[qemu.git] / net / l2tpv3.c

/*
 * QEMU System Emulator
 *
 * Copyright (c) 2003-2008 Fabrice Bellard
 * Copyright (c) 2012-2014 Cisco Systems
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */

#include "qemu/osdep.h"
#include <linux/ip.h>
#include <netdb.h>
#include "net/net.h"
#include "clients.h"
#include "qemu-common.h"
#include "qemu/error-report.h"
#include "qemu/option.h"
#include "qemu/sockets.h"
#include "qemu/iov.h"
#include "qemu/main-loop.h"


/* The buffer size needs to be investigated for optimum numbers and
 * optimum means of paging in on different systems. This size is
 * chosen to be sufficient to accommodate one packet with some headers
 */

#define BUFFER_ALIGN sysconf(_SC_PAGESIZE)
#define BUFFER_SIZE 2048
#define IOVSIZE 2
#define MAX_L2TPV3_MSGCNT 64
#define MAX_L2TPV3_IOVCNT (MAX_L2TPV3_MSGCNT * IOVSIZE)

/* Header set to 0x30000 signifies a data packet */

#define L2TPV3_DATA_PACKET 0x30000

/* IANA-assigned IP protocol ID for L2TPv3 */

#ifndef IPPROTO_L2TP
#define IPPROTO_L2TP 0x73
#endif

typedef struct NetL2TPV3State {
    NetClientState nc;
    int fd;

    /*
     * these are used for xmit - that happens packet a time
     * and for first sign of life packet (easier to parse that once)
     */

    uint8_t *header_buf;
    struct iovec *vec;

    /*
     * these are used for receive - try to "eat" up to 32 packets at a time
     */

    struct mmsghdr *msgvec;

    /*
     * peer address
     */

    struct sockaddr_storage *dgram_dst;
    uint32_t dst_size;

    /*
     * L2TPv3 parameters
     */

    uint64_t rx_cookie;
    uint64_t tx_cookie;
    uint32_t rx_session;
    uint32_t tx_session;
    uint32_t header_size;
    uint32_t counter;

    /*
    * DOS avoidance in error handling
    */

    bool header_mismatch;

    /*
     * Ring buffer handling
     */

    int queue_head;
    int queue_tail;
    int queue_depth;

    /*
     * Precomputed offsets
     */

    uint32_t offset;
    uint32_t cookie_offset;
    uint32_t counter_offset;
    uint32_t session_offset;

    /* Poll Control */

    bool read_poll;
    bool write_poll;

    /* Flags */

    bool ipv6;
    bool udp;
    bool has_counter;
    bool pin_counter;
    bool cookie;
    bool cookie_is_64;

} NetL2TPV3State;

static void net_l2tpv3_send(void *opaque);
static void l2tpv3_writable(void *opaque);

static void l2tpv3_update_fd_handler(NetL2TPV3State *s)
{
    qemu_set_fd_handler(s->fd,
                        s->read_poll ? net_l2tpv3_send : NULL,
                        s->write_poll ? l2tpv3_writable : NULL,
                        s);
}

static void l2tpv3_read_poll(NetL2TPV3State *s, bool enable)
{
    if (s->read_poll != enable) {
        s->read_poll = enable;
        l2tpv3_update_fd_handler(s);
    }
}

static void l2tpv3_write_poll(NetL2TPV3State *s, bool enable)
{
    if (s->write_poll != enable) {
        s->write_poll = enable;
        l2tpv3_update_fd_handler(s);
    }
}

static void l2tpv3_writable(void *opaque)
{
    NetL2TPV3State *s = opaque;
    l2tpv3_write_poll(s, false);
    qemu_flush_queued_packets(&s->nc);
}

static void l2tpv3_send_completed(NetClientState *nc, ssize_t len)
{
    NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
    l2tpv3_read_poll(s, true);
}

static void l2tpv3_poll(NetClientState *nc, bool enable)
{
    NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
    l2tpv3_write_poll(s, enable);
    l2tpv3_read_poll(s, enable);
}

static void l2tpv3_form_header(NetL2TPV3State *s)
{
    uint32_t *counter;

    if (s->udp) {
        stl_be_p((uint32_t *) s->header_buf, L2TPV3_DATA_PACKET);
    }
    stl_be_p(
            (uint32_t *) (s->header_buf + s->session_offset),
            s->tx_session
        );
    if (s->cookie) {
        if (s->cookie_is_64) {
            stq_be_p(
                (uint64_t *)(s->header_buf + s->cookie_offset),
                s->tx_cookie
            );
        } else {
            stl_be_p(
                (uint32_t *) (s->header_buf + s->cookie_offset),
                s->tx_cookie
            );
        }
    }
    if (s->has_counter) {
        counter = (uint32_t *)(s->header_buf + s->counter_offset);
        if (s->pin_counter) {
            *counter = 0;
        } else {
            stl_be_p(counter, ++s->counter);
        }
    }
}

static ssize_t net_l2tpv3_receive_dgram_iov(NetClientState *nc,
                    const struct iovec *iov,
                    int iovcnt)
{
    NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);

    struct msghdr message;
    int ret;

    if (iovcnt > MAX_L2TPV3_IOVCNT - 1) {
        error_report(
            "iovec too long %d > %d, change l2tpv3.h",
            iovcnt, MAX_L2TPV3_IOVCNT
        );
        return -1;
    }
    l2tpv3_form_header(s);
    memcpy(s->vec + 1, iov, iovcnt * sizeof(struct iovec));
    s->vec->iov_base = s->header_buf;
    s->vec->iov_len = s->offset;
    message.msg_name = s->dgram_dst;
    message.msg_namelen = s->dst_size;
    message.msg_iov = s->vec;
    message.msg_iovlen = iovcnt + 1;
    message.msg_control = NULL;
    message.msg_controllen = 0;
    message.msg_flags = 0;
    do {
        ret = sendmsg(s->fd, &message, 0);
    } while ((ret == -1) && (errno == EINTR));
    if (ret > 0) {
        ret -= s->offset;
    } else if (ret == 0) {
        /* belt and braces - should not occur on DGRAM
        * we should get an error and never a 0 send
        */
        ret = iov_size(iov, iovcnt);
    } else {
        /* signal upper layer that socket buffer is full */
        ret = -errno;
        if (ret == -EAGAIN || ret == -ENOBUFS) {
            l2tpv3_write_poll(s, true);
            ret = 0;
        }
    }
    return ret;
}

static ssize_t net_l2tpv3_receive_dgram(NetClientState *nc,
                    const uint8_t *buf,
                    size_t size)
{
    NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);

    struct iovec *vec;
    struct msghdr message;
    ssize_t ret = 0;

    l2tpv3_form_header(s);
    vec = s->vec;
    vec->iov_base = s->header_buf;
    vec->iov_len = s->offset;
    vec++;
    vec->iov_base = (void *) buf;
    vec->iov_len = size;
    message.msg_name = s->dgram_dst;
    message.msg_namelen = s->dst_size;
    message.msg_iov = s->vec;
    message.msg_iovlen = 2;
    message.msg_control = NULL;
    message.msg_controllen = 0;
    message.msg_flags = 0;
    do {
        ret = sendmsg(s->fd, &message, 0);
    } while ((ret == -1) && (errno == EINTR));
    if (ret > 0) {
        ret -= s->offset;
    } else if (ret == 0) {
        /* belt and braces - should not occur on DGRAM
        * we should get an error and never a 0 send
        */
        ret = size;
    } else {
        ret = -errno;
        if (ret == -EAGAIN || ret == -ENOBUFS) {
            /* signal upper layer that socket buffer is full */
            l2tpv3_write_poll(s, true);
            ret = 0;
        }
    }
    return ret;
}

static int l2tpv3_verify_header(NetL2TPV3State *s, uint8_t *buf)
{

    uint32_t *session;
    uint64_t cookie;

    if ((!s->udp) && (!s->ipv6)) {
        buf += sizeof(struct iphdr) /* fix for ipv4 raw */;
    }

    /* we do not do a strict check for "data" packets as per
    * the RFC spec because the pure IP spec does not have
    * that anyway.
    */

    if (s->cookie) {
        if (s->cookie_is_64) {
            cookie = ldq_be_p(buf + s->cookie_offset);
        } else {
            cookie = ldl_be_p(buf + s->cookie_offset) & 0xffffffffULL;
        }
        if (cookie != s->rx_cookie) {
            if (!s->header_mismatch) {
                error_report("unknown cookie id");
            }
            return -1;
        }
    }
    session = (uint32_t *) (buf + s->session_offset);
    if (ldl_be_p(session) != s->rx_session) {
        if (!s->header_mismatch) {
            error_report("session mismatch");
        }
        return -1;
    }
    return 0;
}

static void net_l2tpv3_process_queue(NetL2TPV3State *s)
{
    int size = 0;
    struct iovec *vec;
    bool bad_read;
    int data_size;
    struct mmsghdr *msgvec;

    /* go into ring mode only if there is a "pending" tail */
    if (s->queue_depth > 0) {
        do {
            msgvec = s->msgvec + s->queue_tail;
            if (msgvec->msg_len > 0) {
                data_size = msgvec->msg_len - s->header_size;
                vec = msgvec->msg_hdr.msg_iov;
                if ((data_size > 0) &&
                    (l2tpv3_verify_header(s, vec->iov_base) == 0)) {
                    vec++;
                    /* Use the legacy delivery for now, we will
                     * switch to using our own ring as a queueing mechanism
                     * at a later date
                     */
                    size = qemu_send_packet_async(
                            &s->nc,
                            vec->iov_base,
                            data_size,
                            l2tpv3_send_completed
                        );
                    if (size == 0) {
                        l2tpv3_read_poll(s, false);
                    }
                    bad_read = false;
                } else {
                    bad_read = true;
                    if (!s->header_mismatch) {
                        /* report error only once */
                        error_report("l2tpv3 header verification failed");
                        s->header_mismatch = true;
                    }
                }
            } else {
                bad_read = true;
            }
            s->queue_tail = (s->queue_tail + 1) % MAX_L2TPV3_MSGCNT;
            s->queue_depth--;
        } while (
                (s->queue_depth > 0) &&
                 qemu_can_send_packet(&s->nc) &&
                ((size > 0) || bad_read)
            );
    }
}

static void net_l2tpv3_send(void *opaque)
{
    NetL2TPV3State *s = opaque;
    int target_count, count;
    struct mmsghdr *msgvec;

    /* go into ring mode only if there is a "pending" tail */

    if (s->queue_depth) {

        /* The ring buffer we use has variable intake
         * count of how much we can read varies - adjust accordingly
         */

        target_count = MAX_L2TPV3_MSGCNT - s->queue_depth;

        /* Ensure we do not overrun the ring when we have
         * a lot of enqueued packets
         */

        if (s->queue_head + target_count > MAX_L2TPV3_MSGCNT) {
            target_count = MAX_L2TPV3_MSGCNT - s->queue_head;
        }
    } else {

        /* we do not have any pending packets - we can use
        * the whole message vector linearly instead of using
        * it as a ring
        */

        s->queue_head = 0;
        s->queue_tail = 0;
        target_count = MAX_L2TPV3_MSGCNT;
    }

    msgvec = s->msgvec + s->queue_head;
    if (target_count > 0) {
        do {
            count = recvmmsg(
                s->fd,
                msgvec,
                target_count, MSG_DONTWAIT, NULL);
        } while ((count == -1) && (errno == EINTR));
        if (count < 0) {
            /* Recv error - we still need to flush packets here,
             * (re)set queue head to current position
             */
            count = 0;
        }
        s->queue_head = (s->queue_head + count) % MAX_L2TPV3_MSGCNT;
        s->queue_depth += count;
    }
    net_l2tpv3_process_queue(s);
}

static void destroy_vector(struct mmsghdr *msgvec, int count, int iovcount)
{
    int i, j;
    struct iovec *iov;
    struct mmsghdr *cleanup = msgvec;
    if (cleanup) {
        for (i = 0; i < count; i++) {
            if (cleanup->msg_hdr.msg_iov) {
                iov = cleanup->msg_hdr.msg_iov;
                for (j = 0; j < iovcount; j++) {
                    g_free(iov->iov_base);
                    iov++;
                }
                g_free(cleanup->msg_hdr.msg_iov);
            }
            cleanup++;
        }
        g_free(msgvec);
    }
}

static struct mmsghdr *build_l2tpv3_vector(NetL2TPV3State *s, int count)
{
    int i;
    struct iovec *iov;
    struct mmsghdr *msgvec, *result;

    msgvec = g_new(struct mmsghdr, count);
    result = msgvec;
    for (i = 0; i < count ; i++) {
        msgvec->msg_hdr.msg_name = NULL;
        msgvec->msg_hdr.msg_namelen = 0;
        iov =  g_new(struct iovec, IOVSIZE);
        msgvec->msg_hdr.msg_iov = iov;
        iov->iov_base = g_malloc(s->header_size);
        iov->iov_len = s->header_size;
        iov++ ;
        iov->iov_base = qemu_memalign(BUFFER_ALIGN, BUFFER_SIZE);
        iov->iov_len = BUFFER_SIZE;
        msgvec->msg_hdr.msg_iovlen = 2;
        msgvec->msg_hdr.msg_control = NULL;
        msgvec->msg_hdr.msg_controllen = 0;
        msgvec->msg_hdr.msg_flags = 0;
        msgvec++;
    }
    return result;
}

static void net_l2tpv3_cleanup(NetClientState *nc)
{
    NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
    qemu_purge_queued_packets(nc);
    l2tpv3_read_poll(s, false);
    l2tpv3_write_poll(s, false);
    if (s->fd >= 0) {
        close(s->fd);
    }
    destroy_vector(s->msgvec, MAX_L2TPV3_MSGCNT, IOVSIZE);
    g_free(s->vec);
    g_free(s->header_buf);
    g_free(s->dgram_dst);
}

static NetClientInfo net_l2tpv3_info = {
    .type = NET_CLIENT_DRIVER_L2TPV3,
    .size = sizeof(NetL2TPV3State),
    .receive = net_l2tpv3_receive_dgram,
    .receive_iov = net_l2tpv3_receive_dgram_iov,
    .poll = l2tpv3_poll,
    .cleanup = net_l2tpv3_cleanup,
};

int net_init_l2tpv3(const Netdev *netdev,
                    const char *name,
                    NetClientState *peer, Error **errp)
{
    /* FIXME error_setg(errp, ...) on failure */
    const NetdevL2TPv3Options *l2tpv3;
    NetL2TPV3State *s;
    NetClientState *nc;
    int fd = -1, gairet;
    struct addrinfo hints;
    struct addrinfo *result = NULL;
    char *srcport, *dstport;

    nc = qemu_new_net_client(&net_l2tpv3_info, peer, "l2tpv3", name);

    s = DO_UPCAST(NetL2TPV3State, nc, nc);

    s->queue_head = 0;
    s->queue_tail = 0;
    s->header_mismatch = false;

    assert(netdev->type == NET_CLIENT_DRIVER_L2TPV3);
    l2tpv3 = &netdev->u.l2tpv3;

    if (l2tpv3->has_ipv6 && l2tpv3->ipv6) {
        s->ipv6 = l2tpv3->ipv6;
    } else {
        s->ipv6 = false;
    }

    if ((l2tpv3->has_offset) && (l2tpv3->offset > 256)) {
        error_report("l2tpv3_open : offset must be less than 256 bytes");
        goto outerr;
    }

    if (l2tpv3->has_rxcookie || l2tpv3->has_txcookie) {
        if (l2tpv3->has_rxcookie && l2tpv3->has_txcookie) {
            s->cookie = true;
        } else {
            goto outerr;
        }
    } else {
        s->cookie = false;
    }

    if (l2tpv3->has_cookie64 || l2tpv3->cookie64) {
        s->cookie_is_64  = true;
    } else {
        s->cookie_is_64  = false;
    }

    if (l2tpv3->has_udp && l2tpv3->udp) {
        s->udp = true;
        if (!(l2tpv3->has_srcport && l2tpv3->has_dstport)) {
            error_report("l2tpv3_open : need both src and dst port for udp");
            goto outerr;
        } else {
            srcport = l2tpv3->srcport;
            dstport = l2tpv3->dstport;
        }
    } else {
        s->udp = false;
        srcport = NULL;
        dstport = NULL;
    }


    s->offset = 4;
    s->session_offset = 0;
    s->cookie_offset = 4;
    s->counter_offset = 4;

    s->tx_session = l2tpv3->txsession;
    if (l2tpv3->has_rxsession) {
        s->rx_session = l2tpv3->rxsession;
    } else {
        s->rx_session = s->tx_session;
    }

    if (s->cookie) {
        s->rx_cookie = l2tpv3->rxcookie;
        s->tx_cookie = l2tpv3->txcookie;
        if (s->cookie_is_64 == true) {
            /* 64 bit cookie */
            s->offset += 8;
            s->counter_offset += 8;
        } else {
            /* 32 bit cookie */
            s->offset += 4;
            s->counter_offset += 4;
        }
    }

    memset(&hints, 0, sizeof(hints));

    if (s->ipv6) {
        hints.ai_family = AF_INET6;
    } else {
        hints.ai_family = AF_INET;
    }
    if (s->udp) {
        hints.ai_socktype = SOCK_DGRAM;
        hints.ai_protocol = 0;
        s->offset += 4;
        s->counter_offset += 4;
        s->session_offset += 4;
        s->cookie_offset += 4;
    } else {
        hints.ai_socktype = SOCK_RAW;
        hints.ai_protocol = IPPROTO_L2TP;
    }

    gairet = getaddrinfo(l2tpv3->src, srcport, &hints, &result);

    if ((gairet != 0) || (result == NULL)) {
        error_report(
            "l2tpv3_open : could not resolve src, errno = %s",
            gai_strerror(gairet)
        );
        goto outerr;
    }
    fd = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
    if (fd == -1) {
        fd = -errno;
        error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
        goto outerr;
    }
    if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
        error_report("l2tpv3_open :  could not bind socket err=%i", errno);
        goto outerr;
    }
    if (result) {
        freeaddrinfo(result);
    }

    memset(&hints, 0, sizeof(hints));

    if (s->ipv6) {
        hints.ai_family = AF_INET6;
    } else {
        hints.ai_family = AF_INET;
    }
    if (s->udp) {
        hints.ai_socktype = SOCK_DGRAM;
        hints.ai_protocol = 0;
    } else {
        hints.ai_socktype = SOCK_RAW;
        hints.ai_protocol = IPPROTO_L2TP;
    }

    result = NULL;
    gairet = getaddrinfo(l2tpv3->dst, dstport, &hints, &result);
    if ((gairet != 0) || (result == NULL)) {
        error_report(
            "l2tpv3_open : could not resolve dst, error = %s",
            gai_strerror(gairet)
        );
        goto outerr;
    }

    s->dgram_dst = g_new0(struct sockaddr_storage, 1);
    memcpy(s->dgram_dst, result->ai_addr, result->ai_addrlen);
    s->dst_size = result->ai_addrlen;

    if (result) {
        freeaddrinfo(result);
    }

    if (l2tpv3->has_counter && l2tpv3->counter) {
        s->has_counter = true;
        s->offset += 4;
    } else {
        s->has_counter = false;
    }

    if (l2tpv3->has_pincounter && l2tpv3->pincounter) {
        s->has_counter = true;  /* pin counter implies that there is counter */
        s->pin_counter = true;
    } else {
        s->pin_counter = false;
    }

    if (l2tpv3->has_offset) {
        /* extra offset */
        s->offset += l2tpv3->offset;
    }

    if ((s->ipv6) || (s->udp)) {
        s->header_size = s->offset;
    } else {
        s->header_size = s->offset + sizeof(struct iphdr);
    }

    s->msgvec = build_l2tpv3_vector(s, MAX_L2TPV3_MSGCNT);
    s->vec = g_new(struct iovec, MAX_L2TPV3_IOVCNT);
    s->header_buf = g_malloc(s->header_size);

    qemu_set_nonblock(fd);

    s->fd = fd;
    s->counter = 0;

    l2tpv3_read_poll(s, true);

    snprintf(s->nc.info_str, sizeof(s->nc.info_str),
             "l2tpv3: connected");
    return 0;
outerr:
    qemu_del_net_client(nc);
    if (fd >= 0) {
        close(fd);
    }
    if (result) {
        freeaddrinfo(result);
    }
    return -1;
}
Commit	Line	Data
3fb69aa1 AI	1	/*
	2	* QEMU System Emulator
	3	*
	4	* Copyright (c) 2003-2008 Fabrice Bellard
	5	* Copyright (c) 2012-2014 Cisco Systems
	6	*
	7	* Permission is hereby granted, free of charge, to any person obtaining a copy
	8	* of this software and associated documentation files (the "Software"), to deal
	9	* in the Software without restriction, including without limitation the rights
	10	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	11	* copies of the Software, and to permit persons to whom the Software is
	12	* furnished to do so, subject to the following conditions:
	13	*
	14	* The above copyright notice and this permission notice shall be included in
	15	* all copies or substantial portions of the Software.
	16	*
	17	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	18	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	19	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
	20	* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	21	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	22	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	23	* THE SOFTWARE.
	24	*/
	25
2744d920	26	#include "qemu/osdep.h"
3fb69aa1 AI	27	#include <linux/ip.h>
3fb69aa1 AI	28	#include <netdb.h>
3fb69aa1 AI	29	#include "net/net.h"
3fb69aa1 AI	30	#include "clients.h"
3fb69aa1 AI	31	#include "qemu-common.h"
	32	#include "qemu/error-report.h"
	33	#include "qemu/option.h"
	34	#include "qemu/sockets.h"
	35	#include "qemu/iov.h"
	36	#include "qemu/main-loop.h"
	37
	38
	39	/* The buffer size needs to be investigated for optimum numbers and
	40	* optimum means of paging in on different systems. This size is
	41	* chosen to be sufficient to accommodate one packet with some headers
	42	*/
	43
	44	#define BUFFER_ALIGN sysconf(_SC_PAGESIZE)
	45	#define BUFFER_SIZE 2048
	46	#define IOVSIZE 2
	47	#define MAX_L2TPV3_MSGCNT 64
	48	#define MAX_L2TPV3_IOVCNT (MAX_L2TPV3_MSGCNT * IOVSIZE)
	49
	50	/* Header set to 0x30000 signifies a data packet */
	51
	52	#define L2TPV3_DATA_PACKET 0x30000
	53
	54	/* IANA-assigned IP protocol ID for L2TPv3 */
	55
	56	#ifndef IPPROTO_L2TP
	57	#define IPPROTO_L2TP 0x73
	58	#endif
	59
	60	typedef struct NetL2TPV3State {
	61	NetClientState nc;
	62	int fd;
	63
	64	/*
	65	* these are used for xmit - that happens packet a time
	66	* and for first sign of life packet (easier to parse that once)
	67	*/
	68
	69	uint8_t *header_buf;
	70	struct iovec *vec;
	71
	72	/*
	73	* these are used for receive - try to "eat" up to 32 packets at a time
	74	*/
	75
	76	struct mmsghdr *msgvec;
	77
	78	/*
	79	* peer address
	80	*/
	81
	82	struct sockaddr_storage *dgram_dst;
	83	uint32_t dst_size;
	84
	85	/*
	86	* L2TPv3 parameters
	87	*/
	88
	89	uint64_t rx_cookie;
	90	uint64_t tx_cookie;
	91	uint32_t rx_session;
	92	uint32_t tx_session;
	93	uint32_t header_size;
	94	uint32_t counter;
95
96	/*
97	* DOS avoidance in error handling
98	*/
99
100	bool header_mismatch;
101
102	/*
103	* Ring buffer handling
104	*/
105
106	int queue_head;
107	int queue_tail;
108	int queue_depth;
109
110	/*
111	* Precomputed offsets
112	*/
113
114	uint32_t offset;
115	uint32_t cookie_offset;
116	uint32_t counter_offset;
117	uint32_t session_offset;
118
119	/* Poll Control */
120
121	bool read_poll;
122	bool write_poll;
123
124	/* Flags */
125
126	bool ipv6;
127	bool udp;
128	bool has_counter;
129	bool pin_counter;
130	bool cookie;
131	bool cookie_is_64;
132
133	} NetL2TPV3State;
134
3fb69aa1 AI	135	static void net_l2tpv3_send(void *opaque);
	136	static void l2tpv3_writable(void *opaque);
	137
	138	static void l2tpv3_update_fd_handler(NetL2TPV3State *s)
	139	{
82e1cc4b FZ	140	qemu_set_fd_handler(s->fd,
	141	s->read_poll ? net_l2tpv3_send : NULL,
	142	s->write_poll ? l2tpv3_writable : NULL,
	143	s);
3fb69aa1 AI	144	}
	145
	146	static void l2tpv3_read_poll(NetL2TPV3State *s, bool enable)
	147	{
	148	if (s->read_poll != enable) {
	149	s->read_poll = enable;
	150	l2tpv3_update_fd_handler(s);
	151	}
	152	}
	153
	154	static void l2tpv3_write_poll(NetL2TPV3State *s, bool enable)
	155	{
	156	if (s->write_poll != enable) {
	157	s->write_poll = enable;
	158	l2tpv3_update_fd_handler(s);
	159	}
	160	}
	161
	162	static void l2tpv3_writable(void *opaque)
	163	{
	164	NetL2TPV3State *s = opaque;
	165	l2tpv3_write_poll(s, false);
	166	qemu_flush_queued_packets(&s->nc);
	167	}
	168
3fb69aa1 AI	169	static void l2tpv3_send_completed(NetClientState *nc, ssize_t len)
	170	{
	171	NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
	172	l2tpv3_read_poll(s, true);
	173	}
	174
	175	static void l2tpv3_poll(NetClientState *nc, bool enable)
	176	{
	177	NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
	178	l2tpv3_write_poll(s, enable);
	179	l2tpv3_read_poll(s, enable);
	180	}
	181
	182	static void l2tpv3_form_header(NetL2TPV3State *s)
	183	{
	184	uint32_t *counter;
	185
	186	if (s->udp) {
	187	stl_be_p((uint32_t *) s->header_buf, L2TPV3_DATA_PACKET);
	188	}
	189	stl_be_p(
	190	(uint32_t *) (s->header_buf + s->session_offset),
	191	s->tx_session
	192	);
	193	if (s->cookie) {
	194	if (s->cookie_is_64) {
	195	stq_be_p(
	196	(uint64_t *)(s->header_buf + s->cookie_offset),
	197	s->tx_cookie
	198	);
	199	} else {
	200	stl_be_p(
	201	(uint32_t *) (s->header_buf + s->cookie_offset),
	202	s->tx_cookie
	203	);
	204	}
	205	}
	206	if (s->has_counter) {
	207	counter = (uint32_t *)(s->header_buf + s->counter_offset);
	208	if (s->pin_counter) {
	209	*counter = 0;
	210	} else {
	211	stl_be_p(counter, ++s->counter);
	212	}
	213	}
	214	}
	215
	216	static ssize_t net_l2tpv3_receive_dgram_iov(NetClientState *nc,
	217	const struct iovec *iov,
	218	int iovcnt)
	219	{
	220	NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
	221
	222	struct msghdr message;
	223	int ret;
	224
	225	if (iovcnt > MAX_L2TPV3_IOVCNT - 1) {
	226	error_report(
	227	"iovec too long %d > %d, change l2tpv3.h",
	228	iovcnt, MAX_L2TPV3_IOVCNT
	229	);
	230	return -1;
	231	}
	232	l2tpv3_form_header(s);
233	memcpy(s->vec + 1, iov, iovcnt * sizeof(struct iovec));
234	s->vec->iov_base = s->header_buf;
235	s->vec->iov_len = s->offset;
236	message.msg_name = s->dgram_dst;
237	message.msg_namelen = s->dst_size;
238	message.msg_iov = s->vec;
239	message.msg_iovlen = iovcnt + 1;
240	message.msg_control = NULL;
241	message.msg_controllen = 0;
242	message.msg_flags = 0;
243	do {
244	ret = sendmsg(s->fd, &message, 0);
245	} while ((ret == -1) && (errno == EINTR));
246	if (ret > 0) {
247	ret -= s->offset;
248	} else if (ret == 0) {
249	/* belt and braces - should not occur on DGRAM
250	* we should get an error and never a 0 send
251	*/
252	ret = iov_size(iov, iovcnt);
253	} else {
254	/* signal upper layer that socket buffer is full */
255	ret = -errno;
256	if (ret == -EAGAIN \|\| ret == -ENOBUFS) {
257	l2tpv3_write_poll(s, true);
258	ret = 0;
259	}
260	}
261	return ret;
262	}
263
264	static ssize_t net_l2tpv3_receive_dgram(NetClientState *nc,
265	const uint8_t *buf,
266	size_t size)
267	{
268	NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
269
270	struct iovec *vec;
271	struct msghdr message;
272	ssize_t ret = 0;
273
274	l2tpv3_form_header(s);
275	vec = s->vec;
276	vec->iov_base = s->header_buf;
277	vec->iov_len = s->offset;
278	vec++;
279	vec->iov_base = (void *) buf;
280	vec->iov_len = size;
281	message.msg_name = s->dgram_dst;
282	message.msg_namelen = s->dst_size;
283	message.msg_iov = s->vec;
284	message.msg_iovlen = 2;
285	message.msg_control = NULL;
286	message.msg_controllen = 0;
287	message.msg_flags = 0;
288	do {
289	ret = sendmsg(s->fd, &message, 0);
290	} while ((ret == -1) && (errno == EINTR));
291	if (ret > 0) {
292	ret -= s->offset;
293	} else if (ret == 0) {
294	/* belt and braces - should not occur on DGRAM
295	* we should get an error and never a 0 send
296	*/
297	ret = size;
298	} else {
299	ret = -errno;
300	if (ret == -EAGAIN \|\| ret == -ENOBUFS) {
301	/* signal upper layer that socket buffer is full */
302	l2tpv3_write_poll(s, true);
303	ret = 0;
304	}
305	}
306	return ret;
307	}
308
309	static int l2tpv3_verify_header(NetL2TPV3State s, uint8_t buf)
310	{
311
312	uint32_t *session;
313	uint64_t cookie;
314
315	if ((!s->udp) && (!s->ipv6)) {
316	buf += sizeof(struct iphdr) /* fix for ipv4 raw */;
317	}
318
319	/* we do not do a strict check for "data" packets as per
320	* the RFC spec because the pure IP spec does not have
321	* that anyway.
322	*/
323
324	if (s->cookie) {
325	if (s->cookie_is_64) {
326	cookie = ldq_be_p(buf + s->cookie_offset);
327	} else {
3be9b352	328	cookie = ldl_be_p(buf + s->cookie_offset) & 0xffffffffULL;
3fb69aa1 AI	329	}
	330	if (cookie != s->rx_cookie) {
	331	if (!s->header_mismatch) {
	332	error_report("unknown cookie id");
	333	}
	334	return -1;
	335	}
	336	}
	337	session = (uint32_t *) (buf + s->session_offset);
	338	if (ldl_be_p(session) != s->rx_session) {
	339	if (!s->header_mismatch) {
	340	error_report("session mismatch");
	341	}
	342	return -1;
	343	}
	344	return 0;
	345	}
	346
	347	static void net_l2tpv3_process_queue(NetL2TPV3State *s)
	348	{
	349	int size = 0;
	350	struct iovec *vec;
	351	bool bad_read;
	352	int data_size;
	353	struct mmsghdr *msgvec;
	354
	355	/* go into ring mode only if there is a "pending" tail */
	356	if (s->queue_depth > 0) {
	357	do {
	358	msgvec = s->msgvec + s->queue_tail;
	359	if (msgvec->msg_len > 0) {
	360	data_size = msgvec->msg_len - s->header_size;
	361	vec = msgvec->msg_hdr.msg_iov;
	362	if ((data_size > 0) &&
	363	(l2tpv3_verify_header(s, vec->iov_base) == 0)) {
	364	vec++;
	365	/* Use the legacy delivery for now, we will
	366	* switch to using our own ring as a queueing mechanism
	367	* at a later date
	368	*/
	369	size = qemu_send_packet_async(
	370	&s->nc,
	371	vec->iov_base,
	372	data_size,
	373	l2tpv3_send_completed
	374	);
	375	if (size == 0) {
	376	l2tpv3_read_poll(s, false);
	377	}
	378	bad_read = false;
	379	} else {
	380	bad_read = true;
	381	if (!s->header_mismatch) {
	382	/* report error only once */
	383	error_report("l2tpv3 header verification failed");
	384	s->header_mismatch = true;
	385	}
	386	}
	387	} else {
	388	bad_read = true;
	389	}
	390	s->queue_tail = (s->queue_tail + 1) % MAX_L2TPV3_MSGCNT;
	391	s->queue_depth--;
	392	} while (
393	(s->queue_depth > 0) &&
394	qemu_can_send_packet(&s->nc) &&
395	((size > 0) \|\| bad_read)
396	);
397	}
398	}
399
400	static void net_l2tpv3_send(void *opaque)
401	{
402	NetL2TPV3State *s = opaque;
403	int target_count, count;
404	struct mmsghdr *msgvec;
405
406	/* go into ring mode only if there is a "pending" tail */
407
408	if (s->queue_depth) {
409
410	/* The ring buffer we use has variable intake
411	* count of how much we can read varies - adjust accordingly
412	*/
413
414	target_count = MAX_L2TPV3_MSGCNT - s->queue_depth;
415
416	/* Ensure we do not overrun the ring when we have
417	* a lot of enqueued packets
418	*/
419
420	if (s->queue_head + target_count > MAX_L2TPV3_MSGCNT) {
421	target_count = MAX_L2TPV3_MSGCNT - s->queue_head;
422	}
423	} else {
424
425	/* we do not have any pending packets - we can use
426	* the whole message vector linearly instead of using
427	* it as a ring
428	*/
429
430	s->queue_head = 0;
431	s->queue_tail = 0;
432	target_count = MAX_L2TPV3_MSGCNT;
433	}
434
435	msgvec = s->msgvec + s->queue_head;
436	if (target_count > 0) {
437	do {
438	count = recvmmsg(
439	s->fd,
440	msgvec,
441	target_count, MSG_DONTWAIT, NULL);
442	} while ((count == -1) && (errno == EINTR));
443	if (count < 0) {
444	/* Recv error - we still need to flush packets here,
445	* (re)set queue head to current position
446	*/
447	count = 0;
448	}
449	s->queue_head = (s->queue_head + count) % MAX_L2TPV3_MSGCNT;
450	s->queue_depth += count;
451	}
452	net_l2tpv3_process_queue(s);
453	}
454
455	static void destroy_vector(struct mmsghdr *msgvec, int count, int iovcount)
456	{
457	int i, j;
458	struct iovec *iov;
459	struct mmsghdr *cleanup = msgvec;
460	if (cleanup) {
461	for (i = 0; i < count; i++) {
462	if (cleanup->msg_hdr.msg_iov) {
463	iov = cleanup->msg_hdr.msg_iov;
464	for (j = 0; j < iovcount; j++) {
465	g_free(iov->iov_base);
466	iov++;
467	}
468	g_free(cleanup->msg_hdr.msg_iov);
469	}
470	cleanup++;
471	}
472	g_free(msgvec);
473	}
474	}
475
476	static struct mmsghdr build_l2tpv3_vector(NetL2TPV3State s, int count)
477	{
478	int i;
479	struct iovec *iov;
480	struct mmsghdr msgvec, result;
481
58889fe5	482	msgvec = g_new(struct mmsghdr, count);
3fb69aa1 AI	483	result = msgvec;
	484	for (i = 0; i < count ; i++) {
	485	msgvec->msg_hdr.msg_name = NULL;
	486	msgvec->msg_hdr.msg_namelen = 0;
58889fe5	487	iov = g_new(struct iovec, IOVSIZE);
3fb69aa1 AI	488	msgvec->msg_hdr.msg_iov = iov;
	489	iov->iov_base = g_malloc(s->header_size);
	490	iov->iov_len = s->header_size;
	491	iov++ ;
	492	iov->iov_base = qemu_memalign(BUFFER_ALIGN, BUFFER_SIZE);
	493	iov->iov_len = BUFFER_SIZE;
	494	msgvec->msg_hdr.msg_iovlen = 2;
	495	msgvec->msg_hdr.msg_control = NULL;
	496	msgvec->msg_hdr.msg_controllen = 0;
	497	msgvec->msg_hdr.msg_flags = 0;
	498	msgvec++;
	499	}
	500	return result;
	501	}
	502
	503	static void net_l2tpv3_cleanup(NetClientState *nc)
	504	{
	505	NetL2TPV3State *s = DO_UPCAST(NetL2TPV3State, nc, nc);
	506	qemu_purge_queued_packets(nc);
	507	l2tpv3_read_poll(s, false);
	508	l2tpv3_write_poll(s, false);
d4754a95	509	if (s->fd >= 0) {
3fb69aa1 AI	510	close(s->fd);
	511	}
	512	destroy_vector(s->msgvec, MAX_L2TPV3_MSGCNT, IOVSIZE);
	513	g_free(s->vec);
	514	g_free(s->header_buf);
	515	g_free(s->dgram_dst);
	516	}
	517
	518	static NetClientInfo net_l2tpv3_info = {
f394b2e2	519	.type = NET_CLIENT_DRIVER_L2TPV3,
3fb69aa1 AI	520	.size = sizeof(NetL2TPV3State),
	521	.receive = net_l2tpv3_receive_dgram,
	522	.receive_iov = net_l2tpv3_receive_dgram_iov,
	523	.poll = l2tpv3_poll,
	524	.cleanup = net_l2tpv3_cleanup,
	525	};
	526
cebea510	527	int net_init_l2tpv3(const Netdev *netdev,
3fb69aa1	528	const char *name,
a30ecde6	529	NetClientState peer, Error *errp)
3fb69aa1	530	{
a30ecde6	531	/* FIXME error_setg(errp, ...) on failure */
3fb69aa1 AI	532	const NetdevL2TPv3Options *l2tpv3;
	533	NetL2TPV3State *s;
	534	NetClientState *nc;
	535	int fd = -1, gairet;
	536	struct addrinfo hints;
	537	struct addrinfo *result = NULL;
	538	char srcport, dstport;
	539
	540	nc = qemu_new_net_client(&net_l2tpv3_info, peer, "l2tpv3", name);
	541
	542	s = DO_UPCAST(NetL2TPV3State, nc, nc);
	543
	544	s->queue_head = 0;
	545	s->queue_tail = 0;
	546	s->header_mismatch = false;
	547
f394b2e2 EB	548	assert(netdev->type == NET_CLIENT_DRIVER_L2TPV3);
f394b2e2 EB	549	l2tpv3 = &netdev->u.l2tpv3;
3fb69aa1 AI	550
	551	if (l2tpv3->has_ipv6 && l2tpv3->ipv6) {
	552	s->ipv6 = l2tpv3->ipv6;
	553	} else {
	554	s->ipv6 = false;
	555	}
	556
	557	if ((l2tpv3->has_offset) && (l2tpv3->offset > 256)) {
	558	error_report("l2tpv3_open : offset must be less than 256 bytes");
	559	goto outerr;
	560	}
	561
	562	if (l2tpv3->has_rxcookie \|\| l2tpv3->has_txcookie) {
	563	if (l2tpv3->has_rxcookie && l2tpv3->has_txcookie) {
	564	s->cookie = true;
	565	} else {
	566	goto outerr;
	567	}
	568	} else {
	569	s->cookie = false;
	570	}
	571
	572	if (l2tpv3->has_cookie64 \|\| l2tpv3->cookie64) {
	573	s->cookie_is_64 = true;
	574	} else {
	575	s->cookie_is_64 = false;
	576	}
	577
	578	if (l2tpv3->has_udp && l2tpv3->udp) {
	579	s->udp = true;
	580	if (!(l2tpv3->has_srcport && l2tpv3->has_dstport)) {
	581	error_report("l2tpv3_open : need both src and dst port for udp");
	582	goto outerr;
	583	} else {
	584	srcport = l2tpv3->srcport;
	585	dstport = l2tpv3->dstport;
	586	}
	587	} else {
	588	s->udp = false;
	589	srcport = NULL;
	590	dstport = NULL;
	591	}
	592
	593
	594	s->offset = 4;
	595	s->session_offset = 0;
	596	s->cookie_offset = 4;
	597	s->counter_offset = 4;
	598
	599	s->tx_session = l2tpv3->txsession;
	600	if (l2tpv3->has_rxsession) {
	601	s->rx_session = l2tpv3->rxsession;
	602	} else {
	603	s->rx_session = s->tx_session;
	604	}
	605
	606	if (s->cookie) {
	607	s->rx_cookie = l2tpv3->rxcookie;
	608	s->tx_cookie = l2tpv3->txcookie;
	609	if (s->cookie_is_64 == true) {
	610	/* 64 bit cookie */
	611	s->offset += 8;
	612	s->counter_offset += 8;
	613	} else {
614	/* 32 bit cookie */
615	s->offset += 4;
616	s->counter_offset += 4;
617	}
618	}
619
620	memset(&hints, 0, sizeof(hints));
621
622	if (s->ipv6) {
623	hints.ai_family = AF_INET6;
624	} else {
625	hints.ai_family = AF_INET;
626	}
627	if (s->udp) {
628	hints.ai_socktype = SOCK_DGRAM;
629	hints.ai_protocol = 0;
630	s->offset += 4;
631	s->counter_offset += 4;
632	s->session_offset += 4;
633	s->cookie_offset += 4;
634	} else {
635	hints.ai_socktype = SOCK_RAW;
636	hints.ai_protocol = IPPROTO_L2TP;
637	}
638
639	gairet = getaddrinfo(l2tpv3->src, srcport, &hints, &result);
640
641	if ((gairet != 0) \|\| (result == NULL)) {
642	error_report(
643	"l2tpv3_open : could not resolve src, errno = %s",
644	gai_strerror(gairet)
645	);
646	goto outerr;
647	}
648	fd = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
649	if (fd == -1) {
650	fd = -errno;
651	error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
3fb69aa1 AI	652	goto outerr;
	653	}
	654	if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
	655	error_report("l2tpv3_open : could not bind socket err=%i", errno);
	656	goto outerr;
	657	}
	658	if (result) {
	659	freeaddrinfo(result);
	660	}
	661
	662	memset(&hints, 0, sizeof(hints));
	663
	664	if (s->ipv6) {
	665	hints.ai_family = AF_INET6;
	666	} else {
	667	hints.ai_family = AF_INET;
	668	}
	669	if (s->udp) {
	670	hints.ai_socktype = SOCK_DGRAM;
	671	hints.ai_protocol = 0;
	672	} else {
	673	hints.ai_socktype = SOCK_RAW;
	674	hints.ai_protocol = IPPROTO_L2TP;
	675	}
	676
	677	result = NULL;
	678	gairet = getaddrinfo(l2tpv3->dst, dstport, &hints, &result);
	679	if ((gairet != 0) \|\| (result == NULL)) {
	680	error_report(
	681	"l2tpv3_open : could not resolve dst, error = %s",
	682	gai_strerror(gairet)
	683	);
	684	goto outerr;
	685	}
	686
71e28e3c	687	s->dgram_dst = g_new0(struct sockaddr_storage, 1);
3fb69aa1 AI	688	memcpy(s->dgram_dst, result->ai_addr, result->ai_addrlen);
	689	s->dst_size = result->ai_addrlen;
	690
	691	if (result) {
	692	freeaddrinfo(result);
	693	}
	694
	695	if (l2tpv3->has_counter && l2tpv3->counter) {
	696	s->has_counter = true;
	697	s->offset += 4;
	698	} else {
	699	s->has_counter = false;
	700	}
	701
	702	if (l2tpv3->has_pincounter && l2tpv3->pincounter) {
	703	s->has_counter = true; /* pin counter implies that there is counter */
	704	s->pin_counter = true;
	705	} else {
	706	s->pin_counter = false;
	707	}
	708
	709	if (l2tpv3->has_offset) {
	710	/* extra offset */
	711	s->offset += l2tpv3->offset;
	712	}
	713
	714	if ((s->ipv6) \|\| (s->udp)) {
	715	s->header_size = s->offset;
	716	} else {
	717	s->header_size = s->offset + sizeof(struct iphdr);
	718	}
	719
	720	s->msgvec = build_l2tpv3_vector(s, MAX_L2TPV3_MSGCNT);
58889fe5	721	s->vec = g_new(struct iovec, MAX_L2TPV3_IOVCNT);
3fb69aa1 AI	722	s->header_buf = g_malloc(s->header_size);
	723
	724	qemu_set_nonblock(fd);
	725
	726	s->fd = fd;
	727	s->counter = 0;
	728
	729	l2tpv3_read_poll(s, true);
	730
	731	snprintf(s->nc.info_str, sizeof(s->nc.info_str),
	732	"l2tpv3: connected");
	733	return 0;
	734	outerr:
	735	qemu_del_net_client(nc);
d4754a95	736	if (fd >= 0) {
3fb69aa1 AI	737	close(fd);
	738	}
	739	if (result) {
	740	freeaddrinfo(result);
	741	}
	742	return -1;
	743	}
	744