1 // SPDX-License-Identifier: GPL-2.0-only
2 /* L2TP netlink layer, for management
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * Partly based on the IrDA nelink implementation
7 * (see net/irda/irnetlink.c) which is:
8 * Copyright (c) 2007 Samuel Ortiz <samuel@sortiz.org>
9 * which is in turn partly based on the wireless netlink code:
10 * Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
11 */
12
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15 #include <net/sock.h>
16 #include <net/genetlink.h>
17 #include <net/udp.h>
18 #include <linux/in.h>
19 #include <linux/udp.h>
20 #include <linux/socket.h>
21 #include <linux/module.h>
22 #include <linux/list.h>
23 #include <net/net_namespace.h>
24
25 #include <linux/l2tp.h>
26
27 #include "l2tp_core.h"
28
29 static struct genl_family l2tp_nl_family;
30
31 static const struct genl_multicast_group l2tp_multicast_group[] = {
32 {
33 .name = L2TP_GENL_MCGROUP,
34 },
35 };
36
37 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq,
38 int flags, struct l2tp_tunnel *tunnel, u8 cmd);
39 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq,
40 int flags, struct l2tp_session *session,
41 u8 cmd);
42
43 /* Accessed under genl lock */
44 static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX];
45
46 static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info)
47 {
48 u32 tunnel_id;
49 u32 session_id;
50 char *ifname;
51 struct l2tp_tunnel *tunnel;
52 struct l2tp_session *session = NULL;
53 struct net *net = genl_info_net(info);
54
55 if (info->attrs[L2TP_ATTR_IFNAME]) {
56 ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
57 session = l2tp_session_get_by_ifname(net, ifname);
58 } else if ((info->attrs[L2TP_ATTR_SESSION_ID]) &&
59 (info->attrs[L2TP_ATTR_CONN_ID])) {
60 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
61 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
62 tunnel = l2tp_tunnel_get(net, tunnel_id);
63 if (tunnel) {
64 session = l2tp_session_get(net, tunnel->sock, tunnel->version,
65 tunnel_id, session_id);
66 l2tp_tunnel_dec_refcount(tunnel);
67 }
68 }
69
70 return session;
71 }
72
73 static int l2tp_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info)
74 {
75 struct sk_buff *msg;
76 void *hdr;
77 int ret = -ENOBUFS;
78
79 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
80 if (!msg) {
81 ret = -ENOMEM;
82 goto out;
83 }
84
85 hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq,
86 &l2tp_nl_family, 0, L2TP_CMD_NOOP);
87 if (!hdr) {
88 ret = -EMSGSIZE;
89 goto err_out;
90 }
91
92 genlmsg_end(msg, hdr);
93
94 return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
95
96 err_out:
97 nlmsg_free(msg);
98
99 out:
100 return ret;
101 }
102
103 static int l2tp_tunnel_notify(struct genl_family *family,
104 struct genl_info *info,
105 struct l2tp_tunnel *tunnel,
106 u8 cmd)
107 {
108 struct sk_buff *msg;
109 int ret;
110
111 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
112 if (!msg)
113 return -ENOMEM;
114
115 ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
116 NLM_F_ACK, tunnel, cmd);
117
118 if (ret >= 0) {
119 ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
120 /* We don't care if no one is listening */
121 if (ret == -ESRCH)
122 ret = 0;
123 return ret;
124 }
125
126 nlmsg_free(msg);
127
128 return ret;
129 }
130
131 static int l2tp_session_notify(struct genl_family *family,
132 struct genl_info *info,
133 struct l2tp_session *session,
134 u8 cmd)
135 {
136 struct sk_buff *msg;
137 int ret;
138
139 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
140 if (!msg)
141 return -ENOMEM;
142
143 ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
144 NLM_F_ACK, session, cmd);
145
146 if (ret >= 0) {
147 ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
148 /* We don't care if no one is listening */
149 if (ret == -ESRCH)
150 ret = 0;
151 return ret;
152 }
153
154 nlmsg_free(msg);
155
156 return ret;
157 }
158
159 static int l2tp_nl_cmd_tunnel_create_get_addr(struct nlattr **attrs, struct l2tp_tunnel_cfg *cfg)
160 {
161 if (attrs[L2TP_ATTR_UDP_SPORT])
162 cfg->local_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_SPORT]);
163 if (attrs[L2TP_ATTR_UDP_DPORT])
164 cfg->peer_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_DPORT]);
165 cfg->use_udp_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_CSUM]);
166
167 /* Must have either AF_INET or AF_INET6 address for source and destination */
168 #if IS_ENABLED(CONFIG_IPV6)
169 if (attrs[L2TP_ATTR_IP6_SADDR] && attrs[L2TP_ATTR_IP6_DADDR]) {
170 cfg->local_ip6 = nla_data(attrs[L2TP_ATTR_IP6_SADDR]);
171 cfg->peer_ip6 = nla_data(attrs[L2TP_ATTR_IP6_DADDR]);
172 cfg->udp6_zero_tx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_TX]);
173 cfg->udp6_zero_rx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_RX]);
174 return 0;
175 }
176 #endif
177 if (attrs[L2TP_ATTR_IP_SADDR] && attrs[L2TP_ATTR_IP_DADDR]) {
178 cfg->local_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_SADDR]);
179 cfg->peer_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_DADDR]);
180 return 0;
181 }
182 return -EINVAL;
183 }
184
185 static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info)
186 {
187 u32 tunnel_id;
188 u32 peer_tunnel_id;
189 int proto_version;
190 int fd = -1;
191 int ret = 0;
192 struct l2tp_tunnel_cfg cfg = { 0, };
193 struct l2tp_tunnel *tunnel;
194 struct net *net = genl_info_net(info);
195 struct nlattr **attrs = info->attrs;
196
197 if (!attrs[L2TP_ATTR_CONN_ID]) {
198 ret = -EINVAL;
199 goto out;
200 }
201 tunnel_id = nla_get_u32(attrs[L2TP_ATTR_CONN_ID]);
202
203 if (!attrs[L2TP_ATTR_PEER_CONN_ID]) {
204 ret = -EINVAL;
205 goto out;
206 }
207 peer_tunnel_id = nla_get_u32(attrs[L2TP_ATTR_PEER_CONN_ID]);
208
209 if (!attrs[L2TP_ATTR_PROTO_VERSION]) {
210 ret = -EINVAL;
211 goto out;
212 }
213 proto_version = nla_get_u8(attrs[L2TP_ATTR_PROTO_VERSION]);
214
215 if (!attrs[L2TP_ATTR_ENCAP_TYPE]) {
216 ret = -EINVAL;
217 goto out;
218 }
219 cfg.encap = nla_get_u16(attrs[L2TP_ATTR_ENCAP_TYPE]);
220
221 /* Managed tunnels take the tunnel socket from userspace.
222 * Unmanaged tunnels must call out the source and destination addresses
223 * for the kernel to create the tunnel socket itself.
224 */
225 if (attrs[L2TP_ATTR_FD]) {
226 fd = nla_get_u32(attrs[L2TP_ATTR_FD]);
227 } else {
228 ret = l2tp_nl_cmd_tunnel_create_get_addr(attrs, &cfg);
229 if (ret < 0)
230 goto out;
231 }
232
233 ret = -EINVAL;
234 switch (cfg.encap) {
235 case L2TP_ENCAPTYPE_UDP:
236 case L2TP_ENCAPTYPE_IP:
237 ret = l2tp_tunnel_create(fd, proto_version, tunnel_id,
238 peer_tunnel_id, &cfg, &tunnel);
239 break;
240 }
241
242 if (ret < 0)
243 goto out;
244
245 l2tp_tunnel_inc_refcount(tunnel);
246 ret = l2tp_tunnel_register(tunnel, net, &cfg);
247 if (ret < 0) {
248 kfree(tunnel);
249 goto out;
250 }
251 ret = l2tp_tunnel_notify(&l2tp_nl_family, info, tunnel,
252 L2TP_CMD_TUNNEL_CREATE);
253 l2tp_tunnel_dec_refcount(tunnel);
254
255 out:
256 return ret;
257 }
258
259 static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info)
260 {
261 struct l2tp_tunnel *tunnel;
262 u32 tunnel_id;
263 int ret = 0;
264 struct net *net = genl_info_net(info);
265
266 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
267 ret = -EINVAL;
268 goto out;
269 }
270 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
271
272 tunnel = l2tp_tunnel_get(net, tunnel_id);
273 if (!tunnel) {
274 ret = -ENODEV;
275 goto out;
276 }
277
278 l2tp_tunnel_notify(&l2tp_nl_family, info,
279 tunnel, L2TP_CMD_TUNNEL_DELETE);
280
281 l2tp_tunnel_delete(tunnel);
282
283 l2tp_tunnel_dec_refcount(tunnel);
284
285 out:
286 return ret;
287 }
288
289 static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info)
290 {
291 struct l2tp_tunnel *tunnel;
292 u32 tunnel_id;
293 int ret = 0;
294 struct net *net = genl_info_net(info);
295
296 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
297 ret = -EINVAL;
298 goto out;
299 }
300 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
301
302 tunnel = l2tp_tunnel_get(net, tunnel_id);
303 if (!tunnel) {
304 ret = -ENODEV;
305 goto out;
306 }
307
308 ret = l2tp_tunnel_notify(&l2tp_nl_family, info,
309 tunnel, L2TP_CMD_TUNNEL_MODIFY);
310
311 l2tp_tunnel_dec_refcount(tunnel);
312
313 out:
314 return ret;
315 }
316
317 #if IS_ENABLED(CONFIG_IPV6)
318 static int l2tp_nl_tunnel_send_addr6(struct sk_buff *skb, struct sock *sk,
319 enum l2tp_encap_type encap)
320 {
321 struct inet_sock *inet = inet_sk(sk);
322 struct ipv6_pinfo *np = inet6_sk(sk);
323
324 switch (encap) {
325 case L2TP_ENCAPTYPE_UDP:
326 if (udp_get_no_check6_tx(sk) &&
327 nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_TX))
328 return -1;
329 if (udp_get_no_check6_rx(sk) &&
330 nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_RX))
331 return -1;
332 if (nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
333 nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
334 return -1;
335 fallthrough;
336 case L2TP_ENCAPTYPE_IP:
337 if (nla_put_in6_addr(skb, L2TP_ATTR_IP6_SADDR, &np->saddr) ||
338 nla_put_in6_addr(skb, L2TP_ATTR_IP6_DADDR, &sk->sk_v6_daddr))
339 return -1;
340 break;
341 }
342 return 0;
343 }
344 #endif
345
346 static int l2tp_nl_tunnel_send_addr4(struct sk_buff *skb, struct sock *sk,
347 enum l2tp_encap_type encap)
348 {
349 struct inet_sock *inet = inet_sk(sk);
350
351 switch (encap) {
352 case L2TP_ENCAPTYPE_UDP:
353 if (nla_put_u8(skb, L2TP_ATTR_UDP_CSUM, !sk->sk_no_check_tx) ||
354 nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
355 nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
356 return -1;
357 fallthrough;
358 case L2TP_ENCAPTYPE_IP:
359 if (nla_put_in_addr(skb, L2TP_ATTR_IP_SADDR, inet->inet_saddr) ||
360 nla_put_in_addr(skb, L2TP_ATTR_IP_DADDR, inet->inet_daddr))
361 return -1;
362 break;
363 }
364
365 return 0;
366 }
367
368 /* Append attributes for the tunnel address, handling the different attribute types
369 * used for different tunnel encapsulation and AF_INET v.s. AF_INET6.
370 */
371 static int l2tp_nl_tunnel_send_addr(struct sk_buff *skb, struct l2tp_tunnel *tunnel)
372 {
373 struct sock *sk = tunnel->sock;
374
375 if (!sk)
376 return 0;
377
378 #if IS_ENABLED(CONFIG_IPV6)
379 if (sk->sk_family == AF_INET6)
380 return l2tp_nl_tunnel_send_addr6(skb, sk, tunnel->encap);
381 #endif
382 return l2tp_nl_tunnel_send_addr4(skb, sk, tunnel->encap);
383 }
384
385 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
386 struct l2tp_tunnel *tunnel, u8 cmd)
387 {
388 void *hdr;
389 struct nlattr *nest;
390
391 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
392 if (!hdr)
393 return -EMSGSIZE;
394
395 if (nla_put_u8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version) ||
396 nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
397 nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
398 nla_put_u32(skb, L2TP_ATTR_DEBUG, 0) ||
399 nla_put_u16(skb, L2TP_ATTR_ENCAP_TYPE, tunnel->encap))
400 goto nla_put_failure;
401
402 nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
403 if (!nest)
404 goto nla_put_failure;
405
406 if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
407 atomic_long_read(&tunnel->stats.tx_packets),
408 L2TP_ATTR_STATS_PAD) ||
409 nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
410 atomic_long_read(&tunnel->stats.tx_bytes),
411 L2TP_ATTR_STATS_PAD) ||
412 nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
413 atomic_long_read(&tunnel->stats.tx_errors),
414 L2TP_ATTR_STATS_PAD) ||
415 nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
416 atomic_long_read(&tunnel->stats.rx_packets),
417 L2TP_ATTR_STATS_PAD) ||
418 nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
419 atomic_long_read(&tunnel->stats.rx_bytes),
420 L2TP_ATTR_STATS_PAD) ||
421 nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
422 atomic_long_read(&tunnel->stats.rx_seq_discards),
423 L2TP_ATTR_STATS_PAD) ||
424 nla_put_u64_64bit(skb, L2TP_ATTR_RX_COOKIE_DISCARDS,
425 atomic_long_read(&tunnel->stats.rx_cookie_discards),
426 L2TP_ATTR_STATS_PAD) ||
427 nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
428 atomic_long_read(&tunnel->stats.rx_oos_packets),
429 L2TP_ATTR_STATS_PAD) ||
430 nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
431 atomic_long_read(&tunnel->stats.rx_errors),
432 L2TP_ATTR_STATS_PAD) ||
433 nla_put_u64_64bit(skb, L2TP_ATTR_RX_INVALID,
434 atomic_long_read(&tunnel->stats.rx_invalid),
435 L2TP_ATTR_STATS_PAD))
436 goto nla_put_failure;
437 nla_nest_end(skb, nest);
438
439 if (l2tp_nl_tunnel_send_addr(skb, tunnel))
440 goto nla_put_failure;
441
442 genlmsg_end(skb, hdr);
443 return 0;
444
445 nla_put_failure:
446 genlmsg_cancel(skb, hdr);
447 return -1;
448 }
449
450 static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info)
451 {
452 struct l2tp_tunnel *tunnel;
453 struct sk_buff *msg;
454 u32 tunnel_id;
455 int ret = -ENOBUFS;
456 struct net *net = genl_info_net(info);
457
458 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
459 ret = -EINVAL;
460 goto err;
461 }
462
463 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
464
465 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
466 if (!msg) {
467 ret = -ENOMEM;
468 goto err;
469 }
470
471 tunnel = l2tp_tunnel_get(net, tunnel_id);
472 if (!tunnel) {
473 ret = -ENODEV;
474 goto err_nlmsg;
475 }
476
477 ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
478 NLM_F_ACK, tunnel, L2TP_CMD_TUNNEL_GET);
479 if (ret < 0)
480 goto err_nlmsg_tunnel;
481
482 l2tp_tunnel_dec_refcount(tunnel);
483
484 return genlmsg_unicast(net, msg, info->snd_portid);
485
486 err_nlmsg_tunnel:
487 l2tp_tunnel_dec_refcount(tunnel);
488 err_nlmsg:
489 nlmsg_free(msg);
490 err:
491 return ret;
492 }
493
494 static int l2tp_nl_cmd_tunnel_dump(struct sk_buff *skb, struct netlink_callback *cb)
495 {
496 int ti = cb->args[0];
497 struct l2tp_tunnel *tunnel;
498 struct net *net = sock_net(skb->sk);
499
500 for (;;) {
501 tunnel = l2tp_tunnel_get_nth(net, ti);
502 if (!tunnel)
503 goto out;
504
505 if (l2tp_nl_tunnel_send(skb, NETLINK_CB(cb->skb).portid,
506 cb->nlh->nlmsg_seq, NLM_F_MULTI,
507 tunnel, L2TP_CMD_TUNNEL_GET) < 0) {
508 l2tp_tunnel_dec_refcount(tunnel);
509 goto out;
510 }
511 l2tp_tunnel_dec_refcount(tunnel);
512
513 ti++;
514 }
515
516 out:
517 cb->args[0] = ti;
518
519 return skb->len;
520 }
521
522 static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *info)
523 {
524 u32 tunnel_id = 0;
525 u32 session_id;
526 u32 peer_session_id;
527 int ret = 0;
528 struct l2tp_tunnel *tunnel;
529 struct l2tp_session *session;
530 struct l2tp_session_cfg cfg = { 0, };
531 struct net *net = genl_info_net(info);
532
533 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
534 ret = -EINVAL;
535 goto out;
536 }
537
538 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
539 tunnel = l2tp_tunnel_get(net, tunnel_id);
540 if (!tunnel) {
541 ret = -ENODEV;
542 goto out;
543 }
544
545 if (!info->attrs[L2TP_ATTR_SESSION_ID]) {
546 ret = -EINVAL;
547 goto out_tunnel;
548 }
549 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
550
551 if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) {
552 ret = -EINVAL;
553 goto out_tunnel;
554 }
555 peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]);
556
557 if (!info->attrs[L2TP_ATTR_PW_TYPE]) {
558 ret = -EINVAL;
559 goto out_tunnel;
560 }
561 cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]);
562 if (cfg.pw_type >= __L2TP_PWTYPE_MAX) {
563 ret = -EINVAL;
564 goto out_tunnel;
565 }
566
567 /* L2TPv2 only accepts PPP pseudo-wires */
568 if (tunnel->version == 2 && cfg.pw_type != L2TP_PWTYPE_PPP) {
569 ret = -EPROTONOSUPPORT;
570 goto out_tunnel;
571 }
572
573 if (tunnel->version > 2) {
574 if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) {
575 cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
576 if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT &&
577 cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) {
578 ret = -EINVAL;
579 goto out_tunnel;
580 }
581 } else {
582 cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
583 }
584
585 if (info->attrs[L2TP_ATTR_COOKIE]) {
586 u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]);
587
588 if (len > 8) {
589 ret = -EINVAL;
590 goto out_tunnel;
591 }
592 cfg.cookie_len = len;
593 memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len);
594 }
595 if (info->attrs[L2TP_ATTR_PEER_COOKIE]) {
596 u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]);
597
598 if (len > 8) {
599 ret = -EINVAL;
600 goto out_tunnel;
601 }
602 cfg.peer_cookie_len = len;
603 memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len);
604 }
605 if (info->attrs[L2TP_ATTR_IFNAME])
606 cfg.ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
607 }
608
609 if (info->attrs[L2TP_ATTR_RECV_SEQ])
610 cfg.recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
611
612 if (info->attrs[L2TP_ATTR_SEND_SEQ])
613 cfg.send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
614
615 if (info->attrs[L2TP_ATTR_LNS_MODE])
616 cfg.lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
617
618 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
619 cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
620
621 #ifdef CONFIG_MODULES
622 if (!l2tp_nl_cmd_ops[cfg.pw_type]) {
623 genl_unlock();
624 request_module("net-l2tp-type-%u", cfg.pw_type);
625 genl_lock();
626 }
627 #endif
628 if (!l2tp_nl_cmd_ops[cfg.pw_type] || !l2tp_nl_cmd_ops[cfg.pw_type]->session_create) {
629 ret = -EPROTONOSUPPORT;
630 goto out_tunnel;
631 }
632
633 ret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel,
634 session_id,
635 peer_session_id,
636 &cfg);
637
638 if (ret >= 0) {
639 session = l2tp_session_get(net, tunnel->sock, tunnel->version,
640 tunnel_id, session_id);
641 if (session) {
642 ret = l2tp_session_notify(&l2tp_nl_family, info, session,
643 L2TP_CMD_SESSION_CREATE);
644 l2tp_session_dec_refcount(session);
645 }
646 }
647
648 out_tunnel:
649 l2tp_tunnel_dec_refcount(tunnel);
650 out:
651 return ret;
652 }
653
654 static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *info)
655 {
656 int ret = 0;
657 struct l2tp_session *session;
658 u16 pw_type;
659
660 session = l2tp_nl_session_get(info);
661 if (!session) {
662 ret = -ENODEV;
663 goto out;
664 }
665
666 l2tp_session_notify(&l2tp_nl_family, info,
667 session, L2TP_CMD_SESSION_DELETE);
668
669 pw_type = session->pwtype;
670 if (pw_type < __L2TP_PWTYPE_MAX)
671 if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete)
672 l2tp_nl_cmd_ops[pw_type]->session_delete(session);
673
674 l2tp_session_dec_refcount(session);
675
676 out:
677 return ret;
678 }
679
680 static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *info)
681 {
682 int ret = 0;
683 struct l2tp_session *session;
684
685 session = l2tp_nl_session_get(info);
686 if (!session) {
687 ret = -ENODEV;
688 goto out;
689 }
690
691 if (info->attrs[L2TP_ATTR_RECV_SEQ])
692 session->recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
693
694 if (info->attrs[L2TP_ATTR_SEND_SEQ]) {
695 struct l2tp_tunnel *tunnel = session->tunnel;
696
697 session->send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
698 l2tp_session_set_header_len(session, tunnel->version, tunnel->encap);
699 }
700
701 if (info->attrs[L2TP_ATTR_LNS_MODE])
702 session->lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
703
704 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
705 session->reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
706
707 ret = l2tp_session_notify(&l2tp_nl_family, info,
708 session, L2TP_CMD_SESSION_MODIFY);
709
710 l2tp_session_dec_refcount(session);
711
712 out:
713 return ret;
714 }
715
716 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
717 struct l2tp_session *session, u8 cmd)
718 {
719 void *hdr;
720 struct nlattr *nest;
721 struct l2tp_tunnel *tunnel = session->tunnel;
722
723 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
724 if (!hdr)
725 return -EMSGSIZE;
726
727 if (nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
728 nla_put_u32(skb, L2TP_ATTR_SESSION_ID, session->session_id) ||
729 nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
730 nla_put_u32(skb, L2TP_ATTR_PEER_SESSION_ID, session->peer_session_id) ||
731 nla_put_u32(skb, L2TP_ATTR_DEBUG, 0) ||
732 nla_put_u16(skb, L2TP_ATTR_PW_TYPE, session->pwtype))
733 goto nla_put_failure;
734
735 if ((session->ifname[0] &&
736 nla_put_string(skb, L2TP_ATTR_IFNAME, session->ifname)) ||
737 (session->cookie_len &&
738 nla_put(skb, L2TP_ATTR_COOKIE, session->cookie_len, session->cookie)) ||
739 (session->peer_cookie_len &&
740 nla_put(skb, L2TP_ATTR_PEER_COOKIE, session->peer_cookie_len, session->peer_cookie)) ||
741 nla_put_u8(skb, L2TP_ATTR_RECV_SEQ, session->recv_seq) ||
742 nla_put_u8(skb, L2TP_ATTR_SEND_SEQ, session->send_seq) ||
743 nla_put_u8(skb, L2TP_ATTR_LNS_MODE, session->lns_mode) ||
744 (l2tp_tunnel_uses_xfrm(tunnel) &&
745 nla_put_u8(skb, L2TP_ATTR_USING_IPSEC, 1)) ||
746 (session->reorder_timeout &&
747 nla_put_msecs(skb, L2TP_ATTR_RECV_TIMEOUT,
748 session->reorder_timeout, L2TP_ATTR_PAD)))
749 goto nla_put_failure;
750
751 nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
752 if (!nest)
753 goto nla_put_failure;
754
755 if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
756 atomic_long_read(&session->stats.tx_packets),
757 L2TP_ATTR_STATS_PAD) ||
758 nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
759 atomic_long_read(&session->stats.tx_bytes),
760 L2TP_ATTR_STATS_PAD) ||
761 nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
762 atomic_long_read(&session->stats.tx_errors),
763 L2TP_ATTR_STATS_PAD) ||
764 nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
765 atomic_long_read(&session->stats.rx_packets),
766 L2TP_ATTR_STATS_PAD) ||
767 nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
768 atomic_long_read(&session->stats.rx_bytes),
769 L2TP_ATTR_STATS_PAD) ||
770 nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
771 atomic_long_read(&session->stats.rx_seq_discards),
772 L2TP_ATTR_STATS_PAD) ||
773 nla_put_u64_64bit(skb, L2TP_ATTR_RX_COOKIE_DISCARDS,
774 atomic_long_read(&session->stats.rx_cookie_discards),
775 L2TP_ATTR_STATS_PAD) ||
776 nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
777 atomic_long_read(&session->stats.rx_oos_packets),
778 L2TP_ATTR_STATS_PAD) ||
779 nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
780 atomic_long_read(&session->stats.rx_errors),
781 L2TP_ATTR_STATS_PAD) ||
782 nla_put_u64_64bit(skb, L2TP_ATTR_RX_INVALID,
783 atomic_long_read(&session->stats.rx_invalid),
784 L2TP_ATTR_STATS_PAD))
785 goto nla_put_failure;
786 nla_nest_end(skb, nest);
787
788 genlmsg_end(skb, hdr);
789 return 0;
790
791 nla_put_failure:
792 genlmsg_cancel(skb, hdr);
793 return -1;
794 }
795
796 static int l2tp_nl_cmd_session_get(struct sk_buff *skb, struct genl_info *info)
797 {
798 struct l2tp_session *session;
799 struct sk_buff *msg;
800 int ret;
801
802 session = l2tp_nl_session_get(info);
803 if (!session) {
804 ret = -ENODEV;
805 goto err;
806 }
807
808 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
809 if (!msg) {
810 ret = -ENOMEM;
811 goto err_ref;
812 }
813
814 ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
815 0, session, L2TP_CMD_SESSION_GET);
816 if (ret < 0)
817 goto err_ref_msg;
818
819 ret = genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
820
821 l2tp_session_dec_refcount(session);
822
823 return ret;
824
825 err_ref_msg:
826 nlmsg_free(msg);
827 err_ref:
828 l2tp_session_dec_refcount(session);
829 err:
830 return ret;
831 }
832
833 static int l2tp_nl_cmd_session_dump(struct sk_buff *skb, struct netlink_callback *cb)
834 {
835 struct net *net = sock_net(skb->sk);
836 struct l2tp_session *session;
837 struct l2tp_tunnel *tunnel = NULL;
838 int ti = cb->args[0];
839 int si = cb->args[1];
840
841 for (;;) {
842 if (!tunnel) {
843 tunnel = l2tp_tunnel_get_nth(net, ti);
844 if (!tunnel)
845 goto out;
846 }
847
848 session = l2tp_session_get_nth(tunnel, si);
849 if (!session) {
850 ti++;
851 l2tp_tunnel_dec_refcount(tunnel);
852 tunnel = NULL;
853 si = 0;
854 continue;
855 }
856
857 if (l2tp_nl_session_send(skb, NETLINK_CB(cb->skb).portid,
858 cb->nlh->nlmsg_seq, NLM_F_MULTI,
859 session, L2TP_CMD_SESSION_GET) < 0) {
860 l2tp_session_dec_refcount(session);
861 l2tp_tunnel_dec_refcount(tunnel);
862 break;
863 }
864 l2tp_session_dec_refcount(session);
865
866 si++;
867 }
868
869 out:
870 cb->args[0] = ti;
871 cb->args[1] = si;
872
873 return skb->len;
874 }
875
876 static const struct nla_policy l2tp_nl_policy[L2TP_ATTR_MAX + 1] = {
877 [L2TP_ATTR_NONE] = { .type = NLA_UNSPEC, },
878 [L2TP_ATTR_PW_TYPE] = { .type = NLA_U16, },
879 [L2TP_ATTR_ENCAP_TYPE] = { .type = NLA_U16, },
880 [L2TP_ATTR_OFFSET] = { .type = NLA_U16, },
881 [L2TP_ATTR_DATA_SEQ] = { .type = NLA_U8, },
882 [L2TP_ATTR_L2SPEC_TYPE] = { .type = NLA_U8, },
883 [L2TP_ATTR_L2SPEC_LEN] = { .type = NLA_U8, },
884 [L2TP_ATTR_PROTO_VERSION] = { .type = NLA_U8, },
885 [L2TP_ATTR_CONN_ID] = { .type = NLA_U32, },
886 [L2TP_ATTR_PEER_CONN_ID] = { .type = NLA_U32, },
887 [L2TP_ATTR_SESSION_ID] = { .type = NLA_U32, },
888 [L2TP_ATTR_PEER_SESSION_ID] = { .type = NLA_U32, },
889 [L2TP_ATTR_UDP_CSUM] = { .type = NLA_U8, },
890 [L2TP_ATTR_VLAN_ID] = { .type = NLA_U16, },
891 [L2TP_ATTR_DEBUG] = { .type = NLA_U32, },
892 [L2TP_ATTR_RECV_SEQ] = { .type = NLA_U8, },
893 [L2TP_ATTR_SEND_SEQ] = { .type = NLA_U8, },
894 [L2TP_ATTR_LNS_MODE] = { .type = NLA_U8, },
895 [L2TP_ATTR_USING_IPSEC] = { .type = NLA_U8, },
896 [L2TP_ATTR_RECV_TIMEOUT] = { .type = NLA_MSECS, },
897 [L2TP_ATTR_FD] = { .type = NLA_U32, },
898 [L2TP_ATTR_IP_SADDR] = { .type = NLA_U32, },
899 [L2TP_ATTR_IP_DADDR] = { .type = NLA_U32, },
900 [L2TP_ATTR_UDP_SPORT] = { .type = NLA_U16, },
901 [L2TP_ATTR_UDP_DPORT] = { .type = NLA_U16, },
902 [L2TP_ATTR_MTU] = { .type = NLA_U16, },
903 [L2TP_ATTR_MRU] = { .type = NLA_U16, },
904 [L2TP_ATTR_STATS] = { .type = NLA_NESTED, },
905 [L2TP_ATTR_IP6_SADDR] = {
906 .type = NLA_BINARY,
907 .len = sizeof(struct in6_addr),
908 },
909 [L2TP_ATTR_IP6_DADDR] = {
910 .type = NLA_BINARY,
911 .len = sizeof(struct in6_addr),
912 },
913 [L2TP_ATTR_IFNAME] = {
914 .type = NLA_NUL_STRING,
915 .len = IFNAMSIZ - 1,
916 },
917 [L2TP_ATTR_COOKIE] = {
918 .type = NLA_BINARY,
919 .len = 8,
920 },
921 [L2TP_ATTR_PEER_COOKIE] = {
922 .type = NLA_BINARY,
923 .len = 8,
924 },
925 };
926
927 static const struct genl_small_ops l2tp_nl_ops[] = {
928 {
929 .cmd = L2TP_CMD_NOOP,
930 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
931 .doit = l2tp_nl_cmd_noop,
932 /* can be retrieved by unprivileged users */
933 },
934 {
935 .cmd = L2TP_CMD_TUNNEL_CREATE,
936 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
937 .doit = l2tp_nl_cmd_tunnel_create,
938 .flags = GENL_UNS_ADMIN_PERM,
939 },
940 {
941 .cmd = L2TP_CMD_TUNNEL_DELETE,
942 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
943 .doit = l2tp_nl_cmd_tunnel_delete,
944 .flags = GENL_UNS_ADMIN_PERM,
945 },
946 {
947 .cmd = L2TP_CMD_TUNNEL_MODIFY,
948 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
949 .doit = l2tp_nl_cmd_tunnel_modify,
950 .flags = GENL_UNS_ADMIN_PERM,
951 },
952 {
953 .cmd = L2TP_CMD_TUNNEL_GET,
954 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
955 .doit = l2tp_nl_cmd_tunnel_get,
956 .dumpit = l2tp_nl_cmd_tunnel_dump,
957 .flags = GENL_UNS_ADMIN_PERM,
958 },
959 {
960 .cmd = L2TP_CMD_SESSION_CREATE,
961 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
962 .doit = l2tp_nl_cmd_session_create,
963 .flags = GENL_UNS_ADMIN_PERM,
964 },
965 {
966 .cmd = L2TP_CMD_SESSION_DELETE,
967 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
968 .doit = l2tp_nl_cmd_session_delete,
969 .flags = GENL_UNS_ADMIN_PERM,
970 },
971 {
972 .cmd = L2TP_CMD_SESSION_MODIFY,
973 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
974 .doit = l2tp_nl_cmd_session_modify,
975 .flags = GENL_UNS_ADMIN_PERM,
976 },
977 {
978 .cmd = L2TP_CMD_SESSION_GET,
979 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
980 .doit = l2tp_nl_cmd_session_get,
981 .dumpit = l2tp_nl_cmd_session_dump,
982 .flags = GENL_UNS_ADMIN_PERM,
983 },
984 };
985
986 static struct genl_family l2tp_nl_family __ro_after_init = {
987 .name = L2TP_GENL_NAME,
988 .version = L2TP_GENL_VERSION,
989 .hdrsize = 0,
990 .maxattr = L2TP_ATTR_MAX,
991 .policy = l2tp_nl_policy,
992 .netnsok = true,
993 .module = THIS_MODULE,
994 .small_ops = l2tp_nl_ops,
995 .n_small_ops = ARRAY_SIZE(l2tp_nl_ops),
996 .resv_start_op = L2TP_CMD_SESSION_GET + 1,
997 .mcgrps = l2tp_multicast_group,
998 .n_mcgrps = ARRAY_SIZE(l2tp_multicast_group),
999 };
1000
1001 int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, const struct l2tp_nl_cmd_ops *ops)
1002 {
1003 int ret;
1004
1005 ret = -EINVAL;
1006 if (pw_type >= __L2TP_PWTYPE_MAX)
1007 goto err;
1008
1009 genl_lock();
1010 ret = -EBUSY;
1011 if (l2tp_nl_cmd_ops[pw_type])
1012 goto out;
1013
1014 l2tp_nl_cmd_ops[pw_type] = ops;
1015 ret = 0;
1016
1017 out:
1018 genl_unlock();
1019 err:
1020 return ret;
1021 }
1022 EXPORT_SYMBOL_GPL(l2tp_nl_register_ops);
1023
1024 void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type)
1025 {
1026 if (pw_type < __L2TP_PWTYPE_MAX) {
1027 genl_lock();
1028 l2tp_nl_cmd_ops[pw_type] = NULL;
1029 genl_unlock();
1030 }
1031 }
1032 EXPORT_SYMBOL_GPL(l2tp_nl_unregister_ops);
1033
1034 static int __init l2tp_nl_init(void)
1035 {
1036 pr_info("L2TP netlink interface\n");
1037 return genl_register_family(&l2tp_nl_family);
1038 }
1039
1040 static void l2tp_nl_cleanup(void)
1041 {
1042 genl_unregister_family(&l2tp_nl_family);
1043 }
1044
1045 module_init(l2tp_nl_init);
1046 module_exit(l2tp_nl_cleanup);
1047
1048 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1049 MODULE_DESCRIPTION("L2TP netlink");
1050 MODULE_LICENSE("GPL");
1051 MODULE_VERSION("1.0");
1052 MODULE_ALIAS_GENL_FAMILY("l2tp");
1053
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.