| blob | aab32003b8a5604d8f99376d6a3979da09ea3721 |
1 Index: linux-2.4.27-l2tp/Documentation/Configure.help
2 ===================================================================
3 --- linux-2.4.27-l2tp.orig/Documentation/Configure.help
4 +++ linux-2.4.27-l2tp/Documentation/Configure.help
5 @@ -9913,6 +9913,16 @@ CONFIG_PPPOE
6 on cvs.samba.org. The required support will be present in the next
7 ppp release (2.4.2).
9 +PPP over L2TP
10 +config PPPOL2TP
11 + Support for PPP-over-L2TP socket family. L2TP is a protocol used by
12 + ISPs and enterprises to tunnel PPP traffic over UDP tunnels. L2TP is
13 + replacing PPTP for VPN uses.
14 +
15 + This kernel component handles only L2TP data packets: a userland
16 + daemon handles L2TP control protocol (tunnel and session setup). One
17 + such daemon is OpenL2TP (http://openl2tp.sourceforge.net/).
18 +
19 Wireless LAN (non-hamradio)
20 CONFIG_NET_RADIO
21 Support for wireless LANs and everything having to do with radio,
22 Index: linux-2.4.27-l2tp/drivers/net/Config.in
23 ===================================================================
24 --- linux-2.4.27-l2tp.orig/drivers/net/Config.in
25 +++ linux-2.4.27-l2tp/drivers/net/Config.in
26 @@ -327,6 +327,7 @@ if [ ! "$CONFIG_PPP" = "n" ]; then
27 dep_tristate ' PPP BSD-Compress compression' CONFIG_PPP_BSDCOMP $CONFIG_PPP
28 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
29 dep_tristate ' PPP over Ethernet (EXPERIMENTAL)' CONFIG_PPPOE $CONFIG_PPP
30 + dep_tristate ' PPP over L2TP (EXPERIMENTAL)' CONFIG_PPPOL2TP $CONFIG_PPP $CONFIG_PPPOE
31 fi
32 if [ "$CONFIG_ATM" = "y" -o "$CONFIG_ATM" = "m" ]; then
33 dep_tristate ' PPP over ATM (EXPERIMENTAL)' CONFIG_PPPOATM $CONFIG_PPP $CONFIG_ATM
34 Index: linux-2.4.27-l2tp/drivers/net/Makefile
35 ===================================================================
36 --- linux-2.4.27-l2tp.orig/drivers/net/Makefile
37 +++ linux-2.4.27-l2tp/drivers/net/Makefile
38 @@ -162,6 +162,7 @@ obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctt
39 obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o
40 obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o
41 obj-$(CONFIG_PPPOE) += pppox.o pppoe.o
42 +obj-$(CONFIG_PPPOL2TP) += pppox.o pppol2tp.o
44 obj-$(CONFIG_SLIP) += slip.o
45 ifeq ($(CONFIG_SLIP_COMPRESSED),y)
46 Index: linux-2.4.27-l2tp/drivers/net/pppol2tp.c
47 ===================================================================
48 --- /dev/null
49 +++ linux-2.4.27-l2tp/drivers/net/pppol2tp.c
50 @@ -0,0 +1,2588 @@
51 +/** -*- linux-c -*- ***********************************************************
52 + * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets
53 + *
54 + * PPPoX --- Generic PPP encapsulation socket family
55 + * PPPoL2TP --- PPP over L2TP (RFC 2661)
56 + *
57 + *
58 + * Version: 0.13.0
59 + *
60 + * 251003 : Copied from pppoe.c version 0.6.9.
61 + *
62 + * Author: Martijn van Oosterhout <kleptog@svana.org>
63 + * Contributors:
64 + * Michal Ostrowski <mostrows@speakeasy.net>
65 + * Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
66 + * David S. Miller (davem@redhat.com)
67 + * James Chapman (jchapman@katalix.com)
68 + *
69 + * License:
70 + * This program is free software; you can redistribute it and/or
71 + * modify it under the terms of the GNU General Public License
72 + * as published by the Free Software Foundation; either version
73 + * 2 of the License, or (at your option) any later version.
74 + *
75 + */
76 +
77 +/* This driver handles only L2TP data frames; control frames are handled by a
78 + * userspace application.
79 + *
80 + * To send data in an L2TP session, userspace opens a PPPoL2TP socket and
81 + * attaches it to a bound UDP socket with local tunnel_id / session_id and
82 + * peer tunnel_id / session_id set. Data can then be sent or received using
83 + * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket
84 + * can be read or modified using ioctl() or [gs]etsockopt() calls.
85 + *
86 + * When a PPPoL2TP socket is connected with local and peer session_id values
87 + * zero, the socket is treated as a special tunnel management socket.
88 + *
89 + * Here's example userspace code to create a socket for sending/receiving data
90 + * over an L2TP session:-
91 + *
92 + * struct sockaddr_pppol2tp sax;
93 + * int fd;
94 + * int session_fd;
95 + *
96 + * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
97 + *
98 + * sax.sa_family = AF_PPPOX;
99 + * sax.sa_protocol = PX_PROTO_OL2TP;
100 + * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket
101 + * sax.pppol2tp.pid = 0; // current pid owns UDP socket
102 + * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
103 + * sax.pppol2tp.addr.sin_port = addr->sin_port;
104 + * sax.pppol2tp.addr.sin_family = AF_INET;
105 + * sax.pppol2tp.s_tunnel = tunnel_id;
106 + * sax.pppol2tp.s_session = session_id;
107 + * sax.pppol2tp.d_tunnel = peer_tunnel_id;
108 + * sax.pppol2tp.d_session = peer_session_id;
109 + *
110 + * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
111 + *
112 + */
113 +
114 +#include <linux/string.h>
115 +#include <linux/module.h>
116 +#include <linux/version.h>
117 +
118 +#include <linux/list.h>
119 +#include <asm/uaccess.h>
120 +
121 +#include <linux/kernel.h>
122 +#include <linux/sched.h>
123 +#include <linux/slab.h>
124 +#include <linux/errno.h>
125 +
126 +#include <linux/netdevice.h>
127 +#include <linux/net.h>
128 +#include <linux/inetdevice.h>
129 +#include <linux/skbuff.h>
130 +#include <linux/init.h>
131 +#include <linux/udp.h>
132 +#include <linux/if_pppox.h>
133 +#include <net/sock.h>
134 +#include <linux/ppp_channel.h>
135 +#include <linux/ppp_defs.h>
136 +#include <linux/if_ppp.h>
137 +#include <linux/if_pppvar.h>
138 +#include <linux/file.h>
139 +#include <linux/hash.h>
140 +#include <linux/proc_fs.h>
141 +#include <net/dst.h>
142 +#include <net/ip.h>
143 +#include <net/udp.h>
144 +
145 +#include <asm/byteorder.h>
146 +#include <asm/atomic.h>
147 +
148 +#define PPPOL2TP_DRV_VERSION "V0.13"
149 +
150 +/* Developer debug code. */
151 +#if 0
152 +#define DEBUG /* Define to compile in very verbose developer
153 + * debug */
154 +#define DEBUG_MOD_USE_COUNT /* Define to debug module use count bugs */
155 +#endif
156 +
157 +/* Useful to debug module use_count problems */
158 +#ifdef DEBUG_MOD_USE_COUNT
159 +#undef MOD_INC_USE_COUNT
160 +#undef MOD_DEC_USE_COUNT
161 +static int mod_use_count = 0;
162 +#define MOD_INC_USE_COUNT do { \
163 + mod_use_count++; \
164 + printk(KERN_DEBUG "%s: INC_USE_COUNT, now %d\n", __FUNCTION__, mod_use_count); \
165 +} while (0)
166 +#define MOD_DEC_USE_COUNT do { \
167 + mod_use_count--; \
168 + printk(KERN_DEBUG "%s: DEC_USE_COUNT, now %d\n", __FUNCTION__, mod_use_count); \
169 +} while (0)
170 +#endif /* DEBUG_MOD_USE_COUNT */
171 +
172 +/* Timeouts are specified in milliseconds to/from userspace */
173 +#define JIFFIES_TO_MS(t) ((t) * 1000 / HZ)
174 +#define MS_TO_JIFFIES(j) ((j * HZ) / 1000)
175 +
176 +/* L2TP header constants */
177 +#define L2TP_HDRFLAG_T 0x8000
178 +#define L2TP_HDRFLAG_L 0x4000
179 +#define L2TP_HDRFLAG_S 0x0800
180 +#define L2TP_HDRFLAG_O 0x0200
181 +#define L2TP_HDRFLAG_P 0x0100
182 +
183 +#define L2TP_HDR_VER_MASK 0x000F
184 +#define L2TP_HDR_VER 0x0002
185 +
186 +/* Space for UDP, L2TP and PPP headers */
187 +#define PPPOL2TP_HEADER_OVERHEAD 40
188 +
189 +/* Just some random numbers */
190 +#define L2TP_TUNNEL_MAGIC 0x42114DDA
191 +#define L2TP_SESSION_MAGIC 0x0C04EB7D
192 +
193 +#define PPPOL2TP_HASH_BITS 4
194 +#define PPPOL2TP_HASH_SIZE (1 << PPPOL2TP_HASH_BITS)
195 +
196 +/* Default trace flags */
197 +#ifdef DEBUG
198 +#define PPPOL2TP_DEFAULT_DEBUG_FLAGS -1
199 +#else
200 +#define PPPOL2TP_DEFAULT_DEBUG_FLAGS 0
201 +#endif
202 +
203 +/* For kernel compatability. This might not work for early 2.4 kernels */
204 +#ifndef dst_pmtu
205 +#define dst_pmtu(dst) dst->pmtu
206 +#endif
207 +
208 +/* Debug kernel message control.
209 + * Verbose debug messages (L2TP_MSG_DEBUG flag) are optionally compiled in.
210 + */
211 +#ifdef DEBUG
212 +#define DPRINTK(_mask, _fmt, args...) \
213 + do { \
214 + if ((_mask) & PPPOL2TP_MSG_DEBUG) \
215 + printk(KERN_DEBUG "PPPOL2TP %s: " _fmt, \
216 + __FUNCTION__, ##args); \
217 + } while(0)
218 +#else
219 +#define DPRINTK(_mask, _fmt, args...) do { } while(0)
220 +#endif /* DEBUG */
221 +
222 +#define PRINTK(_mask, _type, _lvl, _fmt, args...) \
223 + do { \
224 + if ((_mask) & (_type)) \
225 + printk(_lvl "PPPOL2TP: " _fmt, ##args); \
226 + } while(0)
227 +
228 +/* Extra driver debug. Should only be enabled by developers working on
229 + * this driver.
230 + */
231 +#ifdef DEBUG
232 +#define ENTER_FUNCTION printk(KERN_DEBUG "PPPOL2TP: --> %s\n", __FUNCTION__)
233 +#define EXIT_FUNCTION printk(KERN_DEBUG "PPPOL2TP: <-- %s\n", __FUNCTION__)
234 +#else
235 +#define ENTER_FUNCTION do { } while(0)
236 +#define EXIT_FUNCTION do { } while(0)
237 +#endif
238 +
239 +#define container_of(ptr, type, member) ({ \
240 + const typeof( ((type *)0)->member ) *__mptr = (ptr); \
241 + (type *)( (char *)__mptr - offsetof(type,member) );})
242 +
243 +struct pppol2tp_tunnel;
244 +
245 +/* Describes a session. It is the user_data field in the PPPoL2TP
246 + * socket. Contains information to determine incoming packets and transmit
247 + * outgoing ones.
248 + */
249 +struct pppol2tp_session
250 +{
251 + int magic; /* should be
252 + * L2TP_SESSION_MAGIC */
253 + int owner; /* pid that opened the socket */
254 +
255 + struct sock *sock; /* Pointer to the session
256 + * PPPoX socket */
257 + struct sock *tunnel_sock; /* Pointer to the tunnel UDP
258 + * socket */
259 +
260 + struct pppol2tp_addr tunnel_addr; /* Description of tunnel */
261 +
262 + struct pppol2tp_tunnel *tunnel; /* back pointer to tunnel
263 + * context */
264 +
265 + char name[20]; /* "sess xxxxx/yyyyy", where
266 + * x=tunnel_id, y=session_id */
267 + int mtu;
268 + int mru;
269 + int flags; /* accessed by PPPIOCGFLAGS.
270 + * Unused. */
271 + int recv_seq:1; /* expect receive packets with
272 + * sequence numbers? */
273 + int send_seq:1; /* send packets with sequence
274 + * numbers? */
275 + int lns_mode:1; /* behave as LNS? LAC enables
276 + * sequence numbers under
277 + * control of LNS. */
278 + int debug; /* bitmask of debug message
279 + * categories */
280 + int reorder_timeout; /* configured reorder timeout
281 + * (in jiffies) */
282 + u16 nr; /* session NR state (receive) */
283 + u16 ns; /* session NR state (send) */
284 + struct sk_buff_head reorder_q; /* receive reorder queue */
285 + struct pppol2tp_ioc_stats stats;
286 + struct hlist_node hlist; /* Hash list node */
287 +};
288 +
289 +/* The user_data field of the tunnel's UDP socket. It contains info to track
290 + * all the associated sessions so incoming packets can be sorted out
291 + */
292 +struct pppol2tp_tunnel
293 +{
294 + int magic; /* Should be L2TP_TUNNEL_MAGIC */
295 +
296 + struct proto *old_proto; /* original proto */
297 + struct proto l2tp_proto; /* L2TP proto */
298 + rwlock_t hlist_lock; /* protect session_hlist */
299 + struct hlist_head session_hlist[PPPOL2TP_HASH_SIZE];
300 + /* hashed list of sessions,
301 + * hashed by id */
302 + int debug; /* bitmask of debug message
303 + * categories */
304 + char name[12]; /* "tunl xxxxx" */
305 + struct pppol2tp_ioc_stats stats;
306 +
307 + void (*old_data_ready)(struct sock *, int);
308 + void (*old_sk_destruct)(struct sock *);
309 +
310 + struct sock *sock; /* Parent socket */
311 + struct list_head list; /* Keep a list of all open
312 + * prepared sockets */
313 +
314 + atomic_t session_count;
315 +};
316 +
317 +/* Private data stored for received packets in the skb.
318 + */
319 +struct pppol2tp_skb_cb {
320 + u16 ns;
321 + u16 nr;
322 + int has_seq;
323 + int length;
324 + unsigned long expires;
325 +};
326 +
327 +#define PPPOL2TP_SKB_CB(skb) ((struct pppol2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
328 +
329 +/* Number of bytes to build transmit L2TP headers.
330 + * Unfortunately the size is different depending on whether sequence numbers
331 + * are enabled.
332 + */
333 +#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10
334 +#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6
335 +
336 +
337 +static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
338 +
339 +static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL };
340 +static struct proto_ops pppol2tp_ops;
341 +static LIST_HEAD(pppol2tp_tunnel_list);
342 +
343 +/* Macros to derive session/tunnel context pointers from a socket. */
344 +#define SOCK_2_SESSION(sock, session, err, errval, label, quiet) \
345 + session = (struct pppol2tp_session *)((sock)->user_data); \
346 + if (!session || session->magic != L2TP_SESSION_MAGIC) { \
347 + if (!quiet) \
348 + printk(KERN_ERR "%s: %s:%d: BAD SESSION MAGIC " \
349 + "(" #sock "=%p) session=%p magic=%x\n", \
350 + __FUNCTION__, __FILE__, __LINE__, sock, \
351 + session, session ? session->magic : 0); \
352 + err = errval; \
353 + goto label; \
354 + }
355 +
356 +#define SOCK_2_TUNNEL(sock, tunnel, err, errval, label, quiet) \
357 + tunnel = (struct pppol2tp_tunnel *)((sock)->user_data); \
358 + if (!tunnel || tunnel->magic != L2TP_TUNNEL_MAGIC) { \
359 + if (!quiet) \
360 + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC " \
361 + "(" #sock "=%p) tunnel=%p magic=%x\n", \
362 + __FUNCTION__, __FILE__, __LINE__, sock, \
363 + tunnel, tunnel ? tunnel->magic : 0); \
364 + err = errval; \
365 + goto label; \
366 + }
367 +
368 +/* Session hash list.
369 + * The session_id SHOULD be random according to RFC2661, but several
370 + * L2TP implementations (Cisco and Microsoft) use incrementing
371 + * session_ids. So we do a real hash on the session_id, rather than a
372 + * simple bitmask.
373 + */
374 +static inline struct hlist_head *
375 +pppol2tp_session_id_hash(struct pppol2tp_tunnel *tunnel, u16 session_id)
376 +{
377 + unsigned long hash_val = (unsigned long) session_id;
378 + return &tunnel->session_hlist[hash_long(hash_val, PPPOL2TP_HASH_BITS)];
379 +}
380 +
381 +/* Lookup a session by id
382 + */
383 +static struct pppol2tp_session *
384 +pppol2tp_session_find(struct pppol2tp_tunnel *tunnel, u16 session_id)
385 +{
386 + struct hlist_head *session_list =
387 + pppol2tp_session_id_hash(tunnel, session_id);
388 + struct hlist_node *tmp;
389 + struct hlist_node *walk;
390 + struct pppol2tp_session *session;
391 +
392 + hlist_for_each_safe(walk, tmp, session_list) {
393 + session = hlist_entry(walk, struct pppol2tp_session, hlist);
394 + if (session->tunnel_addr.s_session == session_id) {
395 + return session;
396 + }
397 + }
398 +
399 + return NULL;
400 +}
401 +
402 +/* Copied from socket.c
403 + */
404 +static __inline__ void sockfd_put(struct socket *sock)
405 +{
406 + fput(sock->file);
407 +}
408 +
409 +/*****************************************************************************
410 + * Receive data handling
411 + *****************************************************************************/
412 +
413 +/* Queue a skb in order. If the skb has no sequence number, queue it
414 + * at the tail.
415 + */
416 +static void pppol2tp_recv_queue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
417 +{
418 + struct sk_buff *next;
419 + struct sk_buff *prev;
420 + u16 ns = PPPOL2TP_SKB_CB(skb)->ns;
421 +
422 + ENTER_FUNCTION;
423 +
424 + spin_lock(&session->reorder_q.lock);
425 +
426 + prev = (struct sk_buff *) &session->reorder_q;
427 + next = prev->next;
428 + while (next != prev) {
429 + if (PPPOL2TP_SKB_CB(next)->ns > ns) {
430 + __skb_insert(skb, next->prev, next, next->list);
431 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
432 + "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
433 + session->name, ns, PPPOL2TP_SKB_CB(next)->ns,
434 + skb_queue_len(&session->reorder_q));
435 + session->stats.rx_oos_packets++;
436 + goto out;
437 + }
438 + next = next->next;
439 + }
440 +
441 + __skb_queue_tail(&session->reorder_q, skb);
442 +
443 +out:
444 + spin_unlock(&session->reorder_q.lock);
445 + EXIT_FUNCTION;
446 +}
447 +
448 +/* Dequeue a single skb, passing it either to ppp or to userspace.
449 + */
450 +static void pppol2tp_recv_dequeue_skb(struct pppol2tp_session *session, struct sk_buff *skb)
451 +{
452 + struct pppol2tp_tunnel *tunnel = session->tunnel;
453 + int length = PPPOL2TP_SKB_CB(skb)->length;
454 + struct sock *session_sock = NULL;
455 +
456 + ENTER_FUNCTION;
457 +
458 + /* We're about to requeue the skb, so unlink it and return resources
459 + * to its current owner (a socket receive buffer). Also release the
460 + * dst to force a route lookup on the inner IP packet since skb->dst
461 + * currently points to the dst of the UDP tunnel.
462 + */
463 + skb_unlink(skb);
464 + skb_orphan(skb);
465 + dst_release(skb->dst);
466 + skb->dst = NULL;
467 +
468 +#ifdef CONFIG_NETFILTER
469 + /* We need to forget conntrack info as we reuse the same skb. */
470 + nf_conntrack_put(skb->nfct);
471 + skb->nfct = NULL;
472 +#ifdef CONFIG_NETFILTER_DEBUG
473 + skb->nf_debug = 0;
474 +#endif
475 +#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE)
476 + skb->nf_bridge = NULL;
477 +#endif
478 +#endif /* CONFIG_NETFILTER */
479 +
480 + tunnel->stats.rx_packets++;
481 + tunnel->stats.rx_bytes += length;
482 + session->stats.rx_packets++;
483 + session->stats.rx_bytes += length;
484 +
485 + if (PPPOL2TP_SKB_CB(skb)->has_seq) {
486 + /* Bump our Nr */
487 + session->nr++;
488 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
489 + "%s: updated nr to %hu\n", session->name, session->nr);
490 + }
491 +
492 + /* If the socket is bound, send it in to PPP's input queue. Otherwise
493 + * queue it on the session socket.
494 + */
495 + session_sock = session->sock;
496 + if (session_sock->state & PPPOX_BOUND) {
497 + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
498 + "%s: recv %d byte data frame, passing to ppp\n",
499 + session->name, length);
500 + ppp_input(&session_sock->protinfo.pppox->chan, skb);
501 + } else {
502 + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
503 + "%s: socket not bound\n", session->name);
504 + /* Not bound. Queue it now */
505 + if (sock_queue_rcv_skb(session_sock, skb) < 0) {
506 + session->stats.rx_errors++;
507 + kfree_skb(skb);
508 + if (!session_sock->dead)
509 + session_sock->data_ready(session_sock, 0);
510 + }
511 + }
512 +
513 + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n",
514 + session->sock->refcnt.counter);
515 + sock_put(session->sock);
516 + EXIT_FUNCTION;
517 +}
518 +
519 +/* Dequeue skbs from the session's reorder_q, subject to packet order.
520 + * Skbs that have been in the queue for too long are simply discarded.
521 + */
522 +static void pppol2tp_recv_dequeue(struct pppol2tp_session *session)
523 +{
524 + struct sk_buff *next;
525 + struct sk_buff *prev;
526 +
527 + ENTER_FUNCTION;
528 +
529 + prev = (struct sk_buff *) &session->reorder_q;
530 + spin_lock(&session->reorder_q.lock);
531 + next = prev->next;
532 +
533 + /* If the pkt at the head of the queue has the nr that we
534 + * expect to send up next, dequeue it and any other
535 + * in-sequence packets behind it.
536 + */
537 + while (next != prev) {
538 + struct sk_buff *skb = next;
539 + next = next->next;
540 + spin_unlock(&session->reorder_q.lock);
541 +
542 + if (time_after(jiffies, PPPOL2TP_SKB_CB(skb)->expires)) {
543 + session->stats.rx_seq_discards++;
544 + session->stats.rx_errors++;
545 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
546 + "%s: oos pkt %hu len %d discarded (too old), waiting for %hu, reorder_q_len=%d\n",
547 + session->name, PPPOL2TP_SKB_CB(skb)->ns,
548 + PPPOL2TP_SKB_CB(skb)->length, session->nr,
549 + skb_queue_len(&session->reorder_q));
550 + skb_unlink(skb);
551 + kfree_skb(skb);
552 + goto again;
553 + }
554 +
555 + if (PPPOL2TP_SKB_CB(skb)->has_seq) {
556 + if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
557 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
558 + "%s: holding oos pkt %hu len %d, waiting for %hu, reorder_q_len=%d\n",
559 + session->name, PPPOL2TP_SKB_CB(skb)->ns,
560 + PPPOL2TP_SKB_CB(skb)->length, session->nr,
561 + skb_queue_len(&session->reorder_q));
562 + goto out;
563 + }
564 + }
565 + pppol2tp_recv_dequeue_skb(session, skb);
566 +again:
567 + spin_lock(&session->reorder_q.lock);
568 + }
569 +
570 + spin_unlock(&session->reorder_q.lock);
571 +out:
572 + EXIT_FUNCTION;
573 +}
574 +
575 +/* Internal receive frame. Do the real work of receiving an L2TP data frame
576 + * here.
577 + * Returns 0 if the packet was a data packet and was successfully passed on.
578 + * Returns 1 if the packet was not a good data packet and could not be
579 + * forwarded. All such packets are passed up to userspace to deal with.
580 + */
581 +static int pppol2tp_recv_core(struct sock *sock, struct sk_buff *skb)
582 +{
583 + struct pppol2tp_session *session = NULL;
584 + int error = 0;
585 + struct pppol2tp_tunnel *tunnel;
586 + unsigned char *ptr;
587 + u16 hdrflags;
588 + u16 tunnel_id, session_id;
589 + int length;
590 +
591 + ENTER_FUNCTION;
592 +
593 + SOCK_2_TUNNEL(sock, tunnel, error, 1, end, 0);
594 +
595 + /* Short packet? */
596 + if (skb->len < sizeof(struct udphdr)) {
597 + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
598 + "%s: recv short packet (len=%d)\n", tunnel->name, skb->len);
599 + goto end;
600 + }
601 +
602 + /* Point to L2TP header */
603 + ptr = skb->data + sizeof(struct udphdr);
604 +
605 + /* Get L2TP header flags */
606 + hdrflags = ntohs(*(u16*)ptr);
607 +
608 + /* Trace packet contents, if enabled */
609 + if (tunnel->debug & PPPOL2TP_MSG_DATA) {
610 + printk(KERN_DEBUG "%s: recv: ", tunnel->name);
611 +
612 + for (length = 0; length < 16; length++)
613 + printk(" %02X", ptr[length]);
614 + printk("\n");
615 + }
616 +
617 + /* Get length of L2TP packet */
618 + length = ntohs(skb->h.uh->len) - sizeof(struct udphdr);
619 +
620 + /* Too short? */
621 + if (length < 12) {
622 + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
623 + "%s: recv short L2TP packet (len=%d)\n", tunnel->name, length);
624 + goto end;
625 + }
626 +
627 + /* If type is control packet, it is handled by userspace. */
628 + if (hdrflags & L2TP_HDRFLAG_T) {
629 + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
630 + "%s: recv control packet, len=%d\n", tunnel->name, length);
631 + goto end;
632 + }
633 +
634 + /* Skip flags */
635 + ptr += 2;
636 +
637 + /* If length is present, skip it */
638 + if (hdrflags & L2TP_HDRFLAG_L)
639 + ptr += 2;
640 +
641 + /* Extract tunnel and session ID */
642 + tunnel_id = ntohs(*(u16 *) ptr);
643 + ptr += 2;
644 + session_id = ntohs(*(u16 *) ptr);
645 + ptr += 2;
646 +
647 + /* Find the session context */
648 + session = pppol2tp_session_find(tunnel, session_id);
649 + if (!session) {
650 + /* Not found? Pass to userspace to deal with */
651 + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO,
652 + "%s: no socket found (%hu/%hu). Passing up.\n",
653 + tunnel->name, tunnel_id, session_id);
654 + goto end;
655 + }
656 + sock_hold(session->sock);
657 +
658 + DPRINTK(session->debug, "%s: socket rcvbuf alloc=%d\n",
659 + session->name, atomic_read(&sock->rmem_alloc));
660 +
661 + /* The ref count on the socket was increased by the above call since
662 + * we now hold a pointer to the session. Take care to do sock_put()
663 + * when exiting this function from now on...
664 + */
665 +
666 + /* Handle the optional sequence numbers. If we are the LAC,
667 + * enable/disable sequence numbers under the control of the LNS. If
668 + * no sequence numbers present but we were expecting them, discard
669 + * frame.
670 + */
671 + if (hdrflags & L2TP_HDRFLAG_S) {
672 + u16 ns, nr;
673 + ns = ntohs(*(u16 *) ptr);
674 + ptr += 2;
675 + nr = ntohs(*(u16 *) ptr);
676 + ptr += 2;
677 +
678 + /* Received a packet with sequence numbers. If we're the LNS,
679 + * check if we sre sending sequence numbers and if not,
680 + * configure it so.
681 + */
682 + if ((!session->lns_mode) && (!session->send_seq)) {
683 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
684 + "%s: requested to enable seq numbers by LNS\n",
685 + session->name);
686 + session->send_seq = -1;
687 + }
688 +
689 + /* Store L2TP info in the skb */
690 + PPPOL2TP_SKB_CB(skb)->ns = ns;
691 + PPPOL2TP_SKB_CB(skb)->nr = nr;
692 + PPPOL2TP_SKB_CB(skb)->has_seq = 1;
693 +
694 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
695 + "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n",
696 + session->name, ns, nr, session->nr);
697 + } else {
698 + /* No sequence numbers.
699 + * If user has configured mandatory sequence numbers, discard.
700 + */
701 + if (session->recv_seq) {
702 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
703 + "%s: recv data has no seq numbers when required. "
704 + "Discarding\n", session->name);
705 + session->stats.rx_seq_discards++;
706 + session->stats.rx_errors++;
707 + goto discard;
708 + }
709 +
710 + /* If we're the LAC and we're sending sequence numbers, the
711 + * LNS has requested that we no longer send sequence numbers.
712 + * If we're the LNS and we're sending sequence numbers, the
713 + * LAC is broken. Discard the frame.
714 + */
715 + if ((!session->lns_mode) && (session->send_seq)) {
716 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO,
717 + "%s: requested to disable seq numbers by LNS\n",
718 + session->name);
719 + session->send_seq = 0;
720 + } else if (session->send_seq) {
721 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING,
722 + "%s: recv data has no seq numbers when required. "
723 + "Discarding\n", session->name);
724 + session->stats.rx_seq_discards++;
725 + session->stats.rx_errors++;
726 + goto discard;
727 + }
728 +
729 + /* Store L2TP info in the skb */
730 + PPPOL2TP_SKB_CB(skb)->has_seq = 0;
731 + }
732 +
733 + /* If offset bit set, skip it. */
734 + if (hdrflags & L2TP_HDRFLAG_O)
735 + ptr += 2 + ntohs(*(u16 *) ptr);
736 +
737 + skb_pull(skb, ptr - skb->data);
738 +
739 + /* Skip PPP header, if present. In testing, Microsoft L2TP clients
740 + * don't send the PPP header (PPP header compression enabled), but
741 + * other clients can include the header. So we cope with both cases
742 + * here. The PPP header is always FF03 when using L2TP.
743 + *
744 + * Note that skb->data[] isn't dereferenced from a u16 ptr here since
745 + * the field may be unaligned.
746 + */
747 + if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03))
748 + skb_pull(skb, 2);
749 +
750 + /* Prepare skb for adding to the session's reorder_q. Hold
751 + * packets for max reorder_timeout or 1 second if not
752 + * reordering.
753 + */
754 + PPPOL2TP_SKB_CB(skb)->length = length;
755 + PPPOL2TP_SKB_CB(skb)->expires = jiffies +
756 + (session->reorder_timeout ? session->reorder_timeout : HZ);
757 +
758 + /* Add packet to the session's receive queue. Reordering is done here, if
759 + * enabled. Saved L2TP protocol info is stored in skb->sb[].
760 + */
761 + if (PPPOL2TP_SKB_CB(skb)->has_seq) {
762 + if (session->reorder_timeout != 0) {
763 + /* Packet reordering enabled. Add skb to session's
764 + * reorder queue, in order of ns.
765 + */
766 + pppol2tp_recv_queue_skb(session, skb);
767 + } else {
768 + /* Packet reordering disabled. Discard out-of-sequence
769 + * packets
770 + */
771 + if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) {
772 + session->stats.rx_seq_discards++;
773 + session->stats.rx_errors++;
774 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
775 + "%s: oos pkt %hu len %d discarded, waiting for %hu, reorder_q_len=%d\n",
776 + session->name, PPPOL2TP_SKB_CB(skb)->ns,
777 + PPPOL2TP_SKB_CB(skb)->length, session->nr,
778 + skb_queue_len(&session->reorder_q));
779 + goto discard;
780 + }
781 + skb_queue_tail(&session->reorder_q, skb);
782 + }
783 + } else {
784 + /* No sequence numbers. Add the skb to the tail of the
785 + * reorder queue. This ensures that it will be
786 + * delivered after all previous sequenced skbs.
787 + */
788 + skb_queue_tail(&session->reorder_q, skb);
789 + }
790 +
791 + /* Try to dequeue as many skbs from reorder_q as we can. */
792 + pppol2tp_recv_dequeue(session);
793 +
794 + EXIT_FUNCTION;
795 + return 0;
796 +
797 +discard:
798 + DPRINTK(session->debug, "discarding skb, len=%d\n", skb->len);
799 + skb_unlink(skb);
800 + kfree_skb(skb);
801 + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n",
802 + session->sock->refcnt.counter);
803 + sock_put(session->sock);
804 + EXIT_FUNCTION;
805 + return 0;
806 +
807 +end:
808 + EXIT_FUNCTION;
809 + return 1;
810 +}
811 +
812 +/* The data_ready hook on the UDP socket. Scan the incoming packet list for
813 + * packets to process. Only control or bad data packets are delivered to
814 + * userspace.
815 + */
816 +static void pppol2tp_data_ready(struct sock *sk, int len)
817 +{
818 + int err;
819 + struct pppol2tp_tunnel *tunnel;
820 + struct sk_buff *skb;
821 +
822 + ENTER_FUNCTION;
823 + SOCK_2_TUNNEL(sk, tunnel, err, -EBADF, end, 0);
824 +
825 + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
826 + "%s: received %d bytes\n", tunnel->name, len);
827 +
828 + skb = skb_dequeue(&sk->receive_queue);
829 + if (pppol2tp_recv_core(sk, skb)) {
830 + DPRINTK(tunnel->debug, "%s: packet passing to userspace\n",
831 + tunnel->name);
832 + skb_queue_head(&sk->receive_queue, skb);
833 + tunnel->old_data_ready(sk, len);
834 + } else {
835 + DPRINTK(tunnel->debug, "%s: data packet received\n",
836 + tunnel->name);
837 + }
838 +end:
839 + EXIT_FUNCTION;
840 + return;
841 +}
842 +
843 +/* Receive message. This is the recvmsg for the PPPoL2TP socket.
844 + */
845 +static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg, int len,
846 + int flags, struct scm_cookie *scm)
847 +{
848 + int err = 0;
849 + struct sk_buff *skb = NULL;
850 + struct sock *sk = sock->sk;
851 +
852 + ENTER_FUNCTION;
853 +
854 + err = -EIO;
855 + if (sock->state & PPPOX_BOUND)
856 + goto error;
857 +
858 + msg->msg_namelen = 0;
859 +
860 + skb=skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
861 + flags & MSG_DONTWAIT, &err);
862 + if (skb) {
863 + err = memcpy_toiovec(msg->msg_iov, (unsigned char *) skb->data,
864 + skb->len);
865 + if (err < 0)
866 + goto do_skb_free;
867 + err = skb->len;
868 + }
869 +do_skb_free:
870 + if (skb)
871 + kfree_skb(skb);
872 +error:
873 + EXIT_FUNCTION;
874 + return err;
875 +}
876 +
877 +/************************************************************************
878 + * Transmit handling
879 + ***********************************************************************/
880 +
881 +/* Internal UDP socket transmission
882 + */
883 +static int pppol2tp_udp_sock_send(struct pppol2tp_session *session,
884 + struct pppol2tp_tunnel *tunnel,
885 + struct msghdr *msg, int total_len)
886 +{
887 + mm_segment_t fs;
888 + int error;
889 +
890 + ENTER_FUNCTION;
891 +
892 + DPRINTK(session->debug, "%s: udp_sendmsg call...\n", session->name);
893 +#ifdef DEBUG
894 + /* Catch bad socket parameter errors */
895 + if (msg->msg_name) {
896 + struct sockaddr_in * usin = (struct sockaddr_in*)msg->msg_name;
897 + if (msg->msg_namelen < sizeof(*usin)) {
898 + printk(KERN_ERR "msg->msg_namelen wrong, %d\n", msg->msg_namelen);
899 + return -EINVAL;
900 + }
901 + if (usin->sin_family != AF_INET) {
902 + if (usin->sin_family != AF_UNSPEC) {
903 + printk(KERN_ERR "addr family wrong: %d\n", usin->sin_family);
904 + return -EINVAL;
905 + }
906 + }
907 + if ((usin->sin_addr.s_addr == 0) || (usin->sin_port == 0)) {
908 + printk(KERN_ERR "udp addr=%x/%hu\n", usin->sin_addr.s_addr, usin->sin_port);
909 + return -EINVAL;
910 + }
911 + }
912 +#endif /* DEBUG */
913 +
914 + /* Set to userspace data segment while we do a sendmsg() call. We're
915 + * actually calling a userspace API from the kernel here...
916 + */
917 + fs = get_fs();
918 + set_fs(get_ds());
919 +
920 + /* The actual sendmsg() call... */
921 + error = tunnel->old_proto->sendmsg(session->tunnel_sock, msg, total_len);
922 + if (error >= 0) {
923 + tunnel->stats.tx_packets++;
924 + tunnel->stats.tx_bytes += error;
925 + session->stats.tx_packets++;
926 + session->stats.tx_bytes += error;
927 + } else {
928 + tunnel->stats.tx_errors++;
929 + session->stats.tx_errors++;
930 + }
931 +
932 + /* Back to kernel space */
933 + set_fs(fs);
934 +
935 + DPRINTK(session->debug, "%s: %s: returning result %d\n", __FUNCTION__,
936 + session->name, error);
937 + kfree(msg->msg_iov);
938 + kfree(msg);
939 +
940 + EXIT_FUNCTION;
941 + return error;
942 +}
943 +
944 +/* Build an L2TP header for the session into the buffer provided.
945 + */
946 +static int pppol2tp_build_l2tp_header(struct pppol2tp_session *session,
947 + void *buf)
948 +{
949 + u16 *bufp = buf;
950 + u16 flags = L2TP_HDR_VER;
951 +
952 + if (session->send_seq) {
953 + flags |= L2TP_HDRFLAG_S;
954 + }
955 +
956 + /* Setup L2TP header.
957 + * FIXME: Can this ever be unaligned? Is direct dereferencing of
958 + * 16-bit header fields safe here for all architectures?
959 + */
960 + *bufp++ = htons(flags);
961 + *bufp++ = htons(session->tunnel_addr.d_tunnel);
962 + *bufp++ = htons(session->tunnel_addr.d_session);
963 + if (session->send_seq) {
964 + *bufp++ = htons(session->ns);
965 + *bufp++ = 0;
966 + session->ns++;
967 + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG,
968 + "%s: updated ns to %hu\n", session->name, session->ns);
969 + }
970 + /* This is the PPP header really */
971 + *bufp = htons(0xff03);
972 +
973 + return ((void *) bufp) - buf;
974 +}
975 +
976 +/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here
977 + * when a user application does a sendmsg() on the session socket. L2TP and
978 + * PPP headers must be inserted into the user's data.
979 + */
980 +static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m,
981 + int total_len, struct scm_cookie *scm)
982 +{
983 + static unsigned char ppph[2] = { 0xff, 0x03 };
984 + struct sock *sk = sock->sk;
985 + int error = 0;
986 + u8 hdr[PPPOL2TP_L2TP_HDR_SIZE_SEQ];
987 + int hdr_len;
988 + struct msghdr *msg;
989 + struct pppol2tp_session *session;
990 + struct pppol2tp_tunnel *tunnel;
991 +
992 + ENTER_FUNCTION;
993 +
994 + if (sk->dead || !(sk->state & PPPOX_CONNECTED)) {
995 + error = -ENOTCONN;
996 + goto end;
997 + }
998 +
999 + /* Get session and tunnel contexts */
1000 + SOCK_2_SESSION(sk, session, error, -EBADF, end, 0);
1001 + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, error, -EBADF, end, 0);
1002 +
1003 + /* Setup L2TP header */
1004 + hdr_len = pppol2tp_build_l2tp_header(session, &hdr);
1005 +
1006 + if (session->send_seq)
1007 + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1008 + "%s: send %d bytes, ns=%hu\n", session->name,
1009 + total_len, session->ns - 1);
1010 + else
1011 + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1012 + "%s: send %d bytes\n", session->name, total_len);
1013 +
1014 + if (session->debug & PPPOL2TP_MSG_DATA) {
1015 + int i, j, count;
1016 +
1017 + printk(KERN_DEBUG "%s: xmit:", session->name);
1018 + count = 0;
1019 + for (i = 0; i < m->msg_iovlen; i++) {
1020 + for (j = 0; j < m->msg_iov[i].iov_len; j++) {
1021 + printk(" %02X", ((unsigned char *) m->msg_iov[i].iov_base)[j]);
1022 + count++;
1023 + if (count == 15) {
1024 + printk(" ...");
1025 + break;
1026 + }
1027 + }
1028 + }
1029 + printk("\n");
1030 + }
1031 +
1032 + /* Unfortunately, there is no direct way for us to pass an skb to the
1033 + * UDP layer, we have to pretend to be sending ordinary data and use
1034 + * sendmsg.
1035 + *
1036 + * We add the L2TP and PPP headers here. To do so, we create a new
1037 + * struct msghdr and insert the headers as the first iovecs.
1038 + */
1039 + msg = kmalloc(sizeof(struct msghdr), GFP_ATOMIC);
1040 + if (msg == NULL) {
1041 + error = -ENOBUFS;
1042 + tunnel->stats.tx_errors++;
1043 + session->stats.tx_errors++;
1044 + goto end;
1045 + }
1046 +
1047 + msg->msg_iov = kmalloc((m->msg_iovlen + 2) * sizeof(struct iovec),
1048 + GFP_ATOMIC);
1049 + if (msg->msg_iov == NULL) {
1050 + error = -ENOBUFS;
1051 + tunnel->stats.tx_errors++;
1052 + session->stats.tx_errors++;
1053 + kfree(msg);
1054 + goto end;
1055 + }
1056 +
1057 + msg->msg_iov[0].iov_base = &hdr;
1058 + msg->msg_iov[0].iov_len = hdr_len;
1059 + msg->msg_iov[1].iov_base = &ppph;
1060 + msg->msg_iov[1].iov_len = sizeof(ppph);
1061 + memcpy(&msg->msg_iov[2], &m->msg_iov[0],
1062 + m->msg_iovlen * sizeof(struct iovec));
1063 + msg->msg_iovlen = m->msg_iovlen + 2;
1064 +
1065 + /* If the user calls sendto() that's just too bad */
1066 + msg->msg_name = &session->tunnel_addr.addr;
1067 + msg->msg_namelen = sizeof(session->tunnel_addr.addr);
1068 +
1069 + msg->msg_control = m->msg_control;
1070 + msg->msg_controllen = m->msg_controllen;
1071 + msg->msg_flags = m->msg_flags;
1072 +
1073 + /* Do the real work. This always frees msg, regardless of whether
1074 + * there was an error
1075 + */
1076 + error = pppol2tp_udp_sock_send(session, tunnel, msg,
1077 + total_len + hdr_len + sizeof(ppph));
1078 +
1079 +end:
1080 + EXIT_FUNCTION;
1081 + return error;
1082 +}
1083 +
1084 +
1085 +/* Transmit function called by generic PPP driver. Sends PPP frame over
1086 + * PPPoL2TP socket.
1087 + *
1088 + * This is almost the same as pppol2tp_sendmsg(), but rather than being called
1089 + * with a msghdr from userspace, it is called with a skb from the kernel.
1090 + */
1091 +static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
1092 +{
1093 + static unsigned char ppph[2] = { 0xff, 0x03 };
1094 + struct sock *sk = (struct sock *) chan->private;
1095 + int error = 0;
1096 + u8 hdr[PPPOL2TP_L2TP_HDR_SIZE_SEQ];
1097 + int hdr_len;
1098 + struct msghdr *msg;
1099 + struct pppol2tp_session *session;
1100 + struct pppol2tp_tunnel *tunnel;
1101 +
1102 + ENTER_FUNCTION;
1103 +
1104 + if (sk->dead || !(sk->state & PPPOX_CONNECTED)) {
1105 + DPRINTK(-1, "dead=%d state=%x\n", sk->dead, sk->state);
1106 + error = -ENOTCONN;
1107 + goto end;
1108 + }
1109 +
1110 + /* Get session and tunnel contexts from the socket */
1111 + SOCK_2_SESSION(sk, session, error, -EBADF, end, 0);
1112 + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, error, -EBADF, end, 0);
1113 +
1114 + /* Setup L2TP header */
1115 + hdr_len = pppol2tp_build_l2tp_header(session, &hdr);
1116 +
1117 + if (session->send_seq)
1118 + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1119 + "%s: send %d bytes, ns=%hu\n",
1120 + session->name, skb->len, session->ns - 1);
1121 + else
1122 + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG,
1123 + "%s: send %d bytes\n", session->name, skb->len);
1124 +
1125 + if (session->debug & PPPOL2TP_MSG_DATA) {
1126 + int i;
1127 +
1128 + printk(KERN_DEBUG "%s: xmit:", session->name);
1129 + for (i = 0; i < skb->len; i++) {
1130 + printk(" %02X", skb->data[i]);
1131 + if (i == 15) {
1132 + printk(" ...");
1133 + break;
1134 + }
1135 + }
1136 + printk("\n");
1137 + }
1138 +
1139 + /* Unfortunatly there doesn't appear to be a way for us to pass an skb
1140 + * to the UDP layer, we have to pretend to be sending ordinary data
1141 + * and use sendmsg
1142 + */
1143 + msg = kmalloc(sizeof(struct msghdr), GFP_ATOMIC);
1144 + if (msg == NULL) {
1145 + error = -ENOBUFS;
1146 + tunnel->stats.tx_errors++;
1147 + session->stats.tx_errors++;
1148 + goto end;
1149 + }
1150 +
1151 + msg->msg_iov = kmalloc(2 * sizeof(struct iovec), GFP_ATOMIC);
1152 + if (msg->msg_iov == NULL) {
1153 + error = -ENOBUFS;
1154 + tunnel->stats.tx_errors++;
1155 + session->stats.tx_errors++;
1156 + kfree(msg);
1157 + goto end;
1158 + }
1159 + msg->msg_iov[0].iov_base = &hdr;
1160 + msg->msg_iov[0].iov_len = hdr_len;
1161 + /* FIXME: do we need to handle skb fragments here? */
1162 + msg->msg_iov[1].iov_base = &ppph;
1163 + msg->msg_iov[1].iov_len = sizeof(ppph);
1164 + msg->msg_iov[2].iov_base = skb->data;
1165 + msg->msg_iov[2].iov_len = skb->len;
1166 + msg->msg_iovlen = 3;
1167 +
1168 + /* If the user calls sendto() that's just too bad */
1169 + msg->msg_name = &session->tunnel_addr.addr;
1170 + msg->msg_namelen = sizeof(session->tunnel_addr.addr);
1171 +
1172 + msg->msg_control = NULL;
1173 + msg->msg_controllen = 0;
1174 + msg->msg_flags = MSG_DONTWAIT; /* Need this to prevent blocking */
1175 +
1176 + /* Do the real work. This always frees msg, regardless of whether
1177 + * there was an error
1178 + */
1179 + error = pppol2tp_udp_sock_send(session, tunnel, msg,
1180 + skb->len + hdr_len + sizeof(ppph));
1181 +
1182 + kfree_skb(skb);
1183 +
1184 +end:
1185 + EXIT_FUNCTION;
1186 + return error;
1187 +}
1188 +
1189 +/*****************************************************************************
1190 + * Session (and tunnel control) socket create/destroy.
1191 + *****************************************************************************/
1192 +
1193 +/* When the tunnel UDP socket is closed, all the attached sockets need to go
1194 + * too. This handles that.
1195 + */
1196 +static void pppol2tp_tunnel_closeall(struct pppol2tp_tunnel *tunnel)
1197 +{
1198 + int hash;
1199 + struct hlist_node *walk;
1200 + struct hlist_node *tmp;
1201 + struct pppol2tp_session *session;
1202 + struct sock *sk;
1203 +
1204 + ENTER_FUNCTION;
1205 +
1206 + if (tunnel == NULL)
1207 + BUG();
1208 +
1209 + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1210 + "%s: closing all sessions...\n", tunnel->name);
1211 +
1212 + for (hash = 0; hash < PPPOL2TP_HASH_SIZE; hash++) {
1213 + hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1214 + session = hlist_entry(walk, struct pppol2tp_session, hlist);
1215 +
1216 + sk = session->sock;
1217 +
1218 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1219 + "%s: closing session\n", session->name);
1220 +
1221 + write_lock_bh(&tunnel->hlist_lock);
1222 + hlist_del_init(&session->hlist);
1223 + write_unlock_bh(&tunnel->hlist_lock);
1224 +
1225 + sock_hold(sk);
1226 +
1227 + lock_sock(sk);
1228 +
1229 + if (sk->state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
1230 + pppox_unbind_sock(sk);
1231 + sk->state = PPPOX_DEAD;
1232 + sk->state_change(sk);
1233 + }
1234 +
1235 + /* Purge any queued data */
1236 + skb_queue_purge(&sk->receive_queue);
1237 + skb_queue_purge(&sk->write_queue);
1238 +
1239 + release_sock(sk);
1240 +
1241 + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n",
1242 + sk->refcnt.counter);
1243 + sock_put(sk);
1244 + }
1245 + }
1246 +
1247 + EXIT_FUNCTION;
1248 +}
1249 +
1250 +/* Really kill the tunnel.
1251 + * Come here only when all sessions have been cleared from the tunnel.
1252 + */
1253 +static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel)
1254 +{
1255 + struct sock *sk = tunnel->sock;
1256 +
1257 + ENTER_FUNCTION;
1258 +
1259 + /* Remove from socket list */
1260 + list_del_init(&tunnel->list);
1261 +
1262 + sk->prot = tunnel->old_proto;
1263 + sk->data_ready = tunnel->old_data_ready;
1264 + sk->destruct = tunnel->old_sk_destruct;
1265 + sk->user_data = NULL;
1266 +
1267 + DPRINTK(tunnel->debug, "%s: MOD_DEC_USE_COUNT\n", tunnel->name);
1268 + kfree(tunnel);
1269 + MOD_DEC_USE_COUNT;
1270 +
1271 + EXIT_FUNCTION;
1272 +}
1273 +
1274 +/* Tunnel UDP socket destruct hook.
1275 + * The tunnel context is deleted only when all session sockets have been
1276 + * closed.
1277 + */
1278 +static void pppol2tp_tunnel_destruct(struct sock *sk)
1279 +{
1280 + struct pppol2tp_tunnel *tunnel;
1281 + int error = 0;
1282 + ENTER_FUNCTION;
1283 +
1284 + SOCK_2_TUNNEL(sk, tunnel, error, -EBADF, end, 0);
1285 +
1286 + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1287 + "%s: closing...\n", tunnel->name);
1288 +
1289 + pppol2tp_tunnel_closeall(tunnel);
1290 +
1291 +end:
1292 + EXIT_FUNCTION;
1293 + return;
1294 +}
1295 +
1296 +/* Really kill the socket. (Called from sock_put if refcnt == 0.)
1297 + */
1298 +static void pppol2tp_session_destruct(struct sock *sk)
1299 +{
1300 + struct pppol2tp_session *session = NULL;
1301 + int error = 0;
1302 +
1303 + ENTER_FUNCTION;
1304 +
1305 + if (sk->user_data != NULL) {
1306 + struct pppol2tp_tunnel *tunnel;
1307 +
1308 + SOCK_2_SESSION(sk, session, error, -EBADF, out, 0);
1309 + skb_queue_purge(&session->reorder_q);
1310 +
1311 + /* Don't use SOCK_2_TUNNEL() here to get the tunnel context
1312 + * because the tunnel socket might have already been closed
1313 + * (its sk->user_data will be NULL) so use the session's
1314 + * private tunnel ptr instead.
1315 + */
1316 + tunnel = session->tunnel;
1317 + if (tunnel != NULL) {
1318 + if (tunnel->magic != L2TP_TUNNEL_MAGIC) {
1319 + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC "
1320 + "( tunnel=%p magic=%x )\n",
1321 + __FUNCTION__, __FILE__, __LINE__,
1322 + tunnel, tunnel->magic);
1323 + goto out;
1324 + }
1325 + }
1326 +
1327 + /* Delete tunnel context if this was the last session on the
1328 + * tunnel. This was allocated when the first session was
1329 + * created on the tunnel. See
1330 + * pppol2tp_prepare_tunnel_socket().
1331 + */
1332 + DPRINTK(tunnel->debug, "%s: session_count=%d\n",
1333 + tunnel->name, atomic_read(&tunnel->session_count));
1334 + if (atomic_dec_and_test(&tunnel->session_count)) {
1335 + pppol2tp_tunnel_free(tunnel);
1336 + }
1337 + }
1338 +
1339 + if (session != NULL)
1340 + DPRINTK(session->debug, "%s: MOD_DEC_USE_COUNT\n", session->name);
1341 +
1342 + if (sk->protinfo.pppox)
1343 + kfree(sk->protinfo.pppox);
1344 +
1345 + if (session != NULL)
1346 + kfree(session);
1347 + MOD_DEC_USE_COUNT;
1348 +
1349 +out:
1350 + EXIT_FUNCTION;
1351 +}
1352 +
1353 +/* Called when the PPPoX socket (session) is closed.
1354 + */
1355 +static int pppol2tp_release(struct socket *sock)
1356 +{
1357 + struct sock *sk = sock->sk;
1358 + struct pppol2tp_session *session = NULL;
1359 + struct pppol2tp_tunnel *tunnel;
1360 + int error = 0;
1361 + ENTER_FUNCTION;
1362 +
1363 + if (!sk)
1364 + return 0;
1365 +
1366 + if (sk->dead != 0)
1367 + return -EBADF;
1368 +
1369 + if (sk->user_data) { /* Was this socket actually connected? */
1370 + SOCK_2_SESSION(sk, session, error, -EBADF, end, 0);
1371 +
1372 + /* Don't use SOCK_2_TUNNEL() here to get the tunnel context
1373 + * because the tunnel socket might have already been closed
1374 + * (its sk->user_data will be NULL) so use the session's
1375 + * private tunnel ptr instead.
1376 + */
1377 + tunnel = session->tunnel;
1378 + if (tunnel != NULL) {
1379 + if (tunnel->magic == L2TP_TUNNEL_MAGIC) {
1380 + /* Delete the session socket from the hash */
1381 + write_lock_bh(&tunnel->hlist_lock);
1382 + hlist_del_init(&session->hlist);
1383 + write_unlock_bh(&tunnel->hlist_lock);
1384 + } else {
1385 + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC "
1386 + "( tunnel=%p magic=%x )\n",
1387 + __FUNCTION__, __FILE__, __LINE__,
1388 + tunnel, tunnel->magic);
1389 + goto end;
1390 + }
1391 + }
1392 + }
1393 +
1394 + lock_sock(sk);
1395 +
1396 + if (sk->state & (PPPOX_CONNECTED | PPPOX_BOUND))
1397 + pppox_unbind_sock(sk);
1398 +
1399 + /* Signal the death of the socket. */
1400 + sk->state = PPPOX_DEAD;
1401 + sock_orphan(sk);
1402 + sock->sk = NULL;
1403 +
1404 + /* Purge any queued data */
1405 + skb_queue_purge(&sk->receive_queue);
1406 + skb_queue_purge(&sk->write_queue);
1407 +
1408 + release_sock(sk);
1409 +
1410 + if (session != NULL)
1411 + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n",
1412 + session->sock->refcnt.counter);
1413 + sock_put(sk);
1414 +
1415 +end:
1416 + EXIT_FUNCTION;
1417 + return error;
1418 +}
1419 +
1420 +/* Copied from fget() in fs/file_table.c.
1421 + * Allows caller to specify the pid that owns the fd.
1422 + */
1423 +static struct file *pppol2tp_fget(pid_t pid, unsigned int fd)
1424 +{
1425 + struct file *file;
1426 + struct files_struct *files = current->files;
1427 +
1428 + if (pid != 0) {
1429 + struct task_struct *tsk = find_task_by_pid(pid);
1430 + if (tsk == NULL)
1431 + return NULL;
1432 + files = tsk->files;
1433 + }
1434 +
1435 + spin_lock(&files->file_lock);
1436 + file = fcheck_files(files, fd);
1437 + if (file)
1438 + get_file(file);
1439 + spin_unlock(&files->file_lock);
1440 + return file;
1441 +}
1442 +
1443 +/* Copied from net/socket.c */
1444 +extern __inline__ struct socket *socki_lookup(struct inode *inode)
1445 +{
1446 + return &inode->u.socket_i;
1447 +}
1448 +
1449 +/* Copied from sockfd_lookup() in net/socket.c.
1450 + * Allows caller to specify the pid that owns the fd.
1451 + */
1452 +static struct socket *pppol2tp_sockfd_lookup(pid_t pid, int fd, int *err)
1453 +{
1454 + struct file *file;
1455 + struct inode *inode;
1456 + struct socket *sock;
1457 +
1458 + if (!(file = pppol2tp_fget(pid, fd))) {
1459 + *err = -EBADF;
1460 + return NULL;
1461 + }
1462 +
1463 + inode = file->f_dentry->d_inode;
1464 + if (!inode->i_sock || !(sock = socki_lookup(inode))) {
1465 + *err = -ENOTSOCK;
1466 + fput(file);
1467 + return NULL;
1468 + }
1469 +
1470 + if (sock->file != file) {
1471 + printk(KERN_ERR "socki_lookup: socket file changed!\n");
1472 + sock->file = file;
1473 + }
1474 + return sock;
1475 +}
1476 +
1477 +/* Internal function to prepare a tunnel (UDP) socket to have PPPoX sockets
1478 + * attached to it
1479 + */
1480 +static struct sock *pppol2tp_prepare_tunnel_socket(pid_t pid, int fd,
1481 + u16 tunnel_id, int *error)
1482 +{
1483 + int err;
1484 + struct socket *sock = NULL;
1485 + struct sock *sk;
1486 + struct pppol2tp_tunnel *tunnel;
1487 + struct sock *ret = NULL;
1488 +
1489 + ENTER_FUNCTION;
1490 +
1491 + /* Get the socket from the fd */
1492 + err = -EBADF;
1493 + sock = pppol2tp_sockfd_lookup(pid, fd, &err);
1494 + if (!sock) {
1495 + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1496 + "tunl %hu: sockfd_lookup(fd=%d) returned %d\n",
1497 + tunnel_id, fd, err);
1498 + goto err;
1499 + }
1500 +
1501 + /* Quick sanity checks */
1502 + err = -ESOCKTNOSUPPORT;
1503 + if (sock->type != SOCK_DGRAM) {
1504 + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1505 + "tunl %hu: fd %d wrong type, got %d, expected %d\n",
1506 + tunnel_id, fd, sock->type, SOCK_DGRAM);
1507 + goto err;
1508 + }
1509 + err = -EAFNOSUPPORT;
1510 + if (sock->ops->family!=AF_INET) {
1511 + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR,
1512 + "tunl %hu: fd %d wrong family, got %d, expected %d\n",
1513 + tunnel_id, fd, sock->ops->family, AF_INET);
1514 + goto err;
1515 + }
1516 +
1517 + err = -ENOTCONN;
1518 + sk = sock->sk;
1519 +
1520 + /* Check if this socket has already been prepped */
1521 + tunnel = (struct pppol2tp_tunnel *)sk->user_data;
1522 + if (tunnel != NULL) {
1523 + /* User-data field already set */
1524 + err = -EBUSY;
1525 + if (tunnel->magic != L2TP_TUNNEL_MAGIC) {
1526 + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC "
1527 + "( tunnel=%p magic=%x )\n",
1528 + __FUNCTION__, __FILE__, __LINE__,
1529 + tunnel, tunnel->magic);
1530 + goto err;
1531 + }
1532 +
1533 + /* This socket has already been prepped */
1534 + ret = tunnel->sock;
1535 + goto out;
1536 + }
1537 +
1538 + /* This socket is available and needs prepping. Create a new tunnel
1539 + * context and init it.
1540 + */
1541 + sk->user_data = tunnel = kmalloc(sizeof(struct pppol2tp_tunnel), GFP_KERNEL);
1542 + if (sk->user_data == NULL) {
1543 + err = -ENOMEM;
1544 + goto err;
1545 + }
1546 +
1547 + memset(tunnel, 0, sizeof(struct pppol2tp_tunnel));
1548 +
1549 + tunnel->magic = L2TP_TUNNEL_MAGIC;
1550 + sprintf(&tunnel->name[0], "tunl %hu", tunnel_id);
1551 +
1552 + tunnel->stats.tunnel_id = tunnel_id;
1553 +
1554 + tunnel->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS;
1555 +
1556 + DPRINTK(tunnel->debug, "tunl %hu: allocated tunnel=%p, sk=%p, sock=%p\n",
1557 + tunnel_id, tunnel, sk, sock);
1558 +
1559 + /* Setup the new protocol stuff */
1560 + tunnel->old_proto = sk->prot;
1561 + tunnel->l2tp_proto = *sk->prot;
1562 +
1563 + sk->prot = &tunnel->l2tp_proto;
1564 +
1565 + tunnel->old_data_ready = sk->data_ready;
1566 + sk->data_ready = &pppol2tp_data_ready;
1567 +
1568 + tunnel->old_sk_destruct = sk->destruct;
1569 + sk->destruct = &pppol2tp_tunnel_destruct;
1570 +
1571 + tunnel->sock = sk;
1572 + sk->allocation = GFP_ATOMIC;
1573 +
1574 + rwlock_init(&tunnel->hlist_lock);
1575 +
1576 + /* Add tunnel to our list */
1577 + INIT_LIST_HEAD(&tunnel->list);
1578 + list_add(&tunnel->list, &pppol2tp_tunnel_list);
1579 +
1580 + ret = tunnel->sock;
1581 +
1582 + MOD_INC_USE_COUNT;
1583 + DPRINTK(-1, "tunl %hu: MOD_INC_USE_COUNT\n", tunnel_id);
1584 +
1585 + *error = 0;
1586 +out:
1587 + if (sock)
1588 + sockfd_put(sock);
1589 + EXIT_FUNCTION;
1590 +
1591 + return ret;
1592 +
1593 +err:
1594 + *error = err;
1595 + goto out;
1596 +}
1597 +
1598 +/* socket() handler. Initialize a new struct sock.
1599 + */
1600 +static int pppol2tp_create(struct socket *sock)
1601 +{
1602 + int error = 0;
1603 + struct sock *sk;
1604 +
1605 + ENTER_FUNCTION;
1606 + DPRINTK(-1, "sock=%p\n", sock);
1607 +
1608 + sk = sk_alloc(PF_PPPOX, GFP_KERNEL, 1);
1609 + if (!sk)
1610 + return -ENOMEM;
1611 +
1612 + MOD_INC_USE_COUNT;
1613 + DPRINTK(-1, "MOD_INC_USE_COUNT\n");
1614 +
1615 + sock_init_data(sock, sk);
1616 +
1617 + sock->state = SS_UNCONNECTED;
1618 + sock->ops = &pppol2tp_ops;
1619 +
1620 + sk->protocol = PX_PROTO_OL2TP;
1621 + sk->family = PF_PPPOX;
1622 +
1623 + sk->next = NULL;
1624 + sk->pprev = NULL;
1625 + sk->state = PPPOX_NONE;
1626 + sk->type = SOCK_STREAM;
1627 + sk->destruct = pppol2tp_session_destruct;
1628 + sk->backlog_rcv = pppol2tp_recv_core;
1629 +
1630 + sk->protinfo.pppox = kmalloc(sizeof(struct pppox_opt), GFP_KERNEL);
1631 + if (!sk->protinfo.pppox) {
1632 + error = -ENOMEM;
1633 + goto free_sk;
1634 + }
1635 +
1636 + memset((void *) sk->protinfo.pppox, 0, sizeof(struct pppox_opt));
1637 + sk->protinfo.pppox->sk = sk;
1638 +
1639 + sock->sk = sk;
1640 +
1641 + EXIT_FUNCTION;
1642 + return 0;
1643 +
1644 +free_sk:
1645 + sk_free(sk);
1646 + EXIT_FUNCTION;
1647 + return error;
1648 +}
1649 +
1650 +/* connect() handler.. Attach a PPPoX socket to a tunnel UDP socket
1651 + */
1652 +int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
1653 + int sockaddr_len, int flags)
1654 +{
1655 + struct sock *sk = sock->sk;
1656 + struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr;
1657 + struct pppox_opt *po = sk->protinfo.pppox;
1658 + struct sock *tunnel_sock = NULL;
1659 + struct pppol2tp_session *session = NULL;
1660 + struct pppol2tp_tunnel *tunnel;
1661 + struct dst_entry *dst;
1662 + int error = 0;
1663 +
1664 + ENTER_FUNCTION;
1665 +
1666 + DPRINTK(-1, "sock=%p, uservaddr=%p, sockaddr_len=%d, flags=%d, addr=%x/%hu\n",
1667 + sock, uservaddr, sockaddr_len, flags,
1668 + ntohl(sp->pppol2tp.addr.sin_addr.s_addr), ntohs(sp->pppol2tp.addr.sin_port));
1669 + lock_sock(sk);
1670 +
1671 + error = -EINVAL;
1672 + if (sp->sa_protocol != PX_PROTO_OL2TP)
1673 + goto end;
1674 +
1675 + /* Check for already bound sockets */
1676 + error = -EBUSY;
1677 + if (sk->state & PPPOX_CONNECTED)
1678 + goto end;
1679 +
1680 + /* We don't supporting rebinding anyway */
1681 + if (sk->user_data)
1682 + goto end; /* socket is already attached */
1683 +
1684 + /* Don't bind if s_tunnel is 0 */
1685 + error = -EINVAL;
1686 + if (sp->pppol2tp.s_tunnel == 0)
1687 + goto end;
1688 +
1689 + /* Look up the tunnel socket and configure it if necessary */
1690 + tunnel_sock = pppol2tp_prepare_tunnel_socket(sp->pppol2tp.pid,
1691 + sp->pppol2tp.fd,
1692 + sp->pppol2tp.s_tunnel,
1693 + &error);
1694 + if (tunnel_sock == NULL)
1695 + goto end;
1696 + tunnel = tunnel_sock->user_data;
1697 +
1698 + /* Allocate and initialize a new session context.
1699 + */
1700 + session = kmalloc(sizeof(struct pppol2tp_session), GFP_KERNEL);
1701 + if (session == NULL) {
1702 + error = -ENOMEM;
1703 + goto end;
1704 + }
1705 +
1706 + memset(session, 0, sizeof(struct pppol2tp_session));
1707 +
1708 + skb_queue_head_init(&session->reorder_q);
1709 +
1710 + session->magic = L2TP_SESSION_MAGIC;
1711 + session->owner = current->pid;
1712 + session->sock = sk;
1713 + session->tunnel = tunnel;
1714 + session->tunnel_sock = tunnel_sock;
1715 + session->tunnel_addr = sp->pppol2tp;
1716 + sprintf(&session->name[0], "sess %hu/%hu",
1717 + session->tunnel_addr.s_tunnel,
1718 + session->tunnel_addr.s_session);
1719 +
1720 + session->stats.tunnel_id = session->tunnel_addr.s_tunnel;
1721 + session->stats.session_id = session->tunnel_addr.s_session;
1722 +
1723 + INIT_HLIST_NODE(&session->hlist);
1724 +
1725 + session->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS;
1726 +
1727 + /* Default MTU must allow space for UDP/L2TP/PPP
1728 + * headers. Leave some slack.
1729 + */
1730 + session->mtu = session->mru = 1500 - PPPOL2TP_HEADER_OVERHEAD;
1731 +
1732 + /* If PMTU discovery was enabled, use the MTU that was discovered */
1733 + dst = sk_dst_get(sk);
1734 + if (dst != NULL) {
1735 + u32 pmtu = dst_pmtu(dst);
1736 + if (pmtu != 0) {
1737 + session->mtu = session->mru = pmtu -
1738 + PPPOL2TP_HEADER_OVERHEAD;
1739 + DPRINTK(session->debug,
1740 + "%s: MTU set by Path MTU discovery: mtu=%d\n",
1741 + session->name, session->mtu);
1742 + }
1743 + dst_release(dst);
1744 + }
1745 +
1746 + /* Special case: if source & dest session_id == 0x0000, this socket is
1747 + * being created to manage the tunnel. Don't add the session to the
1748 + * session hash list, just set up the internal context for use by
1749 + * ioctl() and sockopt() handlers.
1750 + */
1751 + if ((session->tunnel_addr.s_session == 0) &&
1752 + (session->tunnel_addr.d_session == 0)) {
1753 + error = 0;
1754 + DPRINTK(session->debug,
1755 + "tunl %hu: socket created for tunnel mgmt ops\n",
1756 + session->tunnel_addr.s_tunnel);
1757 + sk->user_data = session;
1758 + goto out_no_ppp;
1759 + }
1760 +
1761 + DPRINTK(session->debug, "%s: allocated session=%p, sock=%p, owner=%d\n",
1762 + session->name, session, sk, session->owner);
1763 +
1764 + /* Add session to the tunnel's hash list */
1765 + SOCK_2_TUNNEL(tunnel_sock, tunnel, error, -EBADF, end, 0);
1766 + write_lock_bh(&tunnel->hlist_lock);
1767 + hlist_add_head(&session->hlist,
1768 + pppol2tp_session_id_hash(tunnel,
1769 + session->tunnel_addr.s_session));
1770 + write_unlock_bh(&tunnel->hlist_lock);
1771 +
1772 + /* This is how we get the session context from the socket. */
1773 + sk->user_data = session;
1774 +
1775 + /* We don't store any more options in the pppox_opt, everything is in
1776 + * user_data (struct pppol2tp_session)
1777 + */
1778 + po->sk = sk;
1779 +
1780 + /* Right now, because we don't have a way to push the incoming skb's
1781 + * straight through the UDP layer, the only header we need to worry
1782 + * about is the L2TP header. This size is different depending on
1783 + * whether sequence numbers are enabled for the data channel.
1784 + */
1785 + po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
1786 +
1787 + po->chan.private = sk;
1788 + po->chan.ops = &pppol2tp_chan_ops;
1789 + po->chan.mtu = session->mtu;
1790 +
1791 + error = ppp_register_channel(&po->chan);
1792 + if (error)
1793 + goto end;
1794 +
1795 +out_no_ppp:
1796 + atomic_inc(&tunnel->session_count);
1797 + sk->state = PPPOX_CONNECTED;
1798 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1799 + "%s: created\n", session->name);
1800 +
1801 +end:
1802 + release_sock(sk);
1803 +
1804 + if (error != 0)
1805 + PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL,
1806 + KERN_WARNING, "%s: connect failed: %d\n", session->name,
1807 + error);
1808 +
1809 + EXIT_FUNCTION;
1810 +
1811 + return error;
1812 +}
1813 +
1814 +/* getname() support.
1815 + */
1816 +static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr,
1817 + int *usockaddr_len, int peer)
1818 +{
1819 + int len = sizeof(struct sockaddr_pppol2tp);
1820 + struct sockaddr_pppol2tp sp;
1821 + int error = 0;
1822 + struct pppol2tp_session *session;
1823 +
1824 + ENTER_FUNCTION;
1825 +
1826 + error = -ENOTCONN;
1827 + if (sock->sk->state != PPPOX_CONNECTED)
1828 + goto end;
1829 +
1830 + SOCK_2_SESSION(sock->sk, session, error, -EBADF, end, 0);
1831 +
1832 + sp.sa_family = AF_PPPOX;
1833 + sp.sa_protocol = PX_PROTO_OL2TP;
1834 + memcpy(&sp.pppol2tp, &session->tunnel_addr,
1835 + sizeof(struct pppol2tp_addr));
1836 +
1837 + memcpy(uaddr, &sp, len);
1838 +
1839 + *usockaddr_len = len;
1840 +
1841 + error = 0;
1842 +end:
1843 + EXIT_FUNCTION;
1844 + return error;
1845 +}
1846 +
1847 +/****************************************************************************
1848 + * ioctl() handlers.
1849 + *
1850 + * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
1851 + * sockets. However, in order to control kernel tunnel features, we allow
1852 + * userspace to create a special "tunnel" PPPoX socket which is used for
1853 + * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow
1854 + * the user application to issue L2TP setsockopt(), getsockopt() and ioctl()
1855 + * calls.
1856 + ****************************************************************************/
1857 +
1858 +/* Session ioctl helper.
1859 + */
1860 +static int pppol2tp_session_ioctl(struct pppol2tp_session *session,
1861 + unsigned int cmd, unsigned long arg)
1862 +{
1863 + struct ifreq ifr;
1864 + int err = 0;
1865 + struct sock *sk = session->sock;
1866 + int val = (int) arg;
1867 +
1868 + sock_hold(sk);
1869 +
1870 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1871 + "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
1872 + session->name, cmd, arg);
1873 +
1874 + switch (cmd) {
1875 + case SIOCGIFMTU:
1876 + err = -ENXIO;
1877 + if (!(sk->state & PPPOX_CONNECTED))
1878 + break;
1879 +
1880 + err = -EFAULT;
1881 + if (copy_from_user(&ifr, (void *) arg, sizeof(struct ifreq)))
1882 + break;
1883 + ifr.ifr_mtu = session->mtu;
1884 + if (copy_to_user((void *) arg, &ifr, sizeof(struct ifreq)))
1885 + break;
1886 +
1887 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1888 + "%s: get mtu=%d\n", session->name, session->mtu);
1889 + err = 0;
1890 + break;
1891 +
1892 + case SIOCSIFMTU:
1893 + err = -ENXIO;
1894 + if (!(sk->state & PPPOX_CONNECTED))
1895 + break;
1896 +
1897 + err = -EFAULT;
1898 + if (copy_from_user(&ifr, (void *) arg, sizeof(struct ifreq)))
1899 + break;
1900 +
1901 + session->mtu = ifr.ifr_mtu;
1902 +;
1903 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1904 + "%s: set mtu=%d\n", session->name, session->mtu);
1905 + err = 0;
1906 + break;
1907 +
1908 + case PPPIOCGMRU:
1909 + err = -ENXIO;
1910 + if (!(sk->state & PPPOX_CONNECTED))
1911 + break;
1912 +
1913 + err = -EFAULT;
1914 + if (put_user(session->mru, (int *) arg))
1915 + break;
1916 +
1917 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1918 + "%s: get mru=%d\n", session->name, session->mru);
1919 + err = 0;
1920 + break;
1921 +
1922 + case PPPIOCSMRU:
1923 + err = -ENXIO;
1924 + if (!(sk->state & PPPOX_CONNECTED))
1925 + break;
1926 +
1927 + err = -EFAULT;
1928 + if (get_user(val,(int *) arg))
1929 + break;
1930 +
1931 + session->mru = val;
1932 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1933 + "%s: set mru=%d\n", session->name, session->mru);
1934 + err = 0;
1935 + break;
1936 +
1937 + case PPPIOCGFLAGS:
1938 + err = -EFAULT;
1939 + if (put_user(session->flags, (int *) arg))
1940 + break;
1941 +
1942 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1943 + "%s: get flags=%d\n", session->name, session->flags);
1944 + err = 0;
1945 + break;
1946 +
1947 + case PPPIOCSFLAGS:
1948 + err = -EFAULT;
1949 + if (get_user(val, (int *) arg))
1950 + break;
1951 + session->flags = val;
1952 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1953 + "%s: set flags=%d\n", session->name, session->flags);
1954 + err = 0;
1955 + break;
1956 +
1957 + case PPPIOCGL2TPSTATS:
1958 + err = -ENXIO;
1959 +
1960 + if (!(sk->state & PPPOX_CONNECTED))
1961 + break;
1962 +
1963 + if (copy_to_user((void *) arg, &session->stats,
1964 + sizeof(session->stats)))
1965 + break;
1966 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
1967 + "%s: get L2TP stats\n", session->name);
1968 + err = 0;
1969 + break;
1970 +
1971 + default:
1972 + err = -ENOSYS;
1973 + break;
1974 + }
1975 +
1976 + sock_put(sk);
1977 +
1978 + return err;
1979 +}
1980 +
1981 +/* Tunnel ioctl helper.
1982 + *
1983 + * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data
1984 + * specifies a session_id, the session ioctl handler is called. This allows an
1985 + * application to retrieve session stats via a tunnel socket.
1986 + */
1987 +static int pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel *tunnel,
1988 + unsigned int cmd, unsigned long arg)
1989 +{
1990 + int err = 0;
1991 + struct sock *sk = tunnel->sock;
1992 + struct pppol2tp_ioc_stats stats_req;
1993 +
1994 + sock_hold(sk);
1995 +
1996 + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG,
1997 + "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", tunnel->name,
1998 + cmd, arg);
1999 +
2000 + switch (cmd) {
2001 + case PPPIOCGL2TPSTATS:
2002 + err = -ENXIO;
2003 +
2004 + if (!(sk->state & PPPOX_CONNECTED))
2005 + break;
2006 +
2007 + if (copy_from_user(&stats_req, (void *) arg,
2008 + sizeof(stats_req))) {
2009 + err = -EFAULT;
2010 + break;
2011 + }
2012 + if (stats_req.session_id != 0) {
2013 + /* resend to session ioctl handler */
2014 + struct pppol2tp_session *session =
2015 + pppol2tp_session_find(tunnel, stats_req.session_id);
2016 + if (session != NULL)
2017 + err = pppol2tp_session_ioctl(session, cmd, arg);
2018 + else
2019 + err = -EBADR;
2020 + break;
2021 + }
2022 + if (copy_to_user((void *) arg, &tunnel->stats,
2023 + sizeof(tunnel->stats))) {
2024 + err = -EFAULT;
2025 + break;
2026 + }
2027 + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2028 + "%s: get L2TP stats\n", tunnel->name);
2029 + err = 0;
2030 + break;
2031 +
2032 + default:
2033 + err = -ENOSYS;
2034 + break;
2035 + }
2036 +
2037 + sock_put(sk);
2038 +
2039 + return err;
2040 +}
2041 +
2042 +/* Main ioctl() handler.
2043 + * Dispatch to tunnel or session helpers depending on the socket.
2044 + */
2045 +static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd,
2046 + unsigned long arg)
2047 +{
2048 + struct sock *sk = sock->sk;
2049 + struct pppol2tp_session *session;
2050 + struct pppol2tp_tunnel *tunnel;
2051 + int err = 0;
2052 +
2053 + ENTER_FUNCTION;
2054 +
2055 + if (!sk)
2056 + return 0;
2057 +
2058 + if (sk->dead != 0)
2059 + return -EBADF;
2060 +
2061 + if ((sk->user_data == NULL) ||
2062 + (!(sk->state & (PPPOX_CONNECTED | PPPOX_BOUND)))) {
2063 + err = -ENOTCONN;
2064 + DPRINTK(-1, "ioctl: socket %p not connected.\n", sk);
2065 + goto end;
2066 + }
2067 +
2068 + SOCK_2_SESSION(sk, session, err, -EBADF, end, 0);
2069 + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, err, -EBADF, end, 1);
2070 +
2071 + /* Special case: if session's session_id is zero, treat ioctl as a
2072 + * tunnel ioctl
2073 + */
2074 + if ((session->tunnel_addr.s_session == 0) &&
2075 + (session->tunnel_addr.d_session == 0)) {
2076 + err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg);
2077 + goto end;
2078 + }
2079 +
2080 + err = pppol2tp_session_ioctl(session, cmd, arg);
2081 +
2082 +end:
2083 + EXIT_FUNCTION;
2084 + return err;
2085 +}
2086 +
2087 +/*****************************************************************************
2088 + * setsockopt() / getsockopt() support.
2089 + *
2090 + * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP
2091 + * sockets. In order to control kernel tunnel features, we allow userspace to
2092 + * create a special "tunnel" PPPoX socket which is used for control only.
2093 + * Tunnel PPPoX sockets have session_id == 0 and simply allow the user
2094 + * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls.
2095 + *****************************************************************************/
2096 +
2097 +/* Tunnel setsockopt() helper.
2098 + */
2099 +static int pppol2tp_tunnel_setsockopt(struct sock *sk,
2100 + struct pppol2tp_tunnel *tunnel,
2101 + int optname, int val)
2102 +{
2103 + int err = 0;
2104 +
2105 + switch (optname) {
2106 + case PPPOL2TP_SO_DEBUG:
2107 + tunnel->debug = val;
2108 + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2109 + "%s: set debug=%x\n", tunnel->name, tunnel->debug);
2110 + break;
2111 +
2112 + default:
2113 + err = -ENOPROTOOPT;
2114 + break;
2115 + }
2116 +
2117 + return err;
2118 +}
2119 +
2120 +/* Session setsockopt helper.
2121 + */
2122 +static int pppol2tp_session_setsockopt(struct sock *sk,
2123 + struct pppol2tp_session *session,
2124 + int optname, int val)
2125 +{
2126 + int err = 0;
2127 +
2128 + switch (optname) {
2129 + case PPPOL2TP_SO_RECVSEQ:
2130 + if ((val != 0) && (val != 1)) {
2131 + err = -EINVAL;
2132 + break;
2133 + }
2134 + session->recv_seq = val ? -1 : 0;
2135 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2136 + "%s: set recv_seq=%d\n", session->name,
2137 + session->recv_seq);
2138 + break;
2139 +
2140 + case PPPOL2TP_SO_SENDSEQ:
2141 + if ((val != 0) && (val != 1)) {
2142 + err = -EINVAL;
2143 + break;
2144 + }
2145 + session->send_seq = val ? -1 : 0;
2146 + {
2147 + /* FIXME: is it safe to change the ppp channel's
2148 + * hdrlen on the fly?
2149 + */
2150 + struct sock *sk = session->sock;
2151 + struct pppox_opt *po = sk->protinfo.pppox;
2152 + po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
2153 + PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
2154 + }
2155 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2156 + "%s: set send_seq=%d\n", session->name, session->send_seq);
2157 + break;
2158 +
2159 + case PPPOL2TP_SO_LNSMODE:
2160 + if ((val != 0) && (val != 1)) {
2161 + err = -EINVAL;
2162 + break;
2163 + }
2164 + session->lns_mode = val ? -1 : 0;
2165 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2166 + "%s: set lns_mode=%d\n", session->name,
2167 + session->lns_mode);
2168 + break;
2169 +
2170 + case PPPOL2TP_SO_DEBUG:
2171 + session->debug = val;
2172 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2173 + "%s: set debug=%x\n", session->name, session->debug);
2174 + break;
2175 +
2176 + case PPPOL2TP_SO_REORDERTO:
2177 + session->reorder_timeout = MS_TO_JIFFIES(val);
2178 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2179 + "%s: set reorder_timeout=%d\n", session->name,
2180 + session->reorder_timeout);
2181 + break;
2182 +
2183 + default:
2184 + err = -ENOPROTOOPT;
2185 + break;
2186 + }
2187 +
2188 + return err;
2189 +}
2190 +
2191 +/* Main setsockopt() entry point.
2192 + * Does API checks, then calls either the tunnel or session setsockopt
2193 + * handler, according to whether the PPPoL2TP socket is a for a regular
2194 + * session or the special tunnel type.
2195 + */
2196 +static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
2197 + char *optval, int optlen)
2198 +{
2199 + struct sock *sk = sock->sk;
2200 + struct pppol2tp_session *session = sk->user_data;
2201 + struct pppol2tp_tunnel *tunnel;
2202 + int val;
2203 + int err = 0;
2204 +
2205 + if (level != SOL_PPPOL2TP)
2206 + return udp_prot.setsockopt(sk, level, optname, optval, optlen);
2207 +
2208 + if (optlen<sizeof(int))
2209 + return -EINVAL;
2210 +
2211 + if (get_user(val, (int *)optval))
2212 + return -EFAULT;
2213 +
2214 + if (sk->user_data == NULL) {
2215 + err = -ENOTCONN;
2216 + DPRINTK(-1, "setsockopt: socket %p not connected.\n", sk);
2217 + goto end;
2218 + }
2219 +
2220 + SOCK_2_SESSION(sk, session, err, -EBADF, end, 0);
2221 + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, err, -EBADF, end, 1);
2222 +
2223 + lock_sock(sk);
2224 +
2225 + /* Special case: if session_id == 0x0000, treat as operation on tunnel
2226 + */
2227 + if ((session->tunnel_addr.s_session == 0) &&
2228 + (session->tunnel_addr.d_session == 0))
2229 + err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val);
2230 + else
2231 + err = pppol2tp_session_setsockopt(sk, session, optname, val);
2232 +
2233 + release_sock(sk);
2234 +end:
2235 + return err;
2236 +}
2237 +
2238 +/* Tunnel getsockopt helper.
2239 + */
2240 +static int pppol2tp_tunnel_getsockopt(struct sock *sk,
2241 + struct pppol2tp_tunnel *tunnel,
2242 + int optname, int *val)
2243 +{
2244 + int err = 0;
2245 +
2246 + switch (optname) {
2247 + case PPPOL2TP_SO_DEBUG:
2248 + *val = tunnel->debug;
2249 + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2250 + "%s: get debug=%x\n", tunnel->name, tunnel->debug);
2251 + break;
2252 +
2253 + default:
2254 + err = -ENOPROTOOPT;
2255 + break;
2256 + }
2257 +
2258 + return err;
2259 +}
2260 +
2261 +/* Session getsockopt helper.
2262 + */
2263 +static int pppol2tp_session_getsockopt(struct sock *sk,
2264 + struct pppol2tp_session *session,
2265 + int optname, int *val)
2266 +{
2267 + int err = 0;
2268 +
2269 + switch (optname) {
2270 + case PPPOL2TP_SO_RECVSEQ:
2271 + *val = session->recv_seq;
2272 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2273 + "%s: get recv_seq=%d\n", session->name, *val);
2274 + break;
2275 +
2276 + case PPPOL2TP_SO_SENDSEQ:
2277 + *val = session->send_seq;
2278 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2279 + "%s: get send_seq=%d\n", session->name, *val);
2280 + break;
2281 +
2282 + case PPPOL2TP_SO_LNSMODE:
2283 + *val = session->lns_mode;
2284 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2285 + "%s: get lns_mode=%d\n", session->name, *val);
2286 + break;
2287 +
2288 + case PPPOL2TP_SO_DEBUG:
2289 + *val = session->debug;
2290 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2291 + "%s: get debug=%d\n", session->name, *val);
2292 + break;
2293 +
2294 + case PPPOL2TP_SO_REORDERTO:
2295 + *val = JIFFIES_TO_MS(session->reorder_timeout);
2296 + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO,
2297 + "%s: get reorder_timeout=%d\n", session->name, *val);
2298 + break;
2299 +
2300 + default:
2301 + err = -ENOPROTOOPT;
2302 + }
2303 +
2304 + return err;
2305 +}
2306 +
2307 +/* Main getsockopt() entry point.
2308 + * Does API checks, then calls either the tunnel or session getsockopt
2309 + * handler, according to whether the PPPoX socket is a for a regular session
2310 + * or the special tunnel type.
2311 + */
2312 +static int pppol2tp_getsockopt(struct socket *sock, int level,
2313 + int optname, char *optval, int *optlen)
2314 +{
2315 + struct sock *sk = sock->sk;
2316 + struct pppol2tp_session *session = sk->user_data;
2317 + struct pppol2tp_tunnel *tunnel;
2318 + int val, len;
2319 + int err = 0;
2320 +
2321 + if (level != SOL_PPPOL2TP)
2322 + return udp_prot.getsockopt(sk, level, optname, optval, optlen);
2323 +
2324 + if (get_user(len,optlen))
2325 + return -EFAULT;
2326 +
2327 + len = min_t(unsigned int, len, sizeof(int));
2328 +
2329 + if (len < 0)
2330 + return -EINVAL;
2331 +
2332 + if (sk->user_data == NULL) {
2333 + err = -ENOTCONN;
2334 + DPRINTK(-1, "getsockopt: socket %p not connected.\n", sk);
2335 + goto end;
2336 + }
2337 +
2338 + /* Get the session and tunnel contexts */
2339 + SOCK_2_SESSION(sk, session, err, -EBADF, end, 0);
2340 + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, err, -EBADF, end, 1);
2341 +
2342 + /* Special case: if session_id == 0x0000, treat as operation on tunnel */
2343 + if ((session->tunnel_addr.s_session == 0) &&
2344 + (session->tunnel_addr.d_session == 0))
2345 + err = pppol2tp_tunnel_getsockopt(sk,tunnel, optname, &val);
2346 + else
2347 + err = pppol2tp_session_getsockopt(sk,session, optname, &val);
2348 +
2349 + if (put_user(len, optlen))
2350 + return -EFAULT;
2351 +
2352 + if (copy_to_user(optval, &val, len))
2353 + return -EFAULT;
2354 +
2355 +end:
2356 + return err;
2357 +}
2358 +
2359 +/*****************************************************************************
2360 + * /proc filesystem for debug
2361 + *****************************************************************************/
2362 +
2363 +#ifdef CONFIG_PROC_FS
2364 +
2365 +#include <linux/seq_file.h>
2366 +
2367 +static int pppol2tp_proc_open(struct inode *inode, struct file *file);
2368 +static void *pppol2tp_proc_start(struct seq_file *m, loff_t *_pos);
2369 +static void *pppol2tp_proc_next(struct seq_file *p, void *v, loff_t *pos);
2370 +static void pppol2tp_proc_stop(struct seq_file *p, void *v);
2371 +static int pppol2tp_proc_show(struct seq_file *m, void *v);
2372 +
2373 +static struct proc_dir_entry *pppol2tp_proc;
2374 +
2375 +static struct seq_operations pppol2tp_proc_ops = {
2376 + .start = pppol2tp_proc_start,
2377 + .next = pppol2tp_proc_next,
2378 + .stop = pppol2tp_proc_stop,
2379 + .show = pppol2tp_proc_show,
2380 +};
2381 +
2382 +static struct file_operations pppol2tp_proc_fops = {
2383 + .open = pppol2tp_proc_open,
2384 + .read = seq_read,
2385 + .llseek = seq_lseek,
2386 + .release = seq_release,
2387 +};
2388 +
2389 +
2390 +#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,26))
2391 +static inline struct proc_dir_entry *PDE(const struct inode *inode)
2392 +{
2393 + return (struct proc_dir_entry *)inode->u.generic_ip;
2394 +}
2395 +#endif
2396 +
2397 +static int pppol2tp_proc_open(struct inode *inode, struct file *file)
2398 +{
2399 + struct seq_file *m;
2400 + int ret = 0;
2401 +
2402 + ENTER_FUNCTION;
2403 + ret = seq_open(file, &pppol2tp_proc_ops);
2404 + if (ret < 0)
2405 + goto out;
2406 +
2407 + m = file->private_data;
2408 + m->private = PDE(inode)->data;
2409 +
2410 +out:
2411 + EXIT_FUNCTION;
2412 + return ret;
2413 +}
2414 +
2415 +static void *pppol2tp_proc_start(struct seq_file *m, loff_t *_pos)
2416 +{
2417 + struct pppol2tp_tunnel *tunnel = NULL;
2418 + loff_t pos = *_pos;
2419 + struct list_head *walk;
2420 + struct list_head *tmp;
2421 +
2422 + ENTER_FUNCTION;
2423 +
2424 + /* allow for the header line */
2425 + if (!pos) {
2426 + tunnel = (void *)1;
2427 + goto out;
2428 + }
2429 + pos--;
2430 +
2431 + /* find the n'th element in the list */
2432 + list_for_each_safe(walk, tmp, &pppol2tp_tunnel_list) {
2433 + tunnel = list_entry(walk, struct pppol2tp_tunnel, list);
2434 + if (!pos--) {
2435 + sock_hold(tunnel->sock);
2436 + goto out;
2437 + }
2438 + }
2439 + tunnel = NULL;
2440 +
2441 +out:
2442 + EXIT_FUNCTION;
2443 +
2444 + return tunnel;
2445 +}
2446 +
2447 +static void *pppol2tp_proc_next(struct seq_file *p, void *v, loff_t *pos)
2448 +{
2449 + struct pppol2tp_tunnel *tunnel = v;
2450 + struct list_head *tmp;
2451 + struct list_head *list;
2452 +
2453 + ENTER_FUNCTION;
2454 +
2455 + (*pos)++;
2456 +
2457 + if (v == (void *)1)
2458 + list = &pppol2tp_tunnel_list;
2459 + else
2460 + list = &tunnel->list;
2461 +
2462 + tmp = list->next;
2463 + if (tmp == &pppol2tp_tunnel_list)
2464 + tunnel = NULL;
2465 + else
2466 + tunnel = list_entry(tmp, struct pppol2tp_tunnel, list);
2467 +
2468 + EXIT_FUNCTION;
2469 +
2470 + return tunnel;
2471 +}
2472 +
2473 +static void pppol2tp_proc_stop(struct seq_file *p, void *v)
2474 +{
2475 + struct pppol2tp_tunnel *tunnel = v;
2476 +
2477 + ENTER_FUNCTION;
2478 +
2479 + if (tunnel != NULL)
2480 + sock_put(tunnel->sock);
2481 +
2482 + EXIT_FUNCTION;
2483 +}
2484 +
2485 +static int pppol2tp_proc_show(struct seq_file *m, void *v)
2486 +{
2487 + struct pppol2tp_tunnel *tunnel = v;
2488 + struct pppol2tp_session *session;
2489 + struct hlist_node *walk;
2490 + struct hlist_node *tmp;
2491 + int i;
2492 +
2493 + ENTER_FUNCTION;
2494 +
2495 + /* display header on line 1 */
2496 + if (v == (void *)1) {
2497 + seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n");
2498 + seq_puts(m, "TUNNEL name, user-data-ok "
2499 + "session-count magic-ok\n");
2500 + seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2501 + seq_puts(m, " SESSION name, addr/port src-tid/sid "
2502 + "dest-tid/sid state user-data-ok magic-ok\n");
2503 + seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n");
2504 + seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n");
2505 + goto out;
2506 + }
2507 +
2508 + seq_printf(m, "TUNNEL '%s', %c %d MAGIC %s\n",
2509 + tunnel->name,
2510 + (tunnel == tunnel->sock->user_data) ? 'Y':'N',
2511 + atomic_read(&tunnel->session_count),
2512 + (tunnel->magic == L2TP_TUNNEL_MAGIC) ? "OK" : "BAD");
2513 + seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n",
2514 + tunnel->debug,
2515 + tunnel->stats.tx_packets, tunnel->stats.tx_bytes,
2516 + tunnel->stats.tx_errors,
2517 + tunnel->stats.rx_packets, tunnel->stats.rx_bytes,
2518 + tunnel->stats.rx_errors);
2519 +
2520 + if (tunnel->magic != L2TP_TUNNEL_MAGIC) {
2521 + seq_puts(m, "*** Aborting ***\n");
2522 + goto out;
2523 + }
2524 +
2525 + for (i = 0; i < PPPOL2TP_HASH_SIZE; i++) {
2526 + hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[i]) {
2527 + session = hlist_entry(walk, struct pppol2tp_session, hlist);
2528 + seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
2529 + "%04X/%04X %d %c MAGIC %s\n",
2530 + session->name,
2531 + htonl(session->tunnel_addr.addr.sin_addr.s_addr),
2532 + htons(session->tunnel_addr.addr.sin_port),
2533 + session->tunnel_addr.s_tunnel,
2534 + session->tunnel_addr.s_session,
2535 + session->tunnel_addr.d_tunnel,
2536 + session->tunnel_addr.d_session,
2537 + session->sock->state,
2538 + (session == session->sock->user_data) ?
2539 + 'Y' : 'N',
2540 + (session->magic == L2TP_SESSION_MAGIC) ?
2541 + "OK" : "BAD");
2542 +
2543 + seq_printf(m, " %d/%d/%c/%c/%s %08x %d\n",
2544 + session->mtu, session->mru,
2545 + session->recv_seq ? 'R' : '-',
2546 + session->send_seq ? 'S' : '-',
2547 + session->lns_mode ? "LNS" : "LAC",
2548 + session->debug,
2549 + JIFFIES_TO_MS(session->reorder_timeout));
2550 + seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n",
2551 + session->nr, session->ns,
2552 + session->stats.tx_packets,
2553 + session->stats.tx_bytes,
2554 + session->stats.tx_errors,
2555 + session->stats.rx_packets,
2556 + session->stats.rx_bytes,
2557 + session->stats.rx_errors);
2558 +
2559 + if (session->magic != L2TP_SESSION_MAGIC) {
2560 + seq_puts(m, "*** Aborting ***\n");
2561 + goto out;
2562 + }
2563 + }
2564 + }
2565 +out:
2566 + seq_puts(m, "\n");
2567 +
2568 + EXIT_FUNCTION;
2569 +
2570 + return 0;
2571 +}
2572 +
2573 +#endif /* CONFIG_PROC_FS */
2574 +
2575 +/*****************************************************************************
2576 + * Init and cleanup
2577 + *****************************************************************************/
2578 +
2579 +static struct proto_ops pppol2tp_ops = {
2580 + .family = AF_PPPOX,
2581 + .release = pppol2tp_release,
2582 + .bind = sock_no_bind,
2583 + .connect = pppol2tp_connect,
2584 + .socketpair = sock_no_socketpair,
2585 + .accept = sock_no_accept,
2586 + .getname = pppol2tp_getname,
2587 + .poll = datagram_poll,
2588 + .listen = sock_no_listen,
2589 + .shutdown = sock_no_shutdown,
2590 + .setsockopt = pppol2tp_setsockopt,
2591 + .getsockopt = pppol2tp_getsockopt,
2592 + .sendmsg = pppol2tp_sendmsg,
2593 + .recvmsg = pppol2tp_recvmsg,
2594 + .mmap = sock_no_mmap
2595 +};
2596 +
2597 +struct pppox_proto pppol2tp_proto = {
2598 + .create = pppol2tp_create,
2599 + .ioctl = pppol2tp_ioctl
2600 +};
2601 +
2602 +int __init pppol2tp_init(void)
2603 +{
2604 + int err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto);
2605 +
2606 + if (err == 0) {
2607 +#ifdef CONFIG_PROC_FS
2608 + pppol2tp_proc = create_proc_entry("pppol2tp", 0, proc_net);
2609 + if (!pppol2tp_proc) {
2610 + return -ENOMEM;
2611 + }
2612 + pppol2tp_proc->owner = THIS_MODULE;
2613 + pppol2tp_proc->proc_fops = &pppol2tp_proc_fops;
2614 +#endif /* CONFIG_PROC_FS */
2615 + printk(KERN_INFO "PPPoL2TP kernel driver, %s\n",
2616 + PPPOL2TP_DRV_VERSION);
2617 + }
2618 +
2619 + return err;
2620 +}
2621 +
2622 +void __exit pppol2tp_exit(void)
2623 +{
2624 + unregister_pppox_proto(PX_PROTO_OL2TP);
2625 +#ifdef CONFIG_PROC_FS
2626 + remove_proc_entry("pppol2tp", proc_net);
2627 +#endif
2628 +#ifdef DEBUG_MOD_USE_COUNT
2629 + printk(KERN_DEBUG "%s: module use_count is %d\n", __FUNCTION__, mod_use_count);
2630 +#endif
2631 +}
2632 +
2633 +module_init(pppol2tp_init);
2634 +module_exit(pppol2tp_exit);
2635 +
2636 +MODULE_AUTHOR("Martijn van Oosterhout <kleptog@svana.org>");
2637 +MODULE_DESCRIPTION("PPP over L2TP over UDP, " PPPOL2TP_DRV_VERSION);
2638 +MODULE_LICENSE("GPL");
2639 Index: linux-2.4.27-l2tp/drivers/net/pppox.c
2640 ===================================================================
2641 --- linux-2.4.27-l2tp.orig/drivers/net/pppox.c
2642 +++ linux-2.4.27-l2tp/drivers/net/pppox.c
2643 @@ -121,10 +121,17 @@ static int pppox_create(struct socket *s
2644 int err = 0;
2646 if (protocol < 0 || protocol > PX_MAX_PROTO)
2647 - return -EPROTOTYPE;
2648 + return -EPROTOTYPE;
2650 +#ifdef CONFIG_KMOD
2651 + if (proto[protocol] == NULL) {
2652 + char buffer[32];
2653 + sprintf(buffer, "pppox-proto-%d", protocol);
2654 + request_module(buffer);
2655 + }
2656 +#endif
2657 if (proto[protocol] == NULL)
2658 - return -EPROTONOSUPPORT;
2659 + return -EPROTONOSUPPORT;
2661 err = (*proto[protocol]->create)(sock);
2663 Index: linux-2.4.27-l2tp/include/linux/hash.h
2664 ===================================================================
2665 --- /dev/null
2666 +++ linux-2.4.27-l2tp/include/linux/hash.h
2667 @@ -0,0 +1,58 @@
2668 +#ifndef _LINUX_HASH_H
2669 +#define _LINUX_HASH_H
2670 +/* Fast hashing routine for a long.
2671 + (C) 2002 William Lee Irwin III, IBM */
2672 +
2673 +/*
2674 + * Knuth recommends primes in approximately golden ratio to the maximum
2675 + * integer representable by a machine word for multiplicative hashing.
2676 + * Chuck Lever verified the effectiveness of this technique:
2677 + * http://www.citi.umich.edu/techreports/reports/citi-tr-00-1.pdf
2678 + *
2679 + * These primes are chosen to be bit-sparse, that is operations on
2680 + * them can use shifts and additions instead of multiplications for
2681 + * machines where multiplications are slow.
2682 + */
2683 +#if BITS_PER_LONG == 32
2684 +/* 2^31 + 2^29 - 2^25 + 2^22 - 2^19 - 2^16 + 1 */
2685 +#define GOLDEN_RATIO_PRIME 0x9e370001UL
2686 +#elif BITS_PER_LONG == 64
2687 +/* 2^63 + 2^61 - 2^57 + 2^54 - 2^51 - 2^18 + 1 */
2688 +#define GOLDEN_RATIO_PRIME 0x9e37fffffffc0001UL
2689 +#else
2690 +#error Define GOLDEN_RATIO_PRIME for your wordsize.
2691 +#endif
2692 +
2693 +static inline unsigned long hash_long(unsigned long val, unsigned int bits)
2694 +{
2695 + unsigned long hash = val;
2696 +
2697 +#if BITS_PER_LONG == 64
2698 + /* Sigh, gcc can't optimise this alone like it does for 32 bits. */
2699 + unsigned long n = hash;
2700 + n <<= 18;
2701 + hash -= n;
2702 + n <<= 33;
2703 + hash -= n;
2704 + n <<= 3;
2705 + hash += n;
2706 + n <<= 3;
2707 + hash -= n;
2708 + n <<= 4;
2709 + hash += n;
2710 + n <<= 2;
2711 + hash += n;
2712 +#else
2713 + /* On some cpus multiply is faster, on others gcc will do shifts */
2714 + hash *= GOLDEN_RATIO_PRIME;
2715 +#endif
2716 +
2717 + /* High bits are more random, so use them. */
2718 + return hash >> (BITS_PER_LONG - bits);
2719 +}
2720 +
2721 +static inline unsigned long hash_ptr(void *ptr, unsigned int bits)
2722 +{
2723 + return hash_long((unsigned long)ptr, bits);
2724 +}
2725 +#endif /* _LINUX_HASH_H */
2726 Index: linux-2.4.27-l2tp/include/linux/if_ppp.h
2727 ===================================================================
2728 --- linux-2.4.27-l2tp.orig/include/linux/if_ppp.h
2729 +++ linux-2.4.27-l2tp/include/linux/if_ppp.h
2730 @@ -107,6 +107,21 @@ struct ifpppcstatsreq {
2731 struct ppp_comp_stats stats;
2732 };
2734 +/* For PPPIOCGL2TPSTATS */
2735 +struct pppol2tp_ioc_stats {
2736 + __u16 tunnel_id; /* redundant */
2737 + __u16 session_id; /* if zero, get tunnel stats */
2738 + __u64 tx_packets;
2739 + __u64 tx_bytes;
2740 + __u64 tx_errors;
2741 + __u64 rx_packets;
2742 + __u64 rx_bytes;
2743 + __u64 rx_seq_discards;
2744 + __u64 rx_oos_packets;
2745 + __u64 rx_errors;
2746 + int using_ipsec; /* valid only for session_id == 0 */
2747 +};
2748 +
2749 #define ifr__name b.ifr_ifrn.ifrn_name
2750 #define stats_ptr b.ifr_ifru.ifru_data
2752 @@ -143,6 +158,7 @@ struct ifpppcstatsreq {
2753 #define PPPIOCDISCONN _IO('t', 57) /* disconnect channel */
2754 #define PPPIOCATTCHAN _IOW('t', 56, int) /* attach to ppp channel */
2755 #define PPPIOCGCHAN _IOR('t', 55, int) /* get ppp channel number */
2756 +#define PPPIOCGL2TPSTATS _IOR('t', 54, struct pppol2tp_ioc_stats)
2758 #define SIOCGPPPSTATS (SIOCDEVPRIVATE + 0)
2759 #define SIOCGPPPVER (SIOCDEVPRIVATE + 1) /* NEVER change this!! */
2760 Index: linux-2.4.27-l2tp/include/linux/if_pppol2tp.h
2761 ===================================================================
2762 --- /dev/null
2763 +++ linux-2.4.27-l2tp/include/linux/if_pppol2tp.h
2764 @@ -0,0 +1,67 @@
2765 +/***************************************************************************
2766 + * Linux PPP over L2TP (PPPoL2TP) Socket Implementation (RFC 2661)
2767 + *
2768 + * This file supplies definitions required by the PPP over L2TP driver
2769 + * (pppol2tp.c). All version information wrt this file is located in pppol2tp.c
2770 + *
2771 + * License:
2772 + * This program is free software; you can redistribute it and/or
2773 + * modify it under the terms of the GNU General Public License
2774 + * as published by the Free Software Foundation; either version
2775 + * 2 of the License, or (at your option) any later version.
2776 + *
2777 + */
2778 +
2779 +#ifndef __LINUX_IF_PPPOL2TP_H
2780 +#define __LINUX_IF_PPPOL2TP_H
2781 +
2782 +#include <asm/types.h>
2783 +
2784 +#ifdef __KERNEL__
2785 +#include <linux/in.h>
2786 +#endif
2787 +
2788 +/* Structure used to bind() the socket to a particular socket & tunnel */
2789 +struct pppol2tp_addr
2790 +{
2791 + pid_t pid; /* pid that owns the fd.
2792 + * 0 => current */
2793 + int fd; /* FD of UDP socket to use */
2794 +
2795 + struct sockaddr_in addr; /* IP address and port to send to */
2796 +
2797 + __u16 s_tunnel, s_session; /* For matching incoming packets */
2798 + __u16 d_tunnel, d_session; /* For sending outgoing packets */
2799 +};
2800 +
2801 +/* Socket options:
2802 + * DEBUG - bitmask of debug message categories
2803 + * SENDSEQ - 0 => don't send packets with sequence numbers
2804 + * 1 => send packets with sequence numbers
2805 + * RECVSEQ - 0 => receive packet sequence numbers are optional
2806 + * 1 => drop receive packets without sequence numbers
2807 + * LNSMODE - 0 => act as LAC.
2808 + * 1 => act as LNS.
2809 + * REORDERTO - reorder timeout (in millisecs). If 0, don't try to reorder.
2810 + */
2811 +enum {
2812 + PPPOL2TP_SO_DEBUG = 1,
2813 + PPPOL2TP_SO_RECVSEQ = 2,
2814 + PPPOL2TP_SO_SENDSEQ = 3,
2815 + PPPOL2TP_SO_LNSMODE = 4,
2816 + PPPOL2TP_SO_REORDERTO = 5,
2817 +};
2818 +
2819 +/* Debug message categories for the DEBUG socket option */
2820 +enum {
2821 + PPPOL2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if
2822 + * compiled in) */
2823 + PPPOL2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel
2824 + * interface */
2825 + PPPOL2TP_MSG_SEQ = (1 << 2), /* sequence numbers */
2826 + PPPOL2TP_MSG_DATA = (1 << 3), /* data packets */
2827 +};
2828 +
2829 +
2830 +
2831 +#endif
2832 Index: linux-2.4.27-l2tp/include/linux/if_pppox.h
2833 ===================================================================
2834 --- linux-2.4.27-l2tp.orig/include/linux/if_pppox.h
2835 +++ linux-2.4.27-l2tp/include/linux/if_pppox.h
2836 @@ -1,6 +1,6 @@
2837 /***************************************************************************
2838 * Linux PPP over X - Generic PPP transport layer sockets
2839 - * Linux PPP over Ethernet (PPPoE) Socket Implementation (RFC 2516)
2840 + * Linux PPP over Ethernet (PPPoE) Socket Implementation (RFC 2516)
2841 *
2842 * This file supplies definitions required by the PPP over Ethernet driver
2843 * (pppox.c). All version information wrt this file is located in pppox.c
2844 @@ -28,6 +28,7 @@
2845 #include <asm/semaphore.h>
2846 #include <linux/ppp_channel.h>
2847 #endif /* __KERNEL__ */
2848 +#include <linux/if_pppol2tp.h>
2850 /* For user-space programs to pick up these definitions
2851 * which they wouldn't get otherwise without defining __KERNEL__
2852 @@ -37,30 +38,48 @@
2853 #define PF_PPPOX AF_PPPOX
2854 #endif /* !(AF_PPPOX) */
2856 -/************************************************************************
2857 - * PPPoE addressing definition
2858 - */
2859 -typedef __u16 sid_t;
2860 -struct pppoe_addr{
2861 - sid_t sid; /* Session identifier */
2862 - unsigned char remote[ETH_ALEN]; /* Remote address */
2863 - char dev[IFNAMSIZ]; /* Local device to use */
2864 -};
2865 -
2866 -/************************************************************************
2867 - * Protocols supported by AF_PPPOX
2868 - */
2869 +/************************************************************************
2870 + * PPPoE addressing definition
2871 + */
2872 +typedef __u16 sid_t;
2873 +struct pppoe_addr{
2874 + sid_t sid; /* Session identifier */
2875 + unsigned char remote[ETH_ALEN]; /* Remote address */
2876 + char dev[IFNAMSIZ]; /* Local device to use */
2877 +};
2878 +
2879 +/************************************************************************
2880 + * Protocols supported by AF_PPPOX
2881 + */
2882 #define PX_PROTO_OE 0 /* Currently just PPPoE */
2883 -#define PX_MAX_PROTO 1
2884 -
2885 -struct sockaddr_pppox {
2886 - sa_family_t sa_family; /* address family, AF_PPPOX */
2887 - unsigned int sa_protocol; /* protocol identifier */
2888 - union{
2889 - struct pppoe_addr pppoe;
2890 - }sa_addr;
2891 -}__attribute__ ((packed));
2892 +#define PX_PROTO_OL2TP 1 /* Now L2TP also */
2893 +#define PX_MAX_PROTO 2
2895 +/* The use of a union isn't viable because the size of this struct
2896 + * must stay fixed over time -- applications use sizeof(struct
2897 + * sockaddr_pppox) to fill it. Use protocol specific sockaddr types
2898 + * instead.
2899 + */
2900 +struct sockaddr_pppox {
2901 + sa_family_t sa_family; /* address family, AF_PPPOX */
2902 + unsigned int sa_protocol; /* protocol identifier */
2903 + union{
2904 + struct pppoe_addr pppoe;
2905 + }sa_addr;
2906 +}__attribute__ ((packed)); /* deprecated */
2907 +
2908 +/* Must be binary-compatible with sockaddr_pppox for backwards compatabilty */
2909 +struct sockaddr_pppoe {
2910 + sa_family_t sa_family; /* address family, AF_PPPOX */
2911 + unsigned int sa_protocol; /* protocol identifier */
2912 + struct pppoe_addr pppoe;
2913 +}__attribute__ ((packed));
2914 +
2915 +struct sockaddr_pppol2tp {
2916 + sa_family_t sa_family; /* address family, AF_PPPOX */
2917 + unsigned int sa_protocol; /* protocol identifier */
2918 + struct pppol2tp_addr pppol2tp;
2919 +}__attribute__ ((packed));
2921 /*********************************************************************
2922 *
2923 Index: linux-2.4.27-l2tp/include/linux/list.h
2924 ===================================================================
2925 --- linux-2.4.27-l2tp.orig/include/linux/list.h
2926 +++ linux-2.4.27-l2tp/include/linux/list.h
2927 @@ -3,7 +3,9 @@
2929 #if defined(__KERNEL__) || defined(_LVM_H_INCLUDE)
2931 +#include <linux/stddef.h>
2932 #include <linux/prefetch.h>
2933 +#include <asm/system.h>
2935 /*
2936 * Simple doubly linked list implementation.
2937 @@ -254,6 +256,159 @@ static inline void list_splice_init(stru
2938 pos = list_entry(pos->member.next, typeof(*pos), member), \
2939 prefetch(pos->member.next))
2941 +/*
2942 + * These are non-NULL pointers that will result in page faults
2943 + * under normal circumstances, used to verify that nobody uses
2944 + * non-initialized list entries.
2945 + */
2946 +#define LIST_POISON1 ((void *) 0x00100100)
2947 +#define LIST_POISON2 ((void *) 0x00200200)
2948 +
2949 +/*
2950 + * Double linked lists with a single pointer list head.
2951 + * Mostly useful for hash tables where the two pointer list head is
2952 + * too wasteful.
2953 + * You lose the ability to access the tail in O(1).
2954 + */
2955 +
2956 +struct hlist_head {
2957 + struct hlist_node *first;
2958 +};
2959 +
2960 +struct hlist_node {
2961 + struct hlist_node *next, **pprev;
2962 +};
2963 +
2964 +#define HLIST_HEAD_INIT { .first = NULL }
2965 +#define HLIST_HEAD(name) struct hlist_head name = { .first = NULL }
2966 +#define INIT_HLIST_HEAD(ptr) ((ptr)->first = NULL)
2967 +#define INIT_HLIST_NODE(ptr) ((ptr)->next = NULL, (ptr)->pprev = NULL)
2968 +
2969 +static inline int hlist_unhashed(const struct hlist_node *h)
2970 +{
2971 + return !h->pprev;
2972 +}
2973 +
2974 +static inline int hlist_empty(const struct hlist_head *h)
2975 +{
2976 + return !h->first;
2977 +}
2978 +
2979 +static inline void __hlist_del(struct hlist_node *n)
2980 +{
2981 + struct hlist_node *next = n->next;
2982 + struct hlist_node **pprev = n->pprev;
2983 + *pprev = next;
2984 + if (next)
2985 + next->pprev = pprev;
2986 +}
2987 +
2988 +static inline void hlist_del(struct hlist_node *n)
2989 +{
2990 + __hlist_del(n);
2991 + n->next = LIST_POISON1;
2992 + n->pprev = LIST_POISON2;
2993 +}
2994 +
2995 +static inline void hlist_del_init(struct hlist_node *n)
2996 +{
2997 + if (n->pprev) {
2998 + __hlist_del(n);
2999 + INIT_HLIST_NODE(n);
3000 + }
3001 +}
3002 +
3003 +static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h)
3004 +{
3005 + struct hlist_node *first = h->first;
3006 + n->next = first;
3007 + if (first)
3008 + first->pprev = &n->next;
3009 + h->first = n;
3010 + n->pprev = &h->first;
3011 +}
3012 +
3013 +/* next must be != NULL */
3014 +static inline void hlist_add_before(struct hlist_node *n,
3015 + struct hlist_node *next)
3016 +{
3017 + n->pprev = next->pprev;
3018 + n->next = next;
3019 + next->pprev = &n->next;
3020 + *(n->pprev) = n;
3021 +}
3022 +
3023 +static inline void hlist_add_after(struct hlist_node *n,
3024 + struct hlist_node *next)
3025 +{
3026 + next->next = n->next;
3027 + n->next = next;
3028 + next->pprev = &n->next;
3029 +
3030 + if(next->next)
3031 + next->next->pprev = &next->next;
3032 +}
3033 +
3034 +#define hlist_entry(ptr, type, member) container_of(ptr,type,member)
3035 +
3036 +#define hlist_for_each(pos, head) \
3037 + for (pos = (head)->first; pos && ({ prefetch(pos->next); 1; }); \
3038 + pos = pos->next)
3039 +
3040 +#define hlist_for_each_safe(pos, n, head) \
3041 + for (pos = (head)->first; pos && ({ n = pos->next; 1; }); \
3042 + pos = n)
3043 +
3044 +/**
3045 + * hlist_for_each_entry - iterate over list of given type
3046 + * @tpos: the type * to use as a loop counter.
3047 + * @pos: the &struct hlist_node to use as a loop counter.
3048 + * @head: the head for your list.
3049 + * @member: the name of the hlist_node within the struct.
3050 + */
3051 +#define hlist_for_each_entry(tpos, pos, head, member) \
3052 + for (pos = (head)->first; \
3053 + pos && ({ prefetch(pos->next); 1;}) && \
3054 + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
3055 + pos = pos->next)
3056 +
3057 +/**
3058 + * hlist_for_each_entry_continue - iterate over a hlist continuing after existing point
3059 + * @tpos: the type * to use as a loop counter.
3060 + * @pos: the &struct hlist_node to use as a loop counter.
3061 + * @member: the name of the hlist_node within the struct.
3062 + */
3063 +#define hlist_for_each_entry_continue(tpos, pos, member) \
3064 + for (pos = (pos)->next; \
3065 + pos && ({ prefetch(pos->next); 1;}) && \
3066 + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
3067 + pos = pos->next)
3068 +
3069 +/**
3070 + * hlist_for_each_entry_from - iterate over a hlist continuing from existing point
3071 + * @tpos: the type * to use as a loop counter.
3072 + * @pos: the &struct hlist_node to use as a loop counter.
3073 + * @member: the name of the hlist_node within the struct.
3074 + */
3075 +#define hlist_for_each_entry_from(tpos, pos, member) \
3076 + for (; pos && ({ prefetch(pos->next); 1;}) && \
3077 + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
3078 + pos = pos->next)
3079 +
3080 +/**
3081 + * hlist_for_each_entry_safe - iterate over list of given type safe against removal of list entry
3082 + * @tpos: the type * to use as a loop counter.
3083 + * @pos: the &struct hlist_node to use as a loop counter.
3084 + * @n: another &struct hlist_node to use as temporary storage
3085 + * @head: the head for your list.
3086 + * @member: the name of the hlist_node within the struct.
3087 + */
3088 +#define hlist_for_each_entry_safe(tpos, pos, n, head, member) \
3089 + for (pos = (head)->first; \
3090 + pos && ({ n = pos->next; 1; }) && \
3091 + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
3092 + pos = n)
3093 +
3094 #endif /* __KERNEL__ || _LVM_H_INCLUDE */
3096 #endif
3097 Index: linux-2.4.27-l2tp/include/linux/socket.h
3098 ===================================================================
3099 --- linux-2.4.27-l2tp.orig/include/linux/socket.h
3100 +++ linux-2.4.27-l2tp/include/linux/socket.h
3101 @@ -259,6 +259,7 @@ struct ucred {
3102 #define SOL_IRDA 266
3103 #define SOL_NETBEUI 267
3104 #define SOL_LLC 268
3105 +#define SOL_PPPOL2TP 269
3107 /* IPX options */
3108 #define IPX_TYPE 1