blob: 0184c96579e9847b5aadefaf9c13c3444d2e2b97 [file] [log] [blame]
/* drivers/net/pppolac.c
*
* Driver for PPP on L2TP Access Concentrator / PPPoLAC Socket (RFC 2661)
*
* Copyright (C) 2009 Google, Inc.
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
/* This driver handles L2TP data packets between a UDP socket and a PPP channel.
* The socket must keep connected, and only one session per socket is permitted.
* Sequencing of outgoing packets is controlled by LNS. Incoming packets with
* sequences are reordered within a sliding window of one second. Currently
* reordering only happens when a packet is received. It is done for simplicity
* since no additional locks or threads are required. This driver only works on
* IPv4 due to the lack of UDP encapsulation support in IPv6. */
#include <linux/module.h>
#include <linux/jiffies.h>
#include <linux/workqueue.h>
#include <linux/skbuff.h>
#include <linux/file.h>
#include <linux/netdevice.h>
#include <linux/net.h>
#include <linux/udp.h>
#include <linux/ppp_defs.h>
#include <linux/if_ppp.h>
#include <linux/if_pppox.h>
#include <linux/ppp_channel.h>
#include <net/tcp_states.h>
#include <asm/uaccess.h>
#define L2TP_CONTROL_BIT 0x80
#define L2TP_LENGTH_BIT 0x40
#define L2TP_SEQUENCE_BIT 0x08
#define L2TP_OFFSET_BIT 0x02
#define L2TP_VERSION 0x02
#define L2TP_VERSION_MASK 0x0F
#define PPP_ADDR 0xFF
#define PPP_CTRL 0x03
union unaligned {
__u32 u32;
} __attribute__((packed));
static inline union unaligned *unaligned(void *ptr)
{
return (union unaligned *)ptr;
}
struct meta {
__u32 sequence;
__u32 timestamp;
};
static inline struct meta *skb_meta(struct sk_buff *skb)
{
return (struct meta *)skb->cb;
}
/******************************************************************************/
static int pppolac_recv_core(struct sock *sk_udp, struct sk_buff *skb)
{
struct sock *sk = (struct sock *)sk_udp->sk_user_data;
struct pppolac_opt *opt = &pppox_sk(sk)->proto.lac;
struct meta *meta = skb_meta(skb);
__u32 now = jiffies;
__u8 bits;
__u8 *ptr;
/* Drop the packet if L2TP header is missing. */
if (skb->len < sizeof(struct udphdr) + 6)
goto drop;
/* Put it back if it is a control packet. */
if (skb->data[sizeof(struct udphdr)] & L2TP_CONTROL_BIT)
return opt->backlog_rcv(sk_udp, skb);
/* Skip UDP header. */
skb_pull(skb, sizeof(struct udphdr));
/* Check the version. */
if ((skb->data[1] & L2TP_VERSION_MASK) != L2TP_VERSION)
goto drop;
bits = skb->data[0];
ptr = &skb->data[2];
/* Check the length if it is present. */
if (bits & L2TP_LENGTH_BIT) {
if ((ptr[0] << 8 | ptr[1]) != skb->len)
goto drop;
ptr += 2;
}
/* Skip all fields including optional ones. */
if (!skb_pull(skb, 6 + (bits & L2TP_SEQUENCE_BIT ? 4 : 0) +
(bits & L2TP_LENGTH_BIT ? 2 : 0) +
(bits & L2TP_OFFSET_BIT ? 2 : 0)))
goto drop;
/* Skip the offset padding if it is present. */
if (bits & L2TP_OFFSET_BIT &&
!skb_pull(skb, skb->data[-2] << 8 | skb->data[-1]))
goto drop;
/* Check the tunnel and the session. */
if (unaligned(ptr)->u32 != opt->local)
goto drop;
/* Check the sequence if it is present. */
if (bits & L2TP_SEQUENCE_BIT) {
meta->sequence = ptr[4] << 8 | ptr[5];
if ((__s16)(meta->sequence - opt->recv_sequence) < 0)
goto drop;
}
/* Skip PPP address and control if they are present. */
if (skb->len >= 2 && skb->data[0] == PPP_ADDR &&
skb->data[1] == PPP_CTRL)
skb_pull(skb, 2);
/* Fix PPP protocol if it is compressed. */
if (skb->len >= 1 && skb->data[0] & 1)
skb_push(skb, 1)[0] = 0;
/* Drop the packet if PPP protocol is missing. */
if (skb->len < 2)
goto drop;
/* Perform reordering if sequencing is enabled. */
atomic_set(&opt->sequencing, bits & L2TP_SEQUENCE_BIT);
if (bits & L2TP_SEQUENCE_BIT) {
struct sk_buff *skb1;
/* Insert the packet into receive queue in order. */
skb_set_owner_r(skb, sk);
skb_queue_walk(&sk->sk_receive_queue, skb1) {
struct meta *meta1 = skb_meta(skb1);
__s16 order = meta->sequence - meta1->sequence;
if (order == 0)
goto drop;
if (order < 0) {
meta->timestamp = meta1->timestamp;
skb_insert(skb1, skb, &sk->sk_receive_queue);
skb = NULL;
break;
}
}
if (skb) {
meta->timestamp = now;
skb_queue_tail(&sk->sk_receive_queue, skb);
}
/* Remove packets from receive queue as long as
* 1. the receive buffer is full,
* 2. they are queued longer than one second, or
* 3. there are no missing packets before them. */
skb_queue_walk_safe(&sk->sk_receive_queue, skb, skb1) {
meta = skb_meta(skb);
if (atomic_read(&sk->sk_rmem_alloc) < sk->sk_rcvbuf &&
now - meta->timestamp < HZ &&
meta->sequence != opt->recv_sequence)
break;
skb_unlink(skb, &sk->sk_receive_queue);
opt->recv_sequence = (__u16)(meta->sequence + 1);
skb_orphan(skb);
ppp_input(&pppox_sk(sk)->chan, skb);
}
return NET_RX_SUCCESS;
}
/* Flush receive queue if sequencing is disabled. */
skb_queue_purge(&sk->sk_receive_queue);
skb_orphan(skb);
ppp_input(&pppox_sk(sk)->chan, skb);
return NET_RX_SUCCESS;
drop:
kfree_skb(skb);
return NET_RX_DROP;
}
static int pppolac_recv(struct sock *sk_udp, struct sk_buff *skb)
{
sock_hold(sk_udp);
sk_receive_skb(sk_udp, skb, 0);
return 0;
}
static struct sk_buff_head delivery_queue;
static void pppolac_xmit_core(struct work_struct *delivery_work)
{
mm_segment_t old_fs = get_fs();
struct sk_buff *skb;
set_fs(KERNEL_DS);
while ((skb = skb_dequeue(&delivery_queue))) {
struct sock *sk_udp = skb->sk;
struct kvec iov = {.iov_base = skb->data, .iov_len = skb->len};
struct msghdr msg = { 0 };
iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, &iov, 1,
skb->len);
sk_udp->sk_prot->sendmsg(sk_udp, &msg, skb->len);
kfree_skb(skb);
}
set_fs(old_fs);
}
static DECLARE_WORK(delivery_work, pppolac_xmit_core);
static int pppolac_xmit(struct ppp_channel *chan, struct sk_buff *skb)
{
struct sock *sk_udp = (struct sock *)chan->private;
struct pppolac_opt *opt = &pppox_sk(sk_udp->sk_user_data)->proto.lac;
/* Install PPP address and control. */
skb_push(skb, 2);
skb->data[0] = PPP_ADDR;
skb->data[1] = PPP_CTRL;
/* Install L2TP header. */
if (atomic_read(&opt->sequencing)) {
skb_push(skb, 10);
skb->data[0] = L2TP_SEQUENCE_BIT;
skb->data[6] = opt->xmit_sequence >> 8;
skb->data[7] = opt->xmit_sequence;
skb->data[8] = 0;
skb->data[9] = 0;
opt->xmit_sequence++;
} else {
skb_push(skb, 6);
skb->data[0] = 0;
}
skb->data[1] = L2TP_VERSION;
unaligned(&skb->data[2])->u32 = opt->remote;
/* Now send the packet via the delivery queue. */
skb_set_owner_w(skb, sk_udp);
skb_queue_tail(&delivery_queue, skb);
schedule_work(&delivery_work);
return 1;
}
/******************************************************************************/
static struct ppp_channel_ops pppolac_channel_ops = {
.start_xmit = pppolac_xmit,
};
static int pppolac_connect(struct socket *sock, struct sockaddr *useraddr,
int addrlen, int flags)
{
struct sock *sk = sock->sk;
struct pppox_sock *po = pppox_sk(sk);
struct sockaddr_pppolac *addr = (struct sockaddr_pppolac *)useraddr;
struct socket *sock_udp = NULL;
struct sock *sk_udp;
int error;
if (addrlen != sizeof(struct sockaddr_pppolac) ||
!addr->local.tunnel || !addr->local.session ||
!addr->remote.tunnel || !addr->remote.session) {
return -EINVAL;
}
lock_sock(sk);
error = -EALREADY;
if (sk->sk_state != PPPOX_NONE)
goto out;
sock_udp = sockfd_lookup(addr->udp_socket, &error);
if (!sock_udp)
goto out;
sk_udp = sock_udp->sk;
lock_sock(sk_udp);
/* Remove this check when IPv6 supports UDP encapsulation. */
error = -EAFNOSUPPORT;
if (sk_udp->sk_family != AF_INET)
goto out;
error = -EPROTONOSUPPORT;
if (sk_udp->sk_protocol != IPPROTO_UDP)
goto out;
error = -EDESTADDRREQ;
if (sk_udp->sk_state != TCP_ESTABLISHED)
goto out;
error = -EBUSY;
if (udp_sk(sk_udp)->encap_type || sk_udp->sk_user_data)
goto out;
if (!sk_udp->sk_bound_dev_if) {
struct dst_entry *dst = sk_dst_get(sk_udp);
error = -ENODEV;
if (!dst)
goto out;
sk_udp->sk_bound_dev_if = dst->dev->ifindex;
dst_release(dst);
}
po->chan.hdrlen = 12;
po->chan.private = sk_udp;
po->chan.ops = &pppolac_channel_ops;
po->chan.mtu = PPP_MRU - 80;
po->proto.lac.local = unaligned(&addr->local)->u32;
po->proto.lac.remote = unaligned(&addr->remote)->u32;
atomic_set(&po->proto.lac.sequencing, 1);
po->proto.lac.backlog_rcv = sk_udp->sk_backlog_rcv;
error = ppp_register_channel(&po->chan);
if (error)
goto out;
sk->sk_state = PPPOX_CONNECTED;
udp_sk(sk_udp)->encap_type = UDP_ENCAP_L2TPINUDP;
udp_sk(sk_udp)->encap_rcv = pppolac_recv;
sk_udp->sk_backlog_rcv = pppolac_recv_core;
sk_udp->sk_user_data = sk;
out:
if (sock_udp) {
release_sock(sk_udp);
if (error)
sockfd_put(sock_udp);
}
release_sock(sk);
return error;
}
static int pppolac_release(struct socket *sock)
{
struct sock *sk = sock->sk;
if (!sk)
return 0;
lock_sock(sk);
if (sock_flag(sk, SOCK_DEAD)) {
release_sock(sk);
return -EBADF;
}
if (sk->sk_state != PPPOX_NONE) {
struct sock *sk_udp = (struct sock *)pppox_sk(sk)->chan.private;
lock_sock(sk_udp);
skb_queue_purge(&sk->sk_receive_queue);
pppox_unbind_sock(sk);
udp_sk(sk_udp)->encap_type = 0;
udp_sk(sk_udp)->encap_rcv = NULL;
sk_udp->sk_backlog_rcv = pppox_sk(sk)->proto.lac.backlog_rcv;
sk_udp->sk_user_data = NULL;
release_sock(sk_udp);
sockfd_put(sk_udp->sk_socket);
}
sock_orphan(sk);
sock->sk = NULL;
release_sock(sk);
sock_put(sk);
return 0;
}
/******************************************************************************/
static struct proto pppolac_proto = {
.name = "PPPOLAC",
.owner = THIS_MODULE,
.obj_size = sizeof(struct pppox_sock),
};
static struct proto_ops pppolac_proto_ops = {
.family = PF_PPPOX,
.owner = THIS_MODULE,
.release = pppolac_release,
.bind = sock_no_bind,
.connect = pppolac_connect,
.socketpair = sock_no_socketpair,
.accept = sock_no_accept,
.getname = sock_no_getname,
.poll = sock_no_poll,
.ioctl = pppox_ioctl,
.listen = sock_no_listen,
.shutdown = sock_no_shutdown,
.setsockopt = sock_no_setsockopt,
.getsockopt = sock_no_getsockopt,
.sendmsg = sock_no_sendmsg,
.recvmsg = sock_no_recvmsg,
.mmap = sock_no_mmap,
};
static int pppolac_create(struct net *net, struct socket *sock, int kern)
{
struct sock *sk;
sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppolac_proto, kern);
if (!sk)
return -ENOMEM;
sock_init_data(sock, sk);
sock->state = SS_UNCONNECTED;
sock->ops = &pppolac_proto_ops;
sk->sk_protocol = PX_PROTO_OLAC;
sk->sk_state = PPPOX_NONE;
return 0;
}
/******************************************************************************/
static struct pppox_proto pppolac_pppox_proto = {
.create = pppolac_create,
.owner = THIS_MODULE,
};
static int __init pppolac_init(void)
{
int error;
error = proto_register(&pppolac_proto, 0);
if (error)
return error;
error = register_pppox_proto(PX_PROTO_OLAC, &pppolac_pppox_proto);
if (error)
proto_unregister(&pppolac_proto);
else
skb_queue_head_init(&delivery_queue);
return error;
}
static void __exit pppolac_exit(void)
{
unregister_pppox_proto(PX_PROTO_OLAC);
proto_unregister(&pppolac_proto);
}
module_init(pppolac_init);
module_exit(pppolac_exit);
MODULE_DESCRIPTION("PPP on L2TP Access Concentrator (PPPoLAC)");
MODULE_AUTHOR("Chia-chi Yeh <chiachi@android.com>");
MODULE_LICENSE("GPL");