xref: /src/sys/net/if_l2tp.c

/*	$NetBSD: if_l2tp.c,v 1.10 2017/04/20 09:11:58 knakahara Exp $	*/

/*
 * Copyright (c) 2017 Internet Initiative Japan Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * L2TPv3 kernel interface
 */

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: if_l2tp.c,v 1.10 2017/04/20 09:11:58 knakahara Exp $");

#ifdef _KERNEL_OPT
#include "opt_inet.h"
#endif

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <sys/errno.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/syslog.h>
#include <sys/proc.h>
#include <sys/conf.h>
#include <sys/kauth.h>
#include <sys/cpu.h>
#include <sys/cprng.h>
#include <sys/intr.h>
#include <sys/kmem.h>
#include <sys/mutex.h>
#include <sys/atomic.h>
#include <sys/pserialize.h>
#include <sys/device.h>
#include <sys/module.h>

#include <net/if.h>
#include <net/if_dl.h>
#include <net/if_ether.h>
#include <net/if_types.h>
#include <net/netisr.h>
#include <net/route.h>
#include <net/bpf.h>
#include <net/if_vlanvar.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_encap.h>
#ifdef	INET
#include <netinet/in_var.h>
#include <netinet/in_l2tp.h>
#endif	/* INET */
#ifdef INET6
#include <netinet6/in6_l2tp.h>
#endif

#include <net/if_l2tp.h>

#include <net/if_vlanvar.h>

/* TODO: IP_TCPMSS support */
#undef IP_TCPMSS
#ifdef IP_TCPMSS
#include <netinet/ip_tcpmss.h>
#endif

#include <net/bpf.h>
#include <net/net_osdep.h>

/*
 * l2tp global variable definitions
 */
LIST_HEAD(l2tp_sclist, l2tp_softc);
static struct {
	struct l2tp_sclist list;
	kmutex_t lock;
} l2tp_softcs __cacheline_aligned;


#if !defined(L2TP_ID_HASH_SIZE)
#define L2TP_ID_HASH_SIZE 64
#endif
static struct {
	kmutex_t lock;
	struct pslist_head *lists;
	u_long mask;
} l2tp_hash __cacheline_aligned = {
	.lists = NULL,
};

pserialize_t l2tp_psz __read_mostly;
struct psref_class *lv_psref_class __read_mostly;

static void	l2tp_ro_init_pc(void *, void *, struct cpu_info *);
static void	l2tp_ro_fini_pc(void *, void *, struct cpu_info *);

static int	l2tp_clone_create(struct if_clone *, int);
static int	l2tp_clone_destroy(struct ifnet *);

struct if_clone l2tp_cloner =
    IF_CLONE_INITIALIZER("l2tp", l2tp_clone_create, l2tp_clone_destroy);

static int	l2tp_output(struct ifnet *, struct mbuf *,
		    const struct sockaddr *, const struct rtentry *);
static void	l2tpintr(struct l2tp_variant *);

static void	l2tp_hash_init(void);
static int	l2tp_hash_fini(void);

static void	l2tp_start(struct ifnet *);
static int	l2tp_transmit(struct ifnet *, struct mbuf *);

static int	l2tp_set_tunnel(struct ifnet *, struct sockaddr *,
		    struct sockaddr *);
static void	l2tp_delete_tunnel(struct ifnet *);

static int	id_hash_func(uint32_t, u_long);

static void	l2tp_variant_update(struct l2tp_softc *, struct l2tp_variant *);
static int	l2tp_set_session(struct l2tp_softc *, uint32_t, uint32_t);
static int	l2tp_clear_session(struct l2tp_softc *);
static int	l2tp_set_cookie(struct l2tp_softc *, uint64_t, u_int, uint64_t, u_int);
static void	l2tp_clear_cookie(struct l2tp_softc *);
static void	l2tp_set_state(struct l2tp_softc *, int);
static int	l2tp_encap_attach(struct l2tp_variant *);
static int	l2tp_encap_detach(struct l2tp_variant *);

#ifndef MAX_L2TP_NEST
/*
 * This macro controls the upper limitation on nesting of l2tp tunnels.
 * Since, setting a large value to this macro with a careless configuration
 * may introduce system crash, we don't allow any nestings by default.
 * If you need to configure nested l2tp tunnels, you can define this macro
 * in your kernel configuration file.  However, if you do so, please be
 * careful to configure the tunnels so that it won't make a loop.
 */
/*
 * XXX
 * Currently, if in_l2tp_output recursively calls, it causes locking against
 * myself of struct l2tp_ro->lr_lock. So, nested l2tp tunnels is prohibited.
 */
#define MAX_L2TP_NEST 0
#endif

static int max_l2tp_nesting = MAX_L2TP_NEST;

/* ARGSUSED */
void
l2tpattach(int count)
{
	/*
	 * Nothing to do here, initialization is handled by the
	 * module initialization code in l2tpinit() below).
	 */
}

static void
l2tpinit(void)
{

	mutex_init(&l2tp_softcs.lock, MUTEX_DEFAULT, IPL_NONE);
	LIST_INIT(&l2tp_softcs.list);

	mutex_init(&l2tp_hash.lock, MUTEX_DEFAULT, IPL_NONE);
	l2tp_psz = pserialize_create();
	lv_psref_class = psref_class_create("l2tpvar", IPL_SOFTNET);
	if_clone_attach(&l2tp_cloner);

	l2tp_hash_init();
}

static int
l2tpdetach(void)
{
	int error;

	mutex_enter(&l2tp_softcs.lock);
	if (!LIST_EMPTY(&l2tp_softcs.list)) {
		mutex_exit(&l2tp_softcs.lock);
		return EBUSY;
	}
	mutex_exit(&l2tp_softcs.lock);

	error = l2tp_hash_fini();
	if (error)
		return error;

	if_clone_detach(&l2tp_cloner);
	psref_class_destroy(lv_psref_class);
	pserialize_destroy(l2tp_psz);
	mutex_destroy(&l2tp_hash.lock);

	mutex_destroy(&l2tp_softcs.lock);

	return error;
}

static int
l2tp_clone_create(struct if_clone *ifc, int unit)
{
	struct l2tp_softc *sc;
	struct l2tp_variant *var;

	sc = kmem_zalloc(sizeof(struct l2tp_softc), KM_SLEEP);
	var = kmem_zalloc(sizeof(struct l2tp_variant), KM_SLEEP);

	var->lv_softc = sc;
	var->lv_state = L2TP_STATE_DOWN;
	var->lv_use_cookie = L2TP_COOKIE_OFF;
	psref_target_init(&var->lv_psref, lv_psref_class);

	sc->l2tp_var = var;
	mutex_init(&sc->l2tp_lock, MUTEX_DEFAULT, IPL_NONE);
	PSLIST_ENTRY_INIT(sc, l2tp_hash);

	if_initname(&sc->l2tp_ec.ec_if, ifc->ifc_name, unit);

	l2tpattach0(sc);

	sc->l2tp_ro_percpu = percpu_alloc(sizeof(struct l2tp_ro));
	KASSERTMSG(sc->l2tp_ro_percpu != NULL,
	    "failed to allocate sc->l2tp_ro_percpu");
	percpu_foreach(sc->l2tp_ro_percpu, l2tp_ro_init_pc, NULL);

	mutex_enter(&l2tp_softcs.lock);
	LIST_INSERT_HEAD(&l2tp_softcs.list, sc, l2tp_list);
	mutex_exit(&l2tp_softcs.lock);

	return (0);
}

void
l2tpattach0(struct l2tp_softc *sc)
{

	sc->l2tp_ec.ec_if.if_addrlen = 0;
	sc->l2tp_ec.ec_if.if_mtu    = L2TP_MTU;
	sc->l2tp_ec.ec_if.if_flags  = IFF_POINTOPOINT|IFF_MULTICAST|IFF_SIMPLEX;
	sc->l2tp_ec.ec_if.if_extflags  = IFEF_OUTPUT_MPSAFE|IFEF_START_MPSAFE;
	sc->l2tp_ec.ec_if.if_ioctl  = l2tp_ioctl;
	sc->l2tp_ec.ec_if.if_output = l2tp_output;
	sc->l2tp_ec.ec_if.if_type   = IFT_L2TP;
	sc->l2tp_ec.ec_if.if_dlt    = DLT_NULL;
	sc->l2tp_ec.ec_if.if_start  = l2tp_start;
	sc->l2tp_ec.ec_if.if_transmit = l2tp_transmit;
	sc->l2tp_ec.ec_if._if_input = ether_input;
	IFQ_SET_READY(&sc->l2tp_ec.ec_if.if_snd);
	if_attach(&sc->l2tp_ec.ec_if);
	if_alloc_sadl(&sc->l2tp_ec.ec_if);
	bpf_attach(&sc->l2tp_ec.ec_if, DLT_EN10MB, sizeof(struct ether_header));
}

void
l2tp_ro_init_pc(void *p, void *arg __unused, struct cpu_info *ci __unused)
{
	struct l2tp_ro *lro = p;

	mutex_init(&lro->lr_lock, MUTEX_DEFAULT, IPL_NONE);
}

void
l2tp_ro_fini_pc(void *p, void *arg __unused, struct cpu_info *ci __unused)
{
	struct l2tp_ro *lro = p;

	rtcache_free(&lro->lr_ro);

	mutex_destroy(&lro->lr_lock);
}

static int
l2tp_clone_destroy(struct ifnet *ifp)
{
	struct l2tp_variant *var;
	struct l2tp_softc *sc = container_of(ifp, struct l2tp_softc,
	    l2tp_ec.ec_if);

	l2tp_clear_session(sc);
	l2tp_delete_tunnel(&sc->l2tp_ec.ec_if);
	/*
	 * To avoid for l2tp_transmit() to access sc->l2tp_var after free it.
	 */
	mutex_enter(&sc->l2tp_lock);
	var = sc->l2tp_var;
	l2tp_variant_update(sc, NULL);
	mutex_exit(&sc->l2tp_lock);

	mutex_enter(&l2tp_softcs.lock);
	LIST_REMOVE(sc, l2tp_list);
	mutex_exit(&l2tp_softcs.lock);

	bpf_detach(ifp);

	if_detach(ifp);

	percpu_foreach(sc->l2tp_ro_percpu, l2tp_ro_fini_pc, NULL);
	percpu_free(sc->l2tp_ro_percpu, sizeof(struct l2tp_ro));

	kmem_free(var, sizeof(struct l2tp_variant));
	mutex_destroy(&sc->l2tp_lock);
	kmem_free(sc, sizeof(struct l2tp_softc));

	return 0;
}

static int
l2tp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
    const struct rtentry *rt)
{
	struct l2tp_softc *sc = container_of(ifp, struct l2tp_softc,
	    l2tp_ec.ec_if);
	struct l2tp_variant *var;
	struct psref psref;
	int error = 0;

	var = l2tp_getref_variant(sc, &psref);
	if (var == NULL) {
		m_freem(m);
		return ENETDOWN;
	}

	IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family);

	m->m_flags &= ~(M_BCAST|M_MCAST);

	if ((ifp->if_flags & IFF_UP) == 0) {
		m_freem(m);
		error = ENETDOWN;
		goto end;
	}

	if (var->lv_psrc == NULL || var->lv_pdst == NULL) {
		m_freem(m);
		error = ENETDOWN;
		goto end;
	}

	/* XXX should we check if our outer source is legal? */

	/* use DLT_NULL encapsulation here to pass inner af type */
	M_PREPEND(m, sizeof(int), M_DONTWAIT);
	if (!m) {
		error = ENOBUFS;
		goto end;
	}
	*mtod(m, int *) = dst->sa_family;

	IFQ_ENQUEUE(&ifp->if_snd, m, error);
	if (error)
		goto end;

	/*
	 * direct call to avoid infinite loop at l2tpintr()
	 */
	l2tpintr(var);

	error = 0;

end:
	l2tp_putref_variant(var, &psref);
	if (error)
		ifp->if_oerrors++;

	return error;
}

static void
l2tpintr(struct l2tp_variant *var)
{
	struct l2tp_softc *sc;
	struct ifnet *ifp;
	struct mbuf *m;
	int error;

	KASSERT(psref_held(&var->lv_psref, lv_psref_class));

	sc = var->lv_softc;
	ifp = &sc->l2tp_ec.ec_if;

	/* output processing */
	if (var->lv_my_sess_id == 0 || var->lv_peer_sess_id == 0) {
		IFQ_PURGE(&ifp->if_snd);
		return;
	}

	for (;;) {
		IFQ_DEQUEUE(&ifp->if_snd, m);
		if (m == NULL)
			break;
		m->m_flags &= ~(M_BCAST|M_MCAST);
		bpf_mtap(ifp, m);
		switch (var->lv_psrc->sa_family) {
#ifdef INET
		case AF_INET:
			error = in_l2tp_output(var, m);
			break;
#endif
#ifdef INET6
		case AF_INET6:
			error = in6_l2tp_output(var, m);
			break;
#endif
		default:
			m_freem(m);
			error = ENETDOWN;
			break;
		}

		if (error)
			ifp->if_oerrors++;
		else {
			ifp->if_opackets++;
			/*
			 * obytes is incremented at ether_output() or
			 * bridge_enqueue().
			 */
		}
	}

}

void
l2tp_input(struct mbuf *m, struct ifnet *ifp)
{

	KASSERT(ifp != NULL);

	if (0 == (mtod(m, u_long) & 0x03)) {
		/* copy and align head of payload */
		struct mbuf *m_head;
		int copy_length;

#define L2TP_COPY_LENGTH		60
#define L2TP_LINK_HDR_ROOM	(MHLEN - L2TP_COPY_LENGTH - 4/*round4(2)*/)

		if (m->m_pkthdr.len < L2TP_COPY_LENGTH) {
			copy_length = m->m_pkthdr.len;
		} else {
			copy_length = L2TP_COPY_LENGTH;
		}

		if (m->m_len < copy_length) {
			m = m_pullup(m, copy_length);
			if (m == NULL)
				return;
		}

		MGETHDR(m_head, M_DONTWAIT, MT_HEADER);
		if (m_head == NULL) {
			m_freem(m);
			return;
		}
		M_COPY_PKTHDR(m_head, m);

		m_head->m_data += 2 /* align */ + L2TP_LINK_HDR_ROOM;
		memcpy(m_head->m_data, m->m_data, copy_length);
		m_head->m_len = copy_length;
		m->m_data += copy_length;
		m->m_len -= copy_length;

		/* construct chain */
		if (m->m_len == 0) {
			m_head->m_next = m_free(m); /* not m_freem */
		} else {
			/*
			 * copyed mtag in previous call M_COPY_PKTHDR
			 * but don't delete mtag in case cutt of M_PKTHDR flag
			 */
			m_tag_delete_chain(m, NULL);
			m->m_flags &= ~M_PKTHDR;
			m_head->m_next = m;
		}

		/* override m */
		m = m_head;
	}

	m_set_rcvif(m, ifp);

	/*
	 * bpf_mtap() and ifp->if_ipackets++ is done in if_input()
	 *
	 * obytes is incremented at ether_output() or bridge_enqueue().
	 */
	if_percpuq_enqueue(ifp->if_percpuq, m);
}

void
l2tp_start(struct ifnet *ifp)
{
	struct psref psref;
	struct l2tp_variant *var;
	struct l2tp_softc *sc = container_of(ifp, struct l2tp_softc,
	    l2tp_ec.ec_if);

	var = l2tp_getref_variant(sc, &psref);
	if (var == NULL)
		return;

	if (var->lv_psrc == NULL || var->lv_pdst == NULL)
		return;

	l2tpintr(var);
	l2tp_putref_variant(var, &psref);
}

int
l2tp_transmit(struct ifnet *ifp, struct mbuf *m)
{
	int error;
	struct psref psref;
	struct l2tp_variant *var;
	struct l2tp_softc *sc = container_of(ifp, struct l2tp_softc,
	    l2tp_ec.ec_if);

	var = l2tp_getref_variant(sc, &psref);
	if (var == NULL) {
		m_freem(m);
		return ENETDOWN;
	}

	if (var->lv_psrc == NULL || var->lv_pdst == NULL) {
		m_freem(m);
		error = ENETDOWN;
		goto out;
	}

	m->m_flags &= ~(M_BCAST|M_MCAST);
	bpf_mtap(ifp, m);
	switch (var->lv_psrc->sa_family) {
#ifdef INET
	case AF_INET:
		error = in_l2tp_output(var, m);
		break;
#endif
#ifdef INET6
	case AF_INET6:
		error = in6_l2tp_output(var, m);
		break;
#endif
	default:
		m_freem(m);
		error = ENETDOWN;
		break;
	}

	if (error)
		ifp->if_oerrors++;
	else {
		ifp->if_opackets++;
		/*
		 * obytes is incremented at ether_output() or bridge_enqueue().
		 */
	}

out:
	l2tp_putref_variant(var, &psref);
	return error;
}

/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
int
l2tp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
{
	struct l2tp_softc *sc = container_of(ifp, struct l2tp_softc,
	    l2tp_ec.ec_if);
	struct l2tp_variant *var, *var_tmp;
	struct ifreq     *ifr = data;
	int error = 0, size;
	struct sockaddr *dst, *src;
	struct l2tp_req l2tpr;
	u_long mtu;
	int bound;
	struct psref psref;

	switch (cmd) {
	case SIOCSIFADDR:
		ifp->if_flags |= IFF_UP;
		break;

	case SIOCSIFDSTADDR:
		break;

	case SIOCADDMULTI:
	case SIOCDELMULTI:
		switch (ifr->ifr_addr.sa_family) {
#ifdef INET
		case AF_INET:	/* IP supports Multicast */
			break;
#endif /* INET */
#ifdef INET6
		case AF_INET6:	/* IP6 supports Multicast */
			break;
#endif /* INET6 */
		default:  /* Other protocols doesn't support Multicast */
			error = EAFNOSUPPORT;
			break;
		}
		break;

	case SIOCSIFMTU:
		mtu = ifr->ifr_mtu;
		if (mtu < L2TP_MTU_MIN || mtu > L2TP_MTU_MAX)
			return (EINVAL);
		ifp->if_mtu = mtu;
		break;

#ifdef INET
	case SIOCSIFPHYADDR:
		src = (struct sockaddr *)
			&(((struct in_aliasreq *)data)->ifra_addr);
		dst = (struct sockaddr *)
			&(((struct in_aliasreq *)data)->ifra_dstaddr);
		if (src->sa_family != AF_INET || dst->sa_family != AF_INET)
			return EAFNOSUPPORT;
		else if (src->sa_len != sizeof(struct sockaddr_in)
		    || dst->sa_len != sizeof(struct sockaddr_in))
			return EINVAL;

		error = l2tp_set_tunnel(&sc->l2tp_ec.ec_if, src, dst);
		break;

#endif /* INET */
#ifdef INET6
	case SIOCSIFPHYADDR_IN6:
		src = (struct sockaddr *)
			&(((struct in6_aliasreq *)data)->ifra_addr);
		dst = (struct sockaddr *)
			&(((struct in6_aliasreq *)data)->ifra_dstaddr);
		if (src->sa_family != AF_INET6 || dst->sa_family != AF_INET6)
			return EAFNOSUPPORT;
		else if (src->sa_len != sizeof(struct sockaddr_in6)
		    || dst->sa_len != sizeof(struct sockaddr_in6))
			return EINVAL;

		error = l2tp_set_tunnel(&sc->l2tp_ec.ec_if, src, dst);
		break;

#endif /* INET6 */
	case SIOCSLIFPHYADDR:
		src = (struct sockaddr *)
			&(((struct if_laddrreq *)data)->addr);
		dst = (struct sockaddr *)
			&(((struct if_laddrreq *)data)->dstaddr);
		if (src->sa_family != dst->sa_family)
			return EINVAL;
		else if (src->sa_family == AF_INET
		    && src->sa_len != sizeof(struct sockaddr_in))
			return EINVAL;
		else if (src->sa_family == AF_INET6
		    && src->sa_len != sizeof(struct sockaddr_in6))
			return EINVAL;
		else if (dst->sa_family == AF_INET
		    && dst->sa_len != sizeof(struct sockaddr_in))
			return EINVAL;
		else if (dst->sa_family == AF_INET6
		    && dst->sa_len != sizeof(struct sockaddr_in6))
			return EINVAL;

		error = l2tp_set_tunnel(&sc->l2tp_ec.ec_if, src, dst);
		break;

	case SIOCDIFPHYADDR:
		l2tp_delete_tunnel(&sc->l2tp_ec.ec_if);
		break;

	case SIOCGIFPSRCADDR:
#ifdef INET6
	case SIOCGIFPSRCADDR_IN6:
#endif /* INET6 */
		bound = curlwp_bind();
		var = l2tp_getref_variant(sc, &psref);
		if (var == NULL) {
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}
		if (var->lv_psrc == NULL) {
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}
		src = var->lv_psrc;
		switch (cmd) {
#ifdef INET
		case SIOCGIFPSRCADDR:
			dst = &ifr->ifr_addr;
			size = sizeof(ifr->ifr_addr);
			break;
#endif /* INET */
#ifdef INET6
		case SIOCGIFPSRCADDR_IN6:
			dst = (struct sockaddr *)
				&(((struct in6_ifreq *)data)->ifr_addr);
			size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
			break;
#endif /* INET6 */
		default:
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}
		if (src->sa_len > size) {
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			return EINVAL;
		}
		sockaddr_copy(dst, src->sa_len, src);
		l2tp_putref_variant(var, &psref);
		curlwp_bindx(bound);
		break;

	case SIOCGIFPDSTADDR:
#ifdef INET6
	case SIOCGIFPDSTADDR_IN6:
#endif /* INET6 */
		bound = curlwp_bind();
		var = l2tp_getref_variant(sc, &psref);
		if (var == NULL) {
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}
		if (var->lv_pdst == NULL) {
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}
		src = var->lv_pdst;
		switch (cmd) {
#ifdef INET
		case SIOCGIFPDSTADDR:
			dst = &ifr->ifr_addr;
			size = sizeof(ifr->ifr_addr);
			break;
#endif /* INET */
#ifdef INET6
		case SIOCGIFPDSTADDR_IN6:
			dst = (struct sockaddr *)
				&(((struct in6_ifreq *)data)->ifr_addr);
			size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
			break;
#endif /* INET6 */
		default:
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}
		if (src->sa_len > size) {
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			return EINVAL;
		}
		sockaddr_copy(dst, src->sa_len, src);
		l2tp_putref_variant(var, &psref);
		curlwp_bindx(bound);
		break;

	case SIOCGLIFPHYADDR:
		bound = curlwp_bind();
		var = l2tp_getref_variant(sc, &psref);
		if (var == NULL) {
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}
		if (var->lv_psrc == NULL || var->lv_pdst == NULL) {
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}

		/* copy src */
		src = var->lv_psrc;
		dst = (struct sockaddr *)
			&(((struct if_laddrreq *)data)->addr);
		size = sizeof(((struct if_laddrreq *)data)->addr);
		if (src->sa_len > size) {
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			return EINVAL;
                }
		sockaddr_copy(dst, src->sa_len, src);

		/* copy dst */
		src = var->lv_pdst;
		dst = (struct sockaddr *)
			&(((struct if_laddrreq *)data)->dstaddr);
		size = sizeof(((struct if_laddrreq *)data)->dstaddr);
		if (src->sa_len > size) {
			l2tp_putref_variant(var, &psref);
			curlwp_bindx(bound);
			return EINVAL;
                }
		sockaddr_copy(dst, src->sa_len, src);
		l2tp_putref_variant(var, &psref);
		curlwp_bindx(bound);
		break;

	case SIOCSL2TPSESSION:
		if ((error = copyin(ifr->ifr_data, &l2tpr, sizeof(l2tpr))) != 0)
			break;

		/* session id must not zero */
		if (l2tpr.my_sess_id == 0 || l2tpr.peer_sess_id == 0)
			return EINVAL;

		bound = curlwp_bind();
		var_tmp = l2tp_lookup_session_ref(l2tpr.my_sess_id, &psref);
		if (var_tmp != NULL) {
			/* duplicate session id */
			log(LOG_WARNING, "%s: duplicate session id %" PRIu32 " of %s\n",
				sc->l2tp_ec.ec_if.if_xname, l2tpr.my_sess_id,
				var_tmp->lv_softc->l2tp_ec.ec_if.if_xname);
			psref_release(&psref, &var_tmp->lv_psref,
			    lv_psref_class);
			curlwp_bindx(bound);
			return EINVAL;
		}
		curlwp_bindx(bound);

		error = l2tp_set_session(sc, l2tpr.my_sess_id, l2tpr.peer_sess_id);
		break;
	case SIOCDL2TPSESSION:
		l2tp_clear_session(sc);
		break;
	case SIOCSL2TPCOOKIE:
		if ((error = copyin(ifr->ifr_data, &l2tpr, sizeof(l2tpr))) != 0)
			break;

		error = l2tp_set_cookie(sc, l2tpr.my_cookie, l2tpr.my_cookie_len,
		    l2tpr.peer_cookie, l2tpr.peer_cookie_len);
		break;
	case SIOCDL2TPCOOKIE:
		l2tp_clear_cookie(sc);
		break;
	case SIOCSL2TPSTATE:
		if ((error = copyin(ifr->ifr_data, &l2tpr, sizeof(l2tpr))) != 0)
			break;

		l2tp_set_state(sc, l2tpr.state);
		break;
	case SIOCGL2TP:
		/* get L2TPV3 session info */
		memset(&l2tpr, 0, sizeof(l2tpr));

		bound = curlwp_bind();
		var = l2tp_getref_variant(sc, &psref);
		if (var == NULL) {
			curlwp_bindx(bound);
			error = EADDRNOTAVAIL;
			goto bad;
		}

		l2tpr.state = var->lv_state;
		l2tpr.my_sess_id = var->lv_my_sess_id;
		l2tpr.peer_sess_id = var->lv_peer_sess_id;
		l2tpr.my_cookie = var->lv_my_cookie;
		l2tpr.my_cookie_len = var->lv_my_cookie_len;
		l2tpr.peer_cookie = var->lv_peer_cookie;
		l2tpr.peer_cookie_len = var->lv_peer_cookie_len;
		l2tp_putref_variant(var, &psref);
		curlwp_bindx(bound);

		error = copyout(&l2tpr, ifr->ifr_data, sizeof(l2tpr));
		break;

	default:
		error =	ifioctl_common(ifp, cmd, data);
		break;
	}
 bad:
	return error;
}

static int
l2tp_set_tunnel(struct ifnet *ifp, struct sockaddr *src, struct sockaddr *dst)
{
	struct l2tp_softc *sc = container_of(ifp, struct l2tp_softc,
	    l2tp_ec.ec_if);
	struct sockaddr *osrc, *odst;
	struct sockaddr *nsrc, *ndst;
	struct l2tp_variant *ovar, *nvar;
	int error;

	nsrc = sockaddr_dup(src, M_WAITOK);
	ndst = sockaddr_dup(dst, M_WAITOK);

	nvar = kmem_alloc(sizeof(*nvar), KM_SLEEP);

	error = encap_lock_enter();
	if (error)
		goto error;

	mutex_enter(&sc->l2tp_lock);

	ovar = sc->l2tp_var;
	osrc = ovar->lv_psrc;
	odst = ovar->lv_pdst;
	*nvar = *ovar;
	psref_target_init(&nvar->lv_psref, lv_psref_class);
	nvar->lv_psrc = nsrc;
	nvar->lv_pdst = ndst;
	error = l2tp_encap_attach(nvar);
	if (error) {
		mutex_exit(&sc->l2tp_lock);
		encap_lock_exit();
		goto error;
	}
	membar_producer();
	l2tp_variant_update(sc, nvar);

	mutex_exit(&sc->l2tp_lock);

	(void)l2tp_encap_detach(ovar);
	encap_lock_exit();

	if (osrc)
		sockaddr_free(osrc);
	if (odst)
		sockaddr_free(odst);
	kmem_free(ovar, sizeof(*ovar));

	return 0;

error:
	sockaddr_free(nsrc);
	sockaddr_free(ndst);
	kmem_free(nvar, sizeof(*nvar));

	return error;
}

static void
l2tp_delete_tunnel(struct ifnet *ifp)
{
	struct l2tp_softc *sc = container_of(ifp, struct l2tp_softc,
	    l2tp_ec.ec_if);
	struct sockaddr *osrc, *odst;
	struct l2tp_variant *ovar, *nvar;
	int error;

	nvar = kmem_alloc(sizeof(*nvar), KM_SLEEP);

	error = encap_lock_enter();
	if (error) {
		kmem_free(nvar, sizeof(*nvar));
		return;
	}
	mutex_enter(&sc->l2tp_lock);

	ovar = sc->l2tp_var;
	osrc = ovar->lv_psrc;
	odst = ovar->lv_pdst;
	*nvar = *ovar;
	psref_target_init(&nvar->lv_psref, lv_psref_class);
	nvar->lv_psrc = NULL;
	nvar->lv_pdst = NULL;
	membar_producer();
	l2tp_variant_update(sc, nvar);

	mutex_exit(&sc->l2tp_lock);

	(void)l2tp_encap_detach(ovar);
	encap_lock_exit();

	if (osrc)
		sockaddr_free(osrc);
	if (odst)
		sockaddr_free(odst);
	kmem_free(ovar, sizeof(*ovar));
}

static int
id_hash_func(uint32_t id, u_long mask)
{
	uint32_t hash;

	hash = (id >> 16) ^ id;
	hash = (hash >> 4) ^ hash;

	return hash & mask;
}

static void
l2tp_hash_init(void)
{

	l2tp_hash.lists = hashinit(L2TP_ID_HASH_SIZE, HASH_PSLIST, true,
	    &l2tp_hash.mask);
}

static int
l2tp_hash_fini(void)
{
	int i;

	mutex_enter(&l2tp_hash.lock);

	for (i = 0; i < l2tp_hash.mask + 1; i++) {
		if (PSLIST_WRITER_FIRST(&l2tp_hash.lists[i], struct l2tp_softc,
			l2tp_hash) != NULL) {
			mutex_exit(&l2tp_hash.lock);
			return EBUSY;
		}
	}
	for (i = 0; i < l2tp_hash.mask + 1; i++)
		PSLIST_DESTROY(&l2tp_hash.lists[i]);

	mutex_exit(&l2tp_hash.lock);

	hashdone(l2tp_hash.lists, HASH_PSLIST, l2tp_hash.mask);

	return 0;
}

static int
l2tp_set_session(struct l2tp_softc *sc, uint32_t my_sess_id,
    uint32_t peer_sess_id)
{
	uint32_t idx;
	struct l2tp_variant *nvar;
	struct l2tp_variant *ovar;
	struct ifnet *ifp = &sc->l2tp_ec.ec_if;

	nvar = kmem_alloc(sizeof(*nvar), KM_SLEEP);

	mutex_enter(&sc->l2tp_lock);
	ovar = sc->l2tp_var;
	*nvar = *ovar;
	psref_target_init(&nvar->lv_psref, lv_psref_class);
	nvar->lv_my_sess_id = my_sess_id;
	nvar->lv_peer_sess_id = peer_sess_id;
	membar_producer();

	mutex_enter(&l2tp_hash.lock);
	if (ovar->lv_my_sess_id > 0 && ovar->lv_peer_sess_id > 0) {
		PSLIST_WRITER_REMOVE(sc, l2tp_hash);
		pserialize_perform(l2tp_psz);
	}
	mutex_exit(&l2tp_hash.lock);

	l2tp_variant_update(sc, nvar);
	mutex_exit(&sc->l2tp_lock);

	idx = id_hash_func(nvar->lv_my_sess_id, l2tp_hash.mask);
	if ((ifp->if_flags & IFF_DEBUG) != 0)
		log(LOG_DEBUG, "%s: add hash entry: sess_id=%" PRIu32 ", idx=%" PRIu32 "\n",
		    sc->l2tp_ec.ec_if.if_xname, nvar->lv_my_sess_id, idx);

	mutex_enter(&l2tp_hash.lock);
	PSLIST_WRITER_INSERT_HEAD(&l2tp_hash.lists[idx], sc, l2tp_hash);
	mutex_exit(&l2tp_hash.lock);

	kmem_free(ovar, sizeof(*ovar));
	return 0;
}

static int
l2tp_clear_session(struct l2tp_softc *sc)
{
	struct l2tp_variant *nvar;
	struct l2tp_variant *ovar;

	nvar = kmem_alloc(sizeof(*nvar), KM_SLEEP);

	mutex_enter(&sc->l2tp_lock);
	ovar = sc->l2tp_var;
	*nvar = *ovar;
	psref_target_init(&nvar->lv_psref, lv_psref_class);
	nvar->lv_my_sess_id = 0;
	nvar->lv_peer_sess_id = 0;
	membar_producer();

	mutex_enter(&l2tp_hash.lock);
	if (ovar->lv_my_sess_id > 0 && ovar->lv_peer_sess_id > 0) {
		PSLIST_WRITER_REMOVE(sc, l2tp_hash);
		pserialize_perform(l2tp_psz);
	}
	mutex_exit(&l2tp_hash.lock);

	l2tp_variant_update(sc, nvar);
	mutex_exit(&sc->l2tp_lock);
	kmem_free(ovar, sizeof(*ovar));
	return 0;
}

struct l2tp_variant *
l2tp_lookup_session_ref(uint32_t id, struct psref *psref)
{
	int idx;
	int s;
	struct l2tp_softc *sc;

	idx = id_hash_func(id, l2tp_hash.mask);

	s = pserialize_read_enter();
	PSLIST_READER_FOREACH(sc, &l2tp_hash.lists[idx], struct l2tp_softc,
	    l2tp_hash) {
		struct l2tp_variant *var = sc->l2tp_var;
		if (var == NULL)
			continue;
		if (var->lv_my_sess_id != id)
			continue;
		psref_acquire(psref, &var->lv_psref, lv_psref_class);
		pserialize_read_exit(s);
		return var;
	}
	pserialize_read_exit(s);
	return NULL;
}

/*
 * l2tp_variant update API.
 *
 * Assumption:
 * reader side dereferences sc->l2tp_var in reader critical section only,
 * that is, all of reader sides do not reader the sc->l2tp_var after
 * pserialize_perform().
 */
static void
l2tp_variant_update(struct l2tp_softc *sc, struct l2tp_variant *nvar)
{
	struct ifnet *ifp = &sc->l2tp_ec.ec_if;
	struct l2tp_variant *ovar = sc->l2tp_var;

	KASSERT(mutex_owned(&sc->l2tp_lock));

	sc->l2tp_var = nvar;
	pserialize_perform(l2tp_psz);
	psref_target_destroy(&ovar->lv_psref, lv_psref_class);

	/*
	 * In the manual of atomic_swap_ptr(3), there is no mention if 2nd
	 * argument is rewrite or not. So, use sc->l2tp_var instead of nvar.
	 */
	if (sc->l2tp_var != NULL) {
		if (sc->l2tp_var->lv_psrc != NULL
		    && sc->l2tp_var->lv_pdst != NULL)
			ifp->if_flags |= IFF_RUNNING;
		else
			ifp->if_flags &= ~IFF_RUNNING;
	}
}

static int
l2tp_set_cookie(struct l2tp_softc *sc, uint64_t my_cookie, u_int my_cookie_len,
    uint64_t peer_cookie, u_int peer_cookie_len)
{
	struct l2tp_variant *nvar;

	if (my_cookie == 0 || peer_cookie == 0)
		return EINVAL;

	if (my_cookie_len != 4 && my_cookie_len != 8
	    && peer_cookie_len != 4 && peer_cookie_len != 8)
		return EINVAL;

	nvar = kmem_alloc(sizeof(*nvar), KM_SLEEP);

	mutex_enter(&sc->l2tp_lock);

	*nvar = *sc->l2tp_var;
	psref_target_init(&nvar->lv_psref, lv_psref_class);
	nvar->lv_my_cookie = my_cookie;
	nvar->lv_my_cookie_len = my_cookie_len;
	nvar->lv_peer_cookie = peer_cookie;
	nvar->lv_peer_cookie_len = peer_cookie_len;
	nvar->lv_use_cookie = L2TP_COOKIE_ON;
	membar_producer();
	l2tp_variant_update(sc, nvar);

	mutex_exit(&sc->l2tp_lock);

	struct ifnet *ifp = &sc->l2tp_ec.ec_if;
	if ((ifp->if_flags & IFF_DEBUG) != 0) {
		log(LOG_DEBUG,
		    "%s: set cookie: "
		    "local cookie_len=%u local cookie=%" PRIu64 ", "
		    "remote cookie_len=%u remote cookie=%" PRIu64 "\n",
		    ifp->if_xname, my_cookie_len, my_cookie,
		    peer_cookie_len, peer_cookie);
	}

	return 0;
}

static void
l2tp_clear_cookie(struct l2tp_softc *sc)
{
	struct l2tp_variant *nvar;

	nvar = kmem_alloc(sizeof(*nvar), KM_SLEEP);

	mutex_enter(&sc->l2tp_lock);

	*nvar = *sc->l2tp_var;
	psref_target_init(&nvar->lv_psref, lv_psref_class);
	nvar->lv_my_cookie = 0;
	nvar->lv_my_cookie_len = 0;
	nvar->lv_peer_cookie = 0;
	nvar->lv_peer_cookie_len = 0;
	nvar->lv_use_cookie = L2TP_COOKIE_OFF;
	membar_producer();
	l2tp_variant_update(sc, nvar);

	mutex_exit(&sc->l2tp_lock);
}

static void
l2tp_set_state(struct l2tp_softc *sc, int state)
{
	struct ifnet *ifp = &sc->l2tp_ec.ec_if;
	struct l2tp_variant *nvar;

	nvar = kmem_alloc(sizeof(*nvar), KM_SLEEP);

	mutex_enter(&sc->l2tp_lock);

	*nvar = *sc->l2tp_var;
	psref_target_init(&nvar->lv_psref, lv_psref_class);
	nvar->lv_state = state;
	membar_producer();
	l2tp_variant_update(sc, nvar);

	if (nvar->lv_state == L2TP_STATE_UP) {
		ifp->if_link_state = LINK_STATE_UP;
	} else {
		ifp->if_link_state = LINK_STATE_DOWN;
	}

	mutex_exit(&sc->l2tp_lock);

#ifdef NOTYET
	vlan_linkstate_notify(ifp, ifp->if_link_state);
#endif
}

static int
l2tp_encap_attach(struct l2tp_variant *var)
{
	int error;

	if (var == NULL || var->lv_psrc == NULL)
		return EINVAL;

	switch (var->lv_psrc->sa_family) {
#ifdef INET
	case AF_INET:
		error = in_l2tp_attach(var);
		break;
#endif
#ifdef INET6
	case AF_INET6:
		error = in6_l2tp_attach(var);
		break;
#endif
	default:
		error = EINVAL;
		break;
	}

	return error;
}

static int
l2tp_encap_detach(struct l2tp_variant *var)
{
	int error;

	if (var == NULL || var->lv_psrc == NULL)
		return EINVAL;

	switch (var->lv_psrc->sa_family) {
#ifdef INET
	case AF_INET:
		error = in_l2tp_detach(var);
		break;
#endif
#ifdef INET6
	case AF_INET6:
		error = in6_l2tp_detach(var);
		break;
#endif
	default:
		error = EINVAL;
		break;
	}

	return error;
}

/*
 * TODO:
 * unify with gif_check_nesting().
 */
int
l2tp_check_nesting(struct ifnet *ifp, struct mbuf *m)
{
	struct m_tag *mtag;
	int *count;

	mtag = m_tag_find(m, PACKET_TAG_TUNNEL_INFO, NULL);
	if (mtag != NULL) {
		count = (int *)(mtag + 1);
		if (++(*count) > max_l2tp_nesting) {
			log(LOG_NOTICE,
			    "%s: recursively called too many times(%d)\n",
			    if_name(ifp),
			    *count);
			return EIO;
		}
	} else {
		mtag = m_tag_get(PACKET_TAG_TUNNEL_INFO, sizeof(*count),
		    M_NOWAIT);
		if (mtag != NULL) {
			m_tag_prepend(m, mtag);
			count = (int *)(mtag + 1);
			*count = 0;
		}
#ifdef L2TP_DEBUG
		else {
			log(LOG_DEBUG,
			    "%s: m_tag_get() failed, recursion calls are not prevented.\n",
			    if_name(ifp));
		}
#endif
	}

	return 0;
}

/*
 * Module infrastructure
 */
#include "if_module.h"

IF_MODULE(MODULE_CLASS_DRIVER, l2tp, "")


/* TODO: IP_TCPMSS support */
#ifdef IP_TCPMSS
static int l2tp_need_tcpmss_clamp(struct ifnet *);
#ifdef INET
static struct mbuf *l2tp_tcpmss4_clamp(struct ifnet *, struct mbuf *);
#endif
#ifdef INET6
static struct mbuf *l2tp_tcpmss6_clamp(struct ifnet *, struct mbuf *);
#endif

struct mbuf *
l2tp_tcpmss_clamp(struct ifnet *ifp, struct mbuf	*m)
{

	if (l2tp_need_tcpmss_clamp(ifp)) {
		struct ether_header *eh;
		struct ether_vlan_header evh;

		/* save ether header */
		m_copydata(m, 0, sizeof(evh), (void *)&evh);
		eh = (struct ether_header *)&evh;

		switch (ntohs(eh->ether_type)) {
		case ETHERTYPE_VLAN: /* Ether + VLAN */
			if (m->m_pkthdr.len <= sizeof(struct ether_vlan_header))
				break;
			m_adj(m, sizeof(struct ether_vlan_header));
			switch (ntohs(evh.evl_proto)) {
#ifdef INET
			case ETHERTYPE_IP: /* Ether + VLAN + IPv4 */
				m = l2tp_tcpmss4_clamp(ifp, m);
				if (m == NULL)
					return NULL;
				break;
#endif /* INET */
#ifdef INET6
			case ETHERTYPE_IPV6: /* Ether + VLAN + IPv6 */
				m = l2tp_tcpmss6_clamp(ifp, m);
				if (m == NULL)
					return NULL;
				break;
#endif /* INET6 */
			default:
				break;
			}
			/* restore ether header */
			M_PREPEND(m, sizeof(struct ether_vlan_header),
			    M_DONTWAIT);
			if (m == NULL)
				return NULL;
			*mtod(m, struct ether_vlan_header *) = evh;
			break;
#ifdef INET
		case ETHERTYPE_IP: /* Ether + IPv4 */
			if (m->m_pkthdr.len <= sizeof(struct ether_header))
				break;
			m_adj(m, sizeof(struct ether_header));
			m = l2tp_tcpmss4_clamp(ifp, m);
			if (m == NULL)
				return NULL;
			/* restore ether header */
			M_PREPEND(m, sizeof(struct ether_header), M_DONTWAIT);
			if (m == NULL)
				return NULL;
			*mtod(m, struct ether_header *) = *eh;
			break;
#endif /* INET */
#ifdef INET6
		case ETHERTYPE_IPV6: /* Ether + IPv6 */
			if (m->m_pkthdr.len <= sizeof(struct ether_header))
				break;
			m_adj(m, sizeof(struct ether_header));
			m = l2tp_tcpmss6_clamp(ifp, m);
			if (m == NULL)
				return NULL;
			/* restore ether header */
			M_PREPEND(m, sizeof(struct ether_header), M_DONTWAIT);
			if (m == NULL)
				return NULL;
			*mtod(m, struct ether_header *) = *eh;
			break;
#endif /* INET6 */
		default:
			break;
		}
	}

	return m;
}

static int
l2tp_need_tcpmss_clamp(struct ifnet *ifp)
{
	int ret = 0;

#ifdef INET
	if (ifp->if_tcpmss != 0)
		ret = 1;
#endif /* INET */

#ifdef INET6
	if (ifp->if_tcpmss6 != 0)
		ret = 1;
#endif /* INET6 */

	return ret;
}

#ifdef INET
static struct mbuf *
l2tp_tcpmss4_clamp(struct ifnet *ifp, struct mbuf *m)
{

	if (ifp->if_tcpmss != 0) {
		return ip_tcpmss(m, (ifp->if_tcpmss < 0) ?
			ifp->if_mtu - IP_TCPMSS_EXTLEN :
			ifp->if_tcpmss);
	}
	return m;
}
#endif /* INET */

#ifdef INET6
static struct mbuf *
l2tp_tcpmss6_clamp(struct ifnet *ifp, struct mbuf *m)
{
	int ip6hdrlen;

	if (ifp->if_tcpmss6 != 0 &&
	    ip6_tcpmss_applicable(m, &ip6hdrlen)) {
		return ip6_tcpmss(m, ip6hdrlen,
			(ifp->if_tcpmss6 < 0) ?
			ifp->if_mtu - IP6_TCPMSS_EXTLEN :
			ifp->if_tcpmss6);
	}
	return m;
}
#endif /* INET6 */

#endif /* IP_TCPMSS */