1/* 2 * L2TP core. 3 * 4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd 5 * 6 * This file contains some code of the original L2TPv2 pppol2tp 7 * driver, which has the following copyright: 8 * 9 * Authors: Martijn van Oosterhout <kleptog@svana.org> 10 * James Chapman (jchapman@katalix.com) 11 * Contributors: 12 * Michal Ostrowski <mostrows@speakeasy.net> 13 * Arnaldo Carvalho de Melo <acme@xconectiva.com.br> 14 * David S. Miller (davem@redhat.com) 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License version 2 as 18 * published by the Free Software Foundation. 19 */ 20 21#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 22 23#include <linux/module.h> 24#include <linux/string.h> 25#include <linux/list.h> 26#include <linux/rculist.h> 27#include <linux/uaccess.h> 28 29#include <linux/kernel.h> 30#include <linux/spinlock.h> 31#include <linux/kthread.h> 32#include <linux/sched.h> 33#include <linux/slab.h> 34#include <linux/errno.h> 35#include <linux/jiffies.h> 36 37#include <linux/netdevice.h> 38#include <linux/net.h> 39#include <linux/inetdevice.h> 40#include <linux/skbuff.h> 41#include <linux/init.h> 42#include <linux/in.h> 43#include <linux/ip.h> 44#include <linux/udp.h> 45#include <linux/l2tp.h> 46#include <linux/hash.h> 47#include <linux/sort.h> 48#include <linux/file.h> 49#include <linux/nsproxy.h> 50#include <net/net_namespace.h> 51#include <net/netns/generic.h> 52#include <net/dst.h> 53#include <net/ip.h> 54#include <net/udp.h> 55#include <net/udp_tunnel.h> 56#include <net/inet_common.h> 57#include <net/xfrm.h> 58#include <net/protocol.h> 59#include <net/inet6_connection_sock.h> 60#include <net/inet_ecn.h> 61#include <net/ip6_route.h> 62#include <net/ip6_checksum.h> 63 64#include <asm/byteorder.h> 65#include <linux/atomic.h> 66 67#include "l2tp_core.h" 68 69#define L2TP_DRV_VERSION "V2.0" 70 71/* L2TP header constants */ 72#define L2TP_HDRFLAG_T 0x8000 73#define L2TP_HDRFLAG_L 0x4000 74#define L2TP_HDRFLAG_S 0x0800 75#define L2TP_HDRFLAG_O 0x0200 76#define L2TP_HDRFLAG_P 0x0100 77 78#define L2TP_HDR_VER_MASK 0x000F 79#define L2TP_HDR_VER_2 0x0002 80#define L2TP_HDR_VER_3 0x0003 81 82/* L2TPv3 default L2-specific sublayer */ 83#define L2TP_SLFLAG_S 0x40000000 84#define L2TP_SL_SEQ_MASK 0x00ffffff 85 86#define L2TP_HDR_SIZE_SEQ 10 87#define L2TP_HDR_SIZE_NOSEQ 6 88 89/* Default trace flags */ 90#define L2TP_DEFAULT_DEBUG_FLAGS 0 91 92/* Private data stored for received packets in the skb. 93 */ 94struct l2tp_skb_cb { 95 u32 ns; 96 u16 has_seq; 97 u16 length; 98 unsigned long expires; 99}; 100 101#define L2TP_SKB_CB(skb) ((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)]) 102 103static atomic_t l2tp_tunnel_count; 104static atomic_t l2tp_session_count; 105static struct workqueue_struct *l2tp_wq; 106 107/* per-net private data for this module */ 108static unsigned int l2tp_net_id; 109struct l2tp_net { 110 struct list_head l2tp_tunnel_list; 111 spinlock_t l2tp_tunnel_list_lock; 112 struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2]; 113 spinlock_t l2tp_session_hlist_lock; 114}; 115 116static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel); 117 118static inline struct l2tp_tunnel *l2tp_tunnel(struct sock *sk) 119{ 120 return sk->sk_user_data; 121} 122 123static inline struct l2tp_net *l2tp_pernet(struct net *net) 124{ 125 BUG_ON(!net); 126 127 return net_generic(net, l2tp_net_id); 128} 129 130/* Tunnel reference counts. Incremented per session that is added to 131 * the tunnel. 132 */ 133static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel) 134{ 135 atomic_inc(&tunnel->ref_count); 136} 137 138static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel) 139{ 140 if (atomic_dec_and_test(&tunnel->ref_count)) 141 l2tp_tunnel_free(tunnel); 142} 143#ifdef L2TP_REFCNT_DEBUG 144#define l2tp_tunnel_inc_refcount(_t) \ 145do { \ 146 pr_debug("l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n", \ 147 __func__, __LINE__, (_t)->name, \ 148 atomic_read(&_t->ref_count)); \ 149 l2tp_tunnel_inc_refcount_1(_t); \ 150} while (0) 151#define l2tp_tunnel_dec_refcount(_t) \ 152do { \ 153 pr_debug("l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n", \ 154 __func__, __LINE__, (_t)->name, \ 155 atomic_read(&_t->ref_count)); \ 156 l2tp_tunnel_dec_refcount_1(_t); \ 157} while (0) 158#else 159#define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t) 160#define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t) 161#endif 162 163/* Session hash global list for L2TPv3. 164 * The session_id SHOULD be random according to RFC3931, but several 165 * L2TP implementations use incrementing session_ids. So we do a real 166 * hash on the session_id, rather than a simple bitmask. 167 */ 168static inline struct hlist_head * 169l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id) 170{ 171 return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)]; 172 173} 174 175/* Lookup the tunnel socket, possibly involving the fs code if the socket is 176 * owned by userspace. A struct sock returned from this function must be 177 * released using l2tp_tunnel_sock_put once you're done with it. 178 */ 179static struct sock *l2tp_tunnel_sock_lookup(struct l2tp_tunnel *tunnel) 180{ 181 int err = 0; 182 struct socket *sock = NULL; 183 struct sock *sk = NULL; 184 185 if (!tunnel) 186 goto out; 187 188 if (tunnel->fd >= 0) { 189 /* Socket is owned by userspace, who might be in the process 190 * of closing it. Look the socket up using the fd to ensure 191 * consistency. 192 */ 193 sock = sockfd_lookup(tunnel->fd, &err); 194 if (sock) 195 sk = sock->sk; 196 } else { 197 /* Socket is owned by kernelspace */ 198 sk = tunnel->sock; 199 sock_hold(sk); 200 } 201 202out: 203 return sk; 204} 205 206/* Drop a reference to a tunnel socket obtained via. l2tp_tunnel_sock_put */ 207static void l2tp_tunnel_sock_put(struct sock *sk) 208{ 209 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk); 210 if (tunnel) { 211 if (tunnel->fd >= 0) { 212 /* Socket is owned by userspace */ 213 sockfd_put(sk->sk_socket); 214 } 215 sock_put(sk); 216 } 217 sock_put(sk); 218} 219 220/* Lookup a session by id in the global session list 221 */ 222static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id) 223{ 224 struct l2tp_net *pn = l2tp_pernet(net); 225 struct hlist_head *session_list = 226 l2tp_session_id_hash_2(pn, session_id); 227 struct l2tp_session *session; 228 229 rcu_read_lock_bh(); 230 hlist_for_each_entry_rcu(session, session_list, global_hlist) { 231 if (session->session_id == session_id) { 232 rcu_read_unlock_bh(); 233 return session; 234 } 235 } 236 rcu_read_unlock_bh(); 237 238 return NULL; 239} 240 241/* Session hash list. 242 * The session_id SHOULD be random according to RFC2661, but several 243 * L2TP implementations (Cisco and Microsoft) use incrementing 244 * session_ids. So we do a real hash on the session_id, rather than a 245 * simple bitmask. 246 */ 247static inline struct hlist_head * 248l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id) 249{ 250 return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)]; 251} 252 253/* Lookup a session by id 254 */ 255struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id) 256{ 257 struct hlist_head *session_list; 258 struct l2tp_session *session; 259 260 /* In L2TPv3, session_ids are unique over all tunnels and we 261 * sometimes need to look them up before we know the 262 * tunnel. 263 */ 264 if (tunnel == NULL) 265 return l2tp_session_find_2(net, session_id); 266 267 session_list = l2tp_session_id_hash(tunnel, session_id); 268 read_lock_bh(&tunnel->hlist_lock); 269 hlist_for_each_entry(session, session_list, hlist) { 270 if (session->session_id == session_id) { 271 read_unlock_bh(&tunnel->hlist_lock); 272 return session; 273 } 274 } 275 read_unlock_bh(&tunnel->hlist_lock); 276 277 return NULL; 278} 279EXPORT_SYMBOL_GPL(l2tp_session_find); 280 281struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth) 282{ 283 int hash; 284 struct l2tp_session *session; 285 int count = 0; 286 287 read_lock_bh(&tunnel->hlist_lock); 288 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) { 289 hlist_for_each_entry(session, &tunnel->session_hlist[hash], hlist) { 290 if (++count > nth) { 291 read_unlock_bh(&tunnel->hlist_lock); 292 return session; 293 } 294 } 295 } 296 297 read_unlock_bh(&tunnel->hlist_lock); 298 299 return NULL; 300} 301EXPORT_SYMBOL_GPL(l2tp_session_find_nth); 302 303/* Lookup a session by interface name. 304 * This is very inefficient but is only used by management interfaces. 305 */ 306struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname) 307{ 308 struct l2tp_net *pn = l2tp_pernet(net); 309 int hash; 310 struct l2tp_session *session; 311 312 rcu_read_lock_bh(); 313 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) { 314 hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) { 315 if (!strcmp(session->ifname, ifname)) { 316 rcu_read_unlock_bh(); 317 return session; 318 } 319 } 320 } 321 322 rcu_read_unlock_bh(); 323 324 return NULL; 325} 326EXPORT_SYMBOL_GPL(l2tp_session_find_by_ifname); 327 328/* Lookup a tunnel by id 329 */ 330struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id) 331{ 332 struct l2tp_tunnel *tunnel; 333 struct l2tp_net *pn = l2tp_pernet(net); 334 335 rcu_read_lock_bh(); 336 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) { 337 if (tunnel->tunnel_id == tunnel_id) { 338 rcu_read_unlock_bh(); 339 return tunnel; 340 } 341 } 342 rcu_read_unlock_bh(); 343 344 return NULL; 345} 346EXPORT_SYMBOL_GPL(l2tp_tunnel_find); 347 348struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth) 349{ 350 struct l2tp_net *pn = l2tp_pernet(net); 351 struct l2tp_tunnel *tunnel; 352 int count = 0; 353 354 rcu_read_lock_bh(); 355 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) { 356 if (++count > nth) { 357 rcu_read_unlock_bh(); 358 return tunnel; 359 } 360 } 361 362 rcu_read_unlock_bh(); 363 364 return NULL; 365} 366EXPORT_SYMBOL_GPL(l2tp_tunnel_find_nth); 367 368/***************************************************************************** 369 * Receive data handling 370 *****************************************************************************/ 371 372/* Queue a skb in order. We come here only if the skb has an L2TP sequence 373 * number. 374 */ 375static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *skb) 376{ 377 struct sk_buff *skbp; 378 struct sk_buff *tmp; 379 u32 ns = L2TP_SKB_CB(skb)->ns; 380 381 spin_lock_bh(&session->reorder_q.lock); 382 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) { 383 if (L2TP_SKB_CB(skbp)->ns > ns) { 384 __skb_queue_before(&session->reorder_q, skbp, skb); 385 l2tp_dbg(session, L2TP_MSG_SEQ, 386 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n", 387 session->name, ns, L2TP_SKB_CB(skbp)->ns, 388 skb_queue_len(&session->reorder_q)); 389 atomic_long_inc(&session->stats.rx_oos_packets); 390 goto out; 391 } 392 } 393 394 __skb_queue_tail(&session->reorder_q, skb); 395 396out: 397 spin_unlock_bh(&session->reorder_q.lock); 398} 399 400/* Dequeue a single skb. 401 */ 402static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *skb) 403{ 404 struct l2tp_tunnel *tunnel = session->tunnel; 405 int length = L2TP_SKB_CB(skb)->length; 406 407 /* We're about to requeue the skb, so return resources 408 * to its current owner (a socket receive buffer). 409 */ 410 skb_orphan(skb); 411 412 atomic_long_inc(&tunnel->stats.rx_packets); 413 atomic_long_add(length, &tunnel->stats.rx_bytes); 414 atomic_long_inc(&session->stats.rx_packets); 415 atomic_long_add(length, &session->stats.rx_bytes); 416 417 if (L2TP_SKB_CB(skb)->has_seq) { 418 /* Bump our Nr */ 419 session->nr++; 420 session->nr &= session->nr_max; 421 422 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated nr to %hu\n", 423 session->name, session->nr); 424 } 425 426 /* call private receive handler */ 427 if (session->recv_skb != NULL) 428 (*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length); 429 else 430 kfree_skb(skb); 431 432 if (session->deref) 433 (*session->deref)(session); 434} 435 436/* Dequeue skbs from the session's reorder_q, subject to packet order. 437 * Skbs that have been in the queue for too long are simply discarded. 438 */ 439static void l2tp_recv_dequeue(struct l2tp_session *session) 440{ 441 struct sk_buff *skb; 442 struct sk_buff *tmp; 443 444 /* If the pkt at the head of the queue has the nr that we 445 * expect to send up next, dequeue it and any other 446 * in-sequence packets behind it. 447 */ 448start: 449 spin_lock_bh(&session->reorder_q.lock); 450 skb_queue_walk_safe(&session->reorder_q, skb, tmp) { 451 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) { 452 atomic_long_inc(&session->stats.rx_seq_discards); 453 atomic_long_inc(&session->stats.rx_errors); 454 l2tp_dbg(session, L2TP_MSG_SEQ, 455 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n", 456 session->name, L2TP_SKB_CB(skb)->ns, 457 L2TP_SKB_CB(skb)->length, session->nr, 458 skb_queue_len(&session->reorder_q)); 459 session->reorder_skip = 1; 460 __skb_unlink(skb, &session->reorder_q); 461 kfree_skb(skb); 462 if (session->deref) 463 (*session->deref)(session); 464 continue; 465 } 466 467 if (L2TP_SKB_CB(skb)->has_seq) { 468 if (session->reorder_skip) { 469 l2tp_dbg(session, L2TP_MSG_SEQ, 470 "%s: advancing nr to next pkt: %u -> %u", 471 session->name, session->nr, 472 L2TP_SKB_CB(skb)->ns); 473 session->reorder_skip = 0; 474 session->nr = L2TP_SKB_CB(skb)->ns; 475 } 476 if (L2TP_SKB_CB(skb)->ns != session->nr) { 477 l2tp_dbg(session, L2TP_MSG_SEQ, 478 "%s: holding oos pkt %u len %d, waiting for %u, reorder_q_len=%d\n", 479 session->name, L2TP_SKB_CB(skb)->ns, 480 L2TP_SKB_CB(skb)->length, session->nr, 481 skb_queue_len(&session->reorder_q)); 482 goto out; 483 } 484 } 485 __skb_unlink(skb, &session->reorder_q); 486 487 /* Process the skb. We release the queue lock while we 488 * do so to let other contexts process the queue. 489 */ 490 spin_unlock_bh(&session->reorder_q.lock); 491 l2tp_recv_dequeue_skb(session, skb); 492 goto start; 493 } 494 495out: 496 spin_unlock_bh(&session->reorder_q.lock); 497} 498 499static int l2tp_seq_check_rx_window(struct l2tp_session *session, u32 nr) 500{ 501 u32 nws; 502 503 if (nr >= session->nr) 504 nws = nr - session->nr; 505 else 506 nws = (session->nr_max + 1) - (session->nr - nr); 507 508 return nws < session->nr_window_size; 509} 510 511/* If packet has sequence numbers, queue it if acceptable. Returns 0 if 512 * acceptable, else non-zero. 513 */ 514static int l2tp_recv_data_seq(struct l2tp_session *session, struct sk_buff *skb) 515{ 516 if (!l2tp_seq_check_rx_window(session, L2TP_SKB_CB(skb)->ns)) { 517 /* Packet sequence number is outside allowed window. 518 * Discard it. 519 */ 520 l2tp_dbg(session, L2TP_MSG_SEQ, 521 "%s: pkt %u len %d discarded, outside window, nr=%u\n", 522 session->name, L2TP_SKB_CB(skb)->ns, 523 L2TP_SKB_CB(skb)->length, session->nr); 524 goto discard; 525 } 526 527 if (session->reorder_timeout != 0) { 528 /* Packet reordering enabled. Add skb to session's 529 * reorder queue, in order of ns. 530 */ 531 l2tp_recv_queue_skb(session, skb); 532 goto out; 533 } 534 535 /* Packet reordering disabled. Discard out-of-sequence packets, while 536 * tracking the number if in-sequence packets after the first OOS packet 537 * is seen. After nr_oos_count_max in-sequence packets, reset the 538 * sequence number to re-enable packet reception. 539 */ 540 if (L2TP_SKB_CB(skb)->ns == session->nr) { 541 skb_queue_tail(&session->reorder_q, skb); 542 } else { 543 u32 nr_oos = L2TP_SKB_CB(skb)->ns; 544 u32 nr_next = (session->nr_oos + 1) & session->nr_max; 545 546 if (nr_oos == nr_next) 547 session->nr_oos_count++; 548 else 549 session->nr_oos_count = 0; 550 551 session->nr_oos = nr_oos; 552 if (session->nr_oos_count > session->nr_oos_count_max) { 553 session->reorder_skip = 1; 554 l2tp_dbg(session, L2TP_MSG_SEQ, 555 "%s: %d oos packets received. Resetting sequence numbers\n", 556 session->name, session->nr_oos_count); 557 } 558 if (!session->reorder_skip) { 559 atomic_long_inc(&session->stats.rx_seq_discards); 560 l2tp_dbg(session, L2TP_MSG_SEQ, 561 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n", 562 session->name, L2TP_SKB_CB(skb)->ns, 563 L2TP_SKB_CB(skb)->length, session->nr, 564 skb_queue_len(&session->reorder_q)); 565 goto discard; 566 } 567 skb_queue_tail(&session->reorder_q, skb); 568 } 569 570out: 571 return 0; 572 573discard: 574 return 1; 575} 576 577/* Do receive processing of L2TP data frames. We handle both L2TPv2 578 * and L2TPv3 data frames here. 579 * 580 * L2TPv2 Data Message Header 581 * 582 * 0 1 2 3 583 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 584 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 585 * |T|L|x|x|S|x|O|P|x|x|x|x| Ver | Length (opt) | 586 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 587 * | Tunnel ID | Session ID | 588 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 589 * | Ns (opt) | Nr (opt) | 590 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 591 * | Offset Size (opt) | Offset pad... (opt) 592 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 593 * 594 * Data frames are marked by T=0. All other fields are the same as 595 * those in L2TP control frames. 596 * 597 * L2TPv3 Data Message Header 598 * 599 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 600 * | L2TP Session Header | 601 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 602 * | L2-Specific Sublayer | 603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 604 * | Tunnel Payload ... 605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 606 * 607 * L2TPv3 Session Header Over IP 608 * 609 * 0 1 2 3 610 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 611 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 612 * | Session ID | 613 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 614 * | Cookie (optional, maximum 64 bits)... 615 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 616 * | 617 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 618 * 619 * L2TPv3 L2-Specific Sublayer Format 620 * 621 * 0 1 2 3 622 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 623 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 624 * |x|S|x|x|x|x|x|x| Sequence Number | 625 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 626 * 627 * Cookie value, sublayer format and offset (pad) are negotiated with 628 * the peer when the session is set up. Unlike L2TPv2, we do not need 629 * to parse the packet header to determine if optional fields are 630 * present. 631 * 632 * Caller must already have parsed the frame and determined that it is 633 * a data (not control) frame before coming here. Fields up to the 634 * session-id have already been parsed and ptr points to the data 635 * after the session-id. 636 */ 637void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, 638 unsigned char *ptr, unsigned char *optr, u16 hdrflags, 639 int length, int (*payload_hook)(struct sk_buff *skb)) 640{ 641 struct l2tp_tunnel *tunnel = session->tunnel; 642 int offset; 643 u32 ns, nr; 644 645 /* The ref count is increased since we now hold a pointer to 646 * the session. Take care to decrement the refcnt when exiting 647 * this function from now on... 648 */ 649 l2tp_session_inc_refcount(session); 650 if (session->ref) 651 (*session->ref)(session); 652 653 /* Parse and check optional cookie */ 654 if (session->peer_cookie_len > 0) { 655 if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) { 656 l2tp_info(tunnel, L2TP_MSG_DATA, 657 "%s: cookie mismatch (%u/%u). Discarding.\n", 658 tunnel->name, tunnel->tunnel_id, 659 session->session_id); 660 atomic_long_inc(&session->stats.rx_cookie_discards); 661 goto discard; 662 } 663 ptr += session->peer_cookie_len; 664 } 665 666 /* Handle the optional sequence numbers. Sequence numbers are 667 * in different places for L2TPv2 and L2TPv3. 668 * 669 * If we are the LAC, enable/disable sequence numbers under 670 * the control of the LNS. If no sequence numbers present but 671 * we were expecting them, discard frame. 672 */ 673 ns = nr = 0; 674 L2TP_SKB_CB(skb)->has_seq = 0; 675 if (tunnel->version == L2TP_HDR_VER_2) { 676 if (hdrflags & L2TP_HDRFLAG_S) { 677 ns = ntohs(*(__be16 *) ptr); 678 ptr += 2; 679 nr = ntohs(*(__be16 *) ptr); 680 ptr += 2; 681 682 /* Store L2TP info in the skb */ 683 L2TP_SKB_CB(skb)->ns = ns; 684 L2TP_SKB_CB(skb)->has_seq = 1; 685 686 l2tp_dbg(session, L2TP_MSG_SEQ, 687 "%s: recv data ns=%u, nr=%u, session nr=%u\n", 688 session->name, ns, nr, session->nr); 689 } 690 } else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) { 691 u32 l2h = ntohl(*(__be32 *) ptr); 692 693 if (l2h & 0x40000000) { 694 ns = l2h & 0x00ffffff; 695 696 /* Store L2TP info in the skb */ 697 L2TP_SKB_CB(skb)->ns = ns; 698 L2TP_SKB_CB(skb)->has_seq = 1; 699 700 l2tp_dbg(session, L2TP_MSG_SEQ, 701 "%s: recv data ns=%u, session nr=%u\n", 702 session->name, ns, session->nr); 703 } 704 } 705 706 /* Advance past L2-specific header, if present */ 707 ptr += session->l2specific_len; 708 709 if (L2TP_SKB_CB(skb)->has_seq) { 710 /* Received a packet with sequence numbers. If we're the LNS, 711 * check if we sre sending sequence numbers and if not, 712 * configure it so. 713 */ 714 if ((!session->lns_mode) && (!session->send_seq)) { 715 l2tp_info(session, L2TP_MSG_SEQ, 716 "%s: requested to enable seq numbers by LNS\n", 717 session->name); 718 session->send_seq = -1; 719 l2tp_session_set_header_len(session, tunnel->version); 720 } 721 } else { 722 /* No sequence numbers. 723 * If user has configured mandatory sequence numbers, discard. 724 */ 725 if (session->recv_seq) { 726 l2tp_warn(session, L2TP_MSG_SEQ, 727 "%s: recv data has no seq numbers when required. Discarding.\n", 728 session->name); 729 atomic_long_inc(&session->stats.rx_seq_discards); 730 goto discard; 731 } 732 733 /* If we're the LAC and we're sending sequence numbers, the 734 * LNS has requested that we no longer send sequence numbers. 735 * If we're the LNS and we're sending sequence numbers, the 736 * LAC is broken. Discard the frame. 737 */ 738 if ((!session->lns_mode) && (session->send_seq)) { 739 l2tp_info(session, L2TP_MSG_SEQ, 740 "%s: requested to disable seq numbers by LNS\n", 741 session->name); 742 session->send_seq = 0; 743 l2tp_session_set_header_len(session, tunnel->version); 744 } else if (session->send_seq) { 745 l2tp_warn(session, L2TP_MSG_SEQ, 746 "%s: recv data has no seq numbers when required. Discarding.\n", 747 session->name); 748 atomic_long_inc(&session->stats.rx_seq_discards); 749 goto discard; 750 } 751 } 752 753 /* Session data offset is handled differently for L2TPv2 and 754 * L2TPv3. For L2TPv2, there is an optional 16-bit value in 755 * the header. For L2TPv3, the offset is negotiated using AVPs 756 * in the session setup control protocol. 757 */ 758 if (tunnel->version == L2TP_HDR_VER_2) { 759 /* If offset bit set, skip it. */ 760 if (hdrflags & L2TP_HDRFLAG_O) { 761 offset = ntohs(*(__be16 *)ptr); 762 ptr += 2 + offset; 763 } 764 } else 765 ptr += session->offset; 766 767 offset = ptr - optr; 768 if (!pskb_may_pull(skb, offset)) 769 goto discard; 770 771 __skb_pull(skb, offset); 772 773 /* If caller wants to process the payload before we queue the 774 * packet, do so now. 775 */ 776 if (payload_hook) 777 if ((*payload_hook)(skb)) 778 goto discard; 779 780 /* Prepare skb for adding to the session's reorder_q. Hold 781 * packets for max reorder_timeout or 1 second if not 782 * reordering. 783 */ 784 L2TP_SKB_CB(skb)->length = length; 785 L2TP_SKB_CB(skb)->expires = jiffies + 786 (session->reorder_timeout ? session->reorder_timeout : HZ); 787 788 /* Add packet to the session's receive queue. Reordering is done here, if 789 * enabled. Saved L2TP protocol info is stored in skb->sb[]. 790 */ 791 if (L2TP_SKB_CB(skb)->has_seq) { 792 if (l2tp_recv_data_seq(session, skb)) 793 goto discard; 794 } else { 795 /* No sequence numbers. Add the skb to the tail of the 796 * reorder queue. This ensures that it will be 797 * delivered after all previous sequenced skbs. 798 */ 799 skb_queue_tail(&session->reorder_q, skb); 800 } 801 802 /* Try to dequeue as many skbs from reorder_q as we can. */ 803 l2tp_recv_dequeue(session); 804 805 l2tp_session_dec_refcount(session); 806 807 return; 808 809discard: 810 atomic_long_inc(&session->stats.rx_errors); 811 kfree_skb(skb); 812 813 if (session->deref) 814 (*session->deref)(session); 815 816 l2tp_session_dec_refcount(session); 817} 818EXPORT_SYMBOL(l2tp_recv_common); 819 820/* Drop skbs from the session's reorder_q 821 */ 822int l2tp_session_queue_purge(struct l2tp_session *session) 823{ 824 struct sk_buff *skb = NULL; 825 BUG_ON(!session); 826 BUG_ON(session->magic != L2TP_SESSION_MAGIC); 827 while ((skb = skb_dequeue(&session->reorder_q))) { 828 atomic_long_inc(&session->stats.rx_errors); 829 kfree_skb(skb); 830 if (session->deref) 831 (*session->deref)(session); 832 } 833 return 0; 834} 835EXPORT_SYMBOL_GPL(l2tp_session_queue_purge); 836 837/* Internal UDP receive frame. Do the real work of receiving an L2TP data frame 838 * here. The skb is not on a list when we get here. 839 * Returns 0 if the packet was a data packet and was successfully passed on. 840 * Returns 1 if the packet was not a good data packet and could not be 841 * forwarded. All such packets are passed up to userspace to deal with. 842 */ 843static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb, 844 int (*payload_hook)(struct sk_buff *skb)) 845{ 846 struct l2tp_session *session = NULL; 847 unsigned char *ptr, *optr; 848 u16 hdrflags; 849 u32 tunnel_id, session_id; 850 u16 version; 851 int length; 852 853 /* UDP has verifed checksum */ 854 855 /* UDP always verifies the packet length. */ 856 __skb_pull(skb, sizeof(struct udphdr)); 857 858 /* Short packet? */ 859 if (!pskb_may_pull(skb, L2TP_HDR_SIZE_SEQ)) { 860 l2tp_info(tunnel, L2TP_MSG_DATA, 861 "%s: recv short packet (len=%d)\n", 862 tunnel->name, skb->len); 863 goto error; 864 } 865 866 /* Trace packet contents, if enabled */ 867 if (tunnel->debug & L2TP_MSG_DATA) { 868 length = min(32u, skb->len); 869 if (!pskb_may_pull(skb, length)) 870 goto error; 871 872 pr_debug("%s: recv\n", tunnel->name); 873 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length); 874 } 875 876 /* Point to L2TP header */ 877 optr = ptr = skb->data; 878 879 /* Get L2TP header flags */ 880 hdrflags = ntohs(*(__be16 *) ptr); 881 882 /* Check protocol version */ 883 version = hdrflags & L2TP_HDR_VER_MASK; 884 if (version != tunnel->version) { 885 l2tp_info(tunnel, L2TP_MSG_DATA, 886 "%s: recv protocol version mismatch: got %d expected %d\n", 887 tunnel->name, version, tunnel->version); 888 goto error; 889 } 890 891 /* Get length of L2TP packet */ 892 length = skb->len; 893 894 /* If type is control packet, it is handled by userspace. */ 895 if (hdrflags & L2TP_HDRFLAG_T) { 896 l2tp_dbg(tunnel, L2TP_MSG_DATA, 897 "%s: recv control packet, len=%d\n", 898 tunnel->name, length); 899 goto error; 900 } 901 902 /* Skip flags */ 903 ptr += 2; 904 905 if (tunnel->version == L2TP_HDR_VER_2) { 906 /* If length is present, skip it */ 907 if (hdrflags & L2TP_HDRFLAG_L) 908 ptr += 2; 909 910 /* Extract tunnel and session ID */ 911 tunnel_id = ntohs(*(__be16 *) ptr); 912 ptr += 2; 913 session_id = ntohs(*(__be16 *) ptr); 914 ptr += 2; 915 } else { 916 ptr += 2; /* skip reserved bits */ 917 tunnel_id = tunnel->tunnel_id; 918 session_id = ntohl(*(__be32 *) ptr); 919 ptr += 4; 920 } 921 922 /* Find the session context */ 923 session = l2tp_session_find(tunnel->l2tp_net, tunnel, session_id); 924 if (!session || !session->recv_skb) { 925 /* Not found? Pass to userspace to deal with */ 926 l2tp_info(tunnel, L2TP_MSG_DATA, 927 "%s: no session found (%u/%u). Passing up.\n", 928 tunnel->name, tunnel_id, session_id); 929 goto error; 930 } 931 932 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook); 933 934 return 0; 935 936error: 937 /* Put UDP header back */ 938 __skb_push(skb, sizeof(struct udphdr)); 939 940 return 1; 941} 942 943/* UDP encapsulation receive handler. See net/ipv4/udp.c. 944 * Return codes: 945 * 0 : success. 946 * <0: error 947 * >0: skb should be passed up to userspace as UDP. 948 */ 949int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb) 950{ 951 struct l2tp_tunnel *tunnel; 952 953 tunnel = l2tp_sock_to_tunnel(sk); 954 if (tunnel == NULL) 955 goto pass_up; 956 957 l2tp_dbg(tunnel, L2TP_MSG_DATA, "%s: received %d bytes\n", 958 tunnel->name, skb->len); 959 960 if (l2tp_udp_recv_core(tunnel, skb, tunnel->recv_payload_hook)) 961 goto pass_up_put; 962 963 sock_put(sk); 964 return 0; 965 966pass_up_put: 967 sock_put(sk); 968pass_up: 969 return 1; 970} 971EXPORT_SYMBOL_GPL(l2tp_udp_encap_recv); 972 973/************************************************************************ 974 * Transmit handling 975 ***********************************************************************/ 976 977/* Build an L2TP header for the session into the buffer provided. 978 */ 979static int l2tp_build_l2tpv2_header(struct l2tp_session *session, void *buf) 980{ 981 struct l2tp_tunnel *tunnel = session->tunnel; 982 __be16 *bufp = buf; 983 __be16 *optr = buf; 984 u16 flags = L2TP_HDR_VER_2; 985 u32 tunnel_id = tunnel->peer_tunnel_id; 986 u32 session_id = session->peer_session_id; 987 988 if (session->send_seq) 989 flags |= L2TP_HDRFLAG_S; 990 991 /* Setup L2TP header. */ 992 *bufp++ = htons(flags); 993 *bufp++ = htons(tunnel_id); 994 *bufp++ = htons(session_id); 995 if (session->send_seq) { 996 *bufp++ = htons(session->ns); 997 *bufp++ = 0; 998 session->ns++; 999 session->ns &= 0xffff; 1000 l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated ns to %u\n", 1001 session->name, session->ns); 1002 } 1003 1004 return bufp - optr; 1005} 1006 1007static int l2tp_build_l2tpv3_header(struct l2tp_session *session, void *buf) 1008{ 1009 struct l2tp_tunnel *tunnel = session->tunnel; 1010 char *bufp = buf; 1011 char *optr = bufp; 1012 1013 /* Setup L2TP header. The header differs slightly for UDP and 1014 * IP encapsulations. For UDP, there is 4 bytes of flags. 1015 */ 1016 if (tunnel->encap == L2TP_ENCAPTYPE_UDP) { 1017 u16 flags = L2TP_HDR_VER_3; 1018 *((__be16 *) bufp) = htons(flags); 1019 bufp += 2; 1020 *((__be16 *) bufp) = 0; 1021 bufp += 2; 1022 } 1023 1024 *((__be32 *) bufp) = htonl(session->peer_session_id); 1025 bufp += 4; 1026 if (session->cookie_len) { 1027 memcpy(bufp, &session->cookie[0], session->cookie_len); 1028 bufp += session->cookie_len; 1029 } 1030 if (session->l2specific_len) { 1031 if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) { 1032 u32 l2h = 0; 1033 if (session->send_seq) { 1034 l2h = 0x40000000 | session->ns; 1035 session->ns++; 1036 session->ns &= 0xffffff; 1037 l2tp_dbg(session, L2TP_MSG_SEQ, 1038 "%s: updated ns to %u\n", 1039 session->name, session->ns); 1040 } 1041 1042 *((__be32 *) bufp) = htonl(l2h); 1043 } 1044 bufp += session->l2specific_len; 1045 } 1046 if (session->offset) 1047 bufp += session->offset; 1048 1049 return bufp - optr; 1050} 1051 1052static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb, 1053 struct flowi *fl, size_t data_len) 1054{ 1055 struct l2tp_tunnel *tunnel = session->tunnel; 1056 unsigned int len = skb->len; 1057 int error; 1058 1059 /* Debug */ 1060 if (session->send_seq) 1061 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes, ns=%u\n", 1062 session->name, data_len, session->ns - 1); 1063 else 1064 l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %Zd bytes\n", 1065 session->name, data_len); 1066 1067 if (session->debug & L2TP_MSG_DATA) { 1068 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0; 1069 unsigned char *datap = skb->data + uhlen; 1070 1071 pr_debug("%s: xmit\n", session->name); 1072 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1073 datap, min_t(size_t, 32, len - uhlen)); 1074 } 1075 1076 /* Queue the packet to IP for output */ 1077 skb->ignore_df = 1; 1078#if IS_ENABLED(CONFIG_IPV6) 1079 if (tunnel->sock->sk_family == PF_INET6 && !tunnel->v4mapped) 1080 error = inet6_csk_xmit(tunnel->sock, skb, NULL); 1081 else 1082#endif 1083 error = ip_queue_xmit(tunnel->sock, skb, fl); 1084 1085 /* Update stats */ 1086 if (error >= 0) { 1087 atomic_long_inc(&tunnel->stats.tx_packets); 1088 atomic_long_add(len, &tunnel->stats.tx_bytes); 1089 atomic_long_inc(&session->stats.tx_packets); 1090 atomic_long_add(len, &session->stats.tx_bytes); 1091 } else { 1092 atomic_long_inc(&tunnel->stats.tx_errors); 1093 atomic_long_inc(&session->stats.tx_errors); 1094 } 1095 1096 return 0; 1097} 1098 1099/* If caller requires the skb to have a ppp header, the header must be 1100 * inserted in the skb data before calling this function. 1101 */ 1102int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len) 1103{ 1104 int data_len = skb->len; 1105 struct l2tp_tunnel *tunnel = session->tunnel; 1106 struct sock *sk = tunnel->sock; 1107 struct flowi *fl; 1108 struct udphdr *uh; 1109 struct inet_sock *inet; 1110 int headroom; 1111 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0; 1112 int udp_len; 1113 int ret = NET_XMIT_SUCCESS; 1114 1115 /* Check that there's enough headroom in the skb to insert IP, 1116 * UDP and L2TP headers. If not enough, expand it to 1117 * make room. Adjust truesize. 1118 */ 1119 headroom = NET_SKB_PAD + sizeof(struct iphdr) + 1120 uhlen + hdr_len; 1121 if (skb_cow_head(skb, headroom)) { 1122 kfree_skb(skb); 1123 return NET_XMIT_DROP; 1124 } 1125 1126 /* Setup L2TP header */ 1127 session->build_header(session, __skb_push(skb, hdr_len)); 1128 1129 /* Reset skb netfilter state */ 1130 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 1131 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | 1132 IPSKB_REROUTED); 1133 nf_reset(skb); 1134 1135 bh_lock_sock(sk); 1136 if (sock_owned_by_user(sk)) { 1137 kfree_skb(skb); 1138 ret = NET_XMIT_DROP; 1139 goto out_unlock; 1140 } 1141 1142 /* Get routing info from the tunnel socket */ 1143 skb_dst_drop(skb); 1144 skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0))); 1145 1146 inet = inet_sk(sk); 1147 fl = &inet->cork.fl; 1148 switch (tunnel->encap) { 1149 case L2TP_ENCAPTYPE_UDP: 1150 /* Setup UDP header */ 1151 __skb_push(skb, sizeof(*uh)); 1152 skb_reset_transport_header(skb); 1153 uh = udp_hdr(skb); 1154 uh->source = inet->inet_sport; 1155 uh->dest = inet->inet_dport; 1156 udp_len = uhlen + hdr_len + data_len; 1157 uh->len = htons(udp_len); 1158 1159 /* Calculate UDP checksum if configured to do so */ 1160#if IS_ENABLED(CONFIG_IPV6) 1161 if (sk->sk_family == PF_INET6 && !tunnel->v4mapped) 1162 udp6_set_csum(udp_get_no_check6_tx(sk), 1163 skb, &inet6_sk(sk)->saddr, 1164 &sk->sk_v6_daddr, udp_len); 1165 else 1166#endif 1167 udp_set_csum(sk->sk_no_check_tx, skb, inet->inet_saddr, 1168 inet->inet_daddr, udp_len); 1169 break; 1170 1171 case L2TP_ENCAPTYPE_IP: 1172 break; 1173 } 1174 1175 l2tp_xmit_core(session, skb, fl, data_len); 1176out_unlock: 1177 bh_unlock_sock(sk); 1178 1179 return ret; 1180} 1181EXPORT_SYMBOL_GPL(l2tp_xmit_skb); 1182 1183/***************************************************************************** 1184 * Tinnel and session create/destroy. 1185 *****************************************************************************/ 1186 1187/* Tunnel socket destruct hook. 1188 * The tunnel context is deleted only when all session sockets have been 1189 * closed. 1190 */ 1191static void l2tp_tunnel_destruct(struct sock *sk) 1192{ 1193 struct l2tp_tunnel *tunnel = l2tp_tunnel(sk); 1194 struct l2tp_net *pn; 1195 1196 if (tunnel == NULL) 1197 goto end; 1198 1199 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name); 1200 1201 1202 /* Disable udp encapsulation */ 1203 switch (tunnel->encap) { 1204 case L2TP_ENCAPTYPE_UDP: 1205 /* No longer an encapsulation socket. See net/ipv4/udp.c */ 1206 (udp_sk(sk))->encap_type = 0; 1207 (udp_sk(sk))->encap_rcv = NULL; 1208 (udp_sk(sk))->encap_destroy = NULL; 1209 break; 1210 case L2TP_ENCAPTYPE_IP: 1211 break; 1212 } 1213 1214 /* Remove hooks into tunnel socket */ 1215 sk->sk_destruct = tunnel->old_sk_destruct; 1216 sk->sk_user_data = NULL; 1217 tunnel->sock = NULL; 1218 1219 /* Remove the tunnel struct from the tunnel list */ 1220 pn = l2tp_pernet(tunnel->l2tp_net); 1221 spin_lock_bh(&pn->l2tp_tunnel_list_lock); 1222 list_del_rcu(&tunnel->list); 1223 spin_unlock_bh(&pn->l2tp_tunnel_list_lock); 1224 atomic_dec(&l2tp_tunnel_count); 1225 1226 l2tp_tunnel_closeall(tunnel); 1227 l2tp_tunnel_dec_refcount(tunnel); 1228 1229 /* Call the original destructor */ 1230 if (sk->sk_destruct) 1231 (*sk->sk_destruct)(sk); 1232end: 1233 return; 1234} 1235 1236/* When the tunnel is closed, all the attached sessions need to go too. 1237 */ 1238void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel) 1239{ 1240 int hash; 1241 struct hlist_node *walk; 1242 struct hlist_node *tmp; 1243 struct l2tp_session *session; 1244 1245 BUG_ON(tunnel == NULL); 1246 1247 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing all sessions...\n", 1248 tunnel->name); 1249 1250 write_lock_bh(&tunnel->hlist_lock); 1251 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) { 1252again: 1253 hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) { 1254 session = hlist_entry(walk, struct l2tp_session, hlist); 1255 1256 l2tp_info(session, L2TP_MSG_CONTROL, 1257 "%s: closing session\n", session->name); 1258 1259 hlist_del_init(&session->hlist); 1260 1261 if (session->ref != NULL) 1262 (*session->ref)(session); 1263 1264 write_unlock_bh(&tunnel->hlist_lock); 1265 1266 __l2tp_session_unhash(session); 1267 l2tp_session_queue_purge(session); 1268 1269 if (session->session_close != NULL) 1270 (*session->session_close)(session); 1271 1272 if (session->deref != NULL) 1273 (*session->deref)(session); 1274 1275 l2tp_session_dec_refcount(session); 1276 1277 write_lock_bh(&tunnel->hlist_lock); 1278 1279 /* Now restart from the beginning of this hash 1280 * chain. We always remove a session from the 1281 * list so we are guaranteed to make forward 1282 * progress. 1283 */ 1284 goto again; 1285 } 1286 } 1287 write_unlock_bh(&tunnel->hlist_lock); 1288} 1289EXPORT_SYMBOL_GPL(l2tp_tunnel_closeall); 1290 1291/* Tunnel socket destroy hook for UDP encapsulation */ 1292static void l2tp_udp_encap_destroy(struct sock *sk) 1293{ 1294 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk); 1295 if (tunnel) { 1296 l2tp_tunnel_closeall(tunnel); 1297 sock_put(sk); 1298 } 1299} 1300 1301/* Really kill the tunnel. 1302 * Come here only when all sessions have been cleared from the tunnel. 1303 */ 1304static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel) 1305{ 1306 BUG_ON(atomic_read(&tunnel->ref_count) != 0); 1307 BUG_ON(tunnel->sock != NULL); 1308 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name); 1309 kfree_rcu(tunnel, rcu); 1310} 1311 1312/* Workqueue tunnel deletion function */ 1313static void l2tp_tunnel_del_work(struct work_struct *work) 1314{ 1315 struct l2tp_tunnel *tunnel = NULL; 1316 struct socket *sock = NULL; 1317 struct sock *sk = NULL; 1318 1319 tunnel = container_of(work, struct l2tp_tunnel, del_work); 1320 sk = l2tp_tunnel_sock_lookup(tunnel); 1321 if (!sk) 1322 goto out; 1323 1324 sock = sk->sk_socket; 1325 1326 /* If the tunnel socket was created by userspace, then go through the 1327 * inet layer to shut the socket down, and let userspace close it. 1328 * Otherwise, if we created the socket directly within the kernel, use 1329 * the sk API to release it here. 1330 * In either case the tunnel resources are freed in the socket 1331 * destructor when the tunnel socket goes away. 1332 */ 1333 if (tunnel->fd >= 0) { 1334 if (sock) 1335 inet_shutdown(sock, 2); 1336 } else { 1337 if (sock) 1338 kernel_sock_shutdown(sock, SHUT_RDWR); 1339 sk_release_kernel(sk); 1340 } 1341 1342 l2tp_tunnel_sock_put(sk); 1343out: 1344 l2tp_tunnel_dec_refcount(tunnel); 1345} 1346 1347/* Create a socket for the tunnel, if one isn't set up by 1348 * userspace. This is used for static tunnels where there is no 1349 * managing L2TP daemon. 1350 * 1351 * Since we don't want these sockets to keep a namespace alive by 1352 * themselves, we drop the socket's namespace refcount after creation. 1353 * These sockets are freed when the namespace exits using the pernet 1354 * exit hook. 1355 */ 1356static int l2tp_tunnel_sock_create(struct net *net, 1357 u32 tunnel_id, 1358 u32 peer_tunnel_id, 1359 struct l2tp_tunnel_cfg *cfg, 1360 struct socket **sockp) 1361{ 1362 int err = -EINVAL; 1363 struct socket *sock = NULL; 1364 struct udp_port_cfg udp_conf; 1365 1366 switch (cfg->encap) { 1367 case L2TP_ENCAPTYPE_UDP: 1368 memset(&udp_conf, 0, sizeof(udp_conf)); 1369 1370#if IS_ENABLED(CONFIG_IPV6) 1371 if (cfg->local_ip6 && cfg->peer_ip6) { 1372 udp_conf.family = AF_INET6; 1373 memcpy(&udp_conf.local_ip6, cfg->local_ip6, 1374 sizeof(udp_conf.local_ip6)); 1375 memcpy(&udp_conf.peer_ip6, cfg->peer_ip6, 1376 sizeof(udp_conf.peer_ip6)); 1377 udp_conf.use_udp6_tx_checksums = 1378 cfg->udp6_zero_tx_checksums; 1379 udp_conf.use_udp6_rx_checksums = 1380 cfg->udp6_zero_rx_checksums; 1381 } else 1382#endif 1383 { 1384 udp_conf.family = AF_INET; 1385 udp_conf.local_ip = cfg->local_ip; 1386 udp_conf.peer_ip = cfg->peer_ip; 1387 udp_conf.use_udp_checksums = cfg->use_udp_checksums; 1388 } 1389 1390 udp_conf.local_udp_port = htons(cfg->local_udp_port); 1391 udp_conf.peer_udp_port = htons(cfg->peer_udp_port); 1392 1393 err = udp_sock_create(net, &udp_conf, &sock); 1394 if (err < 0) 1395 goto out; 1396 1397 break; 1398 1399 case L2TP_ENCAPTYPE_IP: 1400#if IS_ENABLED(CONFIG_IPV6) 1401 if (cfg->local_ip6 && cfg->peer_ip6) { 1402 struct sockaddr_l2tpip6 ip6_addr = {0}; 1403 1404 err = sock_create_kern(AF_INET6, SOCK_DGRAM, 1405 IPPROTO_L2TP, &sock); 1406 if (err < 0) 1407 goto out; 1408 1409 sk_change_net(sock->sk, net); 1410 1411 ip6_addr.l2tp_family = AF_INET6; 1412 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6, 1413 sizeof(ip6_addr.l2tp_addr)); 1414 ip6_addr.l2tp_conn_id = tunnel_id; 1415 err = kernel_bind(sock, (struct sockaddr *) &ip6_addr, 1416 sizeof(ip6_addr)); 1417 if (err < 0) 1418 goto out; 1419 1420 ip6_addr.l2tp_family = AF_INET6; 1421 memcpy(&ip6_addr.l2tp_addr, cfg->peer_ip6, 1422 sizeof(ip6_addr.l2tp_addr)); 1423 ip6_addr.l2tp_conn_id = peer_tunnel_id; 1424 err = kernel_connect(sock, 1425 (struct sockaddr *) &ip6_addr, 1426 sizeof(ip6_addr), 0); 1427 if (err < 0) 1428 goto out; 1429 } else 1430#endif 1431 { 1432 struct sockaddr_l2tpip ip_addr = {0}; 1433 1434 err = sock_create_kern(AF_INET, SOCK_DGRAM, 1435 IPPROTO_L2TP, &sock); 1436 if (err < 0) 1437 goto out; 1438 1439 sk_change_net(sock->sk, net); 1440 1441 ip_addr.l2tp_family = AF_INET; 1442 ip_addr.l2tp_addr = cfg->local_ip; 1443 ip_addr.l2tp_conn_id = tunnel_id; 1444 err = kernel_bind(sock, (struct sockaddr *) &ip_addr, 1445 sizeof(ip_addr)); 1446 if (err < 0) 1447 goto out; 1448 1449 ip_addr.l2tp_family = AF_INET; 1450 ip_addr.l2tp_addr = cfg->peer_ip; 1451 ip_addr.l2tp_conn_id = peer_tunnel_id; 1452 err = kernel_connect(sock, (struct sockaddr *) &ip_addr, 1453 sizeof(ip_addr), 0); 1454 if (err < 0) 1455 goto out; 1456 } 1457 break; 1458 1459 default: 1460 goto out; 1461 } 1462 1463out: 1464 *sockp = sock; 1465 if ((err < 0) && sock) { 1466 kernel_sock_shutdown(sock, SHUT_RDWR); 1467 sk_release_kernel(sock->sk); 1468 *sockp = NULL; 1469 } 1470 1471 return err; 1472} 1473 1474static struct lock_class_key l2tp_socket_class; 1475 1476int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp) 1477{ 1478 struct l2tp_tunnel *tunnel = NULL; 1479 int err; 1480 struct socket *sock = NULL; 1481 struct sock *sk = NULL; 1482 struct l2tp_net *pn; 1483 enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP; 1484 1485 /* Get the tunnel socket from the fd, which was opened by 1486 * the userspace L2TP daemon. If not specified, create a 1487 * kernel socket. 1488 */ 1489 if (fd < 0) { 1490 err = l2tp_tunnel_sock_create(net, tunnel_id, peer_tunnel_id, 1491 cfg, &sock); 1492 if (err < 0) 1493 goto err; 1494 } else { 1495 sock = sockfd_lookup(fd, &err); 1496 if (!sock) { 1497 pr_err("tunl %u: sockfd_lookup(fd=%d) returned %d\n", 1498 tunnel_id, fd, err); 1499 err = -EBADF; 1500 goto err; 1501 } 1502 1503 /* Reject namespace mismatches */ 1504 if (!net_eq(sock_net(sock->sk), net)) { 1505 pr_err("tunl %u: netns mismatch\n", tunnel_id); 1506 err = -EINVAL; 1507 goto err; 1508 } 1509 } 1510 1511 sk = sock->sk; 1512 1513 if (cfg != NULL) 1514 encap = cfg->encap; 1515 1516 /* Quick sanity checks */ 1517 switch (encap) { 1518 case L2TP_ENCAPTYPE_UDP: 1519 err = -EPROTONOSUPPORT; 1520 if (sk->sk_protocol != IPPROTO_UDP) { 1521 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", 1522 tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP); 1523 goto err; 1524 } 1525 break; 1526 case L2TP_ENCAPTYPE_IP: 1527 err = -EPROTONOSUPPORT; 1528 if (sk->sk_protocol != IPPROTO_L2TP) { 1529 pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", 1530 tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP); 1531 goto err; 1532 } 1533 break; 1534 } 1535 1536 /* Check if this socket has already been prepped */ 1537 tunnel = l2tp_tunnel(sk); 1538 if (tunnel != NULL) { 1539 /* This socket has already been prepped */ 1540 err = -EBUSY; 1541 goto err; 1542 } 1543 1544 tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL); 1545 if (tunnel == NULL) { 1546 err = -ENOMEM; 1547 goto err; 1548 } 1549 1550 tunnel->version = version; 1551 tunnel->tunnel_id = tunnel_id; 1552 tunnel->peer_tunnel_id = peer_tunnel_id; 1553 tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS; 1554 1555 tunnel->magic = L2TP_TUNNEL_MAGIC; 1556 sprintf(&tunnel->name[0], "tunl %u", tunnel_id); 1557 rwlock_init(&tunnel->hlist_lock); 1558 1559 /* The net we belong to */ 1560 tunnel->l2tp_net = net; 1561 pn = l2tp_pernet(net); 1562 1563 if (cfg != NULL) 1564 tunnel->debug = cfg->debug; 1565 1566#if IS_ENABLED(CONFIG_IPV6) 1567 if (sk->sk_family == PF_INET6) { 1568 struct ipv6_pinfo *np = inet6_sk(sk); 1569 1570 if (ipv6_addr_v4mapped(&np->saddr) && 1571 ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { 1572 struct inet_sock *inet = inet_sk(sk); 1573 1574 tunnel->v4mapped = true; 1575 inet->inet_saddr = np->saddr.s6_addr32[3]; 1576 inet->inet_rcv_saddr = sk->sk_v6_rcv_saddr.s6_addr32[3]; 1577 inet->inet_daddr = sk->sk_v6_daddr.s6_addr32[3]; 1578 } else { 1579 tunnel->v4mapped = false; 1580 } 1581 } 1582#endif 1583 1584 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */ 1585 tunnel->encap = encap; 1586 if (encap == L2TP_ENCAPTYPE_UDP) { 1587 struct udp_tunnel_sock_cfg udp_cfg; 1588 1589 udp_cfg.sk_user_data = tunnel; 1590 udp_cfg.encap_type = UDP_ENCAP_L2TPINUDP; 1591 udp_cfg.encap_rcv = l2tp_udp_encap_recv; 1592 udp_cfg.encap_destroy = l2tp_udp_encap_destroy; 1593 1594 setup_udp_tunnel_sock(net, sock, &udp_cfg); 1595 } else { 1596 sk->sk_user_data = tunnel; 1597 } 1598 1599 /* Hook on the tunnel socket destructor so that we can cleanup 1600 * if the tunnel socket goes away. 1601 */ 1602 tunnel->old_sk_destruct = sk->sk_destruct; 1603 sk->sk_destruct = &l2tp_tunnel_destruct; 1604 tunnel->sock = sk; 1605 tunnel->fd = fd; 1606 lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock"); 1607 1608 sk->sk_allocation = GFP_ATOMIC; 1609 1610 /* Init delete workqueue struct */ 1611 INIT_WORK(&tunnel->del_work, l2tp_tunnel_del_work); 1612 1613 /* Add tunnel to our list */ 1614 INIT_LIST_HEAD(&tunnel->list); 1615 atomic_inc(&l2tp_tunnel_count); 1616 1617 /* Bump the reference count. The tunnel context is deleted 1618 * only when this drops to zero. Must be done before list insertion 1619 */ 1620 l2tp_tunnel_inc_refcount(tunnel); 1621 spin_lock_bh(&pn->l2tp_tunnel_list_lock); 1622 list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list); 1623 spin_unlock_bh(&pn->l2tp_tunnel_list_lock); 1624 1625 err = 0; 1626err: 1627 if (tunnelp) 1628 *tunnelp = tunnel; 1629 1630 /* If tunnel's socket was created by the kernel, it doesn't 1631 * have a file. 1632 */ 1633 if (sock && sock->file) 1634 sockfd_put(sock); 1635 1636 return err; 1637} 1638EXPORT_SYMBOL_GPL(l2tp_tunnel_create); 1639 1640/* This function is used by the netlink TUNNEL_DELETE command. 1641 */ 1642int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel) 1643{ 1644 l2tp_tunnel_inc_refcount(tunnel); 1645 l2tp_tunnel_closeall(tunnel); 1646 if (false == queue_work(l2tp_wq, &tunnel->del_work)) { 1647 l2tp_tunnel_dec_refcount(tunnel); 1648 return 1; 1649 } 1650 return 0; 1651} 1652EXPORT_SYMBOL_GPL(l2tp_tunnel_delete); 1653 1654/* Really kill the session. 1655 */ 1656void l2tp_session_free(struct l2tp_session *session) 1657{ 1658 struct l2tp_tunnel *tunnel = session->tunnel; 1659 1660 BUG_ON(atomic_read(&session->ref_count) != 0); 1661 1662 if (tunnel) { 1663 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC); 1664 if (session->session_id != 0) 1665 atomic_dec(&l2tp_session_count); 1666 sock_put(tunnel->sock); 1667 session->tunnel = NULL; 1668 l2tp_tunnel_dec_refcount(tunnel); 1669 } 1670 1671 kfree(session); 1672} 1673EXPORT_SYMBOL_GPL(l2tp_session_free); 1674 1675/* Remove an l2tp session from l2tp_core's hash lists. 1676 * Provides a tidyup interface for pseudowire code which can't just route all 1677 * shutdown via. l2tp_session_delete and a pseudowire-specific session_close 1678 * callback. 1679 */ 1680void __l2tp_session_unhash(struct l2tp_session *session) 1681{ 1682 struct l2tp_tunnel *tunnel = session->tunnel; 1683 1684 /* Remove the session from core hashes */ 1685 if (tunnel) { 1686 /* Remove from the per-tunnel hash */ 1687 write_lock_bh(&tunnel->hlist_lock); 1688 hlist_del_init(&session->hlist); 1689 write_unlock_bh(&tunnel->hlist_lock); 1690 1691 /* For L2TPv3 we have a per-net hash: remove from there, too */ 1692 if (tunnel->version != L2TP_HDR_VER_2) { 1693 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net); 1694 spin_lock_bh(&pn->l2tp_session_hlist_lock); 1695 hlist_del_init_rcu(&session->global_hlist); 1696 spin_unlock_bh(&pn->l2tp_session_hlist_lock); 1697 synchronize_rcu(); 1698 } 1699 } 1700} 1701EXPORT_SYMBOL_GPL(__l2tp_session_unhash); 1702 1703/* This function is used by the netlink SESSION_DELETE command and by 1704 pseudowire modules. 1705 */ 1706int l2tp_session_delete(struct l2tp_session *session) 1707{ 1708 if (session->ref) 1709 (*session->ref)(session); 1710 __l2tp_session_unhash(session); 1711 l2tp_session_queue_purge(session); 1712 if (session->session_close != NULL) 1713 (*session->session_close)(session); 1714 if (session->deref) 1715 (*session->deref)(session); 1716 l2tp_session_dec_refcount(session); 1717 return 0; 1718} 1719EXPORT_SYMBOL_GPL(l2tp_session_delete); 1720 1721/* We come here whenever a session's send_seq, cookie_len or 1722 * l2specific_len parameters are set. 1723 */ 1724void l2tp_session_set_header_len(struct l2tp_session *session, int version) 1725{ 1726 if (version == L2TP_HDR_VER_2) { 1727 session->hdr_len = 6; 1728 if (session->send_seq) 1729 session->hdr_len += 4; 1730 } else { 1731 session->hdr_len = 4 + session->cookie_len + session->l2specific_len + session->offset; 1732 if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP) 1733 session->hdr_len += 4; 1734 } 1735 1736} 1737EXPORT_SYMBOL_GPL(l2tp_session_set_header_len); 1738 1739struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg) 1740{ 1741 struct l2tp_session *session; 1742 1743 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL); 1744 if (session != NULL) { 1745 session->magic = L2TP_SESSION_MAGIC; 1746 session->tunnel = tunnel; 1747 1748 session->session_id = session_id; 1749 session->peer_session_id = peer_session_id; 1750 session->nr = 0; 1751 if (tunnel->version == L2TP_HDR_VER_2) 1752 session->nr_max = 0xffff; 1753 else 1754 session->nr_max = 0xffffff; 1755 session->nr_window_size = session->nr_max / 2; 1756 session->nr_oos_count_max = 4; 1757 1758 /* Use NR of first received packet */ 1759 session->reorder_skip = 1; 1760 1761 sprintf(&session->name[0], "sess %u/%u", 1762 tunnel->tunnel_id, session->session_id); 1763 1764 skb_queue_head_init(&session->reorder_q); 1765 1766 INIT_HLIST_NODE(&session->hlist); 1767 INIT_HLIST_NODE(&session->global_hlist); 1768 1769 /* Inherit debug options from tunnel */ 1770 session->debug = tunnel->debug; 1771 1772 if (cfg) { 1773 session->pwtype = cfg->pw_type; 1774 session->debug = cfg->debug; 1775 session->mtu = cfg->mtu; 1776 session->mru = cfg->mru; 1777 session->send_seq = cfg->send_seq; 1778 session->recv_seq = cfg->recv_seq; 1779 session->lns_mode = cfg->lns_mode; 1780 session->reorder_timeout = cfg->reorder_timeout; 1781 session->offset = cfg->offset; 1782 session->l2specific_type = cfg->l2specific_type; 1783 session->l2specific_len = cfg->l2specific_len; 1784 session->cookie_len = cfg->cookie_len; 1785 memcpy(&session->cookie[0], &cfg->cookie[0], cfg->cookie_len); 1786 session->peer_cookie_len = cfg->peer_cookie_len; 1787 memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len); 1788 } 1789 1790 if (tunnel->version == L2TP_HDR_VER_2) 1791 session->build_header = l2tp_build_l2tpv2_header; 1792 else 1793 session->build_header = l2tp_build_l2tpv3_header; 1794 1795 l2tp_session_set_header_len(session, tunnel->version); 1796 1797 /* Bump the reference count. The session context is deleted 1798 * only when this drops to zero. 1799 */ 1800 l2tp_session_inc_refcount(session); 1801 l2tp_tunnel_inc_refcount(tunnel); 1802 1803 /* Ensure tunnel socket isn't deleted */ 1804 sock_hold(tunnel->sock); 1805 1806 /* Add session to the tunnel's hash list */ 1807 write_lock_bh(&tunnel->hlist_lock); 1808 hlist_add_head(&session->hlist, 1809 l2tp_session_id_hash(tunnel, session_id)); 1810 write_unlock_bh(&tunnel->hlist_lock); 1811 1812 /* And to the global session list if L2TPv3 */ 1813 if (tunnel->version != L2TP_HDR_VER_2) { 1814 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net); 1815 1816 spin_lock_bh(&pn->l2tp_session_hlist_lock); 1817 hlist_add_head_rcu(&session->global_hlist, 1818 l2tp_session_id_hash_2(pn, session_id)); 1819 spin_unlock_bh(&pn->l2tp_session_hlist_lock); 1820 } 1821 1822 /* Ignore management session in session count value */ 1823 if (session->session_id != 0) 1824 atomic_inc(&l2tp_session_count); 1825 } 1826 1827 return session; 1828} 1829EXPORT_SYMBOL_GPL(l2tp_session_create); 1830 1831/***************************************************************************** 1832 * Init and cleanup 1833 *****************************************************************************/ 1834 1835static __net_init int l2tp_init_net(struct net *net) 1836{ 1837 struct l2tp_net *pn = net_generic(net, l2tp_net_id); 1838 int hash; 1839 1840 INIT_LIST_HEAD(&pn->l2tp_tunnel_list); 1841 spin_lock_init(&pn->l2tp_tunnel_list_lock); 1842 1843 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) 1844 INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]); 1845 1846 spin_lock_init(&pn->l2tp_session_hlist_lock); 1847 1848 return 0; 1849} 1850 1851static __net_exit void l2tp_exit_net(struct net *net) 1852{ 1853 struct l2tp_net *pn = l2tp_pernet(net); 1854 struct l2tp_tunnel *tunnel = NULL; 1855 1856 rcu_read_lock_bh(); 1857 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) { 1858 (void)l2tp_tunnel_delete(tunnel); 1859 } 1860 rcu_read_unlock_bh(); 1861} 1862 1863static struct pernet_operations l2tp_net_ops = { 1864 .init = l2tp_init_net, 1865 .exit = l2tp_exit_net, 1866 .id = &l2tp_net_id, 1867 .size = sizeof(struct l2tp_net), 1868}; 1869 1870static int __init l2tp_init(void) 1871{ 1872 int rc = 0; 1873 1874 rc = register_pernet_device(&l2tp_net_ops); 1875 if (rc) 1876 goto out; 1877 1878 l2tp_wq = alloc_workqueue("l2tp", WQ_UNBOUND, 0); 1879 if (!l2tp_wq) { 1880 pr_err("alloc_workqueue failed\n"); 1881 unregister_pernet_device(&l2tp_net_ops); 1882 rc = -ENOMEM; 1883 goto out; 1884 } 1885 1886 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION); 1887 1888out: 1889 return rc; 1890} 1891 1892static void __exit l2tp_exit(void) 1893{ 1894 unregister_pernet_device(&l2tp_net_ops); 1895 if (l2tp_wq) { 1896 destroy_workqueue(l2tp_wq); 1897 l2tp_wq = NULL; 1898 } 1899} 1900 1901module_init(l2tp_init); 1902module_exit(l2tp_exit); 1903 1904MODULE_AUTHOR("James Chapman <jchapman@katalix.com>"); 1905MODULE_DESCRIPTION("L2TP core"); 1906MODULE_LICENSE("GPL"); 1907MODULE_VERSION(L2TP_DRV_VERSION); 1908 1909