1/** -*- linux-c -*- ***********************************************************
2 * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets
3 *
4 * PPPoX --- Generic PPP encapsulation socket family
5 * PPPoE --- PPP over Ethernet (RFC 2516)
6 *
7 *
8 * Version: 0.7.0
9 *
10 * 070228 : Fix to allow multiple sessions with same remote MAC and same
11 * session id by including the local device ifindex in the
12 * tuple identifying a session. This also ensures packets can't
13 * be injected into a session from interfaces other than the one
14 * specified by userspace. Florian Zumbiehl <florz@florz.de>
15 * (Oh, BTW, this one is YYMMDD, in case you were wondering ...)
16 * 220102 : Fix module use count on failure in pppoe_create, pppox_sk -acme
17 * 030700 : Fixed connect logic to allow for disconnect.
18 * 270700 : Fixed potential SMP problems; we must protect against
19 * simultaneous invocation of ppp_input
20 * and ppp_unregister_channel.
21 * 040800 : Respect reference count mechanisms on net-devices.
22 * 200800 : fix kfree(skb) in pppoe_rcv (acme)
23 * Module reference count is decremented in the right spot now,
24 * guards against sock_put not actually freeing the sk
25 * in pppoe_release.
26 * 051000 : Initialization cleanup.
27 * 111100 : Fix recvmsg.
28 * 050101 : Fix PADT procesing.
29 * 140501 : Use pppoe_rcv_core to handle all backlog. (Alexey)
30 * 170701 : Do not lock_sock with rwlock held. (DaveM)
31 * Ignore discovery frames if user has socket
32 * locked. (DaveM)
33 * Ignore return value of dev_queue_xmit in __pppoe_xmit
34 * or else we may kfree an SKB twice. (DaveM)
35 * 190701 : When doing copies of skb's in __pppoe_xmit, always delete
36 * the original skb that was passed in on success, never on
37 * failure. Delete the copy of the skb on failure to avoid
38 * a memory leak.
39 * 081001 : Misc. cleanup (licence string, non-blocking, prevent
40 * reference of device on close).
41 * 121301 : New ppp channels interface; cannot unregister a channel
42 * from interrupts. Thus, we mark the socket as a ZOMBIE
43 * and do the unregistration later.
44 * 081002 : seq_file support for proc stuff -acme
45 * 111602 : Merge all 2.4 fixes into 2.5/2.6 tree. Label 2.5/2.6
46 * as version 0.7. Spacing cleanup.
47 * Author: Michal Ostrowski <mostrows@speakeasy.net>
48 * Contributors:
49 * Arnaldo Carvalho de Melo <acme@conectiva.com.br>
50 * David S. Miller (davem@redhat.com)
51 *
52 * License:
53 * This program is free software; you can redistribute it and/or
54 * modify it under the terms of the GNU General Public License
55 * as published by the Free Software Foundation; either version
56 * 2 of the License, or (at your option) any later version.
57 *
58 */
59
60#include <linux/string.h>
61#include <linux/module.h>
62#include <linux/kernel.h>
63#include <linux/slab.h>
64#include <linux/errno.h>
65#include <linux/netdevice.h>
66#include <linux/net.h>
67#include <linux/inetdevice.h>
68#include <linux/etherdevice.h>
69#include <linux/skbuff.h>
70#include <linux/init.h>
71#include <linux/if_ether.h>
72#include <linux/if_pppox.h>
73#include <linux/ppp_channel.h>
74#include <linux/ppp_defs.h>
75#include <linux/ppp-ioctl.h>
76#include <linux/notifier.h>
77#include <linux/file.h>
78#include <linux/proc_fs.h>
79#include <linux/seq_file.h>
80
81#include <linux/nsproxy.h>
82#include <net/net_namespace.h>
83#include <net/netns/generic.h>
84#include <net/sock.h>
85
86#include <linux/uaccess.h>
87
88#define PPPOE_HASH_BITS 4
89#define PPPOE_HASH_SIZE (1 << PPPOE_HASH_BITS)
90#define PPPOE_HASH_MASK (PPPOE_HASH_SIZE - 1)
91
92static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb);
93
94static const struct proto_ops pppoe_ops;
95static const struct ppp_channel_ops pppoe_chan_ops;
96
97/* per-net private data for this module */
98static unsigned int pppoe_net_id __read_mostly;
99struct pppoe_net {
100 /*
101 * we could use _single_ hash table for all
102 * nets by injecting net id into the hash but
103 * it would increase hash chains and add
104 * a few additional math comparations messy
105 * as well, moreover in case of SMP less locking
106 * controversy here
107 */
108 struct pppox_sock *hash_table[PPPOE_HASH_SIZE];
109 rwlock_t hash_lock;
110};
111
112/*
113 * PPPoE could be in the following stages:
114 * 1) Discovery stage (to obtain remote MAC and Session ID)
115 * 2) Session stage (MAC and SID are known)
116 *
117 * Ethernet frames have a special tag for this but
118 * we use simpler approach based on session id
119 */
120static inline bool stage_session(__be16 sid)
121{
122 return sid != 0;
123}
124
125static inline struct pppoe_net *pppoe_pernet(struct net *net)
126{
127 BUG_ON(!net);
128
129 return net_generic(net, pppoe_net_id);
130}
131
132static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b)
133{
134 return a->sid == b->sid && ether_addr_equal(a->remote, b->remote);
135}
136
137static inline int cmp_addr(struct pppoe_addr *a, __be16 sid, char *addr)
138{
139 return a->sid == sid && ether_addr_equal(a->remote, addr);
140}
141
142#if 8 % PPPOE_HASH_BITS
143#error 8 must be a multiple of PPPOE_HASH_BITS
144#endif
145
146static int hash_item(__be16 sid, unsigned char *addr)
147{
148 unsigned char hash = 0;
149 unsigned int i;
150
151 for (i = 0; i < ETH_ALEN; i++)
152 hash ^= addr[i];
153 for (i = 0; i < sizeof(sid_t) * 8; i += 8)
154 hash ^= (__force __u32)sid >> i;
155 for (i = 8; (i >>= 1) >= PPPOE_HASH_BITS;)
156 hash ^= hash >> i;
157
158 return hash & PPPOE_HASH_MASK;
159}
160
161/**********************************************************************
162 *
163 * Set/get/delete/rehash items (internal versions)
164 *
165 **********************************************************************/
166static struct pppox_sock *__get_item(struct pppoe_net *pn, __be16 sid,
167 unsigned char *addr, int ifindex)
168{
169 int hash = hash_item(sid, addr);
170 struct pppox_sock *ret;
171
172 ret = pn->hash_table[hash];
173 while (ret) {
174 if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
175 ret->pppoe_ifindex == ifindex)
176 return ret;
177
178 ret = ret->next;
179 }
180
181 return NULL;
182}
183
184static int __set_item(struct pppoe_net *pn, struct pppox_sock *po)
185{
186 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
187 struct pppox_sock *ret;
188
189 ret = pn->hash_table[hash];
190 while (ret) {
191 if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) &&
192 ret->pppoe_ifindex == po->pppoe_ifindex)
193 return -EALREADY;
194
195 ret = ret->next;
196 }
197
198 po->next = pn->hash_table[hash];
199 pn->hash_table[hash] = po;
200
201 return 0;
202}
203
204static void __delete_item(struct pppoe_net *pn, __be16 sid,
205 char *addr, int ifindex)
206{
207 int hash = hash_item(sid, addr);
208 struct pppox_sock *ret, **src;
209
210 ret = pn->hash_table[hash];
211 src = &pn->hash_table[hash];
212
213 while (ret) {
214 if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
215 ret->pppoe_ifindex == ifindex) {
216 *src = ret->next;
217 break;
218 }
219
220 src = &ret->next;
221 ret = ret->next;
222 }
223}
224
225/**********************************************************************
226 *
227 * Set/get/delete/rehash items
228 *
229 **********************************************************************/
230static inline struct pppox_sock *get_item(struct pppoe_net *pn, __be16 sid,
231 unsigned char *addr, int ifindex)
232{
233 struct pppox_sock *po;
234
235 read_lock_bh(&pn->hash_lock);
236 po = __get_item(pn, sid, addr, ifindex);
237 if (po)
238 sock_hold(sk_pppox(po));
239 read_unlock_bh(&pn->hash_lock);
240
241 return po;
242}
243
244static inline struct pppox_sock *get_item_by_addr(struct net *net,
245 struct sockaddr_pppox *sp)
246{
247 struct net_device *dev;
248 struct pppoe_net *pn;
249 struct pppox_sock *pppox_sock = NULL;
250
251 int ifindex;
252
253 rcu_read_lock();
254 dev = dev_get_by_name_rcu(net, sp->sa_addr.pppoe.dev);
255 if (dev) {
256 ifindex = dev->ifindex;
257 pn = pppoe_pernet(net);
258 pppox_sock = get_item(pn, sp->sa_addr.pppoe.sid,
259 sp->sa_addr.pppoe.remote, ifindex);
260 }
261 rcu_read_unlock();
262 return pppox_sock;
263}
264
265static inline void delete_item(struct pppoe_net *pn, __be16 sid,
266 char *addr, int ifindex)
267{
268 write_lock_bh(&pn->hash_lock);
269 __delete_item(pn, sid, addr, ifindex);
270 write_unlock_bh(&pn->hash_lock);
271}
272
273/***************************************************************************
274 *
275 * Handler for device events.
276 * Certain device events require that sockets be unconnected.
277 *
278 **************************************************************************/
279
280static void pppoe_flush_dev(struct net_device *dev)
281{
282 struct pppoe_net *pn;
283 int i;
284
285 pn = pppoe_pernet(dev_net(dev));
286 write_lock_bh(&pn->hash_lock);
287 for (i = 0; i < PPPOE_HASH_SIZE; i++) {
288 struct pppox_sock *po = pn->hash_table[i];
289 struct sock *sk;
290
291 while (po) {
292 while (po && po->pppoe_dev != dev) {
293 po = po->next;
294 }
295
296 if (!po)
297 break;
298
299 sk = sk_pppox(po);
300
301 /* We always grab the socket lock, followed by the
302 * hash_lock, in that order. Since we should hold the
303 * sock lock while doing any unbinding, we need to
304 * release the lock we're holding. Hold a reference to
305 * the sock so it doesn't disappear as we're jumping
306 * between locks.
307 */
308
309 sock_hold(sk);
310 write_unlock_bh(&pn->hash_lock);
311 lock_sock(sk);
312
313 if (po->pppoe_dev == dev &&
314 sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
315 pppox_unbind_sock(sk);
316 sk->sk_state_change(sk);
317 po->pppoe_dev = NULL;
318 dev_put(dev);
319 }
320
321 release_sock(sk);
322 sock_put(sk);
323
324 /* Restart the process from the start of the current
325 * hash chain. We dropped locks so the world may have
326 * change from underneath us.
327 */
328
329 BUG_ON(pppoe_pernet(dev_net(dev)) == NULL);
330 write_lock_bh(&pn->hash_lock);
331 po = pn->hash_table[i];
332 }
333 }
334 write_unlock_bh(&pn->hash_lock);
335}
336
337static int pppoe_device_event(struct notifier_block *this,
338 unsigned long event, void *ptr)
339{
340 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
341
342 /* Only look at sockets that are using this specific device. */
343 switch (event) {
344 case NETDEV_CHANGEADDR:
345 case NETDEV_CHANGEMTU:
346 /* A change in mtu or address is a bad thing, requiring
347 * LCP re-negotiation.
348 */
349
350 case NETDEV_GOING_DOWN:
351 case NETDEV_DOWN:
352 /* Find every socket on this device and kill it. */
353 pppoe_flush_dev(dev);
354 break;
355
356 default:
357 break;
358 }
359
360 return NOTIFY_DONE;
361}
362
363static struct notifier_block pppoe_notifier = {
364 .notifier_call = pppoe_device_event,
365};
366
367/************************************************************************
368 *
369 * Do the real work of receiving a PPPoE Session frame.
370 *
371 ***********************************************************************/
372static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
373{
374 struct pppox_sock *po = pppox_sk(sk);
375 struct pppox_sock *relay_po;
376
377 /* Backlog receive. Semantics of backlog rcv preclude any code from
378 * executing in lock_sock()/release_sock() bounds; meaning sk->sk_state
379 * can't change.
380 */
381
382 if (skb->pkt_type == PACKET_OTHERHOST)
383 goto abort_kfree;
384
385 if (sk->sk_state & PPPOX_BOUND) {
386 ppp_input(&po->chan, skb);
387 } else if (sk->sk_state & PPPOX_RELAY) {
388 relay_po = get_item_by_addr(sock_net(sk),
389 &po->pppoe_relay);
390 if (relay_po == NULL)
391 goto abort_kfree;
392
393 if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == 0)
394 goto abort_put;
395
396 if (!__pppoe_xmit(sk_pppox(relay_po), skb))
397 goto abort_put;
398
399 sock_put(sk_pppox(relay_po));
400 } else {
401 if (sock_queue_rcv_skb(sk, skb))
402 goto abort_kfree;
403 }
404
405 return NET_RX_SUCCESS;
406
407abort_put:
408 sock_put(sk_pppox(relay_po));
409
410abort_kfree:
411 kfree_skb(skb);
412 return NET_RX_DROP;
413}
414
415/************************************************************************
416 *
417 * Receive wrapper called in BH context.
418 *
419 ***********************************************************************/
420static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev,
421 struct packet_type *pt, struct net_device *orig_dev)
422{
423 struct pppoe_hdr *ph;
424 struct pppox_sock *po;
425 struct pppoe_net *pn;
426 int len;
427
428 skb = skb_share_check(skb, GFP_ATOMIC);
429 if (!skb)
430 goto out;
431
432 if (skb_mac_header_len(skb) < ETH_HLEN)
433 goto drop;
434
435 if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
436 goto drop;
437
438 ph = pppoe_hdr(skb);
439 len = ntohs(ph->length);
440
441 skb_pull_rcsum(skb, sizeof(*ph));
442 if (skb->len < len)
443 goto drop;
444
445 if (pskb_trim_rcsum(skb, len))
446 goto drop;
447
448 ph = pppoe_hdr(skb);
449 pn = pppoe_pernet(dev_net(dev));
450
451 /* Note that get_item does a sock_hold(), so sk_pppox(po)
452 * is known to be safe.
453 */
454 po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
455 if (!po)
456 goto drop;
457
458 return sk_receive_skb(sk_pppox(po), skb, 0);
459
460drop:
461 kfree_skb(skb);
462out:
463 return NET_RX_DROP;
464}
465
466static void pppoe_unbind_sock_work(struct work_struct *work)
467{
468 struct pppox_sock *po = container_of(work, struct pppox_sock,
469 proto.pppoe.padt_work);
470 struct sock *sk = sk_pppox(po);
471
472 lock_sock(sk);
473 if (po->pppoe_dev) {
474 dev_put(po->pppoe_dev);
475 po->pppoe_dev = NULL;
476 }
477 pppox_unbind_sock(sk);
478 release_sock(sk);
479 sock_put(sk);
480}
481
482/************************************************************************
483 *
484 * Receive a PPPoE Discovery frame.
485 * This is solely for detection of PADT frames
486 *
487 ***********************************************************************/
488static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev,
489 struct packet_type *pt, struct net_device *orig_dev)
490
491{
492 struct pppoe_hdr *ph;
493 struct pppox_sock *po;
494 struct pppoe_net *pn;
495
496 skb = skb_share_check(skb, GFP_ATOMIC);
497 if (!skb)
498 goto out;
499
500 if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
501 goto abort;
502
503 ph = pppoe_hdr(skb);
504 if (ph->code != PADT_CODE)
505 goto abort;
506
507 pn = pppoe_pernet(dev_net(dev));
508 po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
509 if (po)
510 if (!schedule_work(&po->proto.pppoe.padt_work))
511 sock_put(sk_pppox(po));
512
513abort:
514 kfree_skb(skb);
515out:
516 return NET_RX_SUCCESS; /* Lies... :-) */
517}
518
519static struct packet_type pppoes_ptype __read_mostly = {
520 .type = cpu_to_be16(ETH_P_PPP_SES),
521 .func = pppoe_rcv,
522};
523
524static struct packet_type pppoed_ptype __read_mostly = {
525 .type = cpu_to_be16(ETH_P_PPP_DISC),
526 .func = pppoe_disc_rcv,
527};
528
529static struct proto pppoe_sk_proto __read_mostly = {
530 .name = "PPPOE",
531 .owner = THIS_MODULE,
532 .obj_size = sizeof(struct pppox_sock),
533};
534
535/***********************************************************************
536 *
537 * Initialize a new struct sock.
538 *
539 **********************************************************************/
540static int pppoe_create(struct net *net, struct socket *sock, int kern)
541{
542 struct sock *sk;
543
544 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto, kern);
545 if (!sk)
546 return -ENOMEM;
547
548 sock_init_data(sock, sk);
549
550 sock->state = SS_UNCONNECTED;
551 sock->ops = &pppoe_ops;
552
553 sk->sk_backlog_rcv = pppoe_rcv_core;
554 sk->sk_state = PPPOX_NONE;
555 sk->sk_type = SOCK_STREAM;
556 sk->sk_family = PF_PPPOX;
557 sk->sk_protocol = PX_PROTO_OE;
558
559 INIT_WORK(&pppox_sk(sk)->proto.pppoe.padt_work,
560 pppoe_unbind_sock_work);
561
562 return 0;
563}
564
565static int pppoe_release(struct socket *sock)
566{
567 struct sock *sk = sock->sk;
568 struct pppox_sock *po;
569 struct pppoe_net *pn;
570 struct net *net = NULL;
571
572 if (!sk)
573 return 0;
574
575 lock_sock(sk);
576 if (sock_flag(sk, SOCK_DEAD)) {
577 release_sock(sk);
578 return -EBADF;
579 }
580
581 po = pppox_sk(sk);
582
583 if (po->pppoe_dev) {
584 dev_put(po->pppoe_dev);
585 po->pppoe_dev = NULL;
586 }
587
588 pppox_unbind_sock(sk);
589
590 /* Signal the death of the socket. */
591 sk->sk_state = PPPOX_DEAD;
592
593 net = sock_net(sk);
594 pn = pppoe_pernet(net);
595
596 /*
597 * protect "po" from concurrent updates
598 * on pppoe_flush_dev
599 */
600 delete_item(pn, po->pppoe_pa.sid, po->pppoe_pa.remote,
601 po->pppoe_ifindex);
602
603 sock_orphan(sk);
604 sock->sk = NULL;
605
606 skb_queue_purge(&sk->sk_receive_queue);
607 release_sock(sk);
608 sock_put(sk);
609
610 return 0;
611}
612
613static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
614 int sockaddr_len, int flags)
615{
616 struct sock *sk = sock->sk;
617 struct sockaddr_pppox *sp = (struct sockaddr_pppox *)uservaddr;
618 struct pppox_sock *po = pppox_sk(sk);
619 struct net_device *dev = NULL;
620 struct pppoe_net *pn;
621 struct net *net = NULL;
622 int error;
623
624 lock_sock(sk);
625
626 error = -EINVAL;
627
628 if (sockaddr_len != sizeof(struct sockaddr_pppox))
629 goto end;
630
631 if (sp->sa_protocol != PX_PROTO_OE)
632 goto end;
633
634 /* Check for already bound sockets */
635 error = -EBUSY;
636 if ((sk->sk_state & PPPOX_CONNECTED) &&
637 stage_session(sp->sa_addr.pppoe.sid))
638 goto end;
639
640 /* Check for already disconnected sockets, on attempts to disconnect */
641 error = -EALREADY;
642 if ((sk->sk_state & PPPOX_DEAD) &&
643 !stage_session(sp->sa_addr.pppoe.sid))
644 goto end;
645
646 error = 0;
647
648 /* Delete the old binding */
649 if (stage_session(po->pppoe_pa.sid)) {
650 pppox_unbind_sock(sk);
651 pn = pppoe_pernet(sock_net(sk));
652 delete_item(pn, po->pppoe_pa.sid,
653 po->pppoe_pa.remote, po->pppoe_ifindex);
654 if (po->pppoe_dev) {
655 dev_put(po->pppoe_dev);
656 po->pppoe_dev = NULL;
657 }
658
659 po->pppoe_ifindex = 0;
660 memset(&po->pppoe_pa, 0, sizeof(po->pppoe_pa));
661 memset(&po->pppoe_relay, 0, sizeof(po->pppoe_relay));
662 memset(&po->chan, 0, sizeof(po->chan));
663 po->next = NULL;
664 po->num = 0;
665
666 sk->sk_state = PPPOX_NONE;
667 }
668
669 /* Re-bind in session stage only */
670 if (stage_session(sp->sa_addr.pppoe.sid)) {
671 error = -ENODEV;
672 net = sock_net(sk);
673 dev = dev_get_by_name(net, sp->sa_addr.pppoe.dev);
674 if (!dev)
675 goto err_put;
676
677 po->pppoe_dev = dev;
678 po->pppoe_ifindex = dev->ifindex;
679 pn = pppoe_pernet(net);
680 if (!(dev->flags & IFF_UP)) {
681 goto err_put;
682 }
683
684 memcpy(&po->pppoe_pa,
685 &sp->sa_addr.pppoe,
686 sizeof(struct pppoe_addr));
687
688 write_lock_bh(&pn->hash_lock);
689 error = __set_item(pn, po);
690 write_unlock_bh(&pn->hash_lock);
691 if (error < 0)
692 goto err_put;
693
694 po->chan.hdrlen = (sizeof(struct pppoe_hdr) +
695 dev->hard_header_len);
696
697 po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr) - 2;
698 po->chan.private = sk;
699 po->chan.ops = &pppoe_chan_ops;
700
701 error = ppp_register_net_channel(dev_net(dev), &po->chan);
702 if (error) {
703 delete_item(pn, po->pppoe_pa.sid,
704 po->pppoe_pa.remote, po->pppoe_ifindex);
705 goto err_put;
706 }
707
708 sk->sk_state = PPPOX_CONNECTED;
709 }
710
711 po->num = sp->sa_addr.pppoe.sid;
712
713end:
714 release_sock(sk);
715 return error;
716err_put:
717 if (po->pppoe_dev) {
718 dev_put(po->pppoe_dev);
719 po->pppoe_dev = NULL;
720 }
721 goto end;
722}
723
724static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr,
725 int peer)
726{
727 int len = sizeof(struct sockaddr_pppox);
728 struct sockaddr_pppox sp;
729
730 sp.sa_family = AF_PPPOX;
731 sp.sa_protocol = PX_PROTO_OE;
732 memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa,
733 sizeof(struct pppoe_addr));
734
735 memcpy(uaddr, &sp, len);
736
737 return len;
738}
739
740static int pppoe_ioctl(struct socket *sock, unsigned int cmd,
741 unsigned long arg)
742{
743 struct sock *sk = sock->sk;
744 struct pppox_sock *po = pppox_sk(sk);
745 int val;
746 int err;
747
748 switch (cmd) {
749 case PPPIOCGMRU:
750 err = -ENXIO;
751 if (!(sk->sk_state & PPPOX_CONNECTED))
752 break;
753
754 err = -EFAULT;
755 if (put_user(po->pppoe_dev->mtu -
756 sizeof(struct pppoe_hdr) -
757 PPP_HDRLEN,
758 (int __user *)arg))
759 break;
760 err = 0;
761 break;
762
763 case PPPIOCSMRU:
764 err = -ENXIO;
765 if (!(sk->sk_state & PPPOX_CONNECTED))
766 break;
767
768 err = -EFAULT;
769 if (get_user(val, (int __user *)arg))
770 break;
771
772 if (val < (po->pppoe_dev->mtu
773 - sizeof(struct pppoe_hdr)
774 - PPP_HDRLEN))
775 err = 0;
776 else
777 err = -EINVAL;
778 break;
779
780 case PPPIOCSFLAGS:
781 err = -EFAULT;
782 if (get_user(val, (int __user *)arg))
783 break;
784 err = 0;
785 break;
786
787 case PPPOEIOCSFWD:
788 {
789 struct pppox_sock *relay_po;
790
791 err = -EBUSY;
792 if (sk->sk_state & (PPPOX_BOUND | PPPOX_DEAD))
793 break;
794
795 err = -ENOTCONN;
796 if (!(sk->sk_state & PPPOX_CONNECTED))
797 break;
798
799 /* PPPoE address from the user specifies an outbound
800 PPPoE address which frames are forwarded to */
801 err = -EFAULT;
802 if (copy_from_user(&po->pppoe_relay,
803 (void __user *)arg,
804 sizeof(struct sockaddr_pppox)))
805 break;
806
807 err = -EINVAL;
808 if (po->pppoe_relay.sa_family != AF_PPPOX ||
809 po->pppoe_relay.sa_protocol != PX_PROTO_OE)
810 break;
811
812 /* Check that the socket referenced by the address
813 actually exists. */
814 relay_po = get_item_by_addr(sock_net(sk), &po->pppoe_relay);
815 if (!relay_po)
816 break;
817
818 sock_put(sk_pppox(relay_po));
819 sk->sk_state |= PPPOX_RELAY;
820 err = 0;
821 break;
822 }
823
824 case PPPOEIOCDFWD:
825 err = -EALREADY;
826 if (!(sk->sk_state & PPPOX_RELAY))
827 break;
828
829 sk->sk_state &= ~PPPOX_RELAY;
830 err = 0;
831 break;
832
833 default:
834 err = -ENOTTY;
835 }
836
837 return err;
838}
839
840static int pppoe_sendmsg(struct socket *sock, struct msghdr *m,
841 size_t total_len)
842{
843 struct sk_buff *skb;
844 struct sock *sk = sock->sk;
845 struct pppox_sock *po = pppox_sk(sk);
846 int error;
847 struct pppoe_hdr hdr;
848 struct pppoe_hdr *ph;
849 struct net_device *dev;
850 char *start;
851 int hlen;
852
853 lock_sock(sk);
854 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) {
855 error = -ENOTCONN;
856 goto end;
857 }
858
859 hdr.ver = 1;
860 hdr.type = 1;
861 hdr.code = 0;
862 hdr.sid = po->num;
863
864 dev = po->pppoe_dev;
865
866 error = -EMSGSIZE;
867 if (total_len > (dev->mtu + dev->hard_header_len))
868 goto end;
869
870 hlen = LL_RESERVED_SPACE(dev);
871 skb = sock_wmalloc(sk, hlen + sizeof(*ph) + total_len +
872 dev->needed_tailroom, 0, GFP_KERNEL);
873 if (!skb) {
874 error = -ENOMEM;
875 goto end;
876 }
877
878 /* Reserve space for headers. */
879 skb_reserve(skb, hlen);
880 skb_reset_network_header(skb);
881
882 skb->dev = dev;
883
884 skb->priority = sk->sk_priority;
885 skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
886
887 ph = skb_put(skb, total_len + sizeof(struct pppoe_hdr));
888 start = (char *)&ph->tag[0];
889
890 error = memcpy_from_msg(start, m, total_len);
891 if (error < 0) {
892 kfree_skb(skb);
893 goto end;
894 }
895
896 error = total_len;
897 dev_hard_header(skb, dev, ETH_P_PPP_SES,
898 po->pppoe_pa.remote, NULL, total_len);
899
900 memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
901
902 ph->length = htons(total_len);
903
904 dev_queue_xmit(skb);
905
906end:
907 release_sock(sk);
908 return error;
909}
910
911/************************************************************************
912 *
913 * xmit function for internal use.
914 *
915 ***********************************************************************/
916static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb)
917{
918 struct pppox_sock *po = pppox_sk(sk);
919 struct net_device *dev = po->pppoe_dev;
920 struct pppoe_hdr *ph;
921 int data_len = skb->len;
922
923 /* The higher-level PPP code (ppp_unregister_channel()) ensures the PPP
924 * xmit operations conclude prior to an unregistration call. Thus
925 * sk->sk_state cannot change, so we don't need to do lock_sock().
926 * But, we also can't do a lock_sock since that introduces a potential
927 * deadlock as we'd reverse the lock ordering used when calling
928 * ppp_unregister_channel().
929 */
930
931 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
932 goto abort;
933
934 if (!dev)
935 goto abort;
936
937 /* Copy the data if there is no space for the header or if it's
938 * read-only.
939 */
940 if (skb_cow_head(skb, LL_RESERVED_SPACE(dev) + sizeof(*ph)))
941 goto abort;
942
943 __skb_push(skb, sizeof(*ph));
944 skb_reset_network_header(skb);
945
946 ph = pppoe_hdr(skb);
947 ph->ver = 1;
948 ph->type = 1;
949 ph->code = 0;
950 ph->sid = po->num;
951 ph->length = htons(data_len);
952
953 skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
954 skb->dev = dev;
955
956 dev_hard_header(skb, dev, ETH_P_PPP_SES,
957 po->pppoe_pa.remote, NULL, data_len);
958
959 dev_queue_xmit(skb);
960 return 1;
961
962abort:
963 kfree_skb(skb);
964 return 1;
965}
966
967/************************************************************************
968 *
969 * xmit function called by generic PPP driver
970 * sends PPP frame over PPPoE socket
971 *
972 ***********************************************************************/
973static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb)
974{
975 struct sock *sk = (struct sock *)chan->private;
976 return __pppoe_xmit(sk, skb);
977}
978
979static const struct ppp_channel_ops pppoe_chan_ops = {
980 .start_xmit = pppoe_xmit,
981};
982
983static int pppoe_recvmsg(struct socket *sock, struct msghdr *m,
984 size_t total_len, int flags)
985{
986 struct sock *sk = sock->sk;
987 struct sk_buff *skb;
988 int error = 0;
989
990 if (sk->sk_state & PPPOX_BOUND) {
991 error = -EIO;
992 goto end;
993 }
994
995 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
996 flags & MSG_DONTWAIT, &error);
997 if (error < 0)
998 goto end;
999
1000 if (skb) {
1001 total_len = min_t(size_t, total_len, skb->len);
1002 error = skb_copy_datagram_msg(skb, 0, m, total_len);
1003 if (error == 0) {
1004 consume_skb(skb);
1005 return total_len;
1006 }
1007 }
1008
1009 kfree_skb(skb);
1010end:
1011 return error;
1012}
1013
1014#ifdef CONFIG_PROC_FS
1015static int pppoe_seq_show(struct seq_file *seq, void *v)
1016{
1017 struct pppox_sock *po;
1018 char *dev_name;
1019
1020 if (v == SEQ_START_TOKEN) {
1021 seq_puts(seq, "Id Address Device\n");
1022 goto out;
1023 }
1024
1025 po = v;
1026 dev_name = po->pppoe_pa.dev;
1027
1028 seq_printf(seq, "%08X %pM %8s\n",
1029 po->pppoe_pa.sid, po->pppoe_pa.remote, dev_name);
1030out:
1031 return 0;
1032}
1033
1034static inline struct pppox_sock *pppoe_get_idx(struct pppoe_net *pn, loff_t pos)
1035{
1036 struct pppox_sock *po;
1037 int i;
1038
1039 for (i = 0; i < PPPOE_HASH_SIZE; i++) {
1040 po = pn->hash_table[i];
1041 while (po) {
1042 if (!pos--)
1043 goto out;
1044 po = po->next;
1045 }
1046 }
1047
1048out:
1049 return po;
1050}
1051
1052static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos)
1053 __acquires(pn->hash_lock)
1054{
1055 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1056 loff_t l = *pos;
1057
1058 read_lock_bh(&pn->hash_lock);
1059 return l ? pppoe_get_idx(pn, --l) : SEQ_START_TOKEN;
1060}
1061
1062static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1063{
1064 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1065 struct pppox_sock *po;
1066
1067 ++*pos;
1068 if (v == SEQ_START_TOKEN) {
1069 po = pppoe_get_idx(pn, 0);
1070 goto out;
1071 }
1072 po = v;
1073 if (po->next)
1074 po = po->next;
1075 else {
1076 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
1077
1078 po = NULL;
1079 while (++hash < PPPOE_HASH_SIZE) {
1080 po = pn->hash_table[hash];
1081 if (po)
1082 break;
1083 }
1084 }
1085
1086out:
1087 return po;
1088}
1089
1090static void pppoe_seq_stop(struct seq_file *seq, void *v)
1091 __releases(pn->hash_lock)
1092{
1093 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1094 read_unlock_bh(&pn->hash_lock);
1095}
1096
1097static const struct seq_operations pppoe_seq_ops = {
1098 .start = pppoe_seq_start,
1099 .next = pppoe_seq_next,
1100 .stop = pppoe_seq_stop,
1101 .show = pppoe_seq_show,
1102};
1103#endif /* CONFIG_PROC_FS */
1104
1105static const struct proto_ops pppoe_ops = {
1106 .family = AF_PPPOX,
1107 .owner = THIS_MODULE,
1108 .release = pppoe_release,
1109 .bind = sock_no_bind,
1110 .connect = pppoe_connect,
1111 .socketpair = sock_no_socketpair,
1112 .accept = sock_no_accept,
1113 .getname = pppoe_getname,
1114 .poll = datagram_poll,
1115 .listen = sock_no_listen,
1116 .shutdown = sock_no_shutdown,
1117 .setsockopt = sock_no_setsockopt,
1118 .getsockopt = sock_no_getsockopt,
1119 .sendmsg = pppoe_sendmsg,
1120 .recvmsg = pppoe_recvmsg,
1121 .mmap = sock_no_mmap,
1122 .ioctl = pppox_ioctl,
1123};
1124
1125static const struct pppox_proto pppoe_proto = {
1126 .create = pppoe_create,
1127 .ioctl = pppoe_ioctl,
1128 .owner = THIS_MODULE,
1129};
1130
1131static __net_init int pppoe_init_net(struct net *net)
1132{
1133 struct pppoe_net *pn = pppoe_pernet(net);
1134 struct proc_dir_entry *pde;
1135
1136 rwlock_init(&pn->hash_lock);
1137
1138 pde = proc_create_net("pppoe", 0444, net->proc_net,
1139 &pppoe_seq_ops, sizeof(struct seq_net_private));
1140#ifdef CONFIG_PROC_FS
1141 if (!pde)
1142 return -ENOMEM;
1143#endif
1144
1145 return 0;
1146}
1147
1148static __net_exit void pppoe_exit_net(struct net *net)
1149{
1150 remove_proc_entry("pppoe", net->proc_net);
1151}
1152
1153static struct pernet_operations pppoe_net_ops = {
1154 .init = pppoe_init_net,
1155 .exit = pppoe_exit_net,
1156 .id = &pppoe_net_id,
1157 .size = sizeof(struct pppoe_net),
1158};
1159
1160static int __init pppoe_init(void)
1161{
1162 int err;
1163
1164 err = register_pernet_device(&pppoe_net_ops);
1165 if (err)
1166 goto out;
1167
1168 err = proto_register(&pppoe_sk_proto, 0);
1169 if (err)
1170 goto out_unregister_net_ops;
1171
1172 err = register_pppox_proto(PX_PROTO_OE, &pppoe_proto);
1173 if (err)
1174 goto out_unregister_pppoe_proto;
1175
1176 dev_add_pack(&pppoes_ptype);
1177 dev_add_pack(&pppoed_ptype);
1178 register_netdevice_notifier(&pppoe_notifier);
1179
1180 return 0;
1181
1182out_unregister_pppoe_proto:
1183 proto_unregister(&pppoe_sk_proto);
1184out_unregister_net_ops:
1185 unregister_pernet_device(&pppoe_net_ops);
1186out:
1187 return err;
1188}
1189
1190static void __exit pppoe_exit(void)
1191{
1192 unregister_netdevice_notifier(&pppoe_notifier);
1193 dev_remove_pack(&pppoed_ptype);
1194 dev_remove_pack(&pppoes_ptype);
1195 unregister_pppox_proto(PX_PROTO_OE);
1196 proto_unregister(&pppoe_sk_proto);
1197 unregister_pernet_device(&pppoe_net_ops);
1198}
1199
1200module_init(pppoe_init);
1201module_exit(pppoe_exit);
1202
1203MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>");
1204MODULE_DESCRIPTION("PPP over Ethernet driver");
1205MODULE_LICENSE("GPL");
1206MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OE);
1207