1 /*
2 * L2TP core.
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * This file contains some code of the original L2TPv2 pppol2tp
7 * driver, which has the following copyright:
8 *
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2 as
18 * published by the Free Software Foundation.
19 */
20
21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
22
23 #include <linux/module.h>
24 #include <linux/string.h>
25 #include <linux/list.h>
26 #include <linux/rculist.h>
27 #include <linux/uaccess.h>
28
29 #include <linux/kernel.h>
30 #include <linux/spinlock.h>
31 #include <linux/kthread.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/errno.h>
35 #include <linux/jiffies.h>
36
37 #include <linux/netdevice.h>
38 #include <linux/net.h>
39 #include <linux/inetdevice.h>
40 #include <linux/skbuff.h>
41 #include <linux/init.h>
42 #include <linux/in.h>
43 #include <linux/ip.h>
44 #include <linux/udp.h>
45 #include <linux/l2tp.h>
46 #include <linux/hash.h>
47 #include <linux/sort.h>
48 #include <linux/file.h>
49 #include <linux/nsproxy.h>
50 #include <net/net_namespace.h>
51 #include <net/netns/generic.h>
52 #include <net/dst.h>
53 #include <net/ip.h>
54 #include <net/udp.h>
55 #include <net/udp_tunnel.h>
56 #include <net/inet_common.h>
57 #include <net/xfrm.h>
58 #include <net/protocol.h>
59 #include <net/inet6_connection_sock.h>
60 #include <net/inet_ecn.h>
61 #include <net/ip6_route.h>
62 #include <net/ip6_checksum.h>
63
64 #include <asm/byteorder.h>
65 #include <linux/atomic.h>
66
67 #include "l2tp_core.h"
68
69 #define L2TP_DRV_VERSION "V2.0"
70
71 /* L2TP header constants */
72 #define L2TP_HDRFLAG_T 0x8000
73 #define L2TP_HDRFLAG_L 0x4000
74 #define L2TP_HDRFLAG_S 0x0800
75 #define L2TP_HDRFLAG_O 0x0200
76 #define L2TP_HDRFLAG_P 0x0100
77
78 #define L2TP_HDR_VER_MASK 0x000F
79 #define L2TP_HDR_VER_2 0x0002
80 #define L2TP_HDR_VER_3 0x0003
81
82 /* L2TPv3 default L2-specific sublayer */
83 #define L2TP_SLFLAG_S 0x40000000
84 #define L2TP_SL_SEQ_MASK 0x00ffffff
85
86 #define L2TP_HDR_SIZE_SEQ 10
87 #define L2TP_HDR_SIZE_NOSEQ 6
88
89 /* Default trace flags */
90 #define L2TP_DEFAULT_DEBUG_FLAGS 0
91
92 /* Private data stored for received packets in the skb.
93 */
94 struct l2tp_skb_cb {
95 u32 ns;
96 u16 has_seq;
97 u16 length;
98 unsigned long expires;
99 };
100
101 #define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
102
103 static atomic_t l2tp_tunnel_count;
104 static atomic_t l2tp_session_count;
105 static struct workqueue_struct *l2tp_wq;
106
107 /* per-net private data for this module */
108 static unsigned int l2tp_net_id;
109 struct l2tp_net {
110 struct list_head l2tp_tunnel_list;
111 spinlock_t l2tp_tunnel_list_lock;
112 struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
113 spinlock_t l2tp_session_hlist_lock;
114 };
115
116 static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel);
117
118 static inline struct l2tp_tunnel *l2tp_tunnel(struct sock *sk)
119 {
120 return sk->sk_user_data;
121 }
122
123 static inline struct l2tp_net *l2tp_pernet(struct net *net)
124 {
125 BUG_ON(!net);
126
127 return net_generic(net, l2tp_net_id);
128 }
129
130 /* Tunnel reference counts. Incremented per session that is added to
131 * the tunnel.
132 */
133 static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel)
134 {
135 atomic_inc(&tunnel->ref_count);
136 }
137
138 static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel)
139 {
140 if (atomic_dec_and_test(&tunnel->ref_count))
141 l2tp_tunnel_free(tunnel);
142 }
143 #ifdef L2TP_REFCNT_DEBUG
144 #define l2tp_tunnel_inc_refcount(_t) \
145 do { \
146 pr_debug("l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n", \
147 __func__, __LINE__, (_t)->name, \
148 atomic_read(&_t->ref_count)); \
149 l2tp_tunnel_inc_refcount_1(_t); \
150 } while (0)
151 #define l2tp_tunnel_dec_refcount(_t) \
152 do { \
153 pr_debug("l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n", \
154 __func__, __LINE__, (_t)->name, \
155 atomic_read(&_t->ref_count)); \
156 l2tp_tunnel_dec_refcount_1(_t); \
157 } while (0)
158 #else
159 #define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t)
160 #define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t)
161 #endif
162
163 /* Session hash global list for L2TPv3.
164 * The session_id SHOULD be random according to RFC3931, but several
165 * L2TP implementations use incrementing session_ids. So we do a real
166 * hash on the session_id, rather than a simple bitmask.
167 */
168 static inline struct hlist_head *
169 l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
170 {
171 return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
172
173 }
174
175 /* Lookup the tunnel socket, possibly involving the fs code if the socket is
176 * owned by userspace. A struct sock returned from this function must be
177 * released using l2tp_tunnel_sock_put once you're done with it.
178 */
179 static struct sock *l2tp_tunnel_sock_lookup(struct l2tp_tunnel *tunnel)
180 {
181 int err = 0;
182 struct socket *sock = NULL;
183 struct sock *sk = NULL;
184
185 if (!tunnel)
186 goto out;
187
188 if (tunnel->fd >= 0) {
189 /* Socket is owned by userspace, who might be in the process
190 * of closing it. Look the socket up using the fd to ensure
191 * consistency.
192 */
193 sock = sockfd_lookup(tunnel->fd, &err);
194 if (sock)
195 sk = sock->sk;
196 } else {
197 /* Socket is owned by kernelspace */
198 sk = tunnel->sock;
199 sock_hold(sk);
200 }
201
202 out:
203 return sk;
204 }
205
206 /* Drop a reference to a tunnel socket obtained via. l2tp_tunnel_sock_put */
207 static void l2tp_tunnel_sock_put(struct sock *sk)
208 {
209 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
210 if (tunnel) {
211 if (tunnel->fd >= 0) {
212 /* Socket is owned by userspace */
213 sockfd_put(sk->sk_socket);
214 }
215 sock_put(sk);
216 }
217 sock_put(sk);
218 }
219
220 /* Lookup a session by id in the global session list
221 */
222 static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
223 {
224 struct l2tp_net *pn = l2tp_pernet(net);
225 struct hlist_head *session_list =
226 l2tp_session_id_hash_2(pn, session_id);
227 struct l2tp_session *session;
228
229 rcu_read_lock_bh();
230 hlist_for_each_entry_rcu(session, session_list, global_hlist) {
231 if (session->session_id == session_id) {
232 rcu_read_unlock_bh();
233 return session;
234 }
235 }
236 rcu_read_unlock_bh();
237
238 return NULL;
239 }
240
241 /* Session hash list.
242 * The session_id SHOULD be random according to RFC2661, but several
243 * L2TP implementations (Cisco and Microsoft) use incrementing
244 * session_ids. So we do a real hash on the session_id, rather than a
245 * simple bitmask.
246 */
247 static inline struct hlist_head *
248 l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
249 {
250 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
251 }
252
253 /* Lookup a session by id
254 */
255 struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id)
256 {
257 struct hlist_head *session_list;
258 struct l2tp_session *session;
259
260 /* In L2TPv3, session_ids are unique over all tunnels and we
261 * sometimes need to look them up before we know the
262 * tunnel.
263 */
264 if (tunnel == NULL)
265 return l2tp_session_find_2(net, session_id);
266
267 session_list = l2tp_session_id_hash(tunnel, session_id);
268 read_lock_bh(&tunnel->hlist_lock);
269 hlist_for_each_entry(session, session_list, hlist) {
270 if (session->session_id == session_id) {
271 read_unlock_bh(&tunnel->hlist_lock);
272 return session;
273 }
274 }
275 read_unlock_bh(&tunnel->hlist_lock);
276
277 return NULL;
278 }
279 EXPORT_SYMBOL_GPL(l2tp_session_find);
280
281 struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth,
282 bool do_ref)
283 {
284 int hash;
285 struct l2tp_session *session;
286 int count = 0;
287
288 read_lock_bh(&tunnel->hlist_lock);
289 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
290 hlist_for_each_entry(session, &tunnel->session_hlist[hash], hlist) {
291 if (++count > nth) {
292 l2tp_session_inc_refcount(session);
293 if (do_ref && session->ref)
294 session->ref(session);
295 read_unlock_bh(&tunnel->hlist_lock);
296 return session;
297 }
298 }
299 }
300
301 read_unlock_bh(&tunnel->hlist_lock);
302
303 return NULL;
304 }
305 EXPORT_SYMBOL_GPL(l2tp_session_get_nth);
306
307 /* Lookup a session by interface name.
308 * This is very inefficient but is only used by management interfaces.
309 */
310 struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname)
311 {
312 struct l2tp_net *pn = l2tp_pernet(net);
313 int hash;
314 struct l2tp_session *session;
315
316 rcu_read_lock_bh();
317 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
318 hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) {
319 if (!strcmp(session->ifname, ifname)) {
320 rcu_read_unlock_bh();
321 return session;
322 }
323 }
324 }
325
326 rcu_read_unlock_bh();
327
328 return NULL;
329 }
330 EXPORT_SYMBOL_GPL(l2tp_session_find_by_ifname);
331
332 /* Lookup a tunnel by id
333 */
334 struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id)
335 {
336 struct l2tp_tunnel *tunnel;
337 struct l2tp_net *pn = l2tp_pernet(net);
338
339 rcu_read_lock_bh();
340 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
341 if (tunnel->tunnel_id == tunnel_id) {
342 rcu_read_unlock_bh();
343 return tunnel;
344 }
345 }
346 rcu_read_unlock_bh();
347
348 return NULL;
349 }
350 EXPORT_SYMBOL_GPL(l2tp_tunnel_find);
351
352 struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth)
353 {
354 struct l2tp_net *pn = l2tp_pernet(net);
355 struct l2tp_tunnel *tunnel;
356 int count = 0;
357
358 rcu_read_lock_bh();
359 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
360 if (++count > nth) {
361 rcu_read_unlock_bh();
362 return tunnel;
363 }
364 }
365
366 rcu_read_unlock_bh();
367
368 return NULL;
369 }
370 EXPORT_SYMBOL_GPL(l2tp_tunnel_find_nth);
371
372 /*****************************************************************************
373 * Receive data handling
374 *****************************************************************************/
375
376 /* Queue a skb in order. We come here only if the skb has an L2TP sequence
377 * number.
378 */
379 static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
380 {
381 struct sk_buff *skbp;
382 struct sk_buff *tmp;
383 u32 ns = L2TP_SKB_CB(skb)->ns;
384
385 spin_lock_bh(&session->reorder_q.lock);
386 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
387 if (L2TP_SKB_CB(skbp)->ns > ns) {
388 __skb_queue_before(&session->reorder_q, skbp, skb);
389 l2tp_dbg(session, L2TP_MSG_SEQ,
390 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
391 session->name, ns, L2TP_SKB_CB(skbp)->ns,
392 skb_queue_len(&session->reorder_q));
393 atomic_long_inc(&session->stats.rx_oos_packets);
394 goto out;
395 }
396 }
397
398 __skb_queue_tail(&session->reorder_q, skb);
399
400 out:
401 spin_unlock_bh(&session->reorder_q.lock);
402 }
403
404 /* Dequeue a single skb.
405 */
406 static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
407 {
408 struct l2tp_tunnel *tunnel = session->tunnel;
409 int length = L2TP_SKB_CB(skb)->length;
410
411 /* We're about to requeue the skb, so return resources
412 * to its current owner (a socket receive buffer).
413 */
414 skb_orphan(skb);
415
416 atomic_long_inc(&tunnel->stats.rx_packets);
417 atomic_long_add(length, &tunnel->stats.rx_bytes);
418 atomic_long_inc(&session->stats.rx_packets);
419 atomic_long_add(length, &session->stats.rx_bytes);
420
421 if (L2TP_SKB_CB(skb)->has_seq) {
422 /* Bump our Nr */
423 session->nr++;
424 session->nr &= session->nr_max;
425
426 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated nr to %hu\n",
427 session->name, session->nr);
428 }
429
430 /* call private receive handler */
431 if (session->recv_skb != NULL)
432 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
433 else
434 kfree_skb(skb);
435
436 if (session->deref)
437 (*session->deref)(session);
438 }
439
440 /* Dequeue skbs from the session's reorder_q, subject to packet order.
441 * Skbs that have been in the queue for too long are simply discarded.
442 */
443 static void l2tp_recv_dequeue(struct l2tp_session *session)
444 {
445 struct sk_buff *skb;
446 struct sk_buff *tmp;
447
448 /* If the pkt at the head of the queue has the nr that we
449 * expect to send up next, dequeue it and any other
450 * in-sequence packets behind it.
451 */
452 start:
453 spin_lock_bh(&session->reorder_q.lock);
454 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
455 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
456 atomic_long_inc(&session->stats.rx_seq_discards);
457 atomic_long_inc(&session->stats.rx_errors);
458 l2tp_dbg(session, L2TP_MSG_SEQ,
459 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n",
460 session->name, L2TP_SKB_CB(skb)->ns,
461 L2TP_SKB_CB(skb)->length, session->nr,
462 skb_queue_len(&session->reorder_q));
463 session->reorder_skip = 1;
464 __skb_unlink(skb, &session->reorder_q);
465 kfree_skb(skb);
466 if (session->deref)
467 (*session->deref)(session);
468 continue;
469 }
470
471 if (L2TP_SKB_CB(skb)->has_seq) {
472 if (session->reorder_skip) {
473 l2tp_dbg(session, L2TP_MSG_SEQ,
474 "%s: advancing nr to next pkt: %u -> %u",
475 session->name, session->nr,
476 L2TP_SKB_CB(skb)->ns);
477 session->reorder_skip = 0;
478 session->nr = L2TP_SKB_CB(skb)->ns;
479 }
480 if (L2TP_SKB_CB(skb)->ns != session->nr) {
481 l2tp_dbg(session, L2TP_MSG_SEQ,
482 "%s: holding oos pkt %u len %d, waiting for %u, reorder_q_len=%d\n",
483 session->name, L2TP_SKB_CB(skb)->ns,
484 L2TP_SKB_CB(skb)->length, session->nr,
485 skb_queue_len(&session->reorder_q));
486 goto out;
487 }
488 }
489 __skb_unlink(skb, &session->reorder_q);
490
491 /* Process the skb. We release the queue lock while we
492 * do so to let other contexts process the queue.
493 */
494 spin_unlock_bh(&session->reorder_q.lock);
495 l2tp_recv_dequeue_skb(session, skb);
496 goto start;
497 }
498
499 out:
500 spin_unlock_bh(&session->reorder_q.lock);
501 }
502
503 static int l2tp_seq_check_rx_window(struct l2tp_session *session, u32 nr)
504 {
505 u32 nws;
506
507 if (nr >= session->nr)
508 nws = nr - session->nr;
509 else
510 nws = (session->nr_max + 1) - (session->nr - nr);
511
512 return nws < session->nr_window_size;
513 }
514
515 /* If packet has sequence numbers, queue it if acceptable. Returns 0 if
516 * acceptable, else non-zero.
517 */
518 static int l2tp_recv_data_seq(struct l2tp_session *session, struct sk_buff *skb)
519 {
520 if (!l2tp_seq_check_rx_window(session, L2TP_SKB_CB(skb)->ns)) {
521 /* Packet sequence number is outside allowed window.
522 * Discard it.
523 */
524 l2tp_dbg(session, L2TP_MSG_SEQ,
525 "%s: pkt %u len %d discarded, outside window, nr=%u\n",
526 session->name, L2TP_SKB_CB(skb)->ns,
527 L2TP_SKB_CB(skb)->length, session->nr);
528 goto discard;
529 }
530
531 if (session->reorder_timeout != 0) {
532 /* Packet reordering enabled. Add skb to session's
533 * reorder queue, in order of ns.
534 */
535 l2tp_recv_queue_skb(session, skb);
536 goto out;
537 }
538
539 /* Packet reordering disabled. Discard out-of-sequence packets, while
540 * tracking the number if in-sequence packets after the first OOS packet
541 * is seen. After nr_oos_count_max in-sequence packets, reset the
542 * sequence number to re-enable packet reception.
543 */
544 if (L2TP_SKB_CB(skb)->ns == session->nr) {
545 skb_queue_tail(&session->reorder_q, skb);
546 } else {
547 u32 nr_oos = L2TP_SKB_CB(skb)->ns;
548 u32 nr_next = (session->nr_oos + 1) & session->nr_max;
549
550 if (nr_oos == nr_next)
551 session->nr_oos_count++;
552 else
553 session->nr_oos_count = 0;
554
555 session->nr_oos = nr_oos;
556 if (session->nr_oos_count > session->nr_oos_count_max) {
557 session->reorder_skip = 1;
558 l2tp_dbg(session, L2TP_MSG_SEQ,
559 "%s: %d oos packets received. Resetting sequence numbers\n",
560 session->name, session->nr_oos_count);
561 }
562 if (!session->reorder_skip) {
563 atomic_long_inc(&session->stats.rx_seq_discards);
564 l2tp_dbg(session, L2TP_MSG_SEQ,
565 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n",
566 session->name, L2TP_SKB_CB(skb)->ns,
567 L2TP_SKB_CB(skb)->length, session->nr,
568 skb_queue_len(&session->reorder_q));
569 goto discard;
570 }
571 skb_queue_tail(&session->reorder_q, skb);
572 }
573
574 out:
575 return 0;
576
577 discard:
578 return 1;
579 }
580
581 /* Do receive processing of L2TP data frames. We handle both L2TPv2
582 * and L2TPv3 data frames here.
583 *
584 * L2TPv2 Data Message Header
585 *
586 * 0 1 2 3
587 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
588 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
589 * |T|L|x|x|S|x|O|P|x|x|x|x| Ver | Length (opt) |
590 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
591 * | Tunnel ID | Session ID |
592 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
593 * | Ns (opt) | Nr (opt) |
594 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
595 * | Offset Size (opt) | Offset pad... (opt)
596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
597 *
598 * Data frames are marked by T=0. All other fields are the same as
599 * those in L2TP control frames.
600 *
601 * L2TPv3 Data Message Header
602 *
603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
604 * | L2TP Session Header |
605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
606 * | L2-Specific Sublayer |
607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
608 * | Tunnel Payload ...
609 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
610 *
611 * L2TPv3 Session Header Over IP
612 *
613 * 0 1 2 3
614 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
615 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
616 * | Session ID |
617 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
618 * | Cookie (optional, maximum 64 bits)...
619 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
620 * |
621 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
622 *
623 * L2TPv3 L2-Specific Sublayer Format
624 *
625 * 0 1 2 3
626 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
627 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
628 * |x|S|x|x|x|x|x|x| Sequence Number |
629 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
630 *
631 * Cookie value, sublayer format and offset (pad) are negotiated with
632 * the peer when the session is set up. Unlike L2TPv2, we do not need
633 * to parse the packet header to determine if optional fields are
634 * present.
635 *
636 * Caller must already have parsed the frame and determined that it is
637 * a data (not control) frame before coming here. Fields up to the
638 * session-id have already been parsed and ptr points to the data
639 * after the session-id.
640 */
641 void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
642 unsigned char *ptr, unsigned char *optr, u16 hdrflags,
643 int length, int (*payload_hook)(struct sk_buff *skb))
644 {
645 struct l2tp_tunnel *tunnel = session->tunnel;
646 int offset;
647 u32 ns, nr;
648
649 /* The ref count is increased since we now hold a pointer to
650 * the session. Take care to decrement the refcnt when exiting
651 * this function from now on...
652 */
653 l2tp_session_inc_refcount(session);
654 if (session->ref)
655 (*session->ref)(session);
656
657 /* Parse and check optional cookie */
658 if (session->peer_cookie_len > 0) {
659 if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
660 l2tp_info(tunnel, L2TP_MSG_DATA,
661 "%s: cookie mismatch (%u/%u). Discarding.\n",
662 tunnel->name, tunnel->tunnel_id,
663 session->session_id);
664 atomic_long_inc(&session->stats.rx_cookie_discards);
665 goto discard;
666 }
667 ptr += session->peer_cookie_len;
668 }
669
670 /* Handle the optional sequence numbers. Sequence numbers are
671 * in different places for L2TPv2 and L2TPv3.
672 *
673 * If we are the LAC, enable/disable sequence numbers under
674 * the control of the LNS. If no sequence numbers present but
675 * we were expecting them, discard frame.
676 */
677 ns = nr = 0;
678 L2TP_SKB_CB(skb)->has_seq = 0;
679 if (tunnel->version == L2TP_HDR_VER_2) {
680 if (hdrflags & L2TP_HDRFLAG_S) {
681 ns = ntohs(*(__be16 *) ptr);
682 ptr += 2;
683 nr = ntohs(*(__be16 *) ptr);
684 ptr += 2;
685
686 /* Store L2TP info in the skb */
687 L2TP_SKB_CB(skb)->ns = ns;
688 L2TP_SKB_CB(skb)->has_seq = 1;
689
690 l2tp_dbg(session, L2TP_MSG_SEQ,
691 "%s: recv data ns=%u, nr=%u, session nr=%u\n",
692 session->name, ns, nr, session->nr);
693 }
694 } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
695 u32 l2h = ntohl(*(__be32 *) ptr);
696
697 if (l2h & 0x40000000) {
698 ns = l2h & 0x00ffffff;
699
700 /* Store L2TP info in the skb */
701 L2TP_SKB_CB(skb)->ns = ns;
702 L2TP_SKB_CB(skb)->has_seq = 1;
703
704 l2tp_dbg(session, L2TP_MSG_SEQ,
705 "%s: recv data ns=%u, session nr=%u\n",
706 session->name, ns, session->nr);
707 }
708 }
709
710 /* Advance past L2-specific header, if present */
711 ptr += session->l2specific_len;
712
713 if (L2TP_SKB_CB(skb)->has_seq) {
714 /* Received a packet with sequence numbers. If we're the LNS,
715 * check if we sre sending sequence numbers and if not,
716 * configure it so.
717 */
718 if ((!session->lns_mode) && (!session->send_seq)) {
719 l2tp_info(session, L2TP_MSG_SEQ,
720 "%s: requested to enable seq numbers by LNS\n",
721 session->name);
722 session->send_seq = 1;
723 l2tp_session_set_header_len(session, tunnel->version);
724 }
725 } else {
726 /* No sequence numbers.
727 * If user has configured mandatory sequence numbers, discard.
728 */
729 if (session->recv_seq) {
730 l2tp_warn(session, L2TP_MSG_SEQ,
731 "%s: recv data has no seq numbers when required. Discarding.\n",
732 session->name);
733 atomic_long_inc(&session->stats.rx_seq_discards);
734 goto discard;
735 }
736
737 /* If we're the LAC and we're sending sequence numbers, the
738 * LNS has requested that we no longer send sequence numbers.
739 * If we're the LNS and we're sending sequence numbers, the
740 * LAC is broken. Discard the frame.
741 */
742 if ((!session->lns_mode) && (session->send_seq)) {
743 l2tp_info(session, L2TP_MSG_SEQ,
744 "%s: requested to disable seq numbers by LNS\n",
745 session->name);
746 session->send_seq = 0;
747 l2tp_session_set_header_len(session, tunnel->version);
748 } else if (session->send_seq) {
749 l2tp_warn(session, L2TP_MSG_SEQ,
750 "%s: recv data has no seq numbers when required. Discarding.\n",
751 session->name);
752 atomic_long_inc(&session->stats.rx_seq_discards);
753 goto discard;
754 }
755 }
756
757 /* Session data offset is handled differently for L2TPv2 and
758 * L2TPv3. For L2TPv2, there is an optional 16-bit value in
759 * the header. For L2TPv3, the offset is negotiated using AVPs
760 * in the session setup control protocol.
761 */
762 if (tunnel->version == L2TP_HDR_VER_2) {
763 /* If offset bit set, skip it. */
764 if (hdrflags & L2TP_HDRFLAG_O) {
765 offset = ntohs(*(__be16 *)ptr);
766 ptr += 2 + offset;
767 }
768 } else
769 ptr += session->offset;
770
771 offset = ptr - optr;
772 if (!pskb_may_pull(skb, offset))
773 goto discard;
774
775 __skb_pull(skb, offset);
776
777 /* If caller wants to process the payload before we queue the
778 * packet, do so now.
779 */
780 if (payload_hook)
781 if ((*payload_hook)(skb))
782 goto discard;
783
784 /* Prepare skb for adding to the session's reorder_q. Hold
785 * packets for max reorder_timeout or 1 second if not
786 * reordering.
787 */
788 L2TP_SKB_CB(skb)->length = length;
789 L2TP_SKB_CB(skb)->expires = jiffies +
790 (session->reorder_timeout ? session->reorder_timeout : HZ);
791
792 /* Add packet to the session's receive queue. Reordering is done here, if
793 * enabled. Saved L2TP protocol info is stored in skb->sb[].
794 */
795 if (L2TP_SKB_CB(skb)->has_seq) {
796 if (l2tp_recv_data_seq(session, skb))
797 goto discard;
798 } else {
799 /* No sequence numbers. Add the skb to the tail of the
800 * reorder queue. This ensures that it will be
801 * delivered after all previous sequenced skbs.
802 */
803 skb_queue_tail(&session->reorder_q, skb);
804 }
805
806 /* Try to dequeue as many skbs from reorder_q as we can. */
807 l2tp_recv_dequeue(session);
808
809 l2tp_session_dec_refcount(session);
810
811 return;
812
813 discard:
814 atomic_long_inc(&session->stats.rx_errors);
815 kfree_skb(skb);
816
817 if (session->deref)
818 (*session->deref)(session);
819
820 l2tp_session_dec_refcount(session);
821 }
822 EXPORT_SYMBOL(l2tp_recv_common);
823
824 /* Drop skbs from the session's reorder_q
825 */
826 int l2tp_session_queue_purge(struct l2tp_session *session)
827 {
828 struct sk_buff *skb = NULL;
829 BUG_ON(!session);
830 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
831 while ((skb = skb_dequeue(&session->reorder_q))) {
832 atomic_long_inc(&session->stats.rx_errors);
833 kfree_skb(skb);
834 if (session->deref)
835 (*session->deref)(session);
836 }
837 return 0;
838 }
839 EXPORT_SYMBOL_GPL(l2tp_session_queue_purge);
840
841 /* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
842 * here. The skb is not on a list when we get here.
843 * Returns 0 if the packet was a data packet and was successfully passed on.
844 * Returns 1 if the packet was not a good data packet and could not be
845 * forwarded. All such packets are passed up to userspace to deal with.
846 */
847 static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
848 int (*payload_hook)(struct sk_buff *skb))
849 {
850 struct l2tp_session *session = NULL;
851 unsigned char *ptr, *optr;
852 u16 hdrflags;
853 u32 tunnel_id, session_id;
854 u16 version;
855 int length;
856
857 /* UDP has verifed checksum */
858
859 /* UDP always verifies the packet length. */
860 __skb_pull(skb, sizeof(struct udphdr));
861
862 /* Short packet? */
863 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) {
864 l2tp_info(tunnel, L2TP_MSG_DATA,
865 "%s: recv short packet (len=%d)\n",
866 tunnel->name, skb->len);
867 goto error;
868 }
869
870 /* Trace packet contents, if enabled */
871 if (tunnel->debug & L2TP_MSG_DATA) {
872 length = min(32u, skb->len);
873 if (!pskb_may_pull(skb, length))
874 goto error;
875
876 pr_debug("%s: recv\n", tunnel->name);
877 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length);
878 }
879
880 /* Point to L2TP header */
881 optr = ptr = skb->data;
882
883 /* Get L2TP header flags */
884 hdrflags = ntohs(*(__be16 *) ptr);
885
886 /* Check protocol version */
887 version = hdrflags & L2TP_HDR_VER_MASK;
888 if (version != tunnel->version) {
889 l2tp_info(tunnel, L2TP_MSG_DATA,
890 "%s: recv protocol version mismatch: got %d expected %d\n",
891 tunnel->name, version, tunnel->version);
892 goto error;
893 }
894
895 /* Get length of L2TP packet */
896 length = skb->len;
897
898 /* If type is control packet, it is handled by userspace. */
899 if (hdrflags & L2TP_HDRFLAG_T) {
900 l2tp_dbg(tunnel, L2TP_MSG_DATA,
901 "%s: recv control packet, len=%d\n",
902 tunnel->name, length);
903 goto error;
904 }
905
906 /* Skip flags */
907 ptr += 2;
908
909 if (tunnel->version == L2TP_HDR_VER_2) {
910 /* If length is present, skip it */
911 if (hdrflags & L2TP_HDRFLAG_L)
912 ptr += 2;
913
914 /* Extract tunnel and session ID */
915 tunnel_id = ntohs(*(__be16 *) ptr);
916 ptr += 2;
917 session_id = ntohs(*(__be16 *) ptr);
918 ptr += 2;
919 } else {
920 ptr += 2; /* skip reserved bits */
921 tunnel_id = tunnel->tunnel_id;
922 session_id = ntohl(*(__be32 *) ptr);
923 ptr += 4;
924 }
925
926 /* Find the session context */
927 session = l2tp_session_find(tunnel->l2tp_net, tunnel, session_id);
928 if (!session || !session->recv_skb) {
929 /* Not found? Pass to userspace to deal with */
930 l2tp_info(tunnel, L2TP_MSG_DATA,
931 "%s: no session found (%u/%u). Passing up.\n",
932 tunnel->name, tunnel_id, session_id);
933 goto error;
934 }
935
936 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook);
937
938 return 0;
939
940 error:
941 /* Put UDP header back */
942 __skb_push(skb, sizeof(struct udphdr));
943
944 return 1;
945 }
946
947 /* UDP encapsulation receive handler. See net/ipv4/udp.c.
948 * Return codes:
949 * 0 : success.
950 * <0: error
951 * >0: skb should be passed up to userspace as UDP.
952 */
953 int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
954 {
955 struct l2tp_tunnel *tunnel;
956
957 tunnel = l2tp_sock_to_tunnel(sk);
958 if (tunnel == NULL)
959 goto pass_up;
960
961 l2tp_dbg(tunnel, L2TP_MSG_DATA, "%s: received %d bytes\n",
962 tunnel->name, skb->len);
963
964 if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook))
965 goto pass_up_put;
966
967 sock_put(sk);
968 return 0;
969
970 pass_up_put:
971 sock_put(sk);
972 pass_up:
973 return 1;
974 }
975 EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
976
977 /************************************************************************
978 * Transmit handling
979 ***********************************************************************/
980
981 /* Build an L2TP header for the session into the buffer provided.
982 */
983 static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf)
984 {
985 struct l2tp_tunnel *tunnel = session->tunnel;
986 __be16 *bufp = buf;
987 __be16 *optr = buf;
988 u16 flags = L2TP_HDR_VER_2;
989 u32 tunnel_id = tunnel->peer_tunnel_id;
990 u32 session_id = session->peer_session_id;
991
992 if (session->send_seq)
993 flags |= L2TP_HDRFLAG_S;
994
995 /* Setup L2TP header. */
996 *bufp++ = htons(flags);
997 *bufp++ = htons(tunnel_id);
998 *bufp++ = htons(session_id);
999 if (session->send_seq) {
1000 *bufp++ = htons(session->ns);
1001 *bufp++ = 0;
1002 session->ns++;
1003 session->ns &= 0xffff;
1004 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated ns to %u\n",
1005 session->name, session->ns);
1006 }
1007
1008 return bufp - optr;
1009 }
1010
1011 static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf)
1012 {
1013 struct l2tp_tunnel *tunnel = session->tunnel;
1014 char *bufp = buf;
1015 char *optr = bufp;
1016
1017 /* Setup L2TP header. The header differs slightly for UDP and
1018 * IP encapsulations. For UDP, there is 4 bytes of flags.
1019 */
1020 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
1021 u16 flags = L2TP_HDR_VER_3;
1022 *((__be16 *) bufp) = htons(flags);
1023 bufp += 2;
1024 *((__be16 *) bufp) = 0;
1025 bufp += 2;
1026 }
1027
1028 *((__be32 *) bufp) = htonl(session->peer_session_id);
1029 bufp += 4;
1030 if (session->cookie_len) {
1031 memcpy(bufp, &session->cookie[0], session->cookie_len);
1032 bufp += session->cookie_len;
1033 }
1034 if (session->l2specific_len) {
1035 if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
1036 u32 l2h = 0;
1037 if (session->send_seq) {
1038 l2h = 0x40000000 | session->ns;
1039 session->ns++;
1040 session->ns &= 0xffffff;
1041 l2tp_dbg(session, L2TP_MSG_SEQ,
1042 "%s: updated ns to %u\n",
1043 session->name, session->ns);
1044 }
1045
1046 *((__be32 *) bufp) = htonl(l2h);
1047 }
1048 bufp += session->l2specific_len;
1049 }
1050 if (session->offset)
1051 bufp += session->offset;
1052
1053 return bufp - optr;
1054 }
1055
1056 static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1057 struct flowi *fl, size_t data_len)
1058 {
1059 struct l2tp_tunnel *tunnel = session->tunnel;
1060 unsigned int len = skb->len;
1061 int error;
1062
1063 /* Debug */
1064 if (session->send_seq)
1065 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes, ns=%u\n",
1066 session->name, data_len, session->ns - 1);
1067 else
1068 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes\n",
1069 session->name, data_len);
1070
1071 if (session->debug & L2TP_MSG_DATA) {
1072 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1073 unsigned char *datap = skb->data + uhlen;
1074
1075 pr_debug("%s: xmit\n", session->name);
1076 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET,
1077 datap, min_t(size_t, 32, len - uhlen));
1078 }
1079
1080 /* Queue the packet to IP for output */
1081 skb->ignore_df = 1;
1082 #if IS_ENABLED(CONFIG_IPV6)
1083 if (tunnel->sock->sk_family == PF_INET6 && !tunnel->v4mapped)
1084 error = inet6_csk_xmit(tunnel->sock, skb, NULL);
1085 else
1086 #endif
1087 error = ip_queue_xmit(tunnel->sock, skb, fl);
1088
1089 /* Update stats */
1090 if (error >= 0) {
1091 atomic_long_inc(&tunnel->stats.tx_packets);
1092 atomic_long_add(len, &tunnel->stats.tx_bytes);
1093 atomic_long_inc(&session->stats.tx_packets);
1094 atomic_long_add(len, &session->stats.tx_bytes);
1095 } else {
1096 atomic_long_inc(&tunnel->stats.tx_errors);
1097 atomic_long_inc(&session->stats.tx_errors);
1098 }
1099
1100 return 0;
1101 }
1102
1103 /* If caller requires the skb to have a ppp header, the header must be
1104 * inserted in the skb data before calling this function.
1105 */
1106 int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
1107 {
1108 int data_len = skb->len;
1109 struct l2tp_tunnel *tunnel = session->tunnel;
1110 struct sock *sk = tunnel->sock;
1111 struct flowi *fl;
1112 struct udphdr *uh;
1113 struct inet_sock *inet;
1114 int headroom;
1115 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1116 int udp_len;
1117 int ret = NET_XMIT_SUCCESS;
1118
1119 /* Check that there's enough headroom in the skb to insert IP,
1120 * UDP and L2TP headers. If not enough, expand it to
1121 * make room. Adjust truesize.
1122 */
1123 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1124 uhlen + hdr_len;
1125 if (skb_cow_head(skb, headroom)) {
1126 kfree_skb(skb);
1127 return NET_XMIT_DROP;
1128 }
1129
1130 /* Setup L2TP header */
1131 session->build_header(session, __skb_push(skb, hdr_len));
1132
1133 /* Reset skb netfilter state */
1134 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1135 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1136 IPSKB_REROUTED);
1137 nf_reset(skb);
1138
1139 bh_lock_sock(sk);
1140 if (sock_owned_by_user(sk)) {
1141 kfree_skb(skb);
1142 ret = NET_XMIT_DROP;
1143 goto out_unlock;
1144 }
1145
1146 /* Get routing info from the tunnel socket */
1147 skb_dst_drop(skb);
1148 skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
1149
1150 inet = inet_sk(sk);
1151 fl = &inet->cork.fl;
1152 switch (tunnel->encap) {
1153 case L2TP_ENCAPTYPE_UDP:
1154 /* Setup UDP header */
1155 __skb_push(skb, sizeof(*uh));
1156 skb_reset_transport_header(skb);
1157 uh = udp_hdr(skb);
1158 uh->source = inet->inet_sport;
1159 uh->dest = inet->inet_dport;
1160 udp_len = uhlen + hdr_len + data_len;
1161 uh->len = htons(udp_len);
1162
1163 /* Calculate UDP checksum if configured to do so */
1164 #if IS_ENABLED(CONFIG_IPV6)
1165 if (sk->sk_family == PF_INET6 && !tunnel->v4mapped)
1166 udp6_set_csum(udp_get_no_check6_tx(sk),
1167 skb, &inet6_sk(sk)->saddr,
1168 &sk->sk_v6_daddr, udp_len);
1169 else
1170 #endif
1171 udp_set_csum(sk->sk_no_check_tx, skb, inet->inet_saddr,
1172 inet->inet_daddr, udp_len);
1173 break;
1174
1175 case L2TP_ENCAPTYPE_IP:
1176 break;
1177 }
1178
1179 l2tp_xmit_core(session, skb, fl, data_len);
1180 out_unlock:
1181 bh_unlock_sock(sk);
1182
1183 return ret;
1184 }
1185 EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1186
1187 /*****************************************************************************
1188 * Tinnel and session create/destroy.
1189 *****************************************************************************/
1190
1191 /* Tunnel socket destruct hook.
1192 * The tunnel context is deleted only when all session sockets have been
1193 * closed.
1194 */
1195 static void l2tp_tunnel_destruct(struct sock *sk)
1196 {
1197 struct l2tp_tunnel *tunnel = l2tp_tunnel(sk);
1198 struct l2tp_net *pn;
1199
1200 if (tunnel == NULL)
1201 goto end;
1202
1203 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name);
1204
1205
1206 /* Disable udp encapsulation */
1207 switch (tunnel->encap) {
1208 case L2TP_ENCAPTYPE_UDP:
1209 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1210 (udp_sk(sk))->encap_type = 0;
1211 (udp_sk(sk))->encap_rcv = NULL;
1212 (udp_sk(sk))->encap_destroy = NULL;
1213 break;
1214 case L2TP_ENCAPTYPE_IP:
1215 break;
1216 }
1217
1218 /* Remove hooks into tunnel socket */
1219 sk->sk_destruct = tunnel->old_sk_destruct;
1220 sk->sk_user_data = NULL;
1221 tunnel->sock = NULL;
1222
1223 /* Remove the tunnel struct from the tunnel list */
1224 pn = l2tp_pernet(tunnel->l2tp_net);
1225 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1226 list_del_rcu(&tunnel->list);
1227 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1228 atomic_dec(&l2tp_tunnel_count);
1229
1230 l2tp_tunnel_closeall(tunnel);
1231 l2tp_tunnel_dec_refcount(tunnel);
1232
1233 /* Call the original destructor */
1234 if (sk->sk_destruct)
1235 (*sk->sk_destruct)(sk);
1236 end:
1237 return;
1238 }
1239
1240 /* When the tunnel is closed, all the attached sessions need to go too.
1241 */
1242 void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1243 {
1244 int hash;
1245 struct hlist_node *walk;
1246 struct hlist_node *tmp;
1247 struct l2tp_session *session;
1248
1249 BUG_ON(tunnel == NULL);
1250
1251 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing all sessions...\n",
1252 tunnel->name);
1253
1254 write_lock_bh(&tunnel->hlist_lock);
1255 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1256 again:
1257 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1258 session = hlist_entry(walk, struct l2tp_session, hlist);
1259
1260 l2tp_info(session, L2TP_MSG_CONTROL,
1261 "%s: closing session\n", session->name);
1262
1263 hlist_del_init(&session->hlist);
1264
1265 if (session->ref != NULL)
1266 (*session->ref)(session);
1267
1268 write_unlock_bh(&tunnel->hlist_lock);
1269
1270 __l2tp_session_unhash(session);
1271 l2tp_session_queue_purge(session);
1272
1273 if (session->session_close != NULL)
1274 (*session->session_close)(session);
1275
1276 if (session->deref != NULL)
1277 (*session->deref)(session);
1278
1279 l2tp_session_dec_refcount(session);
1280
1281 write_lock_bh(&tunnel->hlist_lock);
1282
1283 /* Now restart from the beginning of this hash
1284 * chain. We always remove a session from the
1285 * list so we are guaranteed to make forward
1286 * progress.
1287 */
1288 goto again;
1289 }
1290 }
1291 write_unlock_bh(&tunnel->hlist_lock);
1292 }
1293 EXPORT_SYMBOL_GPL(l2tp_tunnel_closeall);
1294
1295 /* Tunnel socket destroy hook for UDP encapsulation */
1296 static void l2tp_udp_encap_destroy(struct sock *sk)
1297 {
1298 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
1299 if (tunnel) {
1300 l2tp_tunnel_closeall(tunnel);
1301 sock_put(sk);
1302 }
1303 }
1304
1305 /* Really kill the tunnel.
1306 * Come here only when all sessions have been cleared from the tunnel.
1307 */
1308 static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
1309 {
1310 BUG_ON(atomic_read(&tunnel->ref_count) != 0);
1311 BUG_ON(tunnel->sock != NULL);
1312 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name);
1313 kfree_rcu(tunnel, rcu);
1314 }
1315
1316 /* Workqueue tunnel deletion function */
1317 static void l2tp_tunnel_del_work(struct work_struct *work)
1318 {
1319 struct l2tp_tunnel *tunnel = NULL;
1320 struct socket *sock = NULL;
1321 struct sock *sk = NULL;
1322
1323 tunnel = container_of(work, struct l2tp_tunnel, del_work);
1324 sk = l2tp_tunnel_sock_lookup(tunnel);
1325 if (!sk)
1326 goto out;
1327
1328 sock = sk->sk_socket;
1329
1330 /* If the tunnel socket was created by userspace, then go through the
1331 * inet layer to shut the socket down, and let userspace close it.
1332 * Otherwise, if we created the socket directly within the kernel, use
1333 * the sk API to release it here.
1334 * In either case the tunnel resources are freed in the socket
1335 * destructor when the tunnel socket goes away.
1336 */
1337 if (tunnel->fd >= 0) {
1338 if (sock)
1339 inet_shutdown(sock, 2);
1340 } else {
1341 if (sock) {
1342 kernel_sock_shutdown(sock, SHUT_RDWR);
1343 sock_release(sock);
1344 }
1345 }
1346
1347 l2tp_tunnel_sock_put(sk);
1348 out:
1349 l2tp_tunnel_dec_refcount(tunnel);
1350 }
1351
1352 /* Create a socket for the tunnel, if one isn't set up by
1353 * userspace. This is used for static tunnels where there is no
1354 * managing L2TP daemon.
1355 *
1356 * Since we don't want these sockets to keep a namespace alive by
1357 * themselves, we drop the socket's namespace refcount after creation.
1358 * These sockets are freed when the namespace exits using the pernet
1359 * exit hook.
1360 */
1361 static int l2tp_tunnel_sock_create(struct net *net,
1362 u32 tunnel_id,
1363 u32 peer_tunnel_id,
1364 struct l2tp_tunnel_cfg *cfg,
1365 struct socket **sockp)
1366 {
1367 int err = -EINVAL;
1368 struct socket *sock = NULL;
1369 struct udp_port_cfg udp_conf;
1370
1371 switch (cfg->encap) {
1372 case L2TP_ENCAPTYPE_UDP:
1373 memset(&udp_conf, 0, sizeof(udp_conf));
1374
1375 #if IS_ENABLED(CONFIG_IPV6)
1376 if (cfg->local_ip6 && cfg->peer_ip6) {
1377 udp_conf.family = AF_INET6;
1378 memcpy(&udp_conf.local_ip6, cfg->local_ip6,
1379 sizeof(udp_conf.local_ip6));
1380 memcpy(&udp_conf.peer_ip6, cfg->peer_ip6,
1381 sizeof(udp_conf.peer_ip6));
1382 udp_conf.use_udp6_tx_checksums =
1383 ! cfg->udp6_zero_tx_checksums;
1384 udp_conf.use_udp6_rx_checksums =
1385 ! cfg->udp6_zero_rx_checksums;
1386 } else
1387 #endif
1388 {
1389 udp_conf.family = AF_INET;
1390 udp_conf.local_ip = cfg->local_ip;
1391 udp_conf.peer_ip = cfg->peer_ip;
1392 udp_conf.use_udp_checksums = cfg->use_udp_checksums;
1393 }
1394
1395 udp_conf.local_udp_port = htons(cfg->local_udp_port);
1396 udp_conf.peer_udp_port = htons(cfg->peer_udp_port);
1397
1398 err = udp_sock_create(net, &udp_conf, &sock);
1399 if (err < 0)
1400 goto out;
1401
1402 break;
1403
1404 case L2TP_ENCAPTYPE_IP:
1405 #if IS_ENABLED(CONFIG_IPV6)
1406 if (cfg->local_ip6 && cfg->peer_ip6) {
1407 struct sockaddr_l2tpip6 ip6_addr = {0};
1408
1409 err = sock_create_kern(net, AF_INET6, SOCK_DGRAM,
1410 IPPROTO_L2TP, &sock);
1411 if (err < 0)
1412 goto out;
1413
1414 ip6_addr.l2tp_family = AF_INET6;
1415 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1416 sizeof(ip6_addr.l2tp_addr));
1417 ip6_addr.l2tp_conn_id = tunnel_id;
1418 err = kernel_bind(sock, (struct sockaddr *) &ip6_addr,
1419 sizeof(ip6_addr));
1420 if (err < 0)
1421 goto out;
1422
1423 ip6_addr.l2tp_family = AF_INET6;
1424 memcpy(&ip6_addr.l2tp_addr, cfg->peer_ip6,
1425 sizeof(ip6_addr.l2tp_addr));
1426 ip6_addr.l2tp_conn_id = peer_tunnel_id;
1427 err = kernel_connect(sock,
1428 (struct sockaddr *) &ip6_addr,
1429 sizeof(ip6_addr), 0);
1430 if (err < 0)
1431 goto out;
1432 } else
1433 #endif
1434 {
1435 struct sockaddr_l2tpip ip_addr = {0};
1436
1437 err = sock_create_kern(net, AF_INET, SOCK_DGRAM,
1438 IPPROTO_L2TP, &sock);
1439 if (err < 0)
1440 goto out;
1441
1442 ip_addr.l2tp_family = AF_INET;
1443 ip_addr.l2tp_addr = cfg->local_ip;
1444 ip_addr.l2tp_conn_id = tunnel_id;
1445 err = kernel_bind(sock, (struct sockaddr *) &ip_addr,
1446 sizeof(ip_addr));
1447 if (err < 0)
1448 goto out;
1449
1450 ip_addr.l2tp_family = AF_INET;
1451 ip_addr.l2tp_addr = cfg->peer_ip;
1452 ip_addr.l2tp_conn_id = peer_tunnel_id;
1453 err = kernel_connect(sock, (struct sockaddr *) &ip_addr,
1454 sizeof(ip_addr), 0);
1455 if (err < 0)
1456 goto out;
1457 }
1458 break;
1459
1460 default:
1461 goto out;
1462 }
1463
1464 out:
1465 *sockp = sock;
1466 if ((err < 0) && sock) {
1467 kernel_sock_shutdown(sock, SHUT_RDWR);
1468 sock_release(sock);
1469 *sockp = NULL;
1470 }
1471
1472 return err;
1473 }
1474
1475 static struct lock_class_key l2tp_socket_class;
1476
1477 int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1478 {
1479 struct l2tp_tunnel *tunnel = NULL;
1480 int err;
1481 struct socket *sock = NULL;
1482 struct sock *sk = NULL;
1483 struct l2tp_net *pn;
1484 enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1485
1486 /* Get the tunnel socket from the fd, which was opened by
1487 * the userspace L2TP daemon. If not specified, create a
1488 * kernel socket.
1489 */
1490 if (fd < 0) {
1491 err = l2tp_tunnel_sock_create(net, tunnel_id, peer_tunnel_id,
1492 cfg, &sock);
1493 if (err < 0)
1494 goto err;
1495 } else {
1496 sock = sockfd_lookup(fd, &err);
1497 if (!sock) {
1498 pr_err("tunl %u: sockfd_lookup(fd=%d) returned %d\n",
1499 tunnel_id, fd, err);
1500 err = -EBADF;
1501 goto err;
1502 }
1503
1504 /* Reject namespace mismatches */
1505 if (!net_eq(sock_net(sock->sk), net)) {
1506 pr_err("tunl %u: netns mismatch\n", tunnel_id);
1507 err = -EINVAL;
1508 goto err;
1509 }
1510 }
1511
1512 sk = sock->sk;
1513
1514 if (cfg != NULL)
1515 encap = cfg->encap;
1516
1517 /* Quick sanity checks */
1518 switch (encap) {
1519 case L2TP_ENCAPTYPE_UDP:
1520 err = -EPROTONOSUPPORT;
1521 if (sk->sk_protocol != IPPROTO_UDP) {
1522 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1523 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1524 goto err;
1525 }
1526 break;
1527 case L2TP_ENCAPTYPE_IP:
1528 err = -EPROTONOSUPPORT;
1529 if (sk->sk_protocol != IPPROTO_L2TP) {
1530 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1531 tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP);
1532 goto err;
1533 }
1534 break;
1535 }
1536
1537 /* Check if this socket has already been prepped */
1538 tunnel = l2tp_tunnel(sk);
1539 if (tunnel != NULL) {
1540 /* This socket has already been prepped */
1541 err = -EBUSY;
1542 goto err;
1543 }
1544
1545 tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1546 if (tunnel == NULL) {
1547 err = -ENOMEM;
1548 goto err;
1549 }
1550
1551 tunnel->version = version;
1552 tunnel->tunnel_id = tunnel_id;
1553 tunnel->peer_tunnel_id = peer_tunnel_id;
1554 tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1555
1556 tunnel->magic = L2TP_TUNNEL_MAGIC;
1557 sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1558 rwlock_init(&tunnel->hlist_lock);
1559
1560 /* The net we belong to */
1561 tunnel->l2tp_net = net;
1562 pn = l2tp_pernet(net);
1563
1564 if (cfg != NULL)
1565 tunnel->debug = cfg->debug;
1566
1567 #if IS_ENABLED(CONFIG_IPV6)
1568 if (sk->sk_family == PF_INET6) {
1569 struct ipv6_pinfo *np = inet6_sk(sk);
1570
1571 if (ipv6_addr_v4mapped(&np->saddr) &&
1572 ipv6_addr_v4mapped(&sk->sk_v6_daddr)) {
1573 struct inet_sock *inet = inet_sk(sk);
1574
1575 tunnel->v4mapped = true;
1576 inet->inet_saddr = np->saddr.s6_addr32[3];
1577 inet->inet_rcv_saddr = sk->sk_v6_rcv_saddr.s6_addr32[3];
1578 inet->inet_daddr = sk->sk_v6_daddr.s6_addr32[3];
1579 } else {
1580 tunnel->v4mapped = false;
1581 }
1582 }
1583 #endif
1584
1585 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1586 tunnel->encap = encap;
1587 if (encap == L2TP_ENCAPTYPE_UDP) {
1588 struct udp_tunnel_sock_cfg udp_cfg = { };
1589
1590 udp_cfg.sk_user_data = tunnel;
1591 udp_cfg.encap_type = UDP_ENCAP_L2TPINUDP;
1592 udp_cfg.encap_rcv = l2tp_udp_encap_recv;
1593 udp_cfg.encap_destroy = l2tp_udp_encap_destroy;
1594
1595 setup_udp_tunnel_sock(net, sock, &udp_cfg);
1596 } else {
1597 sk->sk_user_data = tunnel;
1598 }
1599
1600 /* Hook on the tunnel socket destructor so that we can cleanup
1601 * if the tunnel socket goes away.
1602 */
1603 tunnel->old_sk_destruct = sk->sk_destruct;
1604 sk->sk_destruct = &l2tp_tunnel_destruct;
1605 tunnel->sock = sk;
1606 tunnel->fd = fd;
1607 lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock");
1608
1609 sk->sk_allocation = GFP_ATOMIC;
1610
1611 /* Init delete workqueue struct */
1612 INIT_WORK(&tunnel->del_work, l2tp_tunnel_del_work);
1613
1614 /* Add tunnel to our list */
1615 INIT_LIST_HEAD(&tunnel->list);
1616 atomic_inc(&l2tp_tunnel_count);
1617
1618 /* Bump the reference count. The tunnel context is deleted
1619 * only when this drops to zero. Must be done before list insertion
1620 */
1621 l2tp_tunnel_inc_refcount(tunnel);
1622 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1623 list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list);
1624 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1625
1626 err = 0;
1627 err:
1628 if (tunnelp)
1629 *tunnelp = tunnel;
1630
1631 /* If tunnel's socket was created by the kernel, it doesn't
1632 * have a file.
1633 */
1634 if (sock && sock->file)
1635 sockfd_put(sock);
1636
1637 return err;
1638 }
1639 EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1640
1641 /* This function is used by the netlink TUNNEL_DELETE command.
1642 */
1643 int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1644 {
1645 l2tp_tunnel_inc_refcount(tunnel);
1646 l2tp_tunnel_closeall(tunnel);
1647 if (false == queue_work(l2tp_wq, &tunnel->del_work)) {
1648 l2tp_tunnel_dec_refcount(tunnel);
1649 return 1;
1650 }
1651 return 0;
1652 }
1653 EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1654
1655 /* Really kill the session.
1656 */
1657 void l2tp_session_free(struct l2tp_session *session)
1658 {
1659 struct l2tp_tunnel *tunnel = session->tunnel;
1660
1661 BUG_ON(atomic_read(&session->ref_count) != 0);
1662
1663 if (tunnel) {
1664 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1665 if (session->session_id != 0)
1666 atomic_dec(&l2tp_session_count);
1667 sock_put(tunnel->sock);
1668 session->tunnel = NULL;
1669 l2tp_tunnel_dec_refcount(tunnel);
1670 }
1671
1672 kfree(session);
1673 }
1674 EXPORT_SYMBOL_GPL(l2tp_session_free);
1675
1676 /* Remove an l2tp session from l2tp_core's hash lists.
1677 * Provides a tidyup interface for pseudowire code which can't just route all
1678 * shutdown via. l2tp_session_delete and a pseudowire-specific session_close
1679 * callback.
1680 */
1681 void __l2tp_session_unhash(struct l2tp_session *session)
1682 {
1683 struct l2tp_tunnel *tunnel = session->tunnel;
1684
1685 /* Remove the session from core hashes */
1686 if (tunnel) {
1687 /* Remove from the per-tunnel hash */
1688 write_lock_bh(&tunnel->hlist_lock);
1689 hlist_del_init(&session->hlist);
1690 write_unlock_bh(&tunnel->hlist_lock);
1691
1692 /* For L2TPv3 we have a per-net hash: remove from there, too */
1693 if (tunnel->version != L2TP_HDR_VER_2) {
1694 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1695 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1696 hlist_del_init_rcu(&session->global_hlist);
1697 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1698 synchronize_rcu();
1699 }
1700 }
1701 }
1702 EXPORT_SYMBOL_GPL(__l2tp_session_unhash);
1703
1704 /* This function is used by the netlink SESSION_DELETE command and by
1705 pseudowire modules.
1706 */
1707 int l2tp_session_delete(struct l2tp_session *session)
1708 {
1709 if (session->ref)
1710 (*session->ref)(session);
1711 __l2tp_session_unhash(session);
1712 l2tp_session_queue_purge(session);
1713 if (session->session_close != NULL)
1714 (*session->session_close)(session);
1715 if (session->deref)
1716 (*session->deref)(session);
1717 l2tp_session_dec_refcount(session);
1718 return 0;
1719 }
1720 EXPORT_SYMBOL_GPL(l2tp_session_delete);
1721
1722 /* We come here whenever a session's send_seq, cookie_len or
1723 * l2specific_len parameters are set.
1724 */
1725 void l2tp_session_set_header_len(struct l2tp_session *session, int version)
1726 {
1727 if (version == L2TP_HDR_VER_2) {
1728 session->hdr_len = 6;
1729 if (session->send_seq)
1730 session->hdr_len += 4;
1731 } else {
1732 session->hdr_len = 4 + session->cookie_len + session->l2specific_len + session->offset;
1733 if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1734 session->hdr_len += 4;
1735 }
1736
1737 }
1738 EXPORT_SYMBOL_GPL(l2tp_session_set_header_len);
1739
1740 struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1741 {
1742 struct l2tp_session *session;
1743
1744 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1745 if (session != NULL) {
1746 session->magic = L2TP_SESSION_MAGIC;
1747 session->tunnel = tunnel;
1748
1749 session->session_id = session_id;
1750 session->peer_session_id = peer_session_id;
1751 session->nr = 0;
1752 if (tunnel->version == L2TP_HDR_VER_2)
1753 session->nr_max = 0xffff;
1754 else
1755 session->nr_max = 0xffffff;
1756 session->nr_window_size = session->nr_max / 2;
1757 session->nr_oos_count_max = 4;
1758
1759 /* Use NR of first received packet */
1760 session->reorder_skip = 1;
1761
1762 sprintf(&session->name[0], "sess %u/%u",
1763 tunnel->tunnel_id, session->session_id);
1764
1765 skb_queue_head_init(&session->reorder_q);
1766
1767 INIT_HLIST_NODE(&session->hlist);
1768 INIT_HLIST_NODE(&session->global_hlist);
1769
1770 /* Inherit debug options from tunnel */
1771 session->debug = tunnel->debug;
1772
1773 if (cfg) {
1774 session->pwtype = cfg->pw_type;
1775 session->debug = cfg->debug;
1776 session->mtu = cfg->mtu;
1777 session->mru = cfg->mru;
1778 session->send_seq = cfg->send_seq;
1779 session->recv_seq = cfg->recv_seq;
1780 session->lns_mode = cfg->lns_mode;
1781 session->reorder_timeout = cfg->reorder_timeout;
1782 session->offset = cfg->offset;
1783 session->l2specific_type = cfg->l2specific_type;
1784 session->l2specific_len = cfg->l2specific_len;
1785 session->cookie_len = cfg->cookie_len;
1786 memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len);
1787 session->peer_cookie_len = cfg->peer_cookie_len;
1788 memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1789 }
1790
1791 if (tunnel->version == L2TP_HDR_VER_2)
1792 session->build_header = l2tp_build_l2tpv2_header;
1793 else
1794 session->build_header = l2tp_build_l2tpv3_header;
1795
1796 l2tp_session_set_header_len(session, tunnel->version);
1797
1798 /* Bump the reference count. The session context is deleted
1799 * only when this drops to zero.
1800 */
1801 l2tp_session_inc_refcount(session);
1802 l2tp_tunnel_inc_refcount(tunnel);
1803
1804 /* Ensure tunnel socket isn't deleted */
1805 sock_hold(tunnel->sock);
1806
1807 /* Add session to the tunnel's hash list */
1808 write_lock_bh(&tunnel->hlist_lock);
1809 hlist_add_head(&session->hlist,
1810 l2tp_session_id_hash(tunnel, session_id));
1811 write_unlock_bh(&tunnel->hlist_lock);
1812
1813 /* And to the global session list if L2TPv3 */
1814 if (tunnel->version != L2TP_HDR_VER_2) {
1815 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1816
1817 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1818 hlist_add_head_rcu(&session->global_hlist,
1819 l2tp_session_id_hash_2(pn, session_id));
1820 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1821 }
1822
1823 /* Ignore management session in session count value */
1824 if (session->session_id != 0)
1825 atomic_inc(&l2tp_session_count);
1826 }
1827
1828 return session;
1829 }
1830 EXPORT_SYMBOL_GPL(l2tp_session_create);
1831
1832 /*****************************************************************************
1833 * Init and cleanup
1834 *****************************************************************************/
1835
1836 static __net_init int l2tp_init_net(struct net *net)
1837 {
1838 struct l2tp_net *pn = net_generic(net, l2tp_net_id);
1839 int hash;
1840
1841 INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1842 spin_lock_init(&pn->l2tp_tunnel_list_lock);
1843
1844 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1845 INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
1846
1847 spin_lock_init(&pn->l2tp_session_hlist_lock);
1848
1849 return 0;
1850 }
1851
1852 static __net_exit void l2tp_exit_net(struct net *net)
1853 {
1854 struct l2tp_net *pn = l2tp_pernet(net);
1855 struct l2tp_tunnel *tunnel = NULL;
1856
1857 rcu_read_lock_bh();
1858 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
1859 (void)l2tp_tunnel_delete(tunnel);
1860 }
1861 rcu_read_unlock_bh();
1862
1863 flush_workqueue(l2tp_wq);
1864 rcu_barrier();
1865 }
1866
1867 static struct pernet_operations l2tp_net_ops = {
1868 .init = l2tp_init_net,
1869 .exit = l2tp_exit_net,
1870 .id = &l2tp_net_id,
1871 .size = sizeof(struct l2tp_net),
1872 };
1873
1874 static int __init l2tp_init(void)
1875 {
1876 int rc = 0;
1877
1878 rc = register_pernet_device(&l2tp_net_ops);
1879 if (rc)
1880 goto out;
1881
1882 l2tp_wq = alloc_workqueue("l2tp", WQ_UNBOUND, 0);
1883 if (!l2tp_wq) {
1884 pr_err("alloc_workqueue failed\n");
1885 unregister_pernet_device(&l2tp_net_ops);
1886 rc = -ENOMEM;
1887 goto out;
1888 }
1889
1890 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION);
1891
1892 out:
1893 return rc;
1894 }
1895
1896 static void __exit l2tp_exit(void)
1897 {
1898 unregister_pernet_device(&l2tp_net_ops);
1899 if (l2tp_wq) {
1900 destroy_workqueue(l2tp_wq);
1901 l2tp_wq = NULL;
1902 }
1903 }
1904
1905 module_init(l2tp_init);
1906 module_exit(l2tp_exit);
1907
1908 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1909 MODULE_DESCRIPTION("L2TP core");
1910 MODULE_LICENSE("GPL");
1911 MODULE_VERSION(L2TP_DRV_VERSION);
1912
1913
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.