discard. */
 446                session->stats.rx_errors++;
 447                kfree_skb(skb);
 448        }
 449
 450        sock_put(session->sock);
 451}
 452
 453/* Dequeue skbs from the session's reorder_q, subject to packet order.
 454 * Skbs that have been in the queue for too long are simply discarded.
 455 */
 456static void pppol2tp_recv_dequeue(struct pppol2tp_session *session)
 457{
 458        struct sk_buff *skb;
 459        struct sk_buff *tmp;
 460
 461        /* If the pkt at the head of the queue has the nr that we
 462         * expect to send up next, dequeue it and any other
 463         * in-sequence packets behind it.
 464         */
 465        spin_lock_bh(&session->reorder_q.lock);
 466        skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
 467                if (time_after(jiffies, PPPOL2TP_SKB_CB(skb)->expires)) {
 468                        session->stats.rx_seq_discards++;
 469                        session->stats.rx_errors++;
 470                        PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
 471                               "%s: oos pkt %hu len %d discarded (too old), "
 472                               "waiting for %hu, reorder_q_len=%d\n",
 473                               session->name, PPPOL2TP_SKB_CB(skb)->ns,
 474                               PPPOL2TP_SKB_CB(skb)->length, session->nr,
 475                               skb_queue_len(&session->reorder_q));
 476                        __skb_unlink(skb, &session->reorder_q);
 477                        kfree_skb(skb);
 478                        sock_put(session->sock);
 479                        continue;
 480                }
 481
 482                if (PPPOL2TP_SKB_CB(skb)->has_seq) {
 483                        if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
 484                                PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
 485                                       "%s: holding oos pkt %hu len %d, "
 486                                       "waiting for %hu, reorder_q_len=%d\n",
 487                                       session->name, PPPOL2TP_SKB_CB(skb)->ns,
 488                                       PPPOL2TP_SKB_CB(skb)->length, session->nr,
 489                                       skb_queue_len(&session->reorder_q));
 490                                goto out;
 491                        }
 492                }
 493                __skb_unlink(skb, &session->reorder_q);
 494
 495                /* Process the skb. We release the queue lock while we
 496                 * do so to let other contexts process the queue.
 497                 */
 498                spin_unlock_bh(&session->reorder_q.lock);
 499                pppol2tp_recv_dequeue_skb(session, skb);
 500                spin_lock_bh(&session->reorder_q.lock);
 501        }
 502
 503out:
 504        spin_unlock_bh(&session->reorder_q.lock);
 505}
 506
 507static inline int pppol2tp_verify_udp_checksum(struct sock *sk,
 508                                               struct sk_buff *skb)
 509{
 510        struct udphdr *uh = udp_hdr(skb);
 511        u16 ulen = ntohs(uh->len);
 512        struct inet_sock *inet;
 513        __wsum psum;
 514
 515        if (sk->sk_no_check || skb_csum_unnecessary(skb) || !uh->check)
 516                return 0;
 517
 518        inet = inet_sk(sk);
 519        psum = csum_tcpudp_nofold(inet->saddr, inet->daddr, ulen,
 520                                  IPPROTO_UDP, 0);
 521
 522        if ((skb->ip_summed == CHECKSUM_COMPLETE) &&
 523            !csum_fold(csum_add(psum, skb->csum)))
 524                return 0;
 525
 526        skb->csum = psum;
 527
 528        return __skb_checksum_complete(skb);
 529}
 530
 531/* Internal receive frame. Do the real work of receiving an L2TP data frame
 532 * here. The skb is not on a list when we get here.
 533 * Returns 0 if the packet was a data packet and was successfully passed on.
 534 * Returns 1 if the packet was not a good data packet and could not be
 535 * forwarded.  All such packets are passed up to userspace to deal with.
 536 */
 537static int pppol2tp_recv_core(struct sock *sock, struct sk_buff *skb)
 538{
 539        struct pppol2tp_session *session = NULL;
 540        struct pppol2tp_tunnel *tunnel;
 541        unsigned char *ptr, *optr;
 542        u16 hdrflags;
 543        u16 tunnel_id, session_id;
 544        int length;
 545        int offset;
 546
 547        tunnel = pppol2tp_sock_to_tunnel(sock);
 548        if (tunnel == NULL)
 549                goto no_tunnel;
 550
 551        if (tunnel->sock && pppol2tp_verify_udp_checksum(tunnel->sock, skb))
 552                goto discard_bad_csum;
 553
 554        /* UDP always verifies the packet length. */
 555        __skb_pull(skb, sizeof(struct udphdr));
 556
 557        /* Short packet? */
 558        if (!pskb_may_pull(skb, 12)) {
 559                PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
 560                       "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
 561                goto error;
 562        }
 563
 564        /* Point to L2TP header */
 565        optr = ptr = skb->data;
 566
 567        /* Get L2TP header flags */
 568        hdrflags = ntohs(*(__be16*)ptr);
 569
 570        /* Trace packet contents, if enabled */
 571        if (tunnel->debug & PPPOL2TP_MSG_DATA) {
 572                length = min(16u, skb->len);
 573                if (!pskb_may_pull(skb, length))
 574                        goto error;
 575
 576                printk(KERN_DEBUG "%s: recv: ", tunnel->name);
 577
 578                offset = 0;
 579                do {
 580                        printk(" %02X", ptr[offset]);
 581                } while (++offset < length);
 582
 583                printk("\n");
 584        }
 585
 586        /* Get length of L2TP packet */
 587        length = skb->len;
 588
 589        /* If type is control packet, it is handled by userspace. */
 590        if (hdrflags & L2TP_HDRFLAG_T) {
 591                PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
 592                       "%s: recv control packet, len=%d\n", tunnel->name, length);
 593                goto error;
 594        }
 595
 596        /* Skip flags */
 597        ptr += 2;
 598
 599        /* If length is present, skip it */
 600        if (hdrflags & L2TP_HDRFLAG_L)
 601                ptr += 2;
 602
 603        /* Extract tunnel and session ID */
 604        tunnel_id = ntohs(*(__be16 *) ptr);
 605        ptr += 2;
 606        session_id = ntohs(*(__be16 *) ptr);
 607        ptr += 2;
 608
 609        /* Find the session context */
 610        session = pppol2tp_session_find(tunnel, session_id);
 611        if (!session) {
 612                /* Not found? Pass to userspace to deal with */
 613                PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
 614                       "%s: no socket found (%hu/%hu). Passing up.\n",
 615                       tunnel->name, tunnel_id, session_id);
 616                goto error;
 617        }
 618        sock_hold(session->sock);
 619
 620        /* The ref count on the socket was increased by the above call since
 621         * we now hold a pointer to the session. Take care to do sock_put()
 622         * when exiting this function from now on...
 623         */
 624
 625        /* Handle the optional sequence numbers.  If we are the LAC,
 626         * enable/disable sequence numbers under the control of the LNS.  If
 627         * no sequence numbers present but we were expecting them, discard
 628         * frame.
 629         */
 630        if (hdrflags & L2TP_HDRFLAG_S) {
 631                u16 ns, nr;
 632                ns = ntohs(*(__be16 *) ptr);
 633                ptr += 2;
 634                nr = ntohs(*(__be16 *) ptr);
 635                ptr += 2;
 636
 637                /* Received a packet with sequence numbers. If we're the LNS,
 638                 * check if we sre sending sequence numbers and if not,
 639                 * configure it so.
 640                 */
 641                if ((!session->lns_mode) && (!session->send_seq)) {
 642                        PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
 643                               "%s: requested to enable seq numbers by LNS\n",
 644                               session->name);
 645                        session->send_seq = -1;
 646                }
 647
 648                /* Store L2TP info in the skb */
 649                PPPOL2TP_SKB_CB(skb)->ns = ns;
 650                PPPOL2TP_SKB_CB(skb)->nr = nr;
 651                PPPOL2TP_SKB_CB(skb)->has_seq = 1;
 652
 653                PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
 654                       "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n",
 655                       session->name, ns, nr, session->nr);
 656        } else {
 657                /* No sequence numbers.
 658                 * If user has configured mandatory sequence numbers, discard.
 659                 */
 660                if (session->recv_seq) {
 661                        PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
 662                               "%s: recv data has no seq numbers when required. "
 663                               "Discarding\n", session->name);
 664                        session->stats.rx_seq_discards++;
 665                        goto discard;
 666                }
 667
 668                /* If we're the LAC and we're sending sequence numbers, the
 669                 * LNS has requested that we no longer send sequence numbers.
 670                 * If we're the LNS and we're sending sequence numbers, the
 671                 * LAC is broken. Discard the frame.
 672                 */
 673                if ((!session->lns_mode) && (session->send_seq)) {
 674                        PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
 675                               "%s: requested to disable seq numbers by LNS\n",
 676                               session->name);
 677                        session->send_seq = 0;
 678                } else if (session->send_seq) {
 679                        PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
 680                               "%s: recv data has no seq numbers when required. "
 681                               "Discarding\n", session->name);
 682                        session->stats.rx_seq_discards++;
 683                        goto discard;
 684                }
 685
 686                /* Store L2TP info in the skb */
 687                PPPOL2TP_SKB_CB(skb)->has_seq = 0;
 688        }
 689
 690        /* If offset bit set, skip it. */
 691        if (hdrflags & L2TP_HDRFLAG_O) {
 692                offset = ntohs(*(__be16 *)ptr);
 693                ptr += 2 + offset;
 694        }
 695
 696        offset = ptr - optr;
 697        if (!pskb_may_pull(skb, offset))
 698                goto discard;
 699
 700        __skb_pull(skb, offset);
 701
 702        /* Skip PPP header, if present.  In testing, Microsoft L2TP clients
 703         * don't send the PPP header (PPP header compression enabled), but
 704         * other clients can include the header. So we cope with both cases
 705         * here. The PPP header is always FF03 when using L2TP.
 706         *
 707         * Note that skb->data[] isn't dereferenced from a u16 ptr here since
 708         * the field may be unaligned.
 709         */
 710        if (!pskb_may_pull(skb, 2))
 711                goto discard;
 712
 713        if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
 714                skb_pull(skb, 2);
 715
 716        /* Prepare skb for adding to the session's reorder_q.  Hold
 717         * packets for max reorder_timeout or 1 second if not
 718         * reordering.
 719         */
 720        PPPOL2TP_SKB_CB(skb)->length = length;
 721        PPPOL2TP_SKB_CB(skb)->expires = jiffies +
 722                (session->reorder_timeout ? session->reorder_timeout : HZ);
 723
 724        /* Add packet to the session's receive queue. Reordering is done here, if
 725         * enabled. Saved L2TP protocol info is stored in skb->sb[].
 726         */
 727        if (PPPOL2TP_SKB_CB(skb)->has_seq) {
 728                if (session->reorder_timeout != 0) {
 729                        /* Packet reordering enabled. Add skb to session's
 730                         * reorder queue, in order of ns.
 731                         */
 732                        pppol2tp_recv_queue_skb(session, skb);
 733                } else {
 734                        /* Packet reordering disabled. Discard out-of-sequence
 735                         * packets
 736                         */
 737                        if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
 738                                session->stats.rx_seq_discards++;
 739                                PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
 740                                       "%s: oos pkt %hu len %d discarded, "
 741                                       "waiting for %hu, reorder_q_len=%d\n",
 742                                       session->name, PPPOL2TP_SKB_CB(skb)->ns,
 743                                       PPPOL2TP_SKB_CB(skb)->length, session->nr,
 744                                       skb_queue_len(&session->reorder_q));
 745                                goto discard;
 746                        }
 747                        skb_queue_tail(&session->reorder_q, skb);
 748                }
 749        } else {
 750                /* No sequence numbers. Add the skb to the tail of the
 751                 * reorder queue. This ensures that it will be
 752                 * delivered after all previous sequenced skbs.
 753                 */
 754                skb_queue_tail(&session->reorder_q, skb);
 755        }
 756
 757        /* Try to dequeue as many skbs from reorder_q as we can. */
 758        pppol2tp_recv_dequeue(session);
 759
 760        return 0;
 761
 762discard:
 763        session->stats.rx_errors++;
 764        kfree_skb(skb);
 765        sock_put(session->sock);
 766        sock_put(sock);
 767
 768        return 0;
 769
 770discard_bad_csum:
 771        LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
 772        UDP_INC_STATS_USER(&init_net, UDP_MIB_INERRORS, 0);
 773        tunnel->stats.rx_errors++;
 774        kfree_skb(skb);
 775
 776        return 0;
 777
 778error:
 779        /* Put UDP header back */
 780        __skb_push(skb, sizeof(struct udphdr));
 781        sock_put(sock);
 782
 783no_tunnel:
 784        return 1;
 785}
 786
 787/* UDP encapsulation receive handler. See net/ipv4/udp.c.
 788 * Return codes:
 789 * 0 : success.
 790 * <0: error
 791 * >0: skb should be passed up to userspace as UDP.
 792 */
 793static int pppol2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
 794{
 795        struct pppol2tp_tunnel *tunnel;
 796
 797        tunnel = pppol2tp_sock_to_tunnel(sk);
 798        if (tunnel == NULL)
 799                goto pass_up;
 800
 801        PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
 802               "%s: received %d bytes\n", tunnel->name, skb->len);
 803
 804        if (pppol2tp_recv_core(sk, skb))
 805                goto pass_up_put;
 806
 807        sock_put(sk);
 808        return 0;
 809
 810pass_up_put:
 811        sock_put(sk);
 812pass_up:
 813        return 1;
 814}
 815
 816/* Receive message. This is the recvmsg for the PPPoL2TP socket.
 817 */
 818static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
 819                            struct msghdr *msg, size_t len,
 820                            int flags)
 821{
 822        int err;
 823        struct sk_buff *skb;
 824        struct sock *sk = sock->sk;
 825
 826        err = -EIO;
 827        if (sk->sk_state & PPPOX_BOUND)
 828                goto end;
 829
 830        msg->msg_namelen = 0;
 831
 832        err = 0;
 833        skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
 834                                flags & MSG_DONTWAIT, &err);
 835        if (!skb)
 836                goto end;
 837
 838        if (len > skb->len)
 839                len = skb->len;
 840        else if (len < skb->len)
 841                msg->msg_flags |= MSG_TRUNC;
 842
 843        err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
 844        if (likely(err == 0))
 845                err = len;
 846
 847        kfree_skb(skb);
 848end:
 849        return err;
 850}
 851
 852/************************************************************************
 853 * Transmit handling
 854 ***********************************************************************/
 855
 856/* Tell how big L2TP headers are for a particular session. This
 857 * depends on whether sequence numbers are being used.
 858 */
 859static inline int pppol2tp_l2tp_header_len(struct pppol2tp_session *session)
 860{
 861        if (session->send_seq)
 862                return PPPOL2TP_L2TP_HDR_SIZE_SEQ;
 863
 864        return PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
 865}
 866
 867/* Build an L2TP header for the session into the buffer provided.
 868 */
 869static void pppol2tp_build_l2tp_header(struct pppol2tp_session *session,
 870                                       void *buf)
 871{
 872        __be16 *bufp = buf;
 873        u16 flags = L2TP_HDR_VER;
 874
 875        if (session->send_seq)
 876                flags |= L2TP_HDRFLAG_S;
 877
 878        /* Setup L2TP header.
 879         * FIXME: Can this ever be unaligned? Is direct dereferencing of
 880         * 16-bit header fields safe here for all architectures?
 881         */
 882        *bufp++ = htons(flags);
 883        *bufp++ = htons(session->tunnel_addr.d_tunnel);
 884        *bufp++ = htons(session->tunnel_addr.d_session);
 885        if (session->send_seq) {
 886                *bufp++ = htons(session->ns);
 887                *bufp++ = 0;
 888                session->ns++;
 889                PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
 890                       "%s: updated ns to %hu\n", session->name, session->ns);
 891        }
 892}
 893
 894/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket.  We come here
 895 * when a user application does a sendmsg() on the session socket. L2TP and
 896 * PPP headers must be inserted into the user's data.
 897 */
 898static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
 899                            size_t total_len)
 900{
 901        static const unsigned char ppph[2] = { 0xff, 0x03 };
 902        struct sock *sk = sock->sk;
 903        struct inet_sock *inet;
 904        __wsum csum;
 905        struct sk_buff *skb;
 906        int error;
 907        int hdr_len;
 908        struct pppol2tp_session *session;
 909        struct pppol2tp_tunnel *tunnel;
 910        struct udphdr *uh;
 911        unsigned int len;
 912        struct sock *sk_tun;
 913        u16 udp_len;
 914
 915        error = -ENOTCONN;
 916        if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
 917                goto error;
 918
 919        /* Get session and tunnel contexts */
 920        error = -EBADF;
 921        session = pppol2tp_sock_to_session(sk);
 922        if (session == NULL)
 923                goto error;
 924
 925        sk_tun = session->tunnel_sock;
 926        tunnel = pppol2tp_sock_to_tunnel(sk_tun);
 927        if (tunnel == NULL)
 928                goto error_put_sess;
 929
 930        /* What header length is configured for this session? */
 931        hdr_len = pppol2tp_l2tp_header_len(session);
 932
 933        /* Allocate a socket buffer */
 934        error = -ENOMEM;
 935        skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
 936                           sizeof(struct udphdr) + hdr_len +
 937                           sizeof(ppph) + total_len,
 938                           0, GFP_KERNEL);
 939        if (!skb)
 940                goto error_put_sess_tun;
 941
 942        /* Reserve space for headers. */
 943        skb_reserve(skb, NET_SKB_PAD);
 944        skb_reset_network_header(skb);
 945        skb_reserve(skb, sizeof(struct iphdr));
 946        skb_reset_transport_header(skb);
 947
 948        /* Build UDP header */
 949        inet = inet_sk(sk_tun);
 950        udp_len = hdr_len + sizeof(ppph) + total_len;
 951        uh = (struct udphdr *) skb->data;
 952        uh->source = inet->sport;
 953        uh->dest = inet->dport;
 954        uh->len = htons(udp_len);
 955        uh->check = 0;
 956        skb_put(skb, sizeof(struct udphdr));
 957
 958        /* Build L2TP header */
 959        pppol2tp_build_l2tp_header(session, skb->data);
 960        skb_put(skb, hdr_len);
 961
 962        /* Add PPP header */
 963        skb->data[0] = ppph[0];
 964        skb->data[1] = ppph[1];
 965        skb_put(skb, 2);
 966
 967        /* Copy user data into skb */
 968        error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
 969        if (error < 0) {
 970                kfree_skb(skb);
 971                goto error_put_sess_tun;
 972        }
 973        skb_put(skb, total_len);
 974
 975        /* Calculate UDP checksum if configured to do so */
 976        if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
 977                skb->ip_summed = CHECKSUM_NONE;
 978        else if (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM)) {
 979                skb->ip_summed = CHECKSUM_COMPLETE;
 980                csum = skb_checksum(skb, 0, udp_len, 0);
 981                uh->check = csum_tcpudp_magic(inet->saddr, inet->daddr,
 982                                              udp_len, IPPROTO_UDP, csum);
 983                if (uh->check == 0)
 984                        uh->check = CSUM_MANGLED_0;
 985        } else {
 986                skb->ip_summed = CHECKSUM_PARTIAL;
 987                skb->csum_start = skb_transport_header(skb) - skb->head;
 988                skb->csum_offset = offsetof(struct udphdr, check);
 989                uh->check = ~csum_tcpudp_magic(inet->saddr, inet->daddr,
 990                                               udp_len, IPPROTO_UDP, 0);
 991        }
 992
 993        /* Debug */
 994        if (session->send_seq)
 995                PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
 996                       "%s: send %Zd bytes, ns=%hu\n", session->name,
 997                       total_len, session->ns - 1);
 998        else
 999                PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1000                       "%s: send %Zd bytes\n", session->name, total_len);

1001
1002        if (session->debug & PPPOL2TP_MSG_DATA) {
1003                int i;
1004                unsigned char *datap = skb->data;
1005
1006                printk(KERN_DEBUG "%s: xmit:", session->name);
1007                for (i = 0; i < total_len; i++) {
1008                        printk(" %02X", *datap++);
1009                        if (i == 15) {
1010                                printk(" ...");
1011                                break;
1012                        }
1013                }
1014                printk("\n");
1015        }
1016
1017        /* Queue the packet to IP for output */
1018        len = skb->len;
1019        error = ip_queue_xmit(skb, 1);
1020
1021        /* Update stats */
1022        if (error >= 0) {
1023                tunnel->stats.tx_packets++;
1024                tunnel->stats.tx_bytes += len;
1025                session->stats.tx_packets++;
1026                session->stats.tx_bytes += len;
1027        } else {
1028                tunnel->stats.tx_errors++;
1029                session->stats.tx_errors++;
1030        }
1031
1032        return error;
1033
1034error_put_sess_tun:
1035        sock_put(session->tunnel_sock);
1036error_put_sess:
1037        sock_put(sk);
1038error:
1039        return error;
1040}
1041
1042/* Automatically called when the skb is freed.
1043 */
1044static void pppol2tp_sock_wfree(struct sk_buff *skb)
1045{
1046        sock_put(skb->sk);
1047}
1048
1049/* For data skbs that we transmit, we associate with the tunnel socket
1050 * but don't do accounting.
1051 */
1052static inline void pppol2tp_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
1053{
1054        sock_hold(sk);
1055        skb->sk = sk;
1056        skb->destructor = pppol2tp_sock_wfree;
1057}
1058
1059/* Transmit function called by generic PPP driver.  Sends PPP frame
1060 * over PPPoL2TP socket.
1061 *
1062 * This is almost the same as pppol2tp_sendmsg(), but rather than
1063 * being called with a msghdr from userspace, it is called with a skb
1064 * from the kernel.
1065 *
1066 * The supplied skb from ppp doesn't have enough headroom for the
1067 * insertion of L2TP, UDP and IP headers so we need to allocate more
1068 * headroom in the skb. This will create a cloned skb. But we must be
1069 * careful in the error case because the caller will expect to free
1070 * the skb it supplied, not our cloned skb. So we take care to always
1071 * leave the original skb unfreed if we return an error.
1072 */
1073static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
1074{
1075        static const u8 ppph[2] = { 0xff, 0x03 };
1076        struct sock *sk = (struct sock *) chan->private;
1077        struct sock *sk_tun;
1078        int hdr_len;
1079        u16 udp_len;
1080        struct pppol2tp_session *session;
1081        struct pppol2tp_tunnel *tunnel;
1082        int rc;
1083        int headroom;
1084        int data_len = skb->len;
1085        struct inet_sock *inet;
1086        __wsum csum;
1087        struct udphdr *uh;
1088        unsigned int len;
1089        int old_headroom;
1090        int new_headroom;
1091
1092        if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
1093                goto abort;
1094
1095        /* Get session and tunnel contexts from the socket */
1096        session = pppol2tp_sock_to_session(sk);
1097        if (session == NULL)
1098                goto abort;
1099
1100        sk_tun = session->tunnel_sock;
1101        if (sk_tun == NULL)
1102                goto abort_put_sess;
1103        tunnel = pppol2tp_sock_to_tunnel(sk_tun);
1104        if (tunnel == NULL)
1105                goto abort_put_sess;
1106
1107        /* What header length is configured for this session? */
1108        hdr_len = pppol2tp_l2tp_header_len(session);
1109
1110        /* Check that there's enough headroom in the skb to insert IP,
1111         * UDP and L2TP and PPP headers. If not enough, expand it to
1112         * make room. Adjust truesize.
1113         */
1114        headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1115                sizeof(struct udphdr) + hdr_len + sizeof(ppph);
1116        old_headroom = skb_headroom(skb);
1117        if (skb_cow_head(skb, headroom))
1118                goto abort_put_sess_tun;
1119
1120        new_headroom = skb_headroom(skb);
1121        skb_orphan(skb);
1122        skb->truesize += new_headroom - old_headroom;
1123
1124        /* Setup PPP header */
1125        __skb_push(skb, sizeof(ppph));
1126        skb->data[0] = ppph[0];
1127        skb->data[1] = ppph[1];
1128
1129        /* Setup L2TP header */
1130        pppol2tp_build_l2tp_header(session, __skb_push(skb, hdr_len));
1131
1132        udp_len = sizeof(struct udphdr) + hdr_len + sizeof(ppph) + data_len;
1133
1134        /* Setup UDP header */
1135        inet = inet_sk(sk_tun);
1136        __skb_push(skb, sizeof(*uh));
1137        skb_reset_transport_header(skb);
1138        uh = udp_hdr(skb);
1139        uh->source = inet->sport;
1140        uh->dest = inet->dport;
1141        uh->len = htons(udp_len);
1142        uh->check = 0;
1143
1144        /* Debug */
1145        if (session->send_seq)
1146                PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1147                       "%s: send %d bytes, ns=%hu\n", session->name,
1148                       data_len, session->ns - 1);
1149        else
1150                PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1151                       "%s: send %d bytes\n", session->name, data_len);
1152
1153        if (session->debug & PPPOL2TP_MSG_DATA) {
1154                int i;
1155                unsigned char *datap = skb->data;
1156
1157                printk(KERN_DEBUG "%s: xmit:", session->name);
1158                for (i = 0; i < data_len; i++) {
1159                        printk(" %02X", *datap++);
1160                        if (i == 31) {
1161                                printk(" ...");
1162                                break;
1163                        }
1164                }
1165                printk("\n");
1166        }
1167
1168        memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1169        IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1170                              IPSKB_REROUTED);
1171        nf_reset(skb);
1172
1173        /* Get routing info from the tunnel socket */
1174        skb_dst_drop(skb);
1175        skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun)));
1176        pppol2tp_skb_set_owner_w(skb, sk_tun);
1177
1178        /* Calculate UDP checksum if configured to do so */
1179        if (sk_tun->sk_no_check == UDP_CSUM_NOXMIT)
1180                skb->ip_summed = CHECKSUM_NONE;
1181        else if (!(skb_dst(skb)->dev->features & NETIF_F_V4_CSUM)) {
1182                skb->ip_summed = CHECKSUM_COMPLETE;
1183                csum = skb_checksum(skb, 0, udp_len, 0);
1184                uh->check = csum_tcpudp_magic(inet->saddr, inet->daddr,
1185                                              udp_len, IPPROTO_UDP, csum);
1186                if (uh->check == 0)
1187                        uh->check = CSUM_MANGLED_0;
1188        } else {
1189                skb->ip_summed = CHECKSUM_PARTIAL;
1190                skb->csum_start = skb_transport_header(skb) - skb->head;
1191                skb->csum_offset = offsetof(struct udphdr, check);
1192                uh->check = ~csum_tcpudp_magic(inet->saddr, inet->daddr,
1193                                               udp_len, IPPROTO_UDP, 0);
1194        }
1195
1196        /* Queue the packet to IP for output */
1197        len = skb->len;
1198        rc = ip_queue_xmit(skb, 1);
1199
1200        /* Update stats */
1201        if (rc >= 0) {
1202                tunnel->stats.tx_packets++;
1203                tunnel->stats.tx_bytes += len;
1204                session->stats.tx_packets++;
1205                session->stats.tx_bytes += len;
1206        } else {
1207                tunnel->stats.tx_errors++;
1208                session->stats.tx_errors++;
1209        }
1210
1211        sock_put(sk_tun);
1212        sock_put(sk);
1213        return 1;
1214
1215abort_put_sess_tun:
1216        sock_put(sk_tun);
1217abort_put_sess:
1218        sock_put(sk);
1219abort:
1220        /* Free the original skb */
1221        kfree_skb(skb);
1222        return 1;
1223}
1224
1225/*****************************************************************************
1226 * Session (and tunnel control) socket create/destroy.
1227 *****************************************************************************/
1228
1229/* When the tunnel UDP socket is closed, all the attached sockets need to go
1230 * too.
1231 */
1232static void pppol2tp_tunnel_closeall(struct pppol2tp_tunnel *tunnel)
1233{
1234        int hash;
1235        struct hlist_node *walk;
1236        struct hlist_node *tmp;
1237        struct pppol2tp_session *session;
1238        struct sock *sk;
1239
1240        BUG_ON(tunnel == NULL);
1241
1242        PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1243               "%s: closing all sessions...\n", tunnel->name);
1244
1245        write_lock_bh(&tunnel->hlist_lock);
1246        for (hash = 0; hash < PPPOL2TP_HASH_SIZE; hash++) {
1247again:
1248                hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1249                        struct sk_buff *skb;
1250
1251                        session = hlist_entry(walk, struct pppol2tp_session, hlist);
1252
1253                        sk = session->sock;
1254
1255                        PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1256                               "%s: closing session\n", session->name);
1257
1258                        hlist_del_init(&session->hlist);
1259
1260                        /* Since we should hold the sock lock while
1261                         * doing any unbinding, we need to release the
1262                         * lock we're holding before taking that lock.
1263                         * Hold a reference to the sock so it doesn't
1264                         * disappear as we're jumping between locks.
1265                         */
1266                        sock_hold(sk);
1267                        write_unlock_bh(&tunnel->hlist_lock);
1268                        lock_sock(sk);
1269
1270                        if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
1271                                pppox_unbind_sock(sk);
1272                                sk->sk_state = PPPOX_DEAD;
1273                                sk->sk_state_change(sk);
1274                        }
1275
1276                        /* Purge any queued data */
1277                        skb_queue_purge(&sk->sk_receive_queue);
1278                        skb_queue_purge(&sk->sk_write_queue);
1279                        while ((skb = skb_dequeue(&session->reorder_q))) {
1280                                kfree_skb(skb);
1281                                sock_put(sk);
1282                        }
1283
1284                        release_sock(sk);
1285                        sock_put(sk);
1286
1287                        /* Now restart from the beginning of this hash
1288                         * chain.  We always remove a session from the
1289                         * list so we are guaranteed to make forward
1290                         * progress.
1291                         */
1292                        write_lock_bh(&tunnel->hlist_lock);
1293                        goto again;
1294                }
1295        }
1296        write_unlock_bh(&tunnel->hlist_lock);
1297}
1298
1299/* Really kill the tunnel.
1300 * Come here only when all sessions have been cleared from the tunnel.
1301 */
1302static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel)
1303{
1304        struct pppol2tp_net *pn = pppol2tp_pernet(tunnel->pppol2tp_net);
1305
1306        /* Remove from socket list */
1307        write_lock_bh(&pn->pppol2tp_tunnel_list_lock);
1308        list_del_init(&tunnel->list);
1309        write_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
1310
1311        atomic_dec(&pppol2tp_tunnel_count);
1312        kfree(tunnel);
1313}
1314
1315/* Tunnel UDP socket destruct hook.
1316 * The tunnel context is deleted only when all session sockets have been
1317 * closed.
1318 */
1319static void pppol2tp_tunnel_destruct(struct sock *sk)
1320{
1321        struct pppol2tp_tunnel *tunnel;
1322
1323        tunnel = sk->sk_user_data;
1324        if (tunnel == NULL)
1325                goto end;
1326
1327        PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1328               "%s: closing...\n", tunnel->name);
1329
1330        /* Close all sessions */
1331        pppol2tp_tunnel_closeall(tunnel);
1332
1333        /* No longer an encapsulation socket. See net/ipv4/udp.c */
1334        (udp_sk(sk))->encap_type = 0;
1335        (udp_sk(sk))->encap_rcv = NULL;
1336
1337        /* Remove hooks into tunnel socket */
1338        tunnel->sock = NULL;
1339        sk->sk_destruct = tunnel->old_sk_destruct;
1340        sk->sk_user_data = NULL;
1341
1342        /* Call original (UDP) socket descructor */
1343        if (sk->sk_destruct != NULL)
1344                (*sk->sk_destruct)(sk);
1345
1346        pppol2tp_tunnel_dec_refcount(tunnel);
1347
1348end:
1349        return;
1350}
1351
1352/* Really kill the session socket. (Called from sock_put() if
1353 * refcnt == 0.)
1354 */
1355static void pppol2tp_session_destruct(struct sock *sk)
1356{
1357        struct pppol2tp_session *session = NULL;
1358
1359        if (sk->sk_user_data != NULL) {
1360                struct pppol2tp_tunnel *tunnel;
1361
1362                session = sk->sk_user_data;
1363                if (session == NULL)
1364                        goto out;
1365
1366                BUG_ON(session->magic != L2TP_SESSION_MAGIC);
1367
1368                /* Don't use pppol2tp_sock_to_tunnel() here to
1369                 * get the tunnel context because the tunnel
1370                 * socket might have already been closed (its
1371                 * sk->sk_user_data will be NULL) so use the
1372                 * session's private tunnel ptr instead.
1373                 */
1374                tunnel = session->tunnel;
1375                if (tunnel != NULL) {
1376                        BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1377
1378                        /* If session_id is zero, this is a null
1379                         * session context, which was created for a
1380                         * socket that is being used only to manage
1381                         * tunnels.
1382                         */
1383                        if (session->tunnel_addr.s_session != 0) {
1384                                /* Delete the session socket from the
1385                                 * hash
1386                                 */
1387                                write_lock_bh(&tunnel->hlist_lock);
1388                                hlist_del_init(&session->hlist);
1389                                write_unlock_bh(&tunnel->hlist_lock);
1390
1391                                atomic_dec(&pppol2tp_session_count);
1392                        }
1393
1394                        /* This will delete the tunnel context if this
1395                         * is the last session on the tunnel.
1396                         */
1397                        session->tunnel = NULL;
1398                        session->tunnel_sock = NULL;
1399                        pppol2tp_tunnel_dec_refcount(tunnel);
1400                }
1401        }
1402
1403        kfree(session);
1404out:
1405        return;
1406}
1407
1408/* Called when the PPPoX socket (session) is closed.
1409 */
1410static int pppol2tp_release(struct socket *sock)
1411{
1412        struct sock *sk = sock->sk;
1413        struct pppol2tp_session *session;
1414        int error;
1415
1416        if (!sk)
1417                return 0;
1418
1419        error = -EBADF;
1420        lock_sock(sk);
1421        if (sock_flag(sk, SOCK_DEAD) != 0)
1422                goto error;
1423
1424        pppox_unbind_sock(sk);
1425
1426        /* Signal the death of the socket. */
1427        sk->sk_state = PPPOX_DEAD;
1428        sock_orphan(sk);
1429        sock->sk = NULL;
1430
1431        session = pppol2tp_sock_to_session(sk);
1432
1433        /* Purge any queued data */
1434        skb_queue_purge(&sk->sk_receive_queue);
1435        skb_queue_purge(&sk->sk_write_queue);
1436        if (session != NULL) {
1437                struct sk_buff *skb;
1438                while ((skb = skb_dequeue(&session->reorder_q))) {
1439                        kfree_skb(skb);
1440                        sock_put(sk);
1441                }
1442                sock_put(sk);
1443        }
1444
1445        release_sock(sk);
1446
1447        /* This will delete the session context via
1448         * pppol2tp_session_destruct() if the socket's refcnt drops to
1449         * zero.
1450         */
1451        sock_put(sk);
1452
1453        return 0;
1454
1455error:
1456        release_sock(sk);
1457        return error;
1458}
1459
1460/* Internal function to prepare a tunnel (UDP) socket to have PPPoX
1461 * sockets attached to it.
1462 */
1463static struct sock *pppol2tp_prepare_tunnel_socket(struct net *net,
1464                                        int fd, u16 tunnel_id, int *error)
1465{
1466        int err;
1467        struct socket *sock = NULL;
1468        struct sock *sk;
1469        struct pppol2tp_tunnel *tunnel;
1470        struct pppol2tp_net *pn;
1471        struct sock *ret = NULL;
1472
1473        /* Get the tunnel UDP socket from the fd, which was opened by
1474         * the userspace L2TP daemon.
1475         */
1476        err = -EBADF;
1477        sock = sockfd_lookup(fd, &err);
1478        if (!sock) {
1479                PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1480                       "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1481                       tunnel_id, fd, err);
1482                goto err;
1483        }
1484
1485        sk = sock->sk;
1486
1487        /* Quick sanity checks */
1488        err = -EPROTONOSUPPORT;
1489        if (sk->sk_protocol != IPPROTO_UDP) {
1490                PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1491                       "tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1492                       tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1493                goto err;
1494        }
1495        err = -EAFNOSUPPORT;
1496        if (sock->ops->family != AF_INET) {
1497                PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1498                       "tunl %hu: fd %d wrong family, got %d, expected %d\n",
1499                       tunnel_id, fd, sock->ops->family, AF_INET);
1500                goto err;
1501        }
1502
1503        err = -ENOTCONN;
1504
1505        /* Check if this socket has already been prepped */
1506        tunnel = (struct pppol2tp_tunnel *)sk->sk_user_data;
1507        if (tunnel != NULL) {
1508                /* User-data field already set */
1509                err = -EBUSY;
1510                BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1511
1512                /* This socket has already been prepped */
1513                ret = tunnel->sock;
1514                goto out;
1515        }
1516
1517        /* This socket is available and needs prepping. Create a new tunnel
1518         * context and init it.
1519         */
1520        sk->sk_user_data = tunnel = kzalloc(sizeof(struct pppol2tp_tunnel), GFP_KERNEL);
1521        if (sk->sk_user_data == NULL) {
1522                err = -ENOMEM;
1523                goto err;
1524        }
1525
1526        tunnel->magic = L2TP_TUNNEL_MAGIC;
1527        sprintf(&tunnel->name[0], "tunl %hu", tunnel_id);
1528
1529        tunnel->stats.tunnel_id = tunnel_id;
1530        tunnel->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS;
1531
1532        /* Hook on the tunnel socket destructor so that we can cleanup
1533         * if the tunnel socket goes away.
1534         */
1535        tunnel->old_sk_destruct = sk->sk_destruct;
1536        sk->sk_destruct = &pppol2tp_tunnel_destruct;
1537
1538        tunnel->sock = sk;
1539        sk->sk_allocation = GFP_ATOMIC;
1540
1541        /* Misc init */
1542        rwlock_init(&tunnel->hlist_lock);
1543
1544        /* The net we belong to */
1545        tunnel->pppol2tp_net = net;
1546        pn = pppol2tp_pernet(net);
1547
1548        /* Add tunnel to our list */
1549        INIT_LIST_HEAD(&tunnel->list);
1550        write_lock_bh(&pn->pppol2tp_tunnel_list_lock);
1551        list_add(&tunnel->list, &pn->pppol2tp_tunnel_list);
1552        write_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
1553        atomic_inc(&pppol2tp_tunnel_count);
1554
1555        /* Bump the reference count. The tunnel context is deleted
1556         * only when this drops to zero.
1557         */
1558        pppol2tp_tunnel_inc_refcount(tunnel);
1559
1560        /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1561        (udp_sk(sk))->encap_type = UDP_ENCAP_L2TPINUDP;
1562        (udp_sk(sk))->encap_rcv = pppol2tp_udp_encap_recv;
1563
1564        ret = tunnel->sock;
1565
1566        *error = 0;
1567out:
1568        if (sock)
1569                sockfd_put(sock);
1570
1571        return ret;
1572
1573err:
1574        *error = err;
1575        goto out;
1576}
1577
1578static struct proto pppol2tp_sk_proto = {
1579        .name     = "PPPOL2TP",
1580        .owner    = THIS_MODULE,
1581        .obj_size = sizeof(struct pppox_sock),
1582};
1583
1584/* socket() handler. Initialize a new struct sock.
1585 */
1586static int pppol2tp_create(struct net *net, struct socket *sock)
1587{
1588        int error = -ENOMEM;
1589        struct sock *sk;
1590
1591        sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto);
1592        if (!sk)
1593                goto out;
1594
1595        sock_init_data(sock, sk);
1596
1597        sock->state  = SS_UNCONNECTED;
1598        sock->ops    = &pppol2tp_ops;
1599
1600        sk->sk_backlog_rcv = pppol2tp_recv_core;
1601        sk->sk_protocol    = PX_PROTO_OL2TP;
1602        sk->sk_family      = PF_PPPOX;
1603        sk->sk_state       = PPPOX_NONE;
1604        sk->sk_type        = SOCK_STREAM;
1605        sk->sk_destruct    = pppol2tp_session_destruct;
1606
1607        error = 0;
1608
1609out:
1610        return error;
1611}
1612
1613/* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
1614 */
1615static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
1616                            int sockaddr_len, int flags)
1617{
1618        struct sock *sk = sock->sk;
1619        struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
1620        struct pppox_sock *po = pppox_sk(sk);
1621        struct sock *tunnel_sock = NULL;
1622        struct pppol2tp_session *session = NULL;
1623        struct pppol2tp_tunnel *tunnel;
1624        struct dst_entry *dst;
1625        int error = 0;
1626
1627        lock_sock(sk);
1628
1629        error = -EINVAL;
1630        if (sp->sa_protocol != PX_PROTO_OL2TP)
1631                goto end;
1632
1633        /* Check for already bound sockets */
1634        error = -EBUSY;
1635        if (sk->sk_state & PPPOX_CONNECTED)
1636                goto end;
1637
1638        /* We don't supporting rebinding anyway */
1639        error = -EALREADY;
1640        if (sk->sk_user_data)
1641                goto end; /* socket is already attached */
1642
1643        /* Don't bind if s_tunnel is 0 */
1644        error = -EINVAL;
1645        if (sp->pppol2tp.s_tunnel == 0)
1646                goto end;
1647
1648        /* Special case: prepare tunnel socket if s_session and
1649         * d_session is 0. Otherwise look up tunnel using supplied
1650         * tunnel id.
1651         */
1652        if ((sp->pppol2tp.s_session == 0) && (sp->pppol2tp.d_session == 0)) {
1653                tunnel_sock = pppol2tp_prepare_tunnel_socket(sock_net(sk),
1654                                                             sp->pppol2tp.fd,
1655                                                             sp->pppol2tp.s_tunnel,
1656                                                             &error);
1657                if (tunnel_sock == NULL)
1658                        goto end;
1659
1660                tunnel = tunnel_sock->sk_user_data;
1661        } else {
1662                tunnel = pppol2tp_tunnel_find(sock_net(sk), sp->pppol2tp.s_tunnel);
1663
1664                /* Error if we can't find the tunnel */
1665                error = -ENOENT;
1666                if (tunnel == NULL)
1667                        goto end;
1668
1669                tunnel_sock = tunnel->sock;
1670        }
1671
1672        /* Check that this session doesn't already exist */
1673        error = -EEXIST;
1674        session = pppol2tp_session_find(tunnel, sp->pppol2tp.s_session);
1675        if (session != NULL)
1676                goto end;
1677
1678        /* Allocate and initialize a new session context. */
1679        session = kzalloc(sizeof(struct pppol2tp_session), GFP_KERNEL);
1680        if (session == NULL) {
1681                error = -ENOMEM;
1682                goto end;
1683        }
1684
1685        skb_queue_head_init(&session->reorder_q);
1686
1687        session->magic       = L2TP_SESSION_MAGIC;
1688        session->owner       = current->pid;
1689        session->sock        = sk;
1690        session->tunnel      = tunnel;
1691        session->tunnel_sock = tunnel_sock;
1692        session->tunnel_addr = sp->pppol2tp;
1693        sprintf(&session->name[0], "sess %hu/%hu",
1694                session->tunnel_addr.s_tunnel,
1695                session->tunnel_addr.s_session);
1696
1697        session->stats.tunnel_id  = session->tunnel_addr.s_tunnel;
1698        session->stats.session_id = session->tunnel_addr.s_session;
1699
1700        INIT_HLIST_NODE(&session->hlist);
1701
1702        /* Inherit debug options from tunnel */
1703        session->debug = tunnel->debug;
1704
1705        /* Default MTU must allow space for UDP/L2TP/PPP
1706         * headers.
1707         */
1708        session->mtu = session->mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
1709
1710        /* If PMTU discovery was enabled, use the MTU that was discovered */
1711        dst = sk_dst_get(sk);
1712        if (dst != NULL) {
1713                u32 pmtu = dst_mtu(__sk_dst_get(sk));
1714                if (pmtu != 0)
1715                        session->mtu = session->mru = pmtu -
1716                                PPPOL2TP_HEADER_OVERHEAD;
1717                dst_release(dst);
1718        }
1719
1720        /* Special case: if source & dest session_id == 0x0000, this socket is
1721         * being created to manage the tunnel. Don't add the session to the
1722         * session hash list, just set up the internal context for use by
1723         * ioctl() and sockopt() handlers.
1724         */
1725        if ((session->tunnel_addr.s_session == 0) &&
1726            (session->tunnel_addr.d_session == 0)) {
1727                error = 0;
1728                sk->sk_user_data = session;
1729                goto out_no_ppp;
1730        }
1731
1732        /* Get tunnel context from the tunnel socket */
1733        tunnel = pppol2tp_sock_to_tunnel(tunnel_sock);
1734        if (tunnel == NULL) {
1735                error = -EBADF;
1736                goto end;
1737        }
1738
1739        /* Right now, because we don't have a way to push the incoming skb's
1740         * straight through the UDP layer, the only header we need to worry
1741         * about is the L2TP header. This size is different depending on
1742         * whether sequence numbers are enabled for the data channel.
1743         */
1744        po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1745
1746        po->chan.private = sk;
1747        po->chan.ops     = &pppol2tp_chan_ops;
1748        po->chan.mtu     = session->mtu;
1749
1750        error = ppp_register_net_channel(sock_net(sk), &po->chan);
1751        if (error)
1752                goto end_put_tun;
1753
1754        /* This is how we get the session context from the socket. */
1755        sk->sk_user_data = session;
1756
1757        /* Add session to the tunnel's hash list */
1758        write_lock_bh(&tunnel->hlist_lock);
1759        hlist_add_head(&session->hlist,
1760                       pppol2tp_session_id_hash(tunnel,
1761                                                session->tunnel_addr.s_session));
1762        write_unlock_bh(&tunnel->hlist_lock);
1763
1764        atomic_inc(&pppol2tp_session_count);
1765
1766out_no_ppp:
1767        pppol2tp_tunnel_inc_refcount(tunnel);
1768        sk->sk_state = PPPOX_CONNECTED;
1769        PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1770               "%s: created\n", session->name);
1771
1772end_put_tun:
1773        sock_put(tunnel_sock);
1774end:
1775        release_sock(sk);
1776
1777        if (error != 0) {
1778                if (session)
1779                        PRINTK(session->debug,
1780                                PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1781                                "%s: connect failed: %d\n",
1782                                session->name, error);
1783                else
1784                        PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
1785                                "connect failed: %d\n", error);
1786        }
1787
1788        return error;
1789}
1790
1791/* getname() support.
1792 */
1793static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
1794                            int *usockaddr_len, int peer)
1795{
1796        int len = sizeof(struct sockaddr_pppol2tp);
1797        struct sockaddr_pppol2tp sp;
1798        int error = 0;
1799        struct pppol2tp_session *session;
1800
1801        error = -ENOTCONN;
1802        if (sock->sk->sk_state != PPPOX_CONNECTED)
1803                goto end;
1804
1805        session = pppol2tp_sock_to_session(sock->sk);
1806        if (session == NULL) {
1807                error = -EBADF;
1808                goto end;
1809        }
1810
1811        sp.sa_family    = AF_PPPOX;
1812        sp.sa_protocol  = PX_PROTO_OL2TP;
1813        memcpy(&sp.pppol2tp, &session->tunnel_addr,
1814               sizeof(struct pppol2tp_addr));
1815
1816        memcpy(uaddr, &sp, len);
1817
1818        *usockaddr_len = len;
1819
1820        error = 0;
1821        sock_put(sock->sk);
1822
1823end:
1824        return error;
1825}
1826
1827/****************************************************************************
1828 * ioctl() handlers.
1829 *
1830 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1831 * sockets. However, in order to control kernel tunnel features, we allow
1832 * userspace to create a special "tunnel" PPPoX socket which is used for
1833 * control only.  Tunnel PPPoX sockets have session_id == 0 and simply allow
1834 * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1835 * calls.
1836 ****************************************************************************/
1837
1838/* Session ioctl helper.
1839 */
1840static int pppol2tp_session_ioctl(struct pppol2tp_session *session,
1841                                  unsigned int cmd, unsigned long arg)
1842{
1843        struct ifreq ifr;
1844        int err = 0;
1845        struct sock *sk = session->sock;
1846        int val = (int) arg;
1847
1848        PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1849               "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1850               session->name, cmd, arg);
1851
1852        sock_hold(sk);
1853
1854        switch (cmd) {
1855        case SIOCGIFMTU:
1856                err = -ENXIO;
1857                if (!(sk->sk_state & PPPOX_CONNECTED))
1858                        break;
1859
1860                err = -EFAULT;
1861                if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1862                        break;
1863                ifr.ifr_mtu = session->mtu;
1864                if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
1865                        break;
1866
1867                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1868                       "%s: get mtu=%d\n", session->name, session->mtu);
1869                err = 0;
1870                break;
1871
1872        case SIOCSIFMTU:
1873                err = -ENXIO;
1874                if (!(sk->sk_state & PPPOX_CONNECTED))
1875                        break;
1876
1877                err = -EFAULT;
1878                if (copy_from_user(&ifr, (void __user *) arg, sizeof(struct ifreq)))
1879                        break;
1880
1881                session->mtu = ifr.ifr_mtu;
1882
1883                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1884                       "%s: set mtu=%d\n", session->name, session->mtu);
1885                err = 0;
1886                break;
1887
1888        case PPPIOCGMRU:
1889                err = -ENXIO;
1890                if (!(sk->sk_state & PPPOX_CONNECTED))
1891                        break;
1892
1893                err = -EFAULT;
1894                if (put_user(session->mru, (int __user *) arg))
1895                        break;
1896
1897                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1898                       "%s: get mru=%d\n", session->name, session->mru);
1899                err = 0;
1900                break;
1901
1902        case PPPIOCSMRU:
1903                err = -ENXIO;
1904                if (!(sk->sk_state & PPPOX_CONNECTED))
1905                        break;
1906
1907                err = -EFAULT;
1908                if (get_user(val,(int __user *) arg))
1909                        break;
1910
1911                session->mru = val;
1912                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1913                       "%s: set mru=%d\n", session->name, session->mru);
1914                err = 0;
1915                break;
1916
1917        case PPPIOCGFLAGS:
1918                err = -EFAULT;
1919                if (put_user(session->flags, (int __user *) arg))
1920                        break;
1921
1922                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1923                       "%s: get flags=%d\n", session->name, session->flags);
1924                err = 0;
1925                break;
1926
1927        case PPPIOCSFLAGS:
1928                err = -EFAULT;
1929                if (get_user(val, (int __user *) arg))
1930                        break;
1931                session->flags = val;
1932                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1933                       "%s: set flags=%d\n", session->name, session->flags);
1934                err = 0;
1935                break;
1936
1937        case PPPIOCGL2TPSTATS:
1938                err = -ENXIO;
1939                if (!(sk->sk_state & PPPOX_CONNECTED))
1940                        break;
1941
1942                if (copy_to_user((void __user *) arg, &session->stats,
1943                                 sizeof(session->stats)))
1944                        break;
1945                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1946                       "%s: get L2TP stats\n", session->name);
1947                err = 0;
1948                break;
1949
1950        default:
1951                err = -ENOSYS;
1952                break;
1953        }
1954
1955        sock_put(sk);
1956
1957        return err;
1958}
1959
1960/* Tunnel ioctl helper.
1961 *
1962 * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1963 * specifies a session_id, the session ioctl handler is called. This allows an
1964 * application to retrieve session stats via a tunnel socket.
1965 */
1966static int pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel *tunnel,
1967                                 unsigned int cmd, unsigned long arg)
1968{
1969        int err = 0;
1970        struct sock *sk = tunnel->sock;
1971        struct pppol2tp_ioc_stats stats_req;
1972
1973        PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1974               "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", tunnel->name,
1975               cmd, arg);
1976
1977        sock_hold(sk);
1978
1979        switch (cmd) {
1980        case PPPIOCGL2TPSTATS:
1981                err = -ENXIO;
1982                if (!(sk->sk_state & PPPOX_CONNECTED))
1983                        break;
1984
1985                if (copy_from_user(&stats_req, (void __user *) arg,
1986                                   sizeof(stats_req))) {
1987                        err = -EFAULT;
1988                        break;
1989                }
1990                if (stats_req.session_id != 0) {
1991                        /* resend to session ioctl handler */
1992                        struct pppol2tp_session *session =
1993                                pppol2tp_session_find(tunnel, stats_req.session_id);
1994                        if (session != NULL)
1995                                err = pppol2tp_session_ioctl(session, cmd, arg);
1996                        else
1997                                err = -EBADR;
1998                        break;
1999                }
2000#ifdef CONFIG_XFRM

2001                tunnel->stats.using_ipsec = (sk->sk_policy[0] || sk->sk_policy[1]) ? 1 : 0;
2002#endif
2003                if (copy_to_user((void __user *) arg, &tunnel->stats,
2004                                 sizeof(tunnel->stats))) {
2005                        err = -EFAULT;
2006                        break;
2007                }
2008                PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2009                       "%s: get L2TP stats\n", tunnel->name);
2010                err = 0;
2011                break;
2012
2013        default:
2014                err = -ENOSYS;
2015                break;
2016        }
2017
2018        sock_put(sk);
2019
2020        return err;
2021}
2022
2023/* Main ioctl() handler.
2024 * Dispatch to tunnel or session helpers depending on the socket.
2025 */
2026static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
2027                          unsigned long arg)
2028{
2029        struct sock *sk = sock->sk;
2030        struct pppol2tp_session *session;
2031        struct pppol2tp_tunnel *tunnel;
2032        int err;
2033
2034        if (!sk)
2035                return 0;
2036
2037        err = -EBADF;
2038        if (sock_flag(sk, SOCK_DEAD) != 0)
2039                goto end;
2040
2041        err = -ENOTCONN;
2042        if ((sk->sk_user_data == NULL) ||
2043            (!(sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND))))
2044                goto end;
2045
2046        /* Get session context from the socket */
2047        err = -EBADF;
2048        session = pppol2tp_sock_to_session(sk);
2049        if (session == NULL)
2050                goto end;
2051
2052        /* Special case: if session's session_id is zero, treat ioctl as a
2053         * tunnel ioctl
2054         */
2055        if ((session->tunnel_addr.s_session == 0) &&
2056            (session->tunnel_addr.d_session == 0)) {
2057                err = -EBADF;
2058                tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2059                if (tunnel == NULL)
2060                        goto end_put_sess;
2061
2062                err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
2063                sock_put(session->tunnel_sock);
2064                goto end_put_sess;
2065        }
2066
2067        err = pppol2tp_session_ioctl(session, cmd, arg);
2068
2069end_put_sess:
2070        sock_put(sk);
2071end:
2072        return err;
2073}
2074
2075/*****************************************************************************
2076 * setsockopt() / getsockopt() support.
2077 *
2078 * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
2079 * sockets. In order to control kernel tunnel features, we allow userspace to
2080 * create a special "tunnel" PPPoX socket which is used for control only.
2081 * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
2082 * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
2083 *****************************************************************************/
2084
2085/* Tunnel setsockopt() helper.
2086 */
2087static int pppol2tp_tunnel_setsockopt(struct sock *sk,
2088                                      struct pppol2tp_tunnel *tunnel,
2089                                      int optname, int val)
2090{
2091        int err = 0;
2092
2093        switch (optname) {
2094        case PPPOL2TP_SO_DEBUG:
2095                tunnel->debug = val;
2096                PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2097                       "%s: set debug=%x\n", tunnel->name, tunnel->debug);
2098                break;
2099
2100        default:
2101                err = -ENOPROTOOPT;
2102                break;
2103        }
2104
2105        return err;
2106}
2107
2108/* Session setsockopt helper.
2109 */
2110static int pppol2tp_session_setsockopt(struct sock *sk,
2111                                       struct pppol2tp_session *session,
2112                                       int optname, int val)
2113{
2114        int err = 0;
2115
2116        switch (optname) {
2117        case PPPOL2TP_SO_RECVSEQ:
2118                if ((val != 0) && (val != 1)) {
2119                        err = -EINVAL;
2120                        break;
2121                }
2122                session->recv_seq = val ? -1 : 0;
2123                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2124                       "%s: set recv_seq=%d\n", session->name,
2125                       session->recv_seq);
2126                break;
2127
2128        case PPPOL2TP_SO_SENDSEQ:
2129                if ((val != 0) && (val != 1)) {
2130                        err = -EINVAL;
2131                        break;
2132                }
2133                session->send_seq = val ? -1 : 0;
2134                {
2135                        struct sock *ssk      = session->sock;
2136                        struct pppox_sock *po = pppox_sk(ssk);
2137                        po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
2138                                PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
2139                }
2140                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2141                       "%s: set send_seq=%d\n", session->name, session->send_seq);
2142                break;
2143
2144        case PPPOL2TP_SO_LNSMODE:
2145                if ((val != 0) && (val != 1)) {
2146                        err = -EINVAL;
2147                        break;
2148                }
2149                session->lns_mode = val ? -1 : 0;
2150                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2151                       "%s: set lns_mode=%d\n", session->name,
2152                       session->lns_mode);
2153                break;
2154
2155        case PPPOL2TP_SO_DEBUG:
2156                session->debug = val;
2157                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2158                       "%s: set debug=%x\n", session->name, session->debug);
2159                break;
2160
2161        case PPPOL2TP_SO_REORDERTO:
2162                session->reorder_timeout = msecs_to_jiffies(val);
2163                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2164                       "%s: set reorder_timeout=%d\n", session->name,
2165                       session->reorder_timeout);
2166                break;
2167
2168        default:
2169                err = -ENOPROTOOPT;
2170                break;
2171        }
2172
2173        return err;
2174}
2175
2176/* Main setsockopt() entry point.
2177 * Does API checks, then calls either the tunnel or session setsockopt
2178 * handler, according to whether the PPPoL2TP socket is a for a regular
2179 * session or the special tunnel type.
2180 */
2181static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
2182                               char __user *optval, unsigned int optlen)
2183{
2184        struct sock *sk = sock->sk;
2185        struct pppol2tp_session *session = sk->sk_user_data;
2186        struct pppol2tp_tunnel *tunnel;
2187        int val;
2188        int err;
2189
2190        if (level != SOL_PPPOL2TP)
2191                return udp_prot.setsockopt(sk, level, optname, optval, optlen);
2192
2193        if (optlen < sizeof(int))
2194                return -EINVAL;
2195
2196        if (get_user(val, (int __user *)optval))
2197                return -EFAULT;
2198
2199        err = -ENOTCONN;
2200        if (sk->sk_user_data == NULL)
2201                goto end;
2202
2203        /* Get session context from the socket */
2204        err = -EBADF;
2205        session = pppol2tp_sock_to_session(sk);
2206        if (session == NULL)
2207                goto end;
2208
2209        /* Special case: if session_id == 0x0000, treat as operation on tunnel
2210         */
2211        if ((session->tunnel_addr.s_session == 0) &&
2212            (session->tunnel_addr.d_session == 0)) {
2213                err = -EBADF;
2214                tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2215                if (tunnel == NULL)
2216                        goto end_put_sess;
2217
2218                err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
2219                sock_put(session->tunnel_sock);
2220        } else
2221                err = pppol2tp_session_setsockopt(sk, session, optname, val);
2222
2223        err = 0;
2224
2225end_put_sess:
2226        sock_put(sk);
2227end:
2228        return err;
2229}
2230
2231/* Tunnel getsockopt helper. Called with sock locked.
2232 */
2233static int pppol2tp_tunnel_getsockopt(struct sock *sk,
2234                                      struct pppol2tp_tunnel *tunnel,
2235                                      int optname, int *val)
2236{
2237        int err = 0;
2238
2239        switch (optname) {
2240        case PPPOL2TP_SO_DEBUG:
2241                *val = tunnel->debug;
2242                PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2243                       "%s: get debug=%x\n", tunnel->name, tunnel->debug);
2244                break;
2245
2246        default:
2247                err = -ENOPROTOOPT;
2248                break;
2249        }
2250
2251        return err;
2252}
2253
2254/* Session getsockopt helper. Called with sock locked.
2255 */
2256static int pppol2tp_session_getsockopt(struct sock *sk,
2257                                       struct pppol2tp_session *session,
2258                                       int optname, int *val)
2259{
2260        int err = 0;
2261
2262        switch (optname) {
2263        case PPPOL2TP_SO_RECVSEQ:
2264                *val = session->recv_seq;
2265                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2266                       "%s: get recv_seq=%d\n", session->name, *val);
2267                break;
2268
2269        case PPPOL2TP_SO_SENDSEQ:
2270                *val = session->send_seq;
2271                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2272                       "%s: get send_seq=%d\n", session->name, *val);
2273                break;
2274
2275        case PPPOL2TP_SO_LNSMODE:
2276                *val = session->lns_mode;
2277                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2278                       "%s: get lns_mode=%d\n", session->name, *val);
2279                break;
2280
2281        case PPPOL2TP_SO_DEBUG:
2282                *val = session->debug;
2283                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2284                       "%s: get debug=%d\n", session->name, *val);
2285                break;
2286
2287        case PPPOL2TP_SO_REORDERTO:
2288                *val = (int) jiffies_to_msecs(session->reorder_timeout);
2289                PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2290                       "%s: get reorder_timeout=%d\n", session->name, *val);
2291                break;
2292
2293        default:
2294                err = -ENOPROTOOPT;
2295        }
2296
2297        return err;
2298}
2299
2300/* Main getsockopt() entry point.
2301 * Does API checks, then calls either the tunnel or session getsockopt
2302 * handler, according to whether the PPPoX socket is a for a regular session
2303 * or the special tunnel type.
2304 */
2305static int pppol2tp_getsockopt(struct socket *sock, int level,
2306                               int optname, char __user *optval, int __user *optlen)
2307{
2308        struct sock *sk = sock->sk;
2309        struct pppol2tp_session *session = sk->sk_user_data;
2310        struct pppol2tp_tunnel *tunnel;
2311        int val, len;
2312        int err;
2313
2314        if (level != SOL_PPPOL2TP)
2315                return udp_prot.getsockopt(sk, level, optname, optval, optlen);
2316
2317        if (get_user(len, (int __user *) optlen))
2318                return -EFAULT;
2319
2320        len = min_t(unsigned int, len, sizeof(int));
2321
2322        if (len < 0)
2323                return -EINVAL;
2324
2325        err = -ENOTCONN;
2326        if (sk->sk_user_data == NULL)
2327                goto end;
2328
2329        /* Get the session context */
2330        err = -EBADF;
2331        session = pppol2tp_sock_to_session(sk);
2332        if (session == NULL)
2333                goto end;
2334
2335        /* Special case: if session_id == 0x0000, treat as operation on tunnel */
2336        if ((session->tunnel_addr.s_session == 0) &&
2337            (session->tunnel_addr.d_session == 0)) {
2338                err = -EBADF;
2339                tunnel = pppol2tp_sock_to_tunnel(session->tunnel_sock);
2340                if (tunnel == NULL)
2341                        goto end_put_sess;
2342
2343                err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val);
2344                sock_put(session->tunnel_sock);
2345        } else
2346                err = pppol2tp_session_getsockopt(sk, session, optname, &val);
2347
2348        err = -EFAULT;
2349        if (put_user(len, (int __user *) optlen))
2350                goto end_put_sess;
2351
2352        if (copy_to_user((void __user *) optval, &val, len))
2353                goto end_put_sess;
2354
2355        err = 0;
2356
2357end_put_sess:
2358        sock_put(sk);
2359end:
2360        return err;
2361}
2362
2363/*****************************************************************************
2364 * /proc filesystem for debug
2365 *****************************************************************************/
2366
2367#ifdef CONFIG_PROC_FS
2368
2369#include <linux/seq_file.h>
2370
2371struct pppol2tp_seq_data {
2372        struct seq_net_private p;
2373        struct pppol2tp_tunnel *tunnel;         /* current tunnel */
2374        struct pppol2tp_session *session;       /* NULL means get first session in tunnel */
2375};
2376
2377static struct pppol2tp_session *next_session(struct pppol2tp_tunnel *tunnel, struct pppol2tp_session *curr)
2378{
2379        struct pppol2tp_session *session = NULL;
2380        struct hlist_node *walk;
2381        int found = 0;
2382        int next = 0;
2383        int i;
2384
2385        read_lock_bh(&tunnel->hlist_lock);
2386        for (i = 0; i < PPPOL2TP_HASH_SIZE; i++) {
2387                hlist_for_each_entry(session, walk, &tunnel->session_hlist[i], hlist) {
2388                        if (curr == NULL) {
2389                                found = 1;
2390                                goto out;
2391                        }
2392                        if (session == curr) {
2393                                next = 1;
2394                                continue;
2395                        }
2396                        if (next) {
2397                                found = 1;
2398                                goto out;
2399                        }
2400                }
2401        }
2402out:
2403        read_unlock_bh(&tunnel->hlist_lock);
2404        if (!found)
2405                session = NULL;
2406
2407        return session;
2408}
2409
2410static struct pppol2tp_tunnel *next_tunnel(struct pppol2tp_net *pn,
2411                                           struct pppol2tp_tunnel *curr)
2412{
2413        struct pppol2tp_tunnel *tunnel = NULL;
2414
2415        read_lock_bh(&pn->pppol2tp_tunnel_list_lock);
2416        if (list_is_last(&curr->list, &pn->pppol2tp_tunnel_list)) {
2417                goto out;
2418        }
2419        tunnel = list_entry(curr->list.next, struct pppol2tp_tunnel, list);
2420out:
2421        read_unlock_bh(&pn->pppol2tp_tunnel_list_lock);
2422
2423        return tunnel;
2424}
2425
2426static void *pppol2tp_seq_start(struct seq_file *m, loff_t *offs)
2427{
2428        struct pppol2tp_seq_data *pd = SEQ_START_TOKEN;
2429        struct pppol2tp_net *pn;
2430        loff_t pos = *offs;
2431
2432        if (!pos)
2433                goto out;
2434
2435        BUG_ON(m->private == NULL);
2436        pd = m->private;
2437        pn = pppol2tp_pernet(seq_file_net(m));
2438
2439        if (pd->tunnel == NULL) {
2440                if (!list_empty(&pn->pppol2tp_tunnel_list))
2441                        pd->tunnel = list_entry(pn->pppol2tp_tunnel_list.next, struct pppol2tp_tunnel, list);
2442        } else {
2443                pd->session = next_session(pd->tunnel, pd->session);
2444                if (pd->session == NULL) {
2445                        pd->tunnel = next_tunnel(pn, pd->tunnel);
2446                }
2447        }
2448
2449        /* NULL tunnel and session indicates end of list */
2450        if ((pd->tunnel == NULL) && (pd->session == NULL))
2451                pd = NULL;
2452
2453out:
2454        return pd;
2455}
2456
2457static void *pppol2tp_seq_next(struct seq_file *m, void *v, loff_t *pos)
2458{
2459        (*pos)++;
2460        return NULL;
2461}
2462
2463static void pppol2tp_seq_stop(struct seq_file *p, void *v)
2464{
2465        /* nothing to do */
2466}
2467
2468static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
2469{
2470        struct pppol2tp_tunnel *tunnel = v;
2471
2472        seq_printf(m, "\nTUNNEL '%s', %c %d\n",
2473                   tunnel->name,
2474                   (tunnel == tunnel->sock->sk_user_data) ? 'Y':'N',
2475                   atomic_read(&tunnel->ref_count) - 1);
2476        seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
2477                   tunnel->debug,
2478                   (unsigned long long)tunnel->stats.tx_packets,
2479                   (unsigned long long)tunnel->stats.tx_bytes,
2480                   (unsigned long long)tunnel->stats.tx_errors,
2481                   (unsigned long long)tunnel->stats.rx_packets,
2482                   (unsigned long long)tunnel->stats.rx_bytes,
2483                   (unsigned long long)tunnel->stats.rx_errors);
2484}
2485
2486static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2487{
2488        struct pppol2tp_session *session = v;
2489
2490        seq_printf(m, "  SESSION '%s' %08X/%d %04X/%04X -> "
2491                   "%04X/%04X %d %c\n",
2492                   session->name,
2493                   ntohl(session->tunnel_addr.addr.sin_addr.s_addr),
2494                   ntohs(session->tunnel_addr.addr.sin_port),
2495                   session->tunnel_addr.s_tunnel,
2496                   session->tunnel_addr.s_session,
2497                   session->tunnel_addr.d_tunnel,
2498                   session->tunnel_addr.d_session,
2499                   session->sock->sk_state,
2500                   (session == session->sock->sk_user_data) ?
2501                   'Y' : 'N');
2502        seq_printf(m, "   %d/%d/%c/%c/%s %08x %u\n",
2503                   session->mtu, session->mru,
2504                   session->recv_seq ? 'R' : '-',
2505                   session->send_seq ? 'S' : '-',
2506                   session->lns_mode ? "LNS" : "LAC",
2507                   session->debug,
2508                   jiffies_to_msecs(session->reorder_timeout));
2509        seq_printf(m, "   %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
2510                   session->nr, session->ns,
2511                   (unsigned long long)session->stats.tx_packets,
2512                   (unsigned long long)session->stats.tx_bytes,
2513                   (unsigned long long)session->stats.tx_errors,
2514                   (unsigned long long)session->stats.rx_packets,
2515                   (unsigned long long)session->stats.rx_bytes,
2516                   (unsigned long long)session->stats.rx_errors);
2517}
2518
2519static int pppol2tp_seq_show(struct seq_file *m, void *v)
2520{
2521        struct pppol2tp_seq_data *pd = v;
2522
2523        /* display header on line 1 */
2524        if (v == SEQ_START_TOKEN) {
2525                seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
2526                seq_puts(m, "TUNNEL name, user-data-ok session-count\n");
2527                seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2528                seq_puts(m, "  SESSION name, addr/port src-tid/sid "
2529                         "dest-tid/sid state user-data-ok\n");
2530                seq_puts(m, "   mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
2531                seq_puts(m, "   nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2532                goto out;
2533        }
2534
2535        /* Show the tunnel or session context.
2536         */
2537        if (pd->session == NULL)
2538                pppol2tp_seq_tunnel_show(m, pd->tunnel);
2539        else
2540                pppol2tp_seq_session_show(m, pd->session);
2541
2542out:
2543        return 0;
2544}
2545
2546static const struct seq_operations pppol2tp_seq_ops = {
2547        .start          = pppol2tp_seq_start,
2548        .next           = pppol2tp_seq_next,
2549        .stop           = pppol2tp_seq_stop,
2550        .show           = pppol2tp_seq_show,
2551};
2552
2553/* Called when our /proc file is opened. We allocate data for use when
2554 * iterating our tunnel / session contexts and store it in the private
2555 * data of the seq_file.
2556 */
2557static int pppol2tp_proc_open(struct inode *inode, struct file *file)
2558{
2559        return seq_open_net(inode, file, &pppol2tp_seq_ops,
2560                            sizeof(struct pppol2tp_seq_data));
2561}
2562
2563static const struct file_operations pppol2tp_proc_fops = {
2564        .owner          = THIS_MODULE,
2565        .open           = pppol2tp_proc_open,
2566        .read           = seq_read,
2567        .llseek         = seq_lseek,
2568        .release        = seq_release_net,
2569};
2570
2571#endif /* CONFIG_PROC_FS */
2572
2573/*****************************************************************************
2574 * Init and cleanup
2575 *****************************************************************************/
2576
2577static const struct proto_ops pppol2tp_ops = {
2578        .family         = AF_PPPOX,
2579        .owner          = THIS_MODULE,
2580        .release        = pppol2tp_release,
2581        .bind           = sock_no_bind,
2582        .connect        = pppol2tp_connect,
2583        .socketpair     = sock_no_socketpair,
2584        .accept         = sock_no_accept,
2585        .getname        = pppol2tp_getname,
2586        .poll           = datagram_poll,
2587        .listen         = sock_no_listen,
2588        .shutdown       = sock_no_shutdown,
2589        .setsockopt     = pppol2tp_setsockopt,
2590        .getsockopt     = pppol2tp_getsockopt,
2591        .sendmsg        = pppol2tp_sendmsg,
2592        .recvmsg        = pppol2tp_recvmsg,
2593        .mmap           = sock_no_mmap,
2594        .ioctl          = pppox_ioctl,
2595};
2596
2597static struct pppox_proto pppol2tp_proto = {
2598        .create         = pppol2tp_create,
2599        .ioctl          = pppol2tp_ioctl
2600};
2601
2602static __net_init int pppol2tp_init_net(struct net *net)
2603{
2604        struct pppol2tp_net *pn;
2605        struct proc_dir_entry *pde;
2606        int err;
2607
2608        pn = kzalloc(sizeof(*pn), GFP_KERNEL);
2609        if (!pn)
2610                return -ENOMEM;
2611
2612        INIT_LIST_HEAD(&pn->pppol2tp_tunnel_list);
2613        rwlock_init(&pn->pppol2tp_tunnel_list_lock);
2614
2615        err = net_assign_generic(net, pppol2tp_net_id, pn);
2616        if (err)
2617                goto out;
2618
2619        pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops);
2620#ifdef CONFIG_PROC_FS
2621        if (!pde) {
2622                err = -ENOMEM;
2623                goto out;
2624        }
2625#endif
2626
2627        return 0;
2628
2629out:
2630        kfree(pn);
2631        return err;
2632}
2633
2634static __net_exit void pppol2tp_exit_net(struct net *net)
2635{
2636        struct pppoe_net *pn;
2637
2638        proc_net_remove(net, "pppol2tp");
2639        pn = net_generic(net, pppol2tp_net_id);
2640        /*
2641         * if someone has cached our net then
2642         * further net_generic call will return NULL
2643         */
2644        net_assign_generic(net, pppol2tp_net_id, NULL);
2645        kfree(pn);
2646}
2647
2648static struct pernet_operations pppol2tp_net_ops = {
2649        .init = pppol2tp_init_net,
2650        .exit = pppol2tp_exit_net,
2651};
2652
2653static int __init pppol2tp_init(void)
2654{
2655        int err;
2656
2657        err = proto_register(&pppol2tp_sk_proto, 0);
2658        if (err)
2659                goto out;
2660        err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
2661        if (err)
2662                goto out_unregister_pppol2tp_proto;
2663
2664        err = register_pernet_gen_device(&pppol2tp_net_id, &pppol2tp_net_ops);
2665        if (err)
2666                goto out_unregister_pppox_proto;
2667
2668        printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
2669               PPPOL2TP_DRV_VERSION);
2670
2671out:
2672        return err;
2673out_unregister_pppox_proto:
2674        unregister_pppox_proto(PX_PROTO_OL2TP);
2675out_unregister_pppol2tp_proto:
2676        proto_unregister(&pppol2tp_sk_proto);
2677        goto out;
2678}
2679
2680static void __exit pppol2tp_exit(void)
2681{
2682        unregister_pppox_proto(PX_PROTO_OL2TP);
2683        unregister_pernet_gen_device(pppol2tp_net_id, &pppol2tp_net_ops);
2684        proto_unregister(&pppol2tp_sk_proto);
2685}
2686
2687module_init(pppol2tp_init);
2688module_exit(pppol2tp_exit);
2689
2690MODULE_AUTHOR("Martijn van Oosterhout <kleptog@svana.org>, "
2691              "James Chapman <jchapman@katalix.com>");
2692MODULE_DESCRIPTION("PPP over L2TP over UDP");
2693MODULE_LICENSE("GPL");
2694MODULE_VERSION(PPPOL2TP_DRV_VERSION);
2695
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.