0001
0002
0003
0004
0005
0006
0007 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0008
0009 #include <asm/ioctls.h>
0010 #include <linux/icmp.h>
0011 #include <linux/module.h>
0012 #include <linux/skbuff.h>
0013 #include <linux/random.h>
0014 #include <linux/socket.h>
0015 #include <linux/l2tp.h>
0016 #include <linux/in.h>
0017 #include <net/sock.h>
0018 #include <net/ip.h>
0019 #include <net/icmp.h>
0020 #include <net/udp.h>
0021 #include <net/inet_common.h>
0022 #include <net/tcp_states.h>
0023 #include <net/protocol.h>
0024 #include <net/xfrm.h>
0025
0026 #include "l2tp_core.h"
0027
0028 struct l2tp_ip_sock {
0029
0030 struct inet_sock inet;
0031
0032 u32 conn_id;
0033 u32 peer_conn_id;
0034 };
0035
0036 static DEFINE_RWLOCK(l2tp_ip_lock);
0037 static struct hlist_head l2tp_ip_table;
0038 static struct hlist_head l2tp_ip_bind_table;
0039
0040 static inline struct l2tp_ip_sock *l2tp_ip_sk(const struct sock *sk)
0041 {
0042 return (struct l2tp_ip_sock *)sk;
0043 }
0044
0045 static struct sock *__l2tp_ip_bind_lookup(const struct net *net, __be32 laddr,
0046 __be32 raddr, int dif, u32 tunnel_id)
0047 {
0048 struct sock *sk;
0049
0050 sk_for_each_bound(sk, &l2tp_ip_bind_table) {
0051 const struct l2tp_ip_sock *l2tp = l2tp_ip_sk(sk);
0052 const struct inet_sock *inet = inet_sk(sk);
0053 int bound_dev_if;
0054
0055 if (!net_eq(sock_net(sk), net))
0056 continue;
0057
0058 bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
0059 if (bound_dev_if && dif && bound_dev_if != dif)
0060 continue;
0061
0062 if (inet->inet_rcv_saddr && laddr &&
0063 inet->inet_rcv_saddr != laddr)
0064 continue;
0065
0066 if (inet->inet_daddr && raddr && inet->inet_daddr != raddr)
0067 continue;
0068
0069 if (l2tp->conn_id != tunnel_id)
0070 continue;
0071
0072 goto found;
0073 }
0074
0075 sk = NULL;
0076 found:
0077 return sk;
0078 }
0079
0080
0081
0082
0083
0084
0085
0086
0087
0088
0089
0090
0091
0092
0093
0094
0095
0096
0097
0098
0099
0100
0101
0102
0103
0104
0105
0106
0107
0108
0109
0110
0111
0112
0113 static int l2tp_ip_recv(struct sk_buff *skb)
0114 {
0115 struct net *net = dev_net(skb->dev);
0116 struct sock *sk;
0117 u32 session_id;
0118 u32 tunnel_id;
0119 unsigned char *ptr, *optr;
0120 struct l2tp_session *session;
0121 struct l2tp_tunnel *tunnel = NULL;
0122 struct iphdr *iph;
0123
0124 if (!pskb_may_pull(skb, 4))
0125 goto discard;
0126
0127
0128 optr = skb->data;
0129 ptr = skb->data;
0130 session_id = ntohl(*((__be32 *)ptr));
0131 ptr += 4;
0132
0133
0134
0135
0136
0137 if (session_id == 0) {
0138 __skb_pull(skb, 4);
0139 goto pass_up;
0140 }
0141
0142
0143 session = l2tp_session_get(net, session_id);
0144 if (!session)
0145 goto discard;
0146
0147 tunnel = session->tunnel;
0148 if (!tunnel)
0149 goto discard_sess;
0150
0151 if (l2tp_v3_ensure_opt_in_linear(session, skb, &ptr, &optr))
0152 goto discard_sess;
0153
0154 l2tp_recv_common(session, skb, ptr, optr, 0, skb->len);
0155 l2tp_session_dec_refcount(session);
0156
0157 return 0;
0158
0159 pass_up:
0160
0161 if (!pskb_may_pull(skb, 12))
0162 goto discard;
0163
0164 if ((skb->data[0] & 0xc0) != 0xc0)
0165 goto discard;
0166
0167 tunnel_id = ntohl(*(__be32 *)&skb->data[4]);
0168 iph = (struct iphdr *)skb_network_header(skb);
0169
0170 read_lock_bh(&l2tp_ip_lock);
0171 sk = __l2tp_ip_bind_lookup(net, iph->daddr, iph->saddr, inet_iif(skb),
0172 tunnel_id);
0173 if (!sk) {
0174 read_unlock_bh(&l2tp_ip_lock);
0175 goto discard;
0176 }
0177 sock_hold(sk);
0178 read_unlock_bh(&l2tp_ip_lock);
0179
0180 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
0181 goto discard_put;
0182
0183 nf_reset_ct(skb);
0184
0185 return sk_receive_skb(sk, skb, 1);
0186
0187 discard_sess:
0188 l2tp_session_dec_refcount(session);
0189 goto discard;
0190
0191 discard_put:
0192 sock_put(sk);
0193
0194 discard:
0195 kfree_skb(skb);
0196 return 0;
0197 }
0198
0199 static int l2tp_ip_hash(struct sock *sk)
0200 {
0201 if (sk_unhashed(sk)) {
0202 write_lock_bh(&l2tp_ip_lock);
0203 sk_add_node(sk, &l2tp_ip_table);
0204 write_unlock_bh(&l2tp_ip_lock);
0205 }
0206 return 0;
0207 }
0208
0209 static void l2tp_ip_unhash(struct sock *sk)
0210 {
0211 if (sk_unhashed(sk))
0212 return;
0213 write_lock_bh(&l2tp_ip_lock);
0214 sk_del_node_init(sk);
0215 write_unlock_bh(&l2tp_ip_lock);
0216 }
0217
0218 static int l2tp_ip_open(struct sock *sk)
0219 {
0220
0221 inet_sk(sk)->inet_num = IPPROTO_L2TP;
0222
0223 l2tp_ip_hash(sk);
0224 return 0;
0225 }
0226
0227 static void l2tp_ip_close(struct sock *sk, long timeout)
0228 {
0229 write_lock_bh(&l2tp_ip_lock);
0230 hlist_del_init(&sk->sk_bind_node);
0231 sk_del_node_init(sk);
0232 write_unlock_bh(&l2tp_ip_lock);
0233 sk_common_release(sk);
0234 }
0235
0236 static void l2tp_ip_destroy_sock(struct sock *sk)
0237 {
0238 struct l2tp_tunnel *tunnel = l2tp_sk_to_tunnel(sk);
0239 struct sk_buff *skb;
0240
0241 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL)
0242 kfree_skb(skb);
0243
0244 if (tunnel)
0245 l2tp_tunnel_delete(tunnel);
0246 }
0247
0248 static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
0249 {
0250 struct inet_sock *inet = inet_sk(sk);
0251 struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *)uaddr;
0252 struct net *net = sock_net(sk);
0253 int ret;
0254 int chk_addr_ret;
0255
0256 if (addr_len < sizeof(struct sockaddr_l2tpip))
0257 return -EINVAL;
0258 if (addr->l2tp_family != AF_INET)
0259 return -EINVAL;
0260
0261 lock_sock(sk);
0262
0263 ret = -EINVAL;
0264 if (!sock_flag(sk, SOCK_ZAPPED))
0265 goto out;
0266
0267 if (sk->sk_state != TCP_CLOSE)
0268 goto out;
0269
0270 chk_addr_ret = inet_addr_type(net, addr->l2tp_addr.s_addr);
0271 ret = -EADDRNOTAVAIL;
0272 if (addr->l2tp_addr.s_addr && chk_addr_ret != RTN_LOCAL &&
0273 chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST)
0274 goto out;
0275
0276 if (addr->l2tp_addr.s_addr) {
0277 inet->inet_rcv_saddr = addr->l2tp_addr.s_addr;
0278 inet->inet_saddr = addr->l2tp_addr.s_addr;
0279 }
0280 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
0281 inet->inet_saddr = 0;
0282
0283 write_lock_bh(&l2tp_ip_lock);
0284 if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, 0,
0285 sk->sk_bound_dev_if, addr->l2tp_conn_id)) {
0286 write_unlock_bh(&l2tp_ip_lock);
0287 ret = -EADDRINUSE;
0288 goto out;
0289 }
0290
0291 sk_dst_reset(sk);
0292 l2tp_ip_sk(sk)->conn_id = addr->l2tp_conn_id;
0293
0294 sk_add_bind_node(sk, &l2tp_ip_bind_table);
0295 sk_del_node_init(sk);
0296 write_unlock_bh(&l2tp_ip_lock);
0297
0298 ret = 0;
0299 sock_reset_flag(sk, SOCK_ZAPPED);
0300
0301 out:
0302 release_sock(sk);
0303
0304 return ret;
0305 }
0306
0307 static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
0308 {
0309 struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *)uaddr;
0310 int rc;
0311
0312 if (addr_len < sizeof(*lsa))
0313 return -EINVAL;
0314
0315 if (ipv4_is_multicast(lsa->l2tp_addr.s_addr))
0316 return -EINVAL;
0317
0318 lock_sock(sk);
0319
0320
0321 if (sock_flag(sk, SOCK_ZAPPED)) {
0322 rc = -EINVAL;
0323 goto out_sk;
0324 }
0325
0326 rc = __ip4_datagram_connect(sk, uaddr, addr_len);
0327 if (rc < 0)
0328 goto out_sk;
0329
0330 l2tp_ip_sk(sk)->peer_conn_id = lsa->l2tp_conn_id;
0331
0332 write_lock_bh(&l2tp_ip_lock);
0333 hlist_del_init(&sk->sk_bind_node);
0334 sk_add_bind_node(sk, &l2tp_ip_bind_table);
0335 write_unlock_bh(&l2tp_ip_lock);
0336
0337 out_sk:
0338 release_sock(sk);
0339
0340 return rc;
0341 }
0342
0343 static int l2tp_ip_disconnect(struct sock *sk, int flags)
0344 {
0345 if (sock_flag(sk, SOCK_ZAPPED))
0346 return 0;
0347
0348 return __udp_disconnect(sk, flags);
0349 }
0350
0351 static int l2tp_ip_getname(struct socket *sock, struct sockaddr *uaddr,
0352 int peer)
0353 {
0354 struct sock *sk = sock->sk;
0355 struct inet_sock *inet = inet_sk(sk);
0356 struct l2tp_ip_sock *lsk = l2tp_ip_sk(sk);
0357 struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *)uaddr;
0358
0359 memset(lsa, 0, sizeof(*lsa));
0360 lsa->l2tp_family = AF_INET;
0361 if (peer) {
0362 if (!inet->inet_dport)
0363 return -ENOTCONN;
0364 lsa->l2tp_conn_id = lsk->peer_conn_id;
0365 lsa->l2tp_addr.s_addr = inet->inet_daddr;
0366 } else {
0367 __be32 addr = inet->inet_rcv_saddr;
0368
0369 if (!addr)
0370 addr = inet->inet_saddr;
0371 lsa->l2tp_conn_id = lsk->conn_id;
0372 lsa->l2tp_addr.s_addr = addr;
0373 }
0374 return sizeof(*lsa);
0375 }
0376
0377 static int l2tp_ip_backlog_recv(struct sock *sk, struct sk_buff *skb)
0378 {
0379 int rc;
0380
0381
0382 rc = sock_queue_rcv_skb(sk, skb);
0383 if (rc < 0)
0384 goto drop;
0385
0386 return 0;
0387
0388 drop:
0389 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_INDISCARDS);
0390 kfree_skb(skb);
0391 return 0;
0392 }
0393
0394
0395
0396
0397 static int l2tp_ip_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
0398 {
0399 struct sk_buff *skb;
0400 int rc;
0401 struct inet_sock *inet = inet_sk(sk);
0402 struct rtable *rt = NULL;
0403 struct flowi4 *fl4;
0404 int connected = 0;
0405 __be32 daddr;
0406
0407 lock_sock(sk);
0408
0409 rc = -ENOTCONN;
0410 if (sock_flag(sk, SOCK_DEAD))
0411 goto out;
0412
0413
0414 if (msg->msg_name) {
0415 DECLARE_SOCKADDR(struct sockaddr_l2tpip *, lip, msg->msg_name);
0416
0417 rc = -EINVAL;
0418 if (msg->msg_namelen < sizeof(*lip))
0419 goto out;
0420
0421 if (lip->l2tp_family != AF_INET) {
0422 rc = -EAFNOSUPPORT;
0423 if (lip->l2tp_family != AF_UNSPEC)
0424 goto out;
0425 }
0426
0427 daddr = lip->l2tp_addr.s_addr;
0428 } else {
0429 rc = -EDESTADDRREQ;
0430 if (sk->sk_state != TCP_ESTABLISHED)
0431 goto out;
0432
0433 daddr = inet->inet_daddr;
0434 connected = 1;
0435 }
0436
0437
0438 rc = -ENOMEM;
0439 skb = sock_wmalloc(sk, 2 + NET_SKB_PAD + sizeof(struct iphdr) +
0440 4 + len, 0, GFP_KERNEL);
0441 if (!skb)
0442 goto error;
0443
0444
0445 skb_reserve(skb, 2 + NET_SKB_PAD);
0446 skb_reset_network_header(skb);
0447 skb_reserve(skb, sizeof(struct iphdr));
0448 skb_reset_transport_header(skb);
0449
0450
0451 *((__be32 *)skb_put(skb, 4)) = 0;
0452
0453
0454 rc = memcpy_from_msg(skb_put(skb, len), msg, len);
0455 if (rc < 0) {
0456 kfree_skb(skb);
0457 goto error;
0458 }
0459
0460 fl4 = &inet->cork.fl.u.ip4;
0461 if (connected)
0462 rt = (struct rtable *)__sk_dst_check(sk, 0);
0463
0464 rcu_read_lock();
0465 if (!rt) {
0466 const struct ip_options_rcu *inet_opt;
0467
0468 inet_opt = rcu_dereference(inet->inet_opt);
0469
0470
0471 if (inet_opt && inet_opt->opt.srr)
0472 daddr = inet_opt->opt.faddr;
0473
0474
0475
0476
0477
0478 rt = ip_route_output_ports(sock_net(sk), fl4, sk,
0479 daddr, inet->inet_saddr,
0480 inet->inet_dport, inet->inet_sport,
0481 sk->sk_protocol, RT_CONN_FLAGS(sk),
0482 sk->sk_bound_dev_if);
0483 if (IS_ERR(rt))
0484 goto no_route;
0485 if (connected) {
0486 sk_setup_caps(sk, &rt->dst);
0487 } else {
0488 skb_dst_set(skb, &rt->dst);
0489 goto xmit;
0490 }
0491 }
0492
0493
0494
0495
0496 skb_dst_set_noref(skb, &rt->dst);
0497
0498 xmit:
0499
0500 rc = ip_queue_xmit(sk, skb, &inet->cork.fl);
0501 rcu_read_unlock();
0502
0503 error:
0504 if (rc >= 0)
0505 rc = len;
0506
0507 out:
0508 release_sock(sk);
0509 return rc;
0510
0511 no_route:
0512 rcu_read_unlock();
0513 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
0514 kfree_skb(skb);
0515 rc = -EHOSTUNREACH;
0516 goto out;
0517 }
0518
0519 static int l2tp_ip_recvmsg(struct sock *sk, struct msghdr *msg,
0520 size_t len, int flags, int *addr_len)
0521 {
0522 struct inet_sock *inet = inet_sk(sk);
0523 size_t copied = 0;
0524 int err = -EOPNOTSUPP;
0525 DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name);
0526 struct sk_buff *skb;
0527
0528 if (flags & MSG_OOB)
0529 goto out;
0530
0531 skb = skb_recv_datagram(sk, flags, &err);
0532 if (!skb)
0533 goto out;
0534
0535 copied = skb->len;
0536 if (len < copied) {
0537 msg->msg_flags |= MSG_TRUNC;
0538 copied = len;
0539 }
0540
0541 err = skb_copy_datagram_msg(skb, 0, msg, copied);
0542 if (err)
0543 goto done;
0544
0545 sock_recv_timestamp(msg, sk, skb);
0546
0547
0548 if (sin) {
0549 sin->sin_family = AF_INET;
0550 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
0551 sin->sin_port = 0;
0552 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
0553 *addr_len = sizeof(*sin);
0554 }
0555 if (inet->cmsg_flags)
0556 ip_cmsg_recv(msg, skb);
0557 if (flags & MSG_TRUNC)
0558 copied = skb->len;
0559 done:
0560 skb_free_datagram(sk, skb);
0561 out:
0562 return err ? err : copied;
0563 }
0564
0565 int l2tp_ioctl(struct sock *sk, int cmd, unsigned long arg)
0566 {
0567 struct sk_buff *skb;
0568 int amount;
0569
0570 switch (cmd) {
0571 case SIOCOUTQ:
0572 amount = sk_wmem_alloc_get(sk);
0573 break;
0574 case SIOCINQ:
0575 spin_lock_bh(&sk->sk_receive_queue.lock);
0576 skb = skb_peek(&sk->sk_receive_queue);
0577 amount = skb ? skb->len : 0;
0578 spin_unlock_bh(&sk->sk_receive_queue.lock);
0579 break;
0580
0581 default:
0582 return -ENOIOCTLCMD;
0583 }
0584
0585 return put_user(amount, (int __user *)arg);
0586 }
0587 EXPORT_SYMBOL_GPL(l2tp_ioctl);
0588
0589 static struct proto l2tp_ip_prot = {
0590 .name = "L2TP/IP",
0591 .owner = THIS_MODULE,
0592 .init = l2tp_ip_open,
0593 .close = l2tp_ip_close,
0594 .bind = l2tp_ip_bind,
0595 .connect = l2tp_ip_connect,
0596 .disconnect = l2tp_ip_disconnect,
0597 .ioctl = l2tp_ioctl,
0598 .destroy = l2tp_ip_destroy_sock,
0599 .setsockopt = ip_setsockopt,
0600 .getsockopt = ip_getsockopt,
0601 .sendmsg = l2tp_ip_sendmsg,
0602 .recvmsg = l2tp_ip_recvmsg,
0603 .backlog_rcv = l2tp_ip_backlog_recv,
0604 .hash = l2tp_ip_hash,
0605 .unhash = l2tp_ip_unhash,
0606 .obj_size = sizeof(struct l2tp_ip_sock),
0607 };
0608
0609 static const struct proto_ops l2tp_ip_ops = {
0610 .family = PF_INET,
0611 .owner = THIS_MODULE,
0612 .release = inet_release,
0613 .bind = inet_bind,
0614 .connect = inet_dgram_connect,
0615 .socketpair = sock_no_socketpair,
0616 .accept = sock_no_accept,
0617 .getname = l2tp_ip_getname,
0618 .poll = datagram_poll,
0619 .ioctl = inet_ioctl,
0620 .gettstamp = sock_gettstamp,
0621 .listen = sock_no_listen,
0622 .shutdown = inet_shutdown,
0623 .setsockopt = sock_common_setsockopt,
0624 .getsockopt = sock_common_getsockopt,
0625 .sendmsg = inet_sendmsg,
0626 .recvmsg = sock_common_recvmsg,
0627 .mmap = sock_no_mmap,
0628 .sendpage = sock_no_sendpage,
0629 };
0630
0631 static struct inet_protosw l2tp_ip_protosw = {
0632 .type = SOCK_DGRAM,
0633 .protocol = IPPROTO_L2TP,
0634 .prot = &l2tp_ip_prot,
0635 .ops = &l2tp_ip_ops,
0636 };
0637
0638 static struct net_protocol l2tp_ip_protocol __read_mostly = {
0639 .handler = l2tp_ip_recv,
0640 };
0641
0642 static int __init l2tp_ip_init(void)
0643 {
0644 int err;
0645
0646 pr_info("L2TP IP encapsulation support (L2TPv3)\n");
0647
0648 err = proto_register(&l2tp_ip_prot, 1);
0649 if (err != 0)
0650 goto out;
0651
0652 err = inet_add_protocol(&l2tp_ip_protocol, IPPROTO_L2TP);
0653 if (err)
0654 goto out1;
0655
0656 inet_register_protosw(&l2tp_ip_protosw);
0657 return 0;
0658
0659 out1:
0660 proto_unregister(&l2tp_ip_prot);
0661 out:
0662 return err;
0663 }
0664
0665 static void __exit l2tp_ip_exit(void)
0666 {
0667 inet_unregister_protosw(&l2tp_ip_protosw);
0668 inet_del_protocol(&l2tp_ip_protocol, IPPROTO_L2TP);
0669 proto_unregister(&l2tp_ip_prot);
0670 }
0671
0672 module_init(l2tp_ip_init);
0673 module_exit(l2tp_ip_exit);
0674
0675 MODULE_LICENSE("GPL");
0676 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
0677 MODULE_DESCRIPTION("L2TP over IP");
0678 MODULE_VERSION("1.0");
0679
0680
0681
0682
0683 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 2, IPPROTO_L2TP);
0684 MODULE_ALIAS_NET_PF_PROTO(PF_INET, IPPROTO_L2TP);
