6f98834e6ace29bc892b54f63a03aa6ed799fd70
[linux-2.6.git] / drivers / net / pppoe.c
1 /** -*- linux-c -*- ***********************************************************
2  * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets
3  *
4  * PPPoX --- Generic PPP encapsulation socket family
5  * PPPoE --- PPP over Ethernet (RFC 2516)
6  *
7  *
8  * Version:     0.7.0
9  *
10  * 070228 :     Fix to allow multiple sessions with same remote MAC and same
11  *              session id by including the local device ifindex in the
12  *              tuple identifying a session. This also ensures packets can't
13  *              be injected into a session from interfaces other than the one
14  *              specified by userspace. Florian Zumbiehl <florz@florz.de>
15  *              (Oh, BTW, this one is YYMMDD, in case you were wondering ...)
16  * 220102 :     Fix module use count on failure in pppoe_create, pppox_sk -acme
17  * 030700 :     Fixed connect logic to allow for disconnect.
18  * 270700 :     Fixed potential SMP problems; we must protect against
19  *              simultaneous invocation of ppp_input
20  *              and ppp_unregister_channel.
21  * 040800 :     Respect reference count mechanisms on net-devices.
22  * 200800 :     fix kfree(skb) in pppoe_rcv (acme)
23  *              Module reference count is decremented in the right spot now,
24  *              guards against sock_put not actually freeing the sk
25  *              in pppoe_release.
26  * 051000 :     Initialization cleanup.
27  * 111100 :     Fix recvmsg.
28  * 050101 :     Fix PADT procesing.
29  * 140501 :     Use pppoe_rcv_core to handle all backlog. (Alexey)
30  * 170701 :     Do not lock_sock with rwlock held. (DaveM)
31  *              Ignore discovery frames if user has socket
32  *              locked. (DaveM)
33  *              Ignore return value of dev_queue_xmit in __pppoe_xmit
34  *              or else we may kfree an SKB twice. (DaveM)
35  * 190701 :     When doing copies of skb's in __pppoe_xmit, always delete
36  *              the original skb that was passed in on success, never on
37  *              failure.  Delete the copy of the skb on failure to avoid
38  *              a memory leak.
39  * 081001 :     Misc. cleanup (licence string, non-blocking, prevent
40  *              reference of device on close).
41  * 121301 :     New ppp channels interface; cannot unregister a channel
42  *              from interrupts.  Thus, we mark the socket as a ZOMBIE
43  *              and do the unregistration later.
44  * 081002 :     seq_file support for proc stuff -acme
45  * 111602 :     Merge all 2.4 fixes into 2.5/2.6 tree.  Label 2.5/2.6
46  *              as version 0.7.  Spacing cleanup.
47  * Author:      Michal Ostrowski <mostrows@speakeasy.net>
48  * Contributors:
49  *              Arnaldo Carvalho de Melo <acme@conectiva.com.br>
50  *              David S. Miller (davem@redhat.com)
51  *
52  * License:
53  *              This program is free software; you can redistribute it and/or
54  *              modify it under the terms of the GNU General Public License
55  *              as published by the Free Software Foundation; either version
56  *              2 of the License, or (at your option) any later version.
57  *
58  */
59
60 #include <linux/string.h>
61 #include <linux/module.h>
62 #include <linux/kernel.h>
63 #include <linux/slab.h>
64 #include <linux/errno.h>
65 #include <linux/netdevice.h>
66 #include <linux/net.h>
67 #include <linux/inetdevice.h>
68 #include <linux/etherdevice.h>
69 #include <linux/skbuff.h>
70 #include <linux/init.h>
71 #include <linux/if_ether.h>
72 #include <linux/if_pppox.h>
73 #include <linux/ppp_channel.h>
74 #include <linux/ppp_defs.h>
75 #include <linux/if_ppp.h>
76 #include <linux/notifier.h>
77 #include <linux/file.h>
78 #include <linux/proc_fs.h>
79 #include <linux/seq_file.h>
80
81 #include <net/sock.h>
82
83 #include <asm/uaccess.h>
84
85 #define PPPOE_HASH_BITS 4
86 #define PPPOE_HASH_SIZE (1<<PPPOE_HASH_BITS)
87
88 static struct ppp_channel_ops pppoe_chan_ops;
89
90 static int pppoe_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
91 static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb);
92 static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb);
93
94 static const struct proto_ops pppoe_ops;
95 static DEFINE_RWLOCK(pppoe_hash_lock);
96
97 static struct ppp_channel_ops pppoe_chan_ops;
98
99 static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b)
100 {
101         return (a->sid == b->sid &&
102                 (memcmp(a->remote, b->remote, ETH_ALEN) == 0));
103 }
104
105 static inline int cmp_addr(struct pppoe_addr *a, unsigned long sid, char *addr)
106 {
107         return (a->sid == sid &&
108                 (memcmp(a->remote,addr,ETH_ALEN) == 0));
109 }
110
111 static int hash_item(unsigned long sid, unsigned char *addr)
112 {
113         char hash = 0;
114         int i, j;
115
116         for (i = 0; i < ETH_ALEN ; ++i) {
117                 for (j = 0; j < 8/PPPOE_HASH_BITS ; ++j) {
118                         hash ^= addr[i] >> ( j * PPPOE_HASH_BITS );
119                 }
120         }
121
122         for (i = 0; i < (sizeof(unsigned long)*8) / PPPOE_HASH_BITS ; ++i)
123                 hash ^= sid >> (i*PPPOE_HASH_BITS);
124
125         return hash & ( PPPOE_HASH_SIZE - 1 );
126 }
127
128 /* zeroed because its in .bss */
129 static struct pppox_sock *item_hash_table[PPPOE_HASH_SIZE];
130
131 /**********************************************************************
132  *
133  *  Set/get/delete/rehash items  (internal versions)
134  *
135  **********************************************************************/
136 static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int ifindex)
137 {
138         int hash = hash_item(sid, addr);
139         struct pppox_sock *ret;
140
141         ret = item_hash_table[hash];
142
143         while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex))
144                 ret = ret->next;
145
146         return ret;
147 }
148
149 static int __set_item(struct pppox_sock *po)
150 {
151         int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
152         struct pppox_sock *ret;
153
154         ret = item_hash_table[hash];
155         while (ret) {
156                 if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex)
157                         return -EALREADY;
158
159                 ret = ret->next;
160         }
161
162         po->next = item_hash_table[hash];
163         item_hash_table[hash] = po;
164
165         return 0;
166 }
167
168 static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifindex)
169 {
170         int hash = hash_item(sid, addr);
171         struct pppox_sock *ret, **src;
172
173         ret = item_hash_table[hash];
174         src = &item_hash_table[hash];
175
176         while (ret) {
177                 if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) {
178                         *src = ret->next;
179                         break;
180                 }
181
182                 src = &ret->next;
183                 ret = ret->next;
184         }
185
186         return ret;
187 }
188
189 /**********************************************************************
190  *
191  *  Set/get/delete/rehash items
192  *
193  **********************************************************************/
194 static inline struct pppox_sock *get_item(unsigned long sid,
195                                          unsigned char *addr, int ifindex)
196 {
197         struct pppox_sock *po;
198
199         read_lock_bh(&pppoe_hash_lock);
200         po = __get_item(sid, addr, ifindex);
201         if (po)
202                 sock_hold(sk_pppox(po));
203         read_unlock_bh(&pppoe_hash_lock);
204
205         return po;
206 }
207
208 static inline struct pppox_sock *get_item_by_addr(struct sockaddr_pppox *sp)
209 {
210         struct net_device *dev;
211         int ifindex;
212
213         dev = dev_get_by_name(sp->sa_addr.pppoe.dev);
214         if(!dev)
215                 return NULL;
216         ifindex = dev->ifindex;
217         dev_put(dev);
218         return get_item(sp->sa_addr.pppoe.sid, sp->sa_addr.pppoe.remote, ifindex);
219 }
220
221 static inline struct pppox_sock *delete_item(unsigned long sid, char *addr, int ifindex)
222 {
223         struct pppox_sock *ret;
224
225         write_lock_bh(&pppoe_hash_lock);
226         ret = __delete_item(sid, addr, ifindex);
227         write_unlock_bh(&pppoe_hash_lock);
228
229         return ret;
230 }
231
232
233
234 /***************************************************************************
235  *
236  *  Handler for device events.
237  *  Certain device events require that sockets be unconnected.
238  *
239  **************************************************************************/
240
241 static void pppoe_flush_dev(struct net_device *dev)
242 {
243         int hash;
244         BUG_ON(dev == NULL);
245
246         write_lock_bh(&pppoe_hash_lock);
247         for (hash = 0; hash < PPPOE_HASH_SIZE; hash++) {
248                 struct pppox_sock *po = item_hash_table[hash];
249
250                 while (po != NULL) {
251                         struct sock *sk = sk_pppox(po);
252                         if (po->pppoe_dev != dev) {
253                                 po = po->next;
254                                 continue;
255                         }
256                         po->pppoe_dev = NULL;
257                         dev_put(dev);
258
259
260                         /* We always grab the socket lock, followed by the
261                          * pppoe_hash_lock, in that order.  Since we should
262                          * hold the sock lock while doing any unbinding,
263                          * we need to release the lock we're holding.
264                          * Hold a reference to the sock so it doesn't disappear
265                          * as we're jumping between locks.
266                          */
267
268                         sock_hold(sk);
269
270                         write_unlock_bh(&pppoe_hash_lock);
271                         lock_sock(sk);
272
273                         if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
274                                 pppox_unbind_sock(sk);
275                                 sk->sk_state = PPPOX_ZOMBIE;
276                                 sk->sk_state_change(sk);
277                         }
278
279                         release_sock(sk);
280                         sock_put(sk);
281
282                         /* Restart scan at the beginning of this hash chain.
283                          * While the lock was dropped the chain contents may
284                          * have changed.
285                          */
286                         write_lock_bh(&pppoe_hash_lock);
287                         po = item_hash_table[hash];
288                 }
289         }
290         write_unlock_bh(&pppoe_hash_lock);
291 }
292
293 static int pppoe_device_event(struct notifier_block *this,
294                               unsigned long event, void *ptr)
295 {
296         struct net_device *dev = (struct net_device *) ptr;
297
298         /* Only look at sockets that are using this specific device. */
299         switch (event) {
300         case NETDEV_CHANGEMTU:
301                 /* A change in mtu is a bad thing, requiring
302                  * LCP re-negotiation.
303                  */
304
305         case NETDEV_GOING_DOWN:
306         case NETDEV_DOWN:
307                 /* Find every socket on this device and kill it. */
308                 pppoe_flush_dev(dev);
309                 break;
310
311         default:
312                 break;
313         };
314
315         return NOTIFY_DONE;
316 }
317
318
319 static struct notifier_block pppoe_notifier = {
320         .notifier_call = pppoe_device_event,
321 };
322
323
324 /************************************************************************
325  *
326  * Do the real work of receiving a PPPoE Session frame.
327  *
328  ***********************************************************************/
329 static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
330 {
331         struct pppox_sock *po = pppox_sk(sk);
332         struct pppox_sock *relay_po;
333
334         if (sk->sk_state & PPPOX_BOUND) {
335                 struct pppoe_hdr *ph = pppoe_hdr(skb);
336                 int len = ntohs(ph->length);
337                 skb_pull_rcsum(skb, sizeof(struct pppoe_hdr));
338                 if (pskb_trim_rcsum(skb, len))
339                         goto abort_kfree;
340
341                 ppp_input(&po->chan, skb);
342         } else if (sk->sk_state & PPPOX_RELAY) {
343                 relay_po = get_item_by_addr(&po->pppoe_relay);
344
345                 if (relay_po == NULL)
346                         goto abort_kfree;
347
348                 if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == 0)
349                         goto abort_put;
350
351                 skb_pull(skb, sizeof(struct pppoe_hdr));
352                 if (!__pppoe_xmit(sk_pppox(relay_po), skb))
353                         goto abort_put;
354         } else {
355                 if (sock_queue_rcv_skb(sk, skb))
356                         goto abort_kfree;
357         }
358
359         return NET_RX_SUCCESS;
360
361 abort_put:
362         sock_put(sk_pppox(relay_po));
363
364 abort_kfree:
365         kfree_skb(skb);
366         return NET_RX_DROP;
367 }
368
369 /************************************************************************
370  *
371  * Receive wrapper called in BH context.
372  *
373  ***********************************************************************/
374 static int pppoe_rcv(struct sk_buff *skb,
375                      struct net_device *dev,
376                      struct packet_type *pt,
377                      struct net_device *orig_dev)
378
379 {
380         struct pppoe_hdr *ph;
381         struct pppox_sock *po;
382
383         if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
384                 goto drop;
385
386         if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
387                 goto out;
388
389         ph = pppoe_hdr(skb);
390
391         po = get_item((unsigned long) ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
392         if (po != NULL)
393                 return sk_receive_skb(sk_pppox(po), skb, 0);
394 drop:
395         kfree_skb(skb);
396 out:
397         return NET_RX_DROP;
398 }
399
400 /************************************************************************
401  *
402  * Receive a PPPoE Discovery frame.
403  * This is solely for detection of PADT frames
404  *
405  ***********************************************************************/
406 static int pppoe_disc_rcv(struct sk_buff *skb,
407                           struct net_device *dev,
408                           struct packet_type *pt,
409                           struct net_device *orig_dev)
410
411 {
412         struct pppoe_hdr *ph;
413         struct pppox_sock *po;
414
415         if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
416                 goto abort;
417
418         if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
419                 goto out;
420
421         ph = pppoe_hdr(skb);
422         if (ph->code != PADT_CODE)
423                 goto abort;
424
425         po = get_item((unsigned long) ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
426         if (po) {
427                 struct sock *sk = sk_pppox(po);
428
429                 bh_lock_sock(sk);
430
431                 /* If the user has locked the socket, just ignore
432                  * the packet.  With the way two rcv protocols hook into
433                  * one socket family type, we cannot (easily) distinguish
434                  * what kind of SKB it is during backlog rcv.
435                  */
436                 if (sock_owned_by_user(sk) == 0) {
437                         /* We're no longer connect at the PPPOE layer,
438                          * and must wait for ppp channel to disconnect us.
439                          */
440                         sk->sk_state = PPPOX_ZOMBIE;
441                 }
442
443                 bh_unlock_sock(sk);
444                 sock_put(sk);
445         }
446
447 abort:
448         kfree_skb(skb);
449 out:
450         return NET_RX_SUCCESS; /* Lies... :-) */
451 }
452
453 static struct packet_type pppoes_ptype = {
454         .type   = __constant_htons(ETH_P_PPP_SES),
455         .func   = pppoe_rcv,
456 };
457
458 static struct packet_type pppoed_ptype = {
459         .type   = __constant_htons(ETH_P_PPP_DISC),
460         .func   = pppoe_disc_rcv,
461 };
462
463 static struct proto pppoe_sk_proto = {
464         .name     = "PPPOE",
465         .owner    = THIS_MODULE,
466         .obj_size = sizeof(struct pppox_sock),
467 };
468
469 /***********************************************************************
470  *
471  * Initialize a new struct sock.
472  *
473  **********************************************************************/
474 static int pppoe_create(struct socket *sock)
475 {
476         int error = -ENOMEM;
477         struct sock *sk;
478
479         sk = sk_alloc(PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto, 1);
480         if (!sk)
481                 goto out;
482
483         sock_init_data(sock, sk);
484
485         sock->state = SS_UNCONNECTED;
486         sock->ops   = &pppoe_ops;
487
488         sk->sk_backlog_rcv = pppoe_rcv_core;
489         sk->sk_state       = PPPOX_NONE;
490         sk->sk_type        = SOCK_STREAM;
491         sk->sk_family      = PF_PPPOX;
492         sk->sk_protocol    = PX_PROTO_OE;
493
494         error = 0;
495 out:    return error;
496 }
497
498 static int pppoe_release(struct socket *sock)
499 {
500         struct sock *sk = sock->sk;
501         struct pppox_sock *po;
502
503         if (!sk)
504                 return 0;
505
506         lock_sock(sk);
507         if (sock_flag(sk, SOCK_DEAD)){
508                 release_sock(sk);
509                 return -EBADF;
510         }
511
512         pppox_unbind_sock(sk);
513
514         /* Signal the death of the socket. */
515         sk->sk_state = PPPOX_DEAD;
516
517
518         /* Write lock on hash lock protects the entire "po" struct from
519          * concurrent updates via pppoe_flush_dev. The "po" struct should
520          * be considered part of the hash table contents, thus protected
521          * by the hash table lock */
522         write_lock_bh(&pppoe_hash_lock);
523
524         po = pppox_sk(sk);
525         if (po->pppoe_pa.sid) {
526                 __delete_item(po->pppoe_pa.sid,
527                               po->pppoe_pa.remote, po->pppoe_ifindex);
528         }
529
530         if (po->pppoe_dev) {
531                 dev_put(po->pppoe_dev);
532                 po->pppoe_dev = NULL;
533         }
534
535         write_unlock_bh(&pppoe_hash_lock);
536
537         sock_orphan(sk);
538         sock->sk = NULL;
539
540         skb_queue_purge(&sk->sk_receive_queue);
541         release_sock(sk);
542         sock_put(sk);
543
544         return 0;
545 }
546
547
548 static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
549                   int sockaddr_len, int flags)
550 {
551         struct sock *sk = sock->sk;
552         struct net_device *dev;
553         struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr;
554         struct pppox_sock *po = pppox_sk(sk);
555         int error;
556
557         lock_sock(sk);
558
559         error = -EINVAL;
560         if (sp->sa_protocol != PX_PROTO_OE)
561                 goto end;
562
563         /* Check for already bound sockets */
564         error = -EBUSY;
565         if ((sk->sk_state & PPPOX_CONNECTED) && sp->sa_addr.pppoe.sid)
566                 goto end;
567
568         /* Check for already disconnected sockets, on attempts to disconnect */
569         error = -EALREADY;
570         if ((sk->sk_state & PPPOX_DEAD) && !sp->sa_addr.pppoe.sid )
571                 goto end;
572
573         error = 0;
574         if (po->pppoe_pa.sid) {
575                 pppox_unbind_sock(sk);
576
577                 /* Delete the old binding */
578                 delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex);
579
580                 if(po->pppoe_dev)
581                         dev_put(po->pppoe_dev);
582
583                 memset(sk_pppox(po) + 1, 0,
584                        sizeof(struct pppox_sock) - sizeof(struct sock));
585
586                 sk->sk_state = PPPOX_NONE;
587         }
588
589         /* Don't re-bind if sid==0 */
590         if (sp->sa_addr.pppoe.sid != 0) {
591                 dev = dev_get_by_name(sp->sa_addr.pppoe.dev);
592
593                 error = -ENODEV;
594                 if (!dev)
595                         goto end;
596
597                 po->pppoe_dev = dev;
598                 po->pppoe_ifindex = dev->ifindex;
599
600                 write_lock_bh(&pppoe_hash_lock);
601                 if (!(dev->flags & IFF_UP)){
602                         write_unlock_bh(&pppoe_hash_lock);
603                         goto err_put;
604                 }
605
606                 memcpy(&po->pppoe_pa,
607                        &sp->sa_addr.pppoe,
608                        sizeof(struct pppoe_addr));
609
610                 error = __set_item(po);
611                 write_unlock_bh(&pppoe_hash_lock);
612                 if (error < 0)
613                         goto err_put;
614
615                 po->chan.hdrlen = (sizeof(struct pppoe_hdr) +
616                                    dev->hard_header_len);
617
618                 po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr);
619                 po->chan.private = sk;
620                 po->chan.ops = &pppoe_chan_ops;
621
622                 error = ppp_register_channel(&po->chan);
623                 if (error)
624                         goto err_put;
625
626                 sk->sk_state = PPPOX_CONNECTED;
627         }
628
629         po->num = sp->sa_addr.pppoe.sid;
630
631  end:
632         release_sock(sk);
633         return error;
634 err_put:
635         if (po->pppoe_dev) {
636                 dev_put(po->pppoe_dev);
637                 po->pppoe_dev = NULL;
638         }
639         goto end;
640 }
641
642
643 static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr,
644                   int *usockaddr_len, int peer)
645 {
646         int len = sizeof(struct sockaddr_pppox);
647         struct sockaddr_pppox sp;
648
649         sp.sa_family    = AF_PPPOX;
650         sp.sa_protocol  = PX_PROTO_OE;
651         memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa,
652                sizeof(struct pppoe_addr));
653
654         memcpy(uaddr, &sp, len);
655
656         *usockaddr_len = len;
657
658         return 0;
659 }
660
661
662 static int pppoe_ioctl(struct socket *sock, unsigned int cmd,
663                 unsigned long arg)
664 {
665         struct sock *sk = sock->sk;
666         struct pppox_sock *po = pppox_sk(sk);
667         int val = 0;
668         int err = 0;
669
670         switch (cmd) {
671         case PPPIOCGMRU:
672                 err = -ENXIO;
673
674                 if (!(sk->sk_state & PPPOX_CONNECTED))
675                         break;
676
677                 err = -EFAULT;
678                 if (put_user(po->pppoe_dev->mtu -
679                              sizeof(struct pppoe_hdr) -
680                              PPP_HDRLEN,
681                              (int __user *) arg))
682                         break;
683                 err = 0;
684                 break;
685
686         case PPPIOCSMRU:
687                 err = -ENXIO;
688                 if (!(sk->sk_state & PPPOX_CONNECTED))
689                         break;
690
691                 err = -EFAULT;
692                 if (get_user(val,(int __user *) arg))
693                         break;
694
695                 if (val < (po->pppoe_dev->mtu
696                            - sizeof(struct pppoe_hdr)
697                            - PPP_HDRLEN))
698                         err = 0;
699                 else
700                         err = -EINVAL;
701                 break;
702
703         case PPPIOCSFLAGS:
704                 err = -EFAULT;
705                 if (get_user(val, (int __user *) arg))
706                         break;
707                 err = 0;
708                 break;
709
710         case PPPOEIOCSFWD:
711         {
712                 struct pppox_sock *relay_po;
713
714                 err = -EBUSY;
715                 if (sk->sk_state & (PPPOX_BOUND | PPPOX_ZOMBIE | PPPOX_DEAD))
716                         break;
717
718                 err = -ENOTCONN;
719                 if (!(sk->sk_state & PPPOX_CONNECTED))
720                         break;
721
722                 /* PPPoE address from the user specifies an outbound
723                    PPPoE address which frames are forwarded to */
724                 err = -EFAULT;
725                 if (copy_from_user(&po->pppoe_relay,
726                                    (void __user *)arg,
727                                    sizeof(struct sockaddr_pppox)))
728                         break;
729
730                 err = -EINVAL;
731                 if (po->pppoe_relay.sa_family != AF_PPPOX ||
732                     po->pppoe_relay.sa_protocol!= PX_PROTO_OE)
733                         break;
734
735                 /* Check that the socket referenced by the address
736                    actually exists. */
737                 relay_po = get_item_by_addr(&po->pppoe_relay);
738
739                 if (!relay_po)
740                         break;
741
742                 sock_put(sk_pppox(relay_po));
743                 sk->sk_state |= PPPOX_RELAY;
744                 err = 0;
745                 break;
746         }
747
748         case PPPOEIOCDFWD:
749                 err = -EALREADY;
750                 if (!(sk->sk_state & PPPOX_RELAY))
751                         break;
752
753                 sk->sk_state &= ~PPPOX_RELAY;
754                 err = 0;
755                 break;
756
757         default:;
758         };
759
760         return err;
761 }
762
763
764 static int pppoe_sendmsg(struct kiocb *iocb, struct socket *sock,
765                   struct msghdr *m, size_t total_len)
766 {
767         struct sk_buff *skb;
768         struct sock *sk = sock->sk;
769         struct pppox_sock *po = pppox_sk(sk);
770         int error;
771         struct pppoe_hdr hdr;
772         struct pppoe_hdr *ph;
773         struct net_device *dev;
774         char *start;
775
776         if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) {
777                 error = -ENOTCONN;
778                 goto end;
779         }
780
781         hdr.ver = 1;
782         hdr.type = 1;
783         hdr.code = 0;
784         hdr.sid = po->num;
785
786         lock_sock(sk);
787
788         dev = po->pppoe_dev;
789
790         error = -EMSGSIZE;
791         if (total_len > (dev->mtu + dev->hard_header_len))
792                 goto end;
793
794
795         skb = sock_wmalloc(sk, total_len + dev->hard_header_len + 32,
796                            0, GFP_KERNEL);
797         if (!skb) {
798                 error = -ENOMEM;
799                 goto end;
800         }
801
802         /* Reserve space for headers. */
803         skb_reserve(skb, dev->hard_header_len);
804         skb_reset_network_header(skb);
805
806         skb->dev = dev;
807
808         skb->priority = sk->sk_priority;
809         skb->protocol = __constant_htons(ETH_P_PPP_SES);
810
811         ph = (struct pppoe_hdr *) skb_put(skb, total_len + sizeof(struct pppoe_hdr));
812         start = (char *) &ph->tag[0];
813
814         error = memcpy_fromiovec(start, m->msg_iov, total_len);
815
816         if (error < 0) {
817                 kfree_skb(skb);
818                 goto end;
819         }
820
821         error = total_len;
822         dev->hard_header(skb, dev, ETH_P_PPP_SES,
823                          po->pppoe_pa.remote, NULL, total_len);
824
825         memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
826
827         ph->length = htons(total_len);
828
829         dev_queue_xmit(skb);
830
831 end:
832         release_sock(sk);
833         return error;
834 }
835
836
837 /************************************************************************
838  *
839  * xmit function for internal use.
840  *
841  ***********************************************************************/
842 static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb)
843 {
844         struct pppox_sock *po = pppox_sk(sk);
845         struct net_device *dev = po->pppoe_dev;
846         struct pppoe_hdr hdr;
847         struct pppoe_hdr *ph;
848         int headroom = skb_headroom(skb);
849         int data_len = skb->len;
850         struct sk_buff *skb2;
851
852         if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
853                 goto abort;
854
855         hdr.ver = 1;
856         hdr.type = 1;
857         hdr.code = 0;
858         hdr.sid = po->num;
859         hdr.length = htons(skb->len);
860
861         if (!dev)
862                 goto abort;
863
864         /* Copy the skb if there is no space for the header. */
865         if (headroom < (sizeof(struct pppoe_hdr) + dev->hard_header_len)) {
866                 skb2 = dev_alloc_skb(32+skb->len +
867                                      sizeof(struct pppoe_hdr) +
868                                      dev->hard_header_len);
869
870                 if (skb2 == NULL)
871                         goto abort;
872
873                 skb_reserve(skb2, dev->hard_header_len + sizeof(struct pppoe_hdr));
874                 skb_copy_from_linear_data(skb, skb_put(skb2, skb->len),
875                                           skb->len);
876         } else {
877                 /* Make a clone so as to not disturb the original skb,
878                  * give dev_queue_xmit something it can free.
879                  */
880                 skb2 = skb_clone(skb, GFP_ATOMIC);
881
882                 if (skb2 == NULL)
883                         goto abort;
884         }
885
886         ph = (struct pppoe_hdr *) skb_push(skb2, sizeof(struct pppoe_hdr));
887         memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
888         skb2->protocol = __constant_htons(ETH_P_PPP_SES);
889
890         skb_reset_network_header(skb2);
891
892         skb2->dev = dev;
893
894         dev->hard_header(skb2, dev, ETH_P_PPP_SES,
895                          po->pppoe_pa.remote, NULL, data_len);
896
897         /* We're transmitting skb2, and assuming that dev_queue_xmit
898          * will free it.  The generic ppp layer however, is expecting
899          * that we give back 'skb' (not 'skb2') in case of failure,
900          * but free it in case of success.
901          */
902
903         if (dev_queue_xmit(skb2) < 0)
904                 goto abort;
905
906         kfree_skb(skb);
907         return 1;
908
909 abort:
910         return 0;
911 }
912
913
914 /************************************************************************
915  *
916  * xmit function called by generic PPP driver
917  * sends PPP frame over PPPoE socket
918  *
919  ***********************************************************************/
920 static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb)
921 {
922         struct sock *sk = (struct sock *) chan->private;
923         return __pppoe_xmit(sk, skb);
924 }
925
926
927 static struct ppp_channel_ops pppoe_chan_ops = {
928         .start_xmit = pppoe_xmit,
929 };
930
931 static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock,
932                   struct msghdr *m, size_t total_len, int flags)
933 {
934         struct sock *sk = sock->sk;
935         struct sk_buff *skb;
936         int error = 0;
937
938         if (sk->sk_state & PPPOX_BOUND) {
939                 error = -EIO;
940                 goto end;
941         }
942
943         skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
944                                 flags & MSG_DONTWAIT, &error);
945
946         if (error < 0)
947                 goto end;
948
949         m->msg_namelen = 0;
950
951         if (skb) {
952                 struct pppoe_hdr *ph = pppoe_hdr(skb);
953                 const int len = ntohs(ph->length);
954
955                 error = memcpy_toiovec(m->msg_iov, (unsigned char *) &ph->tag[0], len);
956                 if (error == 0)
957                         error = len;
958         }
959
960         kfree_skb(skb);
961 end:
962         return error;
963 }
964
965 #ifdef CONFIG_PROC_FS
966 static int pppoe_seq_show(struct seq_file *seq, void *v)
967 {
968         struct pppox_sock *po;
969         char *dev_name;
970
971         if (v == SEQ_START_TOKEN) {
972                 seq_puts(seq, "Id       Address              Device\n");
973                 goto out;
974         }
975
976         po = v;
977         dev_name = po->pppoe_pa.dev;
978
979         seq_printf(seq, "%08X %02X:%02X:%02X:%02X:%02X:%02X %8s\n",
980                    po->pppoe_pa.sid,
981                    po->pppoe_pa.remote[0], po->pppoe_pa.remote[1],
982                    po->pppoe_pa.remote[2], po->pppoe_pa.remote[3],
983                    po->pppoe_pa.remote[4], po->pppoe_pa.remote[5], dev_name);
984 out:
985         return 0;
986 }
987
988 static __inline__ struct pppox_sock *pppoe_get_idx(loff_t pos)
989 {
990         struct pppox_sock *po;
991         int i = 0;
992
993         for (; i < PPPOE_HASH_SIZE; i++) {
994                 po = item_hash_table[i];
995                 while (po) {
996                         if (!pos--)
997                                 goto out;
998                         po = po->next;
999                 }
1000         }
1001 out:
1002         return po;
1003 }
1004
1005 static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos)
1006 {
1007         loff_t l = *pos;
1008
1009         read_lock_bh(&pppoe_hash_lock);
1010         return l ? pppoe_get_idx(--l) : SEQ_START_TOKEN;
1011 }
1012
1013 static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1014 {
1015         struct pppox_sock *po;
1016
1017         ++*pos;
1018         if (v == SEQ_START_TOKEN) {
1019                 po = pppoe_get_idx(0);
1020                 goto out;
1021         }
1022         po = v;
1023         if (po->next)
1024                 po = po->next;
1025         else {
1026                 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
1027
1028                 while (++hash < PPPOE_HASH_SIZE) {
1029                         po = item_hash_table[hash];
1030                         if (po)
1031                                 break;
1032                 }
1033         }
1034 out:
1035         return po;
1036 }
1037
1038 static void pppoe_seq_stop(struct seq_file *seq, void *v)
1039 {
1040         read_unlock_bh(&pppoe_hash_lock);
1041 }
1042
1043 static struct seq_operations pppoe_seq_ops = {
1044         .start          = pppoe_seq_start,
1045         .next           = pppoe_seq_next,
1046         .stop           = pppoe_seq_stop,
1047         .show           = pppoe_seq_show,
1048 };
1049
1050 static int pppoe_seq_open(struct inode *inode, struct file *file)
1051 {
1052         return seq_open(file, &pppoe_seq_ops);
1053 }
1054
1055 static const struct file_operations pppoe_seq_fops = {
1056         .owner          = THIS_MODULE,
1057         .open           = pppoe_seq_open,
1058         .read           = seq_read,
1059         .llseek         = seq_lseek,
1060         .release        = seq_release,
1061 };
1062
1063 static int __init pppoe_proc_init(void)
1064 {
1065         struct proc_dir_entry *p;
1066
1067         p = create_proc_entry("net/pppoe", S_IRUGO, NULL);
1068         if (!p)
1069                 return -ENOMEM;
1070
1071         p->proc_fops = &pppoe_seq_fops;
1072         return 0;
1073 }
1074 #else /* CONFIG_PROC_FS */
1075 static inline int pppoe_proc_init(void) { return 0; }
1076 #endif /* CONFIG_PROC_FS */
1077
1078 static const struct proto_ops pppoe_ops = {
1079     .family             = AF_PPPOX,
1080     .owner              = THIS_MODULE,
1081     .release            = pppoe_release,
1082     .bind               = sock_no_bind,
1083     .connect            = pppoe_connect,
1084     .socketpair         = sock_no_socketpair,
1085     .accept             = sock_no_accept,
1086     .getname            = pppoe_getname,
1087     .poll               = datagram_poll,
1088     .listen             = sock_no_listen,
1089     .shutdown           = sock_no_shutdown,
1090     .setsockopt         = sock_no_setsockopt,
1091     .getsockopt         = sock_no_getsockopt,
1092     .sendmsg            = pppoe_sendmsg,
1093     .recvmsg            = pppoe_recvmsg,
1094     .mmap               = sock_no_mmap,
1095     .ioctl              = pppox_ioctl,
1096 };
1097
1098 static struct pppox_proto pppoe_proto = {
1099     .create     = pppoe_create,
1100     .ioctl      = pppoe_ioctl,
1101     .owner      = THIS_MODULE,
1102 };
1103
1104
1105 static int __init pppoe_init(void)
1106 {
1107         int err = proto_register(&pppoe_sk_proto, 0);
1108
1109         if (err)
1110                 goto out;
1111
1112         err = register_pppox_proto(PX_PROTO_OE, &pppoe_proto);
1113         if (err)
1114                 goto out_unregister_pppoe_proto;
1115
1116         err = pppoe_proc_init();
1117         if (err)
1118                 goto out_unregister_pppox_proto;
1119
1120         dev_add_pack(&pppoes_ptype);
1121         dev_add_pack(&pppoed_ptype);
1122         register_netdevice_notifier(&pppoe_notifier);
1123 out:
1124         return err;
1125 out_unregister_pppox_proto:
1126         unregister_pppox_proto(PX_PROTO_OE);
1127 out_unregister_pppoe_proto:
1128         proto_unregister(&pppoe_sk_proto);
1129         goto out;
1130 }
1131
1132 static void __exit pppoe_exit(void)
1133 {
1134         unregister_pppox_proto(PX_PROTO_OE);
1135         dev_remove_pack(&pppoes_ptype);
1136         dev_remove_pack(&pppoed_ptype);
1137         unregister_netdevice_notifier(&pppoe_notifier);
1138         remove_proc_entry("net/pppoe", NULL);
1139         proto_unregister(&pppoe_sk_proto);
1140 }
1141
1142 module_init(pppoe_init);
1143 module_exit(pppoe_exit);
1144
1145 MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>");
1146 MODULE_DESCRIPTION("PPP over Ethernet driver");
1147 MODULE_LICENSE("GPL");
1148 MODULE_ALIAS_NETPROTO(PF_PPPOX);