1/* Modified by Broadcom Corp. Portions Copyright (c) Broadcom Corp, 2012. */ 2/** -*- linux-c -*- *********************************************************** 3 * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets 4 * 5 * PPPoX --- Generic PPP encapsulation socket family 6 * PPPoE --- PPP over Ethernet (RFC 2516) 7 * 8 * 9 * Version: 0.7.0 10 * 11 * 070228 : Fix to allow multiple sessions with same remote MAC and same 12 * session id by including the local device ifindex in the 13 * tuple identifying a session. This also ensures packets can't 14 * be injected into a session from interfaces other than the one 15 * specified by userspace. Florian Zumbiehl <florz@florz.de> 16 * (Oh, BTW, this one is YYMMDD, in case you were wondering ...) 17 * 220102 : Fix module use count on failure in pppoe_create, pppox_sk -acme 18 * 030700 : Fixed connect logic to allow for disconnect. 19 * 270700 : Fixed potential SMP problems; we must protect against 20 * simultaneous invocation of ppp_input 21 * and ppp_unregister_channel. 22 * 040800 : Respect reference count mechanisms on net-devices. 23 * 200800 : fix kfree(skb) in pppoe_rcv (acme) 24 * Module reference count is decremented in the right spot now, 25 * guards against sock_put not actually freeing the sk 26 * in pppoe_release. 27 * 051000 : Initialization cleanup. 28 * 111100 : Fix recvmsg. 29 * 050101 : Fix PADT procesing. 30 * 140501 : Use pppoe_rcv_core to handle all backlog. (Alexey) 31 * 170701 : Do not lock_sock with rwlock held. (DaveM) 32 * Ignore discovery frames if user has socket 33 * locked. (DaveM) 34 * Ignore return value of dev_queue_xmit in __pppoe_xmit 35 * or else we may kfree an SKB twice. (DaveM) 36 * 190701 : When doing copies of skb's in __pppoe_xmit, always delete 37 * the original skb that was passed in on success, never on 38 * failure. Delete the copy of the skb on failure to avoid 39 * a memory leak. 40 * 081001 : Misc. cleanup (licence string, non-blocking, prevent 41 * reference of device on close). 42 * 121301 : New ppp channels interface; cannot unregister a channel 43 * from interrupts. Thus, we mark the socket as a ZOMBIE 44 * and do the unregistration later. 45 * 081002 : seq_file support for proc stuff -acme 46 * 111602 : Merge all 2.4 fixes into 2.5/2.6 tree. Label 2.5/2.6 47 * as version 0.7. Spacing cleanup. 48 * Author: Michal Ostrowski <mostrows@speakeasy.net> 49 * Contributors: 50 * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 51 * David S. Miller (davem@redhat.com) 52 * 53 * License: 54 * This program is free software; you can redistribute it and/or 55 * modify it under the terms of the GNU General Public License 56 * as published by the Free Software Foundation; either version 57 * 2 of the License, or (at your option) any later version. 58 * 59 */ 60 61#include <linux/string.h> 62#include <linux/module.h> 63#include <linux/kernel.h> 64#include <linux/slab.h> 65#include <linux/errno.h> 66#include <linux/netdevice.h> 67#include <linux/net.h> 68#include <linux/inetdevice.h> 69#include <linux/etherdevice.h> 70#include <linux/skbuff.h> 71#include <linux/init.h> 72#include <linux/if_ether.h> 73#include <linux/if_pppox.h> 74#include <linux/ppp_channel.h> 75#include <linux/ppp_defs.h> 76#include <linux/if_ppp.h> 77#include <linux/notifier.h> 78#include <linux/file.h> 79#include <linux/proc_fs.h> 80#include <linux/seq_file.h> 81 82#include <linux/nsproxy.h> 83#include <net/net_namespace.h> 84#include <net/netns/generic.h> 85#include <net/sock.h> 86 87#include <asm/uaccess.h> 88 89#ifdef HNDCTF 90#include <linux/if.h> 91#include <linux/if_vlan.h> 92#include <ctf/hndctf.h> 93#endif /* HNDCTF */ 94 95#define PPPOE_HASH_BITS 4 96#define PPPOE_HASH_SIZE (1 << PPPOE_HASH_BITS) 97#define PPPOE_HASH_MASK (PPPOE_HASH_SIZE - 1) 98 99static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb); 100 101static const struct proto_ops pppoe_ops; 102static const struct ppp_channel_ops pppoe_chan_ops; 103 104/* per-net private data for this module */ 105static int pppoe_net_id __read_mostly; 106struct pppoe_net { 107 /* 108 * we could use _single_ hash table for all 109 * nets by injecting net id into the hash but 110 * it would increase hash chains and add 111 * a few additional math comparations messy 112 * as well, moreover in case of SMP less locking 113 * controversy here 114 */ 115 struct pppox_sock *hash_table[PPPOE_HASH_SIZE]; 116 rwlock_t hash_lock; 117}; 118 119/* 120 * PPPoE could be in the following stages: 121 * 1) Discovery stage (to obtain remote MAC and Session ID) 122 * 2) Session stage (MAC and SID are known) 123 * 124 * Ethernet frames have a special tag for this but 125 * we use simplier approach based on session id 126 */ 127static inline bool stage_session(__be16 sid) 128{ 129 return sid != 0; 130} 131 132static inline struct pppoe_net *pppoe_pernet(struct net *net) 133{ 134 BUG_ON(!net); 135 136 return net_generic(net, pppoe_net_id); 137} 138 139static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b) 140{ 141 return a->sid == b->sid && !memcmp(a->remote, b->remote, ETH_ALEN); 142} 143 144static inline int cmp_addr(struct pppoe_addr *a, __be16 sid, char *addr) 145{ 146 return a->sid == sid && !memcmp(a->remote, addr, ETH_ALEN); 147} 148 149#if 8 % PPPOE_HASH_BITS 150#error 8 must be a multiple of PPPOE_HASH_BITS 151#endif 152 153static int hash_item(__be16 sid, unsigned char *addr) 154{ 155 unsigned char hash = 0; 156 unsigned int i; 157 158 for (i = 0; i < ETH_ALEN; i++) 159 hash ^= addr[i]; 160 for (i = 0; i < sizeof(sid_t) * 8; i += 8) 161 hash ^= (__force __u32)sid >> i; 162 for (i = 8; (i >>= 1) >= PPPOE_HASH_BITS;) 163 hash ^= hash >> i; 164 165 return hash & PPPOE_HASH_MASK; 166} 167 168/********************************************************************** 169 * 170 * Set/get/delete/rehash items (internal versions) 171 * 172 **********************************************************************/ 173static struct pppox_sock *__get_item(struct pppoe_net *pn, __be16 sid, 174 unsigned char *addr, int ifindex) 175{ 176 int hash = hash_item(sid, addr); 177 struct pppox_sock *ret; 178 179 ret = pn->hash_table[hash]; 180 while (ret) { 181 if (cmp_addr(&ret->pppoe_pa, sid, addr) && 182 ret->pppoe_ifindex == ifindex) 183 return ret; 184 185 ret = ret->next; 186 } 187 188 return NULL; 189} 190 191static int __set_item(struct pppoe_net *pn, struct pppox_sock *po) 192{ 193 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote); 194 struct pppox_sock *ret; 195 196 ret = pn->hash_table[hash]; 197 while (ret) { 198 if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && 199 ret->pppoe_ifindex == po->pppoe_ifindex) 200 return -EALREADY; 201 202 ret = ret->next; 203 } 204 205 po->next = pn->hash_table[hash]; 206 pn->hash_table[hash] = po; 207 208 return 0; 209} 210 211static struct pppox_sock *__delete_item(struct pppoe_net *pn, __be16 sid, 212 char *addr, int ifindex) 213{ 214 int hash = hash_item(sid, addr); 215 struct pppox_sock *ret, **src; 216 217 ret = pn->hash_table[hash]; 218 src = &pn->hash_table[hash]; 219 220 while (ret) { 221 if (cmp_addr(&ret->pppoe_pa, sid, addr) && 222 ret->pppoe_ifindex == ifindex) { 223 *src = ret->next; 224 break; 225 } 226 227 src = &ret->next; 228 ret = ret->next; 229 } 230 231 return ret; 232} 233 234/********************************************************************** 235 * 236 * Set/get/delete/rehash items 237 * 238 **********************************************************************/ 239static inline struct pppox_sock *get_item(struct pppoe_net *pn, __be16 sid, 240 unsigned char *addr, int ifindex) 241{ 242 struct pppox_sock *po; 243 244 read_lock_bh(&pn->hash_lock); 245 po = __get_item(pn, sid, addr, ifindex); 246 if (po) 247 sock_hold(sk_pppox(po)); 248 read_unlock_bh(&pn->hash_lock); 249 250 return po; 251} 252 253static inline struct pppox_sock *get_item_by_addr(struct net *net, 254 struct sockaddr_pppox *sp) 255{ 256 struct net_device *dev; 257 struct pppoe_net *pn; 258 struct pppox_sock *pppox_sock = NULL; 259 260 int ifindex; 261 262 rcu_read_lock(); 263 dev = dev_get_by_name_rcu(net, sp->sa_addr.pppoe.dev); 264 if (dev) { 265 ifindex = dev->ifindex; 266 pn = pppoe_pernet(net); 267 pppox_sock = get_item(pn, sp->sa_addr.pppoe.sid, 268 sp->sa_addr.pppoe.remote, ifindex); 269 } 270 rcu_read_unlock(); 271 return pppox_sock; 272} 273 274static inline struct pppox_sock *delete_item(struct pppoe_net *pn, __be16 sid, 275 char *addr, int ifindex) 276{ 277 struct pppox_sock *ret; 278 279 write_lock_bh(&pn->hash_lock); 280 ret = __delete_item(pn, sid, addr, ifindex); 281 write_unlock_bh(&pn->hash_lock); 282 283 return ret; 284} 285 286/*************************************************************************** 287 * 288 * Handler for device events. 289 * Certain device events require that sockets be unconnected. 290 * 291 **************************************************************************/ 292 293static void pppoe_flush_dev(struct net_device *dev) 294{ 295 struct pppoe_net *pn; 296 int i; 297 298 pn = pppoe_pernet(dev_net(dev)); 299 write_lock_bh(&pn->hash_lock); 300 for (i = 0; i < PPPOE_HASH_SIZE; i++) { 301 struct pppox_sock *po = pn->hash_table[i]; 302 struct sock *sk; 303 304 while (po) { 305 while (po && po->pppoe_dev != dev) { 306 po = po->next; 307 } 308 309 if (!po) 310 break; 311 312 sk = sk_pppox(po); 313 314 /* We always grab the socket lock, followed by the 315 * hash_lock, in that order. Since we should hold the 316 * sock lock while doing any unbinding, we need to 317 * release the lock we're holding. Hold a reference to 318 * the sock so it doesn't disappear as we're jumping 319 * between locks. 320 */ 321 322 sock_hold(sk); 323 write_unlock_bh(&pn->hash_lock); 324 lock_sock(sk); 325 326 if (po->pppoe_dev == dev && 327 sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) { 328 pppox_unbind_sock(sk); 329 sk->sk_state = PPPOX_ZOMBIE; 330 sk->sk_state_change(sk); 331 po->pppoe_dev = NULL; 332 dev_put(dev); 333 } 334 335 release_sock(sk); 336 sock_put(sk); 337 338 /* Restart the process from the start of the current 339 * hash chain. We dropped locks so the world may have 340 * change from underneath us. 341 */ 342 343 BUG_ON(pppoe_pernet(dev_net(dev)) == NULL); 344 write_lock_bh(&pn->hash_lock); 345 po = pn->hash_table[i]; 346 } 347 } 348 write_unlock_bh(&pn->hash_lock); 349} 350 351static int pppoe_device_event(struct notifier_block *this, 352 unsigned long event, void *ptr) 353{ 354 struct net_device *dev = (struct net_device *)ptr; 355 356 /* Only look at sockets that are using this specific device. */ 357 switch (event) { 358 case NETDEV_CHANGEMTU: 359 /* A change in mtu is a bad thing, requiring 360 * LCP re-negotiation. 361 */ 362 363 case NETDEV_GOING_DOWN: 364 case NETDEV_DOWN: 365 /* Find every socket on this device and kill it. */ 366 pppoe_flush_dev(dev); 367 break; 368 369 default: 370 break; 371 } 372 373 return NOTIFY_DONE; 374} 375 376static struct notifier_block pppoe_notifier = { 377 .notifier_call = pppoe_device_event, 378}; 379 380/************************************************************************ 381 * 382 * Do the real work of receiving a PPPoE Session frame. 383 * 384 ***********************************************************************/ 385static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb) 386{ 387 struct pppox_sock *po = pppox_sk(sk); 388 struct pppox_sock *relay_po; 389 390 /* Backlog receive. Semantics of backlog rcv preclude any code from 391 * executing in lock_sock()/release_sock() bounds; meaning sk->sk_state 392 * can't change. 393 */ 394 395 if (sk->sk_state & PPPOX_BOUND) { 396 ppp_input(&po->chan, skb); 397 } else if (sk->sk_state & PPPOX_RELAY) { 398 relay_po = get_item_by_addr(sock_net(sk), 399 &po->pppoe_relay); 400 if (relay_po == NULL) 401 goto abort_kfree; 402 403 if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == 0) 404 goto abort_put; 405 406 if (!__pppoe_xmit(sk_pppox(relay_po), skb)) 407 goto abort_put; 408 } else { 409 if (sock_queue_rcv_skb(sk, skb)) 410 goto abort_kfree; 411 } 412 413 return NET_RX_SUCCESS; 414 415abort_put: 416 sock_put(sk_pppox(relay_po)); 417 418abort_kfree: 419 kfree_skb(skb); 420 return NET_RX_DROP; 421} 422 423/************************************************************************ 424 * 425 * Receive wrapper called in BH context. 426 * 427 ***********************************************************************/ 428static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev, 429 struct packet_type *pt, struct net_device *orig_dev) 430{ 431 struct pppoe_hdr *ph; 432 struct pppox_sock *po; 433 struct pppoe_net *pn; 434 int len; 435 436 skb = skb_share_check(skb, GFP_ATOMIC); 437 if (!skb) 438 goto out; 439 440 if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) 441 goto drop; 442 443 ph = pppoe_hdr(skb); 444 len = ntohs(ph->length); 445 446 skb_pull_rcsum(skb, sizeof(*ph)); 447 if (skb->len < len) 448 goto drop; 449 450 if (pskb_trim_rcsum(skb, len)) 451 goto drop; 452 453 pn = pppoe_pernet(dev_net(dev)); 454 455 /* Note that get_item does a sock_hold(), so sk_pppox(po) 456 * is known to be safe. 457 */ 458 po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex); 459 if (!po) 460 goto drop; 461 462#if defined(HNDCTF) && defined(CTF_PPPOE) 463 /* Populate our cb array with values stating skb is pppoe rx 464 * skb and has pppoe sid. 465 */ 466 if (CTF_ENAB(kcih)) { 467 skb->ctf_pppoe_cb[0] = 1; 468 skb->ctf_pppoe_cb[1] = 0; 469 *(__be16 *)&skb->ctf_pppoe_cb[2] = ph->sid; 470 } 471#endif 472 473 return sk_receive_skb(sk_pppox(po), skb, 0); 474 475drop: 476 kfree_skb(skb); 477out: 478 return NET_RX_DROP; 479} 480 481/************************************************************************ 482 * 483 * Receive a PPPoE Discovery frame. 484 * This is solely for detection of PADT frames 485 * 486 ***********************************************************************/ 487static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev, 488 struct packet_type *pt, struct net_device *orig_dev) 489 490{ 491 struct pppoe_hdr *ph; 492 struct pppox_sock *po; 493 struct pppoe_net *pn; 494 495 skb = skb_share_check(skb, GFP_ATOMIC); 496 if (!skb) 497 goto out; 498 499 if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) 500 goto abort; 501 502 ph = pppoe_hdr(skb); 503 if (ph->code != PADT_CODE) 504 goto abort; 505 506 /* Ignore PADT packets whose destination address isn't ours */ 507 if (memcmp(eth_hdr(skb)->h_dest, dev->dev_addr, ETH_ALEN)) 508 goto abort; 509 510 pn = pppoe_pernet(dev_net(dev)); 511 po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex); 512 if (po) { 513 struct sock *sk = sk_pppox(po); 514 515 bh_lock_sock(sk); 516 517 /* If the user has locked the socket, just ignore 518 * the packet. With the way two rcv protocols hook into 519 * one socket family type, we cannot (easily) distinguish 520 * what kind of SKB it is during backlog rcv. 521 */ 522 if (sock_owned_by_user(sk) == 0) { 523 /* We're no longer connect at the PPPOE layer, 524 * and must wait for ppp channel to disconnect us. 525 */ 526 sk->sk_state = PPPOX_ZOMBIE; 527 } 528 529 bh_unlock_sock(sk); 530 sock_put(sk); 531 } 532 533abort: 534 kfree_skb(skb); 535out: 536 return NET_RX_SUCCESS; /* Lies... :-) */ 537} 538 539static struct packet_type pppoes_ptype __read_mostly = { 540 .type = cpu_to_be16(ETH_P_PPP_SES), 541 .func = pppoe_rcv, 542}; 543 544static struct packet_type pppoed_ptype __read_mostly = { 545 .type = cpu_to_be16(ETH_P_PPP_DISC), 546 .func = pppoe_disc_rcv, 547}; 548 549static struct proto pppoe_sk_proto __read_mostly = { 550 .name = "PPPOE", 551 .owner = THIS_MODULE, 552 .obj_size = sizeof(struct pppox_sock), 553}; 554 555/*********************************************************************** 556 * 557 * Initialize a new struct sock. 558 * 559 **********************************************************************/ 560static int pppoe_create(struct net *net, struct socket *sock) 561{ 562 struct sock *sk; 563 564 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto); 565 if (!sk) 566 return -ENOMEM; 567 568 sock_init_data(sock, sk); 569 570 sock->state = SS_UNCONNECTED; 571 sock->ops = &pppoe_ops; 572 573 sk->sk_backlog_rcv = pppoe_rcv_core; 574 sk->sk_state = PPPOX_NONE; 575 sk->sk_type = SOCK_STREAM; 576 sk->sk_family = PF_PPPOX; 577 sk->sk_protocol = PX_PROTO_OE; 578 579 return 0; 580} 581 582static int pppoe_release(struct socket *sock) 583{ 584 struct sock *sk = sock->sk; 585 struct pppox_sock *po; 586 struct pppoe_net *pn; 587 struct net *net = NULL; 588 589 if (!sk) 590 return 0; 591 592 lock_sock(sk); 593 if (sock_flag(sk, SOCK_DEAD)) { 594 release_sock(sk); 595 return -EBADF; 596 } 597 598 po = pppox_sk(sk); 599 600 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) { 601 dev_put(po->pppoe_dev); 602 po->pppoe_dev = NULL; 603 } 604 605 pppox_unbind_sock(sk); 606 607 /* Signal the death of the socket. */ 608 sk->sk_state = PPPOX_DEAD; 609 610 net = sock_net(sk); 611 pn = pppoe_pernet(net); 612 613 /* 614 * protect "po" from concurrent updates 615 * on pppoe_flush_dev 616 */ 617 delete_item(pn, po->pppoe_pa.sid, po->pppoe_pa.remote, 618 po->pppoe_ifindex); 619 620 sock_orphan(sk); 621 sock->sk = NULL; 622 623 skb_queue_purge(&sk->sk_receive_queue); 624 release_sock(sk); 625 sock_put(sk); 626 627 return 0; 628} 629 630static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, 631 int sockaddr_len, int flags) 632{ 633 struct sock *sk = sock->sk; 634 struct sockaddr_pppox *sp = (struct sockaddr_pppox *)uservaddr; 635 struct pppox_sock *po = pppox_sk(sk); 636 struct net_device *dev = NULL; 637 struct pppoe_net *pn; 638 struct net *net = NULL; 639 int error; 640 641 lock_sock(sk); 642 643 error = -EINVAL; 644 if (sp->sa_protocol != PX_PROTO_OE) 645 goto end; 646 647 /* Check for already bound sockets */ 648 error = -EBUSY; 649 if ((sk->sk_state & PPPOX_CONNECTED) && 650 stage_session(sp->sa_addr.pppoe.sid)) 651 goto end; 652 653 /* Check for already disconnected sockets, on attempts to disconnect */ 654 error = -EALREADY; 655 if ((sk->sk_state & PPPOX_DEAD) && 656 !stage_session(sp->sa_addr.pppoe.sid)) 657 goto end; 658 659 error = 0; 660 661 /* Delete the old binding */ 662 if (stage_session(po->pppoe_pa.sid)) { 663 pppox_unbind_sock(sk); 664 pn = pppoe_pernet(sock_net(sk)); 665 delete_item(pn, po->pppoe_pa.sid, 666 po->pppoe_pa.remote, po->pppoe_ifindex); 667 if (po->pppoe_dev) { 668 dev_put(po->pppoe_dev); 669 po->pppoe_dev = NULL; 670 } 671 672 memset(sk_pppox(po) + 1, 0, 673 sizeof(struct pppox_sock) - sizeof(struct sock)); 674 sk->sk_state = PPPOX_NONE; 675 } 676 677 /* Re-bind in session stage only */ 678 if (stage_session(sp->sa_addr.pppoe.sid)) { 679 error = -ENODEV; 680 net = sock_net(sk); 681 dev = dev_get_by_name(net, sp->sa_addr.pppoe.dev); 682 if (!dev) 683 goto err_put; 684 685 po->pppoe_dev = dev; 686 po->pppoe_ifindex = dev->ifindex; 687 pn = pppoe_pernet(net); 688 if (!(dev->flags & IFF_UP)) { 689 goto err_put; 690 } 691 692 memcpy(&po->pppoe_pa, 693 &sp->sa_addr.pppoe, 694 sizeof(struct pppoe_addr)); 695 696 write_lock_bh(&pn->hash_lock); 697 error = __set_item(pn, po); 698 write_unlock_bh(&pn->hash_lock); 699 if (error < 0) 700 goto err_put; 701 702 po->chan.hdrlen = (sizeof(struct pppoe_hdr) + 703 dev->hard_header_len); 704 705 po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr); 706 po->chan.private = sk; 707 po->chan.ops = &pppoe_chan_ops; 708 709 error = ppp_register_net_channel(dev_net(dev), &po->chan); 710 if (error) { 711 delete_item(pn, po->pppoe_pa.sid, 712 po->pppoe_pa.remote, po->pppoe_ifindex); 713 goto err_put; 714 } 715 716 sk->sk_state = PPPOX_CONNECTED; 717 } 718 719 po->num = sp->sa_addr.pppoe.sid; 720 721end: 722 release_sock(sk); 723 return error; 724err_put: 725 if (po->pppoe_dev) { 726 dev_put(po->pppoe_dev); 727 po->pppoe_dev = NULL; 728 } 729 goto end; 730} 731 732static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr, 733 int *usockaddr_len, int peer) 734{ 735 int len = sizeof(struct sockaddr_pppox); 736 struct sockaddr_pppox sp; 737 738 sp.sa_family = AF_PPPOX; 739 sp.sa_protocol = PX_PROTO_OE; 740 memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa, 741 sizeof(struct pppoe_addr)); 742 743 memcpy(uaddr, &sp, len); 744 745 *usockaddr_len = len; 746 747 return 0; 748} 749 750static int pppoe_ioctl(struct socket *sock, unsigned int cmd, 751 unsigned long arg) 752{ 753 struct sock *sk = sock->sk; 754 struct pppox_sock *po = pppox_sk(sk); 755 int val; 756 int err; 757 758 switch (cmd) { 759 case PPPIOCGMRU: 760 err = -ENXIO; 761 if (!(sk->sk_state & PPPOX_CONNECTED)) 762 break; 763 764 err = -EFAULT; 765 if (put_user(po->pppoe_dev->mtu - 766 sizeof(struct pppoe_hdr) - 767 PPP_HDRLEN, 768 (int __user *)arg)) 769 break; 770 err = 0; 771 break; 772 773 case PPPIOCSMRU: 774 err = -ENXIO; 775 if (!(sk->sk_state & PPPOX_CONNECTED)) 776 break; 777 778 err = -EFAULT; 779 if (get_user(val, (int __user *)arg)) 780 break; 781 782 if (val < (po->pppoe_dev->mtu 783 - sizeof(struct pppoe_hdr) 784 - PPP_HDRLEN)) 785 err = 0; 786 else 787 err = -EINVAL; 788 break; 789 790 case PPPIOCSFLAGS: 791 err = -EFAULT; 792 if (get_user(val, (int __user *)arg)) 793 break; 794 err = 0; 795 break; 796 797 case PPPOEIOCSFWD: 798 { 799 struct pppox_sock *relay_po; 800 801 err = -EBUSY; 802 if (sk->sk_state & (PPPOX_BOUND | PPPOX_ZOMBIE | PPPOX_DEAD)) 803 break; 804 805 err = -ENOTCONN; 806 if (!(sk->sk_state & PPPOX_CONNECTED)) 807 break; 808 809 /* PPPoE address from the user specifies an outbound 810 PPPoE address which frames are forwarded to */ 811 err = -EFAULT; 812 if (copy_from_user(&po->pppoe_relay, 813 (void __user *)arg, 814 sizeof(struct sockaddr_pppox))) 815 break; 816 817 err = -EINVAL; 818 if (po->pppoe_relay.sa_family != AF_PPPOX || 819 po->pppoe_relay.sa_protocol != PX_PROTO_OE) 820 break; 821 822 /* Check that the socket referenced by the address 823 actually exists. */ 824 relay_po = get_item_by_addr(sock_net(sk), &po->pppoe_relay); 825 if (!relay_po) 826 break; 827 828 sock_put(sk_pppox(relay_po)); 829 sk->sk_state |= PPPOX_RELAY; 830 err = 0; 831 break; 832 } 833 834 case PPPOEIOCDFWD: 835 err = -EALREADY; 836 if (!(sk->sk_state & PPPOX_RELAY)) 837 break; 838 839 sk->sk_state &= ~PPPOX_RELAY; 840 err = 0; 841 break; 842 843 default: 844 err = -ENOTTY; 845 } 846 847 return err; 848} 849 850static int pppoe_sendmsg(struct kiocb *iocb, struct socket *sock, 851 struct msghdr *m, size_t total_len) 852{ 853 struct sk_buff *skb; 854 struct sock *sk = sock->sk; 855 struct pppox_sock *po = pppox_sk(sk); 856 int error; 857 struct pppoe_hdr hdr; 858 struct pppoe_hdr *ph; 859 struct net_device *dev; 860 char *start; 861 862 lock_sock(sk); 863 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) { 864 error = -ENOTCONN; 865 goto end; 866 } 867 868 hdr.ver = 1; 869 hdr.type = 1; 870 hdr.code = 0; 871 hdr.sid = po->num; 872 873 dev = po->pppoe_dev; 874 875 error = -EMSGSIZE; 876 if (total_len > (dev->mtu + dev->hard_header_len)) 877 goto end; 878 879 880 skb = sock_wmalloc(sk, total_len + dev->hard_header_len + 32, 881 0, GFP_KERNEL); 882 if (!skb) { 883 error = -ENOMEM; 884 goto end; 885 } 886 887 /* Reserve space for headers. */ 888 skb_reserve(skb, dev->hard_header_len); 889 skb_reset_network_header(skb); 890 891 skb->dev = dev; 892 893 skb->priority = sk->sk_priority; 894 skb->protocol = cpu_to_be16(ETH_P_PPP_SES); 895 896 ph = (struct pppoe_hdr *)skb_put(skb, total_len + sizeof(struct pppoe_hdr)); 897 start = (char *)&ph->tag[0]; 898 899 error = memcpy_fromiovec(start, m->msg_iov, total_len); 900 if (error < 0) { 901 kfree_skb(skb); 902 goto end; 903 } 904 905 error = total_len; 906 dev_hard_header(skb, dev, ETH_P_PPP_SES, 907 po->pppoe_pa.remote, NULL, total_len); 908 909 memcpy(ph, &hdr, sizeof(struct pppoe_hdr)); 910 911 ph->length = htons(total_len); 912 913 dev_queue_xmit(skb); 914 915end: 916 release_sock(sk); 917 return error; 918} 919 920/************************************************************************ 921 * 922 * xmit function for internal use. 923 * 924 ***********************************************************************/ 925static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb) 926{ 927 struct pppox_sock *po = pppox_sk(sk); 928 struct net_device *dev = po->pppoe_dev; 929 struct pppoe_hdr *ph; 930 int data_len = skb->len; 931 932 /* The higher-level PPP code (ppp_unregister_channel()) ensures the PPP 933 * xmit operations conclude prior to an unregistration call. Thus 934 * sk->sk_state cannot change, so we don't need to do lock_sock(). 935 * But, we also can't do a lock_sock since that introduces a potential 936 * deadlock as we'd reverse the lock ordering used when calling 937 * ppp_unregister_channel(). 938 */ 939 940 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) 941 goto abort; 942 943 if (!dev) 944 goto abort; 945 946 /* Copy the data if there is no space for the header or if it's 947 * read-only. 948 */ 949 if (skb_cow_head(skb, sizeof(*ph) + dev->hard_header_len)) 950 goto abort; 951 952 __skb_push(skb, sizeof(*ph)); 953 skb_reset_network_header(skb); 954 955 ph = pppoe_hdr(skb); 956 ph->ver = 1; 957 ph->type = 1; 958 ph->code = 0; 959 ph->sid = po->num; 960 ph->length = htons(data_len); 961 962 skb->protocol = cpu_to_be16(ETH_P_PPP_SES); 963 skb->dev = dev; 964 965#if defined(HNDCTF) && defined(CTF_PPPOE) 966 /* Need to populate the ipct members with pppoe sid and real tx interface */ 967 if (CTF_ENAB(kcih) && (skb->ctf_pppoe_cb[0] == 2)) { 968 ctf_ipc_t *ipc; 969 ipc = (ctf_ipc_t *)(*(uint32 *)&skb->ctf_pppoe_cb[4]); 970 if (ipc != NULL) { 971 if (dev->priv_flags & IFF_802_1Q_VLAN) { 972 ipc->txif = (void *)vlan_dev_real_dev(dev); 973 ipc->vid = vlan_dev_vlan_id(dev); 974 ipc->action |= ((vlan_dev_vlan_flags(dev) & 1) ? 975 CTF_ACTION_TAG : CTF_ACTION_UNTAG); 976 } else { 977 ipc->txif = dev; 978 ipc->action |= CTF_ACTION_UNTAG; 979 } 980 ipc->pppoe_sid = ph->sid; 981 memcpy(ipc->dhost.octet, po->pppoe_pa.remote, ETH_ALEN); 982 memcpy(ipc->shost.octet, dev->dev_addr, ETH_ALEN); 983 } 984 } 985#endif /* HNDCTF && CTF_PPPOE */ 986 987 dev_hard_header(skb, dev, ETH_P_PPP_SES, 988 po->pppoe_pa.remote, NULL, data_len); 989 990 dev_queue_xmit(skb); 991 return 1; 992 993abort: 994 kfree_skb(skb); 995 return 1; 996} 997 998/************************************************************************ 999 * 1000 * xmit function called by generic PPP driver 1001 * sends PPP frame over PPPoE socket 1002 * 1003 ***********************************************************************/ 1004static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb) 1005{ 1006 struct sock *sk = (struct sock *)chan->private; 1007 return __pppoe_xmit(sk, skb); 1008} 1009 1010static const struct ppp_channel_ops pppoe_chan_ops = { 1011 .start_xmit = pppoe_xmit, 1012}; 1013 1014static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock, 1015 struct msghdr *m, size_t total_len, int flags) 1016{ 1017 struct sock *sk = sock->sk; 1018 struct sk_buff *skb; 1019 int error = 0; 1020 1021 if (sk->sk_state & PPPOX_BOUND) { 1022 error = -EIO; 1023 goto end; 1024 } 1025 1026 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 1027 flags & MSG_DONTWAIT, &error); 1028 if (error < 0) 1029 goto end; 1030 1031 m->msg_namelen = 0; 1032 1033 if (skb) { 1034 total_len = min_t(size_t, total_len, skb->len); 1035 error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); 1036 if (error == 0) 1037 error = total_len; 1038 } 1039 1040 kfree_skb(skb); 1041end: 1042 return error; 1043} 1044 1045#ifdef CONFIG_PROC_FS 1046static int pppoe_seq_show(struct seq_file *seq, void *v) 1047{ 1048 struct pppox_sock *po; 1049 char *dev_name; 1050 1051 if (v == SEQ_START_TOKEN) { 1052 seq_puts(seq, "Id Address Device\n"); 1053 goto out; 1054 } 1055 1056 po = v; 1057 dev_name = po->pppoe_pa.dev; 1058 1059 seq_printf(seq, "%08X %pM %8s\n", 1060 po->pppoe_pa.sid, po->pppoe_pa.remote, dev_name); 1061out: 1062 return 0; 1063} 1064 1065static inline struct pppox_sock *pppoe_get_idx(struct pppoe_net *pn, loff_t pos) 1066{ 1067 struct pppox_sock *po; 1068 int i; 1069 1070 for (i = 0; i < PPPOE_HASH_SIZE; i++) { 1071 po = pn->hash_table[i]; 1072 while (po) { 1073 if (!pos--) 1074 goto out; 1075 po = po->next; 1076 } 1077 } 1078 1079out: 1080 return po; 1081} 1082 1083static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos) 1084 __acquires(pn->hash_lock) 1085{ 1086 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq)); 1087 loff_t l = *pos; 1088 1089 read_lock_bh(&pn->hash_lock); 1090 return l ? pppoe_get_idx(pn, --l) : SEQ_START_TOKEN; 1091} 1092 1093static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1094{ 1095 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq)); 1096 struct pppox_sock *po; 1097 1098 ++*pos; 1099 if (v == SEQ_START_TOKEN) { 1100 po = pppoe_get_idx(pn, 0); 1101 goto out; 1102 } 1103 po = v; 1104 if (po->next) 1105 po = po->next; 1106 else { 1107 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote); 1108 1109 po = NULL; 1110 while (++hash < PPPOE_HASH_SIZE) { 1111 po = pn->hash_table[hash]; 1112 if (po) 1113 break; 1114 } 1115 } 1116 1117out: 1118 return po; 1119} 1120 1121static void pppoe_seq_stop(struct seq_file *seq, void *v) 1122 __releases(pn->hash_lock) 1123{ 1124 struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq)); 1125 read_unlock_bh(&pn->hash_lock); 1126} 1127 1128static const struct seq_operations pppoe_seq_ops = { 1129 .start = pppoe_seq_start, 1130 .next = pppoe_seq_next, 1131 .stop = pppoe_seq_stop, 1132 .show = pppoe_seq_show, 1133}; 1134 1135static int pppoe_seq_open(struct inode *inode, struct file *file) 1136{ 1137 return seq_open_net(inode, file, &pppoe_seq_ops, 1138 sizeof(struct seq_net_private)); 1139} 1140 1141static const struct file_operations pppoe_seq_fops = { 1142 .owner = THIS_MODULE, 1143 .open = pppoe_seq_open, 1144 .read = seq_read, 1145 .llseek = seq_lseek, 1146 .release = seq_release_net, 1147}; 1148 1149#endif /* CONFIG_PROC_FS */ 1150 1151static const struct proto_ops pppoe_ops = { 1152 .family = AF_PPPOX, 1153 .owner = THIS_MODULE, 1154 .release = pppoe_release, 1155 .bind = sock_no_bind, 1156 .connect = pppoe_connect, 1157 .socketpair = sock_no_socketpair, 1158 .accept = sock_no_accept, 1159 .getname = pppoe_getname, 1160 .poll = datagram_poll, 1161 .listen = sock_no_listen, 1162 .shutdown = sock_no_shutdown, 1163 .setsockopt = sock_no_setsockopt, 1164 .getsockopt = sock_no_getsockopt, 1165 .sendmsg = pppoe_sendmsg, 1166 .recvmsg = pppoe_recvmsg, 1167 .mmap = sock_no_mmap, 1168 .ioctl = pppox_ioctl, 1169}; 1170 1171static struct pppox_proto pppoe_proto = { 1172 .create = pppoe_create, 1173 .ioctl = pppoe_ioctl, 1174 .owner = THIS_MODULE, 1175}; 1176 1177static __net_init int pppoe_init_net(struct net *net) 1178{ 1179 struct pppoe_net *pn = pppoe_pernet(net); 1180 struct proc_dir_entry *pde; 1181 1182 rwlock_init(&pn->hash_lock); 1183 1184 pde = proc_net_fops_create(net, "pppoe", S_IRUGO, &pppoe_seq_fops); 1185#ifdef CONFIG_PROC_FS 1186 if (!pde) 1187 return -ENOMEM; 1188#endif 1189 1190 return 0; 1191} 1192 1193static __net_exit void pppoe_exit_net(struct net *net) 1194{ 1195 proc_net_remove(net, "pppoe"); 1196} 1197 1198static struct pernet_operations pppoe_net_ops = { 1199 .init = pppoe_init_net, 1200 .exit = pppoe_exit_net, 1201 .id = &pppoe_net_id, 1202 .size = sizeof(struct pppoe_net), 1203}; 1204 1205static int __init pppoe_init(void) 1206{ 1207 int err; 1208 1209 err = register_pernet_device(&pppoe_net_ops); 1210 if (err) 1211 goto out; 1212 1213 err = proto_register(&pppoe_sk_proto, 0); 1214 if (err) 1215 goto out_unregister_net_ops; 1216 1217 err = register_pppox_proto(PX_PROTO_OE, &pppoe_proto); 1218 if (err) 1219 goto out_unregister_pppoe_proto; 1220 1221 dev_add_pack(&pppoes_ptype); 1222 dev_add_pack(&pppoed_ptype); 1223 register_netdevice_notifier(&pppoe_notifier); 1224 1225 return 0; 1226 1227out_unregister_pppoe_proto: 1228 proto_unregister(&pppoe_sk_proto); 1229out_unregister_net_ops: 1230 unregister_pernet_device(&pppoe_net_ops); 1231out: 1232 return err; 1233} 1234 1235static void __exit pppoe_exit(void) 1236{ 1237 unregister_netdevice_notifier(&pppoe_notifier); 1238 dev_remove_pack(&pppoed_ptype); 1239 dev_remove_pack(&pppoes_ptype); 1240 unregister_pppox_proto(PX_PROTO_OE); 1241 proto_unregister(&pppoe_sk_proto); 1242 unregister_pernet_device(&pppoe_net_ops); 1243} 1244 1245module_init(pppoe_init); 1246module_exit(pppoe_exit); 1247 1248MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>"); 1249MODULE_DESCRIPTION("PPP over Ethernet driver"); 1250MODULE_LICENSE("GPL"); 1251MODULE_ALIAS_NETPROTO(PF_PPPOX); 1252