pppoe.c source code [linux/drivers/net/ppp/pppoe.c]

1	/** -- linux-c -- ***********************************************************
2	* Linux PPP over Ethernet (PPPoX/PPPoE) Sockets
3	*
4	* PPPoX --- Generic PPP encapsulation socket family
5	* PPPoE --- PPP over Ethernet (RFC 2516)
6	*
7	*
8	* Version: 0.7.0
9	*
10	* 070228 : Fix to allow multiple sessions with same remote MAC and same
11	* session id by including the local device ifindex in the
12	* tuple identifying a session. This also ensures packets can't
13	* be injected into a session from interfaces other than the one
14	* specified by userspace. Florian Zumbiehl <florz@florz.de>
15	* (Oh, BTW, this one is YYMMDD, in case you were wondering ...)
16	* 220102 : Fix module use count on failure in pppoe_create, pppox_sk -acme
17	* 030700 : Fixed connect logic to allow for disconnect.
18	* 270700 : Fixed potential SMP problems; we must protect against
19	* simultaneous invocation of ppp_input
20	* and ppp_unregister_channel.
21	* 040800 : Respect reference count mechanisms on net-devices.
22	* 200800 : fix kfree(skb) in pppoe_rcv (acme)
23	* Module reference count is decremented in the right spot now,
24	* guards against sock_put not actually freeing the sk
25	* in pppoe_release.
26	* 051000 : Initialization cleanup.
27	* 111100 : Fix recvmsg.
28	* 050101 : Fix PADT procesing.
29	* 140501 : Use pppoe_rcv_core to handle all backlog. (Alexey)
30	* 170701 : Do not lock_sock with rwlock held. (DaveM)
31	* Ignore discovery frames if user has socket
32	* locked. (DaveM)
33	* Ignore return value of dev_queue_xmit in __pppoe_xmit
34	* or else we may kfree an SKB twice. (DaveM)
35	* 190701 : When doing copies of skb's in __pppoe_xmit, always delete
36	* the original skb that was passed in on success, never on
37	* failure. Delete the copy of the skb on failure to avoid
38	* a memory leak.
39	* 081001 : Misc. cleanup (licence string, non-blocking, prevent
40	* reference of device on close).
41	* 121301 : New ppp channels interface; cannot unregister a channel
42	* from interrupts. Thus, we mark the socket as a ZOMBIE
43	* and do the unregistration later.
44	* 081002 : seq_file support for proc stuff -acme
45	* 111602 : Merge all 2.4 fixes into 2.5/2.6 tree. Label 2.5/2.6
46	* as version 0.7. Spacing cleanup.
47	* Author: Michal Ostrowski <mostrows@speakeasy.net>
48	* Contributors:
49	* Arnaldo Carvalho de Melo <acme@conectiva.com.br>
50	* David S. Miller (davem@redhat.com)
51	*
52	* License:
53	* This program is free software; you can redistribute it and/or
54	* modify it under the terms of the GNU General Public License
55	* as published by the Free Software Foundation; either version
56	* 2 of the License, or (at your option) any later version.
57	*
58	*/
59
60	#include <linux/string.h>
61	#include <linux/module.h>
62	#include <linux/kernel.h>
63	#include <linux/slab.h>
64	#include <linux/errno.h>
65	#include <linux/netdevice.h>
66	#include <linux/net.h>
67	#include <linux/inetdevice.h>
68	#include <linux/etherdevice.h>
69	#include <linux/skbuff.h>
70	#include <linux/init.h>
71	#include <linux/if_ether.h>
72	#include <linux/if_pppox.h>
73	#include <linux/ppp_channel.h>
74	#include <linux/ppp_defs.h>
75	#include <linux/ppp-ioctl.h>
76	#include <linux/notifier.h>
77	#include <linux/file.h>
78	#include <linux/proc_fs.h>
79	#include <linux/seq_file.h>
80
81	#include <linux/nsproxy.h>
82	#include <net/net_namespace.h>
83	#include <net/netns/generic.h>
84	#include <net/sock.h>
85
86	#include <linux/uaccess.h>
87
88	#define PPPOE_HASH_BITS 4
89	#define PPPOE_HASH_SIZE (1 << PPPOE_HASH_BITS)
90	#define PPPOE_HASH_MASK (PPPOE_HASH_SIZE - 1)
91
92	static int __pppoe_xmit(struct sock sk, struct* sk_buff *skb);
93
94	static const struct proto_ops pppoe_ops;
95	static const struct ppp_channel_ops pppoe_chan_ops;
96
97	/ per-net private data for this module /
98	static unsigned int pppoe_net_id __read_mostly;
99	struct pppoe_net {
100	/*
101	* we could use _single_ hash table for all
102	* nets by injecting net id into the hash but
103	* it would increase hash chains and add
104	* a few additional math comparations messy
105	* as well, moreover in case of SMP less locking
106	* controversy here
107	*/
108	struct pppox_sock *hash_table[PPPOE_HASH_SIZE];
109	rwlock_t hash_lock;
110	};
111
112	/*
113	* PPPoE could be in the following stages:
114	* 1) Discovery stage (to obtain remote MAC and Session ID)
115	* 2) Session stage (MAC and SID are known)
116	*
117	* Ethernet frames have a special tag for this but
118	* we use simpler approach based on session id
119	*/
120	static inline bool stage_session(__be16 sid)
121	{
122	return sid != `0`;
123	}
124
125	static inline struct pppoe_net pppoe_pernet(struct* net *net)
126	{
127	BUG_ON(!net);
128
129	return net_generic(net, pppoe_net_id);
130	}
131
132	static inline int cmp_2_addr(struct pppoe_addr a, struct* pppoe_addr *b)
133	{
134	return a->sid == b->sid && ether_addr_equal(a->remote, b->remote);
135	}
136
137	static inline int cmp_addr(struct pppoe_addr a, __be16 sid, char* *addr)
138	{
139	return a->sid == sid && ether_addr_equal(a->remote, addr);
140	}
141
142	#if 8 % PPPOE_HASH_BITS
143	#error 8 must be a multiple of PPPOE_HASH_BITS
144	#endif
145
146	static int hash_item(__be16 sid, unsigned char *addr)
147	{
148	unsigned char hash = `0`;
149	unsigned int i;
150
151	for (i = `0`; i < ETH_ALEN; i++)
152	hash ^= addr[i];
153	for (i = `0`; i < sizeof(sid_t) * `8`; i += `8`)
154	hash ^= (__force __u32)sid >> i;
155	for (i = `8`; (i >>= `1`) >= PPPOE_HASH_BITS;)
156	hash ^= hash >> i;
157
158	return hash & PPPOE_HASH_MASK;
159	}
160
161	/**********************************************************************
162	*
163	* Set/get/delete/rehash items (internal versions)
164	*
165	**********************************************************************/
166	static struct pppox_sock __get_item(struct* pppoe_net *pn, __be16 sid,
167	unsigned char addr, int* ifindex)
168	{
169	int hash = hash_item(sid, addr);
170	struct pppox_sock *ret;
171
172	ret = pn->hash_table[hash];
173	while (ret) {
174	if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
175	ret->pppoe_ifindex == ifindex)
176	return ret;
177
178	ret = ret->next;
179	}
180
181	return NULL;
182	}
183
184	static int __set_item(struct pppoe_net pn, struct* pppox_sock *po)
185	{
186	int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
187	struct pppox_sock *ret;
188
189	ret = pn->hash_table[hash];
190	while (ret) {
191	if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) &&
192	ret->pppoe_ifindex == po->pppoe_ifindex)
193	return -EALREADY;
194
195	ret = ret->next;
196	}
197
198	po->next = pn->hash_table[hash];
199	pn->hash_table[hash] = po;
200
201	return `0`;
202	}
203
204	static void __delete_item(struct pppoe_net *pn, __be16 sid,
205	char addr, int* ifindex)
206	{
207	int hash = hash_item(sid, addr);
208	struct pppox_sock ret, *src;
209
210	ret = pn->hash_table[hash];
211	src = &pn->hash_table[hash];
212
213	while (ret) {
214	if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
215	ret->pppoe_ifindex == ifindex) {
216	*src = ret->next;
217	break;
218	}
219
220	src = &ret->next;
221	ret = ret->next;
222	}
223	}
224
225	/**********************************************************************
226	*
227	* Set/get/delete/rehash items
228	*
229	**********************************************************************/
230	static inline struct pppox_sock get_item(struct* pppoe_net *pn, __be16 sid,
231	unsigned char addr, int* ifindex)
232	{
233	struct pppox_sock *po;
234
235	read_lock_bh(&pn->hash_lock);
236	po = __get_item(pn, sid, addr, ifindex);
237	if (po)
238	sock_hold(sk_pppox(po));
239	read_unlock_bh(&pn->hash_lock);
240
241	return po;
242	}
243
244	static inline struct pppox_sock get_item_by_addr(struct* net *net,
245	struct sockaddr_pppox *sp)
246	{
247	struct net_device *dev;
248	struct pppoe_net *pn;
249	struct pppox_sock *pppox_sock = NULL;
250
251	int ifindex;
252
253	rcu_read_lock();
254	dev = dev_get_by_name_rcu(net, sp->sa_addr.pppoe.dev);
255	if (dev) {
256	ifindex = dev->ifindex;
257	pn = pppoe_pernet(net);
258	pppox_sock = get_item(pn, sp->sa_addr.pppoe.sid,
259	sp->sa_addr.pppoe.remote, ifindex);
260	}
261	rcu_read_unlock();
262	return pppox_sock;
263	}
264
265	static inline void delete_item(struct pppoe_net *pn, __be16 sid,
266	char addr, int* ifindex)
267	{
268	write_lock_bh(&pn->hash_lock);
269	__delete_item(pn, sid, addr, ifindex);
270	write_unlock_bh(&pn->hash_lock);
271	}
272
273	/***************************************************************************
274	*
275	* Handler for device events.
276	* Certain device events require that sockets be unconnected.
277	*
278	**************************************************************************/
279
280	static void pppoe_flush_dev(struct net_device *dev)
281	{
282	struct pppoe_net *pn;
283	int i;
284
285	pn = pppoe_pernet(dev_net(dev));
286	write_lock_bh(&pn->hash_lock);
287	for (i = `0`; i < PPPOE_HASH_SIZE; i++) {
288	struct pppox_sock *po = pn->hash_table[i];
289	struct sock *sk;
290
291	while (po) {
292	while (po && po->pppoe_dev != dev) {
293	po = po->next;
294	}
295
296	if (!po)
297	break;
298
299	sk = sk_pppox(po);
300
301	/ We always grab the socket lock, followed by the*
302	* hash_lock, in that order. Since we should hold the
303	* sock lock while doing any unbinding, we need to
304	* release the lock we're holding. Hold a reference to
305	* the sock so it doesn't disappear as we're jumping
306	* between locks.
307	*/
308
309	sock_hold(sk);
310	write_unlock_bh(&pn->hash_lock);
311	lock_sock(sk);
312
313	if (po->pppoe_dev == dev &&
314	sk->sk_state & (PPPOX_CONNECTED \| PPPOX_BOUND)) {
315	pppox_unbind_sock(sk);
316	sk->sk_state_change(sk);
317	po->pppoe_dev = NULL;
318	dev_put(dev);
319	}
320
321	release_sock(sk);
322	sock_put(sk);
323
324	/ Restart the process from the start of the current*
325	* hash chain. We dropped locks so the world may have
326	* change from underneath us.
327	*/
328
329	BUG_ON(pppoe_pernet(dev_net(dev)) == NULL);
330	write_lock_bh(&pn->hash_lock);
331	po = pn->hash_table[i];
332	}
333	}
334	write_unlock_bh(&pn->hash_lock);
335	}
336
337	static int pppoe_device_event(struct notifier_block *this,
338	unsigned long event, void *ptr)
339	{
340	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
341
342	/ Only look at sockets that are using this specific device. /
343	switch (event) {
344	case NETDEV_CHANGEADDR:
345	case NETDEV_CHANGEMTU:
346	/ A change in mtu or address is a bad thing, requiring*
347	* LCP re-negotiation.
348	*/
349
350	case NETDEV_GOING_DOWN:
351	case NETDEV_DOWN:
352	/ Find every socket on this device and kill it. /
353	pppoe_flush_dev(dev);
354	break;
355
356	default:
357	break;
358	}
359
360	return NOTIFY_DONE;
361	}
362
363	static struct notifier_block pppoe_notifier = {
364	.notifier_call = pppoe_device_event,
365	};
366
367	/************************************************************************
368	*
369	* Do the real work of receiving a PPPoE Session frame.
370	*
371	***********************************************************************/
372	static int pppoe_rcv_core(struct sock sk, struct* sk_buff *skb)
373	{
374	struct pppox_sock *po = pppox_sk(sk);
375	struct pppox_sock *relay_po;
376
377	/ Backlog receive. Semantics of backlog rcv preclude any code from*
378	* executing in lock_sock()/release_sock() bounds; meaning sk->sk_state
379	* can't change.
380	*/
381
382	if (skb->pkt_type == PACKET_OTHERHOST)
383	goto abort_kfree;
384
385	if (sk->sk_state & PPPOX_BOUND) {
386	ppp_input(&po->chan, skb);
387	} else if (sk->sk_state & PPPOX_RELAY) {
388	relay_po = get_item_by_addr(sock_net(sk),
389	&po->pppoe_relay);
390	if (relay_po == NULL)
391	goto abort_kfree;
392
393	if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == `0`)
394	goto abort_put;
395
396	if (!__pppoe_xmit(sk_pppox(relay_po), skb))
397	goto abort_put;
398
399	sock_put(sk_pppox(relay_po));
400	} else {
401	if (sock_queue_rcv_skb(sk, skb))
402	goto abort_kfree;
403	}
404
405	return NET_RX_SUCCESS;
406
407	abort_put:
408	sock_put(sk_pppox(relay_po));
409
410	abort_kfree:
411	kfree_skb(skb);
412	return NET_RX_DROP;
413	}
414
415	/************************************************************************
416	*
417	* Receive wrapper called in BH context.
418	*
419	***********************************************************************/
420	static int pppoe_rcv(struct sk_buff skb, struct* net_device *dev,
421	struct packet_type pt, struct* net_device *orig_dev)
422	{
423	struct pppoe_hdr *ph;
424	struct pppox_sock *po;
425	struct pppoe_net *pn;
426	int len;
427
428	skb = skb_share_check(skb, GFP_ATOMIC);
429	if (!skb)
430	goto out;
431
432	if (skb_mac_header_len(skb) < ETH_HLEN)
433	goto drop;
434
435	if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
436	goto drop;
437
438	ph = pppoe_hdr(skb);
439	len = ntohs(ph->length);
440
441	skb_pull_rcsum(skb, sizeof(*ph));
442	if (skb->len < len)
443	goto drop;
444
445	if (pskb_trim_rcsum(skb, len))
446	goto drop;
447
448	ph = pppoe_hdr(skb);
449	pn = pppoe_pernet(dev_net(dev));
450
451	/ Note that get_item does a sock_hold(), so sk_pppox(po)*
452	* is known to be safe.
453	*/
454	po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
455	if (!po)
456	goto drop;
457
458	return sk_receive_skb(sk_pppox(po), skb, `0`);
459
460	drop:
461	kfree_skb(skb);
462	out:
463	return NET_RX_DROP;
464	}
465
466	static void pppoe_unbind_sock_work(struct work_struct *work)
467	{
468	struct pppox_sock po = container_of(work, struct* pppox_sock,
469	proto.pppoe.padt_work);
470	struct sock *sk = sk_pppox(po);
471
472	lock_sock(sk);
473	if (po->pppoe_dev) {
474	dev_put(po->pppoe_dev);
475	po->pppoe_dev = NULL;
476	}
477	pppox_unbind_sock(sk);
478	release_sock(sk);
479	sock_put(sk);
480	}
481
482	/************************************************************************
483	*
484	* Receive a PPPoE Discovery frame.
485	* This is solely for detection of PADT frames
486	*
487	***********************************************************************/
488	static int pppoe_disc_rcv(struct sk_buff skb, struct* net_device *dev,
489	struct packet_type pt, struct* net_device *orig_dev)
490
491	{
492	struct pppoe_hdr *ph;
493	struct pppox_sock *po;
494	struct pppoe_net *pn;
495
496	skb = skb_share_check(skb, GFP_ATOMIC);
497	if (!skb)
498	goto out;
499
500	if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
501	goto abort;
502
503	ph = pppoe_hdr(skb);
504	if (ph->code != PADT_CODE)
505	goto abort;
506
507	pn = pppoe_pernet(dev_net(dev));
508	po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
509	if (po)
510	if (!schedule_work(&po->proto.pppoe.padt_work))
511	sock_put(sk_pppox(po));
512
513	abort:
514	kfree_skb(skb);
515	out:
516	return NET_RX_SUCCESS; / Lies... :-) /
517	}
518
519	static struct packet_type pppoes_ptype __read_mostly = {
520	.type = cpu_to_be16(ETH_P_PPP_SES),
521	.func = pppoe_rcv,
522	};
523
524	static struct packet_type pppoed_ptype __read_mostly = {
525	.type = cpu_to_be16(ETH_P_PPP_DISC),
526	.func = pppoe_disc_rcv,
527	};
528
529	static struct proto pppoe_sk_proto __read_mostly = {
530	.name = "PPPOE",
531	.owner = THIS_MODULE,
532	.obj_size = sizeof(struct pppox_sock),
533	};
534
535	/***********************************************************************
536	*
537	* Initialize a new struct sock.
538	*
539	**********************************************************************/
540	static int pppoe_create(struct net net, struct* socket sock, int* kern)
541	{
542	struct sock *sk;
543
544	sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto, kern);
545	if (!sk)
546	return -ENOMEM;
547
548	sock_init_data(sock, sk);
549
550	sock->state = SS_UNCONNECTED;
551	sock->ops = &pppoe_ops;
552
553	sk->sk_backlog_rcv = pppoe_rcv_core;
554	sk->sk_state = PPPOX_NONE;
555	sk->sk_type = SOCK_STREAM;
556	sk->sk_family = PF_PPPOX;
557	sk->sk_protocol = PX_PROTO_OE;
558
559	INIT_WORK(&pppox_sk(sk)->proto.pppoe.padt_work,
560	pppoe_unbind_sock_work);
561
562	return `0`;
563	}
564
565	static int pppoe_release(struct socket *sock)
566	{
567	struct sock *sk = sock->sk;
568	struct pppox_sock *po;
569	struct pppoe_net *pn;
570	struct net *net = NULL;
571
572	if (!sk)
573	return `0`;
574
575	lock_sock(sk);
576	if (sock_flag(sk, SOCK_DEAD)) {
577	release_sock(sk);
578	return -EBADF;
579	}
580
581	po = pppox_sk(sk);
582
583	if (po->pppoe_dev) {
584	dev_put(po->pppoe_dev);
585	po->pppoe_dev = NULL;
586	}
587
588	pppox_unbind_sock(sk);
589
590	/ Signal the death of the socket. /
591	sk->sk_state = PPPOX_DEAD;
592
593	net = sock_net(sk);
594	pn = pppoe_pernet(net);
595
596	/*
597	* protect "po" from concurrent updates
598	* on pppoe_flush_dev
599	*/
600	delete_item(pn, po->pppoe_pa.sid, po->pppoe_pa.remote,
601	po->pppoe_ifindex);
602
603	sock_orphan(sk);
604	sock->sk = NULL;
605
606	skb_queue_purge(&sk->sk_receive_queue);
607	release_sock(sk);
608	sock_put(sk);
609
610	return `0`;
611	}
612
613	static int pppoe_connect(struct socket sock, struct* sockaddr *uservaddr,
614	int sockaddr_len, int flags)
615	{
616	struct sock *sk = sock->sk;
617	struct sockaddr_pppox sp = (struct* sockaddr_pppox *)uservaddr;
618	struct pppox_sock *po = pppox_sk(sk);
619	struct net_device *dev = NULL;
620	struct pppoe_net *pn;
621	struct net *net = NULL;
622	int error;
623
624	lock_sock(sk);
625
626	error = -EINVAL;
627
628	if (sockaddr_len != sizeof(struct sockaddr_pppox))
629	goto end;
630
631	if (sp->sa_protocol != PX_PROTO_OE)
632	goto end;
633
634	/ Check for already bound sockets /
635	error = -EBUSY;
636	if ((sk->sk_state & PPPOX_CONNECTED) &&
637	stage_session(sp->sa_addr.pppoe.sid))
638	goto end;
639
640	/ Check for already disconnected sockets, on attempts to disconnect /
641	error = -EALREADY;
642	if ((sk->sk_state & PPPOX_DEAD) &&
643	!stage_session(sp->sa_addr.pppoe.sid))
644	goto end;
645
646	error = `0`;
647
648	/ Delete the old binding /
649	if (stage_session(po->pppoe_pa.sid)) {
650	pppox_unbind_sock(sk);
651	pn = pppoe_pernet(sock_net(sk));
652	delete_item(pn, po->pppoe_pa.sid,
653	po->pppoe_pa.remote, po->pppoe_ifindex);
654	if (po->pppoe_dev) {
655	dev_put(po->pppoe_dev);
656	po->pppoe_dev = NULL;
657	}
658
659	po->pppoe_ifindex = `0`;
660	memset(&po->pppoe_pa, `0`, sizeof(po->pppoe_pa));
661	memset(&po->pppoe_relay, `0`, sizeof(po->pppoe_relay));
662	memset(&po->chan, `0`, sizeof(po->chan));
663	po->next = NULL;
664	po->num = `0`;
665
666	sk->sk_state = PPPOX_NONE;
667	}
668
669	/ Re-bind in session stage only /
670	if (stage_session(sp->sa_addr.pppoe.sid)) {
671	error = -ENODEV;
672	net = sock_net(sk);
673	dev = dev_get_by_name(net, sp->sa_addr.pppoe.dev);
674	if (!dev)
675	goto err_put;
676
677	po->pppoe_dev = dev;
678	po->pppoe_ifindex = dev->ifindex;
679	pn = pppoe_pernet(net);
680	if (!(dev->flags & IFF_UP)) {
681	goto err_put;
682	}
683
684	memcpy(&po->pppoe_pa,
685	&sp->sa_addr.pppoe,
686	sizeof(struct pppoe_addr));
687
688	write_lock_bh(&pn->hash_lock);
689	error = __set_item(pn, po);
690	write_unlock_bh(&pn->hash_lock);
691	if (error < `0`)
692	goto err_put;
693
694	po->chan.hdrlen = (sizeof(struct pppoe_hdr) +
695	dev->hard_header_len);
696
697	po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr) - `2`;
698	po->chan.private = sk;
699	po->chan.ops = &pppoe_chan_ops;
700
701	error = ppp_register_net_channel(dev_net(dev), &po->chan);
702	if (error) {
703	delete_item(pn, po->pppoe_pa.sid,
704	po->pppoe_pa.remote, po->pppoe_ifindex);
705	goto err_put;
706	}
707
708	sk->sk_state = PPPOX_CONNECTED;
709	}
710
711	po->num = sp->sa_addr.pppoe.sid;
712
713	end:
714	release_sock(sk);
715	return error;
716	err_put:
717	if (po->pppoe_dev) {
718	dev_put(po->pppoe_dev);
719	po->pppoe_dev = NULL;
720	}
721	goto end;
722	}
723
724	static int pppoe_getname(struct socket sock, struct* sockaddr *uaddr,
725	int peer)
726	{
727	int len = sizeof(struct sockaddr_pppox);
728	struct sockaddr_pppox sp;
729
730	sp.sa_family = AF_PPPOX;
731	sp.sa_protocol = PX_PROTO_OE;
732	memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa,
733	sizeof(struct pppoe_addr));
734
735	memcpy(uaddr, &sp, len);
736
737	return len;
738	}
739
740	static int pppoe_ioctl(struct socket sock, unsigned* int cmd,
741	unsigned long arg)
742	{
743	struct sock *sk = sock->sk;
744	struct pppox_sock *po = pppox_sk(sk);
745	int val;
746	int err;
747
748	switch (cmd) {
749	case PPPIOCGMRU:
750	err = -ENXIO;
751	if (!(sk->sk_state & PPPOX_CONNECTED))
752	break;
753
754	err = -EFAULT;
755	if (put_user(po->pppoe_dev->mtu -
756	sizeof(struct pppoe_hdr) -
757	PPP_HDRLEN,
758	(int __user *)arg))
759	break;
760	err = `0`;
761	break;
762
763	case PPPIOCSMRU:
764	err = -ENXIO;
765	if (!(sk->sk_state & PPPOX_CONNECTED))
766	break;
767
768	err = -EFAULT;
769	if (get_user(val, (int __user *)arg))
770	break;
771
772	if (val < (po->pppoe_dev->mtu
773	- sizeof(struct pppoe_hdr)
774	- PPP_HDRLEN))
775	err = `0`;
776	else
777	err = -EINVAL;
778	break;
779
780	case PPPIOCSFLAGS:
781	err = -EFAULT;
782	if (get_user(val, (int __user *)arg))
783	break;
784	err = `0`;
785	break;
786
787	case PPPOEIOCSFWD:
788	{
789	struct pppox_sock *relay_po;
790
791	err = -EBUSY;
792	if (sk->sk_state & (PPPOX_BOUND \| PPPOX_DEAD))
793	break;
794
795	err = -ENOTCONN;
796	if (!(sk->sk_state & PPPOX_CONNECTED))
797	break;
798
799	/ PPPoE address from the user specifies an outbound*
800	PPPoE address which frames are forwarded to /*
801	err = -EFAULT;
802	if (copy_from_user(&po->pppoe_relay,
803	(void __user *)arg,
804	sizeof(struct sockaddr_pppox)))
805	break;
806
807	err = -EINVAL;
808	if (po->pppoe_relay.sa_family != AF_PPPOX \|\|
809	po->pppoe_relay.sa_protocol != PX_PROTO_OE)
810	break;
811
812	/ Check that the socket referenced by the address*
813	actually exists. /*
814	relay_po = get_item_by_addr(sock_net(sk), &po->pppoe_relay);
815	if (!relay_po)
816	break;
817
818	sock_put(sk_pppox(relay_po));
819	sk->sk_state \|= PPPOX_RELAY;
820	err = `0`;
821	break;
822	}
823
824	case PPPOEIOCDFWD:
825	err = -EALREADY;
826	if (!(sk->sk_state & PPPOX_RELAY))
827	break;
828
829	sk->sk_state &= ~PPPOX_RELAY;
830	err = `0`;
831	break;
832
833	default:
834	err = -ENOTTY;
835	}
836
837	return err;
838	}
839
840	static int pppoe_sendmsg(struct socket sock, struct* msghdr *m,
841	size_t total_len)
842	{
843	struct sk_buff *skb;
844	struct sock *sk = sock->sk;
845	struct pppox_sock *po = pppox_sk(sk);
846	int error;
847	struct pppoe_hdr hdr;
848	struct pppoe_hdr *ph;
849	struct net_device *dev;
850	char *start;
851	int hlen;
852
853	lock_sock(sk);
854	if (sock_flag(sk, SOCK_DEAD) \|\| !(sk->sk_state & PPPOX_CONNECTED)) {
855	error = -ENOTCONN;
856	goto end;
857	}
858
859	hdr.ver = `1`;
860	hdr.type = `1`;
861	hdr.code = `0`;
862	hdr.sid = po->num;
863
864	dev = po->pppoe_dev;
865
866	error = -EMSGSIZE;
867	if (total_len > (dev->mtu + dev->hard_header_len))
868	goto end;
869
870	hlen = LL_RESERVED_SPACE(dev);
871	skb = sock_wmalloc(sk, hlen + sizeof(*ph) + total_len +
872	dev->needed_tailroom, `0`, GFP_KERNEL);
873	if (!skb) {
874	error = -ENOMEM;
875	goto end;
876	}
877
878	/ Reserve space for headers. /
879	skb_reserve(skb, hlen);
880	skb_reset_network_header(skb);
881
882	skb->dev = dev;
883
884	skb->priority = sk->sk_priority;
885	skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
886
887	ph = skb_put(skb, total_len + sizeof(struct pppoe_hdr));
888	start = (char *)&ph->tag[`0`];
889
890	error = memcpy_from_msg(start, m, total_len);
891	if (error < `0`) {
892	kfree_skb(skb);
893	goto end;
894	}
895
896	error = total_len;
897	dev_hard_header(skb, dev, ETH_P_PPP_SES,
898	po->pppoe_pa.remote, NULL, total_len);
899
900	memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
901
902	ph->length = htons(total_len);
903
904	dev_queue_xmit(skb);
905
906	end:
907	release_sock(sk);
908	return error;
909	}
910
911	/************************************************************************
912	*
913	* xmit function for internal use.
914	*
915	***********************************************************************/
916	static int __pppoe_xmit(struct sock sk, struct* sk_buff *skb)
917	{
918	struct pppox_sock *po = pppox_sk(sk);
919	struct net_device *dev = po->pppoe_dev;
920	struct pppoe_hdr *ph;
921	int data_len = skb->len;
922
923	/ The higher-level PPP code (ppp_unregister_channel()) ensures the PPP*
924	* xmit operations conclude prior to an unregistration call. Thus
925	* sk->sk_state cannot change, so we don't need to do lock_sock().
926	* But, we also can't do a lock_sock since that introduces a potential
927	* deadlock as we'd reverse the lock ordering used when calling
928	* ppp_unregister_channel().
929	*/
930
931	if (sock_flag(sk, SOCK_DEAD) \|\| !(sk->sk_state & PPPOX_CONNECTED))
932	goto abort;
933
934	if (!dev)
935	goto abort;
936
937	/ Copy the data if there is no space for the header or if it's*
938	* read-only.
939	*/
940	if (skb_cow_head(skb, LL_RESERVED_SPACE(dev) + sizeof(*ph)))
941	goto abort;
942
943	__skb_push(skb, sizeof(*ph));
944	skb_reset_network_header(skb);
945
946	ph = pppoe_hdr(skb);
947	ph->ver = `1`;
948	ph->type = `1`;
949	ph->code = `0`;
950	ph->sid = po->num;
951	ph->length = htons(data_len);
952
953	skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
954	skb->dev = dev;
955
956	dev_hard_header(skb, dev, ETH_P_PPP_SES,
957	po->pppoe_pa.remote, NULL, data_len);
958
959	dev_queue_xmit(skb);
960	return `1`;
961
962	abort:
963	kfree_skb(skb);
964	return `1`;
965	}
966
967	/************************************************************************
968	*
969	* xmit function called by generic PPP driver
970	* sends PPP frame over PPPoE socket
971	*
972	***********************************************************************/
973	static int pppoe_xmit(struct ppp_channel chan, struct* sk_buff *skb)
974	{
975	struct sock sk = (struct* sock *)chan->private;
976	return __pppoe_xmit(sk, skb);
977	}
978
979	static const struct ppp_channel_ops pppoe_chan_ops = {
980	.start_xmit = pppoe_xmit,
981	};
982
983	static int pppoe_recvmsg(struct socket sock, struct* msghdr *m,
984	size_t total_len, int flags)
985	{
986	struct sock *sk = sock->sk;
987	struct sk_buff *skb;
988	int error = `0`;
989
990	if (sk->sk_state & PPPOX_BOUND) {
991	error = -EIO;
992	goto end;
993	}
994
995	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
996	flags & MSG_DONTWAIT, &error);
997	if (error < `0`)
998	goto end;
999
1000	if (skb) {
1001	total_len = min_t(size_t, total_len, skb->len);
1002	error = skb_copy_datagram_msg(skb, `0`, m, total_len);
1003	if (error == `0`) {
1004	consume_skb(skb);
1005	return total_len;
1006	}
1007	}
1008
1009	kfree_skb(skb);
1010	end:
1011	return error;
1012	}
1013
1014	#ifdef CONFIG_PROC_FS
1015	static int pppoe_seq_show(struct seq_file seq, void* *v)
1016	{
1017	struct pppox_sock *po;
1018	char *dev_name;
1019
1020	if (v == SEQ_START_TOKEN) {
1021	seq_puts(seq, "Id Address Device\n");
1022	goto out;
1023	}
1024
1025	po = v;
1026	dev_name = po->pppoe_pa.dev;
1027
1028	seq_printf(seq, "%08X %pM %8s\n",
1029	po->pppoe_pa.sid, po->pppoe_pa.remote, dev_name);
1030	out:
1031	return `0`;
1032	}
1033
1034	static inline struct pppox_sock pppoe_get_idx(struct* pppoe_net *pn, loff_t pos)
1035	{
1036	struct pppox_sock *po;
1037	int i;
1038
1039	for (i = `0`; i < PPPOE_HASH_SIZE; i++) {
1040	po = pn->hash_table[i];
1041	while (po) {
1042	if (!pos--)
1043	goto out;
1044	po = po->next;
1045	}
1046	}
1047
1048	out:
1049	return po;
1050	}
1051
1052	static void pppoe_seq_start(struct* seq_file seq, loff_t pos)
1053	__acquires(pn->hash_lock)
1054	{
1055	struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1056	loff_t l = *pos;
1057
1058	read_lock_bh(&pn->hash_lock);
1059	return l ? pppoe_get_idx(pn, --l) : SEQ_START_TOKEN;
1060	}
1061
1062	static void pppoe_seq_next(struct* seq_file seq, void* v, loff_t pos)
1063	{
1064	struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1065	struct pppox_sock *po;
1066
1067	++*pos;
1068	if (v == SEQ_START_TOKEN) {
1069	po = pppoe_get_idx(pn, `0`);
1070	goto out;
1071	}
1072	po = v;
1073	if (po->next)
1074	po = po->next;
1075	else {
1076	int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
1077
1078	po = NULL;
1079	while (++hash < PPPOE_HASH_SIZE) {
1080	po = pn->hash_table[hash];
1081	if (po)
1082	break;
1083	}
1084	}
1085
1086	out:
1087	return po;
1088	}
1089
1090	static void pppoe_seq_stop(struct seq_file seq, void* *v)
1091	__releases(pn->hash_lock)
1092	{
1093	struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1094	read_unlock_bh(&pn->hash_lock);
1095	}
1096
1097	static const struct seq_operations pppoe_seq_ops = {
1098	.start = pppoe_seq_start,
1099	.next = pppoe_seq_next,
1100	.stop = pppoe_seq_stop,
1101	.show = pppoe_seq_show,
1102	};
1103	#endif /* CONFIG_PROC_FS */
1104
1105	static const struct proto_ops pppoe_ops = {
1106	.family = AF_PPPOX,
1107	.owner = THIS_MODULE,
1108	.release = pppoe_release,
1109	.bind = sock_no_bind,
1110	.connect = pppoe_connect,
1111	.socketpair = sock_no_socketpair,
1112	.accept = sock_no_accept,
1113	.getname = pppoe_getname,
1114	.poll = datagram_poll,
1115	.listen = sock_no_listen,
1116	.shutdown = sock_no_shutdown,
1117	.setsockopt = sock_no_setsockopt,
1118	.getsockopt = sock_no_getsockopt,
1119	.sendmsg = pppoe_sendmsg,
1120	.recvmsg = pppoe_recvmsg,
1121	.mmap = sock_no_mmap,
1122	.ioctl = pppox_ioctl,
1123	};
1124
1125	static const struct pppox_proto pppoe_proto = {
1126	.create = pppoe_create,
1127	.ioctl = pppoe_ioctl,
1128	.owner = THIS_MODULE,
1129	};
1130
1131	static __net_init int pppoe_init_net(struct net *net)
1132	{
1133	struct pppoe_net *pn = pppoe_pernet(net);
1134	struct proc_dir_entry *pde;
1135
1136	rwlock_init(&pn->hash_lock);
1137
1138	pde = proc_create_net("pppoe", `0444`, net->proc_net,
1139	&pppoe_seq_ops, sizeof(struct seq_net_private));
1140	#ifdef CONFIG_PROC_FS
1141	if (!pde)
1142	return -ENOMEM;
1143	#endif
1144
1145	return `0`;
1146	}
1147
1148	static __net_exit void pppoe_exit_net(struct net *net)
1149	{
1150	remove_proc_entry("pppoe", net->proc_net);
1151	}
1152
1153	static struct pernet_operations pppoe_net_ops = {
1154	.init = pppoe_init_net,
1155	.exit = pppoe_exit_net,
1156	.id = &pppoe_net_id,
1157	.size = sizeof(struct pppoe_net),
1158	};
1159
1160	static int __init pppoe_init(void)
1161	{
1162	int err;
1163
1164	err = register_pernet_device(&pppoe_net_ops);
1165	if (err)
1166	goto out;
1167
1168	err = proto_register(&pppoe_sk_proto, `0`);
1169	if (err)
1170	goto out_unregister_net_ops;
1171
1172	err = register_pppox_proto(PX_PROTO_OE, &pppoe_proto);
1173	if (err)
1174	goto out_unregister_pppoe_proto;
1175
1176	dev_add_pack(&pppoes_ptype);
1177	dev_add_pack(&pppoed_ptype);
1178	register_netdevice_notifier(&pppoe_notifier);
1179
1180	return `0`;
1181
1182	out_unregister_pppoe_proto:
1183	proto_unregister(&pppoe_sk_proto);
1184	out_unregister_net_ops:
1185	unregister_pernet_device(&pppoe_net_ops);
1186	out:
1187	return err;
1188	}
1189
1190	static void __exit pppoe_exit(void)
1191	{
1192	unregister_netdevice_notifier(&pppoe_notifier);
1193	dev_remove_pack(&pppoed_ptype);
1194	dev_remove_pack(&pppoes_ptype);
1195	unregister_pppox_proto(PX_PROTO_OE);
1196	proto_unregister(&pppoe_sk_proto);
1197	unregister_pernet_device(&pppoe_net_ops);
1198	}
1199
1200	module_init(pppoe_init);
1201	module_exit(pppoe_exit);
1202
1203	MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>");
1204	MODULE_DESCRIPTION("PPP over Ethernet driver");
1205	MODULE_LICENSE("GPL");
1206	MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OE);
1207

Browse the source code of linux/drivers/net/ppp/pppoe.c