0001
0002
0003
0004
0005
0006
0007
0008 #include <linux/string.h>
0009 #include <linux/module.h>
0010 #include <linux/kernel.h>
0011 #include <linux/slab.h>
0012 #include <linux/errno.h>
0013 #include <linux/netdevice.h>
0014 #include <linux/net.h>
0015 #include <linux/skbuff.h>
0016 #include <linux/vmalloc.h>
0017 #include <linux/init.h>
0018 #include <linux/ppp_channel.h>
0019 #include <linux/ppp_defs.h>
0020 #include <linux/if_pppox.h>
0021 #include <linux/ppp-ioctl.h>
0022 #include <linux/notifier.h>
0023 #include <linux/file.h>
0024 #include <linux/in.h>
0025 #include <linux/ip.h>
0026 #include <linux/rcupdate.h>
0027 #include <linux/spinlock.h>
0028
0029 #include <net/sock.h>
0030 #include <net/protocol.h>
0031 #include <net/ip.h>
0032 #include <net/icmp.h>
0033 #include <net/route.h>
0034 #include <net/gre.h>
0035 #include <net/pptp.h>
0036
0037 #include <linux/uaccess.h>
0038
0039 #define PPTP_DRIVER_VERSION "0.8.5"
0040
0041 #define MAX_CALLID 65535
0042
0043 static DECLARE_BITMAP(callid_bitmap, MAX_CALLID + 1);
0044 static struct pppox_sock __rcu **callid_sock;
0045
0046 static DEFINE_SPINLOCK(chan_lock);
0047
0048 static struct proto pptp_sk_proto __read_mostly;
0049 static const struct ppp_channel_ops pptp_chan_ops;
0050 static const struct proto_ops pptp_ops;
0051
0052 static struct pppox_sock *lookup_chan(u16 call_id, __be32 s_addr)
0053 {
0054 struct pppox_sock *sock;
0055 struct pptp_opt *opt;
0056
0057 rcu_read_lock();
0058 sock = rcu_dereference(callid_sock[call_id]);
0059 if (sock) {
0060 opt = &sock->proto.pptp;
0061 if (opt->dst_addr.sin_addr.s_addr != s_addr)
0062 sock = NULL;
0063 else
0064 sock_hold(sk_pppox(sock));
0065 }
0066 rcu_read_unlock();
0067
0068 return sock;
0069 }
0070
0071 static int lookup_chan_dst(u16 call_id, __be32 d_addr)
0072 {
0073 struct pppox_sock *sock;
0074 struct pptp_opt *opt;
0075 int i;
0076
0077 rcu_read_lock();
0078 i = 1;
0079 for_each_set_bit_from(i, callid_bitmap, MAX_CALLID) {
0080 sock = rcu_dereference(callid_sock[i]);
0081 if (!sock)
0082 continue;
0083 opt = &sock->proto.pptp;
0084 if (opt->dst_addr.call_id == call_id &&
0085 opt->dst_addr.sin_addr.s_addr == d_addr)
0086 break;
0087 }
0088 rcu_read_unlock();
0089
0090 return i < MAX_CALLID;
0091 }
0092
0093 static int add_chan(struct pppox_sock *sock,
0094 struct pptp_addr *sa)
0095 {
0096 static int call_id;
0097
0098 spin_lock(&chan_lock);
0099 if (!sa->call_id) {
0100 call_id = find_next_zero_bit(callid_bitmap, MAX_CALLID, call_id + 1);
0101 if (call_id == MAX_CALLID) {
0102 call_id = find_next_zero_bit(callid_bitmap, MAX_CALLID, 1);
0103 if (call_id == MAX_CALLID)
0104 goto out_err;
0105 }
0106 sa->call_id = call_id;
0107 } else if (test_bit(sa->call_id, callid_bitmap)) {
0108 goto out_err;
0109 }
0110
0111 sock->proto.pptp.src_addr = *sa;
0112 set_bit(sa->call_id, callid_bitmap);
0113 rcu_assign_pointer(callid_sock[sa->call_id], sock);
0114 spin_unlock(&chan_lock);
0115
0116 return 0;
0117
0118 out_err:
0119 spin_unlock(&chan_lock);
0120 return -1;
0121 }
0122
0123 static void del_chan(struct pppox_sock *sock)
0124 {
0125 spin_lock(&chan_lock);
0126 clear_bit(sock->proto.pptp.src_addr.call_id, callid_bitmap);
0127 RCU_INIT_POINTER(callid_sock[sock->proto.pptp.src_addr.call_id], NULL);
0128 spin_unlock(&chan_lock);
0129 }
0130
0131 static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
0132 {
0133 struct sock *sk = (struct sock *) chan->private;
0134 struct pppox_sock *po = pppox_sk(sk);
0135 struct net *net = sock_net(sk);
0136 struct pptp_opt *opt = &po->proto.pptp;
0137 struct pptp_gre_header *hdr;
0138 unsigned int header_len = sizeof(*hdr);
0139 struct flowi4 fl4;
0140 int islcp;
0141 int len;
0142 unsigned char *data;
0143 __u32 seq_recv;
0144
0145
0146 struct rtable *rt;
0147 struct net_device *tdev;
0148 struct iphdr *iph;
0149 int max_headroom;
0150
0151 if (sk_pppox(po)->sk_state & PPPOX_DEAD)
0152 goto tx_error;
0153
0154 rt = ip_route_output_ports(net, &fl4, NULL,
0155 opt->dst_addr.sin_addr.s_addr,
0156 opt->src_addr.sin_addr.s_addr,
0157 0, 0, IPPROTO_GRE,
0158 RT_TOS(0), sk->sk_bound_dev_if);
0159 if (IS_ERR(rt))
0160 goto tx_error;
0161
0162 tdev = rt->dst.dev;
0163
0164 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(*iph) + sizeof(*hdr) + 2;
0165
0166 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
0167 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
0168 if (!new_skb) {
0169 ip_rt_put(rt);
0170 goto tx_error;
0171 }
0172 if (skb->sk)
0173 skb_set_owner_w(new_skb, skb->sk);
0174 consume_skb(skb);
0175 skb = new_skb;
0176 }
0177
0178 data = skb->data;
0179 islcp = ((data[0] << 8) + data[1]) == PPP_LCP && 1 <= data[2] && data[2] <= 7;
0180
0181
0182 if ((opt->ppp_flags & SC_COMP_PROT) && data[0] == 0 && !islcp)
0183 skb_pull(skb, 1);
0184
0185
0186 if ((opt->ppp_flags & SC_COMP_AC) == 0 || islcp) {
0187 data = skb_push(skb, 2);
0188 data[0] = PPP_ALLSTATIONS;
0189 data[1] = PPP_UI;
0190 }
0191
0192 len = skb->len;
0193
0194 seq_recv = opt->seq_recv;
0195
0196 if (opt->ack_sent == seq_recv)
0197 header_len -= sizeof(hdr->ack);
0198
0199
0200 skb_push(skb, header_len);
0201 hdr = (struct pptp_gre_header *)(skb->data);
0202
0203 hdr->gre_hd.flags = GRE_KEY | GRE_VERSION_1 | GRE_SEQ;
0204 hdr->gre_hd.protocol = GRE_PROTO_PPP;
0205 hdr->call_id = htons(opt->dst_addr.call_id);
0206
0207 hdr->seq = htonl(++opt->seq_sent);
0208 if (opt->ack_sent != seq_recv) {
0209
0210 hdr->gre_hd.flags |= GRE_ACK;
0211 hdr->ack = htonl(seq_recv);
0212 opt->ack_sent = seq_recv;
0213 }
0214 hdr->payload_len = htons(len);
0215
0216
0217
0218 skb_reset_transport_header(skb);
0219 skb_push(skb, sizeof(*iph));
0220 skb_reset_network_header(skb);
0221 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
0222 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | IPSKB_REROUTED);
0223
0224 iph = ip_hdr(skb);
0225 iph->version = 4;
0226 iph->ihl = sizeof(struct iphdr) >> 2;
0227 if (ip_dont_fragment(sk, &rt->dst))
0228 iph->frag_off = htons(IP_DF);
0229 else
0230 iph->frag_off = 0;
0231 iph->protocol = IPPROTO_GRE;
0232 iph->tos = 0;
0233 iph->daddr = fl4.daddr;
0234 iph->saddr = fl4.saddr;
0235 iph->ttl = ip4_dst_hoplimit(&rt->dst);
0236 iph->tot_len = htons(skb->len);
0237
0238 skb_dst_drop(skb);
0239 skb_dst_set(skb, &rt->dst);
0240
0241 nf_reset_ct(skb);
0242
0243 skb->ip_summed = CHECKSUM_NONE;
0244 ip_select_ident(net, skb, NULL);
0245 ip_send_check(iph);
0246
0247 ip_local_out(net, skb->sk, skb);
0248 return 1;
0249
0250 tx_error:
0251 kfree_skb(skb);
0252 return 1;
0253 }
0254
0255 static int pptp_rcv_core(struct sock *sk, struct sk_buff *skb)
0256 {
0257 struct pppox_sock *po = pppox_sk(sk);
0258 struct pptp_opt *opt = &po->proto.pptp;
0259 int headersize, payload_len, seq;
0260 __u8 *payload;
0261 struct pptp_gre_header *header;
0262
0263 if (!(sk->sk_state & PPPOX_CONNECTED)) {
0264 if (sock_queue_rcv_skb(sk, skb))
0265 goto drop;
0266 return NET_RX_SUCCESS;
0267 }
0268
0269 header = (struct pptp_gre_header *)(skb->data);
0270 headersize = sizeof(*header);
0271
0272
0273 if (GRE_IS_ACK(header->gre_hd.flags)) {
0274 __u32 ack;
0275
0276 if (!pskb_may_pull(skb, headersize))
0277 goto drop;
0278 header = (struct pptp_gre_header *)(skb->data);
0279
0280
0281 ack = GRE_IS_SEQ(header->gre_hd.flags) ? ntohl(header->ack) :
0282 ntohl(header->seq);
0283 if (ack > opt->ack_recv)
0284 opt->ack_recv = ack;
0285
0286 if (WRAPPED(ack, opt->ack_recv))
0287 opt->ack_recv = ack;
0288 } else {
0289 headersize -= sizeof(header->ack);
0290 }
0291
0292 if (!GRE_IS_SEQ(header->gre_hd.flags))
0293 goto drop;
0294
0295 payload_len = ntohs(header->payload_len);
0296 seq = ntohl(header->seq);
0297
0298
0299 if (!pskb_may_pull(skb, headersize + payload_len))
0300 goto drop;
0301
0302 payload = skb->data + headersize;
0303
0304 if (seq < opt->seq_recv + 1 || WRAPPED(opt->seq_recv, seq)) {
0305 if ((payload[0] == PPP_ALLSTATIONS) && (payload[1] == PPP_UI) &&
0306 (PPP_PROTOCOL(payload) == PPP_LCP) &&
0307 ((payload[4] == PPP_LCP_ECHOREQ) || (payload[4] == PPP_LCP_ECHOREP)))
0308 goto allow_packet;
0309 } else {
0310 opt->seq_recv = seq;
0311 allow_packet:
0312 skb_pull(skb, headersize);
0313
0314 if (payload[0] == PPP_ALLSTATIONS && payload[1] == PPP_UI) {
0315
0316 if (skb->len < 3)
0317 goto drop;
0318 skb_pull(skb, 2);
0319 }
0320
0321 skb->ip_summed = CHECKSUM_NONE;
0322 skb_set_network_header(skb, skb->head-skb->data);
0323 ppp_input(&po->chan, skb);
0324
0325 return NET_RX_SUCCESS;
0326 }
0327 drop:
0328 kfree_skb(skb);
0329 return NET_RX_DROP;
0330 }
0331
0332 static int pptp_rcv(struct sk_buff *skb)
0333 {
0334 struct pppox_sock *po;
0335 struct pptp_gre_header *header;
0336 struct iphdr *iph;
0337
0338 if (skb->pkt_type != PACKET_HOST)
0339 goto drop;
0340
0341 if (!pskb_may_pull(skb, 12))
0342 goto drop;
0343
0344 iph = ip_hdr(skb);
0345
0346 header = (struct pptp_gre_header *)skb->data;
0347
0348 if (header->gre_hd.protocol != GRE_PROTO_PPP ||
0349 GRE_IS_CSUM(header->gre_hd.flags) ||
0350 GRE_IS_ROUTING(header->gre_hd.flags) ||
0351 !GRE_IS_KEY(header->gre_hd.flags) ||
0352 (header->gre_hd.flags & GRE_FLAGS))
0353
0354 goto drop;
0355
0356 po = lookup_chan(ntohs(header->call_id), iph->saddr);
0357 if (po) {
0358 skb_dst_drop(skb);
0359 nf_reset_ct(skb);
0360 return sk_receive_skb(sk_pppox(po), skb, 0);
0361 }
0362 drop:
0363 kfree_skb(skb);
0364 return NET_RX_DROP;
0365 }
0366
0367 static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
0368 int sockaddr_len)
0369 {
0370 struct sock *sk = sock->sk;
0371 struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr;
0372 struct pppox_sock *po = pppox_sk(sk);
0373 int error = 0;
0374
0375 if (sockaddr_len < sizeof(struct sockaddr_pppox))
0376 return -EINVAL;
0377
0378 lock_sock(sk);
0379
0380 if (sk->sk_state & PPPOX_DEAD) {
0381 error = -EALREADY;
0382 goto out;
0383 }
0384
0385 if (sk->sk_state & PPPOX_BOUND) {
0386 error = -EBUSY;
0387 goto out;
0388 }
0389
0390 if (add_chan(po, &sp->sa_addr.pptp))
0391 error = -EBUSY;
0392 else
0393 sk->sk_state |= PPPOX_BOUND;
0394
0395 out:
0396 release_sock(sk);
0397 return error;
0398 }
0399
0400 static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
0401 int sockaddr_len, int flags)
0402 {
0403 struct sock *sk = sock->sk;
0404 struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr;
0405 struct pppox_sock *po = pppox_sk(sk);
0406 struct pptp_opt *opt = &po->proto.pptp;
0407 struct rtable *rt;
0408 struct flowi4 fl4;
0409 int error = 0;
0410
0411 if (sockaddr_len < sizeof(struct sockaddr_pppox))
0412 return -EINVAL;
0413
0414 if (sp->sa_protocol != PX_PROTO_PPTP)
0415 return -EINVAL;
0416
0417 if (lookup_chan_dst(sp->sa_addr.pptp.call_id, sp->sa_addr.pptp.sin_addr.s_addr))
0418 return -EALREADY;
0419
0420 lock_sock(sk);
0421
0422 if (sk->sk_state & PPPOX_CONNECTED) {
0423 error = -EBUSY;
0424 goto end;
0425 }
0426
0427
0428 if (sk->sk_state & PPPOX_DEAD) {
0429 error = -EALREADY;
0430 goto end;
0431 }
0432
0433 if (!opt->src_addr.sin_addr.s_addr || !sp->sa_addr.pptp.sin_addr.s_addr) {
0434 error = -EINVAL;
0435 goto end;
0436 }
0437
0438 po->chan.private = sk;
0439 po->chan.ops = &pptp_chan_ops;
0440
0441 rt = ip_route_output_ports(sock_net(sk), &fl4, sk,
0442 opt->dst_addr.sin_addr.s_addr,
0443 opt->src_addr.sin_addr.s_addr,
0444 0, 0,
0445 IPPROTO_GRE, RT_CONN_FLAGS(sk),
0446 sk->sk_bound_dev_if);
0447 if (IS_ERR(rt)) {
0448 error = -EHOSTUNREACH;
0449 goto end;
0450 }
0451 sk_setup_caps(sk, &rt->dst);
0452
0453 po->chan.mtu = dst_mtu(&rt->dst);
0454 if (!po->chan.mtu)
0455 po->chan.mtu = PPP_MRU;
0456 po->chan.mtu -= PPTP_HEADER_OVERHEAD;
0457
0458 po->chan.hdrlen = 2 + sizeof(struct pptp_gre_header);
0459 error = ppp_register_channel(&po->chan);
0460 if (error) {
0461 pr_err("PPTP: failed to register PPP channel (%d)\n", error);
0462 goto end;
0463 }
0464
0465 opt->dst_addr = sp->sa_addr.pptp;
0466 sk->sk_state |= PPPOX_CONNECTED;
0467
0468 end:
0469 release_sock(sk);
0470 return error;
0471 }
0472
0473 static int pptp_getname(struct socket *sock, struct sockaddr *uaddr,
0474 int peer)
0475 {
0476 int len = sizeof(struct sockaddr_pppox);
0477 struct sockaddr_pppox sp;
0478
0479 memset(&sp.sa_addr, 0, sizeof(sp.sa_addr));
0480
0481 sp.sa_family = AF_PPPOX;
0482 sp.sa_protocol = PX_PROTO_PPTP;
0483 sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr;
0484
0485 memcpy(uaddr, &sp, len);
0486
0487 return len;
0488 }
0489
0490 static int pptp_release(struct socket *sock)
0491 {
0492 struct sock *sk = sock->sk;
0493 struct pppox_sock *po;
0494 int error = 0;
0495
0496 if (!sk)
0497 return 0;
0498
0499 lock_sock(sk);
0500
0501 if (sock_flag(sk, SOCK_DEAD)) {
0502 release_sock(sk);
0503 return -EBADF;
0504 }
0505
0506 po = pppox_sk(sk);
0507 del_chan(po);
0508 synchronize_rcu();
0509
0510 pppox_unbind_sock(sk);
0511 sk->sk_state = PPPOX_DEAD;
0512
0513 sock_orphan(sk);
0514 sock->sk = NULL;
0515
0516 release_sock(sk);
0517 sock_put(sk);
0518
0519 return error;
0520 }
0521
0522 static void pptp_sock_destruct(struct sock *sk)
0523 {
0524 if (!(sk->sk_state & PPPOX_DEAD)) {
0525 del_chan(pppox_sk(sk));
0526 pppox_unbind_sock(sk);
0527 }
0528 skb_queue_purge(&sk->sk_receive_queue);
0529 dst_release(rcu_dereference_protected(sk->sk_dst_cache, 1));
0530 }
0531
0532 static int pptp_create(struct net *net, struct socket *sock, int kern)
0533 {
0534 int error = -ENOMEM;
0535 struct sock *sk;
0536 struct pppox_sock *po;
0537 struct pptp_opt *opt;
0538
0539 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pptp_sk_proto, kern);
0540 if (!sk)
0541 goto out;
0542
0543 sock_init_data(sock, sk);
0544
0545 sock->state = SS_UNCONNECTED;
0546 sock->ops = &pptp_ops;
0547
0548 sk->sk_backlog_rcv = pptp_rcv_core;
0549 sk->sk_state = PPPOX_NONE;
0550 sk->sk_type = SOCK_STREAM;
0551 sk->sk_family = PF_PPPOX;
0552 sk->sk_protocol = PX_PROTO_PPTP;
0553 sk->sk_destruct = pptp_sock_destruct;
0554
0555 po = pppox_sk(sk);
0556 opt = &po->proto.pptp;
0557
0558 opt->seq_sent = 0; opt->seq_recv = 0xffffffff;
0559 opt->ack_recv = 0; opt->ack_sent = 0xffffffff;
0560
0561 error = 0;
0562 out:
0563 return error;
0564 }
0565
0566 static int pptp_ppp_ioctl(struct ppp_channel *chan, unsigned int cmd,
0567 unsigned long arg)
0568 {
0569 struct sock *sk = (struct sock *) chan->private;
0570 struct pppox_sock *po = pppox_sk(sk);
0571 struct pptp_opt *opt = &po->proto.pptp;
0572 void __user *argp = (void __user *)arg;
0573 int __user *p = argp;
0574 int err, val;
0575
0576 err = -EFAULT;
0577 switch (cmd) {
0578 case PPPIOCGFLAGS:
0579 val = opt->ppp_flags;
0580 if (put_user(val, p))
0581 break;
0582 err = 0;
0583 break;
0584 case PPPIOCSFLAGS:
0585 if (get_user(val, p))
0586 break;
0587 opt->ppp_flags = val & ~SC_RCV_BITS;
0588 err = 0;
0589 break;
0590 default:
0591 err = -ENOTTY;
0592 }
0593
0594 return err;
0595 }
0596
0597 static const struct ppp_channel_ops pptp_chan_ops = {
0598 .start_xmit = pptp_xmit,
0599 .ioctl = pptp_ppp_ioctl,
0600 };
0601
0602 static struct proto pptp_sk_proto __read_mostly = {
0603 .name = "PPTP",
0604 .owner = THIS_MODULE,
0605 .obj_size = sizeof(struct pppox_sock),
0606 };
0607
0608 static const struct proto_ops pptp_ops = {
0609 .family = AF_PPPOX,
0610 .owner = THIS_MODULE,
0611 .release = pptp_release,
0612 .bind = pptp_bind,
0613 .connect = pptp_connect,
0614 .socketpair = sock_no_socketpair,
0615 .accept = sock_no_accept,
0616 .getname = pptp_getname,
0617 .listen = sock_no_listen,
0618 .shutdown = sock_no_shutdown,
0619 .sendmsg = sock_no_sendmsg,
0620 .recvmsg = sock_no_recvmsg,
0621 .mmap = sock_no_mmap,
0622 .ioctl = pppox_ioctl,
0623 #ifdef CONFIG_COMPAT
0624 .compat_ioctl = pppox_compat_ioctl,
0625 #endif
0626 };
0627
0628 static const struct pppox_proto pppox_pptp_proto = {
0629 .create = pptp_create,
0630 .owner = THIS_MODULE,
0631 };
0632
0633 static const struct gre_protocol gre_pptp_protocol = {
0634 .handler = pptp_rcv,
0635 };
0636
0637 static int __init pptp_init_module(void)
0638 {
0639 int err = 0;
0640 pr_info("PPTP driver version " PPTP_DRIVER_VERSION "\n");
0641
0642 callid_sock = vzalloc(array_size(sizeof(void *), (MAX_CALLID + 1)));
0643 if (!callid_sock)
0644 return -ENOMEM;
0645
0646 err = gre_add_protocol(&gre_pptp_protocol, GREPROTO_PPTP);
0647 if (err) {
0648 pr_err("PPTP: can't add gre protocol\n");
0649 goto out_mem_free;
0650 }
0651
0652 err = proto_register(&pptp_sk_proto, 0);
0653 if (err) {
0654 pr_err("PPTP: can't register sk_proto\n");
0655 goto out_gre_del_protocol;
0656 }
0657
0658 err = register_pppox_proto(PX_PROTO_PPTP, &pppox_pptp_proto);
0659 if (err) {
0660 pr_err("PPTP: can't register pppox_proto\n");
0661 goto out_unregister_sk_proto;
0662 }
0663
0664 return 0;
0665
0666 out_unregister_sk_proto:
0667 proto_unregister(&pptp_sk_proto);
0668 out_gre_del_protocol:
0669 gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP);
0670 out_mem_free:
0671 vfree(callid_sock);
0672
0673 return err;
0674 }
0675
0676 static void __exit pptp_exit_module(void)
0677 {
0678 unregister_pppox_proto(PX_PROTO_PPTP);
0679 proto_unregister(&pptp_sk_proto);
0680 gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP);
0681 vfree(callid_sock);
0682 }
0683
0684 module_init(pptp_init_module);
0685 module_exit(pptp_exit_module);
0686
0687 MODULE_DESCRIPTION("Point-to-Point Tunneling Protocol");
0688 MODULE_AUTHOR("D. Kozlov (xeb@mail.ru)");
0689 MODULE_LICENSE("GPL");
0690 MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_PPTP);
