1// SPDX-License-Identifier: GPL-2.0-or-later
2/** -*- linux-c -*- ***********************************************************
3 * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets
4 *
5 * PPPoX --- Generic PPP encapsulation socket family
6 * PPPoE --- PPP over Ethernet (RFC 2516)
7 *
8 * Version: 0.7.0
9 *
10 * 070228 : Fix to allow multiple sessions with same remote MAC and same
11 * session id by including the local device ifindex in the
12 * tuple identifying a session. This also ensures packets can't
13 * be injected into a session from interfaces other than the one
14 * specified by userspace. Florian Zumbiehl <florz@florz.de>
15 * (Oh, BTW, this one is YYMMDD, in case you were wondering ...)
16 * 220102 : Fix module use count on failure in pppoe_create, pppox_sk -acme
17 * 030700 : Fixed connect logic to allow for disconnect.
18 * 270700 : Fixed potential SMP problems; we must protect against
19 * simultaneous invocation of ppp_input
20 * and ppp_unregister_channel.
21 * 040800 : Respect reference count mechanisms on net-devices.
22 * 200800 : fix kfree(skb) in pppoe_rcv (acme)
23 * Module reference count is decremented in the right spot now,
24 * guards against sock_put not actually freeing the sk
25 * in pppoe_release.
26 * 051000 : Initialization cleanup.
27 * 111100 : Fix recvmsg.
28 * 050101 : Fix PADT processing.
29 * 140501 : Use pppoe_rcv_core to handle all backlog. (Alexey)
30 * 170701 : Do not lock_sock with rwlock held. (DaveM)
31 * Ignore discovery frames if user has socket
32 * locked. (DaveM)
33 * Ignore return value of dev_queue_xmit in __pppoe_xmit
34 * or else we may kfree an SKB twice. (DaveM)
35 * 190701 : When doing copies of skb's in __pppoe_xmit, always delete
36 * the original skb that was passed in on success, never on
37 * failure. Delete the copy of the skb on failure to avoid
38 * a memory leak.
39 * 081001 : Misc. cleanup (licence string, non-blocking, prevent
40 * reference of device on close).
41 * 121301 : New ppp channels interface; cannot unregister a channel
42 * from interrupts. Thus, we mark the socket as a ZOMBIE
43 * and do the unregistration later.
44 * 081002 : seq_file support for proc stuff -acme
45 * 111602 : Merge all 2.4 fixes into 2.5/2.6 tree. Label 2.5/2.6
46 * as version 0.7. Spacing cleanup.
47 * Author: Michal Ostrowski <mostrows@speakeasy.net>
48 * Contributors:
49 * Arnaldo Carvalho de Melo <acme@conectiva.com.br>
50 * David S. Miller (davem@redhat.com)
51 *
52 * License:
53 */
54
55#include <linux/string.h>
56#include <linux/module.h>
57#include <linux/kernel.h>
58#include <linux/slab.h>
59#include <linux/errno.h>
60#include <linux/netdevice.h>
61#include <linux/net.h>
62#include <linux/inetdevice.h>
63#include <linux/etherdevice.h>
64#include <linux/skbuff.h>
65#include <linux/init.h>
66#include <linux/if_ether.h>
67#include <linux/if_pppox.h>
68#include <linux/ppp_channel.h>
69#include <linux/ppp_defs.h>
70#include <linux/ppp-ioctl.h>
71#include <linux/notifier.h>
72#include <linux/file.h>
73#include <linux/proc_fs.h>
74#include <linux/seq_file.h>
75
76#include <linux/nsproxy.h>
77#include <net/net_namespace.h>
78#include <net/netns/generic.h>
79#include <net/sock.h>
80
81#include <linux/uaccess.h>
82
83#define PPPOE_HASH_BITS CONFIG_PPPOE_HASH_BITS
84#define PPPOE_HASH_SIZE (1 << PPPOE_HASH_BITS)
85#define PPPOE_HASH_MASK (PPPOE_HASH_SIZE - 1)
86
87static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb);
88
89static const struct proto_ops pppoe_ops;
90static const struct ppp_channel_ops pppoe_chan_ops;
91
92/* per-net private data for this module */
93static unsigned int pppoe_net_id __read_mostly;
94struct pppoe_net {
95 /*
96 * we could use _single_ hash table for all
97 * nets by injecting net id into the hash but
98 * it would increase hash chains and add
99 * a few additional math comparisons messy
100 * as well, moreover in case of SMP less locking
101 * controversy here
102 */
103 struct pppox_sock *hash_table[PPPOE_HASH_SIZE];
104 rwlock_t hash_lock;
105};
106
107/*
108 * PPPoE could be in the following stages:
109 * 1) Discovery stage (to obtain remote MAC and Session ID)
110 * 2) Session stage (MAC and SID are known)
111 *
112 * Ethernet frames have a special tag for this but
113 * we use simpler approach based on session id
114 */
115static inline bool stage_session(__be16 sid)
116{
117 return sid != 0;
118}
119
120static inline struct pppoe_net *pppoe_pernet(struct net *net)
121{
122 return net_generic(net, id: pppoe_net_id);
123}
124
125static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b)
126{
127 return a->sid == b->sid && ether_addr_equal(addr1: a->remote, addr2: b->remote);
128}
129
130static inline int cmp_addr(struct pppoe_addr *a, __be16 sid, char *addr)
131{
132 return a->sid == sid && ether_addr_equal(addr1: a->remote, addr2: addr);
133}
134
135#if 8 % PPPOE_HASH_BITS
136#error 8 must be a multiple of PPPOE_HASH_BITS
137#endif
138
139static int hash_item(__be16 sid, unsigned char *addr)
140{
141 unsigned char hash = 0;
142 unsigned int i;
143
144 for (i = 0; i < ETH_ALEN; i++)
145 hash ^= addr[i];
146 for (i = 0; i < sizeof(sid_t) * 8; i += 8)
147 hash ^= (__force __u32)sid >> i;
148 for (i = 8; (i >>= 1) >= PPPOE_HASH_BITS;)
149 hash ^= hash >> i;
150
151 return hash & PPPOE_HASH_MASK;
152}
153
154/**********************************************************************
155 *
156 * Set/get/delete/rehash items (internal versions)
157 *
158 **********************************************************************/
159static struct pppox_sock *__get_item(struct pppoe_net *pn, __be16 sid,
160 unsigned char *addr, int ifindex)
161{
162 int hash = hash_item(sid, addr);
163 struct pppox_sock *ret;
164
165 ret = pn->hash_table[hash];
166 while (ret) {
167 if (cmp_addr(a: &ret->pppoe_pa, sid, addr) &&
168 ret->pppoe_ifindex == ifindex)
169 return ret;
170
171 ret = ret->next;
172 }
173
174 return NULL;
175}
176
177static int __set_item(struct pppoe_net *pn, struct pppox_sock *po)
178{
179 int hash = hash_item(sid: po->pppoe_pa.sid, addr: po->pppoe_pa.remote);
180 struct pppox_sock *ret;
181
182 ret = pn->hash_table[hash];
183 while (ret) {
184 if (cmp_2_addr(a: &ret->pppoe_pa, b: &po->pppoe_pa) &&
185 ret->pppoe_ifindex == po->pppoe_ifindex)
186 return -EALREADY;
187
188 ret = ret->next;
189 }
190
191 po->next = pn->hash_table[hash];
192 pn->hash_table[hash] = po;
193
194 return 0;
195}
196
197static void __delete_item(struct pppoe_net *pn, __be16 sid,
198 char *addr, int ifindex)
199{
200 int hash = hash_item(sid, addr);
201 struct pppox_sock *ret, **src;
202
203 ret = pn->hash_table[hash];
204 src = &pn->hash_table[hash];
205
206 while (ret) {
207 if (cmp_addr(a: &ret->pppoe_pa, sid, addr) &&
208 ret->pppoe_ifindex == ifindex) {
209 *src = ret->next;
210 break;
211 }
212
213 src = &ret->next;
214 ret = ret->next;
215 }
216}
217
218/**********************************************************************
219 *
220 * Set/get/delete/rehash items
221 *
222 **********************************************************************/
223static inline struct pppox_sock *get_item(struct pppoe_net *pn, __be16 sid,
224 unsigned char *addr, int ifindex)
225{
226 struct pppox_sock *po;
227
228 read_lock_bh(&pn->hash_lock);
229 po = __get_item(pn, sid, addr, ifindex);
230 if (po)
231 sock_hold(sk: sk_pppox(po));
232 read_unlock_bh(&pn->hash_lock);
233
234 return po;
235}
236
237static inline struct pppox_sock *get_item_by_addr(struct net *net,
238 struct sockaddr_pppox *sp)
239{
240 struct net_device *dev;
241 struct pppoe_net *pn;
242 struct pppox_sock *pppox_sock = NULL;
243
244 int ifindex;
245
246 rcu_read_lock();
247 dev = dev_get_by_name_rcu(net, name: sp->sa_addr.pppoe.dev);
248 if (dev) {
249 ifindex = dev->ifindex;
250 pn = pppoe_pernet(net);
251 pppox_sock = get_item(pn, sid: sp->sa_addr.pppoe.sid,
252 addr: sp->sa_addr.pppoe.remote, ifindex);
253 }
254 rcu_read_unlock();
255 return pppox_sock;
256}
257
258static inline void delete_item(struct pppoe_net *pn, __be16 sid,
259 char *addr, int ifindex)
260{
261 write_lock_bh(&pn->hash_lock);
262 __delete_item(pn, sid, addr, ifindex);
263 write_unlock_bh(&pn->hash_lock);
264}
265
266/***************************************************************************
267 *
268 * Handler for device events.
269 * Certain device events require that sockets be unconnected.
270 *
271 **************************************************************************/
272
273static void pppoe_flush_dev(struct net_device *dev)
274{
275 struct pppoe_net *pn;
276 int i;
277
278 pn = pppoe_pernet(net: dev_net(dev));
279 write_lock_bh(&pn->hash_lock);
280 for (i = 0; i < PPPOE_HASH_SIZE; i++) {
281 struct pppox_sock *po = pn->hash_table[i];
282 struct sock *sk;
283
284 while (po) {
285 while (po && po->pppoe_dev != dev) {
286 po = po->next;
287 }
288
289 if (!po)
290 break;
291
292 sk = sk_pppox(po);
293
294 /* We always grab the socket lock, followed by the
295 * hash_lock, in that order. Since we should hold the
296 * sock lock while doing any unbinding, we need to
297 * release the lock we're holding. Hold a reference to
298 * the sock so it doesn't disappear as we're jumping
299 * between locks.
300 */
301
302 sock_hold(sk);
303 write_unlock_bh(&pn->hash_lock);
304 lock_sock(sk);
305
306 if (po->pppoe_dev == dev &&
307 sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
308 pppox_unbind_sock(sk);
309 sk->sk_state_change(sk);
310 po->pppoe_dev = NULL;
311 dev_put(dev);
312 }
313
314 release_sock(sk);
315 sock_put(sk);
316
317 /* Restart the process from the start of the current
318 * hash chain. We dropped locks so the world may have
319 * change from underneath us.
320 */
321
322 BUG_ON(pppoe_pernet(dev_net(dev)) == NULL);
323 write_lock_bh(&pn->hash_lock);
324 po = pn->hash_table[i];
325 }
326 }
327 write_unlock_bh(&pn->hash_lock);
328}
329
330static int pppoe_device_event(struct notifier_block *this,
331 unsigned long event, void *ptr)
332{
333 struct net_device *dev = netdev_notifier_info_to_dev(info: ptr);
334
335 /* Only look at sockets that are using this specific device. */
336 switch (event) {
337 case NETDEV_CHANGEADDR:
338 case NETDEV_CHANGEMTU:
339 /* A change in mtu or address is a bad thing, requiring
340 * LCP re-negotiation.
341 */
342
343 case NETDEV_GOING_DOWN:
344 case NETDEV_DOWN:
345 /* Find every socket on this device and kill it. */
346 pppoe_flush_dev(dev);
347 break;
348
349 default:
350 break;
351 }
352
353 return NOTIFY_DONE;
354}
355
356static struct notifier_block pppoe_notifier = {
357 .notifier_call = pppoe_device_event,
358};
359
360/************************************************************************
361 *
362 * Do the real work of receiving a PPPoE Session frame.
363 *
364 ***********************************************************************/
365static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
366{
367 struct pppox_sock *po = pppox_sk(sk);
368 struct pppox_sock *relay_po;
369
370 /* Backlog receive. Semantics of backlog rcv preclude any code from
371 * executing in lock_sock()/release_sock() bounds; meaning sk->sk_state
372 * can't change.
373 */
374
375 if (skb->pkt_type == PACKET_OTHERHOST)
376 goto abort_kfree;
377
378 if (sk->sk_state & PPPOX_BOUND) {
379 ppp_input(&po->chan, skb);
380 } else if (sk->sk_state & PPPOX_RELAY) {
381 relay_po = get_item_by_addr(net: sock_net(sk),
382 sp: &po->pppoe_relay);
383 if (relay_po == NULL)
384 goto abort_kfree;
385
386 if ((sk_pppox(po: relay_po)->sk_state & PPPOX_CONNECTED) == 0)
387 goto abort_put;
388
389 if (!__pppoe_xmit(sk: sk_pppox(po: relay_po), skb))
390 goto abort_put;
391
392 sock_put(sk: sk_pppox(po: relay_po));
393 } else {
394 if (sock_queue_rcv_skb(sk, skb))
395 goto abort_kfree;
396 }
397
398 return NET_RX_SUCCESS;
399
400abort_put:
401 sock_put(sk: sk_pppox(po: relay_po));
402
403abort_kfree:
404 kfree_skb(skb);
405 return NET_RX_DROP;
406}
407
408/************************************************************************
409 *
410 * Receive wrapper called in BH context.
411 *
412 ***********************************************************************/
413static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev,
414 struct packet_type *pt, struct net_device *orig_dev)
415{
416 struct pppoe_hdr *ph;
417 struct pppox_sock *po;
418 struct pppoe_net *pn;
419 int len;
420
421 skb = skb_share_check(skb, GFP_ATOMIC);
422 if (!skb)
423 goto out;
424
425 if (skb_mac_header_len(skb) < ETH_HLEN)
426 goto drop;
427
428 if (!pskb_may_pull(skb, len: sizeof(struct pppoe_hdr)))
429 goto drop;
430
431 ph = pppoe_hdr(skb);
432 len = ntohs(ph->length);
433
434 skb_pull_rcsum(skb, len: sizeof(*ph));
435 if (skb->len < len)
436 goto drop;
437
438 if (pskb_trim_rcsum(skb, len))
439 goto drop;
440
441 ph = pppoe_hdr(skb);
442 pn = pppoe_pernet(net: dev_net(dev));
443
444 /* Note that get_item does a sock_hold(), so sk_pppox(po)
445 * is known to be safe.
446 */
447 po = get_item(pn, sid: ph->sid, addr: eth_hdr(skb)->h_source, ifindex: dev->ifindex);
448 if (!po)
449 goto drop;
450
451 return sk_receive_skb(sk: sk_pppox(po), skb, nested: 0);
452
453drop:
454 kfree_skb(skb);
455out:
456 return NET_RX_DROP;
457}
458
459static void pppoe_unbind_sock_work(struct work_struct *work)
460{
461 struct pppox_sock *po = container_of(work, struct pppox_sock,
462 proto.pppoe.padt_work);
463 struct sock *sk = sk_pppox(po);
464
465 lock_sock(sk);
466 if (po->pppoe_dev) {
467 dev_put(dev: po->pppoe_dev);
468 po->pppoe_dev = NULL;
469 }
470 pppox_unbind_sock(sk);
471 release_sock(sk);
472 sock_put(sk);
473}
474
475/************************************************************************
476 *
477 * Receive a PPPoE Discovery frame.
478 * This is solely for detection of PADT frames
479 *
480 ***********************************************************************/
481static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev,
482 struct packet_type *pt, struct net_device *orig_dev)
483
484{
485 struct pppoe_hdr *ph;
486 struct pppox_sock *po;
487 struct pppoe_net *pn;
488
489 skb = skb_share_check(skb, GFP_ATOMIC);
490 if (!skb)
491 goto out;
492
493 if (skb->pkt_type != PACKET_HOST)
494 goto abort;
495
496 if (!pskb_may_pull(skb, len: sizeof(struct pppoe_hdr)))
497 goto abort;
498
499 ph = pppoe_hdr(skb);
500 if (ph->code != PADT_CODE)
501 goto abort;
502
503 pn = pppoe_pernet(net: dev_net(dev));
504 po = get_item(pn, sid: ph->sid, addr: eth_hdr(skb)->h_source, ifindex: dev->ifindex);
505 if (po)
506 if (!schedule_work(work: &po->proto.pppoe.padt_work))
507 sock_put(sk: sk_pppox(po));
508
509abort:
510 kfree_skb(skb);
511out:
512 return NET_RX_SUCCESS; /* Lies... :-) */
513}
514
515static struct packet_type pppoes_ptype __read_mostly = {
516 .type = cpu_to_be16(ETH_P_PPP_SES),
517 .func = pppoe_rcv,
518};
519
520static struct packet_type pppoed_ptype __read_mostly = {
521 .type = cpu_to_be16(ETH_P_PPP_DISC),
522 .func = pppoe_disc_rcv,
523};
524
525static struct proto pppoe_sk_proto __read_mostly = {
526 .name = "PPPOE",
527 .owner = THIS_MODULE,
528 .obj_size = sizeof(struct pppox_sock),
529};
530
531/***********************************************************************
532 *
533 * Initialize a new struct sock.
534 *
535 **********************************************************************/
536static int pppoe_create(struct net *net, struct socket *sock, int kern)
537{
538 struct sock *sk;
539
540 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, prot: &pppoe_sk_proto, kern);
541 if (!sk)
542 return -ENOMEM;
543
544 sock_init_data(sock, sk);
545
546 sock->state = SS_UNCONNECTED;
547 sock->ops = &pppoe_ops;
548
549 sk->sk_backlog_rcv = pppoe_rcv_core;
550 sk->sk_state = PPPOX_NONE;
551 sk->sk_type = SOCK_STREAM;
552 sk->sk_family = PF_PPPOX;
553 sk->sk_protocol = PX_PROTO_OE;
554
555 INIT_WORK(&pppox_sk(sk)->proto.pppoe.padt_work,
556 pppoe_unbind_sock_work);
557
558 return 0;
559}
560
561static int pppoe_release(struct socket *sock)
562{
563 struct sock *sk = sock->sk;
564 struct pppox_sock *po;
565 struct pppoe_net *pn;
566 struct net *net = NULL;
567
568 if (!sk)
569 return 0;
570
571 lock_sock(sk);
572 if (sock_flag(sk, flag: SOCK_DEAD)) {
573 release_sock(sk);
574 return -EBADF;
575 }
576
577 po = pppox_sk(sk);
578
579 if (po->pppoe_dev) {
580 dev_put(dev: po->pppoe_dev);
581 po->pppoe_dev = NULL;
582 }
583
584 pppox_unbind_sock(sk);
585
586 /* Signal the death of the socket. */
587 sk->sk_state = PPPOX_DEAD;
588
589 net = sock_net(sk);
590 pn = pppoe_pernet(net);
591
592 /*
593 * protect "po" from concurrent updates
594 * on pppoe_flush_dev
595 */
596 delete_item(pn, sid: po->pppoe_pa.sid, addr: po->pppoe_pa.remote,
597 ifindex: po->pppoe_ifindex);
598
599 sock_orphan(sk);
600 sock->sk = NULL;
601
602 skb_queue_purge(list: &sk->sk_receive_queue);
603 release_sock(sk);
604 sock_put(sk);
605
606 return 0;
607}
608
609static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
610 int sockaddr_len, int flags)
611{
612 struct sock *sk = sock->sk;
613 struct sockaddr_pppox *sp = (struct sockaddr_pppox *)uservaddr;
614 struct pppox_sock *po = pppox_sk(sk);
615 struct net_device *dev = NULL;
616 struct pppoe_net *pn;
617 struct net *net = NULL;
618 int error;
619
620 lock_sock(sk);
621
622 error = -EINVAL;
623
624 if (sockaddr_len != sizeof(struct sockaddr_pppox))
625 goto end;
626
627 if (sp->sa_protocol != PX_PROTO_OE)
628 goto end;
629
630 /* Check for already bound sockets */
631 error = -EBUSY;
632 if ((sk->sk_state & PPPOX_CONNECTED) &&
633 stage_session(sid: sp->sa_addr.pppoe.sid))
634 goto end;
635
636 /* Check for already disconnected sockets, on attempts to disconnect */
637 error = -EALREADY;
638 if ((sk->sk_state & PPPOX_DEAD) &&
639 !stage_session(sid: sp->sa_addr.pppoe.sid))
640 goto end;
641
642 error = 0;
643
644 /* Delete the old binding */
645 if (stage_session(sid: po->pppoe_pa.sid)) {
646 pppox_unbind_sock(sk);
647 pn = pppoe_pernet(net: sock_net(sk));
648 delete_item(pn, sid: po->pppoe_pa.sid,
649 addr: po->pppoe_pa.remote, ifindex: po->pppoe_ifindex);
650 if (po->pppoe_dev) {
651 dev_put(dev: po->pppoe_dev);
652 po->pppoe_dev = NULL;
653 }
654
655 po->pppoe_ifindex = 0;
656 memset(&po->pppoe_pa, 0, sizeof(po->pppoe_pa));
657 memset(&po->pppoe_relay, 0, sizeof(po->pppoe_relay));
658 memset(&po->chan, 0, sizeof(po->chan));
659 po->next = NULL;
660 po->num = 0;
661
662 sk->sk_state = PPPOX_NONE;
663 }
664
665 /* Re-bind in session stage only */
666 if (stage_session(sid: sp->sa_addr.pppoe.sid)) {
667 error = -ENODEV;
668 net = sock_net(sk);
669 dev = dev_get_by_name(net, name: sp->sa_addr.pppoe.dev);
670 if (!dev)
671 goto err_put;
672
673 po->pppoe_dev = dev;
674 po->pppoe_ifindex = dev->ifindex;
675 pn = pppoe_pernet(net);
676 if (!(dev->flags & IFF_UP)) {
677 goto err_put;
678 }
679
680 memcpy(&po->pppoe_pa,
681 &sp->sa_addr.pppoe,
682 sizeof(struct pppoe_addr));
683
684 write_lock_bh(&pn->hash_lock);
685 error = __set_item(pn, po);
686 write_unlock_bh(&pn->hash_lock);
687 if (error < 0)
688 goto err_put;
689
690 po->chan.hdrlen = (sizeof(struct pppoe_hdr) +
691 dev->hard_header_len);
692
693 po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr) - 2;
694 po->chan.private = sk;
695 po->chan.ops = &pppoe_chan_ops;
696
697 error = ppp_register_net_channel(dev_net(dev), &po->chan);
698 if (error) {
699 delete_item(pn, sid: po->pppoe_pa.sid,
700 addr: po->pppoe_pa.remote, ifindex: po->pppoe_ifindex);
701 goto err_put;
702 }
703
704 sk->sk_state = PPPOX_CONNECTED;
705 }
706
707 po->num = sp->sa_addr.pppoe.sid;
708
709end:
710 release_sock(sk);
711 return error;
712err_put:
713 if (po->pppoe_dev) {
714 dev_put(dev: po->pppoe_dev);
715 po->pppoe_dev = NULL;
716 }
717 goto end;
718}
719
720static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr,
721 int peer)
722{
723 int len = sizeof(struct sockaddr_pppox);
724 struct sockaddr_pppox sp;
725
726 sp.sa_family = AF_PPPOX;
727 sp.sa_protocol = PX_PROTO_OE;
728 memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa,
729 sizeof(struct pppoe_addr));
730
731 memcpy(uaddr, &sp, len);
732
733 return len;
734}
735
736static int pppoe_ioctl(struct socket *sock, unsigned int cmd,
737 unsigned long arg)
738{
739 struct sock *sk = sock->sk;
740 struct pppox_sock *po = pppox_sk(sk);
741 int val;
742 int err;
743
744 switch (cmd) {
745 case PPPIOCGMRU:
746 err = -ENXIO;
747 if (!(sk->sk_state & PPPOX_CONNECTED))
748 break;
749
750 err = -EFAULT;
751 if (put_user(po->pppoe_dev->mtu -
752 sizeof(struct pppoe_hdr) -
753 PPP_HDRLEN,
754 (int __user *)arg))
755 break;
756 err = 0;
757 break;
758
759 case PPPIOCSMRU:
760 err = -ENXIO;
761 if (!(sk->sk_state & PPPOX_CONNECTED))
762 break;
763
764 err = -EFAULT;
765 if (get_user(val, (int __user *)arg))
766 break;
767
768 if (val < (po->pppoe_dev->mtu
769 - sizeof(struct pppoe_hdr)
770 - PPP_HDRLEN))
771 err = 0;
772 else
773 err = -EINVAL;
774 break;
775
776 case PPPIOCSFLAGS:
777 err = -EFAULT;
778 if (get_user(val, (int __user *)arg))
779 break;
780 err = 0;
781 break;
782
783 case PPPOEIOCSFWD:
784 {
785 struct pppox_sock *relay_po;
786
787 err = -EBUSY;
788 if (sk->sk_state & (PPPOX_BOUND | PPPOX_DEAD))
789 break;
790
791 err = -ENOTCONN;
792 if (!(sk->sk_state & PPPOX_CONNECTED))
793 break;
794
795 /* PPPoE address from the user specifies an outbound
796 PPPoE address which frames are forwarded to */
797 err = -EFAULT;
798 if (copy_from_user(to: &po->pppoe_relay,
799 from: (void __user *)arg,
800 n: sizeof(struct sockaddr_pppox)))
801 break;
802
803 err = -EINVAL;
804 if (po->pppoe_relay.sa_family != AF_PPPOX ||
805 po->pppoe_relay.sa_protocol != PX_PROTO_OE)
806 break;
807
808 /* Check that the socket referenced by the address
809 actually exists. */
810 relay_po = get_item_by_addr(net: sock_net(sk), sp: &po->pppoe_relay);
811 if (!relay_po)
812 break;
813
814 sock_put(sk: sk_pppox(po: relay_po));
815 sk->sk_state |= PPPOX_RELAY;
816 err = 0;
817 break;
818 }
819
820 case PPPOEIOCDFWD:
821 err = -EALREADY;
822 if (!(sk->sk_state & PPPOX_RELAY))
823 break;
824
825 sk->sk_state &= ~PPPOX_RELAY;
826 err = 0;
827 break;
828
829 default:
830 err = -ENOTTY;
831 }
832
833 return err;
834}
835
836static int pppoe_sendmsg(struct socket *sock, struct msghdr *m,
837 size_t total_len)
838{
839 struct sk_buff *skb;
840 struct sock *sk = sock->sk;
841 struct pppox_sock *po = pppox_sk(sk);
842 int error;
843 struct pppoe_hdr hdr;
844 struct pppoe_hdr *ph;
845 struct net_device *dev;
846 char *start;
847 int hlen;
848
849 lock_sock(sk);
850 if (sock_flag(sk, flag: SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) {
851 error = -ENOTCONN;
852 goto end;
853 }
854
855 hdr.ver = 1;
856 hdr.type = 1;
857 hdr.code = 0;
858 hdr.sid = po->num;
859
860 dev = po->pppoe_dev;
861
862 error = -EMSGSIZE;
863 if (total_len > (dev->mtu + dev->hard_header_len))
864 goto end;
865
866 hlen = LL_RESERVED_SPACE(dev);
867 skb = sock_wmalloc(sk, size: hlen + sizeof(*ph) + total_len +
868 dev->needed_tailroom, force: 0, GFP_KERNEL);
869 if (!skb) {
870 error = -ENOMEM;
871 goto end;
872 }
873
874 /* Reserve space for headers. */
875 skb_reserve(skb, len: hlen);
876 skb_reset_network_header(skb);
877
878 skb->dev = dev;
879
880 skb->priority = READ_ONCE(sk->sk_priority);
881 skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
882
883 ph = skb_put(skb, len: total_len + sizeof(struct pppoe_hdr));
884 start = (char *)&ph->tag[0];
885
886 error = memcpy_from_msg(data: start, msg: m, len: total_len);
887 if (error < 0) {
888 kfree_skb(skb);
889 goto end;
890 }
891
892 error = total_len;
893 dev_hard_header(skb, dev, ETH_P_PPP_SES,
894 daddr: po->pppoe_pa.remote, NULL, len: total_len);
895
896 memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
897
898 ph->length = htons(total_len);
899
900 dev_queue_xmit(skb);
901
902end:
903 release_sock(sk);
904 return error;
905}
906
907/************************************************************************
908 *
909 * xmit function for internal use.
910 *
911 ***********************************************************************/
912static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb)
913{
914 struct pppox_sock *po = pppox_sk(sk);
915 struct net_device *dev = po->pppoe_dev;
916 struct pppoe_hdr *ph;
917 int data_len = skb->len;
918
919 /* The higher-level PPP code (ppp_unregister_channel()) ensures the PPP
920 * xmit operations conclude prior to an unregistration call. Thus
921 * sk->sk_state cannot change, so we don't need to do lock_sock().
922 * But, we also can't do a lock_sock since that introduces a potential
923 * deadlock as we'd reverse the lock ordering used when calling
924 * ppp_unregister_channel().
925 */
926
927 if (sock_flag(sk, flag: SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
928 goto abort;
929
930 if (!dev)
931 goto abort;
932
933 /* Copy the data if there is no space for the header or if it's
934 * read-only.
935 */
936 if (skb_cow_head(skb, LL_RESERVED_SPACE(dev) + sizeof(*ph)))
937 goto abort;
938
939 __skb_push(skb, len: sizeof(*ph));
940 skb_reset_network_header(skb);
941
942 ph = pppoe_hdr(skb);
943 ph->ver = 1;
944 ph->type = 1;
945 ph->code = 0;
946 ph->sid = po->num;
947 ph->length = htons(data_len);
948
949 skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
950 skb->dev = dev;
951
952 dev_hard_header(skb, dev, ETH_P_PPP_SES,
953 daddr: po->pppoe_pa.remote, NULL, len: data_len);
954
955 dev_queue_xmit(skb);
956 return 1;
957
958abort:
959 kfree_skb(skb);
960 return 1;
961}
962
963/************************************************************************
964 *
965 * xmit function called by generic PPP driver
966 * sends PPP frame over PPPoE socket
967 *
968 ***********************************************************************/
969static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb)
970{
971 struct sock *sk = chan->private;
972 return __pppoe_xmit(sk, skb);
973}
974
975static int pppoe_fill_forward_path(struct net_device_path_ctx *ctx,
976 struct net_device_path *path,
977 const struct ppp_channel *chan)
978{
979 struct sock *sk = chan->private;
980 struct pppox_sock *po = pppox_sk(sk);
981 struct net_device *dev = po->pppoe_dev;
982
983 if (sock_flag(sk, flag: SOCK_DEAD) ||
984 !(sk->sk_state & PPPOX_CONNECTED) || !dev)
985 return -1;
986
987 path->type = DEV_PATH_PPPOE;
988 path->encap.proto = htons(ETH_P_PPP_SES);
989 path->encap.id = be16_to_cpu(po->num);
990 memcpy(path->encap.h_dest, po->pppoe_pa.remote, ETH_ALEN);
991 memcpy(ctx->daddr, po->pppoe_pa.remote, ETH_ALEN);
992 path->dev = ctx->dev;
993 ctx->dev = dev;
994
995 return 0;
996}
997
998static const struct ppp_channel_ops pppoe_chan_ops = {
999 .start_xmit = pppoe_xmit,
1000 .fill_forward_path = pppoe_fill_forward_path,
1001};
1002
1003static int pppoe_recvmsg(struct socket *sock, struct msghdr *m,
1004 size_t total_len, int flags)
1005{
1006 struct sock *sk = sock->sk;
1007 struct sk_buff *skb;
1008 int error = 0;
1009
1010 if (sk->sk_state & PPPOX_BOUND) {
1011 error = -EIO;
1012 goto end;
1013 }
1014
1015 skb = skb_recv_datagram(sk, flags, err: &error);
1016 if (error < 0)
1017 goto end;
1018
1019 if (skb) {
1020 total_len = min_t(size_t, total_len, skb->len);
1021 error = skb_copy_datagram_msg(from: skb, offset: 0, msg: m, size: total_len);
1022 if (error == 0) {
1023 consume_skb(skb);
1024 return total_len;
1025 }
1026 }
1027
1028 kfree_skb(skb);
1029end:
1030 return error;
1031}
1032
1033#ifdef CONFIG_PROC_FS
1034static int pppoe_seq_show(struct seq_file *seq, void *v)
1035{
1036 struct pppox_sock *po;
1037 char *dev_name;
1038
1039 if (v == SEQ_START_TOKEN) {
1040 seq_puts(m: seq, s: "Id Address Device\n");
1041 goto out;
1042 }
1043
1044 po = v;
1045 dev_name = po->pppoe_pa.dev;
1046
1047 seq_printf(m: seq, fmt: "%08X %pM %8s\n",
1048 po->pppoe_pa.sid, po->pppoe_pa.remote, dev_name);
1049out:
1050 return 0;
1051}
1052
1053static inline struct pppox_sock *pppoe_get_idx(struct pppoe_net *pn, loff_t pos)
1054{
1055 struct pppox_sock *po;
1056 int i;
1057
1058 for (i = 0; i < PPPOE_HASH_SIZE; i++) {
1059 po = pn->hash_table[i];
1060 while (po) {
1061 if (!pos--)
1062 goto out;
1063 po = po->next;
1064 }
1065 }
1066
1067out:
1068 return po;
1069}
1070
1071static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos)
1072 __acquires(pn->hash_lock)
1073{
1074 struct pppoe_net *pn = pppoe_pernet(net: seq_file_net(seq));
1075 loff_t l = *pos;
1076
1077 read_lock_bh(&pn->hash_lock);
1078 return l ? pppoe_get_idx(pn, pos: --l) : SEQ_START_TOKEN;
1079}
1080
1081static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1082{
1083 struct pppoe_net *pn = pppoe_pernet(net: seq_file_net(seq));
1084 struct pppox_sock *po;
1085
1086 ++*pos;
1087 if (v == SEQ_START_TOKEN) {
1088 po = pppoe_get_idx(pn, pos: 0);
1089 goto out;
1090 }
1091 po = v;
1092 if (po->next)
1093 po = po->next;
1094 else {
1095 int hash = hash_item(sid: po->pppoe_pa.sid, addr: po->pppoe_pa.remote);
1096
1097 po = NULL;
1098 while (++hash < PPPOE_HASH_SIZE) {
1099 po = pn->hash_table[hash];
1100 if (po)
1101 break;
1102 }
1103 }
1104
1105out:
1106 return po;
1107}
1108
1109static void pppoe_seq_stop(struct seq_file *seq, void *v)
1110 __releases(pn->hash_lock)
1111{
1112 struct pppoe_net *pn = pppoe_pernet(net: seq_file_net(seq));
1113 read_unlock_bh(&pn->hash_lock);
1114}
1115
1116static const struct seq_operations pppoe_seq_ops = {
1117 .start = pppoe_seq_start,
1118 .next = pppoe_seq_next,
1119 .stop = pppoe_seq_stop,
1120 .show = pppoe_seq_show,
1121};
1122#endif /* CONFIG_PROC_FS */
1123
1124static const struct proto_ops pppoe_ops = {
1125 .family = AF_PPPOX,
1126 .owner = THIS_MODULE,
1127 .release = pppoe_release,
1128 .bind = sock_no_bind,
1129 .connect = pppoe_connect,
1130 .socketpair = sock_no_socketpair,
1131 .accept = sock_no_accept,
1132 .getname = pppoe_getname,
1133 .poll = datagram_poll,
1134 .listen = sock_no_listen,
1135 .shutdown = sock_no_shutdown,
1136 .sendmsg = pppoe_sendmsg,
1137 .recvmsg = pppoe_recvmsg,
1138 .mmap = sock_no_mmap,
1139 .ioctl = pppox_ioctl,
1140#ifdef CONFIG_COMPAT
1141 .compat_ioctl = pppox_compat_ioctl,
1142#endif
1143};
1144
1145static const struct pppox_proto pppoe_proto = {
1146 .create = pppoe_create,
1147 .ioctl = pppoe_ioctl,
1148 .owner = THIS_MODULE,
1149};
1150
1151static __net_init int pppoe_init_net(struct net *net)
1152{
1153 struct pppoe_net *pn = pppoe_pernet(net);
1154 struct proc_dir_entry *pde;
1155
1156 rwlock_init(&pn->hash_lock);
1157
1158 pde = proc_create_net("pppoe", 0444, net->proc_net,
1159 &pppoe_seq_ops, sizeof(struct seq_net_private));
1160#ifdef CONFIG_PROC_FS
1161 if (!pde)
1162 return -ENOMEM;
1163#endif
1164
1165 return 0;
1166}
1167
1168static __net_exit void pppoe_exit_net(struct net *net)
1169{
1170 remove_proc_entry("pppoe", net->proc_net);
1171}
1172
1173static struct pernet_operations pppoe_net_ops = {
1174 .init = pppoe_init_net,
1175 .exit = pppoe_exit_net,
1176 .id = &pppoe_net_id,
1177 .size = sizeof(struct pppoe_net),
1178};
1179
1180static int __init pppoe_init(void)
1181{
1182 int err;
1183
1184 err = register_pernet_device(&pppoe_net_ops);
1185 if (err)
1186 goto out;
1187
1188 err = proto_register(prot: &pppoe_sk_proto, alloc_slab: 0);
1189 if (err)
1190 goto out_unregister_net_ops;
1191
1192 err = register_pppox_proto(PX_PROTO_OE, pp: &pppoe_proto);
1193 if (err)
1194 goto out_unregister_pppoe_proto;
1195
1196 dev_add_pack(pt: &pppoes_ptype);
1197 dev_add_pack(pt: &pppoed_ptype);
1198 register_netdevice_notifier(nb: &pppoe_notifier);
1199
1200 return 0;
1201
1202out_unregister_pppoe_proto:
1203 proto_unregister(prot: &pppoe_sk_proto);
1204out_unregister_net_ops:
1205 unregister_pernet_device(&pppoe_net_ops);
1206out:
1207 return err;
1208}
1209
1210static void __exit pppoe_exit(void)
1211{
1212 unregister_netdevice_notifier(nb: &pppoe_notifier);
1213 dev_remove_pack(pt: &pppoed_ptype);
1214 dev_remove_pack(pt: &pppoes_ptype);
1215 unregister_pppox_proto(PX_PROTO_OE);
1216 proto_unregister(prot: &pppoe_sk_proto);
1217 unregister_pernet_device(&pppoe_net_ops);
1218}
1219
1220module_init(pppoe_init);
1221module_exit(pppoe_exit);
1222
1223MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>");
1224MODULE_DESCRIPTION("PPP over Ethernet driver");
1225MODULE_LICENSE("GPL");
1226MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OE);
1227

source code of linux/drivers/net/ppp/pppoe.c