1 // SPDX-License-Identifier: GPL-2.0-only
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
6 * This file contains some code of the original L2TPv2 pppol2tp
7 * driver, which has the following copyright:
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19 #include <linux/module.h>
20 #include <linux/string.h>
21 #include <linux/list.h>
22 #include <linux/rculist.h>
23 #include <linux/uaccess.h>
25 #include <linux/kernel.h>
26 #include <linux/spinlock.h>
27 #include <linux/kthread.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/errno.h>
31 #include <linux/jiffies.h>
33 #include <linux/netdevice.h>
34 #include <linux/net.h>
35 #include <linux/inetdevice.h>
36 #include <linux/skbuff.h>
37 #include <linux/init.h>
40 #include <linux/udp.h>
41 #include <linux/l2tp.h>
42 #include <linux/hash.h>
43 #include <linux/sort.h>
44 #include <linux/file.h>
45 #include <linux/nsproxy.h>
46 #include <net/net_namespace.h>
47 #include <net/netns/generic.h>
51 #include <net/udp_tunnel.h>
52 #include <net/inet_common.h>
54 #include <net/protocol.h>
55 #include <net/inet6_connection_sock.h>
56 #include <net/inet_ecn.h>
57 #include <net/ip6_route.h>
58 #include <net/ip6_checksum.h>
60 #include <asm/byteorder.h>
61 #include <linux/atomic.h>
63 #include "l2tp_core.h"
66 #define CREATE_TRACE_POINTS
69 #define L2TP_DRV_VERSION "V2.0"
71 /* L2TP header constants */
72 #define L2TP_HDRFLAG_T 0x8000
73 #define L2TP_HDRFLAG_L 0x4000
74 #define L2TP_HDRFLAG_S 0x0800
75 #define L2TP_HDRFLAG_O 0x0200
76 #define L2TP_HDRFLAG_P 0x0100
78 #define L2TP_HDR_VER_MASK 0x000F
79 #define L2TP_HDR_VER_2 0x0002
80 #define L2TP_HDR_VER_3 0x0003
82 /* L2TPv3 default L2-specific sublayer */
83 #define L2TP_SLFLAG_S 0x40000000
84 #define L2TP_SL_SEQ_MASK 0x00ffffff
86 #define L2TP_HDR_SIZE_MAX 14
88 /* Default trace flags */
89 #define L2TP_DEFAULT_DEBUG_FLAGS 0
91 /* Private data stored for received packets in the skb.
97 unsigned long expires;
100 #define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *)&(skb)->cb[sizeof(struct inet_skb_parm)])
102 static struct workqueue_struct *l2tp_wq;
104 /* per-net private data for this module */
105 static unsigned int l2tp_net_id;
107 /* Lock for write access to l2tp_tunnel_idr */
108 spinlock_t l2tp_tunnel_idr_lock;
109 struct idr l2tp_tunnel_idr;
110 struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
111 /* Lock for write access to l2tp_session_hlist */
112 spinlock_t l2tp_session_hlist_lock;
115 #if IS_ENABLED(CONFIG_IPV6)
116 static bool l2tp_sk_is_v6(struct sock *sk)
118 return sk->sk_family == PF_INET6 &&
119 !ipv6_addr_v4mapped(&sk->sk_v6_daddr);
123 static inline struct l2tp_net *l2tp_pernet(const struct net *net)
125 return net_generic(net, l2tp_net_id);
128 /* Session hash global list for L2TPv3.
129 * The session_id SHOULD be random according to RFC3931, but several
130 * L2TP implementations use incrementing session_ids. So we do a real
131 * hash on the session_id, rather than a simple bitmask.
133 static inline struct hlist_head *
134 l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
136 return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
139 /* Session hash list.
140 * The session_id SHOULD be random according to RFC2661, but several
141 * L2TP implementations (Cisco and Microsoft) use incrementing
142 * session_ids. So we do a real hash on the session_id, rather than a
145 static inline struct hlist_head *
146 l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
148 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
151 static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
153 trace_free_tunnel(tunnel);
154 sock_put(tunnel->sock);
155 /* the tunnel is freed in the socket destructor */
158 static void l2tp_session_free(struct l2tp_session *session)
160 trace_free_session(session);
162 l2tp_tunnel_dec_refcount(session->tunnel);
166 struct l2tp_tunnel *l2tp_sk_to_tunnel(struct sock *sk)
168 struct l2tp_tunnel *tunnel = sk->sk_user_data;
171 if (WARN_ON(tunnel->magic != L2TP_TUNNEL_MAGIC))
176 EXPORT_SYMBOL_GPL(l2tp_sk_to_tunnel);
178 void l2tp_tunnel_inc_refcount(struct l2tp_tunnel *tunnel)
180 refcount_inc(&tunnel->ref_count);
182 EXPORT_SYMBOL_GPL(l2tp_tunnel_inc_refcount);
184 void l2tp_tunnel_dec_refcount(struct l2tp_tunnel *tunnel)
186 if (refcount_dec_and_test(&tunnel->ref_count))
187 l2tp_tunnel_free(tunnel);
189 EXPORT_SYMBOL_GPL(l2tp_tunnel_dec_refcount);
191 void l2tp_session_inc_refcount(struct l2tp_session *session)
193 refcount_inc(&session->ref_count);
195 EXPORT_SYMBOL_GPL(l2tp_session_inc_refcount);
197 void l2tp_session_dec_refcount(struct l2tp_session *session)
199 if (refcount_dec_and_test(&session->ref_count))
200 l2tp_session_free(session);
202 EXPORT_SYMBOL_GPL(l2tp_session_dec_refcount);
204 /* Lookup a tunnel. A new reference is held on the returned tunnel. */
205 struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id)
207 const struct l2tp_net *pn = l2tp_pernet(net);
208 struct l2tp_tunnel *tunnel;
211 tunnel = idr_find(&pn->l2tp_tunnel_idr, tunnel_id);
212 if (tunnel && refcount_inc_not_zero(&tunnel->ref_count)) {
213 rcu_read_unlock_bh();
216 rcu_read_unlock_bh();
220 EXPORT_SYMBOL_GPL(l2tp_tunnel_get);
222 struct l2tp_tunnel *l2tp_tunnel_get_nth(const struct net *net, int nth)
224 struct l2tp_net *pn = l2tp_pernet(net);
225 unsigned long tunnel_id, tmp;
226 struct l2tp_tunnel *tunnel;
230 idr_for_each_entry_ul(&pn->l2tp_tunnel_idr, tunnel, tmp, tunnel_id) {
231 if (tunnel && ++count > nth &&
232 refcount_inc_not_zero(&tunnel->ref_count)) {
233 rcu_read_unlock_bh();
237 rcu_read_unlock_bh();
241 EXPORT_SYMBOL_GPL(l2tp_tunnel_get_nth);
243 struct l2tp_session *l2tp_tunnel_get_session(struct l2tp_tunnel *tunnel,
246 struct hlist_head *session_list;
247 struct l2tp_session *session;
249 session_list = l2tp_session_id_hash(tunnel, session_id);
251 read_lock_bh(&tunnel->hlist_lock);
252 hlist_for_each_entry(session, session_list, hlist)
253 if (session->session_id == session_id) {
254 l2tp_session_inc_refcount(session);
255 read_unlock_bh(&tunnel->hlist_lock);
259 read_unlock_bh(&tunnel->hlist_lock);
263 EXPORT_SYMBOL_GPL(l2tp_tunnel_get_session);
265 struct l2tp_session *l2tp_session_get(const struct net *net, u32 session_id)
267 struct hlist_head *session_list;
268 struct l2tp_session *session;
270 session_list = l2tp_session_id_hash_2(l2tp_pernet(net), session_id);
273 hlist_for_each_entry_rcu(session, session_list, global_hlist)
274 if (session->session_id == session_id) {
275 l2tp_session_inc_refcount(session);
276 rcu_read_unlock_bh();
280 rcu_read_unlock_bh();
284 EXPORT_SYMBOL_GPL(l2tp_session_get);
286 struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth)
289 struct l2tp_session *session;
292 read_lock_bh(&tunnel->hlist_lock);
293 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
294 hlist_for_each_entry(session, &tunnel->session_hlist[hash], hlist) {
296 l2tp_session_inc_refcount(session);
297 read_unlock_bh(&tunnel->hlist_lock);
303 read_unlock_bh(&tunnel->hlist_lock);
307 EXPORT_SYMBOL_GPL(l2tp_session_get_nth);
309 /* Lookup a session by interface name.
310 * This is very inefficient but is only used by management interfaces.
312 struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net,
315 struct l2tp_net *pn = l2tp_pernet(net);
317 struct l2tp_session *session;
320 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
321 hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) {
322 if (!strcmp(session->ifname, ifname)) {
323 l2tp_session_inc_refcount(session);
324 rcu_read_unlock_bh();
331 rcu_read_unlock_bh();
335 EXPORT_SYMBOL_GPL(l2tp_session_get_by_ifname);
337 int l2tp_session_register(struct l2tp_session *session,
338 struct l2tp_tunnel *tunnel)
340 struct l2tp_session *session_walk;
341 struct hlist_head *g_head;
342 struct hlist_head *head;
346 head = l2tp_session_id_hash(tunnel, session->session_id);
348 write_lock_bh(&tunnel->hlist_lock);
349 if (!tunnel->acpt_newsess) {
354 hlist_for_each_entry(session_walk, head, hlist)
355 if (session_walk->session_id == session->session_id) {
360 if (tunnel->version == L2TP_HDR_VER_3) {
361 pn = l2tp_pernet(tunnel->l2tp_net);
362 g_head = l2tp_session_id_hash_2(pn, session->session_id);
364 spin_lock_bh(&pn->l2tp_session_hlist_lock);
366 /* IP encap expects session IDs to be globally unique, while
369 hlist_for_each_entry(session_walk, g_head, global_hlist)
370 if (session_walk->session_id == session->session_id &&
371 (session_walk->tunnel->encap == L2TP_ENCAPTYPE_IP ||
372 tunnel->encap == L2TP_ENCAPTYPE_IP)) {
374 goto err_tlock_pnlock;
377 l2tp_tunnel_inc_refcount(tunnel);
378 hlist_add_head_rcu(&session->global_hlist, g_head);
380 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
382 l2tp_tunnel_inc_refcount(tunnel);
385 hlist_add_head(&session->hlist, head);
386 write_unlock_bh(&tunnel->hlist_lock);
388 trace_register_session(session);
393 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
395 write_unlock_bh(&tunnel->hlist_lock);
399 EXPORT_SYMBOL_GPL(l2tp_session_register);
401 /*****************************************************************************
402 * Receive data handling
403 *****************************************************************************/
405 /* Queue a skb in order. We come here only if the skb has an L2TP sequence
408 static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
410 struct sk_buff *skbp;
412 u32 ns = L2TP_SKB_CB(skb)->ns;
414 spin_lock_bh(&session->reorder_q.lock);
415 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
416 if (L2TP_SKB_CB(skbp)->ns > ns) {
417 __skb_queue_before(&session->reorder_q, skbp, skb);
418 atomic_long_inc(&session->stats.rx_oos_packets);
423 __skb_queue_tail(&session->reorder_q, skb);
426 spin_unlock_bh(&session->reorder_q.lock);
429 /* Dequeue a single skb.
431 static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
433 struct l2tp_tunnel *tunnel = session->tunnel;
434 int length = L2TP_SKB_CB(skb)->length;
436 /* We're about to requeue the skb, so return resources
437 * to its current owner (a socket receive buffer).
441 atomic_long_inc(&tunnel->stats.rx_packets);
442 atomic_long_add(length, &tunnel->stats.rx_bytes);
443 atomic_long_inc(&session->stats.rx_packets);
444 atomic_long_add(length, &session->stats.rx_bytes);
446 if (L2TP_SKB_CB(skb)->has_seq) {
449 session->nr &= session->nr_max;
450 trace_session_seqnum_update(session);
453 /* call private receive handler */
454 if (session->recv_skb)
455 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
460 /* Dequeue skbs from the session's reorder_q, subject to packet order.
461 * Skbs that have been in the queue for too long are simply discarded.
463 static void l2tp_recv_dequeue(struct l2tp_session *session)
468 /* If the pkt at the head of the queue has the nr that we
469 * expect to send up next, dequeue it and any other
470 * in-sequence packets behind it.
473 spin_lock_bh(&session->reorder_q.lock);
474 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
475 struct l2tp_skb_cb *cb = L2TP_SKB_CB(skb);
477 /* If the packet has been pending on the queue for too long, discard it */
478 if (time_after(jiffies, cb->expires)) {
479 atomic_long_inc(&session->stats.rx_seq_discards);
480 atomic_long_inc(&session->stats.rx_errors);
481 trace_session_pkt_expired(session, cb->ns);
482 session->reorder_skip = 1;
483 __skb_unlink(skb, &session->reorder_q);
489 if (session->reorder_skip) {
490 session->reorder_skip = 0;
491 session->nr = cb->ns;
492 trace_session_seqnum_reset(session);
494 if (cb->ns != session->nr)
497 __skb_unlink(skb, &session->reorder_q);
499 /* Process the skb. We release the queue lock while we
500 * do so to let other contexts process the queue.
502 spin_unlock_bh(&session->reorder_q.lock);
503 l2tp_recv_dequeue_skb(session, skb);
508 spin_unlock_bh(&session->reorder_q.lock);
511 static int l2tp_seq_check_rx_window(struct l2tp_session *session, u32 nr)
515 if (nr >= session->nr)
516 nws = nr - session->nr;
518 nws = (session->nr_max + 1) - (session->nr - nr);
520 return nws < session->nr_window_size;
523 /* If packet has sequence numbers, queue it if acceptable. Returns 0 if
524 * acceptable, else non-zero.
526 static int l2tp_recv_data_seq(struct l2tp_session *session, struct sk_buff *skb)
528 struct l2tp_skb_cb *cb = L2TP_SKB_CB(skb);
530 if (!l2tp_seq_check_rx_window(session, cb->ns)) {
531 /* Packet sequence number is outside allowed window.
534 trace_session_pkt_outside_rx_window(session, cb->ns);
538 if (session->reorder_timeout != 0) {
539 /* Packet reordering enabled. Add skb to session's
540 * reorder queue, in order of ns.
542 l2tp_recv_queue_skb(session, skb);
546 /* Packet reordering disabled. Discard out-of-sequence packets, while
547 * tracking the number if in-sequence packets after the first OOS packet
548 * is seen. After nr_oos_count_max in-sequence packets, reset the
549 * sequence number to re-enable packet reception.
551 if (cb->ns == session->nr) {
552 skb_queue_tail(&session->reorder_q, skb);
555 u32 nr_next = (session->nr_oos + 1) & session->nr_max;
557 if (nr_oos == nr_next)
558 session->nr_oos_count++;
560 session->nr_oos_count = 0;
562 session->nr_oos = nr_oos;
563 if (session->nr_oos_count > session->nr_oos_count_max) {
564 session->reorder_skip = 1;
566 if (!session->reorder_skip) {
567 atomic_long_inc(&session->stats.rx_seq_discards);
568 trace_session_pkt_oos(session, cb->ns);
571 skb_queue_tail(&session->reorder_q, skb);
581 /* Do receive processing of L2TP data frames. We handle both L2TPv2
582 * and L2TPv3 data frames here.
584 * L2TPv2 Data Message Header
587 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
588 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
589 * |T|L|x|x|S|x|O|P|x|x|x|x| Ver | Length (opt) |
590 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
591 * | Tunnel ID | Session ID |
592 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
593 * | Ns (opt) | Nr (opt) |
594 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
595 * | Offset Size (opt) | Offset pad... (opt)
596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
598 * Data frames are marked by T=0. All other fields are the same as
599 * those in L2TP control frames.
601 * L2TPv3 Data Message Header
603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
604 * | L2TP Session Header |
605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
606 * | L2-Specific Sublayer |
607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
608 * | Tunnel Payload ...
609 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
611 * L2TPv3 Session Header Over IP
614 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
615 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
617 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
618 * | Cookie (optional, maximum 64 bits)...
619 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
621 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
623 * L2TPv3 L2-Specific Sublayer Format
626 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
627 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
628 * |x|S|x|x|x|x|x|x| Sequence Number |
629 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
631 * Cookie value and sublayer format are negotiated with the peer when
632 * the session is set up. Unlike L2TPv2, we do not need to parse the
633 * packet header to determine if optional fields are present.
635 * Caller must already have parsed the frame and determined that it is
636 * a data (not control) frame before coming here. Fields up to the
637 * session-id have already been parsed and ptr points to the data
638 * after the session-id.
640 void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
641 unsigned char *ptr, unsigned char *optr, u16 hdrflags,
644 struct l2tp_tunnel *tunnel = session->tunnel;
647 /* Parse and check optional cookie */
648 if (session->peer_cookie_len > 0) {
649 if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
650 pr_debug_ratelimited("%s: cookie mismatch (%u/%u). Discarding.\n",
651 tunnel->name, tunnel->tunnel_id,
652 session->session_id);
653 atomic_long_inc(&session->stats.rx_cookie_discards);
656 ptr += session->peer_cookie_len;
659 /* Handle the optional sequence numbers. Sequence numbers are
660 * in different places for L2TPv2 and L2TPv3.
662 * If we are the LAC, enable/disable sequence numbers under
663 * the control of the LNS. If no sequence numbers present but
664 * we were expecting them, discard frame.
666 L2TP_SKB_CB(skb)->has_seq = 0;
667 if (tunnel->version == L2TP_HDR_VER_2) {
668 if (hdrflags & L2TP_HDRFLAG_S) {
669 /* Store L2TP info in the skb */
670 L2TP_SKB_CB(skb)->ns = ntohs(*(__be16 *)ptr);
671 L2TP_SKB_CB(skb)->has_seq = 1;
673 /* Skip past nr in the header */
677 } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
678 u32 l2h = ntohl(*(__be32 *)ptr);
680 if (l2h & 0x40000000) {
681 /* Store L2TP info in the skb */
682 L2TP_SKB_CB(skb)->ns = l2h & 0x00ffffff;
683 L2TP_SKB_CB(skb)->has_seq = 1;
688 if (L2TP_SKB_CB(skb)->has_seq) {
689 /* Received a packet with sequence numbers. If we're the LAC,
690 * check if we sre sending sequence numbers and if not,
693 if (!session->lns_mode && !session->send_seq) {
694 trace_session_seqnum_lns_enable(session);
695 session->send_seq = 1;
696 l2tp_session_set_header_len(session, tunnel->version);
699 /* No sequence numbers.
700 * If user has configured mandatory sequence numbers, discard.
702 if (session->recv_seq) {
703 pr_debug_ratelimited("%s: recv data has no seq numbers when required. Discarding.\n",
705 atomic_long_inc(&session->stats.rx_seq_discards);
709 /* If we're the LAC and we're sending sequence numbers, the
710 * LNS has requested that we no longer send sequence numbers.
711 * If we're the LNS and we're sending sequence numbers, the
712 * LAC is broken. Discard the frame.
714 if (!session->lns_mode && session->send_seq) {
715 trace_session_seqnum_lns_disable(session);
716 session->send_seq = 0;
717 l2tp_session_set_header_len(session, tunnel->version);
718 } else if (session->send_seq) {
719 pr_debug_ratelimited("%s: recv data has no seq numbers when required. Discarding.\n",
721 atomic_long_inc(&session->stats.rx_seq_discards);
726 /* Session data offset is defined only for L2TPv2 and is
727 * indicated by an optional 16-bit value in the header.
729 if (tunnel->version == L2TP_HDR_VER_2) {
730 /* If offset bit set, skip it. */
731 if (hdrflags & L2TP_HDRFLAG_O) {
732 offset = ntohs(*(__be16 *)ptr);
738 if (!pskb_may_pull(skb, offset))
741 __skb_pull(skb, offset);
743 /* Prepare skb for adding to the session's reorder_q. Hold
744 * packets for max reorder_timeout or 1 second if not
747 L2TP_SKB_CB(skb)->length = length;
748 L2TP_SKB_CB(skb)->expires = jiffies +
749 (session->reorder_timeout ? session->reorder_timeout : HZ);
751 /* Add packet to the session's receive queue. Reordering is done here, if
752 * enabled. Saved L2TP protocol info is stored in skb->sb[].
754 if (L2TP_SKB_CB(skb)->has_seq) {
755 if (l2tp_recv_data_seq(session, skb))
758 /* No sequence numbers. Add the skb to the tail of the
759 * reorder queue. This ensures that it will be
760 * delivered after all previous sequenced skbs.
762 skb_queue_tail(&session->reorder_q, skb);
765 /* Try to dequeue as many skbs from reorder_q as we can. */
766 l2tp_recv_dequeue(session);
771 atomic_long_inc(&session->stats.rx_errors);
774 EXPORT_SYMBOL_GPL(l2tp_recv_common);
776 /* Drop skbs from the session's reorder_q
778 static void l2tp_session_queue_purge(struct l2tp_session *session)
780 struct sk_buff *skb = NULL;
782 while ((skb = skb_dequeue(&session->reorder_q))) {
783 atomic_long_inc(&session->stats.rx_errors);
788 /* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
789 * here. The skb is not on a list when we get here.
790 * Returns 0 if the packet was a data packet and was successfully passed on.
791 * Returns 1 if the packet was not a good data packet and could not be
792 * forwarded. All such packets are passed up to userspace to deal with.
794 static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb)
796 struct l2tp_session *session = NULL;
797 unsigned char *ptr, *optr;
799 u32 tunnel_id, session_id;
803 /* UDP has verified checksum */
805 /* UDP always verifies the packet length. */
806 __skb_pull(skb, sizeof(struct udphdr));
809 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_MAX)) {
810 pr_debug_ratelimited("%s: recv short packet (len=%d)\n",
811 tunnel->name, skb->len);
815 /* Point to L2TP header */
819 /* Get L2TP header flags */
820 hdrflags = ntohs(*(__be16 *)ptr);
822 /* Check protocol version */
823 version = hdrflags & L2TP_HDR_VER_MASK;
824 if (version != tunnel->version) {
825 pr_debug_ratelimited("%s: recv protocol version mismatch: got %d expected %d\n",
826 tunnel->name, version, tunnel->version);
830 /* Get length of L2TP packet */
833 /* If type is control packet, it is handled by userspace. */
834 if (hdrflags & L2TP_HDRFLAG_T)
840 if (tunnel->version == L2TP_HDR_VER_2) {
841 /* If length is present, skip it */
842 if (hdrflags & L2TP_HDRFLAG_L)
845 /* Extract tunnel and session ID */
846 tunnel_id = ntohs(*(__be16 *)ptr);
848 session_id = ntohs(*(__be16 *)ptr);
851 ptr += 2; /* skip reserved bits */
852 tunnel_id = tunnel->tunnel_id;
853 session_id = ntohl(*(__be32 *)ptr);
857 /* Find the session context */
858 session = l2tp_tunnel_get_session(tunnel, session_id);
859 if (!session || !session->recv_skb) {
861 l2tp_session_dec_refcount(session);
863 /* Not found? Pass to userspace to deal with */
864 pr_debug_ratelimited("%s: no session found (%u/%u). Passing up.\n",
865 tunnel->name, tunnel_id, session_id);
869 if (tunnel->version == L2TP_HDR_VER_3 &&
870 l2tp_v3_ensure_opt_in_linear(session, skb, &ptr, &optr)) {
871 l2tp_session_dec_refcount(session);
875 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length);
876 l2tp_session_dec_refcount(session);
881 atomic_long_inc(&tunnel->stats.rx_invalid);
884 /* Put UDP header back */
885 __skb_push(skb, sizeof(struct udphdr));
890 /* UDP encapsulation receive handler. See net/ipv4/udp.c.
894 * >0: skb should be passed up to userspace as UDP.
896 int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
898 struct l2tp_tunnel *tunnel;
900 /* Note that this is called from the encap_rcv hook inside an
901 * RCU-protected region, but without the socket being locked.
902 * Hence we use rcu_dereference_sk_user_data to access the
903 * tunnel data structure rather the usual l2tp_sk_to_tunnel
906 tunnel = rcu_dereference_sk_user_data(sk);
909 if (WARN_ON(tunnel->magic != L2TP_TUNNEL_MAGIC))
912 if (l2tp_udp_recv_core(tunnel, skb))
920 EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
922 /************************************************************************
924 ***********************************************************************/
926 /* Build an L2TP header for the session into the buffer provided.
928 static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf)
930 struct l2tp_tunnel *tunnel = session->tunnel;
933 u16 flags = L2TP_HDR_VER_2;
934 u32 tunnel_id = tunnel->peer_tunnel_id;
935 u32 session_id = session->peer_session_id;
937 if (session->send_seq)
938 flags |= L2TP_HDRFLAG_S;
940 /* Setup L2TP header. */
941 *bufp++ = htons(flags);
942 *bufp++ = htons(tunnel_id);
943 *bufp++ = htons(session_id);
944 if (session->send_seq) {
945 *bufp++ = htons(session->ns);
948 session->ns &= 0xffff;
949 trace_session_seqnum_update(session);
955 static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf)
957 struct l2tp_tunnel *tunnel = session->tunnel;
961 /* Setup L2TP header. The header differs slightly for UDP and
962 * IP encapsulations. For UDP, there is 4 bytes of flags.
964 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
965 u16 flags = L2TP_HDR_VER_3;
966 *((__be16 *)bufp) = htons(flags);
968 *((__be16 *)bufp) = 0;
972 *((__be32 *)bufp) = htonl(session->peer_session_id);
974 if (session->cookie_len) {
975 memcpy(bufp, &session->cookie[0], session->cookie_len);
976 bufp += session->cookie_len;
978 if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
981 if (session->send_seq) {
982 l2h = 0x40000000 | session->ns;
984 session->ns &= 0xffffff;
985 trace_session_seqnum_update(session);
988 *((__be32 *)bufp) = htonl(l2h);
995 /* Queue the packet to IP for output: tunnel socket lock must be held */
996 static int l2tp_xmit_queue(struct l2tp_tunnel *tunnel, struct sk_buff *skb, struct flowi *fl)
1002 #if IS_ENABLED(CONFIG_IPV6)
1003 if (l2tp_sk_is_v6(tunnel->sock))
1004 err = inet6_csk_xmit(tunnel->sock, skb, NULL);
1007 err = ip_queue_xmit(tunnel->sock, skb, fl);
1009 return err >= 0 ? NET_XMIT_SUCCESS : NET_XMIT_DROP;
1012 static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb, unsigned int *len)
1014 struct l2tp_tunnel *tunnel = session->tunnel;
1015 unsigned int data_len = skb->len;
1016 struct sock *sk = tunnel->sock;
1017 int headroom, uhlen, udp_len;
1018 int ret = NET_XMIT_SUCCESS;
1019 struct inet_sock *inet;
1022 /* Check that there's enough headroom in the skb to insert IP,
1023 * UDP and L2TP headers. If not enough, expand it to
1024 * make room. Adjust truesize.
1026 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(*uh) : 0;
1027 headroom = NET_SKB_PAD + sizeof(struct iphdr) + uhlen + session->hdr_len;
1028 if (skb_cow_head(skb, headroom)) {
1030 return NET_XMIT_DROP;
1033 /* Setup L2TP header */
1034 if (tunnel->version == L2TP_HDR_VER_2)
1035 l2tp_build_l2tpv2_header(session, __skb_push(skb, session->hdr_len));
1037 l2tp_build_l2tpv3_header(session, __skb_push(skb, session->hdr_len));
1039 /* Reset skb netfilter state */
1040 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1041 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | IPSKB_REROUTED);
1044 bh_lock_sock_nested(sk);
1045 if (sock_owned_by_user(sk)) {
1047 ret = NET_XMIT_DROP;
1051 /* The user-space may change the connection status for the user-space
1052 * provided socket at run time: we must check it under the socket lock
1054 if (tunnel->fd >= 0 && sk->sk_state != TCP_ESTABLISHED) {
1056 ret = NET_XMIT_DROP;
1060 /* Report transmitted length before we add encap header, which keeps
1061 * statistics consistent for both UDP and IP encap tx/rx paths.
1066 switch (tunnel->encap) {
1067 case L2TP_ENCAPTYPE_UDP:
1068 /* Setup UDP header */
1069 __skb_push(skb, sizeof(*uh));
1070 skb_reset_transport_header(skb);
1072 uh->source = inet->inet_sport;
1073 uh->dest = inet->inet_dport;
1074 udp_len = uhlen + session->hdr_len + data_len;
1075 uh->len = htons(udp_len);
1077 /* Calculate UDP checksum if configured to do so */
1078 #if IS_ENABLED(CONFIG_IPV6)
1079 if (l2tp_sk_is_v6(sk))
1080 udp6_set_csum(udp_get_no_check6_tx(sk),
1081 skb, &inet6_sk(sk)->saddr,
1082 &sk->sk_v6_daddr, udp_len);
1085 udp_set_csum(sk->sk_no_check_tx, skb, inet->inet_saddr,
1086 inet->inet_daddr, udp_len);
1089 case L2TP_ENCAPTYPE_IP:
1093 ret = l2tp_xmit_queue(tunnel, skb, &inet->cork.fl);
1101 /* If caller requires the skb to have a ppp header, the header must be
1102 * inserted in the skb data before calling this function.
1104 int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb)
1106 unsigned int len = 0;
1109 ret = l2tp_xmit_core(session, skb, &len);
1110 if (ret == NET_XMIT_SUCCESS) {
1111 atomic_long_inc(&session->tunnel->stats.tx_packets);
1112 atomic_long_add(len, &session->tunnel->stats.tx_bytes);
1113 atomic_long_inc(&session->stats.tx_packets);
1114 atomic_long_add(len, &session->stats.tx_bytes);
1116 atomic_long_inc(&session->tunnel->stats.tx_errors);
1117 atomic_long_inc(&session->stats.tx_errors);
1121 EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1123 /*****************************************************************************
1124 * Tinnel and session create/destroy.
1125 *****************************************************************************/
1127 /* Tunnel socket destruct hook.
1128 * The tunnel context is deleted only when all session sockets have been
1131 static void l2tp_tunnel_destruct(struct sock *sk)
1133 struct l2tp_tunnel *tunnel = l2tp_sk_to_tunnel(sk);
1138 /* Disable udp encapsulation */
1139 switch (tunnel->encap) {
1140 case L2TP_ENCAPTYPE_UDP:
1141 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1142 (udp_sk(sk))->encap_type = 0;
1143 (udp_sk(sk))->encap_rcv = NULL;
1144 (udp_sk(sk))->encap_destroy = NULL;
1146 case L2TP_ENCAPTYPE_IP:
1150 /* Remove hooks into tunnel socket */
1151 write_lock_bh(&sk->sk_callback_lock);
1152 sk->sk_destruct = tunnel->old_sk_destruct;
1153 sk->sk_user_data = NULL;
1154 write_unlock_bh(&sk->sk_callback_lock);
1156 /* Call the original destructor */
1157 if (sk->sk_destruct)
1158 (*sk->sk_destruct)(sk);
1160 kfree_rcu(tunnel, rcu);
1165 /* Remove an l2tp session from l2tp_core's hash lists. */
1166 static void l2tp_session_unhash(struct l2tp_session *session)
1168 struct l2tp_tunnel *tunnel = session->tunnel;
1170 /* Remove the session from core hashes */
1172 /* Remove from the per-tunnel hash */
1173 write_lock_bh(&tunnel->hlist_lock);
1174 hlist_del_init(&session->hlist);
1175 write_unlock_bh(&tunnel->hlist_lock);
1177 /* For L2TPv3 we have a per-net hash: remove from there, too */
1178 if (tunnel->version != L2TP_HDR_VER_2) {
1179 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1181 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1182 hlist_del_init_rcu(&session->global_hlist);
1183 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1189 /* When the tunnel is closed, all the attached sessions need to go too.
1191 static void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1194 struct hlist_node *walk;
1195 struct hlist_node *tmp;
1196 struct l2tp_session *session;
1198 write_lock_bh(&tunnel->hlist_lock);
1199 tunnel->acpt_newsess = false;
1200 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1202 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1203 session = hlist_entry(walk, struct l2tp_session, hlist);
1204 hlist_del_init(&session->hlist);
1206 write_unlock_bh(&tunnel->hlist_lock);
1207 l2tp_session_delete(session);
1208 write_lock_bh(&tunnel->hlist_lock);
1210 /* Now restart from the beginning of this hash
1211 * chain. We always remove a session from the
1212 * list so we are guaranteed to make forward
1218 write_unlock_bh(&tunnel->hlist_lock);
1221 /* Tunnel socket destroy hook for UDP encapsulation */
1222 static void l2tp_udp_encap_destroy(struct sock *sk)
1224 struct l2tp_tunnel *tunnel = l2tp_sk_to_tunnel(sk);
1227 l2tp_tunnel_delete(tunnel);
1230 static void l2tp_tunnel_remove(struct net *net, struct l2tp_tunnel *tunnel)
1232 struct l2tp_net *pn = l2tp_pernet(net);
1234 spin_lock_bh(&pn->l2tp_tunnel_idr_lock);
1235 idr_remove(&pn->l2tp_tunnel_idr, tunnel->tunnel_id);
1236 spin_unlock_bh(&pn->l2tp_tunnel_idr_lock);
1239 /* Workqueue tunnel deletion function */
1240 static void l2tp_tunnel_del_work(struct work_struct *work)
1242 struct l2tp_tunnel *tunnel = container_of(work, struct l2tp_tunnel,
1244 struct sock *sk = tunnel->sock;
1245 struct socket *sock = sk->sk_socket;
1247 l2tp_tunnel_closeall(tunnel);
1249 /* If the tunnel socket was created within the kernel, use
1250 * the sk API to release it here.
1252 if (tunnel->fd < 0) {
1254 kernel_sock_shutdown(sock, SHUT_RDWR);
1259 l2tp_tunnel_remove(tunnel->l2tp_net, tunnel);
1260 /* drop initial ref */
1261 l2tp_tunnel_dec_refcount(tunnel);
1263 /* drop workqueue ref */
1264 l2tp_tunnel_dec_refcount(tunnel);
1267 /* Create a socket for the tunnel, if one isn't set up by
1268 * userspace. This is used for static tunnels where there is no
1269 * managing L2TP daemon.
1271 * Since we don't want these sockets to keep a namespace alive by
1272 * themselves, we drop the socket's namespace refcount after creation.
1273 * These sockets are freed when the namespace exits using the pernet
1276 static int l2tp_tunnel_sock_create(struct net *net,
1279 struct l2tp_tunnel_cfg *cfg,
1280 struct socket **sockp)
1283 struct socket *sock = NULL;
1284 struct udp_port_cfg udp_conf;
1286 switch (cfg->encap) {
1287 case L2TP_ENCAPTYPE_UDP:
1288 memset(&udp_conf, 0, sizeof(udp_conf));
1290 #if IS_ENABLED(CONFIG_IPV6)
1291 if (cfg->local_ip6 && cfg->peer_ip6) {
1292 udp_conf.family = AF_INET6;
1293 memcpy(&udp_conf.local_ip6, cfg->local_ip6,
1294 sizeof(udp_conf.local_ip6));
1295 memcpy(&udp_conf.peer_ip6, cfg->peer_ip6,
1296 sizeof(udp_conf.peer_ip6));
1297 udp_conf.use_udp6_tx_checksums =
1298 !cfg->udp6_zero_tx_checksums;
1299 udp_conf.use_udp6_rx_checksums =
1300 !cfg->udp6_zero_rx_checksums;
1304 udp_conf.family = AF_INET;
1305 udp_conf.local_ip = cfg->local_ip;
1306 udp_conf.peer_ip = cfg->peer_ip;
1307 udp_conf.use_udp_checksums = cfg->use_udp_checksums;
1310 udp_conf.local_udp_port = htons(cfg->local_udp_port);
1311 udp_conf.peer_udp_port = htons(cfg->peer_udp_port);
1313 err = udp_sock_create(net, &udp_conf, &sock);
1319 case L2TP_ENCAPTYPE_IP:
1320 #if IS_ENABLED(CONFIG_IPV6)
1321 if (cfg->local_ip6 && cfg->peer_ip6) {
1322 struct sockaddr_l2tpip6 ip6_addr = {0};
1324 err = sock_create_kern(net, AF_INET6, SOCK_DGRAM,
1325 IPPROTO_L2TP, &sock);
1329 ip6_addr.l2tp_family = AF_INET6;
1330 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1331 sizeof(ip6_addr.l2tp_addr));
1332 ip6_addr.l2tp_conn_id = tunnel_id;
1333 err = kernel_bind(sock, (struct sockaddr *)&ip6_addr,
1338 ip6_addr.l2tp_family = AF_INET6;
1339 memcpy(&ip6_addr.l2tp_addr, cfg->peer_ip6,
1340 sizeof(ip6_addr.l2tp_addr));
1341 ip6_addr.l2tp_conn_id = peer_tunnel_id;
1342 err = kernel_connect(sock,
1343 (struct sockaddr *)&ip6_addr,
1344 sizeof(ip6_addr), 0);
1350 struct sockaddr_l2tpip ip_addr = {0};
1352 err = sock_create_kern(net, AF_INET, SOCK_DGRAM,
1353 IPPROTO_L2TP, &sock);
1357 ip_addr.l2tp_family = AF_INET;
1358 ip_addr.l2tp_addr = cfg->local_ip;
1359 ip_addr.l2tp_conn_id = tunnel_id;
1360 err = kernel_bind(sock, (struct sockaddr *)&ip_addr,
1365 ip_addr.l2tp_family = AF_INET;
1366 ip_addr.l2tp_addr = cfg->peer_ip;
1367 ip_addr.l2tp_conn_id = peer_tunnel_id;
1368 err = kernel_connect(sock, (struct sockaddr *)&ip_addr,
1369 sizeof(ip_addr), 0);
1381 if (err < 0 && sock) {
1382 kernel_sock_shutdown(sock, SHUT_RDWR);
1390 int l2tp_tunnel_create(int fd, int version, u32 tunnel_id, u32 peer_tunnel_id,
1391 struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1393 struct l2tp_tunnel *tunnel = NULL;
1395 enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1400 tunnel = kzalloc(sizeof(*tunnel), GFP_KERNEL);
1406 tunnel->version = version;
1407 tunnel->tunnel_id = tunnel_id;
1408 tunnel->peer_tunnel_id = peer_tunnel_id;
1410 tunnel->magic = L2TP_TUNNEL_MAGIC;
1411 sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1412 rwlock_init(&tunnel->hlist_lock);
1413 tunnel->acpt_newsess = true;
1415 tunnel->encap = encap;
1417 refcount_set(&tunnel->ref_count, 1);
1420 /* Init delete workqueue struct */
1421 INIT_WORK(&tunnel->del_work, l2tp_tunnel_del_work);
1423 INIT_LIST_HEAD(&tunnel->list);
1432 EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1434 static int l2tp_validate_socket(const struct sock *sk, const struct net *net,
1435 enum l2tp_encap_type encap)
1437 if (!net_eq(sock_net(sk), net))
1440 if (sk->sk_type != SOCK_DGRAM)
1441 return -EPROTONOSUPPORT;
1443 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
1444 return -EPROTONOSUPPORT;
1446 if ((encap == L2TP_ENCAPTYPE_UDP && sk->sk_protocol != IPPROTO_UDP) ||
1447 (encap == L2TP_ENCAPTYPE_IP && sk->sk_protocol != IPPROTO_L2TP))
1448 return -EPROTONOSUPPORT;
1450 if (sk->sk_user_data)
1456 int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net,
1457 struct l2tp_tunnel_cfg *cfg)
1459 struct l2tp_net *pn = l2tp_pernet(net);
1460 u32 tunnel_id = tunnel->tunnel_id;
1461 struct socket *sock;
1465 spin_lock_bh(&pn->l2tp_tunnel_idr_lock);
1466 ret = idr_alloc_u32(&pn->l2tp_tunnel_idr, NULL, &tunnel_id, tunnel_id,
1468 spin_unlock_bh(&pn->l2tp_tunnel_idr_lock);
1470 return ret == -ENOSPC ? -EEXIST : ret;
1472 if (tunnel->fd < 0) {
1473 ret = l2tp_tunnel_sock_create(net, tunnel->tunnel_id,
1474 tunnel->peer_tunnel_id, cfg,
1479 sock = sockfd_lookup(tunnel->fd, &ret);
1486 write_lock_bh(&sk->sk_callback_lock);
1487 ret = l2tp_validate_socket(sk, net, tunnel->encap);
1490 goto err_inval_sock;
1492 rcu_assign_sk_user_data(sk, tunnel);
1493 write_unlock_bh(&sk->sk_callback_lock);
1495 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
1496 struct udp_tunnel_sock_cfg udp_cfg = {
1497 .sk_user_data = tunnel,
1498 .encap_type = UDP_ENCAP_L2TPINUDP,
1499 .encap_rcv = l2tp_udp_encap_recv,
1500 .encap_destroy = l2tp_udp_encap_destroy,
1503 setup_udp_tunnel_sock(net, sock, &udp_cfg);
1506 tunnel->old_sk_destruct = sk->sk_destruct;
1507 sk->sk_destruct = &l2tp_tunnel_destruct;
1508 sk->sk_allocation = GFP_ATOMIC;
1513 tunnel->l2tp_net = net;
1515 spin_lock_bh(&pn->l2tp_tunnel_idr_lock);
1516 idr_replace(&pn->l2tp_tunnel_idr, tunnel, tunnel->tunnel_id);
1517 spin_unlock_bh(&pn->l2tp_tunnel_idr_lock);
1519 trace_register_tunnel(tunnel);
1521 if (tunnel->fd >= 0)
1527 write_unlock_bh(&sk->sk_callback_lock);
1534 l2tp_tunnel_remove(net, tunnel);
1537 EXPORT_SYMBOL_GPL(l2tp_tunnel_register);
1539 /* This function is used by the netlink TUNNEL_DELETE command.
1541 void l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1543 if (!test_and_set_bit(0, &tunnel->dead)) {
1544 trace_delete_tunnel(tunnel);
1545 l2tp_tunnel_inc_refcount(tunnel);
1546 queue_work(l2tp_wq, &tunnel->del_work);
1549 EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1551 void l2tp_session_delete(struct l2tp_session *session)
1553 if (test_and_set_bit(0, &session->dead))
1556 trace_delete_session(session);
1557 l2tp_session_unhash(session);
1558 l2tp_session_queue_purge(session);
1559 if (session->session_close)
1560 (*session->session_close)(session);
1562 l2tp_session_dec_refcount(session);
1564 EXPORT_SYMBOL_GPL(l2tp_session_delete);
1566 /* We come here whenever a session's send_seq, cookie_len or
1567 * l2specific_type parameters are set.
1569 void l2tp_session_set_header_len(struct l2tp_session *session, int version)
1571 if (version == L2TP_HDR_VER_2) {
1572 session->hdr_len = 6;
1573 if (session->send_seq)
1574 session->hdr_len += 4;
1576 session->hdr_len = 4 + session->cookie_len;
1577 session->hdr_len += l2tp_get_l2specific_len(session);
1578 if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1579 session->hdr_len += 4;
1582 EXPORT_SYMBOL_GPL(l2tp_session_set_header_len);
1584 struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id,
1585 u32 peer_session_id, struct l2tp_session_cfg *cfg)
1587 struct l2tp_session *session;
1589 session = kzalloc(sizeof(*session) + priv_size, GFP_KERNEL);
1591 session->magic = L2TP_SESSION_MAGIC;
1592 session->tunnel = tunnel;
1594 session->session_id = session_id;
1595 session->peer_session_id = peer_session_id;
1597 if (tunnel->version == L2TP_HDR_VER_2)
1598 session->nr_max = 0xffff;
1600 session->nr_max = 0xffffff;
1601 session->nr_window_size = session->nr_max / 2;
1602 session->nr_oos_count_max = 4;
1604 /* Use NR of first received packet */
1605 session->reorder_skip = 1;
1607 sprintf(&session->name[0], "sess %u/%u",
1608 tunnel->tunnel_id, session->session_id);
1610 skb_queue_head_init(&session->reorder_q);
1612 INIT_HLIST_NODE(&session->hlist);
1613 INIT_HLIST_NODE(&session->global_hlist);
1616 session->pwtype = cfg->pw_type;
1617 session->send_seq = cfg->send_seq;
1618 session->recv_seq = cfg->recv_seq;
1619 session->lns_mode = cfg->lns_mode;
1620 session->reorder_timeout = cfg->reorder_timeout;
1621 session->l2specific_type = cfg->l2specific_type;
1622 session->cookie_len = cfg->cookie_len;
1623 memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len);
1624 session->peer_cookie_len = cfg->peer_cookie_len;
1625 memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1628 l2tp_session_set_header_len(session, tunnel->version);
1630 refcount_set(&session->ref_count, 1);
1635 return ERR_PTR(-ENOMEM);
1637 EXPORT_SYMBOL_GPL(l2tp_session_create);
1639 /*****************************************************************************
1641 *****************************************************************************/
1643 static __net_init int l2tp_init_net(struct net *net)
1645 struct l2tp_net *pn = net_generic(net, l2tp_net_id);
1648 idr_init(&pn->l2tp_tunnel_idr);
1649 spin_lock_init(&pn->l2tp_tunnel_idr_lock);
1651 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1652 INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
1654 spin_lock_init(&pn->l2tp_session_hlist_lock);
1659 static __net_exit void l2tp_exit_net(struct net *net)
1661 struct l2tp_net *pn = l2tp_pernet(net);
1662 struct l2tp_tunnel *tunnel = NULL;
1663 unsigned long tunnel_id, tmp;
1667 idr_for_each_entry_ul(&pn->l2tp_tunnel_idr, tunnel, tmp, tunnel_id) {
1669 l2tp_tunnel_delete(tunnel);
1671 rcu_read_unlock_bh();
1674 flush_workqueue(l2tp_wq);
1677 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1678 WARN_ON_ONCE(!hlist_empty(&pn->l2tp_session_hlist[hash]));
1679 idr_destroy(&pn->l2tp_tunnel_idr);
1682 static struct pernet_operations l2tp_net_ops = {
1683 .init = l2tp_init_net,
1684 .exit = l2tp_exit_net,
1686 .size = sizeof(struct l2tp_net),
1689 static int __init l2tp_init(void)
1693 rc = register_pernet_device(&l2tp_net_ops);
1697 l2tp_wq = alloc_workqueue("l2tp", WQ_UNBOUND, 0);
1699 pr_err("alloc_workqueue failed\n");
1700 unregister_pernet_device(&l2tp_net_ops);
1705 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION);
1711 static void __exit l2tp_exit(void)
1713 unregister_pernet_device(&l2tp_net_ops);
1715 destroy_workqueue(l2tp_wq);
1720 module_init(l2tp_init);
1721 module_exit(l2tp_exit);
1723 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1724 MODULE_DESCRIPTION("L2TP core");
1725 MODULE_LICENSE("GPL");
1726 MODULE_VERSION(L2TP_DRV_VERSION);
projects / platform / kernel / linux-rpi.git / blob