xref: /netbsd-src/sys/netinet/in_l2tp.c (revision c38e7cc395b1472a774ff828e46123de44c628e9) 
1 /*	$NetBSD: in_l2tp.c,v 1.14 2018/05/01 07:21:39 maxv Exp $	*/
2 
3 /*
4  * Copyright (c) 2017 Internet Initiative Japan Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  * POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include <sys/cdefs.h>
30 __KERNEL_RCSID(0, "$NetBSD: in_l2tp.c,v 1.14 2018/05/01 07:21:39 maxv Exp $");
31 
32 #ifdef _KERNEL_OPT
33 #include "opt_l2tp.h"
34 #endif
35 
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/socket.h>
39 #include <sys/sockio.h>
40 #include <sys/mbuf.h>
41 #include <sys/errno.h>
42 #include <sys/ioctl.h>
43 #include <sys/syslog.h>
44 #include <sys/kernel.h>
45 
46 #include <net/if.h>
47 #include <net/route.h>
48 #include <net/if_ether.h>
49 
50 #include <netinet/in.h>
51 #include <netinet/in_systm.h>
52 #include <netinet/ip.h>
53 #include <netinet/ip_var.h>
54 #include <netinet/ip_private.h>
55 #include <netinet/in_l2tp.h>
56 #include <netinet/in_var.h>
57 #include <netinet/ip_encap.h>
58 
59 #ifdef ALTQ
60 #include <altq/altq.h>
61 #endif
62 
63 /* TODO: IP_TCPMSS support */
64 #undef IP_TCPMSS
65 #ifdef IP_TCPMSS
66 #include <netinet/ip_tcpmss.h>
67 #endif
68 
69 #include <net/if_l2tp.h>
70 
71 int ip_l2tp_ttl = L2TP_TTL;
72 
73 static void in_l2tp_input(struct mbuf *, int, int, void *);
74 
75 static const struct encapsw in_l2tp_encapsw = {
76 	.encapsw4 = {
77 		.pr_input	= in_l2tp_input,
78 		.pr_ctlinput	= NULL,
79 	}
80 };
81 
82 static int in_l2tp_match(struct mbuf *, int, int, void *);
83 
84 int
85 in_l2tp_output(struct l2tp_variant *var, struct mbuf *m)
86 {
87 	struct l2tp_softc *sc;
88 	struct ifnet *ifp;
89 	struct sockaddr_in *sin_src = satosin(var->lv_psrc);
90 	struct sockaddr_in *sin_dst = satosin(var->lv_pdst);
91 	struct ip iphdr;	/* capsule IP header, host byte ordered */
92 	struct rtentry *rt;
93 	struct l2tp_ro *lro;
94 	int error;
95 	uint32_t sess_id;
96 
97 	KASSERT(var != NULL);
98 	KASSERT(l2tp_heldref_variant(var));
99 	KASSERT(sin_src != NULL && sin_dst != NULL);
100 	KASSERT(sin_src->sin_family == AF_INET
101 	    && sin_dst->sin_family == AF_INET);
102 
103 	sc = var->lv_softc;
104 	ifp = &sc->l2tp_ec.ec_if;
105 	error = l2tp_check_nesting(ifp, m);
106 	if (error) {
107 		m_freem(m);
108 		goto looped;
109 	}
110 
111 	/* bidirectional configured tunnel mode */
112 	if (sin_dst->sin_addr.s_addr == INADDR_ANY) {
113 		m_freem(m);
114 		if ((ifp->if_flags & IFF_DEBUG) != 0)
115 			log(LOG_DEBUG, "%s: ENETUNREACH\n", __func__);
116 		error = ENETUNREACH;
117 		goto out;
118 	}
119 
120 #ifdef NOTYET
121 /* TODO: support ALTQ for innner frame */
122 #ifdef ALTQ
123 	ALTQ_SAVE_PAYLOAD(m, AF_ETHER);
124 #endif
125 #endif
126 
127 	memset(&iphdr, 0, sizeof(iphdr));
128 	iphdr.ip_src = sin_src->sin_addr;
129 	iphdr.ip_dst = sin_dst->sin_addr;
130 	iphdr.ip_p = IPPROTO_L2TP;
131 	/* version will be set in ip_output() */
132 	iphdr.ip_ttl = ip_l2tp_ttl;
133 	/* outer IP header length */
134 	iphdr.ip_len = sizeof(struct ip);
135 	/* session-id length */
136 	iphdr.ip_len += sizeof(uint32_t);
137 	if (var->lv_use_cookie == L2TP_COOKIE_ON) {
138 		/* cookie length */
139 		iphdr.ip_len += var->lv_peer_cookie_len;
140 	}
141 
142 /* TODO: IP_TCPMSS support */
143 #ifdef IP_TCPMSS
144 	m = l2tp_tcpmss_clamp(ifp, m);
145 	if (m == NULL) {
146 		error = EINVAL;
147 		goto out;
148 	}
149 #endif
150 
151 	/*
152 	 * Payload length.
153 	 *
154 	 * NOTE: payload length may be changed in ip_tcpmss(). Typical case
155 	 * is missing of TCP mss option in original TCP header.
156 	 */
157 	iphdr.ip_len += m->m_pkthdr.len;
158 	HTONS(iphdr.ip_len);
159 
160 	if (var->lv_use_cookie == L2TP_COOKIE_ON) {
161 		/* prepend session cookie */
162 		uint32_t cookie_32;
163 		uint64_t cookie_64;
164 		M_PREPEND(m, var->lv_peer_cookie_len, M_DONTWAIT);
165 		if (m && m->m_len < var->lv_peer_cookie_len)
166 			m = m_pullup(m, var->lv_peer_cookie_len);
167 		if (m == NULL) {
168 			error = ENOBUFS;
169 			goto out;
170 		}
171 		if (var->lv_peer_cookie_len == 4) {
172 			cookie_32 = htonl((uint32_t)var->lv_peer_cookie);
173 			memcpy(mtod(m, void *), &cookie_32, sizeof(uint32_t));
174 		} else {
175 			cookie_64 = htobe64(var->lv_peer_cookie);
176 			memcpy(mtod(m, void *), &cookie_64, sizeof(uint64_t));
177 		}
178 	}
179 
180 	/* prepend session-ID */
181 	sess_id = htonl(var->lv_peer_sess_id);
182 	M_PREPEND(m, sizeof(uint32_t), M_DONTWAIT);
183 	if (m && m->m_len < sizeof(uint32_t))
184 		m = m_pullup(m, sizeof(uint32_t));
185 	if (m == NULL) {
186 		error = ENOBUFS;
187 		goto out;
188 	}
189 	memcpy(mtod(m, uint32_t *), &sess_id, sizeof(uint32_t));
190 
191 	/* prepend new IP header */
192 	M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
193 	if (m == NULL) {
194 		error = ENOBUFS;
195 		goto out;
196 	}
197 	if (IP_HDR_ALIGNED_P(mtod(m, void *)) == 0) {
198 		m = m_copyup(m, sizeof(struct ip), 0);
199 	} else {
200 		if (m->m_len < sizeof(struct ip))
201 			m = m_pullup(m, sizeof(struct ip));
202 	}
203 	if (m == NULL) {
204 		error = ENOBUFS;
205 		goto out;
206 	}
207 	memcpy(mtod(m, struct ip *), &iphdr, sizeof(struct ip));
208 
209 	lro = percpu_getref(sc->l2tp_ro_percpu);
210 	mutex_enter(lro->lr_lock);
211 	if ((rt = rtcache_lookup(&lro->lr_ro, var->lv_pdst)) == NULL) {
212 		mutex_exit(lro->lr_lock);
213 		percpu_putref(sc->l2tp_ro_percpu);
214 		m_freem(m);
215 		error = ENETUNREACH;
216 		goto out;
217 	}
218 
219 	if (rt->rt_ifp == ifp) {
220 		rtcache_unref(rt, &lro->lr_ro);
221 		rtcache_free(&lro->lr_ro);
222 		mutex_exit(lro->lr_lock);
223 		percpu_putref(sc->l2tp_ro_percpu);
224 		m_freem(m);
225 		error = ENETUNREACH;	/*XXX*/
226 		goto out;
227 	}
228 	rtcache_unref(rt, &lro->lr_ro);
229 
230 	/*
231 	 * To avoid inappropriate rewrite of checksum,
232 	 * clear csum flags.
233 	 */
234 	m->m_pkthdr.csum_flags  = 0;
235 
236 	error = ip_output(m, NULL, &lro->lr_ro, 0, NULL, NULL);
237 	mutex_exit(lro->lr_lock);
238 	percpu_putref(sc->l2tp_ro_percpu);
239 	return error;
240 
241 looped:
242 	if (error)
243 		ifp->if_oerrors++;
244 
245 out:
246 	return error;
247 }
248 
249 static void
250 in_l2tp_input(struct mbuf *m, int off, int proto, void *eparg __unused)
251 {
252 	struct ifnet *l2tpp = NULL;
253 	struct l2tp_softc *sc;
254 	uint32_t sess_id;
255 	uint32_t cookie_32;
256 	uint64_t cookie_64;
257 	struct psref psref;
258 	struct l2tp_variant *var;
259 
260 	KASSERT((m->m_flags & M_PKTHDR) != 0);
261 
262 	if (m->m_pkthdr.len < off + sizeof(uint32_t)) {
263 		m_freem(m);
264 		return;
265 	}
266 
267 	/* get L2TP session ID */
268 	m_copydata(m, off, sizeof(uint32_t), (void *)&sess_id);
269 	NTOHL(sess_id);
270 #ifdef L2TP_DEBUG
271 	log(LOG_DEBUG, "%s: sess_id = %" PRIu32 "\n", __func__, sess_id);
272 #endif
273 	if (sess_id == 0) {
274 		/*
275 		 * L2TPv3 control packet received.
276 		 * userland daemon(l2tpd?) should process.
277 		 */
278 		rip_input(m, off, proto);
279 		return;
280 	}
281 
282 	var = l2tp_lookup_session_ref(sess_id, &psref);
283 	if (var == NULL) {
284 		m_freem(m);
285 		ip_statinc(IP_STAT_NOL2TP);
286 		return;
287 	}
288 
289 	sc = var->lv_softc;
290 	l2tpp = &(sc->l2tp_ec.ec_if);
291 
292 	if (l2tpp == NULL || (l2tpp->if_flags & IFF_UP) == 0) {
293 #ifdef L2TP_DEBUG
294 		if (l2tpp == NULL)
295 			log(LOG_DEBUG, "%s: l2tpp is NULL\n", __func__);
296 		else
297 			log(LOG_DEBUG, "%s: l2tpp is down\n", __func__);
298 #endif
299 		m_freem(m);
300 		ip_statinc(IP_STAT_NOL2TP);
301 		goto out;
302 	}
303 
304 	/* other CPU did l2tp_delete_tunnel */
305 	if (var->lv_psrc == NULL || var->lv_pdst == NULL) {
306 		m_freem(m);
307 		ip_statinc(IP_STAT_NOL2TP);
308 		goto out;
309 	}
310 
311 	if (var->lv_state != L2TP_STATE_UP) {
312 		m_freem(m);
313 		goto out;
314 	}
315 
316 	m_adj(m, off + sizeof(uint32_t));
317 
318 	if (var->lv_use_cookie == L2TP_COOKIE_ON) {
319 		if (m->m_pkthdr.len < var->lv_my_cookie_len) {
320 			m_freem(m);
321 			goto out;
322 		}
323 		if (var->lv_my_cookie_len == 4) {
324 			m_copydata(m, 0, sizeof(uint32_t), (void *)&cookie_32);
325 			NTOHL(cookie_32);
326 			if (cookie_32 != var->lv_my_cookie) {
327 				m_freem(m);
328 				goto out;
329 			}
330 			m_adj(m, sizeof(uint32_t));
331 		} else {
332 			m_copydata(m, 0, sizeof(uint64_t), (void *)&cookie_64);
333 			BE64TOH(cookie_64);
334 			if (cookie_64 != var->lv_my_cookie) {
335 				m_freem(m);
336 				goto out;
337 			}
338 			m_adj(m, sizeof(uint64_t));
339 		}
340 	}
341 
342 /* TODO: IP_TCPMSS support */
343 #ifdef IP_TCPMSS
344 	m = l2tp_tcpmss_clamp(l2tpp, m);
345 	if (m == NULL)
346 		goto out;
347 #endif
348 	l2tp_input(m, l2tpp);
349 
350 out:
351 	l2tp_putref_variant(var, &psref);
352 	return;
353 }
354 
355 /*
356  * This function is used by encap4_lookup() to decide priority of the encaptab.
357  * This priority is compared to the match length between mbuf's source/destination
358  * IPv4 address pair and encaptab's one.
359  * l2tp(4) does not use address pairs to search matched encaptab, so this
360  * function must return the length bigger than or equals to IPv4 address pair to
361  * avoid wrong encaptab.
362  */
363 static int
364 in_l2tp_match(struct mbuf *m, int off, int proto, void *arg)
365 {
366 	struct l2tp_variant *var = arg;
367 	uint32_t sess_id;
368 
369 	KASSERT(proto == IPPROTO_L2TP);
370 
371 	/*
372 	 * If the packet contains no session ID it cannot match
373 	 */
374 	if (m_length(m) < off + sizeof(uint32_t))
375 		return 0;
376 
377 	/* get L2TP session ID */
378 	m_copydata(m, off, sizeof(uint32_t), (void *)&sess_id);
379 	NTOHL(sess_id);
380 	if (sess_id == 0) {
381 		/*
382 		 * L2TPv3 control packet received.
383 		 * userland daemon(l2tpd?) should process.
384 		 */
385 		return 32 * 2;
386 	} else if (sess_id == var->lv_my_sess_id)
387 		return 32 * 2;
388 	else
389 		return 0;
390 }
391 
392 int
393 in_l2tp_attach(struct l2tp_variant *var)
394 {
395 
396 	var->lv_encap_cookie = encap_attach_func(AF_INET, IPPROTO_L2TP,
397 	    in_l2tp_match, &in_l2tp_encapsw, var);
398 	if (var->lv_encap_cookie == NULL)
399 		return EEXIST;
400 
401 	return 0;
402 }
403 
404 int
405 in_l2tp_detach(struct l2tp_variant *var)
406 {
407 	int error;
408 
409 	error = encap_detach(var->lv_encap_cookie);
410 	if (error == 0)
411 		var->lv_encap_cookie = NULL;
412 
413 	return error;
414 }
415