root/drivers/net/ppp/pppoe.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. stage_session
  2. pppoe_pernet
  3. cmp_2_addr
  4. cmp_addr
  5. hash_item
  6. __get_item
  7. __set_item
  8. __delete_item
  9. get_item
  10. get_item_by_addr
  11. delete_item
  12. pppoe_flush_dev
  13. pppoe_device_event
  14. pppoe_rcv_core
  15. pppoe_rcv
  16. pppoe_unbind_sock_work
  17. pppoe_disc_rcv
  18. pppoe_create
  19. pppoe_release
  20. pppoe_connect
  21. pppoe_getname
  22. pppoe_ioctl
  23. pppoe_sendmsg
  24. __pppoe_xmit
  25. pppoe_xmit
  26. pppoe_recvmsg
  27. pppoe_seq_show
  28. pppoe_get_idx
  29. pppoe_seq_start
  30. pppoe_seq_next
  31. pppoe_seq_stop
  32. pppoe_init_net
  33. pppoe_exit_net
  34. pppoe_init
  35. pppoe_exit
   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /** -*- linux-c -*- ***********************************************************
   3  * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets
   4  *
   5  * PPPoX --- Generic PPP encapsulation socket family
   6  * PPPoE --- PPP over Ethernet (RFC 2516)
   7  *
   8  * Version:     0.7.0
   9  *
  10  * 070228 :     Fix to allow multiple sessions with same remote MAC and same
  11  *              session id by including the local device ifindex in the
  12  *              tuple identifying a session. This also ensures packets can't
  13  *              be injected into a session from interfaces other than the one
  14  *              specified by userspace. Florian Zumbiehl <florz@florz.de>
  15  *              (Oh, BTW, this one is YYMMDD, in case you were wondering ...)
  16  * 220102 :     Fix module use count on failure in pppoe_create, pppox_sk -acme
  17  * 030700 :     Fixed connect logic to allow for disconnect.
  18  * 270700 :     Fixed potential SMP problems; we must protect against
  19  *              simultaneous invocation of ppp_input
  20  *              and ppp_unregister_channel.
  21  * 040800 :     Respect reference count mechanisms on net-devices.
  22  * 200800 :     fix kfree(skb) in pppoe_rcv (acme)
  23  *              Module reference count is decremented in the right spot now,
  24  *              guards against sock_put not actually freeing the sk
  25  *              in pppoe_release.
  26  * 051000 :     Initialization cleanup.
  27  * 111100 :     Fix recvmsg.
  28  * 050101 :     Fix PADT procesing.
  29  * 140501 :     Use pppoe_rcv_core to handle all backlog. (Alexey)
  30  * 170701 :     Do not lock_sock with rwlock held. (DaveM)
  31  *              Ignore discovery frames if user has socket
  32  *              locked. (DaveM)
  33  *              Ignore return value of dev_queue_xmit in __pppoe_xmit
  34  *              or else we may kfree an SKB twice. (DaveM)
  35  * 190701 :     When doing copies of skb's in __pppoe_xmit, always delete
  36  *              the original skb that was passed in on success, never on
  37  *              failure.  Delete the copy of the skb on failure to avoid
  38  *              a memory leak.
  39  * 081001 :     Misc. cleanup (licence string, non-blocking, prevent
  40  *              reference of device on close).
  41  * 121301 :     New ppp channels interface; cannot unregister a channel
  42  *              from interrupts.  Thus, we mark the socket as a ZOMBIE
  43  *              and do the unregistration later.
  44  * 081002 :     seq_file support for proc stuff -acme
  45  * 111602 :     Merge all 2.4 fixes into 2.5/2.6 tree.  Label 2.5/2.6
  46  *              as version 0.7.  Spacing cleanup.
  47  * Author:      Michal Ostrowski <mostrows@speakeasy.net>
  48  * Contributors:
  49  *              Arnaldo Carvalho de Melo <acme@conectiva.com.br>
  50  *              David S. Miller (davem@redhat.com)
  51  *
  52  * License:
  53  */
  54 
  55 #include <linux/string.h>
  56 #include <linux/module.h>
  57 #include <linux/kernel.h>
  58 #include <linux/slab.h>
  59 #include <linux/errno.h>
  60 #include <linux/netdevice.h>
  61 #include <linux/net.h>
  62 #include <linux/inetdevice.h>
  63 #include <linux/etherdevice.h>
  64 #include <linux/skbuff.h>
  65 #include <linux/init.h>
  66 #include <linux/if_ether.h>
  67 #include <linux/if_pppox.h>
  68 #include <linux/ppp_channel.h>
  69 #include <linux/ppp_defs.h>
  70 #include <linux/ppp-ioctl.h>
  71 #include <linux/notifier.h>
  72 #include <linux/file.h>
  73 #include <linux/proc_fs.h>
  74 #include <linux/seq_file.h>
  75 
  76 #include <linux/nsproxy.h>
  77 #include <net/net_namespace.h>
  78 #include <net/netns/generic.h>
  79 #include <net/sock.h>
  80 
  81 #include <linux/uaccess.h>
  82 
  83 #define PPPOE_HASH_BITS 4
  84 #define PPPOE_HASH_SIZE (1 << PPPOE_HASH_BITS)
  85 #define PPPOE_HASH_MASK (PPPOE_HASH_SIZE - 1)
  86 
  87 static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb);
  88 
  89 static const struct proto_ops pppoe_ops;
  90 static const struct ppp_channel_ops pppoe_chan_ops;
  91 
  92 /* per-net private data for this module */
  93 static unsigned int pppoe_net_id __read_mostly;
  94 struct pppoe_net {
  95         /*
  96          * we could use _single_ hash table for all
  97          * nets by injecting net id into the hash but
  98          * it would increase hash chains and add
  99          * a few additional math comparations messy
 100          * as well, moreover in case of SMP less locking
 101          * controversy here
 102          */
 103         struct pppox_sock *hash_table[PPPOE_HASH_SIZE];
 104         rwlock_t hash_lock;
 105 };
 106 
 107 /*
 108  * PPPoE could be in the following stages:
 109  * 1) Discovery stage (to obtain remote MAC and Session ID)
 110  * 2) Session stage (MAC and SID are known)
 111  *
 112  * Ethernet frames have a special tag for this but
 113  * we use simpler approach based on session id
 114  */
 115 static inline bool stage_session(__be16 sid)
 116 {
 117         return sid != 0;
 118 }
 119 
 120 static inline struct pppoe_net *pppoe_pernet(struct net *net)
 121 {
 122         BUG_ON(!net);
 123 
 124         return net_generic(net, pppoe_net_id);
 125 }
 126 
 127 static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b)
 128 {
 129         return a->sid == b->sid && ether_addr_equal(a->remote, b->remote);
 130 }
 131 
 132 static inline int cmp_addr(struct pppoe_addr *a, __be16 sid, char *addr)
 133 {
 134         return a->sid == sid && ether_addr_equal(a->remote, addr);
 135 }
 136 
 137 #if 8 % PPPOE_HASH_BITS
 138 #error 8 must be a multiple of PPPOE_HASH_BITS
 139 #endif
 140 
 141 static int hash_item(__be16 sid, unsigned char *addr)
 142 {
 143         unsigned char hash = 0;
 144         unsigned int i;
 145 
 146         for (i = 0; i < ETH_ALEN; i++)
 147                 hash ^= addr[i];
 148         for (i = 0; i < sizeof(sid_t) * 8; i += 8)
 149                 hash ^= (__force __u32)sid >> i;
 150         for (i = 8; (i >>= 1) >= PPPOE_HASH_BITS;)
 151                 hash ^= hash >> i;
 152 
 153         return hash & PPPOE_HASH_MASK;
 154 }
 155 
 156 /**********************************************************************
 157  *
 158  *  Set/get/delete/rehash items  (internal versions)
 159  *
 160  **********************************************************************/
 161 static struct pppox_sock *__get_item(struct pppoe_net *pn, __be16 sid,
 162                                 unsigned char *addr, int ifindex)
 163 {
 164         int hash = hash_item(sid, addr);
 165         struct pppox_sock *ret;
 166 
 167         ret = pn->hash_table[hash];
 168         while (ret) {
 169                 if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
 170                     ret->pppoe_ifindex == ifindex)
 171                         return ret;
 172 
 173                 ret = ret->next;
 174         }
 175 
 176         return NULL;
 177 }
 178 
 179 static int __set_item(struct pppoe_net *pn, struct pppox_sock *po)
 180 {
 181         int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
 182         struct pppox_sock *ret;
 183 
 184         ret = pn->hash_table[hash];
 185         while (ret) {
 186                 if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) &&
 187                     ret->pppoe_ifindex == po->pppoe_ifindex)
 188                         return -EALREADY;
 189 
 190                 ret = ret->next;
 191         }
 192 
 193         po->next = pn->hash_table[hash];
 194         pn->hash_table[hash] = po;
 195 
 196         return 0;
 197 }
 198 
 199 static void __delete_item(struct pppoe_net *pn, __be16 sid,
 200                                         char *addr, int ifindex)
 201 {
 202         int hash = hash_item(sid, addr);
 203         struct pppox_sock *ret, **src;
 204 
 205         ret = pn->hash_table[hash];
 206         src = &pn->hash_table[hash];
 207 
 208         while (ret) {
 209                 if (cmp_addr(&ret->pppoe_pa, sid, addr) &&
 210                     ret->pppoe_ifindex == ifindex) {
 211                         *src = ret->next;
 212                         break;
 213                 }
 214 
 215                 src = &ret->next;
 216                 ret = ret->next;
 217         }
 218 }
 219 
 220 /**********************************************************************
 221  *
 222  *  Set/get/delete/rehash items
 223  *
 224  **********************************************************************/
 225 static inline struct pppox_sock *get_item(struct pppoe_net *pn, __be16 sid,
 226                                         unsigned char *addr, int ifindex)
 227 {
 228         struct pppox_sock *po;
 229 
 230         read_lock_bh(&pn->hash_lock);
 231         po = __get_item(pn, sid, addr, ifindex);
 232         if (po)
 233                 sock_hold(sk_pppox(po));
 234         read_unlock_bh(&pn->hash_lock);
 235 
 236         return po;
 237 }
 238 
 239 static inline struct pppox_sock *get_item_by_addr(struct net *net,
 240                                                 struct sockaddr_pppox *sp)
 241 {
 242         struct net_device *dev;
 243         struct pppoe_net *pn;
 244         struct pppox_sock *pppox_sock = NULL;
 245 
 246         int ifindex;
 247 
 248         rcu_read_lock();
 249         dev = dev_get_by_name_rcu(net, sp->sa_addr.pppoe.dev);
 250         if (dev) {
 251                 ifindex = dev->ifindex;
 252                 pn = pppoe_pernet(net);
 253                 pppox_sock = get_item(pn, sp->sa_addr.pppoe.sid,
 254                                 sp->sa_addr.pppoe.remote, ifindex);
 255         }
 256         rcu_read_unlock();
 257         return pppox_sock;
 258 }
 259 
 260 static inline void delete_item(struct pppoe_net *pn, __be16 sid,
 261                                         char *addr, int ifindex)
 262 {
 263         write_lock_bh(&pn->hash_lock);
 264         __delete_item(pn, sid, addr, ifindex);
 265         write_unlock_bh(&pn->hash_lock);
 266 }
 267 
 268 /***************************************************************************
 269  *
 270  *  Handler for device events.
 271  *  Certain device events require that sockets be unconnected.
 272  *
 273  **************************************************************************/
 274 
 275 static void pppoe_flush_dev(struct net_device *dev)
 276 {
 277         struct pppoe_net *pn;
 278         int i;
 279 
 280         pn = pppoe_pernet(dev_net(dev));
 281         write_lock_bh(&pn->hash_lock);
 282         for (i = 0; i < PPPOE_HASH_SIZE; i++) {
 283                 struct pppox_sock *po = pn->hash_table[i];
 284                 struct sock *sk;
 285 
 286                 while (po) {
 287                         while (po && po->pppoe_dev != dev) {
 288                                 po = po->next;
 289                         }
 290 
 291                         if (!po)
 292                                 break;
 293 
 294                         sk = sk_pppox(po);
 295 
 296                         /* We always grab the socket lock, followed by the
 297                          * hash_lock, in that order.  Since we should hold the
 298                          * sock lock while doing any unbinding, we need to
 299                          * release the lock we're holding.  Hold a reference to
 300                          * the sock so it doesn't disappear as we're jumping
 301                          * between locks.
 302                          */
 303 
 304                         sock_hold(sk);
 305                         write_unlock_bh(&pn->hash_lock);
 306                         lock_sock(sk);
 307 
 308                         if (po->pppoe_dev == dev &&
 309                             sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
 310                                 pppox_unbind_sock(sk);
 311                                 sk->sk_state_change(sk);
 312                                 po->pppoe_dev = NULL;
 313                                 dev_put(dev);
 314                         }
 315 
 316                         release_sock(sk);
 317                         sock_put(sk);
 318 
 319                         /* Restart the process from the start of the current
 320                          * hash chain. We dropped locks so the world may have
 321                          * change from underneath us.
 322                          */
 323 
 324                         BUG_ON(pppoe_pernet(dev_net(dev)) == NULL);
 325                         write_lock_bh(&pn->hash_lock);
 326                         po = pn->hash_table[i];
 327                 }
 328         }
 329         write_unlock_bh(&pn->hash_lock);
 330 }
 331 
 332 static int pppoe_device_event(struct notifier_block *this,
 333                               unsigned long event, void *ptr)
 334 {
 335         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
 336 
 337         /* Only look at sockets that are using this specific device. */
 338         switch (event) {
 339         case NETDEV_CHANGEADDR:
 340         case NETDEV_CHANGEMTU:
 341                 /* A change in mtu or address is a bad thing, requiring
 342                  * LCP re-negotiation.
 343                  */
 344 
 345         case NETDEV_GOING_DOWN:
 346         case NETDEV_DOWN:
 347                 /* Find every socket on this device and kill it. */
 348                 pppoe_flush_dev(dev);
 349                 break;
 350 
 351         default:
 352                 break;
 353         }
 354 
 355         return NOTIFY_DONE;
 356 }
 357 
 358 static struct notifier_block pppoe_notifier = {
 359         .notifier_call = pppoe_device_event,
 360 };
 361 
 362 /************************************************************************
 363  *
 364  * Do the real work of receiving a PPPoE Session frame.
 365  *
 366  ***********************************************************************/
 367 static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
 368 {
 369         struct pppox_sock *po = pppox_sk(sk);
 370         struct pppox_sock *relay_po;
 371 
 372         /* Backlog receive. Semantics of backlog rcv preclude any code from
 373          * executing in lock_sock()/release_sock() bounds; meaning sk->sk_state
 374          * can't change.
 375          */
 376 
 377         if (skb->pkt_type == PACKET_OTHERHOST)
 378                 goto abort_kfree;
 379 
 380         if (sk->sk_state & PPPOX_BOUND) {
 381                 ppp_input(&po->chan, skb);
 382         } else if (sk->sk_state & PPPOX_RELAY) {
 383                 relay_po = get_item_by_addr(sock_net(sk),
 384                                             &po->pppoe_relay);
 385                 if (relay_po == NULL)
 386                         goto abort_kfree;
 387 
 388                 if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == 0)
 389                         goto abort_put;
 390 
 391                 if (!__pppoe_xmit(sk_pppox(relay_po), skb))
 392                         goto abort_put;
 393 
 394                 sock_put(sk_pppox(relay_po));
 395         } else {
 396                 if (sock_queue_rcv_skb(sk, skb))
 397                         goto abort_kfree;
 398         }
 399 
 400         return NET_RX_SUCCESS;
 401 
 402 abort_put:
 403         sock_put(sk_pppox(relay_po));
 404 
 405 abort_kfree:
 406         kfree_skb(skb);
 407         return NET_RX_DROP;
 408 }
 409 
 410 /************************************************************************
 411  *
 412  * Receive wrapper called in BH context.
 413  *
 414  ***********************************************************************/
 415 static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev,
 416                      struct packet_type *pt, struct net_device *orig_dev)
 417 {
 418         struct pppoe_hdr *ph;
 419         struct pppox_sock *po;
 420         struct pppoe_net *pn;
 421         int len;
 422 
 423         skb = skb_share_check(skb, GFP_ATOMIC);
 424         if (!skb)
 425                 goto out;
 426 
 427         if (skb_mac_header_len(skb) < ETH_HLEN)
 428                 goto drop;
 429 
 430         if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
 431                 goto drop;
 432 
 433         ph = pppoe_hdr(skb);
 434         len = ntohs(ph->length);
 435 
 436         skb_pull_rcsum(skb, sizeof(*ph));
 437         if (skb->len < len)
 438                 goto drop;
 439 
 440         if (pskb_trim_rcsum(skb, len))
 441                 goto drop;
 442 
 443         ph = pppoe_hdr(skb);
 444         pn = pppoe_pernet(dev_net(dev));
 445 
 446         /* Note that get_item does a sock_hold(), so sk_pppox(po)
 447          * is known to be safe.
 448          */
 449         po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
 450         if (!po)
 451                 goto drop;
 452 
 453         return sk_receive_skb(sk_pppox(po), skb, 0);
 454 
 455 drop:
 456         kfree_skb(skb);
 457 out:
 458         return NET_RX_DROP;
 459 }
 460 
 461 static void pppoe_unbind_sock_work(struct work_struct *work)
 462 {
 463         struct pppox_sock *po = container_of(work, struct pppox_sock,
 464                                              proto.pppoe.padt_work);
 465         struct sock *sk = sk_pppox(po);
 466 
 467         lock_sock(sk);
 468         if (po->pppoe_dev) {
 469                 dev_put(po->pppoe_dev);
 470                 po->pppoe_dev = NULL;
 471         }
 472         pppox_unbind_sock(sk);
 473         release_sock(sk);
 474         sock_put(sk);
 475 }
 476 
 477 /************************************************************************
 478  *
 479  * Receive a PPPoE Discovery frame.
 480  * This is solely for detection of PADT frames
 481  *
 482  ***********************************************************************/
 483 static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev,
 484                           struct packet_type *pt, struct net_device *orig_dev)
 485 
 486 {
 487         struct pppoe_hdr *ph;
 488         struct pppox_sock *po;
 489         struct pppoe_net *pn;
 490 
 491         skb = skb_share_check(skb, GFP_ATOMIC);
 492         if (!skb)
 493                 goto out;
 494 
 495         if (skb->pkt_type != PACKET_HOST)
 496                 goto abort;
 497 
 498         if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
 499                 goto abort;
 500 
 501         ph = pppoe_hdr(skb);
 502         if (ph->code != PADT_CODE)
 503                 goto abort;
 504 
 505         pn = pppoe_pernet(dev_net(dev));
 506         po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
 507         if (po)
 508                 if (!schedule_work(&po->proto.pppoe.padt_work))
 509                         sock_put(sk_pppox(po));
 510 
 511 abort:
 512         kfree_skb(skb);
 513 out:
 514         return NET_RX_SUCCESS; /* Lies... :-) */
 515 }
 516 
 517 static struct packet_type pppoes_ptype __read_mostly = {
 518         .type   = cpu_to_be16(ETH_P_PPP_SES),
 519         .func   = pppoe_rcv,
 520 };
 521 
 522 static struct packet_type pppoed_ptype __read_mostly = {
 523         .type   = cpu_to_be16(ETH_P_PPP_DISC),
 524         .func   = pppoe_disc_rcv,
 525 };
 526 
 527 static struct proto pppoe_sk_proto __read_mostly = {
 528         .name     = "PPPOE",
 529         .owner    = THIS_MODULE,
 530         .obj_size = sizeof(struct pppox_sock),
 531 };
 532 
 533 /***********************************************************************
 534  *
 535  * Initialize a new struct sock.
 536  *
 537  **********************************************************************/
 538 static int pppoe_create(struct net *net, struct socket *sock, int kern)
 539 {
 540         struct sock *sk;
 541 
 542         sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto, kern);
 543         if (!sk)
 544                 return -ENOMEM;
 545 
 546         sock_init_data(sock, sk);
 547 
 548         sock->state     = SS_UNCONNECTED;
 549         sock->ops       = &pppoe_ops;
 550 
 551         sk->sk_backlog_rcv      = pppoe_rcv_core;
 552         sk->sk_state            = PPPOX_NONE;
 553         sk->sk_type             = SOCK_STREAM;
 554         sk->sk_family           = PF_PPPOX;
 555         sk->sk_protocol         = PX_PROTO_OE;
 556 
 557         INIT_WORK(&pppox_sk(sk)->proto.pppoe.padt_work,
 558                   pppoe_unbind_sock_work);
 559 
 560         return 0;
 561 }
 562 
 563 static int pppoe_release(struct socket *sock)
 564 {
 565         struct sock *sk = sock->sk;
 566         struct pppox_sock *po;
 567         struct pppoe_net *pn;
 568         struct net *net = NULL;
 569 
 570         if (!sk)
 571                 return 0;
 572 
 573         lock_sock(sk);
 574         if (sock_flag(sk, SOCK_DEAD)) {
 575                 release_sock(sk);
 576                 return -EBADF;
 577         }
 578 
 579         po = pppox_sk(sk);
 580 
 581         if (po->pppoe_dev) {
 582                 dev_put(po->pppoe_dev);
 583                 po->pppoe_dev = NULL;
 584         }
 585 
 586         pppox_unbind_sock(sk);
 587 
 588         /* Signal the death of the socket. */
 589         sk->sk_state = PPPOX_DEAD;
 590 
 591         net = sock_net(sk);
 592         pn = pppoe_pernet(net);
 593 
 594         /*
 595          * protect "po" from concurrent updates
 596          * on pppoe_flush_dev
 597          */
 598         delete_item(pn, po->pppoe_pa.sid, po->pppoe_pa.remote,
 599                     po->pppoe_ifindex);
 600 
 601         sock_orphan(sk);
 602         sock->sk = NULL;
 603 
 604         skb_queue_purge(&sk->sk_receive_queue);
 605         release_sock(sk);
 606         sock_put(sk);
 607 
 608         return 0;
 609 }
 610 
 611 static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
 612                   int sockaddr_len, int flags)
 613 {
 614         struct sock *sk = sock->sk;
 615         struct sockaddr_pppox *sp = (struct sockaddr_pppox *)uservaddr;
 616         struct pppox_sock *po = pppox_sk(sk);
 617         struct net_device *dev = NULL;
 618         struct pppoe_net *pn;
 619         struct net *net = NULL;
 620         int error;
 621 
 622         lock_sock(sk);
 623 
 624         error = -EINVAL;
 625 
 626         if (sockaddr_len != sizeof(struct sockaddr_pppox))
 627                 goto end;
 628 
 629         if (sp->sa_protocol != PX_PROTO_OE)
 630                 goto end;
 631 
 632         /* Check for already bound sockets */
 633         error = -EBUSY;
 634         if ((sk->sk_state & PPPOX_CONNECTED) &&
 635              stage_session(sp->sa_addr.pppoe.sid))
 636                 goto end;
 637 
 638         /* Check for already disconnected sockets, on attempts to disconnect */
 639         error = -EALREADY;
 640         if ((sk->sk_state & PPPOX_DEAD) &&
 641              !stage_session(sp->sa_addr.pppoe.sid))
 642                 goto end;
 643 
 644         error = 0;
 645 
 646         /* Delete the old binding */
 647         if (stage_session(po->pppoe_pa.sid)) {
 648                 pppox_unbind_sock(sk);
 649                 pn = pppoe_pernet(sock_net(sk));
 650                 delete_item(pn, po->pppoe_pa.sid,
 651                             po->pppoe_pa.remote, po->pppoe_ifindex);
 652                 if (po->pppoe_dev) {
 653                         dev_put(po->pppoe_dev);
 654                         po->pppoe_dev = NULL;
 655                 }
 656 
 657                 po->pppoe_ifindex = 0;
 658                 memset(&po->pppoe_pa, 0, sizeof(po->pppoe_pa));
 659                 memset(&po->pppoe_relay, 0, sizeof(po->pppoe_relay));
 660                 memset(&po->chan, 0, sizeof(po->chan));
 661                 po->next = NULL;
 662                 po->num = 0;
 663 
 664                 sk->sk_state = PPPOX_NONE;
 665         }
 666 
 667         /* Re-bind in session stage only */
 668         if (stage_session(sp->sa_addr.pppoe.sid)) {
 669                 error = -ENODEV;
 670                 net = sock_net(sk);
 671                 dev = dev_get_by_name(net, sp->sa_addr.pppoe.dev);
 672                 if (!dev)
 673                         goto err_put;
 674 
 675                 po->pppoe_dev = dev;
 676                 po->pppoe_ifindex = dev->ifindex;
 677                 pn = pppoe_pernet(net);
 678                 if (!(dev->flags & IFF_UP)) {
 679                         goto err_put;
 680                 }
 681 
 682                 memcpy(&po->pppoe_pa,
 683                        &sp->sa_addr.pppoe,
 684                        sizeof(struct pppoe_addr));
 685 
 686                 write_lock_bh(&pn->hash_lock);
 687                 error = __set_item(pn, po);
 688                 write_unlock_bh(&pn->hash_lock);
 689                 if (error < 0)
 690                         goto err_put;
 691 
 692                 po->chan.hdrlen = (sizeof(struct pppoe_hdr) +
 693                                    dev->hard_header_len);
 694 
 695                 po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr) - 2;
 696                 po->chan.private = sk;
 697                 po->chan.ops = &pppoe_chan_ops;
 698 
 699                 error = ppp_register_net_channel(dev_net(dev), &po->chan);
 700                 if (error) {
 701                         delete_item(pn, po->pppoe_pa.sid,
 702                                     po->pppoe_pa.remote, po->pppoe_ifindex);
 703                         goto err_put;
 704                 }
 705 
 706                 sk->sk_state = PPPOX_CONNECTED;
 707         }
 708 
 709         po->num = sp->sa_addr.pppoe.sid;
 710 
 711 end:
 712         release_sock(sk);
 713         return error;
 714 err_put:
 715         if (po->pppoe_dev) {
 716                 dev_put(po->pppoe_dev);
 717                 po->pppoe_dev = NULL;
 718         }
 719         goto end;
 720 }
 721 
 722 static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr,
 723                   int peer)
 724 {
 725         int len = sizeof(struct sockaddr_pppox);
 726         struct sockaddr_pppox sp;
 727 
 728         sp.sa_family    = AF_PPPOX;
 729         sp.sa_protocol  = PX_PROTO_OE;
 730         memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa,
 731                sizeof(struct pppoe_addr));
 732 
 733         memcpy(uaddr, &sp, len);
 734 
 735         return len;
 736 }
 737 
 738 static int pppoe_ioctl(struct socket *sock, unsigned int cmd,
 739                 unsigned long arg)
 740 {
 741         struct sock *sk = sock->sk;
 742         struct pppox_sock *po = pppox_sk(sk);
 743         int val;
 744         int err;
 745 
 746         switch (cmd) {
 747         case PPPIOCGMRU:
 748                 err = -ENXIO;
 749                 if (!(sk->sk_state & PPPOX_CONNECTED))
 750                         break;
 751 
 752                 err = -EFAULT;
 753                 if (put_user(po->pppoe_dev->mtu -
 754                              sizeof(struct pppoe_hdr) -
 755                              PPP_HDRLEN,
 756                              (int __user *)arg))
 757                         break;
 758                 err = 0;
 759                 break;
 760 
 761         case PPPIOCSMRU:
 762                 err = -ENXIO;
 763                 if (!(sk->sk_state & PPPOX_CONNECTED))
 764                         break;
 765 
 766                 err = -EFAULT;
 767                 if (get_user(val, (int __user *)arg))
 768                         break;
 769 
 770                 if (val < (po->pppoe_dev->mtu
 771                            - sizeof(struct pppoe_hdr)
 772                            - PPP_HDRLEN))
 773                         err = 0;
 774                 else
 775                         err = -EINVAL;
 776                 break;
 777 
 778         case PPPIOCSFLAGS:
 779                 err = -EFAULT;
 780                 if (get_user(val, (int __user *)arg))
 781                         break;
 782                 err = 0;
 783                 break;
 784 
 785         case PPPOEIOCSFWD:
 786         {
 787                 struct pppox_sock *relay_po;
 788 
 789                 err = -EBUSY;
 790                 if (sk->sk_state & (PPPOX_BOUND | PPPOX_DEAD))
 791                         break;
 792 
 793                 err = -ENOTCONN;
 794                 if (!(sk->sk_state & PPPOX_CONNECTED))
 795                         break;
 796 
 797                 /* PPPoE address from the user specifies an outbound
 798                    PPPoE address which frames are forwarded to */
 799                 err = -EFAULT;
 800                 if (copy_from_user(&po->pppoe_relay,
 801                                    (void __user *)arg,
 802                                    sizeof(struct sockaddr_pppox)))
 803                         break;
 804 
 805                 err = -EINVAL;
 806                 if (po->pppoe_relay.sa_family != AF_PPPOX ||
 807                     po->pppoe_relay.sa_protocol != PX_PROTO_OE)
 808                         break;
 809 
 810                 /* Check that the socket referenced by the address
 811                    actually exists. */
 812                 relay_po = get_item_by_addr(sock_net(sk), &po->pppoe_relay);
 813                 if (!relay_po)
 814                         break;
 815 
 816                 sock_put(sk_pppox(relay_po));
 817                 sk->sk_state |= PPPOX_RELAY;
 818                 err = 0;
 819                 break;
 820         }
 821 
 822         case PPPOEIOCDFWD:
 823                 err = -EALREADY;
 824                 if (!(sk->sk_state & PPPOX_RELAY))
 825                         break;
 826 
 827                 sk->sk_state &= ~PPPOX_RELAY;
 828                 err = 0;
 829                 break;
 830 
 831         default:
 832                 err = -ENOTTY;
 833         }
 834 
 835         return err;
 836 }
 837 
 838 static int pppoe_sendmsg(struct socket *sock, struct msghdr *m,
 839                          size_t total_len)
 840 {
 841         struct sk_buff *skb;
 842         struct sock *sk = sock->sk;
 843         struct pppox_sock *po = pppox_sk(sk);
 844         int error;
 845         struct pppoe_hdr hdr;
 846         struct pppoe_hdr *ph;
 847         struct net_device *dev;
 848         char *start;
 849         int hlen;
 850 
 851         lock_sock(sk);
 852         if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) {
 853                 error = -ENOTCONN;
 854                 goto end;
 855         }
 856 
 857         hdr.ver = 1;
 858         hdr.type = 1;
 859         hdr.code = 0;
 860         hdr.sid = po->num;
 861 
 862         dev = po->pppoe_dev;
 863 
 864         error = -EMSGSIZE;
 865         if (total_len > (dev->mtu + dev->hard_header_len))
 866                 goto end;
 867 
 868         hlen = LL_RESERVED_SPACE(dev);
 869         skb = sock_wmalloc(sk, hlen + sizeof(*ph) + total_len +
 870                            dev->needed_tailroom, 0, GFP_KERNEL);
 871         if (!skb) {
 872                 error = -ENOMEM;
 873                 goto end;
 874         }
 875 
 876         /* Reserve space for headers. */
 877         skb_reserve(skb, hlen);
 878         skb_reset_network_header(skb);
 879 
 880         skb->dev = dev;
 881 
 882         skb->priority = sk->sk_priority;
 883         skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
 884 
 885         ph = skb_put(skb, total_len + sizeof(struct pppoe_hdr));
 886         start = (char *)&ph->tag[0];
 887 
 888         error = memcpy_from_msg(start, m, total_len);
 889         if (error < 0) {
 890                 kfree_skb(skb);
 891                 goto end;
 892         }
 893 
 894         error = total_len;
 895         dev_hard_header(skb, dev, ETH_P_PPP_SES,
 896                         po->pppoe_pa.remote, NULL, total_len);
 897 
 898         memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
 899 
 900         ph->length = htons(total_len);
 901 
 902         dev_queue_xmit(skb);
 903 
 904 end:
 905         release_sock(sk);
 906         return error;
 907 }
 908 
 909 /************************************************************************
 910  *
 911  * xmit function for internal use.
 912  *
 913  ***********************************************************************/
 914 static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb)
 915 {
 916         struct pppox_sock *po = pppox_sk(sk);
 917         struct net_device *dev = po->pppoe_dev;
 918         struct pppoe_hdr *ph;
 919         int data_len = skb->len;
 920 
 921         /* The higher-level PPP code (ppp_unregister_channel()) ensures the PPP
 922          * xmit operations conclude prior to an unregistration call.  Thus
 923          * sk->sk_state cannot change, so we don't need to do lock_sock().
 924          * But, we also can't do a lock_sock since that introduces a potential
 925          * deadlock as we'd reverse the lock ordering used when calling
 926          * ppp_unregister_channel().
 927          */
 928 
 929         if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
 930                 goto abort;
 931 
 932         if (!dev)
 933                 goto abort;
 934 
 935         /* Copy the data if there is no space for the header or if it's
 936          * read-only.
 937          */
 938         if (skb_cow_head(skb, LL_RESERVED_SPACE(dev) + sizeof(*ph)))
 939                 goto abort;
 940 
 941         __skb_push(skb, sizeof(*ph));
 942         skb_reset_network_header(skb);
 943 
 944         ph = pppoe_hdr(skb);
 945         ph->ver = 1;
 946         ph->type = 1;
 947         ph->code = 0;
 948         ph->sid = po->num;
 949         ph->length = htons(data_len);
 950 
 951         skb->protocol = cpu_to_be16(ETH_P_PPP_SES);
 952         skb->dev = dev;
 953 
 954         dev_hard_header(skb, dev, ETH_P_PPP_SES,
 955                         po->pppoe_pa.remote, NULL, data_len);
 956 
 957         dev_queue_xmit(skb);
 958         return 1;
 959 
 960 abort:
 961         kfree_skb(skb);
 962         return 1;
 963 }
 964 
 965 /************************************************************************
 966  *
 967  * xmit function called by generic PPP driver
 968  * sends PPP frame over PPPoE socket
 969  *
 970  ***********************************************************************/
 971 static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb)
 972 {
 973         struct sock *sk = (struct sock *)chan->private;
 974         return __pppoe_xmit(sk, skb);
 975 }
 976 
 977 static const struct ppp_channel_ops pppoe_chan_ops = {
 978         .start_xmit = pppoe_xmit,
 979 };
 980 
 981 static int pppoe_recvmsg(struct socket *sock, struct msghdr *m,
 982                          size_t total_len, int flags)
 983 {
 984         struct sock *sk = sock->sk;
 985         struct sk_buff *skb;
 986         int error = 0;
 987 
 988         if (sk->sk_state & PPPOX_BOUND) {
 989                 error = -EIO;
 990                 goto end;
 991         }
 992 
 993         skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
 994                                 flags & MSG_DONTWAIT, &error);
 995         if (error < 0)
 996                 goto end;
 997 
 998         if (skb) {
 999                 total_len = min_t(size_t, total_len, skb->len);
1000                 error = skb_copy_datagram_msg(skb, 0, m, total_len);
1001                 if (error == 0) {
1002                         consume_skb(skb);
1003                         return total_len;
1004                 }
1005         }
1006 
1007         kfree_skb(skb);
1008 end:
1009         return error;
1010 }
1011 
1012 #ifdef CONFIG_PROC_FS
1013 static int pppoe_seq_show(struct seq_file *seq, void *v)
1014 {
1015         struct pppox_sock *po;
1016         char *dev_name;
1017 
1018         if (v == SEQ_START_TOKEN) {
1019                 seq_puts(seq, "Id       Address              Device\n");
1020                 goto out;
1021         }
1022 
1023         po = v;
1024         dev_name = po->pppoe_pa.dev;
1025 
1026         seq_printf(seq, "%08X %pM %8s\n",
1027                 po->pppoe_pa.sid, po->pppoe_pa.remote, dev_name);
1028 out:
1029         return 0;
1030 }
1031 
1032 static inline struct pppox_sock *pppoe_get_idx(struct pppoe_net *pn, loff_t pos)
1033 {
1034         struct pppox_sock *po;
1035         int i;
1036 
1037         for (i = 0; i < PPPOE_HASH_SIZE; i++) {
1038                 po = pn->hash_table[i];
1039                 while (po) {
1040                         if (!pos--)
1041                                 goto out;
1042                         po = po->next;
1043                 }
1044         }
1045 
1046 out:
1047         return po;
1048 }
1049 
1050 static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos)
1051         __acquires(pn->hash_lock)
1052 {
1053         struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1054         loff_t l = *pos;
1055 
1056         read_lock_bh(&pn->hash_lock);
1057         return l ? pppoe_get_idx(pn, --l) : SEQ_START_TOKEN;
1058 }
1059 
1060 static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1061 {
1062         struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1063         struct pppox_sock *po;
1064 
1065         ++*pos;
1066         if (v == SEQ_START_TOKEN) {
1067                 po = pppoe_get_idx(pn, 0);
1068                 goto out;
1069         }
1070         po = v;
1071         if (po->next)
1072                 po = po->next;
1073         else {
1074                 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
1075 
1076                 po = NULL;
1077                 while (++hash < PPPOE_HASH_SIZE) {
1078                         po = pn->hash_table[hash];
1079                         if (po)
1080                                 break;
1081                 }
1082         }
1083 
1084 out:
1085         return po;
1086 }
1087 
1088 static void pppoe_seq_stop(struct seq_file *seq, void *v)
1089         __releases(pn->hash_lock)
1090 {
1091         struct pppoe_net *pn = pppoe_pernet(seq_file_net(seq));
1092         read_unlock_bh(&pn->hash_lock);
1093 }
1094 
1095 static const struct seq_operations pppoe_seq_ops = {
1096         .start          = pppoe_seq_start,
1097         .next           = pppoe_seq_next,
1098         .stop           = pppoe_seq_stop,
1099         .show           = pppoe_seq_show,
1100 };
1101 #endif /* CONFIG_PROC_FS */
1102 
1103 static const struct proto_ops pppoe_ops = {
1104         .family         = AF_PPPOX,
1105         .owner          = THIS_MODULE,
1106         .release        = pppoe_release,
1107         .bind           = sock_no_bind,
1108         .connect        = pppoe_connect,
1109         .socketpair     = sock_no_socketpair,
1110         .accept         = sock_no_accept,
1111         .getname        = pppoe_getname,
1112         .poll           = datagram_poll,
1113         .listen         = sock_no_listen,
1114         .shutdown       = sock_no_shutdown,
1115         .setsockopt     = sock_no_setsockopt,
1116         .getsockopt     = sock_no_getsockopt,
1117         .sendmsg        = pppoe_sendmsg,
1118         .recvmsg        = pppoe_recvmsg,
1119         .mmap           = sock_no_mmap,
1120         .ioctl          = pppox_ioctl,
1121 #ifdef CONFIG_COMPAT
1122         .compat_ioctl   = pppox_compat_ioctl,
1123 #endif
1124 };
1125 
1126 static const struct pppox_proto pppoe_proto = {
1127         .create = pppoe_create,
1128         .ioctl  = pppoe_ioctl,
1129         .owner  = THIS_MODULE,
1130 };
1131 
1132 static __net_init int pppoe_init_net(struct net *net)
1133 {
1134         struct pppoe_net *pn = pppoe_pernet(net);
1135         struct proc_dir_entry *pde;
1136 
1137         rwlock_init(&pn->hash_lock);
1138 
1139         pde = proc_create_net("pppoe", 0444, net->proc_net,
1140                         &pppoe_seq_ops, sizeof(struct seq_net_private));
1141 #ifdef CONFIG_PROC_FS
1142         if (!pde)
1143                 return -ENOMEM;
1144 #endif
1145 
1146         return 0;
1147 }
1148 
1149 static __net_exit void pppoe_exit_net(struct net *net)
1150 {
1151         remove_proc_entry("pppoe", net->proc_net);
1152 }
1153 
1154 static struct pernet_operations pppoe_net_ops = {
1155         .init = pppoe_init_net,
1156         .exit = pppoe_exit_net,
1157         .id   = &pppoe_net_id,
1158         .size = sizeof(struct pppoe_net),
1159 };
1160 
1161 static int __init pppoe_init(void)
1162 {
1163         int err;
1164 
1165         err = register_pernet_device(&pppoe_net_ops);
1166         if (err)
1167                 goto out;
1168 
1169         err = proto_register(&pppoe_sk_proto, 0);
1170         if (err)
1171                 goto out_unregister_net_ops;
1172 
1173         err = register_pppox_proto(PX_PROTO_OE, &pppoe_proto);
1174         if (err)
1175                 goto out_unregister_pppoe_proto;
1176 
1177         dev_add_pack(&pppoes_ptype);
1178         dev_add_pack(&pppoed_ptype);
1179         register_netdevice_notifier(&pppoe_notifier);
1180 
1181         return 0;
1182 
1183 out_unregister_pppoe_proto:
1184         proto_unregister(&pppoe_sk_proto);
1185 out_unregister_net_ops:
1186         unregister_pernet_device(&pppoe_net_ops);
1187 out:
1188         return err;
1189 }
1190 
1191 static void __exit pppoe_exit(void)
1192 {
1193         unregister_netdevice_notifier(&pppoe_notifier);
1194         dev_remove_pack(&pppoed_ptype);
1195         dev_remove_pack(&pppoes_ptype);
1196         unregister_pppox_proto(PX_PROTO_OE);
1197         proto_unregister(&pppoe_sk_proto);
1198         unregister_pernet_device(&pppoe_net_ops);
1199 }
1200 
1201 module_init(pppoe_init);
1202 module_exit(pppoe_exit);
1203 
1204 MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>");
1205 MODULE_DESCRIPTION("PPP over Ethernet driver");
1206 MODULE_LICENSE("GPL");
1207 MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OE);
/* [<][>][^][v][top][bottom][index][help] */