xref: /linux/net/l2tp/l2tp_netlink.c (revision cdd30ebb1b9f36159d66f088b61aee264e649d7a)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* L2TP netlink layer, for management
3  *
4  * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5  *
6  * Partly based on the IrDA nelink implementation
7  * (see net/irda/irnetlink.c) which is:
8  * Copyright (c) 2007 Samuel Ortiz <samuel@sortiz.org>
9  * which is in turn partly based on the wireless netlink code:
10  * Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
11  */
12 
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 
15 #include <net/sock.h>
16 #include <net/genetlink.h>
17 #include <net/udp.h>
18 #include <linux/in.h>
19 #include <linux/udp.h>
20 #include <linux/socket.h>
21 #include <linux/module.h>
22 #include <linux/list.h>
23 #include <net/net_namespace.h>
24 
25 #include <linux/l2tp.h>
26 
27 #include "l2tp_core.h"
28 
29 static struct genl_family l2tp_nl_family;
30 
31 static const struct genl_multicast_group l2tp_multicast_group[] = {
32 	{
33 		.name = L2TP_GENL_MCGROUP,
34 	},
35 };
36 
37 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq,
38 			       int flags, struct l2tp_tunnel *tunnel, u8 cmd);
39 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq,
40 				int flags, struct l2tp_session *session,
41 				u8 cmd);
42 
43 /* Accessed under genl lock */
44 static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX];
45 
46 static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info)
47 {
48 	u32 tunnel_id;
49 	u32 session_id;
50 	char *ifname;
51 	struct l2tp_tunnel *tunnel;
52 	struct l2tp_session *session = NULL;
53 	struct net *net = genl_info_net(info);
54 
55 	if (info->attrs[L2TP_ATTR_IFNAME]) {
56 		ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
57 		session = l2tp_session_get_by_ifname(net, ifname);
58 	} else if ((info->attrs[L2TP_ATTR_SESSION_ID]) &&
59 		   (info->attrs[L2TP_ATTR_CONN_ID])) {
60 		tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
61 		session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
62 		tunnel = l2tp_tunnel_get(net, tunnel_id);
63 		if (tunnel) {
64 			session = l2tp_session_get(net, tunnel->sock, tunnel->version,
65 						   tunnel_id, session_id);
66 			l2tp_tunnel_put(tunnel);
67 		}
68 	}
69 
70 	return session;
71 }
72 
73 static int l2tp_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info)
74 {
75 	struct sk_buff *msg;
76 	void *hdr;
77 	int ret = -ENOBUFS;
78 
79 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
80 	if (!msg) {
81 		ret = -ENOMEM;
82 		goto out;
83 	}
84 
85 	hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq,
86 			  &l2tp_nl_family, 0, L2TP_CMD_NOOP);
87 	if (!hdr) {
88 		ret = -EMSGSIZE;
89 		goto err_out;
90 	}
91 
92 	genlmsg_end(msg, hdr);
93 
94 	return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
95 
96 err_out:
97 	nlmsg_free(msg);
98 
99 out:
100 	return ret;
101 }
102 
103 static int l2tp_tunnel_notify(struct genl_family *family,
104 			      struct genl_info *info,
105 			      struct l2tp_tunnel *tunnel,
106 			      u8 cmd)
107 {
108 	struct sk_buff *msg;
109 	int ret;
110 
111 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
112 	if (!msg)
113 		return -ENOMEM;
114 
115 	ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
116 				  NLM_F_ACK, tunnel, cmd);
117 
118 	if (ret >= 0) {
119 		ret = genlmsg_multicast_allns(family, msg, 0, 0);
120 		/* We don't care if no one is listening */
121 		if (ret == -ESRCH)
122 			ret = 0;
123 		return ret;
124 	}
125 
126 	nlmsg_free(msg);
127 
128 	return ret;
129 }
130 
131 static int l2tp_session_notify(struct genl_family *family,
132 			       struct genl_info *info,
133 			       struct l2tp_session *session,
134 			       u8 cmd)
135 {
136 	struct sk_buff *msg;
137 	int ret;
138 
139 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
140 	if (!msg)
141 		return -ENOMEM;
142 
143 	ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
144 				   NLM_F_ACK, session, cmd);
145 
146 	if (ret >= 0) {
147 		ret = genlmsg_multicast_allns(family, msg, 0, 0);
148 		/* We don't care if no one is listening */
149 		if (ret == -ESRCH)
150 			ret = 0;
151 		return ret;
152 	}
153 
154 	nlmsg_free(msg);
155 
156 	return ret;
157 }
158 
159 static int l2tp_nl_cmd_tunnel_create_get_addr(struct nlattr **attrs, struct l2tp_tunnel_cfg *cfg)
160 {
161 	if (attrs[L2TP_ATTR_UDP_SPORT])
162 		cfg->local_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_SPORT]);
163 	if (attrs[L2TP_ATTR_UDP_DPORT])
164 		cfg->peer_udp_port = nla_get_u16(attrs[L2TP_ATTR_UDP_DPORT]);
165 	cfg->use_udp_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_CSUM]);
166 
167 	/* Must have either AF_INET or AF_INET6 address for source and destination */
168 #if IS_ENABLED(CONFIG_IPV6)
169 	if (attrs[L2TP_ATTR_IP6_SADDR] && attrs[L2TP_ATTR_IP6_DADDR]) {
170 		cfg->local_ip6 = nla_data(attrs[L2TP_ATTR_IP6_SADDR]);
171 		cfg->peer_ip6 = nla_data(attrs[L2TP_ATTR_IP6_DADDR]);
172 		cfg->udp6_zero_tx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_TX]);
173 		cfg->udp6_zero_rx_checksums = nla_get_flag(attrs[L2TP_ATTR_UDP_ZERO_CSUM6_RX]);
174 		return 0;
175 	}
176 #endif
177 	if (attrs[L2TP_ATTR_IP_SADDR] && attrs[L2TP_ATTR_IP_DADDR]) {
178 		cfg->local_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_SADDR]);
179 		cfg->peer_ip.s_addr = nla_get_in_addr(attrs[L2TP_ATTR_IP_DADDR]);
180 		return 0;
181 	}
182 	return -EINVAL;
183 }
184 
185 static int l2tp_nl_cmd_tunnel_create(struct sk_buff *skb, struct genl_info *info)
186 {
187 	u32 tunnel_id;
188 	u32 peer_tunnel_id;
189 	int proto_version;
190 	int fd = -1;
191 	int ret = 0;
192 	struct l2tp_tunnel_cfg cfg = { 0, };
193 	struct l2tp_tunnel *tunnel;
194 	struct net *net = genl_info_net(info);
195 	struct nlattr **attrs = info->attrs;
196 
197 	if (!attrs[L2TP_ATTR_CONN_ID]) {
198 		ret = -EINVAL;
199 		goto out;
200 	}
201 	tunnel_id = nla_get_u32(attrs[L2TP_ATTR_CONN_ID]);
202 
203 	if (!attrs[L2TP_ATTR_PEER_CONN_ID]) {
204 		ret = -EINVAL;
205 		goto out;
206 	}
207 	peer_tunnel_id = nla_get_u32(attrs[L2TP_ATTR_PEER_CONN_ID]);
208 
209 	if (!attrs[L2TP_ATTR_PROTO_VERSION]) {
210 		ret = -EINVAL;
211 		goto out;
212 	}
213 	proto_version = nla_get_u8(attrs[L2TP_ATTR_PROTO_VERSION]);
214 
215 	if (!attrs[L2TP_ATTR_ENCAP_TYPE]) {
216 		ret = -EINVAL;
217 		goto out;
218 	}
219 	cfg.encap = nla_get_u16(attrs[L2TP_ATTR_ENCAP_TYPE]);
220 
221 	/* Managed tunnels take the tunnel socket from userspace.
222 	 * Unmanaged tunnels must call out the source and destination addresses
223 	 * for the kernel to create the tunnel socket itself.
224 	 */
225 	if (attrs[L2TP_ATTR_FD]) {
226 		fd = nla_get_u32(attrs[L2TP_ATTR_FD]);
227 	} else {
228 		ret = l2tp_nl_cmd_tunnel_create_get_addr(attrs, &cfg);
229 		if (ret < 0)
230 			goto out;
231 	}
232 
233 	ret = -EINVAL;
234 	switch (cfg.encap) {
235 	case L2TP_ENCAPTYPE_UDP:
236 	case L2TP_ENCAPTYPE_IP:
237 		ret = l2tp_tunnel_create(fd, proto_version, tunnel_id,
238 					 peer_tunnel_id, &cfg, &tunnel);
239 		break;
240 	}
241 
242 	if (ret < 0)
243 		goto out;
244 
245 	refcount_inc(&tunnel->ref_count);
246 	ret = l2tp_tunnel_register(tunnel, net, &cfg);
247 	if (ret < 0) {
248 		kfree(tunnel);
249 		goto out;
250 	}
251 	ret = l2tp_tunnel_notify(&l2tp_nl_family, info, tunnel,
252 				 L2TP_CMD_TUNNEL_CREATE);
253 	l2tp_tunnel_put(tunnel);
254 
255 out:
256 	return ret;
257 }
258 
259 static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info)
260 {
261 	struct l2tp_tunnel *tunnel;
262 	u32 tunnel_id;
263 	int ret = 0;
264 	struct net *net = genl_info_net(info);
265 
266 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
267 		ret = -EINVAL;
268 		goto out;
269 	}
270 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
271 
272 	tunnel = l2tp_tunnel_get(net, tunnel_id);
273 	if (!tunnel) {
274 		ret = -ENODEV;
275 		goto out;
276 	}
277 
278 	l2tp_tunnel_notify(&l2tp_nl_family, info,
279 			   tunnel, L2TP_CMD_TUNNEL_DELETE);
280 
281 	l2tp_tunnel_delete(tunnel);
282 
283 	l2tp_tunnel_put(tunnel);
284 
285 out:
286 	return ret;
287 }
288 
289 static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info)
290 {
291 	struct l2tp_tunnel *tunnel;
292 	u32 tunnel_id;
293 	int ret = 0;
294 	struct net *net = genl_info_net(info);
295 
296 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
297 		ret = -EINVAL;
298 		goto out;
299 	}
300 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
301 
302 	tunnel = l2tp_tunnel_get(net, tunnel_id);
303 	if (!tunnel) {
304 		ret = -ENODEV;
305 		goto out;
306 	}
307 
308 	ret = l2tp_tunnel_notify(&l2tp_nl_family, info,
309 				 tunnel, L2TP_CMD_TUNNEL_MODIFY);
310 
311 	l2tp_tunnel_put(tunnel);
312 
313 out:
314 	return ret;
315 }
316 
317 #if IS_ENABLED(CONFIG_IPV6)
318 static int l2tp_nl_tunnel_send_addr6(struct sk_buff *skb, struct sock *sk,
319 				     enum l2tp_encap_type encap)
320 {
321 	struct inet_sock *inet = inet_sk(sk);
322 	struct ipv6_pinfo *np = inet6_sk(sk);
323 
324 	switch (encap) {
325 	case L2TP_ENCAPTYPE_UDP:
326 		if (udp_get_no_check6_tx(sk) &&
327 		    nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_TX))
328 			return -1;
329 		if (udp_get_no_check6_rx(sk) &&
330 		    nla_put_flag(skb, L2TP_ATTR_UDP_ZERO_CSUM6_RX))
331 			return -1;
332 		if (nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
333 		    nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
334 			return -1;
335 		fallthrough;
336 	case L2TP_ENCAPTYPE_IP:
337 		if (nla_put_in6_addr(skb, L2TP_ATTR_IP6_SADDR, &np->saddr) ||
338 		    nla_put_in6_addr(skb, L2TP_ATTR_IP6_DADDR, &sk->sk_v6_daddr))
339 			return -1;
340 		break;
341 	}
342 	return 0;
343 }
344 #endif
345 
346 static int l2tp_nl_tunnel_send_addr4(struct sk_buff *skb, struct sock *sk,
347 				     enum l2tp_encap_type encap)
348 {
349 	struct inet_sock *inet = inet_sk(sk);
350 
351 	switch (encap) {
352 	case L2TP_ENCAPTYPE_UDP:
353 		if (nla_put_u8(skb, L2TP_ATTR_UDP_CSUM, !sk->sk_no_check_tx) ||
354 		    nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) ||
355 		    nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)))
356 			return -1;
357 		fallthrough;
358 	case L2TP_ENCAPTYPE_IP:
359 		if (nla_put_in_addr(skb, L2TP_ATTR_IP_SADDR, inet->inet_saddr) ||
360 		    nla_put_in_addr(skb, L2TP_ATTR_IP_DADDR, inet->inet_daddr))
361 			return -1;
362 		break;
363 	}
364 
365 	return 0;
366 }
367 
368 /* Append attributes for the tunnel address, handling the different attribute types
369  * used for different tunnel encapsulation and AF_INET v.s. AF_INET6.
370  */
371 static int l2tp_nl_tunnel_send_addr(struct sk_buff *skb, struct l2tp_tunnel *tunnel)
372 {
373 	struct sock *sk = tunnel->sock;
374 
375 	if (!sk)
376 		return 0;
377 
378 #if IS_ENABLED(CONFIG_IPV6)
379 	if (sk->sk_family == AF_INET6)
380 		return l2tp_nl_tunnel_send_addr6(skb, sk, tunnel->encap);
381 #endif
382 	return l2tp_nl_tunnel_send_addr4(skb, sk, tunnel->encap);
383 }
384 
385 static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
386 			       struct l2tp_tunnel *tunnel, u8 cmd)
387 {
388 	void *hdr;
389 	struct nlattr *nest;
390 
391 	hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
392 	if (!hdr)
393 		return -EMSGSIZE;
394 
395 	if (nla_put_u8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version) ||
396 	    nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
397 	    nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
398 	    nla_put_u32(skb, L2TP_ATTR_DEBUG, 0) ||
399 	    nla_put_u16(skb, L2TP_ATTR_ENCAP_TYPE, tunnel->encap))
400 		goto nla_put_failure;
401 
402 	nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
403 	if (!nest)
404 		goto nla_put_failure;
405 
406 	if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
407 			      atomic_long_read(&tunnel->stats.tx_packets),
408 			      L2TP_ATTR_STATS_PAD) ||
409 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
410 			      atomic_long_read(&tunnel->stats.tx_bytes),
411 			      L2TP_ATTR_STATS_PAD) ||
412 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
413 			      atomic_long_read(&tunnel->stats.tx_errors),
414 			      L2TP_ATTR_STATS_PAD) ||
415 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
416 			      atomic_long_read(&tunnel->stats.rx_packets),
417 			      L2TP_ATTR_STATS_PAD) ||
418 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
419 			      atomic_long_read(&tunnel->stats.rx_bytes),
420 			      L2TP_ATTR_STATS_PAD) ||
421 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
422 			      atomic_long_read(&tunnel->stats.rx_seq_discards),
423 			      L2TP_ATTR_STATS_PAD) ||
424 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_COOKIE_DISCARDS,
425 			      atomic_long_read(&tunnel->stats.rx_cookie_discards),
426 			      L2TP_ATTR_STATS_PAD) ||
427 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
428 			      atomic_long_read(&tunnel->stats.rx_oos_packets),
429 			      L2TP_ATTR_STATS_PAD) ||
430 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
431 			      atomic_long_read(&tunnel->stats.rx_errors),
432 			      L2TP_ATTR_STATS_PAD) ||
433 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_INVALID,
434 			      atomic_long_read(&tunnel->stats.rx_invalid),
435 			      L2TP_ATTR_STATS_PAD))
436 		goto nla_put_failure;
437 	nla_nest_end(skb, nest);
438 
439 	if (l2tp_nl_tunnel_send_addr(skb, tunnel))
440 		goto nla_put_failure;
441 
442 	genlmsg_end(skb, hdr);
443 	return 0;
444 
445 nla_put_failure:
446 	genlmsg_cancel(skb, hdr);
447 	return -1;
448 }
449 
450 static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info)
451 {
452 	struct l2tp_tunnel *tunnel;
453 	struct sk_buff *msg;
454 	u32 tunnel_id;
455 	int ret = -ENOBUFS;
456 	struct net *net = genl_info_net(info);
457 
458 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
459 		ret = -EINVAL;
460 		goto err;
461 	}
462 
463 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
464 
465 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
466 	if (!msg) {
467 		ret = -ENOMEM;
468 		goto err;
469 	}
470 
471 	tunnel = l2tp_tunnel_get(net, tunnel_id);
472 	if (!tunnel) {
473 		ret = -ENODEV;
474 		goto err_nlmsg;
475 	}
476 
477 	ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
478 				  NLM_F_ACK, tunnel, L2TP_CMD_TUNNEL_GET);
479 	if (ret < 0)
480 		goto err_nlmsg_tunnel;
481 
482 	l2tp_tunnel_put(tunnel);
483 
484 	return genlmsg_unicast(net, msg, info->snd_portid);
485 
486 err_nlmsg_tunnel:
487 	l2tp_tunnel_put(tunnel);
488 err_nlmsg:
489 	nlmsg_free(msg);
490 err:
491 	return ret;
492 }
493 
494 struct l2tp_nl_cb_data {
495 	unsigned long tkey;
496 	unsigned long skey;
497 };
498 
499 static int l2tp_nl_cmd_tunnel_dump(struct sk_buff *skb, struct netlink_callback *cb)
500 {
501 	struct l2tp_nl_cb_data *cbd = (void *)&cb->ctx[0];
502 	unsigned long key = cbd->tkey;
503 	struct l2tp_tunnel *tunnel;
504 	struct net *net = sock_net(skb->sk);
505 
506 	for (;;) {
507 		tunnel = l2tp_tunnel_get_next(net, &key);
508 		if (!tunnel)
509 			goto out;
510 
511 		if (l2tp_nl_tunnel_send(skb, NETLINK_CB(cb->skb).portid,
512 					cb->nlh->nlmsg_seq, NLM_F_MULTI,
513 					tunnel, L2TP_CMD_TUNNEL_GET) < 0) {
514 			l2tp_tunnel_put(tunnel);
515 			goto out;
516 		}
517 		l2tp_tunnel_put(tunnel);
518 
519 		key++;
520 	}
521 
522 out:
523 	cbd->tkey = key;
524 
525 	return skb->len;
526 }
527 
528 static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *info)
529 {
530 	u32 tunnel_id = 0;
531 	u32 session_id;
532 	u32 peer_session_id;
533 	int ret = 0;
534 	struct l2tp_tunnel *tunnel;
535 	struct l2tp_session *session;
536 	struct l2tp_session_cfg cfg = { 0, };
537 	struct net *net = genl_info_net(info);
538 
539 	if (!info->attrs[L2TP_ATTR_CONN_ID]) {
540 		ret = -EINVAL;
541 		goto out;
542 	}
543 
544 	tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
545 	tunnel = l2tp_tunnel_get(net, tunnel_id);
546 	if (!tunnel) {
547 		ret = -ENODEV;
548 		goto out;
549 	}
550 
551 	if (!info->attrs[L2TP_ATTR_SESSION_ID]) {
552 		ret = -EINVAL;
553 		goto out_tunnel;
554 	}
555 	session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
556 
557 	if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) {
558 		ret = -EINVAL;
559 		goto out_tunnel;
560 	}
561 	peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]);
562 
563 	if (!info->attrs[L2TP_ATTR_PW_TYPE]) {
564 		ret = -EINVAL;
565 		goto out_tunnel;
566 	}
567 	cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]);
568 	if (cfg.pw_type >= __L2TP_PWTYPE_MAX) {
569 		ret = -EINVAL;
570 		goto out_tunnel;
571 	}
572 
573 	/* L2TPv2 only accepts PPP pseudo-wires */
574 	if (tunnel->version == 2 && cfg.pw_type != L2TP_PWTYPE_PPP) {
575 		ret = -EPROTONOSUPPORT;
576 		goto out_tunnel;
577 	}
578 
579 	if (tunnel->version > 2) {
580 		if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) {
581 			cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
582 			if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT &&
583 			    cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) {
584 				ret = -EINVAL;
585 				goto out_tunnel;
586 			}
587 		} else {
588 			cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
589 		}
590 
591 		if (info->attrs[L2TP_ATTR_COOKIE]) {
592 			u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]);
593 
594 			if (len > 8) {
595 				ret = -EINVAL;
596 				goto out_tunnel;
597 			}
598 			cfg.cookie_len = len;
599 			memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len);
600 		}
601 		if (info->attrs[L2TP_ATTR_PEER_COOKIE]) {
602 			u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]);
603 
604 			if (len > 8) {
605 				ret = -EINVAL;
606 				goto out_tunnel;
607 			}
608 			cfg.peer_cookie_len = len;
609 			memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len);
610 		}
611 		if (info->attrs[L2TP_ATTR_IFNAME])
612 			cfg.ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]);
613 	}
614 
615 	if (info->attrs[L2TP_ATTR_RECV_SEQ])
616 		cfg.recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
617 
618 	if (info->attrs[L2TP_ATTR_SEND_SEQ])
619 		cfg.send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
620 
621 	if (info->attrs[L2TP_ATTR_LNS_MODE])
622 		cfg.lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
623 
624 	if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
625 		cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
626 
627 #ifdef CONFIG_MODULES
628 	if (!l2tp_nl_cmd_ops[cfg.pw_type]) {
629 		genl_unlock();
630 		request_module("net-l2tp-type-%u", cfg.pw_type);
631 		genl_lock();
632 	}
633 #endif
634 	if (!l2tp_nl_cmd_ops[cfg.pw_type] || !l2tp_nl_cmd_ops[cfg.pw_type]->session_create) {
635 		ret = -EPROTONOSUPPORT;
636 		goto out_tunnel;
637 	}
638 
639 	ret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel,
640 							   session_id,
641 							   peer_session_id,
642 							   &cfg);
643 
644 	if (ret >= 0) {
645 		session = l2tp_session_get(net, tunnel->sock, tunnel->version,
646 					   tunnel_id, session_id);
647 		if (session) {
648 			ret = l2tp_session_notify(&l2tp_nl_family, info, session,
649 						  L2TP_CMD_SESSION_CREATE);
650 			l2tp_session_put(session);
651 		}
652 	}
653 
654 out_tunnel:
655 	l2tp_tunnel_put(tunnel);
656 out:
657 	return ret;
658 }
659 
660 static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *info)
661 {
662 	int ret = 0;
663 	struct l2tp_session *session;
664 	u16 pw_type;
665 
666 	session = l2tp_nl_session_get(info);
667 	if (!session) {
668 		ret = -ENODEV;
669 		goto out;
670 	}
671 
672 	l2tp_session_notify(&l2tp_nl_family, info,
673 			    session, L2TP_CMD_SESSION_DELETE);
674 
675 	pw_type = session->pwtype;
676 	if (pw_type < __L2TP_PWTYPE_MAX)
677 		if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete)
678 			l2tp_nl_cmd_ops[pw_type]->session_delete(session);
679 
680 	l2tp_session_put(session);
681 
682 out:
683 	return ret;
684 }
685 
686 static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *info)
687 {
688 	int ret = 0;
689 	struct l2tp_session *session;
690 
691 	session = l2tp_nl_session_get(info);
692 	if (!session) {
693 		ret = -ENODEV;
694 		goto out;
695 	}
696 
697 	if (info->attrs[L2TP_ATTR_RECV_SEQ])
698 		session->recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]);
699 
700 	if (info->attrs[L2TP_ATTR_SEND_SEQ]) {
701 		struct l2tp_tunnel *tunnel = session->tunnel;
702 
703 		session->send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]);
704 		l2tp_session_set_header_len(session, tunnel->version, tunnel->encap);
705 	}
706 
707 	if (info->attrs[L2TP_ATTR_LNS_MODE])
708 		session->lns_mode = nla_get_u8(info->attrs[L2TP_ATTR_LNS_MODE]);
709 
710 	if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
711 		session->reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
712 
713 	ret = l2tp_session_notify(&l2tp_nl_family, info,
714 				  session, L2TP_CMD_SESSION_MODIFY);
715 
716 	l2tp_session_put(session);
717 
718 out:
719 	return ret;
720 }
721 
722 static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int flags,
723 				struct l2tp_session *session, u8 cmd)
724 {
725 	void *hdr;
726 	struct nlattr *nest;
727 	struct l2tp_tunnel *tunnel = session->tunnel;
728 
729 	hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, cmd);
730 	if (!hdr)
731 		return -EMSGSIZE;
732 
733 	if (nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
734 	    nla_put_u32(skb, L2TP_ATTR_SESSION_ID, session->session_id) ||
735 	    nla_put_u32(skb, L2TP_ATTR_PEER_CONN_ID, tunnel->peer_tunnel_id) ||
736 	    nla_put_u32(skb, L2TP_ATTR_PEER_SESSION_ID, session->peer_session_id) ||
737 	    nla_put_u32(skb, L2TP_ATTR_DEBUG, 0) ||
738 	    nla_put_u16(skb, L2TP_ATTR_PW_TYPE, session->pwtype))
739 		goto nla_put_failure;
740 
741 	if ((session->ifname[0] &&
742 	     nla_put_string(skb, L2TP_ATTR_IFNAME, session->ifname)) ||
743 	    (session->cookie_len &&
744 	     nla_put(skb, L2TP_ATTR_COOKIE, session->cookie_len, session->cookie)) ||
745 	    (session->peer_cookie_len &&
746 	     nla_put(skb, L2TP_ATTR_PEER_COOKIE, session->peer_cookie_len, session->peer_cookie)) ||
747 	    nla_put_u8(skb, L2TP_ATTR_RECV_SEQ, session->recv_seq) ||
748 	    nla_put_u8(skb, L2TP_ATTR_SEND_SEQ, session->send_seq) ||
749 	    nla_put_u8(skb, L2TP_ATTR_LNS_MODE, session->lns_mode) ||
750 	    (l2tp_tunnel_uses_xfrm(tunnel) &&
751 	     nla_put_u8(skb, L2TP_ATTR_USING_IPSEC, 1)) ||
752 	    (session->reorder_timeout &&
753 	     nla_put_msecs(skb, L2TP_ATTR_RECV_TIMEOUT,
754 			   session->reorder_timeout, L2TP_ATTR_PAD)))
755 		goto nla_put_failure;
756 
757 	nest = nla_nest_start_noflag(skb, L2TP_ATTR_STATS);
758 	if (!nest)
759 		goto nla_put_failure;
760 
761 	if (nla_put_u64_64bit(skb, L2TP_ATTR_TX_PACKETS,
762 			      atomic_long_read(&session->stats.tx_packets),
763 			      L2TP_ATTR_STATS_PAD) ||
764 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_BYTES,
765 			      atomic_long_read(&session->stats.tx_bytes),
766 			      L2TP_ATTR_STATS_PAD) ||
767 	    nla_put_u64_64bit(skb, L2TP_ATTR_TX_ERRORS,
768 			      atomic_long_read(&session->stats.tx_errors),
769 			      L2TP_ATTR_STATS_PAD) ||
770 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_PACKETS,
771 			      atomic_long_read(&session->stats.rx_packets),
772 			      L2TP_ATTR_STATS_PAD) ||
773 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_BYTES,
774 			      atomic_long_read(&session->stats.rx_bytes),
775 			      L2TP_ATTR_STATS_PAD) ||
776 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
777 			      atomic_long_read(&session->stats.rx_seq_discards),
778 			      L2TP_ATTR_STATS_PAD) ||
779 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_COOKIE_DISCARDS,
780 			      atomic_long_read(&session->stats.rx_cookie_discards),
781 			      L2TP_ATTR_STATS_PAD) ||
782 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_OOS_PACKETS,
783 			      atomic_long_read(&session->stats.rx_oos_packets),
784 			      L2TP_ATTR_STATS_PAD) ||
785 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_ERRORS,
786 			      atomic_long_read(&session->stats.rx_errors),
787 			      L2TP_ATTR_STATS_PAD) ||
788 	    nla_put_u64_64bit(skb, L2TP_ATTR_RX_INVALID,
789 			      atomic_long_read(&session->stats.rx_invalid),
790 			      L2TP_ATTR_STATS_PAD))
791 		goto nla_put_failure;
792 	nla_nest_end(skb, nest);
793 
794 	genlmsg_end(skb, hdr);
795 	return 0;
796 
797  nla_put_failure:
798 	genlmsg_cancel(skb, hdr);
799 	return -1;
800 }
801 
802 static int l2tp_nl_cmd_session_get(struct sk_buff *skb, struct genl_info *info)
803 {
804 	struct l2tp_session *session;
805 	struct sk_buff *msg;
806 	int ret;
807 
808 	session = l2tp_nl_session_get(info);
809 	if (!session) {
810 		ret = -ENODEV;
811 		goto err;
812 	}
813 
814 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
815 	if (!msg) {
816 		ret = -ENOMEM;
817 		goto err_ref;
818 	}
819 
820 	ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq,
821 				   0, session, L2TP_CMD_SESSION_GET);
822 	if (ret < 0)
823 		goto err_ref_msg;
824 
825 	ret = genlmsg_unicast(genl_info_net(info), msg, info->snd_portid);
826 
827 	l2tp_session_put(session);
828 
829 	return ret;
830 
831 err_ref_msg:
832 	nlmsg_free(msg);
833 err_ref:
834 	l2tp_session_put(session);
835 err:
836 	return ret;
837 }
838 
839 static int l2tp_nl_cmd_session_dump(struct sk_buff *skb, struct netlink_callback *cb)
840 {
841 	struct l2tp_nl_cb_data *cbd = (void *)&cb->ctx[0];
842 	struct net *net = sock_net(skb->sk);
843 	struct l2tp_session *session;
844 	struct l2tp_tunnel *tunnel = NULL;
845 	unsigned long tkey = cbd->tkey;
846 	unsigned long skey = cbd->skey;
847 
848 	for (;;) {
849 		if (!tunnel) {
850 			tunnel = l2tp_tunnel_get_next(net, &tkey);
851 			if (!tunnel)
852 				goto out;
853 		}
854 
855 		session = l2tp_session_get_next(net, tunnel->sock, tunnel->version,
856 						tunnel->tunnel_id, &skey);
857 		if (!session) {
858 			tkey++;
859 			l2tp_tunnel_put(tunnel);
860 			tunnel = NULL;
861 			skey = 0;
862 			continue;
863 		}
864 
865 		if (l2tp_nl_session_send(skb, NETLINK_CB(cb->skb).portid,
866 					 cb->nlh->nlmsg_seq, NLM_F_MULTI,
867 					 session, L2TP_CMD_SESSION_GET) < 0) {
868 			l2tp_session_put(session);
869 			l2tp_tunnel_put(tunnel);
870 			break;
871 		}
872 		l2tp_session_put(session);
873 
874 		skey++;
875 	}
876 
877 out:
878 	cbd->tkey = tkey;
879 	cbd->skey = skey;
880 
881 	return skb->len;
882 }
883 
884 static const struct nla_policy l2tp_nl_policy[L2TP_ATTR_MAX + 1] = {
885 	[L2TP_ATTR_NONE]		= { .type = NLA_UNSPEC, },
886 	[L2TP_ATTR_PW_TYPE]		= { .type = NLA_U16, },
887 	[L2TP_ATTR_ENCAP_TYPE]		= { .type = NLA_U16, },
888 	[L2TP_ATTR_OFFSET]		= { .type = NLA_U16, },
889 	[L2TP_ATTR_DATA_SEQ]		= { .type = NLA_U8, },
890 	[L2TP_ATTR_L2SPEC_TYPE]		= { .type = NLA_U8, },
891 	[L2TP_ATTR_L2SPEC_LEN]		= { .type = NLA_U8, },
892 	[L2TP_ATTR_PROTO_VERSION]	= { .type = NLA_U8, },
893 	[L2TP_ATTR_CONN_ID]		= { .type = NLA_U32, },
894 	[L2TP_ATTR_PEER_CONN_ID]	= { .type = NLA_U32, },
895 	[L2TP_ATTR_SESSION_ID]		= { .type = NLA_U32, },
896 	[L2TP_ATTR_PEER_SESSION_ID]	= { .type = NLA_U32, },
897 	[L2TP_ATTR_UDP_CSUM]		= { .type = NLA_U8, },
898 	[L2TP_ATTR_VLAN_ID]		= { .type = NLA_U16, },
899 	[L2TP_ATTR_DEBUG]		= { .type = NLA_U32, },
900 	[L2TP_ATTR_RECV_SEQ]		= { .type = NLA_U8, },
901 	[L2TP_ATTR_SEND_SEQ]		= { .type = NLA_U8, },
902 	[L2TP_ATTR_LNS_MODE]		= { .type = NLA_U8, },
903 	[L2TP_ATTR_USING_IPSEC]		= { .type = NLA_U8, },
904 	[L2TP_ATTR_RECV_TIMEOUT]	= { .type = NLA_MSECS, },
905 	[L2TP_ATTR_FD]			= { .type = NLA_U32, },
906 	[L2TP_ATTR_IP_SADDR]		= { .type = NLA_U32, },
907 	[L2TP_ATTR_IP_DADDR]		= { .type = NLA_U32, },
908 	[L2TP_ATTR_UDP_SPORT]		= { .type = NLA_U16, },
909 	[L2TP_ATTR_UDP_DPORT]		= { .type = NLA_U16, },
910 	[L2TP_ATTR_MTU]			= { .type = NLA_U16, },
911 	[L2TP_ATTR_MRU]			= { .type = NLA_U16, },
912 	[L2TP_ATTR_STATS]		= { .type = NLA_NESTED, },
913 	[L2TP_ATTR_IP6_SADDR] = {
914 		.type = NLA_BINARY,
915 		.len = sizeof(struct in6_addr),
916 	},
917 	[L2TP_ATTR_IP6_DADDR] = {
918 		.type = NLA_BINARY,
919 		.len = sizeof(struct in6_addr),
920 	},
921 	[L2TP_ATTR_IFNAME] = {
922 		.type = NLA_NUL_STRING,
923 		.len = IFNAMSIZ - 1,
924 	},
925 	[L2TP_ATTR_COOKIE] = {
926 		.type = NLA_BINARY,
927 		.len = 8,
928 	},
929 	[L2TP_ATTR_PEER_COOKIE] = {
930 		.type = NLA_BINARY,
931 		.len = 8,
932 	},
933 };
934 
935 static const struct genl_small_ops l2tp_nl_ops[] = {
936 	{
937 		.cmd = L2TP_CMD_NOOP,
938 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
939 		.doit = l2tp_nl_cmd_noop,
940 		/* can be retrieved by unprivileged users */
941 	},
942 	{
943 		.cmd = L2TP_CMD_TUNNEL_CREATE,
944 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
945 		.doit = l2tp_nl_cmd_tunnel_create,
946 		.flags = GENL_UNS_ADMIN_PERM,
947 	},
948 	{
949 		.cmd = L2TP_CMD_TUNNEL_DELETE,
950 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
951 		.doit = l2tp_nl_cmd_tunnel_delete,
952 		.flags = GENL_UNS_ADMIN_PERM,
953 	},
954 	{
955 		.cmd = L2TP_CMD_TUNNEL_MODIFY,
956 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
957 		.doit = l2tp_nl_cmd_tunnel_modify,
958 		.flags = GENL_UNS_ADMIN_PERM,
959 	},
960 	{
961 		.cmd = L2TP_CMD_TUNNEL_GET,
962 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
963 		.doit = l2tp_nl_cmd_tunnel_get,
964 		.dumpit = l2tp_nl_cmd_tunnel_dump,
965 		.flags = GENL_UNS_ADMIN_PERM,
966 	},
967 	{
968 		.cmd = L2TP_CMD_SESSION_CREATE,
969 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
970 		.doit = l2tp_nl_cmd_session_create,
971 		.flags = GENL_UNS_ADMIN_PERM,
972 	},
973 	{
974 		.cmd = L2TP_CMD_SESSION_DELETE,
975 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
976 		.doit = l2tp_nl_cmd_session_delete,
977 		.flags = GENL_UNS_ADMIN_PERM,
978 	},
979 	{
980 		.cmd = L2TP_CMD_SESSION_MODIFY,
981 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
982 		.doit = l2tp_nl_cmd_session_modify,
983 		.flags = GENL_UNS_ADMIN_PERM,
984 	},
985 	{
986 		.cmd = L2TP_CMD_SESSION_GET,
987 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
988 		.doit = l2tp_nl_cmd_session_get,
989 		.dumpit = l2tp_nl_cmd_session_dump,
990 		.flags = GENL_UNS_ADMIN_PERM,
991 	},
992 };
993 
994 static struct genl_family l2tp_nl_family __ro_after_init = {
995 	.name		= L2TP_GENL_NAME,
996 	.version	= L2TP_GENL_VERSION,
997 	.hdrsize	= 0,
998 	.maxattr	= L2TP_ATTR_MAX,
999 	.policy = l2tp_nl_policy,
1000 	.netnsok	= true,
1001 	.module		= THIS_MODULE,
1002 	.small_ops	= l2tp_nl_ops,
1003 	.n_small_ops	= ARRAY_SIZE(l2tp_nl_ops),
1004 	.resv_start_op	= L2TP_CMD_SESSION_GET + 1,
1005 	.mcgrps		= l2tp_multicast_group,
1006 	.n_mcgrps	= ARRAY_SIZE(l2tp_multicast_group),
1007 };
1008 
1009 int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, const struct l2tp_nl_cmd_ops *ops)
1010 {
1011 	int ret;
1012 
1013 	ret = -EINVAL;
1014 	if (pw_type >= __L2TP_PWTYPE_MAX)
1015 		goto err;
1016 
1017 	genl_lock();
1018 	ret = -EBUSY;
1019 	if (l2tp_nl_cmd_ops[pw_type])
1020 		goto out;
1021 
1022 	l2tp_nl_cmd_ops[pw_type] = ops;
1023 	ret = 0;
1024 
1025 out:
1026 	genl_unlock();
1027 err:
1028 	return ret;
1029 }
1030 EXPORT_SYMBOL_GPL(l2tp_nl_register_ops);
1031 
1032 void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type)
1033 {
1034 	if (pw_type < __L2TP_PWTYPE_MAX) {
1035 		genl_lock();
1036 		l2tp_nl_cmd_ops[pw_type] = NULL;
1037 		genl_unlock();
1038 	}
1039 }
1040 EXPORT_SYMBOL_GPL(l2tp_nl_unregister_ops);
1041 
1042 static int __init l2tp_nl_init(void)
1043 {
1044 	pr_info("L2TP netlink interface\n");
1045 	return genl_register_family(&l2tp_nl_family);
1046 }
1047 
1048 static void l2tp_nl_cleanup(void)
1049 {
1050 	genl_unregister_family(&l2tp_nl_family);
1051 }
1052 
1053 module_init(l2tp_nl_init);
1054 module_exit(l2tp_nl_cleanup);
1055 
1056 MODULE_AUTHOR("James Chapman <jchapman@katalix.com>");
1057 MODULE_DESCRIPTION("L2TP netlink");
1058 MODULE_LICENSE("GPL");
1059 MODULE_VERSION("1.0");
1060 MODULE_ALIAS_GENL_FAMILY("l2tp");
1061