1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Point-to-Point Tunneling Protocol for Linux
5 * Authors: Dmitry Kozlov <xeb@mail.ru>
8 #include <linux/string.h>
9 #include <linux/module.h>
10 #include <linux/kernel.h>
11 #include <linux/slab.h>
12 #include <linux/errno.h>
13 #include <linux/netdevice.h>
14 #include <linux/net.h>
15 #include <linux/skbuff.h>
16 #include <linux/vmalloc.h>
17 #include <linux/init.h>
18 #include <linux/ppp_channel.h>
19 #include <linux/ppp_defs.h>
20 #include <linux/if_pppox.h>
21 #include <linux/ppp-ioctl.h>
22 #include <linux/notifier.h>
23 #include <linux/file.h>
26 #include <linux/rcupdate.h>
27 #include <linux/security.h>
28 #include <linux/spinlock.h>
31 #include <net/protocol.h>
34 #include <net/route.h>
38 #include <linux/uaccess.h>
40 #define PPTP_DRIVER_VERSION "0.8.5"
42 #define MAX_CALLID 65535
44 static DECLARE_BITMAP(callid_bitmap, MAX_CALLID + 1);
45 static struct pppox_sock __rcu **callid_sock;
47 static DEFINE_SPINLOCK(chan_lock);
49 static struct proto pptp_sk_proto __read_mostly;
50 static const struct ppp_channel_ops pptp_chan_ops;
51 static const struct proto_ops pptp_ops;
53 static struct pppox_sock *lookup_chan(u16 call_id, __be32 s_addr)
55 struct pppox_sock *sock;
59 sock = rcu_dereference(callid_sock[call_id]);
61 opt = &sock->proto.pptp;
62 if (opt->dst_addr.sin_addr.s_addr != s_addr)
65 sock_hold(sk_pppox(sock));
72 static int lookup_chan_dst(u16 call_id, __be32 d_addr)
74 struct pppox_sock *sock;
80 for_each_set_bit_from(i, callid_bitmap, MAX_CALLID) {
81 sock = rcu_dereference(callid_sock[i]);
84 opt = &sock->proto.pptp;
85 if (opt->dst_addr.call_id == call_id &&
86 opt->dst_addr.sin_addr.s_addr == d_addr)
91 return i < MAX_CALLID;
94 static int add_chan(struct pppox_sock *sock,
99 spin_lock(&chan_lock);
101 call_id = find_next_zero_bit(callid_bitmap, MAX_CALLID, call_id + 1);
102 if (call_id == MAX_CALLID) {
103 call_id = find_next_zero_bit(callid_bitmap, MAX_CALLID, 1);
104 if (call_id == MAX_CALLID)
107 sa->call_id = call_id;
108 } else if (test_bit(sa->call_id, callid_bitmap)) {
112 sock->proto.pptp.src_addr = *sa;
113 set_bit(sa->call_id, callid_bitmap);
114 rcu_assign_pointer(callid_sock[sa->call_id], sock);
115 spin_unlock(&chan_lock);
120 spin_unlock(&chan_lock);
124 static void del_chan(struct pppox_sock *sock)
126 spin_lock(&chan_lock);
127 clear_bit(sock->proto.pptp.src_addr.call_id, callid_bitmap);
128 RCU_INIT_POINTER(callid_sock[sock->proto.pptp.src_addr.call_id], NULL);
129 spin_unlock(&chan_lock);
132 static struct rtable *pptp_route_output(struct pppox_sock *po,
135 struct sock *sk = &po->sk;
139 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark, 0,
140 RT_SCOPE_UNIVERSE, IPPROTO_GRE, 0,
141 po->proto.pptp.dst_addr.sin_addr.s_addr,
142 po->proto.pptp.src_addr.sin_addr.s_addr,
143 0, 0, sock_net_uid(net, sk));
144 security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
146 return ip_route_output_flow(net, fl4, sk);
149 static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
151 struct sock *sk = (struct sock *) chan->private;
152 struct pppox_sock *po = pppox_sk(sk);
153 struct net *net = sock_net(sk);
154 struct pptp_opt *opt = &po->proto.pptp;
155 struct pptp_gre_header *hdr;
156 unsigned int header_len = sizeof(*hdr);
165 struct net_device *tdev;
169 if (sk_pppox(po)->sk_state & PPPOX_DEAD)
172 rt = pptp_route_output(po, &fl4);
178 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(*iph) + sizeof(*hdr) + 2;
180 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
181 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
187 skb_set_owner_w(new_skb, skb->sk);
193 islcp = ((data[0] << 8) + data[1]) == PPP_LCP && 1 <= data[2] && data[2] <= 7;
195 /* compress protocol field */
196 if ((opt->ppp_flags & SC_COMP_PROT) && data[0] == 0 && !islcp)
199 /* Put in the address/control bytes if necessary */
200 if ((opt->ppp_flags & SC_COMP_AC) == 0 || islcp) {
201 data = skb_push(skb, 2);
202 data[0] = PPP_ALLSTATIONS;
208 seq_recv = opt->seq_recv;
210 if (opt->ack_sent == seq_recv)
211 header_len -= sizeof(hdr->ack);
213 /* Push down and install GRE header */
214 skb_push(skb, header_len);
215 hdr = (struct pptp_gre_header *)(skb->data);
217 hdr->gre_hd.flags = GRE_KEY | GRE_VERSION_1 | GRE_SEQ;
218 hdr->gre_hd.protocol = GRE_PROTO_PPP;
219 hdr->call_id = htons(opt->dst_addr.call_id);
221 hdr->seq = htonl(++opt->seq_sent);
222 if (opt->ack_sent != seq_recv) {
223 /* send ack with this message */
224 hdr->gre_hd.flags |= GRE_ACK;
225 hdr->ack = htonl(seq_recv);
226 opt->ack_sent = seq_recv;
228 hdr->payload_len = htons(len);
230 /* Push down and install the IP header. */
232 skb_reset_transport_header(skb);
233 skb_push(skb, sizeof(*iph));
234 skb_reset_network_header(skb);
235 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
236 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | IPSKB_REROUTED);
240 iph->ihl = sizeof(struct iphdr) >> 2;
241 if (ip_dont_fragment(sk, &rt->dst))
242 iph->frag_off = htons(IP_DF);
245 iph->protocol = IPPROTO_GRE;
247 iph->daddr = fl4.daddr;
248 iph->saddr = fl4.saddr;
249 iph->ttl = ip4_dst_hoplimit(&rt->dst);
250 iph->tot_len = htons(skb->len);
253 skb_dst_set(skb, &rt->dst);
257 skb->ip_summed = CHECKSUM_NONE;
258 ip_select_ident(net, skb, NULL);
261 ip_local_out(net, skb->sk, skb);
269 static int pptp_rcv_core(struct sock *sk, struct sk_buff *skb)
271 struct pppox_sock *po = pppox_sk(sk);
272 struct pptp_opt *opt = &po->proto.pptp;
273 int headersize, payload_len, seq;
275 struct pptp_gre_header *header;
277 if (!(sk->sk_state & PPPOX_CONNECTED)) {
278 if (sock_queue_rcv_skb(sk, skb))
280 return NET_RX_SUCCESS;
283 header = (struct pptp_gre_header *)(skb->data);
284 headersize = sizeof(*header);
286 /* test if acknowledgement present */
287 if (GRE_IS_ACK(header->gre_hd.flags)) {
290 if (!pskb_may_pull(skb, headersize))
292 header = (struct pptp_gre_header *)(skb->data);
294 /* ack in different place if S = 0 */
295 ack = GRE_IS_SEQ(header->gre_hd.flags) ? header->ack : header->seq;
299 if (ack > opt->ack_recv)
301 /* also handle sequence number wrap-around */
302 if (WRAPPED(ack, opt->ack_recv))
305 headersize -= sizeof(header->ack);
307 /* test if payload present */
308 if (!GRE_IS_SEQ(header->gre_hd.flags))
311 payload_len = ntohs(header->payload_len);
312 seq = ntohl(header->seq);
314 /* check for incomplete packet (length smaller than expected) */
315 if (!pskb_may_pull(skb, headersize + payload_len))
318 payload = skb->data + headersize;
319 /* check for expected sequence number */
320 if (seq < opt->seq_recv + 1 || WRAPPED(opt->seq_recv, seq)) {
321 if ((payload[0] == PPP_ALLSTATIONS) && (payload[1] == PPP_UI) &&
322 (PPP_PROTOCOL(payload) == PPP_LCP) &&
323 ((payload[4] == PPP_LCP_ECHOREQ) || (payload[4] == PPP_LCP_ECHOREP)))
328 skb_pull(skb, headersize);
330 if (payload[0] == PPP_ALLSTATIONS && payload[1] == PPP_UI) {
331 /* chop off address/control */
337 skb->ip_summed = CHECKSUM_NONE;
338 skb_set_network_header(skb, skb->head-skb->data);
339 ppp_input(&po->chan, skb);
341 return NET_RX_SUCCESS;
348 static int pptp_rcv(struct sk_buff *skb)
350 struct pppox_sock *po;
351 struct pptp_gre_header *header;
354 if (skb->pkt_type != PACKET_HOST)
357 if (!pskb_may_pull(skb, 12))
362 header = (struct pptp_gre_header *)skb->data;
364 if (header->gre_hd.protocol != GRE_PROTO_PPP || /* PPTP-GRE protocol for PPTP */
365 GRE_IS_CSUM(header->gre_hd.flags) || /* flag CSUM should be clear */
366 GRE_IS_ROUTING(header->gre_hd.flags) || /* flag ROUTING should be clear */
367 !GRE_IS_KEY(header->gre_hd.flags) || /* flag KEY should be set */
368 (header->gre_hd.flags & GRE_FLAGS)) /* flag Recursion Ctrl should be clear */
369 /* if invalid, discard this packet */
372 po = lookup_chan(htons(header->call_id), iph->saddr);
376 return sk_receive_skb(sk_pppox(po), skb, 0);
383 static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
386 struct sock *sk = sock->sk;
387 struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr;
388 struct pppox_sock *po = pppox_sk(sk);
391 if (sockaddr_len < sizeof(struct sockaddr_pppox))
396 if (sk->sk_state & PPPOX_DEAD) {
401 if (sk->sk_state & PPPOX_BOUND) {
406 if (add_chan(po, &sp->sa_addr.pptp))
409 sk->sk_state |= PPPOX_BOUND;
416 static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
417 int sockaddr_len, int flags)
419 struct sock *sk = sock->sk;
420 struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr;
421 struct pppox_sock *po = pppox_sk(sk);
422 struct pptp_opt *opt = &po->proto.pptp;
427 if (sockaddr_len < sizeof(struct sockaddr_pppox))
430 if (sp->sa_protocol != PX_PROTO_PPTP)
433 if (lookup_chan_dst(sp->sa_addr.pptp.call_id, sp->sa_addr.pptp.sin_addr.s_addr))
437 /* Check for already bound sockets */
438 if (sk->sk_state & PPPOX_CONNECTED) {
443 /* Check for already disconnected sockets, on attempts to disconnect */
444 if (sk->sk_state & PPPOX_DEAD) {
449 if (!opt->src_addr.sin_addr.s_addr || !sp->sa_addr.pptp.sin_addr.s_addr) {
454 po->chan.private = sk;
455 po->chan.ops = &pptp_chan_ops;
457 rt = pptp_route_output(po, &fl4);
459 error = -EHOSTUNREACH;
462 sk_setup_caps(sk, &rt->dst);
464 po->chan.mtu = dst_mtu(&rt->dst);
466 po->chan.mtu = PPP_MRU;
467 po->chan.mtu -= PPTP_HEADER_OVERHEAD;
469 po->chan.hdrlen = 2 + sizeof(struct pptp_gre_header);
470 error = ppp_register_channel(&po->chan);
472 pr_err("PPTP: failed to register PPP channel (%d)\n", error);
476 opt->dst_addr = sp->sa_addr.pptp;
477 sk->sk_state |= PPPOX_CONNECTED;
484 static int pptp_getname(struct socket *sock, struct sockaddr *uaddr,
487 int len = sizeof(struct sockaddr_pppox);
488 struct sockaddr_pppox sp;
490 memset(&sp.sa_addr, 0, sizeof(sp.sa_addr));
492 sp.sa_family = AF_PPPOX;
493 sp.sa_protocol = PX_PROTO_PPTP;
494 sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr;
496 memcpy(uaddr, &sp, len);
501 static int pptp_release(struct socket *sock)
503 struct sock *sk = sock->sk;
504 struct pppox_sock *po;
512 if (sock_flag(sk, SOCK_DEAD)) {
521 pppox_unbind_sock(sk);
522 sk->sk_state = PPPOX_DEAD;
533 static void pptp_sock_destruct(struct sock *sk)
535 if (!(sk->sk_state & PPPOX_DEAD)) {
536 del_chan(pppox_sk(sk));
537 pppox_unbind_sock(sk);
539 skb_queue_purge(&sk->sk_receive_queue);
540 dst_release(rcu_dereference_protected(sk->sk_dst_cache, 1));
543 static int pptp_create(struct net *net, struct socket *sock, int kern)
547 struct pppox_sock *po;
548 struct pptp_opt *opt;
550 sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pptp_sk_proto, kern);
554 sock_init_data(sock, sk);
556 sock->state = SS_UNCONNECTED;
557 sock->ops = &pptp_ops;
559 sk->sk_backlog_rcv = pptp_rcv_core;
560 sk->sk_state = PPPOX_NONE;
561 sk->sk_type = SOCK_STREAM;
562 sk->sk_family = PF_PPPOX;
563 sk->sk_protocol = PX_PROTO_PPTP;
564 sk->sk_destruct = pptp_sock_destruct;
567 opt = &po->proto.pptp;
569 opt->seq_sent = 0; opt->seq_recv = 0xffffffff;
570 opt->ack_recv = 0; opt->ack_sent = 0xffffffff;
577 static int pptp_ppp_ioctl(struct ppp_channel *chan, unsigned int cmd,
580 struct sock *sk = (struct sock *) chan->private;
581 struct pppox_sock *po = pppox_sk(sk);
582 struct pptp_opt *opt = &po->proto.pptp;
583 void __user *argp = (void __user *)arg;
584 int __user *p = argp;
590 val = opt->ppp_flags;
591 if (put_user(val, p))
596 if (get_user(val, p))
598 opt->ppp_flags = val & ~SC_RCV_BITS;
608 static const struct ppp_channel_ops pptp_chan_ops = {
609 .start_xmit = pptp_xmit,
610 .ioctl = pptp_ppp_ioctl,
613 static struct proto pptp_sk_proto __read_mostly = {
615 .owner = THIS_MODULE,
616 .obj_size = sizeof(struct pppox_sock),
619 static const struct proto_ops pptp_ops = {
621 .owner = THIS_MODULE,
622 .release = pptp_release,
624 .connect = pptp_connect,
625 .socketpair = sock_no_socketpair,
626 .accept = sock_no_accept,
627 .getname = pptp_getname,
628 .listen = sock_no_listen,
629 .shutdown = sock_no_shutdown,
630 .sendmsg = sock_no_sendmsg,
631 .recvmsg = sock_no_recvmsg,
632 .mmap = sock_no_mmap,
633 .ioctl = pppox_ioctl,
635 .compat_ioctl = pppox_compat_ioctl,
639 static const struct pppox_proto pppox_pptp_proto = {
640 .create = pptp_create,
641 .owner = THIS_MODULE,
644 static const struct gre_protocol gre_pptp_protocol = {
648 static int __init pptp_init_module(void)
651 pr_info("PPTP driver version " PPTP_DRIVER_VERSION "\n");
653 callid_sock = vzalloc(array_size(sizeof(void *), (MAX_CALLID + 1)));
657 err = gre_add_protocol(&gre_pptp_protocol, GREPROTO_PPTP);
659 pr_err("PPTP: can't add gre protocol\n");
663 err = proto_register(&pptp_sk_proto, 0);
665 pr_err("PPTP: can't register sk_proto\n");
666 goto out_gre_del_protocol;
669 err = register_pppox_proto(PX_PROTO_PPTP, &pppox_pptp_proto);
671 pr_err("PPTP: can't register pppox_proto\n");
672 goto out_unregister_sk_proto;
677 out_unregister_sk_proto:
678 proto_unregister(&pptp_sk_proto);
679 out_gre_del_protocol:
680 gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP);
687 static void __exit pptp_exit_module(void)
689 unregister_pppox_proto(PX_PROTO_PPTP);
690 proto_unregister(&pptp_sk_proto);
691 gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP);
695 module_init(pptp_init_module);
696 module_exit(pptp_exit_module);
698 MODULE_DESCRIPTION("Point-to-Point Tunneling Protocol");
699 MODULE_AUTHOR("D. Kozlov (xeb@mail.ru)");
700 MODULE_LICENSE("GPL");
701 MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_PPTP);
projects / releases.git / blob