1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /** -*- linux-c -*- *********************************************************** |
3 | * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets |
4 | * |
5 | * PPPoX --- Generic PPP encapsulation socket family |
6 | * PPPoE --- PPP over Ethernet (RFC 2516) |
7 | * |
8 | * Version: 0.7.0 |
9 | * |
10 | * 070228 : Fix to allow multiple sessions with same remote MAC and same |
11 | * session id by including the local device ifindex in the |
12 | * tuple identifying a session. This also ensures packets can't |
13 | * be injected into a session from interfaces other than the one |
14 | * specified by userspace. Florian Zumbiehl <florz@florz.de> |
15 | * (Oh, BTW, this one is YYMMDD, in case you were wondering ...) |
16 | * 220102 : Fix module use count on failure in pppoe_create, pppox_sk -acme |
17 | * 030700 : Fixed connect logic to allow for disconnect. |
18 | * 270700 : Fixed potential SMP problems; we must protect against |
19 | * simultaneous invocation of ppp_input |
20 | * and ppp_unregister_channel. |
21 | * 040800 : Respect reference count mechanisms on net-devices. |
22 | * 200800 : fix kfree(skb) in pppoe_rcv (acme) |
23 | * Module reference count is decremented in the right spot now, |
24 | * guards against sock_put not actually freeing the sk |
25 | * in pppoe_release. |
26 | * 051000 : Initialization cleanup. |
27 | * 111100 : Fix recvmsg. |
28 | * 050101 : Fix PADT processing. |
29 | * 140501 : Use pppoe_rcv_core to handle all backlog. (Alexey) |
30 | * 170701 : Do not lock_sock with rwlock held. (DaveM) |
31 | * Ignore discovery frames if user has socket |
32 | * locked. (DaveM) |
33 | * Ignore return value of dev_queue_xmit in __pppoe_xmit |
34 | * or else we may kfree an SKB twice. (DaveM) |
35 | * 190701 : When doing copies of skb's in __pppoe_xmit, always delete |
36 | * the original skb that was passed in on success, never on |
37 | * failure. Delete the copy of the skb on failure to avoid |
38 | * a memory leak. |
39 | * 081001 : Misc. cleanup (licence string, non-blocking, prevent |
40 | * reference of device on close). |
41 | * 121301 : New ppp channels interface; cannot unregister a channel |
42 | * from interrupts. Thus, we mark the socket as a ZOMBIE |
43 | * and do the unregistration later. |
44 | * 081002 : seq_file support for proc stuff -acme |
45 | * 111602 : Merge all 2.4 fixes into 2.5/2.6 tree. Label 2.5/2.6 |
46 | * as version 0.7. Spacing cleanup. |
47 | * Author: Michal Ostrowski <mostrows@speakeasy.net> |
48 | * Contributors: |
49 | * Arnaldo Carvalho de Melo <acme@conectiva.com.br> |
50 | * David S. Miller (davem@redhat.com) |
51 | * |
52 | * License: |
53 | */ |
54 | |
55 | #include <linux/string.h> |
56 | #include <linux/module.h> |
57 | #include <linux/kernel.h> |
58 | #include <linux/slab.h> |
59 | #include <linux/errno.h> |
60 | #include <linux/netdevice.h> |
61 | #include <linux/net.h> |
62 | #include <linux/inetdevice.h> |
63 | #include <linux/etherdevice.h> |
64 | #include <linux/skbuff.h> |
65 | #include <linux/init.h> |
66 | #include <linux/if_ether.h> |
67 | #include <linux/if_pppox.h> |
68 | #include <linux/ppp_channel.h> |
69 | #include <linux/ppp_defs.h> |
70 | #include <linux/ppp-ioctl.h> |
71 | #include <linux/notifier.h> |
72 | #include <linux/file.h> |
73 | #include <linux/proc_fs.h> |
74 | #include <linux/seq_file.h> |
75 | |
76 | #include <linux/nsproxy.h> |
77 | #include <net/net_namespace.h> |
78 | #include <net/netns/generic.h> |
79 | #include <net/sock.h> |
80 | |
81 | #include <linux/uaccess.h> |
82 | |
83 | #define PPPOE_HASH_BITS CONFIG_PPPOE_HASH_BITS |
84 | #define PPPOE_HASH_SIZE (1 << PPPOE_HASH_BITS) |
85 | #define PPPOE_HASH_MASK (PPPOE_HASH_SIZE - 1) |
86 | |
87 | static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb); |
88 | |
89 | static const struct proto_ops pppoe_ops; |
90 | static const struct ppp_channel_ops pppoe_chan_ops; |
91 | |
92 | /* per-net private data for this module */ |
93 | static unsigned int pppoe_net_id __read_mostly; |
94 | struct pppoe_net { |
95 | /* |
96 | * we could use _single_ hash table for all |
97 | * nets by injecting net id into the hash but |
98 | * it would increase hash chains and add |
99 | * a few additional math comparisons messy |
100 | * as well, moreover in case of SMP less locking |
101 | * controversy here |
102 | */ |
103 | struct pppox_sock *hash_table[PPPOE_HASH_SIZE]; |
104 | rwlock_t hash_lock; |
105 | }; |
106 | |
107 | /* |
108 | * PPPoE could be in the following stages: |
109 | * 1) Discovery stage (to obtain remote MAC and Session ID) |
110 | * 2) Session stage (MAC and SID are known) |
111 | * |
112 | * Ethernet frames have a special tag for this but |
113 | * we use simpler approach based on session id |
114 | */ |
115 | static inline bool stage_session(__be16 sid) |
116 | { |
117 | return sid != 0; |
118 | } |
119 | |
120 | static inline struct pppoe_net *pppoe_pernet(struct net *net) |
121 | { |
122 | return net_generic(net, id: pppoe_net_id); |
123 | } |
124 | |
125 | static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b) |
126 | { |
127 | return a->sid == b->sid && ether_addr_equal(addr1: a->remote, addr2: b->remote); |
128 | } |
129 | |
130 | static inline int cmp_addr(struct pppoe_addr *a, __be16 sid, char *addr) |
131 | { |
132 | return a->sid == sid && ether_addr_equal(addr1: a->remote, addr2: addr); |
133 | } |
134 | |
135 | #if 8 % PPPOE_HASH_BITS |
136 | #error 8 must be a multiple of PPPOE_HASH_BITS |
137 | #endif |
138 | |
139 | static int hash_item(__be16 sid, unsigned char *addr) |
140 | { |
141 | unsigned char hash = 0; |
142 | unsigned int i; |
143 | |
144 | for (i = 0; i < ETH_ALEN; i++) |
145 | hash ^= addr[i]; |
146 | for (i = 0; i < sizeof(sid_t) * 8; i += 8) |
147 | hash ^= (__force __u32)sid >> i; |
148 | for (i = 8; (i >>= 1) >= PPPOE_HASH_BITS;) |
149 | hash ^= hash >> i; |
150 | |
151 | return hash & PPPOE_HASH_MASK; |
152 | } |
153 | |
154 | /********************************************************************** |
155 | * |
156 | * Set/get/delete/rehash items (internal versions) |
157 | * |
158 | **********************************************************************/ |
159 | static struct pppox_sock *__get_item(struct pppoe_net *pn, __be16 sid, |
160 | unsigned char *addr, int ifindex) |
161 | { |
162 | int hash = hash_item(sid, addr); |
163 | struct pppox_sock *ret; |
164 | |
165 | ret = pn->hash_table[hash]; |
166 | while (ret) { |
167 | if (cmp_addr(a: &ret->pppoe_pa, sid, addr) && |
168 | ret->pppoe_ifindex == ifindex) |
169 | return ret; |
170 | |
171 | ret = ret->next; |
172 | } |
173 | |
174 | return NULL; |
175 | } |
176 | |
177 | static int __set_item(struct pppoe_net *pn, struct pppox_sock *po) |
178 | { |
179 | int hash = hash_item(sid: po->pppoe_pa.sid, addr: po->pppoe_pa.remote); |
180 | struct pppox_sock *ret; |
181 | |
182 | ret = pn->hash_table[hash]; |
183 | while (ret) { |
184 | if (cmp_2_addr(a: &ret->pppoe_pa, b: &po->pppoe_pa) && |
185 | ret->pppoe_ifindex == po->pppoe_ifindex) |
186 | return -EALREADY; |
187 | |
188 | ret = ret->next; |
189 | } |
190 | |
191 | po->next = pn->hash_table[hash]; |
192 | pn->hash_table[hash] = po; |
193 | |
194 | return 0; |
195 | } |
196 | |
197 | static void __delete_item(struct pppoe_net *pn, __be16 sid, |
198 | char *addr, int ifindex) |
199 | { |
200 | int hash = hash_item(sid, addr); |
201 | struct pppox_sock *ret, **src; |
202 | |
203 | ret = pn->hash_table[hash]; |
204 | src = &pn->hash_table[hash]; |
205 | |
206 | while (ret) { |
207 | if (cmp_addr(a: &ret->pppoe_pa, sid, addr) && |
208 | ret->pppoe_ifindex == ifindex) { |
209 | *src = ret->next; |
210 | break; |
211 | } |
212 | |
213 | src = &ret->next; |
214 | ret = ret->next; |
215 | } |
216 | } |
217 | |
218 | /********************************************************************** |
219 | * |
220 | * Set/get/delete/rehash items |
221 | * |
222 | **********************************************************************/ |
223 | static inline struct pppox_sock *get_item(struct pppoe_net *pn, __be16 sid, |
224 | unsigned char *addr, int ifindex) |
225 | { |
226 | struct pppox_sock *po; |
227 | |
228 | read_lock_bh(&pn->hash_lock); |
229 | po = __get_item(pn, sid, addr, ifindex); |
230 | if (po) |
231 | sock_hold(sk: sk_pppox(po)); |
232 | read_unlock_bh(&pn->hash_lock); |
233 | |
234 | return po; |
235 | } |
236 | |
237 | static inline struct pppox_sock *get_item_by_addr(struct net *net, |
238 | struct sockaddr_pppox *sp) |
239 | { |
240 | struct net_device *dev; |
241 | struct pppoe_net *pn; |
242 | struct pppox_sock *pppox_sock = NULL; |
243 | |
244 | int ifindex; |
245 | |
246 | rcu_read_lock(); |
247 | dev = dev_get_by_name_rcu(net, name: sp->sa_addr.pppoe.dev); |
248 | if (dev) { |
249 | ifindex = dev->ifindex; |
250 | pn = pppoe_pernet(net); |
251 | pppox_sock = get_item(pn, sid: sp->sa_addr.pppoe.sid, |
252 | addr: sp->sa_addr.pppoe.remote, ifindex); |
253 | } |
254 | rcu_read_unlock(); |
255 | return pppox_sock; |
256 | } |
257 | |
258 | static inline void delete_item(struct pppoe_net *pn, __be16 sid, |
259 | char *addr, int ifindex) |
260 | { |
261 | write_lock_bh(&pn->hash_lock); |
262 | __delete_item(pn, sid, addr, ifindex); |
263 | write_unlock_bh(&pn->hash_lock); |
264 | } |
265 | |
266 | /*************************************************************************** |
267 | * |
268 | * Handler for device events. |
269 | * Certain device events require that sockets be unconnected. |
270 | * |
271 | **************************************************************************/ |
272 | |
273 | static void pppoe_flush_dev(struct net_device *dev) |
274 | { |
275 | struct pppoe_net *pn; |
276 | int i; |
277 | |
278 | pn = pppoe_pernet(net: dev_net(dev)); |
279 | write_lock_bh(&pn->hash_lock); |
280 | for (i = 0; i < PPPOE_HASH_SIZE; i++) { |
281 | struct pppox_sock *po = pn->hash_table[i]; |
282 | struct sock *sk; |
283 | |
284 | while (po) { |
285 | while (po && po->pppoe_dev != dev) { |
286 | po = po->next; |
287 | } |
288 | |
289 | if (!po) |
290 | break; |
291 | |
292 | sk = sk_pppox(po); |
293 | |
294 | /* We always grab the socket lock, followed by the |
295 | * hash_lock, in that order. Since we should hold the |
296 | * sock lock while doing any unbinding, we need to |
297 | * release the lock we're holding. Hold a reference to |
298 | * the sock so it doesn't disappear as we're jumping |
299 | * between locks. |
300 | */ |
301 | |
302 | sock_hold(sk); |
303 | write_unlock_bh(&pn->hash_lock); |
304 | lock_sock(sk); |
305 | |
306 | if (po->pppoe_dev == dev && |
307 | sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) { |
308 | pppox_unbind_sock(sk); |
309 | sk->sk_state_change(sk); |
310 | po->pppoe_dev = NULL; |
311 | dev_put(dev); |
312 | } |
313 | |
314 | release_sock(sk); |
315 | sock_put(sk); |
316 | |
317 | /* Restart the process from the start of the current |
318 | * hash chain. We dropped locks so the world may have |
319 | * change from underneath us. |
320 | */ |
321 | |
322 | BUG_ON(pppoe_pernet(dev_net(dev)) == NULL); |
323 | write_lock_bh(&pn->hash_lock); |
324 | po = pn->hash_table[i]; |
325 | } |
326 | } |
327 | write_unlock_bh(&pn->hash_lock); |
328 | } |
329 | |
330 | static int pppoe_device_event(struct notifier_block *this, |
331 | unsigned long event, void *ptr) |
332 | { |
333 | struct net_device *dev = netdev_notifier_info_to_dev(info: ptr); |
334 | |
335 | /* Only look at sockets that are using this specific device. */ |
336 | switch (event) { |
337 | case NETDEV_CHANGEADDR: |
338 | case NETDEV_CHANGEMTU: |
339 | /* A change in mtu or address is a bad thing, requiring |
340 | * LCP re-negotiation. |
341 | */ |
342 | |
343 | case NETDEV_GOING_DOWN: |
344 | case NETDEV_DOWN: |
345 | /* Find every socket on this device and kill it. */ |
346 | pppoe_flush_dev(dev); |
347 | break; |
348 | |
349 | default: |
350 | break; |
351 | } |
352 | |
353 | return NOTIFY_DONE; |
354 | } |
355 | |
356 | static struct notifier_block pppoe_notifier = { |
357 | .notifier_call = pppoe_device_event, |
358 | }; |
359 | |
360 | /************************************************************************ |
361 | * |
362 | * Do the real work of receiving a PPPoE Session frame. |
363 | * |
364 | ***********************************************************************/ |
365 | static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb) |
366 | { |
367 | struct pppox_sock *po = pppox_sk(sk); |
368 | struct pppox_sock *relay_po; |
369 | |
370 | /* Backlog receive. Semantics of backlog rcv preclude any code from |
371 | * executing in lock_sock()/release_sock() bounds; meaning sk->sk_state |
372 | * can't change. |
373 | */ |
374 | |
375 | if (skb->pkt_type == PACKET_OTHERHOST) |
376 | goto abort_kfree; |
377 | |
378 | if (sk->sk_state & PPPOX_BOUND) { |
379 | ppp_input(&po->chan, skb); |
380 | } else if (sk->sk_state & PPPOX_RELAY) { |
381 | relay_po = get_item_by_addr(net: sock_net(sk), |
382 | sp: &po->pppoe_relay); |
383 | if (relay_po == NULL) |
384 | goto abort_kfree; |
385 | |
386 | if ((sk_pppox(po: relay_po)->sk_state & PPPOX_CONNECTED) == 0) |
387 | goto abort_put; |
388 | |
389 | if (!__pppoe_xmit(sk: sk_pppox(po: relay_po), skb)) |
390 | goto abort_put; |
391 | |
392 | sock_put(sk: sk_pppox(po: relay_po)); |
393 | } else { |
394 | if (sock_queue_rcv_skb(sk, skb)) |
395 | goto abort_kfree; |
396 | } |
397 | |
398 | return NET_RX_SUCCESS; |
399 | |
400 | abort_put: |
401 | sock_put(sk: sk_pppox(po: relay_po)); |
402 | |
403 | abort_kfree: |
404 | kfree_skb(skb); |
405 | return NET_RX_DROP; |
406 | } |
407 | |
408 | /************************************************************************ |
409 | * |
410 | * Receive wrapper called in BH context. |
411 | * |
412 | ***********************************************************************/ |
413 | static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev, |
414 | struct packet_type *pt, struct net_device *orig_dev) |
415 | { |
416 | struct pppoe_hdr *ph; |
417 | struct pppox_sock *po; |
418 | struct pppoe_net *pn; |
419 | int len; |
420 | |
421 | skb = skb_share_check(skb, GFP_ATOMIC); |
422 | if (!skb) |
423 | goto out; |
424 | |
425 | if (skb_mac_header_len(skb) < ETH_HLEN) |
426 | goto drop; |
427 | |
428 | if (!pskb_may_pull(skb, len: sizeof(struct pppoe_hdr))) |
429 | goto drop; |
430 | |
431 | ph = pppoe_hdr(skb); |
432 | len = ntohs(ph->length); |
433 | |
434 | skb_pull_rcsum(skb, len: sizeof(*ph)); |
435 | if (skb->len < len) |
436 | goto drop; |
437 | |
438 | if (pskb_trim_rcsum(skb, len)) |
439 | goto drop; |
440 | |
441 | ph = pppoe_hdr(skb); |
442 | pn = pppoe_pernet(net: dev_net(dev)); |
443 | |
444 | /* Note that get_item does a sock_hold(), so sk_pppox(po) |
445 | * is known to be safe. |
446 | */ |
447 | po = get_item(pn, sid: ph->sid, addr: eth_hdr(skb)->h_source, ifindex: dev->ifindex); |
448 | if (!po) |
449 | goto drop; |
450 | |
451 | return sk_receive_skb(sk: sk_pppox(po), skb, nested: 0); |
452 | |
453 | drop: |
454 | kfree_skb(skb); |
455 | out: |
456 | return NET_RX_DROP; |
457 | } |
458 | |
459 | static void pppoe_unbind_sock_work(struct work_struct *work) |
460 | { |
461 | struct pppox_sock *po = container_of(work, struct pppox_sock, |
462 | proto.pppoe.padt_work); |
463 | struct sock *sk = sk_pppox(po); |
464 | |
465 | lock_sock(sk); |
466 | if (po->pppoe_dev) { |
467 | dev_put(dev: po->pppoe_dev); |
468 | po->pppoe_dev = NULL; |
469 | } |
470 | pppox_unbind_sock(sk); |
471 | release_sock(sk); |
472 | sock_put(sk); |
473 | } |
474 | |
475 | /************************************************************************ |
476 | * |
477 | * Receive a PPPoE Discovery frame. |
478 | * This is solely for detection of PADT frames |
479 | * |
480 | ***********************************************************************/ |
481 | static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev, |
482 | struct packet_type *pt, struct net_device *orig_dev) |
483 | |
484 | { |
485 | struct pppoe_hdr *ph; |
486 | struct pppox_sock *po; |
487 | struct pppoe_net *pn; |
488 | |
489 | skb = skb_share_check(skb, GFP_ATOMIC); |
490 | if (!skb) |
491 | goto out; |
492 | |
493 | if (skb->pkt_type != PACKET_HOST) |
494 | goto abort; |
495 | |
496 | if (!pskb_may_pull(skb, len: sizeof(struct pppoe_hdr))) |
497 | goto abort; |
498 | |
499 | ph = pppoe_hdr(skb); |
500 | if (ph->code != PADT_CODE) |
501 | goto abort; |
502 | |
503 | pn = pppoe_pernet(net: dev_net(dev)); |
504 | po = get_item(pn, sid: ph->sid, addr: eth_hdr(skb)->h_source, ifindex: dev->ifindex); |
505 | if (po) |
506 | if (!schedule_work(work: &po->proto.pppoe.padt_work)) |
507 | sock_put(sk: sk_pppox(po)); |
508 | |
509 | abort: |
510 | kfree_skb(skb); |
511 | out: |
512 | return NET_RX_SUCCESS; /* Lies... :-) */ |
513 | } |
514 | |
515 | static struct packet_type pppoes_ptype __read_mostly = { |
516 | .type = cpu_to_be16(ETH_P_PPP_SES), |
517 | .func = pppoe_rcv, |
518 | }; |
519 | |
520 | static struct packet_type pppoed_ptype __read_mostly = { |
521 | .type = cpu_to_be16(ETH_P_PPP_DISC), |
522 | .func = pppoe_disc_rcv, |
523 | }; |
524 | |
525 | static struct proto pppoe_sk_proto __read_mostly = { |
526 | .name = "PPPOE" , |
527 | .owner = THIS_MODULE, |
528 | .obj_size = sizeof(struct pppox_sock), |
529 | }; |
530 | |
531 | /*********************************************************************** |
532 | * |
533 | * Initialize a new struct sock. |
534 | * |
535 | **********************************************************************/ |
536 | static int pppoe_create(struct net *net, struct socket *sock, int kern) |
537 | { |
538 | struct sock *sk; |
539 | |
540 | sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, prot: &pppoe_sk_proto, kern); |
541 | if (!sk) |
542 | return -ENOMEM; |
543 | |
544 | sock_init_data(sock, sk); |
545 | |
546 | sock->state = SS_UNCONNECTED; |
547 | sock->ops = &pppoe_ops; |
548 | |
549 | sk->sk_backlog_rcv = pppoe_rcv_core; |
550 | sk->sk_state = PPPOX_NONE; |
551 | sk->sk_type = SOCK_STREAM; |
552 | sk->sk_family = PF_PPPOX; |
553 | sk->sk_protocol = PX_PROTO_OE; |
554 | |
555 | INIT_WORK(&pppox_sk(sk)->proto.pppoe.padt_work, |
556 | pppoe_unbind_sock_work); |
557 | |
558 | return 0; |
559 | } |
560 | |
561 | static int pppoe_release(struct socket *sock) |
562 | { |
563 | struct sock *sk = sock->sk; |
564 | struct pppox_sock *po; |
565 | struct pppoe_net *pn; |
566 | struct net *net = NULL; |
567 | |
568 | if (!sk) |
569 | return 0; |
570 | |
571 | lock_sock(sk); |
572 | if (sock_flag(sk, flag: SOCK_DEAD)) { |
573 | release_sock(sk); |
574 | return -EBADF; |
575 | } |
576 | |
577 | po = pppox_sk(sk); |
578 | |
579 | if (po->pppoe_dev) { |
580 | dev_put(dev: po->pppoe_dev); |
581 | po->pppoe_dev = NULL; |
582 | } |
583 | |
584 | pppox_unbind_sock(sk); |
585 | |
586 | /* Signal the death of the socket. */ |
587 | sk->sk_state = PPPOX_DEAD; |
588 | |
589 | net = sock_net(sk); |
590 | pn = pppoe_pernet(net); |
591 | |
592 | /* |
593 | * protect "po" from concurrent updates |
594 | * on pppoe_flush_dev |
595 | */ |
596 | delete_item(pn, sid: po->pppoe_pa.sid, addr: po->pppoe_pa.remote, |
597 | ifindex: po->pppoe_ifindex); |
598 | |
599 | sock_orphan(sk); |
600 | sock->sk = NULL; |
601 | |
602 | skb_queue_purge(list: &sk->sk_receive_queue); |
603 | release_sock(sk); |
604 | sock_put(sk); |
605 | |
606 | return 0; |
607 | } |
608 | |
609 | static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, |
610 | int sockaddr_len, int flags) |
611 | { |
612 | struct sock *sk = sock->sk; |
613 | struct sockaddr_pppox *sp = (struct sockaddr_pppox *)uservaddr; |
614 | struct pppox_sock *po = pppox_sk(sk); |
615 | struct net_device *dev = NULL; |
616 | struct pppoe_net *pn; |
617 | struct net *net = NULL; |
618 | int error; |
619 | |
620 | lock_sock(sk); |
621 | |
622 | error = -EINVAL; |
623 | |
624 | if (sockaddr_len != sizeof(struct sockaddr_pppox)) |
625 | goto end; |
626 | |
627 | if (sp->sa_protocol != PX_PROTO_OE) |
628 | goto end; |
629 | |
630 | /* Check for already bound sockets */ |
631 | error = -EBUSY; |
632 | if ((sk->sk_state & PPPOX_CONNECTED) && |
633 | stage_session(sid: sp->sa_addr.pppoe.sid)) |
634 | goto end; |
635 | |
636 | /* Check for already disconnected sockets, on attempts to disconnect */ |
637 | error = -EALREADY; |
638 | if ((sk->sk_state & PPPOX_DEAD) && |
639 | !stage_session(sid: sp->sa_addr.pppoe.sid)) |
640 | goto end; |
641 | |
642 | error = 0; |
643 | |
644 | /* Delete the old binding */ |
645 | if (stage_session(sid: po->pppoe_pa.sid)) { |
646 | pppox_unbind_sock(sk); |
647 | pn = pppoe_pernet(net: sock_net(sk)); |
648 | delete_item(pn, sid: po->pppoe_pa.sid, |
649 | addr: po->pppoe_pa.remote, ifindex: po->pppoe_ifindex); |
650 | if (po->pppoe_dev) { |
651 | dev_put(dev: po->pppoe_dev); |
652 | po->pppoe_dev = NULL; |
653 | } |
654 | |
655 | po->pppoe_ifindex = 0; |
656 | memset(&po->pppoe_pa, 0, sizeof(po->pppoe_pa)); |
657 | memset(&po->pppoe_relay, 0, sizeof(po->pppoe_relay)); |
658 | memset(&po->chan, 0, sizeof(po->chan)); |
659 | po->next = NULL; |
660 | po->num = 0; |
661 | |
662 | sk->sk_state = PPPOX_NONE; |
663 | } |
664 | |
665 | /* Re-bind in session stage only */ |
666 | if (stage_session(sid: sp->sa_addr.pppoe.sid)) { |
667 | error = -ENODEV; |
668 | net = sock_net(sk); |
669 | dev = dev_get_by_name(net, name: sp->sa_addr.pppoe.dev); |
670 | if (!dev) |
671 | goto err_put; |
672 | |
673 | po->pppoe_dev = dev; |
674 | po->pppoe_ifindex = dev->ifindex; |
675 | pn = pppoe_pernet(net); |
676 | if (!(dev->flags & IFF_UP)) { |
677 | goto err_put; |
678 | } |
679 | |
680 | memcpy(&po->pppoe_pa, |
681 | &sp->sa_addr.pppoe, |
682 | sizeof(struct pppoe_addr)); |
683 | |
684 | write_lock_bh(&pn->hash_lock); |
685 | error = __set_item(pn, po); |
686 | write_unlock_bh(&pn->hash_lock); |
687 | if (error < 0) |
688 | goto err_put; |
689 | |
690 | po->chan.hdrlen = (sizeof(struct pppoe_hdr) + |
691 | dev->hard_header_len); |
692 | |
693 | po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr) - 2; |
694 | po->chan.private = sk; |
695 | po->chan.ops = &pppoe_chan_ops; |
696 | |
697 | error = ppp_register_net_channel(dev_net(dev), &po->chan); |
698 | if (error) { |
699 | delete_item(pn, sid: po->pppoe_pa.sid, |
700 | addr: po->pppoe_pa.remote, ifindex: po->pppoe_ifindex); |
701 | goto err_put; |
702 | } |
703 | |
704 | sk->sk_state = PPPOX_CONNECTED; |
705 | } |
706 | |
707 | po->num = sp->sa_addr.pppoe.sid; |
708 | |
709 | end: |
710 | release_sock(sk); |
711 | return error; |
712 | err_put: |
713 | if (po->pppoe_dev) { |
714 | dev_put(dev: po->pppoe_dev); |
715 | po->pppoe_dev = NULL; |
716 | } |
717 | goto end; |
718 | } |
719 | |
720 | static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr, |
721 | int peer) |
722 | { |
723 | int len = sizeof(struct sockaddr_pppox); |
724 | struct sockaddr_pppox sp; |
725 | |
726 | sp.sa_family = AF_PPPOX; |
727 | sp.sa_protocol = PX_PROTO_OE; |
728 | memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa, |
729 | sizeof(struct pppoe_addr)); |
730 | |
731 | memcpy(uaddr, &sp, len); |
732 | |
733 | return len; |
734 | } |
735 | |
736 | static int pppoe_ioctl(struct socket *sock, unsigned int cmd, |
737 | unsigned long arg) |
738 | { |
739 | struct sock *sk = sock->sk; |
740 | struct pppox_sock *po = pppox_sk(sk); |
741 | int val; |
742 | int err; |
743 | |
744 | switch (cmd) { |
745 | case PPPIOCGMRU: |
746 | err = -ENXIO; |
747 | if (!(sk->sk_state & PPPOX_CONNECTED)) |
748 | break; |
749 | |
750 | err = -EFAULT; |
751 | if (put_user(po->pppoe_dev->mtu - |
752 | sizeof(struct pppoe_hdr) - |
753 | PPP_HDRLEN, |
754 | (int __user *)arg)) |
755 | break; |
756 | err = 0; |
757 | break; |
758 | |
759 | case PPPIOCSMRU: |
760 | err = -ENXIO; |
761 | if (!(sk->sk_state & PPPOX_CONNECTED)) |
762 | break; |
763 | |
764 | err = -EFAULT; |
765 | if (get_user(val, (int __user *)arg)) |
766 | break; |
767 | |
768 | if (val < (po->pppoe_dev->mtu |
769 | - sizeof(struct pppoe_hdr) |
770 | - PPP_HDRLEN)) |
771 | err = 0; |
772 | else |
773 | err = -EINVAL; |
774 | break; |
775 | |
776 | case PPPIOCSFLAGS: |
777 | err = -EFAULT; |
778 | if (get_user(val, (int __user *)arg)) |
779 | break; |
780 | err = 0; |
781 | break; |
782 | |
783 | case PPPOEIOCSFWD: |
784 | { |
785 | struct pppox_sock *relay_po; |
786 | |
787 | err = -EBUSY; |
788 | if (sk->sk_state & (PPPOX_BOUND | PPPOX_DEAD)) |
789 | break; |
790 | |
791 | err = -ENOTCONN; |
792 | if (!(sk->sk_state & PPPOX_CONNECTED)) |
793 | break; |
794 | |
795 | /* PPPoE address from the user specifies an outbound |
796 | PPPoE address which frames are forwarded to */ |
797 | err = -EFAULT; |
798 | if (copy_from_user(to: &po->pppoe_relay, |
799 | from: (void __user *)arg, |
800 | n: sizeof(struct sockaddr_pppox))) |
801 | break; |
802 | |
803 | err = -EINVAL; |
804 | if (po->pppoe_relay.sa_family != AF_PPPOX || |
805 | po->pppoe_relay.sa_protocol != PX_PROTO_OE) |
806 | break; |
807 | |
808 | /* Check that the socket referenced by the address |
809 | actually exists. */ |
810 | relay_po = get_item_by_addr(net: sock_net(sk), sp: &po->pppoe_relay); |
811 | if (!relay_po) |
812 | break; |
813 | |
814 | sock_put(sk: sk_pppox(po: relay_po)); |
815 | sk->sk_state |= PPPOX_RELAY; |
816 | err = 0; |
817 | break; |
818 | } |
819 | |
820 | case PPPOEIOCDFWD: |
821 | err = -EALREADY; |
822 | if (!(sk->sk_state & PPPOX_RELAY)) |
823 | break; |
824 | |
825 | sk->sk_state &= ~PPPOX_RELAY; |
826 | err = 0; |
827 | break; |
828 | |
829 | default: |
830 | err = -ENOTTY; |
831 | } |
832 | |
833 | return err; |
834 | } |
835 | |
836 | static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, |
837 | size_t total_len) |
838 | { |
839 | struct sk_buff *skb; |
840 | struct sock *sk = sock->sk; |
841 | struct pppox_sock *po = pppox_sk(sk); |
842 | int error; |
843 | struct pppoe_hdr hdr; |
844 | struct pppoe_hdr *ph; |
845 | struct net_device *dev; |
846 | char *start; |
847 | int hlen; |
848 | |
849 | lock_sock(sk); |
850 | if (sock_flag(sk, flag: SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) { |
851 | error = -ENOTCONN; |
852 | goto end; |
853 | } |
854 | |
855 | hdr.ver = 1; |
856 | hdr.type = 1; |
857 | hdr.code = 0; |
858 | hdr.sid = po->num; |
859 | |
860 | dev = po->pppoe_dev; |
861 | |
862 | error = -EMSGSIZE; |
863 | if (total_len > (dev->mtu + dev->hard_header_len)) |
864 | goto end; |
865 | |
866 | hlen = LL_RESERVED_SPACE(dev); |
867 | skb = sock_wmalloc(sk, size: hlen + sizeof(*ph) + total_len + |
868 | dev->needed_tailroom, force: 0, GFP_KERNEL); |
869 | if (!skb) { |
870 | error = -ENOMEM; |
871 | goto end; |
872 | } |
873 | |
874 | /* Reserve space for headers. */ |
875 | skb_reserve(skb, len: hlen); |
876 | skb_reset_network_header(skb); |
877 | |
878 | skb->dev = dev; |
879 | |
880 | skb->priority = READ_ONCE(sk->sk_priority); |
881 | skb->protocol = cpu_to_be16(ETH_P_PPP_SES); |
882 | |
883 | ph = skb_put(skb, len: total_len + sizeof(struct pppoe_hdr)); |
884 | start = (char *)&ph->tag[0]; |
885 | |
886 | error = memcpy_from_msg(data: start, msg: m, len: total_len); |
887 | if (error < 0) { |
888 | kfree_skb(skb); |
889 | goto end; |
890 | } |
891 | |
892 | error = total_len; |
893 | dev_hard_header(skb, dev, ETH_P_PPP_SES, |
894 | daddr: po->pppoe_pa.remote, NULL, len: total_len); |
895 | |
896 | memcpy(ph, &hdr, sizeof(struct pppoe_hdr)); |
897 | |
898 | ph->length = htons(total_len); |
899 | |
900 | dev_queue_xmit(skb); |
901 | |
902 | end: |
903 | release_sock(sk); |
904 | return error; |
905 | } |
906 | |
907 | /************************************************************************ |
908 | * |
909 | * xmit function for internal use. |
910 | * |
911 | ***********************************************************************/ |
912 | static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb) |
913 | { |
914 | struct pppox_sock *po = pppox_sk(sk); |
915 | struct net_device *dev = po->pppoe_dev; |
916 | struct pppoe_hdr *ph; |
917 | int data_len = skb->len; |
918 | |
919 | /* The higher-level PPP code (ppp_unregister_channel()) ensures the PPP |
920 | * xmit operations conclude prior to an unregistration call. Thus |
921 | * sk->sk_state cannot change, so we don't need to do lock_sock(). |
922 | * But, we also can't do a lock_sock since that introduces a potential |
923 | * deadlock as we'd reverse the lock ordering used when calling |
924 | * ppp_unregister_channel(). |
925 | */ |
926 | |
927 | if (sock_flag(sk, flag: SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) |
928 | goto abort; |
929 | |
930 | if (!dev) |
931 | goto abort; |
932 | |
933 | /* Copy the data if there is no space for the header or if it's |
934 | * read-only. |
935 | */ |
936 | if (skb_cow_head(skb, LL_RESERVED_SPACE(dev) + sizeof(*ph))) |
937 | goto abort; |
938 | |
939 | __skb_push(skb, len: sizeof(*ph)); |
940 | skb_reset_network_header(skb); |
941 | |
942 | ph = pppoe_hdr(skb); |
943 | ph->ver = 1; |
944 | ph->type = 1; |
945 | ph->code = 0; |
946 | ph->sid = po->num; |
947 | ph->length = htons(data_len); |
948 | |
949 | skb->protocol = cpu_to_be16(ETH_P_PPP_SES); |
950 | skb->dev = dev; |
951 | |
952 | dev_hard_header(skb, dev, ETH_P_PPP_SES, |
953 | daddr: po->pppoe_pa.remote, NULL, len: data_len); |
954 | |
955 | dev_queue_xmit(skb); |
956 | return 1; |
957 | |
958 | abort: |
959 | kfree_skb(skb); |
960 | return 1; |
961 | } |
962 | |
963 | /************************************************************************ |
964 | * |
965 | * xmit function called by generic PPP driver |
966 | * sends PPP frame over PPPoE socket |
967 | * |
968 | ***********************************************************************/ |
969 | static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb) |
970 | { |
971 | struct sock *sk = chan->private; |
972 | return __pppoe_xmit(sk, skb); |
973 | } |
974 | |
975 | static int pppoe_fill_forward_path(struct net_device_path_ctx *ctx, |
976 | struct net_device_path *path, |
977 | const struct ppp_channel *chan) |
978 | { |
979 | struct sock *sk = chan->private; |
980 | struct pppox_sock *po = pppox_sk(sk); |
981 | struct net_device *dev = po->pppoe_dev; |
982 | |
983 | if (sock_flag(sk, flag: SOCK_DEAD) || |
984 | !(sk->sk_state & PPPOX_CONNECTED) || !dev) |
985 | return -1; |
986 | |
987 | path->type = DEV_PATH_PPPOE; |
988 | path->encap.proto = htons(ETH_P_PPP_SES); |
989 | path->encap.id = be16_to_cpu(po->num); |
990 | memcpy(path->encap.h_dest, po->pppoe_pa.remote, ETH_ALEN); |
991 | memcpy(ctx->daddr, po->pppoe_pa.remote, ETH_ALEN); |
992 | path->dev = ctx->dev; |
993 | ctx->dev = dev; |
994 | |
995 | return 0; |
996 | } |
997 | |
998 | static const struct ppp_channel_ops pppoe_chan_ops = { |
999 | .start_xmit = pppoe_xmit, |
1000 | .fill_forward_path = pppoe_fill_forward_path, |
1001 | }; |
1002 | |
1003 | static int pppoe_recvmsg(struct socket *sock, struct msghdr *m, |
1004 | size_t total_len, int flags) |
1005 | { |
1006 | struct sock *sk = sock->sk; |
1007 | struct sk_buff *skb; |
1008 | int error = 0; |
1009 | |
1010 | if (sk->sk_state & PPPOX_BOUND) { |
1011 | error = -EIO; |
1012 | goto end; |
1013 | } |
1014 | |
1015 | skb = skb_recv_datagram(sk, flags, err: &error); |
1016 | if (error < 0) |
1017 | goto end; |
1018 | |
1019 | if (skb) { |
1020 | total_len = min_t(size_t, total_len, skb->len); |
1021 | error = skb_copy_datagram_msg(from: skb, offset: 0, msg: m, size: total_len); |
1022 | if (error == 0) { |
1023 | consume_skb(skb); |
1024 | return total_len; |
1025 | } |
1026 | } |
1027 | |
1028 | kfree_skb(skb); |
1029 | end: |
1030 | return error; |
1031 | } |
1032 | |
1033 | #ifdef CONFIG_PROC_FS |
1034 | static int pppoe_seq_show(struct seq_file *seq, void *v) |
1035 | { |
1036 | struct pppox_sock *po; |
1037 | char *dev_name; |
1038 | |
1039 | if (v == SEQ_START_TOKEN) { |
1040 | seq_puts(m: seq, s: "Id Address Device\n" ); |
1041 | goto out; |
1042 | } |
1043 | |
1044 | po = v; |
1045 | dev_name = po->pppoe_pa.dev; |
1046 | |
1047 | seq_printf(m: seq, fmt: "%08X %pM %8s\n" , |
1048 | po->pppoe_pa.sid, po->pppoe_pa.remote, dev_name); |
1049 | out: |
1050 | return 0; |
1051 | } |
1052 | |
1053 | static inline struct pppox_sock *pppoe_get_idx(struct pppoe_net *pn, loff_t pos) |
1054 | { |
1055 | struct pppox_sock *po; |
1056 | int i; |
1057 | |
1058 | for (i = 0; i < PPPOE_HASH_SIZE; i++) { |
1059 | po = pn->hash_table[i]; |
1060 | while (po) { |
1061 | if (!pos--) |
1062 | goto out; |
1063 | po = po->next; |
1064 | } |
1065 | } |
1066 | |
1067 | out: |
1068 | return po; |
1069 | } |
1070 | |
1071 | static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos) |
1072 | __acquires(pn->hash_lock) |
1073 | { |
1074 | struct pppoe_net *pn = pppoe_pernet(net: seq_file_net(seq)); |
1075 | loff_t l = *pos; |
1076 | |
1077 | read_lock_bh(&pn->hash_lock); |
1078 | return l ? pppoe_get_idx(pn, pos: --l) : SEQ_START_TOKEN; |
1079 | } |
1080 | |
1081 | static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
1082 | { |
1083 | struct pppoe_net *pn = pppoe_pernet(net: seq_file_net(seq)); |
1084 | struct pppox_sock *po; |
1085 | |
1086 | ++*pos; |
1087 | if (v == SEQ_START_TOKEN) { |
1088 | po = pppoe_get_idx(pn, pos: 0); |
1089 | goto out; |
1090 | } |
1091 | po = v; |
1092 | if (po->next) |
1093 | po = po->next; |
1094 | else { |
1095 | int hash = hash_item(sid: po->pppoe_pa.sid, addr: po->pppoe_pa.remote); |
1096 | |
1097 | po = NULL; |
1098 | while (++hash < PPPOE_HASH_SIZE) { |
1099 | po = pn->hash_table[hash]; |
1100 | if (po) |
1101 | break; |
1102 | } |
1103 | } |
1104 | |
1105 | out: |
1106 | return po; |
1107 | } |
1108 | |
1109 | static void pppoe_seq_stop(struct seq_file *seq, void *v) |
1110 | __releases(pn->hash_lock) |
1111 | { |
1112 | struct pppoe_net *pn = pppoe_pernet(net: seq_file_net(seq)); |
1113 | read_unlock_bh(&pn->hash_lock); |
1114 | } |
1115 | |
1116 | static const struct seq_operations pppoe_seq_ops = { |
1117 | .start = pppoe_seq_start, |
1118 | .next = pppoe_seq_next, |
1119 | .stop = pppoe_seq_stop, |
1120 | .show = pppoe_seq_show, |
1121 | }; |
1122 | #endif /* CONFIG_PROC_FS */ |
1123 | |
1124 | static const struct proto_ops pppoe_ops = { |
1125 | .family = AF_PPPOX, |
1126 | .owner = THIS_MODULE, |
1127 | .release = pppoe_release, |
1128 | .bind = sock_no_bind, |
1129 | .connect = pppoe_connect, |
1130 | .socketpair = sock_no_socketpair, |
1131 | .accept = sock_no_accept, |
1132 | .getname = pppoe_getname, |
1133 | .poll = datagram_poll, |
1134 | .listen = sock_no_listen, |
1135 | .shutdown = sock_no_shutdown, |
1136 | .sendmsg = pppoe_sendmsg, |
1137 | .recvmsg = pppoe_recvmsg, |
1138 | .mmap = sock_no_mmap, |
1139 | .ioctl = pppox_ioctl, |
1140 | #ifdef CONFIG_COMPAT |
1141 | .compat_ioctl = pppox_compat_ioctl, |
1142 | #endif |
1143 | }; |
1144 | |
1145 | static const struct pppox_proto pppoe_proto = { |
1146 | .create = pppoe_create, |
1147 | .ioctl = pppoe_ioctl, |
1148 | .owner = THIS_MODULE, |
1149 | }; |
1150 | |
1151 | static __net_init int pppoe_init_net(struct net *net) |
1152 | { |
1153 | struct pppoe_net *pn = pppoe_pernet(net); |
1154 | struct proc_dir_entry *pde; |
1155 | |
1156 | rwlock_init(&pn->hash_lock); |
1157 | |
1158 | pde = proc_create_net("pppoe" , 0444, net->proc_net, |
1159 | &pppoe_seq_ops, sizeof(struct seq_net_private)); |
1160 | #ifdef CONFIG_PROC_FS |
1161 | if (!pde) |
1162 | return -ENOMEM; |
1163 | #endif |
1164 | |
1165 | return 0; |
1166 | } |
1167 | |
1168 | static __net_exit void pppoe_exit_net(struct net *net) |
1169 | { |
1170 | remove_proc_entry("pppoe" , net->proc_net); |
1171 | } |
1172 | |
1173 | static struct pernet_operations pppoe_net_ops = { |
1174 | .init = pppoe_init_net, |
1175 | .exit = pppoe_exit_net, |
1176 | .id = &pppoe_net_id, |
1177 | .size = sizeof(struct pppoe_net), |
1178 | }; |
1179 | |
1180 | static int __init pppoe_init(void) |
1181 | { |
1182 | int err; |
1183 | |
1184 | err = register_pernet_device(&pppoe_net_ops); |
1185 | if (err) |
1186 | goto out; |
1187 | |
1188 | err = proto_register(prot: &pppoe_sk_proto, alloc_slab: 0); |
1189 | if (err) |
1190 | goto out_unregister_net_ops; |
1191 | |
1192 | err = register_pppox_proto(PX_PROTO_OE, pp: &pppoe_proto); |
1193 | if (err) |
1194 | goto out_unregister_pppoe_proto; |
1195 | |
1196 | dev_add_pack(pt: &pppoes_ptype); |
1197 | dev_add_pack(pt: &pppoed_ptype); |
1198 | register_netdevice_notifier(nb: &pppoe_notifier); |
1199 | |
1200 | return 0; |
1201 | |
1202 | out_unregister_pppoe_proto: |
1203 | proto_unregister(prot: &pppoe_sk_proto); |
1204 | out_unregister_net_ops: |
1205 | unregister_pernet_device(&pppoe_net_ops); |
1206 | out: |
1207 | return err; |
1208 | } |
1209 | |
1210 | static void __exit pppoe_exit(void) |
1211 | { |
1212 | unregister_netdevice_notifier(nb: &pppoe_notifier); |
1213 | dev_remove_pack(pt: &pppoed_ptype); |
1214 | dev_remove_pack(pt: &pppoes_ptype); |
1215 | unregister_pppox_proto(PX_PROTO_OE); |
1216 | proto_unregister(prot: &pppoe_sk_proto); |
1217 | unregister_pernet_device(&pppoe_net_ops); |
1218 | } |
1219 | |
1220 | module_init(pppoe_init); |
1221 | module_exit(pppoe_exit); |
1222 | |
1223 | MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>" ); |
1224 | MODULE_DESCRIPTION("PPP over Ethernet driver" ); |
1225 | MODULE_LICENSE("GPL" ); |
1226 | MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OE); |
1227 | |