1/* 2 * Point-to-Point Tunneling Protocol for Linux 3 * 4 * Authors: Kozlov D. (xeb@mail.ru) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 */ 12 13#include <linux/string.h> 14#include <linux/module.h> 15#include <linux/kernel.h> 16#include <linux/slab.h> 17#include <linux/vmalloc.h> 18#include <linux/errno.h> 19#include <linux/netdevice.h> 20#include <linux/net.h> 21#include <linux/skbuff.h> 22#include <linux/init.h> 23#include <linux/ppp_channel.h> 24#include <linux/ppp_defs.h> 25#include <linux/if_pppox.h> 26#include <linux/if_ppp.h> 27#include <linux/notifier.h> 28#include <linux/file.h> 29#include <linux/in.h> 30#include <linux/ip.h> 31#include <linux/netfilter.h> 32#include <linux/netfilter_ipv4.h> 33#include <linux/version.h> 34 35#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 36#include <asm/bitops.h> 37#endif 38 39#include <net/sock.h> 40#include <net/protocol.h> 41#include <net/ip.h> 42#include <net/icmp.h> 43#include <net/route.h> 44 45#include <asm/uaccess.h> 46 47//#define DEBUG 48//#define CONFIG_NET_IPGRE_DEMUX 49//#define HAVE_FIND_NEXT_BIT 50//#define HAVE_SKB_CLONE_WRITABLE 51 52#if defined(CONFIG_NET_IPGRE_DEMUX) || defined(CONFIG_NET_IPGRE_DEMUX_MODULE) 53#include <net/gre.h> 54#endif 55 56#define PPTP_DRIVER_VERSION "0.8.5" 57 58#ifdef DEBUG 59static int log_level=0; 60static int log_packets=10; 61#endif 62 63#define MAX_CALLID 65535 64#define PPP_LCP_ECHOREQ 0x09 65#define PPP_LCP_ECHOREP 0x0A 66 67#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,4,20) 68#define BITS_TO_LONGS(bits) \ 69 (((bits)+BITS_PER_LONG-1)/BITS_PER_LONG) 70#define DECLARE_BITMAP(name,bits) \ 71 unsigned long name[BITS_TO_LONGS(bits)] 72#define CLEAR_BITMAP(name,bits) \ 73 memset(name, 0, BITS_TO_LONGS(bits)*sizeof(unsigned long)) 74#endif 75 76static DECLARE_BITMAP(callid_bitmap, MAX_CALLID + 1); 77static struct pppox_sock **callid_sock; 78 79#define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP) 80 81#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 82#define INIT_TIMER(_timer,_routine,_data) \ 83do { \ 84 (_timer)->function=_routine; \ 85 (_timer)->data=_data; \ 86 init_timer(_timer); \ 87} while (0); 88 89static inline void *kzalloc(size_t size,int gfp) 90{ 91 void *p=kmalloc(size,gfp); 92 memset(p,0,size); 93 return p; 94} 95 96#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,4,20) 97static inline void nf_reset(struct sk_buff *skb) 98{ 99#ifdef CONFIG_NETFILTER 100 nf_conntrack_put(skb->nfct); 101 skb->nfct=NULL; 102#ifdef CONFIG_NETFILTER_DEBUG 103 skb->nf_debug=0; 104#endif 105#endif 106} 107#define __user 108#endif 109#endif 110 111#ifndef HAVE_FIND_NEXT_BIT 112/** 113 * __ffs - find first bit in word. 114 * @word: The word to search 115 * 116 * Undefined if no bit exists, so code should check against 0 first. 117 */ 118static inline unsigned long __ffs(unsigned long word) 119{ 120 int num = 0; 121 122#if BITS_PER_LONG == 64 123 if ((word & 0xffffffff) == 0) { 124 num += 32; 125 word >>= 32; 126 } 127#endif 128 if ((word & 0xffff) == 0) { 129 num += 16; 130 word >>= 16; 131 } 132 if ((word & 0xff) == 0) { 133 num += 8; 134 word >>= 8; 135 } 136 if ((word & 0xf) == 0) { 137 num += 4; 138 word >>= 4; 139 } 140 if ((word & 0x3) == 0) { 141 num += 2; 142 word >>= 2; 143 } 144 if ((word & 0x1) == 0) 145 num += 1; 146 return num; 147} 148 149#define BITOP_WORD(nr) ((nr) / BITS_PER_LONG) 150/* 151 * Find the next set bit in a memory region. 152 */ 153static unsigned long find_next_bit(const unsigned long *addr, unsigned long size, 154 unsigned long offset) 155{ 156 const unsigned long *p = addr + BITOP_WORD(offset); 157 unsigned long result = offset & ~(BITS_PER_LONG-1); 158 unsigned long tmp; 159 160 if (offset >= size) 161 return size; 162 size -= result; 163 offset %= BITS_PER_LONG; 164 if (offset) { 165 tmp = *(p++); 166 tmp &= (~0UL << offset); 167 if (size < BITS_PER_LONG) 168 goto found_first; 169 if (tmp) 170 goto found_middle; 171 size -= BITS_PER_LONG; 172 result += BITS_PER_LONG; 173 } 174 while (size & ~(BITS_PER_LONG-1)) { 175 if ((tmp = *(p++))) 176 goto found_middle; 177 result += BITS_PER_LONG; 178 size -= BITS_PER_LONG; 179 } 180 if (!size) 181 return result; 182 tmp = *p; 183 184found_first: 185 tmp &= (~0UL >> (BITS_PER_LONG - size)); 186 if (tmp == 0UL) /* Are any bits set? */ 187 return result + size; /* Nope. */ 188found_middle: 189 return result + __ffs(tmp); 190} 191#endif 192 193 194#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 195static rwlock_t chan_lock=RW_LOCK_UNLOCKED; 196#define SK_STATE(sk) (sk)->state 197#else 198static DEFINE_SPINLOCK(chan_lock); 199#define SK_STATE(sk) (sk)->sk_state 200#endif 201 202static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb); 203static int pptp_ppp_ioctl(struct ppp_channel *chan, unsigned int cmd, 204 unsigned long arg); 205static int pptp_rcv_core(struct sock *sk,struct sk_buff *skb); 206 207static struct ppp_channel_ops pptp_chan_ops= { 208 .start_xmit = pptp_xmit, 209 .ioctl=pptp_ppp_ioctl, 210}; 211 212 213#define MISSING_WINDOW 20 214#define WRAPPED( curseq, lastseq) \ 215 ((((curseq) & 0xffffff00) == 0) && \ 216 (((lastseq) & 0xffffff00 ) == 0xffffff00)) 217 218/* gre header structure: -------------------------------------------- */ 219 220#define PPTP_GRE_PROTO 0x880B 221#define PPTP_GRE_VER 0x1 222 223#define PPTP_GRE_FLAG_C 0x80 224#define PPTP_GRE_FLAG_R 0x40 225#define PPTP_GRE_FLAG_K 0x20 226#define PPTP_GRE_FLAG_S 0x10 227#define PPTP_GRE_FLAG_A 0x80 228 229#define PPTP_GRE_IS_C(f) ((f)&PPTP_GRE_FLAG_C) 230#define PPTP_GRE_IS_R(f) ((f)&PPTP_GRE_FLAG_R) 231#define PPTP_GRE_IS_K(f) ((f)&PPTP_GRE_FLAG_K) 232#define PPTP_GRE_IS_S(f) ((f)&PPTP_GRE_FLAG_S) 233#define PPTP_GRE_IS_A(f) ((f)&PPTP_GRE_FLAG_A) 234 235struct pptp_gre_header { 236 u8 flags; /* bitfield */ 237 u8 ver; /* should be PPTP_GRE_VER (enhanced GRE) */ 238 u16 protocol; /* should be PPTP_GRE_PROTO (ppp-encaps) */ 239 u16 payload_len; /* size of ppp payload, not inc. gre header */ 240 u16 call_id; /* peer's call_id for this session */ 241 u32 seq; /* sequence number. Present if S==1 */ 242 u32 ack; /* seq number of highest packet recieved by */ 243 /* sender in this session */ 244} __packed; 245#define PPTP_HEADER_OVERHEAD (2+sizeof(struct pptp_gre_header)) 246 247#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 248static struct pppox_sock * lookup_chan(u16 call_id, u32 s_addr) 249#else 250static struct pppox_sock * lookup_chan(u16 call_id, __be32 s_addr) 251#endif 252{ 253 struct pppox_sock *sock; 254 struct pptp_opt *opt; 255 256#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 257 rcu_read_lock(); 258 sock = rcu_dereference(callid_sock[call_id]); 259#else 260 read_lock(&chan_lock); 261 sock = callid_sock[call_id]; 262#endif 263 if (sock) { 264 opt=&sock->proto.pptp; 265 if (opt->dst_addr.sin_addr.s_addr!=s_addr) sock=NULL; 266 else sock_hold(sk_pppox(sock)); 267 } 268#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 269 rcu_read_unlock(); 270#else 271 read_unlock(&chan_lock); 272#endif 273 274 return sock; 275} 276 277#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 278static int lookup_chan_dst(u16 call_id, u32 d_addr) 279#else 280static int lookup_chan_dst(u16 call_id, __be32 d_addr) 281#endif 282{ 283 struct pppox_sock *sock; 284 struct pptp_opt *opt; 285 int i; 286 287#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 288 rcu_read_lock(); 289#else 290 read_lock(&chan_lock); 291#endif 292 for(i = find_next_bit(callid_bitmap,MAX_CALLID,1); i < MAX_CALLID; 293 i = find_next_bit(callid_bitmap, MAX_CALLID, i + 1)){ 294#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 295 sock = rcu_dereference(callid_sock[i]); 296#else 297 sock = callid_sock[i]; 298#endif 299 if (!sock) 300 continue; 301 opt = &sock->proto.pptp; 302 if (opt->dst_addr.call_id == call_id && opt->dst_addr.sin_addr.s_addr == d_addr) break; 303 } 304#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 305 rcu_read_unlock(); 306#else 307 read_unlock(&chan_lock); 308#endif 309 310 return i<MAX_CALLID; 311} 312 313static int add_chan(struct pppox_sock *sock) 314{ 315 static int call_id=0; 316 int res=-1; 317 318#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 319 spin_lock(&chan_lock); 320#else 321 write_lock_bh(&chan_lock); 322#endif 323 324 if (!sock->proto.pptp.src_addr.call_id) 325 { 326 call_id=find_next_zero_bit(callid_bitmap,MAX_CALLID,call_id+1); 327 if (call_id==MAX_CALLID) 328 call_id=find_next_zero_bit(callid_bitmap,MAX_CALLID,1); 329 sock->proto.pptp.src_addr.call_id=call_id; 330 } 331 else if (test_bit(sock->proto.pptp.src_addr.call_id,callid_bitmap)) 332 goto exit; 333 334#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 335 rcu_assign_pointer(callid_sock[sock->proto.pptp.src_addr.call_id],sock); 336#else 337 callid_sock[sock->proto.pptp.src_addr.call_id] = sock; 338#endif 339 set_bit(sock->proto.pptp.src_addr.call_id,callid_bitmap); 340 res=0; 341 342exit: 343 #if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 344 spin_unlock(&chan_lock); 345 #else 346 write_unlock_bh(&chan_lock); 347 #endif 348 349 return res; 350} 351 352static void del_chan(struct pppox_sock *sock) 353{ 354#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 355 spin_lock(&chan_lock); 356#else 357 write_lock_bh(&chan_lock); 358#endif 359 clear_bit(sock->proto.pptp.src_addr.call_id,callid_bitmap); 360#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 361 rcu_assign_pointer(callid_sock[sock->proto.pptp.src_addr.call_id],NULL); 362 spin_unlock(&chan_lock); 363 synchronize_rcu(); 364#else 365 callid_sock[sock->proto.pptp.src_addr.call_id] = NULL; 366 write_unlock_bh(&chan_lock); 367#endif 368} 369 370static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) 371{ 372 struct sock *sk = (struct sock *) chan->private; 373 struct pppox_sock *po = pppox_sk(sk); 374 struct pptp_opt *opt=&po->proto.pptp; 375 struct pptp_gre_header *hdr; 376 unsigned int header_len=sizeof(*hdr); 377 int err=0; 378 int islcp; 379 int len; 380 unsigned char *data; 381 u32 seq_recv; 382 383 384 struct rtable *rt; /* Route to the other host */ 385 struct net_device *tdev; /* Device to other host */ 386 struct iphdr *iph; /* Our new IP header */ 387 int max_headroom; /* The extra header space needed */ 388 389 if (SK_STATE(sk_pppox(po)) & PPPOX_DEAD) 390 goto tx_error; 391 392#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 393 { 394 struct rt_key key = { 395 .dst=opt->dst_addr.sin_addr.s_addr, 396 .src=opt->src_addr.sin_addr.s_addr, 397 .tos=RT_TOS(0), 398 }; 399 if ((err=ip_route_output_key(&rt, &key))) { 400 goto tx_error; 401 } 402 } 403#else 404 { 405 struct flowi fl = { .oif = 0, 406 .nl_u = { .ip4_u = 407 { .daddr = opt->dst_addr.sin_addr.s_addr, 408 .saddr = opt->src_addr.sin_addr.s_addr, 409 .tos = RT_TOS(0) } }, 410 .proto = IPPROTO_GRE }; 411#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25) 412 if ((err=ip_route_output_key(&rt, &fl))) { 413#else 414 if ((err=ip_route_output_key(&init_net,&rt, &fl))) { 415#endif 416 goto tx_error; 417 } 418 } 419#endif 420 tdev = rt->u.dst.dev; 421 422#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 423 max_headroom = ((tdev->hard_header_len+15)&~15) + sizeof(*iph)+sizeof(*hdr)+2; 424#else 425 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(*iph)+sizeof(*hdr)+2; 426#endif 427 428#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) && !defined(HAVE_SKB_CLONE_WRITABLE) 429 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) { 430#else 431 if (skb_headroom(skb) < max_headroom || skb_shared(skb) || 432 (skb_cloned(skb) && !skb_clone_writable(skb,0))) { 433#endif 434 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); 435 if (!new_skb) { 436 ip_rt_put(rt); 437 goto tx_error; 438 } 439 if (skb->sk) 440 skb_set_owner_w(new_skb, skb->sk); 441 kfree_skb(skb); 442 skb = new_skb; 443 } 444 445 data=skb->data; 446 islcp=((data[0] << 8) + data[1])== PPP_LCP && 1 <= data[2] && data[2] <= 7; 447 448 /* compress protocol field */ 449 if ((opt->ppp_flags & SC_COMP_PROT) && data[0]==0 && !islcp) 450 skb_pull(skb,1); 451 452 /* 453 * Put in the address/control bytes if necessary 454 */ 455 if ((opt->ppp_flags & SC_COMP_AC) == 0 || islcp) { 456 data=skb_push(skb,2); 457 data[0]=PPP_ALLSTATIONS; 458 data[1]=PPP_UI; 459 } 460 461 len=skb->len; 462 463 seq_recv = opt->seq_recv; 464 465 if (opt->ack_sent == seq_recv) header_len-=sizeof(hdr->ack); 466 467 // Push down and install GRE header 468 skb_push(skb,header_len); 469 hdr=(struct pptp_gre_header *)(skb->data); 470 471 hdr->flags = PPTP_GRE_FLAG_K; 472 hdr->ver = PPTP_GRE_VER; 473 hdr->protocol = htons(PPTP_GRE_PROTO); 474 hdr->call_id = htons(opt->dst_addr.call_id); 475 476 hdr->flags |= PPTP_GRE_FLAG_S; 477 hdr->seq = htonl(++opt->seq_sent); 478#ifdef DEBUG 479 if (log_level>=3 && opt->seq_sent<=log_packets) 480 printk(KERN_INFO"PPTP[%i]: send packet: seq=%i",opt->src_addr.call_id,opt->seq_sent); 481#endif 482 if (opt->ack_sent != seq_recv) { 483 /* send ack with this message */ 484 hdr->ver |= PPTP_GRE_FLAG_A; 485 hdr->ack = htonl(seq_recv); 486 opt->ack_sent = seq_recv; 487#ifdef DEBUG 488 if (log_level>=3 && opt->seq_sent<=log_packets) 489 printk(" ack=%i",seq_recv); 490#endif 491 } 492 hdr->payload_len = htons(len); 493#ifdef DEBUG 494 if (log_level>=3 && opt->seq_sent<=log_packets) 495 printk("\n"); 496#endif 497 498 /* 499 * Push down and install the IP header. 500 */ 501 502#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31) 503 skb_reset_transport_header(skb); 504 skb_push(skb, sizeof(*iph)); 505 skb_reset_network_header(skb); 506#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) 507 skb->transport_header = skb->network_header; 508 skb_push(skb, sizeof(*iph)); 509 skb_reset_network_header(skb); 510#else 511 skb->h.raw = skb->nh.raw; 512 skb->nh.raw = skb_push(skb, sizeof(*iph)); 513#endif 514 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 515#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) 516 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | 517 IPSKB_REROUTED); 518#endif 519 520#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) 521 iph = ip_hdr(skb); 522#else 523 iph = skb->nh.iph; 524#endif 525 iph->version = 4; 526 iph->ihl = sizeof(struct iphdr) >> 2; 527 if (ip_dont_fragment(sk, &rt->u.dst)) 528 iph->frag_off = htons(IP_DF); 529 else 530 iph->frag_off = 0; 531 iph->protocol = IPPROTO_GRE; 532 iph->tos = 0; 533 iph->daddr = rt->rt_dst; 534 iph->saddr = rt->rt_src; 535#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 536 iph->ttl = sk->protinfo.af_inet.ttl; 537#else 538 iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT); 539#endif 540 iph->tot_len = htons(skb->len); 541 542#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31) 543 skb_dst_drop(skb); 544 skb_dst_set(skb,&rt->u.dst); 545#else 546 dst_release(skb->dst); 547 skb->dst = &rt->u.dst; 548#endif 549 550 nf_reset(skb); 551 552 skb->ip_summed = CHECKSUM_NONE; 553 ip_select_ident(iph, &rt->u.dst, NULL); 554 ip_send_check(iph); 555 556#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 557 err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, ip_send); 558#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25) 559 err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, dst_output); 560#else 561 err = ip_local_out(skb); 562#endif 563 564tx_error: 565 return 1; 566} 567 568static int pptp_rcv_core(struct sock *sk,struct sk_buff *skb) 569{ 570 struct pppox_sock *po = pppox_sk(sk); 571 struct pptp_opt *opt=&po->proto.pptp; 572 int headersize,payload_len,seq; 573 u8 *payload; 574 struct pptp_gre_header *header; 575 576 if (!(SK_STATE(sk) & PPPOX_CONNECTED)) { 577 if (sock_queue_rcv_skb(sk, skb)) 578 goto drop; 579 return NET_RX_SUCCESS; 580 } 581 582 header = (struct pptp_gre_header *)(skb->data); 583 584 /* test if acknowledgement present */ 585 if (PPTP_GRE_IS_A(header->ver)){ 586 u32 ack = (PPTP_GRE_IS_S(header->flags))? 587 header->ack:header->seq; /* ack in different place if S = 0 */ 588 589 ack = ntohl( ack); 590 591 if (ack > opt->ack_recv) opt->ack_recv = ack; 592 /* also handle sequence number wrap-around */ 593 if (WRAPPED(ack,opt->ack_recv)) opt->ack_recv = ack; 594 } 595 596 /* test if payload present */ 597 if (!PPTP_GRE_IS_S(header->flags)){ 598 goto drop; 599 } 600 601 headersize = sizeof(*header); 602 payload_len = ntohs(header->payload_len); 603 seq = ntohl(header->seq); 604 605 /* no ack present? */ 606 if (!PPTP_GRE_IS_A(header->ver)) headersize -= sizeof(header->ack); 607 /* check for incomplete packet (length smaller than expected) */ 608 if (skb->len - headersize < payload_len){ 609#ifdef DEBUG 610 if (log_level>=1) 611 printk(KERN_INFO"PPTP: discarding truncated packet (expected %d, got %d bytes)\n", 612 payload_len, skb->len - headersize); 613#endif 614 goto drop; 615 } 616 617 payload=skb->data+headersize; 618 /* check for expected sequence number */ 619 if ( seq < opt->seq_recv + 1 || WRAPPED(opt->seq_recv, seq) ){ 620 if ( (payload[0] == PPP_ALLSTATIONS) && (payload[1] == PPP_UI) && 621 (PPP_PROTOCOL(payload) == PPP_LCP) && 622 ((payload[4] == PPP_LCP_ECHOREQ) || (payload[4] == PPP_LCP_ECHOREP)) ){ 623#ifdef DEBUG 624 if ( log_level >= 1) 625 printk(KERN_INFO"PPTP[%i]: allowing old LCP Echo packet %d (expecting %d)\n", opt->src_addr.call_id, 626 seq, opt->seq_recv + 1); 627#endif 628 goto allow_packet; 629 } 630#ifdef DEBUG 631 if ( log_level >= 1) 632 printk(KERN_INFO"PPTP[%i]: discarding duplicate or old packet %d (expecting %d)\n",opt->src_addr.call_id, 633 seq, opt->seq_recv + 1); 634#endif 635 }else{ 636 opt->seq_recv = seq; 637allow_packet: 638#ifdef DEBUG 639 if ( log_level >= 3 && opt->seq_sent<=log_packets) 640 printk(KERN_INFO"PPTP[%i]: accepting packet %d size=%i (%02x %02x %02x %02x %02x %02x)\n",opt->src_addr.call_id, seq,payload_len, 641 *(payload +0), 642 *(payload +1), 643 *(payload +2), 644 *(payload +3), 645 *(payload +4), 646 *(payload +5)); 647#endif 648 649 skb_pull(skb,headersize); 650 651 if (payload[0] == PPP_ALLSTATIONS && payload[1] == PPP_UI){ 652 /* chop off address/control */ 653 if (skb->len < 3) 654 goto drop; 655 skb_pull(skb,2); 656 } 657 658 if ((*skb->data) & 1){ 659 /* protocol is compressed */ 660 skb_push(skb, 1)[0] = 0; 661 } 662 663 skb->ip_summed=CHECKSUM_NONE; 664#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21) 665 skb_set_network_header(skb,skb->head-skb->data); 666#endif 667 ppp_input(&po->chan,skb); 668 669 return NET_RX_SUCCESS; 670 } 671drop: 672 kfree_skb(skb); 673 return NET_RX_DROP; 674} 675 676static int pptp_rcv(struct sk_buff *skb) 677{ 678 struct pppox_sock *po; 679 struct pptp_gre_header *header; 680 struct iphdr *iph; 681#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0) 682 int ret; 683 struct sock *sk; 684#endif 685 686 if (skb->pkt_type != PACKET_HOST) 687 goto drop; 688 689#if !defined(CONFIG_NET_IPGRE_DEMUX) && !defined(CONFIG_NET_IPGRE_DEMUX_MODULE) 690 if (!pskb_may_pull(skb, 12)) 691 goto drop; 692#endif 693 694#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) 695 iph = ip_hdr(skb); 696#else 697 iph = skb->nh.iph; 698#endif 699 700 header = (struct pptp_gre_header *)skb->data; 701 702 if ( /* version should be 1 */ 703 ((header->ver & 0x7F) != PPTP_GRE_VER) || 704 /* PPTP-GRE protocol for PPTP */ 705 (ntohs(header->protocol) != PPTP_GRE_PROTO)|| 706 /* flag C should be clear */ 707 PPTP_GRE_IS_C(header->flags) || 708 /* flag R should be clear */ 709 PPTP_GRE_IS_R(header->flags) || 710 /* flag K should be set */ 711 (!PPTP_GRE_IS_K(header->flags)) || 712 /* routing and recursion ctrl = 0 */ 713 ((header->flags&0xF) != 0)){ 714 /* if invalid, discard this packet */ 715#ifdef DEBUG 716 if (log_level>=1) 717 printk(KERN_INFO"PPTP: Discarding GRE: %X %X %X %X %X %X\n", 718 header->ver&0x7F, ntohs(header->protocol), 719 PPTP_GRE_IS_C(header->flags), 720 PPTP_GRE_IS_R(header->flags), 721 PPTP_GRE_IS_K(header->flags), 722 header->flags & 0xF); 723#endif 724 goto drop; 725 } 726 727 728 if ((po=lookup_chan(htons(header->call_id),iph->saddr))) { 729#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31) 730 skb_dst_drop(skb); 731#else 732 dst_release(skb->dst); 733 skb->dst = NULL; 734#endif 735 nf_reset(skb); 736#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0) 737 sk=sk_pppox(po); 738 bh_lock_sock(sk); 739 /* Socket state is unknown, must put skb into backlog. */ 740 if (sk->lock.users != 0) { 741 sk_add_backlog(sk, skb); 742 ret = NET_RX_SUCCESS; 743 } else { 744 ret = pptp_rcv_core(sk, skb); 745 } 746 bh_unlock_sock(sk); 747 sock_put(sk); 748 return ret; 749 750#else /* LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0) */ 751 752#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,19) 753 return sk_receive_skb(sk_pppox(po), skb); 754#else 755 return sk_receive_skb(sk_pppox(po), skb, 0); 756#endif 757 758#endif /* LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0) */ 759 }else { 760#ifdef DEBUG 761 if (log_level>=1) 762 printk(KERN_INFO"PPTP: Discarding packet from unknown call_id %i\n",htons(header->call_id)); 763#endif 764 } 765 766drop: 767 kfree_skb(skb); 768 return NET_RX_DROP; 769} 770 771static int pptp_bind(struct socket *sock,struct sockaddr *uservaddr,int sockaddr_len) 772{ 773 struct sock *sk = sock->sk; 774 struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr; 775 struct pppox_sock *po = pppox_sk(sk); 776 struct pptp_opt *opt=&po->proto.pptp; 777 int error=0; 778 779#ifdef DEBUG 780 if (log_level>=1) 781 printk(KERN_INFO"PPTP: bind: addr=%X call_id=%i\n",sp->sa_addr.pptp.sin_addr.s_addr, 782 sp->sa_addr.pptp.call_id); 783#endif 784 lock_sock(sk); 785 786 opt->src_addr=sp->sa_addr.pptp; 787 if (add_chan(po)) 788 { 789 release_sock(sk); 790 error=-EBUSY; 791 } 792#ifdef DEBUG 793 if (log_level>=1) 794 printk(KERN_INFO"PPTP: using call_id %i\n",opt->src_addr.call_id); 795#endif 796 797 release_sock(sk); 798 return error; 799} 800 801static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr, 802 int sockaddr_len, int flags) 803{ 804 struct sock *sk = sock->sk; 805 struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr; 806 struct pppox_sock *po = pppox_sk(sk); 807 struct pptp_opt *opt = &po->proto.pptp; 808 struct rtable *rt; /* Route to the other host */ 809 int error=0; 810 811 if (sp->sa_protocol != PX_PROTO_PPTP) 812 return -EINVAL; 813 814#ifdef DEBUG 815 if (log_level>=1) 816 printk(KERN_INFO"PPTP[%i]: connect: addr=%X call_id=%i\n",opt->src_addr.call_id, 817 sp->sa_addr.pptp.sin_addr.s_addr,sp->sa_addr.pptp.call_id); 818#endif 819 820 if (lookup_chan_dst(sp->sa_addr.pptp.call_id,sp->sa_addr.pptp.sin_addr.s_addr)) 821 return -EALREADY; 822 823 lock_sock(sk); 824 /* Check for already bound sockets */ 825 if (SK_STATE(sk) & PPPOX_CONNECTED){ 826 error = -EBUSY; 827 goto end; 828 } 829 830 /* Check for already disconnected sockets, on attempts to disconnect */ 831 if (SK_STATE(sk) & PPPOX_DEAD){ 832 error = -EALREADY; 833 goto end; 834 } 835 836 if (!opt->src_addr.sin_addr.s_addr || !sp->sa_addr.pptp.sin_addr.s_addr){ 837 error = -EINVAL; 838 goto end; 839 } 840 841 po->chan.private=sk; 842 po->chan.ops=&pptp_chan_ops; 843 844#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 845 { 846 struct rt_key key = { 847 .dst=opt->dst_addr.sin_addr.s_addr, 848 .src=opt->src_addr.sin_addr.s_addr, 849 .tos=RT_TOS(0), 850 }; 851#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25) 852 if (ip_route_output_key(&rt, &key)) { 853#else 854 if (ip_route_output_key(&init_net, &rt, &key)) { 855#endif 856 error = -EHOSTUNREACH; 857 goto end; 858 } 859 } 860#else 861 { 862 struct flowi fl = { 863 .nl_u = { .ip4_u = 864 { .daddr = opt->dst_addr.sin_addr.s_addr, 865 .saddr = opt->src_addr.sin_addr.s_addr, 866 .tos = RT_CONN_FLAGS(sk) } }, 867 .proto = IPPROTO_GRE }; 868#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,18) 869 security_sk_classify_flow(sk, &fl); 870#endif 871#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25) 872 if (ip_route_output_key(&rt, &fl)){ 873#else 874 if (ip_route_output_key(&init_net, &rt, &fl)){ 875#endif 876 error = -EHOSTUNREACH; 877 goto end; 878 } 879 sk_setup_caps(sk, &rt->u.dst); 880 } 881#endif 882#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 883 po->chan.mtu=PPP_MTU; 884#else 885 po->chan.mtu=dst_mtu(&rt->u.dst); 886 if (!po->chan.mtu) po->chan.mtu=PPP_MTU; 887#endif 888 ip_rt_put(rt); 889 po->chan.mtu-=PPTP_HEADER_OVERHEAD; 890 891 po->chan.hdrlen=2+sizeof(struct pptp_gre_header); 892 error = ppp_register_channel(&po->chan); 893 if (error){ 894 printk(KERN_ERR "PPTP: failed to register PPP channel (%d)\n",error); 895 goto end; 896 } 897 898 opt->dst_addr=sp->sa_addr.pptp; 899 SK_STATE(sk) = PPPOX_CONNECTED; 900 901 end: 902 release_sock(sk); 903 return error; 904} 905 906static int pptp_getname(struct socket *sock, struct sockaddr *uaddr, 907 int *usockaddr_len, int peer) 908{ 909 int len = sizeof(struct sockaddr_pppox); 910 struct sockaddr_pppox sp; 911 912 sp.sa_family = AF_PPPOX; 913 sp.sa_protocol = PX_PROTO_PPTP; 914 sp.sa_addr.pptp=pppox_sk(sock->sk)->proto.pptp.src_addr; 915 916 memcpy(uaddr, &sp, len); 917 918 *usockaddr_len = len; 919 920 return 0; 921} 922 923static int pptp_release(struct socket *sock) 924{ 925 struct sock *sk = sock->sk; 926 struct pppox_sock *po; 927 struct pptp_opt *opt; 928 int error = 0; 929 930 if (!sk) 931 return 0; 932 933 lock_sock(sk); 934 935#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 936 if (sk->dead) 937#else 938 if (sock_flag(sk, SOCK_DEAD)) 939#endif 940 { 941 release_sock(sk); 942 return -EBADF; 943 } 944 945 po = pppox_sk(sk); 946 opt=&po->proto.pptp; 947 del_chan(po); 948 949 pppox_unbind_sock(sk); 950 SK_STATE(sk) = PPPOX_DEAD; 951 952#ifdef DEBUG 953 if (log_level>=1) 954 printk(KERN_INFO"PPTP[%i]: release\n",opt->src_addr.call_id); 955#endif 956 957 sock_orphan(sk); 958 sock->sk = NULL; 959 960 release_sock(sk); 961 sock_put(sk); 962 963 return error; 964} 965 966 967#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 968static struct proto pptp_sk_proto = { 969 .name = "PPTP", 970 .owner = THIS_MODULE, 971 .obj_size = sizeof(struct pppox_sock), 972}; 973#endif 974 975static struct proto_ops pptp_ops = { 976 .family = AF_PPPOX, 977#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 978 .owner = THIS_MODULE, 979#endif 980 .release = pptp_release, 981 .bind = pptp_bind, 982 .connect = pptp_connect, 983 .socketpair = sock_no_socketpair, 984 .accept = sock_no_accept, 985 .getname = pptp_getname, 986 .poll = sock_no_poll, 987 .listen = sock_no_listen, 988 .shutdown = sock_no_shutdown, 989 .setsockopt = sock_no_setsockopt, 990 .getsockopt = sock_no_getsockopt, 991 .sendmsg = sock_no_sendmsg, 992 .recvmsg = sock_no_recvmsg, 993 .mmap = sock_no_mmap, 994#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) 995 .ioctl = pppox_ioctl, 996#endif 997}; 998 999 1000#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 1001static void pptp_sock_destruct(struct sock *sk) 1002{ 1003 skb_queue_purge(&sk->receive_queue); 1004 if (!(SK_STATE(sk) & PPPOX_DEAD)) { 1005 del_chan(pppox_sk(sk)); 1006 pppox_unbind_sock(sk); 1007 } 1008 if (sk->protinfo.destruct_hook) 1009 kfree(sk->protinfo.destruct_hook); 1010 1011 MOD_DEC_USE_COUNT; 1012} 1013 1014static int pptp_create(struct socket *sock) 1015{ 1016 int error = -ENOMEM; 1017 struct sock *sk; 1018 struct pppox_sock *po; 1019 struct pptp_opt *opt; 1020 1021 MOD_INC_USE_COUNT; 1022 1023 sk = sk_alloc(PF_PPPOX, GFP_KERNEL, 1); 1024 if (!sk) 1025 goto out; 1026 1027 sock_init_data(sock, sk); 1028 1029 sock->state = SS_UNCONNECTED; 1030 sock->ops = &pptp_ops; 1031 1032 //sk->sk_backlog_rcv = pppoe_rcv_core; 1033 sk->state = PPPOX_NONE; 1034 sk->type = SOCK_STREAM; 1035 sk->family = PF_PPPOX; 1036 sk->protocol = PX_PROTO_PPTP; 1037 1038 sk->protinfo.pppox=kzalloc(sizeof(struct pppox_sock),GFP_KERNEL); 1039 sk->destruct=pptp_sock_destruct; 1040 sk->protinfo.destruct_hook=sk->protinfo.pppox; 1041 1042 po = pppox_sk(sk); 1043 po->sk=sk; 1044 opt=&po->proto.pptp; 1045 1046 opt->seq_sent=0; opt->seq_recv=0; 1047 opt->ack_recv=0; opt->ack_sent=0; 1048 1049 error = 0; 1050out: 1051 return error; 1052} 1053#else 1054static void pptp_sock_destruct(struct sock *sk) 1055{ 1056 if (!(SK_STATE(sk) & PPPOX_DEAD)){ 1057 del_chan(pppox_sk(sk)); 1058 pppox_unbind_sock(sk); 1059 } 1060 skb_queue_purge(&sk->sk_receive_queue); 1061} 1062#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) 1063static int pptp_create(struct socket *sock) 1064#else 1065static int pptp_create(struct net *net, struct socket *sock) 1066#endif 1067{ 1068 int error = -ENOMEM; 1069 struct sock *sk; 1070 struct pppox_sock *po; 1071 struct pptp_opt *opt; 1072 1073#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) 1074 sk = sk_alloc(PF_PPPOX, GFP_KERNEL, &pptp_sk_proto, 1); 1075#else 1076 sk = sk_alloc(net,PF_PPPOX, GFP_KERNEL, &pptp_sk_proto); 1077#endif 1078 if (!sk) 1079 goto out; 1080 1081 sock_init_data(sock, sk); 1082 1083 sock->state = SS_UNCONNECTED; 1084 sock->ops = &pptp_ops; 1085 1086 sk->sk_backlog_rcv = pptp_rcv_core; 1087 sk->sk_state = PPPOX_NONE; 1088 sk->sk_type = SOCK_STREAM; 1089 sk->sk_family = PF_PPPOX; 1090 sk->sk_protocol = PX_PROTO_PPTP; 1091 sk->sk_destruct = pptp_sock_destruct; 1092 1093 po = pppox_sk(sk); 1094#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 1095 po->sk=sk; 1096#endif 1097 opt=&po->proto.pptp; 1098 1099 opt->seq_sent=0; opt->seq_recv=0; 1100 opt->ack_recv=0; opt->ack_sent=0; 1101 1102 error = 0; 1103out: 1104 return error; 1105} 1106#endif 1107 1108 1109static int pptp_ppp_ioctl(struct ppp_channel *chan, unsigned int cmd, 1110 unsigned long arg) 1111{ 1112 struct sock *sk = (struct sock *) chan->private; 1113 struct pppox_sock *po = pppox_sk(sk); 1114 struct pptp_opt *opt=&po->proto.pptp; 1115 void __user *argp = (void __user *)arg; 1116 int __user *p = argp; 1117 int err, val; 1118 1119 err = -EFAULT; 1120 switch (cmd) { 1121 case PPPIOCGFLAGS: 1122 val = opt->ppp_flags; 1123 if (put_user(val, p)) 1124 break; 1125 err = 0; 1126 break; 1127 case PPPIOCSFLAGS: 1128 if (get_user(val, p)) 1129 break; 1130 opt->ppp_flags = val & ~SC_RCV_BITS; 1131 err = 0; 1132 break; 1133 default: 1134 err = -ENOTTY; 1135 } 1136 1137 return err; 1138} 1139 1140 1141static struct pppox_proto pppox_pptp_proto = { 1142 .create = pptp_create, 1143#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15) 1144 .owner = THIS_MODULE, 1145#endif 1146}; 1147 1148#if defined(CONFIG_NET_IPGRE_DEMUX) || defined(CONFIG_NET_IPGRE_DEMUX_MODULE) 1149static struct gre_protocol gre_pptp_protocol = { 1150 .handler = pptp_rcv, 1151}; 1152#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 1153static struct inet_protocol net_pptp_protocol = { 1154 .handler = pptp_rcv, 1155 .protocol = IPPROTO_GRE, 1156 .name = "PPTP", 1157}; 1158#else 1159static struct net_protocol net_pptp_protocol = { 1160 .handler = pptp_rcv, 1161}; 1162#endif 1163 1164static int __init pptp_init_module(void) 1165{ 1166 int err=0; 1167 printk(KERN_INFO "PPTP driver version " PPTP_DRIVER_VERSION "\n"); 1168 1169#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 1170 callid_sock = __vmalloc((MAX_CALLID + 1) * sizeof(void *), 1171 GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL); 1172#else 1173 callid_sock = __vmalloc((MAX_CALLID + 1) * sizeof(void *), 1174 GFP_KERNEL, PAGE_KERNEL); 1175 memset(callid_sock, 0, (MAX_CALLID + 1) * sizeof(void *)); 1176#endif 1177 if (!callid_sock) { 1178 printk(KERN_ERR "PPTP: cann't allocate memory\n"); 1179 return -ENOMEM; 1180 } 1181 1182#if defined(CONFIG_NET_IPGRE_DEMUX) || defined(CONFIG_NET_IPGRE_DEMUX_MODULE) 1183 if (gre_add_protocol(&gre_pptp_protocol, GREPROTO_PPTP) < 0) { 1184 printk(KERN_INFO "PPTP: can't add protocol\n"); 1185 goto out_free_mem; 1186 } 1187#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 1188 inet_add_protocol(&net_pptp_protocol); 1189#else 1190 if (inet_add_protocol(&net_pptp_protocol, IPPROTO_GRE) < 0) { 1191 printk(KERN_INFO "PPTP: can't add protocol\n"); 1192 goto out_free_mem; 1193 } 1194#endif 1195 1196#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 1197 err = proto_register(&pptp_sk_proto, 0); 1198 if (err){ 1199 printk(KERN_INFO "PPTP: can't register sk_proto\n"); 1200 goto out_inet_del_protocol; 1201 } 1202#endif 1203 1204 err = register_pppox_proto(PX_PROTO_PPTP, &pppox_pptp_proto); 1205 if (err){ 1206 printk(KERN_INFO "PPTP: can't register pppox_proto\n"); 1207 goto out_unregister_sk_proto; 1208 } 1209 1210 return 0; 1211out_unregister_sk_proto: 1212#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 1213 proto_unregister(&pptp_sk_proto); 1214#endif 1215 1216#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 1217out_inet_del_protocol: 1218#endif 1219 1220#if defined(CONFIG_NET_IPGRE_DEMUX) || defined(CONFIG_NET_IPGRE_DEMUX_MODULE) 1221 gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 1222#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 1223 inet_del_protocol(&net_pptp_protocol); 1224#else 1225 inet_del_protocol(&net_pptp_protocol, IPPROTO_GRE); 1226#endif 1227out_free_mem: 1228 vfree(callid_sock); 1229 1230 return err; 1231} 1232 1233static void __exit pptp_exit_module(void) 1234{ 1235 unregister_pppox_proto(PX_PROTO_PPTP); 1236#if defined(CONFIG_NET_IPGRE_DEMUX) || defined(CONFIG_NET_IPGRE_DEMUX_MODULE) 1237#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) 1238 proto_unregister(&pptp_sk_proto); 1239#endif 1240 gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 1241#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 1242 inet_del_protocol(&net_pptp_protocol); 1243#else 1244 proto_unregister(&pptp_sk_proto); 1245 inet_del_protocol(&net_pptp_protocol, IPPROTO_GRE); 1246#endif 1247 vfree(callid_sock); 1248} 1249 1250module_init(pptp_init_module); 1251module_exit(pptp_exit_module); 1252 1253MODULE_DESCRIPTION("Point-to-Point Tunneling Protocol for Linux"); 1254MODULE_AUTHOR("Kozlov D. (xeb@mail.ru)"); 1255MODULE_LICENSE("GPL"); 1256 1257#ifdef DEBUG 1258#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 1259MODULE_PARM(log_level,"i"); 1260MODULE_PARM(log_packets,"i"); 1261#else 1262module_param(log_level,int,0); 1263module_param(log_packets,int,0); 1264#endif 1265MODULE_PARM_DESC(log_level,"Logging level (default=0)"); 1266#endif 1267