[PPPOE]: race between interface going down and connect()
[linux-2.6.git] / drivers / net / pppoe.c
1 /** -*- linux-c -*- ***********************************************************
2  * Linux PPP over Ethernet (PPPoX/PPPoE) Sockets
3  *
4  * PPPoX --- Generic PPP encapsulation socket family
5  * PPPoE --- PPP over Ethernet (RFC 2516)
6  *
7  *
8  * Version:     0.7.0
9  *
10  * 070228 :     Fix to allow multiple sessions with same remote MAC and same
11  *              session id by including the local device ifindex in the
12  *              tuple identifying a session. This also ensures packets can't
13  *              be injected into a session from interfaces other than the one
14  *              specified by userspace. Florian Zumbiehl <florz@florz.de>
15  *              (Oh, BTW, this one is YYMMDD, in case you were wondering ...)
16  * 220102 :     Fix module use count on failure in pppoe_create, pppox_sk -acme
17  * 030700 :     Fixed connect logic to allow for disconnect.
18  * 270700 :     Fixed potential SMP problems; we must protect against
19  *              simultaneous invocation of ppp_input
20  *              and ppp_unregister_channel.
21  * 040800 :     Respect reference count mechanisms on net-devices.
22  * 200800 :     fix kfree(skb) in pppoe_rcv (acme)
23  *              Module reference count is decremented in the right spot now,
24  *              guards against sock_put not actually freeing the sk
25  *              in pppoe_release.
26  * 051000 :     Initialization cleanup.
27  * 111100 :     Fix recvmsg.
28  * 050101 :     Fix PADT procesing.
29  * 140501 :     Use pppoe_rcv_core to handle all backlog. (Alexey)
30  * 170701 :     Do not lock_sock with rwlock held. (DaveM)
31  *              Ignore discovery frames if user has socket
32  *              locked. (DaveM)
33  *              Ignore return value of dev_queue_xmit in __pppoe_xmit
34  *              or else we may kfree an SKB twice. (DaveM)
35  * 190701 :     When doing copies of skb's in __pppoe_xmit, always delete
36  *              the original skb that was passed in on success, never on
37  *              failure.  Delete the copy of the skb on failure to avoid
38  *              a memory leak.
39  * 081001 :     Misc. cleanup (licence string, non-blocking, prevent
40  *              reference of device on close).
41  * 121301 :     New ppp channels interface; cannot unregister a channel
42  *              from interrupts.  Thus, we mark the socket as a ZOMBIE
43  *              and do the unregistration later.
44  * 081002 :     seq_file support for proc stuff -acme
45  * 111602 :     Merge all 2.4 fixes into 2.5/2.6 tree.  Label 2.5/2.6
46  *              as version 0.7.  Spacing cleanup.
47  * Author:      Michal Ostrowski <mostrows@speakeasy.net>
48  * Contributors:
49  *              Arnaldo Carvalho de Melo <acme@conectiva.com.br>
50  *              David S. Miller (davem@redhat.com)
51  *
52  * License:
53  *              This program is free software; you can redistribute it and/or
54  *              modify it under the terms of the GNU General Public License
55  *              as published by the Free Software Foundation; either version
56  *              2 of the License, or (at your option) any later version.
57  *
58  */
59
60 #include <linux/string.h>
61 #include <linux/module.h>
62 #include <linux/kernel.h>
63 #include <linux/slab.h>
64 #include <linux/errno.h>
65 #include <linux/netdevice.h>
66 #include <linux/net.h>
67 #include <linux/inetdevice.h>
68 #include <linux/etherdevice.h>
69 #include <linux/skbuff.h>
70 #include <linux/init.h>
71 #include <linux/if_ether.h>
72 #include <linux/if_pppox.h>
73 #include <linux/ppp_channel.h>
74 #include <linux/ppp_defs.h>
75 #include <linux/if_ppp.h>
76 #include <linux/notifier.h>
77 #include <linux/file.h>
78 #include <linux/proc_fs.h>
79 #include <linux/seq_file.h>
80
81 #include <net/sock.h>
82
83 #include <asm/uaccess.h>
84
85 #define PPPOE_HASH_BITS 4
86 #define PPPOE_HASH_SIZE (1<<PPPOE_HASH_BITS)
87
88 static struct ppp_channel_ops pppoe_chan_ops;
89
90 static int pppoe_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
91 static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb);
92 static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb);
93
94 static const struct proto_ops pppoe_ops;
95 static DEFINE_RWLOCK(pppoe_hash_lock);
96
97 static struct ppp_channel_ops pppoe_chan_ops;
98
99 static inline int cmp_2_addr(struct pppoe_addr *a, struct pppoe_addr *b)
100 {
101         return (a->sid == b->sid &&
102                 (memcmp(a->remote, b->remote, ETH_ALEN) == 0));
103 }
104
105 static inline int cmp_addr(struct pppoe_addr *a, unsigned long sid, char *addr)
106 {
107         return (a->sid == sid &&
108                 (memcmp(a->remote,addr,ETH_ALEN) == 0));
109 }
110
111 static int hash_item(unsigned long sid, unsigned char *addr)
112 {
113         char hash = 0;
114         int i, j;
115
116         for (i = 0; i < ETH_ALEN ; ++i) {
117                 for (j = 0; j < 8/PPPOE_HASH_BITS ; ++j) {
118                         hash ^= addr[i] >> ( j * PPPOE_HASH_BITS );
119                 }
120         }
121
122         for (i = 0; i < (sizeof(unsigned long)*8) / PPPOE_HASH_BITS ; ++i)
123                 hash ^= sid >> (i*PPPOE_HASH_BITS);
124
125         return hash & ( PPPOE_HASH_SIZE - 1 );
126 }
127
128 /* zeroed because its in .bss */
129 static struct pppox_sock *item_hash_table[PPPOE_HASH_SIZE];
130
131 /**********************************************************************
132  *
133  *  Set/get/delete/rehash items  (internal versions)
134  *
135  **********************************************************************/
136 static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int ifindex)
137 {
138         int hash = hash_item(sid, addr);
139         struct pppox_sock *ret;
140
141         ret = item_hash_table[hash];
142
143         while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex))
144                 ret = ret->next;
145
146         return ret;
147 }
148
149 static int __set_item(struct pppox_sock *po)
150 {
151         int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
152         struct pppox_sock *ret;
153
154         ret = item_hash_table[hash];
155         while (ret) {
156                 if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex)
157                         return -EALREADY;
158
159                 ret = ret->next;
160         }
161
162         po->next = item_hash_table[hash];
163         item_hash_table[hash] = po;
164
165         return 0;
166 }
167
168 static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifindex)
169 {
170         int hash = hash_item(sid, addr);
171         struct pppox_sock *ret, **src;
172
173         ret = item_hash_table[hash];
174         src = &item_hash_table[hash];
175
176         while (ret) {
177                 if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) {
178                         *src = ret->next;
179                         break;
180                 }
181
182                 src = &ret->next;
183                 ret = ret->next;
184         }
185
186         return ret;
187 }
188
189 /**********************************************************************
190  *
191  *  Set/get/delete/rehash items
192  *
193  **********************************************************************/
194 static inline struct pppox_sock *get_item(unsigned long sid,
195                                          unsigned char *addr, int ifindex)
196 {
197         struct pppox_sock *po;
198
199         read_lock_bh(&pppoe_hash_lock);
200         po = __get_item(sid, addr, ifindex);
201         if (po)
202                 sock_hold(sk_pppox(po));
203         read_unlock_bh(&pppoe_hash_lock);
204
205         return po;
206 }
207
208 static inline struct pppox_sock *get_item_by_addr(struct sockaddr_pppox *sp)
209 {
210         struct net_device *dev;
211         int ifindex;
212
213         dev = dev_get_by_name(sp->sa_addr.pppoe.dev);
214         if(!dev)
215                 return NULL;
216         ifindex = dev->ifindex;
217         dev_put(dev);
218         return get_item(sp->sa_addr.pppoe.sid, sp->sa_addr.pppoe.remote, ifindex);
219 }
220
221 static inline struct pppox_sock *delete_item(unsigned long sid, char *addr, int ifindex)
222 {
223         struct pppox_sock *ret;
224
225         write_lock_bh(&pppoe_hash_lock);
226         ret = __delete_item(sid, addr, ifindex);
227         write_unlock_bh(&pppoe_hash_lock);
228
229         return ret;
230 }
231
232
233
234 /***************************************************************************
235  *
236  *  Handler for device events.
237  *  Certain device events require that sockets be unconnected.
238  *
239  **************************************************************************/
240
241 static void pppoe_flush_dev(struct net_device *dev)
242 {
243         int hash;
244
245         BUG_ON(dev == NULL);
246
247         read_lock_bh(&pppoe_hash_lock);
248         for (hash = 0; hash < PPPOE_HASH_SIZE; hash++) {
249                 struct pppox_sock *po = item_hash_table[hash];
250
251                 while (po != NULL) {
252                         if (po->pppoe_dev == dev) {
253                                 struct sock *sk = sk_pppox(po);
254
255                                 sock_hold(sk);
256                                 po->pppoe_dev = NULL;
257
258                                 /* We hold a reference to SK, now drop the
259                                  * hash table lock so that we may attempt
260                                  * to lock the socket (which can sleep).
261                                  */
262                                 read_unlock_bh(&pppoe_hash_lock);
263
264                                 lock_sock(sk);
265
266                                 if (sk->sk_state &
267                                     (PPPOX_CONNECTED | PPPOX_BOUND)) {
268                                         pppox_unbind_sock(sk);
269                                         dev_put(dev);
270                                         sk->sk_state = PPPOX_ZOMBIE;
271                                         sk->sk_state_change(sk);
272                                 }
273
274                                 release_sock(sk);
275
276                                 sock_put(sk);
277
278                                 read_lock_bh(&pppoe_hash_lock);
279
280                                 /* Now restart from the beginning of this
281                                  * hash chain.  We always NULL out pppoe_dev
282                                  * so we are guaranteed to make forward
283                                  * progress.
284                                  */
285                                 po = item_hash_table[hash];
286                                 continue;
287                         }
288                         po = po->next;
289                 }
290         }
291         read_unlock_bh(&pppoe_hash_lock);
292 }
293
294 static int pppoe_device_event(struct notifier_block *this,
295                               unsigned long event, void *ptr)
296 {
297         struct net_device *dev = (struct net_device *) ptr;
298
299         /* Only look at sockets that are using this specific device. */
300         switch (event) {
301         case NETDEV_CHANGEMTU:
302                 /* A change in mtu is a bad thing, requiring
303                  * LCP re-negotiation.
304                  */
305
306         case NETDEV_GOING_DOWN:
307         case NETDEV_DOWN:
308                 /* Find every socket on this device and kill it. */
309                 pppoe_flush_dev(dev);
310                 break;
311
312         default:
313                 break;
314         };
315
316         return NOTIFY_DONE;
317 }
318
319
320 static struct notifier_block pppoe_notifier = {
321         .notifier_call = pppoe_device_event,
322 };
323
324
325 /************************************************************************
326  *
327  * Do the real work of receiving a PPPoE Session frame.
328  *
329  ***********************************************************************/
330 static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
331 {
332         struct pppox_sock *po = pppox_sk(sk);
333         struct pppox_sock *relay_po;
334
335         if (sk->sk_state & PPPOX_BOUND) {
336                 struct pppoe_hdr *ph = pppoe_hdr(skb);
337                 int len = ntohs(ph->length);
338                 skb_pull_rcsum(skb, sizeof(struct pppoe_hdr));
339                 if (pskb_trim_rcsum(skb, len))
340                         goto abort_kfree;
341
342                 ppp_input(&po->chan, skb);
343         } else if (sk->sk_state & PPPOX_RELAY) {
344                 relay_po = get_item_by_addr(&po->pppoe_relay);
345
346                 if (relay_po == NULL)
347                         goto abort_kfree;
348
349                 if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == 0)
350                         goto abort_put;
351
352                 skb_pull(skb, sizeof(struct pppoe_hdr));
353                 if (!__pppoe_xmit(sk_pppox(relay_po), skb))
354                         goto abort_put;
355         } else {
356                 if (sock_queue_rcv_skb(sk, skb))
357                         goto abort_kfree;
358         }
359
360         return NET_RX_SUCCESS;
361
362 abort_put:
363         sock_put(sk_pppox(relay_po));
364
365 abort_kfree:
366         kfree_skb(skb);
367         return NET_RX_DROP;
368 }
369
370 /************************************************************************
371  *
372  * Receive wrapper called in BH context.
373  *
374  ***********************************************************************/
375 static int pppoe_rcv(struct sk_buff *skb,
376                      struct net_device *dev,
377                      struct packet_type *pt,
378                      struct net_device *orig_dev)
379
380 {
381         struct pppoe_hdr *ph;
382         struct pppox_sock *po;
383
384         if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
385                 goto drop;
386
387         if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
388                 goto out;
389
390         ph = pppoe_hdr(skb);
391
392         po = get_item((unsigned long) ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
393         if (po != NULL)
394                 return sk_receive_skb(sk_pppox(po), skb, 0);
395 drop:
396         kfree_skb(skb);
397 out:
398         return NET_RX_DROP;
399 }
400
401 /************************************************************************
402  *
403  * Receive a PPPoE Discovery frame.
404  * This is solely for detection of PADT frames
405  *
406  ***********************************************************************/
407 static int pppoe_disc_rcv(struct sk_buff *skb,
408                           struct net_device *dev,
409                           struct packet_type *pt,
410                           struct net_device *orig_dev)
411
412 {
413         struct pppoe_hdr *ph;
414         struct pppox_sock *po;
415
416         if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
417                 goto abort;
418
419         if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
420                 goto out;
421
422         ph = pppoe_hdr(skb);
423         if (ph->code != PADT_CODE)
424                 goto abort;
425
426         po = get_item((unsigned long) ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
427         if (po) {
428                 struct sock *sk = sk_pppox(po);
429
430                 bh_lock_sock(sk);
431
432                 /* If the user has locked the socket, just ignore
433                  * the packet.  With the way two rcv protocols hook into
434                  * one socket family type, we cannot (easily) distinguish
435                  * what kind of SKB it is during backlog rcv.
436                  */
437                 if (sock_owned_by_user(sk) == 0) {
438                         /* We're no longer connect at the PPPOE layer,
439                          * and must wait for ppp channel to disconnect us.
440                          */
441                         sk->sk_state = PPPOX_ZOMBIE;
442                 }
443
444                 bh_unlock_sock(sk);
445                 sock_put(sk);
446         }
447
448 abort:
449         kfree_skb(skb);
450 out:
451         return NET_RX_SUCCESS; /* Lies... :-) */
452 }
453
454 static struct packet_type pppoes_ptype = {
455         .type   = __constant_htons(ETH_P_PPP_SES),
456         .func   = pppoe_rcv,
457 };
458
459 static struct packet_type pppoed_ptype = {
460         .type   = __constant_htons(ETH_P_PPP_DISC),
461         .func   = pppoe_disc_rcv,
462 };
463
464 static struct proto pppoe_sk_proto = {
465         .name     = "PPPOE",
466         .owner    = THIS_MODULE,
467         .obj_size = sizeof(struct pppox_sock),
468 };
469
470 /***********************************************************************
471  *
472  * Initialize a new struct sock.
473  *
474  **********************************************************************/
475 static int pppoe_create(struct socket *sock)
476 {
477         int error = -ENOMEM;
478         struct sock *sk;
479
480         sk = sk_alloc(PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto, 1);
481         if (!sk)
482                 goto out;
483
484         sock_init_data(sock, sk);
485
486         sock->state = SS_UNCONNECTED;
487         sock->ops   = &pppoe_ops;
488
489         sk->sk_backlog_rcv = pppoe_rcv_core;
490         sk->sk_state       = PPPOX_NONE;
491         sk->sk_type        = SOCK_STREAM;
492         sk->sk_family      = PF_PPPOX;
493         sk->sk_protocol    = PX_PROTO_OE;
494
495         error = 0;
496 out:    return error;
497 }
498
499 static int pppoe_release(struct socket *sock)
500 {
501         struct sock *sk = sock->sk;
502         struct pppox_sock *po;
503
504         if (!sk)
505                 return 0;
506
507         if (sock_flag(sk, SOCK_DEAD))
508                 return -EBADF;
509
510         pppox_unbind_sock(sk);
511
512         /* Signal the death of the socket. */
513         sk->sk_state = PPPOX_DEAD;
514
515         po = pppox_sk(sk);
516         if (po->pppoe_pa.sid) {
517                 delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_ifindex);
518         }
519
520         if (po->pppoe_dev)
521                 dev_put(po->pppoe_dev);
522
523         po->pppoe_dev = NULL;
524
525         sock_orphan(sk);
526         sock->sk = NULL;
527
528         skb_queue_purge(&sk->sk_receive_queue);
529         sock_put(sk);
530
531         return 0;
532 }
533
534
535 static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
536                   int sockaddr_len, int flags)
537 {
538         struct sock *sk = sock->sk;
539         struct net_device *dev;
540         struct sockaddr_pppox *sp = (struct sockaddr_pppox *) uservaddr;
541         struct pppox_sock *po = pppox_sk(sk);
542         int error;
543
544         lock_sock(sk);
545
546         error = -EINVAL;
547         if (sp->sa_protocol != PX_PROTO_OE)
548                 goto end;
549
550         /* Check for already bound sockets */
551         error = -EBUSY;
552         if ((sk->sk_state & PPPOX_CONNECTED) && sp->sa_addr.pppoe.sid)
553                 goto end;
554
555         /* Check for already disconnected sockets, on attempts to disconnect */
556         error = -EALREADY;
557         if ((sk->sk_state & PPPOX_DEAD) && !sp->sa_addr.pppoe.sid )
558                 goto end;
559
560         error = 0;
561         if (po->pppoe_pa.sid) {
562                 pppox_unbind_sock(sk);
563
564                 /* Delete the old binding */
565                 delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex);
566
567                 if(po->pppoe_dev)
568                         dev_put(po->pppoe_dev);
569
570                 memset(sk_pppox(po) + 1, 0,
571                        sizeof(struct pppox_sock) - sizeof(struct sock));
572
573                 sk->sk_state = PPPOX_NONE;
574         }
575
576         /* Don't re-bind if sid==0 */
577         if (sp->sa_addr.pppoe.sid != 0) {
578                 dev = dev_get_by_name(sp->sa_addr.pppoe.dev);
579
580                 error = -ENODEV;
581                 if (!dev)
582                         goto end;
583
584                 po->pppoe_dev = dev;
585                 po->pppoe_ifindex = dev->ifindex;
586
587                 write_lock_bh(&pppoe_hash_lock);
588                 if (!(dev->flags & IFF_UP)){
589                         write_unlock_bh(&pppoe_hash_lock);
590                         goto err_put;
591                 }
592
593                 memcpy(&po->pppoe_pa,
594                        &sp->sa_addr.pppoe,
595                        sizeof(struct pppoe_addr));
596
597                 error = __set_item(po);
598                 write_unlock_bh(&pppoe_hash_lock);
599                 if (error < 0)
600                         goto err_put;
601
602                 po->chan.hdrlen = (sizeof(struct pppoe_hdr) +
603                                    dev->hard_header_len);
604
605                 po->chan.mtu = dev->mtu - sizeof(struct pppoe_hdr);
606                 po->chan.private = sk;
607                 po->chan.ops = &pppoe_chan_ops;
608
609                 error = ppp_register_channel(&po->chan);
610                 if (error)
611                         goto err_put;
612
613                 sk->sk_state = PPPOX_CONNECTED;
614         }
615
616         po->num = sp->sa_addr.pppoe.sid;
617
618  end:
619         release_sock(sk);
620         return error;
621 err_put:
622         if (po->pppoe_dev) {
623                 dev_put(po->pppoe_dev);
624                 po->pppoe_dev = NULL;
625         }
626         goto end;
627 }
628
629
630 static int pppoe_getname(struct socket *sock, struct sockaddr *uaddr,
631                   int *usockaddr_len, int peer)
632 {
633         int len = sizeof(struct sockaddr_pppox);
634         struct sockaddr_pppox sp;
635
636         sp.sa_family    = AF_PPPOX;
637         sp.sa_protocol  = PX_PROTO_OE;
638         memcpy(&sp.sa_addr.pppoe, &pppox_sk(sock->sk)->pppoe_pa,
639                sizeof(struct pppoe_addr));
640
641         memcpy(uaddr, &sp, len);
642
643         *usockaddr_len = len;
644
645         return 0;
646 }
647
648
649 static int pppoe_ioctl(struct socket *sock, unsigned int cmd,
650                 unsigned long arg)
651 {
652         struct sock *sk = sock->sk;
653         struct pppox_sock *po = pppox_sk(sk);
654         int val = 0;
655         int err = 0;
656
657         switch (cmd) {
658         case PPPIOCGMRU:
659                 err = -ENXIO;
660
661                 if (!(sk->sk_state & PPPOX_CONNECTED))
662                         break;
663
664                 err = -EFAULT;
665                 if (put_user(po->pppoe_dev->mtu -
666                              sizeof(struct pppoe_hdr) -
667                              PPP_HDRLEN,
668                              (int __user *) arg))
669                         break;
670                 err = 0;
671                 break;
672
673         case PPPIOCSMRU:
674                 err = -ENXIO;
675                 if (!(sk->sk_state & PPPOX_CONNECTED))
676                         break;
677
678                 err = -EFAULT;
679                 if (get_user(val,(int __user *) arg))
680                         break;
681
682                 if (val < (po->pppoe_dev->mtu
683                            - sizeof(struct pppoe_hdr)
684                            - PPP_HDRLEN))
685                         err = 0;
686                 else
687                         err = -EINVAL;
688                 break;
689
690         case PPPIOCSFLAGS:
691                 err = -EFAULT;
692                 if (get_user(val, (int __user *) arg))
693                         break;
694                 err = 0;
695                 break;
696
697         case PPPOEIOCSFWD:
698         {
699                 struct pppox_sock *relay_po;
700
701                 err = -EBUSY;
702                 if (sk->sk_state & (PPPOX_BOUND | PPPOX_ZOMBIE | PPPOX_DEAD))
703                         break;
704
705                 err = -ENOTCONN;
706                 if (!(sk->sk_state & PPPOX_CONNECTED))
707                         break;
708
709                 /* PPPoE address from the user specifies an outbound
710                    PPPoE address which frames are forwarded to */
711                 err = -EFAULT;
712                 if (copy_from_user(&po->pppoe_relay,
713                                    (void __user *)arg,
714                                    sizeof(struct sockaddr_pppox)))
715                         break;
716
717                 err = -EINVAL;
718                 if (po->pppoe_relay.sa_family != AF_PPPOX ||
719                     po->pppoe_relay.sa_protocol!= PX_PROTO_OE)
720                         break;
721
722                 /* Check that the socket referenced by the address
723                    actually exists. */
724                 relay_po = get_item_by_addr(&po->pppoe_relay);
725
726                 if (!relay_po)
727                         break;
728
729                 sock_put(sk_pppox(relay_po));
730                 sk->sk_state |= PPPOX_RELAY;
731                 err = 0;
732                 break;
733         }
734
735         case PPPOEIOCDFWD:
736                 err = -EALREADY;
737                 if (!(sk->sk_state & PPPOX_RELAY))
738                         break;
739
740                 sk->sk_state &= ~PPPOX_RELAY;
741                 err = 0;
742                 break;
743
744         default:;
745         };
746
747         return err;
748 }
749
750
751 static int pppoe_sendmsg(struct kiocb *iocb, struct socket *sock,
752                   struct msghdr *m, size_t total_len)
753 {
754         struct sk_buff *skb;
755         struct sock *sk = sock->sk;
756         struct pppox_sock *po = pppox_sk(sk);
757         int error;
758         struct pppoe_hdr hdr;
759         struct pppoe_hdr *ph;
760         struct net_device *dev;
761         char *start;
762
763         if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) {
764                 error = -ENOTCONN;
765                 goto end;
766         }
767
768         hdr.ver = 1;
769         hdr.type = 1;
770         hdr.code = 0;
771         hdr.sid = po->num;
772
773         lock_sock(sk);
774
775         dev = po->pppoe_dev;
776
777         error = -EMSGSIZE;
778         if (total_len > (dev->mtu + dev->hard_header_len))
779                 goto end;
780
781
782         skb = sock_wmalloc(sk, total_len + dev->hard_header_len + 32,
783                            0, GFP_KERNEL);
784         if (!skb) {
785                 error = -ENOMEM;
786                 goto end;
787         }
788
789         /* Reserve space for headers. */
790         skb_reserve(skb, dev->hard_header_len);
791         skb_reset_network_header(skb);
792
793         skb->dev = dev;
794
795         skb->priority = sk->sk_priority;
796         skb->protocol = __constant_htons(ETH_P_PPP_SES);
797
798         ph = (struct pppoe_hdr *) skb_put(skb, total_len + sizeof(struct pppoe_hdr));
799         start = (char *) &ph->tag[0];
800
801         error = memcpy_fromiovec(start, m->msg_iov, total_len);
802
803         if (error < 0) {
804                 kfree_skb(skb);
805                 goto end;
806         }
807
808         error = total_len;
809         dev->hard_header(skb, dev, ETH_P_PPP_SES,
810                          po->pppoe_pa.remote, NULL, total_len);
811
812         memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
813
814         ph->length = htons(total_len);
815
816         dev_queue_xmit(skb);
817
818 end:
819         release_sock(sk);
820         return error;
821 }
822
823
824 /************************************************************************
825  *
826  * xmit function for internal use.
827  *
828  ***********************************************************************/
829 static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb)
830 {
831         struct pppox_sock *po = pppox_sk(sk);
832         struct net_device *dev = po->pppoe_dev;
833         struct pppoe_hdr hdr;
834         struct pppoe_hdr *ph;
835         int headroom = skb_headroom(skb);
836         int data_len = skb->len;
837         struct sk_buff *skb2;
838
839         if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
840                 goto abort;
841
842         hdr.ver = 1;
843         hdr.type = 1;
844         hdr.code = 0;
845         hdr.sid = po->num;
846         hdr.length = htons(skb->len);
847
848         if (!dev)
849                 goto abort;
850
851         /* Copy the skb if there is no space for the header. */
852         if (headroom < (sizeof(struct pppoe_hdr) + dev->hard_header_len)) {
853                 skb2 = dev_alloc_skb(32+skb->len +
854                                      sizeof(struct pppoe_hdr) +
855                                      dev->hard_header_len);
856
857                 if (skb2 == NULL)
858                         goto abort;
859
860                 skb_reserve(skb2, dev->hard_header_len + sizeof(struct pppoe_hdr));
861                 skb_copy_from_linear_data(skb, skb_put(skb2, skb->len),
862                                           skb->len);
863         } else {
864                 /* Make a clone so as to not disturb the original skb,
865                  * give dev_queue_xmit something it can free.
866                  */
867                 skb2 = skb_clone(skb, GFP_ATOMIC);
868
869                 if (skb2 == NULL)
870                         goto abort;
871         }
872
873         ph = (struct pppoe_hdr *) skb_push(skb2, sizeof(struct pppoe_hdr));
874         memcpy(ph, &hdr, sizeof(struct pppoe_hdr));
875         skb2->protocol = __constant_htons(ETH_P_PPP_SES);
876
877         skb_reset_network_header(skb2);
878
879         skb2->dev = dev;
880
881         dev->hard_header(skb2, dev, ETH_P_PPP_SES,
882                          po->pppoe_pa.remote, NULL, data_len);
883
884         /* We're transmitting skb2, and assuming that dev_queue_xmit
885          * will free it.  The generic ppp layer however, is expecting
886          * that we give back 'skb' (not 'skb2') in case of failure,
887          * but free it in case of success.
888          */
889
890         if (dev_queue_xmit(skb2) < 0)
891                 goto abort;
892
893         kfree_skb(skb);
894         return 1;
895
896 abort:
897         return 0;
898 }
899
900
901 /************************************************************************
902  *
903  * xmit function called by generic PPP driver
904  * sends PPP frame over PPPoE socket
905  *
906  ***********************************************************************/
907 static int pppoe_xmit(struct ppp_channel *chan, struct sk_buff *skb)
908 {
909         struct sock *sk = (struct sock *) chan->private;
910         return __pppoe_xmit(sk, skb);
911 }
912
913
914 static struct ppp_channel_ops pppoe_chan_ops = {
915         .start_xmit = pppoe_xmit,
916 };
917
918 static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock,
919                   struct msghdr *m, size_t total_len, int flags)
920 {
921         struct sock *sk = sock->sk;
922         struct sk_buff *skb;
923         int error = 0;
924
925         if (sk->sk_state & PPPOX_BOUND) {
926                 error = -EIO;
927                 goto end;
928         }
929
930         skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
931                                 flags & MSG_DONTWAIT, &error);
932
933         if (error < 0)
934                 goto end;
935
936         m->msg_namelen = 0;
937
938         if (skb) {
939                 struct pppoe_hdr *ph = pppoe_hdr(skb);
940                 const int len = ntohs(ph->length);
941
942                 error = memcpy_toiovec(m->msg_iov, (unsigned char *) &ph->tag[0], len);
943                 if (error == 0)
944                         error = len;
945         }
946
947         kfree_skb(skb);
948 end:
949         return error;
950 }
951
952 #ifdef CONFIG_PROC_FS
953 static int pppoe_seq_show(struct seq_file *seq, void *v)
954 {
955         struct pppox_sock *po;
956         char *dev_name;
957
958         if (v == SEQ_START_TOKEN) {
959                 seq_puts(seq, "Id       Address              Device\n");
960                 goto out;
961         }
962
963         po = v;
964         dev_name = po->pppoe_pa.dev;
965
966         seq_printf(seq, "%08X %02X:%02X:%02X:%02X:%02X:%02X %8s\n",
967                    po->pppoe_pa.sid,
968                    po->pppoe_pa.remote[0], po->pppoe_pa.remote[1],
969                    po->pppoe_pa.remote[2], po->pppoe_pa.remote[3],
970                    po->pppoe_pa.remote[4], po->pppoe_pa.remote[5], dev_name);
971 out:
972         return 0;
973 }
974
975 static __inline__ struct pppox_sock *pppoe_get_idx(loff_t pos)
976 {
977         struct pppox_sock *po;
978         int i = 0;
979
980         for (; i < PPPOE_HASH_SIZE; i++) {
981                 po = item_hash_table[i];
982                 while (po) {
983                         if (!pos--)
984                                 goto out;
985                         po = po->next;
986                 }
987         }
988 out:
989         return po;
990 }
991
992 static void *pppoe_seq_start(struct seq_file *seq, loff_t *pos)
993 {
994         loff_t l = *pos;
995
996         read_lock_bh(&pppoe_hash_lock);
997         return l ? pppoe_get_idx(--l) : SEQ_START_TOKEN;
998 }
999
1000 static void *pppoe_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1001 {
1002         struct pppox_sock *po;
1003
1004         ++*pos;
1005         if (v == SEQ_START_TOKEN) {
1006                 po = pppoe_get_idx(0);
1007                 goto out;
1008         }
1009         po = v;
1010         if (po->next)
1011                 po = po->next;
1012         else {
1013                 int hash = hash_item(po->pppoe_pa.sid, po->pppoe_pa.remote);
1014
1015                 while (++hash < PPPOE_HASH_SIZE) {
1016                         po = item_hash_table[hash];
1017                         if (po)
1018                                 break;
1019                 }
1020         }
1021 out:
1022         return po;
1023 }
1024
1025 static void pppoe_seq_stop(struct seq_file *seq, void *v)
1026 {
1027         read_unlock_bh(&pppoe_hash_lock);
1028 }
1029
1030 static struct seq_operations pppoe_seq_ops = {
1031         .start          = pppoe_seq_start,
1032         .next           = pppoe_seq_next,
1033         .stop           = pppoe_seq_stop,
1034         .show           = pppoe_seq_show,
1035 };
1036
1037 static int pppoe_seq_open(struct inode *inode, struct file *file)
1038 {
1039         return seq_open(file, &pppoe_seq_ops);
1040 }
1041
1042 static const struct file_operations pppoe_seq_fops = {
1043         .owner          = THIS_MODULE,
1044         .open           = pppoe_seq_open,
1045         .read           = seq_read,
1046         .llseek         = seq_lseek,
1047         .release        = seq_release,
1048 };
1049
1050 static int __init pppoe_proc_init(void)
1051 {
1052         struct proc_dir_entry *p;
1053
1054         p = create_proc_entry("net/pppoe", S_IRUGO, NULL);
1055         if (!p)
1056                 return -ENOMEM;
1057
1058         p->proc_fops = &pppoe_seq_fops;
1059         return 0;
1060 }
1061 #else /* CONFIG_PROC_FS */
1062 static inline int pppoe_proc_init(void) { return 0; }
1063 #endif /* CONFIG_PROC_FS */
1064
1065 static const struct proto_ops pppoe_ops = {
1066     .family             = AF_PPPOX,
1067     .owner              = THIS_MODULE,
1068     .release            = pppoe_release,
1069     .bind               = sock_no_bind,
1070     .connect            = pppoe_connect,
1071     .socketpair         = sock_no_socketpair,
1072     .accept             = sock_no_accept,
1073     .getname            = pppoe_getname,
1074     .poll               = datagram_poll,
1075     .listen             = sock_no_listen,
1076     .shutdown           = sock_no_shutdown,
1077     .setsockopt         = sock_no_setsockopt,
1078     .getsockopt         = sock_no_getsockopt,
1079     .sendmsg            = pppoe_sendmsg,
1080     .recvmsg            = pppoe_recvmsg,
1081     .mmap               = sock_no_mmap,
1082     .ioctl              = pppox_ioctl,
1083 };
1084
1085 static struct pppox_proto pppoe_proto = {
1086     .create     = pppoe_create,
1087     .ioctl      = pppoe_ioctl,
1088     .owner      = THIS_MODULE,
1089 };
1090
1091
1092 static int __init pppoe_init(void)
1093 {
1094         int err = proto_register(&pppoe_sk_proto, 0);
1095
1096         if (err)
1097                 goto out;
1098
1099         err = register_pppox_proto(PX_PROTO_OE, &pppoe_proto);
1100         if (err)
1101                 goto out_unregister_pppoe_proto;
1102
1103         err = pppoe_proc_init();
1104         if (err)
1105                 goto out_unregister_pppox_proto;
1106
1107         dev_add_pack(&pppoes_ptype);
1108         dev_add_pack(&pppoed_ptype);
1109         register_netdevice_notifier(&pppoe_notifier);
1110 out:
1111         return err;
1112 out_unregister_pppox_proto:
1113         unregister_pppox_proto(PX_PROTO_OE);
1114 out_unregister_pppoe_proto:
1115         proto_unregister(&pppoe_sk_proto);
1116         goto out;
1117 }
1118
1119 static void __exit pppoe_exit(void)
1120 {
1121         unregister_pppox_proto(PX_PROTO_OE);
1122         dev_remove_pack(&pppoes_ptype);
1123         dev_remove_pack(&pppoed_ptype);
1124         unregister_netdevice_notifier(&pppoe_notifier);
1125         remove_proc_entry("net/pppoe", NULL);
1126         proto_unregister(&pppoe_sk_proto);
1127 }
1128
1129 module_init(pppoe_init);
1130 module_exit(pppoe_exit);
1131
1132 MODULE_AUTHOR("Michal Ostrowski <mostrows@speakeasy.net>");
1133 MODULE_DESCRIPTION("PPP over Ethernet driver");
1134 MODULE_LICENSE("GPL");
1135 MODULE_ALIAS_NETPROTO(PF_PPPOX);