1 // SPDX-License-Identifier: GPL-2.0-only
2 /* L2TP netlink layer, for management
3 *
4 * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5 *
6 * Partly based on the IrDA nelink implementation
7 * (see net/irda/irnetlink.c) which is:
8 * Copyright (c) 2007 Samuel Ortiz <samuel@sortiz.org>
9 * which is in turn partly based on the wireless netlink code:
10 * Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
11 */
12
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15 #include <net/sock.h>
16 #include <net/genetlink.h>
17 #include <net/udp.h>
18 #include <linux/in.h>
19 #include <linux/udp.h>
20 #include <linux/socket.h>
21 #include <linux/module.h>
22 #include <linux/list.h>
23 #include <net/net_namespace.h>
24
25 #include <linux/l2tp.h>
26
27 #include "l2tp_core.h"
28
29 static struct genl_family l2tp_nl_family;
30
31 static const struct genl_multicast_group l2tp_multicast_group[] = {
32 {
33 .name = L2TP_GENL_MCGROUP,
34 },
35 };
36
37 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq,
38 int flags, struct l2tp_tunnel *tunnel, u8 cmd);
39 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq,
40 int flags, struct l2tp_session *session,
41 u8 cmd);
42
43 /* Accessed under genl lock */
44 static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX];
45
46 static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info)
47 {
48 u32 tunnel_id;
49 u32 session_id;
50 char *ifname;
51 struct l2tp_tunnel *tunnel;
52 struct l2tp_session *session = NULL;
53 struct net *net = genl_info_net(info);
54
55 if (info->attrs[L2TP_ATTR_IFNAME]) {
56 ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
57 session = l2tp_session_get_by_ifname(net, ifname);
58 } else if ((info->attrs[L2TP_ATTR_SESSION_ID]) &&
59 (info->attrs[L2TP_ATTR_CONN_ID])) {
60 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
61 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
62 tunnel = l2tp_tunnel_get(net, tunnel_id);
63 if (tunnel) {
64 session = l2tp_session_get(net, tunnel->sock, tunnel->version,
65 tunnel_id, session_id);
66 l2tp_tunnel_dec_refcount(tunnel);
67 }
68 }
69
70 return session;
71 }
72
73 static int l2tp_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info)
74 {
75 struct sk_buff *msg;
76 void *hdr;
77 int ret = -ENOBUFS;
78
79 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
80 if (!msg) {
81 ret = -ENOMEM;
82 goto out;
83 }
84
85 hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq,
86 &l2tp_nl_family, 0, L2TP_CMD_NOOP);
87 if (!hdr) {
88 ret = -EMSGSIZE;
89 goto err_out;
90 }
91
92 genlmsg_end(msg, hdr);
93
94 return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
95
96 err_out:
97 nlmsg_free(msg);
98
99 out:
100 return ret;
101 }
102
103 static int l2tp_tunnel_notify(struct genl_family *family,
104 struct genl_info *info,
105 struct l2tp_tunnel *tunnel,
106 u8 cmd)
107 {
108 struct sk_buff *msg;
109 int ret;
110
111 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
112 if (!msg)
113 return -ENOMEM;
114
115 ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
116 NLM_F_ACK, tunnel, cmd);
117
118 if (ret >= 0) {
119 ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
120 /* We don't care if no one is listening */
121 if (ret == -ESRCH)
122 ret = 0;
123 return ret;
124 }
125
126 nlmsg_free(msg);
127
128 return ret;
129 }
130
131 static int l2tp_session_notify(struct genl_family *family,
132 struct genl_info *info,
133 struct l2tp_session *session,
134 u8 cmd)
135 {
136 struct sk_buff *msg;
137 int ret;
138
139 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
140 if (!msg)
141 return -ENOMEM;
142
143 ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
144 NLM_F_ACK, session, cmd);
145
146 if (ret >= 0) {
147 ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
148 /* We don't care if no one is listening */
149 if (ret == -ESRCH)
150 ret = 0;
151 return ret;
152 }
153
154 nlmsg_free(msg);
155
156 return ret;
157 }
158
159 static int l2tp_nl_cmd_tunnel_create_get_addr(struct nlattr **attrs, struct l2tp_tunnel_cfg *cfg)
160 {
161 if (attrs[L2TP_ATTR_UDP_SPORT])
162 cfg->local_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_SPORT]);
163 if (attrs[L2TP_ATTR_UDP_DPORT])
164 cfg->peer_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_DPORT]);
165 cfg->use_udp_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_CSUM]);
166
167 /* Must have either AF_INET or AF_INET6 address for source and destination */
168 #if IS_ENABLED(CONFIG_IPV6)
169 if (attrs[L2TP_ATTR_IP6_SADDR] && attrs[L2TP_ATTR_IP6_DADDR]) {
170 cfg->local_ip6 = nla_data(attrs[L2TP_ATTR_IP6_SADDR]);
171 cfg->peer_ip6 = nla_data(attrs[L2TP_ATTR_IP6_DADDR]);
172 cfg->udp6_zero_tx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_TX]);
173 cfg->udp6_zero_rx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_RX]);
174 return 0;
175 }
176 #endif
177 if (attrs[L2TP_ATTR_IP_SADDR] && attrs[L2TP_ATTR_IP_DADDR]) {
178 cfg->local_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_SADDR]);
179 cfg->peer_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_DADDR]);
180 return 0;
181 }
182 return -EINVAL;
183 }
184
185 static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info)
186 {
187 u32 tunnel_id;
188 u32 peer_tunnel_id;
189 int proto_version;
190 int fd = -1;
191 int ret = 0;
192 struct l2tp_tunnel_cfg cfg = { 0, };
193 struct l2tp_tunnel *tunnel;
194 struct net *net = genl_info_net(info);
195 struct nlattr **attrs = info->attrs;
196
197 if (!attrs[L2TP_ATTR_CONN_ID]) {
198 ret = -EINVAL;
199 goto out;
200 }
201 tunnel_id = nla_get_u32(attrs[L2TP_ATTR_CONN_ID]);
202
203 if (!attrs[L2TP_ATTR_PEER_CONN_ID]) {
204 ret = -EINVAL;
205 goto out;
206 }
207 peer_tunnel_id = nla_get_u32(attrs[L2TP_ATTR_PEER_CONN_ID]);
208
209 if (!attrs[L2TP_ATTR_PROTO_VERSION]) {
210 ret = -EINVAL;
211 goto out;
212 }
213 proto_version = nla_get_u8(attrs[L2TP_ATTR_PROTO_VERSION]);
214
215 if (!attrs[L2TP_ATTR_ENCAP_TYPE]) {
216 ret = -EINVAL;
217 goto out;
218 }
219 cfg.encap = nla_get_u16(attrs[L2TP_ATTR_ENCAP_TYPE]);
220
221 /* Managed tunnels take the tunnel socket from userspace.
222 * Unmanaged tunnels must call out the source and destination addresses
223 * for the kernel to create the tunnel socket itself.
224 */
225 if (attrs[L2TP_ATTR_FD]) {
226 fd = nla_get_u32(attrs[L2TP_ATTR_FD]);
227 } else {
228 ret = l2tp_nl_cmd_tunnel_create_get_addr(attrs, &cfg);
229 if (ret < 0)
230 goto out;
231 }
232
233 ret = -EINVAL;
234 switch (cfg.encap) {
235 case L2TP_ENCAPTYPE_UDP:
236 case L2TP_ENCAPTYPE_IP:
237 ret = l2tp_tunnel_create(fd, proto_version, tunnel_id,
238 peer_tunnel_id, &cfg, &tunnel);
239 break;
240 }
241
242 if (ret < 0)
243 goto out;
244
245 l2tp_tunnel_inc_refcount(tunnel);
246 ret = l2tp_tunnel_register(tunnel, net, &cfg);
247 if (ret < 0) {
248 kfree(tunnel);
249 goto out;
250 }
251 ret = l2tp_tunnel_notify(&l2tp_nl_family, info, tunnel,
252 L2TP_CMD_TUNNEL_CREATE);
253 l2tp_tunnel_dec_refcount(tunnel);
254
255 out:
256 return ret;
257 }
258
259 static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info)
260 {
261 struct l2tp_tunnel *tunnel;
262 u32 tunnel_id;
263 int ret = 0;
264 struct net *net = genl_info_net(info);
265
266 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
267 ret = -EINVAL;
268 goto out;
269 }
270 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
271
272 tunnel = l2tp_tunnel_get(net, tunnel_id);
273 if (!tunnel) {
274 ret = -ENODEV;
275 goto out;
276 }
277
278 l2tp_tunnel_notify(&l2tp_nl_family, info,
279 tunnel, L2TP_CMD_TUNNEL_DELETE);
280
281 l2tp_tunnel_delete(tunnel);
282
283 l2tp_tunnel_dec_refcount(tunnel);
284
285 out:
286 return ret;
287 }
288
289 static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info)
290 {
291 struct l2tp_tunnel *tunnel;
292 u32 tunnel_id;
293 int ret = 0;
294 struct net *net = genl_info_net(info);
295
296 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
297 ret = -EINVAL;
298 goto out;
299 }
300 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
301
302 tunnel = l2tp_tunnel_get(net, tunnel_id);
303 if (!tunnel) {
304 ret = -ENODEV;
305 goto out;
306 }
307
308 ret = l2tp_tunnel_notify(&l2tp_nl_family, info,
309 tunnel, L2TP_CMD_TUNNEL_MODIFY);
310
311 l2tp_tunnel_dec_refcount(tunnel);
312
313 out:
314 return ret;
315 }
316
317 #if IS_ENABLED(CONFIG_IPV6)
318 static int l2tp_nl_tunnel_send_addr6(struct sk_buff *skb, struct sock *sk,
319 enum l2tp_encap_type encap)
320 {
321 struct inet_sock *inet = inet_sk(sk);
322 struct ipv6_pinfo *np = inet6_sk(sk);
323
324 switch (encap) {
325 case L2TP_ENCAPTYPE_UDP:
326 if (udp_get_no_check6_tx(sk) &&
327 nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_TX))
328 return -1;
329 if (udp_get_no_check6_rx(sk) &&
330 nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_RX))
331 return -1;
332 if (nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
333 nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
334 return -1;
335 fallthrough;
336 case L2TP_ENCAPTYPE_IP:
337 if (nla_put_in6_addr(skb, L2TP_ATTR_IP6_SADDR, &np->saddr) ||
338 nla_put_in6_addr(skb, L2TP_ATTR_IP6_DADDR, &sk->sk_v6_daddr))
339 return -1;
340 break;
341 }
342 return 0;
343 }
344 #endif
345
346 static int l2tp_nl_tunnel_send_addr4(struct sk_buff *skb, struct sock *sk,
347 enum l2tp_encap_type encap)
348 {
349 struct inet_sock *inet = inet_sk(sk);
350
351 switch (encap) {
352 case L2TP_ENCAPTYPE_UDP:
353 if (nla_put_u8(skb, L2TP_ATTR_UDP_CSUM, !sk->sk_no_check_tx) ||
354 nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
355 nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
356 return -1;
357 fallthrough;
358 case L2TP_ENCAPTYPE_IP:
359 if (nla_put_in_addr(skb, L2TP_ATTR_IP_SADDR, inet->inet_saddr) ||
360 nla_put_in_addr(skb, L2TP_ATTR_IP_DADDR, inet->inet_daddr))
361 return -1;
362 break;
363 }
364
365 return 0;
366 }
367
368 /* Append attributes for the tunnel address, handling the different attribute types
369 * used for different tunnel encapsulation and AF_INET v.s. AF_INET6.
370 */
371 static int l2tp_nl_tunnel_send_addr(struct sk_buff *skb, struct l2tp_tunnel *tunnel)
372 {
373 struct sock *sk = tunnel->sock;
374
375 if (!sk)
376 return 0;
377
378 #if IS_ENABLED(CONFIG_IPV6)
379 if (sk->sk_family == AF_INET6)
380 return l2tp_nl_tunnel_send_addr6(skb, sk, tunnel->encap);
381 #endif
382 return l2tp_nl_tunnel_send_addr4(skb, sk, tunnel->encap);
383 }
384
385 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
386 struct l2tp_tunnel *tunnel, u8 cmd)
387 {
388 void *hdr;
389 struct nlattr *nest;
390
391 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
392 if (!hdr)
393 return -EMSGSIZE;
394
395 if (nla_put_u8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version) ||
396 nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
397 nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
398 nla_put_u32(skb, L2TP_ATTR_DEBUG, 0) ||
399 nla_put_u16(skb, L2TP_ATTR_ENCAP_TYPE, tunnel->encap))
400 goto nla_put_failure;
401
402 nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
403 if (!nest)
404 goto nla_put_failure;
405
406 if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
407 atomic_long_read(&tunnel->stats.tx_packets),
408 L2TP_ATTR_STATS_PAD) ||
409 nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
410 atomic_long_read(&tunnel->stats.tx_bytes),
411 L2TP_ATTR_STATS_PAD) ||
412 nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
413 atomic_long_read(&tunnel->stats.tx_errors),
414 L2TP_ATTR_STATS_PAD) ||
415 nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
416 atomic_long_read(&tunnel->stats.rx_packets),
417 L2TP_ATTR_STATS_PAD) ||
418 nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
419 atomic_long_read(&tunnel->stats.rx_bytes),
420 L2TP_ATTR_STATS_PAD) ||
421 nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
422 atomic_long_read(&tunnel->stats.rx_seq_discards),
423 L2TP_ATTR_STATS_PAD) ||
424 nla_put_u64_64bit(skb, L2TP_ATTR_RX_COOKIE_DISCARDS,
425 atomic_long_read(&tunnel->stats.rx_cookie_discards),
426 L2TP_ATTR_STATS_PAD) ||
427 nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
428 atomic_long_read(&tunnel->stats.rx_oos_packets),
429 L2TP_ATTR_STATS_PAD) ||
430 nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
431 atomic_long_read(&tunnel->stats.rx_errors),
432 L2TP_ATTR_STATS_PAD) ||
433 nla_put_u64_64bit(skb, L2TP_ATTR_RX_INVALID,
434 atomic_long_read(&tunnel->stats.rx_invalid),
435 L2TP_ATTR_STATS_PAD))
436 goto nla_put_failure;
437 nla_nest_end(skb, nest);
438
439 if (l2tp_nl_tunnel_send_addr(skb, tunnel))
440 goto nla_put_failure;
441
442 genlmsg_end(skb, hdr);
443 return 0;
444
445 nla_put_failure:
446 genlmsg_cancel(skb, hdr);
447 return -1;
448 }
449
450 static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info)
451 {
452 struct l2tp_tunnel *tunnel;
453 struct sk_buff *msg;
454 u32 tunnel_id;
455 int ret = -ENOBUFS;
456 struct net *net = genl_info_net(info);
457
458 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
459 ret = -EINVAL;
460 goto err;
461 }
462
463 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
464
465 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
466 if (!msg) {
467 ret = -ENOMEM;
468 goto err;
469 }
470
471 tunnel = l2tp_tunnel_get(net, tunnel_id);
472 if (!tunnel) {
473 ret = -ENODEV;
474 goto err_nlmsg;
475 }
476
477 ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
478 NLM_F_ACK, tunnel, L2TP_CMD_TUNNEL_GET);
479 if (ret < 0)
480 goto err_nlmsg_tunnel;
481
482 l2tp_tunnel_dec_refcount(tunnel);
483
484 return genlmsg_unicast(net, msg, info->snd_portid);
485
486 err_nlmsg_tunnel:
487 l2tp_tunnel_dec_refcount(tunnel);
488 err_nlmsg:
489 nlmsg_free(msg);
490 err:
491 return ret;
492 }
493
494 static int l2tp_nl_cmd_tunnel_dump(struct sk_buff *skb, struct netlink_callback *cb)
495 {
496 int ti = cb->args[0];
497 struct l2tp_tunnel *tunnel;
498 struct net *net = sock_net(skb->sk);
499
500 for (;;) {
501 tunnel = l2tp_tunnel_get_nth(net, ti);
502 if (!tunnel)
503 goto out;
504
505 if (l2tp_nl_tunnel_send(skb, NETLINK_CB(cb->skb).portid,
506 cb->nlh->nlmsg_seq, NLM_F_MULTI,
507 tunnel, L2TP_CMD_TUNNEL_GET) < 0) {
508 l2tp_tunnel_dec_refcount(tunnel);
509 goto out;
510 }
511 l2tp_tunnel_dec_refcount(tunnel);
512
513 ti++;
514 }
515
516 out:
517 cb->args[0] = ti;
518
519 return skb->len;
520 }
521
522 static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *info)
523 {
524 u32 tunnel_id = 0;
525 u32 session_id;
526 u32 peer_session_id;
527 int ret = 0;
528 struct l2tp_tunnel *tunnel;
529 struct l2tp_session *session;
530 struct l2tp_session_cfg cfg = { 0, };
531 struct net *net = genl_info_net(info);
532
533 if (!info->attrs[L2TP_ATTR_CONN_ID]) {
534 ret = -EINVAL;
535 goto out;
536 }
537
538 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
539 tunnel = l2tp_tunnel_get(net, tunnel_id);
540 if (!tunnel) {
541 ret = -ENODEV;
542 goto out;
543 }
544
545 if (!info->attrs[L2TP_ATTR_SESSION_ID]) {
546 ret = -EINVAL;
547 goto out_tunnel;
548 }
549 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
550
551 if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) {
552 ret = -EINVAL;
553 goto out_tunnel;
554 }
555 peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]);
556
557 if (!info->attrs[L2TP_ATTR_PW_TYPE]) {
558 ret = -EINVAL;
559 goto out_tunnel;
560 }
561 cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]);
562 if (cfg.pw_type >= __L2TP_PWTYPE_MAX) {
563 ret = -EINVAL;
564 goto out_tunnel;
565 }
566
567 /* L2TPv2 only accepts PPP pseudo-wires */
568 if (tunnel->version == 2 && cfg.pw_type != L2TP_PWTYPE_PPP) {
569 ret = -EPROTONOSUPPORT;
570 goto out_tunnel;
571 }
572
573 if (tunnel->version > 2) {
574 if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) {
575 cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
576 if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT &&
577 cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) {
578 ret = -EINVAL;
579 goto out_tunnel;
580 }
581 } else {
582 cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
583 }
584
585 if (info->attrs[L2TP_ATTR_COOKIE]) {
586 u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]);
587
588 if (len > 8) {
589 ret = -EINVAL;
590 goto out_tunnel;
591 }
592 cfg.cookie_len = len;
593 memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len);
594 }
595 if (info->attrs[L2TP_ATTR_PEER_COOKIE]) {
596 u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]);
597
598 if (len > 8) {
599 ret = -EINVAL;
600 goto out_tunnel;
601 }
602 cfg.peer_cookie_len = len;
603 memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len);
604 }
605 if (info->attrs[L2TP_ATTR_IFNAME])
606 cfg.ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
607 }
608
609 if (info->attrs[L2TP_ATTR_RECV_SEQ])
610 cfg.recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
611
612 if (info->attrs[L2TP_ATTR_SEND_SEQ])
613 cfg.send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
614
615 if (info->attrs[L2TP_ATTR_LNS_MODE])
616 cfg.lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
617
618 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
619 cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
620
621 #ifdef CONFIG_MODULES
622 if (!l2tp_nl_cmd_ops[cfg.pw_type]) {
623 genl_unlock();
624 request_module("net-l2tp-type-%u", cfg.pw_type);
625 genl_lock();
626 }
627 #endif
628 if (!l2tp_nl_cmd_ops[cfg.pw_type] || !l2tp_nl_cmd_ops[cfg.pw_type]->session_create) {
629 ret = -EPROTONOSUPPORT;
630 goto out_tunnel;
631 }
632
633 ret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel,
634 session_id,
635 peer_session_id,
636 &cfg);
637
638 if (ret >= 0) {
639 session = l2tp_session_get(net, tunnel->sock, tunnel->version,
640 tunnel_id, session_id);
641 if (session) {
642 ret = l2tp_session_notify(&l2tp_nl_family, info, session,
643 L2TP_CMD_SESSION_CREATE);
644 l2tp_session_dec_refcount(session);
645 }
646 }
647
648 out_tunnel:
649 l2tp_tunnel_dec_refcount(tunnel);
650 out:
651 return ret;
652 }
653
654 static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *info)
655 {
656 int ret = 0;
657 struct l2tp_session *session;
658 u16 pw_type;
659
660 session = l2tp_nl_session_get(info);
661 if (!session) {
662 ret = -ENODEV;
663 goto out;
664 }
665
666 l2tp_session_notify(&l2tp_nl_family, info,
667 session, L2TP_CMD_SESSION_DELETE);
668
669 pw_type = session->pwtype;
670 if (pw_type < __L2TP_PWTYPE_MAX)
671 if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete)
672 l2tp_nl_cmd_ops[pw_type]->session_delete(session);
673
674 l2tp_session_dec_refcount(session);
675
676 out:
677 return ret;
678 }
679
680 static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *info)
681 {
682 int ret = 0;
683 struct l2tp_session *session;
684
685 session = l2tp_nl_session_get(info);
686 if (!session) {
687 ret = -ENODEV;
688 goto out;
689 }
690
691 if (info->attrs[L2TP_ATTR_RECV_SEQ])
692 session->recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
693
694 if (info->attrs[L2TP_ATTR_SEND_SEQ]) {
695 session->send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
696 l2tp_session_set_header_len(session, session->tunnel->version);
697 }
698
699 if (info->attrs[L2TP_ATTR_LNS_MODE])
700 session->lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
701
702 if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
703 session->reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
704
705 ret = l2tp_session_notify(&l2tp_nl_family, info,
706 session, L2TP_CMD_SESSION_MODIFY);
707
708 l2tp_session_dec_refcount(session);
709
710 out:
711 return ret;
712 }
713
714 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
715 struct l2tp_session *session, u8 cmd)
716 {
717 void *hdr;
718 struct nlattr *nest;
719 struct l2tp_tunnel *tunnel = session->tunnel;
720
721 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
722 if (!hdr)
723 return -EMSGSIZE;
724
725 if (nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
726 nla_put_u32(skb, L2TP_ATTR_SESSION_ID, session->session_id) ||
727 nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
728 nla_put_u32(skb, L2TP_ATTR_PEER_SESSION_ID, session->peer_session_id) ||
729 nla_put_u32(skb, L2TP_ATTR_DEBUG, 0) ||
730 nla_put_u16(skb, L2TP_ATTR_PW_TYPE, session->pwtype))
731 goto nla_put_failure;
732
733 if ((session->ifname[0] &&
734 nla_put_string(skb, L2TP_ATTR_IFNAME, session->ifname)) ||
735 (session->cookie_len &&
736 nla_put(skb, L2TP_ATTR_COOKIE, session->cookie_len, session->cookie)) ||
737 (session->peer_cookie_len &&
738 nla_put(skb, L2TP_ATTR_PEER_COOKIE, session->peer_cookie_len, session->peer_cookie)) ||
739 nla_put_u8(skb, L2TP_ATTR_RECV_SEQ, session->recv_seq) ||
740 nla_put_u8(skb, L2TP_ATTR_SEND_SEQ, session->send_seq) ||
741 nla_put_u8(skb, L2TP_ATTR_LNS_MODE, session->lns_mode) ||
742 (l2tp_tunnel_uses_xfrm(tunnel) &&
743 nla_put_u8(skb, L2TP_ATTR_USING_IPSEC, 1)) ||
744 (session->reorder_timeout &&
745 nla_put_msecs(skb, L2TP_ATTR_RECV_TIMEOUT,
746 session->reorder_timeout, L2TP_ATTR_PAD)))
747 goto nla_put_failure;
748
749 nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
750 if (!nest)
751 goto nla_put_failure;
752
753 if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
754 atomic_long_read(&session->stats.tx_packets),
755 L2TP_ATTR_STATS_PAD) ||
756 nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
757 atomic_long_read(&session->stats.tx_bytes),
758 L2TP_ATTR_STATS_PAD) ||
759 nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
760 atomic_long_read(&session->stats.tx_errors),
761 L2TP_ATTR_STATS_PAD) ||
762 nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
763 atomic_long_read(&session->stats.rx_packets),
764 L2TP_ATTR_STATS_PAD) ||
765 nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
766 atomic_long_read(&session->stats.rx_bytes),
767 L2TP_ATTR_STATS_PAD) ||
768 nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
769 atomic_long_read(&session->stats.rx_seq_discards),
770 L2TP_ATTR_STATS_PAD) ||
771 nla_put_u64_64bit(skb, L2TP_ATTR_RX_COOKIE_DISCARDS,
772 atomic_long_read(&session->stats.rx_cookie_discards),
773 L2TP_ATTR_STATS_PAD) ||
774 nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
775 atomic_long_read(&session->stats.rx_oos_packets),
776 L2TP_ATTR_STATS_PAD) ||
777 nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
778 atomic_long_read(&session->stats.rx_errors),
779 L2TP_ATTR_STATS_PAD) ||
780 nla_put_u64_64bit(skb, L2TP_ATTR_RX_INVALID,
781 atomic_long_read(&session->stats.rx_invalid),
782 L2TP_ATTR_STATS_PAD))
783 goto nla_put_failure;
784 nla_nest_end(skb, nest);
785
786 genlmsg_end(skb, hdr);
787 return 0;
788
789 nla_put_failure:
790 genlmsg_cancel(skb, hdr);
791 return -1;
792 }
793
794 static int l2tp_nl_cmd_session_get(struct sk_buff *skb, struct genl_info *info)
795 {
796 struct l2tp_session *session;
797 struct sk_buff *msg;
798 int ret;
799
800 session = l2tp_nl_session_get(info);
801 if (!session) {
802 ret = -ENODEV;
803 goto err;
804 }
805
806 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
807 if (!msg) {
808 ret = -ENOMEM;
809 goto err_ref;
810 }
811
812 ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
813 0, session, L2TP_CMD_SESSION_GET);
814 if (ret < 0)
815 goto err_ref_msg;
816
817 ret = genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
818
819 l2tp_session_dec_refcount(session);
820
821 return ret;
822
823 err_ref_msg:
824 nlmsg_free(msg);
825 err_ref:
826 l2tp_session_dec_refcount(session);
827 err:
828 return ret;
829 }
830
831 static int l2tp_nl_cmd_session_dump(struct sk_buff *skb, struct netlink_callback *cb)
832 {
833 struct net *net = sock_net(skb->sk);
834 struct l2tp_session *session;
835 struct l2tp_tunnel *tunnel = NULL;
836 int ti = cb->args[0];
837 int si = cb->args[1];
838
839 for (;;) {
840 if (!tunnel) {
841 tunnel = l2tp_tunnel_get_nth(net, ti);
842 if (!tunnel)
843 goto out;
844 }
845
846 session = l2tp_session_get_nth(tunnel, si);
847 if (!session) {
848 ti++;
849 l2tp_tunnel_dec_refcount(tunnel);
850 tunnel = NULL;
851 si = 0;
852 continue;
853 }
854
855 if (l2tp_nl_session_send(skb, NETLINK_CB(cb->skb).portid,
856 cb->nlh->nlmsg_seq, NLM_F_MULTI,
857 session, L2TP_CMD_SESSION_GET) < 0) {
858 l2tp_session_dec_refcount(session);
859 l2tp_tunnel_dec_refcount(tunnel);
860 break;
861 }
862 l2tp_session_dec_refcount(session);
863
864 si++;
865 }
866
867 out:
868 cb->args[0] = ti;
869 cb->args[1] = si;
870
871 return skb->len;
872 }
873
874 static const struct nla_policy l2tp_nl_policy[L2TP_ATTR_MAX + 1] = {
875 [L2TP_ATTR_NONE] = { .type = NLA_UNSPEC, },
876 [L2TP_ATTR_PW_TYPE] = { .type = NLA_U16, },
877 [L2TP_ATTR_ENCAP_TYPE] = { .type = NLA_U16, },
878 [L2TP_ATTR_OFFSET] = { .type = NLA_U16, },
879 [L2TP_ATTR_DATA_SEQ] = { .type = NLA_U8, },
880 [L2TP_ATTR_L2SPEC_TYPE] = { .type = NLA_U8, },
881 [L2TP_ATTR_L2SPEC_LEN] = { .type = NLA_U8, },
882 [L2TP_ATTR_PROTO_VERSION] = { .type = NLA_U8, },
883 [L2TP_ATTR_CONN_ID] = { .type = NLA_U32, },
884 [L2TP_ATTR_PEER_CONN_ID] = { .type = NLA_U32, },
885 [L2TP_ATTR_SESSION_ID] = { .type = NLA_U32, },
886 [L2TP_ATTR_PEER_SESSION_ID] = { .type = NLA_U32, },
887 [L2TP_ATTR_UDP_CSUM] = { .type = NLA_U8, },
888 [L2TP_ATTR_VLAN_ID] = { .type = NLA_U16, },
889 [L2TP_ATTR_DEBUG] = { .type = NLA_U32, },
890 [L2TP_ATTR_RECV_SEQ] = { .type = NLA_U8, },
891 [L2TP_ATTR_SEND_SEQ] = { .type = NLA_U8, },
892 [L2TP_ATTR_LNS_MODE] = { .type = NLA_U8, },
893 [L2TP_ATTR_USING_IPSEC] = { .type = NLA_U8, },
894 [L2TP_ATTR_RECV_TIMEOUT] = { .type = NLA_MSECS, },
895 [L2TP_ATTR_FD] = { .type = NLA_U32, },
896 [L2TP_ATTR_IP_SADDR] = { .type = NLA_U32, },
897 [L2TP_ATTR_IP_DADDR] = { .type = NLA_U32, },
898 [L2TP_ATTR_UDP_SPORT] = { .type = NLA_U16, },
899 [L2TP_ATTR_UDP_DPORT] = { .type = NLA_U16, },
900 [L2TP_ATTR_MTU] = { .type = NLA_U16, },
901 [L2TP_ATTR_MRU] = { .type = NLA_U16, },
902 [L2TP_ATTR_STATS] = { .type = NLA_NESTED, },
903 [L2TP_ATTR_IP6_SADDR] = {
904 .type = NLA_BINARY,
905 .len = sizeof(struct in6_addr),
906 },
907 [L2TP_ATTR_IP6_DADDR] = {
908 .type = NLA_BINARY,
909 .len = sizeof(struct in6_addr),
910 },
911 [L2TP_ATTR_IFNAME] = {
912 .type = NLA_NUL_STRING,
913 .len = IFNAMSIZ - 1,
914 },
915 [L2TP_ATTR_COOKIE] = {
916 .type = NLA_BINARY,
917 .len = 8,
918 },
919 [L2TP_ATTR_PEER_COOKIE] = {
920 .type = NLA_BINARY,
921 .len = 8,
922 },
923 };
924
925 static const struct genl_small_ops l2tp_nl_ops[] = {
926 {
927 .cmd = L2TP_CMD_NOOP,
928 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
929 .doit = l2tp_nl_cmd_noop,
930 /* can be retrieved by unprivileged users */
931 },
932 {
933 .cmd = L2TP_CMD_TUNNEL_CREATE,
934 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
935 .doit = l2tp_nl_cmd_tunnel_create,
936 .flags = GENL_UNS_ADMIN_PERM,
937 },
938 {
939 .cmd = L2TP_CMD_TUNNEL_DELETE,
940 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
941 .doit = l2tp_nl_cmd_tunnel_delete,
942 .flags = GENL_UNS_ADMIN_PERM,
943 },
944 {
945 .cmd = L2TP_CMD_TUNNEL_MODIFY,
946 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
947 .doit = l2tp_nl_cmd_tunnel_modify,
948 .flags = GENL_UNS_ADMIN_PERM,
949 },
950 {
951 .cmd = L2TP_CMD_TUNNEL_GET,
952 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
953 .doit = l2tp_nl_cmd_tunnel_get,
954 .dumpit = l2tp_nl_cmd_tunnel_dump,
955 .flags = GENL_UNS_ADMIN_PERM,
956 },
957 {
958 .cmd = L2TP_CMD_SESSION_CREATE,
959 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
960 .doit = l2tp_nl_cmd_session_create,
961 .flags = GENL_UNS_ADMIN_PERM,
962 },
963 {
964 .cmd = L2TP_CMD_SESSION_DELETE,
965 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
966 .doit = l2tp_nl_cmd_session_delete,
967 .flags = GENL_UNS_ADMIN_PERM,
968 },
969 {
970 .cmd = L2TP_CMD_SESSION_MODIFY,
971 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
972 .doit = l2tp_nl_cmd_session_modify,
973 .flags = GENL_UNS_ADMIN_PERM,
974 },
975 {
976 .cmd = L2TP_CMD_SESSION_GET,
977 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
978 .doit = l2tp_nl_cmd_session_get,
979 .dumpit = l2tp_nl_cmd_session_dump,
980 .flags = GENL_UNS_ADMIN_PERM,
981 },
982 };
983
984 static struct genl_family l2tp_nl_family __ro_after_init = {
985 .name = L2TP_GENL_NAME,
986 .version = L2TP_GENL_VERSION,
987 .hdrsize = 0,
988 .maxattr = L2TP_ATTR_MAX,
989 .policy = l2tp_nl_policy,
990 .netnsok = true,
991 .module = THIS_MODULE,
992 .small_ops = l2tp_nl_ops,
993 .n_small_ops = ARRAY_SIZE(l2tp_nl_ops),
994 .resv_start_op = L2TP_CMD_SESSION_GET + 1,
995 .mcgrps = l2tp_multicast_group,
996 .n_mcgrps = ARRAY_SIZE(l2tp_multicast_group),
997 };
998
999 int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, const struct l2tp_nl_cmd_ops *ops)
1000 {
1001 int ret;
1002
1003 ret = -EINVAL;
1004 if (pw_type >= __L2TP_PWTYPE_MAX)
1005 goto err;
1006
1007 genl_lock();
1008 ret = -EBUSY;
1009 if (l2tp_nl_cmd_ops[pw_type])
1010 goto out;
1011
1012 l2tp_nl_cmd_ops[pw_type] = ops;
1013 ret = 0;
1014
1015 out:
1016 genl_unlock();
1017 err:
1018 return ret;
1019 }
1020 EXPORT_SYMBOL_GPL(l2tp_nl_register_ops);
1021
1022 void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type)
1023 {
1024 if (pw_type < __L2TP_PWTYPE_MAX) {
1025 genl_lock();
1026 l2tp_nl_cmd_ops[pw_type] = NULL;
1027 genl_unlock();
1028 }
1029 }
1030 EXPORT_SYMBOL_GPL(l2tp_nl_unregister_ops);
1031
1032 static int __init l2tp_nl_init(void)
1033 {
1034 pr_info("L2TP netlink interface\n");
1035 return genl_register_family(&l2tp_nl_family);
1036 }
1037
1038 static void l2tp_nl_cleanup(void)
1039 {
1040 genl_unregister_family(&l2tp_nl_family);
1041 }
1042
1043 module_init(l2tp_nl_init);
1044 module_exit(l2tp_nl_cleanup);
1045
1046 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1047 MODULE_DESCRIPTION("L2TP netlink");
1048 MODULE_LICENSE("GPL");
1049 MODULE_VERSION("1.0");
1050 MODULE_ALIAS_GENL_FAMILY("l2tp");
1051
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.