net/l2tp/l2tp_ip6.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /* L2TPv3 IP encapsulation support for IPv6
0003  *
0004  * Copyright (c) 2012 Katalix Systems Ltd
0005  */
0006
0007 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0008
0009 #include <linux/icmp.h>
0010 #include <linux/module.h>
0011 #include <linux/skbuff.h>
0012 #include <linux/random.h>
0013 #include <linux/socket.h>
0014 #include <linux/l2tp.h>
0015 #include <linux/in.h>
0016 #include <linux/in6.h>
0017 #include <net/sock.h>
0018 #include <net/ip.h>
0019 #include <net/icmp.h>
0020 #include <net/udp.h>
0021 #include <net/inet_common.h>
0022 #include <net/tcp_states.h>
0023 #include <net/protocol.h>
0024 #include <net/xfrm.h>
0025
0026 #include <net/transp_v6.h>
0027 #include <net/addrconf.h>
0028 #include <net/ip6_route.h>
0029
0030 #include "l2tp_core.h"
0031
0032 struct l2tp_ip6_sock {
0033     /* inet_sock has to be the first member of l2tp_ip6_sock */
0034     struct inet_sock    inet;
0035
0036     u32         conn_id;
0037     u32         peer_conn_id;
0038
0039     /* ipv6_pinfo has to be the last member of l2tp_ip6_sock, see
0040      * inet6_sk_generic
0041      */
0042     struct ipv6_pinfo   inet6;
0043 };
0044
0045 static DEFINE_RWLOCK(l2tp_ip6_lock);
0046 static struct hlist_head l2tp_ip6_table;
0047 static struct hlist_head l2tp_ip6_bind_table;
0048
0049 static inline struct l2tp_ip6_sock *l2tp_ip6_sk(const struct sock *sk)
0050 {
0051     return (struct l2tp_ip6_sock *)sk;
0052 }
0053
0054 static struct sock *__l2tp_ip6_bind_lookup(const struct net *net,
0055                        const struct in6_addr *laddr,
0056                        const struct in6_addr *raddr,
0057                        int dif, u32 tunnel_id)
0058 {
0059     struct sock *sk;
0060
0061     sk_for_each_bound(sk, &l2tp_ip6_bind_table) {
0062         const struct in6_addr *sk_laddr = inet6_rcv_saddr(sk);
0063         const struct in6_addr *sk_raddr = &sk->sk_v6_daddr;
0064         const struct l2tp_ip6_sock *l2tp = l2tp_ip6_sk(sk);
0065         int bound_dev_if;
0066
0067         if (!net_eq(sock_net(sk), net))
0068             continue;
0069
0070         bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
0071         if (bound_dev_if && dif && bound_dev_if != dif)
0072             continue;
0073
0074         if (sk_laddr && !ipv6_addr_any(sk_laddr) &&
0075             !ipv6_addr_any(laddr) && !ipv6_addr_equal(sk_laddr, laddr))
0076             continue;
0077
0078         if (!ipv6_addr_any(sk_raddr) && raddr &&
0079             !ipv6_addr_any(raddr) && !ipv6_addr_equal(sk_raddr, raddr))
0080             continue;
0081
0082         if (l2tp->conn_id != tunnel_id)
0083             continue;
0084
0085         goto found;
0086     }
0087
0088     sk = NULL;
0089 found:
0090     return sk;
0091 }
0092
0093 /* When processing receive frames, there are two cases to
0094  * consider. Data frames consist of a non-zero session-id and an
0095  * optional cookie. Control frames consist of a regular L2TP header
0096  * preceded by 32-bits of zeros.
0097  *
0098  * L2TPv3 Session Header Over IP
0099  *
0100  *  0                   1                   2                   3
0101  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
0102  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0103  * |                           Session ID                          |
0104  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0105  * |               Cookie (optional, maximum 64 bits)...
0106  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0107  *                                                                 |
0108  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0109  *
0110  * L2TPv3 Control Message Header Over IP
0111  *
0112  *  0                   1                   2                   3
0113  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
0114  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0115  * |                      (32 bits of zeros)                       |
0116  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0117  * |T|L|x|x|S|x|x|x|x|x|x|x|  Ver  |             Length            |
0118  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0119  * |                     Control Connection ID                     |
0120  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0121  * |               Ns              |               Nr              |
0122  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0123  *
0124  * All control frames are passed to userspace.
0125  */
0126 static int l2tp_ip6_recv(struct sk_buff *skb)
0127 {
0128     struct net *net = dev_net(skb->dev);
0129     struct sock *sk;
0130     u32 session_id;
0131     u32 tunnel_id;
0132     unsigned char *ptr, *optr;
0133     struct l2tp_session *session;
0134     struct l2tp_tunnel *tunnel = NULL;
0135     struct ipv6hdr *iph;
0136
0137     if (!pskb_may_pull(skb, 4))
0138         goto discard;
0139
0140     /* Point to L2TP header */
0141     optr = skb->data;
0142     ptr = skb->data;
0143     session_id = ntohl(*((__be32 *)ptr));
0144     ptr += 4;
0145
0146     /* RFC3931: L2TP/IP packets have the first 4 bytes containing
0147      * the session_id. If it is 0, the packet is a L2TP control
0148      * frame and the session_id value can be discarded.
0149      */
0150     if (session_id == 0) {
0151         __skb_pull(skb, 4);
0152         goto pass_up;
0153     }
0154
0155     /* Ok, this is a data packet. Lookup the session. */
0156     session = l2tp_session_get(net, session_id);
0157     if (!session)
0158         goto discard;
0159
0160     tunnel = session->tunnel;
0161     if (!tunnel)
0162         goto discard_sess;
0163
0164     if (l2tp_v3_ensure_opt_in_linear(session, skb, &ptr, &optr))
0165         goto discard_sess;
0166
0167     l2tp_recv_common(session, skb, ptr, optr, 0, skb->len);
0168     l2tp_session_dec_refcount(session);
0169
0170     return 0;
0171
0172 pass_up:
0173     /* Get the tunnel_id from the L2TP header */
0174     if (!pskb_may_pull(skb, 12))
0175         goto discard;
0176
0177     if ((skb->data[0] & 0xc0) != 0xc0)
0178         goto discard;
0179
0180     tunnel_id = ntohl(*(__be32 *)&skb->data[4]);
0181     iph = ipv6_hdr(skb);
0182
0183     read_lock_bh(&l2tp_ip6_lock);
0184     sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, &iph->saddr,
0185                     inet6_iif(skb), tunnel_id);
0186     if (!sk) {
0187         read_unlock_bh(&l2tp_ip6_lock);
0188         goto discard;
0189     }
0190     sock_hold(sk);
0191     read_unlock_bh(&l2tp_ip6_lock);
0192
0193     if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
0194         goto discard_put;
0195
0196     nf_reset_ct(skb);
0197
0198     return sk_receive_skb(sk, skb, 1);
0199
0200 discard_sess:
0201     l2tp_session_dec_refcount(session);
0202     goto discard;
0203
0204 discard_put:
0205     sock_put(sk);
0206
0207 discard:
0208     kfree_skb(skb);
0209     return 0;
0210 }
0211
0212 static int l2tp_ip6_hash(struct sock *sk)
0213 {
0214     if (sk_unhashed(sk)) {
0215         write_lock_bh(&l2tp_ip6_lock);
0216         sk_add_node(sk, &l2tp_ip6_table);
0217         write_unlock_bh(&l2tp_ip6_lock);
0218     }
0219     return 0;
0220 }
0221
0222 static void l2tp_ip6_unhash(struct sock *sk)
0223 {
0224     if (sk_unhashed(sk))
0225         return;
0226     write_lock_bh(&l2tp_ip6_lock);
0227     sk_del_node_init(sk);
0228     write_unlock_bh(&l2tp_ip6_lock);
0229 }
0230
0231 static int l2tp_ip6_open(struct sock *sk)
0232 {
0233     /* Prevent autobind. We don't have ports. */
0234     inet_sk(sk)->inet_num = IPPROTO_L2TP;
0235
0236     l2tp_ip6_hash(sk);
0237     return 0;
0238 }
0239
0240 static void l2tp_ip6_close(struct sock *sk, long timeout)
0241 {
0242     write_lock_bh(&l2tp_ip6_lock);
0243     hlist_del_init(&sk->sk_bind_node);
0244     sk_del_node_init(sk);
0245     write_unlock_bh(&l2tp_ip6_lock);
0246
0247     sk_common_release(sk);
0248 }
0249
0250 static void l2tp_ip6_destroy_sock(struct sock *sk)
0251 {
0252     struct l2tp_tunnel *tunnel = l2tp_sk_to_tunnel(sk);
0253
0254     lock_sock(sk);
0255     ip6_flush_pending_frames(sk);
0256     release_sock(sk);
0257
0258     if (tunnel)
0259         l2tp_tunnel_delete(tunnel);
0260
0261     inet6_destroy_sock(sk);
0262 }
0263
0264 static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
0265 {
0266     struct inet_sock *inet = inet_sk(sk);
0267     struct ipv6_pinfo *np = inet6_sk(sk);
0268     struct sockaddr_l2tpip6 *addr = (struct sockaddr_l2tpip6 *)uaddr;
0269     struct net *net = sock_net(sk);
0270     __be32 v4addr = 0;
0271     int bound_dev_if;
0272     int addr_type;
0273     int err;
0274
0275     if (addr->l2tp_family != AF_INET6)
0276         return -EINVAL;
0277     if (addr_len < sizeof(*addr))
0278         return -EINVAL;
0279
0280     addr_type = ipv6_addr_type(&addr->l2tp_addr);
0281
0282     /* l2tp_ip6 sockets are IPv6 only */
0283     if (addr_type == IPV6_ADDR_MAPPED)
0284         return -EADDRNOTAVAIL;
0285
0286     /* L2TP is point-point, not multicast */
0287     if (addr_type & IPV6_ADDR_MULTICAST)
0288         return -EADDRNOTAVAIL;
0289
0290     lock_sock(sk);
0291
0292     err = -EINVAL;
0293     if (!sock_flag(sk, SOCK_ZAPPED))
0294         goto out_unlock;
0295
0296     if (sk->sk_state != TCP_CLOSE)
0297         goto out_unlock;
0298
0299     bound_dev_if = sk->sk_bound_dev_if;
0300
0301     /* Check if the address belongs to the host. */
0302     rcu_read_lock();
0303     if (addr_type != IPV6_ADDR_ANY) {
0304         struct net_device *dev = NULL;
0305
0306         if (addr_type & IPV6_ADDR_LINKLOCAL) {
0307             if (addr->l2tp_scope_id)
0308                 bound_dev_if = addr->l2tp_scope_id;
0309
0310             /* Binding to link-local address requires an
0311              * interface.
0312              */
0313             if (!bound_dev_if)
0314                 goto out_unlock_rcu;
0315
0316             err = -ENODEV;
0317             dev = dev_get_by_index_rcu(sock_net(sk), bound_dev_if);
0318             if (!dev)
0319                 goto out_unlock_rcu;
0320         }
0321
0322         /* ipv4 addr of the socket is invalid.  Only the
0323          * unspecified and mapped address have a v4 equivalent.
0324          */
0325         v4addr = LOOPBACK4_IPV6;
0326         err = -EADDRNOTAVAIL;
0327         if (!ipv6_chk_addr(sock_net(sk), &addr->l2tp_addr, dev, 0))
0328             goto out_unlock_rcu;
0329     }
0330     rcu_read_unlock();
0331
0332     write_lock_bh(&l2tp_ip6_lock);
0333     if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, NULL, bound_dev_if,
0334                    addr->l2tp_conn_id)) {
0335         write_unlock_bh(&l2tp_ip6_lock);
0336         err = -EADDRINUSE;
0337         goto out_unlock;
0338     }
0339
0340     inet->inet_saddr = v4addr;
0341     inet->inet_rcv_saddr = v4addr;
0342     sk->sk_bound_dev_if = bound_dev_if;
0343     sk->sk_v6_rcv_saddr = addr->l2tp_addr;
0344     np->saddr = addr->l2tp_addr;
0345
0346     l2tp_ip6_sk(sk)->conn_id = addr->l2tp_conn_id;
0347
0348     sk_add_bind_node(sk, &l2tp_ip6_bind_table);
0349     sk_del_node_init(sk);
0350     write_unlock_bh(&l2tp_ip6_lock);
0351
0352     sock_reset_flag(sk, SOCK_ZAPPED);
0353     release_sock(sk);
0354     return 0;
0355
0356 out_unlock_rcu:
0357     rcu_read_unlock();
0358 out_unlock:
0359     release_sock(sk);
0360
0361     return err;
0362 }
0363
0364 static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr,
0365                 int addr_len)
0366 {
0367     struct sockaddr_l2tpip6 *lsa = (struct sockaddr_l2tpip6 *)uaddr;
0368     struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr;
0369     struct in6_addr *daddr;
0370     int addr_type;
0371     int rc;
0372
0373     if (addr_len < sizeof(*lsa))
0374         return -EINVAL;
0375
0376     if (usin->sin6_family != AF_INET6)
0377         return -EINVAL;
0378
0379     addr_type = ipv6_addr_type(&usin->sin6_addr);
0380     if (addr_type & IPV6_ADDR_MULTICAST)
0381         return -EINVAL;
0382
0383     if (addr_type & IPV6_ADDR_MAPPED) {
0384         daddr = &usin->sin6_addr;
0385         if (ipv4_is_multicast(daddr->s6_addr32[3]))
0386             return -EINVAL;
0387     }
0388
0389     lock_sock(sk);
0390
0391      /* Must bind first - autobinding does not work */
0392     if (sock_flag(sk, SOCK_ZAPPED)) {
0393         rc = -EINVAL;
0394         goto out_sk;
0395     }
0396
0397     rc = __ip6_datagram_connect(sk, uaddr, addr_len);
0398     if (rc < 0)
0399         goto out_sk;
0400
0401     l2tp_ip6_sk(sk)->peer_conn_id = lsa->l2tp_conn_id;
0402
0403     write_lock_bh(&l2tp_ip6_lock);
0404     hlist_del_init(&sk->sk_bind_node);
0405     sk_add_bind_node(sk, &l2tp_ip6_bind_table);
0406     write_unlock_bh(&l2tp_ip6_lock);
0407
0408 out_sk:
0409     release_sock(sk);
0410
0411     return rc;
0412 }
0413
0414 static int l2tp_ip6_disconnect(struct sock *sk, int flags)
0415 {
0416     if (sock_flag(sk, SOCK_ZAPPED))
0417         return 0;
0418
0419     return __udp_disconnect(sk, flags);
0420 }
0421
0422 static int l2tp_ip6_getname(struct socket *sock, struct sockaddr *uaddr,
0423                 int peer)
0424 {
0425     struct sockaddr_l2tpip6 *lsa = (struct sockaddr_l2tpip6 *)uaddr;
0426     struct sock *sk = sock->sk;
0427     struct ipv6_pinfo *np = inet6_sk(sk);
0428     struct l2tp_ip6_sock *lsk = l2tp_ip6_sk(sk);
0429
0430     lsa->l2tp_family = AF_INET6;
0431     lsa->l2tp_flowinfo = 0;
0432     lsa->l2tp_scope_id = 0;
0433     lsa->l2tp_unused = 0;
0434     if (peer) {
0435         if (!lsk->peer_conn_id)
0436             return -ENOTCONN;
0437         lsa->l2tp_conn_id = lsk->peer_conn_id;
0438         lsa->l2tp_addr = sk->sk_v6_daddr;
0439         if (np->sndflow)
0440             lsa->l2tp_flowinfo = np->flow_label;
0441     } else {
0442         if (ipv6_addr_any(&sk->sk_v6_rcv_saddr))
0443             lsa->l2tp_addr = np->saddr;
0444         else
0445             lsa->l2tp_addr = sk->sk_v6_rcv_saddr;
0446
0447         lsa->l2tp_conn_id = lsk->conn_id;
0448     }
0449     if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
0450         lsa->l2tp_scope_id = READ_ONCE(sk->sk_bound_dev_if);
0451     return sizeof(*lsa);
0452 }
0453
0454 static int l2tp_ip6_backlog_recv(struct sock *sk, struct sk_buff *skb)
0455 {
0456     int rc;
0457
0458     /* Charge it to the socket, dropping if the queue is full. */
0459     rc = sock_queue_rcv_skb(sk, skb);
0460     if (rc < 0)
0461         goto drop;
0462
0463     return 0;
0464
0465 drop:
0466     IP_INC_STATS(sock_net(sk), IPSTATS_MIB_INDISCARDS);
0467     kfree_skb(skb);
0468     return -1;
0469 }
0470
0471 static int l2tp_ip6_push_pending_frames(struct sock *sk)
0472 {
0473     struct sk_buff *skb;
0474     __be32 *transhdr = NULL;
0475     int err = 0;
0476
0477     skb = skb_peek(&sk->sk_write_queue);
0478     if (!skb)
0479         goto out;
0480
0481     transhdr = (__be32 *)skb_transport_header(skb);
0482     *transhdr = 0;
0483
0484     err = ip6_push_pending_frames(sk);
0485
0486 out:
0487     return err;
0488 }
0489
0490 /* Userspace will call sendmsg() on the tunnel socket to send L2TP
0491  * control frames.
0492  */
0493 static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
0494 {
0495     struct ipv6_txoptions opt_space;
0496     DECLARE_SOCKADDR(struct sockaddr_l2tpip6 *, lsa, msg->msg_name);
0497     struct in6_addr *daddr, *final_p, final;
0498     struct ipv6_pinfo *np = inet6_sk(sk);
0499     struct ipv6_txoptions *opt_to_free = NULL;
0500     struct ipv6_txoptions *opt = NULL;
0501     struct ip6_flowlabel *flowlabel = NULL;
0502     struct dst_entry *dst = NULL;
0503     struct flowi6 fl6;
0504     struct ipcm6_cookie ipc6;
0505     int addr_len = msg->msg_namelen;
0506     int transhdrlen = 4; /* zero session-id */
0507     int ulen;
0508     int err;
0509
0510     /* Rough check on arithmetic overflow,
0511      * better check is made in ip6_append_data().
0512      */
0513     if (len > INT_MAX - transhdrlen)
0514         return -EMSGSIZE;
0515     ulen = len + transhdrlen;
0516
0517     /* Mirror BSD error message compatibility */
0518     if (msg->msg_flags & MSG_OOB)
0519         return -EOPNOTSUPP;
0520
0521     /* Get and verify the address */
0522     memset(&fl6, 0, sizeof(fl6));
0523
0524     fl6.flowi6_mark = sk->sk_mark;
0525     fl6.flowi6_uid = sk->sk_uid;
0526
0527     ipcm6_init(&ipc6);
0528
0529     if (lsa) {
0530         if (addr_len < SIN6_LEN_RFC2133)
0531             return -EINVAL;
0532
0533         if (lsa->l2tp_family && lsa->l2tp_family != AF_INET6)
0534             return -EAFNOSUPPORT;
0535
0536         daddr = &lsa->l2tp_addr;
0537         if (np->sndflow) {
0538             fl6.flowlabel = lsa->l2tp_flowinfo & IPV6_FLOWINFO_MASK;
0539             if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) {
0540                 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
0541                 if (IS_ERR(flowlabel))
0542                     return -EINVAL;
0543             }
0544         }
0545
0546         /* Otherwise it will be difficult to maintain
0547          * sk->sk_dst_cache.
0548          */
0549         if (sk->sk_state == TCP_ESTABLISHED &&
0550             ipv6_addr_equal(daddr, &sk->sk_v6_daddr))
0551             daddr = &sk->sk_v6_daddr;
0552
0553         if (addr_len >= sizeof(struct sockaddr_in6) &&
0554             lsa->l2tp_scope_id &&
0555             ipv6_addr_type(daddr) & IPV6_ADDR_LINKLOCAL)
0556             fl6.flowi6_oif = lsa->l2tp_scope_id;
0557     } else {
0558         if (sk->sk_state != TCP_ESTABLISHED)
0559             return -EDESTADDRREQ;
0560
0561         daddr = &sk->sk_v6_daddr;
0562         fl6.flowlabel = np->flow_label;
0563     }
0564
0565     if (fl6.flowi6_oif == 0)
0566         fl6.flowi6_oif = READ_ONCE(sk->sk_bound_dev_if);
0567
0568     if (msg->msg_controllen) {
0569         opt = &opt_space;
0570         memset(opt, 0, sizeof(struct ipv6_txoptions));
0571         opt->tot_len = sizeof(struct ipv6_txoptions);
0572         ipc6.opt = opt;
0573
0574         err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, &ipc6);
0575         if (err < 0) {
0576             fl6_sock_release(flowlabel);
0577             return err;
0578         }
0579         if ((fl6.flowlabel & IPV6_FLOWLABEL_MASK) && !flowlabel) {
0580             flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
0581             if (IS_ERR(flowlabel))
0582                 return -EINVAL;
0583         }
0584         if (!(opt->opt_nflen | opt->opt_flen))
0585             opt = NULL;
0586     }
0587
0588     if (!opt) {
0589         opt = txopt_get(np);
0590         opt_to_free = opt;
0591     }
0592     if (flowlabel)
0593         opt = fl6_merge_options(&opt_space, flowlabel, opt);
0594     opt = ipv6_fixup_options(&opt_space, opt);
0595     ipc6.opt = opt;
0596
0597     fl6.flowi6_proto = sk->sk_protocol;
0598     if (!ipv6_addr_any(daddr))
0599         fl6.daddr = *daddr;
0600     else
0601         fl6.daddr.s6_addr[15] = 0x1; /* :: means loopback (BSD'ism) */
0602     if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr))
0603         fl6.saddr = np->saddr;
0604
0605     final_p = fl6_update_dst(&fl6, opt, &final);
0606
0607     if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
0608         fl6.flowi6_oif = np->mcast_oif;
0609     else if (!fl6.flowi6_oif)
0610         fl6.flowi6_oif = np->ucast_oif;
0611
0612     security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
0613
0614     if (ipc6.tclass < 0)
0615         ipc6.tclass = np->tclass;
0616
0617     fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
0618
0619     dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
0620     if (IS_ERR(dst)) {
0621         err = PTR_ERR(dst);
0622         goto out;
0623     }
0624
0625     if (ipc6.hlimit < 0)
0626         ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
0627
0628     if (ipc6.dontfrag < 0)
0629         ipc6.dontfrag = np->dontfrag;
0630
0631     if (msg->msg_flags & MSG_CONFIRM)
0632         goto do_confirm;
0633
0634 back_from_confirm:
0635     lock_sock(sk);
0636     err = ip6_append_data(sk, ip_generic_getfrag, msg,
0637                   ulen, transhdrlen, &ipc6,
0638                   &fl6, (struct rt6_info *)dst,
0639                   msg->msg_flags);
0640     if (err)
0641         ip6_flush_pending_frames(sk);
0642     else if (!(msg->msg_flags & MSG_MORE))
0643         err = l2tp_ip6_push_pending_frames(sk);
0644     release_sock(sk);
0645 done:
0646     dst_release(dst);
0647 out:
0648     fl6_sock_release(flowlabel);
0649     txopt_put(opt_to_free);
0650
0651     return err < 0 ? err : len;
0652
0653 do_confirm:
0654     if (msg->msg_flags & MSG_PROBE)
0655         dst_confirm_neigh(dst, &fl6.daddr);
0656     if (!(msg->msg_flags & MSG_PROBE) || len)
0657         goto back_from_confirm;
0658     err = 0;
0659     goto done;
0660 }
0661
0662 static int l2tp_ip6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
0663                 int flags, int *addr_len)
0664 {
0665     struct ipv6_pinfo *np = inet6_sk(sk);
0666     DECLARE_SOCKADDR(struct sockaddr_l2tpip6 *, lsa, msg->msg_name);
0667     size_t copied = 0;
0668     int err = -EOPNOTSUPP;
0669     struct sk_buff *skb;
0670
0671     if (flags & MSG_OOB)
0672         goto out;
0673
0674     if (flags & MSG_ERRQUEUE)
0675         return ipv6_recv_error(sk, msg, len, addr_len);
0676
0677     skb = skb_recv_datagram(sk, flags, &err);
0678     if (!skb)
0679         goto out;
0680
0681     copied = skb->len;
0682     if (len < copied) {
0683         msg->msg_flags |= MSG_TRUNC;
0684         copied = len;
0685     }
0686
0687     err = skb_copy_datagram_msg(skb, 0, msg, copied);
0688     if (err)
0689         goto done;
0690
0691     sock_recv_timestamp(msg, sk, skb);
0692
0693     /* Copy the address. */
0694     if (lsa) {
0695         lsa->l2tp_family = AF_INET6;
0696         lsa->l2tp_unused = 0;
0697         lsa->l2tp_addr = ipv6_hdr(skb)->saddr;
0698         lsa->l2tp_flowinfo = 0;
0699         lsa->l2tp_scope_id = 0;
0700         lsa->l2tp_conn_id = 0;
0701         if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
0702             lsa->l2tp_scope_id = inet6_iif(skb);
0703         *addr_len = sizeof(*lsa);
0704     }
0705
0706     if (np->rxopt.all)
0707         ip6_datagram_recv_ctl(sk, msg, skb);
0708
0709     if (flags & MSG_TRUNC)
0710         copied = skb->len;
0711 done:
0712     skb_free_datagram(sk, skb);
0713 out:
0714     return err ? err : copied;
0715 }
0716
0717 static struct proto l2tp_ip6_prot = {
0718     .name          = "L2TP/IPv6",
0719     .owner         = THIS_MODULE,
0720     .init          = l2tp_ip6_open,
0721     .close         = l2tp_ip6_close,
0722     .bind          = l2tp_ip6_bind,
0723     .connect       = l2tp_ip6_connect,
0724     .disconnect    = l2tp_ip6_disconnect,
0725     .ioctl         = l2tp_ioctl,
0726     .destroy       = l2tp_ip6_destroy_sock,
0727     .setsockopt    = ipv6_setsockopt,
0728     .getsockopt    = ipv6_getsockopt,
0729     .sendmsg       = l2tp_ip6_sendmsg,
0730     .recvmsg       = l2tp_ip6_recvmsg,
0731     .backlog_rcv       = l2tp_ip6_backlog_recv,
0732     .hash          = l2tp_ip6_hash,
0733     .unhash        = l2tp_ip6_unhash,
0734     .obj_size      = sizeof(struct l2tp_ip6_sock),
0735 };
0736
0737 static const struct proto_ops l2tp_ip6_ops = {
0738     .family        = PF_INET6,
0739     .owner         = THIS_MODULE,
0740     .release       = inet6_release,
0741     .bind          = inet6_bind,
0742     .connect       = inet_dgram_connect,
0743     .socketpair    = sock_no_socketpair,
0744     .accept        = sock_no_accept,
0745     .getname       = l2tp_ip6_getname,
0746     .poll          = datagram_poll,
0747     .ioctl         = inet6_ioctl,
0748     .gettstamp     = sock_gettstamp,
0749     .listen        = sock_no_listen,
0750     .shutdown      = inet_shutdown,
0751     .setsockopt    = sock_common_setsockopt,
0752     .getsockopt    = sock_common_getsockopt,
0753     .sendmsg       = inet_sendmsg,
0754     .recvmsg       = sock_common_recvmsg,
0755     .mmap          = sock_no_mmap,
0756     .sendpage      = sock_no_sendpage,
0757 #ifdef CONFIG_COMPAT
0758     .compat_ioctl      = inet6_compat_ioctl,
0759 #endif
0760 };
0761
0762 static struct inet_protosw l2tp_ip6_protosw = {
0763     .type       = SOCK_DGRAM,
0764     .protocol   = IPPROTO_L2TP,
0765     .prot       = &l2tp_ip6_prot,
0766     .ops        = &l2tp_ip6_ops,
0767 };
0768
0769 static struct inet6_protocol l2tp_ip6_protocol __read_mostly = {
0770     .handler    = l2tp_ip6_recv,
0771 };
0772
0773 static int __init l2tp_ip6_init(void)
0774 {
0775     int err;
0776
0777     pr_info("L2TP IP encapsulation support for IPv6 (L2TPv3)\n");
0778
0779     err = proto_register(&l2tp_ip6_prot, 1);
0780     if (err != 0)
0781         goto out;
0782
0783     err = inet6_add_protocol(&l2tp_ip6_protocol, IPPROTO_L2TP);
0784     if (err)
0785         goto out1;
0786
0787     inet6_register_protosw(&l2tp_ip6_protosw);
0788     return 0;
0789
0790 out1:
0791     proto_unregister(&l2tp_ip6_prot);
0792 out:
0793     return err;
0794 }
0795
0796 static void __exit l2tp_ip6_exit(void)
0797 {
0798     inet6_unregister_protosw(&l2tp_ip6_protosw);
0799     inet6_del_protocol(&l2tp_ip6_protocol, IPPROTO_L2TP);
0800     proto_unregister(&l2tp_ip6_prot);
0801 }
0802
0803 module_init(l2tp_ip6_init);
0804 module_exit(l2tp_ip6_exit);
0805
0806 MODULE_LICENSE("GPL");
0807 MODULE_AUTHOR("Chris Elston <celston@katalix.com>");
0808 MODULE_DESCRIPTION("L2TP IP encapsulation for IPv6");
0809 MODULE_VERSION("1.0");
0810
0811 /* Use the value of SOCK_DGRAM (2) directory, because __stringify doesn't like
0812  * enums
0813  */
0814 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 2, IPPROTO_L2TP);
0815 MODULE_ALIAS_NET_PF_PROTO(PF_INET6, IPPROTO_L2TP);