1 /*
2 * L2TP core.
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * This file contains some code of the original L2TPv2 pppol2tp
7 * driver, which has the following copyright:
8 *
9 * Authors: Martijn van Oosterhout <kleptog@svana.org>
10 * James Chapman (jchapman@katalix.com)
11 * Contributors:
12 * Michal Ostrowski <mostrows@speakeasy.net>
13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14 * David S. Miller (davem@redhat.com)
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2 as
18 * published by the Free Software Foundation.
19 */
20
21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
22
23 #include <linux/module.h>
24 #include <linux/string.h>
25 #include <linux/list.h>
26 #include <linux/rculist.h>
27 #include <linux/uaccess.h>
28
29 #include <linux/kernel.h>
30 #include <linux/spinlock.h>
31 #include <linux/kthread.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/errno.h>
35 #include <linux/jiffies.h>
36
37 #include <linux/netdevice.h>
38 #include <linux/net.h>
39 #include <linux/inetdevice.h>
40 #include <linux/skbuff.h>
41 #include <linux/init.h>
42 #include <linux/in.h>
43 #include <linux/ip.h>
44 #include <linux/udp.h>
45 #include <linux/l2tp.h>
46 #include <linux/hash.h>
47 #include <linux/sort.h>
48 #include <linux/file.h>
49 #include <linux/nsproxy.h>
50 #include <net/net_namespace.h>
51 #include <net/netns/generic.h>
52 #include <net/dst.h>
53 #include <net/ip.h>
54 #include <net/udp.h>
55 #include <net/udp_tunnel.h>
56 #include <net/inet_common.h>
57 #include <net/xfrm.h>
58 #include <net/protocol.h>
59 #include <net/inet6_connection_sock.h>
60 #include <net/inet_ecn.h>
61 #include <net/ip6_route.h>
62 #include <net/ip6_checksum.h>
63
64 #include <asm/byteorder.h>
65 #include <linux/atomic.h>
66
67 #include "l2tp_core.h"
68
69 #define L2TP_DRV_VERSION "V2.0"
70
71 /* L2TP header constants */
72 #define L2TP_HDRFLAG_T 0x8000
73 #define L2TP_HDRFLAG_L 0x4000
74 #define L2TP_HDRFLAG_S 0x0800
75 #define L2TP_HDRFLAG_O 0x0200
76 #define L2TP_HDRFLAG_P 0x0100
77
78 #define L2TP_HDR_VER_MASK 0x000F
79 #define L2TP_HDR_VER_2 0x0002
80 #define L2TP_HDR_VER_3 0x0003
81
82 /* L2TPv3 default L2-specific sublayer */
83 #define L2TP_SLFLAG_S 0x40000000
84 #define L2TP_SL_SEQ_MASK 0x00ffffff
85
86 #define L2TP_HDR_SIZE_SEQ 10
87 #define L2TP_HDR_SIZE_NOSEQ 6
88
89 /* Default trace flags */
90 #define L2TP_DEFAULT_DEBUG_FLAGS 0
91
92 /* Private data stored for received packets in the skb.
93 */
94 struct l2tp_skb_cb {
95 u32 ns;
96 u16 has_seq;
97 u16 length;
98 unsigned long expires;
99 };
100
101 #define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
102
103 static atomic_t l2tp_tunnel_count;
104 static atomic_t l2tp_session_count;
105 static struct workqueue_struct *l2tp_wq;
106
107 /* per-net private data for this module */
108 static unsigned int l2tp_net_id;
109 struct l2tp_net {
110 struct list_head l2tp_tunnel_list;
111 spinlock_t l2tp_tunnel_list_lock;
112 struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
113 spinlock_t l2tp_session_hlist_lock;
114 };
115
116
117 static inline struct l2tp_tunnel *l2tp_tunnel(struct sock *sk)
118 {
119 return sk->sk_user_data;
120 }
121
122 static inline struct l2tp_net *l2tp_pernet(const struct net *net)
123 {
124 BUG_ON(!net);
125
126 return net_generic(net, l2tp_net_id);
127 }
128
129 /* Session hash global list for L2TPv3.
130 * The session_id SHOULD be random according to RFC3931, but several
131 * L2TP implementations use incrementing session_ids. So we do a real
132 * hash on the session_id, rather than a simple bitmask.
133 */
134 static inline struct hlist_head *
135 l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
136 {
137 return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
138
139 }
140
141 /* Lookup the tunnel socket, possibly involving the fs code if the socket is
142 * owned by userspace. A struct sock returned from this function must be
143 * released using l2tp_tunnel_sock_put once you're done with it.
144 */
145 static struct sock *l2tp_tunnel_sock_lookup(struct l2tp_tunnel *tunnel)
146 {
147 int err = 0;
148 struct socket *sock = NULL;
149 struct sock *sk = NULL;
150
151 if (!tunnel)
152 goto out;
153
154 if (tunnel->fd >= 0) {
155 /* Socket is owned by userspace, who might be in the process
156 * of closing it. Look the socket up using the fd to ensure
157 * consistency.
158 */
159 sock = sockfd_lookup(tunnel->fd, &err);
160 if (sock)
161 sk = sock->sk;
162 } else {
163 /* Socket is owned by kernelspace */
164 sk = tunnel->sock;
165 sock_hold(sk);
166 }
167
168 out:
169 return sk;
170 }
171
172 /* Drop a reference to a tunnel socket obtained via. l2tp_tunnel_sock_put */
173 static void l2tp_tunnel_sock_put(struct sock *sk)
174 {
175 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
176 if (tunnel) {
177 if (tunnel->fd >= 0) {
178 /* Socket is owned by userspace */
179 sockfd_put(sk->sk_socket);
180 }
181 sock_put(sk);
182 }
183 sock_put(sk);
184 }
185
186 /* Session hash list.
187 * The session_id SHOULD be random according to RFC2661, but several
188 * L2TP implementations (Cisco and Microsoft) use incrementing
189 * session_ids. So we do a real hash on the session_id, rather than a
190 * simple bitmask.
191 */
192 static inline struct hlist_head *
193 l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
194 {
195 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
196 }
197
198 /* Lookup a tunnel. A new reference is held on the returned tunnel. */
199 struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id)
200 {
201 const struct l2tp_net *pn = l2tp_pernet(net);
202 struct l2tp_tunnel *tunnel;
203
204 rcu_read_lock_bh();
205 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
206 if (tunnel->tunnel_id == tunnel_id) {
207 l2tp_tunnel_inc_refcount(tunnel);
208 rcu_read_unlock_bh();
209
210 return tunnel;
211 }
212 }
213 rcu_read_unlock_bh();
214
215 return NULL;
216 }
217 EXPORT_SYMBOL_GPL(l2tp_tunnel_get);
218
219 /* Lookup a session. A new reference is held on the returned session.
220 * Optionally calls session->ref() too if do_ref is true.
221 */
222 struct l2tp_session *l2tp_session_get(const struct net *net,
223 struct l2tp_tunnel *tunnel,
224 u32 session_id, bool do_ref)
225 {
226 struct hlist_head *session_list;
227 struct l2tp_session *session;
228
229 if (!tunnel) {
230 struct l2tp_net *pn = l2tp_pernet(net);
231
232 session_list = l2tp_session_id_hash_2(pn, session_id);
233
234 rcu_read_lock_bh();
235 hlist_for_each_entry_rcu(session, session_list, global_hlist) {
236 if (session->session_id == session_id) {
237 l2tp_session_inc_refcount(session);
238 if (do_ref && session->ref)
239 session->ref(session);
240 rcu_read_unlock_bh();
241
242 return session;
243 }
244 }
245 rcu_read_unlock_bh();
246
247 return NULL;
248 }
249
250 session_list = l2tp_session_id_hash(tunnel, session_id);
251 read_lock_bh(&tunnel->hlist_lock);
252 hlist_for_each_entry(session, session_list, hlist) {
253 if (session->session_id == session_id) {
254 l2tp_session_inc_refcount(session);
255 if (do_ref && session->ref)
256 session->ref(session);
257 read_unlock_bh(&tunnel->hlist_lock);
258
259 return session;
260 }
261 }
262 read_unlock_bh(&tunnel->hlist_lock);
263
264 return NULL;
265 }
266 EXPORT_SYMBOL_GPL(l2tp_session_get);
267
268 struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth,
269 bool do_ref)
270 {
271 int hash;
272 struct l2tp_session *session;
273 int count = 0;
274
275 read_lock_bh(&tunnel->hlist_lock);
276 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
277 hlist_for_each_entry(session, &tunnel->session_hlist[hash], hlist) {
278 if (++count > nth) {
279 l2tp_session_inc_refcount(session);
280 if (do_ref && session->ref)
281 session->ref(session);
282 read_unlock_bh(&tunnel->hlist_lock);
283 return session;
284 }
285 }
286 }
287
288 read_unlock_bh(&tunnel->hlist_lock);
289
290 return NULL;
291 }
292 EXPORT_SYMBOL_GPL(l2tp_session_get_nth);
293
294 /* Lookup a session by interface name.
295 * This is very inefficient but is only used by management interfaces.
296 */
297 struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net,
298 const char *ifname,
299 bool do_ref)
300 {
301 struct l2tp_net *pn = l2tp_pernet(net);
302 int hash;
303 struct l2tp_session *session;
304
305 rcu_read_lock_bh();
306 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
307 hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) {
308 if (!strcmp(session->ifname, ifname)) {
309 l2tp_session_inc_refcount(session);
310 if (do_ref && session->ref)
311 session->ref(session);
312 rcu_read_unlock_bh();
313
314 return session;
315 }
316 }
317 }
318
319 rcu_read_unlock_bh();
320
321 return NULL;
322 }
323 EXPORT_SYMBOL_GPL(l2tp_session_get_by_ifname);
324
325 static int l2tp_session_add_to_tunnel(struct l2tp_tunnel *tunnel,
326 struct l2tp_session *session)
327 {
328 struct l2tp_session *session_walk;
329 struct hlist_head *g_head;
330 struct hlist_head *head;
331 struct l2tp_net *pn;
332
333 head = l2tp_session_id_hash(tunnel, session->session_id);
334
335 write_lock_bh(&tunnel->hlist_lock);
336 hlist_for_each_entry(session_walk, head, hlist)
337 if (session_walk->session_id == session->session_id)
338 goto exist;
339
340 if (tunnel->version == L2TP_HDR_VER_3) {
341 pn = l2tp_pernet(tunnel->l2tp_net);
342 g_head = l2tp_session_id_hash_2(l2tp_pernet(tunnel->l2tp_net),
343 session->session_id);
344
345 spin_lock_bh(&pn->l2tp_session_hlist_lock);
346 hlist_for_each_entry(session_walk, g_head, global_hlist)
347 if (session_walk->session_id == session->session_id)
348 goto exist_glob;
349
350 hlist_add_head_rcu(&session->global_hlist, g_head);
351 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
352 }
353
354 hlist_add_head(&session->hlist, head);
355 write_unlock_bh(&tunnel->hlist_lock);
356
357 return 0;
358
359 exist_glob:
360 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
361 exist:
362 write_unlock_bh(&tunnel->hlist_lock);
363
364 return -EEXIST;
365 }
366
367 /* Lookup a tunnel by id
368 */
369 struct l2tp_tunnel *l2tp_tunnel_find(const struct net *net, u32 tunnel_id)
370 {
371 struct l2tp_tunnel *tunnel;
372 struct l2tp_net *pn = l2tp_pernet(net);
373
374 rcu_read_lock_bh();
375 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
376 if (tunnel->tunnel_id == tunnel_id) {
377 rcu_read_unlock_bh();
378 return tunnel;
379 }
380 }
381 rcu_read_unlock_bh();
382
383 return NULL;
384 }
385 EXPORT_SYMBOL_GPL(l2tp_tunnel_find);
386
387 struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth)
388 {
389 struct l2tp_net *pn = l2tp_pernet(net);
390 struct l2tp_tunnel *tunnel;
391 int count = 0;
392
393 rcu_read_lock_bh();
394 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
395 if (++count > nth) {
396 rcu_read_unlock_bh();
397 return tunnel;
398 }
399 }
400
401 rcu_read_unlock_bh();
402
403 return NULL;
404 }
405 EXPORT_SYMBOL_GPL(l2tp_tunnel_find_nth);
406
407 /*****************************************************************************
408 * Receive data handling
409 *****************************************************************************/
410
411 /* Queue a skb in order. We come here only if the skb has an L2TP sequence
412 * number.
413 */
414 static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb)
415 {
416 struct sk_buff *skbp;
417 struct sk_buff *tmp;
418 u32 ns = L2TP_SKB_CB(skb)->ns;
419
420 spin_lock_bh(&session->reorder_q.lock);
421 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
422 if (L2TP_SKB_CB(skbp)->ns > ns) {
423 __skb_queue_before(&session->reorder_q, skbp, skb);
424 l2tp_dbg(session, L2TP_MSG_SEQ,
425 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
426 session->name, ns, L2TP_SKB_CB(skbp)->ns,
427 skb_queue_len(&session->reorder_q));
428 atomic_long_inc(&session->stats.rx_oos_packets);
429 goto out;
430 }
431 }
432
433 __skb_queue_tail(&session->reorder_q, skb);
434
435 out:
436 spin_unlock_bh(&session->reorder_q.lock);
437 }
438
439 /* Dequeue a single skb.
440 */
441 static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb)
442 {
443 struct l2tp_tunnel *tunnel = session->tunnel;
444 int length = L2TP_SKB_CB(skb)->length;
445
446 /* We're about to requeue the skb, so return resources
447 * to its current owner (a socket receive buffer).
448 */
449 skb_orphan(skb);
450
451 atomic_long_inc(&tunnel->stats.rx_packets);
452 atomic_long_add(length, &tunnel->stats.rx_bytes);
453 atomic_long_inc(&session->stats.rx_packets);
454 atomic_long_add(length, &session->stats.rx_bytes);
455
456 if (L2TP_SKB_CB(skb)->has_seq) {
457 /* Bump our Nr */
458 session->nr++;
459 session->nr &= session->nr_max;
460
461 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated nr to %hu\n",
462 session->name, session->nr);
463 }
464
465 /* call private receive handler */
466 if (session->recv_skb != NULL)
467 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
468 else
469 kfree_skb(skb);
470
471 if (session->deref)
472 (*session->deref)(session);
473 }
474
475 /* Dequeue skbs from the session's reorder_q, subject to packet order.
476 * Skbs that have been in the queue for too long are simply discarded.
477 */
478 static void l2tp_recv_dequeue(struct l2tp_session *session)
479 {
480 struct sk_buff *skb;
481 struct sk_buff *tmp;
482
483 /* If the pkt at the head of the queue has the nr that we
484 * expect to send up next, dequeue it and any other
485 * in-sequence packets behind it.
486 */
487 start:
488 spin_lock_bh(&session->reorder_q.lock);
489 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
490 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
491 atomic_long_inc(&session->stats.rx_seq_discards);
492 atomic_long_inc(&session->stats.rx_errors);
493 l2tp_dbg(session, L2TP_MSG_SEQ,
494 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n",
495 session->name, L2TP_SKB_CB(skb)->ns,
496 L2TP_SKB_CB(skb)->length, session->nr,
497 skb_queue_len(&session->reorder_q));
498 session->reorder_skip = 1;
499 __skb_unlink(skb, &session->reorder_q);
500 kfree_skb(skb);
501 if (session->deref)
502 (*session->deref)(session);
503 continue;
504 }
505
506 if (L2TP_SKB_CB(skb)->has_seq) {
507 if (session->reorder_skip) {
508 l2tp_dbg(session, L2TP_MSG_SEQ,
509 "%s: advancing nr to next pkt: %u -> %u",
510 session->name, session->nr,
511 L2TP_SKB_CB(skb)->ns);
512 session->reorder_skip = 0;
513 session->nr = L2TP_SKB_CB(skb)->ns;
514 }
515 if (L2TP_SKB_CB(skb)->ns != session->nr) {
516 l2tp_dbg(session, L2TP_MSG_SEQ,
517 "%s: holding oos pkt %u len %d, waiting for %u, reorder_q_len=%d\n",
518 session->name, L2TP_SKB_CB(skb)->ns,
519 L2TP_SKB_CB(skb)->length, session->nr,
520 skb_queue_len(&session->reorder_q));
521 goto out;
522 }
523 }
524 __skb_unlink(skb, &session->reorder_q);
525
526 /* Process the skb. We release the queue lock while we
527 * do so to let other contexts process the queue.
528 */
529 spin_unlock_bh(&session->reorder_q.lock);
530 l2tp_recv_dequeue_skb(session, skb);
531 goto start;
532 }
533
534 out:
535 spin_unlock_bh(&session->reorder_q.lock);
536 }
537
538 static int l2tp_seq_check_rx_window(struct l2tp_session *session, u32 nr)
539 {
540 u32 nws;
541
542 if (nr >= session->nr)
543 nws = nr - session->nr;
544 else
545 nws = (session->nr_max + 1) - (session->nr - nr);
546
547 return nws < session->nr_window_size;
548 }
549
550 /* If packet has sequence numbers, queue it if acceptable. Returns 0 if
551 * acceptable, else non-zero.
552 */
553 static int l2tp_recv_data_seq(struct l2tp_session *session, struct sk_buff *skb)
554 {
555 if (!l2tp_seq_check_rx_window(session, L2TP_SKB_CB(skb)->ns)) {
556 /* Packet sequence number is outside allowed window.
557 * Discard it.
558 */
559 l2tp_dbg(session, L2TP_MSG_SEQ,
560 "%s: pkt %u len %d discarded, outside window, nr=%u\n",
561 session->name, L2TP_SKB_CB(skb)->ns,
562 L2TP_SKB_CB(skb)->length, session->nr);
563 goto discard;
564 }
565
566 if (session->reorder_timeout != 0) {
567 /* Packet reordering enabled. Add skb to session's
568 * reorder queue, in order of ns.
569 */
570 l2tp_recv_queue_skb(session, skb);
571 goto out;
572 }
573
574 /* Packet reordering disabled. Discard out-of-sequence packets, while
575 * tracking the number if in-sequence packets after the first OOS packet
576 * is seen. After nr_oos_count_max in-sequence packets, reset the
577 * sequence number to re-enable packet reception.
578 */
579 if (L2TP_SKB_CB(skb)->ns == session->nr) {
580 skb_queue_tail(&session->reorder_q, skb);
581 } else {
582 u32 nr_oos = L2TP_SKB_CB(skb)->ns;
583 u32 nr_next = (session->nr_oos + 1) & session->nr_max;
584
585 if (nr_oos == nr_next)
586 session->nr_oos_count++;
587 else
588 session->nr_oos_count = 0;
589
590 session->nr_oos = nr_oos;
591 if (session->nr_oos_count > session->nr_oos_count_max) {
592 session->reorder_skip = 1;
593 l2tp_dbg(session, L2TP_MSG_SEQ,
594 "%s: %d oos packets received. Resetting sequence numbers\n",
595 session->name, session->nr_oos_count);
596 }
597 if (!session->reorder_skip) {
598 atomic_long_inc(&session->stats.rx_seq_discards);
599 l2tp_dbg(session, L2TP_MSG_SEQ,
600 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n",
601 session->name, L2TP_SKB_CB(skb)->ns,
602 L2TP_SKB_CB(skb)->length, session->nr,
603 skb_queue_len(&session->reorder_q));
604 goto discard;
605 }
606 skb_queue_tail(&session->reorder_q, skb);
607 }
608
609 out:
610 return 0;
611
612 discard:
613 return 1;
614 }
615
616 /* Do receive processing of L2TP data frames. We handle both L2TPv2
617 * and L2TPv3 data frames here.
618 *
619 * L2TPv2 Data Message Header
620 *
621 * 0 1 2 3
622 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
623 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
624 * |T|L|x|x|S|x|O|P|x|x|x|x| Ver | Length (opt) |
625 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
626 * | Tunnel ID | Session ID |
627 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
628 * | Ns (opt) | Nr (opt) |
629 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
630 * | Offset Size (opt) | Offset pad... (opt)
631 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
632 *
633 * Data frames are marked by T=0. All other fields are the same as
634 * those in L2TP control frames.
635 *
636 * L2TPv3 Data Message Header
637 *
638 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
639 * | L2TP Session Header |
640 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
641 * | L2-Specific Sublayer |
642 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
643 * | Tunnel Payload ...
644 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
645 *
646 * L2TPv3 Session Header Over IP
647 *
648 * 0 1 2 3
649 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
650 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
651 * | Session ID |
652 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
653 * | Cookie (optional, maximum 64 bits)...
654 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
655 * |
656 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
657 *
658 * L2TPv3 L2-Specific Sublayer Format
659 *
660 * 0 1 2 3
661 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
662 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
663 * |x|S|x|x|x|x|x|x| Sequence Number |
664 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
665 *
666 * Cookie value, sublayer format and offset (pad) are negotiated with
667 * the peer when the session is set up. Unlike L2TPv2, we do not need
668 * to parse the packet header to determine if optional fields are
669 * present.
670 *
671 * Caller must already have parsed the frame and determined that it is
672 * a data (not control) frame before coming here. Fields up to the
673 * session-id have already been parsed and ptr points to the data
674 * after the session-id.
675 *
676 * session->ref() must have been called prior to l2tp_recv_common().
677 * session->deref() will be called automatically after skb is processed.
678 */
679 void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
680 unsigned char *ptr, unsigned char *optr, u16 hdrflags,
681 int length, int (*payload_hook)(struct sk_buff *skb))
682 {
683 struct l2tp_tunnel *tunnel = session->tunnel;
684 int offset;
685 u32 ns, nr;
686
687 /* Parse and check optional cookie */
688 if (session->peer_cookie_len > 0) {
689 if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
690 l2tp_info(tunnel, L2TP_MSG_DATA,
691 "%s: cookie mismatch (%u/%u). Discarding.\n",
692 tunnel->name, tunnel->tunnel_id,
693 session->session_id);
694 atomic_long_inc(&session->stats.rx_cookie_discards);
695 goto discard;
696 }
697 ptr += session->peer_cookie_len;
698 }
699
700 /* Handle the optional sequence numbers. Sequence numbers are
701 * in different places for L2TPv2 and L2TPv3.
702 *
703 * If we are the LAC, enable/disable sequence numbers under
704 * the control of the LNS. If no sequence numbers present but
705 * we were expecting them, discard frame.
706 */
707 ns = nr = 0;
708 L2TP_SKB_CB(skb)->has_seq = 0;
709 if (tunnel->version == L2TP_HDR_VER_2) {
710 if (hdrflags & L2TP_HDRFLAG_S) {
711 ns = ntohs(*(__be16 *) ptr);
712 ptr += 2;
713 nr = ntohs(*(__be16 *) ptr);
714 ptr += 2;
715
716 /* Store L2TP info in the skb */
717 L2TP_SKB_CB(skb)->ns = ns;
718 L2TP_SKB_CB(skb)->has_seq = 1;
719
720 l2tp_dbg(session, L2TP_MSG_SEQ,
721 "%s: recv data ns=%u, nr=%u, session nr=%u\n",
722 session->name, ns, nr, session->nr);
723 }
724 } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
725 u32 l2h = ntohl(*(__be32 *) ptr);
726
727 if (l2h & 0x40000000) {
728 ns = l2h & 0x00ffffff;
729
730 /* Store L2TP info in the skb */
731 L2TP_SKB_CB(skb)->ns = ns;
732 L2TP_SKB_CB(skb)->has_seq = 1;
733
734 l2tp_dbg(session, L2TP_MSG_SEQ,
735 "%s: recv data ns=%u, session nr=%u\n",
736 session->name, ns, session->nr);
737 }
738 }
739
740 /* Advance past L2-specific header, if present */
741 ptr += session->l2specific_len;
742
743 if (L2TP_SKB_CB(skb)->has_seq) {
744 /* Received a packet with sequence numbers. If we're the LNS,
745 * check if we sre sending sequence numbers and if not,
746 * configure it so.
747 */
748 if ((!session->lns_mode) && (!session->send_seq)) {
749 l2tp_info(session, L2TP_MSG_SEQ,
750 "%s: requested to enable seq numbers by LNS\n",
751 session->name);
752 session->send_seq = 1;
753 l2tp_session_set_header_len(session, tunnel->version);
754 }
755 } else {
756 /* No sequence numbers.
757 * If user has configured mandatory sequence numbers, discard.
758 */
759 if (session->recv_seq) {
760 l2tp_warn(session, L2TP_MSG_SEQ,
761 "%s: recv data has no seq numbers when required. Discarding.\n",
762 session->name);
763 atomic_long_inc(&session->stats.rx_seq_discards);
764 goto discard;
765 }
766
767 /* If we're the LAC and we're sending sequence numbers, the
768 * LNS has requested that we no longer send sequence numbers.
769 * If we're the LNS and we're sending sequence numbers, the
770 * LAC is broken. Discard the frame.
771 */
772 if ((!session->lns_mode) && (session->send_seq)) {
773 l2tp_info(session, L2TP_MSG_SEQ,
774 "%s: requested to disable seq numbers by LNS\n",
775 session->name);
776 session->send_seq = 0;
777 l2tp_session_set_header_len(session, tunnel->version);
778 } else if (session->send_seq) {
779 l2tp_warn(session, L2TP_MSG_SEQ,
780 "%s: recv data has no seq numbers when required. Discarding.\n",
781 session->name);
782 atomic_long_inc(&session->stats.rx_seq_discards);
783 goto discard;
784 }
785 }
786
787 /* Session data offset is handled differently for L2TPv2 and
788 * L2TPv3. For L2TPv2, there is an optional 16-bit value in
789 * the header. For L2TPv3, the offset is negotiated using AVPs
790 * in the session setup control protocol.
791 */
792 if (tunnel->version == L2TP_HDR_VER_2) {
793 /* If offset bit set, skip it. */
794 if (hdrflags & L2TP_HDRFLAG_O) {
795 offset = ntohs(*(__be16 *)ptr);
796 ptr += 2 + offset;
797 }
798 } else
799 ptr += session->offset;
800
801 offset = ptr - optr;
802 if (!pskb_may_pull(skb, offset))
803 goto discard;
804
805 __skb_pull(skb, offset);
806
807 /* If caller wants to process the payload before we queue the
808 * packet, do so now.
809 */
810 if (payload_hook)
811 if ((*payload_hook)(skb))
812 goto discard;
813
814 /* Prepare skb for adding to the session's reorder_q. Hold
815 * packets for max reorder_timeout or 1 second if not
816 * reordering.
817 */
818 L2TP_SKB_CB(skb)->length = length;
819 L2TP_SKB_CB(skb)->expires = jiffies +
820 (session->reorder_timeout ? session->reorder_timeout : HZ);
821
822 /* Add packet to the session's receive queue. Reordering is done here, if
823 * enabled. Saved L2TP protocol info is stored in skb->sb[].
824 */
825 if (L2TP_SKB_CB(skb)->has_seq) {
826 if (l2tp_recv_data_seq(session, skb))
827 goto discard;
828 } else {
829 /* No sequence numbers. Add the skb to the tail of the
830 * reorder queue. This ensures that it will be
831 * delivered after all previous sequenced skbs.
832 */
833 skb_queue_tail(&session->reorder_q, skb);
834 }
835
836 /* Try to dequeue as many skbs from reorder_q as we can. */
837 l2tp_recv_dequeue(session);
838
839 return;
840
841 discard:
842 atomic_long_inc(&session->stats.rx_errors);
843 kfree_skb(skb);
844
845 if (session->deref)
846 (*session->deref)(session);
847 }
848 EXPORT_SYMBOL(l2tp_recv_common);
849
850 /* Drop skbs from the session's reorder_q
851 */
852 int l2tp_session_queue_purge(struct l2tp_session *session)
853 {
854 struct sk_buff *skb = NULL;
855 BUG_ON(!session);
856 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
857 while ((skb = skb_dequeue(&session->reorder_q))) {
858 atomic_long_inc(&session->stats.rx_errors);
859 kfree_skb(skb);
860 if (session->deref)
861 (*session->deref)(session);
862 }
863 return 0;
864 }
865 EXPORT_SYMBOL_GPL(l2tp_session_queue_purge);
866
867 /* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
868 * here. The skb is not on a list when we get here.
869 * Returns 0 if the packet was a data packet and was successfully passed on.
870 * Returns 1 if the packet was not a good data packet and could not be
871 * forwarded. All such packets are passed up to userspace to deal with.
872 */
873 static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
874 int (*payload_hook)(struct sk_buff *skb))
875 {
876 struct l2tp_session *session = NULL;
877 unsigned char *ptr, *optr;
878 u16 hdrflags;
879 u32 tunnel_id, session_id;
880 u16 version;
881 int length;
882
883 /* UDP has verifed checksum */
884
885 /* UDP always verifies the packet length. */
886 __skb_pull(skb, sizeof(struct udphdr));
887
888 /* Short packet? */
889 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) {
890 l2tp_info(tunnel, L2TP_MSG_DATA,
891 "%s: recv short packet (len=%d)\n",
892 tunnel->name, skb->len);
893 goto error;
894 }
895
896 /* Trace packet contents, if enabled */
897 if (tunnel->debug & L2TP_MSG_DATA) {
898 length = min(32u, skb->len);
899 if (!pskb_may_pull(skb, length))
900 goto error;
901
902 pr_debug("%s: recv\n", tunnel->name);
903 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length);
904 }
905
906 /* Point to L2TP header */
907 optr = ptr = skb->data;
908
909 /* Get L2TP header flags */
910 hdrflags = ntohs(*(__be16 *) ptr);
911
912 /* Check protocol version */
913 version = hdrflags & L2TP_HDR_VER_MASK;
914 if (version != tunnel->version) {
915 l2tp_info(tunnel, L2TP_MSG_DATA,
916 "%s: recv protocol version mismatch: got %d expected %d\n",
917 tunnel->name, version, tunnel->version);
918 goto error;
919 }
920
921 /* Get length of L2TP packet */
922 length = skb->len;
923
924 /* If type is control packet, it is handled by userspace. */
925 if (hdrflags & L2TP_HDRFLAG_T) {
926 l2tp_dbg(tunnel, L2TP_MSG_DATA,
927 "%s: recv control packet, len=%d\n",
928 tunnel->name, length);
929 goto error;
930 }
931
932 /* Skip flags */
933 ptr += 2;
934
935 if (tunnel->version == L2TP_HDR_VER_2) {
936 /* If length is present, skip it */
937 if (hdrflags & L2TP_HDRFLAG_L)
938 ptr += 2;
939
940 /* Extract tunnel and session ID */
941 tunnel_id = ntohs(*(__be16 *) ptr);
942 ptr += 2;
943 session_id = ntohs(*(__be16 *) ptr);
944 ptr += 2;
945 } else {
946 ptr += 2; /* skip reserved bits */
947 tunnel_id = tunnel->tunnel_id;
948 session_id = ntohl(*(__be32 *) ptr);
949 ptr += 4;
950 }
951
952 /* Find the session context */
953 session = l2tp_session_get(tunnel->l2tp_net, tunnel, session_id, true);
954 if (!session || !session->recv_skb) {
955 if (session) {
956 if (session->deref)
957 session->deref(session);
958 l2tp_session_dec_refcount(session);
959 }
960
961 /* Not found? Pass to userspace to deal with */
962 l2tp_info(tunnel, L2TP_MSG_DATA,
963 "%s: no session found (%u/%u). Passing up.\n",
964 tunnel->name, tunnel_id, session_id);
965 goto error;
966 }
967
968 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook);
969 l2tp_session_dec_refcount(session);
970
971 return 0;
972
973 error:
974 /* Put UDP header back */
975 __skb_push(skb, sizeof(struct udphdr));
976
977 return 1;
978 }
979
980 /* UDP encapsulation receive handler. See net/ipv4/udp.c.
981 * Return codes:
982 * 0 : success.
983 * <0: error
984 * >0: skb should be passed up to userspace as UDP.
985 */
986 int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
987 {
988 struct l2tp_tunnel *tunnel;
989
990 tunnel = l2tp_sock_to_tunnel(sk);
991 if (tunnel == NULL)
992 goto pass_up;
993
994 l2tp_dbg(tunnel, L2TP_MSG_DATA, "%s: received %d bytes\n",
995 tunnel->name, skb->len);
996
997 if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook))
998 goto pass_up_put;
999
1000 sock_put(sk);
1001 return 0;
1002
1003 pass_up_put:
1004 sock_put(sk);
1005 pass_up:
1006 return 1;
1007 }
1008 EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv);
1009
1010 /************************************************************************
1011 * Transmit handling
1012 ***********************************************************************/
1013
1014 /* Build an L2TP header for the session into the buffer provided.
1015 */
1016 static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf)
1017 {
1018 struct l2tp_tunnel *tunnel = session->tunnel;
1019 __be16 *bufp = buf;
1020 __be16 *optr = buf;
1021 u16 flags = L2TP_HDR_VER_2;
1022 u32 tunnel_id = tunnel->peer_tunnel_id;
1023 u32 session_id = session->peer_session_id;
1024
1025 if (session->send_seq)
1026 flags |= L2TP_HDRFLAG_S;
1027
1028 /* Setup L2TP header. */
1029 *bufp++ = htons(flags);
1030 *bufp++ = htons(tunnel_id);
1031 *bufp++ = htons(session_id);
1032 if (session->send_seq) {
1033 *bufp++ = htons(session->ns);
1034 *bufp++ = 0;
1035 session->ns++;
1036 session->ns &= 0xffff;
1037 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated ns to %u\n",
1038 session->name, session->ns);
1039 }
1040
1041 return bufp - optr;
1042 }
1043
1044 static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf)
1045 {
1046 struct l2tp_tunnel *tunnel = session->tunnel;
1047 char *bufp = buf;
1048 char *optr = bufp;
1049
1050 /* Setup L2TP header. The header differs slightly for UDP and
1051 * IP encapsulations. For UDP, there is 4 bytes of flags.
1052 */
1053 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
1054 u16 flags = L2TP_HDR_VER_3;
1055 *((__be16 *) bufp) = htons(flags);
1056 bufp += 2;
1057 *((__be16 *) bufp) = 0;
1058 bufp += 2;
1059 }
1060
1061 *((__be32 *) bufp) = htonl(session->peer_session_id);
1062 bufp += 4;
1063 if (session->cookie_len) {
1064 memcpy(bufp, &session->cookie[0], session->cookie_len);
1065 bufp += session->cookie_len;
1066 }
1067 if (session->l2specific_len) {
1068 if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
1069 u32 l2h = 0;
1070 if (session->send_seq) {
1071 l2h = 0x40000000 | session->ns;
1072 session->ns++;
1073 session->ns &= 0xffffff;
1074 l2tp_dbg(session, L2TP_MSG_SEQ,
1075 "%s: updated ns to %u\n",
1076 session->name, session->ns);
1077 }
1078
1079 *((__be32 *) bufp) = htonl(l2h);
1080 }
1081 bufp += session->l2specific_len;
1082 }
1083 if (session->offset)
1084 bufp += session->offset;
1085
1086 return bufp - optr;
1087 }
1088
1089 static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1090 struct flowi *fl, size_t data_len)
1091 {
1092 struct l2tp_tunnel *tunnel = session->tunnel;
1093 unsigned int len = skb->len;
1094 int error;
1095
1096 /* Debug */
1097 if (session->send_seq)
1098 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %zd bytes, ns=%u\n",
1099 session->name, data_len, session->ns - 1);
1100 else
1101 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %zd bytes\n",
1102 session->name, data_len);
1103
1104 if (session->debug & L2TP_MSG_DATA) {
1105 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1106 unsigned char *datap = skb->data + uhlen;
1107
1108 pr_debug("%s: xmit\n", session->name);
1109 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET,
1110 datap, min_t(size_t, 32, len - uhlen));
1111 }
1112
1113 /* Queue the packet to IP for output */
1114 skb->ignore_df = 1;
1115 #if IS_ENABLED(CONFIG_IPV6)
1116 if (tunnel->sock->sk_family == PF_INET6 && !tunnel->v4mapped)
1117 error = inet6_csk_xmit(tunnel->sock, skb, NULL);
1118 else
1119 #endif
1120 error = ip_queue_xmit(tunnel->sock, skb, fl);
1121
1122 /* Update stats */
1123 if (error >= 0) {
1124 atomic_long_inc(&tunnel->stats.tx_packets);
1125 atomic_long_add(len, &tunnel->stats.tx_bytes);
1126 atomic_long_inc(&session->stats.tx_packets);
1127 atomic_long_add(len, &session->stats.tx_bytes);
1128 } else {
1129 atomic_long_inc(&tunnel->stats.tx_errors);
1130 atomic_long_inc(&session->stats.tx_errors);
1131 }
1132
1133 return 0;
1134 }
1135
1136 /* If caller requires the skb to have a ppp header, the header must be
1137 * inserted in the skb data before calling this function.
1138 */
1139 int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
1140 {
1141 int data_len = skb->len;
1142 struct l2tp_tunnel *tunnel = session->tunnel;
1143 struct sock *sk = tunnel->sock;
1144 struct flowi *fl;
1145 struct udphdr *uh;
1146 struct inet_sock *inet;
1147 int headroom;
1148 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1149 int udp_len;
1150 int ret = NET_XMIT_SUCCESS;
1151
1152 /* Check that there's enough headroom in the skb to insert IP,
1153 * UDP and L2TP headers. If not enough, expand it to
1154 * make room. Adjust truesize.
1155 */
1156 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1157 uhlen + hdr_len;
1158 if (skb_cow_head(skb, headroom)) {
1159 kfree_skb(skb);
1160 return NET_XMIT_DROP;
1161 }
1162
1163 /* Setup L2TP header */
1164 session->build_header(session, __skb_push(skb, hdr_len));
1165
1166 /* Reset skb netfilter state */
1167 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1168 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1169 IPSKB_REROUTED);
1170 nf_reset(skb);
1171
1172 bh_lock_sock(sk);
1173 if (sock_owned_by_user(sk)) {
1174 kfree_skb(skb);
1175 ret = NET_XMIT_DROP;
1176 goto out_unlock;
1177 }
1178
1179 /* Get routing info from the tunnel socket */
1180 skb_dst_drop(skb);
1181 skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
1182
1183 inet = inet_sk(sk);
1184 fl = &inet->cork.fl;
1185 switch (tunnel->encap) {
1186 case L2TP_ENCAPTYPE_UDP:
1187 /* Setup UDP header */
1188 __skb_push(skb, sizeof(*uh));
1189 skb_reset_transport_header(skb);
1190 uh = udp_hdr(skb);
1191 uh->source = inet->inet_sport;
1192 uh->dest = inet->inet_dport;
1193 udp_len = uhlen + hdr_len + data_len;
1194 uh->len = htons(udp_len);
1195
1196 /* Calculate UDP checksum if configured to do so */
1197 #if IS_ENABLED(CONFIG_IPV6)
1198 if (sk->sk_family == PF_INET6 && !tunnel->v4mapped)
1199 udp6_set_csum(udp_get_no_check6_tx(sk),
1200 skb, &inet6_sk(sk)->saddr,
1201 &sk->sk_v6_daddr, udp_len);
1202 else
1203 #endif
1204 udp_set_csum(sk->sk_no_check_tx, skb, inet->inet_saddr,
1205 inet->inet_daddr, udp_len);
1206 break;
1207
1208 case L2TP_ENCAPTYPE_IP:
1209 break;
1210 }
1211
1212 l2tp_xmit_core(session, skb, fl, data_len);
1213 out_unlock:
1214 bh_unlock_sock(sk);
1215
1216 return ret;
1217 }
1218 EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1219
1220 /*****************************************************************************
1221 * Tinnel and session create/destroy.
1222 *****************************************************************************/
1223
1224 /* Tunnel socket destruct hook.
1225 * The tunnel context is deleted only when all session sockets have been
1226 * closed.
1227 */
1228 static void l2tp_tunnel_destruct(struct sock *sk)
1229 {
1230 struct l2tp_tunnel *tunnel = l2tp_tunnel(sk);
1231 struct l2tp_net *pn;
1232
1233 if (tunnel == NULL)
1234 goto end;
1235
1236 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name);
1237
1238
1239 /* Disable udp encapsulation */
1240 switch (tunnel->encap) {
1241 case L2TP_ENCAPTYPE_UDP:
1242 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1243 (udp_sk(sk))->encap_type = 0;
1244 (udp_sk(sk))->encap_rcv = NULL;
1245 (udp_sk(sk))->encap_destroy = NULL;
1246 break;
1247 case L2TP_ENCAPTYPE_IP:
1248 break;
1249 }
1250
1251 /* Remove hooks into tunnel socket */
1252 sk->sk_destruct = tunnel->old_sk_destruct;
1253 sk->sk_user_data = NULL;
1254 tunnel->sock = NULL;
1255
1256 /* Remove the tunnel struct from the tunnel list */
1257 pn = l2tp_pernet(tunnel->l2tp_net);
1258 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1259 list_del_rcu(&tunnel->list);
1260 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1261 atomic_dec(&l2tp_tunnel_count);
1262
1263 l2tp_tunnel_closeall(tunnel);
1264 l2tp_tunnel_dec_refcount(tunnel);
1265
1266 /* Call the original destructor */
1267 if (sk->sk_destruct)
1268 (*sk->sk_destruct)(sk);
1269 end:
1270 return;
1271 }
1272
1273 /* When the tunnel is closed, all the attached sessions need to go too.
1274 */
1275 void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1276 {
1277 int hash;
1278 struct hlist_node *walk;
1279 struct hlist_node *tmp;
1280 struct l2tp_session *session;
1281
1282 BUG_ON(tunnel == NULL);
1283
1284 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing all sessions...\n",
1285 tunnel->name);
1286
1287 write_lock_bh(&tunnel->hlist_lock);
1288 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1289 again:
1290 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1291 session = hlist_entry(walk, struct l2tp_session, hlist);
1292
1293 l2tp_info(session, L2TP_MSG_CONTROL,
1294 "%s: closing session\n", session->name);
1295
1296 hlist_del_init(&session->hlist);
1297
1298 if (session->ref != NULL)
1299 (*session->ref)(session);
1300
1301 write_unlock_bh(&tunnel->hlist_lock);
1302
1303 __l2tp_session_unhash(session);
1304 l2tp_session_queue_purge(session);
1305
1306 if (session->session_close != NULL)
1307 (*session->session_close)(session);
1308
1309 if (session->deref != NULL)
1310 (*session->deref)(session);
1311
1312 l2tp_session_dec_refcount(session);
1313
1314 write_lock_bh(&tunnel->hlist_lock);
1315
1316 /* Now restart from the beginning of this hash
1317 * chain. We always remove a session from the
1318 * list so we are guaranteed to make forward
1319 * progress.
1320 */
1321 goto again;
1322 }
1323 }
1324 write_unlock_bh(&tunnel->hlist_lock);
1325 }
1326 EXPORT_SYMBOL_GPL(l2tp_tunnel_closeall);
1327
1328 /* Tunnel socket destroy hook for UDP encapsulation */
1329 static void l2tp_udp_encap_destroy(struct sock *sk)
1330 {
1331 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
1332 if (tunnel) {
1333 l2tp_tunnel_closeall(tunnel);
1334 sock_put(sk);
1335 }
1336 }
1337
1338 /* Workqueue tunnel deletion function */
1339 static void l2tp_tunnel_del_work(struct work_struct *work)
1340 {
1341 struct l2tp_tunnel *tunnel = NULL;
1342 struct socket *sock = NULL;
1343 struct sock *sk = NULL;
1344
1345 tunnel = container_of(work, struct l2tp_tunnel, del_work);
1346
1347 l2tp_tunnel_closeall(tunnel);
1348
1349 sk = l2tp_tunnel_sock_lookup(tunnel);
1350 if (!sk)
1351 goto out;
1352
1353 sock = sk->sk_socket;
1354
1355 /* If the tunnel socket was created by userspace, then go through the
1356 * inet layer to shut the socket down, and let userspace close it.
1357 * Otherwise, if we created the socket directly within the kernel, use
1358 * the sk API to release it here.
1359 * In either case the tunnel resources are freed in the socket
1360 * destructor when the tunnel socket goes away.
1361 */
1362 if (tunnel->fd >= 0) {
1363 if (sock)
1364 inet_shutdown(sock, 2);
1365 } else {
1366 if (sock) {
1367 kernel_sock_shutdown(sock, SHUT_RDWR);
1368 sock_release(sock);
1369 }
1370 }
1371
1372 l2tp_tunnel_sock_put(sk);
1373 out:
1374 l2tp_tunnel_dec_refcount(tunnel);
1375 }
1376
1377 /* Create a socket for the tunnel, if one isn't set up by
1378 * userspace. This is used for static tunnels where there is no
1379 * managing L2TP daemon.
1380 *
1381 * Since we don't want these sockets to keep a namespace alive by
1382 * themselves, we drop the socket's namespace refcount after creation.
1383 * These sockets are freed when the namespace exits using the pernet
1384 * exit hook.
1385 */
1386 static int l2tp_tunnel_sock_create(struct net *net,
1387 u32 tunnel_id,
1388 u32 peer_tunnel_id,
1389 struct l2tp_tunnel_cfg *cfg,
1390 struct socket **sockp)
1391 {
1392 int err = -EINVAL;
1393 struct socket *sock = NULL;
1394 struct udp_port_cfg udp_conf;
1395
1396 switch (cfg->encap) {
1397 case L2TP_ENCAPTYPE_UDP:
1398 memset(&udp_conf, 0, sizeof(udp_conf));
1399
1400 #if IS_ENABLED(CONFIG_IPV6)
1401 if (cfg->local_ip6 && cfg->peer_ip6) {
1402 udp_conf.family = AF_INET6;
1403 memcpy(&udp_conf.local_ip6, cfg->local_ip6,
1404 sizeof(udp_conf.local_ip6));
1405 memcpy(&udp_conf.peer_ip6, cfg->peer_ip6,
1406 sizeof(udp_conf.peer_ip6));
1407 udp_conf.use_udp6_tx_checksums =
1408 ! cfg->udp6_zero_tx_checksums;
1409 udp_conf.use_udp6_rx_checksums =
1410 ! cfg->udp6_zero_rx_checksums;
1411 } else
1412 #endif
1413 {
1414 udp_conf.family = AF_INET;
1415 udp_conf.local_ip = cfg->local_ip;
1416 udp_conf.peer_ip = cfg->peer_ip;
1417 udp_conf.use_udp_checksums = cfg->use_udp_checksums;
1418 }
1419
1420 udp_conf.local_udp_port = htons(cfg->local_udp_port);
1421 udp_conf.peer_udp_port = htons(cfg->peer_udp_port);
1422
1423 err = udp_sock_create(net, &udp_conf, &sock);
1424 if (err < 0)
1425 goto out;
1426
1427 break;
1428
1429 case L2TP_ENCAPTYPE_IP:
1430 #if IS_ENABLED(CONFIG_IPV6)
1431 if (cfg->local_ip6 && cfg->peer_ip6) {
1432 struct sockaddr_l2tpip6 ip6_addr = {0};
1433
1434 err = sock_create_kern(net, AF_INET6, SOCK_DGRAM,
1435 IPPROTO_L2TP, &sock);
1436 if (err < 0)
1437 goto out;
1438
1439 ip6_addr.l2tp_family = AF_INET6;
1440 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1441 sizeof(ip6_addr.l2tp_addr));
1442 ip6_addr.l2tp_conn_id = tunnel_id;
1443 err = kernel_bind(sock, (struct sockaddr *) &ip6_addr,
1444 sizeof(ip6_addr));
1445 if (err < 0)
1446 goto out;
1447
1448 ip6_addr.l2tp_family = AF_INET6;
1449 memcpy(&ip6_addr.l2tp_addr, cfg->peer_ip6,
1450 sizeof(ip6_addr.l2tp_addr));
1451 ip6_addr.l2tp_conn_id = peer_tunnel_id;
1452 err = kernel_connect(sock,
1453 (struct sockaddr *) &ip6_addr,
1454 sizeof(ip6_addr), 0);
1455 if (err < 0)
1456 goto out;
1457 } else
1458 #endif
1459 {
1460 struct sockaddr_l2tpip ip_addr = {0};
1461
1462 err = sock_create_kern(net, AF_INET, SOCK_DGRAM,
1463 IPPROTO_L2TP, &sock);
1464 if (err < 0)
1465 goto out;
1466
1467 ip_addr.l2tp_family = AF_INET;
1468 ip_addr.l2tp_addr = cfg->local_ip;
1469 ip_addr.l2tp_conn_id = tunnel_id;
1470 err = kernel_bind(sock, (struct sockaddr *) &ip_addr,
1471 sizeof(ip_addr));
1472 if (err < 0)
1473 goto out;
1474
1475 ip_addr.l2tp_family = AF_INET;
1476 ip_addr.l2tp_addr = cfg->peer_ip;
1477 ip_addr.l2tp_conn_id = peer_tunnel_id;
1478 err = kernel_connect(sock, (struct sockaddr *) &ip_addr,
1479 sizeof(ip_addr), 0);
1480 if (err < 0)
1481 goto out;
1482 }
1483 break;
1484
1485 default:
1486 goto out;
1487 }
1488
1489 out:
1490 *sockp = sock;
1491 if ((err < 0) && sock) {
1492 kernel_sock_shutdown(sock, SHUT_RDWR);
1493 sock_release(sock);
1494 *sockp = NULL;
1495 }
1496
1497 return err;
1498 }
1499
1500 static struct lock_class_key l2tp_socket_class;
1501
1502 int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1503 {
1504 struct l2tp_tunnel *tunnel = NULL;
1505 int err;
1506 struct socket *sock = NULL;
1507 struct sock *sk = NULL;
1508 struct l2tp_net *pn;
1509 enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1510
1511 /* Get the tunnel socket from the fd, which was opened by
1512 * the userspace L2TP daemon. If not specified, create a
1513 * kernel socket.
1514 */
1515 if (fd < 0) {
1516 err = l2tp_tunnel_sock_create(net, tunnel_id, peer_tunnel_id,
1517 cfg, &sock);
1518 if (err < 0)
1519 goto err;
1520 } else {
1521 sock = sockfd_lookup(fd, &err);
1522 if (!sock) {
1523 pr_err("tunl %u: sockfd_lookup(fd=%d) returned %d\n",
1524 tunnel_id, fd, err);
1525 err = -EBADF;
1526 goto err;
1527 }
1528
1529 /* Reject namespace mismatches */
1530 if (!net_eq(sock_net(sock->sk), net)) {
1531 pr_err("tunl %u: netns mismatch\n", tunnel_id);
1532 err = -EINVAL;
1533 goto err;
1534 }
1535 }
1536
1537 sk = sock->sk;
1538
1539 if (cfg != NULL)
1540 encap = cfg->encap;
1541
1542 /* Quick sanity checks */
1543 switch (encap) {
1544 case L2TP_ENCAPTYPE_UDP:
1545 err = -EPROTONOSUPPORT;
1546 if (sk->sk_protocol != IPPROTO_UDP) {
1547 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1548 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP);
1549 goto err;
1550 }
1551 break;
1552 case L2TP_ENCAPTYPE_IP:
1553 err = -EPROTONOSUPPORT;
1554 if (sk->sk_protocol != IPPROTO_L2TP) {
1555 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n",
1556 tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP);
1557 goto err;
1558 }
1559 break;
1560 }
1561
1562 /* Check if this socket has already been prepped */
1563 tunnel = l2tp_tunnel(sk);
1564 if (tunnel != NULL) {
1565 /* This socket has already been prepped */
1566 err = -EBUSY;
1567 goto err;
1568 }
1569
1570 tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1571 if (tunnel == NULL) {
1572 err = -ENOMEM;
1573 goto err;
1574 }
1575
1576 tunnel->version = version;
1577 tunnel->tunnel_id = tunnel_id;
1578 tunnel->peer_tunnel_id = peer_tunnel_id;
1579 tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1580
1581 tunnel->magic = L2TP_TUNNEL_MAGIC;
1582 sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1583 rwlock_init(&tunnel->hlist_lock);
1584
1585 /* The net we belong to */
1586 tunnel->l2tp_net = net;
1587 pn = l2tp_pernet(net);
1588
1589 if (cfg != NULL)
1590 tunnel->debug = cfg->debug;
1591
1592 #if IS_ENABLED(CONFIG_IPV6)
1593 if (sk->sk_family == PF_INET6) {
1594 struct ipv6_pinfo *np = inet6_sk(sk);
1595
1596 if (ipv6_addr_v4mapped(&np->saddr) &&
1597 ipv6_addr_v4mapped(&sk->sk_v6_daddr)) {
1598 struct inet_sock *inet = inet_sk(sk);
1599
1600 tunnel->v4mapped = true;
1601 inet->inet_saddr = np->saddr.s6_addr32[3];
1602 inet->inet_rcv_saddr = sk->sk_v6_rcv_saddr.s6_addr32[3];
1603 inet->inet_daddr = sk->sk_v6_daddr.s6_addr32[3];
1604 } else {
1605 tunnel->v4mapped = false;
1606 }
1607 }
1608 #endif
1609
1610 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1611 tunnel->encap = encap;
1612 if (encap == L2TP_ENCAPTYPE_UDP) {
1613 struct udp_tunnel_sock_cfg udp_cfg = { };
1614
1615 udp_cfg.sk_user_data = tunnel;
1616 udp_cfg.encap_type = UDP_ENCAP_L2TPINUDP;
1617 udp_cfg.encap_rcv = l2tp_udp_encap_recv;
1618 udp_cfg.encap_destroy = l2tp_udp_encap_destroy;
1619
1620 setup_udp_tunnel_sock(net, sock, &udp_cfg);
1621 } else {
1622 sk->sk_user_data = tunnel;
1623 }
1624
1625 /* Hook on the tunnel socket destructor so that we can cleanup
1626 * if the tunnel socket goes away.
1627 */
1628 tunnel->old_sk_destruct = sk->sk_destruct;
1629 sk->sk_destruct = &l2tp_tunnel_destruct;
1630 tunnel->sock = sk;
1631 tunnel->fd = fd;
1632 lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock");
1633
1634 sk->sk_allocation = GFP_ATOMIC;
1635
1636 /* Init delete workqueue struct */
1637 INIT_WORK(&tunnel->del_work, l2tp_tunnel_del_work);
1638
1639 /* Add tunnel to our list */
1640 INIT_LIST_HEAD(&tunnel->list);
1641 atomic_inc(&l2tp_tunnel_count);
1642
1643 /* Bump the reference count. The tunnel context is deleted
1644 * only when this drops to zero. Must be done before list insertion
1645 */
1646 refcount_set(&tunnel->ref_count, 1);
1647 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1648 list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list);
1649 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1650
1651 err = 0;
1652 err:
1653 if (tunnelp)
1654 *tunnelp = tunnel;
1655
1656 /* If tunnel's socket was created by the kernel, it doesn't
1657 * have a file.
1658 */
1659 if (sock && sock->file)
1660 sockfd_put(sock);
1661
1662 return err;
1663 }
1664 EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1665
1666 /* This function is used by the netlink TUNNEL_DELETE command.
1667 */
1668 void l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1669 {
1670 if (!test_and_set_bit(0, &tunnel->dead)) {
1671 l2tp_tunnel_inc_refcount(tunnel);
1672 queue_work(l2tp_wq, &tunnel->del_work);
1673 }
1674 }
1675 EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1676
1677 /* Really kill the session.
1678 */
1679 void l2tp_session_free(struct l2tp_session *session)
1680 {
1681 struct l2tp_tunnel *tunnel = session->tunnel;
1682
1683 BUG_ON(refcount_read(&session->ref_count) != 0);
1684
1685 if (tunnel) {
1686 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1687 if (session->session_id != 0)
1688 atomic_dec(&l2tp_session_count);
1689 sock_put(tunnel->sock);
1690 session->tunnel = NULL;
1691 l2tp_tunnel_dec_refcount(tunnel);
1692 }
1693
1694 kfree(session);
1695 }
1696 EXPORT_SYMBOL_GPL(l2tp_session_free);
1697
1698 /* Remove an l2tp session from l2tp_core's hash lists.
1699 * Provides a tidyup interface for pseudowire code which can't just route all
1700 * shutdown via. l2tp_session_delete and a pseudowire-specific session_close
1701 * callback.
1702 */
1703 void __l2tp_session_unhash(struct l2tp_session *session)
1704 {
1705 struct l2tp_tunnel *tunnel = session->tunnel;
1706
1707 /* Remove the session from core hashes */
1708 if (tunnel) {
1709 /* Remove from the per-tunnel hash */
1710 write_lock_bh(&tunnel->hlist_lock);
1711 hlist_del_init(&session->hlist);
1712 write_unlock_bh(&tunnel->hlist_lock);
1713
1714 /* For L2TPv3 we have a per-net hash: remove from there, too */
1715 if (tunnel->version != L2TP_HDR_VER_2) {
1716 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1717 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1718 hlist_del_init_rcu(&session->global_hlist);
1719 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1720 synchronize_rcu();
1721 }
1722 }
1723 }
1724 EXPORT_SYMBOL_GPL(__l2tp_session_unhash);
1725
1726 /* This function is used by the netlink SESSION_DELETE command and by
1727 pseudowire modules.
1728 */
1729 int l2tp_session_delete(struct l2tp_session *session)
1730 {
1731 if (session->ref)
1732 (*session->ref)(session);
1733 __l2tp_session_unhash(session);
1734 l2tp_session_queue_purge(session);
1735 if (session->session_close != NULL)
1736 (*session->session_close)(session);
1737 if (session->deref)
1738 (*session->deref)(session);
1739 l2tp_session_dec_refcount(session);
1740 return 0;
1741 }
1742 EXPORT_SYMBOL_GPL(l2tp_session_delete);
1743
1744 /* We come here whenever a session's send_seq, cookie_len or
1745 * l2specific_len parameters are set.
1746 */
1747 void l2tp_session_set_header_len(struct l2tp_session *session, int version)
1748 {
1749 if (version == L2TP_HDR_VER_2) {
1750 session->hdr_len = 6;
1751 if (session->send_seq)
1752 session->hdr_len += 4;
1753 } else {
1754 session->hdr_len = 4 + session->cookie_len + session->l2specific_len + session->offset;
1755 if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1756 session->hdr_len += 4;
1757 }
1758
1759 }
1760 EXPORT_SYMBOL_GPL(l2tp_session_set_header_len);
1761
1762 struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1763 {
1764 struct l2tp_session *session;
1765 int err;
1766
1767 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1768 if (session != NULL) {
1769 session->magic = L2TP_SESSION_MAGIC;
1770 session->tunnel = tunnel;
1771
1772 session->session_id = session_id;
1773 session->peer_session_id = peer_session_id;
1774 session->nr = 0;
1775 if (tunnel->version == L2TP_HDR_VER_2)
1776 session->nr_max = 0xffff;
1777 else
1778 session->nr_max = 0xffffff;
1779 session->nr_window_size = session->nr_max / 2;
1780 session->nr_oos_count_max = 4;
1781
1782 /* Use NR of first received packet */
1783 session->reorder_skip = 1;
1784
1785 sprintf(&session->name[0], "sess %u/%u",
1786 tunnel->tunnel_id, session->session_id);
1787
1788 skb_queue_head_init(&session->reorder_q);
1789
1790 INIT_HLIST_NODE(&session->hlist);
1791 INIT_HLIST_NODE(&session->global_hlist);
1792
1793 /* Inherit debug options from tunnel */
1794 session->debug = tunnel->debug;
1795
1796 if (cfg) {
1797 session->pwtype = cfg->pw_type;
1798 session->debug = cfg->debug;
1799 session->mtu = cfg->mtu;
1800 session->mru = cfg->mru;
1801 session->send_seq = cfg->send_seq;
1802 session->recv_seq = cfg->recv_seq;
1803 session->lns_mode = cfg->lns_mode;
1804 session->reorder_timeout = cfg->reorder_timeout;
1805 session->offset = cfg->offset;
1806 session->l2specific_type = cfg->l2specific_type;
1807 session->l2specific_len = cfg->l2specific_len;
1808 session->cookie_len = cfg->cookie_len;
1809 memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len);
1810 session->peer_cookie_len = cfg->peer_cookie_len;
1811 memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1812 }
1813
1814 if (tunnel->version == L2TP_HDR_VER_2)
1815 session->build_header = l2tp_build_l2tpv2_header;
1816 else
1817 session->build_header = l2tp_build_l2tpv3_header;
1818
1819 l2tp_session_set_header_len(session, tunnel->version);
1820
1821 refcount_set(&session->ref_count, 1);
1822
1823 err = l2tp_session_add_to_tunnel(tunnel, session);
1824 if (err) {
1825 kfree(session);
1826
1827 return ERR_PTR(err);
1828 }
1829
1830 l2tp_tunnel_inc_refcount(tunnel);
1831
1832 /* Ensure tunnel socket isn't deleted */
1833 sock_hold(tunnel->sock);
1834
1835 /* Ignore management session in session count value */
1836 if (session->session_id != 0)
1837 atomic_inc(&l2tp_session_count);
1838
1839 return session;
1840 }
1841
1842 return ERR_PTR(-ENOMEM);
1843 }
1844 EXPORT_SYMBOL_GPL(l2tp_session_create);
1845
1846 /*****************************************************************************
1847 * Init and cleanup
1848 *****************************************************************************/
1849
1850 static __net_init int l2tp_init_net(struct net *net)
1851 {
1852 struct l2tp_net *pn = net_generic(net, l2tp_net_id);
1853 int hash;
1854
1855 INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1856 spin_lock_init(&pn->l2tp_tunnel_list_lock);
1857
1858 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1859 INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
1860
1861 spin_lock_init(&pn->l2tp_session_hlist_lock);
1862
1863 return 0;
1864 }
1865
1866 static __net_exit void l2tp_exit_net(struct net *net)
1867 {
1868 struct l2tp_net *pn = l2tp_pernet(net);
1869 struct l2tp_tunnel *tunnel = NULL;
1870
1871 rcu_read_lock_bh();
1872 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
1873 (void)l2tp_tunnel_delete(tunnel);
1874 }
1875 rcu_read_unlock_bh();
1876
1877 flush_workqueue(l2tp_wq);
1878 rcu_barrier();
1879 }
1880
1881 static struct pernet_operations l2tp_net_ops = {
1882 .init = l2tp_init_net,
1883 .exit = l2tp_exit_net,
1884 .id = &l2tp_net_id,
1885 .size = sizeof(struct l2tp_net),
1886 };
1887
1888 static int __init l2tp_init(void)
1889 {
1890 int rc = 0;
1891
1892 rc = register_pernet_device(&l2tp_net_ops);
1893 if (rc)
1894 goto out;
1895
1896 l2tp_wq = alloc_workqueue("l2tp", WQ_UNBOUND, 0);
1897 if (!l2tp_wq) {
1898 pr_err("alloc_workqueue failed\n");
1899 unregister_pernet_device(&l2tp_net_ops);
1900 rc = -ENOMEM;
1901 goto out;
1902 }
1903
1904 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION);
1905
1906 out:
1907 return rc;
1908 }
1909
1910 static void __exit l2tp_exit(void)
1911 {
1912 unregister_pernet_device(&l2tp_net_ops);
1913 if (l2tp_wq) {
1914 destroy_workqueue(l2tp_wq);
1915 l2tp_wq = NULL;
1916 }
1917 }
1918
1919 module_init(l2tp_init);
1920 module_exit(l2tp_exit);
1921
1922 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1923 MODULE_DESCRIPTION("L2TP core");
1924 MODULE_LICENSE("GPL");
1925 MODULE_VERSION(L2TP_DRV_VERSION);
1926
1927
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.