1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include "qemu/osdep.h"
27#include <linux/ip.h>
28#include <netdb.h>
29#include "net/net.h"
30#include "clients.h"
31#include "qemu-common.h"
32#include "qemu/error-report.h"
33#include "qemu/option.h"
34#include "qemu/sockets.h"
35#include "qemu/iov.h"
36#include "qemu/main-loop.h"
37
38
39
40
41
42
43
44#define BUFFER_ALIGN sysconf(_SC_PAGESIZE)
45#define BUFFER_SIZE 2048
46#define IOVSIZE 2
47#define MAX_L2TPV3_MSGCNT 64
48#define MAX_L2TPV3_IOVCNT (MAX_L2TPV3_MSGCNT * IOVSIZE)
49
50
51
52#define L2TPV3_DATA_PACKET 0x30000
53
54
55
56#ifndef IPPROTO_L2TP
57#define IPPROTO_L2TP 0x73
58#endif
59
60typedef struct NetL2TPV3State {
61 NetClientState nc;
62 int fd;
63
64
65
66
67
68
69 uint8_t *header_buf;
70 struct iovec *vec;
71
72
73
74
75
76 struct mmsghdr *msgvec;
77
78
79
80
81
82 struct sockaddr_storage *dgram_dst;
83 uint32_t dst_size;
84
85
86
87
88
89 uint64_t rx_cookie;
90 uint64_t tx_cookie;
91 uint32_t rx_session;
92 uint32_t tx_session;
93 uint32_t header_size;
94 uint32_t counter;
95
96
97
98
99
100 bool header_mismatch;
101
102
103
104
105
106 int queue_head;
107 int queue_tail;
108 int queue_depth;
109
110
111
112
113
114 uint32_t offset;
115 uint32_t cookie_offset;
116 uint32_t counter_offset;
117 uint32_t session_offset;
118
119
120
121 bool read_poll;
122 bool write_poll;
123
124
125
126 bool ipv6;
127 bool udp;
128 bool has_counter;
129 bool pin_counter;
130 bool cookie;
131 bool cookie_is_64;
132
133} NetL2TPV3State;
134
135static void net_l2tpv3_send(void *opaque);
136static void l2tpv3_writable(void *opaque);
137
138static void l2tpv3_update_fd_handler(NetL2TPV3State *s)
139{
140 qemu_set_fd_handler(s->fd,
141 s->read_poll ? net_l2tpv3_send : NULL,
142 s->write_poll ? l2tpv3_writable : NULL,
143 s);
144}
145
146static void l2tpv3_read_poll(NetL2TPV3State *s, bool enable)
147{
148 if (s->read_poll != enable) {
149 s->read_poll = enable;
150 l2tpv3_update_fd_handler(s);
151 }
152}
153
154static void l2tpv3_write_poll(NetL2TPV3State *s, bool enable)
155{
156 if (s->write_poll != enable) {
157 s->write_poll = enable;
158 l2tpv3_update_fd_handler(s);
159 }
160}
161
162static void l2tpv3_writable(void *opaque)
163{
164 NetL2TPV3State *s = opaque;
165 l2tpv3_write_poll(s, false);
166 qemu_flush_queued_packets(&s->nc);
167}
168
169static void l2tpv3_send_completed(NetClientState *nc, ssize_t len)
170{
171 NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
172 l2tpv3_read_poll(s, true);
173}
174
175static void l2tpv3_poll(NetClientState *nc, bool enable)
176{
177 NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
178 l2tpv3_write_poll(s, enable);
179 l2tpv3_read_poll(s, enable);
180}
181
182static void l2tpv3_form_header(NetL2TPV3State *s)
183{
184 uint32_t *counter;
185
186 if (s->udp) {
187 stl_be_p((uint32_t *) s->header_buf, L2TPV3_DATA_PACKET);
188 }
189 stl_be_p(
190 (uint32_t *) (s->header_buf + s->session_offset),
191 s->tx_session
192 );
193 if (s->cookie) {
194 if (s->cookie_is_64) {
195 stq_be_p(
196 (uint64_t *)(s->header_buf + s->cookie_offset),
197 s->tx_cookie
198 );
199 } else {
200 stl_be_p(
201 (uint32_t *) (s->header_buf + s->cookie_offset),
202 s->tx_cookie
203 );
204 }
205 }
206 if (s->has_counter) {
207 counter = (uint32_t *)(s->header_buf + s->counter_offset);
208 if (s->pin_counter) {
209 *counter = 0;
210 } else {
211 stl_be_p(counter, ++s->counter);
212 }
213 }
214}
215
216static ssize_t net_l2tpv3_receive_dgram_iov(NetClientState *nc,
217 const struct iovec *iov,
218 int iovcnt)
219{
220 NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
221
222 struct msghdr message;
223 int ret;
224
225 if (iovcnt > MAX_L2TPV3_IOVCNT - 1) {
226 error_report(
227 "iovec too long %d > %d, change l2tpv3.h",
228 iovcnt, MAX_L2TPV3_IOVCNT
229 );
230 return -1;
231 }
232 l2tpv3_form_header(s);
233 memcpy(s->vec + 1, iov, iovcnt * sizeof(struct iovec));
234 s->vec->iov_base = s->header_buf;
235 s->vec->iov_len = s->offset;
236 message.msg_name = s->dgram_dst;
237 message.msg_namelen = s->dst_size;
238 message.msg_iov = s->vec;
239 message.msg_iovlen = iovcnt + 1;
240 message.msg_control = NULL;
241 message.msg_controllen = 0;
242 message.msg_flags = 0;
243 do {
244 ret = sendmsg(s->fd, &message, 0);
245 } while ((ret == -1) && (errno == EINTR));
246 if (ret > 0) {
247 ret -= s->offset;
248 } else if (ret == 0) {
249
250
251
252 ret = iov_size(iov, iovcnt);
253 } else {
254
255 ret = -errno;
256 if (ret == -EAGAIN || ret == -ENOBUFS) {
257 l2tpv3_write_poll(s, true);
258 ret = 0;
259 }
260 }
261 return ret;
262}
263
264static ssize_t net_l2tpv3_receive_dgram(NetClientState *nc,
265 const uint8_t *buf,
266 size_t size)
267{
268 NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
269
270 struct iovec *vec;
271 struct msghdr message;
272 ssize_t ret = 0;
273
274 l2tpv3_form_header(s);
275 vec = s->vec;
276 vec->iov_base = s->header_buf;
277 vec->iov_len = s->offset;
278 vec++;
279 vec->iov_base = (void *) buf;
280 vec->iov_len = size;
281 message.msg_name = s->dgram_dst;
282 message.msg_namelen = s->dst_size;
283 message.msg_iov = s->vec;
284 message.msg_iovlen = 2;
285 message.msg_control = NULL;
286 message.msg_controllen = 0;
287 message.msg_flags = 0;
288 do {
289 ret = sendmsg(s->fd, &message, 0);
290 } while ((ret == -1) && (errno == EINTR));
291 if (ret > 0) {
292 ret -= s->offset;
293 } else if (ret == 0) {
294
295
296
297 ret = size;
298 } else {
299 ret = -errno;
300 if (ret == -EAGAIN || ret == -ENOBUFS) {
301
302 l2tpv3_write_poll(s, true);
303 ret = 0;
304 }
305 }
306 return ret;
307}
308
309static int l2tpv3_verify_header(NetL2TPV3State *s, uint8_t *buf)
310{
311
312 uint32_t *session;
313 uint64_t cookie;
314
315 if ((!s->udp) && (!s->ipv6)) {
316 buf += sizeof(struct iphdr) ;
317 }
318
319
320
321
322
323
324 if (s->cookie) {
325 if (s->cookie_is_64) {
326 cookie = ldq_be_p(buf + s->cookie_offset);
327 } else {
328 cookie = ldl_be_p(buf + s->cookie_offset) & 0xffffffffULL;
329 }
330 if (cookie != s->rx_cookie) {
331 if (!s->header_mismatch) {
332 error_report("unknown cookie id");
333 }
334 return -1;
335 }
336 }
337 session = (uint32_t *) (buf + s->session_offset);
338 if (ldl_be_p(session) != s->rx_session) {
339 if (!s->header_mismatch) {
340 error_report("session mismatch");
341 }
342 return -1;
343 }
344 return 0;
345}
346
347static void net_l2tpv3_process_queue(NetL2TPV3State *s)
348{
349 int size = 0;
350 struct iovec *vec;
351 bool bad_read;
352 int data_size;
353 struct mmsghdr *msgvec;
354
355
356 if (s->queue_depth > 0) {
357 do {
358 msgvec = s->msgvec + s->queue_tail;
359 if (msgvec->msg_len > 0) {
360 data_size = msgvec->msg_len - s->header_size;
361 vec = msgvec->msg_hdr.msg_iov;
362 if ((data_size > 0) &&
363 (l2tpv3_verify_header(s, vec->iov_base) == 0)) {
364 vec++;
365
366
367
368
369 size = qemu_send_packet_async(
370 &s->nc,
371 vec->iov_base,
372 data_size,
373 l2tpv3_send_completed
374 );
375 if (size == 0) {
376 l2tpv3_read_poll(s, false);
377 }
378 bad_read = false;
379 } else {
380 bad_read = true;
381 if (!s->header_mismatch) {
382
383 error_report("l2tpv3 header verification failed");
384 s->header_mismatch = true;
385 }
386 }
387 } else {
388 bad_read = true;
389 }
390 s->queue_tail = (s->queue_tail + 1) % MAX_L2TPV3_MSGCNT;
391 s->queue_depth--;
392 } while (
393 (s->queue_depth > 0) &&
394 qemu_can_send_packet(&s->nc) &&
395 ((size > 0) || bad_read)
396 );
397 }
398}
399
400static void net_l2tpv3_send(void *opaque)
401{
402 NetL2TPV3State *s = opaque;
403 int target_count, count;
404 struct mmsghdr *msgvec;
405
406
407
408 if (s->queue_depth) {
409
410
411
412
413
414 target_count = MAX_L2TPV3_MSGCNT - s->queue_depth;
415
416
417
418
419
420 if (s->queue_head + target_count > MAX_L2TPV3_MSGCNT) {
421 target_count = MAX_L2TPV3_MSGCNT - s->queue_head;
422 }
423 } else {
424
425
426
427
428
429
430 s->queue_head = 0;
431 s->queue_tail = 0;
432 target_count = MAX_L2TPV3_MSGCNT;
433 }
434
435 msgvec = s->msgvec + s->queue_head;
436 if (target_count > 0) {
437 do {
438 count = recvmmsg(
439 s->fd,
440 msgvec,
441 target_count, MSG_DONTWAIT, NULL);
442 } while ((count == -1) && (errno == EINTR));
443 if (count < 0) {
444
445
446
447 count = 0;
448 }
449 s->queue_head = (s->queue_head + count) % MAX_L2TPV3_MSGCNT;
450 s->queue_depth += count;
451 }
452 net_l2tpv3_process_queue(s);
453}
454
455static void destroy_vector(struct mmsghdr *msgvec, int count, int iovcount)
456{
457 int i, j;
458 struct iovec *iov;
459 struct mmsghdr *cleanup = msgvec;
460 if (cleanup) {
461 for (i = 0; i < count; i++) {
462 if (cleanup->msg_hdr.msg_iov) {
463 iov = cleanup->msg_hdr.msg_iov;
464 for (j = 0; j < iovcount; j++) {
465 g_free(iov->iov_base);
466 iov++;
467 }
468 g_free(cleanup->msg_hdr.msg_iov);
469 }
470 cleanup++;
471 }
472 g_free(msgvec);
473 }
474}
475
476static struct mmsghdr *build_l2tpv3_vector(NetL2TPV3State *s, int count)
477{
478 int i;
479 struct iovec *iov;
480 struct mmsghdr *msgvec, *result;
481
482 msgvec = g_new(struct mmsghdr, count);
483 result = msgvec;
484 for (i = 0; i < count ; i++) {
485 msgvec->msg_hdr.msg_name = NULL;
486 msgvec->msg_hdr.msg_namelen = 0;
487 iov = g_new(struct iovec, IOVSIZE);
488 msgvec->msg_hdr.msg_iov = iov;
489 iov->iov_base = g_malloc(s->header_size);
490 iov->iov_len = s->header_size;
491 iov++ ;
492 iov->iov_base = qemu_memalign(BUFFER_ALIGN, BUFFER_SIZE);
493 iov->iov_len = BUFFER_SIZE;
494 msgvec->msg_hdr.msg_iovlen = 2;
495 msgvec->msg_hdr.msg_control = NULL;
496 msgvec->msg_hdr.msg_controllen = 0;
497 msgvec->msg_hdr.msg_flags = 0;
498 msgvec++;
499 }
500 return result;
501}
502
503static void net_l2tpv3_cleanup(NetClientState *nc)
504{
505 NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
506 qemu_purge_queued_packets(nc);
507 l2tpv3_read_poll(s, false);
508 l2tpv3_write_poll(s, false);
509 if (s->fd >= 0) {
510 close(s->fd);
511 }
512 destroy_vector(s->msgvec, MAX_L2TPV3_MSGCNT, IOVSIZE);
513 g_free(s->vec);
514 g_free(s->header_buf);
515 g_free(s->dgram_dst);
516}
517
518static NetClientInfo net_l2tpv3_info = {
519 .type = NET_CLIENT_DRIVER_L2TPV3,
520 .size = sizeof(NetL2TPV3State),
521 .receive = net_l2tpv3_receive_dgram,
522 .receive_iov = net_l2tpv3_receive_dgram_iov,
523 .poll = l2tpv3_poll,
524 .cleanup = net_l2tpv3_cleanup,
525};
526
527int net_init_l2tpv3(const Netdev *netdev,
528 const char *name,
529 NetClientState *peer, Error **errp)
530{
531
532 const NetdevL2TPv3Options *l2tpv3;
533 NetL2TPV3State *s;
534 NetClientState *nc;
535 int fd = -1, gairet;
536 struct addrinfo hints;
537 struct addrinfo *result = NULL;
538 char *srcport, *dstport;
539
540 nc = qemu_new_net_client(&net_l2tpv3_info, peer, "l2tpv3", name);
541
542 s = DO_UPCAST(NetL2TPV3State, nc, nc);
543
544 s->queue_head = 0;
545 s->queue_tail = 0;
546 s->header_mismatch = false;
547
548 assert(netdev->type == NET_CLIENT_DRIVER_L2TPV3);
549 l2tpv3 = &netdev->u.l2tpv3;
550
551 if (l2tpv3->has_ipv6 && l2tpv3->ipv6) {
552 s->ipv6 = l2tpv3->ipv6;
553 } else {
554 s->ipv6 = false;
555 }
556
557 if ((l2tpv3->has_offset) && (l2tpv3->offset > 256)) {
558 error_report("l2tpv3_open : offset must be less than 256 bytes");
559 goto outerr;
560 }
561
562 if (l2tpv3->has_rxcookie || l2tpv3->has_txcookie) {
563 if (l2tpv3->has_rxcookie && l2tpv3->has_txcookie) {
564 s->cookie = true;
565 } else {
566 goto outerr;
567 }
568 } else {
569 s->cookie = false;
570 }
571
572 if (l2tpv3->has_cookie64 || l2tpv3->cookie64) {
573 s->cookie_is_64 = true;
574 } else {
575 s->cookie_is_64 = false;
576 }
577
578 if (l2tpv3->has_udp && l2tpv3->udp) {
579 s->udp = true;
580 if (!(l2tpv3->has_srcport && l2tpv3->has_dstport)) {
581 error_report("l2tpv3_open : need both src and dst port for udp");
582 goto outerr;
583 } else {
584 srcport = l2tpv3->srcport;
585 dstport = l2tpv3->dstport;
586 }
587 } else {
588 s->udp = false;
589 srcport = NULL;
590 dstport = NULL;
591 }
592
593
594 s->offset = 4;
595 s->session_offset = 0;
596 s->cookie_offset = 4;
597 s->counter_offset = 4;
598
599 s->tx_session = l2tpv3->txsession;
600 if (l2tpv3->has_rxsession) {
601 s->rx_session = l2tpv3->rxsession;
602 } else {
603 s->rx_session = s->tx_session;
604 }
605
606 if (s->cookie) {
607 s->rx_cookie = l2tpv3->rxcookie;
608 s->tx_cookie = l2tpv3->txcookie;
609 if (s->cookie_is_64 == true) {
610
611 s->offset += 8;
612 s->counter_offset += 8;
613 } else {
614
615 s->offset += 4;
616 s->counter_offset += 4;
617 }
618 }
619
620 memset(&hints, 0, sizeof(hints));
621
622 if (s->ipv6) {
623 hints.ai_family = AF_INET6;
624 } else {
625 hints.ai_family = AF_INET;
626 }
627 if (s->udp) {
628 hints.ai_socktype = SOCK_DGRAM;
629 hints.ai_protocol = 0;
630 s->offset += 4;
631 s->counter_offset += 4;
632 s->session_offset += 4;
633 s->cookie_offset += 4;
634 } else {
635 hints.ai_socktype = SOCK_RAW;
636 hints.ai_protocol = IPPROTO_L2TP;
637 }
638
639 gairet = getaddrinfo(l2tpv3->src, srcport, &hints, &result);
640
641 if ((gairet != 0) || (result == NULL)) {
642 error_report(
643 "l2tpv3_open : could not resolve src, errno = %s",
644 gai_strerror(gairet)
645 );
646 goto outerr;
647 }
648 fd = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
649 if (fd == -1) {
650 fd = -errno;
651 error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
652 goto outerr;
653 }
654 if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
655 error_report("l2tpv3_open : could not bind socket err=%i", errno);
656 goto outerr;
657 }
658 if (result) {
659 freeaddrinfo(result);
660 }
661
662 memset(&hints, 0, sizeof(hints));
663
664 if (s->ipv6) {
665 hints.ai_family = AF_INET6;
666 } else {
667 hints.ai_family = AF_INET;
668 }
669 if (s->udp) {
670 hints.ai_socktype = SOCK_DGRAM;
671 hints.ai_protocol = 0;
672 } else {
673 hints.ai_socktype = SOCK_RAW;
674 hints.ai_protocol = IPPROTO_L2TP;
675 }
676
677 result = NULL;
678 gairet = getaddrinfo(l2tpv3->dst, dstport, &hints, &result);
679 if ((gairet != 0) || (result == NULL)) {
680 error_report(
681 "l2tpv3_open : could not resolve dst, error = %s",
682 gai_strerror(gairet)
683 );
684 goto outerr;
685 }
686
687 s->dgram_dst = g_new0(struct sockaddr_storage, 1);
688 memcpy(s->dgram_dst, result->ai_addr, result->ai_addrlen);
689 s->dst_size = result->ai_addrlen;
690
691 if (result) {
692 freeaddrinfo(result);
693 }
694
695 if (l2tpv3->has_counter && l2tpv3->counter) {
696 s->has_counter = true;
697 s->offset += 4;
698 } else {
699 s->has_counter = false;
700 }
701
702 if (l2tpv3->has_pincounter && l2tpv3->pincounter) {
703 s->has_counter = true;
704 s->pin_counter = true;
705 } else {
706 s->pin_counter = false;
707 }
708
709 if (l2tpv3->has_offset) {
710
711 s->offset += l2tpv3->offset;
712 }
713
714 if ((s->ipv6) || (s->udp)) {
715 s->header_size = s->offset;
716 } else {
717 s->header_size = s->offset + sizeof(struct iphdr);
718 }
719
720 s->msgvec = build_l2tpv3_vector(s, MAX_L2TPV3_MSGCNT);
721 s->vec = g_new(struct iovec, MAX_L2TPV3_IOVCNT);
722 s->header_buf = g_malloc(s->header_size);
723
724 qemu_set_nonblock(fd);
725
726 s->fd = fd;
727 s->counter = 0;
728
729 l2tpv3_read_poll(s, true);
730
731 snprintf(s->nc.info_str, sizeof(s->nc.info_str),
732 "l2tpv3: connected");
733 return 0;
734outerr:
735 qemu_del_net_client(nc);
736 if (fd >= 0) {
737 close(fd);
738 }
739 if (result) {
740 freeaddrinfo(result);
741 }
742 return -1;
743}
744
745