xref: /linux/net/l2tp/l2tp_ip6.c (revision b8265621f4888af9494e1d685620871ec81bc33d)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* L2TPv3 IP encapsulation support for IPv6
3  *
4  * Copyright (c) 2012 Katalix Systems Ltd
5  */
6 
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 
9 #include <linux/icmp.h>
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
12 #include <linux/random.h>
13 #include <linux/socket.h>
14 #include <linux/l2tp.h>
15 #include <linux/in.h>
16 #include <linux/in6.h>
17 #include <net/sock.h>
18 #include <net/ip.h>
19 #include <net/icmp.h>
20 #include <net/udp.h>
21 #include <net/inet_common.h>
22 #include <net/tcp_states.h>
23 #include <net/protocol.h>
24 #include <net/xfrm.h>
25 
26 #include <net/transp_v6.h>
27 #include <net/addrconf.h>
28 #include <net/ip6_route.h>
29 
30 #include "l2tp_core.h"
31 
32 struct l2tp_ip6_sock {
33 	/* inet_sock has to be the first member of l2tp_ip6_sock */
34 	struct inet_sock	inet;
35 
36 	u32			conn_id;
37 	u32			peer_conn_id;
38 
39 	/* ipv6_pinfo has to be the last member of l2tp_ip6_sock, see
40 	 * inet6_sk_generic
41 	 */
42 	struct ipv6_pinfo	inet6;
43 };
44 
45 static DEFINE_RWLOCK(l2tp_ip6_lock);
46 static struct hlist_head l2tp_ip6_table;
47 static struct hlist_head l2tp_ip6_bind_table;
48 
49 static inline struct l2tp_ip6_sock *l2tp_ip6_sk(const struct sock *sk)
50 {
51 	return (struct l2tp_ip6_sock *)sk;
52 }
53 
54 static struct sock *__l2tp_ip6_bind_lookup(const struct net *net,
55 					   const struct in6_addr *laddr,
56 					   const struct in6_addr *raddr,
57 					   int dif, u32 tunnel_id)
58 {
59 	struct sock *sk;
60 
61 	sk_for_each_bound(sk, &l2tp_ip6_bind_table) {
62 		const struct in6_addr *sk_laddr = inet6_rcv_saddr(sk);
63 		const struct in6_addr *sk_raddr = &sk->sk_v6_daddr;
64 		const struct l2tp_ip6_sock *l2tp = l2tp_ip6_sk(sk);
65 
66 		if (!net_eq(sock_net(sk), net))
67 			continue;
68 
69 		if (sk->sk_bound_dev_if && dif && sk->sk_bound_dev_if != dif)
70 			continue;
71 
72 		if (sk_laddr && !ipv6_addr_any(sk_laddr) &&
73 		    !ipv6_addr_any(laddr) && !ipv6_addr_equal(sk_laddr, laddr))
74 			continue;
75 
76 		if (!ipv6_addr_any(sk_raddr) && raddr &&
77 		    !ipv6_addr_any(raddr) && !ipv6_addr_equal(sk_raddr, raddr))
78 			continue;
79 
80 		if (l2tp->conn_id != tunnel_id)
81 			continue;
82 
83 		goto found;
84 	}
85 
86 	sk = NULL;
87 found:
88 	return sk;
89 }
90 
91 /* When processing receive frames, there are two cases to
92  * consider. Data frames consist of a non-zero session-id and an
93  * optional cookie. Control frames consist of a regular L2TP header
94  * preceded by 32-bits of zeros.
95  *
96  * L2TPv3 Session Header Over IP
97  *
98  *  0                   1                   2                   3
99  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
100  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
101  * |                           Session ID                          |
102  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
103  * |               Cookie (optional, maximum 64 bits)...
104  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
105  *                                                                 |
106  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
107  *
108  * L2TPv3 Control Message Header Over IP
109  *
110  *  0                   1                   2                   3
111  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
112  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
113  * |                      (32 bits of zeros)                       |
114  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
115  * |T|L|x|x|S|x|x|x|x|x|x|x|  Ver  |             Length            |
116  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
117  * |                     Control Connection ID                     |
118  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
119  * |               Ns              |               Nr              |
120  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
121  *
122  * All control frames are passed to userspace.
123  */
124 static int l2tp_ip6_recv(struct sk_buff *skb)
125 {
126 	struct net *net = dev_net(skb->dev);
127 	struct sock *sk;
128 	u32 session_id;
129 	u32 tunnel_id;
130 	unsigned char *ptr, *optr;
131 	struct l2tp_session *session;
132 	struct l2tp_tunnel *tunnel = NULL;
133 	struct ipv6hdr *iph;
134 	int length;
135 
136 	if (!pskb_may_pull(skb, 4))
137 		goto discard;
138 
139 	/* Point to L2TP header */
140 	optr = skb->data;
141 	ptr = skb->data;
142 	session_id = ntohl(*((__be32 *)ptr));
143 	ptr += 4;
144 
145 	/* RFC3931: L2TP/IP packets have the first 4 bytes containing
146 	 * the session_id. If it is 0, the packet is a L2TP control
147 	 * frame and the session_id value can be discarded.
148 	 */
149 	if (session_id == 0) {
150 		__skb_pull(skb, 4);
151 		goto pass_up;
152 	}
153 
154 	/* Ok, this is a data packet. Lookup the session. */
155 	session = l2tp_session_get(net, session_id);
156 	if (!session)
157 		goto discard;
158 
159 	tunnel = session->tunnel;
160 	if (!tunnel)
161 		goto discard_sess;
162 
163 	/* Trace packet contents, if enabled */
164 	if (tunnel->debug & L2TP_MSG_DATA) {
165 		length = min(32u, skb->len);
166 		if (!pskb_may_pull(skb, length))
167 			goto discard_sess;
168 
169 		/* Point to L2TP header */
170 		optr = skb->data;
171 		ptr = skb->data;
172 		ptr += 4;
173 		pr_debug("%s: ip recv\n", tunnel->name);
174 		print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, ptr, length);
175 	}
176 
177 	if (l2tp_v3_ensure_opt_in_linear(session, skb, &ptr, &optr))
178 		goto discard_sess;
179 
180 	l2tp_recv_common(session, skb, ptr, optr, 0, skb->len);
181 	l2tp_session_dec_refcount(session);
182 
183 	return 0;
184 
185 pass_up:
186 	/* Get the tunnel_id from the L2TP header */
187 	if (!pskb_may_pull(skb, 12))
188 		goto discard;
189 
190 	if ((skb->data[0] & 0xc0) != 0xc0)
191 		goto discard;
192 
193 	tunnel_id = ntohl(*(__be32 *)&skb->data[4]);
194 	iph = ipv6_hdr(skb);
195 
196 	read_lock_bh(&l2tp_ip6_lock);
197 	sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, &iph->saddr,
198 				    inet6_iif(skb), tunnel_id);
199 	if (!sk) {
200 		read_unlock_bh(&l2tp_ip6_lock);
201 		goto discard;
202 	}
203 	sock_hold(sk);
204 	read_unlock_bh(&l2tp_ip6_lock);
205 
206 	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
207 		goto discard_put;
208 
209 	nf_reset_ct(skb);
210 
211 	return sk_receive_skb(sk, skb, 1);
212 
213 discard_sess:
214 	l2tp_session_dec_refcount(session);
215 	goto discard;
216 
217 discard_put:
218 	sock_put(sk);
219 
220 discard:
221 	kfree_skb(skb);
222 	return 0;
223 }
224 
225 static int l2tp_ip6_hash(struct sock *sk)
226 {
227 	if (sk_unhashed(sk)) {
228 		write_lock_bh(&l2tp_ip6_lock);
229 		sk_add_node(sk, &l2tp_ip6_table);
230 		write_unlock_bh(&l2tp_ip6_lock);
231 	}
232 	return 0;
233 }
234 
235 static void l2tp_ip6_unhash(struct sock *sk)
236 {
237 	if (sk_unhashed(sk))
238 		return;
239 	write_lock_bh(&l2tp_ip6_lock);
240 	sk_del_node_init(sk);
241 	write_unlock_bh(&l2tp_ip6_lock);
242 }
243 
244 static int l2tp_ip6_open(struct sock *sk)
245 {
246 	/* Prevent autobind. We don't have ports. */
247 	inet_sk(sk)->inet_num = IPPROTO_L2TP;
248 
249 	l2tp_ip6_hash(sk);
250 	return 0;
251 }
252 
253 static void l2tp_ip6_close(struct sock *sk, long timeout)
254 {
255 	write_lock_bh(&l2tp_ip6_lock);
256 	hlist_del_init(&sk->sk_bind_node);
257 	sk_del_node_init(sk);
258 	write_unlock_bh(&l2tp_ip6_lock);
259 
260 	sk_common_release(sk);
261 }
262 
263 static void l2tp_ip6_destroy_sock(struct sock *sk)
264 {
265 	struct l2tp_tunnel *tunnel = sk->sk_user_data;
266 
267 	lock_sock(sk);
268 	ip6_flush_pending_frames(sk);
269 	release_sock(sk);
270 
271 	if (tunnel)
272 		l2tp_tunnel_delete(tunnel);
273 
274 	inet6_destroy_sock(sk);
275 }
276 
277 static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
278 {
279 	struct inet_sock *inet = inet_sk(sk);
280 	struct ipv6_pinfo *np = inet6_sk(sk);
281 	struct sockaddr_l2tpip6 *addr = (struct sockaddr_l2tpip6 *)uaddr;
282 	struct net *net = sock_net(sk);
283 	__be32 v4addr = 0;
284 	int bound_dev_if;
285 	int addr_type;
286 	int err;
287 
288 	if (addr->l2tp_family != AF_INET6)
289 		return -EINVAL;
290 	if (addr_len < sizeof(*addr))
291 		return -EINVAL;
292 
293 	addr_type = ipv6_addr_type(&addr->l2tp_addr);
294 
295 	/* l2tp_ip6 sockets are IPv6 only */
296 	if (addr_type == IPV6_ADDR_MAPPED)
297 		return -EADDRNOTAVAIL;
298 
299 	/* L2TP is point-point, not multicast */
300 	if (addr_type & IPV6_ADDR_MULTICAST)
301 		return -EADDRNOTAVAIL;
302 
303 	lock_sock(sk);
304 
305 	err = -EINVAL;
306 	if (!sock_flag(sk, SOCK_ZAPPED))
307 		goto out_unlock;
308 
309 	if (sk->sk_state != TCP_CLOSE)
310 		goto out_unlock;
311 
312 	bound_dev_if = sk->sk_bound_dev_if;
313 
314 	/* Check if the address belongs to the host. */
315 	rcu_read_lock();
316 	if (addr_type != IPV6_ADDR_ANY) {
317 		struct net_device *dev = NULL;
318 
319 		if (addr_type & IPV6_ADDR_LINKLOCAL) {
320 			if (addr->l2tp_scope_id)
321 				bound_dev_if = addr->l2tp_scope_id;
322 
323 			/* Binding to link-local address requires an
324 			 * interface.
325 			 */
326 			if (!bound_dev_if)
327 				goto out_unlock_rcu;
328 
329 			err = -ENODEV;
330 			dev = dev_get_by_index_rcu(sock_net(sk), bound_dev_if);
331 			if (!dev)
332 				goto out_unlock_rcu;
333 		}
334 
335 		/* ipv4 addr of the socket is invalid.  Only the
336 		 * unspecified and mapped address have a v4 equivalent.
337 		 */
338 		v4addr = LOOPBACK4_IPV6;
339 		err = -EADDRNOTAVAIL;
340 		if (!ipv6_chk_addr(sock_net(sk), &addr->l2tp_addr, dev, 0))
341 			goto out_unlock_rcu;
342 	}
343 	rcu_read_unlock();
344 
345 	write_lock_bh(&l2tp_ip6_lock);
346 	if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, NULL, bound_dev_if,
347 				   addr->l2tp_conn_id)) {
348 		write_unlock_bh(&l2tp_ip6_lock);
349 		err = -EADDRINUSE;
350 		goto out_unlock;
351 	}
352 
353 	inet->inet_saddr = v4addr;
354 	inet->inet_rcv_saddr = v4addr;
355 	sk->sk_bound_dev_if = bound_dev_if;
356 	sk->sk_v6_rcv_saddr = addr->l2tp_addr;
357 	np->saddr = addr->l2tp_addr;
358 
359 	l2tp_ip6_sk(sk)->conn_id = addr->l2tp_conn_id;
360 
361 	sk_add_bind_node(sk, &l2tp_ip6_bind_table);
362 	sk_del_node_init(sk);
363 	write_unlock_bh(&l2tp_ip6_lock);
364 
365 	sock_reset_flag(sk, SOCK_ZAPPED);
366 	release_sock(sk);
367 	return 0;
368 
369 out_unlock_rcu:
370 	rcu_read_unlock();
371 out_unlock:
372 	release_sock(sk);
373 
374 	return err;
375 }
376 
377 static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr,
378 			    int addr_len)
379 {
380 	struct sockaddr_l2tpip6 *lsa = (struct sockaddr_l2tpip6 *)uaddr;
381 	struct sockaddr_in6	*usin = (struct sockaddr_in6 *)uaddr;
382 	struct in6_addr	*daddr;
383 	int	addr_type;
384 	int rc;
385 
386 	if (addr_len < sizeof(*lsa))
387 		return -EINVAL;
388 
389 	if (usin->sin6_family != AF_INET6)
390 		return -EINVAL;
391 
392 	addr_type = ipv6_addr_type(&usin->sin6_addr);
393 	if (addr_type & IPV6_ADDR_MULTICAST)
394 		return -EINVAL;
395 
396 	if (addr_type & IPV6_ADDR_MAPPED) {
397 		daddr = &usin->sin6_addr;
398 		if (ipv4_is_multicast(daddr->s6_addr32[3]))
399 			return -EINVAL;
400 	}
401 
402 	lock_sock(sk);
403 
404 	 /* Must bind first - autobinding does not work */
405 	if (sock_flag(sk, SOCK_ZAPPED)) {
406 		rc = -EINVAL;
407 		goto out_sk;
408 	}
409 
410 	rc = __ip6_datagram_connect(sk, uaddr, addr_len);
411 	if (rc < 0)
412 		goto out_sk;
413 
414 	l2tp_ip6_sk(sk)->peer_conn_id = lsa->l2tp_conn_id;
415 
416 	write_lock_bh(&l2tp_ip6_lock);
417 	hlist_del_init(&sk->sk_bind_node);
418 	sk_add_bind_node(sk, &l2tp_ip6_bind_table);
419 	write_unlock_bh(&l2tp_ip6_lock);
420 
421 out_sk:
422 	release_sock(sk);
423 
424 	return rc;
425 }
426 
427 static int l2tp_ip6_disconnect(struct sock *sk, int flags)
428 {
429 	if (sock_flag(sk, SOCK_ZAPPED))
430 		return 0;
431 
432 	return __udp_disconnect(sk, flags);
433 }
434 
435 static int l2tp_ip6_getname(struct socket *sock, struct sockaddr *uaddr,
436 			    int peer)
437 {
438 	struct sockaddr_l2tpip6 *lsa = (struct sockaddr_l2tpip6 *)uaddr;
439 	struct sock *sk = sock->sk;
440 	struct ipv6_pinfo *np = inet6_sk(sk);
441 	struct l2tp_ip6_sock *lsk = l2tp_ip6_sk(sk);
442 
443 	lsa->l2tp_family = AF_INET6;
444 	lsa->l2tp_flowinfo = 0;
445 	lsa->l2tp_scope_id = 0;
446 	lsa->l2tp_unused = 0;
447 	if (peer) {
448 		if (!lsk->peer_conn_id)
449 			return -ENOTCONN;
450 		lsa->l2tp_conn_id = lsk->peer_conn_id;
451 		lsa->l2tp_addr = sk->sk_v6_daddr;
452 		if (np->sndflow)
453 			lsa->l2tp_flowinfo = np->flow_label;
454 	} else {
455 		if (ipv6_addr_any(&sk->sk_v6_rcv_saddr))
456 			lsa->l2tp_addr = np->saddr;
457 		else
458 			lsa->l2tp_addr = sk->sk_v6_rcv_saddr;
459 
460 		lsa->l2tp_conn_id = lsk->conn_id;
461 	}
462 	if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
463 		lsa->l2tp_scope_id = sk->sk_bound_dev_if;
464 	return sizeof(*lsa);
465 }
466 
467 static int l2tp_ip6_backlog_recv(struct sock *sk, struct sk_buff *skb)
468 {
469 	int rc;
470 
471 	/* Charge it to the socket, dropping if the queue is full. */
472 	rc = sock_queue_rcv_skb(sk, skb);
473 	if (rc < 0)
474 		goto drop;
475 
476 	return 0;
477 
478 drop:
479 	IP_INC_STATS(sock_net(sk), IPSTATS_MIB_INDISCARDS);
480 	kfree_skb(skb);
481 	return -1;
482 }
483 
484 static int l2tp_ip6_push_pending_frames(struct sock *sk)
485 {
486 	struct sk_buff *skb;
487 	__be32 *transhdr = NULL;
488 	int err = 0;
489 
490 	skb = skb_peek(&sk->sk_write_queue);
491 	if (!skb)
492 		goto out;
493 
494 	transhdr = (__be32 *)skb_transport_header(skb);
495 	*transhdr = 0;
496 
497 	err = ip6_push_pending_frames(sk);
498 
499 out:
500 	return err;
501 }
502 
503 /* Userspace will call sendmsg() on the tunnel socket to send L2TP
504  * control frames.
505  */
506 static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
507 {
508 	struct ipv6_txoptions opt_space;
509 	DECLARE_SOCKADDR(struct sockaddr_l2tpip6 *, lsa, msg->msg_name);
510 	struct in6_addr *daddr, *final_p, final;
511 	struct ipv6_pinfo *np = inet6_sk(sk);
512 	struct ipv6_txoptions *opt_to_free = NULL;
513 	struct ipv6_txoptions *opt = NULL;
514 	struct ip6_flowlabel *flowlabel = NULL;
515 	struct dst_entry *dst = NULL;
516 	struct flowi6 fl6;
517 	struct ipcm6_cookie ipc6;
518 	int addr_len = msg->msg_namelen;
519 	int transhdrlen = 4; /* zero session-id */
520 	int ulen = len + transhdrlen;
521 	int err;
522 
523 	/* Rough check on arithmetic overflow,
524 	 * better check is made in ip6_append_data().
525 	 */
526 	if (len > INT_MAX)
527 		return -EMSGSIZE;
528 
529 	/* Mirror BSD error message compatibility */
530 	if (msg->msg_flags & MSG_OOB)
531 		return -EOPNOTSUPP;
532 
533 	/* Get and verify the address */
534 	memset(&fl6, 0, sizeof(fl6));
535 
536 	fl6.flowi6_mark = sk->sk_mark;
537 	fl6.flowi6_uid = sk->sk_uid;
538 
539 	ipcm6_init(&ipc6);
540 
541 	if (lsa) {
542 		if (addr_len < SIN6_LEN_RFC2133)
543 			return -EINVAL;
544 
545 		if (lsa->l2tp_family && lsa->l2tp_family != AF_INET6)
546 			return -EAFNOSUPPORT;
547 
548 		daddr = &lsa->l2tp_addr;
549 		if (np->sndflow) {
550 			fl6.flowlabel = lsa->l2tp_flowinfo & IPV6_FLOWINFO_MASK;
551 			if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) {
552 				flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
553 				if (IS_ERR(flowlabel))
554 					return -EINVAL;
555 			}
556 		}
557 
558 		/* Otherwise it will be difficult to maintain
559 		 * sk->sk_dst_cache.
560 		 */
561 		if (sk->sk_state == TCP_ESTABLISHED &&
562 		    ipv6_addr_equal(daddr, &sk->sk_v6_daddr))
563 			daddr = &sk->sk_v6_daddr;
564 
565 		if (addr_len >= sizeof(struct sockaddr_in6) &&
566 		    lsa->l2tp_scope_id &&
567 		    ipv6_addr_type(daddr) & IPV6_ADDR_LINKLOCAL)
568 			fl6.flowi6_oif = lsa->l2tp_scope_id;
569 	} else {
570 		if (sk->sk_state != TCP_ESTABLISHED)
571 			return -EDESTADDRREQ;
572 
573 		daddr = &sk->sk_v6_daddr;
574 		fl6.flowlabel = np->flow_label;
575 	}
576 
577 	if (fl6.flowi6_oif == 0)
578 		fl6.flowi6_oif = sk->sk_bound_dev_if;
579 
580 	if (msg->msg_controllen) {
581 		opt = &opt_space;
582 		memset(opt, 0, sizeof(struct ipv6_txoptions));
583 		opt->tot_len = sizeof(struct ipv6_txoptions);
584 		ipc6.opt = opt;
585 
586 		err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, &ipc6);
587 		if (err < 0) {
588 			fl6_sock_release(flowlabel);
589 			return err;
590 		}
591 		if ((fl6.flowlabel & IPV6_FLOWLABEL_MASK) && !flowlabel) {
592 			flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
593 			if (IS_ERR(flowlabel))
594 				return -EINVAL;
595 		}
596 		if (!(opt->opt_nflen | opt->opt_flen))
597 			opt = NULL;
598 	}
599 
600 	if (!opt) {
601 		opt = txopt_get(np);
602 		opt_to_free = opt;
603 	}
604 	if (flowlabel)
605 		opt = fl6_merge_options(&opt_space, flowlabel, opt);
606 	opt = ipv6_fixup_options(&opt_space, opt);
607 	ipc6.opt = opt;
608 
609 	fl6.flowi6_proto = sk->sk_protocol;
610 	if (!ipv6_addr_any(daddr))
611 		fl6.daddr = *daddr;
612 	else
613 		fl6.daddr.s6_addr[15] = 0x1; /* :: means loopback (BSD'ism) */
614 	if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr))
615 		fl6.saddr = np->saddr;
616 
617 	final_p = fl6_update_dst(&fl6, opt, &final);
618 
619 	if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
620 		fl6.flowi6_oif = np->mcast_oif;
621 	else if (!fl6.flowi6_oif)
622 		fl6.flowi6_oif = np->ucast_oif;
623 
624 	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
625 
626 	if (ipc6.tclass < 0)
627 		ipc6.tclass = np->tclass;
628 
629 	fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
630 
631 	dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
632 	if (IS_ERR(dst)) {
633 		err = PTR_ERR(dst);
634 		goto out;
635 	}
636 
637 	if (ipc6.hlimit < 0)
638 		ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
639 
640 	if (ipc6.dontfrag < 0)
641 		ipc6.dontfrag = np->dontfrag;
642 
643 	if (msg->msg_flags & MSG_CONFIRM)
644 		goto do_confirm;
645 
646 back_from_confirm:
647 	lock_sock(sk);
648 	err = ip6_append_data(sk, ip_generic_getfrag, msg,
649 			      ulen, transhdrlen, &ipc6,
650 			      &fl6, (struct rt6_info *)dst,
651 			      msg->msg_flags);
652 	if (err)
653 		ip6_flush_pending_frames(sk);
654 	else if (!(msg->msg_flags & MSG_MORE))
655 		err = l2tp_ip6_push_pending_frames(sk);
656 	release_sock(sk);
657 done:
658 	dst_release(dst);
659 out:
660 	fl6_sock_release(flowlabel);
661 	txopt_put(opt_to_free);
662 
663 	return err < 0 ? err : len;
664 
665 do_confirm:
666 	if (msg->msg_flags & MSG_PROBE)
667 		dst_confirm_neigh(dst, &fl6.daddr);
668 	if (!(msg->msg_flags & MSG_PROBE) || len)
669 		goto back_from_confirm;
670 	err = 0;
671 	goto done;
672 }
673 
674 static int l2tp_ip6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
675 			    int noblock, int flags, int *addr_len)
676 {
677 	struct ipv6_pinfo *np = inet6_sk(sk);
678 	DECLARE_SOCKADDR(struct sockaddr_l2tpip6 *, lsa, msg->msg_name);
679 	size_t copied = 0;
680 	int err = -EOPNOTSUPP;
681 	struct sk_buff *skb;
682 
683 	if (flags & MSG_OOB)
684 		goto out;
685 
686 	if (flags & MSG_ERRQUEUE)
687 		return ipv6_recv_error(sk, msg, len, addr_len);
688 
689 	skb = skb_recv_datagram(sk, flags, noblock, &err);
690 	if (!skb)
691 		goto out;
692 
693 	copied = skb->len;
694 	if (len < copied) {
695 		msg->msg_flags |= MSG_TRUNC;
696 		copied = len;
697 	}
698 
699 	err = skb_copy_datagram_msg(skb, 0, msg, copied);
700 	if (err)
701 		goto done;
702 
703 	sock_recv_timestamp(msg, sk, skb);
704 
705 	/* Copy the address. */
706 	if (lsa) {
707 		lsa->l2tp_family = AF_INET6;
708 		lsa->l2tp_unused = 0;
709 		lsa->l2tp_addr = ipv6_hdr(skb)->saddr;
710 		lsa->l2tp_flowinfo = 0;
711 		lsa->l2tp_scope_id = 0;
712 		lsa->l2tp_conn_id = 0;
713 		if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
714 			lsa->l2tp_scope_id = inet6_iif(skb);
715 		*addr_len = sizeof(*lsa);
716 	}
717 
718 	if (np->rxopt.all)
719 		ip6_datagram_recv_ctl(sk, msg, skb);
720 
721 	if (flags & MSG_TRUNC)
722 		copied = skb->len;
723 done:
724 	skb_free_datagram(sk, skb);
725 out:
726 	return err ? err : copied;
727 }
728 
729 static struct proto l2tp_ip6_prot = {
730 	.name		   = "L2TP/IPv6",
731 	.owner		   = THIS_MODULE,
732 	.init		   = l2tp_ip6_open,
733 	.close		   = l2tp_ip6_close,
734 	.bind		   = l2tp_ip6_bind,
735 	.connect	   = l2tp_ip6_connect,
736 	.disconnect	   = l2tp_ip6_disconnect,
737 	.ioctl		   = l2tp_ioctl,
738 	.destroy	   = l2tp_ip6_destroy_sock,
739 	.setsockopt	   = ipv6_setsockopt,
740 	.getsockopt	   = ipv6_getsockopt,
741 	.sendmsg	   = l2tp_ip6_sendmsg,
742 	.recvmsg	   = l2tp_ip6_recvmsg,
743 	.backlog_rcv	   = l2tp_ip6_backlog_recv,
744 	.hash		   = l2tp_ip6_hash,
745 	.unhash		   = l2tp_ip6_unhash,
746 	.obj_size	   = sizeof(struct l2tp_ip6_sock),
747 };
748 
749 static const struct proto_ops l2tp_ip6_ops = {
750 	.family		   = PF_INET6,
751 	.owner		   = THIS_MODULE,
752 	.release	   = inet6_release,
753 	.bind		   = inet6_bind,
754 	.connect	   = inet_dgram_connect,
755 	.socketpair	   = sock_no_socketpair,
756 	.accept		   = sock_no_accept,
757 	.getname	   = l2tp_ip6_getname,
758 	.poll		   = datagram_poll,
759 	.ioctl		   = inet6_ioctl,
760 	.gettstamp	   = sock_gettstamp,
761 	.listen		   = sock_no_listen,
762 	.shutdown	   = inet_shutdown,
763 	.setsockopt	   = sock_common_setsockopt,
764 	.getsockopt	   = sock_common_getsockopt,
765 	.sendmsg	   = inet_sendmsg,
766 	.recvmsg	   = sock_common_recvmsg,
767 	.mmap		   = sock_no_mmap,
768 	.sendpage	   = sock_no_sendpage,
769 #ifdef CONFIG_COMPAT
770 	.compat_ioctl	   = inet6_compat_ioctl,
771 #endif
772 };
773 
774 static struct inet_protosw l2tp_ip6_protosw = {
775 	.type		= SOCK_DGRAM,
776 	.protocol	= IPPROTO_L2TP,
777 	.prot		= &l2tp_ip6_prot,
778 	.ops		= &l2tp_ip6_ops,
779 };
780 
781 static struct inet6_protocol l2tp_ip6_protocol __read_mostly = {
782 	.handler	= l2tp_ip6_recv,
783 };
784 
785 static int __init l2tp_ip6_init(void)
786 {
787 	int err;
788 
789 	pr_info("L2TP IP encapsulation support for IPv6 (L2TPv3)\n");
790 
791 	err = proto_register(&l2tp_ip6_prot, 1);
792 	if (err != 0)
793 		goto out;
794 
795 	err = inet6_add_protocol(&l2tp_ip6_protocol, IPPROTO_L2TP);
796 	if (err)
797 		goto out1;
798 
799 	inet6_register_protosw(&l2tp_ip6_protosw);
800 	return 0;
801 
802 out1:
803 	proto_unregister(&l2tp_ip6_prot);
804 out:
805 	return err;
806 }
807 
808 static void __exit l2tp_ip6_exit(void)
809 {
810 	inet6_unregister_protosw(&l2tp_ip6_protosw);
811 	inet6_del_protocol(&l2tp_ip6_protocol, IPPROTO_L2TP);
812 	proto_unregister(&l2tp_ip6_prot);
813 }
814 
815 module_init(l2tp_ip6_init);
816 module_exit(l2tp_ip6_exit);
817 
818 MODULE_LICENSE("GPL");
819 MODULE_AUTHOR("Chris Elston <celston@katalix.com>");
820 MODULE_DESCRIPTION("L2TP IP encapsulation for IPv6");
821 MODULE_VERSION("1.0");
822 
823 /* Use the value of SOCK_DGRAM (2) directory, because __stringify doesn't like
824  * enums
825  */
826 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 2, IPPROTO_L2TP);
827 MODULE_ALIAS_NET_PF_PROTO(PF_INET6, IPPROTO_L2TP);
828