1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
22
23#include <linux/module.h>
24#include <linux/string.h>
25#include <linux/list.h>
26#include <linux/rculist.h>
27#include <linux/uaccess.h>
28
29#include <linux/kernel.h>
30#include <linux/spinlock.h>
31#include <linux/kthread.h>
32#include <linux/sched.h>
33#include <linux/slab.h>
34#include <linux/errno.h>
35#include <linux/jiffies.h>
36
37#include <linux/netdevice.h>
38#include <linux/net.h>
39#include <linux/inetdevice.h>
40#include <linux/skbuff.h>
41#include <linux/init.h>
42#include <linux/in.h>
43#include <linux/ip.h>
44#include <linux/udp.h>
45#include <linux/l2tp.h>
46#include <linux/hash.h>
47#include <linux/sort.h>
48#include <linux/file.h>
49#include <linux/nsproxy.h>
50#include <net/net_namespace.h>
51#include <net/netns/generic.h>
52#include <net/dst.h>
53#include <net/ip.h>
54#include <net/udp.h>
55#include <net/udp_tunnel.h>
56#include <net/inet_common.h>
57#include <net/xfrm.h>
58#include <net/protocol.h>
59#include <net/inet6_connection_sock.h>
60#include <net/inet_ecn.h>
61#include <net/ip6_route.h>
62#include <net/ip6_checksum.h>
63
64#include <asm/byteorder.h>
65#include <linux/atomic.h>
66
67#include "l2tp_core.h"
68
69#define L2TP_DRV_VERSION "V2.0"
70
71
72#define L2TP_HDRFLAG_T 0x8000
73#define L2TP_HDRFLAG_L 0x4000
74#define L2TP_HDRFLAG_S 0x0800
75#define L2TP_HDRFLAG_O 0x0200
76#define L2TP_HDRFLAG_P 0x0100
77
78#define L2TP_HDR_VER_MASK 0x000F
79#define L2TP_HDR_VER_2 0x0002
80#define L2TP_HDR_VER_3 0x0003
81
82
83#define L2TP_SLFLAG_S 0x40000000
84#define L2TP_SL_SEQ_MASK 0x00ffffff
85
86#define L2TP_HDR_SIZE_SEQ 10
87#define L2TP_HDR_SIZE_NOSEQ 6
88
89
90#define L2TP_DEFAULT_DEBUG_FLAGS 0
91
92
93
94struct l2tp_skb_cb {
95 u32 ns;
96 u16 has_seq;
97 u16 length;
98 unsigned long expires;
99};
100
101#define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
102
103static struct workqueue_struct *l2tp_wq;
104
105
106static unsigned int l2tp_net_id;
107struct l2tp_net {
108 struct list_head l2tp_tunnel_list;
109 spinlock_t l2tp_tunnel_list_lock;
110 struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
111 spinlock_t l2tp_session_hlist_lock;
112};
113
114#if IS_ENABLED(CONFIG_IPV6)
115static bool l2tp_sk_is_v6(struct sock *sk)
116{
117 return sk->sk_family == PF_INET6 &&
118 !ipv6_addr_v4mapped(&sk->sk_v6_daddr);
119}
120#endif
121
122static inline struct l2tp_tunnel *l2tp_tunnel(struct sock *sk)
123{
124 return sk->sk_user_data;
125}
126
127static inline struct l2tp_net *l2tp_pernet(const struct net *net)
128{
129 BUG_ON(!net);
130
131 return net_generic(net, l2tp_net_id);
132}
133
134
135
136
137
138
139static inline struct hlist_head *
140l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
141{
142 return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
143
144}
145
146
147
148
149
150
151
152static inline struct hlist_head *
153l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
154{
155 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
156}
157
158void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
159{
160 sock_put(tunnel->sock);
161
162}
163EXPORT_SYMBOL(l2tp_tunnel_free);
164
165
166struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id)
167{
168 const struct l2tp_net *pn = l2tp_pernet(net);
169 struct l2tp_tunnel *tunnel;
170
171 rcu_read_lock_bh();
172 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
173 if (tunnel->tunnel_id == tunnel_id) {
174 l2tp_tunnel_inc_refcount(tunnel);
175 rcu_read_unlock_bh();
176
177 return tunnel;
178 }
179 }
180 rcu_read_unlock_bh();
181
182 return NULL;
183}
184EXPORT_SYMBOL_GPL(l2tp_tunnel_get);
185
186struct l2tp_tunnel *l2tp_tunnel_get_nth(const struct net *net, int nth)
187{
188 const struct l2tp_net *pn = l2tp_pernet(net);
189 struct l2tp_tunnel *tunnel;
190 int count = 0;
191
192 rcu_read_lock_bh();
193 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
194 if (++count > nth) {
195 l2tp_tunnel_inc_refcount(tunnel);
196 rcu_read_unlock_bh();
197 return tunnel;
198 }
199 }
200 rcu_read_unlock_bh();
201
202 return NULL;
203}
204EXPORT_SYMBOL_GPL(l2tp_tunnel_get_nth);
205
206
207struct l2tp_session *l2tp_session_get(const struct net *net,
208 struct l2tp_tunnel *tunnel,
209 u32 session_id)
210{
211 struct hlist_head *session_list;
212 struct l2tp_session *session;
213
214 if (!tunnel) {
215 struct l2tp_net *pn = l2tp_pernet(net);
216
217 session_list = l2tp_session_id_hash_2(pn, session_id);
218
219 rcu_read_lock_bh();
220 hlist_for_each_entry_rcu(session, session_list, global_hlist) {
221 if (session->session_id == session_id) {
222 l2tp_session_inc_refcount(session);
223 rcu_read_unlock_bh();
224
225 return session;
226 }
227 }
228 rcu_read_unlock_bh();
229
230 return NULL;
231 }
232
233 session_list = l2tp_session_id_hash(tunnel, session_id);
234 read_lock_bh(&tunnel->hlist_lock);
235 hlist_for_each_entry(session, session_list, hlist) {
236 if (session->session_id == session_id) {
237 l2tp_session_inc_refcount(session);
238 read_unlock_bh(&tunnel->hlist_lock);
239
240 return session;
241 }
242 }
243 read_unlock_bh(&tunnel->hlist_lock);
244
245 return NULL;
246}
247EXPORT_SYMBOL_GPL(l2tp_session_get);
248
249struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth)
250{
251 int hash;
252 struct l2tp_session *session;
253 int count = 0;
254
255 read_lock_bh(&tunnel->hlist_lock);
256 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
257 hlist_for_each_entry(session, &tunnel->session_hlist[hash], hlist) {
258 if (++count > nth) {
259 l2tp_session_inc_refcount(session);
260 read_unlock_bh(&tunnel->hlist_lock);
261 return session;
262 }
263 }
264 }
265
266 read_unlock_bh(&tunnel->hlist_lock);
267
268 return NULL;
269}
270EXPORT_SYMBOL_GPL(l2tp_session_get_nth);
271
272
273
274
275struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net,
276 const char *ifname)
277{
278 struct l2tp_net *pn = l2tp_pernet(net);
279 int hash;
280 struct l2tp_session *session;
281
282 rcu_read_lock_bh();
283 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
284 hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) {
285 if (!strcmp(session->ifname, ifname)) {
286 l2tp_session_inc_refcount(session);
287 rcu_read_unlock_bh();
288
289 return session;
290 }
291 }
292 }
293
294 rcu_read_unlock_bh();
295
296 return NULL;
297}
298EXPORT_SYMBOL_GPL(l2tp_session_get_by_ifname);
299
300int l2tp_session_register(struct l2tp_session *session,
301 struct l2tp_tunnel *tunnel)
302{
303 struct l2tp_session *session_walk;
304 struct hlist_head *g_head;
305 struct hlist_head *head;
306 struct l2tp_net *pn;
307 int err;
308
309 head = l2tp_session_id_hash(tunnel, session->session_id);
310
311 write_lock_bh(&tunnel->hlist_lock);
312 if (!tunnel->acpt_newsess) {
313 err = -ENODEV;
314 goto err_tlock;
315 }
316
317 hlist_for_each_entry(session_walk, head, hlist)
318 if (session_walk->session_id == session->session_id) {
319 err = -EEXIST;
320 goto err_tlock;
321 }
322
323 if (tunnel->version == L2TP_HDR_VER_3) {
324 pn = l2tp_pernet(tunnel->l2tp_net);
325 g_head = l2tp_session_id_hash_2(l2tp_pernet(tunnel->l2tp_net),
326 session->session_id);
327
328 spin_lock_bh(&pn->l2tp_session_hlist_lock);
329
330 hlist_for_each_entry(session_walk, g_head, global_hlist)
331 if (session_walk->session_id == session->session_id) {
332 err = -EEXIST;
333 goto err_tlock_pnlock;
334 }
335
336 l2tp_tunnel_inc_refcount(tunnel);
337 hlist_add_head_rcu(&session->global_hlist, g_head);
338
339 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
340 } else {
341 l2tp_tunnel_inc_refcount(tunnel);
342 }
343
344 hlist_add_head(&session->hlist, head);
345 write_unlock_bh(&tunnel->hlist_lock);
346
347 return 0;
348
349err_tlock_pnlock:
350 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
351err_tlock:
352 write_unlock_bh(&tunnel->hlist_lock);
353
354 return err;
355}
356EXPORT_SYMBOL_GPL(l2tp_session_register);
357
358
359
360
361
362
363
364
365static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
366{
367 struct sk_buff *skbp;
368 struct sk_buff *tmp;
369 u32 ns = L2TP_SKB_CB(skb)->ns;
370
371 spin_lock_bh(&session->reorder_q.lock);
372 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
373 if (L2TP_SKB_CB(skbp)->ns > ns) {
374 __skb_queue_before(&session->reorder_q, skbp, skb);
375 l2tp_dbg(session, L2TP_MSG_SEQ,
376 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
377 session->name, ns, L2TP_SKB_CB(skbp)->ns,
378 skb_queue_len(&session->reorder_q));
379 atomic_long_inc(&session->stats.rx_oos_packets);
380 goto out;
381 }
382 }
383
384 __skb_queue_tail(&session->reorder_q, skb);
385
386out:
387 spin_unlock_bh(&session->reorder_q.lock);
388}
389
390
391
392static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
393{
394 struct l2tp_tunnel *tunnel = session->tunnel;
395 int length = L2TP_SKB_CB(skb)->length;
396
397
398
399
400 skb_orphan(skb);
401
402 atomic_long_inc(&tunnel->stats.rx_packets);
403 atomic_long_add(length, &tunnel->stats.rx_bytes);
404 atomic_long_inc(&session->stats.rx_packets);
405 atomic_long_add(length, &session->stats.rx_bytes);
406
407 if (L2TP_SKB_CB(skb)->has_seq) {
408
409 session->nr++;
410 session->nr &= session->nr_max;
411
412 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated nr to %hu\n",
413 session->name, session->nr);
414 }
415
416
417 if (session->recv_skb != NULL)
418 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
419 else
420 kfree_skb(skb);
421}
422
423
424
425
426static void l2tp_recv_dequeue(struct l2tp_session *session)
427{
428 struct sk_buff *skb;
429 struct sk_buff *tmp;
430
431
432
433
434
435start:
436 spin_lock_bh(&session->reorder_q.lock);
437 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
438 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
439 atomic_long_inc(&session->stats.rx_seq_discards);
440 atomic_long_inc(&session->stats.rx_errors);
441 l2tp_dbg(session, L2TP_MSG_SEQ,
442 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n",
443 session->name, L2TP_SKB_CB(skb)->ns,
444 L2TP_SKB_CB(skb)->length, session->nr,
445 skb_queue_len(&session->reorder_q));
446 session->reorder_skip = 1;
447 __skb_unlink(skb, &session->reorder_q);
448 kfree_skb(skb);
449 continue;
450 }
451
452 if (L2TP_SKB_CB(skb)->has_seq) {
453 if (session->reorder_skip) {
454 l2tp_dbg(session, L2TP_MSG_SEQ,
455 "%s: advancing nr to next pkt: %u -> %u",
456 session->name, session->nr,
457 L2TP_SKB_CB(skb)->ns);
458 session->reorder_skip = 0;
459 session->nr = L2TP_SKB_CB(skb)->ns;
460 }
461 if (L2TP_SKB_CB(skb)->ns != session->nr) {
462 l2tp_dbg(session, L2TP_MSG_SEQ,
463 "%s: holding oos pkt %u len %d, waiting for %u, reorder_q_len=%d\n",
464 session->name, L2TP_SKB_CB(skb)->ns,
465 L2TP_SKB_CB(skb)->length, session->nr,
466 skb_queue_len(&session->reorder_q));
467 goto out;
468 }
469 }
470 __skb_unlink(skb, &session->reorder_q);
471
472
473
474
475 spin_unlock_bh(&session->reorder_q.lock);
476 l2tp_recv_dequeue_skb(session, skb);
477 goto start;
478 }
479
480out:
481 spin_unlock_bh(&session->reorder_q.lock);
482}
483
484static int l2tp_seq_check_rx_window(struct l2tp_session *session, u32 nr)
485{
486 u32 nws;
487
488 if (nr >= session->nr)
489 nws = nr - session->nr;
490 else
491 nws = (session->nr_max + 1) - (session->nr - nr);
492
493 return nws < session->nr_window_size;
494}
495
496
497
498
499static int l2tp_recv_data_seq(struct l2tp_session *session, struct sk_buff *skb)
500{
501 if (!l2tp_seq_check_rx_window(session, L2TP_SKB_CB(skb)->ns)) {
502
503
504
505 l2tp_dbg(session, L2TP_MSG_SEQ,
506 "%s: pkt %u len %d discarded, outside window, nr=%u\n",
507 session->name, L2TP_SKB_CB(skb)->ns,
508 L2TP_SKB_CB(skb)->length, session->nr);
509 goto discard;
510 }
511
512 if (session->reorder_timeout != 0) {
513
514
515
516 l2tp_recv_queue_skb(session, skb);
517 goto out;
518 }
519
520
521
522
523
524
525 if (L2TP_SKB_CB(skb)->ns == session->nr) {
526 skb_queue_tail(&session->reorder_q, skb);
527 } else {
528 u32 nr_oos = L2TP_SKB_CB(skb)->ns;
529 u32 nr_next = (session->nr_oos + 1) & session->nr_max;
530
531 if (nr_oos == nr_next)
532 session->nr_oos_count++;
533 else
534 session->nr_oos_count = 0;
535
536 session->nr_oos = nr_oos;
537 if (session->nr_oos_count > session->nr_oos_count_max) {
538 session->reorder_skip = 1;
539 l2tp_dbg(session, L2TP_MSG_SEQ,
540 "%s: %d oos packets received. Resetting sequence numbers\n",
541 session->name, session->nr_oos_count);
542 }
543 if (!session->reorder_skip) {
544 atomic_long_inc(&session->stats.rx_seq_discards);
545 l2tp_dbg(session, L2TP_MSG_SEQ,
546 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n",
547 session->name, L2TP_SKB_CB(skb)->ns,
548 L2TP_SKB_CB(skb)->length, session->nr,
549 skb_queue_len(&session->reorder_q));
550 goto discard;
551 }
552 skb_queue_tail(&session->reorder_q, skb);
553 }
554
555out:
556 return 0;
557
558discard:
559 return 1;
560}
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
622 unsigned char *ptr, unsigned char *optr, u16 hdrflags,
623 int length, int (*payload_hook)(struct sk_buff *skb))
624{
625 struct l2tp_tunnel *tunnel = session->tunnel;
626 int offset;
627 u32 ns, nr;
628
629
630 if (session->peer_cookie_len > 0) {
631 if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
632 l2tp_info(tunnel, L2TP_MSG_DATA,
633 "%s: cookie mismatch (%u/%u). Discarding.\n",
634 tunnel->name, tunnel->tunnel_id,
635 session->session_id);
636 atomic_long_inc(&session->stats.rx_cookie_discards);
637 goto discard;
638 }
639 ptr += session->peer_cookie_len;
640 }
641
642
643
644
645
646
647
648
649 ns = nr = 0;
650 L2TP_SKB_CB(skb)->has_seq = 0;
651 if (tunnel->version == L2TP_HDR_VER_2) {
652 if (hdrflags & L2TP_HDRFLAG_S) {
653 ns = ntohs(*(__be16 *) ptr);
654 ptr += 2;
655 nr = ntohs(*(__be16 *) ptr);
656 ptr += 2;
657
658
659 L2TP_SKB_CB(skb)->ns = ns;
660 L2TP_SKB_CB(skb)->has_seq = 1;
661
662 l2tp_dbg(session, L2TP_MSG_SEQ,
663 "%s: recv data ns=%u, nr=%u, session nr=%u\n",
664 session->name, ns, nr, session->nr);
665 }
666 } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
667 u32 l2h = ntohl(*(__be32 *) ptr);
668
669 if (l2h & 0x40000000) {
670 ns = l2h & 0x00ffffff;
671
672
673 L2TP_SKB_CB(skb)->ns = ns;
674 L2TP_SKB_CB(skb)->has_seq = 1;
675
676 l2tp_dbg(session, L2TP_MSG_SEQ,
677 "%s: recv data ns=%u, session nr=%u\n",
678 session->name, ns, session->nr);
679 }
680 ptr += 4;
681 }
682
683 if (L2TP_SKB_CB(skb)->has_seq) {
684
685
686
687
688 if ((!session->lns_mode) && (!session->send_seq)) {
689 l2tp_info(session, L2TP_MSG_SEQ,
690 "%s: requested to enable seq numbers by LNS\n",
691 session->name);
692 session->send_seq = 1;
693 l2tp_session_set_header_len(session, tunnel->version);
694 }
695 } else {
696
697
698
699 if (session->recv_seq) {
700 l2tp_warn(session, L2TP_MSG_SEQ,
701 "%s: recv data has no seq numbers when required. Discarding.\n",
702 session->name);
703 atomic_long_inc(&session->stats.rx_seq_discards);
704 goto discard;
705 }
706
707
708
709
710
711
712 if ((!session->lns_mode) && (session->send_seq)) {
713 l2tp_info(session, L2TP_MSG_SEQ,
714 "%s: requested to disable seq numbers by LNS\n",
715 session->name);
716 session->send_seq = 0;
717 l2tp_session_set_header_len(session, tunnel->version);
718 } else if (session->send_seq) {
719 l2tp_warn(session, L2TP_MSG_SEQ,
720 "%s: recv data has no seq numbers when required. Discarding.\n",
721 session->name);
722 atomic_long_inc(&session->stats.rx_seq_discards);
723 goto discard;
724 }
725 }
726
727
728
729
730 if (tunnel->version == L2TP_HDR_VER_2) {
731
732 if (hdrflags & L2TP_HDRFLAG_O) {
733 offset = ntohs(*(__be16 *)ptr);
734 ptr += 2 + offset;
735 }
736 }
737
738 offset = ptr - optr;
739 if (!pskb_may_pull(skb, offset))
740 goto discard;
741
742 __skb_pull(skb, offset);
743
744
745
746
747 if (payload_hook)
748 if ((*payload_hook)(skb))
749 goto discard;
750
751
752
753
754
755 L2TP_SKB_CB(skb)->length = length;
756 L2TP_SKB_CB(skb)->expires = jiffies +
757 (session->reorder_timeout ? session->reorder_timeout : HZ);
758
759
760
761
762 if (L2TP_SKB_CB(skb)->has_seq) {
763 if (l2tp_recv_data_seq(session, skb))
764 goto discard;
765 } else {
766
767
768
769
770 skb_queue_tail(&session->reorder_q, skb);
771 }
772
773
774 l2tp_recv_dequeue(session);
775
776 return;
777
778discard:
779 atomic_long_inc(&session->stats.rx_errors);
780 kfree_skb(skb);
781}
782EXPORT_SYMBOL(l2tp_recv_common);
783
784
785
786int l2tp_session_queue_purge(struct l2tp_session *session)
787{
788 struct sk_buff *skb = NULL;
789 BUG_ON(!session);
790 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
791 while ((skb = skb_dequeue(&session->reorder_q))) {
792 atomic_long_inc(&session->stats.rx_errors);
793 kfree_skb(skb);
794 }
795 return 0;
796}
797EXPORT_SYMBOL_GPL(l2tp_session_queue_purge);
798
799
800
801
802
803
804
805static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
806 int (*payload_hook)(struct sk_buff *skb))
807{
808 struct l2tp_session *session = NULL;
809 unsigned char *ptr, *optr;
810 u16 hdrflags;
811 u32 tunnel_id, session_id;
812 u16 version;
813 int length;
814
815
816
817
818 __skb_pull(skb, sizeof(struct udphdr));
819
820
821 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) {
822 l2tp_info(tunnel, L2TP_MSG_DATA,
823 "%s: recv short packet (len=%d)\n",
824 tunnel->name, skb->len);
825 goto error;
826 }
827
828
829 if (tunnel->debug & L2TP_MSG_DATA) {
830 length = min(32u, skb->len);
831 if (!pskb_may_pull(skb, length))
832 goto error;
833
834 pr_debug("%s: recv\n", tunnel->name);
835 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length);
836 }
837
838
839 optr = ptr = skb->data;
840
841
842 hdrflags = ntohs(*(__be16 *) ptr);
843
844
845 version = hdrflags & L2TP_HDR_VER_MASK;
846 if (version != tunnel->version) {
847 l2tp_info(tunnel, L2TP_MSG_DATA,
848 "%s: recv protocol version mismatch: got %d expected %d\n",
849 tunnel->name, version, tunnel->version);
850 goto error;
851 }
852
853
854 length = skb->len;
855
856
857 if (hdrflags & L2TP_HDRFLAG_T) {
858 l2tp_dbg(tunnel, L2TP_MSG_DATA,
859 "%s: recv control packet, len=%d\n",
860 tunnel->name, length);
861 goto error;
862 }
863
864
865 ptr += 2;
866
867 if (tunnel->version == L2TP_HDR_VER_2) {
868
869 if (hdrflags & L2TP_HDRFLAG_L)
870 ptr += 2;
871
872
873 tunnel_id = ntohs(*(__be16 *) ptr);
874 ptr += 2;
875 session_id = ntohs(*(__be16 *) ptr);
876 ptr += 2;
877 } else {
878 ptr += 2;
879 tunnel_id = tunnel->tunnel_id;
880 session_id = ntohl(*(__be32 *) ptr);
881 ptr += 4;
882 }
883
884
885 session = l2tp_session_get(tunnel->l2tp_net, tunnel, session_id);
886 if (!session || !session->recv_skb) {
887 if (session)
888 l2tp_session_dec_refcount(session);
889
890
891 l2tp_info(tunnel, L2TP_MSG_DATA,
892 "%s: no session found (%u/%u). Passing up.\n",
893 tunnel->name, tunnel_id, session_id);
894 goto error;
895 }
896
897 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook);
898 l2tp_session_dec_refcount(session);
899
900 return 0;
901
902error:
903
904 __skb_push(skb, sizeof(struct udphdr));
905
906 return 1;
907}
908
909
910
911
912
913
914
915int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
916{
917 struct l2tp_tunnel *tunnel;
918
919 tunnel = l2tp_tunnel(sk);
920 if (tunnel == NULL)
921 goto pass_up;
922
923 l2tp_dbg(tunnel, L2TP_MSG_DATA, "%s: received %d bytes\n",
924 tunnel->name, skb->len);
925
926 if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook))
927 goto pass_up;
928
929 return 0;
930
931pass_up:
932 return 1;
933}
934EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
935
936
937
938
939
940
941
942static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf)
943{
944 struct l2tp_tunnel *tunnel = session->tunnel;
945 __be16 *bufp = buf;
946 __be16 *optr = buf;
947 u16 flags = L2TP_HDR_VER_2;
948 u32 tunnel_id = tunnel->peer_tunnel_id;
949 u32 session_id = session->peer_session_id;
950
951 if (session->send_seq)
952 flags |= L2TP_HDRFLAG_S;
953
954
955 *bufp++ = htons(flags);
956 *bufp++ = htons(tunnel_id);
957 *bufp++ = htons(session_id);
958 if (session->send_seq) {
959 *bufp++ = htons(session->ns);
960 *bufp++ = 0;
961 session->ns++;
962 session->ns &= 0xffff;
963 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated ns to %u\n",
964 session->name, session->ns);
965 }
966
967 return bufp - optr;
968}
969
970static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf)
971{
972 struct l2tp_tunnel *tunnel = session->tunnel;
973 char *bufp = buf;
974 char *optr = bufp;
975
976
977
978
979 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
980 u16 flags = L2TP_HDR_VER_3;
981 *((__be16 *) bufp) = htons(flags);
982 bufp += 2;
983 *((__be16 *) bufp) = 0;
984 bufp += 2;
985 }
986
987 *((__be32 *) bufp) = htonl(session->peer_session_id);
988 bufp += 4;
989 if (session->cookie_len) {
990 memcpy(bufp, &session->cookie[0], session->cookie_len);
991 bufp += session->cookie_len;
992 }
993 if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
994 u32 l2h = 0;
995
996 if (session->send_seq) {
997 l2h = 0x40000000 | session->ns;
998 session->ns++;
999 session->ns &= 0xffffff;
1000 l2tp_dbg(session, L2TP_MSG_SEQ,
1001 "%s: updated ns to %u\n",
1002 session->name, session->ns);
1003 }
1004
1005 *((__be32 *)bufp) = htonl(l2h);
1006 bufp += 4;
1007 }
1008
1009 return bufp - optr;
1010}
1011
1012static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1013 struct flowi *fl, size_t data_len)
1014{
1015 struct l2tp_tunnel *tunnel = session->tunnel;
1016 unsigned int len = skb->len;
1017 int error;
1018
1019
1020 if (session->send_seq)
1021 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %zd bytes, ns=%u\n",
1022 session->name, data_len, session->ns - 1);
1023 else
1024 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %zd bytes\n",
1025 session->name, data_len);
1026
1027 if (session->debug & L2TP_MSG_DATA) {
1028 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1029 unsigned char *datap = skb->data + uhlen;
1030
1031 pr_debug("%s: xmit\n", session->name);
1032 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET,
1033 datap, min_t(size_t, 32, len - uhlen));
1034 }
1035
1036
1037 skb->ignore_df = 1;
1038#if IS_ENABLED(CONFIG_IPV6)
1039 if (l2tp_sk_is_v6(tunnel->sock))
1040 error = inet6_csk_xmit(tunnel->sock, skb, NULL);
1041 else
1042#endif
1043 error = ip_queue_xmit(tunnel->sock, skb, fl);
1044
1045
1046 if (error >= 0) {
1047 atomic_long_inc(&tunnel->stats.tx_packets);
1048 atomic_long_add(len, &tunnel->stats.tx_bytes);
1049 atomic_long_inc(&session->stats.tx_packets);
1050 atomic_long_add(len, &session->stats.tx_bytes);
1051 } else {
1052 atomic_long_inc(&tunnel->stats.tx_errors);
1053 atomic_long_inc(&session->stats.tx_errors);
1054 }
1055
1056 return 0;
1057}
1058
1059
1060
1061
1062int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
1063{
1064 int data_len = skb->len;
1065 struct l2tp_tunnel *tunnel = session->tunnel;
1066 struct sock *sk = tunnel->sock;
1067 struct flowi *fl;
1068 struct udphdr *uh;
1069 struct inet_sock *inet;
1070 int headroom;
1071 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1072 int udp_len;
1073 int ret = NET_XMIT_SUCCESS;
1074
1075
1076
1077
1078
1079 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1080 uhlen + hdr_len;
1081 if (skb_cow_head(skb, headroom)) {
1082 kfree_skb(skb);
1083 return NET_XMIT_DROP;
1084 }
1085
1086
1087 session->build_header(session, __skb_push(skb, hdr_len));
1088
1089
1090 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1091 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1092 IPSKB_REROUTED);
1093 nf_reset(skb);
1094
1095 bh_lock_sock(sk);
1096 if (sock_owned_by_user(sk)) {
1097 kfree_skb(skb);
1098 ret = NET_XMIT_DROP;
1099 goto out_unlock;
1100 }
1101
1102
1103
1104
1105 if (tunnel->fd >= 0 && sk->sk_state != TCP_ESTABLISHED) {
1106 kfree_skb(skb);
1107 ret = NET_XMIT_DROP;
1108 goto out_unlock;
1109 }
1110
1111
1112 skb_dst_drop(skb);
1113 skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
1114
1115 inet = inet_sk(sk);
1116 fl = &inet->cork.fl;
1117 switch (tunnel->encap) {
1118 case L2TP_ENCAPTYPE_UDP:
1119
1120 __skb_push(skb, sizeof(*uh));
1121 skb_reset_transport_header(skb);
1122 uh = udp_hdr(skb);
1123 uh->source = inet->inet_sport;
1124 uh->dest = inet->inet_dport;
1125 udp_len = uhlen + hdr_len + data_len;
1126 uh->len = htons(udp_len);
1127
1128
1129#if IS_ENABLED(CONFIG_IPV6)
1130 if (l2tp_sk_is_v6(sk))
1131 udp6_set_csum(udp_get_no_check6_tx(sk),
1132 skb, &inet6_sk(sk)->saddr,
1133 &sk->sk_v6_daddr, udp_len);
1134 else
1135#endif
1136 udp_set_csum(sk->sk_no_check_tx, skb, inet->inet_saddr,
1137 inet->inet_daddr, udp_len);
1138 break;
1139
1140 case L2TP_ENCAPTYPE_IP:
1141 break;
1142 }
1143
1144 l2tp_xmit_core(session, skb, fl, data_len);
1145out_unlock:
1146 bh_unlock_sock(sk);
1147
1148 return ret;
1149}
1150EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160static void l2tp_tunnel_destruct(struct sock *sk)
1161{
1162 struct l2tp_tunnel *tunnel = l2tp_tunnel(sk);
1163
1164 if (tunnel == NULL)
1165 goto end;
1166
1167 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name);
1168
1169
1170 switch (tunnel->encap) {
1171 case L2TP_ENCAPTYPE_UDP:
1172
1173 (udp_sk(sk))->encap_type = 0;
1174 (udp_sk(sk))->encap_rcv = NULL;
1175 (udp_sk(sk))->encap_destroy = NULL;
1176 break;
1177 case L2TP_ENCAPTYPE_IP:
1178 break;
1179 }
1180
1181
1182 sk->sk_destruct = tunnel->old_sk_destruct;
1183 sk->sk_user_data = NULL;
1184
1185
1186 if (sk->sk_destruct)
1187 (*sk->sk_destruct)(sk);
1188
1189 kfree_rcu(tunnel, rcu);
1190end:
1191 return;
1192}
1193
1194
1195
1196void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1197{
1198 int hash;
1199 struct hlist_node *walk;
1200 struct hlist_node *tmp;
1201 struct l2tp_session *session;
1202
1203 BUG_ON(tunnel == NULL);
1204
1205 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing all sessions...\n",
1206 tunnel->name);
1207
1208 write_lock_bh(&tunnel->hlist_lock);
1209 tunnel->acpt_newsess = false;
1210 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1211again:
1212 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1213 session = hlist_entry(walk, struct l2tp_session, hlist);
1214
1215 l2tp_info(session, L2TP_MSG_CONTROL,
1216 "%s: closing session\n", session->name);
1217
1218 hlist_del_init(&session->hlist);
1219
1220 if (test_and_set_bit(0, &session->dead))
1221 goto again;
1222
1223 write_unlock_bh(&tunnel->hlist_lock);
1224
1225 __l2tp_session_unhash(session);
1226 l2tp_session_queue_purge(session);
1227
1228 if (session->session_close != NULL)
1229 (*session->session_close)(session);
1230
1231 l2tp_session_dec_refcount(session);
1232
1233 write_lock_bh(&tunnel->hlist_lock);
1234
1235
1236
1237
1238
1239
1240 goto again;
1241 }
1242 }
1243 write_unlock_bh(&tunnel->hlist_lock);
1244}
1245EXPORT_SYMBOL_GPL(l2tp_tunnel_closeall);
1246
1247
1248static void l2tp_udp_encap_destroy(struct sock *sk)
1249{
1250 struct l2tp_tunnel *tunnel = l2tp_tunnel(sk);
1251
1252 if (tunnel)
1253 l2tp_tunnel_delete(tunnel);
1254}
1255
1256
1257static void l2tp_tunnel_del_work(struct work_struct *work)
1258{
1259 struct l2tp_tunnel *tunnel = container_of(work, struct l2tp_tunnel,
1260 del_work);
1261 struct sock *sk = tunnel->sock;
1262 struct socket *sock = sk->sk_socket;
1263 struct l2tp_net *pn;
1264
1265 l2tp_tunnel_closeall(tunnel);
1266
1267
1268
1269
1270 if (tunnel->fd < 0) {
1271 if (sock) {
1272 kernel_sock_shutdown(sock, SHUT_RDWR);
1273 sock_release(sock);
1274 }
1275 }
1276
1277
1278 pn = l2tp_pernet(tunnel->l2tp_net);
1279 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1280 list_del_rcu(&tunnel->list);
1281 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1282
1283
1284 l2tp_tunnel_dec_refcount(tunnel);
1285
1286
1287 l2tp_tunnel_dec_refcount(tunnel);
1288}
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299static int l2tp_tunnel_sock_create(struct net *net,
1300 u32 tunnel_id,
1301 u32 peer_tunnel_id,
1302 struct l2tp_tunnel_cfg *cfg,
1303 struct socket **sockp)
1304{
1305 int err = -EINVAL;
1306 struct socket *sock = NULL;
1307 struct udp_port_cfg udp_conf;
1308
1309 switch (cfg->encap) {
1310 case L2TP_ENCAPTYPE_UDP:
1311 memset(&udp_conf, 0, sizeof(udp_conf));
1312
1313#if IS_ENABLED(CONFIG_IPV6)
1314 if (cfg->local_ip6 && cfg->peer_ip6) {
1315 udp_conf.family = AF_INET6;
1316 memcpy(&udp_conf.local_ip6, cfg->local_ip6,
1317 sizeof(udp_conf.local_ip6));
1318 memcpy(&udp_conf.peer_ip6, cfg->peer_ip6,
1319 sizeof(udp_conf.peer_ip6));
1320 udp_conf.use_udp6_tx_checksums =
1321 ! cfg->udp6_zero_tx_checksums;
1322 udp_conf.use_udp6_rx_checksums =
1323 ! cfg->udp6_zero_rx_checksums;
1324 } else
1325#endif
1326 {
1327 udp_conf.family = AF_INET;
1328 udp_conf.local_ip = cfg->local_ip;
1329 udp_conf.peer_ip = cfg->peer_ip;
1330 udp_conf.use_udp_checksums = cfg->use_udp_checksums;
1331 }
1332
1333 udp_conf.local_udp_port = htons(cfg->local_udp_port);
1334 udp_conf.peer_udp_port = htons(cfg->peer_udp_port);
1335
1336 err = udp_sock_create(net, &udp_conf, &sock);
1337 if (err < 0)
1338 goto out;
1339
1340 break;
1341
1342 case L2TP_ENCAPTYPE_IP:
1343#if IS_ENABLED(CONFIG_IPV6)
1344 if (cfg->local_ip6 && cfg->peer_ip6) {
1345 struct sockaddr_l2tpip6 ip6_addr = {0};
1346
1347 err = sock_create_kern(net, AF_INET6, SOCK_DGRAM,
1348 IPPROTO_L2TP, &sock);
1349 if (err < 0)
1350 goto out;
1351
1352 ip6_addr.l2tp_family = AF_INET6;
1353 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1354 sizeof(ip6_addr.l2tp_addr));
1355 ip6_addr.l2tp_conn_id = tunnel_id;
1356 err = kernel_bind(sock, (struct sockaddr *) &ip6_addr,
1357 sizeof(ip6_addr));
1358 if (err < 0)
1359 goto out;
1360
1361 ip6_addr.l2tp_family = AF_INET6;
1362 memcpy(&ip6_addr.l2tp_addr, cfg->peer_ip6,
1363 sizeof(ip6_addr.l2tp_addr));
1364 ip6_addr.l2tp_conn_id = peer_tunnel_id;
1365 err = kernel_connect(sock,
1366 (struct sockaddr *) &ip6_addr,
1367 sizeof(ip6_addr), 0);
1368 if (err < 0)
1369 goto out;
1370 } else
1371#endif
1372 {
1373 struct sockaddr_l2tpip ip_addr = {0};
1374
1375 err = sock_create_kern(net, AF_INET, SOCK_DGRAM,
1376 IPPROTO_L2TP, &sock);
1377 if (err < 0)
1378 goto out;
1379
1380 ip_addr.l2tp_family = AF_INET;
1381 ip_addr.l2tp_addr = cfg->local_ip;
1382 ip_addr.l2tp_conn_id = tunnel_id;
1383 err = kernel_bind(sock, (struct sockaddr *) &ip_addr,
1384 sizeof(ip_addr));
1385 if (err < 0)
1386 goto out;
1387
1388 ip_addr.l2tp_family = AF_INET;
1389 ip_addr.l2tp_addr = cfg->peer_ip;
1390 ip_addr.l2tp_conn_id = peer_tunnel_id;
1391 err = kernel_connect(sock, (struct sockaddr *) &ip_addr,
1392 sizeof(ip_addr), 0);
1393 if (err < 0)
1394 goto out;
1395 }
1396 break;
1397
1398 default:
1399 goto out;
1400 }
1401
1402out:
1403 *sockp = sock;
1404 if ((err < 0) && sock) {
1405 kernel_sock_shutdown(sock, SHUT_RDWR);
1406 sock_release(sock);
1407 *sockp = NULL;
1408 }
1409
1410 return err;
1411}
1412
1413static struct lock_class_key l2tp_socket_class;
1414
1415int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1416{
1417 struct l2tp_tunnel *tunnel = NULL;
1418 int err;
1419 enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1420
1421 if (cfg != NULL)
1422 encap = cfg->encap;
1423
1424 tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1425 if (tunnel == NULL) {
1426 err = -ENOMEM;
1427 goto err;
1428 }
1429
1430 tunnel->version = version;
1431 tunnel->tunnel_id = tunnel_id;
1432 tunnel->peer_tunnel_id = peer_tunnel_id;
1433 tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1434
1435 tunnel->magic = L2TP_TUNNEL_MAGIC;
1436 sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1437 rwlock_init(&tunnel->hlist_lock);
1438 tunnel->acpt_newsess = true;
1439
1440 if (cfg != NULL)
1441 tunnel->debug = cfg->debug;
1442
1443 tunnel->encap = encap;
1444
1445 refcount_set(&tunnel->ref_count, 1);
1446 tunnel->fd = fd;
1447
1448
1449 INIT_WORK(&tunnel->del_work, l2tp_tunnel_del_work);
1450
1451 INIT_LIST_HEAD(&tunnel->list);
1452
1453 err = 0;
1454err:
1455 if (tunnelp)
1456 *tunnelp = tunnel;
1457
1458 return err;
1459}
1460EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1461
1462static int l2tp_validate_socket(const struct sock *sk, const struct net *net,
1463 enum l2tp_encap_type encap)
1464{
1465 if (!net_eq(sock_net(sk), net))
1466 return -EINVAL;
1467
1468 if (sk->sk_type != SOCK_DGRAM)
1469 return -EPROTONOSUPPORT;
1470
1471 if ((encap == L2TP_ENCAPTYPE_UDP && sk->sk_protocol != IPPROTO_UDP) ||
1472 (encap == L2TP_ENCAPTYPE_IP && sk->sk_protocol != IPPROTO_L2TP))
1473 return -EPROTONOSUPPORT;
1474
1475 if (sk->sk_user_data)
1476 return -EBUSY;
1477
1478 return 0;
1479}
1480
1481int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net,
1482 struct l2tp_tunnel_cfg *cfg)
1483{
1484 struct l2tp_tunnel *tunnel_walk;
1485 struct l2tp_net *pn;
1486 struct socket *sock;
1487 struct sock *sk;
1488 int ret;
1489
1490 if (tunnel->fd < 0) {
1491 ret = l2tp_tunnel_sock_create(net, tunnel->tunnel_id,
1492 tunnel->peer_tunnel_id, cfg,
1493 &sock);
1494 if (ret < 0)
1495 goto err;
1496 } else {
1497 sock = sockfd_lookup(tunnel->fd, &ret);
1498 if (!sock)
1499 goto err;
1500
1501 ret = l2tp_validate_socket(sock->sk, net, tunnel->encap);
1502 if (ret < 0)
1503 goto err_sock;
1504 }
1505
1506 sk = sock->sk;
1507
1508 sock_hold(sk);
1509 tunnel->sock = sk;
1510 tunnel->l2tp_net = net;
1511
1512 pn = l2tp_pernet(net);
1513
1514 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1515 list_for_each_entry(tunnel_walk, &pn->l2tp_tunnel_list, list) {
1516 if (tunnel_walk->tunnel_id == tunnel->tunnel_id) {
1517 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1518
1519 ret = -EEXIST;
1520 goto err_sock;
1521 }
1522 }
1523 list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list);
1524 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1525
1526 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
1527 struct udp_tunnel_sock_cfg udp_cfg = {
1528 .sk_user_data = tunnel,
1529 .encap_type = UDP_ENCAP_L2TPINUDP,
1530 .encap_rcv = l2tp_udp_encap_recv,
1531 .encap_destroy = l2tp_udp_encap_destroy,
1532 };
1533
1534 setup_udp_tunnel_sock(net, sock, &udp_cfg);
1535 } else {
1536 sk->sk_user_data = tunnel;
1537 }
1538
1539 tunnel->old_sk_destruct = sk->sk_destruct;
1540 sk->sk_destruct = &l2tp_tunnel_destruct;
1541 lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class,
1542 "l2tp_sock");
1543 sk->sk_allocation = GFP_ATOMIC;
1544
1545 if (tunnel->fd >= 0)
1546 sockfd_put(sock);
1547
1548 return 0;
1549
1550err_sock:
1551 if (tunnel->fd < 0)
1552 sock_release(sock);
1553 else
1554 sockfd_put(sock);
1555err:
1556 return ret;
1557}
1558EXPORT_SYMBOL_GPL(l2tp_tunnel_register);
1559
1560
1561
1562void l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1563{
1564 if (!test_and_set_bit(0, &tunnel->dead)) {
1565 l2tp_tunnel_inc_refcount(tunnel);
1566 queue_work(l2tp_wq, &tunnel->del_work);
1567 }
1568}
1569EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1570
1571
1572
1573void l2tp_session_free(struct l2tp_session *session)
1574{
1575 struct l2tp_tunnel *tunnel = session->tunnel;
1576
1577 BUG_ON(refcount_read(&session->ref_count) != 0);
1578
1579 if (tunnel) {
1580 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1581 l2tp_tunnel_dec_refcount(tunnel);
1582 }
1583
1584 kfree(session);
1585}
1586EXPORT_SYMBOL_GPL(l2tp_session_free);
1587
1588
1589
1590
1591
1592
1593void __l2tp_session_unhash(struct l2tp_session *session)
1594{
1595 struct l2tp_tunnel *tunnel = session->tunnel;
1596
1597
1598 if (tunnel) {
1599
1600 write_lock_bh(&tunnel->hlist_lock);
1601 hlist_del_init(&session->hlist);
1602 write_unlock_bh(&tunnel->hlist_lock);
1603
1604
1605 if (tunnel->version != L2TP_HDR_VER_2) {
1606 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1607 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1608 hlist_del_init_rcu(&session->global_hlist);
1609 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1610 synchronize_rcu();
1611 }
1612 }
1613}
1614EXPORT_SYMBOL_GPL(__l2tp_session_unhash);
1615
1616
1617
1618
1619int l2tp_session_delete(struct l2tp_session *session)
1620{
1621 if (test_and_set_bit(0, &session->dead))
1622 return 0;
1623
1624 __l2tp_session_unhash(session);
1625 l2tp_session_queue_purge(session);
1626 if (session->session_close != NULL)
1627 (*session->session_close)(session);
1628
1629 l2tp_session_dec_refcount(session);
1630
1631 return 0;
1632}
1633EXPORT_SYMBOL_GPL(l2tp_session_delete);
1634
1635
1636
1637
1638void l2tp_session_set_header_len(struct l2tp_session *session, int version)
1639{
1640 if (version == L2TP_HDR_VER_2) {
1641 session->hdr_len = 6;
1642 if (session->send_seq)
1643 session->hdr_len += 4;
1644 } else {
1645 session->hdr_len = 4 + session->cookie_len;
1646 session->hdr_len += l2tp_get_l2specific_len(session);
1647 if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1648 session->hdr_len += 4;
1649 }
1650
1651}
1652EXPORT_SYMBOL_GPL(l2tp_session_set_header_len);
1653
1654struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1655{
1656 struct l2tp_session *session;
1657
1658 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1659 if (session != NULL) {
1660 session->magic = L2TP_SESSION_MAGIC;
1661 session->tunnel = tunnel;
1662
1663 session->session_id = session_id;
1664 session->peer_session_id = peer_session_id;
1665 session->nr = 0;
1666 if (tunnel->version == L2TP_HDR_VER_2)
1667 session->nr_max = 0xffff;
1668 else
1669 session->nr_max = 0xffffff;
1670 session->nr_window_size = session->nr_max / 2;
1671 session->nr_oos_count_max = 4;
1672
1673
1674 session->reorder_skip = 1;
1675
1676 sprintf(&session->name[0], "sess %u/%u",
1677 tunnel->tunnel_id, session->session_id);
1678
1679 skb_queue_head_init(&session->reorder_q);
1680
1681 INIT_HLIST_NODE(&session->hlist);
1682 INIT_HLIST_NODE(&session->global_hlist);
1683
1684
1685 session->debug = tunnel->debug;
1686
1687 if (cfg) {
1688 session->pwtype = cfg->pw_type;
1689 session->debug = cfg->debug;
1690 session->mtu = cfg->mtu;
1691 session->mru = cfg->mru;
1692 session->send_seq = cfg->send_seq;
1693 session->recv_seq = cfg->recv_seq;
1694 session->lns_mode = cfg->lns_mode;
1695 session->reorder_timeout = cfg->reorder_timeout;
1696 session->l2specific_type = cfg->l2specific_type;
1697 session->cookie_len = cfg->cookie_len;
1698 memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len);
1699 session->peer_cookie_len = cfg->peer_cookie_len;
1700 memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1701 }
1702
1703 if (tunnel->version == L2TP_HDR_VER_2)
1704 session->build_header = l2tp_build_l2tpv2_header;
1705 else
1706 session->build_header = l2tp_build_l2tpv3_header;
1707
1708 l2tp_session_set_header_len(session, tunnel->version);
1709
1710 refcount_set(&session->ref_count, 1);
1711
1712 return session;
1713 }
1714
1715 return ERR_PTR(-ENOMEM);
1716}
1717EXPORT_SYMBOL_GPL(l2tp_session_create);
1718
1719
1720
1721
1722
1723static __net_init int l2tp_init_net(struct net *net)
1724{
1725 struct l2tp_net *pn = net_generic(net, l2tp_net_id);
1726 int hash;
1727
1728 INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1729 spin_lock_init(&pn->l2tp_tunnel_list_lock);
1730
1731 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1732 INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
1733
1734 spin_lock_init(&pn->l2tp_session_hlist_lock);
1735
1736 return 0;
1737}
1738
1739static __net_exit void l2tp_exit_net(struct net *net)
1740{
1741 struct l2tp_net *pn = l2tp_pernet(net);
1742 struct l2tp_tunnel *tunnel = NULL;
1743 int hash;
1744
1745 rcu_read_lock_bh();
1746 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
1747 l2tp_tunnel_delete(tunnel);
1748 }
1749 rcu_read_unlock_bh();
1750
1751 flush_workqueue(l2tp_wq);
1752 rcu_barrier();
1753
1754 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1755 WARN_ON_ONCE(!hlist_empty(&pn->l2tp_session_hlist[hash]));
1756}
1757
1758static struct pernet_operations l2tp_net_ops = {
1759 .init = l2tp_init_net,
1760 .exit = l2tp_exit_net,
1761 .id = &l2tp_net_id,
1762 .size = sizeof(struct l2tp_net),
1763};
1764
1765static int __init l2tp_init(void)
1766{
1767 int rc = 0;
1768
1769 rc = register_pernet_device(&l2tp_net_ops);
1770 if (rc)
1771 goto out;
1772
1773 l2tp_wq = alloc_workqueue("l2tp", WQ_UNBOUND, 0);
1774 if (!l2tp_wq) {
1775 pr_err("alloc_workqueue failed\n");
1776 unregister_pernet_device(&l2tp_net_ops);
1777 rc = -ENOMEM;
1778 goto out;
1779 }
1780
1781 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION);
1782
1783out:
1784 return rc;
1785}
1786
1787static void __exit l2tp_exit(void)
1788{
1789 unregister_pernet_device(&l2tp_net_ops);
1790 if (l2tp_wq) {
1791 destroy_workqueue(l2tp_wq);
1792 l2tp_wq = NULL;
1793 }
1794}
1795
1796module_init(l2tp_init);
1797module_exit(l2tp_exit);
1798
1799MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1800MODULE_DESCRIPTION("L2TP core");
1801MODULE_LICENSE("GPL");
1802MODULE_VERSION(L2TP_DRV_VERSION);
1803
1804
