1 /* $OpenBSD: if_pppoe.c,v 1.85 2025/01/15 06:15:44 dlg Exp $ */ 2 /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */ 3 4 /* 5 * Copyright (c) 2002 The NetBSD Foundation, Inc. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to The NetBSD Foundation 9 * by Martin Husemann <martin@NetBSD.org>. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "pppoe.h" 34 #include "bpfilter.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/timeout.h> 40 #include <sys/malloc.h> 41 #include <sys/mbuf.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/ioctl.h> 45 #include <sys/smr.h> 46 #include <sys/percpu.h> 47 #include <net/if.h> 48 #include <net/if_var.h> 49 #include <net/if_types.h> 50 #include <net/if_sppp.h> 51 #include <net/if_pppoe.h> 52 #include <net/netisr.h> 53 #include <netinet/in.h> 54 #include <netinet/if_ether.h> 55 56 #if NBPFILTER > 0 57 #include <net/bpf.h> 58 #endif 59 60 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 61 62 #define PPPOEDEBUG(a) ((sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) ? printf a : 0) 63 64 struct pppoehdr { 65 u_int8_t vertype; 66 u_int8_t code; 67 u_int16_t session; 68 u_int16_t plen; 69 } __packed; 70 71 struct pppoetag { 72 u_int16_t tag; 73 u_int16_t len; 74 } __packed; 75 76 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 77 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 78 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 79 80 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 81 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 82 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 83 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 84 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 85 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 86 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 87 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* RFC 4638 max payload */ 88 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 89 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 90 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 91 92 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 93 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 94 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 95 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 96 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 97 98 /* two byte PPP protocol discriminator, then IP data */ 99 #define PPPOE_MTU (ETHERMTU - PPPOE_OVERHEAD) 100 #define PPPOE_MAXMTU PP_MAX_MRU 101 102 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 103 #define PPPOE_ADD_16(PTR, VAL) \ 104 *(PTR)++ = (VAL) / 256; \ 105 *(PTR)++ = (VAL) % 256 106 107 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 108 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 109 *(PTR)++ = PPPOE_VERTYPE; \ 110 *(PTR)++ = (CODE); \ 111 PPPOE_ADD_16(PTR, SESS); \ 112 PPPOE_ADD_16(PTR, LEN) 113 114 #define PPPOE_DISC_TIMEOUT 5 /* base for quick timeout calculation (seconds) */ 115 #define PPPOE_SLOW_RETRY 60 /* persistent retry interval (seconds) */ 116 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 117 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 118 119 /* 120 * Locks used to protect struct members and global data 121 * I immutable after creation 122 * K kernel lock 123 */ 124 125 struct pppoe_softc { 126 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 127 LIST_ENTRY(pppoe_softc) sc_list;/* [K] */ 128 unsigned int sc_eth_ifidx; /* [K] */ 129 caddr_t sc_bpf; 130 131 SMR_LIST_ENTRY(pppoe_softc) sc_session_entry; /* [K] */ 132 int sc_state; /* [K] discovery phase or session connected */ 133 struct ether_addr sc_dest; /* [K] hardware address of concentrator */ 134 u_int16_t sc_session; /* [K] PPPoE session id */ 135 136 char *sc_service_name; /* [K] if != NULL: requested name of service */ 137 char *sc_concentrator_name; /* [K] if != NULL: requested concentrator id */ 138 u_int8_t *sc_ac_cookie; /* [K] content of AC cookie we must echo back */ 139 size_t sc_ac_cookie_len; /* [K] length of cookie data */ 140 u_int8_t *sc_relay_sid; /* [K] content of relay SID we must echo back */ 141 size_t sc_relay_sid_len; /* [K] length of relay SID data */ 142 u_int32_t sc_unique; /* [I] our unique id */ 143 struct timeout sc_timeout; /* [K] timeout while not in session state */ 144 int sc_padi_retried; /* [K] number of PADI retries already done */ 145 int sc_padr_retried; /* [K] number of PADR retries already done */ 146 147 struct timeval sc_session_time; /* [K] time the session was established */ 148 }; 149 150 /* input routines */ 151 void pppoe_disc_input(struct mbuf *); 152 void pppoe_data_input(struct mbuf *); 153 static void pppoe_dispatch_disc_pkt(struct mbuf *); 154 155 /* management routines */ 156 void pppoeattach(int); 157 static int pppoe_connect(struct pppoe_softc *); 158 static int pppoe_disconnect(struct pppoe_softc *); 159 static void pppoe_abort_connect(struct pppoe_softc *); 160 static int pppoe_ioctl(struct ifnet *, unsigned long, caddr_t); 161 static void pppoe_tls(struct sppp *); 162 static void pppoe_tlf(struct sppp *); 163 static void pppoe_start(struct ifnet *); 164 165 /* internal timeout handling */ 166 static void pppoe_timeout(void *); 167 168 /* sending actual protocol control packets */ 169 static int pppoe_send_padi(struct pppoe_softc *); 170 static int pppoe_send_padr(struct pppoe_softc *); 171 static int pppoe_send_padt(unsigned int, u_int, const u_int8_t *, u_int8_t); 172 173 /* raw output */ 174 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 175 176 /* internal helper functions */ 177 static struct pppoe_softc *pppoe_find_softc_by_session(u_int, u_int); 178 static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int); 179 static struct mbuf *pppoe_get_mbuf(size_t len); 180 181 LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 182 SMR_LIST_HEAD(pppoe_softc_sessions, pppoe_softc) pppoe_sessions; /* [K] */ 183 184 /* interface cloning */ 185 int pppoe_clone_create(struct if_clone *, int); 186 int pppoe_clone_destroy(struct ifnet *); 187 188 struct if_clone pppoe_cloner = 189 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 190 191 struct mbuf_queue pppoediscinq = MBUF_QUEUE_INITIALIZER( 192 IFQ_MAXLEN, IPL_SOFTNET); 193 struct mbuf_queue pppoeinq = MBUF_QUEUE_INITIALIZER( 194 IFQ_MAXLEN, IPL_SOFTNET); 195 196 void 197 pppoeintr(void) 198 { 199 struct mbuf_list ml; 200 struct mbuf *m; 201 202 NET_ASSERT_LOCKED(); 203 204 mq_delist(&pppoediscinq, &ml); 205 while ((m = ml_dequeue(&ml)) != NULL) 206 pppoe_disc_input(m); 207 208 mq_delist(&pppoeinq, &ml); 209 while ((m = ml_dequeue(&ml)) != NULL) 210 pppoe_data_input(m); 211 } 212 213 void 214 pppoeattach(int count) 215 { 216 LIST_INIT(&pppoe_softc_list); 217 SMR_LIST_INIT(&pppoe_sessions); 218 if_clone_attach(&pppoe_cloner); 219 } 220 221 static void 222 pppoe_set_state(struct pppoe_softc *sc, int state) 223 { 224 KERNEL_ASSERT_LOCKED(); 225 if (sc->sc_state == PPPOE_STATE_SESSION) 226 SMR_LIST_REMOVE_LOCKED(sc, sc_session_entry); 227 sc->sc_state = state; 228 } 229 230 /* Create a new interface. */ 231 int 232 pppoe_clone_create(struct if_clone *ifc, int unit) 233 { 234 struct pppoe_softc *sc, *tmpsc; 235 u_int32_t unique; 236 237 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 238 snprintf(sc->sc_sppp.pp_if.if_xname, 239 sizeof(sc->sc_sppp.pp_if.if_xname), 240 "pppoe%d", unit); 241 sc->sc_sppp.pp_if.if_softc = sc; 242 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 243 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX | IFF_POINTOPOINT | IFF_MULTICAST; 244 sc->sc_sppp.pp_if.if_type = IFT_PPP; 245 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 246 sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */ 247 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 248 sc->sc_sppp.pp_if.if_input = p2p_input; 249 sc->sc_sppp.pp_if.if_bpf_mtap = p2p_bpf_mtap; 250 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 251 sc->sc_sppp.pp_if.if_start = pppoe_start; 252 sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest; 253 sc->sc_sppp.pp_if.if_xflags = IFXF_CLONED; 254 sc->sc_sppp.pp_tls = pppoe_tls; 255 sc->sc_sppp.pp_tlf = pppoe_tlf; 256 257 /* changed to real address later */ 258 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 259 260 /* init timer for interface watchdog */ 261 timeout_set_proc(&sc->sc_timeout, pppoe_timeout, sc); 262 263 if_counters_alloc(&sc->sc_sppp.pp_if); 264 if_attach(&sc->sc_sppp.pp_if); 265 if_alloc_sadl(&sc->sc_sppp.pp_if); 266 sppp_attach(&sc->sc_sppp.pp_if); 267 #if NBPFILTER > 0 268 bpfattach(&sc->sc_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 269 bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, 270 DLT_LOOP, sizeof(uint32_t)); 271 #endif 272 273 NET_LOCK(); 274 retry: 275 unique = arc4random(); 276 LIST_FOREACH(tmpsc, &pppoe_softc_list, sc_list) 277 if (tmpsc->sc_unique == unique) 278 goto retry; 279 sc->sc_unique = unique; 280 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 281 NET_UNLOCK(); 282 283 return (0); 284 } 285 286 /* Destroy a given interface. */ 287 int 288 pppoe_clone_destroy(struct ifnet *ifp) 289 { 290 struct pppoe_softc *sc = ifp->if_softc; 291 292 NET_LOCK(); 293 LIST_REMOVE(sc, sc_list); 294 NET_UNLOCK(); 295 296 timeout_del(&sc->sc_timeout); 297 pppoe_set_state(sc, PPPOE_STATE_INITIAL); 298 299 sppp_detach(&sc->sc_sppp.pp_if); 300 if_detach(ifp); 301 302 if (sc->sc_concentrator_name) 303 free(sc->sc_concentrator_name, M_DEVBUF, 304 strlen(sc->sc_concentrator_name) + 1); 305 if (sc->sc_service_name) 306 free(sc->sc_service_name, M_DEVBUF, 307 strlen(sc->sc_service_name) + 1); 308 if (sc->sc_ac_cookie) 309 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 310 if (sc->sc_relay_sid) 311 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 312 313 smr_barrier(); 314 315 free(sc, M_DEVBUF, sizeof(*sc)); 316 317 return (0); 318 } 319 320 /* 321 * Find the interface handling the specified session. 322 * Note: O(number of sessions open), this is a client-side only, mean 323 * and lean implementation, so number of open sessions typically should 324 * be 1. 325 */ 326 static struct pppoe_softc * 327 pppoe_find_softc_by_session(u_int session, u_int ifidx) 328 { 329 struct pppoe_softc *sc; 330 331 if (session == 0) 332 return (NULL); 333 334 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 335 if (sc->sc_state == PPPOE_STATE_SESSION 336 && sc->sc_session == session 337 && sc->sc_eth_ifidx == ifidx) { 338 return (sc); 339 } 340 } 341 return (NULL); 342 } 343 344 static struct pppoe_softc * 345 pppoe_smr_find_by_session(u_int session, u_int ifidx) 346 { 347 struct pppoe_softc *sc; 348 349 if (session == 0) 350 return (NULL); 351 352 smr_read_enter(); 353 SMR_LIST_FOREACH(sc, &pppoe_sessions, sc_session_entry) { 354 if (sc->sc_session == session && 355 sc->sc_eth_ifidx == ifidx) { 356 /* XXX if_ref() */ 357 refcnt_take(&sc->sc_sppp.pp_if.if_refcnt); 358 break; 359 } 360 } 361 smr_read_leave(); 362 363 return (sc); 364 } 365 366 /* 367 * Check host unique token passed and return appropriate softc pointer, 368 * or NULL if token is bogus. 369 */ 370 static struct pppoe_softc * 371 pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, u_int ifidx) 372 { 373 struct pppoe_softc *sc; 374 u_int32_t hunique; 375 376 if (LIST_EMPTY(&pppoe_softc_list)) 377 return (NULL); 378 379 if (len != sizeof(hunique)) 380 return (NULL); 381 memcpy(&hunique, token, len); 382 383 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 384 if (sc->sc_unique == hunique) 385 break; 386 387 if (sc == NULL) { 388 printf("pppoe: alien host unique tag, no session found\n"); 389 return (NULL); 390 } 391 392 /* should be safe to access *sc now */ 393 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 394 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 395 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 396 return (NULL); 397 } 398 if (sc->sc_eth_ifidx != ifidx) { 399 printf("%s: wrong interface, not accepting host unique\n", 400 sc->sc_sppp.pp_if.if_xname); 401 return (NULL); 402 } 403 return (sc); 404 } 405 406 /* Analyze and handle a single received packet while not in session state. */ 407 static void 408 pppoe_dispatch_disc_pkt(struct mbuf *m) 409 { 410 struct pppoe_softc *sc; 411 struct pppoehdr *ph; 412 struct pppoetag *pt; 413 struct mbuf *n; 414 struct ether_header *eh; 415 const char *err_msg, *devname; 416 size_t ac_cookie_len; 417 size_t relay_sid_len; 418 int off, noff, err, errortag, max_payloadtag; 419 u_int16_t max_payload; 420 u_int16_t tag, len; 421 u_int16_t session, plen; 422 u_int8_t *ac_cookie; 423 u_int8_t *relay_sid; 424 u_int8_t code; 425 426 err_msg = NULL; 427 devname = "pppoe"; 428 off = 0; 429 errortag = 0; 430 max_payloadtag = 0; 431 432 if (m->m_len < sizeof(*eh)) { 433 m = m_pullup(m, sizeof(*eh)); 434 if (m == NULL) 435 goto done; 436 } 437 eh = mtod(m, struct ether_header *); 438 off += sizeof(*eh); 439 440 ac_cookie = NULL; 441 ac_cookie_len = 0; 442 relay_sid = NULL; 443 relay_sid_len = 0; 444 max_payload = 0; 445 446 session = 0; 447 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 448 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 449 goto done; 450 } 451 452 n = m_pulldown(m, off, sizeof(*ph), &noff); 453 if (n == NULL) { 454 printf("pppoe: could not get PPPoE header\n"); 455 m = NULL; 456 goto done; 457 } 458 ph = (struct pppoehdr *)(mtod(n, caddr_t) + noff); 459 if (ph->vertype != PPPOE_VERTYPE) { 460 printf("pppoe: unknown version/type packet: 0x%x\n", 461 ph->vertype); 462 goto done; 463 } 464 465 session = ntohs(ph->session); 466 plen = ntohs(ph->plen); 467 code = ph->code; 468 off += sizeof(*ph); 469 if (plen + off > m->m_pkthdr.len) { 470 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 471 m->m_pkthdr.len - off, plen); 472 goto done; 473 } 474 475 /* ignore trailing garbage */ 476 m_adj(m, off + plen - m->m_pkthdr.len); 477 478 tag = 0; 479 len = 0; 480 sc = NULL; 481 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 482 n = m_pulldown(m, off, sizeof(*pt), &noff); 483 if (n == NULL) { 484 printf("%s: parse error\n", devname); 485 m = NULL; 486 goto done; 487 } 488 pt = (struct pppoetag *)(mtod(n, caddr_t) + noff); 489 tag = ntohs(pt->tag); 490 len = ntohs(pt->len); 491 off += sizeof(*pt); 492 if (off + len > m->m_pkthdr.len) { 493 printf("%s: tag 0x%x len 0x%x is too long\n", 494 devname, tag, len); 495 goto done; 496 } 497 switch (tag) { 498 case PPPOE_TAG_EOL: 499 goto breakbreak; 500 case PPPOE_TAG_SNAME: 501 break; /* ignored */ 502 case PPPOE_TAG_ACNAME: 503 break; /* ignored */ 504 case PPPOE_TAG_HUNIQUE: 505 if (sc != NULL) 506 break; 507 n = m_pulldown(m, off, len, &noff); 508 if (n == NULL) { 509 m = NULL; 510 err_msg = "TAG HUNIQUE ERROR"; 511 break; 512 } 513 sc = pppoe_find_softc_by_hunique(mtod(n, caddr_t) + noff, 514 len, m->m_pkthdr.ph_ifidx); 515 if (sc != NULL) 516 devname = sc->sc_sppp.pp_if.if_xname; 517 break; 518 case PPPOE_TAG_ACCOOKIE: 519 if (ac_cookie == NULL) { 520 n = m_pulldown(m, off, len, 521 &noff); 522 if (n == NULL) { 523 err_msg = "TAG ACCOOKIE ERROR"; 524 m = NULL; 525 break; 526 } 527 ac_cookie = mtod(n, caddr_t) + noff; 528 ac_cookie_len = len; 529 } 530 break; 531 case PPPOE_TAG_RELAYSID: 532 if (relay_sid == NULL) { 533 n = m_pulldown(m, off, len, 534 &noff); 535 if (n == NULL) { 536 err_msg = "TAG RELAYSID ERROR"; 537 m = NULL; 538 break; 539 } 540 relay_sid = mtod(n, caddr_t) + noff; 541 relay_sid_len = len; 542 } 543 break; 544 case PPPOE_TAG_MAX_PAYLOAD: 545 if (!max_payloadtag) { 546 n = m_pulldown(m, off, len, 547 &noff); 548 if (n == NULL || len != sizeof(max_payload)) { 549 err_msg = "TAG MAX_PAYLOAD ERROR"; 550 m = NULL; 551 break; 552 } 553 memcpy(&max_payload, mtod(n, caddr_t) + noff, 554 sizeof(max_payload)); 555 max_payloadtag = 1; 556 } 557 break; 558 case PPPOE_TAG_SNAME_ERR: 559 err_msg = "SERVICE NAME ERROR"; 560 errortag = 1; 561 break; 562 case PPPOE_TAG_ACSYS_ERR: 563 err_msg = "AC SYSTEM ERROR"; 564 errortag = 1; 565 break; 566 case PPPOE_TAG_GENERIC_ERR: 567 err_msg = "GENERIC ERROR"; 568 errortag = 1; 569 break; 570 } 571 if (err_msg) { 572 log(LOG_INFO, "%s: %s: ", devname, err_msg); 573 if (errortag && len) { 574 n = m_pulldown(m, off, len, 575 &noff); 576 if (n == NULL) { 577 m = NULL; 578 } else { 579 u_int8_t *et = mtod(n, caddr_t) + noff; 580 while (len--) 581 addlog("%c", *et++); 582 } 583 } 584 addlog("\n"); 585 goto done; 586 } 587 off += len; 588 } 589 breakbreak: 590 switch (code) { 591 case PPPOE_CODE_PADI: 592 case PPPOE_CODE_PADR: 593 /* ignore, we are no access concentrator */ 594 goto done; 595 case PPPOE_CODE_PADO: 596 if (sc == NULL) { 597 /* be quiet if there is not a single pppoe instance */ 598 if (!LIST_EMPTY(&pppoe_softc_list)) 599 printf("pppoe: received PADO but could not find request for it\n"); 600 goto done; 601 } 602 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 603 printf("%s: received unexpected PADO\n", 604 sc->sc_sppp.pp_if.if_xname); 605 goto done; 606 } 607 if (ac_cookie) { 608 if (sc->sc_ac_cookie) 609 free(sc->sc_ac_cookie, M_DEVBUF, 610 sc->sc_ac_cookie_len); 611 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 612 M_DONTWAIT); 613 if (sc->sc_ac_cookie == NULL) { 614 sc->sc_ac_cookie_len = 0; 615 goto done; 616 } 617 sc->sc_ac_cookie_len = ac_cookie_len; 618 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 619 } else if (sc->sc_ac_cookie) { 620 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 621 sc->sc_ac_cookie = NULL; 622 sc->sc_ac_cookie_len = 0; 623 } 624 if (relay_sid) { 625 if (sc->sc_relay_sid) 626 free(sc->sc_relay_sid, M_DEVBUF, 627 sc->sc_relay_sid_len); 628 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 629 M_DONTWAIT); 630 if (sc->sc_relay_sid == NULL) { 631 sc->sc_relay_sid_len = 0; 632 goto done; 633 } 634 sc->sc_relay_sid_len = relay_sid_len; 635 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 636 } else if (sc->sc_relay_sid) { 637 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 638 sc->sc_relay_sid = NULL; 639 sc->sc_relay_sid_len = 0; 640 } 641 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU && 642 (!max_payloadtag || 643 ntohs(max_payload) != sc->sc_sppp.pp_if.if_mtu)) { 644 printf("%s: No valid PPP-Max-Payload tag received in PADO\n", 645 sc->sc_sppp.pp_if.if_xname); 646 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 647 } 648 649 memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest)); 650 sc->sc_padr_retried = 0; 651 pppoe_set_state(sc, PPPOE_STATE_PADR_SENT); 652 if ((err = pppoe_send_padr(sc)) != 0) { 653 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 654 sc->sc_sppp.pp_if.if_xname, err)); 655 } 656 timeout_add_sec(&sc->sc_timeout, 657 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 658 659 break; 660 case PPPOE_CODE_PADS: 661 if (sc == NULL) 662 goto done; 663 664 KERNEL_ASSERT_LOCKED(); 665 666 sc->sc_session = session; 667 timeout_del(&sc->sc_timeout); 668 PPPOEDEBUG(("%s: session 0x%x connected\n", 669 sc->sc_sppp.pp_if.if_xname, session)); 670 sc->sc_state = PPPOE_STATE_SESSION; 671 getmicrouptime(&sc->sc_session_time); 672 SMR_LIST_INSERT_HEAD_LOCKED(&pppoe_sessions, sc, 673 sc_session_entry); 674 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 675 676 break; 677 case PPPOE_CODE_PADT: 678 if (sc == NULL) 679 goto done; 680 681 /* stop timer (we might be about to transmit a PADT ourself) */ 682 timeout_del(&sc->sc_timeout); 683 PPPOEDEBUG(("%s: session 0x%x terminated, received PADT\n", 684 sc->sc_sppp.pp_if.if_xname, session)); 685 686 /* clean up softc */ 687 pppoe_set_state(sc, PPPOE_STATE_PADR_SENT); 688 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 689 if (sc->sc_ac_cookie) { 690 free(sc->sc_ac_cookie, M_DEVBUF, 691 sc->sc_ac_cookie_len); 692 sc->sc_ac_cookie = NULL; 693 } 694 if (sc->sc_relay_sid) { 695 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 696 sc->sc_relay_sid = NULL; 697 } 698 sc->sc_ac_cookie_len = 0; 699 sc->sc_relay_sid_len = 0; 700 sc->sc_session = 0; 701 sc->sc_session_time.tv_sec = 0; 702 sc->sc_session_time.tv_usec = 0; 703 sc->sc_sppp.pp_down(&sc->sc_sppp); /* signal upper layer */ 704 705 break; 706 default: 707 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 708 sc ? sc->sc_sppp.pp_if.if_xname : "pppoe", 709 code, session); 710 break; 711 } 712 713 done: 714 m_freem(m); 715 } 716 717 /* Input function for discovery packets. */ 718 void 719 pppoe_disc_input(struct mbuf *m) 720 { 721 /* avoid error messages if there is not a single pppoe instance */ 722 if (!LIST_EMPTY(&pppoe_softc_list)) { 723 KASSERT(m->m_flags & M_PKTHDR); 724 pppoe_dispatch_disc_pkt(m); 725 } else 726 m_freem(m); 727 } 728 729 struct mbuf * 730 pppoe_vinput(struct ifnet *ifp0, struct mbuf *m) 731 { 732 struct pppoe_softc *sc; 733 struct ifnet *ifp; 734 struct ether_header *eh; 735 struct pppoehdr *ph; 736 uint16_t proto; 737 int hlen = sizeof(*eh) + sizeof(*ph); 738 int phlen; 739 int plen; 740 int af = AF_UNSPEC; 741 #if NBPFILTER > 0 742 caddr_t if_bpf; 743 #endif 744 time_t now; 745 746 smr_read_enter(); 747 sc = SMR_LIST_FIRST(&pppoe_sessions); 748 smr_read_leave(); 749 if (sc == NULL) 750 return (m); 751 752 if (m->m_pkthdr.len < hlen) 753 return (m); 754 if (m->m_len < hlen) { 755 m = m_pullup(m, hlen); 756 if (m == NULL) 757 return (NULL); 758 } 759 760 eh = mtod(m, struct ether_header *); 761 ph = (struct pppoehdr *)(eh + 1); 762 if (ph->vertype != PPPOE_VERTYPE) 763 return (m); 764 if (ph->code != 0) 765 return (m); 766 767 sc = pppoe_smr_find_by_session(ntohs(ph->session), ifp0->if_index); 768 if (sc == NULL) { 769 /* no session, don't waste any more time */ 770 m_freem(m); 771 return (NULL); 772 } 773 774 ifp = &sc->sc_sppp.pp_if; 775 776 plen = ntohs(ph->plen); 777 if (plen < sizeof(proto)) 778 goto drop; 779 780 phlen = hlen + sizeof(proto); 781 if (m->m_pkthdr.len < phlen) 782 goto drop; 783 if (m->m_len < phlen) { 784 m = m_pullup(m, phlen); 785 if (m == NULL) 786 goto put; 787 } 788 789 proto = *(uint16_t *)(mtod(m, caddr_t) + hlen); 790 af = sppp_proto_up(ifp, proto); 791 if (af == AF_UNSPEC) 792 goto put; 793 794 #if NBPFILTER > 0 795 if_bpf = sc->sc_bpf; 796 if (if_bpf) { 797 m_adj(m, sizeof(*eh)); 798 bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN); 799 m_adj(m, phlen - sizeof(*eh)); 800 } else 801 #endif 802 m_adj(m, phlen); 803 804 plen -= sizeof(proto); 805 if (m->m_pkthdr.len < plen) { 806 counters_inc(ifp->if_counters, ifc_ierrors); 807 goto drop; 808 } 809 810 if (m->m_pkthdr.len > plen) 811 m_adj(m, plen - m->m_pkthdr.len); 812 813 /* XXX not 64bit or MP safe */ 814 now = getuptime(); 815 if (sc->sc_sppp.pp_last_activity < now) 816 sc->sc_sppp.pp_last_activity = now; 817 818 m->m_pkthdr.ph_family = af; 819 if_vinput(ifp, m); 820 done: 821 m = NULL; 822 put: 823 if_put(ifp); 824 825 return (m); 826 drop: 827 m_freem(m); 828 goto done; 829 } 830 831 /* Input function for data packets */ 832 void 833 pppoe_data_input(struct mbuf *m) 834 { 835 struct pppoe_softc *sc; 836 struct pppoehdr *ph; 837 u_int16_t session, plen; 838 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 839 u_int8_t shost[ETHER_ADDR_LEN]; 840 #endif 841 if (LIST_EMPTY(&pppoe_softc_list)) 842 goto drop; 843 844 KASSERT(m->m_flags & M_PKTHDR); 845 846 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 847 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 848 #endif 849 m_adj(m, sizeof(struct ether_header)); 850 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 851 printf("pppoe (data): dropping too short packet: %d bytes\n", 852 m->m_pkthdr.len); 853 goto drop; 854 } 855 if (m->m_len < sizeof(*ph)) { 856 m = m_pullup(m, sizeof(*ph)); 857 if (m == NULL) { 858 printf("pppoe (data): could not get PPPoE header\n"); 859 return; 860 } 861 } 862 ph = mtod(m, struct pppoehdr *); 863 if (ph->vertype != PPPOE_VERTYPE) { 864 printf("pppoe (data): unknown version/type packet: 0x%x\n", 865 ph->vertype); 866 goto drop; 867 } 868 if (ph->code != 0) 869 goto drop; 870 871 session = ntohs(ph->session); 872 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.ph_ifidx); 873 if (sc == NULL) { 874 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 875 printf("pppoe (data): input for unknown session 0x%x, sending PADT\n", 876 session); 877 pppoe_send_padt(m->m_pkthdr.ph_ifidx, session, shost, 0); 878 #endif 879 goto drop; 880 } 881 882 plen = ntohs(ph->plen); 883 884 #if NBPFILTER > 0 885 if (sc->sc_bpf) 886 bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN); 887 #endif 888 889 m_adj(m, PPPOE_HEADERLEN); 890 891 #ifdef PPPOE_DEBUG 892 { 893 struct mbuf *p; 894 895 printf("%s: pkthdr.len=%d, pppoe.len=%d", 896 sc->sc_sppp.pp_if.if_xname, 897 m->m_pkthdr.len, plen); 898 p = m; 899 while (p) { 900 printf(" l=%d", p->m_len); 901 p = p->m_next; 902 } 903 printf("\n"); 904 } 905 #endif 906 907 if (m->m_pkthdr.len < plen) 908 goto drop; 909 910 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 911 m->m_pkthdr.ph_ifidx = sc->sc_sppp.pp_if.if_index; 912 913 /* pass packet up and account for it */ 914 sc->sc_sppp.pp_if.if_ipackets++; 915 sppp_input(&sc->sc_sppp.pp_if, m); 916 return; 917 918 drop: 919 m_freem(m); 920 } 921 922 static int 923 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 924 { 925 struct sockaddr dst; 926 struct ether_header *eh; 927 struct ifnet *eth_if; 928 u_int16_t etype; 929 int ret; 930 931 if ((eth_if = if_get(sc->sc_eth_ifidx)) == NULL) { 932 m_freem(m); 933 return (EIO); 934 } 935 936 if ((eth_if->if_flags & (IFF_UP|IFF_RUNNING)) 937 != (IFF_UP|IFF_RUNNING)) { 938 if_put(eth_if); 939 m_freem(m); 940 return (ENETDOWN); 941 } 942 943 memset(&dst, 0, sizeof dst); 944 dst.sa_family = AF_UNSPEC; 945 eh = (struct ether_header*)&dst.sa_data; 946 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 947 eh->ether_type = htons(etype); 948 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 949 950 PPPOEDEBUG(("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 951 sc->sc_sppp.pp_if.if_xname, etype, 952 sc->sc_state, sc->sc_session, 953 ether_sprintf((unsigned char *)&sc->sc_dest), m->m_pkthdr.len)); 954 955 m->m_flags &= ~(M_BCAST|M_MCAST); 956 /* encapsulated packet is forced into rdomain of physical interface */ 957 m->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 958 959 ret = eth_if->if_output(eth_if, m, &dst, NULL); 960 if_put(eth_if); 961 962 return (ret); 963 } 964 965 /* The ioctl routine. */ 966 static int 967 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) 968 { 969 struct proc *p = curproc; /* XXX */ 970 struct pppoe_softc *sc = (struct pppoe_softc *)ifp; 971 struct ifnet *eth_if; 972 int error = 0; 973 974 switch (cmd) { 975 case PPPOESETPARMS: 976 { 977 struct pppoediscparms *parms = (struct pppoediscparms *)data; 978 int len; 979 980 if ((error = suser(p)) != 0) 981 return (error); 982 if (parms->eth_ifname[0] != '\0') { 983 struct ifnet *eth_if; 984 985 eth_if = if_unit(parms->eth_ifname); 986 if (eth_if == NULL || eth_if->if_type != IFT_ETHER) { 987 if_put(eth_if); 988 sc->sc_eth_ifidx = 0; 989 return (ENXIO); 990 } 991 992 if (sc->sc_sppp.pp_if.if_mtu > 993 eth_if->if_mtu - PPPOE_OVERHEAD) { 994 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 995 PPPOE_OVERHEAD; 996 } 997 sc->sc_eth_ifidx = eth_if->if_index; 998 if_put(eth_if); 999 } 1000 1001 if (sc->sc_concentrator_name) 1002 free(sc->sc_concentrator_name, M_DEVBUF, 1003 strlen(sc->sc_concentrator_name) + 1); 1004 sc->sc_concentrator_name = NULL; 1005 1006 len = strlen(parms->ac_name); 1007 if (len > 0 && len < sizeof(parms->ac_name)) { 1008 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 1009 if (p == NULL) 1010 return (ENOMEM); 1011 strlcpy(p, parms->ac_name, len + 1); 1012 sc->sc_concentrator_name = p; 1013 } 1014 1015 if (sc->sc_service_name) 1016 free(sc->sc_service_name, M_DEVBUF, 1017 strlen(sc->sc_service_name) + 1); 1018 sc->sc_service_name = NULL; 1019 1020 len = strlen(parms->service_name); 1021 if (len > 0 && len < sizeof(parms->service_name)) { 1022 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 1023 if (p == NULL) 1024 return (ENOMEM); 1025 strlcpy(p, parms->service_name, len + 1); 1026 sc->sc_service_name = p; 1027 } 1028 return (0); 1029 } 1030 break; 1031 case PPPOEGETPARMS: 1032 { 1033 struct pppoediscparms *parms = (struct pppoediscparms *)data; 1034 1035 if ((eth_if = if_get(sc->sc_eth_ifidx)) != NULL) { 1036 strlcpy(parms->eth_ifname, eth_if->if_xname, 1037 IFNAMSIZ); 1038 if_put(eth_if); 1039 } else 1040 parms->eth_ifname[0] = '\0'; 1041 1042 if (sc->sc_concentrator_name) 1043 strlcpy(parms->ac_name, sc->sc_concentrator_name, 1044 sizeof(parms->ac_name)); 1045 else 1046 parms->ac_name[0] = '\0'; 1047 1048 if (sc->sc_service_name) 1049 strlcpy(parms->service_name, sc->sc_service_name, 1050 sizeof(parms->service_name)); 1051 else 1052 parms->service_name[0] = '\0'; 1053 1054 return (0); 1055 } 1056 break; 1057 case PPPOEGETSESSION: 1058 { 1059 struct pppoeconnectionstate *state = 1060 (struct pppoeconnectionstate *)data; 1061 state->state = sc->sc_state; 1062 state->session_id = sc->sc_session; 1063 state->padi_retry_no = sc->sc_padi_retried; 1064 state->padr_retry_no = sc->sc_padr_retried; 1065 state->session_time.tv_sec = sc->sc_session_time.tv_sec; 1066 state->session_time.tv_usec = sc->sc_session_time.tv_usec; 1067 return (0); 1068 } 1069 break; 1070 case SIOCSIFFLAGS: 1071 { 1072 struct ifreq *ifr = (struct ifreq *)data; 1073 /* 1074 * Prevent running re-establishment timers overriding 1075 * administrators choice. 1076 */ 1077 if ((ifr->ifr_flags & IFF_UP) == 0 1078 && sc->sc_state >= PPPOE_STATE_PADI_SENT 1079 && sc->sc_state < PPPOE_STATE_SESSION) { 1080 timeout_del(&sc->sc_timeout); 1081 pppoe_set_state(sc, PPPOE_STATE_INITIAL); 1082 sc->sc_padi_retried = 0; 1083 sc->sc_padr_retried = 0; 1084 memcpy(&sc->sc_dest, etherbroadcastaddr, 1085 sizeof(sc->sc_dest)); 1086 } 1087 return (sppp_ioctl(ifp, cmd, data)); 1088 } 1089 case SIOCSIFMTU: 1090 { 1091 struct ifreq *ifr = (struct ifreq *)data; 1092 1093 eth_if = if_get(sc->sc_eth_ifidx); 1094 1095 if (ifr->ifr_mtu > MIN(PPPOE_MAXMTU, 1096 (eth_if == NULL ? PPPOE_MAXMTU : 1097 (eth_if->if_mtu - PPPOE_OVERHEAD)))) 1098 error = EINVAL; 1099 else 1100 error = 0; 1101 1102 if_put(eth_if); 1103 1104 if (error != 0) 1105 return (error); 1106 1107 return (sppp_ioctl(ifp, cmd, data)); 1108 } 1109 default: 1110 error = sppp_ioctl(ifp, cmd, data); 1111 if (error == ENETRESET) { 1112 error = 0; 1113 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1114 (IFF_UP | IFF_RUNNING)) { 1115 if_down(ifp); 1116 if (sc->sc_state >= PPPOE_STATE_PADI_SENT && 1117 sc->sc_state < PPPOE_STATE_SESSION) { 1118 timeout_del(&sc->sc_timeout); 1119 pppoe_set_state(sc, 1120 PPPOE_STATE_INITIAL); 1121 sc->sc_padi_retried = 0; 1122 sc->sc_padr_retried = 0; 1123 memcpy(&sc->sc_dest, 1124 etherbroadcastaddr, 1125 sizeof(sc->sc_dest)); 1126 } 1127 error = sppp_ioctl(ifp, SIOCSIFFLAGS, NULL); 1128 if (error) 1129 return (error); 1130 if_up(ifp); 1131 return (sppp_ioctl(ifp, SIOCSIFFLAGS, NULL)); 1132 } 1133 } 1134 return (error); 1135 } 1136 return (0); 1137 } 1138 1139 /* 1140 * Allocate a mbuf/cluster with space to store the given data length 1141 * of payload, leaving space for prepending an ethernet header 1142 * in front. 1143 */ 1144 static struct mbuf * 1145 pppoe_get_mbuf(size_t len) 1146 { 1147 struct mbuf *m; 1148 1149 if (len + sizeof(struct ether_header) > MCLBYTES) 1150 return NULL; 1151 1152 MGETHDR(m, M_DONTWAIT, MT_DATA); 1153 if (m == NULL) 1154 return (NULL); 1155 if (len + sizeof(struct ether_header) > MHLEN) { 1156 MCLGET(m, M_DONTWAIT); 1157 if ((m->m_flags & M_EXT) == 0) { 1158 m_free(m); 1159 return (NULL); 1160 } 1161 } 1162 m->m_data += sizeof(struct ether_header); 1163 m->m_len = len; 1164 m->m_pkthdr.len = len; 1165 m->m_pkthdr.ph_ifidx = 0; 1166 1167 return (m); 1168 } 1169 1170 /* Send PADI. */ 1171 static int 1172 pppoe_send_padi(struct pppoe_softc *sc) 1173 { 1174 struct mbuf *m0; 1175 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 1176 u_int8_t *p; 1177 1178 if (sc->sc_state > PPPOE_STATE_PADI_SENT) 1179 panic("pppoe_send_padi in state %d", sc->sc_state); 1180 1181 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1182 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name tag is required, host unique is sent too */ 1183 if (sc->sc_service_name != NULL) { 1184 l1 = strlen(sc->sc_service_name); 1185 len += l1; 1186 } 1187 if (sc->sc_concentrator_name != NULL) { 1188 l2 = strlen(sc->sc_concentrator_name); 1189 len += 2 + 2 + l2; 1190 } 1191 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1192 len += 2 + 2 + 2; 1193 1194 /* allocate a buffer */ 1195 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1196 if (m0 == NULL) 1197 return (ENOBUFS); 1198 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1199 1200 /* fill in pkt */ 1201 p = mtod(m0, u_int8_t *); 1202 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1203 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1204 if (sc->sc_service_name != NULL) { 1205 PPPOE_ADD_16(p, l1); 1206 memcpy(p, sc->sc_service_name, l1); 1207 p += l1; 1208 } else { 1209 PPPOE_ADD_16(p, 0); 1210 } 1211 if (sc->sc_concentrator_name != NULL) { 1212 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1213 PPPOE_ADD_16(p, l2); 1214 memcpy(p, sc->sc_concentrator_name, l2); 1215 p += l2; 1216 } 1217 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1218 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1219 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1220 p += sizeof(sc->sc_unique); 1221 1222 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1223 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1224 PPPOE_ADD_16(p, 2); 1225 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1226 } 1227 1228 #ifdef PPPOE_DEBUG 1229 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1230 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1231 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1232 #endif 1233 1234 /* send pkt */ 1235 return (pppoe_output(sc, m0)); 1236 } 1237 1238 /* Watchdog function. */ 1239 static void 1240 pppoe_timeout(void *arg) 1241 { 1242 struct pppoe_softc *sc = (struct pppoe_softc *)arg; 1243 int x, retry_wait, err; 1244 1245 PPPOEDEBUG(("%s: timeout\n", sc->sc_sppp.pp_if.if_xname)); 1246 1247 NET_LOCK(); 1248 1249 switch (sc->sc_state) { 1250 case PPPOE_STATE_PADI_SENT: 1251 /* 1252 * We have two basic ways of retrying: 1253 * - Quick retry mode: try a few times in short sequence 1254 * - Slow retry mode: we already had a connection successfully 1255 * established and will try infinitely (without user 1256 * intervention) 1257 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1258 * is not set. 1259 */ 1260 1261 /* initialize for quick retry mode */ 1262 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1263 1264 x = splnet(); 1265 sc->sc_padi_retried++; 1266 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1267 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1268 /* slow retry mode */ 1269 retry_wait = PPPOE_SLOW_RETRY; 1270 } else { 1271 pppoe_abort_connect(sc); 1272 splx(x); 1273 break; 1274 } 1275 } 1276 if ((err = pppoe_send_padi(sc)) != 0) { 1277 sc->sc_padi_retried--; 1278 PPPOEDEBUG(("%s: failed to transmit PADI, error=%d\n", 1279 sc->sc_sppp.pp_if.if_xname, err)); 1280 } 1281 timeout_add_sec(&sc->sc_timeout, retry_wait); 1282 splx(x); 1283 1284 break; 1285 case PPPOE_STATE_PADR_SENT: 1286 x = splnet(); 1287 sc->sc_padr_retried++; 1288 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1289 memcpy(&sc->sc_dest, etherbroadcastaddr, 1290 sizeof(sc->sc_dest)); 1291 pppoe_set_state(sc, PPPOE_STATE_PADI_SENT); 1292 sc->sc_padr_retried = 0; 1293 if ((err = pppoe_send_padi(sc)) != 0) { 1294 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1295 sc->sc_sppp.pp_if.if_xname, err)); 1296 } 1297 timeout_add_sec(&sc->sc_timeout, 1298 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried)); 1299 splx(x); 1300 break; 1301 } 1302 if ((err = pppoe_send_padr(sc)) != 0) { 1303 sc->sc_padr_retried--; 1304 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 1305 sc->sc_sppp.pp_if.if_xname, err)); 1306 } 1307 timeout_add_sec(&sc->sc_timeout, 1308 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 1309 splx(x); 1310 1311 break; 1312 case PPPOE_STATE_CLOSING: 1313 pppoe_disconnect(sc); 1314 break; 1315 default: 1316 break; /* all done, work in peace */ 1317 } 1318 1319 NET_UNLOCK(); 1320 } 1321 1322 /* Start a connection (i.e. initiate discovery phase). */ 1323 static int 1324 pppoe_connect(struct pppoe_softc *sc) 1325 { 1326 int x, err; 1327 1328 if (sc->sc_state != PPPOE_STATE_INITIAL) 1329 return (EBUSY); 1330 1331 x = splnet(); 1332 1333 /* save state, in case we fail to send PADI */ 1334 pppoe_set_state(sc, PPPOE_STATE_PADI_SENT); 1335 sc->sc_padr_retried = 0; 1336 err = pppoe_send_padi(sc); 1337 if (err != 0) 1338 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1339 sc->sc_sppp.pp_if.if_xname, err)); 1340 1341 timeout_add_sec(&sc->sc_timeout, PPPOE_DISC_TIMEOUT); 1342 splx(x); 1343 1344 return (err); 1345 } 1346 1347 /* disconnect */ 1348 static int 1349 pppoe_disconnect(struct pppoe_softc *sc) 1350 { 1351 int err, x; 1352 1353 x = splnet(); 1354 1355 if (sc->sc_state < PPPOE_STATE_SESSION) 1356 err = EBUSY; 1357 else { 1358 PPPOEDEBUG(("%s: disconnecting\n", 1359 sc->sc_sppp.pp_if.if_xname)); 1360 err = pppoe_send_padt(sc->sc_eth_ifidx, 1361 sc->sc_session, (const u_int8_t *)&sc->sc_dest, 1362 sc->sc_sppp.pp_if.if_llprio); 1363 } 1364 1365 /* cleanup softc */ 1366 pppoe_set_state(sc, PPPOE_STATE_INITIAL); 1367 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1368 if (sc->sc_ac_cookie) { 1369 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 1370 sc->sc_ac_cookie = NULL; 1371 } 1372 sc->sc_ac_cookie_len = 0; 1373 if (sc->sc_relay_sid) { 1374 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 1375 sc->sc_relay_sid = NULL; 1376 } 1377 sc->sc_relay_sid_len = 0; 1378 sc->sc_session = 0; 1379 1380 /* notify upper layer */ 1381 sc->sc_sppp.pp_down(&sc->sc_sppp); 1382 1383 splx(x); 1384 1385 return (err); 1386 } 1387 1388 /* Connection attempt aborted. */ 1389 static void 1390 pppoe_abort_connect(struct pppoe_softc *sc) 1391 { 1392 printf("%s: could not establish connection\n", 1393 sc->sc_sppp.pp_if.if_xname); 1394 pppoe_set_state(sc, PPPOE_STATE_CLOSING); 1395 1396 /* notify upper layer */ 1397 sc->sc_sppp.pp_down(&sc->sc_sppp); 1398 1399 /* clear connection state */ 1400 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1401 pppoe_set_state(sc, PPPOE_STATE_INITIAL); 1402 } 1403 1404 /* Send a PADR packet */ 1405 static int 1406 pppoe_send_padr(struct pppoe_softc *sc) 1407 { 1408 struct mbuf *m0; 1409 u_int8_t *p; 1410 size_t len, l1 = 0; /* XXX: gcc */ 1411 1412 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1413 return (EIO); 1414 1415 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name, host unique */ 1416 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1417 l1 = strlen(sc->sc_service_name); 1418 len += l1; 1419 } 1420 if (sc->sc_ac_cookie_len > 0) 1421 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1422 if (sc->sc_relay_sid_len > 0) 1423 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1424 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1425 len += 2 + 2 + 2; 1426 1427 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1428 if (m0 == NULL) 1429 return (ENOBUFS); 1430 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1431 1432 p = mtod(m0, u_int8_t *); 1433 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1434 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1435 1436 if (sc->sc_service_name != NULL) { 1437 PPPOE_ADD_16(p, l1); 1438 memcpy(p, sc->sc_service_name, l1); 1439 p += l1; 1440 } else { 1441 PPPOE_ADD_16(p, 0); 1442 } 1443 if (sc->sc_ac_cookie_len > 0) { 1444 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1445 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1446 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1447 p += sc->sc_ac_cookie_len; 1448 } 1449 if (sc->sc_relay_sid_len > 0) { 1450 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1451 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1452 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1453 p += sc->sc_relay_sid_len; 1454 } 1455 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1456 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1457 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1458 p += sizeof(sc->sc_unique); 1459 1460 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1461 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1462 PPPOE_ADD_16(p, 2); 1463 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1464 } 1465 1466 #ifdef PPPOE_DEBUG 1467 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1468 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1469 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1470 #endif 1471 1472 return (pppoe_output(sc, m0)); 1473 } 1474 1475 /* Send a PADT packet. */ 1476 static int 1477 pppoe_send_padt(unsigned int ifidx, u_int session, const u_int8_t *dest, u_int8_t prio) 1478 { 1479 struct ether_header *eh; 1480 struct sockaddr dst; 1481 struct ifnet *eth_if; 1482 struct mbuf *m0; 1483 u_int8_t *p; 1484 int ret; 1485 1486 if ((eth_if = if_get(ifidx)) == NULL) 1487 return (EINVAL); 1488 1489 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1490 if (m0 == NULL) { 1491 if_put(eth_if); 1492 return (ENOBUFS); 1493 } 1494 m0->m_pkthdr.pf.prio = prio; 1495 1496 p = mtod(m0, u_int8_t *); 1497 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1498 1499 memset(&dst, 0, sizeof(dst)); 1500 dst.sa_family = AF_UNSPEC; 1501 eh = (struct ether_header *)&dst.sa_data; 1502 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1503 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1504 1505 m0->m_flags &= ~(M_BCAST|M_MCAST); 1506 /* encapsulated packet is forced into rdomain of physical interface */ 1507 m0->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 1508 1509 ret = eth_if->if_output(eth_if, m0, &dst, NULL); 1510 if_put(eth_if); 1511 1512 return (ret); 1513 } 1514 1515 1516 /* this-layer-start function */ 1517 static void 1518 pppoe_tls(struct sppp *sp) 1519 { 1520 struct pppoe_softc *sc = (void *)sp; 1521 1522 if (sc->sc_state != PPPOE_STATE_INITIAL) 1523 return; 1524 pppoe_connect(sc); 1525 } 1526 1527 /* this-layer-finish function */ 1528 static void 1529 pppoe_tlf(struct sppp *sp) 1530 { 1531 struct pppoe_softc *sc = (void *)sp; 1532 1533 if (sc->sc_state < PPPOE_STATE_SESSION) 1534 return; 1535 /* 1536 * Do not call pppoe_disconnect here, the upper layer state 1537 * machine gets confused by this. We must return from this 1538 * function and defer disconnecting to the timeout handler. 1539 */ 1540 pppoe_set_state(sc, PPPOE_STATE_CLOSING); 1541 timeout_add_msec(&sc->sc_timeout, 20); 1542 } 1543 1544 static void 1545 pppoe_start(struct ifnet *ifp) 1546 { 1547 struct pppoe_softc *sc = (void *)ifp; 1548 struct mbuf *m; 1549 size_t len; 1550 u_int8_t *p; 1551 1552 if (sppp_isempty(ifp)) 1553 return; 1554 1555 /* are we ready to process data yet? */ 1556 if (sc->sc_state < PPPOE_STATE_SESSION) { 1557 sppp_flush(&sc->sc_sppp.pp_if); 1558 return; 1559 } 1560 1561 while ((m = sppp_dequeue(ifp)) != NULL) { 1562 len = m->m_pkthdr.len; 1563 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1564 if (m == NULL) { 1565 ifp->if_oerrors++; 1566 continue; 1567 } 1568 p = mtod(m, u_int8_t *); 1569 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1570 1571 #if NBPFILTER > 0 1572 if (sc->sc_bpf) 1573 bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_OUT); 1574 #endif 1575 1576 pppoe_output(sc, m); 1577 } 1578 } 1579